[April-30-2026] Daily Cybersecurity Threat Report

1. Executive Summary

The cybersecurity landscape in late April 2026 was characterized by a severe escalation in data breaches, automated credential stuffing campaigns, and targeted website defacements. The data reveals a highly active cybercrime ecosystem operating primarily through underground forums (such as BreachForums, CrackingX, AlteNens, and DemonForums) and Telegram channels. Threat actors have demonstrated sophisticated monetization strategies, ranging from the direct sale of multi-million-record corporate databases to “freemium” distribution of credential combolists designed to drive subscriptions to private cloud services. Furthermore, the emergence of Initial Access Brokers selling compromised law enforcement accounts for Emergency Data Request (EDR) abuse highlights a dangerous evolution in social engineering and extortion tactics.

2. Website Defacement Campaigns

Website defacement remained a high-volume activity, primarily executed by individual actors and hacktivist collectives targeting specific sub-directories or index files across global domains.

A. Threat Actor: DimasHxR

Operating independently without a stated team affiliation, DimasHxR executed a prolific, global defacement campaign. The actor consistently targeted specific subpages (frequently utilizing a b.html or readme.txt payload) rather than conducting mass or root homepage compromises, suggesting the exploitation of a specific, unpatched vulnerability in a widespread Content Management System (CMS) or plugin.

Retail and E-Commerce Targets: Defacements included lselectric.shop, chairs.am (Armenian furniture), 80415470753.shop, bulktrashbag.supply (US bulk trash bags), and iqosheetssharjah.ae (UAE tobacco retail).
Healthcare and Social Services: The actor compromised tummyclinicpune.in (Indian healthcare), shishupolliplus.org (Bangladeshi child welfare), and asylumandrefugeerights.org (human rights advocacy).
Technology and Business Services: Targets included editlatex.com, damaxsolutions.com (IT solutions), thetether.space, fytco.net, and onlinehubber.com.
Entertainment, Leisure, and Gambling: The actor defaced bobmorain.com, my-porn-hub.com (adult entertainment), alex-zoo.ru (Russian entertainment), kingmakerscasino.fi (Finnish online casino), and kingmakercasinoes.com.
Other Global Targets: Additional victims spanned various industries, including aleriarally.fr (French motorsports), badkamerrenovatiedenbosch.nl (Dutch construction), sporuzmani.com (Turkish sports media), cttmoutier.ch (Switzerland), mkk-plus.de (Germany), afish-ka.ru (Russia), and ship4me.site (Logistics).

B. Threat Actor Group: 0xteam (chinafans)

The actor known as “chinafans,” operating under the banner of “0xteam,” conducted a highly structured defacement campaign globally. Their signature involved placing a text-based payload specifically at the path /0x.txt on the victim’s server.

Victims: The campaign impacted diverse sectors, including retail (jeansgdl.com in Mexico, nationallightscompany.com), manufacturing (canaaportoes.com.br in Brazil, msapackagingsolution.com), occupational safety (certificadosenalturas.com in Colombia, lineasdevidacastellanas.com in Spain), and transportation (nktowingbirmingham.com in the US, shiftcargotransport.com).
Global Reach: Further defacements hit domains in Italy (nassaubologna.com), South Korea (vpd.kr), Egypt (owl-egypt.com), Greece (grecocert.gr), South Africa (sabicyclestands.co.za), Poland (kaskomania.pl), Chile (ledbibio.cl), and Bangladesh (fsds-bd.com).

C. Threat Actor Group: Garuda Suspend Commision (Astar)

The actor “Astar” utilized the payload path /love.html to deface multiple international organizations.

Victims: Targets included Dutch site klooker.nl, marine tourism site funclubyachtcharters.com, hotelcasatago.com, hotelmanagementinstitutes.com, kingsinghlegalconsultants.com, a1bodyandframe.com (US automotive), and legacyimpactprojects.org (social impact).

D. Hacktivism and State-Aligned Defacements

Cyber Islamic Resistance: Claimed the defacement of Altman Israel (altmanim.co.il), an Israeli nutritional supplements company.
Khaibar Tech Team: Claimed to have regained control of sunnahorshiah.com, characterizing it as a sectarian platform spreading misinformation about Iran.
Armenian code: Claimed to have compromised the microclimate control system of a Turkish agricultural facility, altering feed and heat supplies in retaliation for alleged Turkish cyberattacks.

3. Massive Data Breaches and Corporate Compromise

The sale of multi-million-record corporate databases was a dominant trend, with specific threat actors systematically extracting and monetizing high-value Personally Identifiable Information (PII) and financial data.

A. The Prolific Operations of “TheFallen”

The threat actor “TheFallen” was exceptionally active, offering vast troves of targeted, high-value corporate and consumer data, primarily focusing on United States entities. Their pricing strategy ranged from $800 to $4,600 per database.

Financial and Insurance Sectors: Sold 15 million records from Marsh McLennan for $4,600, including ROI and investment data. Offered 7.5 million Liberty Mutual client records for $2,500. Sold 2.8 million US forex trading records from tastyfx.com for $1,700, and 310,000 REIT.com investor records for $1,000. Additionally, sold 1.07 million Stripe.com customer records containing emails and phone numbers for $870, and 480,000 records from American Investors Co. for $800.
Corporate and Executive Data: Sold 4.85 million records associated with US Chamber of Commerce members for $1,900. Offered a dataset of 940,000 high-net-worth US corporate executives for $2,000, and 1.32 million franchise decision-maker records from American Franchise Academy for $1,190.
Retail and Niche Data: Sold 1.5 million luxury fragrance consumer records from American Luxury Unlimited for $1,200. Offered 1.3 million customer records from Big Island Candies for $1,500. Furthermore, leaked 670,000 records of art collectors and donors from the Metropolitan Museum of Art for $820.
International Targets: Leaked 40 million records belonging to MTN Irancell, Iran’s largest mobile network operator.

B. The Targeting of Indonesian Infrastructure by “Xyph0rix” and “Mr. Hanz Xploit”

Indonesian government, corporate, and educational infrastructure faced relentless targeting.

Xyph0rix: Claimed breaches against major institutions, including Bank Mandiri (customer PII), Tokopedia (e-commerce database), and Kemkomdigi (Indonesian Ministry of Communication and Digital, exposing SIM card registration NIK data). The actor also leaked government databases such as the Pamekasan Regional Population Database, the Bekasi Government Job Seeker Database (bebunge.bekasikab.go.id), and the Petani Milenial agricultural program database. Internationally, Xyph0rix claimed a breach of the National Bank of Pakistan and an alleged leak of Google’s Gemini AI database, as well as an Interpol employee email directory.
Mr. Hanz Xploit: Focused heavily on Indonesian civic and educational sectors, breaching Kabupaten Buru Government, Dinas Perhubungan Pemerintah Kota Ponorogo, Universitas Terbuka Yogyakarta, SMP Negeri 7 Kota Tangerang Selatan, and SMP Negeri 3 Sidoarjo.

C. High-Profile Global Breaches

GlitchX: Claimed a massive breach of Carnival Corporation & plc, exfiltrating 8.7 million records containing PII, encrypted credit cards, and mariner IDs. Leaked 5.6 million Salesforce records from Canada Life Assurance Company. Allegedly breached IRS.gov, offering 18 million records related to 401k retirement payout beneficiaries.
ShinyHunters: Claimed compromises of Vimeo, Inc. (via Snowflake and BigQuery instances) and Aman Resorts (exposing over 250,000 Salesforce PII records after failed extortion attempts).
Cyber_Isnaad_Front: Claimed a severe breach of Israeli defense manufacturer IMCO Group, alleging the theft of 30 terabytes of data including technical specifications for the Iron Dome and contracts with the U.S. military.
attacker_company: Sold 344,707 customer records from Texas Capital Bank, including SSNs, login history, and deposit balances.
GordonFreeman (L4TAM FUCKERS): Breached Venezuelan telecom Movilnet via an IDOR vulnerability in a MongoDB backend, extracting 200,000 records containing national IDs and personal data.
odelpaso: Sold a database of 812,000 user records from Boulangerie Ange (France’s second-largest bakery chain) for $500, exploiting an exposed authorization token in HTTP headers.
NovaV1: Sold a complete filesystem capture from Rush University Medical Center, containing restricted DARPA intelligence, bio-research datasets, and Unix shell profiles.
DODUK: Leaked the full backend source code and 3.7 GB of SQL databases from the Thai Academic Network (THAI.AC), exposing plaintext credentials for over 1,500 institutions.

4. Credential Harvesting and Combolist Distribution

The underground economy was flooded with hundreds of millions of credential pairs (combolists) distributed freely or sold via cracking forums. These lists are the primary fuel for credential stuffing and account takeover (ATO) attacks.

A. Freemium Monetization Models (snowstormxd and MTX Cloud)

Actors like “snowstormxd” utilized a “freemium” model, repeatedly posting small, allegedly verified combolists (e.g., 89 to 360 Hotmail credentials) on public paste sites. These free lists served as advertisements for paid, private Telegram-based cloud services (costing between $3/day to $120/lifetime) that featured built-in “inboxer” tools to automatically check for active mail access. Similarly, “MTx_Hu” sold Facebook credential combolists via the MTX Cloud service, accepting cryptocurrency for subscriptions.

B. Massive Aggregated Leaks (CODER and roseulp)

CODER: Distributed astronomical volumes of credentials, including an 11 million record list targeting PSN, PayPal, Amazon, and Blockchain; a 12 million record list targeting global retailers (Walmart, Target, Costco); an 8.4 million list for e-commerce (Wildberries, AliExpress); a 3 million list for European/Australian retail (Rossmann, Woolworths); an 11 million Spotify list; 9 million education-sector credentials; and 2 million Office 365 credentials.
roseulp: Leaked massive, multi-source URL:Login:Password databases in batches of 25 million, 21.5 million, and 8 million records.
MrKordy: Distributed 24 million URL:Email:Password records derived from fresh infostealer malware logs.

C. Targeted Industry and Regional Combolists

Microsoft / Hotmail: Microsoft’s Hotmail ecosystem was overwhelmingly targeted. Actors including BestCombo (40,642 EU records, 36,022 general), alphacloud (premium cloud hits), COYYYTO (multiple 3k-5k lists), Jelooos (7,653 records), and MegaCloud (full valid access) constantly supplied Hotmail credentials.
Google / Gmail: D4rkNetHub leaked over 100,000 Gmail credentials. HQcomboSpace shared a massive 1.47 million line Gmail combolist and a 410,053 mixed-country Gmail list. ValidMail shared 60,000 Gmail records.
Regional Targeting by CobraEgy: This actor systematically released high-quality email combolists tailored to specific nations, including the Netherlands (319k), Peru (129k), Pakistan (54k), New Zealand (29k), Norway (29k), Nigeria (19k), and Nepal (11k).
German Targeting: MegaCloud released multiple validated German email lists (up to 35,000 accounts). BestCombo targeted t-online.de with lists of 4,362 and 5,128 credentials. Ebbicloud also leaked t-online.de (29,233 records) and freenet.de (1,070 records).

5. Initial Access Brokerage, Carding, and Malware

The commercialization of initial access and financial fraud tools remained robust, with threat actors offering plug-and-play services for further exploitation.

A. Initial Access Brokers (IABs)

Law Enforcement EDR Abuse: A highly critical threat emerged with actor “convince” selling compromised government and law enforcement email accounts (from Malaysia, Brazil, Vietnam, etc.). These accounts, priced between $20 and $100, were explicitly marketed for submitting fraudulent Emergency Data Requests (EDRs) to platforms like Meta, TikTok, Apple, and Microsoft to illegally extract user data. The actor also sold forged subpoenas and domain suspension services via registrar exploits.
Cloud and VPN Access: Actor “PORTAL” rented RDP access to Azure, AWS, and DigitalOcean infrastructure for $200 daily/monthly. Actor “AckLine” sold verified GlobalProtect VPN credentials for organizations across five countries (revenues up to $350M).
Web Infrastructure: “NormalLeVrai” sold an unpatched cPanel information disclosure vulnerability for $1,000, affecting 13,522 panels globally. Actor “top1haxor” sold batches of 30+ to 60+ webshells injected into corporate domains. Actor “ric007” sold compromised SMTP and AWS SES accounts with sending limits up to 100K for mass phishing.

B. Carding and Financial Fraud

Juliusannn: Sold compromised bank account logs (“open ups”) for over 40 US and UK institutions (Chase, Wells Fargo, Barclays), providing full email access, ID scans, and physical cards for up to $2,000 per account.
Golfwalk: Sold fresh credit card data, EBT cards with PINs, and CC+CVV data compatible with CashApp and Apple Pay.
halowof73: Sold live credit cards with automatic OTP bypass capabilities for Apple Pay and Google Pay integration.
showbezzy: Offered cloned cards, non-VBV cards, and fraudulent transfer services for platforms like Zelle, Venmo, and Western Union via a Telegram storefront.

C. Malware and Phishing Tools

QuimaCORE: Sold “Quima Loader,” a Malware-as-a-Service that delivers payloads via browser cache to bypass Mark-of-the-Web (MoTW) and SmartScreen protections, pricing up to $400 for twelve months.
seveishere: Promoted “NullShell v1.0,” a stealth webshell designed to evade WAFs, with planned future capabilities for mass file encryption (ransomware).
Alice_sms6: Advertised bulk SMS phishing services specifically targeting Italian banks (UniCredit, BNL) and crypto exchanges (Binance).

6. Critical Vulnerabilities and Exploits

Zero-day research and vulnerability exploitation were prominently featured in the cybercrime ecosystem.

A. The Polymarket Vulnerability Disclosures

A security researcher operating under the handle ./xorcat~files published a devastating series of disclosures regarding Polymarket, a cryptocurrency prediction market.

Findings: The researcher exposed a Server-Side Request Forgery (SSRF) vulnerability (CVE-2025-62718) in the @polymarket/clob-client SDK, allowing redirection to AWS metadata endpoints.
Misconfigurations: They discovered a critical CORS misconfiguration allowing unauthorized credential extraction, hardcoded Supabase anonymous keys, an unauthenticated production configuration endpoint leaking 42 production keys and S3 asset hashes, and a Next.js authentication bypass (CVE-2024-51479).
Data Leakage: The actor leaked Polymarket’s internal Gamma API specification, exposing undocumented endpoints that leaked unauthenticated PII for 1,609 users, wallet addresses, and betting histories, enabling the identification of insiders and political figures. The actor threatened to publicly release working exploits.

B. External Software Vulnerabilities

GitHub RCE: Researchers noted CVE-2026-3854, a critical vulnerability allowing authenticated users to execute arbitrary code on GitHub backend servers via a single git push command. While patched by GitHub, 88% of Enterprise Server instances remained vulnerable.
LiteLLM: A critical injection vulnerability was reported, allowing unauthenticated attackers to extract API keys and internal AI service configurations.
Axios: CVE-2025-27152 was disclosed, affecting the Axios library by leaking authorization headers and API tokens to attacker-controlled hosts.
AWS Cognito: Security researchers from MBSD detailed 10 configuration pitfalls in AWS Cognito, specifically highlighting how default scopes (aws.cognito.signin.user.admin) allow privilege escalation via the UpdateUserAttributes API.

7. State-Sponsored Activity and Advanced Threats

Cyber incidents involving geopolitical motivations and critical infrastructure were highly visible.

Hanzalah (Iranian Affiliation): Following geopolitical tensions, this group claimed to have leaked the personal details and names of 2,379 US Marines stationed in the Persian Gulf. The group threatened that this was only a fraction of their dataset, claiming possession of tens of thousands of US military identities.
Anonymous Sanaa and Yemeni Cyber Security Agency: Claimed responsibility for a major cyberattack against Itron Inc., a US energy and water resource management company. The actors alleged they breached IT networks and Industrial IoT (IIoT) platforms serving utilities across 100+ countries, causing widespread disruption.
Infrastructure Destruction Squad: Targeted educational and humanitarian sectors, claiming the compromise of student email accounts at BITS Pilani (India), exposing passports and academic records. The group also breached Caritas-Spes, a humanitarian organization in Ukraine, leaking tax IDs, bank accounts, and internal correspondence.
Payload: Conducted a successful cyberattack against the Rural Municipality of Gimli (Canada), disrupting municipal computer systems and preventing the processing of bill payments.
Unattributed Infrastructure Attacks: Cherry Health, a Michigan-based healthcare provider, suffered a widespread technology outage affecting phone systems, highly suspected to be a cyberattack following a previous ransomware incident in 2023.

Conclusion

The intelligence gathered from April 2026 demonstrates an interconnected and highly commodified cybercrime ecosystem. Initial Access Brokers efficiently harvest and sell the entry points that enable devastating corporate data breaches. Actors like “TheFallen” act as apex data brokers, extracting millions of dollars from stolen PII, while lower-tier actors relentlessly execute defacements and credential stuffing attacks to build massive combolists. The weaponization of law enforcement portals for EDR abuse, combined with the rapid exploitation of platform vulnerabilities (such as those affecting Polymarket), underscores the urgent need for stringent API security, rigorous identity verification, and rapid patch management across global digital infrastructure.

Detected Incidents Draft Data

Website Defacement of bobmorain.com by DimasHxR
Category: Defacement
Content: On April 30, 2026, threat actor DimasHxR defaced a subpage on bobmorain.com, a website associated with the Bob Morain brand. The attack was a targeted single-page defacement, not classified as a mass or home page defacement. The attacker operated independently without affiliation to a known group, and technical details regarding the server environment remain unknown.
Date: 2026-04-29T23:52:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915981
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Entertainment/Media
Victim Organization: Bob Morain
Victim Site: bobmorain.com
Website Defacement of LS Electric Shop by DimasHxR
Category: Defacement
Content: On April 30, 2026, a threat actor operating under the alias DimasHxR defaced the website lselectric.shop, targeting a specific page (b.html). The attack was carried out as an individual defacement, with no team affiliation, and did not constitute a mass or home page defacement. The incident has been archived and mirrored via zone-xsec.com.
Date: 2026-04-29T23:49:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915983
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / E-Commerce
Victim Organization: LS Electric Shop
Victim Site: lselectric.shop
Website Defacement of Chairs.am by DimasHxR
Category: Defacement
Content: On April 30, 2026, a threat actor identified as DimasHxR defaced a page on chairs.am, an Armenian furniture retail website. The attack targeted a specific subpage (b.html) rather than the homepage, indicating a selective defacement. No team affiliation, motive, or technical details regarding the server infrastructure were disclosed.
Date: 2026-04-29T23:37:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915979
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Armenia
Victim Industry: Retail / Furniture
Victim Organization: Chairs.am
Victim Site: chairs.am
Website Defacement of Tummy Clinic Pune by DimasHxR
Category: Defacement
Content: On April 30, 2026, the website of Tummy Clinic Pune, an Indian healthcare provider, was defaced by threat actor DimasHxR. The attacker targeted a sub-path on the domain, indicating a targeted single-site defacement rather than a mass campaign. No specific motive or team affiliation was disclosed in connection with the incident.
Date: 2026-04-29T23:26:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915978
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: India
Victim Industry: Healthcare
Victim Organization: Tummy Clinic Pune
Victim Site: tummyclinicpune.in
Alleged leak of mixed credential combolist distributed via cracking forum
Category: Combo List
Content: A threat actor using the alias snowstormxd has made available a mixed combolist of 360 fresh credential entries via a public paste link and a Telegram channel. The post also advertises a paid private cloud service with built-in inboxing capabilities, suggesting the credentials may be used for account takeover activities. No specific victim organization or targeted service has been identified.
Date: 2026-04-29T23:20:52Z
Network: openweb
Published URL: https://crackingx.com/threads/73736/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of Hotmail Credential Combolist
Category: Combo List
Content: A threat actor operating under the alias WashingtonDC has made available a combolist containing 428 Hotmail email credentials on a cracking forum. The file is distributed freely via a MediaFire download link. The post suggests the credentials provide mail access to the affected accounts.
Date: 2026-04-29T23:20:10Z
Network: openweb
Published URL: https://crackingx.com/threads/73737/
Screenshots:
None
Threat Actors: WashingtonDC
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Spotify credential combolist
Category: Combo List
Content: A threat actor operating under the alias CODER is distributing a Spotify combolist containing approximately 11 million credential pairs via Telegram channels. The actor promotes free access to combolists and cracking tools through two Telegram groups. The content requires forum registration to access, suggesting it may be used as a lead generation tactic.
Date: 2026-04-29T23:19:22Z
Network: openweb
Published URL: https://crackingx.com/threads/73738/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Entertainment & Media
Victim Organization: Spotify
Victim Site: spotify.com
Alleged leak of German domain credentials combolist
Category: Combo List
Content: A threat actor operating under the alias HQcomboSpace has made available a combolist containing 214,469 lines of credentials purportedly associated with German (.de) domains. The combolist was shared via a Mega.nz file link on the cracking forum CrackingX. The leaked data appears to consist of email and password combinations targeting German internet users.
Date: 2026-04-29T23:18:46Z
Network: openweb
Published URL: https://crackingx.com/threads/73739/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist (360 entries) distributed via Telegram channel
Category: Combo List
Content: A threat actor operating under the alias snowstormxd has made available a mixed combolist containing 360 credential entries via a public paste site and a Telegram channel. The post promotes a paid cloud service offering built-in inbox checking and private content starting at $3 for 24 hours. No specific victim organizations or industries are identified, suggesting the credentials originate from multiple unspecified sources.
Date: 2026-04-29T23:18:12Z
Network: openweb
Published URL: https://crackingx.com/threads/73740/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed forum credentials combolist
Category: Combo List
Content: A threat actor operating under the alias ValidMail has made available a mixed combolist of approximately 100,000 credentials purportedly sourced from various online forums. The post, shared on the cracking forum CrackingX, claims the entries are valid. Full content requires forum registration to access, limiting visibility into specific targeted platforms or data fields.
Date: 2026-04-29T23:17:33Z
Network: openweb
Published URL: https://crackingx.com/threads/73741/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Russian credential combolist
Category: Combo List
Content: A threat actor operating under the alias thejackal101 has shared a combolist containing approximately 3,366 email and password credential pairs purportedly sourced from Russia. The list is described as fresh and high quality and is made available via a hidden content gate on the DemonForums platform. The actor also promotes a Telegram channel (@elite_cloud1) for additional credential logs.
Date: 2026-04-29T23:17:09Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-3-366-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Russia-%E2%9C%AA-29-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Financial Sector Databases Including Forex, Crypto, and Gambling Leads
Category: Data Breach
Content: A threat actor on BreachForums is advertising what they claim to be a large collection of databases targeting individuals in the Forex, cryptocurrency, binary trading, investment, gambling/casino, FTD, and recovery sectors. The post lacks detailed content, making it difficult to verify the scope, origin, or authenticity of the claimed data. The offering appears to be targeted lead/contact databases commonly used for financial fraud and scam operations.
Date: 2026-04-29T23:15:48Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-Biggest-Database-For-Forex-Crypto-Binary-Investors-Gambling-Casino-FTD-Recovery
Screenshots:
None
Threat Actors: sojib_hossain
Victim Country: Unknown
Victim Industry: Finance, Gambling, Investment
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Israeli Defense Manufacturer IMCO Group
Category: Data Breach
Content: A threat actor identified as Cyber Isnaad Front claims to have breached Israeli defense manufacturer IMCO Group, allegedly exfiltrating 30 terabytes of data including 10 terabytes of sensitive military and defense-related materials. The stolen data purportedly includes production plans and technical specifications for defense systems such as the Iron Dome, contracts with major defense clients including Rafael, Elbit Systems, IAI, and U.S. military branches, operational test results, product vu
Date: 2026-04-29T23:14:26Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-IMCO-Group-Hacked
Screenshots:
None
Threat Actors: Cyber_Isnaad_Front
Victim Country: Israel
Victim Industry: Defense & Military Manufacturing
Victim Organization: IMCO Group
Victim Site: Unknown
Alleged sale of Global Protect VPN initial access to multiple organizations across five countries
Category: Initial Access
Content: A threat actor on the Tier 1 forum is selling tested GlobalProtect VPN credentials for five organizations located in Romania, Colombia, Thailand, Slovenia, and Spain. The targeted organizations span multiple industries including telecommunications, non-profit, business services, ISP, and education, with revenues ranging from $10M to $350M. The seller is advertising via qTox and states credentials have been verified, though hosts and AV/EDR environments were not assessed.
Date: 2026-04-29T23:13:06Z
Network: openweb
Published URL: https://tier1.life/thread/191
Screenshots:
None
Threat Actors: AckLine
Victim Country: Unknown
Victim Industry: Multiple (Telecommunications, Non-Profit, Business Services, Education)
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolists from stealer logs
Category: Data Leak
Content: A threat actor operating under the alias WhiteMelly is freely distributing approximately 1GB of URL:Login:Password credential combolists sourced from stealer logs. The shared data includes mixed credentials spanning multiple regions (EU, UK, FR, PL, DE, IT) and email providers such as Hotmail, Live, Outlook, and MSN. The actor also promotes a Telegram channel offering daily free logs, cookies, and combolists, and solicits buyers for additional data via the @suphoodbot Telegram handle.
Date: 2026-04-29T23:11:57Z
Network: openweb
Published URL: https://altenens.is/threads/1gb-url-login-pass-lines-from-logs.2931738/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential logs including Hotmail, Live, and Outlook accounts
Category: Data Leak
Content: A threat actor known as WhiteMelly is distributing 1.7GB of mixed credential logs, cookies, and combolists via Telegram. The data includes email credentials for Hotmail, Live, Outlook, and MSN accounts, with geographic coverage spanning EU, UK, France, Poland, Germany, and Italy. The actor promotes a free daily distribution channel on Telegram while also offering data for purchase via the handle @suphoodbot.
Date: 2026-04-29T23:11:45Z
Network: openweb
Published URL: https://altenens.is/threads/1-7gb-full-logs.2931739/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of 470,000 email and password credentials for streaming and banking services
Category: Data Leak
Content: A threat actor operating under the alias Prince1001 made available a combolist containing approximately 470,000 email and password combinations on the forum AlteNens. The credential list is claimed to be of ultra-high quality (UHQ) and described as fresh, with purported validity for streaming and banking service account takeovers. No specific victim organization or country of origin was identified.
Date: 2026-04-29T23:06:07Z
Network: openweb
Published URL: https://altenens.is/threads/star-470-000-star-mailpass-high-voltageuhq-database-good-for-streaming-and-banking-high-voltage-fresh-data.2931732/unread
Screenshots:
None
Threat Actors: Prince1001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 890,000 email and password credentials for Instagram and PayPal account takeover
Category: Data Leak
Content: A threat actor operating under the alias Prince1001 has shared a combolist of approximately 890,000 email and password credential pairs on the AE forum. The credentials are claimed to be fresh and of high quality, advertised as suitable for account takeover attacks targeting Instagram and PayPal users. No specific origin organization or breach source was identified.
Date: 2026-04-29T23:05:59Z
Network: openweb
Published URL: https://altenens.is/threads/star-890-000-star-mailpass-high-voltageuhq-database-good-for-instagram-paypal-high-voltage-fresh-data.2931730/unread
Screenshots:
None
Threat Actors: Prince1001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Spotify credential combolist with 275,000 records
Category: Data Leak
Content: A threat actor operating under the alias Prince1001 shared a combolist of approximately 275,000 email and password combinations on the AE forum, claiming the credentials are valid for Spotify account access. The post describes the data as UHQ (ultra high quality) and fresh, suggesting recently harvested or verified credentials. No price was mentioned, indicating the combolist was made available for free.
Date: 2026-04-29T23:05:51Z
Network: openweb
Published URL: https://altenens.is/threads/star-275-000-star-mailpass-high-voltageuhq-database-good-for-spotify-high-voltage-fresh-data.2931729/unread
Screenshots:
None
Threat Actors: Prince1001
Victim Country: Unknown
Victim Industry: Entertainment
Victim Organization: Spotify
Victim Site: spotify.com
Alleged leak of 465,000 USA email credentials combolist
Category: Data Leak
Content: A threat actor operating under the alias Prince1001 has shared an alleged combolist containing 465,000 email and password credential pairs targeting United States-based accounts on the forum Altenens. The post claims guaranteed hits, suggesting the credentials may be recently verified or validated. No specific organization or service is identified as the source of the leaked credentials.
Date: 2026-04-29T23:05:44Z
Network: openweb
Published URL: https://altenens.is/threads/star-465-000-star-mailpass-usa-combolisthigh-voltageguarranted-hitshigh-voltage.2931728/unread
Screenshots:
None
Threat Actors: Prince1001
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email access credentials (combolist)
Category: Data Leak
Content: A threat actor known as WhiteMelly shared a mixed combolist containing approximately 4,000 email credential pairs with mail access on the AE forum. The post is categorized as a free leak of mixed-source email credentials. No specific victim organization or country has been identified.
Date: 2026-04-29T23:05:35Z
Network: openweb
Published URL: https://altenens.is/threads/4k-mix-lines-mail-access.2931735/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 1.8 million USA gaming credentials combolist
Category: Data Leak
Content: A threat actor operating under the alias Prince1001 has made available a combolist of approximately 1.8 million credential pairs purportedly sourced from United States users. The combolist is advertised as fresh for 2026 and targeted specifically for gaming platform account takeover. No specific victim organization or platform is identified in the post.
Date: 2026-04-29T23:05:26Z
Network: openweb
Published URL: https://altenens.is/threads/check-mark-buttonsparkles1-8m-usa-combolistsparklescheck-mark-buttonprivate-combolist-good-for-gaming-check-mark-button2026-fresh-dum.2931731/unread
Screenshots:
None
Threat Actors: Prince1001
Victim Country: United States
Victim Industry: Gaming
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Data Leak
Content: A threat actor operating under the alias WhiteMelly has made available a combolist containing approximately 3,000 Hotmail credential pairs with alleged mail access on the AE forum. The post is categorized under Combo List and claims to provide working email account access. No further details regarding the origin or verification of the credentials are available.
Date: 2026-04-29T23:05:18Z
Network: openweb
Published URL: https://altenens.is/threads/3k-hotmail-lines-mail-access.2931736/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged data breach of Hostoo Brazil cloud hosting provider exposing government and fintech data
Category: Data Breach
Content: A threat actor claims full compromise of 10 shared hosting servers operated by Hostoo Brazil, a cPanel/WHM hosting provider. The actor is selling approximately 1.9GB of SQL dumps across 29 files, 786 SSH shell credentials, and access to 50+ databases, with data reportedly including 190,848+ Brazilian CPFs, government municipal chamber records (licitações, contratos, funcionários), fintech/insurance customer data from seguroconectado, and employee records. Access was allegedly achieved via an exp
Date: 2026-04-29T23:01:44Z
Network: openweb
Published URL: https://breached.st/threads/full-compromise-hostoo-brazil-10-servers-786-ssh-shells-1-9gb-sql-dumps-government-fintech-exposed.86482/unread
Screenshots:
None
Threat Actors: ka1do
Victim Country: Brazil
Victim Industry: Web Hosting / Cloud Services
Victim Organization: Hostoo Brazil
Victim Site: hostoo.com.br
Alleged Data Leak of CarMax Customer Personal Data
Category: Data Leak
Content: A threat actor known as lowiq has made available an alleged database dump from CarMax, a major U.S. used car retailer, claimed to be from October 2025. The leak contains approximately 451,994 records including dates of birth, email addresses, fax numbers, names, phone numbers, and physical addresses. The data is being distributed freely via a Telegram channel (@l0wiqqq).
Date: 2026-04-29T23:01:00Z
Network: openweb
Published URL: https://breached.st/threads/carmax-2025-leak.86410/unread
Screenshots:
None
Threat Actors: lowiq
Victim Country: United States
Victim Industry: Automotive Retail
Victim Organization: CarMax
Victim Site: carmax.com
Alleged Data Breach of americanluxuryunlimited.com USA Luxury Fragrance Consumer Database
Category: Data Breach
Content: A threat actor known as TheFallen is selling a database allegedly sourced from americanluxuryunlimited.com containing 1.5 million US consumer records in CSV format. The dataset includes sensitive personal and demographic fields such as name, gender, address, phone number, birth month, marital status, home ownership status, ethnic code, credit rating, and email. The asking price is $1,200 (negotiable), with sample files hosted on external file-sharing platforms and contact facilitated via Teleg
Date: 2026-04-29T22:54:22Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-americanluxuryunlimited-com%C2%A0-USA-Luxury-Fragrance-Consumers
Screenshots:
None
Threat Actors: TheFallen
Victim Country: United States
Victim Industry: Retail – Luxury Fragrance / Consumer Goods
Victim Organization: American Luxury Unlimited
Victim Site: americanluxuryunlimited.com
Alleged Data Breach of americaninvestorsco.com USA Financial and Securities Clients
Category: Data Breach
Content: A threat actor known as TheFallen is selling a database allegedly containing 480,000 records of USA financial and securities clients associated with americaninvestorsco.com. The dataset is offered in CSV format for $800 (negotiable) and includes personally identifiable information such as names, phone numbers, addresses, cities, states, and ZIP codes. Sample files are provided via external file-sharing links, and the actor can be contacted via Telegram.
Date: 2026-04-29T22:53:45Z
Network: openweb
Published URL: https://darkforums.su/Thread-americaninvestorsco-com%C2%A0USA-Financial-Securities-Clients
Screenshots:
None
Threat Actors: TheFallen
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: American Investors Co.
Victim Site: americaninvestorsco.com
Alleged Data Breach of American Franchise Academy – USA Franchise Business Decision Makers Database
Category: Data Breach
Content: A threat actor known as TheFallen is selling an alleged database containing 1.32 million records of USA franchise and business decision makers associated with americanfranchiseacademy.com. The dataset includes personally identifiable information such as names, titles, email addresses, organizations, physical addresses, phone numbers, company size, and industry details in CSV format. The seller is offering the database for $1,190 (negotiable) and provides sample files via external hosting links
Date: 2026-04-29T22:53:10Z
Network: openweb
Published URL: https://darkforums.su/Thread-USA-Franchise-Business-Decision-Makers-americanfranchiseacademy-com
Screenshots:
None
Threat Actors: TheFallen
Victim Country: United States
Victim Industry: Franchise / Business Services
Victim Organization: American Franchise Academy
Victim Site: americanfranchiseacademy.com
Website Defacement of alather.net by DimasHxR
Category: Defacement
Content: The website alather.net was defaced by threat actor DimasHxR on April 30, 2026. The attacker targeted a readme.txt file on the domain, indicating a targeted single-site defacement. No team affiliation, stated motive, or technical details regarding the server environment were disclosed.
Date: 2026-04-29T22:52:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915961
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Al Ather
Victim Site: alather.net
Alleged data breach of Japan Aerospace Exploration Agency (JAXA)
Category: Data Breach
Content: A threat actor identified as APT001 claims to be selling a 7TB database allegedly belonging to the Japan Aerospace Exploration Agency (JAXA). The content is hidden behind a reply or account upgrade requirement, limiting visibility into the specific data types or records involved. The scale of the alleged breach, at 7 terabytes, suggests a significant volume of potentially sensitive aerospace or government-related data.
Date: 2026-04-29T22:51:23Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Japan-Aerospace-Exploration-Agency-JAXA-7TB-Database
Screenshots:
None
Threat Actors: APT001
Victim Country: Japan
Victim Industry: Aerospace & Defense
Victim Organization: Japan Aerospace Exploration Agency (JAXA)
Victim Site: jaxa.jp
Alleged Data Leak of MTN Irancell Customer Database Affecting 40 Million Records
Category: Data Leak
Content: A threat actor known as TheFallen has made available an alleged database dump belonging to MTN Irancell, Irans largest mobile network operator. The leaked data reportedly contains approximately 40 million records including national ID numbers, full names, phone numbers, home addresses, and home phone numbers. The data is being distributed freely via a download link promoted through a Telegram channel.
Date: 2026-04-29T22:50:19Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Iran-40M-Irancell-iranian-simcard-operator
Screenshots:
None
Threat Actors: TheFallen
Victim Country: Iran
Victim Industry: Telecommunications
Victim Organization: MTN Irancell
Victim Site: irancell.ir
Alleged Data Leak of InvestVoyager Customer Leads Database
Category: Data Leak
Content: A threat actor known as DW_SK has made available a database allegedly containing 73,452 leads from InvestVoyager, a cryptocurrency investment platform. The data is being freely distributed via a Telegram channel and a Pixeldrain file hosting link. The post encourages users to follow the actor for additional leaked databases.
Date: 2026-04-29T22:49:14Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-investvoyager-com-73452-Leads
Screenshots:
None
Threat Actors: DW_SK
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Invest Voyager
Victim Site: investvoyager.com
Website Defacement of rajadewa138.skin by DimasHxR
Category: Defacement
Content: On April 30, 2026, a threat actor operating under the alias DimasHxR defaced the website rajadewa138.skin, targeting a specific page (b.html). The attack was carried out as a solo operation with no affiliated team, and the defacement was not classified as a mass or home page defacement. No specific motive or server details were disclosed in connection with this incident.
Date: 2026-04-29T22:29:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915960
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Gambling/Entertainment
Victim Organization: Rajadewa138
Victim Site: rajadewa138.skin
Alleged leak of Japanese email and password credential list
Category: Combo List
Content: A threat actor known as ShroudX has shared an alleged high-quality Japanese email and password combolist on a cybercrime forum. The content is gate-kept behind a reply requirement, a common tactic used to boost engagement and limit indexing. The specific source, record count, and affected organizations remain unknown.
Date: 2026-04-29T22:22:45Z
Network: openweb
Published URL: https://pwnforums.st/Thread-HQ-JAPAN-EMAILPASS-COMBOLIST-txt–188789
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Polish email and password combolist
Category: Combo List
Content: A threat actor known as ShroudX has shared what is claimed to be a high-quality combolist containing email and password credentials associated with Polish users on a cybercrime forum. The post does not specify a particular organization or service as the source of the credentials. No further details regarding record count or origin were available in the post.
Date: 2026-04-29T22:20:22Z
Network: openweb
Published URL: https://pwnforums.st/Thread-HQ-POLAND-EMAILPASS-COMBOLIST-txt–188790
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Spain email and password combolist
Category: Combo List
Content: A threat actor known as ShroudX has shared an alleged high-quality combolist of Spanish email and password combinations on a cybercrime forum. The credential list is available as a free download gated behind a reply requirement. The origin and scope of the combolist are unverified, and no specific victim organization has been identified.
Date: 2026-04-29T22:17:54Z
Network: openweb
Published URL: https://pwnforums.st/Thread-HQ-SPAIN-EMAILPASS-COMBOLIST-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of USA email and password combolist
Category: Combo List
Content: A threat actor operating under the alias ShroudX has shared an alleged high-quality USA email:password combolist on a cybercrime forum. The credentials are made available to forum members who reply to the thread, a common gate mechanism used to drive engagement. The origin, record count, and affected organizations associated with the combolist are unknown.
Date: 2026-04-29T22:15:01Z
Network: openweb
Published URL: https://pwnforums.st/Thread-HQ-USA-EMAILPASS-COMBOLIST-txt–188793
Screenshots:
None
Threat Actors: ShroudX
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of SMSA Express Transportation Company Ltd
Category: Data Breach
Content: A threat actor operating under the alias lulzintel is selling a database allegedly obtained from SMSA Express Transportation Company Ltd following a claimed data breach in April 2026. The dataset reportedly contains approximately 1.2 million customer shipment records including ticket details, customer names, addresses, phone numbers, AWB numbers, and internal support ticket metadata for both domestic and international shipments. The seller is accepting escrow and is open to negotiation, inviti
Date: 2026-04-29T21:49:32Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-SA-smsaexpress-com-1-2M
Screenshots:
None
Threat Actors: lulzintel
Victim Country: Saudi Arabia
Victim Industry: Transportation & Logistics
Victim Organization: SMSA Express Transportation Company Ltd
Victim Site: smsaexpress.com
Alleged compromise of BITS Pilani student email account with dark web distribution
Category: Initial Access
Content: An email account belonging to a student (Vyan Thiagu) at BITS Pilani university has allegedly been compromised. Unauthorized access was gained to the account, with evidence of login from an alternative location. The compromised account contains educational records and folders related to grades and coursework (Grade 5, Grade 6, IBDP1, MYP 2-5). The breach details and account access have been made available on the dark web via a .onion link.
Date: 2026-04-29T21:37:24Z
Network: telegram
Published URL: https://t.me/c/2735908986/4089
Screenshots:
None
Threat Actors: Infrastructure Destruction Squad
Victim Country: India
Victim Industry: Education
Victim Organization: BITS Pilani
Victim Site: Unknown
Alleged breach of BITS Pilani student email account with dark web distribution
Category: Initial Access
Content: An email account belonging to a student (Vyan Thiagu, ID: 6713gsisacinq) at BITS Pilani university has been allegedly compromised. Threat actors claim to have gained unauthorized access to the account, with evidence of recent activity from an alternative location. The inbox contains academic-related folders including grade records and curriculum materials (Grade 5-6, IBDP1, MYP 2-5). The compromised account details have been posted on the dark web via a .onion link.
Date: 2026-04-29T21:36:08Z
Network: telegram
Published URL: https://t.me/c/2735908986/4088
Screenshots:
None
Threat Actors: Infrastructure Destruction Squad
Victim Country: India
Victim Industry: Education
Victim Organization: BITS Pilani
Victim Site: Unknown
Alleged Data Leak of BITS Pilani Student Email Account Compromise
Category: Data Leak
Content: A threat actor claims to have compromised the email account of a student affiliated with BITS Pilani, exposing personal correspondence, passport details, travel booking information, legal and arbitration documents, academic grading materials, and private chat messages. The leaked mailbox contents were made publicly available via an image hosting link for verification. Exposed data includes sensitive documents such as student passport information, court-related presentations, confidential debate
Date: 2026-04-29T21:33:03Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DOCUMENTS-A-university-student-at-the-BITS-s-email-account-compromised
Screenshots:
None
Threat Actors: blacknet00
Victim Country: India
Victim Industry: Education
Victim Organization: BITS Pilani
Victim Site: gsis.ac.in
Alleged phishing kit and mail access sale operation
Category: Phishing
Content: Threat actor operating mail access phishing service across multiple countries (FR, BE, AU, CA, UK, US, NL, PL, DE, JP) offering email credentials, configs, scripts, tools, and combo lists. Contact via @Dataxlogs. Also detected: separate fraud operation AllCards selling payment card data globally at 1.2-3 USD per valid card, operating via clearnet and Tor.
Date: 2026-04-29T21:26:31Z
Network: telegram
Published URL: https://t.me/c/2613583520/72367
Screenshots:
None
Threat Actors: Dataxlogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 4 million Moroccan email addresses
Category: Data Leak
Content: A threat actor operating under the alias Rihana has freely shared a collection of approximately 4 million Moroccan email addresses on a public hacking forum. The list spans major email providers including Gmail, Hotmail, Yahoo, and Outlook, as well as the Moroccan provider Menara.ma. The actor explicitly states the data is intended for spammers and email marketers, and the download is gated behind a reply requirement.
Date: 2026-04-29T21:02:47Z
Network: openweb
Published URL: https://pwnforums.st/Thread-COLLECTION-MOROCCO-4M-moroccan-email-addresses
Screenshots:
None
Threat Actors: Rihana
Victim Country: Morocco
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of CampusFrance Application Portal
Category: Data Breach
Content: A threat actor known as ChimeraZ has allegedly obtained and is sharing a database containing approximately 18,000 application records from CampusFrance, the French agency promoting higher education abroad. The data appears to originate from the official CampusFrance portal and likely contains personal information submitted by international students applying to study in France. No further details regarding the content or method of acquisition are available due to limited post content.
Date: 2026-04-29T20:56:38Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-18K-applications-through-CAMPUSFRANCE-ORG
Screenshots:
None
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Education
Victim Organization: Campus France
Victim Site: campusfrance.org
Alleged Data Leak of NEMEA GROUP User Documents
Category: Data Leak
Content: A threat actor known as ChimeraZ has made available approximately 10,000 documents belonging to users of the NEMEA GROUP, totaling 1.5 GB in size. The leaked files include identity cards, passports, invoices, and other documents in PNG, JPG, and JPEG formats. The data has been distributed across multiple file-sharing platforms via free download links.
Date: 2026-04-29T20:50:33Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-10k-documents-from-the-NEMEA-GROUP-1-5-GB
Screenshots:
None
Threat Actors: ChimeraZ
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: NEMEA GROUP
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias COYYYTO has made available a combolist of approximately 3,000 allegedly valid Hotmail credentials via a public paste site. The post claims the credentials are high-quality and valid. No price was mentioned, suggesting the list was freely distributed.
Date: 2026-04-29T20:25:15Z
Network: openweb
Published URL: https://crackingx.com/threads/73735/
Screenshots:
None
Threat Actors: COYYYTO
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed-access combolist containing 12,000 credentials
Category: Combo List
Content: A threat actor operating under the alias wingoooW has made available a combolist containing approximately 12,000 email and password combinations described as mixed access on a cybercrime forum. The credential list is freely accessible via an external paste service. The specific organizations or services affected are not identified in the post.
Date: 2026-04-29T20:25:06Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-12K-MIXED-ACCESS–202243
Screenshots:
None
Threat Actors: wingoooW
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias COYYYTOOOO has freely shared a combolist containing approximately 3,000 allegedly valid Hotmail email and password combinations on DemonForums. The credential list was made available via an external paste site. The credentials are claimed to be high-quality and verified as valid.
Date: 2026-04-29T20:24:48Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3K-HQ-HOTMAIL-VALID
Screenshots:
None
Threat Actors: COYYYTOOOO
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of business email credentials combolist
Category: Data Leak
Content: A threat actor operating under the alias Ebbicloud has made available a combolist purportedly containing business email credentials with a claimed 99% validity rate. The list was shared via Pasteview, a text-sharing platform. No specific victim organization or country has been identified.
Date: 2026-04-29T20:20:02Z
Network: openweb
Published URL: https://altenens.is/threads/pure-business-99-valid-mails.2931703/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email combolist with high validity rate
Category: Data Leak
Content: A threat actor operating under the alias Ebbicloud has made available a mixed email combolist on the cybercrime forum AlteNens, claiming a 99% validity rate. The combolist was shared via an external pasteview link. No specific victim organization or record count was identified in the post.
Date: 2026-04-29T20:19:48Z
Network: openweb
Published URL: https://altenens.is/threads/mix-mails-high-99-valid.2931704/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of t-online.de email credentials combolist
Category: Data Leak
Content: A threat actor operating under the alias Ebbicloud has made available a combolist containing 29,233 allegedly valid email credentials associated with t-online.de, a major German email and internet service provider operated by Telekom Deutschland. The list was shared via an external paste platform and is described as high-quality valid mail credentials. No price was mentioned, indicating the content was freely distributed.
Date: 2026-04-29T20:19:33Z
Network: openweb
Published URL: https://altenens.is/threads/gem-stone-ebbi-cloud-t-online-de-29233-hq-valid-mails.2931706/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Germany
Victim Industry: Telecommunications
Victim Organization: Telekom Deutschland (T-Online)
Victim Site: t-online.de
Alleged leak of Alibaba Cloud (Aliyun) email credentials
Category: Data Leak
Content: A threat actor operating under the name Ebbicloud has made available a combolist of 2,420 alleged high-quality valid email credentials associated with Alibaba Cloud (aliyun.com). The list was shared via an external paste hosting platform. The post was found on a publicly accessible cybercrime forum in a combo list section.
Date: 2026-04-29T20:19:17Z
Network: openweb
Published URL: https://altenens.is/threads/gem-stone-ebbi-cloud-aliyun-com-2420-hq-valid-mails.2931707/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: China
Victim Industry: Technology
Victim Organization: Alibaba Cloud
Victim Site: aliyun.com
Alleged leak of Sina.com email credentials
Category: Data Leak
Content: A threat actor known as Ebbicloud has made available a combolist containing 2,593 alleged valid email credentials associated with sina.com accounts. The list was shared via Pasteview on the AE combo list forum. The credentials are described as HQ Valid Mails, suggesting they have been verified for validity.
Date: 2026-04-29T20:18:28Z
Network: openweb
Published URL: https://altenens.is/threads/gem-stone-ebbi-cloud-sina-com-2593-hq-valid-mails.2931708/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: China
Victim Industry: Internet Services / Media
Victim Organization: Sina
Victim Site: sina.com
Alleged leak of freenet.de email credentials
Category: Data Leak
Content: A threat actor known as Ebbicloud has made available a combolist of 1,070 alleged high-quality validated email credentials associated with freenet.de accounts. The list was shared via Pasteview on the AE combo list forum. The post claims the credentials are valid, suggesting they may have been verified prior to distribution.
Date: 2026-04-29T20:18:13Z
Network: openweb
Published URL: https://altenens.is/threads/gem-stone-ebbi-cloud-freenet-de-1070-hq-valid-mails.2931709/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Germany
Victim Industry: Telecommunications
Victim Organization: Freenet
Victim Site: freenet.de
Alleged leak of Rambler.ru email credentials
Category: Data Leak
Content: A threat actor known as Ebbicloud has shared a combolist containing 682 alleged high-quality valid email credentials associated with rambler.ru accounts. The list was made available via an external paste sharing service. The credentials are described as verified and valid.
Date: 2026-04-29T20:17:59Z
Network: openweb
Published URL: https://altenens.is/threads/gem-stone-ebbi-cloud-rambler-ru-682-hq-valid-mails.2931710/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Russia
Victim Industry: Technology
Victim Organization: Rambler
Victim Site: rambler.ru
Alleged leak of Nifty.com credentials
Category: Data Leak
Content: A threat actor operating under the alias Ebbicloud has made available a combolist of 779 allegedly valid email credentials associated with nifty.com. The list was shared via Pasteview and distributed on the AE combo list forum. The credentials are claimed to be high-quality and verified valid.
Date: 2026-04-29T20:17:45Z
Network: openweb
Published URL: https://altenens.is/threads/gem-stone-ebbi-cloud-nifty-com-779-hq-valid-mails.2931711/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: United States
Victim Industry: Internet Services
Victim Organization: Nifty
Victim Site: nifty.com
Alleged leak of Roadrunner.com email credentials
Category: Data Leak
Content: A threat actor operating under the alias Ebbicloud has made available a combolist of 606 allegedly valid Roadrunner.com email credentials on the AE combo list forum. The post links to an external paste site (pasteview.com) where the credential list is hosted. Roadrunner.com is an email service associated with Spectrum/Charter Communications, a major US telecommunications provider.
Date: 2026-04-29T20:17:30Z
Network: openweb
Published URL: https://altenens.is/threads/gem-stone-ebbi-cloud-roadrunner-com-606-hq-valid-mails.2931712/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: United States
Victim Industry: Telecommunications
Victim Organization: Roadrunner (Spectrum/Charter Communications)
Victim Site: roadrunner.com
Alleged leak of gamerspace.online email credentials combolist
Category: Data Leak
Content: A threat actor known as Ebbicloud has made available a combolist of 360 allegedly high-quality validated email credentials associated with gamerspace.online. The list was shared via Pasteview and posted on the AE – Combo List forum. The credentials are described as HQ Valid Mails, suggesting they have been verified for validity.
Date: 2026-04-29T20:17:14Z
Network: openweb
Published URL: https://altenens.is/threads/gem-stone-ebbi-cloud-gamerspace-online-360-hq-valid-mails.2931713/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: GamerSpace
Victim Site: gamerspace.online
Alleged leak of Charter.net email credentials combolist
Category: Data Leak
Content: A threat actor operating under the alias Ebbicloud has made available a combolist of 264 allegedly valid Charter.net email credentials on the AE forum. The list is described as high-quality (HQ) valid email accounts and is shared via an external paste platform. No price was mentioned, indicating the content was freely distributed.
Date: 2026-04-29T20:16:59Z
Network: openweb
Published URL: https://altenens.is/threads/gem-stone-ebbi-cloud-charter-net-264-hq-valid-mails.2931714/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: United States
Victim Industry: Telecommunications
Victim Organization: Charter Communications
Victim Site: charter.net
Alleged Data Leak of Peruvian Citizens National Identity Database
Category: Data Leak
Content: A threat actor on BreachForums has made available a database containing personal records of approximately 1.5 million Peruvian citizens. The leaked data includes national ID numbers, full names, dates of birth, gender, country, email addresses, and phone numbers. The data appears to originate from a Peruvian government or civil registry source, as indicated by the structured national identity fields.
Date: 2026-04-29T20:15:16Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-Peru-1-524-468-citizens
Screenshots:
None
Threat Actors: dbrick84
Victim Country: Peru
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged website defacement of Altman Israel (nutritional supplements company)
Category: Defacement
Content: Cyber Islamic Resistance claims to have defaced the website of Altman Israel (altmanim.co.il), an Israeli company specializing in nutritional supplements, vitamins, and health products. The group provided Zone-H mirror evidence (ID: 42034751) and detailed company information including commercial registration number 540219987 and physical address in Or Yehuda, Israel.
Date: 2026-04-29T20:12:55Z
Network: telegram
Published URL: https://t.me/c/1651470668/1898
Screenshots:
None
Threat Actors: Cyber Islamic Resistance
Victim Country: Israel
Victim Industry: Nutritional supplements/Health products
Victim Organization: Altman Israel
Victim Site: altmanim.co.il
Alleged Data Leak of Drojian (Zhengzhou Zhuojian Software Technology Co., Ltd) Employee and Applicant Database
Category: Data Leak
Content: A threat actor has made available a 2025 backup database allegedly belonging to Drojian (Zhengzhou Zhuojian Software Technology Co., Ltd), a Chinese software development company. The leaked data, totaling 567.6MiB uncompressed, includes sensitive employee and job applicant records such as national ID numbers, names, birthdates, email addresses, phone numbers, Telegram usernames and IDs, nationality, political identity, bank account details, and credit card numbers. The database containing approx
Date: 2026-04-29T20:02:04Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Drojian-cn-Drojian-dev
Screenshots:
None
Threat Actors: penguinbrew
Victim Country: China
Victim Industry: Software Technology
Victim Organization: Zhengzhou Zhuojian Software Technology Co., Ltd
Victim Site: drojian.cn
Alleged Data Breach of Poste.dz Database for Sale
Category: Data Breach
Content: A threat actor using the alias zatchi88 is allegedly selling a database belonging to Poste.dz, the Algerian postal service, on a cybercrime forum. The post provides minimal details and directs interested parties to contact the seller via direct message. No information regarding record count, data types, or pricing has been publicly disclosed.
Date: 2026-04-29T20:01:19Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Poste-dz-database-for-sale-2026
Screenshots:
None
Threat Actors: zatchi88
Victim Country: Algeria
Victim Industry: Postal Services
Victim Organization: Algerie Poste
Victim Site: poste.dz
Alleged leak of Germany mixed domain credentials combolist
Category: Combo List
Content: A threat actor operating under the alias HQcomboSpace has shared a combolist containing approximately 667,173 credential entries targeting mixed domains in Germany. The data was made available for free download via a Mega.nz file hosting link. The leak appears to be a compilation of email and password combinations from various German-domain sources.
Date: 2026-04-29T19:48:32Z
Network: openweb
Published URL: https://crackingx.com/threads/73730/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of German email credential combolist
Category: Combo List
Content: A threat actor known as MrCOMBOROBOA is selling a combolist of approximately 2,100 German email credentials (email:password pairs) on DemonForums. The actor also advertises larger combolist packages ranging from 100,000 to 10 million records for various countries and categories, with pricing tiers available weekly, monthly, or as a lifetime subscription. The actor promotes their Telegram channel and private group for distribution of additional combo and credential lists.
Date: 2026-04-29T19:48:22Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-2-1k-GERMANY-COMBO-FOR-MAILS-ACCESS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German email credentials combolist (GMX, T-Online)
Category: Combo List
Content: A threat actor operating under the alias CODER is distributing free combolists containing credentials associated with German email and telecom providers GMX and T-Online, along with shopping and social platform accounts. The actor promotes distribution via Telegram channels and groups, offering both credential lists and tools at no apparent cost. No specific record count or pricing was disclosed in the post.
Date: 2026-04-29T19:48:06Z
Network: openweb
Published URL: https://crackingx.com/threads/73732/
Screenshots:
None
Threat Actors: CODER
Victim Country: Germany
Victim Industry: Telecommunications / Email Services
Victim Organization: GMX, T-Online
Victim Site: gmx.de, t-online.de
Alleged Sale of Polish Email Credential Combolist
Category: Combo List
Content: A threat actor known as MrCOMBOROBOA is selling a combolist of approximately 1,200 email:password credential pairs targeting Polish email accounts on DemonForums. The actor also advertises a private Telegram channel offering larger-scale combolists for various countries and industries, with pricing ranging from $30 for 100,000 records to $300 for 10 million records. The post warns of impostor accounts and promotes a paid private combo group with subscription tiers ranging from $50 per week to
Date: 2026-04-29T19:47:59Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1-2k-POLAND-COMBO-FOR-MAILS-ACCESS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Mixed Email Combolist with 1.9K Credentials for Mail Access
Category: Combo List
Content: A threat actor operating under the alias MrCOMBOROBOA is selling a mixed combolist containing approximately 1,900 email:password credential pairs intended for mail account access. The actor also advertises larger combolist packages (up to 10 million records) at tiered pricing, as well as gaming and shopping combolists, accessible via a paid Telegram group. The post references a Telegram channel and warns of impostor accounts using similar usernames.
Date: 2026-04-29T19:47:41Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1-9k-MIXED-COMBO-FOR-MAILS-ACCESS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Mixed Email Combolist with 13,100 Credentials for Mail Access
Category: Combo List
Content: A threat actor known as MrCOMBOROBOA is selling a mixed combolist of 13,100 email:password credential pairs purportedly for mail access on a cybercrime forum. The actor also advertises larger-scale combolists ranging from 100,000 to 10 million records at tiered pricing, as well as gaming and shopping combo lists. The actor operates a Telegram channel and private combo group with subscription-based access.
Date: 2026-04-29T19:47:17Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-13-1k-MIXED-COMBO-FOR-MAILS-ACCESS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 606K URL-Login-Password credential combolist
Category: Combo List
Content: A threat actor operating under the alias RandomUpload has made available a combolist containing approximately 606,000 URL-login-password credential pairs on the cracking forum CrackingX. The post is dated April 30, 2026, and the full content is restricted to registered forum users. No specific victim organization or country has been identified.
Date: 2026-04-29T19:47:11Z
Network: openweb
Published URL: https://crackingx.com/threads/73734/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias MegaCloudshop has shared a combolist containing approximately 300 Hotmail email and password combinations on a cybercrime forum. The content is hidden behind a registration or login requirement, suggesting it is available to forum members. The actor also promotes an external store at megacloudshop.top, likely offering additional credential listings or related services.
Date: 2026-04-29T19:46:53Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-300X-Hotmail-Hits-Just-Top-Quality
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Sale of Non-VBV Credit Cards and Carding Methods via Telegram
Category: Carding
Content: A threat actor operating under the alias Blaxking is selling stolen credit card data described as non-VBV (Verified by Visa) and OTP-bypass capable, with alleged balances ranging from $500 to $10,000. The offering includes full card details (card number, expiration date, CVV, cardholder PII), Apple Pay BINs, and step-by-step carding methods targeting platforms such as Argos and Booking. The actor also advertises tutorials for newcomers on how to exploit the cards across multiple countries.
Date: 2026-04-29T19:37:20Z
Network: openweb
Published URL: https://altenens.is/threads/n3w-cc-choep-and-n-n-vbv-sit3s-skipping-high-balance-no-otp-v3rificati-ns-buy-here-t3legram-blaxking-oooooooooooooooooooooooooooooooo-n3wbies.2931686/unread
Screenshots:
None
Threat Actors: Energymann
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of admin panel access and PII data from Ministry of Economy of the Republic of Serbia
Category: Initial Access
Content: A threat actor identified as wh6ami is selling CMS admin panel access to the Serbian Ministry of Economy website (privreda.gov.rs), along with access to a vulnerable endpoint and data extracted from the sites database. The stolen data includes full names, mobile and office phone numbers, email addresses, professional positions, department names, and company affiliations of government personnel. The actor is also offering PII separately and can be contacted via Telegram or qTox for pricing neg
Date: 2026-04-29T19:33:11Z
Network: openweb
Published URL: https://breached.st/threads/ministry-of-economy-of-the-republic-of-serbia-access-to-admin-panel-government-of-republic-of-serbia.86479/unread
Screenshots:
None
Threat Actors: wh6ami
Victim Country: Serbia
Victim Industry: Government
Victim Organization: Ministry of Economy of the Republic of Serbia
Victim Site: privreda.gov.rs
Alleged Data Leak of Marcus & Millichap, Inc. Salesforce Records
Category: Data Leak
Content: A threat actor known as Fallen has leaked over 30 million Salesforce records allegedly stolen from Marcus & Millichap, Inc., a major commercial real estate firm. The leaked data, totaling over 5.4GB compressed, reportedly contains PII and internal corporate data. The actor claims the company failed to reach an agreement following negotiations, prompting the public release via a download link and Telegram channel.
Date: 2026-04-29T19:32:06Z
Network: openweb
Published URL: https://breached.st/threads/marcus-millichap-inc.86476/unread
Screenshots:
None
Threat Actors: Fallen
Victim Country: United States
Victim Industry: Real Estate
Victim Organization: Marcus & Millichap, Inc.
Victim Site: marcusmillichap.com
Alleged Data Breach of Kabupaten Buru Government Website
Category: Data Breach
Content: A threat actor known as Mr. Hanz Xploit has allegedly obtained and is sharing a database from the Kabupaten Buru regional government website (burukab.go.id), an Indonesian local government domain. The post was made on the Breached forum under the Databases section, though no further details regarding the content or volume of the data are available.
Date: 2026-04-29T19:31:21Z
Network: openweb
Published URL: https://breached.st/threads/database-kabupaten-burukab-go-id.86477/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Kabupaten Buru Government
Victim Site: burukab.go.id
Alleged Data Leak of Archetyp Darknet Market Vendor Data
Category: Data Leak
Content: A threat actor known as Fallen has made available a scraped database containing vendor data from the Archetyp darknet market, dated April 2026. The data was shared via a download link and promoted through the actors Telegram channel TheFallen. The full scope and record count of the exposed vendor data remain unknown.
Date: 2026-04-29T19:30:46Z
Network: openweb
Published URL: https://breached.st/threads/database-darkweb-archetyp-market-vendor-data-04-2026.86478/unread
Screenshots:
None
Threat Actors: Fallen
Victim Country: Unknown
Victim Industry: Dark Web Marketplace
Victim Organization: Archetyp Market
Victim Site: Unknown
Alleged Data Breach of SMP Negeri 7 Kota Tangerang Selatan
Category: Data Breach
Content: A threat actor identified as Mr. Hanz Xploit has allegedly obtained and is sharing a database belonging to SMP Negeri 7 Kota Tangerang Selatan, a public junior high school in South Tangerang City, Indonesia. The post was made on the Breached forum, though no specific details regarding the content, size, or nature of the data were available in the post.
Date: 2026-04-29T19:30:05Z
Network: openweb
Published URL: https://breached.st/threads/database-smp-negeri-7-kota-tangerang-selatan.86480/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMP Negeri 7 Kota Tangerang Selatan
Victim Site: Unknown
Alleged leak of mixed combolist distributed via cracking forum
Category: Combo List
Content: A threat actor operating under the alias snowstormxd has made available a mixed combolist of 360 credential entries via a public paste link on a cracking forum. The post also promotes a private Telegram-based cloud service offering additional content for a subscription fee starting at $3 for 24 hours. The origin, targets, and validity of the leaked credentials are unknown.
Date: 2026-04-29T19:07:57Z
Network: openweb
Published URL: https://crackingx.com/threads/73727/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Fresh Credit Card Data Across Multiple Countries
Category: Combo List
Content: A threat actor operating under the alias Golfwalk is selling stolen credit card data including CVV details, claiming the cards are fresh, valid, and verified before sale. The actor targets bulk buyers and offers replacements for invalid cards, suggesting an established carding operation. Contact is facilitated via Telegram handle @whalesshitcoin.
Date: 2026-04-29T19:07:52Z
Network: openweb
Published URL: https://demonforums.net/Thread-SELLING-FRESH-VALID-WITH-GOOD-HIGHLY-BALANCE-CREDIT-CARD-ALL-COUNTRY–202236
Screenshots:
None
Threat Actors: Golfwalk
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mixed email credential combolist with 18,300 records
Category: Combo List
Content: A threat actor identified as MrCOMBOROBOA is selling a mixed combolist of approximately 18,300 email credentials on a cybercrime forum. The actor also advertises larger combolists ranging from 100,000 to 10 million records at tiered pricing, targeting various countries and corporate email accounts. The actor promotes a Telegram channel and private subscription group offering ongoing access to credential lists for gaming, shopping, and mail services.
Date: 2026-04-29T19:07:23Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-18-3k-MIXED-COMBO-FOR-MAILS-ACCESS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of combolists targeting multiple retail chains including Rossmann, Biedronka, and others
Category: Combo List
Content: A threat actor operating under the alias CODER is distributing a combolist of approximately 3 million credential pairs purportedly associated with multiple retail chains across Europe and Australia, including Rossmann, Biedronka, Woolworths, and others. The combolists are being made available for free via Telegram channels and groups. Access is facilitated through direct Telegram contact and two public Telegram groups offering free combos and tools.
Date: 2026-04-29T19:07:14Z
Network: openweb
Published URL: https://crackingx.com/threads/73728/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Rossmann, DM Drogerie, Biedronka, Colruyt, Monoprix, El Corte Inglés, Coop, Migros, Woolworths, Coles
Victim Site: Unknown
Alleged Sale of Stolen Payment Cards, EBT Cards, and Financial Account Credentials
Category: Carding
Content: A threat actor operating under the alias Golfwalk is selling stolen financial data including EBT cards with PINs, credit card dumps with PINs, and CC+CVV data on a cybercrime forum. The actor claims the cards are compatible with platforms including TikTok, CashApp, Apple Pay, and PayPal, with weekly inventory updates. Payment is accepted exclusively in Bitcoin, with contact facilitated via a Telegram channel.
Date: 2026-04-29T19:06:46Z
Network: openweb
Published URL: https://demonforums.net/Thread-EBT-cards-pin-Dumps-pin-and-Cc-cvv-at-a-low-prices-Cards-available-for-TikTok–202231
Screenshots:
None
Threat Actors: Golfwalk
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Gmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias D4rkNetHub has shared or made available a combolist purportedly containing over 100,000 Gmail credentials on the cracking forum CrackingX. The post is gated behind registration or sign-in, limiting visibility into the full details of the claim. The data appears to consist of email and password combinations targeting Gmail accounts.
Date: 2026-04-29T19:06:38Z
Network: openweb
Published URL: https://crackingx.com/threads/73729/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged Data Leak of Cambridge Dictionary Database
Category: Data Leak
Content: A threat actor known as Mr. Hanz Xploit has allegedly leaked a database associated with Cambridge Dictionary on the Breached forum. The post was found in the Databases section, suggesting a structured data dump was made available. No further details regarding record count or specific data types were provided in the post content.
Date: 2026-04-29T18:52:39Z
Network: openweb
Published URL: https://breached.st/threads/leak-database-cambridge-dictionary.86467/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: United Kingdom
Victim Industry: Education / Publishing
Victim Organization: Cambridge Dictionary
Victim Site: dictionary.cambridge.org
Alleged leak of mixed mail access credentials (combolist X3375)
Category: Combo List
Content: A threat actor operating under the alias RandomUpload has made available a mixed mail access combolist labeled X3375 on the cracking forum CX – Combolists & Dumps. The post offers access to the credential list for registered users of the forum. The specific email providers, record count, and origin of the credentials are unknown based on available information.
Date: 2026-04-29T18:31:05Z
Network: openweb
Published URL: https://crackingx.com/threads/73725/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail valid email access credentials
Category: Combo List
Content: A threat actor on the cracking forum CX has made available a list of approximately 355 valid Hotmail email account credentials, dated April 29. The post offers a combolist of verified email access credentials, restricted to registered forum users. No price was mentioned, indicating this is a free leak.
Date: 2026-04-29T18:30:29Z
Network: openweb
Published URL: https://crackingx.com/threads/73726/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged Sale of cPanel Information Disclosure Vulnerability Affecting 13,522 Panels
Category: Initial Access
Content: A threat actor identified as NormalLeVrai is selling an unpatched cPanel information disclosure vulnerability for $1,000. The vulnerability reportedly exposes website login credentials including panel/site links, usernames, and passwords across 13,522 cPanel instances spanning 94 countries. The seller is accepting escrow and can be contacted via the Session messaging platform.
Date: 2026-04-29T18:12:30Z
Network: openweb
Published URL: https://spear.cx/Thread-NEW-cPanel-vulnerability-on-panel-13522-Information-Disclosure
Screenshots:
None
Threat Actors: NormalLeVrai
Victim Country: Unknown
Victim Industry: Web Hosting
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of École nationale dadministration Confidential Emails and Attachments
Category: Data Leak
Content: A threat actor known as NormalLeVrai has made available a collection of confidential emails and attachments allegedly extracted from the inbox systems of the École nationale dadministration (ENA), a prestigious French public administration school. The data is claimed to have been extracted on April 25, 2026, and is being freely distributed via an external file-sharing link. A session token was also shared alongside the download, suggesting possible continued access to the compromised environm
Date: 2026-04-29T18:08:27Z
Network: openweb
Published URL: https://darkforums.su/Thread-%C3%89cole-nationale-d-administration
Screenshots:
None
Threat Actors: NormalLeVrai
Victim Country: France
Victim Industry: Education / Government
Victim Organization: École nationale dadministration
Victim Site: Unknown
RM of Gimli targeted in cyberattack, hires firm to investigate | CBC News
Category: Cyber Attack
Content: The Rural Municipality of Gimli has informed its residents that it was the target of a cyberattack affecting its computer systems. The organization has engaged a cybersecurity firm to investigate the incident and determine the extent of the damage. Currently, the municipal office is unable to process bill payments, advising residents to use a bank directly.
Date: 2026-04-29T18:06:46Z
Network: openweb
Published URL: https://www.cbc.ca/news/canada/manitoba/gimli-cyberattack-9.7181371
Screenshots:
None
Threat Actors: Payload
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Rural Municipality of Gimli
Victim Site: gimli.ca
RM of Gimli targeted in cyberattack, hires firm to investigate | CBC News
Category: Cyber Attack
Content: La municipalité rurale de Gimli a informé ses résidents avoir été la cible dune cyberattaque affectant ses systèmes informatiques. Lorganisation a engagé une firme de cybersécurité pour enquêter sur lincident et déterminer létendue des dégâts. Actuellement, le bureau municipal est incapable de traiter les paiements de factures, conseillant aux résidents dutiliser directement une banque.
Date: 2026-04-29T18:06:42Z
Network: openweb
Published URL: https://www.cbc.ca/news/canada/manitoba/gimli-cyberattack-9.7181371
Screenshots:
None
Threat Actors: Payload
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Rural Municipality of Gimli
Victim Site: gimli.ca
Alleged distribution of corporate combolist by threat actor CODER
Category: Combo List
Content: A threat actor operating under the alias CODER is distributing a combolist claimed to contain 3 million corporate credential pairs via Telegram channels. The actor promotes free combo and tool distribution through two Telegram groups and directs interested parties to contact them directly. No specific victim organization or targeted industry has been identified.
Date: 2026-04-29T18:03:08Z
Network: openweb
Published URL: https://crackingx.com/threads/73696/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of combolist targeting social and shopping platforms
Category: Combo List
Content: A threat actor operating under the alias HQcomboSpace has shared a combolist containing approximately 185,221 credential entries via a Mega.nz link on the cracking forum CrackingX. The combolist is described as targeting social media, shopping, and education platforms. The data appears to be compiled from multiple sources and made available for free download.
Date: 2026-04-29T18:02:31Z
Network: openweb
Published URL: https://crackingx.com/threads/73697/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Multiple (Social Media, E-Commerce, Education)
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials sample combolist
Category: Combo List
Content: A threat actor operating under the alias HollowKnight07 has made available a sample combolist of 775 Hotmail credentials on the cracking forum CrackingX. The post provides a free download link, suggesting this is a sample release likely intended to advertise a larger dataset. The credentials appear to be email and password combinations associated with Hotmail accounts.
Date: 2026-04-29T18:01:33Z
Network: openweb
Published URL: https://crackingx.com/threads/73699/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of combolist targeting multiple e-commerce platforms including Wildberries, Ozon, and AliExpress
Category: Combo List
Content: A threat actor known as CODER is distributing a combolist of approximately 8.4 million credential pairs allegedly associated with multiple major e-commerce platforms including Wildberries, Ozon, AliExpress, Lamoda, Wish, Etsy, ASOS, and Zalando. The combolist is being made available for free via Telegram channels and a cracking forum. The actor promotes additional free combos and tools through dedicated Telegram groups.
Date: 2026-04-29T18:00:10Z
Network: openweb
Published URL: https://crackingx.com/threads/73703/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: E-Commerce
Victim Organization: Wildberries, Ozon, AliExpress, Lamoda, Wish, Etsy, ASOS, Zalando
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias Jelooos has shared a combolist of approximately 1,500 Hotmail account credentials described as private hits on a cracking forum. The post includes an external link to the credential list, suggesting it has been made available for free download. The term hits indicates these credentials have been verified as valid against Hotmails login system.
Date: 2026-04-29T17:57:30Z
Network: openweb
Published URL: https://crackingx.com/threads/73708/
Screenshots:
None
Threat Actors: Jelooos
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged leak of mixed retail combolist targeting multiple global retailers
Category: Combo List
Content: A threat actor operating under the alias CODER has made available a mixed combolist of approximately 12 million credential pairs allegedly associated with multiple global retail brands including Walmart, Target, Costco, Carrefour, Tesco, Sainsburys, Aldi, Lidl, IKEA, Sephora, Ulta, and Zara. The combolist is being distributed for free via Telegram channels and a cracking forum. The actor also promotes additional free combo and tooling resources through dedicated Telegram groups.
Date: 2026-04-29T17:56:18Z
Network: openweb
Published URL: https://crackingx.com/threads/73710/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Walmart, Target, Costco, Carrefour, Tesco, Sainsburys, Aldi, Lidl, IKEA, Sephora, Ulta, Zara
Victim Site: Unknown
Alleged leak of mixed combolist with associated cloud service offering
Category: Combo List
Content: A threat actor operating under the alias snowstormxd has made available a mixed combolist of 360 credential entries via a public paste link and a Telegram channel. The post also promotes a paid private cloud service offering tiered access from $3 per day to $120 for lifetime, with payments processed via a dedicated Telegram bot. The free combolist appears to serve as a lure to attract customers to the paid service.
Date: 2026-04-29T17:55:26Z
Network: openweb
Published URL: https://crackingx.com/threads/73711/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed forum credentials combolist
Category: Combo List
Content: A threat actor operating under the alias ValidMail has shared an alleged combolist containing approximately 100,000 mixed credential pairs purportedly valid for various forums. The post is behind a registration wall, limiting full content visibility. The leaked data appears to consist of email and password combinations targeting forum accounts.
Date: 2026-04-29T17:54:05Z
Network: openweb
Published URL: https://crackingx.com/threads/73714/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Distribution of Cracked IPTV Checker Tool with Potential Malware Risk
Category: Initial Access
Content: A threat actor known as Starip has shared a cracked version of IPTV Checker v3.1, originally cracked by Br4uN_Tr, on a cracking forum. The tool is advertised for validating M3U playlists and IPTV stream endpoints, but the post explicitly warns that antivirus software flags it as dangerous or malware and instructs users to disable their antivirus. The tool is made available via hidden content requiring forum registration, increasing exposure risk to unsuspecting users who may execute maliciou
Date: 2026-04-29T17:53:58Z
Network: openweb
Published URL: https://demonforums.net/Thread-IPTV-Checker-v3-1-Cracked-by-Br4uN-Tr
Screenshots:
None
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of SpyProof VPN Checker credential stuffing tool by threat actor PJ
Category: Carding
Content: A threat actor operating under the alias PJ has made available a multi-threaded credential checking tool called SpyProof VPN Checker on a cracking forum. The tool supports proxy routing including SOCKS5, bulk combolist loading, and real-time statistics tracking for processing large datasets. It is designed for credential stuffing or account checking workflows and is being shared freely with a VirusTotal submission included, with the author noting it may be flagged as malware by antivirus sof
Date: 2026-04-29T17:53:37Z
Network: openweb
Published URL: https://demonforums.net/Thread-SpyProof-VPN-Checker-by-PJ
Screenshots:
None
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email:password combolist (X1454 HQ Mix)
Category: Combo List
Content: A threat actor operating under the alias Steveee36 and posted by user erwinn91 on DemonForums has made available a combolist referred to as X1454 HQ Mix, containing approximately 1,454 email:password credential pairs. The content is hidden behind a registration or login requirement, suggesting it is offered as a free resource to forum members. No specific victim organization or targeted service has been identified.
Date: 2026-04-29T17:53:15Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X1454-HQ-Mix-%E2%9A%A1%E2%9A%A1-BY-Steveee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed Hotmail and private cloud credentials
Category: Combo List
Content: A threat actor on DemonForums has made available a combolist described as UHQ Mix containing allegedly valid Hotmail credentials and private cloud account credentials. The post references hidden content requiring registration or login to access, with the actor also promoting a Telegram channel (@noiraccesss). No specific record count or pricing was mentioned, suggesting the content is being freely distributed.
Date: 2026-04-29T17:52:36Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X2191-Valid-UHQ-Mix-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of Mixed Country Gmail Combolist
Category: Combo List
Content: A threat actor operating under the alias HQcomboSpace has made available a combolist containing approximately 410,053 Gmail credential pairs via a Mega.nz file share link. The combolist is described as containing mixed-country entries and is being freely distributed on the cracking forum CrackingX. The leaked data likely consists of email and password combinations sourced from various breaches or credential stuffing campaigns.
Date: 2026-04-29T17:52:31Z
Network: openweb
Published URL: https://crackingx.com/threads/73717/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Multiple Countries
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged leak of mixed email credential combolist by threat actor klyne05
Category: Combo List
Content: A threat actor operating under the alias klyne05 has shared a mixed email:password combolist on the DemonForums cybercrime forum, claiming it is private and freshly checked. The content is hidden behind a like-to-unlock mechanism, restricting access to registered forum members. No specific victim organization, country, or record count has been disclosed.
Date: 2026-04-29T17:52:09Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1MIX-MAIL%E2%9A%A1%E2%9A%A1PRIVATE%E2%9A%A1%E2%9A%A1FRESH%E2%9A%A1%E2%9A%A1CHEKED-BY-klyne05-%E2%9A%A1%E2%9A%A1–202210
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias KiwiShio has shared a combolist containing allegedly fresh, high-quality Hotmail email and password combinations on the DemonForums cybercrime forum. The post contains 840 credential pairs made available as hidden content requiring forum registration to access. The credentials are described as fresh and high quality by the poster.
Date: 2026-04-29T17:51:49Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-840x-%E2%AD%90%E2%AD%90-FRESH-HQ-HOTMAIL-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed email credentials combolist including Hotmail accounts
Category: Combo List
Content: A threat actor operating under the alias alphaxdd has shared a combolist of 5,442 mixed email credentials on DemonForums, described as premium hits including valid Hotmail accounts. The content is hidden behind a registration or login requirement, suggesting it is distributed to forum members rather than sold. The actor also references a Telegram handle (alphaaxd) likely used for further distribution or contact.
Date: 2026-04-29T17:51:10Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-5442x-PREMIUM-MIX-MAIL-HITS%E2%9A%A1%E2%9A%A1–202215
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor on the CrackingX forum shared a combolist allegedly containing 4,270 valid credential hits for Hotmail accounts. The content is restricted to registered users of the forum. The origin of the credentials and the method used to obtain them are unknown.
Date: 2026-04-29T17:51:03Z
Network: openweb
Published URL: https://crackingx.com/threads/73723/
Screenshots:
None
Threat Actors: lpbPrivate
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor known as StrawHatBase has shared a combolist containing approximately 16,000 mixed email address and password combinations on a cybercrime forum. The post is gated behind registration or login, suggesting the credentials are available to forum members at no direct cost. The targeted email providers and geographic origin of the credentials are unknown.
Date: 2026-04-29T17:50:35Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-16K-MIXED-GOOD-MAIL-ACCESS
Screenshots:
None
Threat Actors: StrawHatBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 22,000 email credentials shared on cybercrime forum
Category: Combo List
Content: A threat actor operating under the alias TeraCloud1 has made available a combolist of approximately 22,000 allegedly valid email credentials on a cybercrime forum. The post is hidden behind a registration or login wall, limiting full visibility into the datas origin or targeted services. No specific victim organization, country, or industry has been identified.
Date: 2026-04-29T17:50:12Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-22K-VALID-MAIL-ACCESS–202219
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email:password combolist
Category: Combo List
Content: A threat actor using the alias stormtrooper has shared a mixed combolist containing 55,112 email:password credential pairs on DemonForums. The content is available for free to registered members of the forum. The actor also promotes a Telegram channel (@BossBrowz) likely used for distributing additional credential lists or threat actor activity.
Date: 2026-04-29T17:49:47Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-55-112-Lines-Fresh-Mix-Combolist–202225
Screenshots:
None
Threat Actors: stormtrooper
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Law Enforcement Email Accounts, Forged Legal Documents, and Emergency Data Request Services
Category: Initial Access
Content: A threat actor on BreachForums is selling compromised law enforcement and government email accounts with access to law enforcement portals for major platforms including Meta, Instagram, TikTok, Snapchat, Microsoft, and Apple, enabling Emergency Data Requests (EDRs) and account data extraction. The actor is also selling forged legal documents including court orders, subpoenas, and MLAT documents for $100, as well as EDR submission services starting at $200 and domain suspension services for $300.
Date: 2026-04-29T17:46:23Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-GOVERNMENT-EMAILS-POLICE-EMAILS-FOR-EDRS-FORGED-COURT-ORDERS-DOMAIN-SUSPENSION–187893
Screenshots:
None
Threat Actors: convince
Victim Country: Unknown
Victim Industry: Government & Law Enforcement
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Domain Suspension Service and Forged Legal Document Method via Registrar Exploit
Category: Initial Access
Content: A threat actor operating under the alias convince is selling a domain suspension service and accompanying methodology on BreachForums, claiming the ability to force clientHold DNS status on any non-authority domain within 24 hours. Option 1 offers a one-time domain takedown service for 500 XMR, while Option 2 sells the full method including high-resolution forged seizure warrant templates and targeted registrar submission channels for $1,500 XMR. The technique relies on social engineering regi
Date: 2026-04-29T17:45:56Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-SELLING-PRIVATE-DOMAIN-SUSPENSION-METHOD-REGISTRAR-EXPLOIT-2026
Screenshots:
None
Threat Actors: convince
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Data Leak
Content: A threat actor using the alias Sellix has shared a combolist of 360 allegedly valid Hotmail credentials on the AE forum. The post is gated behind a reply requirement, obscuring the actual content. The credentials are described as fresh and valid, suggesting recent collection or validation.
Date: 2026-04-29T17:44:09Z
Network: openweb
Published URL: https://altenens.is/threads/sparkles-360x-fresh-hotmail-valid-sparkles.2931609/unread
Screenshots:
None
Threat Actors: Sellix
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of Microsoft-targeted credential combolist containing 159K records
Category: Data Leak
Content: A threat actor operating under the alias carlos080 has made available a Microsoft-targeted combolist containing approximately 159,000 credential pairs on the AE forum. The post offers a hidden download link accessible upon reply, and includes email:password and username:password formats. The same actor also advertises paid combolists targeting multiple email providers and regions via Telegram handle @KOCsupport.
Date: 2026-04-29T17:43:11Z
Network: openweb
Published URL: https://altenens.is/threads/159k-microsoft-targeted-combolist.2931652/unread
Screenshots:
None
Threat Actors: carlos080
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: microsoft.com
Alleged leak of Hotmail premium credential combolist
Category: Data Leak
Content: A threat actor operating under the alias alphacloud has shared a combolist containing 1,367 alleged valid Hotmail credentials on the forum AE – Combo List. The post claims the credentials are premium and sourced from a private cloud, with mixed email formats included. The content is hidden behind a reply-gate, requiring forum engagement to access, and the actor is also reachable via Telegram as alphaaxd.
Date: 2026-04-29T17:42:55Z
Network: openweb
Published URL: https://altenens.is/threads/snowflakesnowflake-1367x-premium-hotmail-hits-snowflakesnowflake.2931648/unread
Screenshots:
None
Threat Actors: alphacloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged leak of Hotmail credentials combolist
Category: Data Leak
Content: A threat actor operating under the alias Sellix has shared a combolist containing 350 allegedly valid Hotmail credentials on the AE combo list forum. The post requires forum engagement before the hidden content is revealed. The credentials are claimed to be fresh and valid.
Date: 2026-04-29T17:42:41Z
Network: openweb
Published URL: https://altenens.is/threads/sparkles-350x-fresh-hotmail-valid-sparkles.2931656/unread
Screenshots:
None
Threat Actors: Sellix
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials combolist
Category: Data Leak
Content: A threat actor on the AE forum has shared a combolist containing 2,143 alleged Hotmail account credentials, described as UHQ hits, indicating high-quality verified logins. The content is gated behind a reply requirement, suggesting a free distribution model common to credential-sharing communities.
Date: 2026-04-29T17:42:27Z
Network: openweb
Published URL: https://altenens.is/threads/high-voltagecheck-mark-button-2143x-uhq-hotmail-hits-check-mark-buttonhigh-voltage.2931645/unread
Screenshots:
None
Threat Actors: Angiecrax
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials combolist
Category: Logs
Content: A threat actor operating under the alias MegaCloud has made available a combolist of approximately 1,000 claimed valid Hotmail account credentials on an underground forum. The post, dated April 29, describes the credentials as full valid and top quality, suggesting active and verified account access. No pricing information was provided in the available content, indicating the credentials may have been shared freely.
Date: 2026-04-29T17:39:18Z
Network: openweb
Published URL: https://xforums.st/threads/1k-full-valid-hotmail-access-just-top-quality-29-04.611882/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed credential combolist containing 15,000 records
Category: Logs
Content: A threat actor operating under the alias UniqueCombo has shared a mixed combolist containing approximately 15,000 unique credential pairs on a cybercrime forum in the Mail Access & Combolists section. The combolist appears to aggregate credentials from multiple sources. No specific victim organization or country has been identified.
Date: 2026-04-29T17:38:40Z
Network: openweb
Published URL: https://xforums.st/threads/mix-unique-combo_4_15000.611883/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 6,500 German email account credentials
Category: Logs
Content: A threat actor operating under the alias MegaCloud has made available a combolist containing approximately 6,500 validated German email account credentials. The post, dated April 29, was shared on the XF forums in the Mail Access & Combolists section. The credentials are described as full valid mail access, suggesting active and verified account access.
Date: 2026-04-29T17:38:02Z
Network: openweb
Published URL: https://xforums.st/threads/6-5k-germany-full-valid-mail-access-29-04.611884/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email access credentials (5,500 accounts)
Category: Logs
Content: A threat actor operating under the alias MegaCloud has made available a mixed email access combolist containing approximately 5,500 credential pairs on the XF forums. The post, dated April 29, includes a gated link requiring forum registration to access. No specific email providers, organizations, or geographic targets are identified.
Date: 2026-04-29T17:37:35Z
Network: openweb
Published URL: https://xforums.st/threads/5-5k-mix-mail-access-29-04.611885/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist with 15,000 records
Category: Logs
Content: A threat actor operating under the alias UniqueCombo has shared a mixed unique combolist containing approximately 15,000 credential pairs on a cybercrime forum. The post is categorized under Mail Access & Combolists, suggesting the credentials may include email account logins. No specific victim organization, industry, or country has been identified.
Date: 2026-04-29T17:37:00Z
Network: openweb
Published URL: https://xforums.st/threads/mix-unique-combo_5_15000.611886/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Bulletproof Offshore Hosting Service Advertised on Cybercrime Forum
Category: Initial Access
Content: A threat actor operating under the alias OffshoreLc is advertising a bulletproof offshore hosting service on a cybercrime forum. The service offers DMCA-non-responsive VPS and RDP hosting with fully encrypted disk storage, 10Gbps+ network speeds, and pricing starting at €13/month. Such services are commonly used by cybercriminals to host malicious infrastructure including phishing pages, malware, and command-and-control servers.
Date: 2026-04-29T17:36:06Z
Network: openweb
Published URL: https://hackforums.net/showthread.php?tid=6324623
Screenshots:
None
Threat Actors: OffshoreLc
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: offshore.lc
Alleged recruitment of corporate access brokers by ransomware-affiliated threat actor
Category: Initial Access
Content: A threat actor on the T1 forum operating under the alias Fidel.Castro is seeking a reliable supplier or broker of corporate network accesses, claiming to be part of an established team with a reputation backed by a 2 BTC deposit on related forums. The group states they work on a revenue-share basis, operate without a locker (suggesting data exfiltration rather than ransomware encryption), and are also willing to accept accesses from other teams that failed to achieve domain administrator privi
Date: 2026-04-29T17:30:38Z
Network: openweb
Published URL: https://tier1.life/thread/189
Screenshots:
None
Threat Actors: Fidel.Castro
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Vimeo, Inc.
Category: Data Breach
Content: A threat actor operating under the alias ShinyHunters has posted on BreachForums allegedly involving a database associated with Vimeo, Inc. No post content was available to confirm the nature, scope, or authenticity of the claimed data. Further investigation is required to assess the validity of this claim.
Date: 2026-04-29T17:29:46Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-Vimeo-Inc
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Technology / Media Streaming
Victim Organization: Vimeo, Inc.
Victim Site: vimeo.com
Website Defacement of Universitas Muhammadiyah Kalimantan by Mr.spongebob of Anonsec Team
Category: Defacement
Content: On April 30, 2026, a threat actor identified as Mr.spongebob, affiliated with Anonsec Team, defaced a page on the Indonesian university website umuka.ac.id. The targeted URL was https://umuka.ac.id/uid.php, hosted on a Linux-based server. The incident was a single-page defacement, not classified as mass or home page defacement.
Date: 2026-04-29T17:28:28Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248709
Screenshots:
None
Threat Actors: Mr.spongebob, Anonsec team
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas Muhammadiyah Kalimantan
Victim Site: umuka.ac.id
Alleged data breach of Aman Resorts (aman.com)
Category: Data Leak
Content: Threat actor ShinyHunters claims to have compromised over 250,000 Salesforce records containing personally identifiable information (PII) belonging to Aman Resorts. The actor states that the company failed to reach an agreement following extortion attempts, and has subsequently made the data available for free download on BreachForums. The database was reportedly updated as of April 29, 2026.
Date: 2026-04-29T17:28:22Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-Aman-Resorts-aman-com
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Hospitality
Victim Organization: Aman Resorts
Victim Site: aman.com
Alleged Sale of Law Enforcement Email Accounts, EDR Services, and Forged Legal Documents for Social Media Data Extraction
Category: Initial Access
Content: A threat actor on BreachForums is selling compromised government and law enforcement email accounts from multiple countries including Malaysia, Argentina, Brazil, Pakistan, Vietnam, and others, priced between $20 and $100 per account. These accounts are used to submit Emergency Data Requests (EDRs) to platforms such as Instagram, Facebook, WhatsApp, TikTok, Snapchat, Microsoft, and Apple to extract user data including IP addresses, device information, phone numbers, and message logs. The actor i
Date: 2026-04-29T17:22:17Z
Network: openweb
Published URL: https://breached.st/threads/selling-hq-govmails-police-emails-edr-services-domain-seizure-forged-court-orders-law-enforcement-portals-edr-guide.86464/unread
Screenshots:
None
Threat Actors: convince
Victim Country: Unknown
Victim Industry: Government, Law Enforcement
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of fresh logs, combolists, and database dumps
Category: Data Leak
Content: A threat actor operating under the alias webbrunch has shared or made available fresh logs, combolists, and database leaks on a cybercrime forum. The post lacks specific details regarding targeted organizations, industries, or record counts. The content appears to consist of credential lists and potentially database dumps distributed freely.
Date: 2026-04-29T17:21:32Z
Network: openweb
Published URL: https://breached.st/threads/fresh-logs-combolists-database-leaks.86462/unread
Screenshots:
None
Threat Actors: webbrunch
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of V Love Solar Enterprises Customer Database
Category: Data Leak
Content: A threat actor known as SiberSLX has freely leaked a database belonging to V Love Solar Enterprises, a solar energy company based in Gurugram, Haryana, India. The dump contains approximately 2,000 records from an enquiry users list, including names, email addresses, phone numbers, cities, and states. The actor also claims to have included the method used to extract the database within the shared file.
Date: 2026-04-29T17:20:47Z
Network: openweb
Published URL: https://breached.st/threads/vlovesolar-com-database-leaked-download.86459/unread
Screenshots:
None
Threat Actors: SiberSLX
Victim Country: India
Victim Industry: Renewable Energy
Victim Organization: V Love Solar Enterprises
Victim Site: vlovesolar.com
Alleged Data Leak of Dinas Perhubungan Pemerintah Kota Ponorogo Government Database
Category: Data Leak
Content: A threat actor known as Mr. Hanz Xploit has allegedly leaked a database belonging to Dinas Perhubungan Pemerintah Kota Ponorogo, a transportation agency of the Ponorogo city government in Indonesia. The post was shared on the Breached forum. No further details regarding the content or scope of the leaked data are available.
Date: 2026-04-29T17:20:06Z
Network: openweb
Published URL: https://breached.st/threads/leak-database-dinas-perhubungan-pemerintah-kota-ponorogo.86460/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Dinas Perhubungan Pemerintah Kota Ponorogo
Victim Site: Unknown
Alleged Data Leak of 2.4 Million Yedidim Health Insurance Records
Category: Data Leak
Content: A threat actor operating under the alias MDGhost has allegedly leaked a database containing 2.4 million records belonging to Yedidim Health, an Israeli health insurance provider. The leaked data reportedly includes names, mobile numbers, email addresses, and physical addresses. The data was made available on the Breached forum with a Telegram contact provided for further communication.
Date: 2026-04-29T17:19:31Z
Network: openweb
Published URL: https://breached.st/threads/2-4-million-israel-health-insurance-data-leak.86461/unread
Screenshots:
None
Threat Actors: MDGhost
Victim Country: Israel
Victim Industry: Healthcare
Victim Organization: Yedidim Health
Victim Site: Unknown
Alleged Data Leak of Inwinov Tenant Database from Central Java Provincial Regional Research and Innovation Agency
Category: Data Leak
Content: A threat actor known as Gacor77 has freely shared a database belonging to the Central Java Provincial Regional Research and Innovation Agency (Inwinov), containing tenant company records. The leaked data includes company names, director names, contact numbers, email addresses, incubation periods, and funding status for 17 business entities. The data appears to relate to companies enrolled in a regional business incubation program in Central Java, Indonesia.
Date: 2026-04-29T17:18:52Z
Network: openweb
Published URL: https://breached.st/threads/inwinov-tenant-database-central-java-provincial-regional-research-and-innovation-agency.86463/unread
Screenshots:
None
Threat Actors: Gacor77
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Central Java Provincial Regional Research and Innovation Agency
Victim Site: Unknown
Alleged Sale of ezCloud Hotel Management Software Data Breach Including Worldwide Passport Records
Category: Data Breach
Content: A threat actor known as sexybroker is selling a dataset allegedly sourced from ezCloud, a Vietnamese hotel management software provider, totaling approximately 55GB of data. The dataset claims to contain worldwide passport records segmented by country including China, UK, Australia, France, Germany, Russia, and others, with individual country files available for $100 each or the full dataset for $1,500. Sample records include full names, email addresses, and phone numbers of hotel guests, sugg
Date: 2026-04-29T17:15:12Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-World-Wide-passports-55GB-ezcloud-vn-Data-breach-Hotel-mgmt-Software
Screenshots:
None
Threat Actors: sexybroker
Victim Country: Vietnam
Victim Industry: Hospitality / Hotel Management Software
Victim Organization: ezCloud
Victim Site: ezcloud.vn
Threat: Squad Chat Marketplace
Category: Cyber Attack
Content: Legitimate SMS gateway service advertisement – spam/marketing content without threat indicators
Date: 2026-04-29T17:08:35Z
Network: telegram
Published URL: https://t.me/c/2613583520/72230
Screenshots:
None
Threat Actors: Squad Chat Marketplace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Kenya IFMIS Government Financial System
Category: Data Leak
Content: A threat actor known as 0xstar2 has allegedly leaked data from Kenyas Integrated Financial Management Information System (IFMIS), a government platform used to manage public finances, budgeting, and procurement. The leaked content reportedly includes internal documents, financial documents, and emails. The data appears to be made available for free to forum members who reply to the thread.
Date: 2026-04-29T16:43:42Z
Network: openweb
Published URL: https://pwnforums.st/Thread-COLLECTION-IFMIS-KENYA
Screenshots:
None
Threat Actors: 0xstar2
Victim Country: Kenya
Victim Industry: Government
Victim Organization: Integrated Financial Management Information System (IFMIS)
Victim Site: Unknown
Alleged data breach of Boulangerie Ange exposing 812,000 user records
Category: Data Breach
Content: A threat actor known as odelpaso is selling a database allegedly dumped from Boulangerie Ange, Frances second-largest bakery chain, containing over 812,000 user records including last name, first name, phone number, and city. The breach was reportedly achieved by exploiting an exposed authorization token found in HTTP request headers on an Ange subdomain, which allowed unauthenticated access to the backend API. The database was dumped less than one month ago and is being offered for $500.
Date: 2026-04-29T16:12:41Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-DUMP-FR-Boulangerie-ANGE-812k-users-France%E2%80%99s-second-largest-bakery-chain
Screenshots:
None
Threat Actors: odelpaso
Victim Country: France
Victim Industry: Food & Beverage / Retail
Victim Organization: Boulangerie Ange
Victim Site: Unknown
Website Defacement of Cokhixaydung by D0R4H4X0R of Manado Cyber Team
Category: Defacement
Content: On April 29, 2026, a threat actor identified as D0R4H4X0R, operating under the Manado Cyber Team, defaced a subdirectory of cokhixaydung.com, a Vietnamese construction-related website. The attack was a targeted single-page defacement rather than a mass or home page compromise. A mirror of the defacement was archived via zone-xsec.com.
Date: 2026-04-29T16:10:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915959
Screenshots:
None
Threat Actors: D0R4H4X0R, Manado Cyber Team
Victim Country: Vietnam
Victim Industry: Construction
Victim Organization: Co Khi Xay Dung
Victim Site: cokhixaydung.com
Alleged Data Leak of vvg.hr Student Database Affecting 2 Million Records in Croatia
Category: Data Leak
Content: A threat actor operating under the alias Sensitive2025 has leaked an alleged database dump from vvg.hr, the Velika Gorica University of Applied Sciences in Croatia, containing approximately 2 million records. The leaked structured database includes highly sensitive personal information such as full names, national identification numbers (JMBG/OIB), dates of birth, addresses, phone numbers, email addresses, citizenship details, academic enrollment data, and student photographs. The data appears
Date: 2026-04-29T16:02:34Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-%E2%AD%90-Fresh-Database-%C2%A0vvg-hr-2M-lines-Croatia
Screenshots:
None
Threat Actors: Sensitive2025
Victim Country: Croatia
Victim Industry: Education
Victim Organization: Veleučilište Velika Gorica (VVG)
Victim Site: vvg.hr
Alleged Data Breach of Calai.app
Category: Data Breach
Content: A forum post on PwnForums references Calai.app in a databases section, suggesting a potential data breach or leak involving the platform. No additional details, content, or context are available to determine the nature, scope, or type of data involved.
Date: 2026-04-29T15:59:57Z
Network: openweb
Published URL: https://pwnforums.st/Thread-Calai-app
Screenshots:
None
Threat Actors: Emzywemzy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Calai
Victim Site: calai.app
Alleged data breach of Aman Resorts – 250k+ Salesforce records with PII
Category: Data Breach
Content: Threat actor claims to have compromised over 250,000 Salesforce records containing personally identifiable information (PII) from Aman Resorts (aman.com). The actor states that negotiation attempts failed and is now distributing the stolen data via breach forum.
Date: 2026-04-29T15:45:02Z
Network: telegram
Published URL: https://t.me/c/3500620464/7480
Screenshots:
None
Threat Actors: Unknown
Victim Country: United States
Victim Industry: Hospitality/Luxury Resorts
Victim Organization: Aman Resorts
Victim Site: aman.com
Alleged distribution of NullShell v1.0 advanced webshell with WAF evasion and planned ransomware capabilities
Category: Malware
Content: A threat actor using the handle @seveishere is promoting NullShell v1.0, a stealthy webshell designed to evade Web Application Firewalls (WAFs) through read/write operations and custom helper functions. The tool includes system information gathering, directory traversal, and stealthy code execution capabilities. Future planned features include mass file encryption (ransomware), website defacement, and reverse shell functionality. The tool is inspired by Lei_BFs webshell project and represents a significant threat for post-exploitation activities.
Date: 2026-04-29T15:44:23Z
Network: telegram
Published URL: https://t.me/c/2590737229/955
Screenshots:
None
Threat Actors: seveishere
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of RDP access and compromised cloud accounts
Category: Initial Access
Content: Threat actor PORTAL is offering rental access to RDP servers on Azure, AWS, and DigitalOcean platforms at $200, along with compromised domain mail, Gmail, Yahoo accounts, and GitHub Student accounts. Services include escrow and are advertised as having limited stock availability.
Date: 2026-04-29T15:30:23Z
Network: telegram
Published URL: https://t.me/c/2613583520/72191
Screenshots:
None
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Vimeo, Inc. – Snowflake and BigQuery instances compromised
Category: Data Breach
Content: Threat actor claims to have compromised Vimeo, Inc.s Snowflake and BigQuery instances. The actor states that negotiations with the company failed and is making the data available for download. The breach is attributed to a SaaS integrator compromise (Anodot.com referenced).
Date: 2026-04-29T15:07:36Z
Network: telegram
Published URL: https://t.me/c/3500620464/7479
Screenshots:
None
Threat Actors: Unknown
Victim Country: United States
Victim Industry: Video Hosting/SaaS
Victim Organization: Vimeo, Inc.
Victim Site: vimeo.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor operating under the alias FlashCloud2 has shared an alleged private, high-quality (UHQ) combolist of Hotmail credentials on the cybercrime forum CrackingX. The post is restricted to registered or signed-in members, limiting visibility of further details such as record count or data format. The credentials are described as private and UHQ, suggesting they may be freshly compiled or previously undisclosed.
Date: 2026-04-29T14:41:07Z
Network: openweb
Published URL: https://crackingx.com/threads/73684/
Screenshots:
None
Threat Actors: FlashCloud2
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed country combolists (4 million lines)
Category: Combo List
Content: A threat actor operating under the alias CODER has made available a mixed-country combolist containing approximately 4 million credential pairs via Telegram channels. The post directs users to two Telegram groups where free combolists and associated tools are distributed. No specific victim organization or targeted industry has been identified.
Date: 2026-04-29T14:40:19Z
Network: openweb
Published URL: https://crackingx.com/threads/73686/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of WordPress credentials or combolist
Category: Combo List
Content: A threat actor operating under the alias zod has shared what is claimed to be a WordPress-related combolist or credential dump on the CrackingX forum. The content is gated behind registration or sign-in, with the password distributed via a Telegram channel at t.me/zoooddddd. No further details regarding the number of records, targeted organizations, or specific data types are available from the post.
Date: 2026-04-29T14:39:26Z
Network: openweb
Published URL: https://crackingx.com/threads/73688/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias anonymous_cloud has made available a combolist purportedly containing 900 Hotmail credentials on the cracking forum CX. The post offers a free download of the alleged credential list, described as high-quality and premium. No additional context or data fields beyond email credentials are specified.
Date: 2026-04-29T14:38:41Z
Network: openweb
Published URL: https://crackingx.com/threads/73690/
Screenshots:
None
Threat Actors: anonymous_cloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of French email credentials combolist
Category: Combo List
Content: A threat actor operating under the alias D4rkNetHub has made available a combolist containing 1,019 validated French email credentials via a Mega.nz download link. The post was shared on the cracking forum CrackingX under the Combolists & Dumps section. The credentials are described as valid email accounts, though the source organizations or services affected are not specified.
Date: 2026-04-29T14:38:02Z
Network: openweb
Published URL: https://crackingx.com/threads/73692/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor known as snowstormxd has made available a combolist of 197 allegedly fresh Hotmail credentials via a public paste link. The post is associated with a cracking forum and includes promotion of a paid private cloud service offering inbox access tools. The credentials are distributed freely alongside advertisement for premium subscription tiers.
Date: 2026-04-29T14:37:23Z
Network: openweb
Published URL: https://crackingx.com/threads/73693/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist with inbox verification
Category: Combo List
Content: A threat actor operating under the alias He_Cloud has made available a combolist of 759 alleged Hotmail email:password credentials on DemonForums. The post claims 99% accuracy with verified active inboxes, and includes downloads sorted by country. No payment or price is mentioned, indicating the credentials are being freely distributed.
Date: 2026-04-29T14:37:00Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-759x-HQ-HOTMAIL-HITS-99-Accurate-INBOXES-zip-SORTED-COUNTRIES-zip
Screenshots:
None
Threat Actors: He_Cloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of multi-platform credential combolist including PSN, PayPal, Blockchain, Amazon, and Swit accounts
Category: Combo List
Content: A threat actor operating under the alias CODER has made available an 11 million record combolist containing credentials for multiple platforms including PlayStation Network, PayPal, Blockchain, Amazon, and Swit. The combolist is being distributed freely via Telegram channels and a cracking forum. The actor is promoting additional free combolists and tools through dedicated Telegram groups.
Date: 2026-04-29T14:36:44Z
Network: openweb
Published URL: https://crackingx.com/threads/73694/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Multiple Sectors
Victim Organization: Multiple Organizations (PSN, PayPal, Blockchain, Amazon, Swit)
Victim Site: Unknown
Alleged leak of mixed email credential combolist
Category: Combo List
Content: A threat actor operating under the alias NotSellerXd has shared a mixed email combolist containing approximately 4,260 email and password credential pairs on a cybercrime forum. The content is hidden behind a registration or login requirement, suggesting it is available to forum members at no explicit cost. The source organizations and targeted countries are unknown due to the mixed nature of the combolist.
Date: 2026-04-29T14:36:36Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-4260x-MIX-MAIL
Screenshots:
None
Threat Actors: NotSellerXd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor known as He_Cloud has made available a combolist of 943 alleged Hotmail email and password combinations on a cybercrime forum. The post claims 99% validity with active inboxes and includes downloads sorted by country. The credentials are being freely distributed with no payment required.
Date: 2026-04-29T14:36:13Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-943x-Full-Valid-UHQ-Hotmails-Lowzaa9-99-Accurate-INBOXES-zip-Countries
Screenshots:
None
Threat Actors: He_Cloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged cyber attack on Turkish agricultural facility microclimate control system by Armenian code
Category: Cyber Attack
Content: Armenian code claims to have compromised and sabotaged the control panel of a Turkish agricultural facilitys microclimate management system in retaliation for alleged Turkish cyberattacks. The group claims to have modified system settings resulting in reduced feed/heat supply and disabled alarms.
Date: 2026-04-29T14:33:17Z
Network: telegram
Published URL: https://t.me/c/3628793212/164
Screenshots:
None
Threat Actors: Armenian code
Victim Country: Turkey
Victim Industry: Agriculture
Victim Organization: Turkish agricultural facility
Victim Site: Unknown
Alleged Sale of Government and Law Enforcement Email Accounts for EDR Abuse and Forged Legal Documents
Category: Initial Access
Content: A threat actor on BreachForums is allegedly selling access to government and law enforcement email accounts intended for use in submitting Emergency Data Requests (EDRs) and forged court orders or domain-related legal processes. This type of access enables fraudulent impersonation of law enforcement to compel platforms into disclosing user data or transferring domain control. No specific target organizations or countries were identified in the post.
Date: 2026-04-29T14:31:52Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Selling-Government-Emails-and-Police-Emails-for-EDRs-and-forged-court-orders-and-doma
Screenshots:
None
Threat Actors: 0056113
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Boulangerie Ange affecting 812,000 users
Category: Data Breach
Content: A threat actor on BreachForums is selling a database dump allegedly obtained from Boulangerie Ange, Frances second-largest bakery chain, containing over 812,000 user records. The data was exfiltrated via an exposed authorization token found in API request headers on an Ange subdomain, which the actor claims remains unpatched and exploitable. The database contains fields including last name, first name, phone number, and city, and is priced at $500.
Date: 2026-04-29T14:30:28Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-DUMP-Boulangerie-ANGE-812k-users-France%E2%80%99s-second-largest-bakery-chain
Screenshots:
None
Threat Actors: odelpaso
Victim Country: France
Victim Industry: Food & Beverage / Retail
Victim Organization: Boulangerie Ange
Victim Site: Unknown
Alleged Sale of SMTP and AWS SES Accounts for Bulk Email Distribution
Category: Initial Access
Content: A threat actor operating under the alias ric007 on BreachForums is selling compromised SMTP and AWS SES accounts from multiple major email service providers including SendGrid, Mailgun, SparkPost, Brevo, Postmark, and AWS SES. Accounts are offered with sending limits ranging from 40K to 100K emails, priced between $150 and $700 depending on the provider and limit tier. Payment is accepted exclusively in cryptocurrency, and full login credentials are provided upon purchase, suggesting these are
Date: 2026-04-29T14:30:04Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-SMTP-AWS-SES-Accounts-50K-100K-Limits-Crypto-Only
Screenshots:
None
Threat Actors: ric007
Victim Country: Unknown
Victim Industry: Technology / Email Services
Victim Organization: SendGrid, Mailgun, SparkPost, SMTP2GO, Elastic Email, SMTP.com, Brevo, Postmark, AWS SES
Victim Site: Unknown
Alleged Data Leak of Universitas Sumatera Utara Digital Library Database
Category: Data Leak
Content: A threat actor known as 0xHentai has allegedly leaked a database dump from the digital library of Universitas Sumatera Utara (USU), an Indonesian public university. The post implies student data was compromised and made available on the Breached forum. No specific record count or detailed data fields were disclosed in the post.
Date: 2026-04-29T14:18:55Z
Network: openweb
Published URL: https://breached.st/threads/dump-database-digilib-usu-ac-id.86457/unread
Screenshots:
None
Threat Actors: 0xHentai
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas Sumatera Utara (USU) Digital Library
Victim Site: digilib.usu.ac.id
Alleged Data Breach of Brazilian Banking Institutions Affecting 2.3 Million Records
Category: Data Breach
Content: A threat actor operating under the alias RubiconH4ck is selling an alleged database containing 2.3 million records purportedly sourced from multiple Brazilian banking institutions, covering the period 2024-2026. The dataset reportedly includes customer full names, email addresses, phone numbers, account references, internal PDFs, and historical transaction logs. The actor is offering samples via Telegram contact channels.
Date: 2026-04-29T14:18:22Z
Network: openweb
Published URL: https://breached.st/threads/2-3millions-brazilian-banking-database-2024-2026.86334/unread
Screenshots:
None
Threat Actors: RubiconH4ck
Victim Country: Brazil
Victim Industry: Banking & Finance
Victim Organization: Multiple Brazilian Banking Institutions
Victim Site: Unknown
Website Defacement of EditLaTeX by DimasHxR
Category: Defacement
Content: On April 29, 2026, threat actor DimasHxR defaced a page on editlatex.com, a website associated with LaTeX document editing services. The attack targeted a specific subpage (b.html) rather than the homepage and was carried out as a solo operation with no affiliated team. Server and infrastructure details were not available at the time of reporting.
Date: 2026-04-29T14:13:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915950
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Technology / Software Services
Victim Organization: EditLaTeX
Victim Site: editlatex.com
Website Defacement of Dutch Bathroom Renovation Company by DimasHxR
Category: Defacement
Content: On April 29, 2026, a threat actor identified as DimasHxR defaced the website of Badkamer Renovatie Den Bosch, a bathroom renovation company based in s-Hertogenbosch (Den Bosch), Netherlands. The incident was a targeted single-site defacement with no team affiliation reported. No specific motive or server details were disclosed in connection with the attack.
Date: 2026-04-29T14:11:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915951
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Netherlands
Victim Industry: Construction and Home Renovation
Victim Organization: Badkamer Renovatie Den Bosch
Victim Site: badkamerrenovatiedenbosch.nl
Website Defacement of Damax Solutions by DimasHxR
Category: Defacement
Content: On April 29, 2026, threat actor DimasHxR defaced the website of Damax Solutions, targeting a subdirectory within the WordPress content folder. The attack was an individual defacement, not part of a mass or coordinated campaign, with no stated motive or team affiliation recorded. The incident was mirrored and archived by zone-xsec.com under mirror ID 915949.
Date: 2026-04-29T14:09:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915949
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Technology / IT Solutions
Victim Organization: Damax Solutions
Victim Site: damaxsolutions.com
Alleged data breach of Royal Moroccan Tennis Federation (FRMT)
Category: Data Breach
Content: Keymous Plus channel announces alleged breach of FRMT (Royal Moroccan Tennis Federation). Details limited in post; appears to be promotional announcement with channel links.
Date: 2026-04-29T13:47:19Z
Network: telegram
Published URL: https://t.me/c/2588114907/1204
Screenshots:
None
Threat Actors: Keymous
Victim Country: Morocco
Victim Industry: Sports Federation
Victim Organization: Royal Moroccan Tennis Federation (FRMT)
Victim Site: Unknown
Alleged defacement/compromise of multiple domains with malicious payload
Category: Defacement
Content: Four domains compromised and hosting identical malicious content at /mauljago.html path: sonioptical.com, unitedworldx.com, theplazamall.in, and rudraniholidays.com. The identical path across unrelated domains suggests either a phishing kit distribution, webshell deployment, or mass defacement campaign.
Date: 2026-04-29T13:47:14Z
Network: telegram
Published URL: https://t.me/Maulnism1337/1586
Screenshots:
None
Threat Actors: Мавульф
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Lovely Lashes by DimasHxR
Category: Defacement
Content: The website lovely-lashes.net, belonging to a beauty and personal care business, was defaced by the threat actor DimasHxR on April 29, 2026. The attack targeted a WordPress installation, as evidenced by the wp-includes path in the defaced URL. The defacement was carried out as a single, targeted incident with no team affiliation reported.
Date: 2026-04-29T13:40:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915926
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Beauty and Personal Care
Victim Organization: Lovely Lashes
Victim Site: lovely-lashes.net
Alleged leak of gaming and casino credential combolist targeting Germany
Category: Combo List
Content: A threat actor operating under the alias HQcomboSpace has made available a combolist containing over 1.16 million credential entries targeting gaming and casino platforms in Germany. The list was shared via a Mega.nz link on the crackingx.com forum at no apparent cost. The leaked data appears to consist of email/password combinations sourced from German gaming and casino-related services.
Date: 2026-04-29T13:33:59Z
Network: openweb
Published URL: https://crackingx.com/threads/73676/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Gaming and Gambling
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 21.5 million URL:login:password credentials
Category: Combo List
Content: A threat actor operating under the alias roseulp has made available a combolist containing approximately 21.5 million URL:login:password credential pairs on the cracking forum CrackingX. The post offers a free download of the credential list, which spans multiple sites and services. No specific victim organization or country has been identified, suggesting this is an aggregated multi-source combolist.
Date: 2026-04-29T13:32:52Z
Network: openweb
Published URL: https://crackingx.com/threads/73681/
Screenshots:
None
Threat Actors: roseulp
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 8 million URL:login:password credentials
Category: Combo List
Content: A threat actor operating under the alias roseulp has made available a combolist containing approximately 8 million URL:login:password credential pairs on the cracking forum CrackingX. The post offers a free download of the credential list. No specific victim organization or country has been identified, suggesting this is a compiled multi-source combolist.
Date: 2026-04-29T13:32:34Z
Network: openweb
Published URL: https://crackingx.com/threads/73682/
Screenshots:
None
Threat Actors: roseulp
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed private logs (~1.5GB)
Category: Data Leak
Content: A threat actor using the handle niven938644 has made available approximately 1.5GB of mixed private logs via a Mega.nz file sharing link on DemonForums. The archive is password-protected and distributed freely. The exact contents, victim organizations, and number of records are unknown based on the available post details.
Date: 2026-04-29T13:32:17Z
Network: openweb
Published URL: https://demonforums.net/Thread-Mix-private-logs-1-5gb
Screenshots:
None
Threat Actors: niven938644
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor known as Jelooos has made available a combolist purportedly containing 7,653 Hotmail account credentials on the cracking forum CX. The post is described as Full Private, suggesting the credentials may be previously unpublished. The content requires forum registration to access, limiting immediate verification of the claim.
Date: 2026-04-29T13:32:03Z
Network: openweb
Published URL: https://crackingx.com/threads/73683/
Screenshots:
None
Threat Actors: Jelooos
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed platform credential combolist including Netflix, OnlyFans, ChatGPT, Xbox, Sony, Discord, and Facebook
Category: Data Leak
Content: A threat actor operating under the alias Larry_Uchiha has shared a mixed-platform combolist on the AE forum, containing credentials for multiple popular services including Netflix, OnlyFans, ChatGPT, Xbox, Sony, Discord, and Facebook. The combolist appears to be available as a free download, gated behind a reply requirement. Full content is distributed via Telegram.
Date: 2026-04-29T13:29:41Z
Network: openweb
Published URL: https://altenens.is/threads/mix-account-combo-netflix-onlyfans-chatgpt-xbox-sony-discord-facebook-2026-4-26.2931597/unread
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Multiple
Victim Organization: Netflix, OnlyFans, OpenAI, Xbox, Sony, Discord, Facebook
Victim Site: Unknown
Website Defacement of markdub.com by DimasHxR
Category: Defacement
Content: On April 29, 2026, a threat actor operating under the handle DimasHxR defaced a page on markdub.com, specifically targeting the blog section of the site. The defacement was an isolated, individual attack with no team affiliation, mass defacement activity, or prior redefacement history recorded. Server and infrastructure details were not available at the time of reporting.
Date: 2026-04-29T13:29:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915925
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Mark Dub
Victim Site: markdub.com
Alleged leak of Hotmail credential combolist targeting multiple regions
Category: Data Leak
Content: A threat actor known as Larry_Uchiha has made available a combolist containing approximately 870 Hotmail email credentials on the forum AE – Combo List. The combolist reportedly includes accounts from users across the United States, Europe, Asia, and Russia. The content is hidden behind a reply gate and may be distributed via Telegram.
Date: 2026-04-29T13:29:26Z
Network: openweb
Published URL: https://altenens.is/threads/870x-hotmail-access-combo-usa-europe-asia-russian.2931596/unread
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged leak of mixed email provider credential combolist
Category: Data Leak
Content: A threat actor known as Larry_Uchiha shared a mixed email combolist on the AE forum, containing credentials for multiple email providers including Hotmail, Outlook, AOL, GMX, Inbox, iCloud, and Live. The combolist was made available for free to forum members who reply to the thread. Full content is gated behind a reply wall and distributed via Telegram.
Date: 2026-04-29T13:29:13Z
Network: openweb
Published URL: https://altenens.is/threads/mix-mail-combo-hotmail-outlook-aol-gmx-inbox-icloud-live-2026-4-26.2931599/unread
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist containing 15,000 entries
Category: Logs
Content: A threat actor operating under the alias UniqueCombo has shared a mixed combolist containing approximately 15,000 unique credential entries on a cybercrime forum. The post was made in the Mail Access & Combolists section, suggesting the credentials may include email account logins. No specific victim organization or country of origin could be determined from the available information.
Date: 2026-04-29T13:28:11Z
Network: openweb
Published URL: https://xforums.st/threads/mix-unique-combo_3_15000.611877/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 25 million URL:login:password credentials
Category: Data Leak
Content: A threat actor operating under the alias roseulp has made available a combolist containing approximately 25 million URL, login, and password combinations on an underground forum. The leak appears to be a free distribution of credential data collected from multiple unspecified sources. No specific victim organization or industry has been identified, suggesting this is a multi-source credential compilation.
Date: 2026-04-29T13:26:31Z
Network: openweb
Published URL: https://xforums.st/threads/25-million-url-login-pass-2.611876/
Screenshots:
None
Threat Actors: roseulp
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Removed Post on Dark Forum Leak Market
Category: Data Breach
Content: A post on the DF Leaks Market forum by user attacker_company has been removed by the author. No details regarding the victim, data type, or nature of the threat are available as the content was deleted prior to analysis.
Date: 2026-04-29T13:12:28Z
Network: openweb
Published URL: https://darkforums.su/Thread-Removed-Post-This-post-has-been-removed-by-the-author
Screenshots:
None
Threat Actors: attacker_company
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of bymadeeha.com by DimasHxR
Category: Defacement
Content: A threat actor operating under the handle DimasHxR defaced a specific page (b.html) on bymadeeha.com on April 29, 2026. The incident was a targeted single-page defacement rather than a mass or home page defacement. No team affiliation, motive, or technical details regarding the compromised server were disclosed.
Date: 2026-04-29T13:11:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915922
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: By Madeeha
Victim Site: bymadeeha.com
Website Defacement of Aleria Rally (aleriarally.fr) by DimasHxR
Category: Defacement
Content: On April 29, 2026, a threat actor identified as DimasHxR defaced the website of Aleria Rally, a French motorsports organization, by modifying the readme.txt file. The defacement was carried out as an individual (no team affiliation) and was not part of a mass or redefacement campaign. Technical details such as server information and exploit method were not disclosed.
Date: 2026-04-29T13:09:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915917
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: France
Victim Industry: Sports / Motorsports
Victim Organization: Aleria Rally
Victim Site: aleriarally.fr
Website Defacement of mkk-plus.de by DimasHxR
Category: Defacement
Content: On April 29, 2026, the German website mkk-plus.de was defaced by a threat actor identified as DimasHxR, operating independently without a team affiliation. The attacker targeted the readme.html page of the domain, performing a single targeted defacement rather than a mass or home page compromise. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-04-29T13:07:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915923
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: MKK Plus
Victim Site: mkk-plus.de
Website Defacement of kontaktscout.info by DimasHxR
Category: Defacement
Content: On April 29, 2026, a threat actor identified as DimasHxR defaced a page on kontaktscout.info, a contact or networking-related web platform. The defacement targeted a specific subpage (b.html) rather than the homepage, indicating a targeted or opportunistic attack on a non-root directory. No team affiliation, stated motivation, or technical details regarding the exploitation method were disclosed.
Date: 2026-04-29T13:06:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915921
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Online Services / Networking
Victim Organization: Kontakt Scout
Victim Site: kontaktscout.info
Website Defacement of cenyou.net by DimasHxR
Category: Defacement
Content: On April 29, 2026, a threat actor identified as DimasHxR defaced the homepage of cenyou.net, replacing the index page with unauthorized content. The attack was a targeted single-site defacement affecting the main homepage. No team affiliation, specific motive, or technical details regarding the server environment were disclosed.
Date: 2026-04-29T13:00:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915912
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Cenyou
Victim Site: cenyou.net
Website Defacement of ddacg.org by DimasHxR
Category: Defacement
Content: On April 29, 2026, a threat actor identified as DimasHxR defaced the homepage of ddacg.org, replacing the index page with unauthorized content. The attack was a targeted single-site defacement of the home page, with no team affiliation reported. Server and technical details were not disclosed in the available intelligence.
Date: 2026-04-29T12:58:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915913
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: DDACG
Victim Site: ddacg.org
Website Defacement of my-porn-hub.com by DimasHxR
Category: Defacement
Content: On April 29, 2026, the adult entertainment website my-porn-hub.com was defaced by a threat actor operating under the alias DimasHxR, acting independently without a known team affiliation. The attack resulted in a homepage defacement, replacing the sites index page with unauthorized content. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-04-29T12:57:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915915
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Adult Entertainment
Victim Organization: My Porn Hub
Victim Site: my-porn-hub.com
Website Defacement of Lufredha Academy by DimasHxR
Category: Defacement
Content: On April 29, 2026, the threat actor DimasHxR defaced a page on lufredhaacademy.com, an educational institutions website. The attack targeted a specific subpage (b.html) rather than the homepage, indicating a targeted but limited defacement. No team affiliation, stated motive, or technical details regarding the server environment were identified.
Date: 2026-04-29T12:55:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915916
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Lufredha Academy
Victim Site: lufredhaacademy.com
Website Defacement of 91kds.me by DimasHxR
Category: Defacement
Content: On April 29, 2026, a threat actor operating under the alias DimasHxR conducted a homepage defacement of the website 91kds.me. The attack targeted the index page and is classified as a single-site defacement rather than a mass defacement campaign. No team affiliation, stated motive, or technical details regarding the server environment were disclosed.
Date: 2026-04-29T12:54:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915911
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 91kds.me
Website Defacement of Sporuzmani by DimasHxR
Category: Defacement
Content: On April 29, 2026, the threat actor DimasHxR defaced a page on sporuzmani.com, a sports-related website likely targeting a Turkish audience based on the domain naming convention. The defacement was a single-page incident and not classified as a mass or home page defacement. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-04-29T12:48:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915908
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Turkey
Victim Industry: Sports / Media
Victim Organization: Sporuzmani
Victim Site: sporuzmani.com
Website Defacement of 80415470753.shop by DimasHxR
Category: Defacement
Content: On April 29, 2026, a threat actor identified as DimasHxR defaced the website hosted at 80415470753.shop, replacing or modifying content as evidenced by the readme.txt file. The attacker operated independently without affiliation to a known group. Server details and attack methodology remain unknown, and the incident was limited to a single page rather than a mass or home defacement.
Date: 2026-04-29T12:45:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915905
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-Commerce / Retail
Victim Organization: Unknown
Victim Site: 80415470753.shop
Website Defacement of Shishu Polli Plus by DimasHxR
Category: Defacement
Content: On April 29, 2026, a threat actor identified as DimasHxR defaced a subpage of shishupolliplus.org, a Bangladeshi organization likely involved in child welfare or social services. The attack targeted a specific page (b.html) rather than the homepage, indicating a targeted but limited-scope defacement. No team affiliation, attack vector, or stated motivation was disclosed.
Date: 2026-04-29T12:43:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915909
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Bangladesh
Victim Industry: Non-Profit / Social Services
Victim Organization: Shishu Polli Plus
Victim Site: shishupolliplus.org
Website Defacement of xavierliras.com by DimasHxR
Category: Defacement
Content: On April 29, 2026, the website xavierliras.com was defaced by a threat actor operating under the handle DimasHxR, acting independently without affiliation to a known group. The attack targeted a specific page (b.html) rather than the homepage, indicating a targeted sub-page defacement. No specific motive or technical details regarding the server or attack vector were disclosed.
Date: 2026-04-29T12:37:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915896
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Xavier Liras
Victim Site: xavierliras.com
Cherry Health outage in Michigan investigated as possible cyberattack
Category: Cyber Attack
Content: Cherry Health, a healthcare provider based in Grand Rapids, Michigan, is currently experiencing a widespread technology outage affecting its phone system, raising suspicions of a cybersecurity incident. Although its clinics remain open for scheduled appointments, the organization has not publicly confirmed whether patient data has been compromised. This disruption follows a reported ransomware incident in late 2023, and the company has not specified the current cause of the outage.
Date: 2026-04-29T12:36:26Z
Network: openweb
Published URL: https://dysruptionhub.com/cherry-health-cyberattack-michigan/
Screenshots:
None
Threat Actors:
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Cherry Health
Victim Site: cherryhealth.org
Cherry Health outage in Michigan investigated as possible cyberattack
Category: Cyber Attack
Content: Cherry Health, un prestataire de soins de santé basé à Grand Rapids, Michigan, traverse actuellement une panne technologique généralisée affectant son système téléphonique, soulevant des soupçons dincident de cybersécurité. Bien que les cliniques restent ouvertes pour les rendez-vous planifiés, lorganisation na pas confirmé publiquement si des données de patients ont été compromises. Cette perturbation survient après un incident de rançongiciel signalé fin 2023, et lentreprise na pas précisé la cause actuelle de la panne.
Date: 2026-04-29T12:36:20Z
Network: openweb
Published URL: https://dysruptionhub.com/cherry-health-cyberattack-michigan/
Screenshots:
None
Threat Actors:
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Cherry Health
Victim Site: cherryhealth.org
Website Defacement of Asylum and Refugee Rights Organization by DimasHxR
Category: Defacement
Content: On April 29, 2026, threat actor DimasHxR defaced a subpage of asylumandrefugeerights.org, a website dedicated to asylum and refugee rights advocacy. The attack was a targeted single-page defacement, not a mass or home page compromise. No specific motive, team affiliation, or technical details regarding the server infrastructure were disclosed.
Date: 2026-04-29T12:36:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915897
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Non-Profit / Human Rights
Victim Organization: Asylum and Refugee Rights
Victim Site: asylumandrefugeerights.org
Website Defacement of ship4me.site by DimasHxR
Category: Defacement
Content: A website defacement was carried out by the threat actor DimasHxR against ship4me.site, targeting a specific page (b.html) on the domain. The attacker operated independently without affiliation to a known group. The incident was a targeted single-page defacement, with a mirror archived on zone-xsec.com.
Date: 2026-04-29T12:34:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915895
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Shipping / Logistics
Victim Organization: Ship4Me
Victim Site: ship4me.site
Website Defacement of fytco.net by DimasHxR
Category: Defacement
Content: A threat actor operating under the alias DimasHxR defaced a page within the WordPress admin directory of fytco.net on April 29, 2026. The defacement targeted a specific file (b.html) under the wp-admin path, suggesting exploitation of the WordPress content management system. The incident was a targeted, non-mass defacement with no team affiliation disclosed.
Date: 2026-04-29T12:33:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915894
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Fytco
Victim Site: fytco.net
Alleged leak of education sector combolist with 9 million credentials
Category: Combo List
Content: A threat actor operating under the alias CODER is distributing a combolist purportedly containing 9 million education-sector credentials via Telegram channels. The post advertises free combo and program resources through two Telegram groups. No specific victim organization or targeted domain has been identified.
Date: 2026-04-29T12:30:46Z
Network: openweb
Published URL: https://crackingx.com/threads/73668/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 1.3 million URL-login-password credentials
Category: Combo List
Content: A threat actor operating under the alias RandomUpload has shared a combolist containing approximately 1.3 million URL, login, and password combinations on the cracking forum CrackingX. The post requires forum registration to access the hidden download content. No specific victim organization or country is identified, suggesting this is a compiled credential list aggregated from multiple sources.
Date: 2026-04-29T12:30:10Z
Network: openweb
Published URL: https://crackingx.com/threads/73670/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credential combolist (X9100)
Category: Combo List
Content: A threat actor operating under the alias RandomUpload on the cracking forum CrackingX has made available a mixed email combolist referred to as X9100. The post requires forum registration to access the hidden download content. No specific victim organization, country, or industry could be attributed based on the available information.
Date: 2026-04-29T12:29:54Z
Network: openweb
Published URL: https://crackingx.com/threads/73671/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor operating under the alias HollowKnight has shared an alleged sample combolist containing 1,960 Hotmail email and password credential pairs on a cybercrime forum. The post is framed as a sample, suggesting a larger dataset may exist. The full content is gated behind forum registration or login.
Date: 2026-04-29T12:29:46Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-1960x-SAMPLE-HOTMAIL-%E2%9A%A1%E2%9A%A1–202191
Screenshots:
None
Threat Actors: HollowKnight
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Distribution of Stimulus Check Combolist via Telegram
Category: Combo List
Content: A threat actor operating under the alias Lilmike1176 is advertising access to verified stimulus check (stimmys) data via a Telegram channel (t.me/bigdevvy). The post suggests the actor has access to financial account information or credentials associated with government stimulus payments. No further details regarding record count or pricing were provided in the forum post.
Date: 2026-04-29T12:29:27Z
Network: openweb
Published URL: https://crackingx.com/threads/73672/
Screenshots:
None
Threat Actors: Lilmike1176
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor using the alias snowstormxd has made available a combolist of 197 alleged Hotmail credentials on a cracking forum. The post includes a free download link via Pasteview and a Telegram channel. The actor also advertises a paid cloud service featuring a built-in inboxer, suggesting the credentials may have been validated.
Date: 2026-04-29T12:29:05Z
Network: openweb
Published URL: https://crackingx.com/threads/73673/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Website Defacement of cttmoutier.ch by DimasHxR
Category: Defacement
Content: On April 29, 2026, the attacker known as DimasHxR defaced a page on cttmoutier.ch, a Swiss website associated with CTT Moutier. The defacement targeted a specific subpage rather than the homepage and was carried out as a solo attack with no attributed team affiliation. Server and technical details were not disclosed in the available intelligence.
Date: 2026-04-29T12:27:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915893
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Switzerland
Victim Industry: Unknown
Victim Organization: CTT Moutier
Victim Site: cttmoutier.ch
Website Defacement of thetether.space by DimasHxR
Category: Defacement
Content: On April 29, 2026, a threat actor identified as DimasHxR defaced a specific page (b.html) on thetether.space. The attack was a targeted single-page defacement, not a mass or home page defacement. No team affiliation, motive, or server details were disclosed in connection with this incident.
Date: 2026-04-29T12:25:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915892
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: The Tether
Victim Site: thetether.space
Website Defacement of afish-ka.ru by DimasHxR
Category: Defacement
Content: On April 29, 2026, the attacker known as DimasHxR defaced the Russian website www.afish-ka.ru by altering a readme.txt file. The incident was a targeted, single-site defacement with no team affiliation reported. No additional technical details such as the attack vector, server software, or stated motive were disclosed.
Date: 2026-04-29T12:24:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915877
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Afish-ka
Victim Site: www.afish-ka.ru
Website Defacement of x0x.ovh by DimasHxR
Category: Defacement
Content: On April 29, 2026, a threat actor operating under the alias DimasHxR defaced a page hosted on the domain x0x.ovh. The defacement targeted a specific HTML page (b.html) and was carried out as a standalone, non-mass incident with no affiliated team. Technical details such as the server software and attack vector remain unknown.
Date: 2026-04-29T12:22:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915891
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: x0x.ovh
Alleged leak of Japanese email access credentials
Category: Logs
Content: A threat actor known as MegaCloud has made available a combolist allegedly containing 1,500 valid email access credentials targeting Japanese users. The post is dated April 29 and is described as fresh and full valid, suggesting recently verified active accounts. No specific email provider or organization has been identified as the source.
Date: 2026-04-29T12:21:35Z
Network: openweb
Published URL: https://xforums.st/threads/1-5k-japa-fresh-full-valid-mail-access-29-04.611870/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed USA/EU/RU mail access combolist
Category: Data Leak
Content: A threat actor operating under the alias Megacloud has shared a mixed combolist containing approximately 5,500 email access credentials targeting users from the United States, European Union, and Russia. The post was made available on the AE – Combo List forum on April 29th, requiring users to reply to access the hidden content. The combolist includes mail account credentials across multiple regions.
Date: 2026-04-29T12:18:49Z
Network: openweb
Published URL: https://altenens.is/threads/5-5-k-usa-eu-ru-mail-access-mix-29-04.2931542/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email access combolist
Category: Data Leak
Content: A threat actor operating under the alias Megacloud has shared a combolist containing approximately 6,700 allegedly valid email credentials on the forum altenens.is. The post is described as a mixed mail access combolist, suggesting credentials from multiple email providers. Access to the content requires forum engagement, as the data is hidden behind a reply gate.
Date: 2026-04-29T12:18:36Z
Network: openweb
Published URL: https://altenens.is/threads/6-7k-full-valid-mail-access-mix-29-04.2931552/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Quima Loader malware delivery service with MoTW bypass capability
Category: Initial Access
Content: A threat actor operating under the alias QuimaCORE is selling a malware-as-a-service loader called Quima Loader, which delivers payloads via browser cache to bypass Mark-of-the-Web (MoTW) protections, SmartScreen, and Zone.Identifier ADS. The service supports multiple delivery formats (VBS, LNK, HTA, ZIP, ISO) and targets Chrome, Edge, Brave, and Firefox browsers, with custom landing pages, bot blocking, and per-link controls. Pricing ranges from $50 for one month to $400 for twelve months, with
Date: 2026-04-29T12:17:50Z
Network: openweb
Published URL: https://hackforums.net/showthread.php?tid=6324542
Screenshots:
None
Threat Actors: QuimaCORE
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Epicrise Invest by DimasHxR
Category: Defacement
Content: On April 29, 2026, the website epicriseinvest.com was defaced by a threat actor operating under the alias DimasHxR, with no affiliated team identified. The attacker targeted a subpage (b.html) rather than the home page, indicating a targeted page-level defacement. No specific motive or reason was disclosed for the attack.
Date: 2026-04-29T12:16:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915876
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Finance / Investment
Victim Organization: Epicrise Invest
Victim Site: epicriseinvest.com
Website Defacement of Dhingraautomotive.com by DimasHxR
Category: Defacement
Content: On April 29, 2026, the threat actor DimasHxR defaced a subpage on dhingraautomotive.com, an automotive business website likely based in India. The attacker targeted a specific page (b.html) rather than the homepage, indicating a targeted subpage defacement. No team affiliation, stated motivation, or technical details about the server environment were disclosed.
Date: 2026-04-29T12:14:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915875
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: India
Victim Industry: Automotive
Victim Organization: Dhingraautomotive
Victim Site: dhingraautomotive.com
Alleged Data Breach of FRMF (Royal Moroccan Football Federation)
Category: Data Breach
Content: A threat actor operating under the alias Keymous has posted a thread on BreachForums claiming to possess data associated with the Royal Moroccan Football Federation (FRMF). No post content was available to determine the nature, volume, or type of data involved.
Date: 2026-04-29T12:12:24Z
Network: openweb
Published URL: https://breachforums.rs/Thread-MOROCCO-FRMF-ORIGINAL
Screenshots:
None
Threat Actors: Keymous
Victim Country: Morocco
Victim Industry: Sports & Recreation
Victim Organization: Royal Moroccan Football Federation (FRMF)
Victim Site: Unknown
Alleged Data Leak of Royal Moroccan Tennis Federation Member Database
Category: Data Leak
Content: A threat actor known as Keymous has shared a database allegedly belonging to the Royal Moroccan Tennis Federation (FRMT) on BreachForums. The leaked data contains approximately 20,000 records including members first names, family names, club affiliations, and gender. The data appears to be made available for free download to registered forum members.
Date: 2026-04-29T12:11:02Z
Network: openweb
Published URL: https://breachforums.rs/Thread-MOROCCO-FRMT-Royal-Moroccan-Tennis-Federation
Screenshots:
None
Threat Actors: Keymous
Victim Country: Morocco
Victim Industry: Sports & Recreation
Victim Organization: Royal Moroccan Tennis Federation
Victim Site: Unknown
Alleged Data Breach of Abril Group with Extortion Threat and Partial Data Leak
Category: Data Breach
Content: A threat actor operating under the alias joaoestrella has released a partial sample of 100,000 customer records from the Abril Groups database, which allegedly contains 20 million total records. The leaked data includes personally identifiable information such as names, document numbers, email addresses, birthdates, phone numbers, and address details across multiple database tables. The actor is issuing a final extortion warning to Abril Group, demanding payment via Telegram or threatening to
Date: 2026-04-29T12:08:16Z
Network: openweb
Published URL: https://breached.st/threads/abril-com-br-partial-100k-customers-data.86456/unread
Screenshots:
None
Threat Actors: joaoestrella
Victim Country: Brazil
Victim Industry: Media & Publishing
Victim Organization: Abril Group
Victim Site: abril.com.br
Website Defacement of destacabamos.click by DimasHxR
Category: Defacement
Content: A threat actor identified as DimasHxR defaced the website at destacabamos.click/b.html on April 29, 2026. The defacement targeted a specific page rather than the homepage and was carried out as a single, non-mass incident. No team affiliation, stated motive, or server details were identified in connection with this attack.
Date: 2026-04-29T12:08:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915867
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: destacabamos.click
Website Defacement of IQOS Sheets Sharjah by DimasHxR
Category: Defacement
Content: On April 29, 2026, a threat actor operating under the alias DimasHxR defaced a subpage of iqosheetssharjah.ae, a retail website based in Sharjah, United Arab Emirates, associated with IQOS tobacco products. The defacement targeted a specific page (b.html) rather than the homepage, indicating a targeted single-page compromise. No team affiliation, motive, or technical details regarding the attack vector were disclosed.
Date: 2026-04-29T12:01:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915865
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Arab Emirates
Victim Industry: Retail / Tobacco Products
Victim Organization: IQOS Sheets Sharjah
Victim Site: iqosheetssharjah.ae
Website Defacement of alexconner.com by DimasHxR
Category: Defacement
Content: On April 29, 2026, a threat actor operating under the alias DimasHxR defaced the website alexconner.com by modifying a readme.txt file. The attacker acted independently without an affiliated team. The motivation and technical details of the intrusion remain unknown.
Date: 2026-04-29T12:00:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915853
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Alex Conner
Victim Site: alexconner.com
Website Defacement of pu88.click by DimasHxR
Category: Defacement
Content: On April 29, 2026, a threat actor identified as DimasHxR defaced a page hosted on the domain pu88.click, targeting the file /b.html. The attacker operated independently without affiliation to a known group or team. The motivation and full technical details of the intrusion remain undisclosed.
Date: 2026-04-29T11:59:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915866
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: pu88.click
Website Defacement of Onlinehubber by DimasHxR
Category: Defacement
Content: On April 29, 2026, a threat actor identified as DimasHxR defaced a page on onlinehubber.com (specifically the path /b.html). The attack was carried out as a single-target, non-mass defacement with no stated motivation or team affiliation. Server and infrastructure details were not disclosed in the incident report.
Date: 2026-04-29T11:58:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915859
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Onlinehubber
Victim Site: onlinehubber.com
Website Defacement of rajnikantkhatri.com by DimasHxR
Category: Defacement
Content: On April 29, 2026, a threat actor identified as DimasHxR defaced a subpage of rajnikantkhatri.com, targeting the URL path /b.html. The attack was carried out as an individual defacement, not part of a mass or team campaign. Server and infrastructure details were not disclosed in the available intelligence.
Date: 2026-04-29T11:56:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915861
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Rajnikant Khatri
Victim Site: rajnikantkhatri.com
Mass defacement of Indonesian business site by Irene of XmrAnonye.id
Category: Defacement
Content: On April 29, 2026, a threat actor known as Irene, affiliated with the group XmrAnonye.id, defaced the Indonesian business website evandriaprimajasindo.co.id as part of a mass defacement campaign. The attack targeted a Linux-based web server and resulted in the publication of a defacement page at a dedicated path on the domain. The incident has been archived and is not classified as a homepage or re-defacement.
Date: 2026-04-29T11:55:36Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248708
Screenshots:
None
Threat Actors: Irene, XmrAnonye.id
Victim Country: Indonesia
Victim Industry: Business Services
Victim Organization: Evandria Prima Jasindo
Victim Site: evandriaprimajasindo.co.id
Website Defacement of jeansgdl.com by chinafans (0xteam)
Category: Defacement
Content: The website jeansgdl.com, likely a jeans/apparel retailer based in Guadalajara, Mexico, was defaced by threat actor chinafans operating under the group 0xteam. The defacement was recorded on April 29, 2026, with the attacker leaving a text-based payload at the path /0x.txt. The incident was a singular, non-mass defacement with no prior redefacement history noted.
Date: 2026-04-29T11:49:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915790
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Mexico
Victim Industry: Retail / Fashion
Victim Organization: Jeans GDL
Victim Site: jeansgdl.com
Website Defacement of Canaã Portões by chinafans (0xteam)
Category: Defacement
Content: On April 29, 2026, the Brazilian website canaaportoes.com.br was defaced by a threat actor known as chinafans, operating under the group 0xteam. The attacker planted a defacement file at the path /0x.txt on the target server. This was a targeted, single-site defacement with no indication of mass or repeated compromise.
Date: 2026-04-29T11:48:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915800
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Brazil
Victim Industry: Manufacturing / Construction Materials (Gate & Door Industry)
Victim Organization: Canaã Portões
Victim Site: canaaportoes.com.br
Website Defacement of Pamphlet World by chinafans (0xteam)
Category: Defacement
Content: The website pamphletworld.com was defaced by threat actor chinafans operating under the group 0xteam on April 29, 2026. The defacement targeted a specific file path (/0x.txt) rather than the homepage, indicating a targeted file-level intrusion. No specific motive or technical details regarding the attack vector were disclosed.
Date: 2026-04-29T11:47:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915796
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Media/Publishing
Victim Organization: Pamphlet World
Victim Site: pamphletworld.com
Website Defacement of Nassau Bologna by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans, operating under the group 0xteam, defaced the website nassaubologna.com on April 29, 2026. The defacement was a targeted, single-site incident with no indication of mass or repeated compromise. The attacker left a marker file at nassaubologna.com/0x.txt as evidence of the intrusion.
Date: 2026-04-29T11:46:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915788
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Nassau Bologna
Victim Site: nassaubologna.com
Website defacement of vpd.kr by chinafans of 0xteam
Category: Defacement
Content: On April 29, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced a file hosted on vpd.kr, a South Korean website. The attack involved the placement of a defacement file (0x.txt) on the target server. The incident was not classified as a mass or home page defacement, suggesting a targeted file-level intrusion.
Date: 2026-04-29T11:45:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915799
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: South Korea
Victim Industry: Unknown
Victim Organization: VPD
Victim Site: vpd.kr
Website Defacement of Certificados En Alturas by chinafans (0xteam)
Category: Defacement
Content: On April 29, 2026, the website certificadosenalturas.com, a Colombian platform associated with height safety certifications, was defaced by threat actor chinafans operating under the group 0xteam. The attack was a targeted, non-mass defacement of an internal page rather than the homepage, with the incident mirrored and archived by zone-xsec.
Date: 2026-04-29T11:44:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915793
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Colombia
Victim Industry: Occupational Health and Safety Training
Victim Organization: Certificados En Alturas
Victim Site: certificadosenalturas.com
Website Defacement of owl-egypt.com by chinafans (0xteam)
Category: Defacement
Content: The website owl-egypt.com was defaced by a threat actor known as chinafans, operating under the group 0xteam, on April 29, 2026. The defacement was a targeted single-site attack, with the defaced content accessible at the path /0x.txt. A mirror of the defacement was archived by zone-xsec.com for reference.
Date: 2026-04-29T11:43:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915794
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Egypt
Victim Industry: Unknown
Victim Organization: OWL Egypt
Victim Site: owl-egypt.com
Website Defacement of Alex Zoo by DimasHxR
Category: Defacement
Content: On April 29, 2026, the website alex-zoo.ru was defaced by a threat actor identified as DimasHxR. The attacker modified a readme.txt file on the target server, leaving a digital footprint of the intrusion. The incident was a standalone, non-mass defacement with no affiliated team or stated motive recorded.
Date: 2026-04-29T11:42:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915803
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Entertainment/Leisure
Victim Organization: Alex Zoo
Victim Site: alex-zoo.ru
Website Defacement of utis-amf.com by chinafans (0xteam)
Category: Defacement
Content: The website utis-amf.com was defaced by a threat actor known as chinafans, operating under the team 0xteam, on April 29, 2026. The defacement was a targeted single-page incident, not classified as a mass or redefacement event. A mirror of the defaced content is archived at zone-xsec.com.
Date: 2026-04-29T11:41:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915801
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: UTIS AMF
Victim Site: utis-amf.com
Alleged sale of RDP access to Azure, AWS, and DigitalOcean infrastructure
Category: Initial Access
Content: Threat actor PORTAL is offering rental access to RDP connections on Azure, AWS, and DigitalOcean cloud infrastructure for $200 daily/monthly rates. Also offering domain email accounts (Gmail, Yahoo), domain access, and GitHub Student accounts. Service includes escrow protection.
Date: 2026-04-29T11:36:44Z
Network: telegram
Published URL: https://t.me/c/2613583520/72078
Screenshots:
None
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Telecon Solutions by chinafans (0xteam)
Category: Defacement
Content: On April 29, 2026, the threat actor chinafans, operating under the group 0xteam, defaced the website of Telecon Solutions by uploading a defacement file at telecon-solutions.com/0x.txt. The incident was a targeted, single-site defacement with no indication of mass or repeated defacement activity. The attack was documented and mirrored by zone-xsec.com.
Date: 2026-04-29T11:35:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915744
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Telecommunications / Technology
Victim Organization: Telecon Solutions
Victim Site: telecon-solutions.com
Website Defacement of myworldbox.com by chinafans (0xteam)
Category: Defacement
Content: The website myworldbox.com was defaced by a threat actor known as chinafans, operating under the group 0xteam, on April 29, 2026. The defacement was a targeted, single-site incident with a mirror archived at zone-xsec.com. No specific motive, server details, or proof-of-concept were disclosed in the available incident data.
Date: 2026-04-29T11:34:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915738
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: MyWorldBox
Victim Site: myworldbox.com
Website Defacement of incutis.com.br by chinafans (0xteam)
Category: Defacement
Content: On April 29, 2026, the Brazilian website incutis.com.br was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement was a targeted single-site attack, with the defaced content accessible at the path /0x.txt. No specific motivation or server details were disclosed in connection with the incident.
Date: 2026-04-29T11:34:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915728
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Incutis
Victim Site: incutis.com.br
Website Defacement of NK Towing Birmingham by chinafans (0xteam)
Category: Defacement
Content: On April 29, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website of NK Towing Birmingham, a towing services company based in Birmingham, likely in the United States. The defacement was a targeted single-site attack, with a mirror of the defaced content archived at zone-xsec.com. No specific motivation or vulnerability details were disclosed.
Date: 2026-04-29T11:33:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915737
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Transportation and Towing Services
Victim Organization: NK Towing Birmingham
Victim Site: nktowingbirmingham.com
Website Defacement of IFMA India by chinafans (0xteam)
Category: Defacement
Content: The website ifma.ind.in was defaced by threat actor chinafans, operating under the group 0xteam, on April 29, 2026. The defacement was a targeted single-site attack with a text file (0x.txt) uploaded or modified as part of the intrusion. No specific motivation or server details were disclosed in the available intelligence.
Date: 2026-04-29T11:32:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915725
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: India
Victim Industry: Unknown
Victim Organization: IFMA India
Victim Site: ifma.ind.in
Website Defacement of Psihoterapija Fokus by chinafans (0xteam)
Category: Defacement
Content: On April 29, 2026, the website of Psihoterapija Fokus, a psychotherapy service provider, was defaced by threat actor chinafans operating under the group 0xteam. The attacker posted defacement content at the path /0x.txt on the target domain. This was a single-target, non-mass defacement incident with no redefacement history recorded.
Date: 2026-04-29T11:32:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915750
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Healthcare / Mental Health Services
Victim Organization: Psihoterapija Fokus
Victim Site: psihoterapijafokus.com
Website Defacement of litoralpoeta.com by chinafans (0xteam)
Category: Defacement
Content: The website litoralpoeta.com was defaced by threat actor chinafans operating under the group 0xteam on April 29, 2026. The defacement was a targeted, single-site incident with the attacker leaving a marker file at /0x.txt. No specific motivation or vulnerability details were disclosed in the available incident data.
Date: 2026-04-29T11:31:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915749
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Arts and Culture
Victim Organization: Litoral Poeta
Victim Site: litoralpoeta.com
Website Defacement of LinkExchange4SEO by chinafans (0xTeam)
Category: Defacement
Content: On April 29, 2026, a threat actor known as chinafans, operating under the group 0xTeam, defaced the website linkexchange4seo.com, a domain associated with SEO and link exchange services. The defacement was a targeted single-site attack, leaving a text-based defacement file at the path /0x.txt. No specific motive or server details were disclosed in connection with the incident.
Date: 2026-04-29T11:30:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915733
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Digital Marketing / SEO Services
Victim Organization: LinkExchange4SEO
Victim Site: linkexchange4seo.com
Website Defacement of kleintext.de by chinafans (0xteam)
Category: Defacement
Content: The website kleintext.de, a German domain, was defaced by a threat actor known as chinafans operating under the group 0xteam on April 29, 2026. The defacement was a targeted, single-site attack and does not appear to be part of a mass or repeated defacement campaign. A mirror of the defacement was archived via zone-xsec.com.
Date: 2026-04-29T11:29:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915736
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Kleintext
Victim Site: kleintext.de
Website Defacement of GrecoCert by chinafans (0xteam)
Category: Defacement
Content: On April 29, 2026, the website grecocert.gr was defaced by threat actor chinafans operating under the group 0xteam. The defacement targeted a specific file path (0x.txt) rather than the homepage, suggesting a targeted file-level compromise. The incident was recorded and mirrored by zone-xsec.com.
Date: 2026-04-29T11:29:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915729
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Greece
Victim Industry: Certification / Professional Services
Victim Organization: GrecoCert
Victim Site: grecocert.gr
Website Defacement of Lebrón Fisioterapia by chinafans (0xteam)
Category: Defacement
Content: On April 29, 2026, the website lebronfisioterapia.com, belonging to a physical therapy clinic, was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement was a targeted, non-mass incident affecting a specific page (0x.txt) rather than the sites homepage. No specific motivation or technical details regarding the server environment were disclosed.
Date: 2026-04-29T11:28:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915754
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Healthcare / Physical Therapy
Victim Organization: Lebrón Fisioterapia
Victim Site: lebronfisioterapia.com
Website Defacement of MSA Packaging Solution by chinafans (0xteam)
Category: Defacement
Content: On April 29, 2026, the website msapackagingsolution.com was defaced by threat actor chinafans operating under the group 0xteam. The attack was a targeted single-site defacement, with a mirror of the defaced page archived at zone-xsec.com. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-04-29T11:27:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915739
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Manufacturing / Packaging
Victim Organization: MSA Packaging Solution
Victim Site: msapackagingsolution.com
Website Defacement of DaggerSport by chinafans (0xteam)
Category: Defacement
Content: The website daggersport.com was defaced by threat actor chinafans, operating under the group 0xteam, on April 29, 2026. The defacement targeted a specific file path (/0x.txt) rather than the homepage, indicating a targeted file-level intrusion. The incident was recorded and mirrored by zone-xsec.com for archival purposes.
Date: 2026-04-29T11:26:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915726
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Sports
Victim Organization: DaggerSport
Victim Site: daggersport.com
Website Defacement of National Lights Company by chinafans (0xteam)
Category: Defacement
Content: On April 29, 2026, a threat actor known as chinafans, operating under the team 0xteam, defaced the website of National Lights Company at nationallightscompany.com. The attack was a targeted single-site defacement with no indication of mass or repeated defacement activity. Server and infrastructure details were not disclosed in the available incident data.
Date: 2026-04-29T11:26:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915741
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Retail / Lighting
Victim Organization: National Lights Company
Victim Site: nationallightscompany.com
Website Defacement of RCCG ICQ by chinafans (0xteam)
Category: Defacement
Content: The website rccgicq.org was defaced by threat actor chinafans operating under the group 0xteam on April 29, 2026. The defacement involved the placement of a text file (0x.txt) on the target server, likely containing the attackers signature or message. This was a targeted, single-site defacement with no indication of mass or repeated compromise.
Date: 2026-04-29T11:25:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915743
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Religious Organization
Victim Organization: RCCG ICQ (Redeemed Christian Church of God)
Victim Site: rccgicq.org
Website Defacement of fsds-bd.com by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans, operating under the group 0xteam, defaced the website fsds-bd.com on April 29, 2026. The defacement was a targeted single-site attack, with the defaced content hosted at the path /0x.txt. No specific motive or server details were disclosed in association with this incident.
Date: 2026-04-29T11:24:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915722
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Bangladesh
Victim Industry: Unknown
Victim Organization: FSDS Bangladesh
Victim Site: fsds-bd.com
Website Defacement of Lumina Trials by chinafans (0xteam)
Category: Defacement
Content: On April 29, 2026, the threat actor chinafans, operating under the group 0xteam, defaced the website luminatrials.com. The defacement targeted a specific file path (/0x.txt) and was not classified as a mass or home page defacement. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-04-29T11:24:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915746
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Healthcare / Clinical Trials
Victim Organization: Lumina Trials
Victim Site: luminatrials.com
Website Defacement of Lineas de Vida Castellanas by chinafans (0xteam)
Category: Defacement
Content: On April 29, 2026, threat actor chinafans operating under the group 0xteam defaced the website of Lineas de Vida Castellanas, a Spanish organization likely operating in the occupational safety or fall protection sector. The incident was a targeted, single-site defacement with no indication of mass or repeat defacement activity. The attack details were archived and mirrored via zone-xsec.com.
Date: 2026-04-29T11:23:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915719
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Spain
Victim Industry: Health & Safety / Occupational Safety Services
Victim Organization: Lineas de Vida Castellanas
Victim Site: lineasdevidacastellanas.com
Website Defacement of CreateByMadden by chinafans (0xteam)
Category: Defacement
Content: On April 29, 2026, the website createbymadden.com was defaced by threat actor chinafans operating under the group 0xteam. The defacement targeted a specific file path (/0x.txt) rather than the homepage, suggesting a targeted file upload or injection rather than a full site compromise. No specific motive or reason was disclosed for the attack.
Date: 2026-04-29T11:22:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915721
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Creative Services
Victim Organization: Create By Madden
Victim Site: createbymadden.com
Website Defacement of Kaskomania.pl by chinafans (0xteam)
Category: Defacement
Content: On April 29, 2026, the Polish website kaskomania.pl was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement was a targeted single-site attack, with the defaced content hosted at kaskomania.pl/0x.txt. No specific motivation or server details were disclosed for this incident.
Date: 2026-04-29T11:21:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915724
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Poland
Victim Industry: Insurance / Automotive Services
Victim Organization: Kaskomania
Victim Site: kaskomania.pl
Website Defacement of Kuningansewa by chinafans (0xteam)
Category: Defacement
Content: On April 29, 2026, the website kuningansewa.com was defaced by a threat actor identified as chinafans, operating under the group 0xteam. The attacker placed a defacement file at kuningansewa.com/0x.txt, consistent with the groups naming conventions. This was a targeted, non-mass defacement of what appears to be an Indonesian rental services website.
Date: 2026-04-29T11:21:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915745
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Indonesia
Victim Industry: Rental Services
Victim Organization: Kuningansewa
Victim Site: kuningansewa.com
Alleged leak of mixed education sector combolist with 113,598 credentials
Category: Combo List
Content: A threat actor operating under the handle HQcomboSpace has shared a combolist containing 113,598 credential pairs targeting the education sector via a Mega.nz file link. The combolist is described as a mixed target collection, suggesting credentials aggregated from multiple educational institutions or platforms. The content was made available for free on the cracking forum CrackingX.
Date: 2026-04-29T11:20:45Z
Network: openweb
Published URL: https://crackingx.com/threads/73653/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Kingmakers Casino by DimasHxR
Category: Defacement
Content: On April 29, 2026, threat actor DimasHxR defaced the Finnish online casino website kingmakerscasino.fi by modifying a readme.txt file. The attacker operated independently without affiliation to a known group. No motive or technical details regarding the exploitation method were disclosed.
Date: 2026-04-29T11:20:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915717
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Finland
Victim Industry: Gambling & Online Casino
Victim Organization: Kingmakers Casino
Victim Site: kingmakerscasino.fi
Alleged leak of Gmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias D4rkNetHub has allegedly made available a combolist containing over 100,000 Gmail credentials on a cracking forum. The post is gated behind registration or sign-in, limiting full visibility into the content. The leaked data likely consists of email and password combinations targeting Google Gmail accounts.
Date: 2026-04-29T11:20:04Z
Network: openweb
Published URL: https://crackingx.com/threads/73654/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Website Defacement of KingMaker Casino by DimasHxR
Category: Defacement
Content: On April 29, 2026, threat actor DimasHxR defaced the website kingmakercasinoes.com, an online casino platform. The attack was a targeted single-site defacement with no team affiliation reported. No specific motive or server details were disclosed in connection with the incident.
Date: 2026-04-29T11:19:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915715
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Gambling and Online Gaming
Victim Organization: KingMaker Casino
Victim Site: kingmakercasinoes.com
Alleged leak of Hotmail and Shopping credentials via combolist distribution
Category: Combo List
Content: A threat actor operating under the alias CODER is distributing free combolists allegedly containing 8 million Hotmail and shopping-related credentials via Telegram channels. The actor promotes access to free combos and cracking tools through two Telegram groups. No price is mentioned, suggesting the content is freely shared.
Date: 2026-04-29T11:19:10Z
Network: openweb
Published URL: https://crackingx.com/threads/73656/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Website Defacement of Shift Cargo Transport by chinafans (0xteam)
Category: Defacement
Content: On April 29, 2026, a threat actor identified as chinafans, operating under the group 0xteam, defaced the website of Shift Cargo Transport, a cargo and logistics company. The attack targeted a specific file path on the domain and was neither a mass defacement nor a redefacement. The incident was archived and mirrored by zone-xsec.com.
Date: 2026-04-29T11:19:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915751
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Transportation and Logistics
Victim Organization: Shift Cargo Transport
Victim Site: shiftcargotransport.com
Alleged leak of Gmail credential combolist targeting forum users
Category: Combo List
Content: A threat actor operating under the alias ValidMail has shared an alleged combolist of approximately 60,000 Gmail credentials on the cracking forum CrackingX. The post is listed under the Combolists & Dumps section, suggesting the credentials are being made available for free to registered forum members. The content requires forum registration or sign-in to access, limiting visibility to vetted members.
Date: 2026-04-29T11:18:23Z
Network: openweb
Published URL: https://crackingx.com/threads/73657/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Website Defacement of ledbibio.cl by chinafans (0xteam)
Category: Defacement
Content: The website ledbibio.cl was defaced by threat actor chinafans, operating under the group 0xteam, on April 29, 2026. The attack targeted a Chilean domain and resulted in a single-page defacement rather than a mass or home page compromise. A mirror of the defaced content was archived via zone-xsec.com.
Date: 2026-04-29T11:18:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915720
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Chile
Victim Industry: Unknown
Victim Organization: Ledbibio
Victim Site: ledbibio.cl
Website Defacement of Sabi Cycle Stands by chinafans (0xteam)
Category: Defacement
Content: On April 29, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website of Sabi Cycle Stands, a South African bicycle equipment retailer. The defacement was a targeted, single-site attack with no indication of mass or repeated defacement activity. A mirror of the defaced page was archived at zone-xsec.com.
Date: 2026-04-29T11:17:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915734
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: South Africa
Victim Industry: Retail / Sports & Outdoor Equipment
Victim Organization: Sabi Cycle Stands
Victim Site: sabicyclestands.co.za
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor known as snowstormxd has made available a batch of 89 Hotmail credentials via a free download link on a public paste site. The post also advertises a paid Telegram-based cloud service with a built-in inbox checker starting at $3 per day, suggesting the credentials may have been validated. The combolist was shared on the cracking forum CrackingX.
Date: 2026-04-29T11:17:15Z
Network: openweb
Published URL: https://crackingx.com/threads/73661/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias KiwiShio shared a combolist of approximately 1,020 Hotmail email and password combinations on a cybercrime forum. The credentials were made available as hidden content requiring forum registration or login to access. The post claims the combolist is fresh and high quality.
Date: 2026-04-29T11:17:00Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1020x-%E2%AD%90%E2%AD%90-FRESH-HQ-HOTMAIL-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed combolist distributed via D4rkNetHub cloud
Category: Combo List
Content: A threat actor operating under the alias D4rkNetHub has made available a mixed combolist containing approximately 67,760 credential entries via a cloud-hosted link. The post was shared on the cracking forum CrackingX under the Combolists & Dumps section. No specific victim organization, industry, or country has been identified, suggesting the list is aggregated from multiple sources.
Date: 2026-04-29T11:16:37Z
Network: openweb
Published URL: https://crackingx.com/threads/73662/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mixed combolist by D4rkNetHub threat actor
Category: Combo List
Content: A threat actor operating under the alias D4rkNetHub is selling a mixed combolist containing approximately 67,760 email and password credential pairs via their cloud service hosted at darknethub.top. Access to the credential list is offered through a subscription-based model ranging from $10 for a 3-day trial to $50 for 30 days. The actor also maintains a Telegram channel at t.me/D4rkN3t_Hub for direct purchases.
Date: 2026-04-29T11:16:16Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-67-760-Good-MIXED-GOODS-D4RKNETHUB-CLOUD-29-04-2026
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 3,500 Chinese email access credentials
Category: Combo List
Content: A threat actor on the CrackingX forum has made available a combolist of approximately 3,500 allegedly valid email access credentials associated with Chinese accounts. The post claims the credentials are fresh and of high quality, dated April 29. No specific email provider or organization is identified.
Date: 2026-04-29T11:15:53Z
Network: openweb
Published URL: https://crackingx.com/threads/73664/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of stolen financial data including credit cards and bank logs
Category: Carding
Content: A threat actor operating under the alias Lilmike1176 is allegedly offering stolen financial data for sale on the CrackingX forum. The offerings include linkable credit cards, bank logs, deposit slips, and booking-related data. The actor directs potential buyers to a Telegram channel at t.me/Official1dae to conduct transactions.
Date: 2026-04-29T11:15:46Z
Network: openweb
Published URL: https://crackingx.com/threads/73660/
Screenshots:
None
Threat Actors: Lilmike1176
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 35,000 German email credentials
Category: Logs
Content: A threat actor operating under the alias MegaCloud has made available a combolist allegedly containing 35,000 valid German email credentials. The post was shared on a cybercrime forum specializing in mail access and combolists. The data is dated April 29 and claimed to be fully valid at the time of posting.
Date: 2026-04-29T11:13:55Z
Network: openweb
Published URL: https://xforums.st/threads/35k-germanyfull-valid-mail-acces-29-04.611868/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Bank Account Logs and Payment Cards for Multiple US and UK Financial Institutions
Category: Carding
Content: A threat actor operating under the alias Juliusannn is selling compromised bank account logs (open ups) for over 40 US and UK financial institutions, including Chase, Wells Fargo, HSBC, Barclays, and others. Each listing includes full account access, email access, phone number, account holder info, ID scans, and cookies, with physical payment cards included. Prices range from $80 to $2,000 per account depending on the institution and account type, with purchases directed through Telegram han
Date: 2026-04-29T11:10:44Z
Network: openweb
Published URL: https://altenens.is/threads/banks-open-up-with-cards-delivery-x-methods-bins-uk-flag-united-kingdom-usa-flag-united-states-bank-bank-open-up-comes-with-full-access-on-acc-email-access-number-info-ho.2931525/unread
Screenshots:
None
Threat Actors: Juliusannn
Victim Country: United States, United Kingdom
Victim Industry: Banking and Financial Services
Victim Organization: Multiple (Chase, Wells Fargo, Bank of America, HSBC, Barclays, Natwest, Lloyds, and others)
Victim Site: Unknown
Alleged website defacement of sunnahorshiah.com by Khaibar Tech Team
Category: Defacement
Content: Khaibar Tech Team claims to have regained control over sunnahorshiah.com, a website they identify as a sectarian platform. The group characterizes the site as disseminating misinformation regarding Iran and resistance factions.
Date: 2026-04-29T11:08:12Z
Network: telegram
Published URL: https://t.me/KHB313/16
Screenshots:
None
Threat Actors: Khaibar Tech Team
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: sunnahorshiah.com
Victim Site: sunnahorshiah.com
Alleged cyber attack on ITRON by Yemeni threat actors
Category: Cyber Attack
Content: Post congratulates Yemeni brothers for a major operation targeting ITRON company, claiming significant damage to the enemy. The post suggests this is part of a coordinated effort with more attacks to follow.
Date: 2026-04-29T11:06:28Z
Network: telegram
Published URL: https://t.me/c/2727439812/6058
Screenshots:
None
Threat Actors: Yemeni threat actors (affiliated with LulzSec Black)
Victim Country: Unknown
Victim Industry: Technology/Industrial Control Systems
Victim Organization: ITRON
Victim Site: Unknown
Alleged security research on AWS Cognito misconfiguration vulnerabilities
Category: Initial Access
Content: A threat intelligence article authored by a security researcher from MBSD details 10 security pitfalls in AWS Cognito User Pool configurations. The post describes how misconfigured Cognito settings, such as default scopes granting the aws.cognito.signin.user.admin privilege, can allow attackers to manipulate their own user attributes (e.g., escalating privileges by setting isAdmin to true) using the UpdateUserAttributes API with a valid access token. The article outlines attack vectors and count
Date: 2026-04-29T11:05:25Z
Network: openweb
Published URL: https://tier1.life/thread/188
Screenshots:
None
Threat Actors: RedQueen
Victim Country: Unknown
Victim Industry: Cloud Services / Technology
Victim Organization: AWS Cognito
Victim Site: aws.amazon.com
Alleged leak of mixed USA and Europe credential combolists
Category: Data Leak
Content: A threat actor operating under the alias hangover934 has shared a mixed combolist on the AE forum, reportedly containing credential hits from the United States and Europe. The post advertises the content as exclusive and organized by country. No specific victim organizations, record counts, or pricing details were disclosed.
Date: 2026-04-29T11:04:03Z
Network: openweb
Published URL: https://altenens.is/threads/starby-countriesstarhits-mix-usastareuropestarexclusive-combolist-star.2931515/unread
Screenshots:
None
Threat Actors: hangover934
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Europe and USA combolists on cybercrime forum
Category: Data Leak
Content: A threat actor operating under the alias hangover934 has shared a collection of combolists on the AE forum, claiming the credentials are 100% valid and high quality. The leaked credential lists allegedly contain accounts from Europe and the United States. No specific organizations, record counts, or pricing details were disclosed in the post.
Date: 2026-04-29T11:03:37Z
Network: openweb
Published URL: https://altenens.is/threads/star100-full-validstarhigh-qualitystareurope-usa-combolists-star.2931521/unread
Screenshots:
None
Threat Actors: hangover934
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 35,000 German email credentials
Category: Data Leak
Content: A threat actor known as Megacloud has shared a combolist of approximately 35,000 German email credentials on the AE – Combo List forum. The post, dated April 29, claims the entries are full valid with mail access. The content is hidden behind a reply-gate, requiring forum engagement before access is granted.
Date: 2026-04-29T11:03:24Z
Network: openweb
Published URL: https://altenens.is/threads/35k-germany-full-valid-mail-acces-29-04.2931523/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email access credentials combolist (23,000 records)
Category: Data Leak
Content: A threat actor operating under the alias Megacloud has shared a combolist containing approximately 23,000 allegedly valid email credentials described as AccessMix, dated April 29. The list is being made available for free on the AE forum, requiring users to reply to access the hidden download link. The credentials appear to span multiple email providers and services, though specific targets are not identified.
Date: 2026-04-29T11:03:12Z
Network: openweb
Published URL: https://altenens.is/threads/23k-full-valid-mail-accessmix-29-04.2931524/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of phone number and password credential list
Category: Data Leak
Content: A threat actor on the AE forum shared a combolist containing phone number and password pairs, described as high quality and private. The post offers the credential list for free distribution. No specific victim organization or country of origin was identified.
Date: 2026-04-29T11:03:01Z
Network: openweb
Published URL: https://altenens.is/threads/star-phone-number-passstarhq-privatestar.2931526/unread
Screenshots:
None
Threat Actors: hangover934
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 1,500 Japanese email credentials
Category: Data Leak
Content: A threat actor on the AE forum has made available a combolist of approximately 1,500 Japanese email credentials, described as fresh and fully valid as of April 29. The post requires forum engagement to access the hidden download link, a common gating mechanism on credential-sharing communities.
Date: 2026-04-29T11:02:47Z
Network: openweb
Published URL: https://altenens.is/threads/1-5k-japan-fresh-full-valid-mail-access-29-04.2931530/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Universitas Terbuka Yogyakarta
Category: Data Breach
Content: A threat actor operating under the alias Mr. Hanz Xploit has allegedly obtained and is sharing a database belonging to Universitas Terbuka Yogyakarta, an Indonesian university. The post was made on the Breached forum under the Databases section. No further details regarding the contents, record count, or nature of the data are available from the post.
Date: 2026-04-29T10:58:41Z
Network: openweb
Published URL: https://breached.st/threads/database-universitas-terbuka-yogyakarta.86454/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas Terbuka Yogyakarta
Victim Site: Unknown
Alleged Data Leak of Yayasan Marsudirini Perwakilan Bekasi Database
Category: Data Leak
Content: A threat actor operating under the alias Mr. Hanz Xploit has allegedly leaked a database belonging to Yayasan Marsudirini Perwakilan Bekasi, an educational foundation based in Bekasi, Indonesia. The post was shared on the Breached forum. Due to the absence of post content, the specific nature of the data and record count remain unknown.
Date: 2026-04-29T10:58:08Z
Network: openweb
Published URL: https://breached.st/threads/leak-database-yayasan-marsudirini-perwakilan-bekasi.86455/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Yayasan Marsudirini Perwakilan Bekasi
Victim Site: Unknown
Website Defacement of Bulk Trash Bag Supplier by DimasHxR
Category: Defacement
Content: On April 29, 2026, a threat actor identified as DimasHxR defaced the website bulktrashbag.supply, targeting a bulk trash bag retail supplier. The defacement was a targeted, non-mass attack affecting a readme.txt file rather than the site homepage. No team affiliation, stated motive, or technical indicators were disclosed in the defacement record.
Date: 2026-04-29T10:54:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915628
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Retail / E-Commerce
Victim Organization: Bulk Trash Bag Supply
Victim Site: bulktrashbag.supply
Alleged sale of 60+ webshell access across multiple domains
Category: Initial Access
Content: Threat actor offering 60+ webshell access across .com, .uk, .in, and .net domains for sale at 180K dana. Contact via @top1haxor for purchase.
Date: 2026-04-29T10:20:10Z
Network: telegram
Published URL: https://t.me/Maulnism1337/1577
Screenshots:
None
Threat Actors: top1haxor
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of high-quality webshells
Category: Initial Access
Content: Threat actor offering 30+ webshells for sale at 120K Dana. Posted via forwarded message from user @top1haxor.
Date: 2026-04-29T10:14:15Z
Network: telegram
Published URL: https://t.me/Maulnism1337/1576
Screenshots:
None
Threat Actors: top1haxor
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor known as snowstormxd has made available a combolist containing 89 Hotmail credentials on a cracking forum. The post includes a free download link and a Telegram channel link, with the actor also advertising a paid cloud service with inbox checking capabilities. The post claims a built-in inboxer tool is included, suggesting the credentials may have been verified for inbox access.
Date: 2026-04-29T10:12:43Z
Network: openweb
Published URL: https://crackingx.com/threads/73642/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Office 365 credential combolist
Category: Combo List
Content: A threat actor operating under the alias CODER has made available an alleged Office 365 combolist containing approximately 2 million credential pairs. The actor is distributing the combolist for free via Telegram channels and directing interested parties to contact them directly on Telegram. The post appears on a cracking forum known for hosting credential lists and combo dumps.
Date: 2026-04-29T10:12:11Z
Network: openweb
Published URL: https://crackingx.com/threads/73643/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist with 15,000 unique entries
Category: Combo List
Content: A threat actor operating under the alias UniqueCombo has shared a mixed combolist containing approximately 15,000 unique credential pairs on the cracking forum CrackingX. The post is behind a login wall, limiting full visibility into the contents and targeted services. The combolist appears to aggregate credentials from multiple sources, as indicated by the MIX designation in the thread title.
Date: 2026-04-29T10:11:51Z
Network: openweb
Published URL: https://crackingx.com/threads/73644/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist targeting European users
Category: Combo List
Content: A threat actor operating under the alias BestCombo has made available a combolist containing approximately 40,642 email:password credential pairs for Hotmail.com accounts, purportedly sourced from European users. The combolist was shared via a Mega.co.nz link on the cracking forum CrackingX. The post is dated April 28, 2026, though this may reflect a future-dated or mislabeled timestamp.
Date: 2026-04-29T10:11:23Z
Network: openweb
Published URL: https://crackingx.com/threads/73645/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach – xorcat threat actor announces 1.5TB stolen data available for sale
Category: Data Breach
Content: Threat actor xorcat announced possession of over 1.5TB of stolen data and is offering data sales, analysis, and custom services to interested clients. Contact available via @xorcat handle.
Date: 2026-04-29T10:11:18Z
Network: telegram
Published URL: https://t.me/c/3793980891/3209
Screenshots:
None
Threat Actors: xorcat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of HQ Hotmail credential hits sorted by country
Category: Combo List
Content: A threat actor on the cracking forum CrackingX has made available a set of 347 alleged high-quality Hotmail credential hits, described as inbox-verified and sorted by country. The post includes free download links for the combolist, inbox-verified entries, and a country-sorted variant. No price or sale terms were mentioned, indicating the content is being freely distributed.
Date: 2026-04-29T10:10:41Z
Network: openweb
Published URL: https://crackingx.com/threads/73647/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged sale of 11M user database for targeted phishing campaigns
Category: Phishing
Content: Threat actor offering an 11M user database containing names, nicknames, biographies, and betting histories for use in precision phishing campaigns. Post includes phishing template examples and claims 10-50x higher effectiveness than mass spam. Data marketed for sale on dark web as leads to scammers.
Date: 2026-04-29T10:10:28Z
Network: telegram
Published URL: https://t.me/c/3793980891/3208
Screenshots:
None
Threat Actors: Unknown
Victim Country: Unknown
Victim Industry: Betting/Gambling
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of URL:Login:Password credential combolist
Category: Combo List
Content: A threat actor operating under the alias gsmfix on the cracking forum CrackingX has shared what is claimed to be a high-quality private combolist in URL:Login:Password (ULP) format. The post offers credential combinations with associated URLs, suggesting potential account takeover use. No specific victim organization, country, or record count has been identified.
Date: 2026-04-29T10:10:04Z
Network: openweb
Published URL: https://crackingx.com/threads/73648/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Data Leak
Content: A threat actor using the alias VegaM has made available a combolist of 3,740 Hotmail credentials on the AE – Combo List forum, shared via an external Pasteview link. The post claims the credentials are valid and provide email account access. No price was mentioned, indicating this is a free leak.
Date: 2026-04-29T10:04:28Z
Network: openweb
Published URL: https://altenens.is/threads/3740-hotmail-good-mail-access.2931487/unread
Screenshots:
None
Threat Actors: VegaM
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of WordPress admin credentials
Category: Data Leak
Content: A threat actor on the AE forum has shared a combolist containing WordPress admin panel URLs paired with login credentials (username:password). The post appears to offer free access to multiple compromised WordPress administrative accounts. No specific victim organizations, countries, or record counts were identified in the post.
Date: 2026-04-29T10:04:02Z
Network: openweb
Published URL: https://altenens.is/threads/check-mark-buttonstarwordpresscheck-mark-buttonstaradminstarurlsstarlogin-pass.2931489/unread
Screenshots:
None
Threat Actors: hangover934
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Caritas-Spes organization in Odesa, Ukraine
Category: Data Breach
Content: Caritas-Spes, a humanitarian organization in Odesa, Ukraine, has allegedly been breached. Stolen data includes full names, national/tax identification numbers, IBAN bank account numbers, financial amounts, registration dates, committee decisions, member signatures, and internal email correspondence. The data has been posted on a dark web forum.
Date: 2026-04-29T09:59:31Z
Network: telegram
Published URL: https://t.me/c/2735908986/4082
Screenshots:
None
Threat Actors: Infrastructure Destruction Squad
Victim Country: Ukraine
Victim Industry: Humanitarian/Non-profit
Victim Organization: Caritas-Spes
Victim Site: Unknown
Alleged data leak of Thai Academic Network (THAI.AC) including source code and institutional database credentials
Category: Data Leak
Content: A threat actor known as DODUK has freely leaked data allegedly belonging to the Thai Academic Network (THAI.AC), a network serving over 1,500 educational institutions in Thailand. The leak includes the full PHP backend source code, over 1,200 PHP configuration files containing plaintext database credentials for individual schools and universities, and multiple SQL database dumps totaling approximately 3.7 GB. An additional compressed archive (thai.ac_database.rar, 1.3 GB) containing further sens
Date: 2026-04-29T09:55:05Z
Network: openweb
Published URL: https://breached.st/threads/leak-thai-ac-1500-institutions-database-credentials-full-source-code.86448/unread
Screenshots:
None
Threat Actors: DODUK
Victim Country: Thailand
Victim Industry: Education
Victim Organization: Thai Academic Network
Victim Site: thai.ac
Alleged Data Leak of National Bank of Pakistan Customer Database
Category: Data Leak
Content: A threat actor identified as Xyph0rix has made available an alleged database dump belonging to the National Bank of Pakistan on the Breached forum. The leaked data appears to contain personally identifiable information including national ID numbers, full names, physical addresses, and contact numbers of customers. A free download link was shared, suggesting the data is being distributed without charge.
Date: 2026-04-29T09:54:32Z
Network: openweb
Published URL: https://breached.st/threads/database-national-bank-of-pakistan.86450/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Pakistan
Victim Industry: Banking & Finance
Victim Organization: National Bank of Pakistan
Victim Site: nbp.com.pk
Alleged Data Leak of Gemini AI Database
Category: Data Leak
Content: A threat actor known as Xyph0rix claims to have leaked a database allegedly belonging to Googles Gemini AI service, made available as a CSV file for free download on the Breached forum. The post lacks technical details regarding the number of records or the specific data fields contained within the file. The claim is unverified and the authenticity of the alleged database has not been confirmed.
Date: 2026-04-29T09:54:00Z
Network: openweb
Published URL: https://breached.st/threads/database-ai-gemini.86451/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: United States
Victim Industry: Technology
Victim Organization: Google Gemini
Victim Site: gemini.google.com
Alleged Data Leak of Tokopedia Database
Category: Data Leak
Content: A threat actor known as Xyph0rix has made available an alleged database dump from Tokopedia, a major Indonesian e-commerce platform. The post describes it as a shopping database and offers a free download. No further details regarding the number of records or specific data fields were provided.
Date: 2026-04-29T09:53:09Z
Network: openweb
Published URL: https://breached.st/threads/database-tokopedia.86453/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Indonesia
Victim Industry: E-Commerce
Victim Organization: Tokopedia
Victim Site: tokopedia.com
Alleged leak of Aurora Stealer logs targeting Italian users
Category: Logs
Content: A threat actor operating under the alias BigTuna has made available approximately 5,000 Aurora Stealer logs allegedly collected from Italian victims running Windows 10 Home (22H2) and Opera 106.x. The logs include credentials, cookies, and autofill data, and are being distributed via a Tor-hosted resource. The content is gated behind forum engagement or account upgrades.
Date: 2026-04-29T09:48:17Z
Network: openweb
Published URL: https://darkforums.su/Thread-ULP-Aurora-Stealer-5000-logs-IT
Screenshots:
None
Threat Actors: BigTuna
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Tokopedia database breach shared on Breachforums
Category: Data Breach
Content: A user profile (Xyph0rix) on Breachforums has posted regarding a Tokopedia database breach. The threat actor has created a dedicated thread on the breach marketplace forum, indicating potential sale or distribution of stolen Tokopedia database.
Date: 2026-04-29T09:47:14Z
Network: telegram
Published URL: https://t.me/Xyph0rix/236
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Indonesia
Victim Industry: E-commerce
Victim Organization: Tokopedia
Victim Site: tokopedia.com
Alleged Data Breach of Texas Capital Bank Exposing 344,707 Customer PII Records
Category: Data Breach
Content: A threat actor operating under the alias attacker_company is selling a database allegedly containing 344,707 Texas Capital Bank customer records. The dataset includes comprehensive PII such as full names, SSNs, birthdates, addresses, phone numbers, email addresses, online banking credentials and login history, officer codes, and detailed financial summaries including deposit balances and loan amounts. The actor is advertising the sale via Telegram.
Date: 2026-04-29T09:47:00Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Texas-Capital-Bank-texascapitalbank-com-%F0%9F%94%A5-344-707-Full-Customer-PII-Information
Screenshots:
None
Threat Actors: attacker_company
Victim Country: United States
Victim Industry: Banking & Financial Services
Victim Organization: Texas Capital Bank
Victim Site: texascapitalbank.com
Alleged Data Breach of Rush University Medical Center with Institutional Backend and Research Data
Category: Data Breach
Content: A threat actor identified as NovaV1 is selling a complete filesystem capture allegedly extracted from Rush University Medical Centers backend systems. The purported dump includes restricted agency intelligence from DARPA and the Army Research Office, bio-research datasets, internal personnel directories, Unix shell profiles for 70+ research accounts, and proprietary files from IBM and UCSB collaborators. The actor claims extraction was performed on a live system under active monitoring, with da
Date: 2026-04-29T09:46:04Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-RUSH-UNIVERSITY-MEDICAL-CENTER-%E2%80%93-Complete-Institutional-Data-Dump-Backend
Screenshots:
None
Threat Actors: NovaV1
Victim Country: United States
Victim Industry: Healthcare & Medical Research
Victim Organization: Rush University Medical Center
Victim Site: rush.edu
Alleged Data Breach of France Minéraux E-Commerce Platform
Category: Data Breach
Content: A threat actor operating under the alias ijpys is selling a partial database allegedly stolen from France Minéraux, a French e-commerce retailer specializing in crystals, minerals, and wellness products. The dataset contains 39,784 records including full names, street addresses, city, zip code, country, phone numbers, and email addresses of customers. The data is being offered for $75 via Telegram.
Date: 2026-04-29T09:45:13Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-france-mineraux-fr-PARTIAL
Screenshots:
None
Threat Actors: ijpys
Victim Country: France
Victim Industry: Retail / E-Commerce
Victim Organization: France Minéraux
Victim Site: france-mineraux.fr
Alleged Sale of Fake Review Generation Service Targeting Multiple Review Platforms
Category: Data Breach
Content: A threat actor operating under the alias israinsolutions is selling fake review generation services targeting major platforms including Google, Trustpilot, Amazon, Facebook, Tripadvisor, Yelp, and BBB. The service offers hand-written reviews posted from fresh, real, and aged accounts with a 21-day replacement warranty, priced starting at $9 USD. Payment is accepted via cryptocurrency, PayPal, Payoneer, Wise, and bank transfer, with a Telegram and Discord presence for client communication.
Date: 2026-04-29T09:44:22Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-%F0%9F%9A%80Verified-Sticky-Reviews-Google-Trustpilot-Yelp-FB-More-Boost-Your-Sales%E2%AD%90
Screenshots:
None
Threat Actors: israinsolutions
Victim Country: Unknown
Victim Industry: Multiple Industries
Victim Organization: Google, Trustpilot, Amazon, Facebook, Tripadvisor, Yelp, BBB
Victim Site: Unknown
Alleged Sale of USA High-Net-Worth and Corporate Executive Personal Dataset
Category: Data Breach
Content: A threat actor known as TheFallen is selling a dataset of approximately 940,000 high-net-worth and corporate executive individuals in the United States for $2,000. The dataset includes personally identifiable information such as full name, phone number, LinkedIn profile, address, email, age range, income range, asset range, job title, seniority, department, and company details. Sample files and a Telegram contact have been provided for prospective buyers.
Date: 2026-04-29T09:43:47Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-USA-Executive-Dataset-High-Income-Individuals
Screenshots:
None
Threat Actors: TheFallen
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Liberty Mutual Insurance Client Records
Category: Data Breach
Content: A threat actor known as TheFallen is selling an alleged database of 7.5 million Liberty Mutual insurance client records for $2,500 USD. The dataset is offered in CSV format and reportedly includes full names, addresses, city, state, zip code, phone numbers, and gender information. The seller covers multi-line insurance clients including auto, property, pet, and lifestyle policy holders in the United States.
Date: 2026-04-29T09:43:09Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-USA-7-5M-libertymutual-com-Multi-Line-Insurance-Clients
Screenshots:
None
Threat Actors: TheFallen
Victim Country: United States
Victim Industry: Insurance
Victim Organization: Liberty Mutual
Victim Site: libertymutual.com
Alleged Data Breach of US Chamber of Commerce Member Registry
Category: Data Breach
Content: A threat actor known as TheFallen is selling an alleged dataset of 4.85 million records attributed to US Chamber of Commerce members sourced from uschamber.com. The data is offered in CSV format for $1,900 USD and includes personally identifiable information such as full name, address, phone number, date of birth, gender, email, IP address, and asset class. Sample files have been shared via external hosting links, and the seller can be contacted via Telegram.
Date: 2026-04-29T09:42:32Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-USA-Business-Registry-Professional-Identity-Data
Screenshots:
None
Threat Actors: TheFallen
Victim Country: United States
Victim Industry: Business Associations / Professional Organizations
Victim Organization: US Chamber of Commerce
Victim Site: uschamber.com
Alleged Data Breach of tastyfx.com Exposing 2.8 Million US Forex Trading Records
Category: Data Breach
Content: A threat actor known as TheFallen is selling an alleged database of 2.8 million records from tastyfx.com, a US-based forex trading platform. The dataset is offered in CSV format for $1,700 USD and reportedly contains sensitive financial and personal information including names, email addresses, phone numbers, physical addresses, execution prices, contract margin data, broker details, and buyer/seller classifications. Sample files have been shared via external file-hosting links, and contact is
Date: 2026-04-29T09:41:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-USA-Forex-Trading-Contracts
Screenshots:
None
Threat Actors: TheFallen
Victim Country: United States
Victim Industry: Finance / Forex Trading
Victim Organization: tastyfx
Victim Site: tastyfx.com
Alleged Data Breach of REIT.com Exposing 310,000 US Finance and Investment Records
Category: Data Breach
Content: A threat actor known as TheFallen is selling an alleged database of 310,000 records targeting US-based REIT and ETF investors sourced from reit.com. The dataset is offered in CSV format for $1,000 USD and includes personally identifiable and financial information such as full name, address, date of birth, phone number, email, investment type, investment range, market reports, zip code, and gender. The actor operates via Telegram and has provided external sample links for prospective buyers.
Date: 2026-04-29T09:41:19Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-USA-Finance-REIT-ETF-Investors
Screenshots:
None
Threat Actors: TheFallen
Victim Country: United States
Victim Industry: Finance & Investment
Victim Organization: REIT.com
Victim Site: reit.com
Alleged Data Breach of Metropolitan Museum of Art (metmuseum.org) Exposing Art Collector and Donor Records
Category: Data Breach
Content: A threat actor known as TheFallen is selling an alleged database of 670,000 records sourced from metmuseum.org, containing information on art collectors and donors. The dataset includes full names, addresses, phone numbers, collection information, ownership status, and source details, offered in CSV format for $820 USD. The seller is advertising via Telegram and has provided sample file links as proof of the data.
Date: 2026-04-29T09:40:43Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-USA-Art-Collectors-Donors
Screenshots:
None
Threat Actors: TheFallen
Victim Country: United States
Victim Industry: Arts & Culture
Victim Organization: Metropolitan Museum of Art
Victim Site: metmuseum.org
Alleged Data Breach of Marsh McLennan Financial Client Records
Category: Data Breach
Content: A threat actor known as TheFallen is selling an alleged database of 15 million financial, investment, and insurance client records attributed to Marsh McLennan. The dataset is offered in CSV format for $4,600 USD and includes personally identifiable information such as names, addresses, phone numbers, as well as investment-specific data including shares, value, ROI, and profit details. The seller is advertising via Telegram and has provided external sample file links for prospective buyers.
Date: 2026-04-29T09:40:07Z
Network: openweb
Published URL: https://darkforums.su/Thread-USA-15M-Financial-Investment-Insurance-Clients
Screenshots:
None
Threat Actors: TheFallen
Victim Country: United States
Victim Industry: Financial Services / Insurance
Victim Organization: Marsh McLennan
Victim Site: marshmclennan.com
Alleged Data Breach of Stripe.com Exposing 1.07 Million Customer Records
Category: Data Breach
Content: A threat actor known as TheFallen is selling an alleged database from Stripe.com containing 1.07 million records in CSV format. The data purportedly includes customer email addresses, first and last names, phone numbers, and dates of birth. The dataset is being offered for 870 USD via Telegram, with sample files previously made available on external file-sharing platforms.
Date: 2026-04-29T09:39:32Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Crypto-stripe-com
Screenshots:
None
Threat Actors: TheFallen
Victim Country: United States
Victim Industry: Financial Technology (Fintech)
Victim Organization: Stripe
Victim Site: stripe.com
Alleged data breach of trading platform with 4,400 trades and PII from 1,609 users
Category: Data Breach
Content: Threat actor claims to have extracted 4,400 trades from 1,609 unique users of a trading platform. The breach includes identification of 137 traders in political and geopolitical markets, coordinated trading network analysis, and full PII data including wallet addresses.
Date: 2026-04-29T09:39:11Z
Network: telegram
Published URL: https://t.me/c/3793980891/3178
Screenshots:
None
Threat Actors: Unknown
Victim Country: Unknown
Victim Industry: Financial/Trading
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Big Island Candies E-commerce Customer Database
Category: Data Breach
Content: A threat actor known as TheFallen is selling a database allegedly sourced from bigislandcandies.com, a US-based e-commerce dessert retailer. The dataset reportedly contains 1.3 million customer records in CSV format, including full names, email addresses, phone numbers, billing and shipping addresses, dates of birth, gender, VAT numbers, and other personal identifiers. The data is being offered for $1,500 USD via Telegram, with samples previously shared on external file hosting services.
Date: 2026-04-29T09:38:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-USA-E-commerce-Dessert-Store-Customer-Data
Screenshots:
None
Threat Actors: TheFallen
Victim Country: United States
Victim Industry: Retail / Food & Beverage
Victim Organization: Big Island Candies
Victim Site: bigislandcandies.com
Alleged Data Breach of IRS.gov Exposing 18 Million US Government Benefits Records
Category: Data Breach
Content: A threat actor known as GlitchX is allegedly selling a dataset of 18 million records tied to IRS.gov 401k retirement payout beneficiaries. The dataset is offered in CSV format and contains personally identifiable information including names, ages, addresses, phone numbers, and email addresses. A sample file has been made available via an external link, with contact through Telegram at @officialglitchx.
Date: 2026-04-29T09:38:20Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-United-States-Government-Benefits
Screenshots:
None
Threat Actors: GlitchX
Victim Country: United States
Victim Industry: Government
Victim Organization: Internal Revenue Service (IRS)
Victim Site: irs.gov
Alleged Data Breach of Puerto Inteligente Seguro Mexico
Category: Data Breach
Content: A threat actor known as marssepe is selling an alleged complete database dump of Puerto Inteligente Seguro, a Mexican port security and management platform, totaling over 200GB in size. The database reportedly contains structured JSON files covering users, employees, transportation records, permits, vehicles, operators, and companies, including sensitive personal data such as CURP, RFC, social security numbers, blood type, photos, addresses, and contact information. The seller is offering the
Date: 2026-04-29T09:37:42Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-FOR-SALE-COMPLETE-DATABASE-OF-PUERTO-INTELIGENTE-SEGURO-MEXICO
Screenshots:
None
Threat Actors: marssepe
Victim Country: Mexico
Victim Industry: Transportation & Logistics
Victim Organization: Puerto Inteligente Seguro
Victim Site: Unknown
Alleged Data Leak of Bordeaux-Métropole Tourist Tax Registration Database
Category: Data Leak
Content: A threat actor known as ChimeraZ has freely leaked a partial database allegedly sourced from the Bordeaux Métropole tourist tax registration platform. The leak contains approximately 11,000 records in JSON format (3.1 MB) including registrant names, email addresses, phone numbers, postal addresses, and registration dates of accommodation operators. The data has been made available via multiple file-sharing links.
Date: 2026-04-29T09:36:27Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-11K-H%C3%89BERGEMENTS-TAXES-DE-SEJOUR-DE-BORDEAUX-METROPOLE–74785
Screenshots:
None
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Government
Victim Organization: Bordeaux Métropole
Victim Site: taxedesejour.bordeaux.metropole.fr
Alleged Data Breach of Coinbase Exposing 80,000 User Records
Category: Data Breach
Content: A threat actor on a dark web forum is selling an alleged database dump from Coinbase, purportedly containing approximately 80,000 user records dated April 2026. The dataset includes personally identifiable information such as full names, email addresses, phone numbers, city of residence, and cryptocurrency wallet balances in BTC, ETH, and USDT. The seller is asking $3,000 for the data and is directing potential buyers to a Telegram channel.
Date: 2026-04-29T09:35:50Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Coinbase%C2%A0leak-2026-April-80K-User
Screenshots:
None
Threat Actors: mavenearth
Victim Country: United States
Victim Industry: Cryptocurrency / Financial Services
Victim Organization: Coinbase
Victim Site: coinbase.com
Alleged Data Leak of Kroll FTX Bankruptcy Claimants Database
Category: Data Leak
Content: A threat actor using the handle ijpys has leaked a database allegedly containing 198,346 records belonging to FTX bankruptcy claimants managed by Kroll, a global risk and financial advisory firm. The data is being made available for free via a hidden download link accessible upon replying to the forum thread. The actor also promotes a Telegram channel, suggesting broader distribution of the leaked data.
Date: 2026-04-29T09:35:14Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-kroll-com-FTX-Bankruptcy-Claimants-REPOST
Screenshots:
None
Threat Actors: ijpys
Victim Country: United States
Victim Industry: Financial Advisory & Risk Management
Victim Organization: Kroll
Victim Site: kroll.com
Alleged Data Breach of Equatorial Coca-Cola Bottling Company
Category: Data Breach
Content: A threat actor known as ModernStealer is claiming to sell a database allegedly belonging to Equatorial Coca-Cola Bottling, a beverage manufacturer and distributor operating across 13 countries in North and West Africa. The alleged dataset totals 1.7 TB across over 1.1 million files. The actor is directing interested parties to contact them via Session messenger using a provided Session ID, with sample files reportedly shared as proof.
Date: 2026-04-29T09:34:23Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-EQUATORIAL-COCA-COLA-BOTTLING
Screenshots:
None
Threat Actors: ModernStealer
Victim Country: Unknown
Victim Industry: Beverage Manufacturing and Distribution
Victim Organization: Equatorial Coca-Cola Bottling
Victim Site: Unknown
Alleged Data Breach of Boulanger French Retail Website
Category: Data Breach
Content: A threat actor on a dark web forum claims to have obtained and is sharing a database dump from Boulanger, a French electronics and home appliance retailer. The alleged dataset contains approximately 5.37 million records described as full details. The post includes a link to access the data, suggesting it is being made available for download.
Date: 2026-04-29T09:33:46Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-BOULANGER-french-Website-2025
Screenshots:
None
Threat Actors: LacieZ
Victim Country: France
Victim Industry: Retail
Victim Organization: Boulanger
Victim Site: boulanger.com
Alleged critical vulnerabilities in Polymarket platform exposing 1609 users PII
Category: Vulnerability
Content: Security researcher disclosed multiple critical vulnerabilities in Polymarket including: CORS misconfiguration allowing active exploitation, CVE Critical 9.9 in library, publicly exposed Supabase API key, exposed production configuration, and unauthenticated access to PII of 1609 users. Researcher claims potential insider identification possible via wallet address and betting history analysis.
Date: 2026-04-29T09:33:16Z
Network: telegram
Published URL: https://t.me/c/3793980891/3173
Screenshots:
None
Threat Actors: ./xorcat~files
Victim Country: Unknown
Victim Industry: Cryptocurrency/Prediction Markets
Victim Organization: Polymarket
Victim Site: polymarket.com
Alleged Data Breach of Carnival Corporation & plc
Category: Data Breach
Content: A threat actor operating under the alias GlitchX claims to have compromised Carnival Corporation & plc, allegedly exfiltrating over 8.7 million records containing personally identifiable information (PII) alongside terabytes of internal corporate data. The exposed dataset includes fields such as mariner IDs, email addresses, encrypted credit card numbers, names, dates of birth, loyalty tier information, gender, and geographic data. A sample of the alleged database dump has been posted to a dark
Date: 2026-04-29T09:33:11Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Carnival-Corporation-plc
Screenshots:
None
Threat Actors: GlitchX
Victim Country: United States
Victim Industry: Travel & Hospitality
Victim Organization: Carnival Corporation & plc
Victim Site: carnivalcorp.com
Alleged Data Leak of Canada Life Assurance Company Salesforce Records
Category: Data Leak
Content: A threat actor known as GlitchX has made available an alleged database dump from Canada Life Assurance Company (canadalife.com). The leak purportedly contains over 5.6 million Salesforce records including personally identifiable information (PII). The data has been shared for free download on a dark web forum.
Date: 2026-04-29T09:32:35Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Canada-Life
Screenshots:
None
Threat Actors: GlitchX
Victim Country: Canada
Victim Industry: Insurance
Victim Organization: Canada Life Assurance Company
Victim Site: canadalife.com
Alleged insider compromise exposing PII database of public figures and political officials
Category: Data Breach
Content: Threat actor claims to have obtained a complete PII database through insider compromise, including portfolio links and activity data. The data allegedly enables identification of public figures, officials, and politicians and their financial/political activities. This represents a significant data breach with potential implications for insider trading, political manipulation, and security of high-profile individuals.
Date: 2026-04-29T09:30:36Z
Network: telegram
Published URL: https://t.me/c/3793980891/3166
Screenshots:
None
Threat Actors: Unknown
Victim Country: Unknown
Victim Industry: Government/Political
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of UAE Import/Export Business by MR~TNT of QATAR911
Category: Defacement
Content: On April 29, 2026, the attacker MR~TNT operating under the team QATAR911 conducted a mass defacement campaign targeting impexint.ae, a UAE-based import/export business running on a Linux server. The incident was part of a broader mass defacement operation rather than a targeted single-site attack. A mirror of the defacement was archived at haxor.id.
Date: 2026-04-29T09:30:30Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248707
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: United Arab Emirates
Victim Industry: Trade & Import/Export
Victim Organization: Impex International
Victim Site: impexint.ae
Alleged disclosure of critical vulnerabilities in Polymarket infrastructure including hardcoded credentials and authentication bypass
Category: Vulnerability
Content: Security researcher disclosed multiple critical vulnerabilities in Polymarkets infrastructure: (1) Hardcoded Supabase anonymous key in ticker.polymarket.com allowing account registration and potential table access (CWE-798), (2) Unauthenticated production configuration endpoint at gateway.polymarket.us/v1/config exposing 42 production keys including KYC status, feature flags, mobile configuration, and S3 asset hashes, (3) Next.js authentication bypass vulnerability (CVE-2024-51479) affecting affiliate.polymarket.com and preprod environments.
Date: 2026-04-29T09:29:20Z
Network: telegram
Published URL: https://t.me/c/3793980891/3163
Screenshots:
None
Threat Actors: ./xorcat~files
Victim Country: Unknown
Victim Industry: Cryptocurrency/Prediction Markets
Victim Organization: Polymarket
Victim Site: polymarket.com
Alleged CVE-2025-27152 Authorization Header Leak in Axios Library
Category: Vulnerability
Content: A vulnerability (CVE-2025-27152) has been disclosed affecting Axios library versions, where authorization headers containing API keys and tokens can be leaked to attacker-controlled hosts, potentially exposing sensitive credentials.
Date: 2026-04-29T09:28:21Z
Network: telegram
Published URL: https://t.me/c/3793980891/3162
Screenshots:
None
Threat Actors: ./xorcat~files
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of stolen account access logs and credentials for banking and financial services
Category: Logs
Content: Threat actor offering stolen account access logs and credentials (fullz) for multiple platforms including private cloud email accounts (Hotmail, Comcast, ATT, GMX, AOL, Gmail), financial services (Facebook Ads, banking platforms), dating apps (Bumble, Zoosk, Match, eHarmony), travel/hospitality (JetBlue, Alaska Airlines, Marriott, IHG), and other services (Uber, Reddit, Roblox, Ticketmaster). Post indicates availability of iCloud fullz, Verizon+PIN, and various account logs with access credentials.
Date: 2026-04-29T09:28:06Z
Network: telegram
Published URL: https://t.me/c/2613583520/72034
Screenshots:
None
Threat Actors: Yìchén
Victim Country: United States, Canada, Global
Victim Industry: Financial Services, Technology, Travel, Hospitality, Dating Apps
Victim Organization: Unknown
Victim Site: Unknown
Alleged CVE-2025-62718 SSRF Vulnerability in @polymarket/clob-client Library
Category: Vulnerability
Content: Security researcher disclosed CVE-2025-62718 (CVSS 9.9) affecting the @polymarket/clob-client SDK due to vulnerable axios 1.14.0 dependency. The vulnerability allows Server-Side Request Forgery (SSRF) attacks enabling attackers to redirect backend connections to AWS metadata endpoints (169.254.169.254), internal Kubernetes services, and loopback/admin panels for potential credential theft and infrastructure compromise.
Date: 2026-04-29T09:28:02Z
Network: telegram
Published URL: https://t.me/c/3793980891/3161
Screenshots:
None
Threat Actors: ./xorcat~files
Victim Country: Unknown
Victim Industry: Cryptocurrency/Prediction Markets
Victim Organization: Polymarket
Victim Site: polymarket.com
Alleged CORS Misconfiguration Vulnerability in Polymarket API
Category: Vulnerability
Content: Security researcher disclosed a CORS (Cross-Origin Resource Sharing) misconfiguration vulnerability in Polymarkets data-api.polymarket.com endpoint. The vulnerability allows improper credential handling through overly permissive CORS headers (Access-Control-Allow-Origin: combined with Access-Control-Allow-Credentials: true), potentially enabling malicious websites to extract user data. Researcher claims to have a working proof-of-concept.
Date: 2026-04-29T09:27:39Z
Network: telegram
Published URL: https://t.me/c/3793980891/3160
Screenshots:
None
Threat Actors: ./xorcat~files
Victim Country: Unknown
Victim Industry: Cryptocurrency/Prediction Markets
Victim Organization: Polymarket
Victim Site: polymarket.com
Alleged discovery of critical vulnerabilities in Polymarket oracle infrastructure with exploit publication threat
Category: Vulnerability
Content: A threat actor claims to have identified 6 critical vulnerabilities in Polymarkets infrastructure and possesses working exploits. The actor is threatening to publish these exploits publicly, contradicting Polymarkets assertion that exposed data is merely from public endpoints.
Date: 2026-04-29T09:27:19Z
Network: telegram
Published URL: https://t.me/c/3793980891/3159
Screenshots:
None
Threat Actors: Unknown
Victim Country: Unknown
Victim Industry: cryptocurrency/prediction markets
Victim Organization: Polymarket
Victim Site: polymarket.com
Alleged data breach of National Bank of Pakistan
Category: Data Breach
Content: A threat actor using the handle Xyph0rix has posted on Breachforums claiming to have breached the National Bank of Pakistan and obtained their database. The breach details are shared via a Breachforums thread.
Date: 2026-04-29T09:21:56Z
Network: telegram
Published URL: https://t.me/Xyph0rix/234
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Pakistan
Victim Industry: Financial Services/Banking
Victim Organization: National Bank of Pakistan
Victim Site: Unknown
Alleged leak of interia.pl domain-targeted credential combolist
Category: Combo List
Content: A threat actor operating under the alias BestCombo has freely shared a combolist of approximately 4,667 credential pairs targeting the interia.pl domain, a Polish internet and email services provider. The combolist, dated April 28, 2026, is described as a mixed domain-targeted compilation and was made available via a Mega file-sharing link on a cracking forum. This type of credential list is typically used for account takeover attacks against Interia users.
Date: 2026-04-29T08:53:51Z
Network: openweb
Published URL: https://crackingx.com/threads/73638/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Poland
Victim Industry: Internet Services / Email Provider
Victim Organization: Interia
Victim Site: interia.pl
Alleged leak of combolist targeting shopping and corporate services
Category: Combo List
Content: A threat actor operating under the alias HQcomboSpace has made available a combolist containing approximately 86,131 credential pairs via a Mega.nz link. The combolist is advertised as suitable for use against shopping and corporate business platforms. No specific victim organization or origin is identified.
Date: 2026-04-29T08:53:26Z
Network: openweb
Published URL: https://crackingx.com/threads/73639/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Retail & E-Commerce
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email:password combolist
Category: Combo List
Content: A threat actor operating under the alias wingoooW has made available a mixed combolist containing approximately 16,000 alleged valid email and password combinations via a free download link. The post was shared on DemonForums in the combolists section. No specific victim organization or country has been identified, suggesting the credentials may originate from multiple sources.
Date: 2026-04-29T08:53:10Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-16K-VALID-MIXED
Screenshots:
None
Threat Actors: wingoooW
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias COYYYTOOOO has made available a combolist of approximately 5,000 Hotmail email and password combinations on a cybercrime forum. The credential list is described as high quality and is being distributed for free via an external paste site. The origin of the credentials is unknown and the claims are unverified.
Date: 2026-04-29T08:52:39Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-5K-HQ-HOTMAIL–202174
Screenshots:
None
Threat Actors: COYYYTOOOO
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor operating under the handle COYYYTO has made available a combolist of approximately 5,000 alleged Hotmail (Microsoft) credentials on the cracking forum CrackingX. The credential list was shared as a free download via an external paste site. The post claims the combolist is of high quality (HQ), suggesting a higher-than-average validity rate.
Date: 2026-04-29T08:52:31Z
Network: openweb
Published URL: https://crackingx.com/threads/73641/
Screenshots:
None
Threat Actors: COYYYTO
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials combolist
Category: Data Leak
Content: A threat actor operating under the alias alphacloud has shared a combolist of 2,584 alleged valid Hotmail credentials on a cybercrime forum. The post, described as premium hits from a private cloud source, is gated behind a reply requirement. The actors Telegram handle alphaaxd is provided for further contact.
Date: 2026-04-29T08:44:57Z
Network: openweb
Published URL: https://altenens.is/threads/snowflakesnowflake-2584x-premium-hotmail-hits-snowflakesnowflake.2931475/unread
Screenshots:
None
Threat Actors: alphacloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged solicitation of global personal data including PII and identification numbers
Category: Data Breach
Content: A threat actor operating under the alias S1S2S3 is actively seeking personal data from individuals worldwide, including names, ages, genders, addresses, and identification numbers. The post, written in Chinese, indicates the actor is looking to acquire or purchase structured PII datasets with no specific country or organization targeted. No price or volume details were specified in the post.
Date: 2026-04-29T08:44:22Z
Network: openweb
Published URL: https://altenens.is/threads/we-require-personal-data-from-individuals-worldwide-including-information-such-as-names-ages-genders-addresses-and-identification-numbers.2931476/unread
Screenshots:
None
Threat Actors: S1S2S3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Critical Vulnerability in LiteLLM Enabling Unauthorized Access to Sensitive Data
Category: Vulnerability
Content: A critical vulnerability has been discovered in LiteLLM that allows attackers to gain unauthorized access to sensitive information without authentication through request injection attacks. The vulnerability can lead to exposure of API keys, internal configurations, and AI service information. Reports indicate targeted exploitation with attackers directly accessing sensitive data.
Date: 2026-04-29T08:40:07Z
Network: telegram
Published URL: https://t.me/c/1283513914/21462
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Unknown
Victim Industry: Software/AI Services
Victim Organization: LiteLLM
Victim Site: Unknown
Alleged Data Breach of SMP Negeri 3 Sidoarjo School Database
Category: Data Breach
Content: A threat actor operating under the alias Mr. Hanz Xploit has allegedly obtained and posted a database belonging to SMP Negeri 3 Sidoarjo, a public middle school in Sidoarjo, Indonesia. The post was shared on the Breached forum under the Databases section. No further details regarding the data contents, record count, or access method are available from the post.
Date: 2026-04-29T08:39:05Z
Network: openweb
Published URL: https://breached.st/threads/database-smp-negeri-3-sidoarjo.86446/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMP Negeri 3 Sidoarjo
Victim Site: Unknown
Alleged Data Leak of Indonesian Student Records Affecting 50,000 Individuals
Category: Data Leak
Content: A threat actor identified as JAX7 has made available a JSON database dump containing personal records of 50,000 Indonesian students via a free MediaFire download link. The leaked data includes full names, gender, dates of birth, mothers names, National ID numbers (NIK), and Student ID numbers (NISN). The source organization has not been identified, but the data appears to span multiple regions across Indonesia.
Date: 2026-04-29T08:38:30Z
Network: openweb
Published URL: https://breached.st/threads/students-database-indonesia-50-000-data.86447/unread
Screenshots:
None
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged bulk SMS phishing campaign targeting Italian financial institutions and cryptocurrency platforms
Category: Phishing
Content: Threat actor operating under handle @Alice_sms6 advertising bulk SMS phishing services targeting Italy. Campaign focuses on compromising users of major Italian banks (UniCredit, Nexi, BNL) and cryptocurrency exchanges (Binance, Kucoin, Bybit). Offering SMS delivery services with pricing structure and free testing. Contact via Telegram bot @Alice_global_SMS_bot.
Date: 2026-04-29T08:35:46Z
Network: telegram
Published URL: https://t.me/global_bulksms_Alice/147
Screenshots:
None
Threat Actors: Alice_sms6
Victim Country: Italy
Victim Industry: Financial Services, Cryptocurrency
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach and security vulnerabilities in Polymarket infrastructure
Category: Data Breach
Content: Threat actor disclosed discovery of previously unknown internal API domains (user-pnl-api, data-api) in Polymarket systems, confirmed hardcoded Supabase anonymous key in ticker application enabling unauthorized account creation, and mapped full scope of xtracker and builders data leaks. Technical analysis of oracle infrastructure evolution also documented.
Date: 2026-04-29T08:31:12Z
Network: telegram
Published URL: https://t.me/c/3793980891/3157
Screenshots:
None
Threat Actors: ./xorcat~files
Victim Country: Unknown
Victim Industry: Cryptocurrency/Prediction Markets
Victim Organization: Polymarket
Victim Site: polymarket.com
Alleged leak of Polymarket internal Gamma API specification and undocumented endpoints
Category: Data Leak
Content: A threat actor claims to have extracted Polymarkets complete OpenAPI specification for their internal Gamma API through analysis of production JavaScript bundles. The disclosure allegedly reveals undocumented public endpoints that leak 5000+ markets, 5000+ events, 50+ series, internal fee schedules, and social graph data for Ethereum addresses without requiring authentication.
Date: 2026-04-29T08:30:17Z
Network: telegram
Published URL: https://t.me/c/3793980891/3156
Screenshots:
None
Threat Actors: ./xorcat~files
Victim Country: Unknown
Victim Industry: Cryptocurrency/Prediction Markets
Victim Organization: Polymarket
Victim Site: polymarket.com
Alleged data breach of Indonesian student database – 50,000 records
Category: Data Breach
Content: A database containing approximately 50,000 student records from Indonesia has been breached and shared on Breachforums. The breach was posted by user JAX7 and includes personal student data.
Date: 2026-04-29T08:20:59Z
Network: telegram
Published URL: https://t.me/byjax7/205
Screenshots:
None
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Indonesian educational institution
Victim Site: Unknown
Alleged Critical Vulnerability in GitHub (CVE-2026-3854) Affecting Millions of Repositories
Category: Vulnerability
Content: Researchers from Wiz discovered a critical vulnerability in GitHub (CVE-2026-3854) that allowed authenticated users to execute arbitrary code on GitHub backend servers via a single git push command. GitHub has patched the vulnerability with no confirmed exploitation detected. However, 88% of GitHub Enterprise Server instances remain unpatched and vulnerable.
Date: 2026-04-29T08:09:47Z
Network: telegram
Published URL: https://t.me/c/1283513914/21461
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: United States
Victim Industry: Software Development/Version Control
Victim Organization: GitHub
Victim Site: github.com
Alleged sale of unauthorized access to email and commercial platform accounts
Category: Initial Access
Content: Threat actor offering to sell unauthorized access to multiple email providers (Hotmail, Yahoo) and commercial platforms (Walmart, eBay, Uber, Marriott, Reddit, Poshmark, Kleinanzeigen, Grailed, Vinted, AT&T) across multiple regions (USA, UK, Canada). Claims accounts are fresh and valid with unrape quality, indicating compromised credentials or phishing-obtained access.
Date: 2026-04-29T07:53:43Z
Network: telegram
Published URL: https://t.me/c/2613583520/71989
Screenshots:
None
Threat Actors: Yuze
Victim Country: United States, United Kingdom, Canada
Victim Industry: Technology, E-commerce, Hospitality, Telecommunications
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Netherlands email credentials combolist
Category: Combo List
Content: A threat actor known as CobraEgy has shared a combolist containing over 319,000 email and password credential pairs targeting Netherlands-based users on DemonForums. The content is described as fresh and high quality, and is made available for free via hidden content on the forum. The post also references a Telegram channel (Maxi_links) for additional combolists.
Date: 2026-04-29T07:52:47Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-319-K-%E2%9C%A6-Netherlands-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-29-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Netherlands
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Peruvian email and password credentials
Category: Combo List
Content: A threat actor known as CobraEgy has made available a combolist of approximately 129,000 email and password credential pairs allegedly belonging to Peruvian users. The list is described as fresh and high quality, and is being distributed for free on Demon Forums. Additional combolists are promoted via the Telegram channel Maxi_links.
Date: 2026-04-29T07:51:56Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-129-K-%E2%9C%A6-Peru-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-29-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Peru
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Pakistani email credentials combolist
Category: Combo List
Content: A threat actor operating under the alias CobraEgy has made available a combolist of approximately 54,000+ email and password credential pairs reportedly associated with Pakistani users. The content is described as fresh and high quality, and is being freely shared via a hidden download link on the forum. The post also references a Telegram channel (Maxi_links) for additional combolists.
Date: 2026-04-29T07:51:10Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-54-K-%E2%9C%A6-Pakistan-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-29-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Pakistan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of New Zealand email and password credentials
Category: Combo List
Content: A threat actor known as CobraEgy has shared a combolist of approximately 29,000 email and password credential pairs targeting New Zealand users on DemonForums. The list is described as fresh and high quality, and is made available for free via hidden content on the forum. The post also references a Telegram channel, Maxi_links, for additional combolists.
Date: 2026-04-29T07:50:04Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-29-K-%E2%9C%A6-New-Zealand-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-29-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: New Zealand
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Norwegian email credentials combolist
Category: Combo List
Content: A threat actor known as CobraEgy has made available a combolist of approximately 29,000 email and password credential pairs allegedly belonging to Norwegian users. The post, shared on DemonForums and promoted via the Telegram channel Maxi_links, describes the content as fresh and high quality. No specific organization or targeted service has been identified as the source of the credentials.
Date: 2026-04-29T07:49:05Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-29-K-%E2%9C%A6-Norway-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-29-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Norway
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Nigerian email credentials combolist
Category: Combo List
Content: A threat actor operating under the alias CobraEgy has made available a combolist of approximately 19,000+ email and password credential pairs allegedly associated with Nigerian users. The content is described as fresh and high quality, and is being distributed freely via the DemonForums platform. The post directs users to a Telegram channel (Maxi_links) for additional combolists.
Date: 2026-04-29T07:48:14Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-19-K-%E2%9C%A6-Nigeria-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-29-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Nigeria
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Nepal email credentials combolist
Category: Combo List
Content: A threat actor operating under the alias CobraEgy has made available a combolist of approximately 11,000+ email:password credential pairs associated with Nepal. The content is described as fresh and high quality, and is being distributed for free via a hidden content link on the forum. Additional combolists are promoted through a Telegram channel linked to Maxi_links.
Date: 2026-04-29T07:47:08Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-11-K-%E2%9C%A6-Nepal-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-29-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Nepal
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Facebook credential combolists via MTX Cloud private service
Category: Combo List
Content: A threat actor operating under the alias MTx_Hu is selling verified Facebook credential combolists through a private cloud service called MTX Cloud. The service claims to provide daily updated, deduplicated combolists ranging from 5,000 to 100,000 lines, including Hotmail and mixed email combinations. Subscription tiers are priced between $5 and $40, with payments accepted in cryptocurrency including BTC, LTC, BNB, and USDT.
Date: 2026-04-29T07:45:36Z
Network: openweb
Published URL: https://crackingx.com/threads/73632/
Screenshots:
None
Threat Actors: Haydayx
Victim Country: Unknown
Victim Industry: Social Media
Victim Organization: Facebook
Victim Site: facebook.com
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias snowstormxd has made available a combolist containing 89 Hotmail credentials on a cracking forum. The post includes a free download link and a Telegram channel for distribution. The actor also advertises a paid cloud service and a built-in inboxer tool, suggesting the credentials have been verified for inbox access.
Date: 2026-04-29T07:45:21Z
Network: openweb
Published URL: https://crackingx.com/threads/73633/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias BestCombo has made available a combolist containing 36,022 credential entries targeting hotmail.com accounts. The list was shared freely via a Mega file-sharing link on a cracking forum. The combolist likely contains email and password pairs and may be used for credential stuffing or account takeover attacks.
Date: 2026-04-29T07:45:04Z
Network: openweb
Published URL: https://crackingx.com/threads/73634/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of 5 million URL:Login:Password credential logs
Category: Combo List
Content: A threat actor operating under the alias WashingtonDC has made available a combolist containing approximately 5 million URL, login, and password combinations via a MediaFire file-sharing link. The credentials appear to be sourced from stealer logs and are being freely distributed on the CrackingX forum. No specific victim organization or country has been identified, suggesting the dataset spans multiple targets.
Date: 2026-04-29T07:44:49Z
Network: openweb
Published URL: https://crackingx.com/threads/73635/
Screenshots:
None
Threat Actors: WashingtonDC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Forex High-Quality Depositor Leads Across Multiple Countries
Category: Data Breach
Content: A threat actor operating under the alias pm_rasel on BreachForums is selling a dataset of approximately 39,961 high-quality Forex depositor leads spanning multiple countries including the United Kingdom, Canada, France, Italy, Spain, Poland, and others. The records contain personally identifiable and financial information including full name, email, phone number, country, deposit amount, deposit date, broker account name, white label name, broker name, and lead request offer name. The actor is
Date: 2026-04-29T07:42:54Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Forex-High-Quality-Depositor-Leads
Screenshots:
None
Threat Actors: pm_rasel
Victim Country: Multiple
Victim Industry: Financial Services / Forex Trading
Victim Organization: Multiple Forex Brokers (Orbonex, Aivix, PSI Markets, SwissCoinCo2, Cyber Capital, MNStrack, ROI Bees, MediaNova)
Victim Site: Unknown
Alleged Data Breach of PN-Solok Indonesian District Court Database
Category: Data Breach
Content: A threat actor operating under the alias 0xHentai is selling a database allegedly obtained from pn-solok.go.id, the official website of the Solok District Court in Indonesia. The post claims to contain traffic and case-related data from the judicial institution. The exact record count and full scope of the data have not been disclosed in the post.
Date: 2026-04-29T07:30:17Z
Network: openweb
Published URL: https://breached.st/threads/for-sale-pn-solok-go-id-indonesia-district-court-traffic-case-database.86445/unread
Screenshots:
None
Threat Actors: 0xHentai
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Pengadilan Negeri Solok (PN-Solok District Court)
Victim Site: pn-solok.go.id
Alleged leak of 24 million URL:Email:Password credential records
Category: Logs
Content: A threat actor operating under the alias MrKordy has made available a collection of 24 million URL:Email:Password (ULP) records on a dark web forum, described as fresh and high-quality stealer logs dated April 29, 2026. The content is distributed as a free download accessible to forum members who reply to the thread or hold premium accounts. The dataset appears to originate from infostealer malware activity, containing credential pairs across multiple unspecified platforms.
Date: 2026-04-29T07:23:49Z
Network: openweb
Published URL: https://darkforums.su/Thread-24M-URL-EMAIL-PASS-ULP-%E2%AD%90%EF%B8%8FUHQ-FRESH-%E2%AD%90%EF%B8%8FFROM-29-4-2026%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: MrKordy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Movilnet Customer Database Exposing 200,000 Records
Category: Data Leak
Content: Threat actor GordonFreeman, operating with group L4TAM FUCKERS, claims to have breached Movilnets infrastructure by exploiting an Insecure Direct Object Reference (IDOR) vulnerability in a MongoDB backend, leveraging predictable time-based ObjectIds to exfiltrate data without ownership validation. Approximately 200,000 records were harvested containing extensive personal and account information including full names, national ID numbers, dates of birth, phone numbers, addresses, email addres
Date: 2026-04-29T07:21:38Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-MOVILNET-200K-PHONE-NUMBERS-SENSITIVE-DATA-LEAK-2026-VENEZUELA
Screenshots:
None
Threat Actors: GordonFreeman
Victim Country: Venezuela
Victim Industry: Telecommunications
Victim Organization: Movilnet
Victim Site: movilnet.com.ve
Alleged sale of combo lists and compromised email accounts across multiple countries
Category: Combo List
Content: Threat actor offering for sale combo lists (email:password credentials) and compromised hotmail accounts with access to multiple platforms including eBay, Amazon, Walmart, Poshmark, Depop, and Kleinanzeigen. Claims to have private cloud access and UHQ (ultra high quality) credentials. Targets multiple countries including UK, DE, JP, NL, BR, PL, ES, US, IT, FR, MX, CA, SG and others. Offering keyword-based searches for specific account types.
Date: 2026-04-29T07:18:12Z
Network: telegram
Published URL: https://t.me/c/2613583520/71963
Screenshots:
None
Threat Actors: mu
Victim Country: Multiple countries
Victim Industry: Multiple (e-commerce, email providers, marketplace platforms)
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of Morocco National Complaints Portal and Open Data Portal
Category: Defacement
Content: Threat actor claims to have defaced or compromised two Moroccan government portals: the National Complaints Portal and the Open Data Portal. Post marked as Confirmed with photo evidence referenced.
Date: 2026-04-29T07:16:00Z
Network: telegram
Published URL: https://t.me/c/2588114907/1187
Screenshots:
None
Threat Actors: Keymous
Victim Country: Morocco
Victim Industry: Government
Victim Organization: National Complaints Portal; Open Data Portal
Victim Site: Unknown
Alleged data breach and sale of PN Solok District Court database (Indonesia)
Category: Data Breach
Content: Threat actor 0xhentai claims to have breached and is offering for sale a database from PN Solok (Pengadilan Negeri Solok), an Indonesian district court handling traffic cases. The breach includes court case data and related information.
Date: 2026-04-29T07:10:46Z
Network: telegram
Published URL: https://t.me/c/3865526389/666
Screenshots:
None
Threat Actors: 0xhentai
Victim Country: Indonesia
Victim Industry: Government/Judiciary
Victim Organization: PN Solok (Pengadilan Negeri Solok)
Victim Site: pn-solok.go.id
Alleged sale of RDP access and compromised cloud/email accounts
Category: Initial Access
Content: Threat actor offering rental of RDP access to Azure, AWS, and DigitalOcean infrastructure on daily/monthly basis for $200. Also advertising availability of domain email accounts (Gmail, Yahoo), GitHub student accounts, and domain access. Offering escrow service. Limited stock claimed.
Date: 2026-04-29T07:02:16Z
Network: telegram
Published URL: https://t.me/c/2613583520/71945
Screenshots:
None
Threat Actors: Squad Chat Marketplace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist containing 15,000 entries
Category: Combo List
Content: A threat actor operating under the alias UniqueCombo has shared a mixed email:password combolist containing approximately 15,000 unique credential pairs on DemonForums. The content is hidden behind a registration or login requirement. The actor also advertises a shop (unique-combo.shop) offering combolists from various countries and by request.
Date: 2026-04-29T06:41:13Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-MIX-Unique-Combo-1-15000
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of interia.pl domain-targeted combolist
Category: Combo List
Content: A threat actor operating under the alias BestCombo has made available a domain-targeted combolist containing 2,462 credential pairs associated with interia.pl, a Polish internet and email service provider. The combolist was shared via a Mega file-sharing link on a cracking forum. The post is dated April 28, 2026, and no payment or sale price was indicated, suggesting this is a free leak.
Date: 2026-04-29T06:41:06Z
Network: openweb
Published URL: https://crackingx.com/threads/73628/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Poland
Victim Industry: Internet Services / Email Provider
Victim Organization: Interia
Victim Site: interia.pl
Alleged leak of Business Corporate Email Credentials and SMTP Access
Category: Combo List
Content: A threat actor known as HQcomboSpace has made available a combolist containing 128,263 lines of business corporate email credentials and SMTP access details via a Mega.nz link. The leaked data appears to include mail and password combinations along with SMTP configuration information targeting corporate email accounts. The post was shared for free on the cracking forum CrackingX under the Combolists & Dumps section.
Date: 2026-04-29T06:40:50Z
Network: openweb
Published URL: https://crackingx.com/threads/73629/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Multiple Sectors
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor operating under the alias @Steveee36 has made available a combolist allegedly containing 1,233 Hotmail credentials on the cracking forum CrackingX. The file was shared as a free download in the Combolists & Dumps section. The origin and validity of the credentials have not been verified.
Date: 2026-04-29T06:40:32Z
Network: openweb
Published URL: https://crackingx.com/threads/73630/
Screenshots:
None
Threat Actors: stevee36
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed credential combolist
Category: Combo List
Content: A threat actor operating under the alias UniqueCombo has made available a mixed combolist containing approximately 15,000 unique credential pairs on the cracking forum CrackingX. The post is gated behind registration or sign-in, limiting visibility into the specific content or targeted services. No specific victim organization or country has been identified.
Date: 2026-04-29T06:40:17Z
Network: openweb
Published URL: https://crackingx.com/threads/73631/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 69,000 email account credentials
Category: Data Leak
Content: A threat actor operating under the alias VegaM has made available a combolist containing approximately 69,000 allegedly valid email account credentials on the AE forum. The list is described as high quality (HQ) and valid, suggesting the credentials have been verified for active mail access. The content is hosted on an external paste platform (pasteview.com) and shared freely without a stated price.
Date: 2026-04-29T06:33:58Z
Network: openweb
Published URL: https://altenens.is/threads/69k-hq-valid-mail-access-list.2931456/unread
Screenshots:
None
Threat Actors: VegaM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of M2 Media by Vazzle07
Category: Defacement
Content: On April 29, 2026, a threat actor operating under the alias Vazzle07 defaced a page on m2media.com.sg, a media organization based in Singapore. The incident was a targeted single-page defacement, with no indication of mass or repeated defacement activity. The attackers motivation and technical details regarding the server environment remain unknown.
Date: 2026-04-29T06:21:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915624
Screenshots:
None
Threat Actors: Vazzle07
Victim Country: Singapore
Victim Industry: Media
Victim Organization: M2 Media
Victim Site: m2media.com.sg
Website Defacement of Unknown Organization at 51.91.126.217:8090 by Vazzle07
Category: Defacement
Content: On April 29, 2026, a threat actor known as Vazzle07 defaced the homepage of a web server hosted at IP address 51.91.126.217 on port 8090. The server is hosted on an OVH IP range geolocated to France, though the targeted organization and industry remain unidentified. The incident was recorded as a single home page defacement with no mass defacement activity or prior redefacement history noted.
Date: 2026-04-29T06:19:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915625
Screenshots:
None
Threat Actors: Vazzle07
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 51.91.126.217:8090
Alleged ShinyHunters Threat Actor Group Channel Backup and Coalition Announcement
Category: Cyber Attack
Content: ShinyHunters threat actor group announced creation of a new Telegram channel as backup after their main channel suspension. The group claims unity with multiple threat actors including UNC6040, Aegis, Sevy, Lapsus, and Scattered. Contact information provided includes Telegram handles, XMPP address, and email addresses for coordination.
Date: 2026-04-29T05:57:16Z
Network: telegram
Published URL: https://t.me/c/3500620464/7478
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor known as snowstormxd has made available a combolist of 89 alleged UHQ (Ultra High Quality) Hotmail credentials via a free download link on pasteview.com and a Telegram channel. The post also advertises a paid cloud service starting at $3 for 24 hours, suggesting monetization through a credential-checking or inbox-access service. The offering includes claims of a built-in inboxer tool, indicating these credentials may have been validated for active inbox access.
Date: 2026-04-29T05:45:16Z
Network: openweb
Published URL: https://crackingx.com/threads/73624/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of t-online.de domain credentials combolist
Category: Combo List
Content: A threat actor known as BestCombo has made available a combolist targeting the t-online.de domain, containing approximately 4,362 lines of credentials. The combolist was shared via a Mega.co.nz link on the CrackingX forum. The post is dated April 28, 2026, suggesting recently compiled or aggregated credential data.
Date: 2026-04-29T05:44:59Z
Network: openweb
Published URL: https://crackingx.com/threads/73625/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Germany
Victim Industry: Telecommunications
Victim Organization: Telekom Deutschland
Victim Site: t-online.de
Alleged data breach of Preparafaculdade Brazilian education platform
Category: Data Breach
Content: A threat actor known as ka1do is selling a purported 3.6GB database dump from Preparafaculdade, a Brazilian educational platform offering pre-vestibular and university preparation courses. The database allegedly contains 151 tables with thousands of student records including full names, phone numbers, personal email addresses, login credentials, student IDs, and location data. The actor is offering the dump for an undisclosed price via private message on a cybercrime forum.
Date: 2026-04-29T05:32:05Z
Network: openweb
Published URL: https://breached.st/threads/full-breach-preparafaculdade-3-6gb-database-dump-brazilian-education-platform.86443/unread
Screenshots:
None
Threat Actors: ka1do
Victim Country: Brazil
Victim Industry: Education
Victim Organization: Preparafaculdade
Victim Site: faculdadeprepara.com.br
Alleged Data Leak of Pengadilan Negeri Kuala Kurun (pn-kualakurun.go.id)
Category: Data Leak
Content: A threat actor known as MrAnomali claims to have leaked data associated with pn-kualakurun.go.id, the website of Pengadilan Negeri Kuala Kurun, an Indonesian district court. The post is accompanied by a politically motivated message criticizing corruption and the judicial system in Indonesia. Specific details regarding the type or volume of data involved have not been disclosed.
Date: 2026-04-29T05:31:31Z
Network: openweb
Published URL: https://breached.st/threads/leak-pn-kualakurun-go-id.86314/unread
Screenshots:
None
Threat Actors: MrAnomali
Victim Country: Indonesia
Victim Industry: Government – Judiciary
Victim Organization: Pengadilan Negeri Kuala Kurun
Victim Site: pn-kualakurun.go.id
Website Defacement of Klooker by Astar (Garuda Suspend Commision)
Category: Defacement
Content: On April 29, 2026, a threat actor identified as Astar, affiliated with the group Garuda Suspend Commision, defaced the website klooker.nl by altering the page at /love.html. The incident was a targeted single-page defacement with no indication of mass or repeated defacement activity. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-04-29T05:16:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915618
Screenshots:
None
Threat Actors: Astar, Garuda Suspend Commision
Victim Country: Netherlands
Victim Industry: Unknown
Victim Organization: Klooker
Victim Site: klooker.nl
Website Defacement of Fun Club Yacht Charters by Astar (Garuda Suspend Commision)
Category: Defacement
Content: On April 29, 2026, a threat actor identified as Astar, affiliated with the group Garuda Suspend Commision, defaced the website of Fun Club Yacht Charters. The attack targeted a specific page on the domain and was not classified as a mass or home page defacement. No specific motive or server details were disclosed in connection with the incident.
Date: 2026-04-29T05:15:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915620
Screenshots:
None
Threat Actors: Astar, Garuda Suspend Commision
Victim Country: Unknown
Victim Industry: Marine Tourism / Yacht Charter Services
Victim Organization: Fun Club Yacht Charters
Victim Site: funclubyachtcharters.com
Website Defacement of Hotel Casa Tago by Astar (Garuda Suspend Commision)
Category: Defacement
Content: On April 29, 2026, a threat actor identified as Astar, affiliated with the group Garuda Suspend Commision, defaced a subpage on the Hotel Casa Tago website. The defacement targeted a specific page (love.html) rather than the homepage, indicating a targeted page-level intrusion. No specific motive or exploit details were disclosed.
Date: 2026-04-29T05:14:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915623
Screenshots:
None
Threat Actors: Astar, Garuda Suspend Commision
Victim Country: Unknown
Victim Industry: Hospitality
Victim Organization: Hotel Casa Tago
Victim Site: hotelcasatago.com
Website Defacement of Hotel Management Institutes by Astar (Garuda Suspend Commision)
Category: Defacement
Content: On April 29, 2026, a threat actor identified as Astar operating under the group Garuda Suspend Commision defaced the website hotelmanagementinstitutes.com. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity. The attackers motivation and server details remain unknown, with the defacement archived via zone-xsec.com mirror.
Date: 2026-04-29T05:12:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915621
Screenshots:
None
Threat Actors: Astar, Garuda Suspend Commision
Victim Country: Unknown
Victim Industry: Education / Hospitality Training
Victim Organization: Hotel Management Institutes
Victim Site: hotelmanagementinstitutes.com
Website Defacement of King Singh Legal Consultants by Astar (Garuda Suspend Commision)
Category: Defacement
Content: On April 29, 2026, a threat actor known as Astar, operating under the team Garuda Suspend Commision, defaced the website of King Singh Legal Consultants. The attack targeted the legal consultancy firms web presence in a targeted, non-mass defacement incident. The server details and specific motive behind the attack remain unknown.
Date: 2026-04-29T05:11:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915614
Screenshots:
None
Threat Actors: Astar, Garuda Suspend Commision
Victim Country: Unknown
Victim Industry: Legal Services
Victim Organization: King Singh Legal Consultants
Victim Site: kingsinghlegalconsultants.com
Website Defacement of Novinlib by Astar of Garuda Suspend Commision
Category: Defacement
Content: On April 29, 2026, a threat actor identified as Astar, affiliated with the group Garuda Suspend Commision, defaced a page on novinlib.com, targeting the upload directory with a file named love.html. The incident was a targeted single-page defacement rather than a mass or home page defacement. No specific motivation or server details were disclosed.
Date: 2026-04-29T05:10:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915619
Screenshots:
None
Threat Actors: Astar, Garuda Suspend Commision
Victim Country: Unknown
Victim Industry: Library/Information Services
Victim Organization: Novinlib
Victim Site: novinlib.com
Website Defacement of A1 Body and Frame by Astar of Garuda Suspend Commision
Category: Defacement
Content: On April 29, 2026, a threat actor known as Astar, operating under the group Garuda Suspend Commision, defaced a subpage (love.html) of a1bodyandframe.com, an automotive body and frame repair business. The attack was a targeted single-page defacement rather than a mass or home page compromise. The incident was mirrored and documented via zone-xsec.com.
Date: 2026-04-29T05:09:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915617
Screenshots:
None
Threat Actors: Astar, Garuda Suspend Commision
Victim Country: United States
Victim Industry: Automotive Services
Victim Organization: A1 Body and Frame
Victim Site: a1bodyandframe.com
Website Defacement of Legacy Impact Projects by Astar (Garuda Suspend Commision)
Category: Defacement
Content: On April 29, 2026, a threat actor known as Astar, operating under the team Garuda Suspend Commision, defaced the website of Legacy Impact Projects. The attack was a targeted single-page defacement, with the mirror archived via zone-xsec.com. No specific motivation or server details were disclosed in the reported incident.
Date: 2026-04-29T05:07:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/915616
Screenshots:
None
Threat Actors: Astar, Garuda Suspend Commision
Victim Country: Unknown
Victim Industry: Non-Profit / Social Impact
Victim Organization: Legacy Impact Projects
Victim Site: www.legacyimpactprojects.org
Alleged data leak of 2,379 US Marines personal information by Hanzalah hacking group
Category: Data Leak
Content: According to Wall Street Journal reporting, the Iranian-affiliated hacking group Hanzalah claimed to have leaked names and personal details of 2,379 US Marines stationed in the Persian Gulf region. The group claimed via their Telegram channel that this represents only a fraction of their capabilities, and that they possess identity information on tens of thousands of US military personnel across multiple branches. Pentagon is investigating the claims, with initial evidence suggesting at least some of the leaked names belong to military personnel.
Date: 2026-04-29T05:06:01Z
Network: telegram
Published URL: https://t.me/c/1283513914/21455
Screenshots:
None
Threat Actors: Hanzalah
Victim Country: United States
Victim Industry: Government/Military
Victim Organization: United States Military (US Marines)
Victim Site: Unknown
Alleged leak of Gmail credential combolist targeting forum users
Category: Combo List
Content: A threat actor operating under the alias ValidMail has made available an alleged combolist containing approximately 60,000 Gmail credentials on the cracking forum CrackingX. The post is categorized under Combolists & Dumps, suggesting the credentials are compiled from various sources. Full content is restricted to registered forum members.
Date: 2026-04-29T04:45:45Z
Network: openweb
Published URL: https://crackingx.com/threads/73623/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged Data Leak of Bank Mandiri Customer Database
Category: Data Leak
Content: A threat actor operating under the alias Xyph0rix has leaked a database allegedly containing Bank Mandiri customer records on the Breached forum. The leaked data includes customer full names, dates of birth, and mobile phone numbers. A download link for the full database has been made available at no charge.
Date: 2026-04-29T04:33:27Z
Network: openweb
Published URL: https://breached.st/threads/database-bank-mandiri.86441/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Indonesia
Victim Industry: Banking & Financial Services
Victim Organization: Bank Mandiri
Victim Site: bankmandiri.co.id
Alleged Data Leak of Kemkomdigi SIM Card Registration Database
Category: Data Leak
Content: A threat actor known as 0xHentai has allegedly leaked a database belonging to Kemkomdigi, Indonesias Ministry of Communication and Digital, on a dark web forum. The leaked data reportedly contains personal information collected through Indonesias SIM card registration process, which requires citizens to provide their National Identity Number (NIK). The post implies sensitive citizen identity data has been made publicly available on the forum.
Date: 2026-04-29T04:32:55Z
Network: openweb
Published URL: https://breached.st/threads/database-leak-kemkomdigi.86442/unread
Screenshots:
None
Threat Actors: 0xHentai
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Kemkomdigi (Indonesian Ministry of Communication and Digital)
Victim Site: Unknown
Alleged data breach of Kemkomdigi (Indonesian Ministry of Communication and Digital Infrastructure)
Category: Data Breach
Content: Post references a database leak of Kemkomdigi with links to breached.st profile and dedicated leak thread. Kemkomdigi is Indonesias Ministry of Communication and Digital Infrastructure.
Date: 2026-04-29T04:18:17Z
Network: telegram
Published URL: https://t.me/c/3865526389/662
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Kemkomdigi
Victim Site: Unknown
Alleged data breach of Kemkomdigi (Indonesian Ministry of Communication and Digital Infrastructure)
Category: Data Breach
Content: Post references a database leak affecting Kemkomdigi with links to breached.st profile and dedicated leak thread. Kemkomdigi is Indonesias Ministry of Communication and Digital Infrastructure.
Date: 2026-04-29T04:15:34Z
Network: telegram
Published URL: https://t.me/c/3865526389/661
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Kemkomdigi
Victim Site: Unknown
Alleged data breach of Bank Mandiri
Category: Data Breach
Content: Threat actor Xyph0rix has posted on Breachforums regarding a Bank Mandiri database breach. The actor maintains an active profile on the breach forum and has created a thread discussing the Bank Mandiri database incident.
Date: 2026-04-29T04:10:21Z
Network: telegram
Published URL: https://t.me/Xyph0rix/232
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Indonesia
Victim Industry: Financial Services
Victim Organization: Bank Mandiri
Victim Site: mandiri.co.id
Alleged leak of Gmail credential combolist with 1.4 million lines
Category: Combo List
Content: A threat actor operating under the handle HQcomboSpace has shared a combolist containing approximately 1.47 million lines targeting Gmail domain accounts via a Mega.nz link. The combolist appears to consist of email and password credential pairs associated with Gmail users. The content was made available for free download on the cracking forum CrackingX.
Date: 2026-04-29T04:07:40Z
Network: openweb
Published URL: https://crackingx.com/threads/73621/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged leak of t-online.de credentials combolist
Category: Combo List
Content: A threat actor known as BestCombo has shared a combolist containing approximately 5,128 credential pairs associated with t-online.de, a German email and internet service provider operated by Telekom Deutschland. The combolist was made available for free via a Mega file-sharing link on the cracking forum CrackingX. The post is dated April 28, 2026, and is categorized under European combolists.
Date: 2026-04-29T04:07:18Z
Network: openweb
Published URL: https://crackingx.com/threads/73622/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Germany
Victim Industry: Telecommunications
Victim Organization: Telekom Deutschland
Victim Site: t-online.de
Alleged leak of streaming service credentials combolist
Category: Data Leak
Content: A threat actor operating under the alias GhostlyGamer has shared a combolist of approximately 100,000 email and password credential pairs purportedly associated with streaming service accounts. The list is being made available for free on the AE forum, requiring users to reply to the thread to access the hidden download link. The specific streaming platform(s) affected have not been identified.
Date: 2026-04-29T04:01:59Z
Network: openweb
Published URL: https://altenens.is/threads/star-100k-star-streaming-high-quality-combolist-star-email-pass-star.2931439/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Media & Entertainment
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of FlexBooker Appointment Booking Platform
Category: Data Breach
Content: A threat actor on the Breached forum is selling an alleged database dump from FlexBooker, a US-based SaaS appointment booking platform, for $2,500 USD. The database reportedly contains 9.5 million records in CSV format, including personally identifiable information such as names, email addresses, phone numbers, stored payment masks, and authentication tokens. The inclusion of stored payment masks and tokens raises significant concerns regarding potential financial and account-related fraud.
Date: 2026-04-29T03:52:59Z
Network: openweb
Published URL: https://breached.st/threads/flexbooker-com-us-appointment-booking-system.86440/unread
Screenshots:
None
Threat Actors: xcgtyrewty
Victim Country: United States
Victim Industry: Software as a Service (SaaS)
Victim Organization: FlexBooker
Victim Site: flexbooker.com
Alleged leak of Interpol employee email directory
Category: Data Leak
Content: A list of approximately 150+ email addresses allegedly belonging to Interpol staff members has been shared in the Rakyat Digital Crew channel. The emails span various departments and include addresses from multiple organizational units. This represents a potential data breach of law enforcement personnel contact information.
Date: 2026-04-29T03:36:54Z
Network: telegram
Published URL: https://t.me/Xyph0rix/230
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: International
Victim Industry: Law Enforcement
Victim Organization: Interpol
Victim Site: interpol.int
Alleged sale of mail access credentials and stolen bank account lists with fraud services
Category: Combo List
Content: Threat actor operating as @Dataxlogs advertises mail access availability with configurations, scripts, tools, and combolists for multiple countries (FR, BE, AU, CA, UK, US, NL, PL, DE, JP). Simultaneously, LUCKPAY organization advertises stolen stock fund account credentials from Indian banks (SBM, IDBI, CBI, Bandhan, AU, BOM, Cosmos, HSBC, DBS, UTK, Saraswat, YES, Citi) with F2F (face-to-face) and OTP fraud services at 3.5-5.5% commission rates, requiring 10,000 USDT deposit, with operations across multiple Indian cities.
Date: 2026-04-29T03:33:00Z
Network: telegram
Published URL: https://t.me/c/2613583520/71859
Screenshots:
None
Threat Actors: Dataxlogs
Victim Country: India
Victim Industry: Financial Services, Banking
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of MSN.com credential combolist
Category: Combo List
Content: A threat actor operating under the alias BestCombo has shared a combolist targeting msn.com on a cracking forum. The list, dated April 28, 2026, contains approximately 2,167 lines of mixed credentials and is being made available for free via a Mega file-sharing link. The combolist is described as a domain-targeted mixed format, likely containing email and password pairs.
Date: 2026-04-29T03:27:33Z
Network: openweb
Published URL: https://crackingx.com/threads/73618/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: United States
Victim Industry: Technology
Victim Organization: Microsoft MSN
Victim Site: msn.com
Alleged leak of fresh Hotmail credential combolist
Category: Combo List
Content: A threat actor known as snowstormxd has made available a combolist of 89 allegedly fresh Hotmail credentials via a public paste link and a Telegram channel. The post advertises a built-in inboxer tool and promotes a paid private cloud service offering additional resources, suggesting the actor is also monetizing access to larger credential sets. The free download appears to serve as a sample to attract buyers to a tiered subscription service priced from $3 to $120.
Date: 2026-04-29T03:27:00Z
Network: openweb
Published URL: https://crackingx.com/threads/73619/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged Sale of Stolen Payment Cards with Full Info and Account Linkability
Category: Carding
Content: A threat actor operating under the alias dqrks69 is advertising stolen credit cards with high balances, full cardholder information, email access, and PIN details. The cards are marketed for use in online shopping, bill payments, and debit transactions, and are advertised as linkable to CashApp, Apple Pay, and cryptocurrency accounts. The actor provides contact details via Telegram, Signal, and WhatsApp for interested buyers.
Date: 2026-04-29T03:19:48Z
Network: openweb
Published URL: https://altenens.is/threads/check-mark-buttonif-anyone-need-cc-with-good-and-high-balance.2931411/unread
Screenshots:
None
Threat Actors: dqrks69
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Live Credit Cards with Apple Pay and Google Pay Bypass Capabilities
Category: Carding
Content: A threat actor operating under the alias halowof73 is selling live credit cards (CCs) claimed to be compatible with Apple Pay and Google Pay across multiple countries. The seller advertises automatic OTP verification bypass capabilities, indicating the cards are pre-configured for fraudulent contactless payments. The actor is promoting the service via a Telegram channel and offers replacements or refunds for non-functional cards.
Date: 2026-04-29T03:19:32Z
Network: openweb
Published URL: https://altenens.is/threads/apple-red-apple-pay-and-google-pay-for-android-and-iphone.2931424/unread
Screenshots:
None
Threat Actors: halowof73
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged Discussion of Log4Shell RCE Exploitation Against Minecraft Servers
Category: Initial Access
Content: A threat actor on a stealer logs forum discussed the ongoing relevance of Log4Shell (CVE-2021-44228) exploitation targeting Minecraft servers. The post highlights how crafted strings dropped in in-game chat could trigger remote code execution on vulnerable servers, and notes that prebuilt payloads and scripts were rapidly operationalized for low-skill actors. The author emphasized that poorly maintained game servers running outdated components remain a convenient and accessible attack surface.
Date: 2026-04-29T03:14:50Z
Network: openweb
Published URL: https://breached.st/threads/minecraft-rce-via-log4shell-still-relevant.86438/unread
Screenshots:
None
Threat Actors: cubotw0
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Unknown
Victim Site: Unknown
Alleged Carding and Fraudulent Transfer Services Offered via Telegram
Category: Combo List
Content: A threat actor operating under the alias showbezzy is advertising fraudulent financial services including non-VBV cards, cloned payment cards, and account takeover capabilities for platforms such as CashApp, PayPal, Zelle, Chime, Venmo, Skrill, Google Pay, Apple Pay, and Western Union. The actor claims to facilitate bank transfers and crypto transactions, directing potential buyers to a Telegram channel (@toptopupp) to place orders. The post indicates an active operation with services being of
Date: 2026-04-29T02:48:44Z
Network: openweb
Published URL: https://demonforums.net/Thread-Down-To-Help-Niqqass-Get-Rich-Off–202140
Screenshots:
None
Threat Actors: showbezzy
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged Carding Services Offering Cloned Cards, Non-VBV Cards, and Fraudulent Transfers via Telegram
Category: Carding
Content: A threat actor operating under the alias showbezzy is advertising carding and financial fraud services on a dark web forum. The offerings include cloned payment cards, non-VBV cards, and account linkables for platforms such as CashApp, PayPal, Zelle, Chime, Venmo, Skrill, Google Pay, Apple Pay, and Western Union. The actor directs prospective buyers to a Telegram channel (t.me/toptopupp) to place orders.
Date: 2026-04-29T02:48:39Z
Network: openweb
Published URL: https://demonforums.net/Thread-Down-To-Help-Niqqass-Get-Rich-Off–202144
Screenshots:
None
Threat Actors: showbezzy
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias noir has made available a combolist of purportedly valid Hotmail credentials on the cracking forum CX. The post claims the credentials are UHQ (ultra-high quality) and valid, with the content described as sourced from a private cloud. The actor is contactable via Telegram at @noiraccesss for further distribution.
Date: 2026-04-29T02:10:12Z
Network: openweb
Published URL: https://crackingx.com/threads/73615/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Yahoo credential combolist with mixed country targets
Category: Combo List
Content: A threat actor known as HQcomboSpace has made available a combolist containing approximately 1.85 million credential pairs targeting Yahoo accounts. The list is described as mixed country origin and has been shared via a Mega.nz file link on the cracking forum CrackingX. The combolist appears to be a free leak with no price mentioned.
Date: 2026-04-29T02:09:55Z
Network: openweb
Published URL: https://crackingx.com/threads/73616/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com
Alleged leak of Gmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias BestCombo has made available a combolist of approximately 41,075 Gmail credential pairs via a Mega file-sharing link on the crackingx.com forum. The post is dated April 28, 2026, and is described as a mixed domain target combolist focused on gmail.com accounts. The credentials were shared freely with no payment required, gated only by a forum reaction.
Date: 2026-04-29T02:09:31Z
Network: openweb
Published URL: https://crackingx.com/threads/73617/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged sale of webshells
Category: Initial Access
Content: Threat actor advertising the sale of webshells via direct message contact (@muchbetterkyless)
Date: 2026-04-29T01:58:46Z
Network: telegram
Published URL: https://t.me/c/2315649855/357
Screenshots:
None
Threat Actors: muchbetterkyless
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Startupworld User Emails
Category: Data Leak
Content: A threat actor operating under the alias popfizz on the AE forum has allegedly leaked user email data belonging to Startupworld, an Indian startup-focused platform. The post claims the site was hacked and user emails have been made available to forum members. Full details of the leak are hidden behind a reply-gate, limiting visibility into the scope and nature of the exposed data.
Date: 2026-04-29T01:58:42Z
Network: openweb
Published URL: https://altenens.is/threads/indian-site-startupworld-user-emails-leaked.2931342/unread
Screenshots:
None
Threat Actors: popfizz
Victim Country: India
Victim Industry: Technology / Startups
Victim Organization: Startupworld
Victim Site: startupworld.in
Alleged sharing of free business and web tools resource list
Category: Data Leak
Content: A forum user on AE – Leaked Databases shared a post containing a collection of free online tools and resources covering areas such as business name generation, SEO analysis, image editing, email collection, and remote work. The actual content is hidden behind a reply gate, requiring users to respond before accessing the listed resources. No specific victim, data breach, or malicious payload is directly evident from the visible content.
Date: 2026-04-29T01:58:29Z
Network: openweb
Published URL: https://altenens.is/threads/free-usefull-websites-logo-hosting-invoicing.2931334/unread
Screenshots:
None
Threat Actors: popfizz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Pamekasan Regional Population Database, East Java, Indonesia
Category: Data Leak
Content: A threat actor operating under the alias Xyph0rix has leaked a structured database dump containing personal records of residents from Pamekasan Regency, East Java, Indonesia. The exposed data includes national identity numbers (NIK), family card numbers (NKK), full names, places and dates of birth, marital status, gender, and residential addresses including village and district details. The data appears to originate from Indonesias civil registration or population administration system (Dukca
Date: 2026-04-29T01:55:26Z
Network: openweb
Published URL: https://breached.st/threads/database-pamekasan-prov-jawa-timur.86435/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Pamekasan Regional Government (Pemerintah Kabupaten Pamekasan)
Victim Site: Unknown
Alleged Data Leak of Bekasi Government Job Seeker Database (bebunge.bekasikab.go.id)
Category: Data Leak
Content: A threat actor known as Xyph0rix has leaked a database from the Bekasi Regency Governments job seeker portal (bebunge.bekasikab.go.id), an Indonesian regional government employment platform. The leaked data includes highly sensitive personal information such as national ID card numbers, full names, dates of birth, home addresses, email addresses, phone numbers, educational background, employment history, and desired salary, among other fields. The database has been made available for free downl
Date: 2026-04-29T01:54:53Z
Network: openweb
Published URL: https://breached.st/threads/database-bebunge-bekasikab-go-id.86436/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Bekasi Regency Government (bekasikab.go.id)
Victim Site: bebunge.bekasikab.go.id
Alleged Data Leak of Indonesian Millennial Farmer Program (Petani Milenial) Database
Category: Data Leak
Content: A threat actor operating under the alias Xyph0rix has leaked a structured database allegedly belonging to Indonesias Petani Milenial dan Andalan agricultural program. The exposed records contain highly sensitive personal information including full names, national ID numbers (NIK), dates of birth, phone numbers, email addresses, physical addresses, KTP (national ID card) photo links, passport photo links, business and financial details, and KUR (government credit) program data. Affected individu
Date: 2026-04-29T01:54:20Z
Network: openweb
Published URL: https://breached.st/threads/database-petani-milenial-dan-andalan.86437/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Indonesia
Victim Industry: Government / Agriculture
Victim Organization: Petani Milenial dan Andalan
Victim Site: Unknown
Alleged data breach of Petani Milenial dan Andalan database
Category: Data Breach
Content: Threat actor Xyph0rix has disclosed a database breach involving Petani Milenial dan Andalan on Breachforums. The breach includes a dedicated thread on the underground forum with evidence of database compromise.
Date: 2026-04-29T01:35:54Z
Network: telegram
Published URL: https://t.me/Xyph0rix/229
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Indonesia
Victim Industry: Agriculture/Farming
Victim Organization: Petani Milenial dan Andalan
Victim Site: Unknown
Alleged leak of mixed European credential combolist
Category: Combo List
Content: A threat actor operating under the alias BestCombo has made available a mixed European combolist containing 6,857 lines on the crackingx.com forum. The combolist, dated April 28, 2026, was shared via a Mega.co.nz link and appears to contain credential pairs targeting European users. No specific organizations or industries have been identified as victims.
Date: 2026-04-29T01:27:58Z
Network: openweb
Published URL: https://crackingx.com/threads/73612/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist with 89 accounts
Category: Combo List
Content: A threat actor known as snowstormxd has made available a combolist of 89 Hotmail credentials via a free download link on pasteview.com and a Telegram channel. The post claims the credentials have been verified with a built-in inboxer, suggesting the accounts are active. The actor also promotes a paid cloud service for access to additional credential lists, with pricing ranging from $3 for 24 hours to $120 for lifetime access.
Date: 2026-04-29T01:27:42Z
Network: openweb
Published URL: https://crackingx.com/threads/73613/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged data breach of Pamekasan Province database (Jawa Timur, Indonesia)
Category: Data Breach
Content: A database breach affecting Pamekasan Province in East Java (Jawa Timur), Indonesia has been posted on Breachforums. The breach was shared by user Xyph0rix and includes a dedicated thread discussing the compromised database.
Date: 2026-04-29T01:24:06Z
Network: telegram
Published URL: https://t.me/Xyph0rix/227
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Pamekasan Province
Victim Site: Unknown
Alleged leak of Udemy premium course content
Category: Data Leak
Content: A threat actor on the AE – Leaked Databases forum has made available an alleged collection of over 700GB of Udemy premium course content for free download. The shared material purportedly includes a wide range of premium courses from the platform. Access to the content requires forum interaction, suggesting a reply-gated hidden link distribution method.
Date: 2026-04-29T01:20:50Z
Network: openweb
Published URL: https://altenens.is/threads/700gb-udemy-premium-courses-everything-you-looking-for.2931328/unread
Screenshots:
None
Threat Actors: popfizz
Victim Country: United States
Victim Industry: Online Education
Victim Organization: Udemy
Victim Site: udemy.com
Alleged sale of fresh database credentials across multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT)
Category: Combo List
Content: Threat actor offering fresh database credentials and account access across multiple countries including UK, Germany, Japan, Netherlands, Brazil, Poland, Spain, US, and Italy. Specifically targeting e-commerce platforms (eBay, Poshmark, Alibaba, Walmart, Amazon, Mercari, Kleinanzeigen), payment services (PayPal, neosurf), gaming (PSN), travel (booking, Uber), and webmail accounts (ntlworld). Seller claims to have private cloud infrastructure and ability to search by keyword. Requests direct message for credential verification and purchase.
Date: 2026-04-29T01:00:01Z
Network: telegram
Published URL: https://t.me/c/2613583520/71799
Screenshots:
None
Threat Actors: mu
Victim Country: United Kingdom, Germany, Japan, Netherlands, Brazil, Poland, Spain, United States, Italy
Victim Industry: E-commerce, Payment Services, Gaming, Travel, Webmail
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Global Fullz, Identity Documents, and Financial Data by Threat Actor silasclark
Category: Combo List
Content: A threat actor operating under the alias silasclark and Telegram handle @FULLZPROS is advertising a broad range of stolen identity and financial data on a carding forum, including fullz with SSN/DOB/DL, passport and drivers license photos with selfies, credit card dumps with PIN tracks, tax return documents, KYC bypass materials, and categorized lead databases spanning multiple countries. The offering includes tools such as mailers, CC checkers, and AI bots to facilitate fraud. Contact is s
Date: 2026-04-29T00:48:16Z
Network: openweb
Published URL: https://crackingx.com/threads/73608/
Screenshots:
None
Threat Actors: silasclark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Fullz, Stolen Documents, Carding Data, and Hacking Tools by Threat Actor FullzPros
Category: Carding
Content: A threat actor operating under the alias FullzPros is advertising a broad range of illicit goods and services on a cybercrime forum, including fullz (SSN, DOB, DL, NIN, SIN), identity documents with selfies and videos, credit card dumps with PIN tracks, tax return fullz, childrens PII, Medicare records, and targeted leads across multiple sectors. The actor also offers hacking and fraud tools including scam pages, RATs, SMTP mailers, carding tutorials, and account takeover methods. Contact is
Date: 2026-04-29T00:47:42Z
Network: openweb
Published URL: https://crackingx.com/threads/73611/
Screenshots:
None
Threat Actors: silasclark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Data Leak
Content: A threat actor known as redcloud has shared a combolist of approximately 10,100 allegedly valid Hotmail email credentials on the AE combo list forum. The post, dated April 29, 2026, claims the credentials are private and of ultra-high quality (UHQ). The list is available as a free download upon replying to the thread, with the actor also providing a Telegram contact for further communication.
Date: 2026-04-29T00:36:56Z
Network: openweb
Published URL: https://altenens.is/threads/10-1k-high-voltagehotmailhigh-voltagevalid-mail-access-29-04.2931299/unread
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of compromised account databases across multiple countries
Category: Data Breach
Content: Threat actor offering fresh databases from multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT) with access to major e-commerce and service platforms including eBay, Amazon, Walmart, PSN, Booking, Poshmark, Alibaba, Mercari, and Kleinanzeigen. Seller claims to have private cloud infrastructure with valid webmail access and offers keyword-based searching. Contact via DM for requests.
Date: 2026-04-29T00:30:12Z
Network: telegram
Published URL: https://t.me/c/2613583520/71766
Screenshots:
None
Threat Actors: mu
Victim Country: Unknown
Victim Industry: E-commerce, Financial Services, Technology
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Income Tax Department KYC data by NoHeartz
Category: Data Leak
Content: NoHeartz threat actor claims to have leaked Know Your Customer (KYC) data from Indias Income Tax Department. The post includes recruitment calls for collaboration with multiple named threat actors and hacktivist groups including TengkorakCyberCrew, MalaysiaHacktivist, EagleCyberCrew, and others. Posted to #OpsShadowStrike channel.
Date: 2026-04-29T00:21:15Z
Network: telegram
Published URL: https://t.me/Noheartz1337/265
Screenshots:
None
Threat Actors: NoHeartz
Victim Country: India
Victim Industry: Government
Victim Organization: Income Tax Department
Victim Site: Unknown
Alleged cyber attack on Itron Inc. by Anonymous Sanaa and Yemeni Cyber Security Agency claiming breach of global energy management systems
Category: Cyber Attack
Content: Anonymous Sanaa and the Yemeni Cyber Security Agency (711) claim responsibility for a major cyber attack against Itron Inc., a US-based energy and water resource management technology company. The threat actors allege they breached IT networks, gained access to sensitive internal systems, and compromised data management platforms serving thousands of energy and water companies across 100+ countries. They claim to have accessed Industrial IoT (IIoT) technologies and caused widespread disruption to energy management networks. The actors reference an SEC disclosure by Itron acknowledging the breach and claim ongoing operations.
Date: 2026-04-29T00:18:10Z
Network: telegram
Published URL: https://t.me/cyber_almot/3218
Screenshots:
None
Threat Actors: Anonymous Sanaa
Victim Country: United States
Victim Industry: Energy Management / Utilities / Critical Infrastructure
Victim Organization: Itron Inc.
Victim Site: itron.com
Alleged Data Leak of Global Crypto Investor PII and Hardware Wallet Order Records
Category: Data Leak
Content: A threat actor operating under the FACE OFF moniker has made available a dataset allegedly containing full PII and order histories of global cryptocurrency investors, including names, emails, phone numbers, and shipping addresses. The leaked records are associated with hardware wallet purchases from vendors such as Ledger, Trezor, and Billfodl, along with related cold storage products. The data is being distributed via a Mega download link, with the actors also offering bulk access via direct
Date: 2026-04-29T00:16:51Z
Network: openweb
Published URL: https://pwnforums.st/Thread-COLLECTION-DATA-Global-Crypto-Investor-Orders-PII-Leak-FACE-OFF
Screenshots:
None
Threat Actors: Kevinn
Victim Country: Unknown
Victim Industry: Cryptocurrency / Financial Technology
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of URSSAF Exposing 12 Million Records Including Financial Data
Category: Data Breach
Content: A threat actor known as hackplanete is claiming to sell a database allegedly sourced from urssaf.fr, a French social security and payroll organization. The purported dataset contains approximately 12 million records including full names, email addresses, phone numbers, physical addresses, NIR (national identification numbers), IBANs, and SWIFT/BIC codes. A sample has been shared via Pastebin, while the full dataset is locked behind a points-based paywall on the forum.
Date: 2026-04-29T00:14:33Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-URSAF-LEAK-IBAN-BIC
Screenshots:
None
Threat Actors: hackplanete
Victim Country: France
Victim Industry: Government / Social Security
Victim Organization: URSSAF
Victim Site: urssaf.fr
Alleged leak of Germany mixed domain credential combolist
Category: Combo List
Content: A threat actor operating under the alias HQcomboSpace has made available a combolist containing approximately 628,333 lines of credentials associated with mixed German domains. The file has been shared freely via a Mega.nz link on the cracking forum CrackingX. The leak appears to aggregate credentials from multiple sources targeting Germany-based email and web service accounts.
Date: 2026-04-29T00:07:27Z
Network: openweb
Published URL: https://crackingx.com/threads/73604/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist
Category: Combo List
Content: A threat actor operating under the alias BestCombo has freely shared a mixed combolist containing approximately 6,857 lines of credentials via a Mega.co.nz link on the cracking forum CrackingX. The combolist is described as fresh and dated April 28, 2026, suggesting recently harvested or validated credentials. No specific victim organization or targeted service has been identified.
Date: 2026-04-29T00:07:10Z
Network: openweb
Published URL: https://crackingx.com/threads/73605/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed valid email access credentials (59,100 records)
Category: Data Leak
Content: A threat actor known as redcloud has made available a combolist of approximately 59,100 claimed valid email credentials described as UHQ (ultra-high quality) and private. The data was shared for free on the AE forum with a reply-to-unlock mechanism and is associated with a Telegram contact handle. No specific victim organization or country has been identified, suggesting a mixed multi-source credential list.
Date: 2026-04-29T00:06:09Z
Network: openweb
Published URL: https://altenens.is/threads/59-1k-sparkles-mix-sparkles-valid-mail-access-29-04.2931269/unread
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Stolen CVV/CC Fullz Including US, UK, CA, AUS, JP, and CN Cards
Category: Carding
Content: A threat actor operating under the alias Geygeyu and Telegram handle @D03_BOI is selling stolen credit card data including CVV2, card numbers, expiration dates, cardholder names, billing addresses, and phone numbers. The actor claims to offer live and valid card data from multiple countries including the United States, United Kingdom, Canada, Australia, Japan, and China, with a stated 90% ratio of cards carrying balances over $100. Replacement guarantees and reseller pricing are offered to a
Date: 2026-04-29T00:00:58Z
Network: openweb
Published URL: https://altenens.is/threads/hello-everyone-we-are-looking-for-a-good-customers-to-buy-cvv-cc-and-do-business-long-term-cause-we-have-a-huge-cvv-cc-in-store-everyday-to-sell.2931238/unread
Screenshots:
None
Threat Actors: Geygeyu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown