[May-04-2026] Daily Cybersecurity Threat Report

Executive Summary

The threat landscape is currently dominated by highly prolific actors executing large-scale data breaches against critical infrastructure, government agencies, and multinational corporations. The data highlights a severe escalation in Initial Access Brokerage (IAB), sophisticated malware distribution, and the mass dissemination of credential combo lists—some containing tens of millions of records.

1. Tier 1 Threat Actors: High-Impact Breaches

Several threat actors have demonstrated the capability to compromise highly sensitive governmental and corporate networks on a global scale.

1.1 The “FuckerSpy” Campaigns

The actor known as FuckerSpy is responsible for a vast array of high-value database sales, targeting everything from military infrastructure to global financial systems:

Military & Government: FuckerSpy is selling a US Air Force database containing 191,027 records. This data includes facility names, coordinates, elevation data, FAA numbers, and geolocation metrics. The actor is accepting negotiable offers via Telegram, qTox, and Session. Furthermore, they claim to possess 10+ TB of classified military data from China’s National Supercomputing Center (NSCC), encompassing stealth/supersonic technology, bunker-buster ordnance modeling, and satellite systems. FuckerSpy also claims to have breached the Philippines National Police (PNP), extracting officer records, firearms data, and SALN records.
Financial Services: The actor is selling 4.6 million customer records from Wells Fargo Bank (2024-2026) , 4 million United States VISA cardholder records , and a 20GB database from the Chinese international payment system, UnionPay. They also claim a 23GB database breach of the Australian trading platform fxpro.investment.
National Infrastructure & Citizens: In the United States, FuckerSpy is selling 13.3 million records from the Social Security Administration (SSA). Internationally, they are selling a 230GB database from a UAE Investors System containing Dubai Golden Visa records , an 800GB ERP database from National Oil Ethiopia PLC obtained via a ProxyLogon Exchange vulnerability , and an alleged database of 20 million Japanese citizens.
Corporate & Retail: Additional data for sale includes 10 million US car insurance records from car.insurance.net , 20 million records from Ticketmaster , 2 million Kuwait Airways passenger records , 4 million enterprise records from Movistar Peru , and 1 million client records from Transamerica.

1.2 The “xorcat” Operations

Operating heavily across both the open web and Telegram, xorcat has engaged in extensive data theft, API exploitation, and the distribution of malicious tooling:

Data Breaches: xorcat leaked over 507,000 records from Aman Resorts’ Salesforce CRM by exploiting weak token rotation and an absent rate-limit on a REST API. The actor also leaked 95,952 verified Russian identity records from LedgerID , 10,000 investor leads from BTC Profit , a Polymarket.com API dump containing 10 million records , and 50,001 verified Malaysian citizen records traced to europlus.com.br , alongside an additional 130,000 Malaysian National Identification records. The actor also leaked Swiss “fullz” data designed for spam operations.
Chinese Infrastructure Targeting: xorcat actively targets Chinese systems, releasing a Python bruteforce tool that exploits a hardcoded key in the Changzhou Public Security Bureau’s WeChat mini-program to cross-match facial photos against the national police biometric database. They leaked the full source code for a Chinese medical records Telegram bot (@xiaochouyl1_bot) and a Chinese public security law enforcement bot. The actor also cracked the Alipay real-name 3-factor verification API for large-loan.shiqiao.com and released a Kuaishou mass-reporting bot that utilizes stolen session cookies. The group has formally announced offensive cyber operations against Chinese government assets, distributing 0-day exploits publicly.

1.3 Infrastructure Destruction Squad & ShinyHunters

Infrastructure Destruction Squad: This group is selling 53GB of highly classified data breached from the Albanian government and the Albanian embassy in Washington D.C., encompassing diplomatic correspondence and files related to the NSA. They are also selling sensitive technical documents—including turret designs and assembly defects for ScoutSV light armored vehicles—stolen from the German defense contractor Rheinmetall.
ShinyHunters: This veteran group allegedly breached CanadaGoose.com, exposing 583,000 e-commerce user records. They also leaked a 2024 database from Accord Healthcare containing 642,000 user records.

2. Regional & Sector-Specific Data Breaches

2.1 The Indonesian Cyber Landscape

Indonesian infrastructure is currently under heavy siege from multiple local and international actors:

Government Targets: Actor NTB.Cyber / 0xHentai is selling access and databases belonging to the Directorate General of Population and Civil Registration (Dukcapil Kemendagri). Actor IRXPLOIT leaked taxpayer identity records from the DJP Online portal and teacher records from the Ministry of Education (Kemendikbud). Additionally, CY8ER N4TI0N leaked Indonesian population records containing National Identity Numbers (NIK) and Family Card Numbers (NKK) , and Xyph0rix leaked a government database from the City of Tegal.
Corporate & Infrastructure Targets: Actor Mr. Hanz Xploit leaked data from state-owned electricity company PLN , Bank BNI , Mitsubishi Motors Indonesia , and an online gambling platform, Lombok Toto. Actor x0ghost leaked a database from McDonald’s Indonesia. Kyyzo executed a ransomware attack against the Indonesian Oil Palm Research Institute (IOPRI), demanding a ransom for 61GB of exfiltrated data.
Education Sector: Mr.ZeroPhx100 leaked databases from Universitas Jambi and SMKN 1 Pekalongan.

2.2 European & Global Targets

France: Actor NearLeVrai breached the French Ministry of Health (sante.gouv.fr), extracting over 26,000 beneficiary records and selling the scraping tool. NormalLeVrai leaked a 15-million-row database from ZenMobile and 17 million French email addresses. Lagui leaked databases from the French business compliance platform Actradis (82,611 records) and Profil Search (100,642 records). lowiq is selling 1.2 million records from French sports retailer i-Run.fr.
India: Actor cc5ab breached five Indian state electricity DISCOMs alongside PowerXchange and Teledgers, exposing Aadhaar numbers and live API keys. DoYouKnowMe leaked data from IIT Indore affecting 13,348 students via SQL injection. mimevo1248 is selling 40 million records of Indian females.
Other Notable Breaches: Darkode1 breached Boerse Stuttgart Digital Exchange (BSDEX), extracting 890,000 user records via a zero-day exploit. RubiconH4ck is selling 34 million records from the U.S. Chamber of Commerce and 1TB of Pakistani government documents. Shinigami exploited an authentication bypass (CVE-2026-41940) in WHM to breach the Ontario College of Health & Technology and rayvisiondesign.com.

3. Initial Access Brokerage (IAB) & Vulnerabilities

Access to compromised networks and critical vulnerabilities are being traded openly:

RDP & Server Access: Actor XOverStm is a dominant IAB, selling RDP access to a Vietnamese interior design firm ($850) , a Saudi medical facility ($600) , and a French furniture company ($400). HighWayToShell is selling Active Directory Domain Admin access to a US Technology/SaaS company for $489 , while watari is selling Oracle Cloud VPS root access for demco.sa.
High-Value Exploits: Actors nighttt and LastNodemReal are selling an unpatched Boolean-based Blind SQL Injection vulnerability targeting the French government tax portal (impots.gouv.fr). The group LunarisSec claims responsibility for discovering this. Actor Xploitd is selling an exploit and scanner for a critical unauthenticated SQL injection (CVE-2026-42208) in LiteLLM Proxy.
Forged Law Enforcement Documents: Actor convince is selling highly sophisticated forged law enforcement documents (MLATs, subpoenas) designed to deceive companies like Apple, Google, and Meta for $500. They are also selling an exploit to bypass Emergency Data Request portals for $300.

4. Malware, Exploits, and Tool Distribution

The threat actor ZamanX has flooded cracking forums with an extensive array of malicious software, significantly lowering the barrier to entry for other cybercriminals:

Remote Access Trojans (RATs): Distributed cracked versions of Raton RAT and SpyNote X Pro v7.2.0.0 (Android RAT).
Credential & Crypto Crackers: Released BrutoHell Seed V.2 for brute-forcing cryptocurrency wallet seed phrases , DEnigma Cracker V2.0 for multi-chain wallet cracking , DeBank Account Cracker 2026 , and SMTP Heist 2025.
Exploitation Toolkits: Shared advanced web hacking tools including SQLMAP SKYNET Autonomous AI v1.2.0 , Router Scan v2.60 , and PDF/DOC exploit methodologies involving malicious VBA macros. They also released WhatsApp-spy v2.0, which utilizes a fake QR code disguised as “Bayiles” to hijack accounts , and forged UK driver’s license PSD templates.

5. Financial Fraud & Carding Operations

The carding ecosystem remains highly active, heavily facilitated by automated tools and established vendors:

ColdApollo (greens99): This actor is aggressively selling stolen payment data, including CVV records, Track 1 & 2 magnetic stripe dumps with PINs, and physical cloned cards. Their inventory targets institutions like Barclays Bank, Natixis Bank, CIBC, and the Commonwealth Bank of Australia.
Phishing & Gift Card Fraud: Actor Feusheh sells physical and digital gift cards (Amazon, Walmart, Steam, etc.) at a 50% discount, indicative of payment fraud. A coordinated ring is running a cryptocurrency advance-fee fraud scheme targeting Chinese USDT traders, utilizing a CVV validation tool called 9Check.me for credential harvesting.

6. Website Defacements

A steady stream of website defacements is occurring, driven primarily by ideologically motivated groups and mass-defacement scripts:

Zod & REYEXPLOIT: REYEXPLOIT conducted mass redefacements of Indonesian educational sites, including ilmiteknik.co.id and mediasmansaba.kadungrejo.com. Actor Zod similarly targeted platforms like ganiacademy.com , hoclanhdao.com , and macquulacademy.com.
Other Hacktivist Operations: The group BABAYO EROR SYSTEM (actor Mr.XycanKing) defaced SMAN 1 Semin and csmofferwall.csmdevelopers.com. TRASER SEC TEAM defaced the Papua New Guinea Department of Commerce website. QATAR911 mass-defaced do.quranic-arabic.org.

7. Massive Credential Harvesting and Combo Lists

The sheer volume of credential combo lists (email/username + password pairs) in circulation is staggering. These lists are actively used to fuel credential stuffing and account takeover (ATO) attacks.

7.1 The “Mega” Leaks (1 Million+ Records)

Daxus: Shared two massive URL:Log:Pass combolists containing 47.20 million and 93.38 million records.
Sauron: Leaked multiple vast datasets, including 4.6 million mixed country credentials , 1.7 million shopping-targeted records , 1.2 million Italian credentials , and 886,000 UHQ USA private credentials.
Prince1001: Leaked a 2 million record list , 885,000 targeting OneDrive , 625,000 targeting PayPal , 455,000 targeting X and PSN , and 360,000 targeting Instagram and Snapchat.
HQcomboSpace: Shared 1.187 million lines targeting Hotmail gaming and shopping accounts.
Leviathan: Leaked 1.3 million mixed credentials.

7.2 Geographically Targeted Combolists

Europe: Actor thejackal101 leaked lists for Germany (558,000) , Greece (59,000) , and Ireland (12,000). Elite123 shared lists for Germany (558,000) , Hungary (136,000) , and Greece (59,000). Maxleak shared Danish lists totaling over 251,000 records. MrCOMBOROBOA actively sells bulk targeted lists for Germany, France, and Italy.
Middle East & Asia: thejackal101 leaked 254,000 Indonesian records , 252,000 Indian records , and 28,000 Israeli records. Elite123 also released 28,000 Israeli records. Megatron leaked 140,000 Australian records.
Latin America: ImmanueKant leaked 780,000 Brazilian credentials. Megatron shared 205,000 Brazilian records.

7.3 Service-Targeted Leaks

Microsoft Hotmail / M365: Hotmail represents the most heavily targeted platform for smaller, “fresh” hit lists. Actors such as Ebbicloud , Sellix , MeiMisaki , alphaxdd , and WhiteMelly routinely dump validated Hotmail access logs.
Entertainment & Social Media: Ra-Zi leaked 200,000 credentials targeting Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify. Larry_Uchiha leaked mixed cookies for Steam, Netflix, OnlyFans, and Discord.

Conclusion

The sheer volume of compromised data and the professionalization of the tools used to extract it outline a highly volatile cyber landscape. Initial Access Brokers are creating pathways for larger ransomware or espionage operations, while the massive dumps of credential combo lists ensure that brute-force and credential-stuffing attacks remain a persistent, high-volume threat against enterprise environments worldwide. Notably, the leadership within these underground forums is aware of impending law enforcement actions, as evidenced by the BreachForums administrator (HasanBroker) announcing a mobilization to resist platform takedowns.

