[April-15-2026] Daily Cybersecurity Threat Report

1. Executive Summary

During the period of April 15–16, 2026, the global threat landscape was dominated by several high-impact events. Notably, the alleged breach of Serasa Experian, exposing the personal records of over 223 million Brazilian citizens, stands as a primary concern due to its sheer scale and depth of sensitive information. Concurrently, financial institutions in South Africa (Standard Bank and Liberty Holdings) faced significant data exfiltration, while governmental portals in Pakistan and Russia suffered leaks of sensitive personnel and border crossing records.

The proliferation of “combolists”—massive aggregations of stolen credentials—reached extreme volumes, with single datasets containing up to 27.8 million records being distributed freely or sold for profit. This suggests a robust underground economy fueled by automated credential stuffing and information-stealing malware.

2. Major Data Breaches and Critical Leaks

The most severe category of incidents involved the unauthorized access and sale of institutional and national databases.

2.1 National and Citizens’ Data Exposure

Brazil (Serasa Experian): Threat actor ShinyHunters advertised a 1.8TB restored database dump containing the records of 223 million Brazilian citizens. The data included highly sensitive fields such as CPF (tax ID), names, email, phone, income, marital status, and national ID (RG). The asking price was set at $10,000 USD.
Russia (Federal Border Service): An alleged leak of the “Kordon” border monitoring system exposed approximately 1.098 billion records covering border crossings between 2014 and 2023. This dataset included personal details of 79.5 million unique individuals, including foreign nationals.
Vietnam (National Credit Information Center): ShinyHunters also claimed to be selling 160 million records from the CIC for $75,000 USD, including loan data, national ID numbers, and audit logs.
Iraq (National Census): An alleged leak of Iraq’s 2025–2026 national census database, impacting 47.7 million records, was offered for sale at $1,200.

2.2 Financial and Corporate Sectors

South Africa (Standard Bank & Liberty Holdings): Actor ROOTBOY claimed to have compromised these systems for over three weeks, exfiltrating 1.2 TB of data including 154 million rows of customer PII.
Canada (Gestion Kronos): A SQL database containing 1.6 million records with comprehensive personal and employment details was leaked.
Mexico (BePrime Cybersecurity): Over 10GB of data was leaked from this cybersecurity firm, including Meraki API keys for over 1,800 devices and financial data from clients like Alsea and Bafar.

3. The Credential Trafficking Ecosystem

A significant portion of the reported activity involved “combolists”—collections of email:password or username:password pairs used for account takeover (ATO) attacks.

3.1 Massive-Scale Credential Dumps

Actor	Content/Target	Record Count	Source/Notes
Daxus	UHQ+ Credential Pairs	27.86 Million	Distributed via Telegram
VitVit	URL:Login:Password	21.4 Million	1.2GB dataset
stradu	Mixed Email/Pass	15.2 Million	Aggregated series (#352-367)
CODER	Latin America/Africa	11 Million	Regional targeting
CODER	Office 365 & Apple	8 Million	Targeted cloud services

3.2 Targeted Domain and Regional Leaks

German users were heavily targeted, with multiple leaks including 1.1 million shopping credentials and over 1.09 million domain-specific pairs shared by actor HQcomboSpace. Additionally, actor CobraEgy released high-quality regional lists for Italy (947k), Latvia (49k), Israel (25k), and Ireland (19k).

4. Malware and Offensive Tooling Distribution

Threat actors are actively sharing and selling capabilities to facilitate further compromises.

Ransomware-as-a-Service (RaaS) Trends: The Infrastructure Destruction Squad announced the completion of a deal for a ransomware-building tool. Concurrently, Autovista reported an active ransomware attack disrupting its systems in Europe and Australia.
Information Stealers: Fresh distributions of Trap Stealer 2025 and Armageddon Stealer 1.0 were identified. These tools are specifically designed to harvest session cookies, payment info, and credentials from infected browsers.
Vulnerability Exploitation:
- Google Chrome: A critical RCE vulnerability in older versions was reported to be exploited in the wild.
- Juniper Networks: A critical flaw stemming from default credentials was identified, potentially allowing full device takeovers.
- TerraMaster: A zero-day exploit for pre-authentication Remote Code Execution (RCE) on NAS devices was offered for sale.

5. Website Defacements and Hacktivism

The actor chinafans (affiliated with 0xteam) and Nicotine (affiliated with Umbra Community) were responsible for hundreds of defacements targeting a wide range of industries including construction, healthcare, and retail.

Geographic Spread: Victims were located in the US, UAE, Australia, Chile, India, and Taiwan.
Target Diversity: From local flooring companies like Epoxy San Francisco to specialized firms like Luca Bio Analytics.

6. Industry-Specific Impact Summary

Industry	Key Incidents	Potential Impact
Financial Services	Serasa Experian, Standard Bank, Banco Davivienda	Massive identity theft, financial fraud, loss of consumer trust.
Government	Russian Border Service, Pakistan Government Portal, Iraq Census	Intelligence gathering, exposure of government personnel, national security risks.
Technology	BePrime Cybersecurity, Juniper Networks, Google Chrome	Cascading supply chain risks, exposure of client network infrastructure.
Healthcare	Hospital Angeles Mexico, Dr. RP Singh Ortho	Sensitive patient data exposure, medical history leaks.
Education	Universitas Indonesia (Doxxing), Insei.fr, Centro Regional Normal	Exposure of minor/student PII, harassment of individuals.

7. Recommendations

Based on the incidents analyzed, the following mitigation strategies are recommended:

Credential Protection: Organizations must enforce Multi-Factor Authentication (MFA) and monitor for compromised credentials found in underground combolists.
Patch Management: Immediate updates are required for Google Chrome and Juniper Networks equipment to prevent RCE and device takeovers.
Data Minimization: Financial and government agencies should review data retention policies to minimize the impact of massive exfiltrations like the Serasa Experian event.
Credential Integrity: Change all default credentials on network and IoT infrastructure to prevent easy initial access.
Supply Chain Audits: Companies using third-party services (e.g., Snowflake, Anodot) must conduct rigorous security audits of these providers’ access controls.

8. Conclusion

The cybersecurity landscape in mid-April 2026 was marked by extreme volatility. The transition from individual breaches to the mass-monetization of national databases represents a significant escalation in threat actor ambition. ShinyHunters and various “combolist” distributors have commodified personal identity on a global scale. As offensive tools like RCE exploits and sophisticated stealers become more accessible via Telegram and criminal forums, the window for response narrows. Proactive defense through MFA, rapid patching, and comprehensive threat intelligence monitoring is now the only viable path to resilience.

Detected Incidents Draft Data

Alleged data breach of Standard Bank and Liberty Holdings
Category: Data Breach
Content: Threat actor ROOTBOY claims to have gained access to Standard Bank and Liberty Holdings systems for over 3 weeks in late February, compromising multiple platforms including SharePoint, databases, and native applications. The actor is releasing 1.2 TB of data including 154 million rows of SQL data containing customer personal information such as names, addresses, phone numbers, email addresses, and account details.
Date: 2026-04-15T23:41:51Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Standard-Bank-Liberty-Holdings-Databreach
Screenshots:
None
Threat Actors: ROOTBOY
Victim Country: South Africa
Victim Industry: Financial Services
Victim Organization: Standard Bank and Liberty Holdings
Victim Site: Unknown
Alleged leak of mixed email and user credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 160,000 email:password and username:password combinations from various email providers including AOL, Yahoo, Hotmail, and Outlook across multiple countries. The actor also advertises selling additional credential lists via Telegram.
Date: 2026-04-15T23:34:33Z
Network: openweb
Published URL: https://crackingx.com/threads/72239/
Screenshots:
None
Threat Actors: steeve75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 1,340 Hotmail email and password combinations from mixed countries for free download on an underground forum.
Date: 2026-04-15T23:34:19Z
Network: openweb
Published URL: https://crackingx.com/threads/72241/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data leak of Wattpad user database
Category: Data Leak
Content: A threat actor shared a cleaned CSV version of what they claim is the full Wattpad MySQL database dump, containing comprehensive user information including credentials, personal details, and account data. The compressed file is reported to be 22.2GB and includes fields such as usernames, passwords, emails, creation dates, and various profile information.
Date: 2026-04-15T23:34:13Z
Network: openweb
Published URL: https://pwnforums.st/Thread-Wattpad-Database-Cleaned-into-CSV
Screenshots:
None
Threat Actors: StrawberryJam
Victim Country: Canada
Victim Industry: Technology
Victim Organization: Wattpad
Victim Site: wattpad.com
Alleged Sale of Serasa Experian Full Database Containing 223 Million Brazilian Citizens Records
Category: Data Breach
Content: Threat actor ShinyHunters (handle @shinyc0rpsss) is selling a claimed full MSSQL database dump from Serasa Experian containing records on over 223 million Brazilian citizens. The dataset is 400GB compressed (1.8TB restored) and includes highly sensitive PII fields: CPF (Brazilian tax ID), full name, email, phone, address, date of birth, income, gender, marital status, RG (national ID), voter registration, Mosaic scoring segments, and more. Price is $10,000 USD. Contact via Telegram, Tutamail, Tox, and Session IDs provided.
Date: 2026-04-15T23:10:16Z
Network: telegram
Published URL: https://t.me/c/3500620464/6815
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Brazil
Victim Industry: Financial Services / Credit Bureau
Victim Organization: Serasa Experian
Victim Site: Unknown
Alleged data breach of Serasa Experian — 223 Million Brazilian Citizens PII for Sale
Category: Data Breach
Content: Threat actor ShinyHunters is selling an alleged full MSSQL database backup (.bak) of Serasa Experian containing records on over 223 million Brazilian citizens. The dataset is 400GB compressed (1.8TB restored) and includes highly sensitive PII fields: CPF (Brazilian tax ID), full name, email, phone, address, date of birth, income, gender, RG (national ID), voter registration, marital status, parental names, Mosaic segmentation scores, and more. The asking price is $10,000 USD. Contact methods include Telegram (@shinyc0rpsss), email ([email protected]), Tox, and Session IDs.
Date: 2026-04-15T23:09:55Z
Network: telegram
Published URL: https://t.me/c/3737716184/1190
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Brazil
Victim Industry: Financial Services / Credit Bureau
Victim Organization: Serasa Experian
Victim Site: Unknown
Alleged leak of Netflix, Steam, and other gaming/streaming service credentials
Category: Combo List
Content: Threat actor Ra-Zi shared a combolist containing 160,000 email and password combinations allegedly valid for multiple streaming and gaming platforms including Netflix, Steam, Hulu, and Spotify. The actor also advertises selling additional credential lists through Telegram contact.
Date: 2026-04-15T22:53:47Z
Network: openweb
Published URL: https://demonforums.net/Thread-160k-Fresh-HQ-Combolist-Email-Pass-Netflix-Minecraft-Uplay-Steam-Hulu-spotify–200581
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Entertainment and Gaming
Victim Organization: Netflix, Minecraft, Uplay, Steam, Hulu, Spotify
Victim Site: Unknown
Alleged data breach of Hospital Angeles Mexico
Category: Data Breach
Content: Threat actor claims to be selling approximately 11GB of Hospital Angeles patient data including names, laboratory studies, and medical results. Hospital Angeles is a private hospital network in Mexico serving middle to high socioeconomic populations.
Date: 2026-04-15T22:52:33Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-M%C3%A9xico-Hospital-Angeles
Screenshots:
None
Threat Actors: cuatlicue
Victim Country: Mexico
Victim Industry: Healthcare
Victim Organization: Hospital Angeles
Victim Site: Unknown
Alleged sale of non-VBV credit card data for fraudulent transactions
Category: Data Breach
Content: Threat actor offers non-VBV credit card data compatible with Apple Pay and various payment platforms, claiming cards work for multiple merchants and offering guarantees with refund/replacement policies.
Date: 2026-04-15T22:29:08Z
Network: openweb
Published URL: https://demonforums.net/Thread-Live-non-vbv-cc-%E2%9C%85%E2%9C%85%E2%9C%85-Non-vbv-cc-Apple-Pay-CC–200574
Screenshots:
None
Threat Actors: yidat
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,000 allegedly valid Hotmail email and password combinations on a cybercrime forum.
Date: 2026-04-15T22:28:47Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1K-Just-Valid-Hotmail-Mail-Access-16-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,000 allegedly valid Hotmail email and password combinations on a cybercrime forum.
Date: 2026-04-15T22:28:06Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1K-Just-Valid-Hotmail-Mail-Access-16-04–200571
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Canadian email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing email and password credentials allegedly belonging to Canadian users. The post indicates high quality credentials but no specific record count or victim organization details were provided.
Date: 2026-04-15T22:27:53Z
Network: openweb
Published URL: https://pwnforums.st/Thread-HQ-CANADA-EMAILPASS-COMBOLIST-txt–188314
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German email credentials combolist
Category: Combo List
Content: A threat actor is allegedly distributing a combolist containing email and password credentials targeting German users. The post lacks detailed content but the thread title indicates high-quality German credential data is being shared.
Date: 2026-04-15T22:27:37Z
Network: openweb
Published URL: https://pwnforums.st/Thread-HQ-GERMANY-EMAILPASS-COMBOLIST-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of non-VBV credit card data for payment fraud
Category: Combo List
Content: Threat actor allegedly selling non-VBV (Verified by Visa) credit card data for use with various payment platforms including Apple Pay, PayPal, Amazon, and eBay. Actor claims cards work for multiple online services and offers guarantees with refund or replacement policies.
Date: 2026-04-15T22:27:28Z
Network: openweb
Published URL: https://demonforums.net/Thread-Live-non-vbv-cc-%E2%9C%85%E2%9C%85%E2%9C%85-Non-vbv-cc-Apple-Pay-CC-l
Screenshots:
None
Threat Actors: yidat
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of non-VBV credit card data for fraudulent transactions
Category: Combo List
Content: Threat actor advertising non-VBV (non-Verified by Visa) credit card data for use in fraudulent transactions across multiple platforms including Apple Pay, PayPal, Amazon, and eBay. The actor claims to provide cards that work globally without OTP verification and offers guarantees with refund or replacement policies.
Date: 2026-04-15T22:26:50Z
Network: openweb
Published URL: https://demonforums.net/Thread-Live-non-vbv-cc-%E2%9C%85%E2%9C%85%E2%9C%85-Non-vbv-cc-Apple-Pay-CC-l–200577
Screenshots:
None
Threat Actors: yidat
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Italian email credentials combolist
Category: Combo List
Content: A threat actor shared a high-quality Italian email and password combolist on a cybercrime forum. The post contains no additional details about the source or scope of the credential list.
Date: 2026-04-15T22:25:58Z
Network: openweb
Published URL: https://pwnforums.st/Thread-HQ-ITALY-EMAILPASS-COMBOLIST-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of non-VBV credit card data for fraudulent transactions
Category: Data Breach
Content: Threat actor advertising sale of non-VBV (Verified by Visa) credit card data for use in fraudulent transactions across multiple payment platforms including Apple Pay, PayPal, Amazon, and eBay. The actor claims to offer country-specific cards and guarantees refunds for non-working cards.
Date: 2026-04-15T22:25:39Z
Network: openweb
Published URL: https://demonforums.net/Thread-Live-non-vbv-cc-%E2%9C%85%E2%9C%85%E2%9C%85-Non-vbv-cc-Apple-Pay-CC–200572
Screenshots:
None
Threat Actors: yidat
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of non-VBV credit card data for fraudulent transactions
Category: Data Breach
Content: Threat actor advertising sale of non-VBV (Verified by Visa) credit card data claiming compatibility with various payment platforms including Apple Pay, PayPal, Cash App, and major e-commerce sites. The actor offers guarantees of refund or replacement for non-functional cards and provides contact via Telegram.
Date: 2026-04-15T22:24:45Z
Network: openweb
Published URL: https://demonforums.net/Thread-Live-non-vbv-cc-%E2%9C%85%E2%9C%85%E2%9C%85-Non-vbv-cc-Apple-Pay-CC–200573
Screenshots:
None
Threat Actors: yidat
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email and password combolist
Category: Combo List
Content: A threat actor shared a mixed email and password combolist on an underground forum. No specific details about the source, size, or victims are provided in the available content.
Date: 2026-04-15T22:24:20Z
Network: openweb
Published URL: https://pwnforums.st/Thread-HQ-MIXED-EMAILPASS-COMBOLIST-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor shared a combolist containing 1,000 allegedly valid Hotmail email account credentials dated April 16th on an underground forum.
Date: 2026-04-15T22:23:17Z
Network: openweb
Published URL: https://crackingx.com/threads/72237/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 470,860 Hotmail credentials via file sharing platform. The actor claims these are fresh leaks targeting streaming services.
Date: 2026-04-15T22:23:03Z
Network: openweb
Published URL: https://crackingx.com/threads/72238/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of UK credential combolist
Category: Combo List
Content: Actor ShroudX shared a UK email:password combolist on cybercriminal forum. The actor also promotes various illegal services including credential lists, leads, phone numbers, and cracking tools via Telegram channels.
Date: 2026-04-15T22:22:43Z
Network: openweb
Published URL: https://pwnforums.st/Thread-HQ-UK-EMAILPASS-COMBOLIST-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of MySpace credentials combolist
Category: Combo List
Content: A threat actor shared a CSV file containing 300 million MySpace records with usernames, emails, and cracked passwords from the original MySpace breach. The data is provided as a free download compressed with zstd format.
Date: 2026-04-15T22:22:25Z
Network: openweb
Published URL: https://pwnforums.st/Thread-MySpace-Username-Email-Password-300kk–188321
Screenshots:
None
Threat Actors: StrawberryJam
Victim Country: United States
Victim Industry: Technology
Victim Organization: MySpace
Victim Site: myspace.com
Alleged leak of credential logs via cloud storage
Category: Combo List
Content: Threat actor NEW_DAISYCLOUD shared 5,539 credential logs via cloud storage platform, distributed for free download with password protection.
Date: 2026-04-15T21:56:49Z
Network: openweb
Published URL: https://crackingx.com/threads/72236/
Screenshots:
None
Threat Actors: NEW_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Philippines travel clearance database
Category: Data Leak
Content: User shared what appears to be a database containing Philippines travel clearance records with personal information including full names, addresses, contact numbers, email addresses, and application details.
Date: 2026-04-15T21:56:18Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-TRAVEL-CLEARANCE-PHILIPPINES-3M-ROW
Screenshots:
None
Threat Actors: sh1nnysp1d3r0x
Victim Country: Philippines
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Logs
Content: A threat actor named VegaMoon shared a combolist containing 22,692 Hotmail email and password combinations on an underground forum. The credentials are described as fresh, suggesting they may be recently obtained or validated.
Date: 2026-04-15T21:52:43Z
Network: openweb
Published URL: https://xforums.st/threads/22-692-hotmail-fresh-combolist.608445/
Screenshots:
None
Threat Actors: VegaMoon
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of stealer logs containing credentials
Category: Logs
Content: Actor UP_DAISYCLOUD distributed a collection of 5,539 stealer logs dated April 16 via cloud storage platform. The logs likely contain stolen credentials and browser data harvested by information stealing malware.
Date: 2026-04-15T21:35:52Z
Network: openweb
Published URL: https://darkforums.su/Thread-%F0%9F%9A%80-5539-LOGS-CLOUD-%E2%98%81-16-APRIL-%E2%9D%A4%EF%B8%8F-FRESH-LOGS%E2%9D%97%EF%B8%8F
Screenshots:
None
Threat Actors: UP_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged purchase request for Gmail credential lists
Category: Initial Access
Content: Threat actor requesting to purchase Gmail credential lists for alleged email deliverability testing purposes. The actor claims they only need temporary access without changing passwords or accessing account contents.
Date: 2026-04-15T21:33:17Z
Network: openweb
Published URL: https://darkforums.su/Thread-BUYING-Gmail-combos-that-actually-work
Screenshots:
None
Threat Actors: JazzWizardry
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged request to purchase Gmail and Outlook credential lists
Category: Data Breach
Content: Threat actor seeks to purchase working email credential combinations for Gmail and Outlook accounts for alleged deliverability testing purposes. The actor claims they will not compromise the accounts but requires verified working credentials.
Date: 2026-04-15T21:32:39Z
Network: openweb
Published URL: https://darkforums.su/Thread-BUYING-email-combos-that-actually-work
Screenshots:
None
Threat Actors: JazzWizardry
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Gmail and Outlook
Victim Site: gmail.com
Alleged Sale of Ransomware-Building Tool by Infrastructure Destruction Squad
Category: Malware
Content: A threat actor operating under the Infrastructure Destruction Squad channel announced the completion of a deal involving a ransomware-building tool, which has been delivered to an unnamed client. This indicates active distribution of ransomware development capabilities.
Date: 2026-04-15T21:27:19Z
Network: telegram
Published URL: https://t.me/c/2735908986/4001
Screenshots:
None
Threat Actors: Infrastructure Destruction Squad
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged acquisition of hacking tool by blacknet-00
Category: Malware
Content: A member of the Infrastructure Destruction Squad channel, identified as blacknet-00, claims to have purchased a tool from a contact. The nature of the tool is unspecified but the channel context and phrasing suggest it is a malicious or offensive cyber tool. A photo was included with the post.
Date: 2026-04-15T21:26:53Z
Network: telegram
Published URL: https://t.me/c/2735908986/4000
Screenshots:
None
Threat Actors: blacknet-00
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials from UK, Italy, Poland and other countries
Category: Combo List
Content: A threat actor shared a combolist containing 6,646 email credentials sourced from multiple countries including the United Kingdom, Italy, and Poland. The credentials are described as verified for mail access.
Date: 2026-04-15T21:25:44Z
Network: openweb
Published URL: https://crackingx.com/threads/72234/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Russian military casualty data
Category: Data Leak
Content: Forum post claims to contain personal information of 70,000 Russian military personnel who died in war, including names, birth dates, death dates, geographic origins, ages, military units, branches, and ranks.
Date: 2026-04-15T20:53:35Z
Network: openweb
Published URL: https://pwnforums.st/Thread-Russian-death-in-the-war-70k
Screenshots:
None
Threat Actors: Tendi
Victim Country: Russia
Victim Industry: Government
Victim Organization: Russian Armed Forces
Victim Site: Unknown
Alleged cybercriminal marketplace offering illegal digital tools and services
Category: Initial Access
Content: Threat actor advertising various cybercriminal tools and services including bank logs, credit card data, SSN databases, SMTP scanners, and access tools with prices ranging from $30 to $300. The actor offers services targeting financial institutions and email systems.
Date: 2026-04-15T20:52:06Z
Network: openweb
Published URL: https://crackingx.com/threads/72229/
Screenshots:
None
Threat Actors: jimebj
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged recruitment for privilege escalation activities
Category: Initial Access
Content: Threat actor Infector is recruiting experienced penetration testers to join a private team for privilege escalation activities within their networks. The post indicates an actively developing cybercriminal operation seeking skilled personnel for unauthorized network access.
Date: 2026-04-15T20:50:07Z
Network: openweb
Published URL: https://tier1.life/thread/145
Screenshots:
None
Threat Actors: Infector
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of AstroGyani by CYKOMNEPAL
Category: Defacement
Content: On April 16, 2026, the attacker known as CYKOMNEPAL defaced the Indian astrology and spiritual services website AstroGyani (astrogyani.in). The defacement targeted a subdirectory path within the sites blog image folder rather than the homepage. No specific motive or additional technical details were disclosed in association with this incident.
Date: 2026-04-15T20:45:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834378
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: India
Victim Industry: Astrology / Spiritual Services
Victim Organization: AstroGyani
Victim Site: astrogyani.in
Alleged data leak of FTIMERBET.COM database
Category: Data Leak
Content: A threat actor claims to have leaked a database from FTIMERBET.COM containing user credentials, phone numbers, and email addresses. The post indicates this is being shared as a leak rather than sold.
Date: 2026-04-15T20:17:59Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-FTIMERBET-COM-DATABASE-LEAK-USER-PASS-PHONE-EMAIL
Screenshots:
None
Threat Actors: uz3er
Victim Country: Unknown
Victim Industry: Gaming/Gambling
Victim Organization: FTIMERBET
Victim Site: ftimerbet.com
Website Defacement of ECAN Nepal by CYKOMNEPAL
Category: Defacement
Content: A threat actor or group operating under the handle CYKOMNEPAL defaced a member detail page on the ECAN (Education Consultancy Association of Nepal) website on April 16, 2026. The incident was a targeted single-page defacement rather than a mass or home page defacement. No specific motive or server details were disclosed in connection with the attack.
Date: 2026-04-15T20:17:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834377
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Nepal
Victim Industry: Education / Professional Association
Victim Organization: ECAN (Education Consultancy Association of Nepal)
Victim Site: ecan.org.np
Alleged leak of German credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 728,678 credential pairs targeting German entities. The data was made available as a free download via a file sharing service.
Date: 2026-04-15T20:17:23Z
Network: openweb
Published URL: https://crackingx.com/threads/72228/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Minecraft server databases
Category: Data Leak
Content: A threat actor shared approximately 1,000 Minecraft server databases on a cybercrime forum. The databases were described as random collections and made available for free download to forum members.
Date: 2026-04-15T20:16:33Z
Network: openweb
Published URL: https://pwnforums.st/Thread-1k-Minecraft-dbs
Screenshots:
None
Threat Actors: australia
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German intelligence coordinates and infrastructure data
Category: Data Leak
Content: Actor SiberSLX claims to have leaked sensitive coordinates and information about German intelligence agencies (BND, BfV, MAD) and critical infrastructure locations. The data is being distributed as a password-protected ZIP file through a free download link.
Date: 2026-04-15T20:01:07Z
Network: openweb
Published URL: https://breached.st/threads/germany-important-coordinates-about-germany-leaked-download.86017/unread
Screenshots:
None
Threat Actors: SiberSLX
Victim Country: Germany
Victim Industry: Government
Victim Organization: German Intelligence Services
Victim Site: Unknown
Alleged data leak of Archetyp Market vendor data
Category: Data Leak
Content: Actor TheFallen shared vendor data allegedly scraped from Archetyp darknet market from April 2026. The data is being distributed for free download via Telegram contact.
Date: 2026-04-15T19:58:10Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-DarkWeb-Archetyp-Market-Vendor-Data-04-2026
Screenshots:
None
Threat Actors: TheFallen
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Archetyp Market
Victim Site: Unknown
Alleged data breach of the United States Holocaust Memorial Museum by Nasir
Category: Data Breach
Content: A threat actor identified as Nasir, affiliated with HANDALA HACK, claims to have breached the United States Holocaust Memorial Museum (Yad Vashem-referenced). The actor alleges possession of personal information belonging to visitors, donors, secret delegations, and purported Mossad agents operating under aliases. A proof-of-claim URL is referenced at nasir.cc/pages/Holocaust-Museum.html.
Date: 2026-04-15T19:55:47Z
Network: telegram
Published URL: https://t.me/c/3548035165/314
Screenshots:
None
Threat Actors: Nasir
Victim Country: United States
Victim Industry: Cultural Institution / Museum
Victim Organization: United States Holocaust Memorial Museum
Victim Site: Unknown
Alleged leak of email credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 47,000 email and password combinations through a paste service. The credentials are described as having good access rates for mail accounts.
Date: 2026-04-15T19:35:25Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-47k-Mail-Access-Good-Combolist
Screenshots:
None
Threat Actors: Razly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 47,000 email credentials described as having good access rates. The credentials are being distributed for free via a paste service.
Date: 2026-04-15T19:32:10Z
Network: openweb
Published URL: https://crackingx.com/threads/72227/
Screenshots:
None
Threat Actors: Cir4d
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of multiple databases containing personal information and identity documents
Category: Data Breach
Content: Threat actor jannatmirza11 claims to be selling access to multiple databases containing driver licenses, SSNs, passports, company registration documents, consumer information, phone numbers, email lists, and credentials from various sources.
Date: 2026-04-15T19:31:59Z
Network: openweb
Published URL: https://crackingx.com/threads/72226/
Screenshots:
None
Threat Actors: jannatmirza11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 47,000 email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 47,000 email credentials through a paste service. The credentials are described as having good mail access validity.
Date: 2026-04-15T19:31:37Z
Network: openweb
Published URL: https://pwnforums.st/Thread-47k-Mail-Access-Good-Combolist
Screenshots:
None
Threat Actors: Cidaxxx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of multiple identity document databases and personal information
Category: Data Breach
Content: Threat actor claims to have access to various databases containing driver licenses, SSN, passports, company registration documents, consumer information, phone lists, email lists, and credential combinations. The actor provides a Telegram contact for interested parties.
Date: 2026-04-15T19:28:34Z
Network: openweb
Published URL: https://xforums.st/threads/i-have-driver-license-ssn-passports-llc-ein-ltd.608431/
Screenshots:
None
Threat Actors: jannat123
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Hotmail credential combolists
Category: Combo List
Content: Threat actor MrCOMBOROBOA is selling credential combolists containing 1,200 Hotmail email and password combinations, with pricing structures for larger volumes including gaming and shopping site credentials.
Date: 2026-04-15T19:06:41Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1-2k-HOTMAILS-COMBO-ACCESS-MAILS-COMBO
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Hotmail
Victim Site: hotmail.com
Alleged sale of mixed email credential lists
Category: Combo List
Content: Threat actor MrCOMBOROBOA is selling access to credential lists containing 21.3k mixed email accounts, with additional offerings for bulk credentials including gaming and shopping combos ranging from 100k to 10 million records.
Date: 2026-04-15T19:05:44Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-21-3k-MIXED-MAILS-ACCESS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of USA credential combolist for account access
Category: Combo List
Content: Threat actor MrCOMBOROBOA is selling an 8,500-record USA credential combolist described as good for access along with various other credential packages and access to private combo groups for fees ranging from $30-500.
Date: 2026-04-15T19:04:51Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-8-5k-USA-GOOD-FOR-ACCESS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of corporate credential lists on cybercriminal forum
Category: Combo List
Content: Threat actor MrCOMBOROBOA is selling corporate credential lists containing 2,000 valid entries on DemonForums. The actor offers various pricing tiers for access to larger credential collections ranging from 100,000 to 10 million records, with specialized gaming and shopping combolists also available.
Date: 2026-04-15T19:03:59Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-2k-VALID-CORPS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mixed email credential combolist
Category: Combo List
Content: Threat actor MrCOMBOROBOA is selling a credential combolist containing 1,600 mixed email:password combinations. The actor operates premium Telegram channels offering various credential packages ranging from $50/week to $500/lifetime access, with bulk credential lists priced from $30 for 100k records to $300 for 10 million records.
Date: 2026-04-15T19:02:58Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1-6k-GOOD-MIXED-MAILS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mixed email credential lists by cybercriminal actor
Category: Combo List
Content: Cybercriminal actor MrCOMBOROBOA is selling access to 8.9k valid mixed email credential lists on DemonForums, with pricing tiers ranging from $30 for 100k records to $500 for lifetime access to private combo groups. The actor also operates a Telegram channel for distribution of credential lists.
Date: 2026-04-15T19:02:08Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-8-9k-VALID-MIXED-MAILS-ACCESS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of corporate email credential lists
Category: Combo List
Content: Cybercriminal actor MrCOMBOROBOA is allegedly selling access to corporate email credential lists containing 181,500 records. The threat actor offers various pricing tiers for different volumes of credential lists ranging from 100,000 to 10 million records.
Date: 2026-04-15T19:00:53Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-181-5k-CORPS-MAILS-COMBO-ACCESS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of USA credential combinations
Category: Combo List
Content: A threat actor shared a combolist containing 10,000 credential combinations allegedly from United States users on a cybercrime forum.
Date: 2026-04-15T18:59:52Z
Network: openweb
Published URL: https://crackingx.com/threads/72219/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials
Category: Combo List
Content: A threat actor leaked a collection of 15,000 valid email credentials from mixed sources. The data is being distributed as a combolist on an underground forum.
Date: 2026-04-15T18:59:37Z
Network: openweb
Published URL: https://crackingx.com/threads/72220/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of USA email credentials
Category: Combo List
Content: A threat actor leaked 2,700 fresh checked USA email credentials on a cybercrime forum. The credentials were described as recently verified and dated April 15th.
Date: 2026-04-15T18:59:21Z
Network: openweb
Published URL: https://crackingx.com/threads/72221/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of SilverBullet configuration for credential attacks
Category: Combo List
Content: Threat actor allegedly sharing a free SilverBullet configuration file optimized for mobile devices and described as fast-working for online credential attacks.
Date: 2026-04-15T18:59:05Z
Network: openweb
Published URL: https://crackingx.com/threads/72222/
Screenshots:
None
Threat Actors: Jelooos
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credentials combolist
Category: Combo List
Content: Forum user webvvork shared a combolist containing 9,000 valid email credentials. The post requires registration to view the full content and includes a Telegram contact for further communication.
Date: 2026-04-15T18:58:50Z
Network: openweb
Published URL: https://crackingx.com/threads/72224/
Screenshots:
None
Threat Actors: webvvork
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of T-Online credentials
Category: Combo List
Content: A threat actor allegedly leaked 50,000 T-Online credentials on a cybercrime forum. The data appears to be distributed as a combolist containing email and password combinations.
Date: 2026-04-15T18:58:32Z
Network: openweb
Published URL: https://crackingx.com/threads/72225/
Screenshots:
None
Threat Actors: webvvork
Victim Country: Germany
Victim Industry: Telecommunications
Victim Organization: T-Online
Victim Site: t-online.de
Alleged leak of mixed email access credentials
Category: Logs
Content: A threat actor has allegedly made available a collection of 15,000 valid email access credentials from mixed sources. The credentials appear to be distributed through a forum specializing in mail access and credential lists.
Date: 2026-04-15T18:54:04Z
Network: openweb
Published URL: https://xforums.st/threads/15k-full-valid-mail-access-mix-15-04.608426/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Pakistani government portal iams.kp.gov.pk
Category: Data Leak
Content: A threat actor claims to have leaked data from a Pakistani government website belonging to Khyber Pakhtunkhwa province (iams.kp.gov.pk). The data, reportedly available as a free compressed file download on the dark web, allegedly contains usernames, passwords, user access levels, and internal organizational information. The authenticity of the leak has not been verified. If genuine, the exposed credentials could enable unauthorized access to government systems or facilitate further attacks.
Date: 2026-04-15T18:43:50Z
Network: telegram
Published URL: https://t.me/c/1283513914/21213
Screenshots:
None
Threat Actors: Unknown
Victim Country: Pakistan
Victim Industry: Government
Victim Organization: Khyber Pakhtunkhwa Government (IAMS)
Victim Site: iams.kp.gov.pk
Alleged data leak of Gestion Kronos Canada database
Category: Data Leak
Content: A threat actor has allegedly leaked a SQL database from gestionkronos.ca containing 1.6 million records. The leaked data includes comprehensive personal information such as names, addresses, phone numbers, email addresses, passwords, employment details, financial information, and government identification numbers.
Date: 2026-04-15T18:42:36Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-gestionkronos-ca
Screenshots:
None
Threat Actors: [Mod] Tanaka
Victim Country: Canada
Victim Industry: Financial Services
Victim Organization: Gestion Kronos
Victim Site: gestionkronos.ca
Alleged data breach of Talabat Saudi Arabia user database
Category: Data Breach
Content: Threat actor claims to be selling a database containing 563,000 user records from Talabat Saudi Arabia, including personal information, contact details, account data, and demographic information. The actor is accepting escrow and trusted middlemen for transactions.
Date: 2026-04-15T18:38:19Z
Network: openweb
Published URL: https://breached.st/threads/https-www-talabat-com-563k-saudi-arabia-dataset.86016/unread
Screenshots:
None
Threat Actors: Jeffrey Epstein
Victim Country: Saudi Arabia
Victim Industry: Food Delivery
Victim Organization: Talabat
Victim Site: talabat.com
Alleged distribution of Trap Stealer 2025 infostealer malware
Category: Logs
Content: Cybercriminal shares Trap Stealer 2025 malware designed to extract login credentials, session cookies, payment information, and system metadata from infected systems. The malware is distributed through download links and appears to target browser-stored sensitive data.
Date: 2026-04-15T18:37:03Z
Network: openweb
Published URL: https://darkforums.su/Thread-Trap-Stealer-Session-cookies-and-tokens-%F0%9F%92%B3-Saved-payment-information
Screenshots:
None
Threat Actors: 1_s3p
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of Armageddon Stealer 1.0 malware
Category: Logs
Content: Threat actor distributes Armageddon Stealer 1.0 malware designed to extract sensitive data including login credentials, browser data, and financial information. The stealer operates stealthily across multiple platforms and is being made available through file hosting services.
Date: 2026-04-15T18:36:26Z
Network: openweb
Published URL: https://darkforums.su/Thread-Source-Code-Armageddon-Stealer-1-0
Screenshots:
None
Threat Actors: 1_s3p
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged rental service for IntelX OSINT platform access
Category: Logs
Content: Threat actor Chamane99 is offering rental access to IntelX intelligence platform for $15 per search, providing screen-shared searches and delivering results as zip files. This service facilitates unauthorized access to OSINT data.
Date: 2026-04-15T18:35:50Z
Network: openweb
Published URL: https://darkforums.su/Thread-RENT-INTELX-ACCOUNT
Screenshots:
None
Threat Actors: Chamane99
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 22.52 million records
Category: Logs
Content: A threat actor shared a credential combolist containing 22.52 million URL:LOG:PASS records via file sharing platform. The data is distributed for free download through a Pixeldrain link.
Date: 2026-04-15T18:35:15Z
Network: openweb
Published URL: https://darkforums.su/Thread-%E2%AD%90%EF%B8%8FURL-LOG-PASS-22-52-M-%E2%9C%85-ULP-DAXUS-PRO-UHQ-%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential logs from Mexico
Category: Logs
Content: Forum post advertising credential logs from Mexico in URL:LOGIN:PASS format, though no specific content details are provided in the visible post.
Date: 2026-04-15T18:33:15Z
Network: openweb
Published URL: https://darkforums.su/Thread-URL-LOGIN-PASS-MX-LOGS
Screenshots:
None
Threat Actors: KazeFreak
Victim Country: Mexico
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Assuréa insurance broker
Category: Data Breach
Content: Actor DumpsecV2 is selling a database dump from Assuréa insurance broker containing 139,000 car insurance records with detailed personal information including names, emails, addresses, and vehicle data. The data spans 2018-2026 and is being offered for €20,000.
Date: 2026-04-15T18:29:23Z
Network: openweb
Published URL: https://darkforums.su/Thread-FR-Assurea-AXA-%E2%80%93-Allianz-%E2%80%93-Generali-%E2%80%93-Swiss-Life-%E2%80%93-AIG
Screenshots:
None
Threat Actors: DumpsecV2
Victim Country: France
Victim Industry: Insurance
Victim Organization: Assuréa
Victim Site: Unknown
Alleged sale of supply chain data from multiple fashion and retail companies
Category: Data Breach
Content: Threat actor CoinBase_Cartel is selling supply chain data from multiple major fashion and retail brands including Lacoste, Ralph Lauren, Canada Goose, and others. Prices start from $50,000 per company dataset.
Date: 2026-04-15T18:28:48Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Supply-chain-data-Lacoste-Ralph-Lauren-Canada-Goose-and-more
Screenshots:
None
Threat Actors: CoinBase_Cartel
Victim Country: Unknown
Victim Industry: Retail and Fashion
Victim Organization: Multiple (Lacoste, Ralph Lauren, Canada Goose, Carters, New Era, Converse, Foot Locker, Spanx)
Victim Site: Unknown
Alleged data breach of Brit Hotel loyalty program
Category: Data Breach
Content: Threat actor HexDex is selling personal data of 682,662 Brit Hotel loyalty program members covering booking periods from 2016 to 2026. The data includes names, emails, phone numbers, addresses, and detailed reservation information.
Date: 2026-04-15T18:28:13Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-FR-682K-BritHotel–73188
Screenshots:
None
Threat Actors: HexDex
Victim Country: France
Victim Industry: Hospitality
Victim Organization: Brit Hotel
Victim Site: Unknown
Alleged data breach involving Indonesia taxpayer identification numbers
Category: Data Breach
Content: Threat actor OnarDev allegedly offering 6 million Indonesian taxpayer identification numbers (NPWP) on underground forum.
Date: 2026-04-15T18:27:13Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-6-MILION-INDONESIA-TAXPAYER-IDENTIFICATION-NUMBER-NPWP–73558
Screenshots:
None
Threat Actors: OnarDev
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Iranian nuclear energy database
Category: Data Leak
Content: Actor TheFallen posted about an Iranian nuclear energy database in a dark web forum, providing only a Telegram contact for further information.
Date: 2026-04-15T18:23:18Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-IRAN-Nuclear-Energy-DB
Screenshots:
None
Threat Actors: TheFallen
Victim Country: Iran
Victim Industry: Energy/Nuclear
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of UNSS French sports organization database
Category: Data Leak
Content: A threat actor leaked a database containing over 7 million records from UNSS, a French organization managing sports in middle and high schools. The leaked data includes first names, last names, phone numbers, birth dates, service names, and sport names.
Date: 2026-04-15T18:22:40Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-FR-UNSS-7M–73443
Screenshots:
None
Threat Actors: jza1337
Victim Country: France
Victim Industry: Education
Victim Organization: UNSS
Victim Site: Unknown
Alleged leak of Morocco Royal Palace staff database
Category: Data Leak
Content: A threat actor shared a database containing personal information of Royal Palace staff in Morocco, including names, birth dates, addresses, national ID numbers, and recruitment dates. The data is being distributed for free download on a cybercriminal forum.
Date: 2026-04-15T18:22:04Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-MOROCCO-Royal-Palace-Staff-Database
Screenshots:
None
Threat Actors: Rihana
Victim Country: Morocco
Victim Industry: Government
Victim Organization: Royal Palace of Morocco
Victim Site: Unknown
Alleged data leak of Universidad Latina de México database
Category: Data Leak
Content: Threat actor Lvn4t1k0 claims to have leaked the complete database of Universidad Latina de México containing user credentials, emails, and personal information. The actor also shared administrator login credentials for the universitys website.
Date: 2026-04-15T18:21:28Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-UNIVERSIDAD-LATINA-DE-MEXICO-LEAKED
Screenshots:
None
Threat Actors: Lvn4t1k0
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Universidad Latina de México
Victim Site: ulm.edu.mx
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: Threat actor snowstormxd shared fresh Hotmail credentials through external download links on the CrackingX forum. The credentials are being distributed for free via Pasteview and Telegram channels.
Date: 2026-04-15T17:59:57Z
Network: openweb
Published URL: https://crackingx.com/threads/72217/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials targeting crypto users
Category: Combo List
Content: A threat actor shared a combolist containing 594,557 Hotmail credentials specifically targeting cryptocurrency users. The credential list was made available for free download via a file hosting service.
Date: 2026-04-15T17:59:40Z
Network: openweb
Published URL: https://crackingx.com/threads/72218/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data leak of BePrime Mexican cybersecurity company
Category: Data Leak
Content: Threat actor leaked over 10 GB of data from Mexican cybersecurity company BePrime, including financial data, customer information, credentials, and data from their clients including Bafar, Alsea, and CTU. The leak includes PostgreSQL databases, Meraki API keys controlling 1,858 devices, Salesforce CRM data, and 2.58 million WiFi tracking records.
Date: 2026-04-15T17:57:42Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-LEAK-BEPRIME-MEXICAN-CYBERSECURITY-PRIVATE-COMPANY
Screenshots:
None
Threat Actors: dylanmarly
Victim Country: Mexico
Victim Industry: Cybersecurity
Victim Organization: BePrime
Victim Site: Unknown
Alleged data breach of SENIAT Venezuela tax authority database
Category: Data Breach
Content: Threat actor claims to have breached the Venezuelan SENIAT tax authority system and extracted 13.8 million records containing personal and business information including tax IDs, addresses, phone numbers, and business registration details. The data includes 12.3 million natural person records and 1.5 million legal entity records with comprehensive personal and financial information.
Date: 2026-04-15T17:56:31Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-SENIAT-2026-VENEZUELA-13-8M-DATA-RECORDS-EMAILS-ADDRESSES-AND-PHONE-NUMBERS
Screenshots:
None
Threat Actors: GordonFreeman
Victim Country: Venezuela
Victim Industry: Government
Victim Organization: SENIAT
Victim Site: Unknown
Alleged data leak of Treasurenet database
Category: Data Leak
Content: Threat actor Asha claims to have leaked a database from Treasurenet and is offering it as a free download on a dark web forum.
Date: 2026-04-15T17:53:58Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Treasurenet-Database-Leaked-Download
Screenshots:
None
Threat Actors: Asha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Treasurenet
Victim Site: Unknown
Website Defacement of Atomic Wallet Impersonation Site by xNight (JBR Team)
Category: Defacement
Content: On April 16, 2026, a threat actor operating under the alias xNight, affiliated with the group JBR, performed a homepage defacement of atomicwallet-pro.info, a domain impersonating the legitimate Atomic Wallet cryptocurrency service. The defacement targeted the homepage directly and was not part of a mass defacement campaign. The site appears to be a fraudulent or phishing domain mimicking the Atomic Wallet brand, adding a layer of complexity to the incident as both the impersonation site and its defacement may indicate competing malicious actor activity.
Date: 2026-04-15T17:53:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834370
Screenshots:
None
Threat Actors: xNight, JBR
Victim Country: Unknown
Victim Industry: Cryptocurrency / Financial Technology
Victim Organization: Atomic Wallet Pro (Impersonation/Fraudulent Site)
Victim Site: atomicwallet-pro.info
Alleged data leak from IVOO organization
Category: Data Leak
Content: A threat actor allegedly leaked data from IVOO organization and made it available for download on underground forums.
Date: 2026-04-15T17:49:05Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-IVOO-Leaked-Download
Screenshots:
None
Threat Actors: anonmoose
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: IVOO
Victim Site: Unknown
AlpesCloud Status
Category: Cyber Attack
Content: LESN Dialogue Logique a subi une cyberattaque denvergure le 13 avril 2026, entraînant lisolement immédiat de ses infrastructures datacenter pour protéger les données. Les équipes techniques et des experts en cybersécurité collaborent avec les autorités fédérales et la police cantonale pour analyser lintrusion et neutraliser la menace. Le rétablissement progressif des services est ralenti par des contrôles de sécurité rigoureux visant à garantir un environnement sain après lattaque.
Date: 2026-04-15T17:48:33Z
Network: openweb
Published URL: https://status.dlnet.ch
Screenshots:
None
Threat Actors:
Victim Country: Switzerland
Victim Industry: Unknown
Victim Organization: Dialogue Logique
Victim Site: dlnet.ch
Alleged leak of Hotmail credentials
Category: Combo List
Content: Forum post claims to contain valid, untouched Hotmail credential hits. The actual content is hidden behind registration requirements, making verification of claims impossible.
Date: 2026-04-15T17:47:59Z
Network: openweb
Published URL: https://crackingx.com/threads/72215/
Screenshots:
None
Threat Actors: Jelooos
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Spotify credentials
Category: Combo List
Content: Threat actor CODER is distributing a Spotify credential list containing 7 million records through Telegram channels. The combolist is being shared for free through dedicated Telegram groups.
Date: 2026-04-15T17:47:41Z
Network: openweb
Published URL: https://crackingx.com/threads/72216/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Entertainment/Media
Victim Organization: Spotify
Victim Site: spotify.com
Alleged data breach of Abrigo, Inc.
Category: Data Breach
Content: ShinyHunters group allegedly breached Abrigo, Inc. through Salesforce access in April 2026, compromising over 1.75 million records containing usernames, full names, email addresses, phone numbers, and employee details. When ransom demands were refused, the group released the stolen data.
Date: 2026-04-15T17:47:00Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Abrigo-Inc-abrigo-com-2026-04-12-1-75M-Users
Screenshots:
None
Threat Actors: thelastwhitehat
Victim Country: United States
Victim Industry: Financial Technology
Victim Organization: Abrigo, Inc.
Victim Site: abrigo.com
Alleged SCADA System Compromise of Bohemia Controls by Hider_Nex
Category: Cyber Attack
Content: Threat actor Hider_Nex claims to have fully compromised and destroyed the SCADA system of Bohemia Controls s.r.o., a Czech industrial automation and control systems company. The actor claims control over machine operation/shutdown, temperature and pressure control, liquid and gas flow (valves and pumps), alarm management, data collection, and interconnected plant systems. The post is tagged with #OpCzech suggesting a politically motivated campaign targeting Czech Republic infrastructure. The actor is identified as Tunisian (🇹🇳) and references Palestinian solidarity (🇵🇸). They warn of further SCADA attacks.
Date: 2026-04-15T17:39:34Z
Network: telegram
Published URL: https://t.me/c/3103513353/431
Screenshots:
None
Threat Actors: Hider_Nex
Victim Country: Czech Republic
Victim Industry: Industrial Automation / Critical Infrastructure
Victim Organization: Bohemia Controls s.r.o.
Victim Site: bohemiacontrols.cz
Alleged leak of mixed email service credentials
Category: Combo List
Content: Threat actor alphaxdd shared a combolist containing 4,229 mixed email credentials including Hotmail accounts. The credentials are described as premium quality hits and are being distributed through hidden content on the forum.
Date: 2026-04-15T17:32:50Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9A%A1%E2%9A%A1-4229x-PREMIUM-MIX-MAIL-HITS%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 61,000 German email credentials with full access claims on an underground forum.
Date: 2026-04-15T17:32:22Z
Network: openweb
Published URL: https://demonforums.net/Thread-61K-Germany-Full-Valid-Mail-Acceess-15-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Forum post sharing a combolist containing 44,000 Hotmail email and password combinations. The credentials are being distributed through hidden content on the forum, with the author also promoting their shop for additional credential lists.
Date: 2026-04-15T17:31:54Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-Hotmail-Unique-Combo-6-44000
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed email credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 4,229 mixed email credentials, described as premium quality hits including Hotmail accounts, distributed via Telegram contact.
Date: 2026-04-15T17:31:40Z
Network: openweb
Published URL: https://crackingx.com/threads/72209/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 61,000 German email credentials with full access claims on an underground forum.
Date: 2026-04-15T17:31:29Z
Network: openweb
Published URL: https://crackingx.com/threads/72210/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 54,000 German email and password combinations through a free download link on a cybercrime forum.
Date: 2026-04-15T17:31:26Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-54K-GERMANY-FULL-VALID
Screenshots:
None
Threat Actors: COYTO
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 44,000 unique Hotmail email and password combinations on a cybercriminal forum.
Date: 2026-04-15T17:31:12Z
Network: openweb
Published URL: https://crackingx.com/threads/72212/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Cyber Threat by Golden Falcon Against US Critical Infrastructure
Category: Cyber Attack
Content: Threat actor group Golden Falcon posted a message claiming to have intelligence-level access and control over United States critical infrastructure, specifically referencing airports, subway systems, and electrical facilities. The message is framed as a geopolitical warning in the context of US-Iran tensions, suggesting the group may be Iran-aligned or Iran-affiliated.
Date: 2026-04-15T17:21:47Z
Network: telegram
Published URL: https://t.me/c/2245031785/643
Screenshots:
None
Threat Actors: Golden Falcon
Victim Country: United States
Victim Industry: Critical Infrastructure
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Japanese email credentials
Category: Logs
Content: A threat actor shared a collection of 3,800 valid Japanese email credentials on an underground forum. The credentials are described as full valid mail access suggesting they provide complete access to the compromised email accounts.
Date: 2026-04-15T17:20:48Z
Network: openweb
Published URL: https://xforums.st/threads/3-8k-japan-full-valid-mail-access-15-04.608416/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Japanese email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 3,800 Japanese email credentials with full access claims on a cybercrime forum.
Date: 2026-04-15T17:09:45Z
Network: openweb
Published URL: https://demonforums.net/Thread-3-8K-JAPAN-Full-Valid-Mail-Access-15-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 27.86 million records
Category: Combo List
Content: Threat actor Daxus leaked a credential combolist containing 27.86 million URL:username:password combinations in UHQ+ format. The combolist is being distributed through the actors website and Telegram channel.
Date: 2026-04-15T17:07:57Z
Network: openweb
Published URL: https://crackingx.com/threads/72204/
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of IPTV Xtream credentials
Category: Combo List
Content: Threat actor shared 30 IPTV Xtream account credentials for free download on cybercriminal forum. The credentials appear to have an expiration date of April 12, 2026.
Date: 2026-04-15T17:07:38Z
Network: openweb
Published URL: https://crackingx.com/threads/72205/
Screenshots:
None
Threat Actors: ouaaka_06
Victim Country: Unknown
Victim Industry: Media and Entertainment
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Russian email credentials
Category: Combo List
Content: Threat actor shares fresh Russian email credential lists through Telegram channel and file sharing platform. Claims to add new credential databases daily with only current and valid entries.
Date: 2026-04-15T17:07:24Z
Network: openweb
Published URL: https://crackingx.com/threads/72206/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Japan email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 3,800 Japanese email credentials with full access on an underground forum.
Date: 2026-04-15T17:07:06Z
Network: openweb
Published URL: https://crackingx.com/threads/72207/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of email credential combolists via Telegram
Category: Combo List
Content: Threat actor CODER is distributing email credential combolists through Telegram channels, offering free access to credential lists and programs for cybercriminal activities.
Date: 2026-04-15T17:06:49Z
Network: openweb
Published URL: https://crackingx.com/threads/72208/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Russian email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 3,300 Russian email credentials on an underground forum. The credentials appear to be email access combinations targeting Russian users.
Date: 2026-04-15T17:00:24Z
Network: openweb
Published URL: https://demonforums.net/Thread-3-3K-Russian-Mail-Access-By-MegaCloud-15-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Russian email credentials
Category: Combo List
Content: A threat actor leaked 3,300 Russian email access credentials on a cybercriminal forum. The credentials are allegedly sourced from MegaCloud and dated April 15th.
Date: 2026-04-15T16:59:39Z
Network: openweb
Published URL: https://crackingx.com/threads/72203/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credential combolist with 2FA bypass claims
Category: Combo List
Content: A threat actor shared a credential combolist containing email and password combinations, claiming the credentials can bypass 2FA authentication. The post contains hidden content requiring forum registration to access the actual data.
Date: 2026-04-15T16:59:12Z
Network: openweb
Published URL: https://pwnforums.st/Thread-Combo-Mail-pass-2fa-Hit-1X
Screenshots:
None
Threat Actors: sxxone
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of multiple websites by TEGAL CYBER TEAM (Mr.SonicX)
Category: Defacement
Content: Threat actor Mr.SonicX affiliated with TEGAL CYBER TEAM claims to have defaced four websites: aliah.ac.in (India – educational institution), aemovers.com.hk (Hong Kong – moving/logistics company), sci.ruh.ac.lk (Sri Lanka – university science faculty), and journalofhospitalpharmacy.in (India – pharmaceutical journal). The post includes photos as proof of defacement.
Date: 2026-04-15T16:56:52Z
Network: telegram
Published URL: https://t.me/c/3528849141/289
Screenshots:
None
Threat Actors: Mr.SonicX
Victim Country: India, Hong Kong, Sri Lanka
Victim Industry: Education, Logistics, Healthcare/Publishing
Victim Organization: Aliah University, AE Movers, University of Ruhuna Faculty of Science, Journal of Hospital Pharmacy
Victim Site: aliah.ac.in, aemovers.com.hk, sci.ruh.ac.lk, journalofhospitalpharmacy.in
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor known as HollowKnight07 has made available a sample combolist of 555 Hotmail credentials on the cracking forum CrackingX. The post offers a free download link described as a sample, suggesting it may be a preview of a larger credential list. The data likely consists of email and password combinations associated with Hotmail accounts.
Date: 2026-04-15T16:34:14Z
Network: openweb
Published URL: https://crackingx.com/threads/72193/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of 1,700 French email access credentials
Category: Combo List
Content: A threat actor operating under the alias MailAccesss has shared a combolist of approximately 1,700 checked French email access credentials on the cracking forum CrackingX. The list is dated April 15 and is described as fresh and verified. The content is accessible to registered forum members at no stated cost.
Date: 2026-04-15T16:33:40Z
Network: openweb
Published URL: https://crackingx.com/threads/72194/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor known as ValidMail has made available a combolist of approximately 45,000 Hotmail domain credentials on the cracking forum CrackingX. The list is claimed to be valid as of April 15, 2026. The content is restricted to registered or signed-in forum members.
Date: 2026-04-15T16:33:12Z
Network: openweb
Published URL: https://crackingx.com/threads/72195/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor known as HollowKnight shared a sample combolist containing 555 Hotmail email and password combinations on the DemonForums combolist section. The content is gated behind registration or login, suggesting it is offered as a free sample, potentially to promote a larger credential list. No price or payment mechanism was explicitly mentioned in the post.
Date: 2026-04-15T16:32:38Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-555x-SAMPLE-HOTMAIL-%E2%9A%A1%E2%9A%A1–200520
Screenshots:
None
Threat Actors: HollowKnight
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed credential combolist with 46,075 lines
Category: Combo List
Content: A threat actor known as Browzchel has shared a mixed combolist containing 46,075 lines of credentials on the cracking forum CrackingX. The content appears to be freely distributed and is also promoted via a Telegram channel (@BossBrowz). No specific victim organization or country has been identified, suggesting this is an aggregated mix from multiple sources.
Date: 2026-04-15T16:32:34Z
Network: openweb
Published URL: https://crackingx.com/threads/72196/
Screenshots:
None
Threat Actors: Browzchel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of 165K USA-Targeted Credential Combolist
Category: Combo List
Content: A threat actor operating under the alias Ra-Zi is selling a combolist of approximately 165,000 credentials targeted at USA-based users, with additional offerings covering multiple countries and email providers including AOL, Yahoo, Hotmail, and Outlook. The combolist contains email:password and username:password combinations. The actor promotes their services via a Telegram channel and a dedicated cracking website, with purchase inquiries directed to the Telegram handle @KOCsupport.
Date: 2026-04-15T16:32:11Z
Network: openweb
Published URL: https://demonforums.net/Thread-165K-USA-TARGETED-COMBOLIST
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Chinese mail access credentials
Category: Combo List
Content: A threat actor on the cracking forum CrackingX has made available a credential list containing approximately 3,100 Chinese mail access credentials, claimed to be valid as of April 15. The post offers access to the content for registered forum users at no stated price. The specific mail providers or organizations affected are not identified in the post.
Date: 2026-04-15T16:32:05Z
Network: openweb
Published URL: https://crackingx.com/threads/72197/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor operating under the alias ValidMail has made available a combolist of approximately 45,000 Hotmail email:password credential pairs, claimed to be valid as of April 15, 2026. The content is gated behind forum registration or login, and the actor promotes associated Telegram and shop channels, suggesting a broader credential distribution operation.
Date: 2026-04-15T16:31:53Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%99%8B-45k-HOTMAIL-DOMAIN-WITH-VALID-15-04-26-%E2%99%8B
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of 1,700 French email credentials
Category: Combo List
Content: A threat actor operating under the alias MegaCloudshop has made available a combolist containing approximately 1,700 checked email credentials targeting French users, dated April 15. The credential list is described as fresh and verified, suggesting the accounts were recently validated for access. The post directs users to a storefront at megacloudshop.top, indicating a commercially motivated threat actor.
Date: 2026-04-15T16:31:36Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1-7K-France-Fresh-Checked-Mail-Access-15-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of 165,000 USA-targeted credential combolist
Category: Combo List
Content: A threat actor known as steeve75 is selling a combolist of approximately 165,000 USA-targeted credentials on the CrackingX forum. The offering includes email:password and username:password combinations sourced from multiple email providers including AOL, Yahoo, Hotmail, and Outlook, spanning several countries. Interested buyers are directed to contact the seller via Telegram at @KOCsupport.
Date: 2026-04-15T16:31:24Z
Network: openweb
Published URL: https://crackingx.com/threads/72199/
Screenshots:
None
Threat Actors: steeve75
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Bulk Fake X (Twitter) Followers and Engagement Manipulation Service
Category: Combo List
Content: A threat actor operating under the alias Bulkorders0007 is selling bulk fake followers for X (Twitter), offering packages ranging from 2,000 to 100,000 followers for prices between $70 and $999. The service claims to use aged, active accounts with complete profiles and offers a non-drop guarantee with refill policy. Additionally, the actor is selling verified X followers purportedly to help buyers meet minimum requirements for Xs revenue sharing and subscription monetization features, accepti
Date: 2026-04-15T16:31:18Z
Network: openweb
Published URL: https://demonforums.net/Thread-Selling-bulk-X-Twitter-followers-Non-drop
Screenshots:
None
Threat Actors: Bulkorders0007
Victim Country: Unknown
Victim Industry: Social Media
Victim Organization: X (Twitter)
Victim Site: x.com
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor known as alphaxdd has made available a combolist containing 1,155 alleged valid Hotmail credentials on the cracking forum CrackingX. The post describes the credentials as premium hits associated with private cloud access and mixed mail accounts. The actor can be contacted via Telegram handle alphaaxd and offers the content as a free download.
Date: 2026-04-15T16:31:06Z
Network: openweb
Published URL: https://crackingx.com/threads/72200/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged leak of mixed email and password combolist with 46,075 credentials
Category: Combo List
Content: A threat actor operating under the alias stormtrooper has made available a mixed combolist containing 46,075 email and password combinations on DemonForums. The content is hidden behind a registration or login requirement on the forum. The actor also promotes a Telegram channel (@BossBrowz) likely used for further distribution of similar credential lists.
Date: 2026-04-15T16:30:59Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-46-075-Lines-Fresh-Mix-Combolist
Screenshots:
None
Threat Actors: stormtrooper
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 3,100 Chinese email credentials
Category: Combo List
Content: A threat actor known as MegaCloudshop has made available a combolist containing approximately 3,100 Chinese email account credentials, reportedly validated on April 15. The content is hidden behind a registration or login requirement on the forum. The actor also promotes a storefront at megacloudshop.top, suggesting a pattern of credential trafficking activity.
Date: 2026-04-15T16:30:41Z
Network: openweb
Published URL: https://demonforums.net/Thread-3-1K-China-Mail-Access-Valid-15-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor known as alphaxdd shared a combolist of 1,155 alleged valid Hotmail credentials on the DemonForums combolist section. The post describes the content as premium hits from a private cloud source with mixed mail types. Access to the hidden content requires registration or login on the forum.
Date: 2026-04-15T16:30:21Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1155x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Data Leak of Centro Regional de Educación Normal Guerrero Student Database
Category: Data Leak
Content: A threat actor identified as Z3r00 has publicly shared a database dump allegedly belonging to the Centro Regional de Educación Normal in Guerrero, Mexico. The leaked database contains detailed student academic and personal records including names, enrollment data, academic program details, geographic identifiers, scholarship information, economic support amounts, and disability indicators. The data has been made available via a free download link and promoted through Telegram channels.
Date: 2026-04-15T16:29:05Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-GUERRERO-CENTRO-REGIONAL-DE-EDUCACION-NORMAL-5280
Screenshots:
None
Threat Actors: Z3r00
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Centro Regional de Educación Normal Guerrero
Victim Site: Unknown
Alleged leak of mixed-domain email credential combolist
Category: Logs
Content: A threat actor operating under the alias ValidMail has made available a mixed-domain combolist containing approximately 170,000 email credential pairs, claimed to have been validated on April 15, 2026. The list spans multiple email domains and is being distributed on the XF criminal forum. No specific victim organization or industry has been identified, as the credentials appear to be aggregated from various sources.
Date: 2026-04-15T16:20:48Z
Network: openweb
Published URL: https://xforums.st/threads/170k-mix-domain-with-valid-15-04-26.608408/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Autovista Applications – JD Power Autovista
Category: Cyber Attack
Content: Autovista is currently experiencing a ransomware cyberattack affecting some of its systems in Europe and Australia. External experts have been mobilized to conduct a thorough investigation and contain the incident, which is notably disrupting email access for some employees. Priority is being given to the secure restoration of impacted applications, although no precise timeline has yet been established.
Date: 2026-04-15T16:18:29Z
Network: openweb
Published URL: https://autovista.com/service-update-1/
Screenshots:
None
Threat Actors:
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Autovista
Victim Site: autovista.com
Alleged leak of mixed-domain email credentials combolist
Category: Combo List
Content: A threat actor operating under the alias ValidMail has made available a combolist of approximately 170,000 email:password credential pairs spanning multiple domains, claimed to be valid as of April 15, 2026. The content is hidden behind a registration or login wall on the forum. The actor also promotes a Telegram channel and an external shop at validmail.store, suggesting a broader credential distribution operation.
Date: 2026-04-15T16:06:52Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%99%8B-170k-MIX-DOMAIN-WITH-VALID-15-04-26-%E2%99%8B
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed-domain credential combolist
Category: Combo List
Content: A threat actor operating under the alias ValidMail has made available a mixed-domain combolist containing approximately 170,000 credential pairs on the cracking forum CrackingX. The post, dated April 26, 2025, claims the credentials are valid. No specific victim organization or country has been identified, as the list spans multiple domains.
Date: 2026-04-15T16:06:48Z
Network: openweb
Published URL: https://crackingx.com/threads/72192/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of fresh multi-country combolists with keyword filtering and inbox validation
Category: Combo List
Content: A threat actor operating as mu is selling fresh combolists covering multiple countries including UK, DE, JP, NL, BR, PL, ES, US, and IT. The actor claims to offer keyword-filtered credentials for major platforms including eBay, OfferUp, PSN, Booking.com, Uber, Poshmark, Alibaba, Walmart, Amazon, Mercari, Kleinanzeigen, and Neosurf. The actor also claims access to a private cloud and valid ntlworld webmails with inbox verification capability.
Date: 2026-04-15T16:06:06Z
Network: telegram
Published URL: https://t.me/c/2613583520/63163
Screenshots:
None
Threat Actors: mu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Russian Federal Border Service Kordon System Border Crossing Records
Category: Data Leak
Content: A threat actor has made available an alleged database dump of the Russian Federal Border Services Kordon border monitoring system, purportedly compromised in September 2023. The dataset contains approximately 1.098 billion records covering border crossings from 2014 to 2023, with data on roughly 79.5 million unique individuals including foreign nationals. Leaked fields include full names, dates of birth, passport and travel document details, citizenship, border checkpoint data, transport mode
Date: 2026-04-15T16:06:00Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Data-Leak-%D0%9A%D0%BE%D1%80%D0%B4%D0%BE%D0%BD-Russian-Federal-Border-Service-2023-FULL
Screenshots:
None
Threat Actors: gosee
Victim Country: Russia
Victim Industry: Government
Victim Organization: Russian Federal Border Service (Kordon System)
Victim Site: Unknown
Alleged leak of mixed email credential combolist
Category: Combo List
Content: A threat actor operating under the alias klyne05 has made available a mixed email combolist on the cracking forum CrackingX, described as private and freshly verified. The post offers a free download of the credential list, which has reportedly been checked by the same user. No specific victim organization or record count was disclosed.
Date: 2026-04-15T15:40:03Z
Network: openweb
Published URL: https://crackingx.com/threads/72188/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credential combolist by threat actor klyne05
Category: Combo List
Content: A threat actor operating under the alias klyne05 has shared a mixed email:password combolist on Demonforums, described as private and freshly checked. The content is hidden behind a registration or login wall with a like-to-unlock mechanism, limiting visibility into the exact scope and origin of the credentials. No specific victim organization, record count, or targeted service has been identified.
Date: 2026-04-15T15:39:58Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1MIX-MAIL%E2%9A%A1%E2%9A%A1PRIVATE%E2%9A%A1%E2%9A%A1FRESH%E2%9A%A1%E2%9A%A1CHEKED-BY-klyne05-%E2%9A%A1%E2%9A%A1–200516
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor operating under the alias UniqueCombo has made available a combolist allegedly containing 44,000 unique Hotmail credentials on the cracking forum CrackingX. The post is gated behind registration or sign-in, limiting full visibility into the data. The combolist likely contains email and password pairs associated with Hotmail accounts.
Date: 2026-04-15T15:39:47Z
Network: openweb
Published URL: https://crackingx.com/threads/72189/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias UniqueCombo has made available a combolist containing approximately 44,000 Hotmail email and password combinations on Demon Forums. The content is hidden behind a registration or login requirement. The actor also promotes a shop (unique-combo.shop) offering combolists from various countries upon request.
Date: 2026-04-15T15:39:37Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-Hotmail-Unique-Combo-5-44000
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged leak of Office 365 and Apple credential combolist
Category: Combo List
Content: A threat actor operating under the alias CODER has made available an alleged combolist of approximately 8 million credentials targeting Office 365 and Apple accounts via a Telegram channel. The post promotes free combo and program distribution through two Telegram groups. No price was mentioned, indicating the content is being freely distributed.
Date: 2026-04-15T15:39:21Z
Network: openweb
Published URL: https://crackingx.com/threads/72190/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft, Apple
Victim Site: office.com, apple.com
Alleged leak of Hotmail and mixed credentials combolist
Category: Combo List
Content: A threat actor operating under the alias Roronoa044 on DemonForums has made available a combolist containing approximately 2,761 alleged valid credentials, including Hotmail accounts and a mixed credential set described as UHQ (ultra-high quality). The content is hidden behind a registration wall and the actor directs users to a Telegram account (@noiraccesss) for further access. No price is mentioned, suggesting this is a free distribution.
Date: 2026-04-15T15:39:16Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X2761-Valid-UHQ-Mix-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: hotmail.com
Alleged leak of Hotmail and mixed credentials combolist
Category: Combo List
Content: A threat actor operating under the alias noir has made available a combolist of approximately 2,761 allegedly valid credentials on the cracking forum CX. The post claims the list includes valid Hotmail accounts and a mixed credential set described as UHQ (ultra-high quality). The actor promotes a Telegram channel (@NoirAccesss) for further contact, and the content is gated behind forum registration.
Date: 2026-04-15T15:39:03Z
Network: openweb
Published URL: https://crackingx.com/threads/72191/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Microsoft (Hotmail)
Victim Site: hotmail.com
Alleged Data Leak of replicascamisetasnba.com Customer Database
Category: Data Leak
Content: A threat actor using the alias Bambi has freely shared a database dump allegedly belonging to replicascamisetasnba.com, a Spanish e-commerce site selling replica NBA jerseys. The leaked data contains approximately 25,000 customer records including personally identifiable information such as full names, email addresses, phone numbers, physical addresses, hashed passwords with salts, and linked social account identifiers. The database appears to originate from an osCommerce-based platform and is
Date: 2026-04-15T15:38:10Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-replicascamisetasnba-com-Free-Database-Spain-25K-customer-address-order
Screenshots:
None
Threat Actors: Bambi
Victim Country: Spain
Victim Industry: E-Commerce / Retail
Victim Organization: replicascamisetasnba.com
Victim Site: replicascamisetasnba.com
Alleged Data Leak of boston.academy Database
Category: Data Leak
Content: A threat actor known as Bambi has allegedly made available a database associated with boston.academy on a cybercrime forum. The post offers the data for free, though no further details regarding the content, size, or nature of the data are available due to absent post content.
Date: 2026-04-15T15:20:16Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Database-FREE-boston-academy
Screenshots:
None
Threat Actors: Bambi
Victim Country: United States
Victim Industry: Education
Victim Organization: Boston Academy
Victim Site: boston.academy
Alleged Data Leak of vibrantsecurities.com Database from India
Category: Data Leak
Content: A threat actor known as Bambi has allegedly made available a free database dump associated with vibrantsecurities.com, an Indian financial services entity. The post was shared on a cybercrime forum under the databases section. No further details regarding the volume or specific contents of the data are available from the post.
Date: 2026-04-15T15:18:15Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-vibrantsecurities-com-Free-database-from-India
Screenshots:
None
Threat Actors: Bambi
Victim Country: India
Victim Industry: Financial Services
Victim Organization: Vibrant Securities
Victim Site: vibrantsecurities.com
Alleged leak of WordPress credentials or data shared via Telegram
Category: Combo List
Content: A threat actor operating under the alias zod has shared what is described as a WordPress-related combolist or data dump on the CrackingX forum. The content is gated and requires forum registration to access, with the password distributed via a Telegram channel. No specific victim organization, record count, or geographic scope has been identified from the available information.
Date: 2026-04-15T15:17:13Z
Network: openweb
Published URL: https://crackingx.com/threads/72187/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of MayMovil Customer Database from Spain
Category: Data Leak
Content: A threat actor operating under the alias Bambi has allegedly leaked a database associated with MayMovil, a Spanish telecommunications provider. The leaked data reportedly includes customer information, addresses, and order records. The database was made available for free on a cybercrime forum.
Date: 2026-04-15T15:16:13Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-maymovil-com-Free-Database-from-Spain-customer-address-order
Screenshots:
None
Threat Actors: Bambi
Victim Country: Spain
Victim Industry: Telecommunications
Victim Organization: MayMovil
Victim Site: maymovil.com
Alleged Data Leak of PicBackMan User Database with Credentials
Category: Data Leak
Content: A threat actor operating under the alias Bambi has freely distributed an alleged database dump from picbackman.com, a photo and video backup service. The leaked data contains approximately 160,000 records including user login IDs, email addresses, plaintext passwords, MD5-hashed passwords, salted hashes, confirmation codes, payment status, and application usage metadata. The database appears to contain structured user account data with multiple sensitive fields, including some records associat
Date: 2026-04-15T15:14:09Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-picbackman-com-Database160K-Email-password-MD5
Screenshots:
None
Threat Actors: Bambi
Victim Country: Unknown
Victim Industry: Technology / Cloud Storage
Victim Organization: PicBackMan
Victim Site: picbackman.com
Alleged PoC Exploit Targeting Lockheed Martin & DroneArm Servers
Category: Vulnerability
Content: A threat actor is sharing or advertising a Proof of Concept (PoC) exploit (labeled as version 5) targeting Lockheed Martin and DroneArm server infrastructure via a private Telegram channel link.
Date: 2026-04-15T15:06:51Z
Network: telegram
Published URL: https://t.me/c/3575098403/122
Screenshots:
None
Threat Actors: Brona Blanco
Victim Country: United States
Victim Industry: Defense & Aerospace
Victim Organization: Lockheed Martin
Victim Site: Unknown
Alleged leak of mixed domain credential combolist
Category: Logs
Content: A threat actor known as VegaMoon has made available a combolist containing 21,304 allegedly valid credentials spanning mixed domains. The post was shared on XF, a forum focused on mail access and combolists. The specific organizations or countries affected are unknown due to the mixed-domain nature of the list.
Date: 2026-04-15T15:06:06Z
Network: openweb
Published URL: https://xforums.st/threads/21-304-valid-mixed-domains.608403/
Screenshots:
None
Threat Actors: VegaMoon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Premium SMTP Service with Dedicated IP for Spam Operations
Category: Initial Access
Content: A threat actor operating under the alias Skybat is allegedly selling access to a premium SMTP service capable of sending up to 25,000 emails per day across all domains, with a dedicated IP address. The service appears designed to facilitate bulk email or spam campaigns. No specific victim organization or country has been identified.
Date: 2026-04-15T14:55:20Z
Network: openweb
Published URL: https://breached.st/threads/premium-smtp-inbox-all-domains-25k-day-dedicated-ip.86012/unread
Screenshots:
None
Threat Actors: Skybat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Global SMS Sending Service with Custom Sender ID Spoofing
Category: Initial Access
Content: A threat actor operating under the alias Skybat is advertising a global SMS sending service on a cybercrime forum, offering capabilities including custom sender ID spoofing, smart sender rotation, and API integration. The service claims to support up to 20,000 SMS per day with worldwide reach, enabling phishing, smishing, or spam campaigns at scale. Interested parties are directed to contact @serv9 via Telegram.
Date: 2026-04-15T14:54:50Z
Network: openweb
Published URL: https://breached.st/threads/global-sms-sender-custom-id.86014/unread
Screenshots:
None
Threat Actors: Skybat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Distribution of AIO Gift Card Code Generator Tool by Threat Actor Acquire
Category: Data Leak
Content: A threat actor operating under the alias Acquire has made available a console-based tool dubbed AIO Giftcard Generator on a cracking forum. The tool claims to generate code-pattern strings mimicking gift card formats for multiple platforms including Amazon, Steam, Xbox, PlayStation, Roblox, Netflix, and others. The tool is shared as a free download and is flagged on VirusTotal, with the post itself warning users to disable antivirus software to run it, suggesting potential malicious function
Date: 2026-04-15T14:53:36Z
Network: openweb
Published URL: https://demonforums.net/Thread-AIO-Giftcard-Generator-by-Acquire–200513
Screenshots:
None
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: E-Commerce, Gaming, Entertainment
Victim Organization: Amazon, Steam, Xbox, PlayStation, Roblox, Fortnite, eBay, Netflix, iTunes, PayPal, Minecraft
Victim Site: Unknown
Alleged Distribution of Cracked Premium Trading Tools and Crypto Bot Pack
Category: Data Leak
Content: A threat actor on DemonForums has made available a cracked bundle of premium trading platforms and crypto automation bots, including tools associated with TradingView, Thinkorswim, MetaStock, and exchange bots for Binance, BitMex, and Poloniex. The pack is distributed as a free download and includes mixed cracked builds with scene-style releases. The post explicitly warns that the tools may be flagged as malware by antivirus software, indicating a significant risk of embedded malicious code targ
Date: 2026-04-15T14:53:13Z
Network: openweb
Published URL: https://demonforums.net/Thread-Premium-Trading-Tools-Pack-Cracked
Screenshots:
None
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Financial Services / Trading Software
Victim Organization: TradingView, Thinkorswim, MetaStock, and others
Victim Site: Unknown
Alleged leak of mixed-domain email credentials combolist
Category: Combo List
Content: A threat actor operating under the alias VegaM has made available a combolist containing 21,304 alleged valid email and password credential pairs spanning multiple domains. The credentials were shared for free via an external paste service. No specific victim organization or country has been identified, as the list appears to aggregate credentials from various sources.
Date: 2026-04-15T14:52:39Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-21-304-Valid-Mixed-Domains
Screenshots:
None
Threat Actors: VegaM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of payment card dumps with PINs targeting multiple countries
Category: Combo List
Content: A threat actor operating under the alias 6xprocrd and contactable via Telegram handle ColdApollo is selling payment card dumps including Track 1 and Track 2 data with PINs. The offerings cover cards from multiple countries including the United States, United Kingdom, Canada, Australia, and EU nations, priced between $60 and $80 per card. The seller claims the dumps are fresh and valid, suggesting recently compromised payment card data likely obtained via skimming or point-of-sale intrusions.
Date: 2026-04-15T14:52:36Z
Network: openweb
Published URL: https://crackingx.com/threads/72181/
Screenshots:
None
Threat Actors: 6xprocrd
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist (X2172 HQ Mix)
Category: Combo List
Content: A threat actor operating under the alias @Steveee36 has made available a mixed combolist containing approximately 2,172 credential entries on the cracking forum CrackingX. The post offers a free download of the file, described as HQ Mix, suggesting high-quality credential pairs. No specific victim organization, industry, or country has been identified.
Date: 2026-04-15T14:52:21Z
Network: openweb
Published URL: https://crackingx.com/threads/72182/
Screenshots:
None
Threat Actors: stevee36
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist (X2172 HQ Mix)
Category: Combo List
Content: A threat actor operating under the alias Steveee36 has shared a combolist titled X2172 HQ Mix on the DemonForums cybercrime forum. The post offers hidden content accessible to registered members, suggesting a free distribution of credential data. The specific origins, targets, or volume of the credentials included in the combolist are not disclosed in the post.
Date: 2026-04-15T14:52:17Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9A%A1%E2%9A%A1-X2172-HQ-Mix-%E2%9A%A1%E2%9A%A1-BY-Steveee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
11ML Bussines Corp COMBO
Category: Combo List
Content: New thread posted by CODER: 11ML Bussines Corp COMBO
Date: 2026-04-15T14:52:04Z
Network: openweb
Published URL: https://crackingx.com/threads/72183/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 36,000 email credentials shared on underground forum
Category: Combo List
Content: A threat actor operating under the alias TeraCloud1 has made available a combolist of approximately 36,000 allegedly valid email credentials on DemonForums. The content is hidden behind a registration or login requirement, with the actor also advertising a private cloud service via Telegram. No specific victim organization or targeted service has been identified.
Date: 2026-04-15T14:51:53Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-36K-VALID-MAIL-ACCESS–200514
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of DarkForums via myBB Vulnerability Exposing 427K Records by ShinyHunters
Category: Data Breach
Content: The threat actor group ShinyHunters claims to have exploited a myBB vulnerability on DarkForums to extract approximately 427,000 records covering post IDs 0–442,200. The exposed data includes usernames, IP addresses, hostnames, and post metadata for 44,300 unique users, with 78,000 unique IPs identified. The dataset includes 19,300 Tor node connections, 15,200 VPN/hosting provider connections, and 97,400 entries with residential hostnames. The data has been published on BreachForums (breachforums.ai). A sample was included deanonymizing specific users operating under aliases Lucifer and AnonOne tied to IP 49.37.44.99.
Date: 2026-04-15T14:50:32Z
Network: telegram
Published URL: https://t.me/c/3737716184/1175
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Cybercrime Forum
Victim Organization: DarkForums
Victim Site: darkforums.st
Alleged Sale of Phishing Packages Including Email Sender and SMS Global Messaging Tools
Category: Initial Access
Content: A threat actor operating under the alias Skybat is allegedly selling phishing packages on the cybercriminal forum Breached, including email sender tools and SMS global messaging capabilities. These tools are typically used to conduct large-scale phishing campaigns targeting individuals or organizations. No specific victim, pricing details, or technical specifications were provided in the available post content.
Date: 2026-04-15T14:24:11Z
Network: openweb
Published URL: https://breached.st/threads/phishing-packages-email-sender-sms-global-messages.86011/unread
Screenshots:
None
Threat Actors: Skybat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of compromised Office 365 and GoDaddy accounts for spam campaigns
Category: Combo List
Content: A threat actor operating as SPAMMERS STORE is advertising compromised Office 365 business and education admin accounts alongside GoDaddy professional accounts via a Telegram channel. The accounts are marketed for spam campaign use, with claims of high inbox delivery rates and freshly obtained credentials. Contact is facilitated through Telegram handles @MichealOFFICE365 and @MR_CRACK1.
Date: 2026-04-15T14:22:20Z
Network: openweb
Published URL: https://crackingx.com/threads/72178/
Screenshots:
None
Threat Actors: asfshe224
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft, GoDaddy
Victim Site: office.com, godaddy.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor operating under the alias FlashCloud2 has made available an alleged private combolist containing 1,010 Hotmail credentials on the cracking forum CX. The post is gated behind registration or sign-in, limiting full visibility into the content and its validity. The data likely consists of email and password pairs targeting Microsoft Hotmail accounts.
Date: 2026-04-15T14:21:51Z
Network: openweb
Published URL: https://crackingx.com/threads/72179/
Screenshots:
None
Threat Actors: FlashCloud2
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach and admin access exposure of Muslim Funeral Services Toulouse
Category: Initial Access
Content: A threat actor operating under the alias ntmpd has allegedly shared a database dump along with administrative access credentials belonging to Pompes Funèbre Musulmanes Toulouse, a Muslim funeral services provider in Toulouse, France. The post was made on a known cybercrime forum in the databases section. No further details regarding the scope or content of the data are available due to the absence of post content.
Date: 2026-04-15T14:20:37Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-FR-Pompes-Fun%C3%A8bre-Musulmanes-Toulouse-Acc%C3%A8s-Admin
Screenshots:
None
Threat Actors: ntmpd
Victim Country: France
Victim Industry: Funeral Services
Victim Organization: Pompes Funèbre Musulmanes Toulouse
Victim Site: Unknown
Alleged Data Leak of Pakistan KP Government Information & Advertising Management System (iams.kp.gov.pk)
Category: Data Leak
Content: A threat actor operating under the alias Bambi has freely distributed a database dump allegedly sourced from iams.kp.gov.pk, a Pakistani government portal associated with the Khyber Pakhtunkhwa Information and Public Relations Department. The leaked data includes user credentials with MD5-hashed passwords, usernames, designations, department IDs, office IDs, and user privilege levels. The database appears to contain records for government officials, newspaper bureau chiefs, and administrative
Date: 2026-04-15T14:18:34Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-iams-kp-gov-pk-Free-database-from%C2%A0Pakistan
Screenshots:
None
Threat Actors: Bambi
Victim Country: Pakistan
Victim Industry: Government
Victim Organization: Khyber Pakhtunkhwa Information & Public Relations Department
Victim Site: iams.kp.gov.pk
Alleged leak of 90,000 valid email access credentials
Category: Logs
Content: A threat actor known as Vekkoo has made available a combolist containing approximately 90,000 allegedly valid email access credentials on the XF forum. The post appears to offer a free download of the credential list, though specific victim organizations or countries are not identified. The data is described as valid mail access, suggesting active or recently verified email account credentials.
Date: 2026-04-15T14:10:21Z
Network: openweb
Published URL: https://xforums.st/threads/90k-valid-mail-access-txt.608394/
Screenshots:
None
Threat Actors: Vekkoo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Spanish Database with IBAN Financial Data
Category: Data Breach
Content: A threat actor operating under the handle @itsurjoker is claiming to possess multiple recent Spanish databases containing IBAN (International Bank Account Number) information and additional data. The actor is soliciting interested buyers and offering samples via direct message.
Date: 2026-04-15T14:00:37Z
Network: telegram
Published URL: https://t.me/c/1887244124/1624
Screenshots:
None
Threat Actors: Joker
Victim Country: Spain
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Agalma by Threat Actor Zod
Category: Defacement
Content: On April 15, 2026, a threat actor operating under the alias Zod defaced a page on the Polish website agalma.pl, targeting the URL https://www.agalma.pl/zod.html. The attack was conducted on a Linux-based server and represents a single targeted defacement rather than a mass or home page compromise. No specific motivation or proof of concept was publicly disclosed.
Date: 2026-04-15T13:57:54Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248555
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Agalma
Victim Site: www.agalma.pl
Alleged Sale of ЭВМ-2000 C2 Framework with Zero-Click Exploits for Multiple Platforms
Category: Initial Access
Content: A threat actor known as OnarDev is allegedly selling a Command and Control (C2) framework called ЭВМ-2000, which purportedly leverages zero-click exploits targeting iOS, Windows Server, Linux, and macOS systems. The post was published on a dark web forum under the Sellers Place section. No further technical details or pricing information are available from the post content.
Date: 2026-04-15T13:55:45Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-%F0%9F%94%B4-%D0%AD%D0%92%D0%9C-2000-C2-Zero-Click-IOS-Windows-Server-Linux-MacOS
Screenshots:
None
Threat Actors: OnarDev
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Pre-Authentication Remote Code Execution 0-Day Exploit for TerraMaster
Category: Initial Access
Content: A threat actor operating under the alias berz0k is allegedly selling a zero-day exploit for TerraMaster devices that enables unauthenticated remote code execution (Preauth RCE). The exploit targets TerraMaster NAS systems and could allow attackers to compromise affected devices without requiring prior authentication. No further technical details or pricing information were provided in the post.
Date: 2026-04-15T13:53:42Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-0day-TerraMaster-Preauth-RCE
Screenshots:
None
Threat Actors: berz0k
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: TerraMaster
Victim Site: terra-master.com
Alleged Data Breach of Ukrainian Government Entity in Kupyansk
Category: Data Breach
Content: A threat actor known as BigGrep is allegedly offering data associated with a Ukrainian government entity related to Kupyansk on a dark web forum marketplace. The post appears in the sellers section, suggesting the data may be for sale. No further details regarding the content, volume, or nature of the data are available from the post.
Date: 2026-04-15T13:51:40Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Government-of-Ukraine-Kupyanskaya-a
Screenshots:
None
Threat Actors: BigGrep
Victim Country: Ukraine
Victim Industry: Government
Victim Organization: Government of Ukraine – Kupyansk Administration
Victim Site: Unknown
Alleged Data Breach of Banco Davivienda and EmergiaCC Colombia
Category: Data Breach
Content: A threat actor operating under the alias Petro_Escobar is allegedly selling data associated with Banco Davivienda and EmergiaCC, both entities based in Colombia. No further details regarding the nature of the data, record count, or pricing are available from the post content. The claim remains unverified.
Date: 2026-04-15T13:49:38Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Banco-Davivienda-EmergiaCC-Colombia
Screenshots:
None
Threat Actors: Petro_Escobar
Victim Country: Colombia
Victim Industry: Financial Services
Victim Organization: Banco Davivienda / EmergiaCC
Victim Site: Unknown
Alleged Data Breach and Extortion of D-Troy Logistics by NightSpire
Category: Data Breach
Content: The threat actor group NightSpire claims to have exfiltrated 360 GB of data from D-Troy Logistics LLC, a North American logistics company with revenue under $5M. The stolen data allegedly includes internal documents and employee records. The data is being offered for sale at $350 via a Tor-based link. The post includes a ZoomInfo reference for the victim company.
Date: 2026-04-15T13:48:25Z
Network: telegram
Published URL: https://t.me/c/3619924522/32
Screenshots:
None
Threat Actors: NightSpire
Victim Country: United States
Victim Industry: Logistics / Transportation
Victim Organization: D-Troy Logistics LLC
Victim Site: dtroylogistics.com
Alleged Data Breach of Jeeny Saudi Arabia App
Category: Data Breach
Content: A threat actor on a dark web forum has made a post referencing the Jeeny ride-hailing application operating in Saudi Arabia. No further details regarding the nature of the threat, data types, or record counts are available due to absent post content.
Date: 2026-04-15T13:47:35Z
Network: openweb
Published URL: https://darkforums.su/Thread-Jeeny-Saudi-Arabia-App
Screenshots:
None
Threat Actors: Anonymous2090
Victim Country: Saudi Arabia
Victim Industry: Transportation & Ride-Hailing
Victim Organization: Jeeny
Victim Site: jeeny.com
Alleged Data Breach of ANDE (Administración Nacional de Electricidad) Paraguay
Category: Data Breach
Content: A threat actor operating under the alias GordonFreeman is allegedly selling a full database dump from ANDE (Administración Nacional de Electricidad), Paraguays national electricity administration, containing approximately 1.65 million records. The post was identified on a dark web forum in the Sellers Place section. No further details regarding the data fields, price, or sample data are available from the post content.
Date: 2026-04-15T13:45:32Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Full-DB-ANDE-GOV-PY-1-65-Million-Records-PARAGUAY
Screenshots:
None
Threat Actors: GordonFreeman
Victim Country: Paraguay
Victim Industry: Energy & Utilities
Victim Organization: Administración Nacional de Electricidad (ANDE)
Victim Site: ande.gov.py
Alleged Data Breach of Pakistan Army Young Officers Personnel Records
Category: Data Breach
Content: A threat actor operating under the alias Mipor is allegedly selling personal data pertaining to young officers of the Pakistan Army on a dark web forum. The post was identified in the Sellers Place section of the forum, indicating a commercial intent. No further details regarding record count, specific data fields, or pricing were available in the post content.
Date: 2026-04-15T13:43:28Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-PAKISTAN-ARMY-YOUNG-OFFICERS-DATA
Screenshots:
None
Threat Actors: Mipor
Victim Country: Pakistan
Victim Industry: Government & Defense
Victim Organization: Pakistan Army
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias He_Cloud has made available a combolist containing 793 alleged valid Hotmail email and password combinations on DemonForums. The post offers a free download of the credential list, described as high quality (HQ) validated entries. No information regarding the origin or method of collection of the credentials has been provided.
Date: 2026-04-15T13:43:14Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-793x-HQ-HOTMAIL-VALIDS
Screenshots:
None
Threat Actors: He_Cloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist with 640 hits
Category: Combo List
Content: A threat actor on the cracking forum CrackingX has shared a combolist containing 640 verified Hotmail credentials, referred to as hits. The post is behind a registration wall, suggesting the content is available to registered forum members. The combolist likely contains email and password pairs for Hotmail accounts.
Date: 2026-04-15T13:42:39Z
Network: openweb
Published URL: https://crackingx.com/threads/72175/
Screenshots:
None
Threat Actors: lpbPrivate
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged Data Breach of Nakamura Co Indonesian Company Database
Category: Data Breach
Content: A threat actor known as Kyyzo is selling a 63GB+ database allegedly stolen from Nakamura Co, an Indonesian company. The database purportedly contains over 2.6 million records including personal details such as names, email addresses, phone numbers, physical addresses, bank account numbers, and social media accounts belonging to job applicants, members, employees, and partners. The seller also claims to include bonus materials such as WhatsApp conversation screenshots, transaction proofs, and e
Date: 2026-04-15T13:41:23Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-63GB-DATABASE-NAKAMURA-CO-ID
Screenshots:
None
Threat Actors: Kyyzo
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Nakamura Co
Victim Site: nakamura.co.id
Website Defacement of Retirosparaelalma by MR~TNT of QATAR911
Category: Defacement
Content: On April 15, 2026, threat actor MR~TNT operating under the team QATAR911 defaced the website retirosparaelalma.co, a Spanish-language spiritual retreats organization. The attack targeted the sites index page and was recorded as a single targeted defacement hosted on a cloud-based server.
Date: 2026-04-15T13:40:50Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248554
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Colombia
Victim Industry: Religious / Spiritual Services
Victim Organization: Retiros Para El Alma
Victim Site: retirosparaelalma.co
Alleged Sale of Iraq 2025-2026 National Census Data Affecting 47 Million Records
Category: Data Breach
Content: A threat actor on the Breached forum is selling what they claim to be Iraqs 2025-2026 national census database, allegedly containing approximately 47.7 million records. The data is being offered for $1,200. The legitimacy and origin of the data have not been independently verified.
Date: 2026-04-15T13:21:41Z
Network: openweb
Published URL: https://breached.st/threads/iraqs-2025-2026-census-data-has-been-leaked-47-766-792-selling.86010/unread
Screenshots:
None
Threat Actors: ahmadxalil
Victim Country: Iraq
Victim Industry: Government
Victim Organization: Iraq Census Authority
Victim Site: Unknown
Alleged leak of Japanese email credential combolist
Category: Combo List
Content: A threat actor operating under the alias CobraEgy has shared a combolist of approximately 181,000+ email:password credential pairs allegedly associated with Japanese users on the DemonForums cybercrime forum. The content is described as fresh and high quality, and is made available as a free download via hidden content. The post promotes additional combolists through a Telegram channel linked to Maxi_Leaks.
Date: 2026-04-15T13:20:43Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-181-K-%E2%9C%A6-Japan-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-15-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Latvian email and password credentials
Category: Combo List
Content: A threat actor known as CobraEgy has made available a combolist of approximately 49,000+ email and password credentials associated with Latvia on the DemonForums cybercrime forum. The credential list is described as fresh and high quality, and is shared via a hidden content link requiring forum registration. The post also promotes a Telegram channel (Maxi_links) for additional combolists.
Date: 2026-04-15T13:20:10Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-49-K-%E2%9C%A6-Latvia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-15-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Latvia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Israeli email and password credentials
Category: Combo List
Content: A threat actor operating under the alias CobraEgy has shared a combolist of over 25,000 email and password credential pairs purportedly belonging to Israeli users on DemonForums. The credentials are described as fresh and high quality. The post directs users to a Telegram channel (Maxi_links) for additional combolists, suggesting an ongoing credential distribution operation.
Date: 2026-04-15T13:19:13Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-25-K-%E2%9C%A6-Israel-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-15-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Irish email and password credentials
Category: Combo List
Content: A threat actor operating under the alias CobraEgy has shared a combolist of approximately 19,000 email and password credential pairs associated with Irish users on the DemonForums cybercrime forum. The post claims the credentials are fresh and high quality, and directs users to a Telegram channel (Maxi_links) for additional combolists. No specific organization or source has been identified.
Date: 2026-04-15T13:18:20Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-19-K-%E2%9C%A6-Ireland-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-15-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Ireland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Kenyan email credentials combolist
Category: Combo List
Content: A threat actor operating under the alias CobraEgy has made available a combolist of approximately 15,000+ email and password credential pairs allegedly associated with Kenyan users. The list is described as fresh and high quality, and is being distributed for free via the DemonForums platform. A Telegram channel (Maxi_links) is referenced as a source for additional combolists.
Date: 2026-04-15T13:17:21Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-15-K-%E2%9C%A6-Kenya-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-15-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Kenya
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Lithuanian credential combolist
Category: Combo List
Content: A threat actor operating under the alias CobraEgy has made available a combolist of approximately 13,000+ email and password credential pairs associated with Lithuanian users on the DemonForums cybercrime forum. The post describes the content as fresh and high quality, suggesting recently harvested credentials. The list is offered as a free hidden download, with the actor promoting additional combolists via a Telegram channel.
Date: 2026-04-15T13:16:52Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-13-K-%E2%9C%A6-Lithuania-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-15-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Lithuania
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist (VIP ULP 5) distributed via Telegram
Category: Combo List
Content: A threat actor operating under the alias zod has shared a credential combolist labeled VIP ULP 5 on the CrackingX forum. The content is gated behind registration or sign-in, with access to the actual data distributed via a Telegram channel (t.me/zoooddddd). No specific victim organization, record count, or targeted region has been identified from the available post content.
Date: 2026-04-15T13:16:22Z
Network: openweb
Published URL: https://crackingx.com/threads/72173/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of Office-themed credential combolist
Category: Combo List
Content: A threat actor known as CODER is distributing a combolist themed around Office credentials via Telegram channels and a cracking forum. The content is offered for free through two Telegram groups (t.me/Combo445544 and t.me/Coder554455), with additional combos available upon request via direct Telegram message. No specific victim organization or record count has been disclosed.
Date: 2026-04-15T13:16:01Z
Network: openweb
Published URL: https://crackingx.com/threads/72174/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Critical Vulnerability in Google Chrome Enabling Remote Code Execution
Category: Vulnerability
Content: A security vulnerability has been identified in older versions of Google Chrome that allows attackers to execute code and potentially gain access to a users system simply by visiting a malicious webpage, without requiring any file download. The flaw was reportedly exploited in the wild before Google released a security update. Users are advised to update Chrome to the latest version and avoid clicking on unknown or suspicious links.
Date: 2026-04-15T13:13:18Z
Network: telegram
Published URL: https://t.me/c/1283513914/21209
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google Chrome
Victim Site: google.com
Alleged Sale of Discounted ChatGPT Plus Accounts
Category: Initial Access
Content: A threat actor on Breached.st is selling allegedly private ChatGPT Plus accounts at $6 per month, claiming they are non-shared and can be activated on the buyers own email address. The legitimacy and origin of these accounts is unverified, but the offer suggests the accounts may be obtained through unauthorized means such as stolen credentials or fraudulent purchases. This activity poses a risk to OpenAIs platform integrity and potentially to the original account holders.
Date: 2026-04-15T12:55:02Z
Network: openweb
Published URL: https://breached.st/threads/chatgpt-plus-6-month-private-account.86009/unread
Screenshots:
None
Threat Actors: jasonm
Victim Country: United States
Victim Industry: Technology
Victim Organization: OpenAI
Victim Site: openai.com
Alleged leak of 38,000 email credentials combolist
Category: Combo List
Content: A threat actor known as TeraCloud1 has made available a combolist of approximately 38,000 validated email credentials on a cybercrime forum. The content is hidden behind a registration or login requirement. The actor also advertises a private cloud service accessible via Telegram for additional content or services.
Date: 2026-04-15T12:53:37Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-38K-VALID-MAIL-ACCESS–200497
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor known as StrawHatBase has shared a combolist containing approximately 10,000 email address and password combinations on DemonForums. The content is hidden behind a registration or login requirement, limiting visibility into the specific targets or sources. The post is categorized under combolists, suggesting the credentials are aggregated from multiple sources.
Date: 2026-04-15T12:53:18Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-10K-Mail-Access-Mix–200498
Screenshots:
None
Threat Actors: StrawHatBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Italian email credentials combolist
Category: Combo List
Content: A threat actor known as CobraEgy has shared a combolist containing approximately 947,000+ email and password credential pairs targeting Italian users on the DemonForums cybercrime forum. The content is described as fresh and high quality, and is made available for free behind a registration wall. The post also references a Telegram channel (Maxi_links) associated with additional combolist distributions.
Date: 2026-04-15T12:52:56Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-947-K-%E2%9C%A6-Italy-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-15-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credential combolist
Category: Combo List
Content: A threat actor operating under the alias NotSellerxd has made available a mixed email combolist containing approximately 3,915 credential pairs on the cracking forum CrackingX. The post offers a free download link with no further details provided regarding the origin, targeted services, or composition of the combolist. The data appears to be a compilation of mixed-source email credentials.
Date: 2026-04-15T12:52:52Z
Network: openweb
Published URL: https://crackingx.com/threads/72170/
Screenshots:
None
Threat Actors: NotSellerxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor on the cracking forum CrackingX has shared an alleged combolist of 3,000 valid Hotmail credentials described as private hits. The post requires forum registration or sign-in to access the content, suggesting it may be restricted to verified members. The credential list appears to contain validated email and password combinations for Hotmail accounts.
Date: 2026-04-15T12:52:37Z
Network: openweb
Published URL: https://crackingx.com/threads/72171/
Screenshots:
None
Threat Actors: Jelooos
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor operating under the alias FlashCloud2 has made available an alleged combolist of 2,570 Hotmail credentials on a cracking forum. The post is labeled UHQ (Ultra High Quality), suggesting the credentials may be fresh or previously unverified. The content is restricted to registered or signed-in forum members.
Date: 2026-04-15T12:52:21Z
Network: openweb
Published URL: https://crackingx.com/threads/72172/
Screenshots:
None
Threat Actors: FlashCloud2
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged promotion of CVV card checking service 9Check.me
Category: Phishing
Content: A forwarded message advertises 9Check.me, a service that checks CVV card validity and credit limits. This type of service is commonly used by threat actors to validate stolen payment card data before use or resale.
Date: 2026-04-15T12:49:08Z
Network: telegram
Published URL: https://t.me/checkMEcvv/2
Screenshots:
None
Threat Actors: 9Check.me
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: 9check.me
Alleged leak of Hotmail credential combolist
Category: Logs
Content: A threat actor operating under the alias UniqueCombo has made available a combolist of approximately 44,000 Hotmail credentials on an underground forum. The post is categorized under Mail Access & Combolists, suggesting the data consists of email and password combinations. The origin of the credentials and whether they are valid or unique aggregations from prior breaches is unverified.
Date: 2026-04-15T12:43:14Z
Network: openweb
Published URL: https://xforums.st/threads/hotmail-unique-combo_4_44000.608390/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of 21.4 million URL:Login:Password credential combolist
Category: Combo List
Content: A threat actor known as VitVit has shared a large combolist containing approximately 21.4 million lines in URL:login:password format, totaling 1.2GB in size, on the cracking forum CrackingX. The content is available to registered users of the forum. No specific victim organization or targeted service has been identified, suggesting this is a compiled multi-source credential list.
Date: 2026-04-15T12:31:06Z
Network: openweb
Published URL: https://crackingx.com/threads/72166/
Screenshots:
None
Threat Actors: VitVit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor using the alias UniqueCombo has made available a combolist allegedly containing 44,000 unique Hotmail credentials on the cracking forum CrackingX. The post is gated behind registration or sign-in, limiting full visibility into the content. The combolist likely contains email and password pairs associated with Hotmail accounts.
Date: 2026-04-15T12:30:30Z
Network: openweb
Published URL: https://crackingx.com/threads/72167/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged leak of educational sector credential combolists
Category: Combo List
Content: A threat actor operating under the alias CODER is distributing free educational sector combolists via Telegram channels and a cracking forum. The actor promotes two Telegram groups offering free credential lists and tools. No specific victim organization or record count has been identified.
Date: 2026-04-15T12:29:38Z
Network: openweb
Published URL: https://crackingx.com/threads/72168/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Ariomex Iranian Cryptocurrency Exchange
Category: Data Breach
Content: A threat actor operating under the handle Kotowka is selling an alleged database dump from Ariomex.com, a major Iranian cryptocurrency exchange. The dataset purportedly contains 50,000 verified user records including full names, usernames, email addresses, phone numbers, national IDs, Bitcoin wallet addresses, USDT balances, KYC status, last known IP addresses, and registration dates. The data is being offered for sale at $35,000 via a Telegram contact.
Date: 2026-04-15T12:28:49Z
Network: openweb
Published URL: https://crackingx.com/threads/72169/
Screenshots:
None
Threat Actors: Kotowka
Victim Country: Iran
Victim Industry: Cryptocurrency / Financial Services
Victim Organization: Ariomex
Victim Site: ariomex.com
Website Defacement of Dr. RP Singh Ortho by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website of Dr. RP Singh Orthopaedics, a medical/healthcare website likely based in India. The defacement was a targeted, non-mass incident with a mirror archived at zone-xsec.com.
Date: 2026-04-15T12:23:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834326
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: India
Victim Industry: Healthcare
Victim Organization: Dr. RP Singh Orthopaedics
Victim Site: drrpsinghortho.com
Website Defacement of ASAP Events by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website of ASAP Events, an events company based in the United Arab Emirates. The defacement targeted a specific file path (0x.txt) on the domain asapevents.ae. The incident was recorded as a single targeted defacement, not part of a mass or redefacement campaign.
Date: 2026-04-15T12:22:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834322
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United Arab Emirates
Victim Industry: Events and Entertainment
Victim Organization: ASAP Events
Victim Site: asapevents.ae
Website Defacement of jmdnetmart.com by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website jmdnetmart.com, replacing content with a defacement page hosted at the path /0x.txt. The incident was a targeted single-site defacement, with a mirror of the defacement archived at zone-xsec.com. No specific motive or server details were disclosed.
Date: 2026-04-15T12:21:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834332
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: E-commerce / Retail
Victim Organization: JMD Net Mart
Victim Site: jmdnetmart.com
Website Defacement of Epoxy San Francisco by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the website epoxysanfrancisco.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement targeted a local epoxy flooring services company based in San Francisco, United States. The incident was a single-target, non-mass defacement with a mirror archived at zone-xsec.com.
Date: 2026-04-15T12:21:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834338
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Construction / Home Improvement
Victim Organization: Epoxy San Francisco
Victim Site: epoxysanfrancisco.com
Website Defacement of Sonido Tech by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the website sonido-tech.com was defaced by threat actor chinafans operating under the group 0xteam. The attacker left a defacement file at the path /0x.txt. No specific motivation, server details, or IP address were disclosed in connection with this incident.
Date: 2026-04-15T12:20:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834331
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Sonido Tech
Victim Site: sonido-tech.com
Website Defacement of Pool Deck Los Angeles by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the website pooldecklosangeles.com was defaced by a threat actor operating under the handle chinafans, affiliated with the group 0xteam. The defacement targeted a Los Angeles-based pool deck construction and services company. The incident was a single, targeted defacement rather than a mass or repeat defacement campaign.
Date: 2026-04-15T12:19:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834337
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Construction / Home Services
Victim Organization: Pool Deck Los Angeles
Victim Site: pooldecklosangeles.com
Website Defacement of Epoxy Floors Scottsdale by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website of Epoxy Floors Scottsdale, a flooring services company based in Scottsdale, Arizona. The incident was a targeted single-site defacement, not a mass or home page defacement. A mirror of the defaced page was archived at zone-xsec.com.
Date: 2026-04-15T12:18:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834333
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Construction / Home Improvement Services
Victim Organization: Epoxy Floors Scottsdale
Victim Site: epoxyfloorsscottsdale.com
Alleged Sale of Fresh Multi-Country Credential Databases with Platform-Specific Keyword Filtering
Category: Logs
Content: A threat actor is selling fresh databases/logs from multiple countries including UK, DE, JP, NL, BR, PL, ES, US, and IT. The seller claims to offer keyword-filtered results targeting major e-commerce and service platforms such as Amazon, eBay, Walmart, Uber, PayPal, Alibaba, Poshmark, Mercari, PSN, Booking.com, and others. The actor claims to operate a private cloud and offers valid webmails including ntlworld. Buyers are directed to DM for custom requests.
Date: 2026-04-15T12:18:41Z
Network: telegram
Published URL: https://t.me/c/2613583520/63073
Screenshots:
None
Threat Actors: mu
Victim Country: Unknown
Victim Industry: E-Commerce / Consumer Services
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of 30at30.in by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, a threat actor operating under the alias chinafans, affiliated with 0xteam, defaced the Indian website 30at30.in by uploading a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no indication of mass or repeated compromise. The motivation and server details remain unknown.
Date: 2026-04-15T12:18:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834343
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: India
Victim Industry: Unknown
Victim Organization: 30at30
Victim Site: 30at30.in
Website Defacement of CBR Physio by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the website cbrphysio.com, belonging to CBR Physio, a physiotherapy provider likely based in Canberra, Australia, was defaced by a threat actor operating under the handle chinafans affiliated with 0xteam. The defacement was a targeted, non-mass incident with the defaced content archived at zone-xsec.com. No specific motive or exploitation method was disclosed in the available data.
Date: 2026-04-15T12:17:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834335
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Australia
Victim Industry: Healthcare / Physical Therapy
Victim Organization: CBR Physio
Victim Site: cbrphysio.com
Website Defacement of Epoxy Flooring Richmond by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, a threat actor identified as chinafans, affiliated with the group 0xteam, defaced the website of Epoxy Flooring Richmond, a flooring services company based in Richmond, United States. The incident was a targeted single-site defacement, with a mirror of the defaced page archived at zone-xsec.com. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-04-15T12:16:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834328
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Construction / Home Improvement Services
Victim Organization: Epoxy Flooring Richmond
Victim Site: epoxyflooringrichmond.com
Website Defacement of Salice Law by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the website salicelaw.com was defaced by threat actor chinafans operating under the group 0xteam. The attacker placed a defacement file at salicelaw.com/0x.txt, targeting what appears to be a law firms web presence. The incident was recorded as a single targeted defacement rather than a mass or home page defacement.
Date: 2026-04-15T12:15:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834324
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Legal Services
Victim Organization: Salice Law
Victim Site: salicelaw.com
Website Defacement of Austin Air Conditioner by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website of Austin Air Conditioner, an HVAC services provider based in Austin, Texas. The incident was a targeted single-site defacement, with a mirror of the defaced page archived at zone-xsec.com. No specific motive or server details were disclosed.
Date: 2026-04-15T12:14:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834340
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: HVAC / Home Services
Victim Organization: Austin Air Conditioner
Victim Site: austinairconditioner.org
Website Defacement of trinoxmeta.com by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the website trinoxmeta.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement was a targeted single-site attack, with the defaced content accessible via a text file at trinoxmeta.com/0x.txt. A mirror of the defacement was archived at zone-xsec.com.
Date: 2026-04-15T12:14:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834336
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Trinox Meta
Victim Site: trinoxmeta.com
Website Defacement of Clockwork Custom Tattoo by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website of Clockwork Custom Tattoo, a tattoo studio. The attack was a targeted single-site defacement, with a mirror of the defaced page archived at zone-xsec.com. No specific motivation or server details were disclosed in connection with the incident.
Date: 2026-04-15T12:13:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834348
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Personal Care & Beauty Services
Victim Organization: Clockwork Custom Tattoo
Victim Site: clockworkcustomtattoo.com
Website Defacement of SouthAsian.com by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the website southasian.com was defaced by a threat actor identified as chinafans, operating under the group 0xteam. The attacker placed a defacement file at southasian.com/0x.txt. The incident was a targeted single-site defacement with no additional technical details such as server software or exploitation method disclosed.
Date: 2026-04-15T12:12:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834347
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Media/News
Victim Organization: South Asian
Victim Site: southasian.com
Website Defacement of White Light Books by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the website whitelightbooks.com was defaced by a threat actor using the handle chinafans, operating under the group 0xteam. The defacement was a targeted, single-site incident and does not appear to be part of a mass defacement campaign. The attack was documented and mirrored via zone-xsec.com.
Date: 2026-04-15T12:11:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834327
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Retail / Books & Publishing
Victim Organization: White Light Books
Victim Site: whitelightbooks.com
Alleged leak of Discord, Fortnite, and FunPay cookies and credentials
Category: Data Leak
Content: A threat actor operating under the alias bluestarcrack has made available a collection of cookies and credentials allegedly associated with Discord, Fortnite, FunPay, and other platforms. The data was shared via Uploadery, a file hosting service. The post does not specify a price, suggesting the content is being distributed freely.
Date: 2026-04-15T12:11:13Z
Network: openweb
Published URL: https://breached.st/threads/cookies-discord-fortnite-funpay-more.86008/unread
Screenshots:
None
Threat Actors: bluestarcrack
Victim Country: Unknown
Victim Industry: Multiple
Victim Organization: Discord, Fortnite, FunPay
Victim Site: discord.com, fortnite.com, funpay.com
Website Defacement of Epoxy Naperville by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the website epoxynaperville.com, belonging to an epoxy flooring service provider based in Naperville, Illinois, was defaced by a threat actor operating under the alias chinafans and affiliated with the group 0xteam. The defacement was a targeted, single-site compromise with a mirror archived at zone-xsec.com.
Date: 2026-04-15T12:10:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834339
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Construction / Home Improvement Services
Victim Organization: Epoxy Naperville
Victim Site: epoxynaperville.com
Website Defacement of Luca Bio Analytics by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the website lucabioanalytics.cl, belonging to Chilean bioanalytics firm Luca Bio Analytics, was defaced by threat actor chinafans operating under the group 0xteam. The defacement was a targeted single-site attack, with a mirror of the defaced page archived at zone-xsec.com.
Date: 2026-04-15T12:10:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834357
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Chile
Victim Industry: Biotechnology / Analytics
Victim Organization: Luca Bio Analytics
Victim Site: lucabioanalytics.cl
Website Defacement of Greenhills Growth by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the website greenhillsgrowth.com was defaced by a threat actor using the handle chinafans, operating under the group 0xteam. The defacement was a targeted single-site incident, with the defaced content accessible at the path /0x.txt. No additional technical details such as server software or exploited vulnerability were disclosed.
Date: 2026-04-15T12:09:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834334
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Finance / Investment
Victim Organization: Greenhills Growth
Victim Site: greenhillsgrowth.com
Alleged leak of Microsoft credentials combolist
Category: Combo List
Content: A threat actor operating under the alias zod has shared a combolist of 611 credential entries allegedly associated with Microsoft accounts on the cracking forum CrackingX. The content is gated behind a forum login, with the password distributed via a Telegram channel linked to the actor. The post references a Telegram bot (@hello_zod_bot) suggesting an automated credential distribution operation.
Date: 2026-04-15T12:09:14Z
Network: openweb
Published URL: https://crackingx.com/threads/72163/
Screenshots:
None
Threat Actors: zod
Victim Country: United States
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: microsoft.com
Alleged leak of USA combolist distributed via D4rkNetHub
Category: Combo List
Content: A threat actor operating under the alias D4rkNetHub has made available a combolist containing 677 alleged United States credentials on a cracking forum. The post is attributed to a collection labeled CLOUD_2026-04-15 and requires forum registration to access the content. The specific organizations or services affected are not identified in the available post data.
Date: 2026-04-15T12:08:37Z
Network: openweb
Published URL: https://crackingx.com/threads/72164/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of FWM (fwm.com.tw) by chinafans of 0xteam
Category: Defacement
Content: On April 15, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the Taiwanese website fwm.com.tw. The defacement was a targeted single-site incident, with a mirror of the defaced page archived at zone-xsec.com. No specific motivation or server details were disclosed in the available intelligence.
Date: 2026-04-15T12:08:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834321
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Taiwan
Victim Industry: Unknown
Victim Organization: FWM
Victim Site: fwm.com.tw
Website Defacement of parfortheculture.com by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the website parfortheculture.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement was a targeted single-site incident, with a mirror of the defaced page archived at zone-xsec.com. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-04-15T12:07:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834355
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Entertainment / Culture
Victim Organization: Par For The Culture
Victim Site: parfortheculture.com
Website Defacement of datameiz.com by chinafans (0xteam)
Category: Defacement
Content: The website datameiz.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement was recorded on April 15, 2026, with the attacker leaving a marker file at the path /0x.txt. The incident was a single-target, non-mass defacement with no prior redefacement history noted.
Date: 2026-04-15T12:06:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834329
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Datameiz
Victim Site: datameiz.com
Website defacement of menotificaron.cl by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the Chilean website menotificaron.cl was defaced by a threat actor operating under the handle chinafans, affiliated with the group 0xteam. The defacement targeted a specific file path (0x.txt) rather than the sites homepage and was neither a mass nor repeat defacement. No specific motivation or server details were disclosed.
Date: 2026-04-15T12:00:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834251
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Chile
Victim Industry: Unknown
Victim Organization: Menotificaron
Victim Site: menotificaron.cl
Website defacement of topfreshnews.info by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website topfreshnews.info. The defacement was a targeted single-site attack, with the defaced content accessible via a text file at the root path. The incident was archived and mirrored by zone-xsec.com for record-keeping purposes.
Date: 2026-04-15T11:59:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834254
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: News/Media
Victim Organization: Top Fresh News
Victim Site: topfreshnews.info
Website Defacement of Moshav Financial by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the Australian financial services website moshavfinancial.com.au was defaced by a threat actor known as chinafans, operating under the group 0xteam. The attacker placed a defacement file at the path /0x.txt on the target server. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity.
Date: 2026-04-15T11:59:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834246
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Australia
Victim Industry: Financial Services
Victim Organization: Moshav Financial
Victim Site: moshavfinancial.com.au
Website Defacement of Côte dIvoire Civil Engineering Site by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, a threat actor known as chinafans, affiliated with 0xteam, defaced the website of Côte dIvoire Génie Civil, a civil engineering organization based in Ivory Coast. The incident was a targeted single-site defacement, with a mirror of the defaced page archived on zone-xsec.com. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-04-15T11:58:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834255
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Ivory Coast
Victim Industry: Construction / Civil Engineering
Victim Organization: Côte dIvoire Génie Civil
Victim Site: cotedivoiregeniecivil.com
Website Defacement of Pic Coffee Laos by chinafans (0xteam)
Category: Defacement
Content: The website picoffeelaos.com was defaced by threat actor chinafans operating under the team 0xteam on April 15, 2026. The attacker placed a defacement file at the path /0x.txt on the target server. The incident was a targeted, non-mass defacement of what appears to be a coffee business based in Laos.
Date: 2026-04-15T11:57:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834263
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Laos
Victim Industry: Food & Beverage
Victim Organization: Pic Coffee Laos
Victim Site: picoffeelaos.com
Website Defacement of Fastline Internet by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the threat actor chinafans, operating under the group 0xteam, defaced the website of Fastline Internet, a Mexican internet service provider. The defacement was a targeted, non-mass incident affecting a specific page on the domain fastlineinternet.com.mx. A mirror of the defacement was archived on zone-xsec.com.
Date: 2026-04-15T11:56:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834259
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Mexico
Victim Industry: Telecommunications / Internet Services
Victim Organization: Fastline Internet
Victim Site: fastlineinternet.com.mx
Website Defacement of Ferienwohnungen Brockmann by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the German holiday accommodation website Ferienwohnungen Brockmann was defaced by threat actor chinafans, operating under the team 0xteam. The attack was a targeted single-site defacement, with a mirror of the defaced page archived at zone-xsec.com. No specific motivation or technical details regarding the server infrastructure were disclosed.
Date: 2026-04-15T11:56:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834279
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Germany
Victim Industry: Hospitality / Tourism
Victim Organization: Ferienwohnungen Brockmann
Victim Site: ferienwohnungen-brockmann.com
Website Defacement of challamarsway.com by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the website challamarsway.com was defaced by threat actor chinafans operating under the group 0xteam. The defacement was a targeted single-site incident, with a mirror of the defaced page archived at zone-xsec.com. No specific motive, server details, or victim country information were disclosed in connection with this attack.
Date: 2026-04-15T11:55:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834278
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Challam Arsway
Victim Site: challamarsway.com
Website Defacement of ABS Construction by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans, operating under the group 0xteam, defaced the website of ABS Construction on April 15, 2026. The defacement targeted a specific text file path on the domain. The incident was a single targeted defacement and not classified as a mass or redefacement event.
Date: 2026-04-15T11:54:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834247
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Construction
Victim Organization: ABS Construction
Victim Site: absconstructionsb.com
Website Defacement of Paternidade de Deus by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the Brazilian religious website paternidadededeus.com.br. The incident was a targeted single-site defacement, not classified as a mass or home page defacement. A mirror of the defaced page was archived at zone-xsec.com.
Date: 2026-04-15T11:54:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834245
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Brazil
Victim Industry: Religious Organization
Victim Organization: Paternidade de Deus
Victim Site: paternidadededeus.com.br
Website Defacement of Axis Aero by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the website axisaero.aero was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement targeted a specific file path (0x.txt) on the aviation-related domain. The incident was neither a mass defacement nor a redefacement, suggesting a targeted single-site intrusion.
Date: 2026-04-15T11:53:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834289
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Aviation / Aerospace
Victim Organization: Axis Aero
Victim Site: axisaero.aero
Website Defacement of GetTradingCo by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, threat actor chinafans operating under the group 0xteam defaced the website getradingco.com, targeting what appears to be a trading or financial services company. The defacement was a single-page targeted attack rather than a mass or home page defacement. No specific motive or server details were disclosed in the available intelligence.
Date: 2026-04-15T11:52:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834244
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Finance / Trading
Victim Organization: Get Trading Co
Victim Site: getradingco.com
Website Defacement of Gelisim Makina by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the website gelisimmakina.com was defaced by threat actor chinafans operating under the group 0xteam. The defacement targeted a Turkish machinery or industrial equipment company, with the attacker leaving a text-based defacement file at the path /0x.txt. The incident was a single-target, non-mass defacement with no specific motive publicly declared.
Date: 2026-04-15T11:51:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834242
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Turkey
Victim Industry: Manufacturing / Industrial Machinery
Victim Organization: Gelisim Makina
Victim Site: gelisimmakina.com
Website Defacement of pvdubai.com by chinafans (0xteam)
Category: Defacement
Content: The website pvdubai.com was defaced by a threat actor operating under the handle chinafans, affiliated with the group 0xteam. The defacement was recorded on April 15, 2026, with the attacker leaving a marker file at pvdubai.com/0x.txt. The incident was a targeted, non-mass defacement with no additional technical indicators disclosed.
Date: 2026-04-15T11:51:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834288
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United Arab Emirates
Victim Industry: Unknown
Victim Organization: PV Dubai
Victim Site: pvdubai.com
Website Defacement of AMGM LLC by chinafans (0xteam)
Category: Defacement
Content: The website amgmllc.com was defaced by threat actor chinafans operating under the group 0xteam on April 15, 2026. The defacement targeted a specific file path (/0x.txt) rather than the homepage, suggesting a targeted file-level intrusion. No specific motive or server details were disclosed, but the incident was mirrored and catalogued by zone-xsec.com.
Date: 2026-04-15T11:50:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834269
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Business Services
Victim Organization: AMGM LLC
Victim Site: amgmllc.com
Website Defacement of Dataplux by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, a threat actor operating under the alias chinafans, affiliated with 0xteam, defaced a file on the Japanese website dataplux.jp. The defacement targeted a specific text file (0x.txt) rather than the homepage, indicating a targeted file-level intrusion. No mass or repeated defacement activity was reported in connection with this incident.
Date: 2026-04-15T11:49:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834277
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Japan
Victim Industry: Technology
Victim Organization: Dataplux
Victim Site: dataplux.jp
Website Defacement of Mahveen by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the Indonesian website mahveen.co.id was defaced by threat actor chinafans operating under the group 0xteam. The defacement was a targeted single-site attack, with the defaced content accessible via a text file at the path /0x.txt. A mirror of the defacement was archived by zone-xsec.com.
Date: 2026-04-15T11:49:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834268
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Mahveen
Victim Site: mahveen.co.id
Website Defacement of Parkers Law by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the website parkerslaw.net was defaced by threat actor chinafans, operating under the group 0xteam. The attacker uploaded a defacement file (0x.txt) to the target server. The incident was a targeted, single-site defacement with no indication of mass or repeated defacement activity.
Date: 2026-04-15T11:48:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834266
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Legal Services
Victim Organization: Parkers Law
Victim Site: parkerslaw.net
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias el_capitan has made available an alleged combolist containing approximately 460,000 Hotmail email and password combinations on a cybercrime forum. The content is hidden behind a registration or login requirement. The actor also advertises services including spamming, credential cracking, and combolist sales via Telegram channels.
Date: 2026-04-15T11:47:50Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-460K-HOTMAIL-Fresh-HQ-Combolist
Screenshots:
None
Threat Actors: el_capitan
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Website Defacement of Mosaic Medical Writing by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, a threat actor known as chinafans, affiliated with 0xteam, defaced a page on mosaicmedicalwriting.com, a medical writing services website. The incident was a targeted single-page defacement, not classified as a mass or home page defacement. The attack was documented and mirrored by zone-xsec.com under mirror ID 834276.
Date: 2026-04-15T11:47:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834276
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Healthcare / Medical Writing
Victim Organization: Mosaic Medical Writing
Victim Site: mosaicmedicalwriting.com
Alleged leak of 730,000 Gmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias el_capitan has made available a combolist containing approximately 730,000 Gmail email and password combinations on a cybercrime forum. The content is hidden behind a registration or login requirement, suggesting it may be distributed to forum members. The actor also advertises services including spamming, dumping, and cracking tools via Telegram channels.
Date: 2026-04-15T11:47:17Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-730K-GMAIL-Fresh-HQ-Combolist
Screenshots:
None
Threat Actors: el_capitan
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Google
Victim Site: gmail.com
Alleged leak of 260,000 Mexican email credentials combolist
Category: Combo List
Content: A threat actor operating under the alias el_capitan has made available a combolist of approximately 260,000 email and password combinations purportedly associated with Mexican users. The content is hidden behind a registration or login requirement on the forum. The actor promotes additional services including HQ combos, spamming, dumping, and cracking tools via Telegram channels.
Date: 2026-04-15T11:46:50Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-260K-MEXICO-Semi-Private-Good-Combolist
Screenshots:
None
Threat Actors: el_capitan
Victim Country: Mexico
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of bbvip24.com by chinafans of 0xteam
Category: Defacement
Content: On April 15, 2026, the website bbvip24.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement was a targeted single-site attack, with the defaced content accessible at the path /0x.txt. A mirror of the defacement has been archived at zone-xsec.com.
Date: 2026-04-15T11:46:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834250
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: bbvip24.com
Alleged leak of 220,000 Argentine email credentials
Category: Combo List
Content: A threat actor known as el_capitan has shared a combolist containing approximately 220,000 email and password combinations associated with Argentine users on a cybercrime forum. The content is hidden behind registration or login, suggesting it is being offered to forum members. The actor promotes additional services including spamming, combolist sales, dumping, and cracking tools via Telegram.
Date: 2026-04-15T11:46:27Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-220K-ARGENTINA-UHQ-Fresh-Combolist
Screenshots:
None
Threat Actors: el_capitan
Victim Country: Argentina
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Oraya Skincare by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website of Oraya Skincare at orayaskincare.com. The defacement targeted a specific file path (/0x.txt) rather than the homepage, indicating a targeted file-level intrusion. The incident was recorded as a single, non-mass defacement event with no prior redefacement history.
Date: 2026-04-15T11:46:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834274
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Beauty and Personal Care
Victim Organization: Oraya Skincare
Victim Site: orayaskincare.com
Website Defacement of Eco Aventura Tours by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the website ecoaventuratours.net was defaced by threat actor chinafans, operating under the group 0xteam. The defacement targeted a travel and tourism company, with a text file (0x.txt) uploaded as proof of compromise. The incident was a singular, non-mass defacement with no prior redefacement history recorded.
Date: 2026-04-15T11:45:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834240
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Travel and Tourism
Victim Organization: Eco Aventura Tours
Victim Site: ecoaventuratours.net
Alleged leak of European Education sector mixed combolist
Category: Combo List
Content: A threat actor operating under the alias HQcomboSpace has made available a mixed combolist containing approximately 106,312 credential entries targeting the European education sector. The combolist was shared via a Mega.nz file hosting link on the cracking forum CrackingX. No specific organizations or institutions have been identified as the source of the leaked credentials.
Date: 2026-04-15T11:45:08Z
Network: openweb
Published URL: https://crackingx.com/threads/72162/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Europe
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Narcoossee Life by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the website narcoosseelife.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement targeted a community-focused website, likely serving the Narcoossee area of Florida, United States. The incident was a single targeted defacement, with a mirror of the defaced page archived at zone-xsec.com.
Date: 2026-04-15T11:44:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834243
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Media/Community News
Victim Organization: Narcoossee Life
Victim Site: narcoosseelife.com
Website Defacement of h2kevent.com by chinafans (0xteam)
Category: Defacement
Content: The website h2kevent.com was defaced by threat actor chinafans, operating under the group 0xteam, on April 15, 2026. The defacement targeted a specific file path (0x.txt) rather than the homepage, suggesting a targeted file-level intrusion. A mirror of the defacement was archived on zone-xsec.com.
Date: 2026-04-15T11:43:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834283
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Events/Entertainment
Victim Organization: H2K Event
Victim Site: h2kevent.com
Website Defacement of ONG Coeur Ouvert by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the website ongcoeurouvert.org was defaced by a threat actor identified as chinafans, operating under the group 0xteam. The defacement targeted a non-profit organization, with the defaced content hosted at the path /0x.txt. This was a single targeted defacement, not part of a mass or repeated campaign.
Date: 2026-04-15T11:43:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834252
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Non-Profit / NGO
Victim Organization: ONG Coeur Ouvert
Victim Site: ongcoeurouvert.org
Website Defacement of zolacalm.com by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the website zolacalm.com was defaced by a threat actor operating under the alias chinafans, affiliated with the group 0xteam. The defacement targeted a specific file path (0x.txt) rather than the homepage, indicating a targeted file-level intrusion. No specific motivation or technical details regarding the attack vector were disclosed.
Date: 2026-04-15T11:42:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834284
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Zola Calm
Victim Site: zolacalm.com
Website defacement of Furnyshop by chinafans (0xteam)
Category: Defacement
Content: On April 15, 2026, the website furnyshop.com was defaced by threat actor chinafans, operating under the group 0xteam. The attacker placed a defacement file at furnyshop.com/0x.txt. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity.
Date: 2026-04-15T11:41:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834253
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Retail / Furniture
Victim Organization: Furnyshop
Victim Site: furnyshop.com
Alleged leak of 9,000 valid email access credentials as combolist
Category: Logs
Content: A threat actor known as Cir4Dk has shared a combolist containing approximately 9,000 allegedly valid email access credentials on an underground forum. The post is behind a registration wall, limiting visibility into the specific email providers or regions targeted. The credentials are described as high-quality (HQ) and valid mail access pairs.
Date: 2026-04-15T11:35:57Z
Network: openweb
Published URL: https://xforums.st/threads/9k-valid-mailaccess-hq-combolist.608381/
Screenshots:
None
Threat Actors: Cir4Dk
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of stolen data by Dedale threat actor
Category: Data Breach
Content: A message forwarded from Dedale Office channel advertises the sale of full stolen data, directing interested buyers to contact @DedaleSupport for pricing. Associated media-only posts (photos) likely contain samples or proof of the stolen data.
Date: 2026-04-15T11:34:29Z
Network: telegram
Published URL: https://t.me/c/3500620464/6800
Screenshots:
None
Threat Actors: Dedale Office
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of turbo.cr / saint2.su Anonymous Video Hosting Service
Category: Data Breach
Content: A threat actor known as p4pr1k4 is selling a dataset allegedly obtained from turbo.cr (formerly saint2.su / saint.to), an anonymous video hosting service catering to adult and leaked content forums. The dataset includes approximately 110,000 user records containing usernames, email addresses, password hashes, session cookies, API keys, IP addresses, and access levels, along with a separate 1 GB database of video and album metadata. The data is being offered at $1,200 for shared access or $6,000
Date: 2026-04-15T11:24:25Z
Network: openweb
Published URL: https://breached.st/threads/turbo-cr-saint2-su-anonymous-leaked-adult-content-video-host-110k-user-dataset-emails-password-hashes.86007/unread
Screenshots:
None
Threat Actors: p4pr1k4
Victim Country: Unknown
Victim Industry: Media & Hosting
Victim Organization: turbo.cr / saint2.su
Victim Site: turbo.cr
Alleged leak of mail access credential combolist
Category: Combo List
Content: A threat actor operating under the alias Cir4d has shared a combolist containing approximately 9,000 alleged valid email account credentials on a cracking forum. The combolist, described as HQ (high quality), is being made available via an external paste site. No specific email provider or victim organization has been identified.
Date: 2026-04-15T11:23:14Z
Network: openweb
Published URL: https://crackingx.com/threads/72160/
Screenshots:
None
Threat Actors: Cir4d
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 9,000 email credentials shared on cybercrime forum
Category: Combo List
Content: A threat actor known as COYTO has shared a combolist containing approximately 9,000 allegedly valid email and password credential pairs on a cybercrime forum. The credentials are made available for free download via an external paste service. No specific victim organization, industry, or country has been identified.
Date: 2026-04-15T11:22:57Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-9K-VALID-ACCESS
Screenshots:
None
Threat Actors: COYTO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 9,000 valid email access credentials combolist
Category: Combo List
Content: A threat actor operating under the alias Cidaxxx has shared a combolist containing approximately 9,000 allegedly valid email access credentials on a cybercrime forum. The combolist was made available via an external paste link and is described as high quality. No specific victim organization or targeted email provider was identified in the post.
Date: 2026-04-15T11:22:09Z
Network: openweb
Published URL: https://pwnforums.st/Thread-9k-Valid-MailAccess-HQ-Combolist
Screenshots:
None
Threat Actors: Cidaxxx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach and sale of 500k+ DuXiaoman Pay (dxmpay) ChinaLoan user and financial records
Category: Data Breach
Content: Threat actor ShinyHunters is selling a dataset of 500,000+ records allegedly stolen from DuXiaoman Pay (formerly Baidu Wallet), a Chinese digital payment and financial management platform. The stolen data reportedly includes user financial data (transaction history, payment amounts, wallet/merchant accounts), PII (full names, mobile numbers, emails, ID card details, loan amounts), login credentials (usernames, passwords, session tokens/cookies), business/merchant data (API keys, financial reports), internal system data (database server configs, API endpoints), and technical data (IP addresses, device info, activity logs). The seller is asking $100,000 USD and can be contacted via Telegram (@shinyc0rpsss), email, Tox, or Session. The listing is posted on BreachForums.
Date: 2026-04-15T11:20:24Z
Network: telegram
Published URL: https://t.me/c/3737716184/1171
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: China
Victim Industry: Financial Services / Digital Payments
Victim Organization: Du Xiaoman Pay (dxmpay / Du Xiaoman Financial)
Victim Site: dxmpay.com
Alleged Data Breach of DarkForums Exposing 427K User Records via myBB Vulnerability
Category: Data Breach
Content: A threat actor claims to have exploited a myBB vulnerability on DarkForums to extract 427,000 records linking post IDs to usernames, IP addresses, and hostnames. The breach exposed 44,300 unique users and 78,000 unique IP addresses, including 19,300 Tor node connections, 15,200 VPN/hosting provider connections, and 97,400 residential ISP connections. The data has been made available on BreachForums. The post also calls out specific users AnonOne and Lucifer sharing their IP addresses as examples of exposed data.
Date: 2026-04-15T11:20:12Z
Network: telegram
Published URL: https://t.me/c/3500620464/6803
Screenshots:
None
Threat Actors: Breach
Victim Country: Unknown
Victim Industry: Online Forum / Cybercrime Community
Victim Organization: DarkForums
Victim Site: darkforums.st
Alleged Data Breach of Vietnam National Credit Information Center (CIC) — 160M Records for Sale
Category: Data Breach
Content: Threat actor ShinyHunters claims to be selling the full database of the National Credit Information Center of Vietnam (cic.gov.vn), a national credit registry. The alleged dataset contains 160,000,000+ records in CSV format, including full names, dates of birth, national ID numbers (CCCD/CMND), passport data, loan data, balances, debt information, tax IDs, company information, audit logs, and addresses. The data is listed for sale at $75,000 USD on BreachForums.
Date: 2026-04-15T11:18:13Z
Network: telegram
Published URL: https://t.me/c/3737716184/1173
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Vietnam
Victim Industry: Financial Services / Government
Victim Organization: National Credit Information Center of Vietnam (CIC)
Victim Site: cic.gov.vn
Alleged Data Leak of DarkForums User Database Including IPs and Hostnames
Category: Data Breach
Content: A threat actor operating under the PwnForums community claims to have exploited a myBB vulnerability on DarkForums to extract approximately 427,000 records linking post IDs to usernames, IP addresses, and hostnames. The leaked database exposes around 44,300 unique users, including roughly 97,400 entries tied to residential ISP connections, and has been made available via a free download link. The disclosure appears motivated by retaliation against the forum administrator, identified as Knox, w
Date: 2026-04-15T10:59:35Z
Network: openweb
Published URL: https://pwnforums.st/Thread-IMPORTANT-READ-DarkForums-%C2%B7-420k-rows-%C2%B7-Posts-Users-IPs
Screenshots:
None
Threat Actors: John
Victim Country: Unknown
Victim Industry: Online Forums / Dark Web Communities
Victim Organization: DarkForums
Victim Site: Unknown
Alleged free distribution of Reddit credential combolist
Category: Combo List
Content: A threat actor operating under the alias CODER is distributing a free Reddit credential combolist via Telegram channels. The post directs users to Telegram groups (t.me/Combo445544 and t.me/Coder554455) where combolists and cracking tools are shared at no cost. No further details regarding the size or origin of the combolist are provided.
Date: 2026-04-15T10:40:32Z
Network: openweb
Published URL: https://crackingx.com/threads/72157/
Screenshots:
None
Threat Actors: CODER
Victim Country: United States
Victim Industry: Social Media
Victim Organization: Reddit
Victim Site: reddit.com
Alleged leak of combolist targeting Latin American and African regions
Category: Combo List
Content: A threat actor known as CODER has made available a combolist containing approximately 11 million credential pairs targeting users across Latin American countries (including Argentina, Chile, Colombia, Peru, Venezuela, and others) and African countries (including Nigeria, Kenya, South Africa, Ghana, and others). The combolist is being distributed for free via Telegram channels and the crackingx.com forum. The actor also promotes additional free combo resources through their Telegram groups.
Date: 2026-04-15T10:40:17Z
Network: openweb
Published URL: https://crackingx.com/threads/72158/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 175,000 email credentials combolist
Category: Combo List
Content: A threat actor operating under the alias SYCOSUNNY has shared a combolist containing approximately 175,000 email credentials on a cybercrime forum. The content is made available for free to registered forum members via hidden content. The actor also promotes a Telegram channel for distribution of additional free content.
Date: 2026-04-15T10:40:03Z
Network: openweb
Published URL: https://pwnforums.st/Thread-175K-MailAccess-Good-Combolist
Screenshots:
None
Threat Actors: SYCOSUNNY
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed-domain credential combolist
Category: Combo List
Content: A threat actor operating under the alias karaokecloud has made available a combolist containing 3,912 credential pairs across mixed domains on the cracking forum CrackingX. The list is being offered as a free download. No specific victim organization or country has been identified, as the credentials span multiple domains.
Date: 2026-04-15T10:39:59Z
Network: openweb
Published URL: https://crackingx.com/threads/72159/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor known as SYCOSUNNY has shared a combolist purportedly containing 260,000 Hotmail credentials on a cybercrime forum. The content is hidden behind a registration or login requirement, suggesting it is available to forum members at no direct cost. A Telegram group link is also provided for additional free content distribution.
Date: 2026-04-15T10:39:46Z
Network: openweb
Published URL: https://pwnforums.st/Thread-260K-Hotmail-HQ-Combolist
Screenshots:
None
Threat Actors: SYCOSUNNY
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged leak of 300,000 Gmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias SYCOSUNNY has made available a combolist allegedly containing 300,000 Gmail credentials on a cybercrime forum. The content is hidden behind a registration or login requirement, suggesting it is shared freely among forum members. A Telegram group link is also provided, likely used to distribute additional free content.
Date: 2026-04-15T10:39:31Z
Network: openweb
Published URL: https://pwnforums.st/Thread-300K-Gmail-Good-Combolist
Screenshots:
None
Threat Actors: SYCOSUNNY
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged leak of 22.5 million URL:Login:Password credential lines
Category: Logs
Content: A threat actor operating under the alias StarLinkClub has made available a large combolist containing approximately 22.5 million lines of URL:Login:Password credentials (1.2 GB) on a cybercrime forum. The content is hidden behind a registration or login requirement, suggesting it is being shared freely with forum members. No specific victim organization or country has been identified, indicating this is likely an aggregated credential collection.
Date: 2026-04-15T10:39:20Z
Network: openweb
Published URL: https://pwnforums.st/Thread-URL-LOGIN-PASS-Url-Log-Pass-22-528-702-M%C4%B1ll%C4%B1on-L%C4%B1nes-1-2gb
Screenshots:
None
Threat Actors: StarLinkClub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 340,000 USA credentials combolist
Category: Combo List
Content: A threat actor operating under the alias SYCOSUNNY has shared a combolist containing approximately 340,000 credential pairs purportedly associated with United States users on a cybercrime forum. The content is made available for free to registered forum members. A Telegram group link is also provided, likely used to distribute additional free content or stolen data.
Date: 2026-04-15T10:39:16Z
Network: openweb
Published URL: https://pwnforums.st/Thread-340K-USA-Fresh-Combolist
Screenshots:
None
Threat Actors: SYCOSUNNY
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of streaming service credentials combolist
Category: Combo List
Content: A threat actor operating under the alias SYCOSUNNY has made available a combolist containing approximately 350,000 credential pairs allegedly associated with streaming service accounts. The content is gated behind registration or login on the forum, with the actor also promoting a Telegram group for free content distribution. No specific streaming platform or victim organization has been identified.
Date: 2026-04-15T10:39:01Z
Network: openweb
Published URL: https://pwnforums.st/Thread-350K-Streaming-HQ-Combolist
Screenshots:
None
Threat Actors: SYCOSUNNY
Victim Country: Unknown
Victim Industry: Media & Entertainment
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of DXMPay (Du Xiaoman Pay) ChinaLoan – 500k+ Records for Sale
Category: Data Breach
Content: A threat actor is selling a dataset of 500,000+ records allegedly stolen from DXMPay (Du Xiaoman Pay, formerly Baidu Wallet), a Chinese digital payment and financial management platform. The data reportedly includes user financial data (transaction history, payment amounts, wallet/merchant accounts), PII (full names, mobile numbers, emails, ID card details, loan and payment amounts), login credentials (username/password pairs and session tokens), business/merchant data (API keys, financial reports), internal system data (database server configs, API endpoints), and technical data (IP addresses, device info, activity logs). The seller is asking $100,000 USD and can be contacted via Telegram (@shinyc0rpsss), email ([email protected]), Tox, or Session. The listing is also posted on BreachForums.
Date: 2026-04-15T10:38:42Z
Network: telegram
Published URL: https://t.me/c/3500620464/6801
Screenshots:
None
Threat Actors: shinyc0rpsss
Victim Country: China
Victim Industry: Financial Services / Digital Payments
Victim Organization: Du Xiaoman Pay (DXMPay)
Victim Site: dxmpay.com
Alleged leak of Hotmail credential combolist
Category: Logs
Content: A threat actor operating under the alias UniqueCombo has shared a combolist allegedly containing 44,000 unique Hotmail credentials on an underground forum. The post was made in the Mail Access & Combolists section, suggesting the list contains email and password pairs. The origin of the credentials and whether they have been verified as valid is unknown.
Date: 2026-04-15T10:29:56Z
Network: openweb
Published URL: https://xforums.st/threads/hotmail-unique-combo_3_44000.608377/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor operating under the alias UniqueCombo has shared an alleged Hotmail credential combolist on the cracking forum CrackingX, containing approximately 44,000 entries. The post is categorized under Combolists & Dumps, suggesting the content consists of email and password combinations. Full content requires forum registration or sign-in to access.
Date: 2026-04-15T10:20:16Z
Network: openweb
Published URL: https://crackingx.com/threads/72156/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged leak of multi-regional email credential combolist targeting CIS, European, and special-use domains
Category: Combo List
Content: A threat actor operating under the alias CODER is distributing a combolist of approximately 4 million email:password credential pairs targeting multiple regional domains including CIS countries (.ua, .kz, .uz, .by, .ge, .am, .md), European nations (.ee, .lv, .lt, .is, .lu, .mt, .cy, .al, .mk, .rs, .hr, .si, .ba), and special-use TLDs (.gov, .edu, .mil, .io, .ai, .int, .eu, .africa, .asia). The credentials are being made available for free via Telegram channels and groups managed by the actor.
Date: 2026-04-15T09:59:56Z
Network: openweb
Published URL: https://crackingx.com/threads/72155/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of NetBot – Mass Host Enumeration and Reconnaissance Platform
Category: Malware
Content: A threat actor operating under LulzSec Black is advertising NetBot, a network reconnaissance platform claiming to surpass Shodan and FoFa in scope. The tool allegedly allows users to download and export all indexed hosts globally with full platform access and no limits. Two pricing tiers are advertised: $50/month and $65/month. Contact is facilitated via a Telegram bot (@CyberShop_contact_bot).
Date: 2026-04-15T09:45:11Z
Network: telegram
Published URL: https://t.me/c/2727439812/5734
Screenshots:
None
Threat Actors: LulzSec Black
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Iran MOIS/VEVAK Intelligence, Nuclear, Military, and Leadership Facilities
Category: Data Leak
Content: A threat actor operating under the alias SiberSLX has publicly leaked a ZIP archive purportedly containing sensitive data related to Irans Ministry of Intelligence (MOIS/VEVAK), including information allegedly connected to intelligence, nuclear, military, and leadership facilities. The files have been made available for free download via an external file-sharing platform. The password for the archive was shared publicly in the post.
Date: 2026-04-15T09:40:13Z
Network: openweb
Published URL: https://breached.st/threads/iran-mois-vevak-and-related-intelligence-nuclear-military-and-leadership-facilities-leaked-download.86006/unread
Screenshots:
None
Threat Actors: SiberSLX
Victim Country: Iran
Victim Industry: Government
Victim Organization: Ministry of Intelligence (MOIS/VEVAK)
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias Sellerxd has made available a combolist of approximately 1,100 alleged valid Hotmail email and password combinations on DemonForums. The credentials are claimed to be high-quality and valid. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-04-15T09:39:18Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1100x-HQ-Valid-Hotmails
Screenshots:
None
Threat Actors: Sellerxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor on DemonForums has shared a combolist containing approximately 600 alleged Hotmail email and password credential pairs. The content is gated behind registration or login on the forum, suggesting it is being made available for free to forum members. The credentials are described as private hits, implying they have been verified as valid.
Date: 2026-04-15T09:38:38Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-600X-FULL-HOTMAIL-HITS-PRIVATE-HITS
Screenshots:
None
Threat Actors: mellos1213
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor known as Jelooos has shared an alleged combolist of 600 fully validated Hotmail credentials on the cracking forum CrackingX. The post claims the credentials are full hits and private full valid, suggesting they have been tested and confirmed as active. The actual post content is gated behind registration, limiting full verification of the claim.
Date: 2026-04-15T09:37:41Z
Network: openweb
Published URL: https://crackingx.com/threads/72151/
Screenshots:
None
Threat Actors: Jelooos
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Germany Mixed Combolist with 1.1 Million Credentials
Category: Combo List
Content: A threat actor known as HQcomboSpace has made available a combolist containing approximately 1.13 million lines of mixed credentials allegedly associated with European, primarily German, accounts. The combolist was shared for free via a Mega.nz link on the cracking forum CrackingX. The data appears to be an aggregated credential list rather than a dump from a single organization.
Date: 2026-04-15T09:37:13Z
Network: openweb
Published URL: https://crackingx.com/threads/72154/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Carded E-Gift Card Codes via Underground Marketplace
Category: Services
Content: A threat actor operating under the name Card Code Heist is selling carded e-gift card codes for multiple major retailers and platforms including Google Play, iTunes, Amazon, eBay, Razer, Delta, and Hotels.com at 50% of face value. The actor claims codes are obtained via carding from third-party vendors and are pre-activated, with a minimum purchase of $100 face value. Payments are accepted exclusively in cryptocurrency including Bitcoin, Litecoin, Ethereum, and USDT, with contact facilitated v
Date: 2026-04-15T09:36:35Z
Network: openweb
Published URL: https://pwnforums.st/Thread-E-Gift-Cards-Google-Play-iTunes-Amazon-eBay-Razer-Delta-Hotels-com-Et
Screenshots:
None
Threat Actors: Kexone
Victim Country: Unknown
Victim Industry: Retail & E-Commerce
Victim Organization: Google, Apple, Amazon, eBay, Razer, Delta, Hotels.com
Victim Site: Unknown
Alleged Data Breach of Pakistan Civil Aviation Authority
Category: Data Breach
Content: A threat actor identified as Jester01 is advertising an alleged data dump belonging to Pakistan Civil Aviation on a dark web forum. Sample data is offered behind a registration wall, with the full data dump available upon contact. A hash string (058c6efb43200323904b330215038a6cc2d58477bfa706595a8fc3a3ce02b7843c) is provided, likely as a file identifier or proof of authenticity.
Date: 2026-04-15T09:36:08Z
Network: openweb
Published URL: https://pwnforums.st/Thread-Pakistan-Civil-Aviation
Screenshots:
None
Threat Actors: Jester01
Victim Country: Pakistan
Victim Industry: Aviation / Transportation
Victim Organization: Pakistan Civil Aviation Authority
Victim Site: Unknown
Alleged Sale of NetBot OSINT Platform with Global IP Enumeration and Port Scanning Capabilities
Category: Malware
Content: A threat actor operating under LulzSec Black is selling access to NetBot, an OSINT platform advertised as more powerful than Shodan and FoFa. The platform claims to provide daily-updated global host enumeration, country-level IP filtering, open port detection (ports 22, 23, and others), and bulk export of results with no limits. Full access is priced at $50/month, with contact via Telegram bot @CyberShop_contact_bot. The tool has clear offensive reconnaissance utility for threat actors targeting internet-exposed infrastructure.
Date: 2026-04-15T09:35:19Z
Network: telegram
Published URL: https://t.me/c/2727439812/5731
Screenshots:
None
Threat Actors: LulzSec Black
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of 32,000 German email credentials
Category: Logs
Content: A threat actor operating under the alias MegaCloud is allegedly offering a combolist of 32,000 validated German email credentials on an underground forum. The post claims the data is of high quality and fully valid as of April 15. No specific targeted organization or service has been identified.
Date: 2026-04-15T09:27:31Z
Network: openweb
Published URL: https://xforums.st/threads/32k-germany-full-valid-mail-access-top-quality-15-04.608369/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email access combolist
Category: Logs
Content: A threat actor operating under the alias MegaCloud has made available a mixed combolist of approximately 20,000 validated email credentials on a cybercrime forum. The post, dated April 15, includes a hidden download link requiring forum registration to access. No specific targeted organization or country is identified, suggesting the credentials are aggregated from multiple sources.
Date: 2026-04-15T09:27:06Z
Network: openweb
Published URL: https://xforums.st/threads/20k-full-vcalid-mail-access-mix-15-04.608373/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of NetBot full-access host enumeration platform
Category: Initial Access
Content: A threat actor operating under LulzSec Black is advertising NetBot, a host enumeration and scanning platform claiming to index every host in the world. The tool offers full platform access with daily updated hosts globally, and is marketed as more powerful than Shodan and FoFa. Access is sold at $30/month via a Telegram bot contact.
Date: 2026-04-15T09:18:52Z
Network: telegram
Published URL: https://t.me/c/2727439812/5732
Screenshots:
None
Threat Actors: LulzSec Black
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 1.8 million ULP credential lines
Category: Data Leak
Content: A threat actor operating under the alias SiberSLX has freely shared a ULP (Username-Login-Password) combolist containing 1.8 million unique credential entries on the Breached forum. Each entry includes a username, email address, and plaintext password, making the list usable for credential stuffing across a wide variety of platforms. The list is available as a password-protected ZIP file via a file-sharing link.
Date: 2026-04-15T09:14:01Z
Network: openweb
Published URL: https://breached.st/threads/ulp-fresh-1-8m-lines-march-2026.86005/unread
Screenshots:
None
Threat Actors: SiberSLX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 32,000 German email credentials
Category: Combo List
Content: A threat actor known as MegaCloudshop has made available a combolist allegedly containing 32,000 valid German email credentials, described as full valid mail access and top quality. The content is hidden behind a registration or login requirement on the forum, and the actor promotes an associated store at megacloudshop.top. No specific victim organization or targeted platform has been identified.
Date: 2026-04-15T09:12:03Z
Network: openweb
Published URL: https://demonforums.net/Thread-32K-Germany-Full-Valid-Mail-Access-Top-Quality-15-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist (20,000 records)
Category: Combo List
Content: A threat actor operating under the alias MegaCloudshop has made available a combolist of approximately 20,000 email address and password combinations, described as fully valid mail access credentials from mixed sources. The content is hidden behind a registration or login requirement on the forum, and the actor promotes an external store at megacloudshop.top. No specific victim organization or country of origin has been identified.
Date: 2026-04-15T09:11:17Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-20K-Full-VCalid-Mail-Access-Mix-15-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 32,000 German email account credentials
Category: Combo List
Content: A threat actor operating under the alias MailAccesss has made available a combolist of approximately 32,000 German email account credentials on the cracking forum CrackingX. The post claims the credentials are fully valid and of top quality, dated April 15. Access to the content is restricted to registered forum users.
Date: 2026-04-15T09:10:14Z
Network: openweb
Published URL: https://crackingx.com/threads/72147/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email access credentials (20,000 records)
Category: Combo List
Content: A threat actor operating under the alias MailAccesss has made available a mixed combolist of approximately 20,000 allegedly valid email access credentials on the cracking forum CrackingX. The post, dated April 15, is categorized under Combolists & Dumps and targets multiple email providers of unknown origin. The content is restricted to registered forum members.
Date: 2026-04-15T09:09:58Z
Network: openweb
Published URL: https://crackingx.com/threads/72148/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of multi-country combolists across global domains
Category: Combo List
Content: A threat actor operating under the alias CODER is distributing free combolists targeting multiple country-specific and generic top-level domains including .ca, .au, .in, .br, .mx, and many others across Europe, Asia, and beyond. The actor directs interested parties to Telegram channels and a personal Telegram handle (CODER5544) to obtain the credential lists. The combolists appear to be shared freely via two Telegram groups dedicated to free combos and tools.
Date: 2026-04-15T09:09:42Z
Network: openweb
Published URL: https://crackingx.com/threads/72149/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias alphaxdd has made available a combolist of 1,059 alleged valid Hotmail credentials on Demonforums. The post describes the content as premium hits with mixed mail formats stored in a private cloud. Access to the credential list is gated behind forum registration or login, and the actor provides a Telegram handle for further contact.
Date: 2026-04-15T08:48:07Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1059x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias alphaxdd has made available a combolist of 1,059 alleged valid Hotmail credentials on the cracking forum CX. The post describes the credentials as premium hits from a mix of mail accounts with private cloud access. The actor can be contacted via Telegram handle alphaaxd for download access.
Date: 2026-04-15T08:46:05Z
Network: openweb
Published URL: https://crackingx.com/threads/72145/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Europe and USA combolists
Category: Combo List
Content: A threat actor on CrackingX forum has made available combolists claimed to be of high quality and full validity, targeting users from Europe and the United States. The post does not specify a particular organization or service as the source. The shared content appears to consist of credential lists in email:password format.
Date: 2026-04-15T08:45:50Z
Network: openweb
Published URL: https://crackingx.com/threads/72146/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Doxxing of 16 Individuals Accused of Student Harassment at Universitas Indonesia
Category: Data Leak
Content: A post shared in the BABAYO EROR SYSTEM channel exposes the personal information of 16 individuals allegedly involved in student harassment at Universitas Indonesia (UI). The leaked data includes full names and WhatsApp phone numbers for each of the 16 named individuals. This constitutes a doxxing action targeting private persons under the guise of public shaming.
Date: 2026-04-15T08:29:46Z
Network: telegram
Published URL: https://t.me/privtachive/1446
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas Indonesia
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor operating under the alias UniqueCombo has made available a combolist containing approximately 44,000 Hotmail email and password combinations on DemonForums. The content is hidden behind a registration or login requirement. The actor also promotes a shop (unique-combo.shop) offering credential combolists from various countries upon request.
Date: 2026-04-15T08:26:42Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-Hotmail-Unique-Combo-2-44000
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged distribution of multi-domain credential combolists across multiple country TLDs
Category: Combo List
Content: A threat actor operating under the alias CODER is offering free combolists targeting multiple country-code and generic top-level domains including .de, .fr, .it, .es, .uk, .us, .ru, .az, .tr, .jp, .cn, .com, .org, .net, .info, .biz, .online, and .site. The actor directs interested parties to Telegram channels (@Combo445544 and @Coder554455) for access to free credential lists and hacking tools. No specific victim organization or record count has been disclosed.
Date: 2026-04-15T08:26:11Z
Network: openweb
Published URL: https://crackingx.com/threads/72140/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor operating under the alias RandomUpload has made available a combolist containing approximately 30,000 Hotmail credentials on the cracking forum CrackingX. The post offers the credential list as a free download, though the actual content is restricted to registered users. The origin and validity of the credentials remain unverified.
Date: 2026-04-15T08:25:57Z
Network: openweb
Published URL: https://crackingx.com/threads/72141/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor operating under the alias UniqueCombo has made available a combolist allegedly containing 44,000 unique Hotmail credentials on the cracking forum CrackingX. The post is gated behind registration or sign-in, limiting full visibility into the content. The combolist likely consists of email and password pairs associated with Hotmail accounts.
Date: 2026-04-15T08:25:42Z
Network: openweb
Published URL: https://crackingx.com/threads/72142/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged leak of URL:Login:Password credential combolist
Category: Combo List
Content: A threat actor operating under the alias gsmfix on the cracking forum CrackingX has shared a combolist in URL:Login:Password (ULP) format, described as high-quality and private. The post offers credential pairs alongside their associated URLs, suggesting the data may be suitable for credential stuffing or account takeover attacks. No specific target organization, country, or record count has been identified.
Date: 2026-04-15T08:25:26Z
Network: openweb
Published URL: https://crackingx.com/threads/72143/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed USA and Europe credential combolists
Category: Combo List
Content: A threat actor on the CrackingX forum has shared a mixed combolist containing credentials associated with users from the United States and Europe. The post is titled as an exclusive release of credential hits spanning multiple regions. No specific organization, victim count, or pricing information was provided.
Date: 2026-04-15T08:25:11Z
Network: openweb
Published URL: https://crackingx.com/threads/72144/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Rockstar Games by ShinyHunters
Category: Data Breach
Content: Threat actor ShinyHunters has posted what they claim to be a database from Rockstar Games, shared via BreachForums. The post includes a direct link to the forum thread where the data is made available.
Date: 2026-04-15T08:16:14Z
Network: telegram
Published URL: https://t.me/c/3737716184/1169
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Gaming
Victim Organization: Rockstar Games
Victim Site: Unknown
Alleged data breach of Rockstar Games
Category: Data Breach
Content: A threat actor has claimed to have breached Rockstar Games and uploaded an alleged database to BreachForums (breachforums.ai). The post includes a direct link to the forum thread where the data is reportedly available.
Date: 2026-04-15T08:16:11Z
Network: telegram
Published URL: https://t.me/c/3500620464/6799
Screenshots:
None
Threat Actors: Breach
Victim Country: United States
Victim Industry: Gaming
Victim Organization: Rockstar Games
Victim Site: rockstargames.com
Alleged promotion of NetBot OSINT platform for global IP reconnaissance by LulzSec Black
Category: Cyber Attack
Content: LulzSec Black is promoting a tool called NetBot, described as an OSINT platform powered by CyberShop that claims to index every IP on the internet. It offers daily-updated host data, open port detection (ports 22, 23, and others), country-level IP filtering, and bulk result downloads with no usage limits. The platform is positioned as superior to Shodan and FoFa, and is accessible via a Telegram bot (@CyberShop_contact_bot). This type of tool has significant threat actor utility for reconnaissance and initial access operations.
Date: 2026-04-15T08:14:48Z
Network: telegram
Published URL: https://t.me/c/2727439812/5730
Screenshots:
None
Threat Actors: LulzSec Black
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email and password combolist (15.2 million records)
Category: Combo List
Content: A threat actor known as stradu has shared a mixed email and password combolist containing approximately 15.2 million credential pairs on the cracking forum CrackingX. This is part of an ongoing series of combolist releases by the same actor (entries #352 through #367). The credentials appear to be aggregated from multiple sources and are being made available to forum members.
Date: 2026-04-15T08:02:39Z
Network: openweb
Published URL: https://crackingx.com/threads/72138/
Screenshots:
None
Threat Actors: stradu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Etsy, Netflix, and SMTP credentials combolist
Category: Combo List
Content: A threat actor operating under the alias CODER has made available an 11 million record combolist targeting Etsy, Netflix, and SMTP accounts via Telegram channels. The actor promotes free combo distribution through two Telegram groups and a personal Telegram handle. The post does not indicate a specific price, suggesting the credentials are being freely shared.
Date: 2026-04-15T08:02:25Z
Network: openweb
Published URL: https://crackingx.com/threads/72139/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Multiple
Victim Organization: Etsy, Netflix
Victim Site: etsy.com, netflix.com
Alleged leak of German shopping credential combolist with over 1 million lines
Category: Combo List
Content: A threat actor operating under the alias HQcomboSpace has made available a combolist containing over 1.1 million credential lines targeting German shopping platforms. The data was shared freely via a Mega.nz link on the cracking forum CrackingX. No specific victim organization or website was identified, suggesting the combolist may aggregate credentials from multiple European e-commerce targets.
Date: 2026-04-15T07:37:58Z
Network: openweb
Published URL: https://crackingx.com/threads/72136/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Retail & E-Commerce
Victim Organization: Unknown
Victim Site: Unknown
Alleged Unauthorized Access to Industrial Plant CCTV System in Central Europe
Category: Cyber Attack
Content: Threat actor group Shadow Clawz 404 claims to have gained full control over a CCTV surveillance system at a large industrial plant in Central Europe, accessing all 120 cameras. The group states the security posture was weak and hints at further actions to come.
Date: 2026-04-15T07:32:53Z
Network: telegram
Published URL: https://t.me/c/3251820623/65
Screenshots:
None
Threat Actors: Shadow Clawz 404
Victim Country: Unknown
Victim Industry: Industrial/Manufacturing
Victim Organization: Unknown
Victim Site: Unknown
Alleged acquisition request for Chinese database pack on cybercrime forum
Category: Data Breach
Content: A threat actor on the Breached forum is seeking to acquire a pack of Chinese databases, requesting information from anyone selling the data or able to verify its authenticity. The specific organizations, industries, or data types involved in the alleged database pack remain unknown. No seller has been identified and no further details about the contents or origin of the data have been disclosed.
Date: 2026-04-15T07:15:52Z
Network: openweb
Published URL: https://breached.st/threads/need-chinese-databases-pack.86004/unread
Screenshots:
None
Threat Actors: enolajames851
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor operating under the alias Steveee36 has shared a combolist containing approximately 1,284 Hotmail credentials on DemonForums. The content is hidden behind a registration or login requirement, suggesting it is being distributed to forum members. The post was made in the Combolists section, indicating the data consists of email and password pairs.
Date: 2026-04-15T07:14:56Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9A%A1%E2%9A%A1-X1284-HQ-Hotmail-%E2%9A%A1%E2%9A%A1-BY-Steveee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of WEB.DE credentials
Category: Combo List
Content: A threat actor operating under the alias wingoooW has made available a combolist of approximately 2,000 WEB.DE email and password combinations via a free download link on a paste site. WEB.DE is a German email and internet services provider. The credentials were shared freely on the DemonForums combolist section with no payment required.
Date: 2026-04-15T07:14:17Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-2K-WEB-DE
Screenshots:
None
Threat Actors: wingoooW
Victim Country: Germany
Victim Industry: Technology
Victim Organization: WEB.DE
Victim Site: web.de
Alleged leak of mixed-access credential combolist
Category: Combo List
Content: A threat actor known as COYTO has made available a combolist of approximately 1,000 email:password credential pairs described as high-quality and valid across mixed access types. The combolist was shared freely via a paste hosting service with no payment required. No specific victim organization or industry has been identified.
Date: 2026-04-15T07:13:42Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1K-HQ-VALID-MIXED-ACCESS
Screenshots:
None
Threat Actors: COYTO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor operating under the handle @Steveee36 has made available a combolist containing 1,284 alleged Hotmail credentials on the cracking forum CrackingX. The post offers a free download of the credential list, described as HQ (high quality), suggesting the credentials may be recently verified or active. No price or payment method was mentioned, indicating this is a free leak.
Date: 2026-04-15T07:12:56Z
Network: openweb
Published URL: https://crackingx.com/threads/72134/
Screenshots:
None
Threat Actors: stevee36
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged leak of PSN and Spotify credential combolists
Category: Combo List
Content: A threat actor operating under the alias CODER is distributing a combolist purportedly containing 10 million credential pairs for PlayStation Network (PSN) and Spotify accounts. The content is being made available for free via Telegram channels and groups operated by the actor. The post references two Telegram groups offering free combolists and cracking tools.
Date: 2026-04-15T07:12:41Z
Network: openweb
Published URL: https://crackingx.com/threads/72135/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Entertainment & Streaming
Victim Organization: PlayStation Network, Spotify
Victim Site: psn.com, spotify.com
Alleged Data Leak of Insei.fr Student and Civil Status Records
Category: Data Leak
Content: A threat actor known as ChimeraZ has freely leaked a database belonging to Insei.fr, a French educational institution, on PwnForums. The leak includes 448 MB of data comprising 1,328 files with civil status records containing personally identifiable information such as full names, dates of birth, addresses, phone numbers, and email addresses, as well as a Gifts folder containing 71 files reported to include national identity cards, passports, and health cards. The data appears to originate fro
Date: 2026-04-15T07:11:44Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-2-7K-Insei-fr
Screenshots:
None
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Education
Victim Organization: Insei
Victim Site: insei.fr
Alleged Data Leak of Rockstar Games Analytics Data by ShinyHunters Group
Category: Data Leak
Content: The ShinyHunters group allegedly leaked over 78.6 million records of Rockstar Games analytics data sourced from Snowflake cloud instances, reportedly compromised via third-party provider Anodot.com. The leaked data includes structured game item metadata such as in-game items, vehicle data, pricing, and regional analytics metrics spanning multiple GTA Online DLC releases. The data was publicly shared on a cybercrime forum with a sample posted as proof.
Date: 2026-04-15T07:11:28Z
Network: openweb
Published URL: https://pwnforums.st/Thread-Rockstar-Games-analytics-data-leaked-by-Shinyhunters-Group
Screenshots:
None
Threat Actors: Tanaka
Victim Country: United States
Victim Industry: Gaming
Victim Organization: Rockstar Games
Victim Site: rockstargames.com
Alleged sale of stolen CVV payment card data via Pepecard store
Category: Initial Access
Content: A CVV card store called Pepecard is advertising stolen payment card data for sale. The store claims to offer over 100,000 card renewals daily covering US, Canada, UK, and global cards. US CVV cards start at $1, international cards at $1.50. The store claims 75-95% card validity and offers free card verification. The service operates via a clearnet website (pepecard.mobi) and a Tor hidden service, with an automated bot for purchases.
Date: 2026-04-15T07:08:51Z
Network: telegram
Published URL: https://t.me/c/2613583520/62957
Screenshots:
None
Threat Actors: Pepecard
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: pepecard.mobi
Alleged leak of mixed credential combolist by threat actor fatetraffic
Category: Combo List
Content: A threat actor operating under the alias fatetraffic has made available a mixed combolist containing approximately 1,250 credential entries, dated April 15, 2026, derived from stealer logs. The data is hosted on Pixeldrain and shared freely on the CrackingX forum. No specific victim organization or country has been identified, suggesting the credentials span multiple sources.
Date: 2026-04-15T06:47:13Z
Network: openweb
Published URL: https://crackingx.com/threads/72133/
Screenshots:
None
Threat Actors: fatetraffic
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged ShinyHunters Threat Actor Service Advertisement for $10,000 USD
Category: Initial Access
Content: The ShinyHunters threat actor group is advertising an unspecified service for $10,000 USD via their Telegram channel. The post includes PGP key verification details, multiple contact methods (Telegram, email, Tox, Session), and warns against impersonators (Mattys Savoie & James). The nature of the service is not explicitly stated but is consistent with ShinyHunters known activities involving data breaches and initial access sales.
Date: 2026-04-15T06:43:43Z
Network: telegram
Published URL: https://t.me/c/3737716184/1163
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged ShinyHunters Threat Actor Advertising Services and Publishing New PGP Identity
Category: Cyber Attack
Content: An individual claiming to be ShinyHunters (handle @shinyc0rpsss) is publishing a new PGP key via Pastebin, alleging that prior associates (Mattys Savoie & James) misused their previous PGP key for ransom purposes. The actor is advertising unspecified services for $10,000 USD and providing multiple contact channels including Telegram, email ([email protected]), Tox ID, and Session ID. The post appears to be an identity verification and service advertisement from a self-proclaimed member of the ShinyHunters group.
Date: 2026-04-15T06:42:51Z
Network: telegram
Published URL: https://t.me/c/3500620464/6795
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Instituto Tecnológico de Cintalapa Student Database
Category: Data Leak
Content: A threat actor known as Z3r00 has leaked a database allegedly belonging to Instituto Tecnológico de Cintalapa, a higher education institution in Chiapas, Mexico. The leaked data contains student academic records including institution name, program codes, career details, academic level, GPA, credit load, semester information, student type, academic status, and scholarship associations. The database has been made available via a free download link and promoted through Telegram channels.
Date: 2026-04-15T06:27:47Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-CHIAPAS-INSTITUTO-TECNOLOGICO-DE-CINTALAPA
Screenshots:
None
Threat Actors: Z3r00
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Instituto Tecnológico de Cintalapa
Victim Site: Unknown
Alleged launch of covert XMPP chat server by DarkForums for hackers and cybercriminals
Category: Cyber Attack
Content: Reports indicate that DarkForums has launched a new XMPP-based chat server specifically designed for hackers and cybercriminals. The platform features full end-to-end encryption, a strict no-logging policy, and is architected to resist access by law enforcement and regulatory bodies. The service is intended to facilitate covert communications among threat actors.
Date: 2026-04-15T06:20:08Z
Network: telegram
Published URL: https://t.me/c/1283513914/21199
Screenshots:
None
Threat Actors: DarkForums
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Logs
Content: A threat actor using the alias UniqueCombo has shared an alleged combolist containing approximately 44,000 Hotmail credentials on an underground forum. The post was made in the Mail Access & Combolists section, suggesting the list contains email and password combinations. The origin and validity of the credentials have not been verified.
Date: 2026-04-15T06:19:52Z
Network: openweb
Published URL: https://xforums.st/threads/hotmail-unique-combo_1_44000.608355/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Critical Vulnerability in Juniper Networks Equipment Enabling Full Network Device Takeover
Category: Vulnerability
Content: A critical vulnerability has been identified in Juniper Networks products stemming from the use of default login credentials on certain devices. If exploited, the flaw allows attackers to gain full access and administrative control over affected network equipment. Given the critical role of these devices in network infrastructure, successful exploitation could compromise entire networks. Recommendations include applying security updates immediately, changing default credentials, and restricting administrative access.
Date: 2026-04-15T06:14:01Z
Network: telegram
Published URL: https://t.me/c/1283513914/21200
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Unknown
Victim Industry: Technology / Networking
Victim Organization: Juniper Networks
Victim Site: juniper.net
Alleged Cyber Attack on US Gas Station Refueling Systems by Golden Falcon
Category: Cyber Attack
Content: Threat actor Golden Falcon claims to have maintained control over refueling systems at US gas stations, issuing a warning message implying ongoing access to critical infrastructure. No specific targets or technical details provided.
Date: 2026-04-15T06:11:14Z
Network: telegram
Published URL: https://t.me/Golden_falcon_team/630
Screenshots:
None
Threat Actors: Golden Falcon
Victim Country: United States
Victim Industry: Energy / Fuel Retail
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Yeskar by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website yeskar.com. The defacement targeted a specific page (index.txt) rather than the homepage, indicating a targeted intrusion. No specific motivation or technical details regarding the attack vector were disclosed.
Date: 2026-04-15T06:09:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834212
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Yeskar
Victim Site: yeskar.com
Website Defacement of Zenquro by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website zenquro.com. The defacement targeted a specific text file (index.txt) rather than the main homepage, indicating a targeted intrusion rather than a mass or home page defacement. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-04-15T06:08:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834225
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Zenquro
Victim Site: zenquro.com
Website Defacement of Zeronyxa by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website zeronyxa.com. The defacement targeted a specific index file (index.txt) rather than the homepage, indicating a targeted file-level intrusion. The attack was neither a mass defacement nor a redefacement, and technical details such as server software and exploited vulnerabilities remain unknown.
Date: 2026-04-15T06:07:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834226
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Zeronyxa
Victim Site: zeronyxa.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor operating under the alias UniqueCombo has made available a combolist allegedly containing 44,000 unique Hotmail credential pairs on the cracking forum CrackingX. The post is restricted to registered or signed-in members of the forum. The origin and validity of the credentials have not been verified.
Date: 2026-04-15T06:05:41Z
Network: openweb
Published URL: https://crackingx.com/threads/72131/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Website Defacement of zolupo.com by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website zolupo.com. The attack targeted a specific page (index.txt) rather than the homepage, indicating a targeted single-page defacement. The incident was archived and mirrored via zone-xsec.com for documentation purposes.
Date: 2026-04-15T06:05:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834229
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Zolupo
Victim Site: zolupo.com
Website Defacement of zovirexa.com by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website zovirexa.com. The defacement targeted a specific page (index.txt) and was not classified as a mass or home page defacement. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-04-15T06:04:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834232
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: zovirexa.com
Website Redefacement of zymerya.com by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, conducted a redefacement of zymerya.com. This incident marks a repeated compromise of the target, indicating persistent access or recurring targeting by the attacker. The defacement was not categorized as a mass defacement, suggesting it was a targeted attack against this specific domain.
Date: 2026-04-15T06:03:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834234
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Zymerya
Victim Site: zymerya.com
Website Redefacement of TipTopACP by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, conducted a redefacement of the website tiptopacp.com. This incident marks a repeated targeting of the same domain, indicating prior successful compromise. The defacement was catalogued via zone-xsec.com with mirror ID 834097.
Date: 2026-04-15T05:56:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834097
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: TipTop ACP
Victim Site: tiptopacp.com
Alleged data leak of individuals linked to Russian government entities on dark web
Category: Data Leak
Content: A threat actor claims to have published a dataset on the dark web containing contact and professional information of individuals associated with Russian government institutions. The leaked data reportedly targets managers and high-ranking officials connected to state entities.
Date: 2026-04-15T05:56:03Z
Network: telegram
Published URL: https://t.me/c/1283513914/21198
Screenshots:
None
Threat Actors: Unknown
Victim Country: Russia
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of The Views Express by Nicotine of Umbra Community
Category: Defacement
Content: The website theviewsexpress.in, an Indian news or media outlet, was defaced by a threat actor known as Nicotine, operating under the group Umbra Community. The defacement was recorded on April 15, 2026, targeting the sites index page. The incident was a singular, non-mass defacement with no prior redefacement history noted.
Date: 2026-04-15T05:55:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834091
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Media and News
Victim Organization: The Views Express
Victim Site: theviewsexpress.in
Website Defacement of Touch Plus Trading by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website touchplustrading.com. The attack targeted the index page of what appears to be a trading or commerce organization. No specific motivation or technical details were disclosed for this incident.
Date: 2026-04-15T05:54:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834108
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Trading / Commerce
Victim Organization: Touch Plus Trading
Victim Site: touchplustrading.com
Website Defacement of Tileonix by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website tileonix.com. The defacement targeted a specific page (index.txt) rather than the homepage, indicating a targeted but limited-scope intrusion. No specific motivation or technical details regarding the attack vector were disclosed.
Date: 2026-04-15T05:53:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834096
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Tileonix
Victim Site: tileonix.com
Website Defacement of French Roofing Company toiture22-renov.fr by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Toiture 22 Renov, a French roofing and renovation company. The defacement targeted the index page of the site and was recorded as a standalone, non-mass defacement incident. The attack was mirrored and archived via zone-xsec.com.
Date: 2026-04-15T05:51:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/834100
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: France
Victim Industry: Construction / Home Renovation
Victim Organization: Toiture 22 Renov
Victim Site: toiture22-renov.fr
Alleged leak of 20,000 WordPress admin credentials
Category: Logs
Content: A threat actor operating under the alias borntodie has made available a list of approximately 20,000 WordPress admin credentials in URL:LOGIN:PASS format on a cybercrime forum. The credential list targets wp-admin login panels across multiple websites and organizations spanning various industries and countries. The data appears to have been harvested via stealer logs and is being distributed as a free download.
Date: 2026-04-15T05:48:39Z
Network: openweb
Published URL: https://pwnforums.st/Thread-URL-LOGIN-PASS-%E2%AD%9020k-WORDPRESS-URL-LOGIN-PASS-wp-admin-%E2%AD%90
Screenshots:
None
Threat Actors: borntodie
Victim Country: Unknown
Victim Industry: Multiple
Victim Organization: Multiple
Victim Site: Multiple
Alleged data leak of La Poste Mobile customer database with 1.5 million records
Category: Data Leak
Content: A threat actor operating under the alias jza1337 has made available a database allegedly belonging to La Poste Mobile, a French mobile telecommunications provider. The leak comprises over 1.5 million records split across four text files, categorized by client type, and contains personally identifiable information including full names, addresses, zip codes, cities, email addresses, and phone numbers. The data is offered as a free download via Gofile, with the actor also soliciting contact via T
Date: 2026-04-15T05:47:55Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-FR-LAPOSTEMOBILE-1-5M
Screenshots:
None
Threat Actors: jza1337
Victim Country: France
Victim Industry: Telecommunications
Victim Organization: La Poste Mobile
Victim Site: lapostemobile.fr
Alleged data breach of Clin-doeil.fr
Category: Data Breach
Content: A threat actor operating under the handle uhqboyz has posted what is claimed to be a database from Clin-doeil, a French optical/eyewear company. The compromised data reportedly includes full names, email addresses, physical addresses, dates of birth, phone numbers, and NIR (French national social security identification numbers). The content is hidden behind a registration or login requirement, suggesting it may be offered for sale or restricted access.
Date: 2026-04-15T05:47:40Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Clin-doeil-fr-RE-POST
Screenshots:
None
Threat Actors: uhqboyz
Victim Country: France
Victim Industry: Healthcare / Optical Retail
Victim Organization: Clin-doeil
Victim Site: clin-doeil.fr
Website Defacement of Sabitha Systems by Nicotine (Umbra Community)
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Sabitha Systems, a likely technology or IT services organization. The defacement targeted a specific page (index.txt) rather than the homepage, indicating a targeted but non-mass defacement incident. The attack was recorded and mirrored by zone-xsec.com under mirror ID 833955.
Date: 2026-04-15T05:45:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833955
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology / IT Services
Victim Organization: Sabitha Systems
Victim Site: sabithasystems.com
Website Defacement of sanmec.in by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website sanmec.in by altering the index.txt file. The attack was a targeted single-site defacement with no stated motive recorded. The incident was mirrored and documented via zone-xsec.com.
Date: 2026-04-15T05:44:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833973
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Unknown
Victim Organization: Sanmec
Victim Site: sanmec.in
Website Defacement of Royal Depository Limited by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website of Royal Depository Limited at royaldepositorylmtd.com. The incident was a targeted single-site defacement, not categorized as mass or redefacement. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-04-15T05:43:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833946
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Royal Depository Limited
Victim Site: royaldepositorylmtd.com
Website Defacement of Royal Mithila by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website royalmithila.com. The attacker replaced the index page with a defacement message, as evidenced by the mirrored content archived at zone-xsec.com. This was a targeted, single-site defacement with no indication of mass or repeated compromise.
Date: 2026-04-15T05:42:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833947
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Royal Mithila
Victim Site: royalmithila.com
Website Defacement of Sanghani Associate by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website of Sanghani Associate at sanghaniassociate.com. The incident was a targeted single-site defacement, not part of a mass defacement campaign. The attackers motivation and the server details remain unknown at this time.
Date: 2026-04-15T05:41:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833969
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Professional Services
Victim Organization: Sanghani Associate
Victim Site: sanghaniassociate.com
Website Defacement of sajol.co.za by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website sajol.co.za, a South African domain. The defacement was a targeted, single-site incident and was not classified as a mass or re-defacement. A mirror of the defaced page was archived at zone-xsec.com.
Date: 2026-04-15T05:39:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833959
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: South Africa
Victim Industry: Unknown
Victim Organization: Sajol
Victim Site: sajol.co.za
Website Defacement of Nutriefit Distribuidora by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Nutriefit Distribuidora, a Brazilian health and nutrition distributor. The attack was a targeted single-site defacement and does not appear to be part of a mass defacement campaign. No specific motive or proof of concept was disclosed alongside the incident.
Date: 2026-04-15T05:33:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833813
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Brazil
Victim Industry: Health & Nutrition / Food Distribution
Victim Organization: Nutriefit Distribuidora
Victim Site: nutriefitdistribuidora.com.br
Website Defacement of nexuvira.com by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor identified as Nicotine, operating under the group Umbra Community, defaced the website nexuvira.com. The defacement targeted a specific index text file and was neither a mass defacement nor a redefacement. Limited technical details are available regarding the server environment or attacker motivation.
Date: 2026-04-15T05:32:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833800
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Nexuvira
Victim Site: nexuvira.com
Website Defacement of Olyvexa by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor identified as Nicotine, affiliated with the group Umbra Community, defaced the website olyvexa.com. The attack resulted in the replacement of the sites index page with defacement content. No specific motivation or technical details regarding the server infrastructure were disclosed in connection with this incident.
Date: 2026-04-15T05:31:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833820
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Olyvexa
Victim Site: olyvexa.com
Website defacement of NewsTv99 by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor identified as Nicotine, affiliated with the group Umbra Community, defaced the website newstv99.com, a media or news-oriented platform. The defacement was a targeted single-site attack, with the altered content archived at zone-xsec.com. No specific motivation or exploit details were disclosed.
Date: 2026-04-15T05:30:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833797
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Media & News
Victim Organization: NewsTv99
Victim Site: newstv99.com
Website Defacement of OH Group LLC by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of OH Group LLC by altering the index.txt file. The attack was a targeted single-site defacement with no indication of mass or repeated compromise. Server and infrastructure details were not disclosed in the available intelligence.
Date: 2026-04-15T05:29:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833818
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Business Services
Victim Organization: OH Group LLC
Victim Site: ohgroup-llc.com
Website Defacement of nmguae.com by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website nmguae.com, targeting an organization based in the United Arab Emirates as inferred from the domain suffix uae. The defacement was recorded as a singular, non-mass incident affecting a specific page (index.txt) rather than the sites homepage. No specific motivation or technical details regarding the server infrastructure were disclosed.
Date: 2026-04-15T05:28:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833807
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United Arab Emirates
Victim Industry: Unknown
Victim Organization: NMG UAE
Victim Site: nmguae.com
Alleged leak of German shopping credentials combolist
Category: Combo List
Content: A threat actor operating under the alias HQcomboSpace has shared a combolist containing approximately 432,040 lines of credentials allegedly targeting German shopping/e-commerce users. The file has been made available for free download via a Mega.nz link. No specific victim organization or website has been identified.
Date: 2026-04-15T05:26:48Z
Network: openweb
Published URL: https://crackingx.com/threads/72128/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Retail & E-Commerce
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed corporate credential combolist
Category: Combo List
Content: A threat actor operating under the alias CODER has made available a mixed corporate combolist containing approximately 7 million credential pairs via Telegram channels. The combolist is being distributed for free through two Telegram groups and a cracking forum. The actor also solicits direct contact via Telegram handle CODER5544 for additional combo requests.
Date: 2026-04-15T05:26:31Z
Network: openweb
Published URL: https://crackingx.com/threads/72129/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Multiple Sectors
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of liva.pk by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor identified as Nicotine, affiliated with the group Umbra Community, defaced the Pakistani website liva.pk. The defacement was recorded as a single targeted incident rather than a mass or redefacement event. A mirror of the defaced page was archived at zone-xsec.com.
Date: 2026-04-15T05:21:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833648
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Pakistan
Victim Industry: Unknown
Victim Organization: Liva
Victim Site: liva.pk
Website Defacement of lipomah.com by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor operating under the alias Nicotine, affiliated with the group Umbra Community, defaced the website lipomah.com. The defacement targeted a specific page (index.txt) rather than the homepage, suggesting a targeted intrusion. No specific motive or technical details regarding the attack vector were disclosed.
Date: 2026-04-15T05:20:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833647
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: lipomah.com
Website Defacement of LatestGovtJobsPK by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor operating under the alias Nicotine, affiliated with the group Umbra Community, defaced the website latestgovtjobspk.com, a Pakistani government jobs listing portal. The defacement targeted the index.txt file and was neither a mass nor redefacement incident. Technical details regarding the server infrastructure remain unknown.
Date: 2026-04-15T05:18:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833626
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Pakistan
Victim Industry: Media / Job Listings
Victim Organization: Latest Govt Jobs PK
Victim Site: latestgovtjobspk.com
Website Defacement of LeatherStep by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website leatherstep.pk, a Pakistani leather goods or footwear retail domain. The defacement was a single targeted incident, not part of a mass or repeated defacement campaign. A mirror of the defaced page was archived at zone-xsec.com.
Date: 2026-04-15T05:16:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833629
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Pakistan
Victim Industry: Retail / E-Commerce
Victim Organization: LeatherStep
Victim Site: leatherstep.pk
Website Redefacement of Greg on the Hair Co by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, conducted a redefacement of gregonthehairco.com, a hair care related website. This incident marks a repeated targeting of the same domain, indicating a deliberate and persistent attack against the organization. The defacement was recorded and mirrored by zone-xsec.com under mirror ID 833476.
Date: 2026-04-15T05:10:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833476
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United States
Victim Industry: Beauty and Personal Care
Victim Organization: Greg on the Hair Co
Victim Site: gregonthehairco.com
Website Defacement of H7X Holding by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of H7X Holding, a holding company based in the United Arab Emirates. The defacement targeted the index page of the domain h7xholding.ae and was recorded as a single, targeted incident rather than a mass or redefacement event. The mirror of the defaced page was archived via zone-xsec.com.
Date: 2026-04-15T05:09:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833489
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United Arab Emirates
Victim Industry: Finance / Holding Company
Victim Organization: H7X Holding
Victim Site: h7xholding.ae
Website Defacement of GRS News India by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website grsnewsindia.in, an Indian news outlet. The defacement targeted the sites index page and was recorded as a singular, non-mass incident. The attack was catalogued with a mirror preserved at zone-xsec.com.
Date: 2026-04-15T05:08:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833479
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Media and News
Victim Organization: GRS News India
Victim Site: grsnewsindia.in
Website Defacement of Guia Publicacion Cientifica by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website guiapublicacioncientifica.com, a platform associated with scientific publication guidance. The incident was a targeted, single-site defacement with no stated motive recorded. Server and infrastructure details were not disclosed at the time of reporting.
Date: 2026-04-15T05:07:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833485
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Publishing / Academic
Victim Organization: Guia Publicacion Cientifica
Victim Site: guiapublicacioncientifica.com
Website Defacement of Gulmera by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website gulmera.com by altering the index.txt file. The incident was a targeted defacement, not classified as mass or home page defacement. No motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-04-15T05:06:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833487
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Gulmera
Victim Site: gulmera.com
Website Defacement of greenpurero.com by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor identified as Nicotine, operating under the group Umbra Community, defaced the website greenpurero.com. The attack targeted a specific page (index.txt) rather than the homepage, indicating a selective defacement. No specific motive, server details, or proof of concept were disclosed alongside the incident.
Date: 2026-04-15T05:04:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833474
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Green Purero
Victim Site: greenpurero.com
Website Defacement of Branding Studio LLC by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Branding Studio LLC. The attack targeted the index page of the domain brandingstudiollc.com. No specific motivation or technical details were disclosed in relation to this incident.
Date: 2026-04-15T04:58:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833205
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United States
Victim Industry: Marketing and Branding Services
Victim Organization: Branding Studio LLC
Victim Site: brandingstudiollc.com
Website Defacement of BestIVF Noida by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Best IVF Noida, a healthcare organization based in Noida, India. The defacement targeted the index page of the site and was recorded in the Zone-xSec defacement mirror database. The incident was a single targeted defacement rather than a mass or redefacement event.
Date: 2026-04-15T04:57:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833179
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Healthcare
Victim Organization: Best IVF Noida
Victim Site: bestivfinnoida.com
Website Defacement of Brayzio by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor identified as Nicotine, operating under the group Umbra Community, defaced the website brayzio.com. The attack targeted a specific page (index.txt) and was neither a mass defacement nor a redefacement. Server and infrastructure details were not disclosed in the available intelligence.
Date: 2026-04-15T04:56:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833207
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Brayzio
Victim Site: brayzio.com
Website Defacement of Bike Rental Mangalore by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website of Bike Rental Mangalore, an Indian vehicle rental service. The attack targeted the sites index page and was recorded as a single, non-mass defacement incident. The defacement was archived and mirrored via zone-xsec.com.
Date: 2026-04-15T04:55:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833183
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Transportation & Rental Services
Victim Organization: Bike Rental Mangalore
Victim Site: bikerentalmangalore.com
Website Defacement of Biplob Bangladesh by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website biplobibangladesh.com. The incident was a targeted single-site defacement with no mass defacement or redefacement indicators. The attackers motive and server details remain unknown at this time.
Date: 2026-04-15T04:55:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833187
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Bangladesh
Victim Industry: Unknown
Victim Organization: Biplob Bangladesh
Victim Site: biplobibangladesh.com
Website Defacement of birdik.com by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website birdik.com. The attack targeted the index page of the domain, resulting in a single-site defacement. No specific motive, server details, or proof of concept were disclosed in connection with the incident.
Date: 2026-04-15T04:54:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833188
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Birdik
Victim Site: birdik.com
Website Defacement of Best Video Editing Institute by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Best Video Editing Institute. The incident was a targeted single-site defacement with no mass or repeated defacement indicators. Technical details regarding the server environment and attack vector were not disclosed.
Date: 2026-04-15T04:53:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833180
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Best Video Editing Institute
Victim Site: bestvideoeditinginstitute.com
Website Defacement of Bracesnmore.in by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website bracesnmore.in, an apparent dental or orthodontic services provider based in India. The defacement targeted a specific index file (index.txt) rather than the homepage, suggesting a targeted file-level intrusion. No specific motive or proof-of-concept was disclosed for this incident.
Date: 2026-04-15T04:52:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833203
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Healthcare / Dental
Victim Organization: Braces N More
Victim Site: bracesnmore.in
Website Defacement of Bonny Auto by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website bonnyauto.com, targeting an automotive-related organization. The defacement was a single targeted attack, not classified as a mass or home page defacement. A mirror of the defaced page was archived at zone-xsec.com for reference.
Date: 2026-04-15T04:51:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833197
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Automotive
Victim Organization: Bonny Auto
Victim Site: bonnyauto.com
Website Defacement of Bhaskare Service by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor identified as Nicotine, affiliated with the group Umbra Community, defaced the website bhaskareservice.com. The defacement targeted a specific page (index.txt) rather than the homepage, indicating a selective intrusion. The incident was recorded as a single targeted defacement with no indication of mass or repeated defacement activity.
Date: 2026-04-15T04:51:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833182
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Bhaskare Service
Victim Site: bhaskareservice.com
Website Defacement of Bluestream by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website bluestream.ae, targeting a UAE-based organization. The defacement affected a specific page (index.txt) rather than the homepage, indicating a targeted intrusion. The incident was recorded and mirrored by zone-xsec.com with reference ID 833192.
Date: 2026-04-15T04:50:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833192
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United Arab Emirates
Victim Industry: Unknown
Victim Organization: Bluestream
Victim Site: bluestream.ae
Website Defacement of Booba Software by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor identified as Nicotine, operating under the group Umbra Community, defaced the website of Booba Software at boobasoftware.com. The attack targeted a specific index page and does not appear to be part of a mass or redefacement campaign. No specific motive or server details were disclosed in connection with the incident.
Date: 2026-04-15T04:49:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833198
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology / Software
Victim Organization: Booba Software
Victim Site: boobasoftware.com
Website Defacement of Bril Museum by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Bril Museum at brilmuseum.org. The attacker replaced the index page with a defacement message, as evidenced by the mirror archived at zone-xsec.com. The attack was a targeted, non-mass defacement with no stated motive recorded.
Date: 2026-04-15T04:48:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833210
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Arts & Culture / Museum
Victim Organization: Bril Museum
Victim Site: brilmuseum.org
Website Defacement of blurredego.com by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website blurredego.com. The defacement was a targeted single-site attack, with the compromised page mirrored at zone-xsec.com. No specific motivation or server details were disclosed in association with this incident.
Date: 2026-04-15T04:48:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833193
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Blurred Ego
Victim Site: blurredego.com
Website Defacement of brobertstastales.com by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website brobertstastales.com. The defacement targeted what appears to be a food or lifestyle blog. The incident was a single targeted defacement, not classified as mass or redefacement activity.
Date: 2026-04-15T04:47:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833211
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Food and Beverage / Lifestyle
Victim Organization: B Roberts Taste Tales
Victim Site: brobertstastales.com
Website Defacement of BrandStory by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website brandstory.llc. The defacement targeted a single page and was not classified as a mass or home page defacement. No specific motive or technical details regarding the attack vector were disclosed.
Date: 2026-04-15T04:46:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833206
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Marketing/Branding
Victim Organization: BrandStory
Victim Site: brandstory.llc
Website Defacement of Boulevard Batel by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Boulevard Batel, a shopping destination based in Brazil. The attack was a targeted single-site defacement, with the compromised page mirrored and documented on zone-xsec.com. No specific motive or technical vulnerability details were disclosed in connection with the incident.
Date: 2026-04-15T04:45:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833202
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Brazil
Victim Industry: Retail / Shopping
Victim Organization: Boulevard Batel
Victim Site: boulevardbatel.com.br
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor operating under the alias D4rkNetHub has shared a combolist containing approximately 3,125 Hotmail credentials on the cracking forum CrackingX. The post appears to offer free access to the credential list, hosted via an image preview link. The origin of the credentials and whether they were obtained through phishing, credential stuffing, or a third-party breach is unknown.
Date: 2026-04-15T04:42:58Z
Network: openweb
Published URL: https://crackingx.com/threads/72127/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Website defacement of 24x7newsnation.com by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website 24x7newsnation.com, a news media outlet. The defacement targeted the index page of the site and was recorded as a singular, non-mass defacement incident. No specific motive or proof-of-concept details were disclosed.
Date: 2026-04-15T04:39:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832995
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: News & Media
Victim Organization: 24×7 News Nation
Victim Site: 24x7newsnation.com
Website defacement of Aaj Bangla by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website aajbangla.com, a likely Bangladeshi news or media outlet. The defacement was a targeted single-site attack with no mass or re-defacement indicators. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-04-15T04:38:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833000
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Bangladesh
Victim Industry: Media and News
Victim Organization: Aaj Bangla
Victim Site: aajbangla.com
Website Defacement of ABC Ceramica by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor identified as Nicotine, affiliated with the group Umbra Community, defaced the website abceramica.com. The attack targeted the index page of the ceramics companys website. No specific motive or reason was disclosed for the defacement.
Date: 2026-04-15T04:37:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833005
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Manufacturing / Ceramics
Victim Organization: ABC Ceramica
Victim Site: abceramica.com
Website Defacement of Aadarsh Vastu by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, the website aadarshvastu.com was defaced by a threat actor known as Nicotine, operating under the group Umbra Community. The defacement targeted the index page of the site, which appears to be associated with a Vastu or architectural consultancy service, likely based in India. The incident was catalogued as a single-target, non-mass defacement with a mirror archived on zone-xsec.com.
Date: 2026-04-15T04:36:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832997
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Architecture / Interior Design / Vastu Consultancy
Victim Organization: Aadarsh Vastu
Victim Site: aadarshvastu.com
Website Defacement of AA Power Solution by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website of AA Power Solution, a Canadian power solutions company. The defacement targeted the index page of the domain aapowersolution.ca. No specific motivation or technical details were disclosed in connection with this incident.
Date: 2026-04-15T04:35:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833002
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Energy / Power Solutions
Victim Organization: AA Power Solution
Victim Site: aapowersolution.ca
Website Defacement of 10xsport.in by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website 10xsport.in, a sports-related platform based in India. The defacement targeted the sites index page, with a mirror of the attack archived at zone-xsec.com. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-04-15T04:34:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832992
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Sports
Victim Organization: 10X Sport
Victim Site: 10xsport.in
Website Defacement of abdallazein.online by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website abdallazein.online. The defacement targeted a specific page (index.txt) rather than the home page, suggesting a targeted content modification. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-04-15T04:33:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/833007
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Abdalla Zein
Victim Site: abdallazein.online
Website Defacement of 786halal.ovh by Nicotine of Umbra Community
Category: Defacement
Content: On April 15, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website 786halal.ovh. The defacement targeted what appears to be a halal food or products-related website, with the attack recorded and mirrored via zone-xsec.com. The incident was a single targeted defacement, not part of a mass or repeated defacement campaign.
Date: 2026-04-15T04:32:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832996
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Food & Beverage / Halal Products
Victim Organization: 786 Halal
Victim Site: 786halal.ovh
Alleged leak of mixed credential combolist containing 63,754 lines
Category: Combo List
Content: A threat actor known as Browzchel has shared a mixed combolist containing 63,754 lines on the cracking forum CrackingX. The content appears to be a compilation of credentials (email:password or user:password format) made available to registered forum users. The actor also promotes a Telegram channel (@BossBrowz) likely used for further distribution of similar content.
Date: 2026-04-15T03:38:18Z
Network: openweb
Published URL: https://crackingx.com/threads/72126/
Screenshots:
None
Threat Actors: Browzchel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of multi-country combolist distributed via Telegram
Category: Combo List
Content: A threat actor operating under the alias CODER is distributing a combolist of approximately 3 million credential pairs claimed to include accounts from France, Germany, the United States, Italy, Spain, Japan, South Korea, and other countries. The combolist is being made available for free via Telegram channels and direct contact. No specific victim organization or service has been identified.
Date: 2026-04-15T03:13:54Z
Network: openweb
Published URL: https://crackingx.com/threads/72124/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German mixed-target credential combolist
Category: Combo List
Content: A threat actor operating under the alias HQcomboSpace has freely shared a combolist containing approximately 421,474 credential entries targeting German users across mixed services. The combolist was made available via a Mega.nz file sharing link on the cracking forum CrackingX. The exact sources of the credentials are unspecified, as the listing describes it as a mixed-target collection.
Date: 2026-04-15T03:13:27Z
Network: openweb
Published URL: https://crackingx.com/threads/72125/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed valid email credentials combolist
Category: Combo List
Content: A threat actor known as RedCloud has made available a combolist containing approximately 5,800 allegedly valid email credentials, described as UHQ (ultra-high quality) and private. The list was shared on April 15, 2026, via a hidden download link on a cybercrime forum, with the actor also promoting a Telegram channel for further distribution. The credentials appear to be a mixed set from various sources with no specific victim organization identified.
Date: 2026-04-15T02:08:00Z
Network: openweb
Published URL: https://demonforums.net/Thread-5-8K-%E2%9C%A8-Mix-%E2%9C%A8-Valid-Mail-Access-15-04
Screenshots:
None
Threat Actors: RedCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email access credentials (combolist)
Category: Combo List
Content: A threat actor operating under the alias redcloud has shared a combolist containing approximately 5,800 allegedly valid email access credentials on the crackingx.com forum. The dataset is described as UHQ (ultra high quality) and private, and is made available for free download via MediaFire. The actor also provides a Telegram contact handle (@tutuba5m) for further communication.
Date: 2026-04-15T02:06:28Z
Network: openweb
Published URL: https://crackingx.com/threads/72120/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed corporate combolist credentials
Category: Combo List
Content: A threat actor operating under the alias CODER is distributing a mixed corporate combolist via Telegram channels at no cost. The post directs users to two Telegram groups for free access to credential lists and associated tools. No specific victim organization, record count, or targeted country has been identified.
Date: 2026-04-15T02:06:11Z
Network: openweb
Published URL: https://crackingx.com/threads/72121/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Multiple Sectors
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias RedCloud has made available a combolist of approximately 1,400 alleged valid Hotmail credentials, dated April 15, 2026. The post describes the credentials as UHQ (ultra high quality) and private, suggesting the accounts have been verified as active. The content is accessible via a hidden download link requiring forum registration, with the actor also advertising via Telegram at @tutuba5m.
Date: 2026-04-15T01:44:36Z
Network: openweb
Published URL: https://demonforums.net/Thread-1-4K-%E2%9A%A1Hotmail%E2%9A%A1Valid-Mail-Access-15-04
Screenshots:
None
Threat Actors: RedCloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged leak of Hotmail valid credentials combolist
Category: Combo List
Content: A threat actor operating under the alias redcloud has made available a combolist of approximately 1,400 allegedly valid Hotmail email credentials on the cracking forum CX. The post, dated April 15, 2026, claims the credentials are private and of ultra-high quality (UHQ), and provides a free download link via MediaFire along with a Telegram contact handle.
Date: 2026-04-15T01:43:09Z
Network: openweb
Published URL: https://crackingx.com/threads/72119/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor operating under the alias Roronoa044 has made available a combolist purportedly containing 594 valid Hotmail email and password combinations on DemonForums. The post references a private cloud storage link for distribution and directs interested parties to a Telegram handle (@noiraccesss). The credentials are described as UHQ (ultra-high quality), suggesting they may be verified as active accounts.
Date: 2026-04-15T01:01:52Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X594-Valid-UHQ-Hotmail-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor operating under the alias noir has made available a combolist of 594 alleged valid Hotmail credentials on the cracking forum CX. The post claims the credentials are UHQ (ultra-high quality) and valid, stored on a private cloud. The actor promotes a Telegram channel (@NoirAccesss) likely for further distribution or contact.
Date: 2026-04-15T01:01:21Z
Network: openweb
Published URL: https://crackingx.com/threads/72117/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged leak of German domain credential combolist
Category: Combo List
Content: A threat actor operating under the alias HQcomboSpace has made available a combolist containing approximately 1.09 million lines of credentials associated with German domains. The combolist was shared freely via a Mega.nz file link on the cracking forum CrackingX. No specific victim organization or website has been identified, as the combolist appears to aggregate credentials from multiple German-domain sources.
Date: 2026-04-15T01:01:05Z
Network: openweb
Published URL: https://crackingx.com/threads/72118/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Vigno SaaS by QATAR911
Category: Defacement
Content: On April 15, 2026, the threat actor QATAR911 defaced a page on vignosaas.in, a SaaS platform based in India as inferred from the .in domain TLD. The attack targeted a specific subpage (qa123.html) rather than the sites homepage and was carried out as a singular, non-mass defacement. A mirror of the defaced content was archived at zone-xsec.com.
Date: 2026-04-15T00:55:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832989
Screenshots:
None
Threat Actors: QATAR911, QATAR911
Victim Country: India
Victim Industry: Technology / Software as a Service (SaaS)
Victim Organization: Vigno SaaS
Victim Site: vignosaas.in
Alleged Data Leak of Avatar: Aang, The Last Airbender Unreleased Content
Category: Data Leak
Content: A threat actor operating under the alias HasanBroker has made available what they claim to be leaked content related to the production Avatar: Aang, The Last Airbender via a public file-sharing link on wormhole.app. The actor cites racially motivated grievances regarding casting decisions as the reason for the leak. The nature and authenticity of the leaked content have not been verified.
Date: 2026-04-15T00:37:52Z
Network: openweb
Published URL: https://breached.st/threads/avatar-aang-the-last-airbender-leak.86002/unread
Screenshots:
None
Threat Actors: HasanBroker
Victim Country: Unknown
Victim Industry: Entertainment / Media
Victim Organization: Avatar: Aang, The Last Airbender (Production)
Victim Site: Unknown
Alleged Data Leak of UMKM (Small Business) Registry Database from Pekanbaru, Indonesia
Category: Data Leak
Content: A threat actor operating under the alias BabayoErorSystem has leaked a database allegedly containing 31,034 records from the UMKM (Usaha Mikro Kecil Menengah / Small and Medium Enterprises) registry of Pekanbaru, Riau Province, Indonesia. The leaked data includes full names, national identification numbers (NIK), phone numbers, and administrative location details such as district and sub-district. The data appears to originate from a government-managed small business registration system.
Date: 2026-04-15T00:37:11Z
Network: openweb
Published URL: https://breached.st/threads/mata-umkm-prov-kab-pekan-baru-31-034-thousand.86003/unread
Screenshots:
None
Threat Actors: BabayoErorSystem
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Dinas UMKM Provinsi/Kabupaten Pekanbaru
Victim Site: Unknown
Alleged leak of 18 million URL:Log:Pass credentials by threat actor vultapower
Category: Logs
Content: A threat actor known as vultapower has made available a combolist containing approximately 18 million URL:login:password credential pairs, claimed to have been extracted on 15 April 2026. The dump, referred to as a Vulta/ULP combolist, was shared for free on the XF forum. No specific victim organization or country has been identified, suggesting the credentials may span multiple services and regions.
Date: 2026-04-15T00:25:51Z
Network: openweb
Published URL: https://xforums.st/threads/url-log-pass-18-m-vulta-power-private-cloud.608327/
Screenshots:
None
Threat Actors: vultapower
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown