[May-07-2026] Daily Cybersecurity Threat Report

1. Executive Summary This report provides a comprehensive analysis of cyber threat activity observed between May 6 and May 7, 2026. The intelligence is derived from underground forums, Telegram channels, and clear web sources. The threat landscape during this period is characterized by massive data leaks affecting government and corporate entities, a highly prolific credential stuffing ecosystem distributing hundreds of millions of compromised records, widespread distribution of infostealers and Remote Access Trojans (RATs), and targeted website defacements. Notably, the period also saw threats to critical infrastructure, including an alleged compromise of an Italian water treatment facility.

2. High-Impact Data Breaches & Data Leaks

The dataset reveals significant compromises across multiple sectors, with threat actors freely distributing or selling vast quantities of Personally Identifiable Information (PII).

Government and Public Sector

Shanghai National Police (China): A threat actor known as DataSellers offered a massive database allegedly containing records on 960 million Chinese residents and billions of case records. The data purportedly includes names, addresses, national ID numbers, and mobile numbers. The actor claimed this was a subset of a 26TB dataset.
Ecuadorian Civil Registry via CACPE Pastaza: Actor GondorPe claimed an unauthenticated API endpoint exposed over 18 million records from the Ecuadorian Civil Registry. The exposed data allegedly includes full names, national ID numbers, addresses, and marital status, queryable in real-time.
Indonesian National Police (POLRI): An internal database containing 2,006 personnel records was freely distributed by XZeeoneOfc. The JSON file included ranks, full names, unit assignments, and contact information.
French Family Benefits Agency (CAF): Actor eztocard leaked an alleged dump containing approximately 22 million records. The JSON-formatted data included names, birthdates, gender, and beneficiary identifiers.
Khandbari Municipality (Nepal): A full SQL dump containing over 1.5 million rows was leaked by $k1dz. It exposed birth, death, marriage, and land ownership records in Nepali and English, alongside internal IP addresses.
Argentine Government: EsqueleSquad (actor Skull1172) claimed to have breached multiple .gob.ar and .edu.ar domains, leaking 80 million lines of credentials, DNI numbers, and license plates.
Mexican Civilian Records: Over 24 million records were freely distributed via anonymous file hosting by NormalLeVrai.
Chinese Medical Insurance (zhigong.yibao.cn): MDGhost advertised 80 million employee medical insurance records from 2025-2026, containing names, addresses, and national IDs.
Lampung Tengah Regional Government (Indonesia): A sample database containing government employee ID numbers and phone numbers was leaked by Mr. Hanz Xploit.

Corporate, Retail, and Technology

Aman Resorts: The ShinyHunters group allegedly leaked over 507,000 Salesforce records (representing 215,000 unique users) belonging to the luxury hospitality chain. The JSONL data included guest names, contact details, and account metadata.
Vimeo, Inc.: ShinyHunters also claimed a breach via third-party vendor Anodot, exposing 102,267 unique email addresses and 296,396 total records after Vimeo reportedly refused a ransom.
IUNGO Cloud (Brazil): A 73GiB PortaBilling database containing 21 million customer records (including call details and passwords) was offered for sale by Fronx. The actor later leaked 21 million email addresses from this set for free.
Media Galaxy (Romania): Actor moxzey attempted to sell a database of 86,283 records for $300, containing names, addresses, and payment methods.
Leroy Merlin (France): A database of 367,462 loyalty program records (Leroy&moi) was put up for sale by Lagui.
SIPEF (Belgium): BlackoutNomad leaked an employee directory for the agro-industrial company, exposing details of staff across Indonesia, Papua New Guinea, Ivory Coast, and Belgium.
Dulces Beny (Mexico): Over 2GB of internal business documents, including forecasts and inventory files, were leaked by KurdishWorm.
USAGummies: KurdishWorm also offered JSON files containing operational and financial records, including roughly 43 million combined entries.
MyCloud: A massive 241GB database dump was advertised by Xyph0rix.
Twitch.tv: Actor Fortitude offered a scraped dataset of 14,000 records containing streamer usernames, emails, and full names, accepting only Monero.

Financial and Insurance Services

Zenith Bank Plc (Nigeria): Actor daresc2 freely distributed a dump containing 1.8 million records, including account numbers, holdings, and contact info.
KGI Securities (Hong Kong): A database of over 5 million rows, including stock names, trade volumes, and contact details, was offered by FuckSpy.
Albrok (Spain): Customer and employee data, including IBANs and ID numbers, was offered for sale by Theblueanonymouse.

Education Sector

MoreIdeas General Trading LLC (UAE): A dump of 787,217 student records was shared by fuckiewuckie.
Firm Foundation Schools (Nigeria): PII for over 600 students, staff bcrypt passwords, and academic results were leaked by $k1dz.
Altamash Institute of Dental Medicine (Pakistan): An Excel file with 200 student records was leaked by Ph.Bl4ke.

Aggregated and Uncategorized Leaks

250 Million SSNs: A forum post by Sift alleged a breach of 250 million Social Security Numbers, though no victim organization was specified.
Instagram Scrape: A dataset of over 17 million records, allegedly from a 2026 API scrape, was shared by Sift.
XSS.IS Forum Dump: A 600GB dump of the Russian cybercrime forum was leaked by Xyph0rix.
Massive French Collection: Actor Kaminski shared a 3GB archive containing 25 databases targeting French entities, including COVID-19 health records and government platform data.

3. The Credential Stuffing Ecosystem (Combo Lists)

A vast portion of the threat activity involved the distribution of “Combo Lists” (email/username and password pairs) used for automated credential stuffing attacks.

The Targeting of Hotmail and Microsoft Infrastructure

The dataset shows a disproportionate targeting of Hotmail, Outlook, and MSN credentials. While not indicative of a breach of Microsoft itself, threat actors are aggressively aggregating and testing these accounts.

Actor AMGCOMBOS distributed a massive list of 10 million Hotmail credentials.
Actor Dhyazribi001 consistently monetized Hotmail credentials by selling access to private Telegram channels offering UHQ (ultra-high quality) Hotmail lists alongside SMTP, IMAP, and cPanel access.
Dozens of smaller drops ranging from 300 to 93,000 Hotmail lines were shared by actors like ValidMail , UniqueComb , Ebbicloud , and GoldMailAccs.

Platform-Specific Targeting by MetaCloud3

Threat actor MetaCloud3 operated a commercial “combo cloud” service, releasing massive datasets specifically curated to target distinct digital platforms:

Gaming: 829,000 credentials targeting Uplay, Ubisoft, Xbox, and PSN; 720,000 credentials targeting Eneba and G2A gift cards.
Streaming & Entertainment: 809,000 credentials for Hulu, Disney+, Netflix, and HBO Go; 863,000 for SoundCloud, Spotify, and Apple Music.
Adult Content: 837,000 credentials for Xvideos and FetLife; 820,000 for Pornhub.
Cloud Storage: 893,000 entries targeting OneDrive.

Geographic Targeting by Maxleak and CobraEgy

Actors Maxleak and CobraEgy distributed large-scale, country-specific combo lists, indicating geographically focused account takeover campaigns:

Russia: 1,085,000 credentials.
Peru: 113,000 credentials.
Philippines: 97,000 credentials.
Portugal: 90,000 credentials.
Romania: 46,000 credentials.
Serbia: 16,000 credentials.

Mass Distributions

Actor agha24 distributed an 8 million URL:log:pass collection , a 650,000 list , and a 700,000 list.
Actor lexityfr distributed over 8 million URL:Log:Pass lines as “Part 319” of an ongoing series.
Actor JGH231 offered a list claiming to contain 100 million URL:email:password pairs.

4. Website Defacement Campaigns

Defacement activity was highly prominent, driven primarily by three distinct entities.

MR~TNT (QATAR911) Operating under the hacktivist banner QATAR911, MR~TNT conducted mass defacement operations primarily against Linux-based web servers. Targets included:

eg-service.online (Egypt).
repairbizcredit.com (US Financial Services).
takestwototango.id (Indonesia).

DimasHxR The most prolific individual defacer in the dataset, DimasHxR, focused on targeted, single-page defacements (often targeting readme.txt or b.html files) across global domains without claiming a specific team affiliation or motive. Targets included:

testmagento2.it (Italian E-commerce, targeting the Magento media directory).
tech-16.co.jp (Japanese Technology).
idmgpu.cn (China).
auproject.in and akfilms.in (India).
zone-mobile.com (Telecommunications).
pearlsofpersia.com (Retail).

Zod

Threat actor Zod specifically targeted the logistics and transportation sector, executing defacements against:

www.mateenmovers.com and trk.mateenmovers.com.
www.mateenexpress.info.

5. Malware, Initial Access, and Stealer Logs

The commoditization of malware and initial access brokers remains a critical threat vector.

Infostealers and RATs (Remote Access Trojans)

Threat actors actively distributed cracked and premium versions of sophisticated malware:

XLoader: A cross-platform (Windows/macOS) botnet written in C/Assembly with credential recovery and a free Java binder, sold for up to $349.
Invicta Stealer & Nimrod Stealer: Distributed by sunshineking, these infostealers are designed to extract browser passwords, credit cards, and cryptocurrency wallets.
Mobile Threats: A cracked version of SpyNote X Pro v7.2.0.0, an Android RAT, was distributed by sunshineking , while redJo3n offered CraxRAT Premium for full Android device access.
Crypto Clipper 2026: Marketed by cryptoking07, this malware silently replaces copied cryptocurrency wallet addresses (BTC, ETH, USDT) and uses AI to bypass antivirus detection.
C2 Frameworks: Matrix Push C2 was advertised as a fileless, browser-native framework for real-time target intelligence.

Stealer Logs and Initial Access

The X Forum Bot flooded the market with highly specific stealer logs targeting administrative and API endpoints, indicating a structured pipeline from malware infection to credential monetization. Targets included:

ants.gouv.fr (French government portal, 59,913 lines).
aplicaciones.mininter.gob.pe (Peruvian Ministry of Interior SIGE portal).
app.getweave.com (Admin endpoints).
API keys for platforms like Ingenico and CCAvenue.

Additionally, initial access to corporate infrastructure was brokered, such as compromised FedEx and UPS accounts with billing enabled , and webshell/cPanel access sold by the Pharaohs Team.

6. Critical Infrastructure & Advanced Threats

Italian Water Treatment Facility Compromise: A severe threat to critical infrastructure was reported when “The Z-Pentest Alliance” claimed unrestricted access to a Siemens KTP1200 Basic controller in Bagnoregio, Italy. The actors claimed control over motor valves, quartz filters, and reverse osmosis systems, explicitly stating their capability to disrupt water purification as part of the “#OpItaly” campaign.
MuddyWater APT: Security reports detailed a cyber operation attributed to the Iranian group MuddyWater. The actors used Microsoft Teams screen-sharing for social engineering to gain initial access, deployed AnyDesk and DWAgent for persistence, and disguised their espionage activities as a ransomware attack.
LLM-Driven 0-Day Discovery: A researcher (RedQueen) published a methodology using a multi-agent Large Language Model (LLM) workflow to discover 0-day vulnerabilities in open-source projects. They successfully identified CVE-2026-21721 in Grafana.
API Key Leaks: Actor JVZU freely distributed Claude API keys, claiming they provided access to over 1.2 million tokens for Claude Opus and other Anthropic models.

7. Carding and Cybercrime Services

Financial fraud and supporting services remained highly active.

Carding Operations: Actors like Maybetop, Hannminessd, and Rebellion sold stolen credit cards, CVVs, Track 101/201 dumps, and fullz (full identity profiles including SSN/DOB) for the US, UK, Australia, and Canada. Non-VBV (Verified by Visa) cards were explicitly marketed for linking to Apple Pay, CashApp, and PayPal.
Cybercrime Services: The ecosystem is supported by various service providers. Offerings included OSINT person-search services in France and Switzerland (including alleged police file access) , automated Gmail account creation tools that bypass phone verification , and the “MacanSell” digital goods resale platform offering crypto checkout. Furthermore, actors sold aged WhatsApp Business accounts intended for bulk spam and cold outreach.

Conclusion & Strategic Threat Assessment

The intelligence gathered from underground forums and channels between May 6 and May 7, 2026, reveals a highly active, industrialized, and deeply interconnected cybercrime ecosystem. The data underscores a threat landscape where the barriers to entry for malicious actors are continually lowering, facilitated by the rampant commoditization of compromised data, initial access, and automated attack tools.

Based on the analysis of these incidents, several critical trends and strategic takeaways emerge:

The Credential Supply Chain is the Backbone of Cybercrime: The overwhelming volume of combo lists—totaling hundreds of millions of records—demonstrates that credential stuffing and Account Takeover (ATO) are foundational to current threat operations. The disproportionate targeting of Microsoft infrastructure (specifically Hotmail and Outlook) suggests actors are aggressively harvesting and validating legacy accounts to bypass security filters. Furthermore, the curation of platform-specific mega-lists (such as those for gaming, streaming, and adult content) indicates a highly structured market catering to specialized fraud.
Escalating Threats to National and Critical Infrastructure: The dataset highlights a alarming trend of breaches moving beyond standard retail targets to highly sensitive government and critical infrastructure systems. The exposure of massive national databases—including hundreds of millions of citizens in China , Ecuador , and France —poses a severe risk to national security and individual privacy. Most critically, the alleged unauthorized access to an Italian water treatment facility underscores the physical danger posed by vulnerable industrial control systems (ICS).
Infostealers Fuel the Ecosystem: The direct pipeline from malware infection to credential monetization is clearly visible. The widespread distribution of stealer logs (often containing API keys, URLs, emails, and passwords) serves as the primary feeder for the massive combo lists seen on the market. The availability of sophisticated, sometimes cracked, malware like XLoader, SpyNote, and Invicta empowers even low-skilled actors to execute data extraction campaigns.
Persistent Defacement and Hacktivism: While financially motivated cybercrime dominates the underground forums, the sheer volume of website defacements by actors like DimasHxR and the QATAR911 group shows that reputation-seeking vandalism and hacktivism remain constant background threats, often exploiting poorly secured CMS platforms and Linux servers.

Final Outlook

The events of early May 2026 illustrate a threat environment where data is breached, repackaged, and weaponized at an unprecedented scale. For defenders, this intelligence dictates an urgent pivot from purely reactive perimeter defense to proactive credential monitoring. Organizations must enforce robust, phishing-resistant Multi-Factor Authentication (MFA), secure vulnerable API endpoints, and monitor dark web channels for exposure to mitigate the risks posed by this industrial-scale data compromise.

Detected Incidents Draft Data

Alleged data breach of mediagalaxy.ro
Category: Data Breach
Content: A threat actor is selling an alleged users database from mediagalaxy.ro, a Romanian electronics retailer, for $300. The database contains 86,283 records including full names, phone numbers, physical addresses, and payment method types. The seller claims the data is dated May 4, 2026, and is offering it exclusively to a single buyer.
Date: 2026-05-06T23:42:09Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-Romania-mediagalaxy-ro-86-283
Screenshots:
None
Threat Actors: moxzey
Victim Country: Romania
Victim Industry: Retail
Victim Organization: Media Galaxy
Victim Site: mediagalaxy.ro
Alleged data breach involving 250 million SSNs
Category: Data Breach
Content: A forum post titled 250m SSN breach was shared on PF – Databases, allegedly involving 250 million Social Security Numbers. No additional content or victim details were available in the post.
Date: 2026-05-06T23:37:22Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-250m-SSN-breach
Screenshots:
None
Threat Actors: Sift
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of MoreIdeas General Trading LLC student database
Category: Data Leak
Content: A threat actor has made available a database allegedly belonging to MoreIdeas General Trading LLC, a Dubai-based education and edtech company. The dump purportedly exposes records of 787,217 students and is described as an expanded version of a previously released dataset. The data is accessible to forum members who reply to the thread.
Date: 2026-05-06T23:35:38Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-moreideas-ae-Students-Database-787k-Download
Screenshots:
None
Threat Actors: fuckiewuckie
Victim Country: United Arab Emirates
Victim Industry: Education
Victim Organization: MoreIdeas General Trading LLC
Victim Site: moreideas.ae
Combo List: 1,000 Hotmail credential hits
Category: Combo List
Content: A forum user is distributing a combo list of 1,000 alleged Hotmail credential hits. The content is gated behind registration or login. The credentials are intended for use in credential stuffing against Hotmail accounts.
Date: 2026-05-06T23:27:42Z
Network: openweb
Published URL: https://patched.to/Thread-1000x-hotmail-hits-by-bas-123y
Screenshots:
None
Threat Actors: Blbas123
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 263K credentials allegedly targeting cryptocurrency services
Category: Combo List
Content: A threat actor is distributing a combo list of over 263,000 email:password pairs purportedly associated with cryptocurrency service accounts. The content is hidden behind a login/register wall and is promoted via a Telegram channel (@atezhub).
Date: 2026-05-06T23:26:53Z
Network: openweb
Published URL: https://patched.to/Thread-263k-crypto-data-mail-pass-by-atezhub
Screenshots:
None
Threat Actors: dumpzeta
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list available on forum
Category: Combo List
Content: A threat actor is distributing a Hotmail combo list on a cybercrime forum. The content is hidden behind a registration or login requirement, limiting visibility into record count or data specifics. This appears to be a credential list intended for account takeover or credential stuffing activity.
Date: 2026-05-06T23:25:56Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%B0uhq%E2%9A%9C%EF%B8%8Fcombo%E2%9A%9C%EF%B8%8Fhotmail%F0%9F%94%B0
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 650K URL:Log:Pass combo list
Category: Combo List
Content: A forum user shared a combo list containing approximately 650,000 URL:log:pass credential pairs, dated 07 May. The content is hidden behind a registration/login gate. No specific victim organization or country is identified.
Date: 2026-05-06T23:25:34Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%90-650k-url-log-pass%E2%AD%90-07-may
Screenshots:
None
Threat Actors: agha24
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 160K email:password combo list targeting streaming and gaming services
Category: Combo List
Content: A threat actor is offering a 160K combo list of email:password credentials marketed as fresh and high quality, with claimed hits against services including Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify. The post also advertises broader combo lists by mail provider and country. Contact is directed via Telegram for purchase.
Date: 2026-05-06T23:22:40Z
Network: openweb
Published URL: https://demonforums.net/Thread-160k-Fresh-HQ-Combolist-Email-Pass-Netflix-Minecraft-Uplay-Steam-Hulu-spotify–203164
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged compromise of Peruvian government domain diresalalibertad.gob.pe
Category: Defacement
Content: A Peruvian government domain (diresalalibertad.gob.pe) has been allegedly compromised and marked as sold on Pharaohs Team market. The exact nature of the compromise (defacement, access sale, data breach) is not explicitly stated but the #sold tag indicates a completed transaction.
Date: 2026-05-06T23:21:43Z
Network: telegram
Published URL: https://t.me/c/3205199875/543
Screenshots:
None
Threat Actors: Pharaohs Team
Victim Country: Peru
Victim Industry: Government
Victim Organization: diresalalibertad.gob.pe
Victim Site: diresalalibertad.gob.pe
Sale of combo list targeting PayPal
Category: Combo List
Content: A threat actor is distributing a combo list of 430,000 email:password pairs marketed as UHQ and fresh, intended for credential stuffing against PayPal. The post is gated behind a reply requirement, obscuring the actual data content.
Date: 2026-05-06T23:15:04Z
Network: openweb
Published URL: https://altenens.is/threads/star-430-000-star-mailpass-high-voltageuhq-database-good-for-paypalhigh-voltage-fresh-data.2935730/unread
Screenshots:
None
Threat Actors: Prince1001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list with 535,000 mail:pass credentials
Category: Combo List
Content: A threat actor on AE forum is sharing a combo list of 535,000 mail:pass credentials marketed as UHQ and suitable for credential stuffing across multiple targets. Access to the list requires a reply to the thread.
Date: 2026-05-06T23:14:09Z
Network: openweb
Published URL: https://altenens.is/threads/star-535-000-star-mailpass-high-voltageuhq-database-good-for-all-target-high-voltage.2935729/unread
Screenshots:
None
Threat Actors: Prince1001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Livelihood Foundation (Sakhi system)
Category: Data Leak
Content: A threat actor has leaked data allegedly sourced from the Livelihood Foundation, referencing Indias Sakhi system. The data was made available via a Limewire link, with an accompanying Facebook post. No specific record count or data fields were disclosed in the forum post.
Date: 2026-05-06T23:11:45Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-SCORE-Livelihood-Foundation
Screenshots:
None
Threat Actors: N0XV3RITAS
Victim Country: India
Victim Industry: Government
Victim Organization: Livelihood Foundation
Victim Site: Unknown
Sale of Matrix Push C2 malware framework with fileless capabilities
Category: Malware
Content: A threat actor operating as Matrix-432 is advertising a command-and-control framework called Matrix Push C2 on HackForums. The tool is described as browser-native, fileless, and capable of real-time target intelligence and cross-platform control for spreading malware. Contact is offered via Telegram, TOX, and HackForums contracts, with a disclaimer framing it as educational.
Date: 2026-05-06T23:06:32Z
Network: openweb
Published URL: https://hackforums.net/showthread.php?tid=6300595
Screenshots:
None
Threat Actors: Matrix-432
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Indonesia Ministry of Energy and Mineral Resources (ESDM) Fuel Oil Distributor Database
Category: Data Leak
Content: A threat actor has freely shared what is claimed to be a database from Indonesias Ministry of Energy and Mineral Resources (ESDM), containing a list of fuel oil distributors for general commercial business entities for the second semester of 2025. The leaked data includes distributor names, office addresses, NIB/TDP registration numbers, NPWP tax IDs, facility addresses, and distribution capacity details. The data was made available as a downloadable PDF on a cybercrime forum.
Date: 2026-05-06T22:57:47Z
Network: openweb
Published URL: https://breached.st/threads/leaked-database-of-the-ministry-of-energy-and-mineral-resources-esdm-list-of-distributors-of-general-business-entities-and-fuel-oil.86859/unread
Screenshots:
None
Threat Actors: MrLucxy
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Ministry of Energy and Mineral Resources (ESDM)
Victim Site: esdm.go.id
Alleged data leak of Instagram user data via API scrape
Category: Data Leak
Content: A threat actor has freely shared a dataset allegedly obtained via Instagrams API in 2026, containing over 17 million records. The data includes usernames, full names, user IDs, email addresses, phone numbers, countries, and partial location information in JSON format. The post requires forum replies to access the hidden download link.
Date: 2026-05-06T22:32:23Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Instagram-2026-api-scrape
Screenshots:
None
Threat Actors: Sift
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Instagram
Victim Site: instagram.com
Alleged data leak of BitMart cryptocurrency exchange user email database
Category: Data Leak
Content: A threat actor has shared an alleged email database attributed to BitMart, a cryptocurrency exchange, containing approximately 657,000 records. The content is gated behind forum registration or login. No additional details regarding the data fields or breach origin are provided in the post.
Date: 2026-05-06T22:25:20Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-657K-Bitmart-Crypto-Email-Database
Screenshots:
None
Threat Actors: daresc2
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: BitMart
Victim Site: bitmart.com
Alleged data leak of US personal information database
Category: Data Leak
Content: A threat actor is sharing a US personal information database covering multiple states including Wisconsin, Texas, Virginia, and others. The dataset contains fields such as full name, address, date of birth, email, and mobile number. The source organization of the data is not identified in the post.
Date: 2026-05-06T22:24:39Z
Network: openweb
Published URL: https://leakforum.io/Thread-Usa-Personal-Info-Database
Screenshots:
None
Threat Actors: daresc2
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Canada residential consumer database
Category: Data Leak
Content: A threat actor has made available a CSV database containing approximately 10 million Canadian residential consumer records. The compromised data includes names, addresses, cities, provinces, postal codes, and phone numbers. The database is offered as a free download behind a registration/login wall on the forum.
Date: 2026-05-06T22:23:54Z
Network: openweb
Published URL: https://leakforum.io/Thread-Canada-Residential-Database-10-Million
Screenshots:
None
Threat Actors: daresc2
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of French business CRM platform ideepourpro.com
Category: Data Leak
Content: A threat actor has leaked an alleged SQL database dump attributed to ideepourpro.com, a French CRM platform, containing over 200,000 B2B business contacts. The dataset reportedly includes full names, business email addresses, phone numbers, company details, job titles, annual revenue figures, and CRM activity records. The 1.07GB file is being made available freely on a leak forum.
Date: 2026-05-06T22:23:13Z
Network: openweb
Published URL: https://leakforum.io/Thread-French-Business-CRM-Database-with-200K-Contacts
Screenshots:
None
Threat Actors: daresc2
Victim Country: France
Victim Industry: Technology
Victim Organization: ideepourpro.com
Victim Site: ideepourpro.com
Free distribution of stealer logs (2GB, June 2026)
Category: Logs
Content: A forum user is distributing approximately 2GB of stealer logs dated June 5, 2026. The content is hidden behind a registration/login wall, limiting further detail. No specific victim organization or region is identified.
Date: 2026-05-06T22:22:19Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%90%EF%B8%8Flogs-fresh-2gb-from-06-05-2026%E2%AD%90%EF%B8%8F-%E2%98%81
Screenshots:
None
Threat Actors: blackcloudd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Zenith Bank database with 1.8 million records
Category: Data Leak
Content: A threat actor is freely distributing an alleged database dump attributed to Zenith Bank Plc, a major Nigerian financial institution. The leaked dataset purportedly contains account numbers, full names, addresses, state names, holdings, email addresses, and mobile numbers for approximately 1.8 million individuals.
Date: 2026-05-06T22:22:01Z
Network: openweb
Published URL: https://leakforum.io/Thread-Zenith-Bank-1-8-Million-Database-Free-Download
Screenshots:
None
Threat Actors: daresc2
Victim Country: Nigeria
Victim Industry: Finance
Victim Organization: Zenith Bank Plc
Victim Site: zenithbank.com
Alleged leak of Claude API keys with token access
Category: Data Leak
Content: A threat actor is freely distributing alleged Claude API keys, claiming to provide access to 1 million tokens across models including Claude Opus 4.7. The post offers a free sample in exchange for user engagement on the forum.
Date: 2026-05-06T22:21:17Z
Network: openweb
Published URL: https://patched.to/Thread-nova-%E2%AD%90-1-million-tokens-claude-opus-4-7-and-more-api-key-%E2%AD%90
Screenshots:
None
Threat Actors: JVZU
Victim Country: United States
Victim Industry: Technology
Victim Organization: Anthropic
Victim Site: anthropic.com
Alleged combo list of 1,700 mixed email credentials targeting cloud services
Category: Combo List
Content: A forum user is distributing a combo list of approximately 1,700 mixed email credentials (MIXMAIL) purportedly usable for cloud services (ONE CLOUD). The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-06T22:20:48Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F1700-LINE-MIXMAIL-ONE-CLOUD-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F–20169
Screenshots:
None
Threat Actors: daresc2
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Hotmail combo list with SMTP and cPanel access
Category: Combo List
Content: A threat actor is selling access to a private channel offering UHQ Hotmail combo lists along with SMTP, IMAP, cPanel, and Laravel credentials marketed as fresh. Pricing tiers range from $15 for 3 days to $50 for one month of access via a Telegram channel.
Date: 2026-05-06T22:20:26Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%B0login%E2%9A%9C%EF%B8%8Flaravel%E2%9A%9C%EF%B8%8Fsmtp%F0%9F%94%B0
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: UHQ Hotmail credentials shared on leak forum
Category: Combo List
Content: A threat actor shared a combo list advertised as containing 4,629 valid UHQ Hotmail credentials on a leak forum. The content is hidden behind a registration or login wall. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-06T22:19:47Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%9A%A1%E2%9A%A1-X4629-Valid-UHQ-Hotmail-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: daresc2
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 5K credentials
Category: Combo List
Content: A forum member is offering a combo list of 5,000 UHQ Hotmail credentials. The content is hidden behind a registration or login wall. No further details about the datas origin or verification status are available.
Date: 2026-05-06T22:19:23Z
Network: openweb
Published URL: https://patched.to/Thread-5k-uhq-hotmail
Screenshots:
None
Threat Actors: Blbas123
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 1,205 credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 1,205 purported high-quality Hotmail credentials. The content is hidden behind a registration or login requirement on the forum. These credentials are likely intended for credential stuffing or account takeover activity.
Date: 2026-05-06T22:18:55Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%9A%A1%E2%9A%A1-X1205-HQ-Hotmail-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: daresc2
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of United States email:password credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 43,000 email:password credential pairs purportedly sourced from United States users. The credentials are marketed as fresh. Content is hidden behind registration or login on the forum.
Date: 2026-05-06T22:17:50Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%9C%A6%E2%9C%A6-43-K-%E2%9C%A6-United-States-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6
Screenshots:
None
Threat Actors: daresc2
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 3,000 credential lines
Category: Combo List
Content: A threat actor is offering 3,000 Hotmail/Live/Outlook credential lines via a Telegram channel, advertising daily free releases of combo lists, logs, cookies, and leaked data. The post covers mixed regional combos including EU, UK, FR, PL, DE, and IT. Purchases can be arranged via Telegram contact.
Date: 2026-05-06T22:12:13Z
Network: openweb
Published URL: https://altenens.is/threads/3k-hotmail-lines-mail-access.2935722/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email combo list with 10,000 lines
Category: Combo List
Content: A threat actor is distributing a mixed combo list of 10,000 email credentials including Hotmail, Live, Outlook, and MSN accounts from multiple European countries. The post advertises daily free releases of ULP, logs, cookies, and mail access via a Telegram channel. The actor also offers additional content for purchase via Telegram.
Date: 2026-05-06T22:11:30Z
Network: openweb
Published URL: https://altenens.is/threads/10k-mix-lines-mail-access.2935721/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 500,000 credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list of 500,000 email and password pairs, marketed as UHQ (ultra-high quality) and suitable for credential stuffing against multiple targets. Access to the content requires a forum reply.
Date: 2026-05-06T22:10:48Z
Network: openweb
Published URL: https://altenens.is/threads/star-500-000-star-mailpass-high-voltageuhq-database-good-for-all-target-high-voltage.2935726/unread
Screenshots:
None
Threat Actors: Prince1001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 1.575 million credentials marketed for Spotify, Facebook, and Reddit
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1.575 million email and password pairs, marketed as suitable for credential stuffing against Spotify, Facebook, and Reddit. The content is gated behind a reply requirement on the forum.
Date: 2026-05-06T22:10:03Z
Network: openweb
Published URL: https://altenens.is/threads/star-1-575-000-star-mailpass-high-voltageuhq-database-good-for-spotify-and-facebook-and-reddit-high-voltage.2935727/unread
Screenshots:
None
Threat Actors: Prince1001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale and distribution of mixed stealer logs and combo lists via Telegram
Category: Logs
Content: A threat actor is advertising 1.6GB of mixed stealer logs, cookies, combo lists, and leaked data via a Telegram channel. The offering includes credentials for Hotmail, Live, Outlook, and MSN accounts, as well as EU, UK, FR, PL, DE, and IT regional data. Some content is distributed freely, with additional material available for purchase via Telegram.
Date: 2026-05-06T22:05:34Z
Network: openweb
Published URL: https://altenens.is/threads/1-6gb-full-logs.2935725/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale and distribution of URL:Login:Password combo lists from stealer logs
Category: Logs
Content: A threat actor is offering free and paid URL:login:password credential lines sourced from stealer logs, advertised as a 4GB dataset. The offering includes mixed regional combos (EU, UK, FR, PL, DE, IT), Hotmail/Live/Outlook/MSN credentials, cookies, and cloud data distributed daily via Telegram. The actor directs interested buyers to a Telegram bot for purchases.
Date: 2026-05-06T22:04:52Z
Network: openweb
Published URL: https://altenens.is/threads/4gb-url-login-pass-lines-from-logs.2935724/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Gmail Account Creator Tool
Category: Services
Content: A forum user is advertising a Gmail account creator program, directing interested buyers to contact them via Telegram. The post contains hidden content requiring a reply to view, suggesting it may include download links or additional details. The offering appears to be a commercial service for automated account creation.
Date: 2026-05-06T22:03:42Z
Network: openweb
Published URL: https://altenens.is/threads/gmail-account-creator-program-new-2026.2935719/unread
Screenshots:
None
Threat Actors: GHOSTATN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of stealer logs (5,444 entries)
Category: Logs
Content: A threat actor operating under the alias UP_DAISYCLOUD has freely distributed a collection of 5,444 stealer logs via a Pixeldrain file-sharing link. The logs are marketed as fresh and dated May 7. No specific victim organization or country is identified.
Date: 2026-05-06T21:50:33Z
Network: openweb
Published URL: https://darkforums.su/Thread-%F0%9F%9A%80-5444-LOGS-CLOUD-%E2%98%81-07-MAY-%E2%9D%A4%EF%B8%8F-FRESH-LOGS%E2%9D%97%EF%B8%8F
Screenshots:
None
Threat Actors: UP_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Dulces Beny (Mexican confectionery company)
Category: Data Leak
Content: A threat actor known as KurdishWorm has freely shared over 2GB of internal business documents allegedly belonging to Dulces Beny, a Mexican confectionery company. The leaked data includes spreadsheets, forecasts, cost reports, inventory files, vendor records, and sales planning documents spanning multiple years. The actor noted the contents were not fully reviewed prior to release.
Date: 2026-05-06T21:47:14Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-Mexican-Company-Full-Documents-Fresh-Exclusive
Screenshots:
None
Threat Actors: KurdishWorm
Victim Country: Mexico
Victim Industry: Retail
Victim Organization: Dulces Beny
Victim Site: dulcesbeny.com
Alleged data breach of USAGummies
Category: Data Breach
Content: A threat actor is offering an alleged database dump from USAGummies (usagummies.com), described as exclusive and fresh. The leaked data includes multiple JSON files covering operational, financial, email, and user records, with notable files such as email_events.json (~23M records) and open_brain_entries.json (~20M records). The content is gated behind a reply or account upgrade on the forum.
Date: 2026-05-06T21:45:46Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-USAGummies-database-exclusive-fresh
Screenshots:
None
Threat Actors: KurdishWorm
Victim Country: United States
Victim Industry: Retail
Victim Organization: USAGummies
Victim Site: usagummies.com
Alleged data breach of Leroy Merlin France
Category: Data Breach
Content: A threat actor is selling an alleged database dump from Leroy Merlin Frances loyalty program (Leroy&moi). The dataset reportedly contains 367,462 records including full names, birthdates, phone numbers, email addresses, postal addresses, loyalty points, and web account activity. The actor claims the data is fresh and has not been previously circulated.
Date: 2026-05-06T21:32:59Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-FR-FRENCH-DATABASE-LEROYMERLIN
Screenshots:
None
Threat Actors: Lagui
Victim Country: France
Victim Industry: Retail
Victim Organization: Leroy Merlin
Victim Site: leroymerlin.fr
Alleged data breach of peek-kw.com
Category: Data Breach
Content: A threat actor is selling a database allegedly sourced from peek-kw.com, a Kuwaiti website, containing 93,147 records. Sample data includes full names, email addresses, and phone numbers. The database is priced at $90 and advertised as a single-sale listing.
Date: 2026-05-06T21:30:38Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-Kuwait-peek-kw-com-93-147
Screenshots:
None
Threat Actors: moxzey
Victim Country: Kuwait
Victim Industry: Unknown
Victim Organization: Peek Kuwait
Victim Site: peek-kw.com
Alleged data leak of app3.transmitenota.com.br
Category: Data Leak
Content: A threat actor known as Tanaka claims to have leaked a SQL database from app3.transmitenota.com.br, containing over 20 million rows and approximately 141,000 email addresses. The data is made available as a free download to forum members who reply to the thread, with a sample posted to an external paste site.
Date: 2026-05-06T21:26:23Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-app3-transmitenota-com-br%C2%A0-leak
Screenshots:
None
Threat Actors: Tanaka
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Transmitenota
Victim Site: transmitenota.com.br
Combo List targeting Hotmail accounts
Category: Combo List
Content: A threat actor is distributing a combo list of 1,302 Hotmail credentials marketed as UHQ (ultra-high quality). The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-06T21:18:21Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1302x-hotmail-login-uhq
Screenshots:
None
Threat Actors: BuggracK
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 2,000 Hotmail credential combos
Category: Combo List
Content: A threat actor is offering 2,000 Hotmail credentials described as valid, private, and unused. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-06T21:16:44Z
Network: openweb
Published URL: https://patched.to/Thread-royal-%E2%9C%A8%E2%8E%9D2k-hotmail-valids-%E2%8E%A0%E2%9C%A8%E2%9C%85unraped-hotmails%E2%9C%85%E2%9A%A1private-hotmails%E2%9A%A1
Screenshots:
None
Threat Actors: baguja1472
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is offering a combo list of approximately 3,000 alleged high-quality Hotmail credential hits. The content is hidden behind a registration or login wall on the forum. The named service (Hotmail) is a credential-stuffing target, not the breach victim.
Date: 2026-05-06T21:14:12Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85-3k-hq-hotmail-hit-%E2%9C%85-299579
Screenshots:
None
Threat Actors: RetroCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail and Outlook combo list with 4,448 lines
Category: Combo List
Content: A combo list of 4,448 credential pairs targeting Hotmail and Outlook accounts is being shared on the forum. Access to the content requires registration or login. The credentials are marketed as good logs suitable for credential stuffing.
Date: 2026-05-06T21:13:15Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-4-448-lines-good-logs-combo-hotmail-outlook
Screenshots:
None
Threat Actors: cloudkaraoke
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail combo list shared by threat actor mrglitchxxxx
Category: Combo List
Content: A threat actor operating under the alias mrglitchxxxx has shared a combo list of 3,001 Hotmail credentials, marketed as high-quality and fresh. The content is hidden behind a registration/login wall on the forum.
Date: 2026-05-06T21:12:41Z
Network: openweb
Published URL: https://patched.to/Thread-3001-hq-fresh-hotmails-part-4-by-glitch
Screenshots:
None
Threat Actors: mrglitchxxxx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 2,031 Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of 2,031 Hotmail credentials on a public forum. Access to the content is gated behind registration or login. The post requires a like to unlock the hidden content.
Date: 2026-05-06T21:12:00Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85%E2%9A%A12031x-good-hotmail%E2%9A%A1%E2%9C%85
Screenshots:
None
Threat Actors: NovaCloudx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mixed mail access combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 700 mixed mail access credentials, marketed as high quality. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-06T21:11:11Z
Network: openweb
Published URL: https://patched.to/Thread-0-7k-hq-mixed-mail-access-combolist-299587
Screenshots:
None
Threat Actors: liamgoat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ Poland email:password combo list
Category: Combo List
Content: A threat actor known as ShroudX is distributing a combo list of Polish email and password combinations. The list is marketed as high quality (HQ) and appears to target Polish email accounts for credential stuffing purposes.
Date: 2026-05-06T21:09:13Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-POLAND-EMAILPASS-COMBOLIST-SHROUD20-txt–2290530
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Spain email:password combo list shared on cracking forum
Category: Combo List
Content: A threat actor known as ShroudX shared a combo list of Spain-based email and password pairs on a cracking forum. The list is marketed as high quality (HQ) and appears intended for credential stuffing or account takeover activity. No further details are available from the post content.
Date: 2026-05-06T21:08:33Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-SPAIN-EMAILPASS-COMBOLIST-SHROUD20-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of webshell and cPanel access
Category: Initial Access
Content: Pharaohs Team market is offering webshell and cPanel access for sale. Interested parties are directed to DM @phteam_s for pricing.
Date: 2026-05-06T21:07:05Z
Network: telegram
Published URL: https://t.me/c/3205199875/542
Screenshots:
None
Threat Actors: Pharaohs Team
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 10K USA email combo list for mail access
Category: Combo List
Content: A threat actor has shared a combo list of 10,000 US email credentials marketed as suitable for mail access. The post is gated behind registration/login and is part of a broader offering including bulk combo lists across countries and industries at various price tiers. The actor also advertises a private combo group subscription service via Telegram.
Date: 2026-05-06T21:06:50Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-10k-USA-GOOD-FOR-MAILS-ACCESS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 10,000 valid USA email and password combo list
Category: Combo List
Content: A threat actor is offering a combo list of 10,000 claimed valid US email and password credentials via a hidden forum post. The actor also advertises bulk combo list packages and subscription-based access to larger credential sets ranging from 100,000 to 10 million records across multiple categories including gaming and shopping.
Date: 2026-05-06T21:06:22Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-10k-VALID-USA-GOOD-MAILS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Spain email:password combo list containing 524K+ credentials
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 524,000 email:password pairs reportedly sourced from Spain, dated May 6, 2026. The credentials are marketed as fresh and high quality. The content is gated behind forum registration or login.
Date: 2026-05-06T21:03:39Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-524-K-Combo-%E2%9C%AA-Spain-%E2%9C%AA-6-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list targeting Switzerland
Category: Combo List
Content: A combo list of over 101,000 credentials associated with Switzerland was shared on a cybercrime forum. The post is dated May 6, 2026. No further details about the targeted services or data composition are available.
Date: 2026-05-06T21:03:02Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-101-K-Combo-%E2%9C%AA-Switzerland-%E2%9C%AA-6-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Switzerland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sweden combo list of 46K email:password credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 46,000 email:password credential pairs purportedly associated with Swedish users. The list is dated May 6, 2026, and marketed as fresh and high quality.
Date: 2026-05-06T21:01:34Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-46-K-Combo-%E2%9C%AA-Sweden-%E2%9C%AA-6-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
South Africa combo list with 72K+ credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 72,000 email:password pairs purportedly associated with South Africa. The credentials are marketed as fresh and high quality, dated May 6, 2026. The content is gated behind forum registration or login.
Date: 2026-05-06T21:00:59Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-72-K-Combo-%E2%9C%AA-South-Africa-%E2%9C%AA-6-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Slovakia-based accounts
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 40,000 email:password pairs purportedly associated with Slovakia-based accounts. The credentials are marketed as fresh and high quality. The content is accessible to registered forum members.
Date: 2026-05-06T21:00:16Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-40-K-Combo-%E2%9C%AA-Slovakia-%E2%9C%AA-6-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting South Korea distributed on forum
Category: Combo List
Content: A threat actor distributed a combo list of approximately 23,000 credentials associated with South Korean accounts on a cybercrime forum. The post was shared on May 6, 2026, with no additional details provided in the post content.
Date: 2026-05-06T20:59:28Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-23-K-Combo-%E2%9C%AA-South-Korea-%E2%9C%AA-6-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list allegedly targeting Sri Lanka
Category: Combo List
Content: A threat actor shared a combo list of approximately 15,000 email:password pairs purportedly associated with Sri Lanka. The credentials are marketed as fresh and high quality. The list was made available to registered forum members on BreachForums.
Date: 2026-05-06T20:57:32Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-15-K-Combo-%E2%9C%AA-Sri-Lanka-%E2%9C%AA-6-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of undisclosed German shop
Category: Data Leak
Content: A threat actor is distributing what they claim to be 30,000 email and password credentials from an undisclosed German online shop. The data is gated behind a reply requirement. No further details about the breached organization are provided.
Date: 2026-05-06T20:56:02Z
Network: openweb
Published URL: https://altenens.is/threads/leaked-data-30k-mailacces-from-germany-shop.2935706/unread
Screenshots:
None
Threat Actors: redJo3n
Victim Country: Germany
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Free combo list targeting Germany mail accounts
Category: Combo List
Content: A threat actor shared a combo list of approximately 30,000 alleged German email credentials. The content is hidden behind a reply gate, requiring forum interaction before access is granted.
Date: 2026-05-06T20:51:43Z
Network: openweb
Published URL: https://altenens.is/threads/30k-germany-maillacces.2935705/unread
Screenshots:
None
Threat Actors: redJo3n
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of undisclosed Omani organization with personal identification data
Category: Data Breach
Content: A forum user is requesting or seeking Omani data containing phone numbers and ID numbers. The post does not specify the source organization or record count.
Date: 2026-05-06T20:42:18Z
Network: openweb
Published URL: https://breached.st/threads/oman-data-required-phone-number-with-id-number.86858/unread
Screenshots:
None
Threat Actors: santorini521
Victim Country: Oman
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of NRJ Mobile (nrjmobile.fr)
Category: Data Leak
Content: A threat actor known as NormalLeVrai has freely distributed an alleged database dump containing 266,345 records associated with NRJ Mobile, a French mobile virtual network operator. The data was shared via an external file hosting link in JSONL format. The post is tagged #freebreach3d, suggesting it is part of a series of free breach releases.
Date: 2026-05-06T20:33:15Z
Network: openweb
Published URL: https://darkforums.su/Thread-NRJMOBILE-FR-266K
Screenshots:
None
Threat Actors: NormalLeVrai
Victim Country: France
Victim Industry: Telecommunications
Victim Organization: NRJ Mobile
Victim Site: nrjmobile.fr
Sale of Brazil email:password combo list
Category: Combo List
Content: A threat actor is distributing a combo list of Brazilian email and password pairs via a hidden forum post requiring a reply to access. No further details on record count or source are available from the post.
Date: 2026-05-06T20:27:43Z
Network: openweb
Published URL: https://pwnforums.st/Thread-HQ-BRAZIL-EMAILPASS-COMBOLIST-SHROUD20-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail email:password combo list shared on forum
Category: Combo List
Content: A threat actor shared a combo list of Hotmail email:password credentials on a criminal forum. The content is gated behind a reply requirement. No record count or breach source is specified.
Date: 2026-05-06T20:26:28Z
Network: openweb
Published URL: https://pwnforums.st/Thread-HQ-HOTMAIL-EMAILPASS-COMBOLIST-SHROUD20-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Japan email:password combo list shared on forum
Category: Combo List
Content: A threat actor shared a Japan-based email:password combo list on a hacking forum as hidden content requiring a reply to access. No further details regarding record count or source are provided in the post.
Date: 2026-05-06T20:25:21Z
Network: openweb
Published URL: https://pwnforums.st/Thread-HQ-JAPAN-EMAILPASS-COMBOLIST-SHROUD20-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of FedEx and UPS accounts with billing enabled
Category: Initial Access
Content: A threat actor is selling compromised FedEx and UPS accounts with billing enabled, including business accounts. Accounts are priced at $10 each for FedEx and $20 each for UPS, with a minimum purchase of five accounts.
Date: 2026-05-06T20:08:37Z
Network: openweb
Published URL: https://patched.to/Thread-wts-fedex-ups-accounts-with-billing-enabled-business
Screenshots:
None
Threat Actors: kahnwalddjonas
Victim Country: Unknown
Victim Industry: Logistics
Victim Organization: FedEx / UPS
Victim Site: fedex.com / ups.com
Combo List: 2,507 Hotmail credentials offered
Category: Combo List
Content: A threat actor is sharing a combo list of 2,507 Hotmail credentials on a cybercrime forum. The content is gated behind registration or login. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-06T20:07:47Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%94%A5-2507x-hotmail-access-vault-%F0%9F%94%A5
Screenshots:
None
Threat Actors: RyuuMaster
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 8 million URL:log:pass credential logs
Category: Combo List
Content: A forum user is distributing a collection of 8 million URL:username:password credential pairs. The content is hidden behind a registration or login wall. No specific victim organization or breach source is identified.
Date: 2026-05-06T20:07:35Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%908-million-url-log-pass%E2%AD%90
Screenshots:
None
Threat Actors: agha24
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mixed mail access combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 100 mixed mail access credentials, marketed as high quality. The content is gated behind registration or login on the forum.
Date: 2026-05-06T20:06:54Z
Network: openweb
Published URL: https://patched.to/Thread-0-1k-hq-mixed-mail-access-combolist-299544
Screenshots:
None
Threat Actors: liamgoat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mixed mail access combo list
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 400 high-quality mixed mail access credentials. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-06T20:06:15Z
Network: openweb
Published URL: https://patched.to/Thread-0-4k-hq-mixed-mail-access-combolist-299545
Screenshots:
None
Threat Actors: liamgoat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list distribution of mixed mail credentials
Category: Combo List
Content: A threat actor distributed a combo list containing 2,491 mixed email credentials on a cybercrime forum. The content is gated behind registration or login. No specific victim organization or country is identified.
Date: 2026-05-06T20:06:05Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%EF%B8%8F-2491x-verity-vault-mix-mail-drop-%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: VerityVault
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Mix Mail Access (3,750 credentials)
Category: Combo List
Content: A combo list containing 3,750 mixed mail credentials has been shared on a forum. The content is gated behind registration or login. No specific breach source or targeted service is identified.
Date: 2026-05-06T20:05:18Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%94%A5-3750x-mix-mail-access-vault-%F0%9F%94%A5
Screenshots:
None
Threat Actors: RyuuMaster
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 10K USA email combo list
Category: Combo List
Content: A threat actor is sharing a combo list of 10,000 claimed valid US email credentials. The post offers no additional detail regarding the source or targeted services.
Date: 2026-05-06T20:04:49Z
Network: openweb
Published URL: https://nulledbb.com/thread-10k-USA-GOOD-MAILS-COMBO
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Bulgarian email combo list
Category: Combo List
Content: A threat actor is offering a combo list of approximately 1,000 Bulgarian email credentials as hidden content on a cybercrime forum. The seller also advertises broader combo list services including multi-country, gaming, and shopping combos at scale, with access available via a paid Telegram group.
Date: 2026-05-06T20:04:05Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1k-BG-MAILS-ACCESS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Bulgaria
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of multi-country email combo list (Japan, USA, Germany, France, Italy)
Category: Combo List
Content: A threat actor is selling a combo list of approximately 25,800 email:password credentials spanning multiple countries including Japan, USA, Germany, France, and Italy. The seller also advertises tiered access to a private combo group and bulk combo lists ranging from 100K to 10 million records at varying price points. Content is gated behind forum registration or login.
Date: 2026-05-06T20:03:32Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-25-8k-JAPAN-USA-DE-FR-IT-MAILS-ACCESS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of French email combo list with 153,300 credentials
Category: Combo List
Content: A threat actor is offering a French email and password combo list containing approximately 153,300 credential pairs. The post advertises bulk pricing for combo lists by country and category, including gaming and shopping verticals. Access is available through a paid Telegram group at tiered subscription rates.
Date: 2026-05-06T20:02:51Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-153-3k-FRANCE-COMBO-MAILS-ACCESS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment cards and fullz for United States, Australia, Canada, and United Kingdom
Category: Carding
Content: A threat actor is offering stolen credit cards (CC/CVV), fullz, BIN combinations, PayPal logs, and email access for individuals across the United States, Australia, Canada, and the United Kingdom. The seller advertises live cards with a 5-minute check time using Google Pay or other checkers, and offers replacement or refund for non-working cards. Contact is provided via Telegram and WhatsApp.
Date: 2026-05-06T20:01:29Z
Network: openweb
Published URL: https://altenens.is/threads/i-got-usa-flag-united-states-australia-flag-australia-canada-maple-leaf-and-uk-flag-united-kingdom-live-fullz-or-cc-available-in-stock.2935670/unread
Screenshots:
None
Threat Actors: Maybetop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 14K Fresh Mail Access Mix
Category: Combo List
Content: A threat actor shared a combo list of 14,000 mail access credentials, marketed as fresh and dated 06.05. The content is hidden behind a reply gate on the forum.
Date: 2026-05-06T19:59:12Z
Network: openweb
Published URL: https://altenens.is/threads/14k-fresh-mail-access-mix-06-05.2935701/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of XLoader Cross-Platform Botnet and Password Recovery Malware
Category: Malware
Content: A threat actor is selling XLoader, a cross-platform botnet targeting Windows and macOS, written in C/Assembly with no external dependencies. The malware includes credential recovery from major browsers and email clients, C2 panel functionality, anti-analysis features, and a free Java binder (XBinder) for combining OS payloads. Pricing ranges from $50 to $349 for subscription-based access hosted on the sellers infrastructure.
Date: 2026-05-06T19:57:14Z
Network: openweb
Published URL: https://hackforums.net/showthread.php?tid=6116655
Screenshots:
None
Threat Actors: xloader
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged Shanghai National Police database containing citizen and police records
Category: Data Breach
Content: A threat actor claiming to be the original seller is offering a database allegedly sourced from the Shanghai Government (SHGA.gov.cn). The dataset is said to contain three tables covering 960 million Chinese residents and several billion case records, including names, addresses, national ID numbers, mobile numbers, crime/case details, and food delivery data. Only 500GB of the reported 26TB food delivery dataset is claimed to be available.
Date: 2026-05-06T19:47:49Z
Network: openweb
Published URL: https://breached.st/threads/sale-shanghai-national-police-original-seller-100-real.86855/unread
Screenshots:
None
Threat Actors: DataSellers
Victim Country: China
Victim Industry: Government
Victim Organization: Shanghai National Police
Victim Site: shga.gov.cn
Alleged data leak of Altamash Institute of Dental Medicine student records
Category: Data Leak
Content: A threat actor leaked an Excel file allegedly containing personal information of over 200 students from Altamash Institute of Dental Medicine in Pakistan. The file was made freely available via a MediaFire download link.
Date: 2026-05-06T19:47:03Z
Network: openweb
Published URL: https://breached.st/threads/altamash-institute-of-dental-medicine-200-students-information.86856/unread
Screenshots:
None
Threat Actors: Ph.Bl4ke
Victim Country: Pakistan
Victim Industry: Education
Victim Organization: Altamash Institute of Dental Medicine
Victim Site: altamash.edu.pk
Sale of private ULP combo list (4 GB)
Category: Logs
Content: A threat actor is offering a private 4 GB URL/Login/Password (ULP) combo list marketed as UHQ (ultra-high quality). The list appears to contain URL, username, and password combinations intended for credential stuffing or account takeover activity.
Date: 2026-05-06T19:42:11Z
Network: openweb
Published URL: https://darkforums.su/Thread-ULP-Private-ULP-4-GB
Screenshots:
None
Threat Actors: MiaDF
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Invicta Stealer malware with cryptocurrency wallet and credential theft capabilities
Category: Logs
Content: A threat actor is advertising Invicta Stealer, an information-stealing malware capable of extracting saved browser passwords, credit/debit card details, email credentials, autofill data, and cryptocurrency wallet information from infected systems. The malware operates silently and exfiltrates data to remote command-and-control servers. The post includes a download link and a Telegram contact for acquiring premium versions of the tool.
Date: 2026-05-06T19:41:38Z
Network: openweb
Published URL: https://darkforums.su/Thread-Source-Code-Invicta-Stealer-Cryptocurrency-wallet-information
Screenshots:
None
Threat Actors: sunshineking
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Website Defacement by MR~TNT of QATAR911 Targeting eg-service.online
Category: Defacement
Content: On May 7, 2026, threat actor MR~TNT, operating under the hacktivist group QATAR911, conducted a mass defacement campaign targeting eg-service.online, a Linux-based web service likely associated with Egypt based on the eg prefix in the domain. The defacement was confirmed as part of a mass defacement operation, with the compromised page archived at haxor.id. No specific motivation or proof-of-concept details were disclosed.
Date: 2026-05-06T19:41:18Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248887
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Egypt
Victim Industry: Unknown
Victim Organization: EG Service
Victim Site: eg-service.online
Sale of Nimrod Stealer malware source code targeting browser credentials
Category: Logs
Content: A threat actor is distributing Nimrod Stealer, an information-stealing malware designed to extract saved browser passwords, cookies, autofill data, banking details, and system information from infected hosts. The malware exfiltrates collected data to remote servers and is delivered via phishing emails or trojanized software. The post includes a download link and a Telegram contact for additional tools.
Date: 2026-05-06T19:40:18Z
Network: openweb
Published URL: https://darkforums.su/Thread-Source-Code-Nimrod-Stealer-Steal-saved-passwords-from-browsers
Screenshots:
None
Threat Actors: sunshineking
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Prynt Stealer Cracked Source Code
Category: Logs
Content: A forum post advertises a cracked version of Prynt Stealer, an information-stealing malware capable of extracting browser credentials, cookies, session tokens, and files from infected systems. The post includes a download link submitted to VirusTotal. The content is framed with superficial cybersecurity awareness language but functions as malware distribution.
Date: 2026-05-06T19:39:24Z
Network: openweb
Published URL: https://darkforums.su/Thread-Source-Code-Prynt-Stealer-Cracked
Screenshots:
None
Threat Actors: sunshineking
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Cracked SpyNote X Pro v7.2.0.0 Android RAT
Category: Logs
Content: A threat actor operating under the alias sunshineking is distributing a cracked version of SpyNote X Pro v7.2.0.0, an Android Remote Access Trojan (RAT), on a darknet forum. The post is framed as an awareness guide but includes download links and a Telegram contact for additional premium tools. SpyNote is a well-known Android RAT family capable of extensive device surveillance and data exfiltration.
Date: 2026-05-06T19:38:32Z
Network: openweb
Published URL: https://darkforums.su/Thread-Source-Code-SpyNote-X-Pro-v7-2-0-0-Cracked-%E2%80%93-Android-RAT-Awareness-Guide-2026
Screenshots:
None
Threat Actors: sunshineking
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Gomorrah Stealer 4.0 Cracked Source Code
Category: Logs
Content: A forum user is distributing a cracked version of Gomorrah Stealer 4.0, an information-stealing malware. The post describes capabilities including browser credential harvesting, session cookie extraction, and system data collection. A download link and Telegram contact are provided for further distribution.
Date: 2026-05-06T19:37:41Z
Network: openweb
Published URL: https://darkforums.su/Thread-Source-Code-Gomorrah-Stealr-4-0-Cracked–75670
Screenshots:
None
Threat Actors: sunshineking
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of individual hacker BalirusNism13 via AnakaStealer malware
Category: Logs
Content: A threat actor operating as Cyn3t_Tan4ka/AdellNism claims to have leaked mobile data belonging to an individual known as BalirusNism13 using a stealer malware named AnakaStealer. The stolen data is made available via a download link shared on the forum. The victim appears to be an individual rather than an organization.
Date: 2026-05-06T19:36:28Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-All-BalirusNism13-Data-Has-Been-Leaked-By-AnakaStealer-Cyn3t-Tan4ka
Screenshots:
None
Threat Actors: Adellnism
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of META Stealer logs from US Windows 11 systems
Category: Logs
Content: A threat actor is distributing 100 META Stealer logs sourced from US-based Windows 11 Pro (23H2) systems using Edge 120.x. The logs include credentials, cookies, and autofill data. Content is gated behind account upgrade or forum reply.
Date: 2026-05-06T19:35:19Z
Network: openweb
Published URL: https://darkforums.su/Thread-ULP-META-Stealer-100-logs-US-Windows-11-Pro
Screenshots:
None
Threat Actors: BigTuna
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Shouhang Hi-Tech Energy Technology Co., Ltd.
Category: Data Leak
Content: A threat actor operating under the name SnowSoul has freely released documents allegedly belonging to Shouhang Hi-Tech Energy Technology Co., Ltd. (首航高科能源技术股份有限公司) and its Tianjin branch. The leaked files include procurement requisitions, supplier ledgers, fixed asset records, and engineering documents, reportedly published after the organization refused to pay a ransom of 1,000 USDT.
Date: 2026-05-06T19:31:58Z
Network: openweb
Published URL: https://darkforums.su/Thread-Chinese-data-%E4%B8%AD%E5%9B%BD%E6%95%B0%E6%8D%AE-SnowSoul-ID-1309
Screenshots:
None
Threat Actors: SnowSoul
Victim Country: China
Victim Industry: Energy
Victim Organization: Shouhang Hi-Tech Energy Technology Co., Ltd.
Victim Site: Unknown
Alleged data leak of CACPE Pastaza exposing Ecuadorian Civil Registry records
Category: Data Leak
Content: A threat actor claims that an unauthenticated API endpoint operated by CACPE Pastaza exposes over 18 million records from the Ecuadorian Civil Registry, queryable in real time by national ID number. Exposed fields allegedly include full names, national ID numbers, dates and places of birth, home addresses, marital status, parentage, profession, and citizenship status. The actor has freely shared a download link and a cURL example demonstrating exploitation of the vulnerable proxy endpoint.
Date: 2026-05-06T19:30:44Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-%F0%9F%9A%A8-CACPE-PASTAZA-ECUADOR-%F0%9F%87%AA%F0%9F%87%A8-18-MILLION-ECUADORIANS-EXPOSED-%F0%9F%9A%A8
Screenshots:
None
Threat Actors: GondorPe
Victim Country: Ecuador
Victim Industry: Finance
Victim Organization: CACPE Pastaza
Victim Site: cacpepastaza.fin.ec
Alleged data leak of Indonesian National Police (POLRI) personnel database
Category: Data Leak
Content: A threat actor operating under the alias MR-Zeeone-Grayhat is freely distributing an alleged internal database of the Indonesian National Police (POLRI) containing 2,006 personnel records. The leaked data, provided in JSON format, includes rank, full name, unit assignment, phone number, and email address of police personnel ranging from non-commissioned officers to senior officers. The actor claims the dataset is a subset of a larger original database.
Date: 2026-05-06T19:29:43Z
Network: openweb
Published URL: https://darkforums.su/Thread-Database-internal-data-of-the-Republic-of-Indonesia-Police-POLRI–75675
Screenshots:
None
Threat Actors: XZeeoneOfc
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Indonesian National Police (POLRI)
Victim Site: polri.go.id
Alleged sale of fresh credential databases from multiple countries with platform access
Category: Combo List
Content: Seller advertising fresh databases containing credentials from UK, DE, JP, NL, BR, PL, ES, US, IT and other countries. Claims to have inbox access and offers credentials for various platforms including eBay, PayPal, PSN, Booking, Uber, Poshmark, Amazon, Walmart, Mercari, and Kleinanzeigen. Mentions ownership of private cloud infrastructure with valid webmail access. Soliciting direct messages for requests.
Date: 2026-05-06T19:12:05Z
Network: telegram
Published URL: https://t.me/c/2613583520/76875
Screenshots:
None
Threat Actors: Num
Victim Country: Multiple countries (United Kingdom, Germany, Japan, Netherlands, Brazil, Poland, Spain, United States, Italy)
Victim Industry: Multiple (e-commerce, payment, gaming, travel, marketplace platforms)
Victim Organization: Unknown
Victim Site: Unknown
Sale of gaming combo list targeting Uplay, Ubisoft, Xbox, and PSN
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 829,000 credentials advertised as effective against gaming platforms including Uplay, Ubisoft, Xbox, and PSN. The list is described as a private base suitable for credential stuffing. The post is associated with a broader combo cloud service offering.
Date: 2026-05-06T19:08:20Z
Network: openweb
Published URL: https://patched.to/Thread-gaming-%E2%9A%A1829k-uplay-ubisoft-xbox-psn%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Xvideos and FetLife distributed on forum
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 837,000 credentials purportedly valid against Xvideos and FetLife accounts. The list is described as a private base and marketed as suitable for general credential stuffing. The post is associated with a commercial combo cloud service operated by the author.
Date: 2026-05-06T19:07:36Z
Network: openweb
Published URL: https://patched.to/Thread-porn-%E2%9A%A1837k-xvideos-fetlife%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting streaming services including Hulu, Disney+, Netflix, and HBO Go
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 809,000 credentials advertised as suitable for credential stuffing against streaming services including Hulu, Disney+, Netflix, and HBO Go. The post claims the data originates from a private base and is marketed as high quality.
Date: 2026-05-06T19:07:08Z
Network: openweb
Published URL: https://patched.to/Thread-streaming-%E2%9A%A1809k-hulu-disney-netflix-hbogo%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 1,344 Hotmail credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 1,344 Hotmail credentials, marketed as a drop under the Verity Vault brand. The content is gated behind registration or login on the forum.
Date: 2026-05-06T19:06:44Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%EF%B8%8F-1344x-verity-vault-hotmail-drop-%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: VerityVault
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Argentina government and Cronica.com
Category: Data Leak
Content: A threat actor group named EsqueleSquad claims to have compromised multiple Argentine government (.gob.ar) and educational (.edu.ar) websites between 2024 and 2026, leaking over 80 million lines of credentials including phones, usernames, passwords, CUILs/DNI numbers, and license plates. Additionally, the group claims to have accessed Cronica.com administration panels, exposing employee data, admin panel details, and FTP credentials. A sample has been made available, with the group promising to
Date: 2026-05-06T19:01:20Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-ARGENTINA-GOVERNMENT-AND-CRONICA-COM-NEWS-CHANNEL-LEAK-ALL
Screenshots:
None
Threat Actors: Skull1172
Victim Country: Argentina
Victim Industry: Government
Victim Organization: Argentine Government (.gob.ar, .edu.ar) and Cronica.com
Victim Site: cronica.com
Sale of stolen payment cards, dumps, fullz, and bank logs
Category: Carding
Content: A threat actor is offering a range of carding products for sale including cloned cards, card dumps (Track 101/201 with PIN), fullz with SSN/DOB, bank logs, and EBT dumps. The seller claims worldwide shipping and a 100% approval rate. Contact is conducted via Telegram.
Date: 2026-05-06T18:55:22Z
Network: openweb
Published URL: https://altenens.is/threads/cc-cvv-vbv-non-vbv-dumps-fullz-bank-logs-full-info-best-all-linkables-quality-product-list-always-selling-stuff-high-qualit.2935652/unread
Screenshots:
None
Threat Actors: Hannminessd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mail access and credential lists across multiple countries
Category: Combo List
Content: Threat actor .py advertising mail account access, configuration scripts, tools, hits, and combolists for multiple countries including France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, and Japan. Contact via @Dataxlogs for requests.
Date: 2026-05-06T18:41:29Z
Network: telegram
Published URL: https://t.me/c/2613583520/76849
Screenshots:
None
Threat Actors: .py
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of repairbizcredit.com by MR~TNT of QATAR911
Category: Defacement
Content: On May 7, 2026, threat actor MR~TNT operating under the hacktivist group QATAR911 conducted a mass defacement campaign targeting repairbizcredit.com, a business credit repair service. The attack was executed on a Linux-based server and is classified as a mass defacement, suggesting multiple sites were compromised in the same operation. The defacement was archived and mirrored on haxor.id.
Date: 2026-05-06T18:31:52Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248886
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: United States
Victim Industry: Financial Services / Credit Repair
Victim Organization: Repair Biz Credit
Victim Site: repairbizcredit.com
Free release of 500K user:pass combo list extracted from stealer logs
Category: Combo List
Content: A threat actor operating under the alias CELESTIALHQ is freely distributing a combo list of 500,000 user:pass credential pairs claimed to be extracted from stealer logs. The content is hidden behind a registration/login wall and the actor also offers personal purchase arrangements. Credentials are marketed as fresh and private.
Date: 2026-05-06T18:19:34Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-%E2%9C%85user-pass%E2%9C%85-%E2%AD%90500k-private-hq-user-pass-from-logs%E2%AD%90-%E2%9A%A1drop-by-celestial-admin%E2%9A%A1-299526
Screenshots:
None
Threat Actors: CELESTIALHQ
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 100K number:password combo list derived from stealer logs
Category: Combo List
Content: A threat actor operating under the alias CELESTIALHQ has freely distributed a claimed 100K phone number and password combo list sourced from stealer logs. The credentials are marketed as private and high quality. The actor also offers personal sales for additional or exclusive content.
Date: 2026-05-06T18:18:58Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-%E2%9C%85num-pass%E2%9C%85-%E2%AD%90100k-private-hq-number-pass-from-logs-%E2%AD%90-%E2%9A%A1drop-by-celestial-admin%E2%9A%A1-299527
Screenshots:
None
Threat Actors: CELESTIALHQ
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 50K corporate-targeted combo list
Category: Combo List
Content: A threat actor operating as CELESTIALHQ is offering a combo list of 50,000 corporate-targeted email:password credentials on a public forum. The credentials are marketed as producing assured hits and are available via hidden content or direct purchase. No specific victim organization or sector is identified.
Date: 2026-05-06T18:18:31Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-%E2%9C%85email-pass%E2%9C%85-%E2%AD%9050k-corp-targeted-combos%E2%AD%90-%E2%9C%85hits-assured%E2%9C%85-%E2%9A%A1drop-by-celestial%E2%9A%A1-299529
Screenshots:
None
Threat Actors: CELESTIALHQ
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of private email:password combo list
Category: Combo List
Content: A threat actor known as CELESTIALHQ is freely distributing a claimed 50,000 email:password combo list described as anti-public and private. The credentials are hidden behind a registration/login wall and the actor solicits engagement for future drops.
Date: 2026-05-06T18:17:51Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-%E2%9C%85email-pass%E2%9C%85-%E2%AD%9050k-full-anti-public-private-mail%E2%AD%90-%E2%9A%A1drop-by-celestial-admin%E2%9A%A1-299528
Screenshots:
None
Threat Actors: CELESTIALHQ
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 1 million private username:login:password combo list
Category: Combo List
Content: A threat actor operating under the alias CELESTIALHQ is distributing a private username:login:password combo list claiming 1 million records. The post advertises assured hits and offers personal purchases, with the actual content hidden behind a registration gate.
Date: 2026-05-06T18:16:57Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-%E2%9C%85u-l-p%E2%9C%85-%E2%AD%901m-full-private-u-l-p%E2%AD%90-%E2%9C%85hits-assured%E2%9C%85-%E2%9A%A1drop-by-celestial-admin%E2%9A%A1-299525
Screenshots:
None
Threat Actors: CELESTIALHQ
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 10K Mixed Mail Access
Category: Combo List
Content: A threat actor is distributing a combo list of 10,000 mixed mail access credentials. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-06T18:16:24Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%9010k-mixed-mail-access-%E2%AD%90
Screenshots:
None
Threat Actors: agha24
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Pornhub distributed on cybercrime forum
Category: Combo List
Content: A threat actor known as MetaCloud3 is distributing a combo list of approximately 820,000 credentials marketed as a private base suitable for credential stuffing against Pornhub. The post is shared behind a registration gate and promotes the authors combo cloud service.
Date: 2026-05-06T18:15:58Z
Network: openweb
Published URL: https://patched.to/Thread-porn-%E2%9A%A1820k-pornhub%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Frutas RAT English 2026 Remote Access Trojan
Category: Malware
Content: A forum post on DemonForums advertises Frutas RAT English 2026, a remote access trojan offering full system control, keylogging, credential theft, file access, screenshot capture, and C2 communication. The malware is claimed to have a 0/100 detection rate on VirusTotal and is available for download via Mediafire behind a registration wall.
Date: 2026-05-06T18:13:38Z
Network: openweb
Published URL: https://demonforums.net/Thread-Frutas-RAT-English-2026
Screenshots:
None
Threat Actors: daniel12
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of US identity document database including drivers licenses and selfies
Category: Carding
Content: A threat actor is selling a database of approximately 6,000 US identity document images including drivers license front/back photos and selfies, with claims of an unlimited supply available. The dataset reportedly includes SSNs for 30% of records and the seller states the documents have only been used on Coinbase, marketing the remainder as unused on other platforms.
Date: 2026-05-06T18:07:12Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-6000-pics-fresh-usa-dl-front-back-selfie-DATABASE
Screenshots:
None
Threat Actors: antorislam1040
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Advertisement for alleged money-making tutorial Telegram group
Category: Alert
Content: A forum user posted an advertisement directing members to a private Telegram group offering free money-making tutorials. The post does not contain threat-relevant content and appears to be spam or a promotional solicitation.
Date: 2026-05-06T18:01:28Z
Network: openweb
Published URL: https://altenens.is/threads/discover-free-money-making-tutorials.2935592/unread
Screenshots:
None
Threat Actors: Weingarth87
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email credential hits including Hotmail and private cloud accounts
Category: Combo List
Content: A threat actor is distributing a combo list of 3,660 mixed email credential hits, including Hotmail and private cloud accounts. The credentials are marketed as valid and are available for download via a linked source.
Date: 2026-05-06T17:59:43Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9A%A1%E2%9A%A1-3660x-PREMIUM-MIX-MAIL-HITS%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: xdalphaa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 7K mixed mail access combo list
Category: Combo List
Content: A forum post on BreachForums advertises a mixed mail access combo list containing approximately 7,000 credentials. No additional details are available regarding the source, targeted services, or pricing.
Date: 2026-05-06T17:59:16Z
Network: openweb
Published URL: https://breachforums.rs/Thread-7k-mix-mail-access
Screenshots:
None
Threat Actors: msfarid
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Khandbari Municipality official portal (khandbarimun.gov.np)
Category: Data Leak
Content: A threat actor has leaked a full SQL dump of the Khandbari Municipality civic management system, reportedly containing over 1.5 million rows across 100+ tables. Exposed data includes birth, death, marriage, land ownership, and citizenship records with full names, citizenship numbers, addresses, and family details in both Nepali and English. The leak also includes internal IP addresses and direct URLs to printable government documents, some of which may still be accessible.
Date: 2026-05-06T17:55:18Z
Network: openweb
Published URL: https://breached.st/threads/leak-fresh-leak-from-khandbarimun-gov-np-the-official-municipal-portal-of-khandbari-nepal.86852/unread
Screenshots:
None
Threat Actors: $k1dz
Victim Country: Nepal
Victim Industry: Government
Victim Organization: Khandbari Municipality
Victim Site: khandbarimun.gov.np
Alert: Promotional post for DeepWebLinks Bitcoin giveaway
Category: Alert
Content: A forum post promotes a Bitcoin giveaway campaign by a site called DeepWebLinks, offering $15 in Bitcoin to users who complete a simple action. The post includes a link to an onion address. No threat data or victim information is present.
Date: 2026-05-06T17:54:19Z
Network: openweb
Published URL: https://breached.st/threads/free-bitcoin-15.86854/unread
Screenshots:
None
Threat Actors: Hexx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of 24 million Mexican civilian records
Category: Data Leak
Content: A threat actor has freely distributed two files claimed to contain over 24 million Mexican civilian records. The data is shared via anonymous file hosting links and appears to be associated with the PwnerSec group based on referenced social media accounts. The source organization of the breach has not been identified.
Date: 2026-05-06T17:46:56Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-24M-Mexican-civilian
Screenshots:
None
Threat Actors: NormalLeVrai
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Combo List — European Mail Access Credentials
Category: Combo List
Content: A combo list containing 7,144 lines of European email access credentials has been shared on the forum. The content is gated behind registration or login. No specific breached organization is identified.
Date: 2026-05-06T17:22:37Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-7-144-lines-combo-europa-mail-access
Screenshots:
None
Threat Actors: cloudkaraoke
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor operating as NullShop is offering a combo list of approximately 3,000 Hotmail credentials marketed as fresh and verified. The content is gated behind forum registration or login. The post advertises regular updates and high accuracy, suggesting the list is intended for credential stuffing.
Date: 2026-05-06T17:22:13Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-3-k-hotmail-access-valid-hit-fresh-%F0%9F%94%A5
Screenshots:
None
Threat Actors: NullShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list with 1,400 hits
Category: Combo List
Content: A threat actor shared a combo list of 1,400 Hotmail credentials marketed as UHQ (ultra-high quality) fresh hits. The list was made available via an external paste link.
Date: 2026-05-06T17:21:49Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1400-hotmail-uhq-hits-fresh
Screenshots:
None
Threat Actors: ayelmay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 2,000 Hotmail credential hits
Category: Combo List
Content: A threat actor is distributing a combo list of 2,000 Hotmail credential hits described as private and fresh. The content is gated behind registration or login on the forum. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-06T17:21:13Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%94%A52000x-hotmail-hits-private-fresh-%F0%9F%94%A5
Screenshots:
None
Threat Actors: GomezJonto
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
OneDrive credential combo list allegedly containing 893K entries
Category: Combo List
Content: A threat actor on a combolist forum is distributing a credential combo list purportedly containing 893K entries marketed for use against OneDrive. The post claims a high hit rate and describes the data as private and fresh for 2026. The named service (OneDrive) is a credential-stuffing target, not the breach source.
Date: 2026-05-06T17:20:49Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E3%80%8C-893k-%E3%80%8D%E2%9A%A1-onedrive-%E2%9A%A1-100-private-data-%E2%9A%A1impressive-hitrate%E2%9A%A1-2026-new%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HACKUS Mail Checker 2.3 credential stuffing tool
Category: Combo List
Content: A forum post advertises HACKUS MAIL CHECKER 2.3, a credential-stuffing and email account validation tool designed to test email:password lists against various mail services. The tool supports proxy integration and multi-threading to automate login attempts across multiple email providers. A download link and contact for additional premium tools are provided.
Date: 2026-05-06T17:20:21Z
Network: openweb
Published URL: https://nulledbb.com/thread-HACKUS-MAIL-CHECKER-2-3–2290496
Screenshots:
None
Threat Actors: cryptoking07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting streaming services including SoundCloud, Spotify, and Apple Music
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 863,000 credentials claimed to be effective against streaming platforms including SoundCloud, Spotify, and Apple Music. The post advertises the list as sourced from a private base. The actor also promotes a commercial combo cloud service.
Date: 2026-05-06T17:19:59Z
Network: openweb
Published URL: https://patched.to/Thread-streaming-%E2%9A%A1863k-soundcloud-spotify-applemusic%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Crypto Clipper Malware Targeting Multiple Cryptocurrencies
Category: Malware
Content: A threat actor is offering a clipboard-hijacking malware dubbed Crypto Clipper 2026 that silently replaces copied cryptocurrency wallet addresses with attacker-controlled addresses during transactions. The malware claims to target multiple cryptocurrencies including BTC, ETH, and USDT, and advertises capabilities to bypass antivirus detection using AI-based pattern recognition. A download link and contact channel are provided for acquiring the tool.
Date: 2026-05-06T17:19:32Z
Network: openweb
Published URL: https://nulledbb.com/thread-Crypto-Clipper-2026-Targets-multiple-cryptocurrencies-BTC-ETH-USDT-etc
Screenshots:
None
Threat Actors: cryptoking07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Eneba and G2A gift card platforms
Category: Combo List
Content: A threat actor is sharing a combo list of 720,000 credentials marketed as a private base suitable for use against Eneba and G2A gift card platforms. The post promotes the authors combo cloud service offering high-quality data and private lines.
Date: 2026-05-06T17:19:09Z
Network: openweb
Published URL: https://patched.to/Thread-gaming-%E2%9A%A1720k-eneba-g2a-giftcards%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cracked 888 RAT v1.3.3 with bypassed licensing system
Category: Malware
Content: A threat actor is distributing a cracked version of 888 RAT v1.3.3, a Remote Access Tool (RAT), with its licensing and activation systems bypassed. The post provides a download link and directs users to an external contact for additional premium tools. Cracked RAT distributions of this nature are commonly used for unauthorized remote access, surveillance, and data theft.
Date: 2026-05-06T17:19:00Z
Network: openweb
Published URL: https://nulledbb.com/thread-888-RAT-v1-3-3-Cracked-Licensing-systems
Screenshots:
None
Threat Actors: cryptoking07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of GMX-targeted combo list with 185K credentials
Category: Combo List
Content: A threat actor is selling a 185K GMX-targeted combo list through a private Telegram channel, priced between $15 for 3 days and $50 for one month. The listing advertises credentials marketed as UHQ Hotmail, fresh mix, cPanel, IMAP, and SMTP access.
Date: 2026-05-06T17:18:50Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%B0185k%E2%9A%9C%EF%B8%8Fgmx%E2%9A%9C%EF%B8%8Ftargeted%E2%9A%9C%EF%B8%8Fcombolist%F0%9F%94%B0
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Crypto Balance Checker tool on cracking forum
Category: Services
Content: A forum user on a cracking forum is advertising a tool called Crypto Balance Checker 2026, claimed to support bulk wallet address lookups across multiple blockchains including BTC, ETH, and USDT. The tool is marketed as requiring no private keys or login credentials. A download link and external contact channel are provided, suggesting the tool may be used for unauthorized reconnaissance of cryptocurrency wallets.
Date: 2026-05-06T17:18:36Z
Network: openweb
Published URL: https://nulledbb.com/thread-Crypto-Balance-Checker-2026-Accurate-blockchain-synchronization
Screenshots:
None
Threat Actors: cryptoking07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Hotmail credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 1,423 Hotmail credentials, marketed as fresh. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-06T17:18:27Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1423-full-fresh-hotmails
Screenshots:
None
Threat Actors: martcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Website Defacement of Mateen Movers by Threat Actor Zod
Category: Defacement
Content: On May 7, 2026, threat actor Zod conducted a mass defacement campaign targeting www.mateenmovers.com, a moving and logistics company. The defacement was deployed on a Linux-based server, affecting a non-homepage URL (zod.html), indicating targeted file placement as part of a broader mass defacement operation. The incident was archived and mirrored via haxor.id.
Date: 2026-05-06T17:18:11Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248884
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Transportation and Logistics
Victim Organization: Mateen Movers
Victim Site: www.mateenmovers.com
Sale of cracked DDoS tool DAVOSET v1.1
Category: DDoS
Content: A forum post advertises a cracked version of DAVOSET v1.1, a script-based DDoS/stress-testing tool that leverages publicly accessible web services to generate high-volume request floods against target systems. The post includes a download link and directs users to a Telegram contact for additional tools.
Date: 2026-05-06T17:17:56Z
Network: openweb
Published URL: https://nulledbb.com/thread-DAVOSET-v-1-1-Cracked
Screenshots:
None
Threat Actors: cryptoking07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mixed combo list of 870K credentials
Category: Combo List
Content: A threat actor is sharing a mixed combo list of approximately 870,000 credentials, marketed as 100% private data with a high hit rate. The post is associated with a combo cloud service offering affordable credential data. Access to the list requires registration or login on the forum.
Date: 2026-05-06T17:17:43Z
Network: openweb
Published URL: https://patched.to/Thread-%E3%80%8C-870k-%E3%80%8D%E2%9A%A1-mixed-%E2%9A%A1-100-private-data-%E2%9A%A1impressive-hitrate%E2%9A%A1-2026-new%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Sseur Keylogger Cracked Version
Category: Malware
Content: A forum user is distributing a cracked version of Sseur Keylogger on a cracking forum. The post includes a download link and directs users to a contact for additional premium tools. The offering is framed with educational language but is consistent with malware distribution activity.
Date: 2026-05-06T17:16:45Z
Network: openweb
Published URL: https://nulledbb.com/thread-Sseur-Keylogger-Cracked–2290504
Screenshots:
None
Threat Actors: cryptoking07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Website Defacement of Mateen Movers by Threat Actor Zod
Category: Defacement
Content: On May 7, 2026, threat actor Zod conducted a mass defacement attack targeting a subdomain of Mateen Movers, a moving and logistics company. The defaced page was hosted on a Linux-based server and the attack was classified as part of a broader mass defacement campaign. The defacement was archived and mirrored via haxor.id.
Date: 2026-05-06T17:16:37Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248885
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Logistics / Moving Services
Victim Organization: Mateen Movers
Victim Site: trk.mateenmovers.com
Free Hotmail combo list with 2,805 credentials
Category: Combo List
Content: A threat actor has shared a combo list of 2,805 Hotmail credentials, marketed as fresh. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-06T17:15:16Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A12805x-FRESH-HOTMAIL-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Nulled07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Mateen Express by Threat Actor Zod
Category: Defacement
Content: On May 7, 2026, threat actor Zod defaced the website of Mateen Express, targeting a specific page (zod.html) on the domain mateenexpress.info. The attack was conducted on a Linux-based server and was a targeted single-page defacement rather than a mass or home page defacement. The incident has been archived and mirrored via haxor.id.
Date: 2026-05-06T17:14:47Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248883
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Transportation / Logistics
Victim Organization: Mateen Express
Victim Site: www.mateenexpress.info
Combo List targeting Hotmail with HHC credential checking engine
Category: Combo List
Content: A forum post advertises Hotmail credentials or a credential-checking configuration using the HHC v3.5.3 engine with over 200 target premium keywords. The content is hidden behind registration, limiting visibility into the actual dataset. This is consistent with credential stuffing material targeting Hotmail accounts.
Date: 2026-05-06T17:14:26Z
Network: openweb
Published URL: https://demonforums.net/Thread-HOTMAIL-ACCESS-200-TARGET-PREMIUM-KEYWORDS-DATABASE-HHC-v3-5-3-ENGINE
Screenshots:
None
Threat Actors: AWSCRACKSISTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 2.3K Japan mail access credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 2,300 Japanese email account credentials marketed as fully valid mail access. The content is gated behind a reply requirement on the forum.
Date: 2026-05-06T17:11:44Z
Network: openweb
Published URL: https://altenens.is/threads/2-3k-japan-full-valid-mail-access.2935536/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
GMX-targeted combo list of 182K credentials offered for free
Category: Combo List
Content: A threat actor shared a 182K GMX-targeted combo list on a forum, requiring a reply to access the download link. The same actor advertises credential lists for sale targeting multiple email providers and regions including AOL, Yahoo, Hotmail, Outlook, and various countries.
Date: 2026-05-06T17:11:07Z
Network: openweb
Published URL: https://altenens.is/threads/182k-gmx-targeted-combolist.2935540/unread
Screenshots:
None
Threat Actors: carlos080
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 38K mixed email access combo list
Category: Combo List
Content: A threat actor is distributing a combo list of 38,000 allegedly valid email account credentials, marketed as a mixed provider list dated 06.05. Access to the content is gated behind a reply requirement.
Date: 2026-05-06T17:10:28Z
Network: openweb
Published URL: https://altenens.is/threads/38k-full-valid-mail-access-mix-06-05.2935545/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list with 1,377 hits
Category: Combo List
Content: A threat actor is distributing a combo list of 1,377 alleged valid Hotmail credentials, described as premium hits from mixed mail sources. The post advertises private cloud storage for the download and provides a Telegram contact for the seller.
Date: 2026-05-06T17:01:54Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1377x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: xdalphaa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of XSS.IS forum database
Category: Data Leak
Content: A threat actor has leaked an alleged 600GB database dump from XSS.IS, a prominent Russian-language cybercrime forum. The data is being made available for free download via a post on Breached forums.
Date: 2026-05-06T16:58:23Z
Network: openweb
Published URL: https://breached.st/threads/database-600gb-forums-xss-is.86850/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Unknown
Victim Industry: Cybercrime Forum
Victim Organization: XSS.IS
Victim Site: xss.is
Alleged data leak of Firm Foundation Schools – Student, Parent, and Staff PII with Academic and Fee Records
Category: Data Leak
Content: A threat actor has freely distributed what is claimed to be the complete school management database of Firm Foundation Schools in Nigeria. The leak allegedly includes PII for 600+ students (dates of birth, addresses, parent details, religion, state of origin), staff hashed passwords (bcrypt), fee payment records, academic results, attendance and behavioural reports, and internal notifications. Data is made available via an external file-sharing link.
Date: 2026-05-06T16:57:48Z
Network: openweb
Published URL: https://breached.st/threads/db-leak-firm-foundation-schools-full-student-parent-staff-pii-fee-records-academic-data-500-individuals-https-firmfoundationschools-ng.86851/unread
Screenshots:
None
Threat Actors: $k1dz
Victim Country: Nigeria
Victim Industry: Education
Victim Organization: Firm Foundation Schools
Victim Site: firmfoundationschools.ng
Alleged data leak of TikTok Shop scraped data
Category: Data Leak
Content: A threat actor is distributing what they claim is scraped data from TikTok Shop, including payment JSON files, credit card addition reports, and product scrape data. The dataset reportedly covers multiple countries. Content is available behind a point-based paywall with distribution via Telegram.
Date: 2026-05-06T16:37:54Z
Network: openweb
Published URL: https://pwnforums.st/Thread-Data-Scrap-Tiktok-Shop-full-report
Screenshots:
None
Threat Actors: sxxone
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: TikTok Shop
Victim Site: tiktokshop.com
Buyer seeking high-quality private email:password credentials
Category: Combo List
Content: A forum user is posting a want to buy request for private, untouched mail:pass valid credentials. The buyer specifies 100% private lines only and requires a sample before purchase. Contact is via Telegram handle @tinderold.
Date: 2026-05-06T16:35:43Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Buy-hq-data-at-a-high-price-%EF%BC%88Don-t-send-me-junk-bases-for-testing%EF%BC%89
Screenshots:
None
Threat Actors: aken666
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
GOOD CPANEL BY @VOID032
Category: Alert
Content: New thread posted by Dhyazribi001: GOOD CPANEL BY @VOID032
Date: 2026-05-06T16:21:36Z
Network: openweb
Published URL: https://patched.to/Thread-good-cpanel-by-void032
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials marketed as fresh valid hits
Category: Combo List
Content: A threat actor is sharing 7.4K Hotmail credentials described as fresh valid hits on a combolist forum. The post offers hidden content to registered users and advertises additional private data via a separate contact handle.
Date: 2026-05-06T16:20:59Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%90%E2%AD%907-4k-fresh-hotmail-valid-hits-only-%E2%AD%90-private-unrapped-data-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: DAXCLOUUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of IMAP/SMTP combo list including Hotmail credentials
Category: Combo List
Content: A threat actor is selling approximately 2,800 credentials described as UHQ Hotmail, IMAP, SMTP, and cPanel combos marketed as fresh. Access to a private Telegram channel offering these credentials is priced at $15 for 3 days, $30 for one week, and $50 for one month.
Date: 2026-05-06T16:20:13Z
Network: openweb
Published URL: https://patched.to/Thread-2-8k-good-imap
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email access combo list with 22,000 alleged valid hits
Category: Combo List
Content: A threat actor is distributing a mixed email access combo list containing approximately 22,000 credentials marketed as fully valid hits. The post references private data available via direct contact and a public channel. Content is gated behind forum registration or login.
Date: 2026-05-06T16:19:11Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%90%E2%AD%9022k-mix-mail-acces-full-valid-hits%E2%AD%90-private-unrapped-data-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: DAXCLOUUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of SMTP, IMAP, and cPanel credentials combo lists
Category: Combo List
Content: A threat actor is offering for sale access to a private channel containing combo lists advertised as UHQ Hotmail, fresh mix, cPanel, IMAP, SMTP, and cloud-country credentials. Pricing is tiered at $15 for 3 days, $30 for one week, and $50 for one month. The credentials are marketed as fresh and valid for inbox access.
Date: 2026-05-06T16:18:24Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%B0good%E2%9A%9C%EF%B8%8Fsmtp%E2%9A%9C%EF%B8%8Ffresh%E2%9A%9C%EF%B8%8Fvalid%E2%9A%9C%EF%B8%8Ffrom%F0%9F%94%B0
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
🔰170+⚜️GOOD⚜️SMTP⚜️FRESH🔰
Category: Alert
Content: New thread posted by Dhyazribi001: 🔰170+⚜️GOOD⚜️SMTP⚜️FRESH🔰
Date: 2026-05-06T16:17:42Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%B0170-%E2%9A%9C%EF%B8%8Fgood%E2%9A%9C%EF%B8%8Fsmtp%E2%9A%9C%EF%B8%8Ffresh%F0%9F%94%B0
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
1K HQ PRIVATE VALID HOTMAIL
Category: Alert
Content: New thread posted by Dhyazribi001: 1K HQ PRIVATE VALID HOTMAIL
Date: 2026-05-06T16:17:22Z
Network: openweb
Published URL: https://patched.to/Thread-1k-hq-private-valid-hotmail
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mix Mail Access Combo List (4.6K)
Category: Combo List
Content: A combo list of approximately 4,600 mixed mail access credentials is being distributed on a forum. The post requires registration or login to access the hidden content.
Date: 2026-05-06T16:16:39Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-4-6k-mix-mail-access-by-kommander0-06-05
Screenshots:
None
Threat Actors: AnticaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
🔰HQ⚜️FRESH⚜️VALID⚜️MIX🔰
Category: Alert
Content: New thread posted by Dhyazribi001: 🔰HQ⚜️FRESH⚜️VALID⚜️MIX🔰
Date: 2026-05-06T16:16:16Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%B0hq%E2%9A%9C%EF%B8%8Ffresh%E2%9A%9C%EF%B8%8Fvalid%E2%9A%9C%EF%B8%8Fmix%F0%9F%94%B0
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail with 856 valid credentials
Category: Combo List
Content: A threat actor has shared a combo list of 856 claimed valid Hotmail credentials on a cybercrime forum. The content is gated behind registration or login. The credentials are marketed as valid access dated 05.05.2026.
Date: 2026-05-06T16:15:55Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%E2%9B%93%EF%B8%8F%E2%80%8D%F0%9F%92%A5856-hotmail-valid-access-05-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 9K mixed email credentials
Category: Combo List
Content: A forum user shared a combo list of approximately 9,000 mixed email credentials. The content is hidden behind a registration or login requirement. No specific breach source or target service is identified.
Date: 2026-05-06T16:15:03Z
Network: openweb
Published URL: https://patched.to/Thread-9k-mix-mail
Screenshots:
None
Threat Actors: randiman11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of RedX Cloud stealer logs (12,264 records, 23.4GB)
Category: Logs
Content: A threat actor shared a 23.4GB collection of stealer logs attributed to RedX Cloud, containing 12,264 records. The content is hidden behind a registration or login wall, limiting further detail. The post appears on a known leak forum.
Date: 2026-05-06T16:14:41Z
Network: openweb
Published URL: https://patched.to/Thread-23-4gb-logs-redx-cloud-12-264
Screenshots:
None
Threat Actors: R0BIN1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of 1,364 Hotmail credentials, marketed as premium and fresh. The content is gated behind forum registration or login. The named service is a credential-stuffing target, not the breach source.
Date: 2026-05-06T16:14:26Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%E2%9A%A1-1364x-premium-fresh-hotmails-%E2%9A%A1%E2%9A%A1-299460
Screenshots:
None
Threat Actors: Lowza9
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list
Category: Combo List
Content: A threat actor is distributing a combo list of 1,190 Hotmail credentials marketed as private and fresh. The content is hidden behind a registration/login wall on the forum. The credentials are attributed to another user and are likely intended for credential stuffing.
Date: 2026-05-06T16:13:54Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1190x-%E2%AD%90%E2%AD%90-fresh-hq-hotmail-%E2%AD%90%E2%AD%90-299467
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 1,028 Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of 1,028 claimed valid Hotmail credentials, dated May 5, 2026. The content is gated behind registration or login on the forum. No further details about the datas origin are provided.
Date: 2026-05-06T16:13:29Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%E2%9B%93%EF%B8%8F%E2%80%8D%F0%9F%92%A51028-hotmail-valid-access-05-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 93,000 Hotmail credentials allegedly valid as of May 2026
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 93,000 Hotmail domain credentials, marketed as valid as of May 6, 2026. The content is gated behind registration or login on the forum. No breach of Microsoft or Hotmail infrastructure is claimed; the list is intended for credential stuffing.
Date: 2026-05-06T16:13:01Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%99%8B-93k-hotmail-domain-with-valid-06-05-26-%E2%99%8B
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Russia email:password combo list with 1,085K credentials
Category: Combo List
Content: A threat actor known as Maxleak is freely distributing a combo list of approximately 1,085,000 email and password pairs sourced from Russian accounts. The credentials are marketed as fresh and high quality. Access requires forum registration or login.
Date: 2026-05-06T16:11:38Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-1-085-K-%E2%9C%A6-Russia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-6-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Russia Email:Password Combo List with 1,085K credentials
Category: Combo List
Content: A threat actor is freely distributing a combo list of approximately 1,085,000 email and password pairs purportedly sourced from Russia. The credentials are marketed as fresh and high quality. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-06T16:11:29Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-1-085-K-%E2%9C%A6-Russia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-6-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
✦✦ [ 113 K++ ]✦{ Peru }✦Email:Pass✦FRESH✦[ 6-5-2026 ]✦✦
Category: Alert
Content: New thread posted by Maxleak: ✦✦ [ 113 K++ ]✦{ Peru }✦Email:Pass✦FRESH✦[ 6-5-2026 ]✦✦
Date: 2026-05-06T16:11:09Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-113-K-%E2%9C%A6-Peru-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-6-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Peru email and password combo list allegedly containing 113K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 113,000 email and password pairs purportedly from Peruvian accounts. The credentials are marketed as fresh and high quality, dated June 5, 2026. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-06T16:10:58Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-113-K-%E2%9C%A6-Peru-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-6-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Peru
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
✦✦ [ 97 K++ ]✦{ Philippines }✦Email:Pass✦FRESH✦[ 6-5-2026 ]✦✦
Category: Alert
Content: New thread posted by Maxleak: ✦✦ [ 97 K++ ]✦{ Philippines }✦Email:Pass✦FRESH✦[ 6-5-2026 ]✦✦
Date: 2026-05-06T16:10:34Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-97-K-%E2%9C%A6-Philippines-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-6-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Portugal Email:Pass Combo List (90K+)
Category: Combo List
Content: A threat actor shared a combo list of approximately 90,000 email and password pairs purportedly sourced from Portuguese accounts. The credentials are marketed as fresh and high quality, dated June 5, 2026. The list is available via hidden content on the forum and promoted through a Telegram channel.
Date: 2026-05-06T16:10:15Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-90-K-%E2%9C%A6-Portugal-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-6-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Portugal
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of Portuguese email credentials
Category: Combo List
Content: A threat actor known as Maxleak has shared a combo list of approximately 90,000 email:password pairs purportedly associated with Portuguese users. The credentials are marketed as fresh and high quality, dated June 5, 2026. The content is gated behind forum registration or login.
Date: 2026-05-06T16:09:46Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-90-K-%E2%9C%A6-Portugal-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-6-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail
Category: Combo List
Content: A threat actor has shared a combo list of 6,360 Hotmail credentials on a public forum. The content is hidden behind a registration or login requirement. No additional details about the data origin or validity are provided.
Date: 2026-05-06T16:09:30Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-6360x-HOTMAIL
Screenshots:
None
Threat Actors: NotSellerXd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
4 344 Good HOTMAIL GOODS D4RKNETHUB CLOUD 06.05.26
Category: Alert
Content: New thread posted by D4rkNetHub: 4 344 Good HOTMAIL GOODS D4RKNETHUB CLOUD 06.05.26
Date: 2026-05-06T16:09:08Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-4-344-Good-HOTMAIL-GOODS-D4RKNETHUB-CLOUD-06-05-26
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list by D4rkNetHub
Category: Combo List
Content: A threat actor operating as D4rkNetHub is offering a combo list of 4,344 Hotmail credentials on a darknet forum. The credentials are available via a paid cloud service with subscription tiers ranging from $10 for a 3-day trial to $50 for 30-day access. The seller advertises a shop at darknethub.top and directs buyers to a Telegram admin account.
Date: 2026-05-06T16:08:39Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-4-344-Good-HOTMAIL-GOODS-D4RKNETHUB-CLOUD-06-05-26
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Romania Email:Password Combo List with 46K+ Credentials
Category: Combo List
Content: A threat actor shared a combo list containing over 46,000 email and password pairs purportedly sourced from Romania. The credentials are marketed as fresh and high quality. The content is gated behind forum registration or login.
Date: 2026-05-06T16:08:26Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-46-K-%E2%9C%A6-Romania-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-6-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Romania email:password combo list with 46K+ credentials
Category: Combo List
Content: A threat actor shared a combo list containing over 46,000 email and password pairs purportedly from Romanian accounts, marketed as fresh and high quality. The list was made available for free to registered forum members. No specific breached organization is identified.
Date: 2026-05-06T16:07:58Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-46-K-%E2%9C%A6-Romania-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-6-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Romania
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
✦✦ [ 16 K++ ]✦{ Serbia }✦Email:Pass✦FRESH✦[ 6-5-2026 ]✦✦
Category: Alert
Content: New thread posted by Maxleak: ✦✦ [ 16 K++ ]✦{ Serbia }✦Email:Pass✦FRESH✦[ 6-5-2026 ]✦✦
Date: 2026-05-06T16:07:30Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-16-K-%E2%9C%A6-Serbia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-6-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Serbia Email:Pass Combo List
Category: Combo List
Content: A threat actor shared a combo list containing over 16,000 email and password pairs purportedly sourced from Serbia. The credentials are marketed as fresh and high quality. The content is hidden behind a registration/login wall on the forum.
Date: 2026-05-06T16:07:12Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-16-K-%E2%9C%A6-Serbia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-6-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Serbia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
✦✦ [ 14 K++ ]✦{ Singapore }✦Email:Pass✦FRESH✦[ 6-5-2026 ]✦✦
Category: Combo List
Content: New thread posted by CobraEgy: ✦✦ [ 14 K++ ]✦{ Singapore }✦Email:Pass✦FRESH✦[ 6-5-2026 ]✦✦
Date: 2026-05-06T16:06:42Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-14-K-%E2%9C%A6-Singapore-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-6-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
[ ⚡⚡ 1300x SAMPLE HOTMAIL ⚡⚡ ]
Category: Alert
Content: New thread posted by Stevejobs: [ ⚡⚡ 1300x SAMPLE HOTMAIL ⚡⚡ ]
Date: 2026-05-06T16:06:02Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-1300x-SAMPLE-HOTMAIL-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Stevejobs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed combo list with 32K valid credentials
Category: Combo List
Content: A threat actor shared a mixed combo list containing approximately 32,000 valid email:password credential pairs on a dark web forum. The content is hidden behind a registration or login wall. No specific target service or victim organization is identified.
Date: 2026-05-06T16:05:39Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-32K-GOOD-MIX-VALIDS
Screenshots:
None
Threat Actors: StrawHatBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list distribution: Mixed unique credentials
Category: Combo List
Content: A forum member is distributing a mixed unique combo list containing approximately 218,000 credential pairs. The content is hidden behind a registration or login wall on the forum. No specific targeted service or victim organization is identified.
Date: 2026-05-06T16:05:19Z
Network: openweb
Published URL: https://leakforum.io/Thread-MIX-Unique-Combo-4-218000
Screenshots:
None
Threat Actors: UniqueComb
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
⚡⚡ X3082 Valid UHQ Mix ⚡⚡
Category: Combo List
Content: New thread posted by Roronoa044: ⚡⚡ X3082 Valid UHQ Mix ⚡⚡
Date: 2026-05-06T16:04:52Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X3082-Valid-UHQ-Mix-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of email credential combo list with 29K valid entries
Category: Combo List
Content: A threat actor is offering a combo list of 29,000 claimed valid email credentials on a cybercrime forum. The content is hidden behind a registration/login wall. No specific victim organization or country is identified.
Date: 2026-05-06T16:04:26Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-29K-VALID-MAIL-ACCESS–203053
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 258K mixed-domain email combo list
Category: Combo List
Content: A threat actor is offering a mixed-domain email and password combo list containing approximately 258,000 credentials, marketed as valid as of May 6, 2026. The list is available via a linked shop and Telegram channel.
Date: 2026-05-06T16:03:54Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%99%8B-258k-MIX-DOMAIN-WITH-VALID-06-05-26-%E2%99%8B
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of fresh credential databases across multiple countries
Category: Combo List
Content: Threat actor offering fresh database credentials from multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT) with inbox access. Specifically targeting major e-commerce and service platforms including eBay, Amazon, Walmart, Uber, PSN, Booking, Poshmark, Alibaba, Mercari, and Kleinanzeigen. Claims to have private cloud infrastructure with valid webmail access. Soliciting direct messages for specific requests.
Date: 2026-05-06T16:02:21Z
Network: telegram
Published URL: https://t.me/c/2613583520/76771
Screenshots:
None
Threat Actors: Num
Victim Country: Unknown
Victim Industry: E-commerce, Financial Services, Gaming, Travel, Marketplace Platforms
Victim Organization: Unknown
Victim Site: Unknown
OSINT and person-search services offered for France and Switzerland
Category: Services
Content: A threat actor is advertising person-search and OSINT services targeting individuals in France and Switzerland. Services offered include lookups by phone number, name, username, email, and license plate, as well as alleged access to police files, priced between $65 and $350 per query. Payment is accepted in Monero (XMR).
Date: 2026-05-06T15:43:29Z
Network: openweb
Published URL: https://pwnforums.st/Thread-FR-Search-For-A-Person
Screenshots:
None
Threat Actors: shabat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Canada UHQ combo list with 255K credentials
Category: Combo List
Content: A threat actor is distributing a combo list marketed as UHQ containing approximately 255,000 credentials associated with Canadian accounts. No further details are available from the post content.
Date: 2026-05-06T15:41:03Z
Network: openweb
Published URL: https://pwnforums.st/Thread-255K-Canada-UHQ-Combolist
Screenshots:
None
Threat Actors: Megatron
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Chile combo list with 103K credentials
Category: Combo List
Content: A threat actor shared a combo list purportedly containing 103,000 credentials associated with Chilean users. The list is marketed as high-quality and fresh. No specific breached organization is identified.
Date: 2026-05-06T15:38:35Z
Network: openweb
Published URL: https://pwnforums.st/Thread-103K-CHILE-HQ-Fresh-Combolist
Screenshots:
None
Threat Actors: Megatron
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Forum Staff Application Submission by User punk
Category: Alert
Content: A user named punk submitted a staff application on PwnForums, claiming to be a manager at spear.cx with prior moderation experience. The post is a forum-meta submission and does not contain actionable threat content.
Date: 2026-05-06T15:34:37Z
Network: openweb
Published URL: https://pwnforums.st/Thread-punks-staff-application
Screenshots:
None
Threat Actors: punk
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
binance dataabases
Category: Alert
Content: New thread posted by Caradao: binance dataabases
Date: 2026-05-06T15:31:13Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-binance-dataabases
Screenshots:
None
Threat Actors: Caradao
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
(Brazil) CEMIG, 1.6M phone numbers, full Watson export
Category: Alert
Content: New thread posted by tarot: (Brazil) CEMIG, 1.6M phone numbers, full Watson export
Date: 2026-05-06T15:27:34Z
Network: openweb
Published URL: https://pwnforums.st/Thread-VERIFIED-Brazil-CEMIG-1-6M-phone-numbers-full-Watson-export
Screenshots:
None
Threat Actors: tarot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Wave Roblox Executor
Category: Data Breach
Content: A threat actor is selling the alleged database of Wave Executor, a Roblox executor tool with over 96,000 Discord members. The dataset reportedly includes key hashes, HWIDs, usernames, expiration dates, and session logs up to May 5, 2026, exported from the platforms key management panel. The seller also claims to possess old admin login credentials and notes that partial keys in the logs can be brute-forced via an unratelimited Wave API endpoint.
Date: 2026-05-06T15:26:30Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-Wave-Roblox-Executor
Screenshots:
None
Threat Actors: bytedev
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Wave Executor
Victim Site: getwave.gg
Alleged data breach of GreenDropship
Category: Data Breach
Content: A threat actor is allegedly selling a dataset attributed to greendropship.com containing approximately 2 million rows of US customer records including names, phone numbers, and addresses.
Date: 2026-05-06T15:23:25Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-USA-2-million-rows-NAME-PHONE-ADDRESS-greendropship-com
Screenshots:
None
Threat Actors: faoced
Victim Country: United States
Victim Industry: Retail
Victim Organization: GreenDropship
Victim Site: greendropship.com
Alleged data breach of iltoexams.com
Category: Data Breach
Content: A threat actor is selling an alleged database dump from iltoexams.com containing approximately 125,000 records. The dataset includes names, email addresses, hashed passwords, and phone numbers. The data is offered for $500 with sample records provided as proof.
Date: 2026-05-06T15:22:40Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-USA-125k-Name-Email-Password-Hash-Phone-iltoexams-com
Screenshots:
None
Threat Actors: faoced
Victim Country: United States
Victim Industry: Education
Victim Organization: iltoexams.com
Victim Site: iltoexams.com
Sale of database from Vietnamese automotive service platform datlichbaoduong.com
Category: Data Breach
Content: A threat actor is offering for sale a database allegedly obtained from datlichbaoduong.com, a Vietnamese vehicle maintenance scheduling platform. The dataset contains approximately 125,000 records including full names and phone numbers, with additional tables totaling 1.4 GB. The data is priced at $1,000 and the seller is accepting contact via private message or Telegram.
Date: 2026-05-06T15:21:07Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-Vietnamese-125k-Name-Phone-dlbd-vn-datlichbaoduong-com
Screenshots:
None
Threat Actors: faoced
Victim Country: Vietnam
Victim Industry: Automotive
Victim Organization: Dat Lich Bao Duong
Victim Site: datlichbaoduong.com
Alleged data breach of IUNGO Cloud Brazil — 21 million customer records for sale
Category: Data Breach
Content: A threat actor is selling an alleged 73GiB Portabilling database from IUNGO Cloud, a Brazilian cloud-telephony provider. The dataset reportedly contains 21 million customer records including PII, call detail records, customer balances, email addresses, phone numbers, and passwords. The seller claims this is a one-time sale and provides a Pastebin sample as proof.
Date: 2026-05-06T15:20:09Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-IUNGO-Cloud-Brazil-21M-Customers-73GiB-Portabilling-Database
Screenshots:
None
Threat Actors: Fronx
Victim Country: Brazil
Victim Industry: Telecommunications
Victim Organization: IUNGO Cloud
Victim Site: iungo.cloud
Alleged sale of Kuwait personal information database
Category: Data Breach
Content: A threat actor is offering for sale a Kuwait personal information database containing approximately 93,147 records. Sample data includes full names, email addresses, and phone numbers. The database is priced at $90.
Date: 2026-05-06T15:19:15Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-Kuwait-Personal-Information-Database
Screenshots:
None
Threat Actors: moxzey
Victim Country: Kuwait
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of VIP Buenaventura (Taxi Colombia)
Category: Data Breach
Content: A threat actor is selling an alleged database dump from vipbuenaventura.com, a Colombian taxi/ride service platform, containing 70,000 rows of user data. The dataset includes first and last names, phone numbers, email addresses, and Bcrypt-hashed passwords, along with geolocation and device metadata. The seller is asking $700 for exclusive access and provides a sample CSV as proof.
Date: 2026-05-06T15:18:12Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-Taxi-Colombia-70-000-rows-Name-Phone-Email-Password-Bcrypt-vipbuenaventura-com
Screenshots:
None
Threat Actors: faoced
Victim Country: Colombia
Victim Industry: Transportation
Victim Organization: VIP Buenaventura
Victim Site: vipbuenaventura.com
Alleged data breach of Digipart
Category: Data Breach
Content: A threat actor is selling an alleged database from digipart.fr containing approximately 100,000 records with names, addresses, and phone numbers of French individuals.
Date: 2026-05-06T15:16:34Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-France-100k-Name-Address-Phone-number-digipart-fr
Screenshots:
None
Threat Actors: faoced
Victim Country: France
Victim Industry: Retail
Victim Organization: Digipart
Victim Site: digipart.fr
Alleged data breach of SAG Surf Club (sagsurfclub.com)
Category: Data Breach
Content: A threat actor is selling an alleged database dump from sagsurfclub.com containing approximately 140,000 records including names, email addresses, bcrypt-hashed passwords, and phone numbers. The dataset is priced at $700 and includes a sample showing structured fields such as addresses, Stripe customer IDs, and plaintext password strings. The seller accepts escrow.
Date: 2026-05-06T15:15:27Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-USA-140k-Name-Email-Password-Hash-Bcrypt-Phone-www-sagsurfclub-com
Screenshots:
None
Threat Actors: faoced
Victim Country: United States
Victim Industry: Recreation
Victim Organization: SAG Surf Club
Victim Site: sagsurfclub.com
Alleged data leak of Chinese ID cards, credit cards, contracts, and business information (11.7GB)
Category: Data Leak
Content: A threat actor is freely distributing an 11.7GB archive purportedly containing Chinese ID cards, credit card data, contracts, and business information. The post is part of a multi-part series and requires forum engagement to access the hidden download link. No specific breached organization is identified.
Date: 2026-05-06T15:12:18Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DOCUMENTS-CHINA-ID-Cards-Credit-Cards-Business-Information-11-7GB-Part-2
Screenshots:
None
Threat Actors: ALTGIANT
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alert: User requesting Japanese identification documents
Category: Alert
Content: A forum user posted a request seeking Japanese identification documents. No threat data, breach, or sale offer is present in the post.
Date: 2026-05-06T15:11:18Z
Network: openweb
Published URL: https://pwnforums.st/Thread-21323
Screenshots:
None
Threat Actors: southerngilda
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of cabinetmedical.be
Category: Data Leak
Content: A threat actor claiming to be AplaGroup has leaked a database from cabinetmedical.be, a Belgian medical cabinet website. The dump allegedly contains approximately 10,000 records including full names, dates of birth, email addresses, phone numbers, postal addresses, and encrypted passwords. The actor claims the breach was achieved by exploiting an SQL vulnerability on the site.
Date: 2026-05-06T15:09:10Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-BE-cabinetmedical-be-looser
Screenshots:
None
Threat Actors: AplaGroup
Victim Country: Belgium
Victim Industry: Healthcare
Victim Organization: Cabinet Medical
Victim Site: cabinetmedical.be
Alleged data leak of 25 French and international databases including government, health, retail, and sports federation records
Category: Data Leak
Content: A threat actor has made available a collection of 25 databases primarily targeting French organizations across government, healthcare, retail, education, and sports federation sectors. The pack includes SQL dumps, PII, credentials, and sensitive records — notably health insurance data with SSNs, COVID-19 health records, and government platform data from resana.gouv.fr. The 3 GB compressed archive is distributed via a points-gated download on the forum.
Date: 2026-05-06T15:08:09Z
Network: openweb
Published URL: https://pwnforums.st/Thread-COLLECTION-Massive-French-and-more-Database-Pack-25-DB
Screenshots:
None
Threat Actors: Kaminski
Victim Country: France
Victim Industry: Multiple
Victim Organization: Multiple Organizations
Victim Site: Unknown
Alleged data breach of Instituto Consorcio Clavijero (ICC)
Category: Data Leak
Content: Threat actors Z3r00 and MagoSpeak of SpeakTeam claim to have breached Instituto Consorcio Clavijero (ICC), a Mexican online education platform in Veracruz. The leaked dataset allegedly contains student records including enrollment numbers, full names, CURP national ID numbers, and home addresses. The data has been made available for free download via an external file-sharing link.
Date: 2026-05-06T15:07:10Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-VERACRUZ-MEXICO-Instituto-Consorcio-Clavijero-ICC-39-000
Screenshots:
None
Threat Actors: Z3r00
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Instituto Consorcio Clavijero
Victim Site: Unknown
Alleged data leak of Määrdekeskus
Category: Data Leak
Content: A threat actor operating as NightBroker claims to have breached maardekeskus.ee, an Estonian lubricant and oil retailer, and has freely shared a 119MB SQL database dump on a forum. The leaked file reportedly contains 174 tables, with the oc_customer table exposing 4,108 records including full names, email addresses, telephone numbers, MD5-hashed passwords with salts, and IP addresses. Sample customer records were posted publicly as proof.
Date: 2026-05-06T15:06:12Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-M%C3%A4%C3%A4rdekeskus-Leaked-Download
Screenshots:
None
Threat Actors: NightBroker
Victim Country: Estonia
Victim Industry: Retail
Victim Organization: Määrdekeskus
Victim Site: maardekeskus.ee
Alleged data leak of IUNGO Cloud (Brazil) — 21 million email addresses
Category: Data Leak
Content: A threat actor known as Fronx claims to have breached IUNGO Cloud, a Brazilian cloud-telephony provider, and is freely distributing approximately 21 million unique email addresses from the compromised database. The post notes the full 73 GiB PortaBilling database remains available for sale in a separate thread. The leaked content is gated behind forum points.
Date: 2026-05-06T15:04:52Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-IUNGO-Cloud-Brazil-21M-Users-Corporate-Email-Addresses
Screenshots:
None
Threat Actors: Fronx
Victim Country: Brazil
Victim Industry: Telecommunications
Victim Organization: IUNGO Cloud
Victim Site: iungo.com.br
Alleged data breach of Vimeo, Inc. via third-party vendor Anodot
Category: Data Leak
Content: A threat actor identified as ShinyHunters claims to have breached Vimeo, Inc. by gaining access to data stored within third-party analytics vendor Anodot, compromising approximately 102,267 unique email addresses and an estimated 296,396 total records. The stolen data, which includes full names, email addresses, and streaming analytics metadata, was allegedly released on April 28, 2026, after Vimeo refused to pay a ransom demand. The data has been made available on the forum at no charge.
Date: 2026-05-06T15:01:53Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Vimeo-Inc-vimeo-com-2026-04-28-102-00K-Users
Screenshots:
None
Threat Actors: thelastwhitehat
Victim Country: United States
Victim Industry: Technology
Victim Organization: Vimeo, Inc.
Victim Site: vimeo.com
Combo list of 810 Hotmail valid credentials
Category: Combo List
Content: A threat actor on a combolist forum is distributing a set of 810 Hotmail credentials marketed as valid access, dated May 5, 2026. The content is gated behind registration or login. Hotmail is the credential-stuffing target, not the breach source.
Date: 2026-05-06T14:59:52Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%E2%9B%93%EF%B8%8F%E2%80%8D%F0%9F%92%A5810-hotmail-valid-access-05-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ Mix combo list with 3,648 records
Category: Combo List
Content: A threat actor shared a combo list marketed as HQ Mix containing 3,648 email:password pairs. The content is hidden behind a login/registration wall on the forum.
Date: 2026-05-06T14:58:21Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X3648-HQ-Mix-%E2%9A%A1%E2%9A%A1-BY-Stevee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
30K Germany Fresh Mail Access Combo List
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 30,000 German email account credentials, marketed as fresh and high quality. The list is gated behind a reply requirement on the forum.
Date: 2026-05-06T14:52:07Z
Network: openweb
Published URL: https://altenens.is/threads/30k-germay-fresh-mail-access-just-top-quality-06-05.2935489/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of verified high-income USA personal data
Category: Data Breach
Content: A threat actor is offering for sale a database of 2 million verified high-income United States individuals, described as wealthy leads. The seller provides a sample image and requests interested parties contact them via Telegram for further details.
Date: 2026-05-06T14:49:55Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Verified-High-Income-USA-Data
Screenshots:
None
Threat Actors: Mikhel
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of tech-16.co.jp by XYZ (Alpha Wolf Team)
Category: Defacement
Content: A threat actor identified as XYZ, operating under the team name Alpha Wolf, defaced the Japanese technology company website tech-16.co.jp on May 6, 2026. The attack targeted a Linux-based web server and resulted in a single-page defacement rather than a mass or home page defacement. A mirror of the defaced content was archived at haxor.id.
Date: 2026-05-06T14:48:56Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248882
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Japan
Victim Industry: Technology
Victim Organization: Tech-16
Victim Site: tech-16.co.jp
Sale of crypto cold wallet leads
Category: Data Breach
Content: A threat actor is offering for sale leads associated with cryptocurrency cold wallet holders. The seller claims the data is not from public leaks and not from the known Ledger 2020 breach, and states multiple wallet types are included. No further details on record count or source organization are provided.
Date: 2026-05-06T14:48:17Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-crypto-cold-wallets-leads
Screenshots:
None
Threat Actors: lordrings10
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of USA car insurance database
Category: Data Breach
Content: A threat actor is allegedly selling a database of US car insurance records. No further details about the victim organization, record count, or data fields are available from the post content.
Date: 2026-05-06T14:45:26Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-USA-Car-Insurance-Database
Screenshots:
None
Threat Actors: Mikhel
Victim Country: United States
Victim Industry: Insurance
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of dyizer360.com by RAZOR of INDOHAXSEC
Category: Defacement
Content: On May 6, 2026, the website dyizer360.com was defaced by threat actor RAZOR, affiliated with the Indonesian hacktivist group INDOHAXSEC. The attack targeted the homepage of the site in a single targeted defacement operation. No specific motive or technical details were disclosed in the available intelligence.
Date: 2026-05-06T14:42:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917676
Screenshots:
None
Threat Actors: ./RAZOR, INDOHAXSEC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Dyizer360
Victim Site: dyizer360.com
Alleged data breach of Croesus
Category: Data Breach
Content: A threat actor is selling an alleged user database from croesus.com containing 19,220 records in CSV format. Sample data includes full names, phone numbers, and physical addresses of Canadian residents. The database is priced at $250.
Date: 2026-05-06T14:40:26Z
Network: openweb
Published URL: https://breached.st/threads/canada-croesus-com-19-220.86849/unread
Screenshots:
None
Threat Actors: moxzey
Victim Country: Canada
Victim Industry: Finance
Victim Organization: Croesus
Victim Site: croesus.com
Website Defacement of Tech-16 by XYZ (Alpha Wolf Team)
Category: Defacement
Content: On May 6, 2026, the Japanese technology company Tech-16 (tech-16.co.jp) had its homepage defaced by a threat actor identified as XYZ, operating under the group Alpha Wolf. The attack was a targeted single-site homepage defacement, with no indication of mass or repeated defacement activity. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-06T14:39:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917677
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Japan
Victim Industry: Technology
Victim Organization: Tech-16
Victim Site: tech-16.co.jp
Alleged Zoominfo credential logs available on hacking forum
Category: Logs
Content: A post on XF forum advertises 100 lines of ZoomInfo logs. The content appears to be stealer log output containing credentials associated with ZoomInfo accounts. No additional details are available from the post content.
Date: 2026-05-06T14:28:55Z
Network: openweb
Published URL: https://xforums.st/threads/zoominfo-logs-100-lines-by-x-forums.613549/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: United States
Victim Industry: Technology
Victim Organization: ZoomInfo
Victim Site: zoominfo.com
Alleged data leak of Zsknk.sk credentials
Category: Logs
Content: Stealer logs associated with zsknk.sk were shared on the forum, containing 2 credential entries. The post was attributed to X Forums with no additional content available.
Date: 2026-05-06T14:27:11Z
Network: openweb
Published URL: https://xforums.st/threads/zsknk-sk-logs-2-lines-by-x-forums.613550/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: zsknk.sk
Distribution of stealer logs with credentials
Category: Logs
Content: A post on XF forum advertises 2,083 stealer logs, each containing 100 lines of credential data, distributed under the X Forums label. No additional details about affected organizations or geographic scope are provided in the post.
Date: 2026-05-06T14:18:39Z
Network: openweb
Published URL: https://xforums.st/threads/2083-logs-100-lines-by-x-forums.613551/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of stealer logs from Frontend Jupiter
Category: Logs
Content: A forum post on XF advertises a set of stealer logs containing 100 lines, attributed to X Forums. The logs appear to be indexed from a frontend Jupiter index.html source. No further details about victim organizations or geographic scope are available.
Date: 2026-05-06T14:12:26Z
Network: openweb
Published URL: https://xforums.st/threads/frontend-jupiter-index-html-logs-100-lines-by-x-forums.613552/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of stealer logs
Category: Logs
Content: A set of 69 lines of stealer logs attributed to X Forums was shared on the forum. No additional details about the victims or log contents were provided in the post.
Date: 2026-05-06T14:08:00Z
Network: openweb
Published URL: https://xforums.st/threads/mmaz-logs-69-lines-by-x-forums.613553/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of WordPress login credential combo list with 1 million records
Category: Combo List
Content: A threat actor is distributing a 63.79 MB text file containing approximately 1 million URL/email/password combos targeting WordPress wp-login.php endpoints across various domains. The credentials are formatted as login URL, username or email, and plaintext password. The file is available to registered forum members via download.
Date: 2026-05-06T13:58:58Z
Network: openweb
Published URL: https://xforums.st/threads/wp-login-php-results-by-x-forums.613554/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Hotmail Credentials (1.4K)
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1,400 Hotmail email account credentials. The content is gated behind registration or login on the forum. These credentials are likely intended for use in credential stuffing or account takeover activity.
Date: 2026-05-06T13:55:22Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%901-4k-hotmail-mail-access-%E2%AD%90
Screenshots:
None
Threat Actors: agha24
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list shared on forum
Category: Combo List
Content: A threat actor shared a combo list of 787 Hotmail email credentials on a forum, marketed as VIP Cloud access. The content is hidden behind a login/registration wall and the data is described as old.
Date: 2026-05-06T13:54:49Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%8D%A7x787-hotmail-mail-access%F0%9F%8D%A7%E2%9C%A8-05-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list shared on forum
Category: Combo List
Content: A threat actor shared a combo list of 869 Hotmail email credentials on a public forum. The content is described as old data and is hidden behind a registration/login wall. The post is marketed as VIP Cloud access credentials.
Date: 2026-05-06T13:54:29Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%8D%A7x869-hotmail-mail-access%F0%9F%8D%A7%E2%9C%A8-05-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is offering 350 allegedly valid Hotmail credentials, marketed as fresh hits. The content is hidden behind a login/registration wall on the forum.
Date: 2026-05-06T13:54:10Z
Network: openweb
Published URL: https://patched.to/Thread-contributor-%E2%9C%A8-350x-fresh-hotmail-valid-%E2%9C%A8-299368
Screenshots:
None
Threat Actors: SNSS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free South Korea email combo list (Batch 25/100)
Category: Combo List
Content: A threat actor has freely shared a batch of South Korean email credentials, labeled as batch 25 of 100. The content is hidden behind a registration or login wall. No specific victim organization or record count is disclosed.
Date: 2026-05-06T13:53:39Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-free-premium-south-korea-email-list-batch-25-100
Screenshots:
None
Threat Actors: emaildbpro
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 1.1K Hotmail credentials shared on forum
Category: Combo List
Content: A combo list of approximately 1,100 Hotmail credentials, marketed as fully valid, was shared on a forum by user Kommander0. The content is hidden behind a registration or login requirement.
Date: 2026-05-06T13:53:10Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1-1k-hotmail-full-valid-by-kommander0-06-05
Screenshots:
None
Threat Actors: AnticaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail (588 credentials)
Category: Combo List
Content: A combo list of 588 Hotmail mail access credentials was shared on a forum. The post labels the content as VIP Cloud and notes the data is old. Access to the content requires registration or login.
Date: 2026-05-06T13:52:50Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%8D%A7x588-hotmail-mail-access%F0%9F%8D%A7%E2%9C%A8-05-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 100 million URL:email:password credentials
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 100 million URL:email:password credential pairs via a hidden forum link. The content requires registration or login to access. No specific victim organization is identified.
Date: 2026-05-06T13:52:08Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%8E%81-100-milion-url-email-pass-%F0%9F%8E%81
Screenshots:
None
Threat Actors: JGH231
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ valid mail combo list
Category: Combo List
Content: A threat actor is sharing a combo list advertised as 938 UHQ valid email credentials. The content is hidden behind a forum registration or login wall. No specific breach source or target service is identified.
Date: 2026-05-06T13:51:41Z
Network: openweb
Published URL: https://patched.to/Thread-938x-uhq-valid-mail
Screenshots:
None
Threat Actors: randiman11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Spotify Premium account upgrade service
Category: Services
Content: A forum seller is offering Spotify Premium 12-month account upgrades at discounted prices ($34.99 for 12 months, $7.99 for 3 months), applied to a buyers own account. The service is advertised with a 12-month warranty and marketed as safe and official access.
Date: 2026-05-06T13:51:34Z
Network: openweb
Published URL: https://patched.to/Thread-gladiator-%E2%AD%90-spotify-music-premium-12-months-account-upgrade-on-your-own-account-mail%E2%9A%A180-off%E2%AD%90
Screenshots:
None
Threat Actors: MINDHUNTER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mix Mail Combo List Including Hotmail, Outlook, AOL, GMX, Inbox, iCloud, and Live
Category: Combo List
Content: A threat actor is distributing a mixed mail combo list targeting multiple email providers including Hotmail, Outlook, AOL, GMX, Inbox, iCloud, and Live. The content is gated behind registration or login on the forum. No record count is specified in the post.
Date: 2026-05-06T13:51:05Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-mix-mail-combo-hotmail-outlook-aol-gmx-inbox-icloud-live-2026-5-3
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Claude API keys with token balance
Category: Data Leak
Content: A threat actor is freely distributing what are claimed to be Claude API keys with approximately 1.2 million fresh tokens across Claude Opus and other models. The post offers a free sample and encourages community engagement in exchange for access to the hidden content.
Date: 2026-05-06T13:50:46Z
Network: openweb
Published URL: https://patched.to/Thread-nova-%E2%9C%A8-1-2-fresh-million-tokens-claude-opus-4-7-and-more-api-key-%E2%9C%A8
Screenshots:
None
Threat Actors: JVZU
Victim Country: United States
Victim Industry: Technology
Victim Organization: Anthropic
Victim Site: anthropic.com
Combo List – Private Mix shared by BatmanMail
Category: Combo List
Content: A forum member is distributing a private mix combo list via a hidden content gate requiring registration or login. No further details about the contents, record count, or targeted services are visible.
Date: 2026-05-06T13:50:32Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-private-mix-batmanmail
Screenshots:
None
Threat Actors: BatmanMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 60 million URL:Login:Password combo list with mixed categories
Category: Combo List
Content: A threat actor is offering a combo list of 60 million URL:Login:Password credentials spanning mixed target categories. The content is gated behind registration or login on the forum. No specific victim organization is identified.
Date: 2026-05-06T13:50:25Z
Network: openweb
Published URL: https://patched.to/Thread-60m-ulp-target-url-logg-pass-mix-categories-by-dadazone-v2
Screenshots:
None
Threat Actors: dadazone
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of IMAP credential hits combo list
Category: Combo List
Content: A forum user is distributing a combo list advertised as approximately 4,000 IMAP credential hits. The content is hidden behind a registration or login wall. No specific victim organization or country is identified.
Date: 2026-05-06T13:49:58Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-4k-imap-hits
Screenshots:
None
Threat Actors: FlashCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail with 500 credentials across multiple regions
Category: Combo List
Content: A threat actor is distributing a combo list of 500 Hotmail credentials sourced from users across the USA, Europe, Asia, and Russia. The content is gated behind registration or login on the forum. No additional details about data fields or verification status are available.
Date: 2026-05-06T13:49:37Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-500x-hotmail-access-combo-usa-europe-asia-russian
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fresh mix combo list with 41,907 lines
Category: Combo List
Content: A threat actor is distributing a mixed combo list containing 41,907 email:password lines. The content is hidden behind a registration/login wall on the forum. The actor promotes a Telegram channel for additional data distribution.
Date: 2026-05-06T13:49:27Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-41-907-Lines-Fresh-Mix-Combolist
Screenshots:
None
Threat Actors: stormtrooper
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alert: Forum post promoting AccountingBizz Forum
Category: Alert
Content: A forum post promotes AccountingBizz Forum, an accounting and crypto discussion community. The post describes how crypto experts respond to user inquiries. No threat activity or sensitive data is involved.
Date: 2026-05-06T13:48:47Z
Network: openweb
Published URL: https://nulledbb.com/thread-How-are-crypto-related-questions-handled-by-the-experts-in-AccountingBizz-Forum
Screenshots:
None
Threat Actors: Forumaccbizz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list distribution: 2,445 mixed credentials
Category: Combo List
Content: A threat actor is distributing a mixed combo list containing 2,445 credential pairs, marketed as fresh. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-06T13:47:29Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-2445x-FRESH-MIX-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Nulled07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail combo list of 835 credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 835 Hotmail credentials, marketed as private and fresh. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-06T13:47:02Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-835x-%E2%AD%90%E2%AD%90-FRESH-HQ-HOTMAIL-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: KiwiShioo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list sample with 1,135 credentials
Category: Combo List
Content: A threat actor is distributing a sample combo list of 1,135 Hotmail credentials on a leak forum. The content is gated behind registration or login. No further details about the data origin are provided.
Date: 2026-05-06T13:46:24Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-1135x-SAMPLE-HOTMAIL-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Stevejobs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mix unique combo list with 218,000 credentials
Category: Logs
Content: A mixed combo list containing approximately 218,000 unique credentials was shared on a cybercrime forum. The post was made in a mail access and combolists section, suggesting the credentials may be intended for credential stuffing or account takeover activity. No additional details were available in the post content.
Date: 2026-05-06T13:43:05Z
Network: openweb
Published URL: https://xforums.st/threads/mix-unique-combo_3_218000.613555/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 3.4K Hotmail combo list
Category: Logs
Content: A threat actor is distributing a combo list of approximately 3,400 Hotmail email credentials, marketed as fresh and dated May 6. Access to the download link requires forum registration.
Date: 2026-05-06T13:42:23Z
Network: openweb
Published URL: https://xforums.st/threads/3-4k-hotmail-fresh-mail-access-06-05.613556/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of SIPEF
Category: Data Breach
Content: A threat actor posted an alleged employee directory database for SIPEF, an international agro-industrial company headquartered in Belgium. The leaked data includes full names, email addresses, phone numbers, organizational units, job titles, roles, and physical addresses of employees across multiple subsidiaries in Indonesia, Papua New Guinea, Ivory Coast, and Belgium. The data appears to have been sourced from an internal directory system and is gated behind forum registration.
Date: 2026-05-06T13:37:27Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-sipef-com-EmployeeDirectory-SIPEF-2026
Screenshots:
None
Threat Actors: BlackoutNomad
Victim Country: Belgium
Victim Industry: Agriculture
Victim Organization: SIPEF
Victim Site: sipef.com
Request for bulletproof Windows VPS/RDP service allowing RAT hosting
Category: Services
Content: A forum user is requesting a Windows VPS/RDP provider that permits hosting of remote access trojans (RATs) with port forwarding capabilities. The post is a service inquiry rather than a threat claim or data sale.
Date: 2026-05-06T13:34:19Z
Network: openweb
Published URL: https://hackforums.net/showthread.php?tid=6324976
Screenshots:
None
Threat Actors: syrianwolf85
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of zhigong.yibao.cn — 80 million Chinese employee medical insurance records
Category: Data Leak
Content: A threat actor known as MDGhost is distributing an alleged dataset from zhigong.yibao.cn, a Chinese employee medical insurance platform, containing approximately 80 million records dated 2025-2026. The data purportedly includes full names, addresses, phone numbers, and national ID numbers in CSV format. The actor is advertising the dataset via Telegram.
Date: 2026-05-06T13:28:30Z
Network: openweb
Published URL: https://breached.st/threads/80m-zhigong-yibao-cn-2025-2026-employee-medical-insurance.86847/unread
Screenshots:
None
Threat Actors: MDGhost
Victim Country: China
Victim Industry: Healthcare
Victim Organization: zhigong.yibao.cn
Victim Site: zhigong.yibao.cn
Alleged data leak of Lampung Tengah Regional Government database
Category: Data Leak
Content: A threat actor leaked a sample database allegedly belonging to the Lampung Tengah Regional Government of Indonesia. The sample contains phone numbers, email addresses associated with government departments, and employee ID numbers (Nomor Induk Pegawai). The data was shared freely on a public forum.
Date: 2026-05-06T13:27:54Z
Network: openweb
Published URL: https://breached.st/threads/leak-sample-database-pemerintah-kabupaten-lampung-tengah-go-id.86848/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Pemerintah Kabupaten Lampung Tengah
Victim Site: lampungtengahkab.go.id
Alleged data breach of Pemerintah Kabupaten Lampung Tengah (Central Lampung Regency Government)
Category: Data Breach
Content: A threat actor using the handle mr-hanz-xploit has posted a leak sample of a database allegedly from Pemerintah Kabupaten Lampung Tengah (Central Lampung Regency Government) on Breachforums. The post includes a sample of the breached data.
Date: 2026-05-06T13:26:31Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/97
Screenshots:
None
Threat Actors: mr-hanz-xploit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Pemerintah Kabupaten Lampung Tengah
Victim Site: lampungtengahkab.go.id
Alleged data leak of Aman Resorts (aman.com) Salesforce records by ShinyHunters
Category: Data Leak
Content: ShinyHunters group allegedly leaked over 507,000 Salesforce records belonging to luxury hospitality chain Aman Resorts. The data, shared in JSONL format, contains personally identifiable information including guest names, email addresses, phone numbers, birthdates, and account metadata. Approximately 215,000 unique user records are reportedly included in the dataset.
Date: 2026-05-06T13:23:53Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Aman-Resorts-aman-com-leak
Screenshots:
None
Threat Actors: [Mod] Tanaka
Victim Country: Unknown
Victim Industry: Hospitality
Victim Organization: Aman Resorts
Victim Site: aman.com
Alleged cyber operation by MuddyWater group targeting organization via Microsoft Teams social engineering
Category: Cyber Attack
Content: Security report details an alleged cyber operation by MuddyWater, a group attributed to Iran, conducting espionage activities disguised as a ransomware attack in 2026. Attackers exploited Microsoft Teams screen-sharing sessions to gain initial access, stole credentials, established persistent access using AnyDesk and DWAgent tools, and exfiltrated data from the target network.
Date: 2026-05-06T13:15:11Z
Network: telegram
Published URL: https://t.me/c/1283513914/21592
Screenshots:
None
Threat Actors: MuddyWater
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List shared on X Forums containing URL, email, and password combinations
Category: Combo List
Content: A combo list of 100 lines containing URL, email, and password combinations was shared on X Forums. The file includes credentials associated with various websites and services. The content is available to registered forum members.
Date: 2026-05-06T13:09:02Z
Network: openweb
Published URL: https://xforums.st/threads/antena-logs-100-lines-by-x-forums.612406/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email/password combo list
Category: Combo List
Content: A single-line email/password combo was shared on XF forums. The file, attributed to X FORUMS, contains one credential entry in plain text format. The content type is listed as Email/Password Combo.
Date: 2026-05-06T12:58:51Z
Network: openweb
Published URL: https://xforums.st/threads/antoricky20-gmail-com-logs-1-lines-by-x-forums.612407/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting AnyDesk user accounts
Category: Combo List
Content: A combo list of 100 URL:email:password lines targeting AnyDesk (my.anydesk.com) accounts has been shared on XForums. The credentials are formatted for credential stuffing against AnyDesks authentication endpoints. The file was distributed as a free download to registered forum members.
Date: 2026-05-06T12:53:59Z
Network: openweb
Published URL: https://xforums.st/threads/anydesk-logs-100-lines-by-x-forums.612408/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged logs from api.m3u.kingiptv.pro distributed on XForums
Category: Logs
Content: A single-line log file containing URL/email/password combo data associated with api.m3u.kingiptv.pro was shared on XForums. The file is attributed to stealer log output and made available for download to registered forum members.
Date: 2026-05-06T12:52:17Z
Network: openweb
Published URL: https://xforums.st/threads/api-m3u-kingiptv-pro-logs-1-lines-by-x-forums.612409/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Media & Entertainment
Victim Organization: KingIPTV
Victim Site: api.m3u.kingiptv.pro
Alleged credential logs for api.yper.io distributed on XF forum
Category: Logs
Content: A threat actor distributed a small stealer log file containing 3 credential lines associated with api.yper.io, including URL, email, and plaintext password combinations. The file was made available for download on the XF forum.
Date: 2026-05-06T12:47:19Z
Network: openweb
Published URL: https://xforums.st/threads/api-yper-io-logs-3-lines-by-x-forums.612410/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Yper
Victim Site: api.yper.io
Leak of API key logs containing credentials for multiple platforms
Category: Logs
Content: A threat actor distributed a file containing 100 lines of API key logs with URL, email, and password combinations across multiple platforms including Ingenico, WordPress, CCAvenue, and Wappalyzer. The logs were shared freely on an underground forum. The data appears to be stealer log output targeting API key endpoints across various services.
Date: 2026-05-06T12:45:25Z
Network: openweb
Published URL: https://xforums.st/threads/apikey-logs-100-lines-by-x-forums.612411/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of admin login credentials for Apisperu.com
Category: Initial Access
Content: A threat actor shared a file containing two admin login credentials for apisperu.com, including URLs pointing to the sites admin login panel along with associated email and password pairs. The file was made available for download via a forum post on XForums.
Date: 2026-05-06T12:38:05Z
Network: openweb
Published URL: https://xforums.st/threads/apisperu-com-admin-login-2-lines-by-x-forums.612412/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Peru
Victim Industry: Unknown
Victim Organization: Apisperu
Victim Site: apisperu.com
Alleged data leak of Peru Ministry of Interior (MININTER) SIGE portal credentials
Category: Logs
Content: A threat actor has distributed 43 lines of stealer logs containing URL/email/password combos associated with the Peruvian Ministry of Interiors SIGE portal (aplicaciones.mininter.gob.pe). The logs were made available for free download on the forum. Sample data includes plaintext credentials tied to the government login endpoint.
Date: 2026-05-06T12:28:42Z
Network: openweb
Published URL: https://xforums.st/threads/aplicaciones-mininter-gob-pe-sige-logs-43-lines-by-x-forums.612413/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Peru
Victim Industry: Government
Victim Organization: Ministry of Interior of Peru (MININTER)
Victim Site: aplicaciones.mininter.gob.pe
Sale of credentials for AdsPower anti-detect browser platform
Category: Combo List
Content: A forum user shared a small credential file containing 2 email and password combos for app-global.adspower.net, an anti-detect browser platform. The content type is listed as URL/Email/Password combo. The file was made available for download to registered forum members.
Date: 2026-05-06T12:24:16Z
Network: openweb
Published URL: https://xforums.st/threads/app-global-adspower-net-login-2-lines-by-x-forums.612414/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged credential logs for app.anatolyfit.com
Category: Logs
Content: A threat actor shared a small stealer log file containing 3 URL/email/password credential entries associated with app.anatolyfit.com. The credentials include login and account creation endpoints for the platform. The file was made available for download on the forum.
Date: 2026-05-06T12:16:20Z
Network: openweb
Published URL: https://xforums.st/threads/app-anatolyfit-com-logs-3-lines-by-x-forums.612415/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Health & Fitness
Victim Organization: Anatolyfit
Victim Site: app.anatolyfit.com
Alleged credential logs targeting ants.gouv.fr (French National Secure Documents Agency)
Category: Logs
Content: A threat actor has shared a log file containing 59,913 lines of URL/email/password combinations associated with ants.gouv.fr, the French government portal for secure identity documents. The file, approximately 3.37 MB, was uploaded to a forum and distributed for free to registered members. Sample data includes credentials tied to account registration and login endpoints on the platform.
Date: 2026-05-06T12:07:06Z
Network: openweb
Published URL: https://xforums.st/threads/ants-gouv-fr-results-logs-by-x-forums.612416/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: France
Victim Industry: Government
Victim Organization: Agence Nationale des Titres Sécurisés
Victim Site: ants.gouv.fr
Alleged credential logs from app.any.run submissions
Category: Logs
Content: A forum post distributes a file claimed to contain URL/email/password combo data sourced from app.any.run submissions. The file contains 1 line and is made available to registered forum members via download links.
Date: 2026-05-06T11:58:45Z
Network: openweb
Published URL: https://xforums.st/threads/app-any-run-submissions-logs-1-lines-by-x-forums.612417/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: ANY.RUN
Victim Site: app.any.run
Alleged leak of stealer logs for app.connextrue.date
Category: Logs
Content: A forum bot shared a stealer log file associated with app.connextrue.date, containing 1 line of URL/email/password combo data. The file was made available for download to registered forum members.
Date: 2026-05-06T11:49:46Z
Network: openweb
Published URL: https://xforums.st/threads/app-connextrue-date-logs-1-lines-by-x-forums.612418/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: app.connextrue.date
Alleged credential leak for app.chatpro.com.br
Category: Logs
Content: A threat actor has shared a file containing 14 lines of URL/email/password combos for app.chatpro.com.br. The credentials appear to be sign-in logs likely harvested via an infostealer. The data was made available for free download on the forum.
Date: 2026-05-06T11:41:56Z
Network: openweb
Published URL: https://xforums.st/threads/app-chatpro-com-br-signin-logs-14-lines-by-x-forums.612419/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Brazil
Victim Industry: Technology
Victim Organization: ChatPro
Victim Site: app.chatpro.com.br
Alleged logs from app.discursivas.com shared on hacking forum
Category: Logs
Content: A threat actor distributed a stealer log file containing URL, email, and password data associated with app.discursivas.com. The leak consists of a single credential line and was made available for download on the forum.
Date: 2026-05-06T11:31:58Z
Network: openweb
Published URL: https://xforums.st/threads/app-discursivas-com-logs-1-lines-by-x-forums.612420/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Discursivas
Victim Site: app.discursivas.com
Sale of stealer logs targeting app.emergent.sh
Category: Logs
Content: A threat actor distributed 82 lines of stealer logs containing URL, email, and password combinations associated with app.emergent.sh. The logs were shared on a forum and are available to registered members via download link.
Date: 2026-05-06T11:25:33Z
Network: openweb
Published URL: https://xforums.st/threads/app-emergent-sh-landing-logs-82-lines-by-x-forums.612421/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Emergent
Victim Site: app.emergent.sh
Sale of credential combo list targeting Finclass platform
Category: Combo List
Content: A threat actor has shared a combo list of 100 URL:email:password credentials targeting the Finclass platform (app.finclass.com). The file contains login credentials in plaintext format, with samples showing Gmail and Hotmail addresses paired with passwords. The list is available to registered forum members.
Date: 2026-05-06T11:16:44Z
Network: openweb
Published URL: https://xforums.st/threads/app-finclass-com-login-100-lines-by-x-forums.612422/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged credential logs targeting app.getweave.com
Category: Logs
Content: A threat actor shared a log file containing 66 lines of URL/email/password credentials associated with app.getweave.com admin login endpoints. The data appears to be stealer log output and includes plaintext passwords tied to various email addresses. The file was made available for download on the forum.
Date: 2026-05-06T11:09:53Z
Network: openweb
Published URL: https://xforums.st/threads/app-getweave-com-results-logs-by-x-forums.612423/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Weave Communications
Victim Site: app.getweave.com
Alleged credential logs targeting app.kobalt-assurances.fr
Category: Logs
Content: A single URL/email/password combo tied to app.kobalt-assurances.fr was shared on XF forums. The file, approximately 76 bytes in size, was uploaded on 2026-05-06 and is available for download to registered members.
Date: 2026-05-06T11:03:35Z
Network: openweb
Published URL: https://xforums.st/threads/app-kobalt-assurances-fr-results-logs-by-x-forums.612424/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: France
Victim Industry: Finance
Victim Organization: Kobalt Assurances
Victim Site: app.kobalt-assurances.fr
Sale of credential logs for app.leadfeeder.com
Category: Logs
Content: A threat actor shared a small set of stealer logs containing URL/email/password combos for app.leadfeeder.com, comprising 4 lines. The credentials appear to have been harvested via an infostealer and are being distributed on the forum.
Date: 2026-05-06T11:02:25Z
Network: openweb
Published URL: https://xforums.st/threads/app-leadfeeder-com-f-sign-in-logs-4-lines-by-x-forums.612425/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is offering a combo list of approximately 8,000 claimed high-quality Hotmail credential hits on a cybercrime forum. The content is hidden behind a registration or login requirement. The listed service is a credential-stuffing target, not the breach source.
Date: 2026-05-06T11:01:39Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85-8k-hq-hotmail-hit-%E2%9C%85-299334
Screenshots:
None
Threat Actors: RetroCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
USA mail access combo list (1.1K)
Category: Combo List
Content: A threat actor shared a combo list of approximately 1,100 US-based email account credentials on a public forum. The list is described as a mixed mail access combo and is gated behind registration or login. No specific breached organization is identified.
Date: 2026-05-06T11:00:58Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%8D%A71-1k-usa-mail-access-mix%F0%9F%8D%A7%E2%9C%A8-05-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of mixed European mail access credentials
Category: Combo List
Content: A threat actor operating under the alias TraxGod is distributing a combo list of approximately 2,300 mail access credentials sourced from Italy, Germany, France, and Poland. The list is described as private and is being shared on a combolist forum behind a registration or login gate. No specific breached organization is identified.
Date: 2026-05-06T11:00:40Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%8D%A72-3k-it-de-fr-pl-mail-access-mix%F0%9F%8D%A7%E2%9C%A8-05-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Graphic design services offered on forum
Category: Services
Content: A forum member is offering graphic design services including animated and static threads, logos, banners, and signatures at listed prices. Services are advertised starting at $35 for static designs and up to $70 for animated threads. Contact is provided via Telegram and Discord.
Date: 2026-05-06T11:00:30Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9A%A1graphic-design-%E2%AD%90thread-logo-banner-signature%E2%AD%90-%E2%AD%90animated-static%E2%AD%90-cheapest%E2%9A%A1
Screenshots:
None
Threat Actors: HMC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of SMTP credentials combo list
Category: Combo List
Content: A threat actor is offering 991 SMTP credentials marketed as valid and high quality. The content is gated behind registration or login on the forum. The post is dated 06.05.2026.
Date: 2026-05-06T11:00:14Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-991-smtp-acrtixx1-update-06-05
Screenshots:
None
Threat Actors: Flexedz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of AVM Stealer 2026 infostealer malware
Category: Malware
Content: A threat actor is distributing AVM Stealer 2026, an infostealer malware capable of extracting browser credentials, cookies, cryptocurrency wallet data, and session tokens from infected systems. The malware reportedly includes anti-detection, anti-VM, and anti-sandbox capabilities. The post offers a download link gated behind forum registration or login.
Date: 2026-05-06T10:58:30Z
Network: openweb
Published URL: https://leakforum.io/Thread-Cracked-AVM-Stealer-2026
Screenshots:
None
Threat Actors: TechNow043
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list
Category: Combo List
Content: A forum user is distributing a Hotmail combo list described as private and fresh, checked by the poster. The content is hidden behind a like-to-unlock gate, and no record count or additional details are provided.
Date: 2026-05-06T10:58:23Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1HOTMAIL%E2%9A%A1%E2%9A%A1PRIVATE%E2%9A%A1%E2%9A%A1FRESH%E2%9A%A1%E2%9A%A1CHEKED-BY-klyne05-%E2%9A%A1
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 3,645 Mixed Email Credentials
Category: Combo List
Content: A threat actor shared a combo list of 3,645 mixed email and password pairs on a cybercrime forum. The content is gated behind forum registration or login. No specific targeted service or origin breach was identified.
Date: 2026-05-06T10:57:57Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3645x-MIX-MAIL
Screenshots:
None
Threat Actors: NotSellerXd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed unique combo list with 218,000 credentials
Category: Logs
Content: A threat actor is sharing a mixed unique combo list containing approximately 218,000 credential pairs. The post was published on a forum dedicated to mail access and combo lists. No specific targeted organization or service is identified.
Date: 2026-05-06T10:56:14Z
Network: openweb
Published URL: https://xforums.st/threads/mix-unique-combo_2_218000.612282/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of idmgpu.cn by DimasHxR
Category: Defacement
Content: On May 6, 2026, a threat actor identified as DimasHxR defaced a page on the Chinese domain idmgpu.cn, targeting the file /b.html. The attack was carried out as a single targeted defacement with no team affiliation reported. Technical details regarding the server infrastructure and attack vector remain unknown.
Date: 2026-05-06T10:49:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917671
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: idmgpu.cn
Alleged data breach of Albrok (Spanish insurance company)
Category: Data Breach
Content: A threat actor is selling an alleged database obtained from Albrok, a Spanish insurance company. The database reportedly includes customer data (full name, phone, email, IBAN, ID number, role, company) and employee data (ID, name, phone, email, company ID). The actor claims the database will be sold only once and requires use of a middleman for the transaction.
Date: 2026-05-06T10:48:30Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-ALBROK-DATABASE-SPANISH-LEADS
Screenshots:
None
Threat Actors: Theblueanonymouse
Victim Country: Spain
Victim Industry: Insurance
Victim Organization: Albrok
Victim Site: Unknown
Website Defacement of trivoxpvl.com by DimasHxR
Category: Defacement
Content: On May 6, 2026, a threat actor operating under the alias DimasHxR defaced the website trivoxpvl.com, targeting the readme.txt file. The attacker acted independently without affiliation to a known hacking group. No specific motive, server details, or proof of concept were disclosed in connection with this incident.
Date: 2026-05-06T10:43:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917668
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: trivoxpvl.com
Alleged sale of China citizens database with phone numbers and full names
Category: Data Breach
Content: A threat actor is offering for sale an alleged database of 851 million Chinese citizens containing phone numbers and full names. The dataset is approximately 4 GB compressed and is offered at a negotiable price. Samples are claimed to have been included in the post.
Date: 2026-05-06T10:40:55Z
Network: openweb
Published URL: https://breached.st/threads/china-851m-citizens-database-phone-full-name.86846/unread
Screenshots:
None
Threat Actors: FuckerSpy
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of dmarotti-host.com by DimasHxR
Category: Defacement
Content: On May 6, 2026, a threat actor identified as DimasHxR defaced the webpage at dmarotti-host.com/b.html. The incident was a targeted, single-page defacement rather than a mass or home page compromise. No specific motive or technical details regarding the attack vector were disclosed.
Date: 2026-05-06T10:37:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917667
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Web Hosting
Victim Organization: Dmarotti Host
Victim Site: dmarotti-host.com
Website Defacement of auproject.in by DimasHxR
Category: Defacement
Content: On May 6, 2026, a threat actor identified as DimasHxR defaced the website auproject.in by modifying a readme.txt file. The attack appears to be an isolated, non-mass defacement with no stated motive or team affiliation. The targeted domain is registered under Indias .in TLD, suggesting an India-based organization.
Date: 2026-05-06T10:34:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917661
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: India
Victim Industry: Unknown
Victim Organization: AU Project
Victim Site: auproject.in
Alleged sale of mail access and credential combo lists by Dataxlogs
Category: Combo List
Content: Threat actor operating under handle Dataxlogs is offering mail access credentials and combo lists (credential:password combinations) for multiple countries including France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, and Japan. Also offering associated configs, scripts, tools, and hits. Contact via Telegram @Dataxlogs for requests.
Date: 2026-05-06T10:31:05Z
Network: telegram
Published URL: https://t.me/c/2613583520/76624
Screenshots:
None
Threat Actors: Dataxlogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Zone-Mobile by DimasHxR
Category: Defacement
Content: On May 6, 2026, a threat actor identified as DimasHxR defaced a subpage (b.html) of zone-mobile.com, a website associated with mobile services. The attacker operated independently without affiliation to a known hacking group. The incident was a targeted single-page defacement, with the mirror archived at zone-xsec.com.
Date: 2026-05-06T10:28:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917655
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Telecommunications/Mobile Services
Victim Organization: Zone Mobile
Victim Site: zone-mobile.com
Combo List targeting Hotmail accounts
Category: Combo List
Content: A threat actor is sharing a combo list of 4,368 Hotmail credentials, marketed as UHQ (ultra-high quality) and private. The content is hidden behind a registration/login wall on the forum.
Date: 2026-05-06T10:28:31Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-4368-hotmail-access-acrtixx1-update-06-05
Screenshots:
None
Threat Actors: Flexedz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 677 valid mixed email access credentials
Category: Combo List
Content: A forum member is offering 677 allegedly valid mixed email account credentials. The content is hidden behind a registration or login wall. No further details about the email providers or data origin are available from the post.
Date: 2026-05-06T10:28:13Z
Network: openweb
Published URL: https://patched.to/Thread-677-full-valid-mix-mail-access
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Alleged Hotmail Credential List (1,408 Records)
Category: Combo List
Content: A threat actor is distributing a combo list claimed to contain 1,408 valid Hotmail mail access credentials. The content is hidden behind a registration/login wall on the forum. These credentials are marketed as fully valid for mail access.
Date: 2026-05-06T10:27:53Z
Network: openweb
Published URL: https://patched.to/Thread-1408-full-valid-hotmail-mail-access
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Hotmail credential list with 2,743 alleged valid entries
Category: Combo List
Content: A threat actor is distributing a combo list of 2,743 allegedly valid Hotmail email credentials. The content is hidden behind a registration or login requirement on the forum. The named service (Hotmail) is a credential-stuffing target, not the breach victim.
Date: 2026-05-06T10:27:32Z
Network: openweb
Published URL: https://patched.to/Thread-2743-full-valid-hotmail-mail-access
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 716 Valid Hotmail Credentials Shared
Category: Combo List
Content: A threat actor is sharing 716 alleged valid Hotmail email account credentials. The content is hidden behind a registration or login requirement on the forum. The credentials are marketed as fully valid mail access.
Date: 2026-05-06T10:27:00Z
Network: openweb
Published URL: https://patched.to/Thread-716-full-valid-hotmail-mail-access
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Hanine Distribution by DimasHxR
Category: Defacement
Content: On May 6, 2026, the threat actor DimasHxR defaced a page on haninedistribution.com, targeting a subdirectory of the WordPress content folder. The attack was a single, non-mass defacement with no stated motivation or team affiliation. Technical details such as server software and IP address were not disclosed.
Date: 2026-05-06T10:26:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917658
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Distribution / Wholesale Trade
Victim Organization: Hanine Distribution
Victim Site: haninedistribution.com
Combo List: Mixed Email Access Credentials
Category: Combo List
Content: A threat actor is distributing a combo list containing 6,267 alleged valid mixed email access credentials. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-06T10:26:40Z
Network: openweb
Published URL: https://patched.to/Thread-6267-full-valid-mix-mail-access
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Digital goods resale service offering crypto checkout and instant delivery
Category: Services
Content: A forum user is advertising a digital goods selling service called MacanSell, offering crypto checkout and instant delivery with a 4.9% flat fee. The post notes vouch copies are available for reputation building.
Date: 2026-05-06T10:26:26Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%90-sell-anything-digital-%E2%80%94-macansell-%E2%9A%A1-crypto-checkout-%E2%9A%A1-instant-delivery-%E2%9A%A1-4-9-flat
Screenshots:
None
Threat Actors: devMacan
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Alleged valid Hotmail credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 511 allegedly valid Hotmail mail access credentials. The content is gated behind registration or login on the forum. These credentials appear to be marketed as fully valid for mail access.
Date: 2026-05-06T10:26:20Z
Network: openweb
Published URL: https://patched.to/Thread-511-full-valid-hotmail-mail-access
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Alleged valid Hotmail credentials (973 accounts)
Category: Combo List
Content: A forum user is sharing 973 alleged fully valid Hotmail email access credentials. The content is hidden behind a registration or login wall. These credentials appear to be marketed as tested and active accounts.
Date: 2026-05-06T10:26:00Z
Network: openweb
Published URL: https://patched.to/Thread-973-full-valid-hotmail-mail-access
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of KGI Securities Hong Kong (kgi.com.hk)
Category: Data Breach
Content: A threat actor is selling an alleged database dump from kgi.com.hk, a Hong Kong stock investment platform, containing over 5 million unique rows. The dataset purportedly includes email addresses, phone numbers, stock names, trade volumes, trade amounts, and related financial data. The seller is accepting negotiated offers and claims to have sample data available.
Date: 2026-05-06T10:21:31Z
Network: openweb
Published URL: https://breachforums.rs/Thread-randall
Screenshots:
None
Threat Actors: FuckSpy
Victim Country: Hong Kong
Victim Industry: Finance
Victim Organization: KGI Securities
Victim Site: kgi.com.hk
Website Defacement of Pearls of Persia by DimasHxR
Category: Defacement
Content: On May 6, 2026, a threat actor identified as DimasHxR defaced a subpage (b.html) of pearlsofpersia.com, a website associated with a Persian jewelry or goods retailer. The incident was a targeted single-page defacement with no affiliation to a known hacking team. No specific motive or server details were disclosed.
Date: 2026-05-06T10:20:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917654
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / E-commerce
Victim Organization: Pearls of Persia
Victim Site: pearlsofpersia.com
Website Defacement of AK Films by DimasHxR
Category: Defacement
Content: On May 6, 2026, a threat actor identified as DimasHxR defaced the website akfilms.in, targeting the readme.html page. The attacker operated without a team affiliation, and the defacement was a single, non-mass incident. No specific motivation or server details were disclosed in connection with the attack.
Date: 2026-05-06T10:18:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917653
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: India
Victim Industry: Entertainment / Media
Victim Organization: AK Films
Victim Site: akfilms.in
Website Defacement of bmwvpsacct.com by DimasHxR
Category: Defacement
Content: On May 6, 2026, a threat actor known as DimasHxR defaced the website bmwvpsacct.com, targeting a domain associated with BMW-branded VPS account services. The defacement was a targeted single-page attack affecting a specific URL path rather than the sites homepage. No team affiliation, specific motive, or server details were disclosed in connection with this incident.
Date: 2026-05-06T10:12:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917652
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Automotive/Financial Services
Victim Organization: BMW VPS Account Services
Victim Site: bmwvpsacct.com
Website Defacement of Madeleine Wilson by Threat Actor DimasHxR
Category: Defacement
Content: Threat actor DimasHxR defaced the WordPress-based personal website madeleinewilson.com on May 6, 2026, targeting the wp-admin directory path. The attack was an individual defacement, not part of a mass campaign, and was conducted without a stated team affiliation or disclosed motive.
Date: 2026-05-06T10:10:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917651
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Personal/Individual
Victim Organization: Madeleine Wilson
Victim Site: madeleinewilson.com
Sale of 20K mixed mail access combo list
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 20,000 mixed mail access credentials. The content is hidden behind registration or login, limiting visibility into the specific services or countries targeted.
Date: 2026-05-06T09:59:32Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%9020k-mixed-mail-access-%E2%AD%90
Screenshots:
None
Threat Actors: agha24
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 6,092 Mixed Mail Credentials
Category: Combo List
Content: A combo list containing 6,092 mixed email credentials has been shared on a forum. The content is hidden behind registration or login, suggesting it is a free release to registered members.
Date: 2026-05-06T09:59:14Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85%E2%9A%A16092x-mixmail%E2%9A%A1%E2%9C%85
Screenshots:
None
Threat Actors: NovaCloudx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is offering 800 Hotmail credential hits marketed as fresh and verified. The content is behind a registration/login gate on the forum. The post advertises regular updates and high accuracy, suggesting an active credential stuffing operation.
Date: 2026-05-06T09:58:54Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-800-x-hotmail-access-valid-hit-fresh-%F0%9F%94%A5
Screenshots:
None
Threat Actors: NullShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of MyCloud database
Category: Data Leak
Content: A threat actor has leaked an alleged 241GB database attributed to MyCloud on a cybercrime forum. The post includes download links for the data. No further details about the data contents or record count were provided.
Date: 2026-05-06T09:46:15Z
Network: openweb
Published URL: https://breached.st/threads/database-mycloud-241gb.86844/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: MyCloud
Victim Site: mycloud.com
Hotmail credential combo list with 2,227 hits offered on forum
Category: Combo List
Content: A threat actor is offering a combo list of 2,227 Hotmail credential hits on a public forum. The content is hidden behind a registration or login requirement. No additional details about the source or data composition are available.
Date: 2026-05-06T09:33:57Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%AD%902227x-hotmail-premium-hits%E2%AD%90
Screenshots:
None
Threat Actors: Psyho70244
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged MyCloud database breach – 241GB
Category: Data Breach
Content: A 241GB database breach related to MyCloud is being discussed on Breachforums. User xyph0rix has posted details about the breach in a dedicated thread on the platform.
Date: 2026-05-06T09:30:09Z
Network: telegram
Published URL: https://t.me/Xyph0rix/305
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: MyCloud
Victim Site: Unknown
Sale of alleged Vietnam gambling database (2026)
Category: Data Breach
Content: A threat actor is offering for sale an alleged Vietnamese gambling database dated 2026. The post includes a sample image link and directs interested buyers to a Telegram contact. No organization name, record count, or specific data fields are disclosed in the post.
Date: 2026-05-06T09:29:03Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Vietnam-Gambling-Database-2026
Screenshots:
None
Threat Actors: xakoji3864
Victim Country: Vietnam
Victim Industry: Gambling
Victim Organization: Unknown
Victim Site: Unknown
Sale of kingbet.co.tz Turkey Betting Database
Category: Data Breach
Content: A threat actor is offering for sale a database allegedly belonging to KingBet, a Turkey-based online betting platform. The dataset includes extensive personal and financial fields such as full name, login credentials, email, phone, IBAN, balance, password, IP address, document numbers, and loyalty program data. The seller is directing interested parties to a Telegram account for further details.
Date: 2026-05-06T09:27:24Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-kingbet-co-tz-Turkey-Betting-Database
Screenshots:
None
Threat Actors: ritok33000
Victim Country: Turkey
Victim Industry: Gambling
Victim Organization: KingBet
Victim Site: kingbet.co.tz
Sale of iCloud.com email credentials
Category: Combo List
Content: A forum user is allegedly selling iCloud.com email data. No further details are available as the post contains no content. The named service is a credential-stuffing target, not necessarily the breached organization.
Date: 2026-05-06T09:25:47Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-icloud-com-Email-Data
Screenshots:
None
Threat Actors: saref43135
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged database from elexbet.com Turkish betting platform
Category: Data Breach
Content: A threat actor is offering for sale an alleged database from elexbet.com, a Turkish online betting platform. The post includes a sample image and directs interested buyers to a Telegram contact for further details. No record count or specific data fields were disclosed in the post.
Date: 2026-05-06T09:24:24Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-elexbet-com-Turkey-Betting-Database
Screenshots:
None
Threat Actors: bahisow611
Victim Country: Turkey
Victim Industry: Gambling
Victim Organization: Elexbet
Victim Site: elexbet.com
Sale of alleged database from bahigo.com Turkey betting platform
Category: Data Breach
Content: A threat actor is offering for sale a database allegedly belonging to bahigo.com, a Turkey-based online betting platform. The post includes a sample image link and directs interested buyers to a Telegram contact for further details. Record count and specific data fields were not disclosed in the post.
Date: 2026-05-06T09:23:59Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-bahigo-com-Turkey-Betting-Data
Screenshots:
None
Threat Actors: yenos68928
Victim Country: Turkey
Victim Industry: Gambling
Victim Organization: Bahigo
Victim Site: bahigo.com
Alleged data leak of CAF (Caisse dAllocations Familiales) database
Category: Data Leak
Content: A threat actor has freely shared an alleged database dump from CAF (Caisse dAllocations Familiales), the French family benefits agency, containing approximately 22 million records. The leaked data includes full names, dates of birth, gender, email addresses, phone numbers, postal addresses, and beneficiary identifiers. Sample records in the post show structured JSON entries with personally identifiable information tied to CAF allocataires and their dependents.
Date: 2026-05-06T09:13:26Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-caf-fr
Screenshots:
None
Threat Actors: eztocard
Victim Country: France
Victim Industry: Government
Victim Organization: CAF (Caisse dAllocations Familiales)
Victim Site: caf.fr
Alleged sale of shell access to .my domain
Category: Initial Access
Content: Threat actor offering shell access (bekas/used) to a Malaysian domain (Com.my/) with active terminal and GSC panel access. Posted in forwarded message from DeepCore Network channel.
Date: 2026-05-06T09:07:14Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/94
Screenshots:
None
Threat Actors: DeepCore Network
Victim Country: Malaysia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Com.my
Alleged Unauthorized Access to Italian Water Treatment Facility (Bagnoregio) – Critical Infrastructure Threat
Category: Cyber Attack
Content: Threat actor claiming full unrestricted access to Siemens KTP1200 Basic controller managing water treatment/boosting station in Bagnoregio, Viterbo province, Italy (operated by Talete S.p.A.). Claims control over motor valves, pump groups, quartz filters, reverse osmosis systems, and all operational parameters. States capability to disrupt water treatment processes, bypass purification stages, or physically damage equipment. Threat actor indicates intent for restrained demonstration of capabilities while minimizing harm to civilians. References #OpItaly campaign.
Date: 2026-05-06T09:03:28Z
Network: telegram
Published URL: https://t.me/c/3584758467/885
Screenshots:
None
Threat Actors: The Z-Pentest Alliance
Victim Country: Italy
Victim Industry: Water/Utilities – Critical Infrastructure
Victim Organization: Talete S.p.A.
Victim Site: Unknown
Combo list of 1,103 Hotmail credential hits
Category: Combo List
Content: A threat actor is distributing a combo list of 1,103 claimed valid Hotmail credentials, marketed as premium hits with mixed mail types. The post includes a download link and a Telegram contact for the author.
Date: 2026-05-06T08:55:21Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1103x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: xdalphaa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Mixed credentials shared on forum
Category: Logs
Content: A mixed combo list containing approximately 218,000 credential pairs was shared on a cybercrime forum. The post was made in a mail access and combolist section, suggesting the credentials may be used for credential stuffing or account takeover. No additional details were provided in the post content.
Date: 2026-05-06T08:52:53Z
Network: openweb
Published URL: https://xforums.st/threads/mix-unique-combo_1_218000.612281/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of seahorse.co.uk files
Category: Data Leak
Content: A file allegedly containing data from seahorse.co.uk has been shared via MediaFire download link in XLSX format. The post references KARAWANG ERROR SYSTEM suggesting a system compromise or data extraction incident.
Date: 2026-05-06T08:44:59Z
Network: telegram
Published URL: https://t.me/KAR4WANG_ERROR_SYSTEM/403
Screenshots:
None
Threat Actors: KARAWANG ERROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: seahorse.co.uk
Victim Site: seahorse.co.uk
Mass Website Defacement of takestwototango.id by MR~TNT (QATAR911)
Category: Defacement
Content: On May 6, 2026, the Indonesian website takestwototango.id was defaced by threat actor MR~TNT operating under the hacktivist group QATAR911. The incident was classified as a mass defacement campaign targeting a Linux-based web server. The attack was confirmed via a mirror archived at haxor.id.
Date: 2026-05-06T08:34:34Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248881
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Takes Two To Tango
Victim Site: takestwototango.id
Combo List: 15K Germany Mail Access
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 15,000 German email account credentials. The content is hidden behind a registration/login wall on the forum.
Date: 2026-05-06T08:31:41Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%9015k-germany-mail-access-%E2%AD%90
Screenshots:
None
Threat Actors: agha24
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of UAE real estate sector personal information
Category: Data Breach
Content: A threat actor is offering for sale a dataset allegedly containing 986,506 records from UAE real estate entities. The exposed fields include names, login credentials, password hashes, phone numbers, email addresses, WhatsApp numbers, IP addresses, and physical addresses. The actor is advertising the full dataset via Telegram.
Date: 2026-05-06T08:30:13Z
Network: openweb
Published URL: https://demonforums.net/Thread-fire-986-506-Records-of-UAE-Real-Estates-Personal-Information-and-Passworrds
Screenshots:
None
Threat Actors: attackercompany
Victim Country: United Arab Emirates
Victim Industry: Real Estate
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 3,200 Hotmail credentials shared on forum
Category: Combo List
Content: A forum user shared a list of 3,200 reportedly valid Hotmail account credentials, gated behind a reply requirement. The credentials are marketed as fully valid and dated 06.05.
Date: 2026-05-06T08:27:10Z
Network: openweb
Published URL: https://altenens.is/threads/3-2k-full-valid-hotmail-mail-access-06-05.2935393/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged discovery of 0-day vulnerability in Grafana via LLM-based multi-agent workflow
Category: Vulnerability
Content: A researcher describes using a multi-agent LLM workflow to discover 0-day vulnerabilities in open-source projects including Grafana, Nextcloud, and Matomo. A specific vulnerability is referenced as CVE-2026-21721 in Grafana. The post details the architecture and methodology used to automate vulnerability discovery in large codebases.
Date: 2026-05-06T08:23:32Z
Network: openweb
Published URL: https://tier1.life/thread/208
Screenshots:
None
Threat Actors: RedQueen
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Grafana Labs
Victim Site: grafana.com
Alleged data leak of various sensitive documents and databases
Category: Data Leak
Content: A forum post claims to share data related to numerous sensitive topics including political, criminal, and conspiracy-related subjects spanning multiple countries. The post references entities such as BreachForums accounts, Japanese political organizations, and international events. The nature and authenticity of the claimed data cannot be verified from the post content alone.
Date: 2026-05-06T08:13:25Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Top-Secret
Screenshots:
None
Threat Actors: 2ALlPuM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list distribution — URL:Log:Pass format, 8+ million lines (Part 319)
Category: Combo List
Content: A threat actor is freely distributing a URL:Log:Pass combo list containing over 8 million lines, labeled as Part 319 of an ongoing series. The content is gated behind forum registration or login. No specific victim organization or targeted service is identified.
Date: 2026-05-06T08:04:03Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-319
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 0.3K credentials
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 300 Hotmail credentials marketed as high quality mail access. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-06T08:03:44Z
Network: openweb
Published URL: https://patched.to/Thread-0-3k-hq-hotmail-mail-access-combolist-299277
Screenshots:
None
Threat Actors: liamgoat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail
Category: Combo List
Content: A threat actor is distributing a combo list of 1,729 Hotmail credentials on a clearnet forum. The content is gated behind registration or login. These credentials are likely intended for credential stuffing against Hotmail accounts.
Date: 2026-05-06T07:38:16Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%EF%B8%8F-1729x-hotmail-drop-%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: RyuuMaster
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 1.8K USA Mail Access Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1,800 US-based email account credentials. The post is hosted on a combolist forum and gates the content behind registration or login. The data is described as private and dated April 5.
Date: 2026-05-06T07:37:43Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%8D%80%E2%9C%A81-8k-usa-mail-access-mix%E2%9C%A8%F0%9F%8D%80-04-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 30,000 Fresh Mail Access Credentials
Category: Combo List
Content: A forum user shared a combo list of 30,000 mail access credentials, marketed as fresh. The content is hidden behind a registration or login requirement.
Date: 2026-05-06T07:37:25Z
Network: openweb
Published URL: https://patched.to/Thread-30k-fresh-mail-access
Screenshots:
None
Threat Actors: JOYK
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: UHQ Hotmail Credentials (400 entries)
Category: Combo List
Content: A threat actor is sharing a combo list of 400 Hotmail credentials marketed as UHQ (ultra-high quality). The content is hidden behind a login/registration wall on the forum.
Date: 2026-05-06T07:36:54Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%E2%9A%A1-x400-uhq-hotmail-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: magiccloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of TomodachiShare.com
Category: Data Leak
Content: A threat actor is freely sharing a dataset allegedly sourced from TomodachiShare.com, containing approximately 145,000 records including email addresses, nicknames, descriptions, and account photos. The data is available behind a registration/login gate on the forum.
Date: 2026-05-06T07:25:57Z
Network: openweb
Published URL: https://breachforums.rs/Thread-145K-emails-from-TomodachiShare-com
Screenshots:
None
Threat Actors: TheAnonymousShipper
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: TomodachiShare
Victim Site: tomodachishare.com
Alleged data leak of Chinese construction and real estate project files by SnowSoul
Category: Data Leak
Content: The threat actor group SnowSoul claims to have leaked internal project files after a ransom demand of $2,000 USD was refused. The leaked data includes construction BIM files, engineering drawings, hospital renovation documents, financial spreadsheets, and project contracts related to multiple Chinese construction and real estate projects. Files are made available for free download via qu.ax file hosting.
Date: 2026-05-06T07:22:52Z
Network: openweb
Published URL: https://breached.st/threads/chinese-data-zhong-guo-shu-ju-snowsoul-id-1241.86840/unread
Screenshots:
None
Threat Actors: 元帅*
Victim Country: China
Victim Industry: Construction
Victim Organization: Unknown
Victim Site: Unknown
Free South Korea email combo list (Batch 24/100)
Category: Combo List
Content: A threat actor has shared a free South Korean email list as part of a series (batch 24 of 100) on a cybercrime forum. The content is gated behind registration or login. No record count or specific data fields are disclosed in the post.
Date: 2026-05-06T07:10:49Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-free-premium-south-korea-email-list-batch-24-100-299271
Screenshots:
None
Threat Actors: emaildbpro
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: UHQ Hotmail Credentials (2,207 entries)
Category: Combo List
Content: A threat actor is sharing a combo list of 2,207 purportedly valid Hotmail credentials on a public leak forum. The post advertises the list as UHQ (ultra-high quality) and valid, with content gated behind registration. Contact is directed to a Telegram handle.
Date: 2026-05-06T07:09:49Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-X2207-Valid-UHQ-Hotmail-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of compromised account databases across multiple countries
Category: Combo List
Content: Threat actor offering fresh database access for multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT) with inbox access. Specifically targeting accounts from platforms including eBay, OfferUp, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Amazon, Mercari, Kleinanzeigen, and Neosurf. Seller claims to own private cloud infrastructure and valid webmail access. Soliciting direct messages for specific requests.
Date: 2026-05-06T06:49:14Z
Network: telegram
Published URL: https://t.me/c/2613583520/76527
Screenshots:
None
Threat Actors: Num
Victim Country: Unknown
Victim Industry: E-commerce, Gaming, Travel, Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Non-threat content: Adult video file share posted on forum
Category: Alert
Content: A forum post on a miscellaneous leaks board contains a link to an adult video file and does not represent any identifiable cyber threat activity. No credentials, personal data, or compromised systems are referenced. This post does not constitute actionable threat intelligence.
Date: 2026-05-06T06:43:29Z
Network: openweb
Published URL: https://nulledbb.com/thread-Jessa-Rhodes-Alexis-Texas-Ash-Hollywood-etc-Addicted-to-Sexting-2015-1080p-WEB
Screenshots:
None
Threat Actors: gerrick54
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 49,000 Hotmail credentials on a leak forum. The content is hidden behind a registration or login requirement. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-06T06:42:57Z
Network: openweb
Published URL: https://leakforum.io/Thread-Hotmail-Unique-Combo-3-49000
Screenshots:
None
Threat Actors: UniqueComb
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list shared for free
Category: Combo List
Content: A threat actor distributed a Hotmail combo list described as full cap on a cybercrime forum. The list was made available as a free download with no further details provided regarding record count or origin.
Date: 2026-05-06T06:39:59Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%AD%90%EF%B8%8F%E2%AD%90%EF%B8%8F%E2%AD%90%EF%B8%8F-HOTMAIL-FULL-CAP-%E2%AD%90%EF%B8%8F%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: DexterCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Non-VBV Debit and Credit Cards
Category: Carding
Content: A threat actor is offering non-VBV (Verified by Visa) debit and credit cards for sale, marketed for use in online shopping, payments, and linking to services such as CashApp, PayPal, and Apple Pay. Cards are advertised with specific BINs and claimed to be available for multiple countries.
Date: 2026-05-06T06:36:26Z
Network: openweb
Published URL: https://altenens.is/threads/selling.2935348/unread
Screenshots:
None
Threat Actors: Rebellion
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of non-VBV debit and credit cards across multiple countries
Category: Carding
Content: A threat actor is selling non-VBV (Verified by Visa) debit and credit cards advertised as usable for online orders, shopping, and linkable to services such as CashApp, PayPal, and Apple Pay. Cards are offered for multiple countries and include specific BIN details. Interested buyers are directed to contact the seller via Telegram handle @Walkerr92.
Date: 2026-05-06T06:32:02Z
Network: openweb
Published URL: https://altenens.is/threads/selling.2935346/unread
Screenshots:
None
Threat Actors: Rebellion
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of non-VBV debit and credit cards with BINs
Category: Carding
Content: A threat actor is selling non-VBV (Verified by Visa) debit and credit cards, advertised as usable for online shopping and linkable to payment platforms such as Cash App, PayPal, and Apple Pay. The offering includes specific BINs and claims availability for multiple countries. Contact is directed to a Telegram or messaging handle.
Date: 2026-05-06T06:29:38Z
Network: openweb
Published URL: https://altenens.is/threads/selling.2935344/unread
Screenshots:
None
Threat Actors: Rebellion
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Telegram Premium Upgrading Service Offered on Forum
Category: Services
Content: A forum user is offering a Telegram Premium upgrading service via gift activation at tiered pricing ($15.99 for 3 months, $25.99 for 6 months, $39.99 for 12 months). The service claims to provide standard Telegram Premium benefits including no ads, faster downloads, and increased upload limits. Contact is provided via Telegram and Discord.
Date: 2026-05-06T06:16:09Z
Network: openweb
Published URL: https://patched.to/Thread-gladiator-%E2%9C%A8-1-telegram-premium-upgrading-service-via-gift-on-patched-must-try-%E2%9C%A8-299263
Screenshots:
None
Threat Actors: MINDHUNTER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 2,100 USA corporate email credentials
Category: Combo List
Content: A threat actor known as TraxGod is distributing a combo list of approximately 2,100 US corporate email credentials, marketed as private data. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-06T06:16:04Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%8D%80%E2%9C%A82-1k-usa-corp-mail-access-mix%E2%9C%A8%F0%9F%8D%80-04-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 2.1K credentials
Category: Combo List
Content: A threat actor shared a combo list containing approximately 2,100 Hotmail email credentials. The content is hidden behind a registration or login wall. The post is dated 04.05 and is described as old data.
Date: 2026-05-06T06:15:42Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%8D%80%E2%9C%A82-1k-hotmail-mail-access%E2%9C%A8%F0%9F%8D%80-04-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Request for alleged social media databases for Iraq
Category: Data Breach
Content: A forum user is requesting databases allegedly containing data from Instagram, TikTok, and Snapchat users in Iraq. The post does not indicate the requester possesses any data; they are soliciting others who may have it via Telegram.
Date: 2026-05-06T06:13:20Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-instagram-tiktok-snapchat
Screenshots:
None
Threat Actors: ahmadapp2026
Victim Country: Iraq
Victim Industry: Technology
Victim Organization: Instagram, TikTok, Snapchat
Victim Site: instagram.com, tiktok.com, snapchat.com
Sale of stolen payment cards and carding guides including Non-VBV, Apple Pay, Google Pay, PayPal, and Cash App linkables
Category: Carding
Content: A threat actor operating via Telegram (@ALIVE_HUSTLE) is offering stolen payment cards including Non-VBV, eBay, Apple Pay, and Google Pay cards, as well as PayPal and Cash App linkable cards. The seller also advertises a CC and full swipe guide targeting newcomers. Refunds or replacements are offered for non-working cards.
Date: 2026-05-06T06:05:51Z
Network: openweb
Published URL: https://altenens.is/threads/o-non-vbv-auto-add-o-ebay-cc-o-apple-pay-cc-o-google-pay-cc-o-paypal-linkables-o-cash-app-linkables-o-cc-full-swipe-guide-telegram-alive_hustle.2935335/unread
Screenshots:
None
Threat Actors: 33Hustle
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Twitch.tv — streamer email and personal data scrape
Category: Data Breach
Content: A threat actor is offering for sale a dataset purportedly scraped from Twitch.tv in 2026, containing over 14,000 records. The data allegedly includes streamer usernames, profile URLs, email addresses, full names, and account timestamps. The seller is accepting Monero (XMR) only and provided a sample of records as proof.
Date: 2026-05-06T05:57:04Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-twitch-tv-2026-email-dump
Screenshots:
None
Threat Actors: Fortitude
Victim Country: Unknown
Victim Industry: Media and Entertainment
Victim Organization: Twitch
Victim Site: twitch.tv
Sale or distribution of valid cookies pack
Category: Logs
Content: A forum user has posted a pack of valid cookies, with the actual content hidden behind a registration or login requirement. No details about the source, target organizations, or record count are available from the post.
Date: 2026-05-06T05:47:38Z
Network: openweb
Published URL: https://patched.to/Thread-valid-cookies-pack
Screenshots:
None
Threat Actors: R0BIN1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Telegram account TData files
Category: Initial Access
Content: A threat actor is offering 12 valid Telegram TData session files, which allow account takeover without credentials. The content is hidden behind a registration/login wall on the forum.
Date: 2026-05-06T05:47:07Z
Network: openweb
Published URL: https://patched.to/Thread-12x-valid-tdata-tg-account
Screenshots:
None
Threat Actors: R0BIN1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 22 Discord tokens
Category: Combo List
Content: A forum user shared a collection of 22 Discord tokens. The content is hidden behind a registration/login gate. No further details about the origin or validity of the tokens are provided.
Date: 2026-05-06T05:46:34Z
Network: openweb
Published URL: https://patched.to/Thread-22x-discord-token
Screenshots:
None
Threat Actors: R0BIN1337
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: Unknown
Sale or distribution of 1,284 PC stealer logs
Category: Logs
Content: A forum user shared 1,284 PC stealer logs on a leak forum. The content is hidden behind a registration or login requirement, limiting further detail. No specific victim organization or country is identified.
Date: 2026-05-06T05:46:03Z
Network: openweb
Published URL: https://patched.to/Thread-standart-1284-pc-logs
Screenshots:
None
Threat Actors: R0BIN1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale or leak of PC stealer logs targeting Russia
Category: Logs
Content: A forum post references 1,928 PC stealer logs labeled as private Russia logs. The content is hidden behind a login/registration wall, limiting further details on the data included.
Date: 2026-05-06T05:45:32Z
Network: openweb
Published URL: https://patched.to/Thread-1928x-pc-logs-private-russia-34
Screenshots:
None
Threat Actors: R0BIN1337
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail Credentials (1,888 entries)
Category: Combo List
Content: A threat actor shared a combo list of 1,888 Hotmail credentials on a cybercrime forum. The content is gated behind registration or login. The post follows a typical forum engagement-bait pattern requiring interaction before access is granted.
Date: 2026-05-06T05:21:25Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85%E2%9A%A11888x-good-hotmail%E2%9A%A1%E2%9C%85
Screenshots:
None
Threat Actors: NovaCloudx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is sharing a combo list of 10,000 alleged high-quality Hotmail credential hits on a public forum. The content is gated behind registration or login. These credentials are likely intended for credential stuffing against Hotmail/Outlook accounts.
Date: 2026-05-06T05:20:54Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85-10k-hq-hotmail-hit-%E2%9C%85-299252
Screenshots:
None
Threat Actors: RetroCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Laboratorio Vargas including medical records and PII
Category: Data Leak
Content: A threat actor claims to have breached Laboratorio Vargas servers and leaked approximately 5,000 records containing full names, email addresses, phone numbers, lab tests, and results. The data was shared freely as a community contribution. The actor also claims to possess additional similar datasets available for purchase.
Date: 2026-05-06T05:14:11Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Laboratorio-Vargas-5k-positive-lab-results-PII
Screenshots:
None
Threat Actors: Alameda_Slim
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Laboratorio Vargas
Victim Site: labvargas.localizanet.com
Sale of mixed combo list with 33K credentials
Category: Combo List
Content: A threat actor is distributing a mixed combo list containing approximately 33,000 credentials, marketed as fully valid. The list appears to aggregate credentials from multiple sources.
Date: 2026-05-06T05:11:22Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%AD%90%EF%B8%8F%E2%AD%90%EF%B8%8F%E2%AD%90%EF%B8%8F33K-MIX-FULL-VALID-%E2%AD%90%EF%B8%8F%E2%AD%90%EF%B8%8F%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: DexterCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Valid Hotmail credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 3,000 allegedly valid Hotmail credentials on a cybercrime forum. The content is hidden behind a registration or login requirement. The listed service is a credential-stuffing target, not the breach victim.
Date: 2026-05-06T05:09:45Z
Network: openweb
Published URL: https://breachforums.rs/Thread-3000x-Valid-HQ-Hotmails
Screenshots:
None
Threat Actors: sellerxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list by D4rkNetHub
Category: Combo List
Content: A threat actor operating as D4rkNetHub is offering a combo list of 3,514 Hotmail credentials via a hidden content link on the forum. The listing promotes a paid cloud service with subscription tiers ranging from $10 for a 3-day test to $50 for 30-day access, available through their shop and Telegram channel.
Date: 2026-05-06T04:50:15Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3-514-Good-HOTMAIL-GOODS-D4RKNETHUB-CLOUD-06-05-26
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 697 Hotmail credentials
Category: Combo List
Content: A combo list of 697 Hotmail credentials has been shared on a forum. The content is hidden behind a registration or login requirement. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-06T04:49:41Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%EF%B8%8F-697x-verity-vault-hotmail-drop-%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: VerityVault
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 12K Mixed Mail Access Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 12,000 mixed mail access credentials. The content is gated behind registration or login on the forum. No specific victim organization or country is identified.
Date: 2026-05-06T04:49:13Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%94%A5-12k-mix-mail-access-vault-%F0%9F%94%A5
Screenshots:
None
Threat Actors: RyuuMaster
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 3,514 Hotmail credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 3,514 claimed valid Hotmail credentials on a leak forum. The content is hidden behind registration or login. The credentials are marketed as hits suitable for credential stuffing.
Date: 2026-05-06T04:47:15Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-3-514-Good-HOTMAIL-GOODS-D4RKNETHUB-CLOUD-06-05-26
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged offer of private mail access with free drops
Category: Initial Access
Content: User Bo is advertising access to private mail with claims of free drops, providing Telegram channel links for recruitment to what appears to be a credential or access distribution channel.
Date: 2026-05-06T04:43:54Z
Network: telegram
Published URL: https://t.me/c/2613583520/76475
Screenshots:
None
Threat Actors: Squad Chat Marketplace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of SMK Nusantara Batang
Category: Data Leak
Content: A threat actor known as Mr.ZeroPhx100 claims to have leaked a database belonging to SMK Nusantara Batang, an Indonesian vocational school. No further details regarding the data contents or record count were provided in the post.
Date: 2026-05-06T04:09:28Z
Network: openweb
Published URL: https://breached.st/threads/database-smk-nusantara-batang.86839/unread
Screenshots:
None
Threat Actors: Mr.ZeroPhx100
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMK Nusantara Batang
Victim Site: Unknown
Free South Korea email combo list (Batch 23/100)
Category: Combo List
Content: A threat actor has freely distributed a batch of South Korea-focused email credentials labeled as part of a larger series (Batch 23 of 100). The content is gated behind registration or login on the forum. No specific breached organization is identified.
Date: 2026-05-06T03:32:28Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-free-premium-south-korea-email-list-batch-23-100
Screenshots:
None
Threat Actors: emaildbpro
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credentials combo list
Category: Combo List
Content: A threat actor is offering a combo list of 2,484 Hotmail credentials marketed as UHQ (ultra-high quality) and valid. The content is hidden behind a login/registration wall on the forum.
Date: 2026-05-06T03:32:02Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%E2%9A%A12484x-uhq-hotmail-access-valid%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: gostjac
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of email credential combolists and access bases by _emanthy
Category: Combo List
Content: Threat actor _emanthy is selling combolists containing email addresses, passwords, and cookies for Hotmail and Yahoo accounts, along with valid credential bases for major platforms (Amazon, Facebook, eBay, PayPal, Kleinanzeigen). Offers bases from multiple regions including EU, USA, Germany, and corporate accounts. Also offers cloud access on weekly/monthly subscription basis.
Date: 2026-05-06T02:24:59Z
Network: telegram
Published URL: https://t.me/c/2613583520/76408
Screenshots:
None
Threat Actors: _emanthy
Victim Country: Unknown
Victim Industry: Multiple (Email providers, E-commerce, Social media)
Victim Organization: Unknown
Victim Site: Unknown
Sale of aged WhatsApp Business accounts with full access
Category: Services
Content: A threat actor is selling warmed, aged WhatsApp Business accounts with shared or full access, available across 192 countries. Accounts are advertised as pre-logged-in, OTP-free, and ready for bulk messaging campaigns including grey-area marketing, spam, and cold outreach. Pricing starts at $15 per account with bulk stock available.
Date: 2026-05-06T02:05:56Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-whatsapp-bussines-warmed-aged-acces-plus-full-acces
Screenshots:
None
Threat Actors: GoldenLion
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Magento E-commerce Site by DimasHxR
Category: Defacement
Content: On May 6, 2026, a threat actor identified as DimasHxR defaced a Magento 2-based e-commerce website hosted under the Italian domain testmagento2.it. The attack targeted the public media directory of the Magento installation, a common vector for web defacements on inadequately secured CMS platforms. The incident was recorded as a single-target defacement with no team affiliation reported.
Date: 2026-05-06T02:03:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917646
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Italy
Victim Industry: E-commerce / Retail
Victim Organization: Test Magento 2
Victim Site: testmagento2.it
Combo List: Hotmail credentials distributed free
Category: Combo List
Content: A threat actor shared a combo list of approximately 7,100 Hotmail credentials, marketed as valid and UHQ (ultra-high quality), dated 06.05.2026. The list was made available for free download via a forum post, with the author advertising a Telegram contact for further communication.
Date: 2026-05-06T01:53:58Z
Network: openweb
Published URL: https://nulledbb.com/thread-7-1K-%E2%9A%A1Hotmail%E2%9A%A1Valid-Mail-Access-06-05
Screenshots:
None
Threat Actors: tutuba4m
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail combo list with 1,322 credentials
Category: Combo List
Content: A threat actor shared a combo list of 1,322 Hotmail credentials via an external paste platform. The list is marketed as UHQ (ultra-high quality). No breach of a specific organization is claimed.
Date: 2026-05-06T01:45:30Z
Network: openweb
Published URL: https://altenens.is/threads/1322x-hotmails-uhq-ebbi_cloud.2935248/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of 1,884 Hotmail credentials via Pasteview. The list is marketed as UHQ (ultra-high quality) and was made available for free on the forum.
Date: 2026-05-06T01:45:00Z
Network: openweb
Published URL: https://altenens.is/threads/1884x-hotmails-uhq-ebbi_cloud.2935249/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 7,316 Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of 7,316 Hotmail credentials, marketed as UHQ (ultra-high quality), via an external paste link. The credentials are intended for credential stuffing and are not attributed to a breach of Microsoft or Hotmail infrastructure.
Date: 2026-05-06T01:44:32Z
Network: openweb
Published URL: https://altenens.is/threads/7316x-hotmails-uhq-ebbi_cloud.2935250/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of UHQ mix combo list
Category: Combo List
Content: A threat actor shared a combo list of approximately 109,830 mixed credentials via Pasteview. The list is advertised as UHQ (ultra-high quality) and was made available for free on the forum.
Date: 2026-05-06T01:44:04Z
Network: openweb
Published URL: https://altenens.is/threads/10983x-mix-uhq-ebbi_cloud.2935251/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Hotmail valid mail access (7.5K)
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 7,500 claimed valid Hotmail credentials, marketed as private and high quality. The post is dated 06.05.2026 and requires forum engagement to access the download link.
Date: 2026-05-06T01:43:37Z
Network: openweb
Published URL: https://altenens.is/threads/7-5k-high-voltagehotmailhigh-voltagevalid-mail-access-06-05.2935252/unread
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Forum alert: Actor Datasallers accused of fraudulent data theft claims
Category: Alert
Content: Forum user MDGhost alleges that an account named Datasallers (also known as Dragonsupport) is fraudulently claiming ownership of data publications originally posted by MDGhost on Telegram. The post warns community members of a scammer repurposing others screenshots and data samples as their own.
Date: 2026-05-06T01:36:56Z
Network: openweb
Published URL: https://breached.st/threads/the-actor-datasallers-scammers-fake-claims.86837/unread
Screenshots:
None
Threat Actors: MDGhost
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail combo list shared on leakforum
Category: Combo List
Content: A user on leakforum shared a combo list of 1,898 purportedly high-quality Hotmail credentials. The content is hidden behind a registration/login wall, limiting further detail. This is a credential list intended for account stuffing, not a breach of Hotmail itself.
Date: 2026-05-06T01:23:20Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-X1898-HQ-Hotmail-%E2%9A%A1%E2%9A%A1-BY-Stevee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: stevee
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 1,898 credentials
Category: Combo List
Content: A combo list of 1,898 Hotmail credentials is being shared on a criminal forum. The content is hidden behind a registration or login wall. The post is attributed to user Stevee36.
Date: 2026-05-06T01:23:02Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X1898-HQ-Hotmail-%E2%9A%A1%E2%9A%A1-BY-Stevee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email access combo list with 37.8K credentials
Category: Combo List
Content: A threat actor is distributing a mixed email access combo list containing 37.8K credentials, marketed as private and high quality. The list was shared on a forum requiring users to reply to access the download link.
Date: 2026-05-06T01:19:26Z
Network: openweb
Published URL: https://altenens.is/threads/37-8k-sparkles-mix-sparkles-valid-mail-access-06-05.2935247/unread
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 21K mixed email credentials marketed as fully valid hits
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 21,000 mixed email credentials described as fully valid hits and private unwrapped data. The content is gated behind registration or login on the forum. The actor also advertises private data available via direct contact.
Date: 2026-05-06T00:59:26Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%90%E2%AD%9021k-mix-mail-acces-full-valid-hits%E2%AD%90-private-unrapped-data-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: DAXCLOUUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 5,500 Hotmail credentials offered on forum
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 5,500 Hotmail credentials, marketed as fresh valid hits. The post advertises private data available via direct contact with the actor.
Date: 2026-05-06T00:58:46Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%90%E2%AD%905-5k-fresh-hotmail-valid-hits-only-%E2%AD%90-private-unrapped-data-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: DAXCLOUUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 700K URL:Log:Pass combo list
Category: Combo List
Content: A threat actor shared a combo list containing approximately 700,000 URL:log:pass credential pairs on a public forum. The content is hidden behind a registration/login wall. No specific victim organization is identified.
Date: 2026-05-06T00:58:31Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%90-700k-url-log-pass%E2%AD%90-06-may
Screenshots:
None
Threat Actors: agha24
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail Email:Password Combo List of 10 Million Credentials
Category: Combo List
Content: A threat actor is distributing a combo list containing 10 million Hotmail email:password credential pairs. The list is described as private and is being shared on a cybercrime forum behind a registration or login wall.
Date: 2026-05-06T00:58:14Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-10m-2-hotmail-email-pass-mixed-private-combolist-top-1-combos-amg-combos
Screenshots:
None
Threat Actors: AMGCOMBOS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stealer logs with URL:Log:Pass credentials (1.80M records)
Category: Logs
Content: A threat actor operating under the handle Daxus is offering a dataset of 1.80 million URL:Log:Pass stealer log entries, marketed as UHQ (ultra-high quality). The logs are available via the actors commercial platform at daxus.pro and associated Telegram channels.
Date: 2026-05-06T00:57:45Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%AD%90%EF%B8%8FURL-LOG-PASS-1-80-M-%E2%9C%85-DAXUS-PRO-UHQ-%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of National Broadband Pakistan
Category: Data Leak
Content: A threat actor shared what is alleged to be a database belonging to National Broadband Pakistan, containing over 300,000 records. The post is labeled as Part I, suggesting additional parts may be released. No further details are available as the post content is empty.
Date: 2026-05-06T00:53:53Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-Database-of-National-Broadband-Pakistan-300k-PART-I
Screenshots:
None
Threat Actors: Flipperone
Victim Country: Pakistan
Victim Industry: Telecommunications
Victim Organization: National Broadband Pakistan
Victim Site: Unknown
Sale of automated Gmail account creation tool bypassing phone verification
Category: Services
Content: A forum user is offering an automated Gmail account creation tool that reportedly bypasses phone number verification requirements. Access to the tool is gated behind a reply requirement. No further technical details are visible from the post.
Date: 2026-05-06T00:45:11Z
Network: openweb
Published URL: https://altenens.is/threads/gmail-infinityinfinity-auto-gmail-creator-no-phone-number.2935213/unread
Screenshots:
None
Threat Actors: redJo3n
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of CraxRAT Premium Android Remote Access Trojan
Category: Malware
Content: A threat actor is offering CraxRAT Premium, an Android remote access trojan, on a cracking forum. The post claims the malware provides full access to any Android device. Access to the content requires a reply to the thread.
Date: 2026-05-06T00:44:44Z
Network: openweb
Published URL: https://altenens.is/threads/craxrat-premium-hack-any-android-phone-full-access.2935226/unread
Screenshots:
None
Threat Actors: redJo3n
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of EU Hotmail combo list with 200 credentials
Category: Combo List
Content: A threat actor is offering a combo list of approximately 200 EU Hotmail credentials, marketed as high-quality with no junk entries. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-06T00:31:44Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1-0-2k-elite-eu-hotmail-zero-junk-pure-hits-%E2%9A%A1-299221
Screenshots:
None
Threat Actors: BedrockDB
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Netflix credential checker and proxy grabber tool
Category: Combo List
Content: A forum user is distributing a Netflix credential checker bundled with a proxy grabber and checker tool. Access to the hidden content requires a reply to the thread. The tool is designed for credential stuffing against Netflix accounts.
Date: 2026-05-06T00:27:31Z
Network: openweb
Published URL: https://altenens.is/threads/premium-netflix-checker-proxy-grabber-and-checker.2935206/unread
Screenshots:
None
Threat Actors: redJo3n
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Premium Proxy Grabber and Checker Tool
Category: Services
Content: A forum user is offering a premium proxy grabber and checker tool, gated behind a reply requirement. No specific victim or breach is identified in this post.
Date: 2026-05-06T00:27:02Z
Network: openweb
Published URL: https://altenens.is/threads/two-heartspremium-proxy-grabber-checkertwo-hearts.2935211/unread
Screenshots:
None
Threat Actors: redJo3n
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

Conclusion & Strategic Threat Assessment

Related Posts

[February-5-2026] Daily Cybersecurity Threat Report

[May-07-2025] Daily Cybersecurity Threat Report

[May-30-2025] Daily Cybersecurity Threat Report