Detected Incidents Draft Data

Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor operating under the handle Ebbicloud is distributing a combo list advertised as containing 239 Hotmail credentials, marketed as fresh and fully valid. The post was shared on the AE forum under a combo list thread. No additional context or post content was available to verify the claims.
Date: 2026-05-03T23:58:53Z
Network: openweb
Published URL: https://altenens.is/threads/ringed-planet-239-hotmail-fresh-vip-100-valid-fire-ebbi_cloud.2933723/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list advertised as 100% valid
Category: Combo List
Content: A threat actor operating under the alias Ebbicloud is distributing a combo list of 290 Hotmail credentials, marketed as 100% valid. The post was shared on the AE forum under the combo list section. No further details about the origin or content of the credentials are available from the post.
Date: 2026-05-03T23:56:25Z
Network: openweb
Published URL: https://altenens.is/threads/ringed-planet-290-hotmail-premium-valid-100-valid-high-voltage-ebbi_cloud.2933724/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged combo list targeting Microsoft 365 Personal accounts
Category: Combo List
Content: A forum post on AE by threat actor Ebbicloud references a combo list targeting Microsoft 365 Personal accounts. No content was available in the post body, limiting further analysis. The named service is a credential-stuffing target and is not considered the breach victim.
Date: 2026-05-03T23:53:58Z
Network: openweb
Published URL: https://altenens.is/threads/m365_personal.2933725/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Universidad Tecnológica de la Sierra Hidalguense – 1,278 student records exposed
Category: Data Breach
Content: A data leak affecting Universidad Tecnológica de la Sierra Hidalguense (Technological University of Sierra Hidalguense) in Mexico has been disclosed. The breach exposes personal information for 1,278 individuals including full names, phone numbers (fixed and mobile), dates of birth, email addresses, CURP (Clave Única de Registro de Población – Mexican national ID number), sex, age, educational institution identifiers, campus information, disability status, financial aid information, and additional metadata. The threat actor claims responsibility under the handle MagoSpeak and provides contact information for inquiries.
Date: 2026-05-03T23:52:59Z
Network: telegram
Published URL: https://t.me/c/3764001014/111
Screenshots:
None
Threat Actors: MagoSpeak
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Universidad Tecnológica de la Sierra Hidalguense
Victim Site: Unknown
Alleged sharing of Microsoft 365 Family account credentials
Category: Combo List
Content: A forum post on AE – Combo List by user Ebbicloud advertises Microsoft 365 Family account credentials. No further details are available as the post content is empty. The named service represents a credential-stuffing target and is not the breach victim.
Date: 2026-05-03T23:51:33Z
Network: openweb
Published URL: https://altenens.is/threads/m365_family-accounts.2933726/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of mixed combo list with mail access credentials
Category: Combo List
Content: A threat actor operating under the alias WhiteMelly shared a mixed combo list containing approximately 5,000 lines advertised as providing mail access. The post was made on the AE forum under the combo list section. No additional details regarding the source, targeted services, or verification status of the credentials were available in the post content.
Date: 2026-05-03T23:49:08Z
Network: openweb
Published URL: https://altenens.is/threads/5k-mix-lines-mail-access.2933731/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of email credential combolists and account access
Category: Combo List
Content: Multiple threat actors advertising the sale of email credential combolists (email+password+cookies) for Hotmail, Yahoo, and access to various platforms including Amazon, Facebook, eBay, PayPal, and Kleinanzeigen. Sellers claim to have credentials from multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT, FR, MX, CA, SG) and offer private cloud access by week/month.
Date: 2026-05-03T23:47:29Z
Network: telegram
Published URL: https://t.me/c/2613583520/74918
Screenshots:
None
Threat Actors: _emanthy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Universidad Tecnológica de la Sierra – 1,994 student records exposed
Category: Data Leak
Content: MagoSpeak has leaked personal data of 1,994 individuals from Universidad Tecnológica de la Sierra (a Mexican technological university). The exposed dataset contains comprehensive PII including full names, phone numbers (fixed and mobile), email addresses, dates of birth, CURP (Mexican national ID number), sex, age, educational institution identifiers, campus information, and additional personal attributes. The threat actor is identified as MagoSpeak and is soliciting contact via Telegram.
Date: 2026-05-03T23:47:21Z
Network: telegram
Published URL: https://t.me/c/3764001014/109
Screenshots:
None
Threat Actors: MagoSpeak
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Universidad Tecnológica de la Sierra
Victim Site: Unknown
Alleged exposure of SMTP credentials for Near East University email account
Category: Data Leak
Content: A threat actor shared SMTP configuration credentials associated with a Near East University email account ([email protected]), including the SMTP host, authentication type, and plaintext password. The credentials are configured to use Gmails SMTP relay over SSL on port 465. No additional context regarding the origin or method of compromise was provided.
Date: 2026-05-03T23:24:38Z
Network: openweb
Published URL: https://breachforums.rs/Thread-NEAR-EAST-UN%C4%B0VERS%C4%B0TY-SMTP
Screenshots:
None
Threat Actors: karahanli31
Victim Country: Cyprus
Victim Industry: Education
Victim Organization: Near East University
Victim Site: neu.edu.tr
Sale of root access to compromised Oracle Cloud VPS belonging to demco.sa
Category: Initial Access
Content: A threat actor is offering for sale full root-level access to an Oracle Cloud VPS associated with demco.sa, a Saudi Arabia-based organization. The listing includes SSH root access, WHM/cPanel root, MySQL access, WordPress admin credentials for three accounts, and full DNS control. The seller is asking $450 negotiable, with payment accepted in Monero or Bitcoin, and provides a Session messenger ID and Telegram contact for communication.
Date: 2026-05-03T23:16:29Z
Network: openweb
Published URL: https://breached.st/threads/for-sale-fire-oracle-cloud-vps-demco-sa-cpanel-whm-root-access.86735/unread
Screenshots:
None
Threat Actors: watari
Victim Country: Saudi Arabia
Victim Industry: Unknown
Victim Organization: Demco
Victim Site: demco.sa
Alleged data leak of Aman Resorts Salesforce CRM database
Category: Data Leak
Content: A threat actor identified as xorcat claims to have extracted over 507,000 records from Aman Resorts Salesforce CRM platform, comprising approximately 254,000 Account records and 253,000 Contact records. The actor alleges exploitation of a misconfigured Salesforce REST API with weak token rotation, enabled bulk export endpoints, and absent rate-limiting to perform the extraction. The dataset is being distributed freely and purportedly contains full PII including names, addresses, phone numbers
Date: 2026-05-03T23:09:01Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Aman-com-FULL-PII-DUMP-%E2%80%93-254K-Accounts-253K-Contacts-%E2%80%93-Luxury-Travel-CRM-Owned
Screenshots:
None
Threat Actors: xorcat
Victim Country: Unknown
Victim Industry: Hospitality
Victim Organization: Aman Resorts
Victim Site: aman.com
Alleged data breach of Aman Resorts – 507,000 Salesforce CRM records leaked
Category: Data Breach
Content: Threat actor claims to have extracted 507,000+ records from Aman Resorts Salesforce CRM platform via exploited API vulnerabilities. Compromised data includes 254,000+ account records and 253,000+ contact records containing guest profiles, PII (names, birthdates, addresses, phone numbers, emails), VIP classifications, revenue metrics, and contractual data. Exploitation leveraged weak Salesforce token rotation, enabled bulk export endpoints, zero rate-limiting, and misconfigured sharing rules.
Date: 2026-05-03T23:08:54Z
Network: telegram
Published URL: https://t.me/c/3793980891/3279
Screenshots:
None
Threat Actors: Unknown
Victim Country: United States
Victim Industry: Hospitality/Luxury Travel
Victim Organization: Aman Resorts
Victim Site: aman.com
Alleged sale of spam and phishing courses for financial fraud
Category: Phishing
Content: User Raysp0my is offering courses on bank spamming, Facebook spamming, credit card spamming, and Office365 spamming. These are malicious courses designed to facilitate phishing attacks, credential harvesting, and financial fraud against banking systems and enterprise platforms.
Date: 2026-05-03T22:58:36Z
Network: telegram
Published URL: https://t.me/c/2613583520/74898
Screenshots:
None
Threat Actors: Raysp0my
Victim Country: Unknown
Victim Industry: Financial services, technology
Victim Organization: Unknown
Victim Site: Unknown
Alleged breach with 60,000 lines of full CC/fullz data
Category: Data Breach
Content: Threat actor @xorcat claims to have breached a target and obtained 60,000 lines of full credit card data (fullz). The actor mentions a vulnerability was exploited in the breach and is offering the full dataset to interested parties via direct message.
Date: 2026-05-03T22:47:09Z
Network: telegram
Published URL: https://t.me/c/3793980891/3278
Screenshots:
None
Threat Actors: xorcat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of doxing tool for targeted information and data search
Category: Data Breach
Content: A threat actor operating under the alias sxxone is advertising a doxing tool on a cybercrime forum, claiming it enables targeted information and data searches. The seller directs interested parties to a Telegram contact (@axe_ads) and references an escrow service for transactions. No specific victim organization or data volume is disclosed in the post.
Date: 2026-05-03T22:44:44Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-Tools-Software-Doxing-Targeted-Information-Data-Search
Screenshots:
None
Threat Actors: sxxone
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Iranian VPS, VDS, and bare metal servers for anonymization and tunneling
Category: Initial Access
Content: A threat actor operating under the alias FastAttacker is offering Iranian VPS, VDS, and bare metal servers for sale via Telegram, with minimum specs including 2 vCPUs, 4GB RAM, and 70GB SSD, primarily located in Tehran. The seller explicitly markets these services for tunneling, bypassing geo-restrictions, and access to Iranian websites, while acknowledging the services may be suspended if malicious activity is detected. Plans are advertised as short-term, typically under one month, with pricing
Date: 2026-05-03T22:44:08Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-Iran-VPS-VDS-bare-metal-servers-available-for-sale
Screenshots:
None
Threat Actors: FastAttacker
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Psycho-Prat including student records and source code
Category: Data Leak
Content: A threat actor using the handle Spirigatito has leaked a 55 GB archive allegedly belonging to Psycho-Prat, described as an educational platform. The dataset purportedly includes student personal documents (national IDs, passports, IBANs, diplomas), photos of students and teachers, course materials, account and connection logs, and the complete platform source code totaling 85,424 files. The content is made available behind a points-based paywall on the forum, with two samples provided.
Date: 2026-05-03T22:41:36Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Psycho-Prat-Database-Source-Code-Leaked-Download
Screenshots:
None
Threat Actors: Spirigatito
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Psycho-Prat
Victim Site: Unknown
Alleged sale of fresh Hotmail credential combolists
Category: Data Breach
Content: A threat actor operating under the alias mk2clode is selling daily fresh Hotmail and mixed email credential combolists described as private with no duplicates. Subscriptions are offered on a tiered pricing model ranging from $10 for a 3-day trial to $45 for one month. The actor advertises the combolists as suitable for any target and directs buyers to contact via Telegram handle @drmux_mk2.
Date: 2026-05-03T22:40:19Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%98%81%EF%B8%8F-mk2-cloud-fresh-hotmail-mail-access-full-private-%F0%9F%92%8E-298551
Screenshots:
None
Threat Actors: mk2clode
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of German email credential combolist
Category: Data Leak
Content: A threat actor operating under the alias ShroudX has shared an alleged high-quality German email:password combolist on the NulledBB cracking forum. The file, titled HQ GERMANY EMAILPASS COMBOLIST @SHROUD20.txt, appears to be freely distributed. No specific victim organization or record count has been identified due to lack of post content.
Date: 2026-05-03T22:40:14Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-GERMANY-EMAILPASS-COMBOLIST-SHROUD20-txt–2290278
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Polish email and password combolist
Category: Data Leak
Content: A threat actor known as ShroudX has shared a combolist of Polish email address and password combinations on the NulledBB cracking forum. The credential list, referenced as HQ POLAND EMAILPASS COMBOLIST, targets Polish internet users and has been made available for free. No specific victim organization or record count has been identified from the available information.
Date: 2026-05-03T22:39:53Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-POLAND-EMAILPASS-COMBOLIST-SHROUD20-txt–2290279
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Russian email and password combolist
Category: Data Leak
Content: A threat actor operating under the alias ShroudX has shared an alleged email and password combolist targeting Russian users on the Nulled cybercrime forum. The post, titled HQ RUSSIA EMAILPASS COMBOLIST, suggests the credential list is being made available for free download. No further details regarding the source, record count, or affected organizations are available.
Date: 2026-05-03T22:39:33Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-RUSSIA-EMAILPASS-COMBOLIST-SHROUD20-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of AWS Amazon SMTP services for spam campaigns
Category: Initial Access
Content: A threat actor operating under the alias office_365shop is selling AWS Amazon SMTP accounts with high daily sending limits, advertising them as fully warmed up and capable of bypassing spam filters to reach inboxes across all domains. The service is marketed explicitly for spamming purposes and includes an inbox test before purchase. Contact is facilitated via Telegram channels.
Date: 2026-05-03T22:38:41Z
Network: openweb
Published URL: https://demonforums.net/Thread-AWS-Amazon-SMTP-100-Inbox-To-All-Domains-High-Sending-Limit
Screenshots:
None
Threat Actors: office_365shop
Victim Country: Unknown
Victim Industry: Cloud Services
Victim Organization: Amazon Web Services
Victim Site: aws.amazon.com
Alleged leak of multi-platform credential combolist targeting Netflix, Minecraft, Steam, and other services
Category: Combo List
Content: A threat actor known as Ra-Zi has made available a claimed 190,000-entry combolist containing email:password and user:password credentials targeting multiple platforms including Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify. The post includes a free download link requiring forum registration, alongside promotion of a Telegram channel and a cracking-focused website. The actor also advertises paid high-quality combolists by geographic region via Telegram handle @KOCsupport.
Date: 2026-05-03T22:38:35Z
Network: openweb
Published URL: https://demonforums.net/Thread-190k-Fresh-HQ-Combolist-Email-Pass-Netflix-Minecraft-Uplay-Steam-Hulu-spotify–202721
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Entertainment and Gaming
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of URL:Log:Pass credential combolist containing 47.20 million records
Category: Data Leak
Content: A threat actor operating under the alias DaxusULP has made available a URL:LOG:PASS combolist containing approximately 47.20 million credential pairs on the XForums cybercrime forum. The data is associated with the Daxus.pro service, which also operates via Telegram channels @Daxusportal and @DaxusProBot. No specific victim organization or country has been identified, suggesting this is an aggregated credential list likely compiled from multiple sources.
Date: 2026-05-03T22:37:16Z
Network: openweb
Published URL: https://xforums.st/threads/url-log-pass-47-20-m-daxus-pro-uhq.612239/
Screenshots:
None
Threat Actors: DaxusULP
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 2 million email credentials combolist
Category: Data Leak
Content: A threat actor operating under the alias Prince1001 has made available a combolist containing approximately 2 million email and password combinations on the AE forum. The post claims the credential list is fresh, high quality, and suitable for use against multiple targets. No specific victim organization or origin of the data has been identified.
Date: 2026-05-03T22:36:24Z
Network: openweb
Published URL: https://altenens.is/threads/star-2-000-000-star-mailpass-high-voltageuhq-database-good-for-all-target-high-voltage-fresh-data.2933668/unread
Screenshots:
None
Threat Actors: Prince1001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 360,000 Instagram and Snapchat credentials
Category: Data Leak
Content: A threat actor operating under the alias Prince1001 has made available a combolist of approximately 360,000 email and password combinations on the AE forum. The credentials are claimed to be fresh and of high quality, specifically suited for account takeover attempts targeting Instagram and Snapchat platforms. The post does not indicate a specific source organization or breach origin.
Date: 2026-05-03T22:34:06Z
Network: openweb
Published URL: https://altenens.is/threads/star-360-000-star-mailpass-high-voltageuhq-database-good-for-instagram-and-snap-chathigh-voltage-fresh-data.2933669/unread
Screenshots:
None
Threat Actors: Prince1001
Victim Country: Unknown
Victim Industry: Social Media
Victim Organization: Instagram, Snapchat
Victim Site: instagram.com, snapchat.com
Alleged leak of 625,000 email credentials combolist targeting PayPal and streaming services
Category: Data Leak
Content: A threat actor operating under the alias Prince1001 has made available a combolist of approximately 625,000 email and password combinations on the AE forum. The credential list is described as UHQ (ultra-high quality) and fresh, with the author claiming it is particularly effective for unauthorized access to PayPal accounts and streaming service platforms. No specific victim organization or country of origin has been identified.
Date: 2026-05-03T22:31:39Z
Network: openweb
Published URL: https://altenens.is/threads/star-625-000-star-mailpass-high-voltageuhq-database-good-for-paypal-and-streaming-high-voltage-fresh-data.2933671/unread
Screenshots:
None
Threat Actors: Prince1001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 885,000 email credentials combolist targeting OneDrive accounts
Category: Data Leak
Content: A threat actor on the AE forum has made available a combolist of approximately 885,000 email and password combinations, claimed to be valid for Microsoft OneDrive account access. The post describes the data as UHQ (ultra-high quality) and fresh, suggesting recently harvested or verified credentials. No price was mentioned, indicating the combolist is being freely shared.
Date: 2026-05-03T22:29:17Z
Network: openweb
Published URL: https://altenens.is/threads/star-885-000-star-mailpass-high-voltageuhq-database-good-for-one-drive-high-voltage-fresh-data.2933672/unread
Screenshots:
None
Threat Actors: Prince1001
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft OneDrive
Victim Site: onedrive.live.com
Alleged leak of 455,000 email credentials combolist targeting X and PSN platforms
Category: Data Leak
Content: A threat actor operating under the alias Prince1001 has made available an alleged combolist of 455,000 email and password combinations on the AE forum. The post claims the credential list is of high quality and suitable for credential stuffing attacks against X (formerly Twitter) and PlayStation Network (PSN) accounts. No specific victim organization or breach source has been identified.
Date: 2026-05-03T22:27:00Z
Network: openweb
Published URL: https://altenens.is/threads/star-455-000-star-mailpass-high-voltageuhq-database-good-for-x-and-psnhigh-voltage-fresh-data.2933670/unread
Screenshots:
None
Threat Actors: Prince1001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Compromised RDP Access in the United States
Category: Initial Access
Content: A threat actor operating under the alias noonesxx1 on the AE – Hosting forum has posted a thread titled RDP USA FULL HACKED, suggesting the availability of compromised Remote Desktop Protocol (RDP) access to systems located in the United States. No additional details regarding the number of affected systems, specific organizations, or pricing were available in the post content.
Date: 2026-05-03T22:23:40Z
Network: openweb
Published URL: https://altenens.is/threads/rdp-usa-full-hacked.2933660/unread
Screenshots:
None
Threat Actors: noonesxx1
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of fresh database access and compromised accounts across UK, DE, JP, NL, BR, PL, ES, US, IT and other countries
Category: Combo List
Content: Threat actor claiming to have fresh database access and compromised accounts from multiple countries including UK, Germany, Japan, Netherlands, Brazil, Poland, Spain, US, and Italy. Offering access to accounts on platforms including eBay, OfferUp, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Amazon, Mercari, Kleinanzeigen, and Neosurf. Claims to have private cloud infrastructure with valid webmail access. Soliciting direct messages for specific requests.
Date: 2026-05-03T21:57:13Z
Network: telegram
Published URL: https://t.me/c/2613583520/74868
Screenshots:
None
Threat Actors: Num
Victim Country: Unknown
Victim Industry: E-commerce, Payment Services, Gaming, Travel, Social Commerce
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Lombok Toto Slot Platform Member Database
Category: Data Breach
Content: A threat actor operating under the alias Mr. Hanz Xploit has allegedly obtained and is sharing a member database belonging to Lombok Toto, an online slot gambling platform likely based in Indonesia. The post content is minimal, providing limited technical details about the scope or nature of the data. The exact number of records and specific data fields contained within the database remain unknown.
Date: 2026-05-03T21:54:49Z
Network: openweb
Published URL: https://breached.st/threads/database-member-slot-lombok-toto.86731/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Indonesia
Victim Industry: Online Gambling
Victim Organization: Lombok Toto
Victim Site: Unknown
Alleged Data Leak of Brazilian Agro Industry CPFs, Emails, and SMTP Credentials
Category: Data Leak
Content: A threat actor known as Shinigami has freely shared a partial SQL database dump containing Brazilian CPF numbers linked to email addresses and personal names, sourced from what appears to be the agricultural industry. The leak includes records associated with multiple organizations such as Agroterra and Grupoprodutec, along with plaintext SMTP credentials for a Gmail account. The data includes both structured personal identity records and exposed email server configuration credentials.
Date: 2026-05-03T21:52:47Z
Network: openweb
Published URL: https://breached.st/threads/brazil-leak-cpfs-linked-to-emails-names-agro-industry.86734/unread
Screenshots:
None
Threat Actors: Shinigami
Victim Country: Brazil
Victim Industry: Agriculture
Victim Organization: Unknown
Victim Site: agroterra.agr.br
Alleged promotion of no-KYC cryptocurrency payment processor service on cybercrime forum
Category: Carding
Content: A threat actor operating under the alias TrixDev is advertising WolvPay.com, a cryptocurrency payment processing service marketed on a cybercrime forum. The service promotes no KYC requirements, no merchant bans, instant fund withdrawals to personal wallets, and free website integration via Discord. Such services are commonly used to facilitate anonymous financial transactions associated with illicit activities.
Date: 2026-05-03T21:23:08Z
Network: openweb
Published URL: https://patched.to/Thread-wolvpay-com-%F0%9F%94%92-safe-crypto-payment-processor-%E2%9C%85-no-kyc-%E2%9C%85-no-bans-%E2%9C%85-no-funds-held-%E2%9C%851
Screenshots:
None
Threat Actors: TrixDev
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: WolvPay
Victim Site: wolvpay.com
Alleged distribution of proxy list for credential stuffing tool (Nexus Checker)
Category: Data Leak
Content: A threat actor operating under the alias pratyus3er2 has shared a free proxy list intended for use with the Nexus Checker credential stuffing tool on the forum patched.to. The post advertises high checks-per-minute (CPM) performance and requires no license key. The content is hidden behind a login/registration wall, restricting access to registered forum members.
Date: 2026-05-03T21:23:02Z
Network: openweb
Published URL: https://patched.to/Thread-gaming-%E2%98%84%EF%B8%8F%E2%AD%90-proxy-%E2%AD%90-nexus-checker-proxies%E2%AD%90-high-cpm-%E2%AD%90%E2%98%84%EF%B8%8F
Screenshots:
None
Threat Actors: pratyus3er2
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Minecraft account checker tool (MCChecker)
Category: Data Leak
Content: A threat actor on a cracking forum has made available a Minecraft account checker tool called MCChecker. The tool supports multi-threading, automatic proxy downloading, HTTP/SOCKS proxy support, and Microsoft account checking, enabling users to validate compromised Minecraft credentials at scale. The tool has been rated as working by multiple users on the forum.
Date: 2026-05-03T21:22:34Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-mcchecker-minecraft-account-checker
Screenshots:
None
Threat Actors: XSTON
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Minecraft / Microsoft
Victim Site: minecraft.net
Alleged leak of 470,000 French user credentials across multiple platforms
Category: Data Leak
Content: A threat actor known as Kenz has freely shared a combolist containing approximately 470,000 credential pairs targeting French users across multiple platforms including Netflix, Orange, Steam, Ubisoft uPlay, Minecraft, MyCanal, and various music and dating services. The content is hosted behind a registration wall on the forum patched.to. The actor stated that likes and reputation points motivate further leaks.
Date: 2026-05-03T21:22:26Z
Network: openweb
Published URL: https://patched.to/Thread-470k-france-hq-combolist-music-dating-mycanal-netflix-uplay-orange-minecraft-steam
Screenshots:
None
Threat Actors: Kenz
Victim Country: France
Victim Industry: Multiple (Entertainment, Telecommunications, Gaming)
Victim Organization: Multiple (Netflix, Orange, Steam, Ubisoft, Minecraft, MyCanal, and others)
Victim Site: Unknown
Alleged leak of URL:Login:Password combolist shared on cybercrime forum
Category: Data Leak
Content: A threat actor operating under the alias ZAMPARA has shared what is claimed to be a fresh private combolist containing URL, login, and password combinations on a cybercrime forum. The full content is hidden behind a registration or login requirement, limiting visibility into the scope and specifics of the leak. The targeted organizations, victim countries, and total record count remain unknown.
Date: 2026-05-03T21:22:04Z
Network: openweb
Published URL: https://patched.to/Thread-fresh-url-login-pass-private-298431
Screenshots:
None
Threat Actors: ZAMPARA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Steam account checker tool with credential validation capabilities
Category: Data Leak
Content: A threat actor has made available an open-source Steam account checker tool with a graphical user interface on a cracking forum. The tool is capable of validating Steam credentials, detecting 2FA and VAC-banned accounts, capturing owned games and playtime, and retrieving wallet balances. It includes proxy support, Discord webhook integration, and a multi-threaded FastAPI backend, indicating it is designed for large-scale credential stuffing or account takeover operations against Steam users.
Date: 2026-05-03T21:21:49Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9C%A8-steam-account-checker-%E2%9C%A8-%E2%9C%85-open-source-%E2%9C%85
Screenshots:
None
Threat Actors: GCrafter7003
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Steam
Victim Site: store.steampowered.com
Alleged Steam Account Checker Tool Shared on Cracking Forum
Category: Carding
Content: A threat actor known as Manji has shared a Steam account checker tool with proxy support on a cracking forum. The tool is designed to validate stolen Steam credentials and is offered as a free download. The author advises users to run the tool inside a virtual machine or RDP, suggesting potential malicious or dual-use capabilities.
Date: 2026-05-03T21:21:21Z
Network: openweb
Published URL: https://patched.to/Thread-non-auth-steam-checker-with-proxy
Screenshots:
None
Threat Actors: Manji
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Steam (Valve Corporation)
Victim Site: store.steampowered.com
Alleged leak of mixed SMTP credentials
Category: Data Leak
Content: A threat actor known as Sauron has made available a collection of approximately 9,000 mixed SMTP credentials on a leak forum. The post is hidden behind a registration or login requirement, limiting full visibility into the scope and origin of the data. SMTP credentials can be used for spam campaigns, phishing operations, or unauthorized email relay abuse.
Date: 2026-05-03T21:20:48Z
Network: openweb
Published URL: https://leakforum.io/Thread-9K-Mixed-SMTP
Screenshots:
None
Threat Actors: Sauron
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Zoho SMTP credentials
Category: Data Leak
Content: A threat actor known as Sauron has made available approximately 14,000 Zoho SMTP credentials on a leak forum. The post is hidden behind a login/registration wall, limiting full visibility into the data. The leak likely contains email credentials or SMTP configuration details associated with Zoho accounts.
Date: 2026-05-03T21:20:24Z
Network: openweb
Published URL: https://leakforum.io/Thread-14K-Zoho-SMTP
Screenshots:
None
Threat Actors: Sauron
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Zoho
Victim Site: zoho.com
Alleged leak of Greek email credential combolist
Category: Combo List
Content: A threat actor operating under the alias thejackal101 has shared a combolist containing approximately 59,000 email:password credential pairs associated with Greece on the DemonForums cybercrime forum. The list is described as fresh and high quality, suggesting recently harvested or validated credentials. Additional credential content is promoted via a Telegram channel (t.me/elite_cloud1).
Date: 2026-05-03T21:19:21Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-Email-%E2%9C%AA-Password-%E2%9C%AA-59-K-%E2%9C%AA-Combo-%E2%9C%AA-Greece-%E2%9C%AA-4-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Greece
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hungarian email credential combolist
Category: Data Leak
Content: A threat actor operating under the alias Elite123 has made available a combolist of approximately 136,000 email:password credential pairs allegedly associated with Hungarian users. The list is described as fresh and high quality, suggesting recently obtained or validated credentials. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-03T21:19:05Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%AA-Email-%E2%9C%AA-Password-%E2%9C%AA-136-K-%E2%9C%AA-Combo-%E2%9C%AA-Hungary-%E2%9C%AA-4-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: Elite123
Victim Country: Hungary
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Greek credential combolist containing 59,000+ email:password pairs
Category: Data Leak
Content: A threat actor operating under the alias Elite123 has made available a combolist of approximately 59,000 email:password credential pairs allegedly associated with Greek users. The post is dated May 4, 2026, and the content is described as FRESH and HQ (high quality). The combolist is accessible to registered members of the forum via hidden content.
Date: 2026-05-03T21:18:41Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%AA-Email-%E2%9C%AA-Password-%E2%9C%AA-59-K-%E2%9C%AA-Combo-%E2%9C%AA-Greece-%E2%9C%AA-4-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: Elite123
Victim Country: Greece
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Israeli email credentials combolist
Category: Combo List
Content: A threat actor operating under the alias thejackal101 has shared a combolist of approximately 28,000 email:password credential pairs allegedly associated with Israeli users on the DemonForums cybercrime forum. The post is dated May 4, 2026, and the credentials are described as fresh and high quality. The actor also directs users to a Telegram channel for additional credential logs.
Date: 2026-05-03T21:18:24Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-Email-%E2%9C%AA-Password-%E2%9C%AA-28-K-%E2%9C%AA-Combo-%E2%9C%AA-Israel-%E2%9C%AA-4-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Israeli credential combolist
Category: Data Leak
Content: A threat actor known as Elite123 has made available a combolist of approximately 28,000 email and password credential pairs allegedly associated with Israeli users. The list is described as fresh and high quality and was shared on a leak forum on May 4, 2026. No specific victim organization or source has been identified.
Date: 2026-05-03T21:18:18Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%AA-Email-%E2%9C%AA-Password-%E2%9C%AA-28-K-%E2%9C%AA-Combo-%E2%9C%AA-Israel-%E2%9C%AA-4-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: Elite123
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Irish email credential combolist
Category: Combo List
Content: A threat actor operating under the alias thejackal101 has made available a combolist containing over 12,000 email and password credential pairs allegedly associated with Irish users. The post, dated May 4, 2026, describes the content as fresh and high quality and is hosted behind a registration wall on a cybercrime forum. The actor also promotes a Telegram channel for additional credential logs.
Date: 2026-05-03T21:17:41Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-Email-%E2%9C%AA-Password-%E2%9C%AA-12-K-%E2%9C%AA-Combo-%E2%9C%AA-Ireland-%E2%9C%AA-4-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Ireland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of SQL Injection Exploit and Scanner Targeting LiteLLM Proxy (CVE-2026-42208)
Category: Initial Access
Content: A threat actor on BreachForums is selling an exploit and scanner script targeting CVE-2026-42208, a critical unauthenticated SQL injection vulnerability in LiteLLM Proxy. The flaw exists in the proxys API key verification step, allowing attackers to read and modify the proxys database, including API keys, virtual and master keys, and environment secrets, by sending a specially crafted Authorization header. The package includes exploit source code, an exploitation procedure, and FOFA dorks for
Date: 2026-05-03T21:09:44Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SOURCE-CODE-LiteLLM-Proxy-SQL-Injection-Exploit-Scanner
Screenshots:
None
Threat Actors: Xploitd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: LiteLLM
Victim Site: litellm.ai
Alleged leak of mixed domain credentials combolist
Category: Data Leak
Content: A threat actor operating under the alias VegaM has made available a combolist containing approximately 89,000 valid credentials spanning mixed domains on the forum AE – Combo List. The combolist appears to be a collection of email and password combinations from various sources. No specific victim organization or targeted industry has been identified.
Date: 2026-05-03T20:54:58Z
Network: openweb
Published URL: https://altenens.is/threads/89k-valid-mixed-domains-combolist.2933645/unread
Screenshots:
None
Threat Actors: VegaM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Data Leak
Content: A threat actor on the AE forum shared a combolist containing 600 allegedly valid Hotmail credentials. The post claims the credentials are fresh and valid. No additional details are available as the post content was not captured.
Date: 2026-05-03T20:52:34Z
Network: openweb
Published URL: https://altenens.is/threads/sparkles-600x-fresh-hotmail-valid-sparkles.2933650/unread
Screenshots:
None
Threat Actors: Sellix
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Data Breach of Canada Goose Exposing 583,000 Customer Records
Category: Data Breach
Content: In February 2026, threat actor ShinyHunters allegedly breached CanadaGoose.com, exposing data on over 583,000 unique users. The leaked database dump contains extensive e-commerce and personal information including names, email addresses, phone numbers, billing and shipping addresses, browser IPs, and partial payment details such as credit card company and last four digits. The data also includes detailed order and checkout records with transaction values, product details, and customer identifier
Date: 2026-05-03T20:31:50Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Canada-Goose-583K
Screenshots:
None
Threat Actors: [Mod] Tanaka
Victim Country: Canada
Victim Industry: Retail & E-Commerce
Victim Organization: Canada Goose
Victim Site: canadagoose.com
Alleged leak of Vidar Stealer logs targeting German users
Category: Logs
Content: A threat actor known as BigTuna has made available 250 Vidar Stealer logs allegedly collected from German victims running Windows Server 2019 with Firefox 121.x. The logs include credentials, cookies, and autofill data. The content is hosted on a Tor-based infrastructure and is accessible to forum members upon reply or account upgrade.
Date: 2026-05-03T20:30:38Z
Network: openweb
Published URL: https://darkforums.su/Thread-ULP-FREE-Vidar-Stealer-250-logs-DE
Screenshots:
None
Threat Actors: BigTuna
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Portugals National Cinema Plan (pnc.gov.pt) Government Database
Category: Data Leak
Content: A threat actor using the handle vicmeow has allegedly leaked a database associated with pnc.gov.pt, the official website of Portugals Plano Nacional de Cinema, a government initiative promoting film education in schools. The data has been made available for free download via an external file-sharing link. The affected organization operates under the collaboration of Portugals ministries of Culture, Youth and Sport, and Education, Science and Innovation.
Date: 2026-05-03T20:28:24Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-pnc-gov-pt-government-initiative-promoting-film-education
Screenshots:
None
Threat Actors: vicmeow
Victim Country: Portugal
Victim Industry: Government
Victim Organization: Plano Nacional de Cinema (National Cinema Plan)
Victim Site: pnc.gov.pt
Alleged Data Leak of tyleia.ae UAE Website Database and Source Code
Category: Data Leak
Content: A threat actor operating under the alias Anonymous2090 has freely distributed a database dump and full source code allegedly stolen from the UAE-based website tyleia.ae. The leaked data includes WordPress user credentials (hashed passwords), user metadata, Elementor API tokens, Google Site Kit OAuth access and refresh tokens, and administrative email addresses. The actor claims the WordPress control panel was taken down and the website was subsequently deleted and taken offline.
Date: 2026-05-03T20:27:45Z
Network: openweb
Published URL: https://darkforums.su/Thread-tyleia-ae-UAE-website-Free-leak-2026
Screenshots:
None
Threat Actors: Anonymous2090
Victim Country: United Arab Emirates
Victim Industry: Unknown
Victim Organization: Tyleia TCO
Victim Site: tyleia.ae
Alleged sale of email credential combolists and account access (Hotmail, Yahoo, Amazon, Facebook, eBay, PayPal)
Category: Combo List
Content: Threat actor _emanthy is selling credential combolists containing email addresses, passwords, and cookies for multiple platforms including Hotmail, Yahoo, Amazon, Facebook, eBay, PayPal, and Kleinanzeigen. Seller claims to provide credentials from various geographic regions (EU, USA, Germany, MIX) and corporate accounts. Also offers cloud access on weekly/monthly basis with custom keyword targeting.
Date: 2026-05-03T20:27:07Z
Network: telegram
Published URL: https://t.me/c/2613583520/74835
Screenshots:
None
Threat Actors: _emanthy
Victim Country: Unknown
Victim Industry: Multiple (email providers, e-commerce, payment platforms)
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 140,000 Australian credentials combolist
Category: Combo List
Content: A threat actor known as Megatron has shared an alleged combolist containing approximately 140,000 credential pairs purportedly associated with Australian users. The content is hidden behind a reply-gate, requiring forum engagement to access the download. The post claims the data is high-quality and fresh, though the source organization or breach origin is not disclosed.
Date: 2026-05-03T20:23:33Z
Network: openweb
Published URL: https://pwnforums.st/Thread-140K-AUSTRALIA-HQ-Fresh-Combolist
Screenshots:
None
Threat Actors: Megatron
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Brazilian credential combolist
Category: Combo List
Content: A threat actor known as Megatron has made available a combolist of approximately 205,000 credential pairs allegedly associated with Brazilian users on a cybercrime forum. The content is described as UHQ (ultra-high quality), suggesting a high validity rate of the credentials. The combolist is gated behind a reply requirement, a common forum engagement tactic.
Date: 2026-05-03T20:22:56Z
Network: openweb
Published URL: https://pwnforums.st/Thread-205K-BRAZIL-UHQ-Combolist
Screenshots:
None
Threat Actors: Megatron
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of i-Run (i-run.fr) French sports retailer
Category: Data Breach
Content: A threat actor known as lowiq is selling an alleged database dump from i-run.fr, a French online sports retailer specializing in running and endurance gear. The dataset reportedly contains 1,223,520 records including first and last names, email addresses, dates of birth, physical addresses, postal codes, cities, and mobile phone numbers. The seller is asking $400 and can be contacted via Telegram.
Date: 2026-05-03T20:16:40Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-i-Run-i-run-fr-1-223-520
Screenshots:
None
Threat Actors: lowiq
Victim Country: France
Victim Industry: Retail
Victim Organization: i-Run
Victim Site: i-run.fr
Alleged sale of German email credential combolist
Category: Combo List
Content: A threat actor operating under the handle MrCOMBOROBOA is selling a combolist of approximately 6,300 German email address and password combinations on a cybercrime forum. The actor also advertises bulk credential lists by country and industry at tiered pricing, ranging from $30 for 100,000 records to $300 for 10 million records. The actor promotes a Telegram channel and a private combo group with subscription-based access.
Date: 2026-05-03T20:12:53Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-6-3k-GERMANY-MAILS-ACCESS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of multi-country email credential combolists totaling 32,900 records
Category: Combo List
Content: A threat actor operating under the alias MrCOMBOROBOA is selling combolists containing email and password credentials from Germany, France, Italy, and the United States, totaling approximately 32,900 records. The actor also advertises larger credential packages ranging from 100,000 to 10 million records at tiered pricing, as well as category-specific combolists for gaming and shopping. The actor promotes their services via a Telegram channel and a paid private combo group with subscription tie
Date: 2026-05-03T20:12:15Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-32-9k-DE-FR-IT-USA-COMBO-MAILS-ACCESS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Multiple
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of multi-country email credential combolists totaling 35,900 records
Category: Combo List
Content: A threat actor operating under the alias MrCOMBOROBOA is selling combolists containing email and password credentials sourced from Germany, France, Italy, and the United States, with an advertised count of approximately 35,900 records. The actor offers tiered access to a private combo group at prices ranging from $50 per week to $500 for lifetime access, as well as bulk credential lists by category (gaming, shopping) at varying price points. The actor also promotes a Telegram channel for free
Date: 2026-05-03T20:11:38Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-35-9k-DE-FR-IT-USA-COMBO-MAILS-ACCESS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Indian credential combolist with 252,000+ records
Category: Data Leak
Content: A threat actor operating under the alias thejackal101 has made available a credential combolist allegedly containing over 252,000 email and password pairs associated with Indian users. The combolist, dated May 4, 2026, is described as FRESH and HQ, suggesting recently harvested or validated credentials. No specific victim organization or source has been identified.
Date: 2026-05-03T20:11:28Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-Email-%E2%9C%AA-Password-%E2%9C%AA-252-K-%E2%9C%AA-Combo-%E2%9C%AA-India-%E2%9C%AA-4-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist targeting Germany, France, Italy, and United States users
Category: Combo List
Content: A threat actor known as MrCOMBOROBOA has made available a combolist containing approximately 22,500 email and password combinations targeting users from Germany, France, Italy, and the United States. The post was shared on DemonForums in the combolists section. No specific organization or service is identified as the source of the leaked credentials.
Date: 2026-05-03T20:10:58Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-22-5k-DE-FR-IT-USA-COMBO-MAILS-ACCESS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German email credential combolist
Category: Data Leak
Content: A threat actor known as Elite123 has made available a combolist of approximately 558,000+ email:password credential pairs allegedly associated with German users. The combolist is described as fresh and high quality and was shared on a leak forum on May 4, 2026. No specific victim organization or source has been identified.
Date: 2026-05-03T20:10:00Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%AA-Email-%E2%9C%AA-Password-%E2%9C%AA-558-K-%E2%9C%AA-Combo-%E2%9C%AA-Germany-%E2%9C%AA-4-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: Elite123
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German credential combolist containing 558,000 email:password pairs
Category: Combo List
Content: A threat actor operating under the handle thejackal101 has made available a combolist containing approximately 558,000 email:password credential pairs associated with Germany. The content is described as FRESH and HQ (high quality), suggesting recently harvested or validated credentials. The post references a Telegram channel (t.me/elite_cloud1) for additional credential lists, indicating an ongoing distribution operation.
Date: 2026-05-03T20:09:50Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-Email-%E2%9C%AA-Password-%E2%9C%AA-558-K-%E2%9C%AA-Combo-%E2%9C%AA-Germany-%E2%9C%AA-4-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Indonesian email credential combolist
Category: Combo List
Content: A threat actor operating under the alias thejackal101 has made available a combolist of approximately 254,000 email:password credential pairs allegedly associated with Indonesian users on the DemonForums cybercrime forum. The post describes the content as fresh and high quality, with no specific victim organization identified. The actor also promotes an associated Telegram channel for additional credential logs.
Date: 2026-05-03T20:09:09Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-Email-%E2%9C%AA-Password-%E2%9C%AA-254-K-%E2%9C%AA-Combo-%E2%9C%AA-Indonesia-%E2%9C%AA-4-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Forged Law Enforcement Documents and Portal Bypass Toolkit
Category: Initial Access
Content: A threat actor operating under the alias convince is selling a toolkit of forged law enforcement documents including seizure warrants, MLAT requests, and subpoenas for $500 in Monero. The kit includes pixel-perfect forgeries designed to deceive compliance teams at major tech companies such as Apple, Google, and Meta, as well as domain registries, into releasing private user data or locking accounts. The offering also includes a spoofed law enforcement email address and step-by-step instruction
Date: 2026-05-03T20:04:01Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-HIGH-END-LEA-PORTAL-BYPASS-SEIZURE-WARRANTS-MLAT-SUBPOENAS–188030
Screenshots:
None
Threat Actors: convince
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Apple, Google, Meta
Victim Site: Unknown
Alleged Sale of Law Enforcement Emergency Data Request Bypass Exploit Targeting Major Social Platforms
Category: Initial Access
Content: A threat actor operating under the alias convince is selling a claimed exploit method for $300 that allegedly bypasses law enforcement email verification requirements on major social platforms emergency data request portals. The method purportedly leverages public government infrastructure to fraudulently impersonate law enforcement agents, enabling extraction of subscriber data, IP logs, login history, and private messages. The offering also includes forged court orders and seizure warrants
Date: 2026-05-03T20:00:37Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-THE-GHOST-DISCLOSURE-EXPLOIT-NO-LEA-EMAIL-REQUIRED-2026-PRIVATE
Screenshots:
None
Threat Actors: convince
Victim Country: Unknown
Victim Industry: Social Media / Technology
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Unknown Educational Institution
Category: Data Breach
Content: A threat actor on BreachForums is selling data allegedly belonging to an unidentified educational institution for $3,000. The compromised data reportedly includes student email addresses, encrypted passwords, and personally identifiable information (PII). The breach is claimed to affect more than 500 students.
Date: 2026-05-03T19:48:26Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Green
Screenshots:
None
Threat Actors: kmax2026
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Tanzanian personal records database containing 120,000 entries
Category: Data Breach
Content: A threat actor operating under the alias XOverStm is selling a database of over 120,000 records belonging to Tanzanian individuals, purportedly active and valid. The dataset includes names, contact details, addresses, mobile numbers, and city information, and is priced at $350. The seller claims the data originates from entities with revenues between $50M and $80M, and offers escrow-based transactions via Telegram and TOX communications.
Date: 2026-05-03T19:30:33Z
Network: openweb
Published URL: https://breached.st/threads/120k-name-contact-address-mobile-city-tanzania-valid-active.86732/unread
Screenshots:
None
Threat Actors: XOverStm
Victim Country: Tanzania
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Redefacement of Indonesian Technical Education Site by REYEXPLOIT
Category: Defacement
Content: On May 4, 2026, the attacker known as REYEXPLOIT conducted a mass defacement targeting the admin panel of ilmiteknik.co.id, an Indonesian technical education website. This incident is classified as both a mass defacement and a redefacement, indicating the site had been previously compromised and was targeted again. The attack was carried out on a Linux-based server, with the defaced page archived at haxor.id.
Date: 2026-05-03T19:19:20Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248851
Screenshots:
None
Threat Actors: REYEXPLOIT
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Ilmu Teknik
Victim Site: ilmiteknik.co.id
Alleged Data Breach of Senzing.com Exposing 100,000 US Records
Category: Data Breach
Content: A threat actor known as ijpys is allegedly selling a database dump from Senzing, a U.S.-based AI data management software company. The dataset contains approximately 100,002 records with highly sensitive personally identifiable information including full names, SSNs, passport numbers, drivers license numbers, credit card account numbers, phone numbers, social handles, dates of birth, and physical addresses. The data is dated May 3, 2026, and is available for purchase via a hidden download lin
Date: 2026-05-03T19:17:01Z
Network: openweb
Published URL: https://darkforums.su/Thread-sezning-com-USA-100K
Screenshots:
None
Threat Actors: ijpys
Victim Country: United States
Victim Industry: Software / Technology
Victim Organization: Senzing
Victim Site: senzing.com
Alleged Data Breach of French Ministry of Health Database (sante.gouv.fr)
Category: Data Breach
Content: A threat actor known as NearLeVrai claims to have extracted data from the public database of sante.gouv.fr, the French Ministry of Health, exposing over 26,000 beneficiary records. The dataset includes personal identifiers, professional details, company information, financial amounts, and geographic data. The actor is selling a scraper tool used to extract the data for 5 euros in Bitcoin, while also providing a download link to the extracted dataset.
Date: 2026-05-03T19:16:24Z
Network: openweb
Published URL: https://darkforums.su/Thread-database-sante-gouv-fr
Screenshots:
None
Threat Actors: NearLeVrai
Victim Country: France
Victim Industry: Government – Public Health
Victim Organization: French Ministry of Health (Ministère de la Santé)
Victim Site: sante.gouv.fr
Alleged data leak of ZenMobile France mobile virtual network operator database
Category: Data Leak
Content: A threat actor known as NormalLeVrai has made available a full SQL database dump allegedly belonging to ZenMobile (zenmobile.fr), a French mobile virtual network operator (MVNO). The database purportedly contains more than 15 million rows of customer data and has been shared as a free download via an external file hosting link. The post is associated with the PwnerSec group, which has an active presence on X (Twitter).
Date: 2026-05-03T19:15:14Z
Network: openweb
Published URL: https://darkforums.su/Thread-FR-15M-ZenMobile
Screenshots:
None
Threat Actors: NormalLeVrai
Victim Country: France
Victim Industry: Telecommunications
Victim Organization: ZenMobile
Victim Site: zenmobile.fr
Alleged buyer soliciting credential combolists for Match, OurTime, OneDrive accounts
Category: Combo List
Content: Threat actor Douglas is actively seeking to purchase email:password credential lists (combolists) targeting Match, OurTime, and OneDrive accounts from victims in Japan, USA, UK, and Europe. Budget allocated: 5,000-10,000 USDT. Requesting test samples of 10,000-50,000 records with promise of payment based on click-through rates and inspection screenshots.
Date: 2026-05-03T19:08:27Z
Network: telegram
Published URL: https://t.me/c/2613583520/74800
Screenshots:
None
Threat Actors: Douglas
Victim Country: Japan, United States, United Kingdom, Europe
Victim Industry: Dating/Social (Match, OurTime), Cloud Services (OneDrive)
Victim Organization: Unknown
Victim Site: Unknown
Mass Redefacement of Indonesian Educational Website by REYEXPLOIT
Category: Defacement
Content: On May 4, 2026, the attacker known as REYEXPLOIT conducted a mass defacement targeting the admin panel of mediasmansaba.kadungrejo.com, a media platform associated with an Indonesian secondary school (SMAN 1 Saba) located in Kadungrejo. This incident is classified as both a mass defacement and a redefacement, indicating the site had been previously compromised and was targeted again as part of a broader campaign. The defacement was carried out on a Linux-based server.
Date: 2026-05-03T19:02:09Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248850
Screenshots:
None
Threat Actors: REYEXPLOIT
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMA N 1 Saba (SMANSABA) Kadungrejo
Victim Site: mediasmansaba.kadungrejo.com
Alleged sale of French personal data containing 300 million records
Category: Data Breach
Content: A threat actor operating under the alias ARPANET755 is selling a database allegedly containing over 300 million lines of French personal data. The data is advertised on a cybercrime forum with a sample posted via an Imgur link. The seller is directing interested buyers to contact them via Telegram at @virus881.
Date: 2026-05-03T18:48:04Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-200-FRENCH-DATA
Screenshots:
None
Threat Actors: ARPANET755
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of sensitive technical documents and quality reports from Rheinmetall defense contractor
Category: Data Breach
Content: Threat actor claiming to possess sensitive data from Rheinmetall (German defense industry giant) obtained through breach of client systems. Offering for sale detailed technical specifications of ScoutSV light armored vehicle systems including turret designs, weapon cradle structures, dimensional tolerances, and engineering drawings. Also offering internal quality inspection reports documenting assembly defects, raw material certificates for armored vehicles including steel alloy specifications, precision mechanical parts specifications, and supply chain/logistics data with supplier names and internal correspondence. Asking price: $20,000 USD, payment via Monero or Bitcoin, immediate delivery via download link.
Date: 2026-05-03T18:46:54Z
Network: telegram
Published URL: https://t.me/c/2735908986/4147
Screenshots:
None
Threat Actors: Infrastructure Destruction Squad
Victim Country: Germany
Victim Industry: Defense/Aerospace
Victim Organization: Rheinmetall
Victim Site: rheinmetall.com
Alleged leak of Brazilian credential combolist (780K records)
Category: Data Leak
Content: A threat actor operating under the alias ImmanueKant has shared an alleged combolist containing approximately 780,000 credential pairs linked to Brazilian users on the AE forum. The post is described as part one of a broader Latin America series. No specific organization or source has been identified.
Date: 2026-05-03T18:37:48Z
Network: openweb
Published URL: https://altenens.is/threads/white-circlehigh-voltagewhite-circlebrazil-br-780k-part-1-of-latin-america-white-circlehigh-voltagewhite-circle.2933566/unread
Screenshots:
None
Threat Actors: ImmanueKant
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 179,000 corporate targeted credentials combolist
Category: Data Leak
Content: A threat actor known as carlos080 has shared a combolist allegedly containing 179,000 corporate-targeted credential pairs on the AE forum. The combolist appears to be specifically curated to target corporate accounts or enterprise environments. No additional details regarding the origin, affected organizations, or specific industries are available from the post content.
Date: 2026-05-03T18:35:22Z
Network: openweb
Published URL: https://altenens.is/threads/179k-corp-targeted-combolist.2933591/unread
Screenshots:
None
Threat Actors: carlos080
Victim Country: Unknown
Victim Industry: Multiple/Corporate
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Australian credential combolist
Category: Data Leak
Content: A threat actor operating under the alias ImmanueKant has made available an alleged combolist containing approximately 312,000 credential pairs associated with Australian users. The post was shared on the Altenens forum under the Combo List section. No additional details regarding the source or specific data fields are available from the post content.
Date: 2026-05-03T18:32:56Z
Network: openweb
Published URL: https://altenens.is/threads/white-circlehigh-voltagewhite-circleaustralia-au-312kwhite-circlehigh-voltagewhite-circle.2933565/unread
Screenshots:
None
Threat Actors: ImmanueKant
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Data Leak
Content: A threat actor operating under the alias Sellix has made available a combolist of approximately 550 allegedly valid Hotmail credentials on the AE combo list forum. The post claims the credentials are fresh and valid. No additional details regarding the origin or composition of the credential list are available.
Date: 2026-05-03T18:30:30Z
Network: openweb
Published URL: https://altenens.is/threads/sparkles-550x-fresh-hotmail-valid-sparkles.2933577/unread
Screenshots:
None
Threat Actors: Sellix
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged breach of Albanian government and US embassy systems with 53GB of diplomatic and classified documents
Category: Data Breach
Content: Infrastructure Destruction Squad claims to have breached Albanian government systems and the Albanian embassy in Washington, D.C., stealing 53 gigabytes of confidential documents. Stolen data reportedly includes email inboxes from Albanian embassies and consulates worldwide (Washington, Stockholm, Skopje, Rome, Paris, Moscow, Madrid, London, Brussels, Berlin, Athens, Ankara), diplomatic correspondence, classified files related to the NSA and US Department of State, parliamentary correspondence, and embassy messages. The threat actor is offering the data for sale at $50,000 USD via cryptocurrency, with partial documents already distributed on the dark web.
Date: 2026-05-03T18:06:56Z
Network: telegram
Published URL: https://t.me/c/2735908986/4135
Screenshots:
None
Threat Actors: Infrastructure Destruction Squad
Victim Country: Albania
Victim Industry: Government/Diplomatic
Victim Organization: Albanian Government, Albanian Embassy in Washington D.C.
Victim Site: Unknown
Alleged Data Breach of Crocs Israel Customer Database
Category: Data Breach
Content: A threat actor operating under the alias campfire claims to be selling a customer database stolen from crocs.co.il, the Israeli storefront of footwear brand Crocs. The database allegedly contains 852,520 records including customer IDs, full names, phone numbers, email addresses, physical addresses, dates of birth, and gender. The actor claims the breach occurred on May 3, 2026, and is offering the database for $350 via Telegram.
Date: 2026-05-03T17:45:47Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-Crocs-Israel-Customer-Database-852-520
Screenshots:
None
Threat Actors: campfire
Victim Country: Israel
Victim Industry: Retail
Victim Organization: Crocs Israel
Victim Site: crocs.co.il
Alleged distribution of 1.7 million shopping-targeted combolist
Category: Data Leak
Content: A threat actor operating under the alias Sauron has made available a combolist containing approximately 1.7 million credential pairs purportedly targeting shopping or e-commerce platforms. The content is hidden behind a registration or login wall on the forum, limiting full verification. No specific victim organization or pricing details were disclosed in the post.
Date: 2026-05-03T17:37:59Z
Network: openweb
Published URL: https://leakforum.io/Thread-1-7M-SHOPPING-TARGETED-COMBO
Screenshots:
None
Threat Actors: Sauron
Victim Country: Unknown
Victim Industry: Retail / E-Commerce
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 4.6 million mixed country credentials combolist
Category: Data Leak
Content: A threat actor operating under the alias Sauron has shared a combolist containing approximately 4.6 million credential pairs on a cybercrime forum. The combolist is described as country mixed, indicating it contains credentials from multiple nations. The content is hidden behind a registration or login wall, restricting access to forum members.
Date: 2026-05-03T17:37:33Z
Network: openweb
Published URL: https://leakforum.io/Thread-4-6M-Country-Mixed-Combo
Screenshots:
None
Threat Actors: Sauron
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 1.3 million mixed credentials combolist
Category: Data Leak
Content: A threat actor known as Leviathan has made available a combolist containing approximately 1.3 million credential pairs on a leak forum. The combolist is described as fresh, high quality, and semi-private, with mixed origins claimed to be suitable for various credential stuffing or account takeover purposes. No specific victim organization or targeted service has been identified.
Date: 2026-05-03T17:37:02Z
Network: openweb
Published URL: https://leakforum.io/Thread-1-3M-Fresh-HQ-Semi-Private-Mixed-Combolist-Good-For-All
Screenshots:
None
Threat Actors: Leviathan
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credentials combolist with 57,991 lines
Category: Data Leak
Content: A threat actor operating under the alias storm222 has shared a mixed combolist containing 57,991 lines on a cybercrime forum. The combolist appears to be a compilation of credentials from multiple sources. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-03T17:36:39Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-57991-Lines-Fresh-Mix-Combolist
Screenshots:
None
Threat Actors: storm222
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist including Hotmail accounts
Category: Combo List
Content: A threat actor operating under the alias alphaxdd has made available a combolist containing 4,212 mixed email credentials, including validated Hotmail accounts described as premium hits. The post references private cloud access and directs users to a Telegram contact for further engagement. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-03T17:35:48Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-4212x-PREMIUM-MIX-MAIL-HITS%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Redefacement of PianoMinds by Threat Actor YIIX103
Category: Defacement
Content: Threat actor YIIX103, operating without a known team affiliation, conducted a redefacement of pianominds.com, targeting a specific page (yo.php) on May 4, 2026. This incident marks a repeat compromise of the same target, indicating either unpatched vulnerabilities or persistent unauthorized access. The defacement was not classified as a mass or home page defacement, suggesting a targeted sub-page attack.
Date: 2026-05-03T17:24:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917414
Screenshots:
None
Threat Actors: YIIX103
Victim Country: Unknown
Victim Industry: Music Education / Entertainment
Victim Organization: PianoMinds
Victim Site: pianominds.com
Alleged Sale of SQL Injection Vulnerability on French Government Website
Category: Initial Access
Content: A threat actor operating under the alias nighttt is selling an unpatched Boolean-based Blind SQL Injection vulnerability targeting a French government website. The vulnerability exploits the form_id POST parameter using Microsoft Access and bypasses standard WAF protections, allowing full database enumeration including user credentials, PII, and internal configurations. The seller is offering exclusivity to a single buyer, accepting Bitcoin or Monero, with contact via Telegram and Session.
Date: 2026-05-03T17:18:42Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-SQLI-on-a-gov-French
Screenshots:
None
Threat Actors: nighttt
Victim Country: France
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Trustpilot.com 56GB Dataset
Category: Data Leak
Content: A threat actor known as MDGhost has allegedly made available a 56GB dataset purportedly belonging to Trustpilot.com on the Breached forum. The post was shared in the Databases section, suggesting the leak contains structured data. Further details regarding the specific data types and record count are unavailable due to limited post content.
Date: 2026-05-03T17:03:21Z
Network: openweb
Published URL: https://breached.st/threads/56gb-trustpilot-com-data-leak.86728/unread
Screenshots:
None
Threat Actors: MDGhost
Victim Country: Denmark
Victim Industry: Technology
Victim Organization: Trustpilot
Victim Site: trustpilot.com
Alleged Data Breach of naz.api Credential Dataset
Category: Data Breach
Content: A forum user on SP – Databases is inquiring about the naz.api breach, seeking either the dataset itself or information related to it. The naz.api dataset is a well-known large-scale combolist compiled from stealer logs and credential dumps. No specific seller, price, or download link was provided in this post, suggesting it is an information-seeking inquiry rather than an active sale or leak.
Date: 2026-05-03T16:56:30Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-naz-api
Screenshots:
None
Threat Actors: skybloc
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of 17 Million French Email Addresses
Category: Data Leak
Content: A threat actor known as NormalLeVrai has freely shared a collection of approximately 17 million French email addresses via a public download link. The emails are reportedly associated with popular French and international email providers including Wanadoo, Yahoo, Orange, Hotmail, Free, and Live. The data is available for free download in JSONL format.
Date: 2026-05-03T16:53:49Z
Network: openweb
Published URL: https://darkforums.su/Thread-France-Messagerie-17M
Screenshots:
None
Threat Actors: NormalLeVrai
Victim Country: France
Victim Industry: Telecommunications / Email Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 22,000 valid email credentials combolist
Category: Combo List
Content: A threat actor operating under the alias TeraCloud1 has made available a combolist allegedly containing 22,000 valid email:password credential pairs on a cybercrime forum. The content is hidden behind a registration or login requirement, limiting visibility into the specific email providers or organizations affected. No victim organization, country, or price has been specified, suggesting the content is being shared freely to registered forum members.
Date: 2026-05-03T16:36:25Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-22K-VALID-MAIL-ACCESS–202691
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credential combolist
Category: Combo List
Content: A threat actor operating under the alias StrawHatBase has shared a combolist of approximately 29,000 mixed email address and password combinations on a cybercrime forum. The post, titled 29K MIX GOOD MAIL ACCESS, suggests the credentials may provide valid email account access across multiple providers. No specific victim organization, country, or industry has been identified, indicating the combolist is aggregated from multiple sources.
Date: 2026-05-03T16:35:40Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-29K-MIX-GOOD-MAIL-ACCESS
Screenshots:
None
Threat Actors: StrawHatBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias alphaxdd has made available a combolist containing 1,325 alleged valid Hotmail credentials on a cybercrime forum. The post references a private cloud storage location and mixed mail types, with access restricted to registered forum members. The actor also promotes a Telegram contact alphaaxd for further engagement.
Date: 2026-05-03T16:35:15Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1325x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Sale of SQL Injection Vulnerability Affecting French Government Tax Portal (impots.gouv.fr)
Category: Initial Access
Content: A threat actor operating under the alias LastNodemReal is allegedly selling an unpatched Boolean-based Blind SQL Injection vulnerability targeting the French government tax portal impots.gouv.fr. The vulnerability reportedly affects the form_id POST parameter on a Microsoft Access backend, enabling full database schema enumeration and unauthorized access to user credentials, PII, and internal configurations. The seller is accepting payment in Bitcoin or Monero and claims the exploit bypasses
Date: 2026-05-03T16:06:17Z
Network: openweb
Published URL: https://breached.st/threads/biggesst-vuln-in-the-website-gouvernemental-impots-french.86725/unread
Screenshots:
None
Threat Actors: LastNodemReal
Victim Country: France
Victim Industry: Government
Victim Organization: Direction Générale des Finances Publiques (DGFiP)
Victim Site: impots.gouv.fr
Alleged Data Breach of UnionPay International Payment System
Category: Data Breach
Content: A threat actor operating under the alias DragonzSupport is allegedly selling a 20GB database purportedly obtained from UnionPay Internationals payment system, containing customer data. The data is described as a large dataset associated with the international payment platform unionpayintl.com. Contact is facilitated through a Telegram handle (@DragonzSupport).
Date: 2026-05-03T16:04:59Z
Network: openweb
Published URL: https://breached.st/threads/20gb-china-unionpayintl-com-international-payment-system-costumer-large-data-row.86726/unread
Screenshots:
None
Threat Actors: DataSellers
Victim Country: China
Victim Industry: Financial Services
Victim Organization: UnionPay International
Victim Site: unionpayintl.com
Website Redefacement of Novinlib by Owens of Zenimous Crew
Category: Defacement
Content: The threat actor Owens, operating under the group Zenimous Crew, conducted a redefacement of novinlib.com, targeting a specific upload directory page. This incident marks a repeated compromise of the same target, suggesting persistent access or recurring vulnerability exploitation. The defacement was not categorized as a mass or homepage defacement, indicating a targeted subdirectory attack.
Date: 2026-05-03T15:54:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917411
Screenshots:
None
Threat Actors: Owens, Zenimous Crew
Victim Country: Iran
Victim Industry: Media / Publishing
Victim Organization: Novinlib
Victim Site: novinlib.com
Alleged Data Leak of Actradis French Business Compliance Database
Category: Data Leak
Content: A threat actor operating under the alias Lagui has freely shared a scraped database dump from Actradis, a French business compliance and procurement platform. The leaked dataset contains 82,611 client records in JSONL format, including SIREN numbers, VAT identifiers, company names, addresses, NAF activity codes, invoice details, supplier relationships, and subscription statuses. The actor claims the data was scraped approximately one day prior to posting and has not been previously published e
Date: 2026-05-03T15:46:52Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-FRENCH-DATABASE-ACTRADIS
Screenshots:
None
Threat Actors: Lagui
Victim Country: France
Victim Industry: Business Compliance & Procurement Services
Victim Organization: Actradis
Victim Site: actradis.fr
Alleged distribution of PDF and DOC/DOCX exploit techniques and tools
Category: Initial Access
Content: A threat actor on a cracking forum has shared downloadable resources related to exploiting PDF and DOC/DOCX file formats. The post details multiple attack vectors including malicious VBA macros, OLE object abuse, embedded JavaScript in PDFs, and exploitation of vulnerabilities in Office and PDF reader software. The content appears to serve as both an educational guide and a distribution point for exploit tools targeting users who open malicious documents.
Date: 2026-05-03T15:40:33Z
Network: openweb
Published URL: https://nulledbb.com/thread-PDF-and-Doc-exploit-2025–2290244
Screenshots:
None
Threat Actors: ZamanX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Distribution of Fraudulent UK Drivers License PSD Template
Category: Carding
Content: A threat actor operating under the alias ZamanX has made available a forged British Driving Licence PSD template on a cracking forum. The post includes multiple download links for a 2026 UK driving licence template, which can be used to produce counterfeit government-issued identity documents. Distribution and possession of such fraudulent identity documents poses significant risks including identity fraud and document forgery.
Date: 2026-05-03T15:40:11Z
Network: openweb
Published URL: https://nulledbb.com/thread-UK-drivers-License-PSD-Template–2290245
Screenshots:
None
Threat Actors: ZamanX
Victim Country: United Kingdom
Victim Industry: Government
Victim Organization: Driver and Vehicle Licensing Agency (DVLA)
Victim Site: Unknown
Alleged distribution of Router Scan v2.60 network reconnaissance and exploitation tool
Category: Initial Access
Content: A threat actor on a cracking forum has made available Router Scan v2.60, a network reconnaissance tool capable of scanning and identifying routers, extracting Wi-Fi credentials (SSID and passphrase), and exploiting known vulnerabilities in devices from vendors including D-Link, ASUS, Realtek eCos, and Sagemcom (MicroSL). The tool supports credential extraction via authentication bypass, dictionary-based authorization attacks, and vulnerability exploitation, and can upload discovered access point
Date: 2026-05-03T15:39:48Z
Network: openweb
Published URL: https://nulledbb.com/thread-Router-Scan-v2-60–2290246
Screenshots:
None
Threat Actors: ZamanX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of BrutoHell Seed V.2 cryptocurrency wallet seed phrase cracking tool
Category: Carding
Content: A threat actor known as ZamanX has made available a tool called BrutoHell Seed V.2, advertised as a cryptocurrency wallet seed phrase brute-force cracker targeting BTC, ETH, LTC, and USDT TRC20 wallets. The tool claims to leverage GPU acceleration and multithreading to brute-force BIP39-compliant mnemonic phrases of 12, 18, and 24 words, supporting wallets such as Ledger, Trezor, and MetaMask. Despite being framed as a recovery tool, the software is designed to enable unauthorized access to cryp
Date: 2026-05-03T15:39:25Z
Network: openweb
Published URL: https://nulledbb.com/thread-BrutoHell-Seed-V-2-The-Ultimate-Seed-Phrase-Cracker-for-BTC-ETH-LTC-and-USDT-TRC2–2290247
Screenshots:
None
Threat Actors: ZamanX
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of web hacking and exploitation toolset for 2025
Category: Initial Access
Content: A threat actor operating under the alias ZamanX has made available a large collection of web hacking and exploitation tools on the NulledBB forum. The toolset includes SQL injection utilities (sqlmap, sqlninja, JSQL-Injection), vulnerability scanners (Acunetix, WebCruiser, Wapiti), LFI exploiters, admin page finders, and defacement tools targeting web applications and servers. The tools are offered as free downloads via multiple shared links, posing a risk of enabling unauthorized access, deface
Date: 2026-05-03T15:39:02Z
Network: openweb
Published URL: https://nulledbb.com/thread-Advance-Web-hacking-tools-2025–2290248
Screenshots:
None
Threat Actors: ZamanX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of SMTP cracking tool SMTP Heist 2025 targeting SMTP services
Category: Initial Access
Content: A threat actor operating under the alias ZamanX has made available an open-source SMTP cracking tool called SMTP Heist 2025 on a cracking forum. The tool, hosted on GitHub at drcrypterdotru/SMTP-Heist, features a PyQt6 GUI, multi-host SMTP credential brute-forcing, combo list ingestion, and Telegram-based result reporting. It is designed to perform unauthorized credential attacks against SMTP services using EMAIL|PASSWORD or HOST|PORT|EMAIL|PASSWORD combo lists.
Date: 2026-05-03T15:38:41Z
Network: openweb
Published URL: https://nulledbb.com/thread-SMTP-Heist-2025–2290249
Screenshots:
None
Threat Actors: ZamanX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials targeting Hotmail, Outlook, Live, and MSN accounts
Category: Combo List
Content: A threat actor operating under the alias mailcombo01 has made available a combolist of approximately 125,000 email credentials, described as fresh and high-quality hits targeting Hotmail, Outlook, Live, and MSN accounts from users across the United States, Europe, France, Germany, and Italy. The actor claims to distribute 2 to 4 files daily via a Telegram channel (@HiddenAccessX / t.me/HiddenAcces1), advertising high hit rates and consistent daily drops. No price is mentioned, suggesting the c
Date: 2026-05-03T15:38:32Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-Mix-125k-Premium-Mail-Access-Fresh-Hits
Screenshots:
None
Threat Actors: mailcombo01
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of Hotmail/Outlook credential combolists via Telegram channel
Category: Combo List
Content: A threat actor operating under the alias HiddenAccessX is distributing alleged fresh Hotmail, Outlook, Live, and MSN email credential combolists via a Telegram channel. The actor claims to release 2–4 files daily targeting users across the United States, Europe, France, Germany, and Italy. No explicit price is mentioned, with access to the combolists provided through a Telegram channel link.
Date: 2026-05-03T15:38:06Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-Hotmail-50k-Premium-Mail-Access-Fresh-Hits
Screenshots:
None
Threat Actors: mailcombo01
Victim Country: Multiple
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor known as NotSellerXd has shared an alleged combolist containing 5,920 Hotmail email and password combinations on DemonForums. The content is hidden behind a registration or login requirement, suggesting it is being made available to forum members at no explicit charge. The origin and validity of the credentials have not been verified.
Date: 2026-05-03T15:37:44Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-5920x-HOTMAIL
Screenshots:
None
Threat Actors: NotSellerXd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail and mixed credentials combolist
Category: Combo List
Content: A threat actor on DemonForums shared a combolist containing approximately 2,370 alleged valid credentials, including Hotmail accounts and a mixed set of email:password combinations described as UHQ (ultra-high quality). The content is hidden behind a registration wall and the actor promotes a Telegram channel (@noiraccesss) for further access. No price was mentioned, suggesting the combolist is being made available for free to registered forum members.
Date: 2026-05-03T15:37:13Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X2370-Valid-UHQ-Mix-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Data Leak
Content: A threat actor operating under the alias Megacloud has shared a combolist containing approximately 4,000 Hotmail email credentials on the forum AE – Combo List. The post, dated May 3rd, claims the credentials are fresh and of top quality. No price was mentioned, suggesting the list was made available for free.
Date: 2026-05-03T15:31:59Z
Network: openweb
Published URL: https://altenens.is/threads/4k-hotmail-fresh-mail-access-top-quality-03-05.2933511/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials combolist
Category: Data Leak
Content: A threat actor known as KiwiShio shared an alleged combolist of approximately 2,020 Hotmail credentials on the AE forum. The post claims the credentials are fresh and high quality. No further details are available as the post content was not captured.
Date: 2026-05-03T15:31:30Z
Network: openweb
Published URL: https://altenens.is/threads/2020x-starstar-fresh-hq-hotmail-starstar.2933515/unread
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged critical vulnerability in French government website impots.gouv.fr reported by LunarisSec
Category: Vulnerability
Content: LunarisSec, a threat actor group, claims to have discovered and reported a critical security vulnerability in the official French government tax website (impots.gouv.fr). The group frames this as a help initiative for France, which is described as the country most affected by cyberattacks. The post includes threat messaging (Expect LunarisSec) and references to their X/Twitter account.
Date: 2026-05-03T15:31:19Z
Network: telegram
Published URL: https://t.me/c/3733257070/56
Screenshots:
None
Threat Actors: LunarisSec
Victim Country: France
Victim Industry: Government
Victim Organization: French Government – Direction Générale des Finances Publiques
Victim Site: impots.gouv.fr
Alleged leak of Hotmail credentials combolist
Category: Data Leak
Content: A threat actor on the AE – Combo List forum has made available a combolist claimed to contain 1,983 fresh Hotmail credential hits. The post describes the credentials as private, suggesting they may not have been previously circulated. No additional context or post content was available to verify the claim.
Date: 2026-05-03T15:31:13Z
Network: openweb
Published URL: https://altenens.is/threads/check-mark-button-1983x-fresh-private-hotmail-hits-check-mark-button.2933517/unread
Screenshots:
None
Threat Actors: Angiecrax
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Sale of SQL Injection Vulnerability on Government Website
Category: Initial Access
Content: A threat actor operating under the alias equal././LastNodem is selling an unpatched Boolean-based Blind SQL Injection vulnerability targeting an unidentified government website. The vulnerability exploits the form_id POST parameter against a Microsoft Access backend, allegedly enabling full database enumeration including user credentials, PII, and internal configurations. The seller is offering exclusivity to a single buyer, accepting Bitcoin or Monero, and can be contacted via Telegram (@La
Date: 2026-05-03T15:24:19Z
Network: openweb
Published URL: https://breached.st/threads/selling-vulnerability-on-a-gov.86722/unread
Screenshots:
None
Threat Actors: equal./.
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of classified government documents belonging to Pakistan
Category: Data Breach
Content: A threat actor operating under the alias RubiconH4ck is selling approximately 1TB of documents allegedly belonging to Pakistan, reportedly including presidential correspondence and defense-related files. The actor is offering the data for an undisclosed price via Telegram contacts. The authenticity and origin of the claimed data have not been verified.
Date: 2026-05-03T15:23:26Z
Network: openweb
Published URL: https://breached.st/threads/1tb-complete-documents-belonging-to-pakistan.86723/unread
Screenshots:
None
Threat Actors: RubiconH4ck
Victim Country: Pakistan
Victim Industry: Government
Victim Organization: Government of Pakistan
Victim Site: Unknown
Alleged Data Leak of Ingenium Co Ltd Database (Thailand)
Category: Data Leak
Content: A threat actor known as Mr.ZeroPhx100 has made available an alleged database dump belonging to Ingenium Co Ltd, a company based in Thailand. The post, shared on a cybercrime forum, offers a free download of the data. Further details regarding the volume of records or specific data types included have not been disclosed in the post.
Date: 2026-05-03T15:23:01Z
Network: openweb
Published URL: https://breached.st/threads/database-ingenium-co-ltd-thailand.86724/unread
Screenshots:
None
Threat Actors: Mr.ZeroPhx100
Victim Country: Thailand
Victim Industry: Unknown
Victim Organization: Ingenium Co Ltd
Victim Site: Unknown
Mass Website Defacement by Irene of XmrAnonye.id targeting mwcnu-turen.org
Category: Defacement
Content: On May 3, 2026, a threat actor known as Irene, affiliated with the group XmrAnonye.id, conducted a mass defacement attack against mwcnu-turen.org, a Linux-hosted website. The defacement was carried out by modifying the target URL to display a hacked page, and the incident has been archived via haxor.id. This event is part of a broader mass defacement campaign attributed to the same actor.
Date: 2026-05-03T15:09:24Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248849
Screenshots:
None
Threat Actors: Irene, XmrAnonye.id
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: MWCNU Turen
Victim Site: mwcnu-turen.org
Alleged distribution of DEnigma Cracker V2.0 cryptocurrency cracking tool
Category: Initial Access
Content: A threat actor known as ZamanX has made available a tool called DEnigma Cracker V2.0 on a cracking forum via multiple free download links. The tool is a Python-based CLI application designed to target blockchain and cryptocurrency wallets, featuring asynchronous processing, multi-chain support, and concurrent architecture. The tool appears intended to crack or brute-force cryptographic keys associated with blockchain accounts across multiple chains.
Date: 2026-05-03T14:58:56Z
Network: openweb
Published URL: https://nulledbb.com/thread-DEnigma-Cracker-V2-0–2290239
Screenshots:
None
Threat Actors: ZamanX
Victim Country: Unknown
Victim Industry: Cryptocurrency / Blockchain
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of SQLMAP SKYNET Autonomous AI v1.2.0 SQL injection exploitation tool
Category: Initial Access
Content: A threat actor operating under the alias ZamanX has made available a tool called SQLMAP SKYNET Autonomous AI v1.2.0 on a cracking forum. The tool is marketed as an AI-enhanced version of SQLMAP designed to autonomously detect, exploit, and analyze SQL injection vulnerabilities with minimal manual configuration. Multiple download links are provided, positioning the tool for use in unauthorized exploitation of web applications and databases.
Date: 2026-05-03T14:58:32Z
Network: openweb
Published URL: https://nulledbb.com/thread-SQLMAP-SKYNET-Autonomous-AI-v1-2-0–2290240
Screenshots:
None
Threat Actors: ZamanX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of Apple ID email validation tool
Category: Initial Access
Content: A threat actor on NulledBB has made available a tool called Apple Valid Email Checker that claims to verify whether email addresses are valid, associated with an Apple ID or iPhone, and usable for marketing or fraudulent purposes. The tool is offered as a free download across multiple links. This type of checker is typically used for account enumeration, credential stuffing preparation, or targeted phishing campaigns against Apple users.
Date: 2026-05-03T14:58:09Z
Network: openweb
Published URL: https://nulledbb.com/thread-Apple-Valid-Email-Checker–2290241
Screenshots:
None
Threat Actors: ZamanX
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Apple
Victim Site: apple.com
Alleged distribution of DeBank multi-chain wallet account cracking tool
Category: Initial Access
Content: A threat actor on a cracking forum has made available a tool called DeBank Account Cracker 2026, designed to perform bulk automated checks against DeBank multi-chain wallet accounts. The tool allegedly enumerates token holdings, DeFi positions, NFTs, and transaction history across EVM-compatible blockchains. Multiple free download links were shared, indicating the tool is being freely distributed to enable unauthorized access to DeBank user accounts.
Date: 2026-05-03T14:57:45Z
Network: openweb
Published URL: https://nulledbb.com/thread-DeBank-Account-Cracker-2026-Advanced-Multi-Chain-Wallet-Balance-Checker-Tool
Screenshots:
None
Threat Actors: ZamanX
Victim Country: Unknown
Victim Industry: Cryptocurrency / Decentralized Finance
Victim Organization: DeBank
Victim Site: debank.com
Alleged distribution of WhatsApp spying tool via fake QR code
Category: Initial Access
Content: A threat actor on a cracking forum has made available a tool called WhatsApp-spy v2.0 that exploits a fake QR code to gain unauthorized access to WhatsApp accounts. When a victim scans the malicious QR code, the tool silently harvests all account content. The tool reportedly disguises the linked device as Bayiles to avoid raising suspicion in the victims linked devices list.
Date: 2026-05-03T14:57:24Z
Network: openweb
Published URL: https://nulledbb.com/thread-Whatsapp-spy-2-0–2290243
Screenshots:
None
Threat Actors: ZamanX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: whatsapp.com
Alleged leak of Hotmail credential combolist
Category: Data Leak
Content: A threat actor on a leak forum has made available a combolist allegedly containing 3,844 Hotmail credential hits. The post is hidden behind a registration or login wall, limiting full visibility into the data. The credentials appear to be verified working accounts based on the HITS designation in the thread title.
Date: 2026-05-03T14:56:28Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-3844x-HOTMAIL-HITS
Screenshots:
None
Threat Actors: MeiMisaki
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias Sellerxd has made available a combolist containing approximately 4,200 alleged valid Hotmail email and password combinations on a cybercrime forum. The credentials are described as high quality (HQ), suggesting they may have been verified as active. Access to the content requires registration or login to the forum.
Date: 2026-05-03T14:56:22Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-4200x-Valid-HQ-Hotmails
Screenshots:
None
Threat Actors: Sellerxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed email and password combolist (X2539)
Category: Combo List
Content: A threat actor operating under the alias @Stevee36 has shared a mixed combolist containing approximately 2,539 email and password credential pairs on the DemonForums cybercrime forum. The content is hidden behind a registration or login wall, suggesting it is available to forum members at no direct cost. The source organizations or targeted services associated with the credentials are unknown.
Date: 2026-05-03T14:55:54Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X2539-HQ-Mix-%E2%9A%A1%E2%9A%A1-BY-Stevee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Data Leak
Content: A threat actor operating under the alias Nulled07 has shared an alleged combolist containing 4,110 Hotmail credentials on a cybercrime forum. The post is gated behind a registration or login requirement, suggesting the content is available to forum members. The credentials are described as fresh, implying recent validity.
Date: 2026-05-03T14:55:45Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-4110x-FRESH-HOTMAIL-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Nulled07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor known as HollowKnight has shared a sample combolist containing 960 Hotmail email and password credential pairs on a cybercrime forum. The content is gated behind registration or login, suggesting it is freely available to forum members. This appears to be a sample release, potentially to demonstrate a larger credential dataset.
Date: 2026-05-03T14:55:26Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-960x-SAMPLE-HOTMAIL-%E2%9A%A1%E2%9A%A1–202683
Screenshots:
None
Threat Actors: HollowKnight
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed email credential combolist
Category: Combo List
Content: A threat actor operating under the alias NotSellerXd shared a mixed email combolist containing approximately 3,720 email and password credential pairs on a cybercrime forum. The content is hidden behind a registration or login requirement, suggesting it is available to forum members for free. The origin and targeted services of the credentials are unknown.
Date: 2026-05-03T14:55:05Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3720x-MIX-MAIL
Screenshots:
None
Threat Actors: NotSellerXd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of farissl.com by Astar of Garuda Suspend Commision
Category: Defacement
Content: On May 3, 2026, a threat actor known as Astar, operating under the group Garuda Suspend Commision, defaced the website farissl.com by modifying the file located at /77.php. The attack was a targeted single-site defacement with no additional details available regarding the server environment or motivation. The defacement was archived and mirrored via zone-xsec.com.
Date: 2026-05-03T14:52:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917404
Screenshots:
None
Threat Actors: Astar, Garuda Suspend Commision
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Farissl
Victim Site: farissl.com
Alleged sale of Active Directory Domain Admin access to United States Technology/SaaS company
Category: Initial Access
Content: A threat actor operating under the alias HighWayToShell is selling Active Directory Domain Admin access to an unidentified United States-based Technology/SaaS company with reported revenue exceeding $5 billion. The access includes Database Admin (SA) privileges across a network of approximately 50 hosts, with no antivirus or EDR solutions detected. The access is being offered for $489 (approximately 0.00575064 BTC).
Date: 2026-05-03T14:48:25Z
Network: openweb
Published URL: https://xforums.st/threads/active-directory-domain-admin-technology-saas-united-states-5b-revenue.612235/
Screenshots:
None
Threat Actors: HighWayToShell
Victim Country: United States
Victim Industry: Technology / SaaS
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of hacking eBook collection on cybercrime forum
Category: Initial Access
Content: A threat actor on BreachForums is selling a collection of 100 eBooks covering topics including hacking, personal development, psychology, and money-making methods for $200 to the first 5 customers, discounted from $300. The seller is directing interested buyers to contact them via Telegram handle ipkaranlik. The archive appears to be a compilation of various digital books rather than stolen organizational data.
Date: 2026-05-03T14:46:19Z
Network: openweb
Published URL: https://breachforums.rs/Thread-100x-Hacking-E-Book-books-that-make-money
Screenshots:
None
Threat Actors: Darkode1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Ontario College of Health & Technology
Category: Data Leak
Content: In May 2026, the Ontario College of Health & Technology allegedly suffered a data breach attributed to a critical authentication bypass vulnerability (CVE-2026-41940) in an unpatched WebHost Manager (WHM) installation. The vulnerability allowed unauthorized actors to gain administrative access and exfiltrate student databases containing names, email addresses, phone numbers, residential addresses, and student records. The data has been made available via a Gofile link shared on a cybercrime foru
Date: 2026-05-03T14:42:35Z
Network: openweb
Published URL: https://breached.st/threads/ontario-college-of-health-technology-breach.86718/unread
Screenshots:
None
Threat Actors: Shinigami
Victim Country: Canada
Victim Industry: Education
Victim Organization: Ontario College of Health & Technology
Victim Site: Unknown
Alleged Data Breach of U.S. Chamber of Commerce Member Database
Category: Data Breach
Content: A threat actor known as RubiconH4ck is selling an alleged database containing 34 million records attributed to members of the U.S. Chamber of Commerce. The dataset is priced at $7,500 USD and reportedly includes full names, physical addresses, phone numbers, email addresses, dates of birth, gender, IP addresses, and asset class classifications. The data is labeled as updated to 2026, suggesting it may be a compiled or enriched dataset rather than a direct breach of uschamber.com systems.
Date: 2026-05-03T14:41:40Z
Network: openweb
Published URL: https://breached.st/threads/leak-of-34-million-us-chamber-of-commerce-members-data.86720/unread
Screenshots:
None
Threat Actors: RubiconH4ck
Victim Country: United States
Victim Industry: Business Associations / Trade Organizations
Victim Organization: U.S. Chamber of Commerce
Victim Site: uschamber.com
Alleged Data Breach of IOPRI.CO.ID with Ransom Demand
Category: Data Breach
Content: A threat actor identified as Kyyzo claims to have exfiltrated over 61GB of data from the Indonesian Oil Palm Research Institute (IOPRI), including company revenue records, bank account numbers, accounts receivable data, and employee records. The actor has issued a ransom demand with a 31-hour deadline, threatening to publicly leak the full dataset if payment is not received. Sample data shared includes SQL database dumps exposing multiple Bank Mandiri and BNI account details along with interna
Date: 2026-05-03T14:41:12Z
Network: openweb
Published URL: https://breached.st/threads/iopri-co-id-database-company.86721/unread
Screenshots:
None
Threat Actors: Kyyzo
Victim Country: Indonesia
Victim Industry: Research & Agriculture
Victim Organization: Indonesian Oil Palm Research Institute (IOPRI)
Victim Site: iopri.co.id
Alleged leak of Chinese government facial recognition API bruteforce tool targeting Changzhou Public Security Bureau
Category: Data Leak
Content: A threat actor has publicly shared a Python-based bruteforce tool targeting the Changzhou Public Security Bureaus WeChat mini-program biometric verification endpoint (POST /miniprogram/user/sfrz). The tool exploits an exposed facial recognition API with a hardcoded authentication key, enabling mass enumeration of Chinese national ID numbers and cross-matching of facial photos against the national police biometric database. The release includes working session credentials and is designed to veri
Date: 2026-05-03T14:35:24Z
Network: openweb
Published URL: https://darkforums.su/Thread-Source-Code-czsga-cn-China-Gov-Facial-Recognition-API-Cracked-Live-Face-Match-Bruteforce-Dump
Screenshots:
None
Threat Actors: xorcat
Victim Country: China
Victim Industry: Government
Victim Organization: Changzhou Public Security Bureau
Victim Site: wjwwx.czsga.cn
Alleged Cracking of Alipay Real-Name 3-Factor Verification API for large-loan.shiqiao.com
Category: Data Breach
Content: A threat actor claims to have cracked the Alipay real-name 3-factor verification API associated with large-loan.shiqiao.com, a Chinese lending platform. The post suggests the actor has obtained or can verify live identity data through the compromised API. No further details are available due to the absence of post content.
Date: 2026-05-03T14:34:37Z
Network: openweb
Published URL: https://darkforums.su/Thread-Source-Code-large-loan-shiqiao-com-Alipay-Real-Name-3-Factor-Verification-API-Cracked-Live-Id
Screenshots:
None
Threat Actors: xorcat
Victim Country: China
Victim Industry: Financial Services
Victim Organization: large-loan.shiqiao.com
Victim Site: large-loan.shiqiao.com
Alleged Release of Kuaishou Mass Account Reporting Bot with Stolen Session Cookies
Category: Data Leak
Content: A threat actor operating under the alias xorcat has publicly released a Python-based mass-reporting automation tool targeting Kuaishou, a Chinese short-video platform with over 600 million users. The tool exploits Kuaishous GraphQL ReportSubmitMutation endpoint using stolen session cookies sourced from a remote CDN (wpan.cdndns.site) to coordinate fake report swarms capable of banning targeted accounts or videos. The release includes multi-threaded cookie rotation, auto-updating stolen sessio
Date: 2026-05-03T14:33:51Z
Network: openweb
Published URL: https://darkforums.su/Thread-Source-Code-kuaishou-com-Mass-Account-Ban-Bot-Cracked-Swarm-Report-Any-Profile-Into-Oblivion
Screenshots:
None
Threat Actors: xorcat
Victim Country: China
Victim Industry: Social Media
Victim Organization: Kuaishou
Victim Site: kuaishou.com
Alleged Data Leak of Chinese Medical Records Telegram Bot Source Code with Hardcoded Credentials
Category: Data Leak
Content: A threat actor using the handle xorcat has leaked the complete source code of a Telegram-based Chinese medical records lookup bot (@xiaochouyl1_bot) after a payment dispute with a client. The leak includes hardcoded credentials such as a live Telegram bot token, admin IDs, OKPay merchant credentials and API token, a SQLite database with user order history and balances, and an HTML template used to generate spoofed hospital management system screenshots. The bot was designed to query Chinese ho
Date: 2026-05-03T14:33:12Z
Network: openweb
Published URL: https://darkforums.su/Thread-Source-Code-api-okaypay-me-PRC-Medical-Records-Bot-Dumped-Admin-Token-OKPay-Credentials
Screenshots:
None
Threat Actors: xorcat
Victim Country: China
Victim Industry: Healthcare
Victim Organization: Unknown
Victim Site: api.okaypay.me
Alleged Leak of Chinese Public Security Law Enforcement Telegram Bot Source Code and Credentials
Category: Data Leak
Content: A threat actor known as xorcat has leaked the full source code of a Chinese public security criminal investigation Telegram bot (刑侦机器人), allegedly in retaliation for non-payment by the operator. The leaked materials include the bots Python source code, menu images containing classified police database query categories, and a hardcoded live Telegram bot token, enabling potential bot hijacking or impersonation of law enforcement systems. The bot reportedly served as a frontend interface for que
Date: 2026-05-03T14:32:29Z
Network: openweb
Published URL: https://darkforums.su/Thread-Source-Code-Law-Enforcement-Telegram-Bot-Hacked-Criminal-Case-Statistics-Registration-Lookup
Screenshots:
None
Threat Actors: xorcat
Victim Country: China
Victim Industry: Government
Victim Organization: Chinese Public Security Law Enforcement
Victim Site: Unknown
Alleged Data Breach of Operations Support Company (OSC)
Category: Data Breach
Content: A threat actor known as NormalLeVrai is selling access to the Operations Support Company (OSC) database containing 172,272 rows, along with source code and four email accounts for $500. The actor also claims to have defaced the victims website and is offering a downloadable archive of the data. Evidence includes screenshots of emails, source code, and mail exports.
Date: 2026-05-03T14:31:17Z
Network: openweb
Published URL: https://darkforums.su/Thread-Operations-Support-Company-OSC
Screenshots:
None
Threat Actors: NormalLeVrai
Victim Country: Saudi Arabia
Victim Industry: Business Services
Victim Organization: Operations Support Company (OSC)
Victim Site: osc.sa
Alleged offensive cyber operations against Chinese government assets with 0day exploit distribution
Category: Vulnerability
Content: A threat actor group announces conducting operations against critical Chinese government assets, websites, and infrastructure. They are distributing attack scripts, 0day exploits, methodologies, and attack chains as proof-of-concept materials, claiming to make security research knowledge freely available.
Date: 2026-05-03T14:20:00Z
Network: telegram
Published URL: https://t.me/c/3793980891/3273
Screenshots:
None
Threat Actors: xorcat
Victim Country: China
Victim Industry: Government
Victim Organization: Chinese government
Victim Site: Unknown
Alleged vulnerability in Kuaishou GraphQL endpoint allowing unauthorized account actions via stolen session cookies
Category: Vulnerability
Content: A vulnerability in Kuaishou.coms ReportSubmitMutation GraphQL endpoint is described that allegedly allows bulk account and video bans using stolen session cookies without CAPTCHA validation. The attack method involves leveraging a remote CDN dump for cookie sourcing and rotating User-Agent pools to bypass security controls.
Date: 2026-05-03T14:19:19Z
Network: telegram
Published URL: https://t.me/c/3793980891/3271
Screenshots:
None
Threat Actors: ./xorcat~files
Victim Country: China
Victim Industry: Social Media/Video Streaming
Victim Organization: Kuaishou
Victim Site: kuaishou.com
Mass Website Defacement of Gani Academy by Threat Actor Zod
Category: Defacement
Content: On May 3, 2026, threat actor Zod conducted a mass defacement attack against ganiacademy.com, a website associated with an educational institution running on a Linux-based server. The incident was recorded as part of a broader mass defacement campaign carried out by Zod, with the defaced page archived at haxor.id.
Date: 2026-05-03T14:18:10Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248847
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Gani Academy
Victim Site: ganiacademy.com
Website Defacement of Hoc Lanh Dao by Threat Actor Zod
Category: Defacement
Content: On May 3, 2026, threat actor Zod defaced the website hoclanhdao.com, a Vietnamese platform likely associated with leadership or educational content, as suggested by the domain name meaning Learn Leadership in Vietnamese. The defacement was a targeted single-site attack hosted on a Linux server, with the defaced page archived at haxor.id.
Date: 2026-05-03T14:17:03Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248848
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Vietnam
Victim Industry: Education
Victim Organization: Hoc Lanh Dao
Victim Site: hoclanhdao.com
Alleged leak of Chinese medical records doxxing Telegram bot source code with hardcoded credentials
Category: Malware
Content: Complete Python source code leaked for @xiaochouyl1_bot, a Telegram-based medical records lookup service targeting Chinese hospitals. The bot enables unauthorized access to patient records via name and national ID (sfz) queries, returning formatted Excel files and screenshots. Leak includes hardcoded Telegram bot token, admin IDs, payment processor credentials (OKPay), Redis/SQLite database configurations, and full architecture details. Bot operates on a point-based system with USDT recharge capability.
Date: 2026-05-03T14:16:44Z
Network: telegram
Published URL: https://t.me/c/3793980891/3272
Screenshots:
None
Threat Actors: Unknown (Disgruntled Developer)
Victim Country: China
Victim Industry: Healthcare, Medical Records
Victim Organization: Unknown
Victim Site: kuaishou.com, telegram.com
Website Defacement of Macquul Academy by Threat Actor Zod
Category: Defacement
Content: On May 3, 2026, threat actor Zod defaced the website of Macquul Academy, targeting a specific page (zod.html) on a Linux-hosted server. The attack was a targeted single-page defacement rather than a mass or home page compromise. The incident was archived and mirrored via haxor.id.
Date: 2026-05-03T14:15:28Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248846
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Macquul Academy
Victim Site: macquulacademy.com
Alleged Data Leak of The Tea Dating App User Data Including PII and Identity Documents
Category: Data Leak
Content: A threat actor has leaked approximately 60 GB of user data from The Tea dating app, including user selfies, drivers licenses, and home addresses. The data was reportedly stored unencrypted in a publicly accessible Firebase storage bucket, exposing sensitive personal and identity information. The leaked content has been made available on a cybercrime forum.
Date: 2026-05-03T14:13:20Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-The-Tea-dating-app-leak
Screenshots:
None
Threat Actors: wasssrich
Victim Country: Unknown
Victim Industry: Technology / Dating Services
Victim Organization: The Tea Dating App
Victim Site: Unknown
Alleged vulnerability in Chinese public security biometric verification service enabling mass facial database enumeration
Category: Vulnerability
Content: A vulnerability has been disclosed in wjwwx.czsga.cn, a Chinese public security platform for real-name verification. The vulnerability exists in the POST /miniprogram/user/sfrz endpoint and involves exposed biometric comparison capabilities with hardcoded authentication credentials and weak WeChat session binding. The vulnerability allegedly allows attackers to perform mass enumeration against the national police facial database by submitting full names, bulk Chinese ID numbers, and target face photos to determine matches against police records.
Date: 2026-05-03T14:12:57Z
Network: telegram
Published URL: https://t.me/c/3793980891/3270
Screenshots:
None
Threat Actors: ./xorcat~files
Victim Country: China
Victim Industry: Government/Law Enforcement
Victim Organization: wjwwx.czsga.cn (PRC Public Security)
Victim Site: wjwwx.czsga.cn
Alleged leak of 1.2 million Italian email credentials
Category: Data Leak
Content: A threat actor known as Sauron has made available a combolist containing approximately 1.2 million Italian email credentials on a cybercrime forum. The post is gated behind registration or login, limiting visibility into the full scope and source of the data. The combolist appears to contain email and password pairs targeting Italian users.
Date: 2026-05-03T14:12:52Z
Network: openweb
Published URL: https://leakforum.io/Thread-1-2M-ITALY-COMBO-MAILS-ACCESS
Screenshots:
None
Threat Actors: Sauron
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed platform credential combolist including Netflix, OnlyFans, and Discord
Category: Data Leak
Content: A threat actor operating under the alias Larry_Uchiha has made available a mixed account combolist on the forum Altenens, allegedly containing credentials for multiple platforms including Netflix, OnlyFans, ChatGPT, Xbox, Sony, Discord, and Facebook. The combolist appears to be a compilation of email and password pairs targeting users across various entertainment, social media, and gaming services. No further details regarding record count or data origin were provided in the post.
Date: 2026-05-03T14:02:43Z
Network: openweb
Published URL: https://altenens.is/threads/mix-account-combo-netflix-onlyfans-chatgpt-xbox-sony-discord-facebook-2026-4-30.2933483/unread
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Multiple
Victim Organization: Netflix, OnlyFans, ChatGPT, Xbox, Sony, Discord, Facebook
Victim Site: Unknown
Alleged leak of mixed email service credentials combolist
Category: Data Leak
Content: A threat actor operating under the alias Larry_Uchiha has shared a mixed email combolist on the AE forum, containing credential pairs associated with multiple major email providers including Hotmail, Outlook, AOL, GMX, Inbox, iCloud, and Live. The combolist was made available as a free download. No further details regarding record count or data origin were provided in the post.
Date: 2026-05-03T14:00:11Z
Network: openweb
Published URL: https://altenens.is/threads/mix-mail-combo-hotmail-outlook-aol-gmx-inbox-icloud-live-2026-4-30.2933484/unread
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple Email Providers (Hotmail, Outlook, AOL, GMX, Inbox, iCloud, Live)
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist targeting multiple regions
Category: Data Leak
Content: A threat actor known as Larry_Uchiha has made available a combolist containing approximately 1,000 Hotmail credentials on the AE forums. The credential list allegedly includes accounts from multiple regions including the United States, Europe, Asia, and Russia. No further details are available as the post content was not accessible.
Date: 2026-05-03T13:59:37Z
Network: openweb
Published URL: https://altenens.is/threads/1-000x-hotmail-access-combo-usa-europe-asia-russian.2933482/unread
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Website Defacement of CSM Developers Offerwall by Mr.XycanKing (BABAYO EROR SYSTEM)
Category: Defacement
Content: On May 3, 2026, a threat actor identified as Mr.XycanKing, affiliated with the group BABAYO EROR SYSTEM, defaced the subdomain csmofferwall.csmdevelopers.com, a platform associated with CSM Developers likely operating an offerwall service. The attack targeted a Linux-based server and was a targeted single-site defacement. No specific motive or vulnerability details were disclosed.
Date: 2026-05-03T13:58:32Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248845
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: CSM Developers
Victim Site: csmofferwall.csmdevelopers.com
Alleged Data Leak of Lagos State University Database
Category: Data Leak
Content: A threat actor using the alias DoYouKnowMe has freely distributed an alleged database dump from Lagos State University in Nigeria. The leaked data reportedly includes student records such as IDs, email addresses, passwords, full names, gender, hashed passwords, year of entry, and academic discipline. The data was made available via an external file hosting link, with the actor soliciting Monero (XMR) cryptocurrency donations.
Date: 2026-05-03T13:56:25Z
Network: openweb
Published URL: https://breachforums.rs/Thread-2026-DUMP-OF-LAGOS-STATE-UNIVERSITY
Screenshots:
None
Threat Actors: DoYouKnowMe
Victim Country: Nigeria
Victim Industry: Education
Victim Organization: Lagos State University
Victim Site: Unknown
Website Defacement of Papua New Guinea Department of Commerce and Industry by TRASER SEC TEAM
Category: Defacement
Content: The official website of Papua New Guineas Department of Commerce and Industry (dci.gov.pg) was defaced by threat actor YamiFool, operating under the group TRASER SEC TEAM, on May 3, 2026. The attack targeted a Linux-based government web server and resulted in a single-page defacement of a non-homepage URL. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-03T13:52:37Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248844
Screenshots:
None
Threat Actors: YamiFool, TRASER SEC TEAM
Victim Country: Papua New Guinea
Victim Industry: Government
Victim Organization: Department of Commerce and Industry (DCI) Papua New Guinea
Victim Site: www.dci.gov.pg
Alleged leak of Hotmail credential combolist
Category: Data Leak
Content: A threat actor on a leak forum has made available an alleged combolist containing approximately 6,554 Hotmail credentials described as high quality. The content is hidden behind a registration or login requirement, limiting full verification of the claims. The post was shared on leakforum.io by user MeiMisaki.
Date: 2026-05-03T13:24:34Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-6554x-HQ-HOTMAIL-ACCESS
Screenshots:
None
Threat Actors: MeiMisaki
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed email credentials combolist
Category: Data Leak
Content: A threat actor operating under the alias RedHat29 has shared a mixed email access combolist containing approximately 1,682 credential pairs on a leak forum. The post is gated behind registration or login, suggesting the content is available to forum members at no explicit cost. The combolist appears to aggregate email credentials from multiple sources, though specific victims or targeted services are not identified.
Date: 2026-05-03T13:24:11Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-1682x%E2%9A%A1MIX-MAIL%E2%9A%A1ACCESS%E2%9A%A1
Screenshots:
None
Threat Actors: RedHat29
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Data Leak
Content: A threat actor operating under the alias RedHat29 has made available an alleged combolist of 800 Hotmail credentials on a cybercrime forum. The post requires forum registration or login to access the hidden content. The origin of the credentials and method of collection are unknown.
Date: 2026-05-03T13:23:46Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-800x%E2%9A%A1HOTMAIL%E2%9A%A1ACCESS%E2%9A%A1
Screenshots:
None
Threat Actors: RedHat29
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of keyword URL generator tool for credential stuffing
Category: Combo List
Content: A threat actor operating under the alias office365 and associated with the handle @officemailaccess has shared a keyword URL generator tool on DemonForums within the Combolists section. The tool appears designed to generate targeted site URLs and search queries, likely intended to facilitate credential stuffing or account takeover operations. The actual content is hidden behind a registration/login wall, limiting full visibility into the tools capabilities.
Date: 2026-05-03T13:23:13Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%85-LIVE-Keyword-URL-Generator-%E2%9A%A1SITES-QUERIES%E2%9A%A1-Powered-by-officemailaccess%E2%9C%85
Screenshots:
None
Threat Actors: office365
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Boerse Stuttgart Digital Exchange (BSDEX)
Category: Data Breach
Content: A threat actor known as Darkode1 claims to have obtained a database containing email addresses, passwords, phone numbers, physical addresses, and other documents belonging to approximately 890,000 users of the BSDEX cryptocurrency exchange. The actor alleges the breach was achieved by exploiting a zero-day vulnerability on BSDEX servers over a two-week period. The actor is not offering the data publicly at this time but is open to negotiation with the organization via Telegram, suggesting an e
Date: 2026-05-03T13:22:23Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Boerse-Stuttgart-Digital-Exchange-BSDEX-Database
Screenshots:
None
Threat Actors: Darkode1
Victim Country: Germany
Victim Industry: Financial Services / Cryptocurrency Exchange
Victim Organization: Boerse Stuttgart Digital Exchange (BSDEX)
Victim Site: bsdex.de
Alleged leak of Hotmail credentials combolist
Category: Data Leak
Content: A threat actor on the AE forum shared a combolist containing 650 alleged valid Hotmail credentials. The post, authored by Sellix, claims the credentials are fresh and valid. No additional details regarding the origin or collection method of the credentials are available.
Date: 2026-05-03T13:13:47Z
Network: openweb
Published URL: https://altenens.is/threads/sparkles-650x-fresh-hotmail-valid-sparkles.2933460/unread
Screenshots:
None
Threat Actors: Sellix
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed-domain credential combolist
Category: Data Leak
Content: A threat actor known as Vekko shared a combolist containing approximately 95,000 credentials described as high-quality and spanning mixed domains on the forum AE – Combo List. The file, titled 95K HQ MIXED DOMAINS.txt, was made available for free download. No specific victim organization or country could be attributed due to the mixed-domain nature of the list.
Date: 2026-05-03T13:12:22Z
Network: openweb
Published URL: https://altenens.is/threads/95k-hq-mixed-domains-txt.2933470/unread
Screenshots:
None
Threat Actors: Vekko
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of IIT Indore student database
Category: Data Leak
Content: A threat actor operating under the alias DoYouKnowMe has made available an alleged database dump from the Indian Institute of Technology Indore (IIT Indore), affecting 13,348 students. The data was reportedly obtained via SQL injection and includes full names, personal email addresses, and hashed passwords. The dump has been shared freely via an external file hosting link.
Date: 2026-05-03T13:09:37Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-2026-Database-dump-of-iiti-ac-in
Screenshots:
None
Threat Actors: DoYouKnowMe
Victim Country: India
Victim Industry: Education
Victim Organization: Indian Institute of Technology Indore
Victim Site: iiti.ac.in
Alleged Data Leak of Near East University User Database
Category: Data Leak
Content: A threat actor identified as CyberX has made available a SQL database dump allegedly belonging to Near East University. The leaked data reportedly includes user names, surnames, email addresses, hashed passwords, and IP addresses, shared via a file hosting link at no cost.
Date: 2026-05-03T13:08:46Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-NEAR-EAST-UN%C4%B0VERS%C4%B0TY-USERS-SQL
Screenshots:
None
Threat Actors: karahanli31
Victim Country: Cyprus
Victim Industry: Education
Victim Organization: Near East University
Victim Site: neu.edu.tr
Alleged Sale of RDP Initial Access to Medical Facility in Saudi Arabia
Category: Initial Access
Content: A threat actor on Breached forum is selling RDP access to a large medical facility in Saudi Arabia with an estimated annual revenue of $70M-$100M. The access includes 12 user accounts and spans a network of approximately 1,400 hosts, with Windows Defender as the only security control. The access is being offered for $600 via escrow.
Date: 2026-05-03T13:03:01Z
Network: openweb
Published URL: https://breached.st/threads/rdp-access-huge-medical-facility-saudi-arabia-70m-100m-revenue.86711/unread
Screenshots:
None
Threat Actors: XOverStm
Victim Country: Saudi Arabia
Victim Industry: Healthcare
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of RDP Access to Vietnamese Interior Design Firm
Category: Initial Access
Content: A threat actor known as XOverStm is selling RDP access to a large interior design company based in Vietnam with reported revenues of $50M-$80M and a network of approximately 3,200 hosts. The access is listed at $850 and includes both user and admin privileges, with Windows Defender as the only security solution. The seller is offering the deal through escrow and can be contacted via Telegram and TOX.
Date: 2026-05-03T13:02:28Z
Network: openweb
Published URL: https://breached.st/threads/rdp-access-interior-designg-vietnam-25m-50m-revenue.86712/unread
Screenshots:
None
Threat Actors: XOverStm
Victim Country: Vietnam
Victim Industry: Interior Design
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of yamaha-friends.com Database
Category: Data Leak
Content: A threat actor using the handle Xyph0rix has made available an alleged database dump from yamaha-friends.com on the Breached forum. The post offers a download link for the database. No further details regarding the number of records or specific data types included were provided in the post.
Date: 2026-05-03T13:01:05Z
Network: openweb
Published URL: https://breached.st/threads/database-yamaha-friends-com.86714/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Unknown
Victim Industry: Automotive/Motorsports Community
Victim Organization: Yamaha Friends
Victim Site: yamaha-friends.com
Alleged Data Breach of French Ministry of Health Database (sante.gouv.fr)
Category: Data Breach
Content: A threat actor claims to have extracted data from the public database of sante.gouv.fr, the French Ministry of Health, exposing over 26,000 beneficiary records. The database dump contains personally identifiable information including names, identifiers, addresses, profession details, company affiliations, and financial transaction data. The actor is selling a scraper tool used to extract the data for 5 euros in Bitcoin, while also offering a download link to the extracted dataset.
Date: 2026-05-03T13:00:31Z
Network: openweb
Published URL: https://breached.st/threads/database-sante-gouv-fr.86716/unread
Screenshots:
None
Threat Actors: nearlevrai
Victim Country: France
Victim Industry: Government – Public Health
Victim Organization: French Ministry of Health (Santé.gouv.fr)
Victim Site: sante.gouv.fr
Alleged Data Leak of Japanese Facebook Users Database
Category: Data Leak
Content: A threat actor operating under the alias Xyph0rix has shared what is claimed to be a leaked Facebook database containing personal data of Japanese citizens. The database is being made available for free download via the Breached forum. The authenticity and scope of the leak have not been independently verified.
Date: 2026-05-03T12:59:58Z
Network: openweb
Published URL: https://breached.st/threads/leak-facebook-warga-jepang.86717/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Japan
Victim Industry: Social Media
Victim Organization: Facebook
Victim Site: facebook.com
Alleged sale of email credential combolists and mail access across multiple countries
Category: Combo List
Content: Seller offering combolists containing email credentials with passwords and cookies for various platforms including Amazon, Facebook, eBay, PayPal, Kleinanzeigen, Hotmail, and Yahoo. Claims to have access to databases from multiple countries (EU, USA, Germany, etc.) and offers cloud access services. Also selling mail access configurations and scripts.
Date: 2026-05-03T12:58:05Z
Network: telegram
Published URL: https://t.me/c/2613583520/74607
Screenshots:
None
Threat Actors: _emanthy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of LedgerID Russian Identity Records Affecting 95,952 Individuals
Category: Data Leak
Content: A threat actor identified as xorcat has made available a database allegedly sourced from LedgerID, containing 95,952 verified Russian identity records. The leaked data includes full names in Cyrillic and Latin scripts, email addresses, phone numbers, birthdates, job titles, city-level geolocation, avatars, gender indicators, and internal user IDs. Coverage spans nationwide Russia with the highest concentrations in Moscow, Saint Petersburg, and Yekaterinburg, and the data is being distributed v
Date: 2026-05-03T12:53:42Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-LedgerID-Russia-95K-Full-Dox-Drop-%E2%80%94-Verified-Emails-Phones-Birthdates-Job-Title
Screenshots:
None
Threat Actors: xorcat
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: LedgerID
Victim Site: Unknown
Alleged Data Leak of BTC Profit Investor Database Across 137 Countries
Category: Data Leak
Content: A threat actor known as xorcat has made available a database of 10,000 verified investor leads allegedly sourced from BTC Profit, a cryptocurrency investment platform. The leaked data spans 137 countries and includes full names, email addresses, phone numbers, and country information. Top affected regions include Australia, Peru, Egypt, Colombia, and India, with the dataset distributed via a Telegram channel and the actors personal website.
Date: 2026-05-03T12:53:06Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-BTC-Profit-Investor-Leaks-%E2%80%94-10-000-Verified-Leads-Across-137-Countries
Screenshots:
None
Threat Actors: xorcat
Victim Country: Unknown
Victim Industry: Finance / Cryptocurrency Investment
Victim Organization: BTC Profit
Victim Site: Unknown
Alleged Data Breach of SumZero Investment Research Platform
Category: Data Breach
Content: A threat actor is allegedly selling a database dump from SumZero, a U.S.-based members-only investment research platform serving hedge fund analysts, private equity professionals, and institutional asset managers. The dataset, purportedly breached on April 16, 2026, contains approximately 59,291 records with fields including full name, email address, and phone number. Sample records show partial population of fields, with email addresses being the most consistently present data point across entr
Date: 2026-05-03T12:42:58Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-SumZero-sumzero-com-59-291
Screenshots:
None
Threat Actors: lowiq
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: SumZero
Victim Site: sumzero.com
Alleged leak of Facebook accounts of Japanese users
Category: Data Leak
Content: A user named xyph0rix has posted on Breachforums claiming to have leaked Facebook accounts belonging to Japanese residents. The leak is being shared via a Breachforums thread titled leak-facebook-warga-jepang (leak of Facebook Japanese citizens).
Date: 2026-05-03T12:40:12Z
Network: telegram
Published URL: https://t.me/Xyph0rix/278
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: Japan
Victim Industry: Social Media
Victim Organization: Facebook/Meta
Victim Site: facebook.com
Alleged introduction post with no threat activity identified
Category: Data Breach
Content: A user named kokchoylover posted an introduction on PwnForums stating they are new to the platform and exploring it. No threat activity, malicious content, or indicators of compromise were identified in this post. This appears to be a benign introductory message with no associated threat data.
Date: 2026-05-03T12:39:45Z
Network: openweb
Published URL: https://pwnforums.st/Thread-Hi-im-new-here–188970
Screenshots:
None
Threat Actors: kokchoylover
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged webshell access to Hussey College UK Alumni portal and site defacement
Category: Initial Access
Content: Threat actor Mr.PIMZZZXploit is offering free shell access to a compromised Hussey College UK Alumni website (husseycollegeukalumni.com) and claims defacement of misso.vn. The posts include direct webshell URLs and defacement proof with threat actor signature.
Date: 2026-05-03T12:34:50Z
Network: telegram
Published URL: https://t.me/c/3865526389/749
Screenshots:
None
Threat Actors: Mr.PIMZZZXploit
Victim Country: United Kingdom
Victim Industry: Education
Victim Organization: Hussey College UK Alumni
Victim Site: husseycollegeukalumni.com
Alleged leak of Hotmail credentials combolist
Category: Data Leak
Content: A threat actor on a leak forum has made available an alleged combolist containing approximately 3,200 Hotmail account credentials. The content is hidden behind a registration or login wall, suggesting it is being distributed to forum members. The origin and validity of the credentials are unverified.
Date: 2026-05-03T12:33:29Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-3-2K-HOTMAIL-ACCESS
Screenshots:
None
Threat Actors: MeiMisaki
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Data Leak
Content: A threat actor operating under the alias MeiMisaki has made available a combolist containing approximately 3,100 Hotmail credential pairs on a leak forum. The post is gated behind a registration or login requirement, suggesting the content is accessible to forum members. The leaked credentials may pose account takeover risks for affected Hotmail users.
Date: 2026-05-03T12:33:04Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-3-1K-%E2%80%8D%E2%AC%9BHOTMAIL-%E2%80%8D%E2%AC%9BHITS-%E2%80%8D%E2%AC%9B
Screenshots:
None
Threat Actors: MeiMisaki
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of British male passport and selfie identity document
Category: Carding
Content: A threat actor operating under the alias Bitcoins has made available what is claimed to be a British male passport combined with a selfie photograph on a leak forum. The post offers free access to this identity document package, which could be used for identity fraud or account verification bypass. The content requires forum registration or login to download.
Date: 2026-05-03T12:32:45Z
Network: openweb
Published URL: https://leakforum.io/Thread-British-Passport-Male
Screenshots:
None
Threat Actors: Bitcoins
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Data Leak
Content: A threat actor known as MeiMisaki has made available a combolist allegedly containing 556 Hotmail account credentials on a leak forum. The post is hidden behind a registration or login requirement, limiting full visibility into the data. The origin and validity of the credentials remain unverified.
Date: 2026-05-03T12:32:39Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-556x-HOTMAIL-ACCESS
Screenshots:
None
Threat Actors: MeiMisaki
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Denmark credential combolist
Category: Data Leak
Content: A threat actor known as Maxleak has made available a combolist of approximately 30,000+ email and password combinations attributed to Danish users. The credential list is described as fresh and high quality, dated March 29, 2026. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-03T12:32:15Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-30-K-%E2%9C%A6-Denmark-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-29-3-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Denmark
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Yamaha Friends database
Category: Data Breach
Content: A user named xyph0rix has posted on Breachforums regarding a database breach affecting Yamaha Friends (yamaha-friends.com). The breach details are shared via a Breachforums thread.
Date: 2026-05-03T12:29:53Z
Network: telegram
Published URL: https://t.me/Xyph0rix/277
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: Japan
Victim Industry: Technology/Consumer Electronics
Victim Organization: Yamaha Friends
Victim Site: yamaha-friends.com
Alleged Data Breach of Turkish Republic of Northern Cyprus Health Records
Category: Data Breach
Content: A threat actor operating under the alias Cyberx is selling health-related personal data belonging to residents of the Turkish Republic of Northern Cyprus. The dataset reportedly includes full names, national ID numbers, phone numbers, and passport numbers. The data is being offered for sale on the BreachForums marketplace.
Date: 2026-05-03T12:28:03Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Turkish-Republic-of-Northern-Cyprus-health-data
Screenshots:
None
Threat Actors: karahanli31
Victim Country: Northern Cyprus
Victim Industry: Healthcare
Victim Organization: Turkish Republic of Northern Cyprus Health Authority
Victim Site: Unknown
Alleged leak of LedgerID Database containing 95,952 Russian identity records with complete PII
Category: Data Breach
Content: A database containing 95,952 verified Russian identity records has been leaked and made available. The dataset includes complete personally identifiable information: email addresses, full names (in Cyrillic and Latin), phone numbers, birthdates, job positions, cities, avatars/gender indicators, and internal user IDs. Data shows 99.99% unique emails and 99.03% unique phone numbers with nationwide coverage across Russia, with highest concentrations in Moscow (10,266 records), Saint Petersburg (6,125), Yekaterinburg (3,086), Omsk (2,175), and Novosibirsk (2,164).
Date: 2026-05-03T12:18:19Z
Network: telegram
Published URL: https://t.me/c/3793980891/3267
Screenshots:
None
Threat Actors: xorcat
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: LedgerID
Victim Site: Unknown
Alleged Data Leak of Student Database from Universitas Jambi
Category: Data Leak
Content: A threat actor known as Mr.ZeroPhx100 has leaked a structured database dump allegedly belonging to Universitas Jambi (University of Jambi), Indonesia. The leaked data includes student records containing student ID numbers (NIM), full names, usernames, and plaintext passwords. At least 64 student records are visible in the post, though the full dataset may be larger.
Date: 2026-05-03T12:11:21Z
Network: openweb
Published URL: https://breached.st/threads/database-mahasiswa-universitas-jambi.86707/unread
Screenshots:
None
Threat Actors: Mr.ZeroPhx100
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas Jambi
Victim Site: unja.ac.id
Alleged Data Leak of Mitsubishi Motors Indonesia Database
Category: Data Leak
Content: A threat actor operating under the alias Mr. Hanz Xploit has allegedly leaked a database associated with Mitsubishi Motors Indonesia on the Breached forum. The post includes a sample of the data, though specific details regarding the number of records and data fields are not provided. The full extent and authenticity of the alleged leak remain unverified.
Date: 2026-05-03T12:10:44Z
Network: openweb
Published URL: https://breached.st/threads/leak-database-mitshubishi-motors-co-id.86709/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Indonesia
Victim Industry: Automotive
Victim Organization: Mitsubishi Motors Indonesia
Victim Site: mitshubishi-motors.co.id
Alleged data breach of Malaysian citizens exposing 50,001 verified mobile and WhatsApp records
Category: Data Breach
Content: A threat actor known as xorcat is selling a database containing 50,001 verified Malaysian citizen records sourced from an SQL dump attributed to europlus.com.br. The dataset includes first and last names, mobile numbers, active WhatsApp numbers, SMS delivery status, and regional data, with coverage across major Malaysian cities including Kuala Lumpur and Penang. Access to the full database is restricted behind a reply-gate or account upgrade on the dark forum.
Date: 2026-05-03T12:04:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Malaysia-Citizens-%E2%80%94-50K-Verified-Phone-Numbers-WhatsApp-Active-SMS-Delivered
Screenshots:
None
Threat Actors: xorcat
Victim Country: Malaysia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: europlus.com.br
Alleged data breach of Mitsubishi Motors – database leak
Category: Data Breach
Content: A threat actor operating under the handle mr-hanz-xploit on Breachforums has posted a leaked database allegedly from Mitsubishi Motors Co. The breach details are shared via a Breachforums thread discussing the leaked database.
Date: 2026-05-03T12:03:55Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/54
Screenshots:
None
Threat Actors: mr-hanz-xploit
Victim Country: Indonesia
Victim Industry: Automotive
Victim Organization: Mitsubishi Motors Co
Victim Site: mitsubishi-motors.com
Alleged Data Leak of French Job Portal Profil Search User Database
Category: Data Leak
Content: A threat actor operating under the alias Lagui has made available a database dump allegedly obtained from the French job portal Profil Search, estimated to be over a year old. The dataset contains 100,642 entries including full names, email addresses, phone numbers, physical addresses, job titles, employer names, and candidate application URLs. The data is being offered as a free download requiring forum engagement to access.
Date: 2026-05-03T11:51:36Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-FRENCH-DATABASE-PROFIL-SEARCH
Screenshots:
None
Threat Actors: Lagui
Victim Country: France
Victim Industry: Recruitment / Employment Services
Victim Organization: Profil Search
Victim Site: Unknown
Alleged leak of 50,000 personal records with PII
Category: Data Leak
Content: A dataset containing 50,000 records with personally identifiable information (first name, last name, mobile numbers, WhatsApp status, SMS delivery confirmation, state, and country) is being made available for free distribution.
Date: 2026-05-03T11:51:12Z
Network: telegram
Published URL: https://t.me/c/3793980891/3266
Screenshots:
None
Threat Actors: ./xorcat~files
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Israeli Defense Forces (IDF) military databases and strategic documents
Category: Data Breach
Content: A threat actor claims to have gained access to extensive databases and internal documents related to the Israeli Defense Forces (IDF), including military bases, strategic documents, organizational data, and operational records.
Date: 2026-05-03T11:50:23Z
Network: telegram
Published URL: https://t.me/c/1283513914/21525
Screenshots:
None
Threat Actors: Unknown
Victim Country: Israel
Victim Industry: Military/Defense
Victim Organization: Israeli Defense Forces (IDF)
Victim Site: Unknown
Alleged leak of mixed email access combolist
Category: Data Leak
Content: A threat actor operating under the alias MeiMisaki has made available a combolist containing approximately 120,604 mixed email credentials on a cybercrime forum. The post is gated behind registration or login, limiting full visibility into the content. The list appears to contain email address and password combinations sourced from multiple services.
Date: 2026-05-03T11:45:15Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-120604x-HQ-MIX-MAIL-ACCESS
Screenshots:
None
Threat Actors: MeiMisaki
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email access combolist
Category: Data Leak
Content: A threat actor known as MeiMisaki has shared an alleged combolist containing approximately 2,500 mixed email credentials described as high quality. The content is gated behind registration or login on the forum, limiting visibility into the full scope or origin of the data. The post appears to offer free access to email:password combinations sourced from multiple services.
Date: 2026-05-03T11:44:52Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-2-5K-HQ-MIX-MAIL-ACCESS–19998
Screenshots:
None
Threat Actors: MeiMisaki
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Accord Healthcare by ShinyHunters
Category: Data Breach
Content: ShinyHunters threat group claims to have leaked the database of Accord Healthcare (pharmaceutical company) on a cybercrime forum. The breach allegedly occurred in 2024 and contains approximately 642,000 user records and over 593,000 unique email addresses. Exposed data includes names, surnames, emails, account details, and job titles, primarily affecting healthcare and pharmaceutical sector employees.
Date: 2026-05-03T11:41:16Z
Network: telegram
Published URL: https://t.me/c/1283513914/21524
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Pharmaceutical/Healthcare
Victim Organization: Accord Healthcare
Victim Site: Unknown
Alleged sale of 130,000 Malaysian citizen records with National Identification Numbers
Category: Data Leak
Content: Threat actor offering 130,000 Malaysian citizen data records including National Identification Numbers (NID) for sale at $1,300. Sample data provided for verification. Contact via @xorcat for purchase inquiries.
Date: 2026-05-03T11:40:35Z
Network: telegram
Published URL: https://t.me/c/3793980891/3265
Screenshots:
None
Threat Actors: xorcat
Victim Country: Malaysia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of stealer logs (1.9GB)
Category: Data Leak
Content: A threat actor operating under the alias blackcloud has made available approximately 1.9GB of stealer logs dated May 3, 2026 on an underground forum. The logs likely contain stolen credentials and other sensitive data harvested via infostealer malware. No specific victim organization or country has been identified.
Date: 2026-05-03T11:38:02Z
Network: openweb
Published URL: https://xforums.st/threads/logs-fresh-1-9gb-from-03-05-2026.612232/
Screenshots:
None
Threat Actors: blackcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of French educational platform database containing student data
Category: Data Breach
Content: A threat actor claims to have gained access to a database associated with an educational platform in France and is offering it for sale. The dataset allegedly includes student information, user profiles, images, and related data.
Date: 2026-05-03T11:28:14Z
Network: telegram
Published URL: https://t.me/c/1283513914/21523
Screenshots:
None
Threat Actors: Unknown
Victim Country: France
Victim Industry: Education
Victim Organization: French educational platform
Victim Site: Unknown
Alleged Data Breach of PowerXchange, Teledgers, and UP DISCOMs Electricity Utilities
Category: Data Breach
Content: A threat actor claims to be selling a large-scale breach affecting five Indian state electricity DISCOMs and associated platforms PowerXchange and Teledgers. The alleged breach includes consumer PII (Aadhaar numbers, PAN numbers, phone numbers, emails), billing records, KYC data, wallet transactions, DLT source code with hardcoded API keys, and extracted credentials including Razorpay live keys, Google OAuth tokens, SMS API keys, and admin passwords. MongoDB, Elasticsearch, PostgreSQL, and MySQL
Date: 2026-05-03T11:23:29Z
Network: openweb
Published URL: https://breached.st/threads/huge-powerxchange-teledgers-up-discoms-br3ach-271.86705/unread
Screenshots:
None
Threat Actors: cc5ab
Victim Country: India
Victim Industry: Energy & Utilities
Victim Organization: PowerXchange / Teledgers / UP DISCOMs (MVVNL, PVVNL, DVVNL, KESCO, PuVVNL)
Victim Site: powerxchange.io
Alleged Data Leak of Indonesian WhatsApp Phone Number Database
Category: Data Leak
Content: A threat actor operating under the alias MrLucxy has made available a database of approximately 20.65 million active WhatsApp phone numbers originating from Indonesia, covering data across various islands, provinces, and cities. The data has been shared as a free download on the Breached forum. A sample of phone numbers with Indonesian country code (62) was provided as proof of the leak.
Date: 2026-05-03T11:22:56Z
Network: openweb
Published URL: https://breached.st/threads/leak-of-whatsapp-number-database-20-650-million.86706/unread
Screenshots:
None
Threat Actors: MrLucxy
Victim Country: Indonesia
Victim Industry: Telecommunications
Victim Organization: Unknown
Victim Site: whatsapp.com
Alleged leak of Swiss personal data (fullz)
Category: Data Leak
Content: Threat actor xorcat is distributing leaked Swiss personal data described as fullz containing names, surnames, phone numbers, gender, and email addresses. Data is characterized as suitable for spam operations.
Date: 2026-05-03T11:18:43Z
Network: telegram
Published URL: https://t.me/c/3793980891/3264
Screenshots:
None
Threat Actors: xorcat
Victim Country: Switzerland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Polymarket.com API Dump Including User PII and Market Data
Category: Data Leak
Content: A threat actor operating under the xorcat team has allegedly leaked a full API dump of Polymarket.com, a decentralized prediction market platform, and made it available for free download. The leak purportedly includes approximately 10 million records spanning user PII (names, wallet addresses, proxy wallets), comments, reports, market data, and social graph information, extracted via unauthenticated API endpoints, a CORS misconfiguration, and a pagination bypass. The release also includes five
Date: 2026-05-03T11:06:23Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Polymarket-com-FULL-API-BREACH-Leaked-Download
Screenshots:
None
Threat Actors: Doix
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Polymarket
Victim Site: polymarket.com
Alleged distribution of Raton RAT cracked malware on cybercrime forum
Category: Initial Access
Content: A threat actor known as ZamanX has made available a cracked version of Raton RAT, a Remote Access Trojan, via multiple download links on a cybercrime forum. The malware reportedly supports keylogging, screen capture, webcam and microphone access, credential theft, and persistent remote control of compromised systems. It is designed to evade antivirus detection and spreads through malicious downloads, cracked software, and phishing campaigns.
Date: 2026-05-03T11:00:09Z
Network: openweb
Published URL: https://nulledbb.com/thread-Raton-RAT-Cracked-2026
Screenshots:
None
Threat Actors: ZamanX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Stolen Payment Cards (Carding) Across Multiple Countries
Category: Carding
Content: A threat actor operating under the alias Reidhd is allegedly selling stolen credit cards (CCs) claimed to be valid across multiple countries including the United States, United Kingdom, European Union, Afghanistan, Canada, and Asia. The actor advertises discounted pricing and promotes the cards as legitimate, directing potential buyers to contact them via Telegram at @McClark23.
Date: 2026-05-03T10:59:07Z
Network: openweb
Published URL: https://demonforums.net/Thread-Ccs-For-All-Countries-%E2%9A%A1%EF%B8%8FOUT-ON-DISCOUNT–202659
Screenshots:
None
Threat Actors: Reidhd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor using the handle KiwiShio has shared a combolist containing approximately 1,230 Hotmail email and password combinations on a cybercrime forum. The credentials are described as fresh and high quality, suggesting they may be recently obtained or validated. The content is hidden behind a forum registration or login requirement, distributed freely to registered members.
Date: 2026-05-03T10:59:00Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1230x-%E2%AD%90%E2%AD%90-FRESH-HQ-HOTMAIL-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of forged identity document PSD templates for 70+ countries
Category: Carding
Content: A threat actor operating under the alias Staytres is advertising a PSD pack containing editable templates for passports, drivers licenses, ID cards, bank statements, and utility bills covering more than 70 countries. The templates are explicitly marketed as tools to bypass KYC verification on platforms such as Coinbase, Revolut, Blockchain, and N26. The actor solicits buyers via Telegram at the handle @StyleCarding.
Date: 2026-05-03T10:58:45Z
Network: openweb
Published URL: https://demonforums.net/Thread-PASSPORTS-DRIVER-S-LICENSE-ID-STATEMENT-UTILITY-BILL-PSD-PACK-70-COUNTRIES–202664
Screenshots:
None
Threat Actors: Staytres
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor known as HollowKnight has made available a sample combolist containing 1,035 Hotmail email and password credential pairs on a cybercrime forum. The content is shared as a free sample, suggesting it may be a teaser for a larger credential set. The full content requires forum registration or login to access.
Date: 2026-05-03T10:58:40Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-1035x-SAMPLE-HOTMAIL-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: HollowKnight
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Data Breach of Cyprus Airways Exposing 50,000 Passenger Records
Category: Data Breach
Content: A threat actor on BreachForums is selling an alleged database of 50,000 records attributed to Cyprus Airways. The dataset appears to contain passenger personally identifiable information including full names, email addresses, gender, dates of birth, passport and national ID numbers, and phone numbers. The seller is operating via a Telegram bot and is accepting escrow for transactions.
Date: 2026-05-03T10:54:36Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-cyprus-airways-fresh-50k-e-mail
Screenshots:
None
Threat Actors: justscyprus
Victim Country: Cyprus
Victim Industry: Aviation / Transportation
Victim Organization: Cyprus Airways
Victim Site: cyprusairways.com
Alleged Sale of Discounted Gift Cards Across Multiple Retail and Entertainment Platforms
Category: Carding
Content: A threat actor operating under the alias Feusheh on DemonForums is allegedly selling discounted gift cards at 50% of face value across a wide range of retailers, gaming platforms, streaming services, and prepaid cards. The actor claims to ship physical gift cards to customers in the United States and Canada, and deliver e-codes via email for international buyers. Contact is facilitated through Telegram (@DroneBott2), indicating a likely carding or fraud operation leveraging compromised payment
Date: 2026-05-03T10:12:53Z
Network: openweb
Published URL: https://demonforums.net/Thread-x-Gift-cards-are-available-in-all-currencies–202657
Screenshots:
None
Threat Actors: Feusheh
Victim Country: Unknown
Victim Industry: Retail, Entertainment, Gaming, Hospitality
Victim Organization: Amazon, Walmart, Apple, eBay, Best Buy, ASOS, Nike, Target, Xbox, Razer, Steam, Google, PlayStation, iTunes, Netflix, Fortnite
Victim Site: Unknown
Alleged Carding Activity Involving Cash App and Chime Credit Builder Accounts
Category: Carding
Content: A threat actor operating under the alias Bellol is soliciting individuals with Cash App or Chime accounts that have credit builder features, offering to top up those accounts. This activity is consistent with account takeover or money mule schemes targeting fintech platforms. The actor is directing interested parties to contact them via Telegram handle @fife427.
Date: 2026-05-03T10:11:51Z
Network: openweb
Published URL: https://altenens.is/threads/who-got-cash-app-or-chime-with-a-credit-builder-i-can-top-up-on-telegram-hit-me-up-fife427.2933364/unread
Screenshots:
None
Threat Actors: Bellol
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Cash App, Chime
Victim Site: cashapp.com, chime.com
Alleged Data Leak of oriox.in Website Source Code and Database
Category: Data Leak
Content: A threat actor operating under the alias lightningspeed has made available what is claimed to be the source code and data from the Indian website oriox.in via a Gofile link. The actor notes the site has since been taken offline, and also shared a preview of the old website. The nature and sensitivity of any data contained within the leak remains unclear.
Date: 2026-05-03T10:10:34Z
Network: openweb
Published URL: https://breachforums.rs/Thread-shitty-indian-website-source-maybe-some-shit-in-there
Screenshots:
None
Threat Actors: lightningspeed
Victim Country: India
Victim Industry: Unknown
Victim Organization: Oriox
Victim Site: oriox.in
Alleged Distribution of Hotmail and PSN Account Checker Tool with Capture Functionality
Category: Carding
Content: A threat actor operating under the alias GHOSTATN shared a tool on the cracking forum AE (altenens.is) described as a Hotmail and PSN account checker with capture functionality. Such tools are typically used to validate stolen credentials against target platforms and extract account details for exploitation. The post targets both Microsoft Hotmail email accounts and Sony PlayStation Network accounts.
Date: 2026-05-03T10:08:25Z
Network: openweb
Published URL: https://altenens.is/threads/hotmail-psn-checker-capture.2933358/unread
Screenshots:
None
Threat Actors: GHOSTATN
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft / PlayStation Network
Victim Site: hotmail.com
Alleged Sale of 15 Million Turkish Citizens Address Information
Category: Data Breach
Content: A threat actor operating under the alias 0XCXXX2 is selling a database allegedly containing address information of approximately 15.2 million Turkish citizens. The actor claims the data is current, having been obtained 3-4 days prior to the post. Contact is offered via QTox and Session messaging platforms, with pricing listed as negotiable.
Date: 2026-05-03T09:12:44Z
Network: openweb
Published URL: https://breached.st/threads/for-sale-15-million-turkish-citizens-address-information.86704/unread
Screenshots:
None
Threat Actors: 0XCXXX2
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of SMKN 1 Pekalongan School Database
Category: Data Leak
Content: A threat actor known as Mr.ZeroPhx100 has leaked a database dump belonging to SMKN 1 Pekalongan, a vocational high school in Indonesia. The leaked data includes National Identity Numbers (NIK), National Employee Numbers (NIP), and institutional email addresses. The data was made available for free on the Breached forum.
Date: 2026-05-03T09:11:48Z
Network: openweb
Published URL: https://breached.st/threads/database-smkn-1-pekalongan.86703/unread
Screenshots:
None
Threat Actors: Mr.ZeroPhx100
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMKN 1 Pekalongan
Victim Site: smk1pekalongan.sch.id
Alleged Data Breach of Tiwel Fashion Brand (tiwel.es) Exposing 263,973 Customer Records
Category: Data Breach
Content: A threat actor known as lowiq is allegedly selling a customer database from Tiwel, a Spanish independent fashion brand. The database reportedly contains 263,973 records including customer IDs, email addresses, first and last names, dates of birth, and city information. The breach is claimed to have occurred on March 5, 2026.
Date: 2026-05-03T08:55:49Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-Tiwel-Customer-Database-tiwel-es-263-973
Screenshots:
None
Threat Actors: lowiq
Victim Country: Spain
Victim Industry: Retail / Fashion
Victim Organization: Tiwel
Victim Site: tiwel.es
Alleged leak of mixed credential combolist
Category: Data Leak
Content: A threat actor operating under the alias Nulled07 has shared a mixed combolist containing approximately 2,370 credential pairs on a cybercrime forum. The post is gated behind a registration or login requirement, limiting visibility into the full contents. The origin, targeted services, and format of the credentials are unknown.
Date: 2026-05-03T08:46:34Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A12370x-FRESH-MIX-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Nulled07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of SpyNote X Pro v7.2.0.0 Android RAT cracked build
Category: Initial Access
Content: A threat actor operating under the alias emma03 has made available a cracked version of SpyNote X Pro v7.2.0.0, a well-known Android Remote Access Trojan (RAT), on a cracking forum. The tool features full remote device control, keylogging, SMS/call interception, microphone recording, file management, app data extraction, and an APK builder with obfuscation capabilities. The distribution of this cracked RAT builder lowers the barrier for threat actors to deploy Android-targeting malware campaig
Date: 2026-05-03T08:46:02Z
Network: openweb
Published URL: https://leakforum.io/Thread-SpyNote-X-Pro-v7-2-0-0-Cracked
Screenshots:
None
Threat Actors: emma03
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Shodan API access via educational accounts
Category: Initial Access
Content: Threat actor offering Shodan API access obtained through educational accounts for $20 per API key. Contact via @DelusionalTerror for purchase.
Date: 2026-05-03T08:45:07Z
Network: telegram
Published URL: https://t.me/c/2590737229/986
Screenshots:
None
Threat Actors: DelusionalTerror
Victim Country: Unknown
Victim Industry: Cybersecurity/Search Engine
Victim Organization: Shodan
Victim Site: shodan.io
Alleged data breach and system compromise of Israeli company in Tel Aviv with 100TB data theft
Category: Data Breach
Content: Anonymous Switzerland claims to have stolen over 100 terabytes of data from a large Israeli company in Tel Aviv and compromised more than 20 company devices. The threat actor claims to have video evidence of the intrusion and insider footage from compromised systems. They claim control over company systems, devices, and employee mobile phones. The threat actor states they will not disclose the company name to maintain persistent access to the victims systems and partner networks.
Date: 2026-05-03T08:44:36Z
Network: telegram
Published URL: https://t.me/Anonymous_Switzerland/208
Screenshots:
None
Threat Actors: Anonymous Switzerland
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of DUKCAPIL government database access
Category: Data Breach
Content: Threat actor ntb-cyber posted on Breachforums offering access to dukcapil.kemendagri.go.id (Indonesian government population and civil registration database). This represents a critical breach of sensitive government infrastructure containing citizen data.
Date: 2026-05-03T08:37:55Z
Network: telegram
Published URL: https://t.me/c/3865526389/747
Screenshots:
None
Threat Actors: ntb-cyber
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: DUKCAPIL (Directorate General of Population and Civil Registration)
Victim Site: dukcapil.kemendagri.go.id
Alleged sale of WHM compromise method and mass exploitation tools
Category: Initial Access
Content: Post advertising WHM (Web Host Manager) exploitation method along with mass tools and instructional guide. Appears to be offering initial access techniques for compromising hosting control panels.
Date: 2026-05-03T08:34:31Z
Network: telegram
Published URL: https://t.me/worldofshells/46
Screenshots:
None
Threat Actors: Rici144
Victim Country: Unknown
Victim Industry: hosting
Victim Organization: Unknown
Victim Site: Unknown
Alleged Mobilization Announcement by BreachForums Administrator HasanBroker
Category: Data Breach
Content: BreachForums administrator HasanBroker published a rallying announcement addressing forum members across Breached and Doxbyte projects, declaring ongoing conflict with law enforcement and unspecified threat actors. The post signals a reversal of a planned retirement, calling on forum members to resist efforts to dismantle the forum and its community. No specific data breach, leak, or victim organization is referenced in the post.
Date: 2026-05-03T08:30:53Z
Network: openweb
Published URL: https://breached.st/threads/mobilization-war-and-conclusion.86700/unread
Screenshots:
None
Threat Actors: HasanBroker
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Indonesian Civil Population Administration (Dukcapil Kemendagri)
Category: Data Breach
Content: A threat actor operating under the alias NTB.Cyber is selling a database allegedly obtained from the Indonesian Directorate General of Civil Population Administration (Dukcapil Kemendagri), a government agency managing civil registration data. The post was made on the Breached.st forum and interested buyers are directed to contact the seller via direct message. The database likely contains sensitive personal and civil registration data of Indonesian citizens.
Date: 2026-05-03T08:29:21Z
Network: openweb
Published URL: https://breached.st/threads/fo-sale-https-dukcapil-kemendagri-go-id.86701/unread
Screenshots:
None
Threat Actors: NTB.Cyber
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Direktorat Jenderal Kependudukan dan Pencatatan Sipil (Dukcapil) Kemendagri
Victim Site: dukcapil.kemendagri.go.id
Alleged data breach of rayvisiondesign.com via authentication bypass vulnerability
Category: Data Leak
Content: In May 2026, threat actor Shinigami claims to have breached rayvisiondesign.com by exploiting CVE-2026-41940, a critical authentication bypass vulnerability in an unpatched WHM (WebHost Manager) installation. The breach allegedly resulted in unauthorized administrative access and exfiltration of SQL databases containing email addresses, hashed passwords, and internal server logs. The data has been made available for free via Gofile, with the actor hinting at additional forthcoming breaches.
Date: 2026-05-03T08:28:26Z
Network: openweb
Published URL: https://breached.st/threads/rayvisiondesign-com-breach.86697/unread
Screenshots:
None
Threat Actors: Shinigami
Victim Country: Unknown
Victim Industry: Web Design / IT Services
Victim Organization: Ray Vision Design
Victim Site: rayvisiondesign.com
Alleged Data Leak of PLN (Perusahaan Listrik Negara) Database Sample
Category: Data Leak
Content: A threat actor operating under the alias Mr. Hanz Xploit has shared an alleged sample database dump belonging to PLN (Perusahaan Listrik Negara), Indonesias state-owned electricity company, on a cybercrime forum. The post includes a sample and code snippet, though the full extent of the exposed data and total record count remain unclear. The authenticity and scope of the breach have not been independently verified.
Date: 2026-05-03T08:27:48Z
Network: openweb
Published URL: https://breached.st/threads/leak-sample-database-pln-co-id.86698/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Indonesia
Victim Industry: Energy & Utilities
Victim Organization: PLN (Perusahaan Listrik Negara)
Victim Site: pln.co.id
Alleged Data Leak of Indonesian Ministry of Education (Kemendikbud) Teacher Database
Category: Data Leak
Content: A threat actor operating under the handle IRXPLOIT, affiliated with Hacktivist Indonesia, has leaked a database allegedly sourced from ukpppg.kemendikbud.go.id, the Indonesian Ministry of Educations teacher professional development portal. The leaked data includes full names, email addresses (including official government educator email domains such as guru.sd.belajar.id, guru.smp.belajar.id, and guru.sma.belajar.id), national identity numbers (NIK), and phone numbers of Indonesian teachers. Th
Date: 2026-05-03T08:27:12Z
Network: openweb
Published URL: https://breached.st/threads/database-ukpppg-kemendikbud-go-id.86699/unread
Screenshots:
None
Threat Actors: IRXPLOIT
Victim Country: Indonesia
Victim Industry: Government – Education
Victim Organization: Kemendikbud (Indonesian Ministry of Education, Culture, Research and Technology)
Victim Site: ukpppg.kemendikbud.go.id
Alleged Data Breach of Bank BNI Database
Category: Data Breach
Content: A threat actor known as Mr. Hanz Xploit has posted on the Breached forum claiming to possess a database allegedly belonging to Bank BNI, an Indonesian state-owned bank. The post includes references to sample data and code, though specific details regarding record count and data fields are not provided in the available content. The legitimacy and scope of the alleged breach remain unverified.
Date: 2026-05-03T08:26:36Z
Network: openweb
Published URL: https://breached.st/threads/database-bank-bni.86702/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Indonesia
Victim Industry: Banking and Financial Services
Victim Organization: Bank BNI
Victim Site: bni.co.id
Alleged Breached Forum Administrator Statement on Law Enforcement Pressure and Community Mobilization
Category: Cyber Attack
Content: Administrator of Breached forum (a known cybercriminal marketplace) posted a lengthy statement addressing law enforcement actions, attempted retirement, and calling for community solidarity against perceived threats. The post references attacks on the forum, law enforcement targeting, and urges members not to surrender. This represents significant threat actor leadership communication regarding forum operations and resilience.
Date: 2026-05-03T08:15:48Z
Network: telegram
Published URL: https://t.me/bfsup/1309
Screenshots:
None
Threat Actors: Breached Forum Administrator
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Breached Forum
Victim Site: breached.st
Alleged database breach of Bank BNI
Category: Data Breach
Content: A user mr-hanz-xploit has posted on Breachforums regarding a database breach affecting Bank BNI (Bank Negara Indonesia). The breach details are being shared on the public forum thread.
Date: 2026-05-03T08:09:40Z
Network: telegram
Published URL: https://t.me/byjax7/433
Screenshots:
None
Threat Actors: mr-hanz-xploit
Victim Country: Indonesia
Victim Industry: Financial Services
Victim Organization: Bank BNI
Victim Site: bni.co.id
Alleged leak of Hotmail credentials combolist
Category: Data Leak
Content: A threat actor operating under the alias alphaaxd has shared an alleged combolist of approximately 2,020 valid Hotmail credentials on a cybercrime forum. The post claims the credentials are premium hits stored on a private cloud, with mixed email formats included. The content is hidden behind a registration or login requirement, suggesting limited distribution access.
Date: 2026-05-03T08:03:31Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-2020x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F–19993
Screenshots:
None
Threat Actors: alphaaxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of 40 Million Indian Female Personal Records
Category: Data Breach
Content: A threat actor operating under the alias mimevo1248 is selling a database purportedly containing 40 million records of Indian female individuals. The dataset includes full names, mobile numbers, email addresses, physical addresses, city, state, gender, and professional category/industry fields. The seller is contactable via Telegram and has provided a sample download link as proof of the datas existence.
Date: 2026-05-03T08:00:26Z
Network: openweb
Published URL: https://breachforums.rs/Thread-For-sale-first-hand-40-Million-Indian-Female-Data
Screenshots:
None
Threat Actors: mimevo1248
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of PLN Co.Id with database sample leaked
Category: Data Breach
Content: A user mr-hanz-xploit has posted a leak sample of PLN Co.Id database on Breach Forums. PLN (Perusahaan Listrik Negara) is Indonesias state-owned electricity company. The breach includes database records being shared publicly.
Date: 2026-05-03T07:56:30Z
Network: telegram
Published URL: https://t.me/byjax7/431
Screenshots:
None
Threat Actors: mr-hanz-xploit
Victim Country: Indonesia
Victim Industry: Energy/Utilities
Victim Organization: PLN Co.Id
Victim Site: pln.co.id
Alleged leak of 1,600 French email access credentials
Category: Logs
Content: A threat actor known as MegaCloud has made available a combolist containing approximately 1,600 French email access credentials, dated May 3rd. The post is shared on a cybercrime forum specializing in mail access and combolists. The targeted email providers or organizations associated with the credentials are not specified in the post.
Date: 2026-05-03T07:50:29Z
Network: openweb
Published URL: https://xforums.st/threads/1-6k-frace-fresh-mail-access-03-05.612231/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of US Air Force Military Facility Database
Category: Data Breach
Content: A threat actor operating under the alias FuckerSpy is selling a database allegedly obtained from the US Air Force containing over 191,027 records. The dataset reportedly includes sensitive facility information such as names, coordinates, elevation data, FAA numbers, usage types, and geolocation data. The seller is accepting negotiable offers and has provided samples, directing serious buyers to contact them via Telegram, qTox, or Session messaging platforms.
Date: 2026-05-03T07:44:50Z
Network: openweb
Published URL: https://breached.st/threads/us-military-air-force-data-hacked.86691/unread
Screenshots:
None
Threat Actors: FuckerSpy
Victim Country: United States
Victim Industry: Government / Military
Victim Organization: US Air Force
Victim Site: Unknown
Alleged Data Breach and Sale of UAE Investor System Data
Category: Data Breach
Content: A threat actor identified as FuckerSpy claims to have breached a UAE investor management system, allegedly exfiltrating approximately 230GB of sensitive data. The dataset purportedly includes personal information of investor members, visa records including Dubai Golden Visas, financial transactions, and identity documents from investors across multiple countries. The actor is selling the data at a negotiable price via Telegram, qTox, and Session contact channels.
Date: 2026-05-03T07:44:14Z
Network: openweb
Published URL: https://breached.st/threads/uae-investors-system-around-230gb-of-investor-data-hacked.86692/unread
Screenshots:
None
Threat Actors: FuckerSpy
Victim Country: United Arab Emirates
Victim Industry: Finance & Investment
Victim Organization: UAE Investors System
Victim Site: Unknown
Alleged data breach of National Oil Ethiopia PLC (NOC)
Category: Data Breach
Content: A threat actor known as FuckerSpy claims to have exfiltrated four databases from National Oil Ethiopia PLC (NOC), including a main ERP database exceeding 800GB containing client and employee PII, contracts, salaries, emails, addresses, and business operations data. The intrusion reportedly leveraged the ProxyLogon Exchange vulnerability for initial access, followed by lateral movement using a Metasploit reverse shell and Ligolo tunneling without a traditional C2 framework. The actor is selling t
Date: 2026-05-03T07:43:38Z
Network: openweb
Published URL: https://breached.st/threads/high-voltage-national-oil-ethiopia-plc-noc-database-hacked-by-fuckerspy.86693/unread
Screenshots:
None
Threat Actors: FuckerSpy
Victim Country: Ethiopia
Victim Industry: Oil & Gas / Energy
Victim Organization: National Oil Ethiopia PLC (NOC)
Victim Site: Unknown
Alleged Data Breach of UnionPay International Payment System Database
Category: Data Breach
Content: A threat actor operating under the alias FuckerSpy claims to be selling a 20 GB database allegedly exfiltrated from UnionPay International, a Chinese international payment system. The dataset purportedly contains sensitive personal and financial information including full names, gender, identity numbers, dates of birth, addresses, and card numbers in XLSX format. The seller is accepting negotiable offers and can be contacted via Telegram, qTox, and Session messaging platforms.
Date: 2026-05-03T07:43:03Z
Network: openweb
Published URL: https://breached.st/threads/china-unionpayintl-com-international-payment-system-database-hacked-by-fuckerspy.86695/unread
Screenshots:
None
Threat Actors: FuckerSpy
Victim Country: China
Victim Industry: Financial Services
Victim Organization: UnionPay International
Victim Site: unionpayintl.com
Alleged Data Breach of USA Social Security Administration (SSA) Records
Category: Data Breach
Content: A threat actor operating under the alias FuckerSpy is selling an alleged database of 13.3 million records purportedly obtained from the U.S. Social Security Administration (SSA). The dataset reportedly contains sensitive personal information including telephone numbers, email credentials, physical addresses, and usernames. The seller is negotiating pricing and can be contacted via Telegram, Qtox, or Session messaging platforms.
Date: 2026-05-03T07:42:28Z
Network: openweb
Published URL: https://breached.st/threads/13-3-million-usa-social-security-administration-ssa-data-hacked.86696/unread
Screenshots:
None
Threat Actors: FuckerSpy
Victim Country: United States
Victim Industry: Government
Victim Organization: Social Security Administration
Victim Site: ssa.gov
Alleged leak of mixed email and password credentials (combolist)
Category: Combo List
Content: A threat actor operating under the alias wingoooW has made available a mixed combolist of email and password credentials via a free download link on a paste site. The post is categorized under combolists on a known cybercrime forum. No specific victim organization, country, or record count has been identified.
Date: 2026-05-03T07:19:19Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-FRESH-MIXED-ACCESS
Screenshots:
None
Threat Actors: wingoooW
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of GoldenRabbit by geoserv (TSecNetwork)
Category: Defacement
Content: On May 3, 2026, the website goldenrabbit.org was defaced by threat actor geoserv, a member of the hacking group TSecNetwork. The attack targeted the homepage of the site in a targeted (non-mass) defacement operation. No specific motivation or technical details regarding the server environment were disclosed.
Date: 2026-05-03T07:19:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917393
Screenshots:
None
Threat Actors: geoserv, TSecNetwork
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Golden Rabbit
Victim Site: goldenrabbit.org
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias COYYYTOOOO has made available a combolist of approximately 3,000 alleged Hotmail email and password combinations on Demonforums. The credential list is described as high quality (HQ) and is being distributed for free via an external paste site. The origin and validity of the credentials have not been verified.
Date: 2026-05-03T07:18:27Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3K-HQ-HOTMAIL–202638
Screenshots:
None
Threat Actors: COYYYTOOOO
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor operating under the alias Stevee36 and posted by user erwinn91 on DemonForums has made available an alleged combolist of 1,994 Hotmail email and password combinations. The content is gated behind forum registration or login. The post was shared in the Combolists section of the forum and appears to be a free leak.
Date: 2026-05-03T07:17:43Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X1994-HQ-Hotmail-%E2%9A%A1%E2%9A%A1-BY-Stevee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of premium mixed email credential combolist
Category: Data Leak
Content: A threat actor on a leak forum has made available a combolist containing 3,730 alleged premium mixed email credentials. The content is hidden behind a registration or login wall, limiting full visibility into the datas origin or composition. The post is categorized under Combolist sharing, suggesting email and password pairs from multiple sources.
Date: 2026-05-03T07:16:49Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-3730x-PREMIUM-MIX-MAIL-HITS%E2%9A%A1%E2%9A%A1–19990
Screenshots:
None
Threat Actors: stevee
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor operating under the alias VegaM has made available a mixed combolist containing approximately 18,000 email and password credential pairs via an external paste service. The combolist appears to aggregate credentials from multiple sources across various mail providers. No specific victim organization or targeted service has been identified.
Date: 2026-05-03T07:16:23Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-18k-Mail-Access-Mixed-Combolist
Screenshots:
None
Threat Actors: VegaM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Chiana mail access credentials
Category: Data Leak
Content: A threat actor operating under the alias Megacloud shared a combolist on the AE forum containing approximately 4,700 valid mail access credentials associated with Chiana, dated March 5. The post was made available as a free leak. No further details regarding the targeted organization or origin of the credentials were provided.
Date: 2026-05-03T07:10:18Z
Network: openweb
Published URL: https://altenens.is/threads/4-7k-chiana-valid-mail-access-03-05.2933332/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Chiana
Victim Site: Unknown
Alleged leak of Japanese email access credentials
Category: Data Leak
Content: A threat actor operating under the alias Megacloud has shared a combolist containing approximately 2,200 Japanese email access credentials on the forum AE – Combo List. The post, dated May 3rd, claims the credentials are fresh and includes mail access. No specific organizations or domains were identified in the available post content.
Date: 2026-05-03T07:09:53Z
Network: openweb
Published URL: https://altenens.is/threads/2-2k-japan-fresh-mail-access-03-05.2933333/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged ConsentFix v3 OAuth Exploitation Attack Against Microsoft Azure
Category: Initial Access
Content: A new attack method named ConsentFix v3 has been disclosed that exploits the OAuth process to compromise Microsoft Azure accounts. The attack involves redirecting victims to a fake login page where they unknowingly grant authorization code to attackers. Using this code, attackers can obtain access tokens and bypass multi-factor authentication (MFA) to gain unauthorized account access without requiring passwords.
Date: 2026-05-03T07:01:03Z
Network: telegram
Published URL: https://t.me/c/1283513914/21520
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Global
Victim Industry: Cloud Services
Victim Organization: Microsoft Azure users
Victim Site: azure.microsoft.com
Alleged Data Breach of car.insurance.net Exposing 10 Million US Car Insurance Records
Category: Data Breach
Content: A threat actor operating under the alias FuckerSpy is selling a database allegedly containing over 10 million records from a US car insurance platform (car.insurance.net). The dataset is offered in XLSX format and includes sensitive personal and vehicle information such as full name, address, phone number, vehicle details (VIN, make, model, body type), gender, and insurance claim amounts. The seller is accepting negotiated offers and can be contacted via Telegram, qTox, or Session.
Date: 2026-05-03T06:53:06Z
Network: openweb
Published URL: https://breached.st/threads/10-million-database-car-insurance-net-usa-car-insurance-usa.86683/unread
Screenshots:
None
Threat Actors: FuckerSpy
Victim Country: United States
Victim Industry: Insurance
Victim Organization: car.insurance.net
Victim Site: car.insurance.net
Alleged Data Breach of Careficient EMR Platform Exposing US Staff and Patient PII
Category: Data Breach
Content: A threat actor operating under the alias attackercompany claims to be selling a database obtained from Careficient, an EMR software provider for Home Health, Hospice, and Home Care management. The dataset allegedly contains 163,644 patient records including SSNs, dates of birth, medical record numbers, contact details, and addresses, along with 1,218 staff records containing email addresses, phone numbers, hashed passwords, and password salts. The actor is reachable via Telegram and the post w
Date: 2026-05-03T06:52:32Z
Network: openweb
Published URL: https://breached.st/threads/fire-careficient-164-862-records-of-us-staff-and-patient-pii-information-fire.86684/unread
Screenshots:
None
Threat Actors: attackercompany
Victim Country: United States
Victim Industry: Healthcare
Victim Organization: Careficient
Victim Site: careficient.com
Alleged Data Breach of Wells Fargo Bank Customer Records
Category: Data Breach
Content: A threat actor operating under the alias FuckerSpy is selling an alleged database of 4.6 million Wells Fargo Bank customer records on the Breached forum. The dataset purportedly contains full names, email addresses, physical addresses, PIN codes, phone numbers, and additional sensitive fields, with data spanning the period 2024–2026. The seller is offering the data at a negotiable price and can be contacted via Telegram, qTox, and Session messaging platforms.
Date: 2026-05-03T06:51:56Z
Network: openweb
Published URL: https://breached.st/threads/4-6-million-data-of-wells-fargo-bank-multinational-financial-services-company.86685/unread
Screenshots:
None
Threat Actors: FuckerSpy
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Wells Fargo Bank
Victim Site: wellsfargo.com
Alleged Data Breach of Movistar Perus Enterprise Customer Database
Category: Data Breach
Content: A threat actor known as FuckerSpy is selling an alleged database of 4 million records from empresas.movistar.com.pe, the enterprise portal of Movistar Peru. The dataset reportedly includes sensitive personal and subscription data such as full names, ID documents, dates of birth, phone numbers, payment types, service descriptions, and city information. The seller is offering the data at a negotiable price and can be contacted via Telegram, qTox, or Session messaging platforms.
Date: 2026-05-03T06:51:21Z
Network: openweb
Published URL: https://breached.st/threads/4-million-database-empresas-movistar-com-pe-telecom-company-in-peru.86686/unread
Screenshots:
None
Threat Actors: FuckerSpy
Victim Country: Peru
Victim Industry: Telecommunications
Victim Organization: Movistar Peru
Victim Site: empresas.movistar.com.pe
Alleged Data Breach of Kuwait Airways with 2 Million Records for Sale
Category: Data Breach
Content: A threat actor operating under the alias FuckerSpy is selling an alleged database dump containing approximately 2 million records attributed to Kuwait Airways. The dataset reportedly includes personally identifiable information such as full names, dates of birth, passport details, national IDs, contact information, addresses, and frequent flyer program data. The seller is accepting negotiated offers and can be contacted via Telegram, qTox, and Session messaging platforms.
Date: 2026-05-03T06:50:47Z
Network: openweb
Published URL: https://breached.st/threads/2-000-000-kuwait-airways-airlines-data-leaked.86687/unread
Screenshots:
None
Threat Actors: FuckerSpy
Victim Country: Kuwait
Victim Industry: Aviation / Airlines
Victim Organization: Kuwait Airways
Victim Site: kuwaitairways.com
Alleged Data Breach of Philippines National Police (PNP)
Category: Data Breach
Content: A threat actor operating under the alias FuckerSpy claims to have breached the Philippines National Police (PNP) servers and is selling a database containing sensitive information on active and retired officers. The stolen data allegedly includes employee information, personal details, family records, firearms data, promotions history, and SALN (Statement of Assets, Liabilities, and Net Worth) records. The actor is offering the data at a negotiable price and can be contacted via Telegram, qTox
Date: 2026-05-03T06:50:14Z
Network: openweb
Published URL: https://breached.st/threads/philippines-national-police-officers-data-pnp-gov-ph.86688/unread
Screenshots:
None
Threat Actors: FuckerSpy
Victim Country: Philippines
Victim Industry: Law Enforcement
Victim Organization: Philippines National Police
Victim Site: pnp.gov.ph
Alleged Data Breach of Ticketmaster with 20 Million Records for Sale
Category: Data Breach
Content: A threat actor operating under the alias FuckerSpy claims to be selling a database allegedly obtained from Ticketmaster, containing over 20 million records. The post is listed on the Breached forum with a negotiable price, and the seller is directing serious buyers to contact them via Telegram, qTox, or Session. Samples are reportedly included in the original post.
Date: 2026-05-03T06:49:42Z
Network: openweb
Published URL: https://breached.st/threads/20-millions-tiketmaster-databases.86689/unread
Screenshots:
None
Threat Actors: FuckerSpy
Victim Country: United States
Victim Industry: Entertainment & Ticketing
Victim Organization: Ticketmaster
Victim Site: ticketmaster.com
Alleged Data Breach of fxpro.investment Australian Financial Trading Platform
Category: Data Breach
Content: A threat actor identified as FuckerSpy claims to have compromised the database of fxpro.investment, an Australian financial and currency trading platform. The alleged breach involves a 23GB CSV database dump containing extensive personal and contact information including usernames, passwords, emails, full names, dates of birth, physical addresses, phone numbers, gender, and IP addresses. The actor is selling the data at a negotiable price and can be contacted via Telegram, Qtox, and Session me
Date: 2026-05-03T06:49:08Z
Network: openweb
Published URL: https://breached.st/threads/fxpro-investment-2026-database-hacked-by-fuckerspy.86690/unread
Screenshots:
None
Threat Actors: FuckerSpy
Victim Country: Australia
Victim Industry: Finance & Currency Trading
Victim Organization: fxpro.investment
Victim Site: fxpro.investment
Alleged Data Breach of Albanian Government and Embassy Systems Including Diplomatic and Judicial Records
Category: Data Breach
Content: A threat actor known as blacknet00 claims to have breached systems belonging to the Albanian government and its embassy in Washington D.C., stealing 53 gigabytes of confidential data. The stolen data allegedly includes diplomatic correspondence, email inboxes from multiple Albanian embassies worldwide, classified files referencing the NSA and U.S. Department of State, criminal records, judicial salary data, passport information, and files related to foreign nations and defense contractor Rheinme
Date: 2026-05-03T06:32:03Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DOCUMENTS-Albanian-Government-and-its-Embassy-in-Washington-USA-System-Breached
Screenshots:
None
Threat Actors: blacknet00
Victim Country: Albania
Victim Industry: Government
Victim Organization: Albanian Government and Embassy in Washington
Victim Site: Unknown
Alleged leak of 6,700 German credentials combolist
Category: Combo List
Content: A threat actor operating under the alias MegaCloudshop has made available a combolist of approximately 6,700 credentials allegedly associated with German users, dated May 3rd. The content is hidden behind a registration or login wall on the forum. The actor promotes an external store at megacloudshop.top, suggesting possible monetization of similar data.
Date: 2026-05-03T06:24:33Z
Network: openweb
Published URL: https://demonforums.net/Thread-6-7KFresh-Germany-03-05
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Indonesian Tax Authority (DJP) Taxpayer Identity Records
Category: Data Leak
Content: A threat actor operating under the alias Mr.ZeroPhx100 has publicly shared a dataset allegedly sourced from the Indonesian Directorate General of Taxes (DJP). The leaked data contains NPWP (Nomor Pokok Wajib Pajak – taxpayer identification numbers) and NIK KTP (national identity card numbers) belonging to Indonesian citizens. Approximately 65 records were made available in the forum post, potentially representing a sample of a larger dataset.
Date: 2026-05-03T06:07:49Z
Network: openweb
Published URL: https://breached.st/threads/database-djp.86682/unread
Screenshots:
None
Threat Actors: Mr.ZeroPhx100
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Direktorat Jenderal Pajak (DJP)
Victim Site: pajak.go.id
Alleged Leak of Hotmail Credential Combolist
Category: Combo List
Content: A threat actor operating under the alias WashingtonDC has made available a combolist of approximately 4,000 Hotmail (Microsoft) email credentials via a Mega.nz file link on the cracking forum CrackingX. The post offers free access to what are claimed to be mail access credentials. No additional victim details or data fields beyond email access were specified.
Date: 2026-05-03T05:43:40Z
Network: openweb
Published URL: https://crackingx.com/threads/74185/
Screenshots:
None
Threat Actors: WashingtonDC
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Sale of Initial Access to Vietnamese Interior Design Firm
Category: Initial Access
Content: A threat actor on BreachForums is selling RDP access to a large interior design company based in Vietnam with an estimated annual revenue of $50M–$80M. The access is listed at $850 and includes user and admin privileges, with Windows Defender as the only security control. The compromised network reportedly contains approximately 3,200 hosts.
Date: 2026-05-03T05:40:07Z
Network: openweb
Published URL: https://breachforums.rs/Thread-RDP-RDP-SSH-SMB-interior-designg-Vietnam-25M-50M-revenue
Screenshots:
None
Threat Actors: XOverStm
Victim Country: Vietnam
Victim Industry: Interior Design
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of RDP Access to Large Medical Facility in Saudi Arabia
Category: Initial Access
Content: A threat actor on BreachForums is selling RDP access to a large medical facility in Saudi Arabia for $600. The access includes 12 user accounts and covers a network of approximately 1,400 hosts, with the target organization reporting annual revenues between $70M and $100M. The only active security control identified is Windows Defender.
Date: 2026-05-03T05:38:46Z
Network: openweb
Published URL: https://breachforums.rs/Thread-RDP-RDP-Huge-medical-facility-Saudi-Arabia-70M-100M-revenue
Screenshots:
None
Threat Actors: XOverStm
Victim Country: Saudi Arabia
Victim Industry: Healthcare
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of RDP Access to French Furniture Company
Category: Initial Access
Content: A threat actor on BreachForums is selling RDP access to a French furniture company with an estimated annual revenue of $50M-$80M and a network of approximately 1,200 hosts. The access is offered at $400 and includes both user and admin privileges, with Windows Defender as the only security solution in place. The seller can be contacted via Telegram (@GMX21K) or TOX.
Date: 2026-05-03T05:35:21Z
Network: openweb
Published URL: https://breachforums.rs/Thread-RDP-RDP-Furniture-France-25M-50M-revenue
Screenshots:
None
Threat Actors: XOverStm
Victim Country: France
Victim Industry: Furniture
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Binance Crypto Users in the United States
Category: Data Breach
Content: A threat actor on the AE – Leaked Databases forum has posted a thread claiming to have data associated with Binance cryptocurrency users located in the United States. No post content was available to determine the nature, volume, or type of data involved. The claim remains unverified.
Date: 2026-05-03T05:29:17Z
Network: openweb
Published URL: https://altenens.is/threads/binance-crypto-user-usa.2933318/unread
Screenshots:
None
Threat Actors: farihaarpita590
Victim Country: United States
Victim Industry: Cryptocurrency / Financial Services
Victim Organization: Binance
Victim Site: binance.com
Alleged Sale of Japanese Population Database (20 Million Records)
Category: Data Breach
Content: A threat actor operating under the alias FuckSpy is allegedly selling a database containing personal data of approximately 20 million Japanese individuals. The post was listed on BreachForums under the Sellers Place section. No further details regarding the data source, specific data fields, or pricing were available in the post content.
Date: 2026-05-03T05:25:00Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Japanese-population-20-Millions
Screenshots:
None
Threat Actors: FuckSpy
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of 40 Million Indian Female Personal Records
Category: Data Breach
Content: A threat actor operating under the alias mimevo1248 is allegedly selling a dataset containing personal information of 40 million Indian female individuals. The post was identified on BreachForums. No further details regarding the source organization, data fields, or asking price are available from the post content.
Date: 2026-05-03T05:23:03Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-40-Million-Indian-Female-Data
Screenshots:
None
Threat Actors: mimevo1248
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Transamerica exposing 1 million insurance and retirement client records
Category: Data Breach
Content: A threat actor known as FuckerSpy is selling an alleged database of approximately 1 million Transamerica clients in XLSX format on a cybercrime forum. The dataset purportedly includes personally identifiable information such as full names, addresses, phone numbers, email addresses, dates of birth, and gender. Transamerica is a US-based provider of insurance, annuities, and retirement services, making this data particularly sensitive for financial fraud and identity theft.
Date: 2026-05-03T05:15:35Z
Network: openweb
Published URL: https://breached.st/threads/1-million-dtabase-transamerica-com-us-insurance-annuities-retirement-clients.86677/unread
Screenshots:
None
Threat Actors: FuckerSpy
Victim Country: United States
Victim Industry: Insurance & Financial Services
Victim Organization: Transamerica
Victim Site: transamerica.com
Alleged sale of 4 million VISA cardholder records from United States financial services
Category: Carding
Content: A threat actor operating under the alias FuckerSpy is selling an alleged dataset of 4 million VISA cardholder records sourced from United States financial services. The dataset reportedly includes full names, addresses, phone numbers, email addresses, card information, and related industry and product details. The seller is offering the data at a negotiable price and can be contacted via Telegram, qTox, and Session messaging platforms.
Date: 2026-05-03T05:14:59Z
Network: openweb
Published URL: https://breached.st/threads/4-million-visa-data-usa-financial-services-cardholder-dataset.86680/unread
Screenshots:
None
Threat Actors: FuckerSpy
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of classified military data from Chinas National Supercomputing Center (NSCC)
Category: Data Breach
Content: A threat actor operating under the alias FuckerSpy is selling an alleged 10+ TB dataset purportedly exfiltrated from Chinas National Supercomputing Center (NSCC). The data reportedly includes raw computational models, simulation outputs, design files, and documents related to military-aerospace programs covering stealth/supersonic technology, gravitational wave sensors, bunker-buster ordnance modeling, and satellite systems. The seller is offering the data at a negotiable price via Telegram a
Date: 2026-05-03T05:14:26Z
Network: openweb
Published URL: https://breached.st/threads/china-nscc-supercomputing-10-tb-of-classified-military-leak-2026.86681/unread
Screenshots:
None
Threat Actors: FuckerSpy
Victim Country: China
Victim Industry: Government / Defense
Victim Organization: National Supercomputing Center (NSCC)
Victim Site: Unknown
Alleged Data Breach of Huachiew Chalermprakiet University, Thailand
Category: Data Breach
Content: A threat actor operating under the alias Mr.ZeroPhx100 claims to possess a database belonging to Huachiew Chalermprakiet University in Thailand. The post was published on the Breached forum with limited detail, referencing the universitys website alongside an anti-Thailand hashtag. The nature of the data, record count, and whether it is being sold or leaked freely remains unclear from the available information.
Date: 2026-05-03T05:13:28Z
Network: openweb
Published URL: https://breached.st/threads/database-huachiew-chalermprakiet-university-thailand.86678/unread
Screenshots:
None
Threat Actors: Mr.ZeroPhx100
Victim Country: Thailand
Victim Industry: Education
Victim Organization: Huachiew Chalermprakiet University
Victim Site: Unknown
Alleged sale of CVV codes and credit card validation tools
Category: Logs
Content: User @Nikiccv is advertising the sale of CVV codes (credit card verification values) for fraudulent purposes. Additionally, a forwarded message references 9Check.me, a tool designed to validate stolen credit card information and check credit limits without authorization.
Date: 2026-05-03T04:52:43Z
Network: telegram
Published URL: https://t.me/c/2613583520/74431
Screenshots:
None
Threat Actors: Nikiccv
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of social media combolist targeting multiple platforms
Category: Data Leak
Content: A threat actor known as mustaphine has shared a combolist claimed to be valid for multiple social media platforms including Facebook, Instagram, OnlyFans, TikTok, and Twitter. The content is hidden behind a registration or login requirement on the forum. The post appears to offer credential lists for account takeover purposes across these platforms.
Date: 2026-05-03T04:49:54Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-good-for-all-socials-combo-FACEBOOK-instagram-thread-onlyfans-tiktok-twi
Screenshots:
None
Threat Actors: mustaphine
Victim Country: Unknown
Victim Industry: Social Media
Victim Organization: Facebook, Instagram, OnlyFans, TikTok, Twitter
Victim Site: facebook.com, instagram.com, onlyfans.com, tiktok.com, twitter.com
Alleged Distribution of Mixed Combolist with 768 Credentials
Category: Combo List
Content: A threat actor operating under the alias snowstormxd has made available a mixed combolist containing 768 credential entries via a public paste site and a Telegram channel. The post also advertises a private cloud service branded as snowstormxd Cloud with a built-in inboxer tool, offered at tiered pricing starting at $3 for 24 hours. The origin and specific targets of the leaked credentials are unknown.
Date: 2026-05-03T04:49:15Z
Network: openweb
Published URL: https://crackingx.com/threads/74183/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of SMAN 1 Semin by Mr.XycanKing (BABAYO EROR SYSTEM)
Category: Defacement
Content: On May 3, 2026, threat actor Mr.XycanKing, operating under the team BABAYO EROR SYSTEM, defaced the website of SMAN 1 Semin, an Indonesian public high school. The attack targeted the schools web presence hosted on a cloud infrastructure, resulting in unauthorized modification of the sites content. The incident was archived and mirrored via haxor.id.
Date: 2026-05-03T04:36:20Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248843
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMAN 1 Semin (Senior High School 1 Semin)
Victim Site: sman1semin.sch.id
Alleged Sale of Japanese Population Database Containing 20 Million Records
Category: Data Breach
Content: A threat actor operating under the alias FuckerSpy is selling an alleged database containing personal records of approximately 20 million Japanese individuals. The dataset includes national IDs, dates of birth, full names, cities, addresses, and phone numbers, offered in XLSX format at approximately 12GB in size. The actor is advertising the data at a negotiable price via Telegram, qTox, and Session messaging platforms.
Date: 2026-05-03T04:31:05Z
Network: openweb
Published URL: https://breached.st/threads/japanese-population-20-millions-by-fuckerspy.86675/unread
Screenshots:
None
Threat Actors: FuckerSpy
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Xiaomi China Database
Category: Data Leak
Content: A threat actor known as Xyph0rix has made available an alleged database dump associated with Xiaomi China on the Breached forum. The post offers a free download of the database. Details regarding the number of records and specific data types contained within the dump are not disclosed in the post.
Date: 2026-05-03T04:29:52Z
Network: openweb
Published URL: https://breached.st/threads/database-xiaomi-china.86673/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: China
Victim Industry: Consumer Electronics / Technology
Victim Organization: Xiaomi
Victim Site: xiaomi.com
Alleged Data Leak of McDonalds Indonesia Database
Category: Data Leak
Content: A threat actor known as x0ghost has allegedly leaked a database associated with McDonalds Indonesia on the Breached forum. The post was shared in the Databases section, suggesting the release of structured data. Further details regarding the record count and specific data types contained within the dump are not available from the post content.
Date: 2026-05-03T04:29:19Z
Network: openweb
Published URL: https://breached.st/threads/database-mcdonalds-indonesia-leak.86674/unread
Screenshots:
None
Threat Actors: x0ghost
Victim Country: Indonesia
Victim Industry: Food & Beverage / Quick Service Restaurant
Victim Organization: McDonalds Indonesia
Victim Site: mcdonalds.co.id
Alleged data leak of Afghanistan Ministry of Finance infrastructure and backend systems
Category: Data Leak
Content: A threat actor known as Cyballz has made available a claimed 1.4TB+ dump of the Afghanistan Ministry of Finances cPanel infrastructure under the account shamshad. The leaked data allegedly includes live databases, private keys, email infrastructure, backend configurations, and official government content tied to platforms including PPP and AFMIS. The exposure is described as providing near-complete visibility into the Ministrys digital operations and associated government systems.
Date: 2026-05-03T04:13:03Z
Network: openweb
Published URL: https://pwnforums.st/Thread-AFGHANISTAN-MINISTRY-OF-FINANCE-COMPLETE-INFRASTRUCTURE-BREACH-%E2%80%93-1-4-TB
Screenshots:
None
Threat Actors: Cyballz
Victim Country: Afghanistan
Victim Industry: Government
Victim Organization: Ministry of Finance of Afghanistan
Victim Site: mof.gov.af
Alleged data breach of McDonalds Indonesia (mcdonalds.co.id)
Category: Data Breach
Content: A database allegedly from McDonalds Indonesia (mcdonalds.co.id) has been leaked and shared on Breachforums. The leak was posted by user x0ghost and credited to threat actor Xyph0rix. The breach details are available on the Breachforums thread.
Date: 2026-05-03T04:07:30Z
Network: telegram
Published URL: https://t.me/c/3755871403/362
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Indonesia
Victim Industry: Food & Beverage
Victim Organization: McDonalds Indonesia
Victim Site: mcdonalds.co.id
Alleged leak of shopping-related combolist with 76,085 credential pairs
Category: Combo List
Content: A threat actor operating under the handle HQcomboSpace has made available a combolist containing 76,085 email:password credential pairs via a Mega.nz file link. The combolist is advertised as suitable for use against shopping and corporate business platforms. No specific victim organization or country has been identified.
Date: 2026-05-03T04:06:10Z
Network: openweb
Published URL: https://crackingx.com/threads/74182/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Brazilian Government Websites camarapaimfilho.rs.gov.br and belterra.pa.gov.br
Category: Data Leak
Content: The threat actor group m0z1ll4s crew, with members AR4B3, h4xxz, and spl1nt3r, claim to have compromised two Brazilian government websites via SQL injection, extracting data from 400+ users and approximately 20,000 sensitive records. The stolen database dumps have been made available for free download via a Gofile link. The affected targets are camarapaimfilho.rs.gov.br (Rio Grande do Sul state) and belterra.pa.gov.br (Pará state).
Date: 2026-05-03T04:01:08Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-%E2%AD%90-rs-gov-br-pa-gov-br-DataBase
Screenshots:
None
Threat Actors: m0z1ll4screw
Victim Country: Brazil
Victim Industry: Government
Victim Organization: Câmara Municipal de Paim Filho and Prefeitura de Belterra
Victim Site: camarapaimfilho.rs.gov.br, belterra.pa.gov.br
Alleged Xiaomi database breach and leak on Breach Forums
Category: Data Breach
Content: A user named xyph0rix on Breach Forums has posted a thread claiming to have a database dump from Xiaomi (China). The breach includes database records allegedly from the Chinese technology company. The leak was shared and discussed on the dark web forum Breach Forums.
Date: 2026-05-03T03:55:00Z
Network: telegram
Published URL: https://t.me/Xyph0rix/270
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: China
Victim Industry: Technology/Electronics
Victim Organization: Xiaomi
Victim Site: xiaomi.com
Alleged Data Leak of rule34.world User Credentials with Plain-Text Passwords
Category: Data Leak
Content: A threat actor has freely shared a credential list containing email addresses and plain-text passwords belonging to over 300,000 users of rule34.world, an adult content platform. The data was reportedly obtained by exploiting insecure JWT token handling across rule34.xyz and rule34.world, which share the same operator, combined with an API endpoint that returned passwords in plain text. The leaked credential list has been made available via an external file hosting link.
Date: 2026-05-03T03:30:28Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-rule34-world-users-plain-text-passwords
Screenshots:
None
Threat Actors: tarot
Victim Country: Unknown
Victim Industry: Adult Entertainment
Victim Organization: rule34.world
Victim Site: rule34.world
Alleged leak of multi-platform account cookies including Steam, Netflix, and FunPay
Category: Data Leak
Content: A threat actor operating under the alias blackcat66 on NulledBB has shared what they claim to be session cookies for multiple platforms including Steam, Netflix, and FunPay. The content was made available via an external file hosting link. No record count or pricing was specified, suggesting this is a free leak.
Date: 2026-05-03T03:24:09Z
Network: openweb
Published URL: https://nulledbb.com/thread-cookies-funpay-steam-netflix-more
Screenshots:
None
Threat Actors: blackcat66
Victim Country: Unknown
Victim Industry: Multiple
Victim Organization: Steam, Netflix, FunPay
Victim Site: Unknown
Alleged sale of webshell access
Category: Initial Access
Content: Threat actor offering webshell access for sale with two pricing tiers: 10 USD for one shell with 18 password, and 1 USD for one shell with 13 password. Specific pricing and product details suggest active initial access broker activity.
Date: 2026-05-03T03:17:04Z
Network: telegram
Published URL: https://t.me/c/3841736872/355
Screenshots:
None
Threat Actors: DEWATA BLACKHAT
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged USDT cryptocurrency advance-fee fraud and CVV validation phishing operation
Category: Phishing
Content: Multiple threat actors operating coordinated phishing and advance-fee fraud scheme targeting cryptocurrency traders. Posts claim to be buying USDT at 15-20% above market price from users in China facing policy restrictions. Scam uses classic advance-fee fraud pattern: well pay first, then you send USDT. Associated with CVV card validation tool (9Check.me) for credential harvesting. Spam/flood activity with repeated forwarded messages.
Date: 2026-05-03T03:13:02Z
Network: telegram
Published URL: https://t.me/c/2613583520/74360
Screenshots:
None
Threat Actors: Unknown coordinated phishing ring
Victim Country: China
Victim Industry: cryptocurrency
Victim Organization: Unknown
Victim Site: Unknown
Alleged solicitation for Egypt-based database collection
Category: Data Breach
Content: A threat actor on the Breached forum is soliciting Egypt-based database leaks, expressing interest in compiling a collection of Egyptian data. No specific organization, dataset, or data type has been identified. The post appears to be a request for pointers to existing leaks rather than an active sale or publication of data.
Date: 2026-05-03T03:04:39Z
Network: openweb
Published URL: https://breached.st/threads/any-egypt-based-leaks.86670/unread
Screenshots:
None
Threat Actors: testaccountdumdum313
Victim Country: Egypt
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Kota Tegal Government Database, Indonesia
Category: Data Leak
Content: A threat actor known as Xyph0rix has publicly shared a database allegedly belonging to the City of Tegal (Kota Tegal), Indonesia, hosted on a government .go.id domain. The database was made available as a free download via a dark web forum. No record count or data field details were specified in the post.
Date: 2026-05-03T03:04:06Z
Network: openweb
Published URL: https://breached.st/threads/database-kota-tegal.86671/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Kota Tegal (City of Tegal)
Victim Site: tegalkota.go.id
Alleged sale of RDP access and compromised cloud/email accounts
Category: Initial Access
Content: Threat actor offering rental of RDP access to Azure, AWS, and DigitalOcean infrastructure ($200), along with compromised domain email accounts (Gmail, Yahoo), GitHub Student accounts, and domain access. Services offered on daily/monthly rental basis with escrow payment option.
Date: 2026-05-03T03:03:21Z
Network: telegram
Published URL: https://t.me/c/2613583520/74369
Screenshots:
None
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Technology/Cloud Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged database breach of Kota Tegal
Category: Data Breach
Content: A Breachforums user (xyph0rix) has posted a thread disclosing a database breach related to Kota Tegal. The breach details are shared on the Breachforums platform, indicating potential exposure of structured database records.
Date: 2026-05-03T02:50:14Z
Network: telegram
Published URL: https://t.me/Xyph0rix/269
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Kota Tegal
Victim Site: Unknown
Alleged data breach of MiniMed Panama exposing ~400,000 healthcare records
Category: Data Breach
Content: A threat actor is selling a database dump allegedly obtained from MiniMed Panama, the largest private primary healthcare network in Panama, for 10 credits. The breach was reportedly facilitated by default or weak credentials on systems managed by LATAM MAXIA, exposing approximately 400,000 records across multiple tables including patient PII, medical imaging records, doctor credentials with plaintext passwords, and appointment data. Compromised data includes national IDs, dates of birth, medical
Date: 2026-05-03T02:46:51Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-PA-MiniMed-Panama-Database-leak-400k-records
Screenshots:
None
Threat Actors: ohmydays
Victim Country: Panama
Victim Industry: Healthcare
Victim Organization: MiniMed Panama
Victim Site: Unknown
Alleged leak of 40,000 Hotmail credential combos targeting forum accounts
Category: Combo List
Content: A threat actor operating under the alias ValidMail has shared an alleged combolist of approximately 40,000 Hotmail email credentials on the cracking forum CrackingX. The credentials are claimed to be valid and specifically filtered for forum account access. The post requires forum registration to view the full content, limiting visibility of additional details.
Date: 2026-05-03T02:40:06Z
Network: openweb
Published URL: https://crackingx.com/threads/74179/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged distribution of mixed combolist with cloud storage service
Category: Combo List
Content: A threat actor known as snowstormxd has made available a mixed combolist of 768 entries via a public paste site and a Telegram channel. The post also advertises a paid private cloud service starting at $3 for 24 hours, offering access to additional credential lists with a built-in inboxer tool. Payments are processed through a Telegram bot, suggesting an ongoing credential distribution operation.
Date: 2026-05-03T02:39:49Z
Network: openweb
Published URL: https://crackingx.com/threads/74180/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Israeli CCTV Systems
Category: Data Leak
Content: A threat actor on BreachForums posted a thread titled CCTV ISRAEL under the Databases section, suggesting a potential leak or compromise related to Israeli CCTV systems. No post content was available to confirm the nature, scope, or specific targets of the claimed data. The full details of the alleged incident remain unclear.
Date: 2026-05-03T02:28:36Z
Network: openweb
Published URL: https://breachforums.rs/Thread-CCTV-ISRAEL
Screenshots:
None
Threat Actors: sang_seniman
Victim Country: Israel
Victim Industry: Security and Surveillance
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Indonesian Civil Population Administration Database (Dukcapil)
Category: Data Breach
Content: A threat actor identified as 0xHentai is selling a database allegedly obtained from the Indonesian Directorate General of Civil Population Administration (Dukcapil), operating under the Ministry of Home Affairs. The database is being offered for sale on the Breached.st cybercrime forum. The compromised data likely contains sensitive civil registration and population records of Indonesian citizens.
Date: 2026-05-03T02:13:11Z
Network: openweb
Published URL: https://breached.st/threads/for-sale-database-dukcapil-kemendagri-go-id.86669/unread
Screenshots:
None
Threat Actors: 0xHentai
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Direktorat Jenderal Kependudukan dan Pencatatan Sipil (Dukcapil) – Ministry of Home Affairs
Victim Site: dukcapil.kemendagri.go.id
Alleged Data Leak of Indonesian Citizen Population Records by SULAWESI HACKTIVIST INDONESIA
Category: Data Leak
Content: A threat actor operating under the alias CY8ER N4TI0N, affiliated with SULAWESI HACKTIVIST INDONESIA, has publicly leaked Indonesian citizen population records on a hacking forum. The leaked data includes sensitive personally identifiable information (PII) such as National Identity Numbers (NIK), Family Card Numbers (NKK), full names, dates and places of birth, gender, parents names, and residential addresses. The records appear to originate from Indonesias civil registration database (Dukcapi
Date: 2026-05-03T02:12:14Z
Network: openweb
Published URL: https://breached.st/threads/penduduk-warga-kabupaten.86668/unread
Screenshots:
None
Threat Actors: CY8ER N4TI0N
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Indonesian Civil Registration / Dukcapil
Victim Site: Unknown
Alleged breach and sale of Dukcapil (Indonesian Ministry of Home Affairs) database
Category: Data Breach
Content: A user profile on breached.st references a thread offering a database breach allegedly from dukcapil.kemendagri.go.id (Indonesian Ministry of Home Affairs Directorate General of Population and Civil Registration). The post indicates the database is being offered for sale.
Date: 2026-05-03T02:06:58Z
Network: telegram
Published URL: https://t.me/bertahan1ci/68
Screenshots:
None
Threat Actors: 0xHentai
Victim Country: Indonesia
Victim Industry: Government – Civil Registration
Victim Organization: Dukcapil (Direktorat Jenderal Kependudukan dan Pencatatan Sipil)
Victim Site: dukcapil.kemendagri.go.id
Alleged data leak from sadda.io
Category: Data Leak
Content: A CSV file allegedly containing data from sadda.io has been shared and made available for download via MediaFire. The post references KARAWANG ERROR SYSTEM and includes a photo link to the target domain.
Date: 2026-05-03T02:03:54Z
Network: telegram
Published URL: https://t.me/KAR4WANG_ERROR_SYSTEM/378
Screenshots:
None
Threat Actors: KARAWANG ERROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: sadda.io
Victim Site: sadda.io
Alleged Data Breach of Egypt Ministry of Manpower Worker Records
Category: Data Breach
Content: A threat actor known as CrowStealer is selling a database allegedly sourced from Egypts Ministry of Manpower (Labour) containing 34,528 records of Egyptian workers abroad. The dataset includes full names, national ID numbers, birthdates, gender, marital status, job titles, addresses, academic degrees, mobile numbers, email addresses, and passport details. The data is being offered for $100 and pertains specifically to workers outside of Egypt.
Date: 2026-05-03T01:57:37Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-Egypt-Ministry-of-manpower-labour-34k-record
Screenshots:
None
Threat Actors: CrowStealer
Victim Country: Egypt
Victim Industry: Government
Victim Organization: Egypt Ministry of Manpower (Labour)
Victim Site: Unknown
Alleged sale of Gmail credential combolist
Category: Combo List
Content: A threat actor known as D4rkNetHub is allegedly selling a combolist containing over 100,000 Gmail credentials on the cracking forum CX – Combolists & Dumps. The post is priced at $10 and the full content requires forum registration to access. The origin and validity of the credential list cannot be verified from available information.
Date: 2026-05-03T01:47:37Z
Network: openweb
Published URL: https://crackingx.com/threads/74175/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged leak of URL:Login:Password combolist containing 93.38 million credentials
Category: Combo List
Content: A threat actor operating under the alias Daxus has made available a large combolist containing approximately 93.38 million URL:login:password credential pairs on the cracking forum CrackingX. The credentials are advertised as UHQ (ultra-high quality), suggesting a high validity rate. The actor promotes their platform at Daxus.pro and associated Telegram channels for additional access to credential data.
Date: 2026-05-03T01:47:12Z
Network: openweb
Published URL: https://crackingx.com/threads/74177/
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Gaming and Shopping Hotmail credential combolist
Category: Combo List
Content: A threat actor operating under the alias HQcomboSpace has made available a combolist containing approximately 1.187 million credential lines targeting Hotmail accounts associated with gaming and shopping platforms. The combolist was shared via a Mega.nz download link on the cracking forum CrackingX. No price was mentioned, indicating this is a free leak distributed to the forum community.
Date: 2026-05-03T01:46:57Z
Network: openweb
Published URL: https://crackingx.com/threads/74178/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Multiple (Gaming, E-Commerce)
Victim Organization: Microsoft Hotmail
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Data Leak
Content: A threat actor on the AE Combo List forum has made available a combolist of approximately 13,600 allegedly valid Hotmail email credentials. The post, dated May 3rd, appears to offer free access to the credential list. No additional details about the origin of the credentials or the affected users are available.
Date: 2026-05-03T01:43:04Z
Network: openweb
Published URL: https://altenens.is/threads/13-6k-high-voltagehotmailhigh-voltagevalid-mail-access-03-05.2933254/unread
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Data Leak of 47street.com.ar Customer Data
Category: Data Leak
Content: A threat actor using the alias Splashed claims to have compromised 47street.com.ar, a well-known Argentine teen fashion brand founded in 1986. The leaked data reportedly includes personal information such as city, phone numbers, zip codes, provinces, and IP addresses. The data has been made available for free download on the Spear cybercrime forum.
Date: 2026-05-03T01:28:43Z
Network: openweb
Published URL: https://spear.cx/Thread-Com-Boss-47street-com-ar-Leaked-Download
Screenshots:
None
Threat Actors: Splashed
Victim Country: Argentina
Victim Industry: Retail
Victim Organization: 47 Street
Victim Site: 47street.com.ar
Alleged Data Leak of La Mie Câline Biscarrosse with Admin Panel Access
Category: Data Leak
Content: A threat actor known as SherKhan has leaked a database dump and admin panel access for La Mie Câlines Biscarrosse location, a French bakery chain. The leaked data reportedly includes cashbook records, bills, quotes, and personal customer information such as names, addresses, postal codes, cities, phone numbers, emails, and status fields. The data was made available for free download to forum members who reply to the thread.
Date: 2026-05-03T01:13:29Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-FR-La-Mie-C%C3%A2line-Biscarrosse-Acces-Admin
Screenshots:
None
Threat Actors: SherKhan
Victim Country: France
Victim Industry: Food & Beverage / Retail
Victim Organization: La Mie Câline
Victim Site: lamiecaline.com
Alleged leak of 886,000 USA credentials combolist
Category: Data Leak
Content: A threat actor known as Sauron has shared an alleged combolist containing approximately 886,000 credential pairs described as Ultra High Quality (UHQ) and private, targeting United States-based accounts. The content is hidden behind a registration or login wall on the forum, suggesting it may be restricted to verified members. No specific victim organization or platform has been identified.
Date: 2026-05-03T01:07:19Z
Network: openweb
Published URL: https://leakforum.io/Thread-886k-UHQ-USA-PRivate
Screenshots:
None
Threat Actors: Sauron
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 150,000 US credentials combolist
Category: Data Leak
Content: A threat actor operating under the alias Sauron has made available an alleged combolist containing 150,000 US-based credential pairs on a cybercriminal forum. The list is described as private, ultra-high quality (UHQ), and fresh, suggesting recently compiled or verified email and password combinations. Access to the content is restricted to registered forum members.
Date: 2026-05-03T01:06:56Z
Network: openweb
Published URL: https://leakforum.io/Thread-150K-USA-Private-UHQ-Fresh-Combolist
Screenshots:
None
Threat Actors: Sauron
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of PlayStation targeted combolist
Category: Data Leak
Content: A threat actor known as Sauron has shared a PlayStation-targeted combolist containing approximately 10,000 credential pairs on a cybercrime forum. The combolist appears to be made available for free, accessible upon registration or login to the forum. The credentials are specifically curated to target PlayStation account holders.
Date: 2026-05-03T01:05:37Z
Network: openweb
Published URL: https://leakforum.io/Thread-10K-PlayStation-Targeted-Combolist
Screenshots:
None
Threat Actors: Sauron
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: PlayStation
Victim Site: playstation.com
Alleged leak of mixed valid email access credentials (94,700 records)
Category: Combo List
Content: A threat actor operating under the alias redcloud has made available a combolist of approximately 94,700 mixed valid email access credentials, described as private and ultra-high quality (UHQ). The credential list is dated 03.05.2026 and distributed via a MediaFire download link. The actor also provides a Telegram contact handle for further communication.
Date: 2026-05-03T01:04:10Z
Network: openweb
Published URL: https://crackingx.com/threads/74173/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor operating under the alias noir has made available a combolist of allegedly valid Hotmail credentials on the cracking forum CX. The post claims the list contains 2,888 valid email and password combinations described as UHQ (ultra high quality). The actor promotes a Telegram channel (@noiraccesss) alongside a free download link for the credential list.
Date: 2026-05-03T01:03:54Z
Network: openweb
Published URL: https://crackingx.com/threads/74174/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Data Leak of Full Logs Archive (1.2GB)
Category: Data Leak
Content: A threat actor known as WhiteMelly posted a thread on the AE (AlteNens) forum claiming to share a 1.2GB archive described as full logs. No additional content or details were available in the post to determine the nature of the data, affected organizations, or geographic scope.
Date: 2026-05-03T00:59:29Z
Network: openweb
Published URL: https://altenens.is/threads/1-2gb-full-logs.2933236/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email access combolist with 13,000 credentials
Category: Data Leak
Content: A threat actor known as WhiteMelly has made available a mixed combolist containing approximately 13,000 credential lines with mail access on the AE forum. The post is described as a combo list mix, suggesting credentials from multiple sources or providers. No specific victim organization or country has been identified.
Date: 2026-05-03T00:50:49Z
Network: openweb
Published URL: https://altenens.is/threads/13k-mix-lines-mail-access.2933233/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Data Leak
Content: A threat actor operating under the alias WhiteMelly shared a combolist containing approximately 3,000 Hotmail (Microsoft) credential pairs on the AE combo list forum. The post is categorized as mail access, suggesting the credentials grant access to Hotmail email accounts. No pricing was mentioned, indicating the list was made available for free.
Date: 2026-05-03T00:48:37Z
Network: openweb
Published URL: https://altenens.is/threads/3k-hotmail-lines-mail-access.2933234/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website Defacement of daabjr.online by YIIX103
Category: Defacement
Content: On May 3, 2026, a threat actor operating under the handle YIIX103 defaced the homepage of daabjr.online. The attack was a single targeted defacement rather than a mass campaign, with no team affiliation reported. Technical details such as the server software and exploited vulnerability were not disclosed.
Date: 2026-05-03T00:47:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917389
Screenshots:
None
Threat Actors: YIIX103
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: daabjr.online
Alleged Sale of Stolen Payment Card Data, Dumps, Cloned Cards, and Financial Transfer Services by Threat Actor ColdApollo
Category: Carding
Content: Threat actor greens99 operating under the alias ColdApollo on the Breached forum is selling a range of stolen financial data and fraud services, including credit cards with CVV, dumps with PINs (Track 1 & 2), cloned cards, PayPal accounts with funds, and Western Union transfers. Sample dump records reference accounts from Barclays Bank (UK), Natixis Bank (France), CIBC (Canada), and Commonwealth Bank (Australia). Contact is conducted via Telegram handle @ColdApollo.
Date: 2026-05-03T00:42:54Z
Network: openweb
Published URL: https://breached.st/threads/100-paypal-transfer-no-chargeback-100-verified-paypal-accounts-with-funds.86662/unread
Screenshots:
None
Threat Actors: greens99
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Stolen Payment Card Data, Dumps, Cloned Cards, and Financial Transfer Fraud Services
Category: Carding
Content: A threat actor operating under the alias ColdApollo on the cybercrime forum Breached is selling stolen payment card data including CVV records, skimmed dumps with PINs (Track 1 and Track 2), cloned cards, fullz (full identity records), and fraudulent Western Union transfers. Sample dump records are provided for victims associated with Barclays Bank (UK), Natixis Bank (France), CIBC (Canada), and Commonwealth Bank of Australia. The actor advertises across multiple geographies including the Unit
Date: 2026-05-03T00:42:05Z
Network: openweb
Published URL: https://breached.st/threads/amazon-carding-2026-full-pro-method-non-vbv-bins-drop-guide.86666/unread
Screenshots:
None
Threat Actors: greens99
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Stolen Payment Card Data, Dumps, Fullz, and Fraudulent Transfer Services by Threat Actor ColdApollo
Category: Carding
Content: Threat actor greens99 operating under the alias ColdApollo on the Breached forum is selling a range of fraudulent financial products including stolen credit card dumps with PINs (Track 1&2), non-VBV CVV cards, fullz (complete identity records), cloned physical cards, and fraudulent Western Union transfers. Products target victims across the United States, United Kingdom, Canada, Australia, and the European Union, with sample records exposed from Barclays Bank, Natixis, CIBC, and Commonwealth
Date: 2026-05-03T00:40:29Z
Network: openweb
Published URL: https://breached.st/threads/usa-canada-uk-eu-non-vbv-cards-grade-a-verified.86665/unread
Screenshots:
None
Threat Actors: greens99
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Stolen Payment Card Dumps, CVVs, Fullz, and Cloned Cards by Threat Actor ColdApollo
Category: Carding
Content: Threat actor greens99 operating under the alias ColdApollo is selling stolen payment card data including Track 1 and Track 2 magnetic stripe dumps with PINs, CVV records, fullz (full personal and financial details), cloned physical cards, and fraudulent Western Union transfers. Sample records include compromised cards issued by Barclays Bank (UK), Natixis Bank (France), CIBC (Canada), and Commonwealth Bank (Australia). Prices range from $15 per CVV to $80 per dump with PIN depending on card
Date: 2026-05-03T00:39:41Z
Network: openweb
Published URL: https://breached.st/threads/fresh-track-201-track-101-dumps-with-pins-available-for-atm-cashout-use-for-pos-machine-use-at-gas-station-use-for-carding-use-for-shopping.86664/unread
Screenshots:
None
Threat Actors: greens99
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of DJP Online (Indonesian Tax Authority) Database
Category: Data Leak
Content: A threat actor operating under the alias IRXPLOIT, claiming affiliation with Hacktivist Indonesia, has leaked data allegedly sourced from the Indonesian Directorate General of Taxes (DJP) online portal. The leaked sample contains what appear to be Indonesian National Identity Numbers (NIK) or taxpayer identification numbers. The data was made available freely on the Breached forum without any stated price.
Date: 2026-05-03T00:38:55Z
Network: openweb
Published URL: https://breached.st/threads/database-djp-online-go-id.86663/unread
Screenshots:
None
Threat Actors: IRXPLOIT
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Direktorat Jenderal Pajak (DJP)
Victim Site: djponline.go.id
Alleged Data Leak of 11 Million YouTube Comments Database
Category: Data Leak
Content: A threat actor operating under the alias zordssss has freely shared a SQLite database dump containing approximately 11 million YouTube comments scraped from around 18,000 videos. The database includes roughly 7 million unique user/author identifiers along with comment text, publication dates, like counts, and associated video metadata. The data was made available at no cost to members of the PwnForums cybercrime community.
Date: 2026-05-03T00:16:01Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-FREE-11-MILLIONS-YOUTUBE-COMMENTS
Screenshots:
None
Threat Actors: zordssss
Victim Country: United States
Victim Industry: Technology
Victim Organization: YouTube
Victim Site: youtube.com
Alleged leak of 182,000 Denmark email credentials combolist
Category: Data Leak
Content: A threat actor operating under the alias Maxleak has made available a combolist allegedly containing 182,000 email and password credential pairs associated with Danish users. The list is described as fresh and ultra-high quality (UHQ), dated June 8, 2025. The content is gated behind forum registration or login, suggesting it is being distributed freely within the forum community.
Date: 2026-05-03T00:11:34Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-182k-Denmark-Email-Pass-FRESH-UHQ-6-8-2025
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Denmark
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Denmark credential combolist
Category: Data Leak
Content: A threat actor operating under the alias Maxleak has made available a combolist allegedly containing over 39,000 email and password credential pairs associated with Denmark. The list is described as fresh and high quality, dated September 21, 2025. The content is gated behind forum registration or login, suggesting it is being distributed as a free leak to registered members.
Date: 2026-05-03T00:11:10Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6%E2%9C%A6-39k-Combo-%E2%9C%A6-Denmark-%E2%9C%A6-Email-Pass-%E2%9C%A6-FRESH-%E2%9C%A6-21-9-2025-%E2%9C%A6%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Denmark
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of multi-platform credential combolist including Netflix, Steam, Spotify and others
Category: Combo List
Content: A threat actor operating under the alias Ra-Zi has made available a combolist of approximately 200,000 email and password credential pairs purportedly valid for multiple platforms including Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify. The credentials are shared via a hidden download link on the forum, with the actor also promoting a Telegram channel and a cracking-related website. Additionally, the actor advertises the sale of high-quality combolists in various formats including email:
Date: 2026-05-03T00:10:51Z
Network: openweb
Published URL: https://demonforums.net/Thread-200k-Fresh-HQ-Combolist-Email-Pass-Netflix-Minecraft-Uplay-Steam-Hulu-spotify–202595
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Entertainment and Gaming
Victim Organization: Multiple (Netflix, Minecraft, Uplay, Steam, Hulu, Spotify)
Victim Site: Unknown
Alleged leak of mixed-country education sector credential combolist
Category: Combo List
Content: A threat actor operating under the alias HQcomboSpace has made available a combolist containing approximately 111,609 credential entries on the cracking forum CrackingX. The leaked data is described as a mixed-country collection targeting the education sector. The combolist is being freely distributed via a Mega.nz file-sharing link.
Date: 2026-05-03T00:10:01Z
Network: openweb
Published URL: https://crackingx.com/threads/74169/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of Quranic Arabic Learning Platform by MR~TNT of QATAR911
Category: Defacement
Content: The threat actor MR~TNT, affiliated with the group QATAR911, conducted a mass defacement attack targeting do.quranic-arabic.org, a platform associated with Quranic Arabic education. The attack occurred on May 3, 2026, and was carried out on a Linux-based server. This incident is part of a mass defacement campaign attributed to the same actor and team.
Date: 2026-05-03T00:01:58Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248842
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Education / Religious
Victim Organization: Quranic Arabic
Victim Site: do.quranic-arabic.org
Alleged leak of 4 million Moroccan email addresses
Category: Data Leak
Content: A threat actor operating under the alias aliladz213 has made available an alleged dataset containing approximately 4 million Moroccan email addresses on the AE leaked databases forum. The source organization and industry of the data remain unknown due to limited post content. The data appears to consist solely of email addresses with no additional fields confirmed.
Date: 2026-05-03T00:00:48Z
Network: openweb
Published URL: https://altenens.is/threads/starcheck-mark-button-morocco-4m-moroccan-email-addressescheck-mark-buttonstar.2933223/unread
Screenshots:
None
Threat Actors: aliladz213
Victim Country: Morocco
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown