[May-08-2026] Daily Cybersecurity Threat Report

Executive Summary

The observed threat landscape is heavily dominated by the distribution and sale of compromised credentials, specifically combo lists and stealer logs. Threat actors are aggressively targeting email service providers, most notably Hotmail, alongside regional internet service providers and corporate accounts. A significant portion of the incidents involves high-impact data breaches affecting Fortune 500 companies, international government entities, and large-scale educational platforms.

Additionally, there is a coordinated mass defacement campaign primarily targeting Indonesian educational institutions, led by groups such as HackerSec.ID, Sukabumi Blackhat, and BABAYO EROR SYSTEM. The commercialization of cybercrime is highly visible, with the proliferation of Initial Access Brokers (IABs) selling access to corporate networks, alongside vendors offering Carding services, DDoS-for-hire, and fraudulent subscription upgrades.

1. Data Breaches and Data Leaks

The dataset reveals numerous high-profile data breaches and leaks, exposing millions of sensitive records across multiple sectors and geographies.

High-Profile Corporate Breaches:

Fortune 500 Companies: A threat actor operating under the moniker “ShinyhunterS” claimed to possess breached data from major global corporations, including Salesforce, Cisco, AT&T, Ticketmaster, Microsoft, Google, Victoria’s Secret, CrowdStrike, and Santander. The actor offered lifetime access to this stolen data for $10,000 USD on Telegram, providing contact details via XMPP, email, and Session. In a related post, another threat actor named “shinyc0rpsss” offered domain server access to Salesforce, capable of bulk data downloads, priced at $10,000 per user.
Instructure Canvas LMS: An allegedly massive breach affected the online education platform Canvas, operated by Instructure. Threat actors claimed to have stolen information belonging to approximately 275 million users, impacting thousands of schools and universities worldwide.
Telegram: A threat actor known as “Xyph0rix” offered a database containing 28 million records of Telegram users.
Deezer: A database dump allegedly from the French music streaming platform Deezer, containing 2,557,577 records of Russian users, was distributed for free by the PwnerSec group via a threat actor named “NormalLeVrai”.

Government and Public Sector Leaks:

BPJS Kesehatan (Indonesia): A threat actor (“alwayschina”) claimed to have breached the full database of Indonesia’s national health insurance agency, exposing roughly 280 million records (covering 98.25% of the population). The data included national ID numbers, medical record numbers, diagnoses, and social aid statuses.
Shanghai Government National Police: A threat actor named “MDGhost” claimed to leak 500GB of data from the Shanghai police portal (shga.gov.cn).
Burkina Faso Biometric Database: A seller named “smiro662” offered a 30GB database containing 58,547 verified biometric records from the Burkina Faso government, including high-resolution passport scans and national ID copies.
Indonesian Regional Governments: Multiple local government databases were leaked, including 100,000 records from the Jombang Regional Revenue Agency (BAPENDA) by “ShenChuyi88,” and 578,382 resident records from the Karangasem Regency Government (Pusatdata) by the “BABAYO EROR SYSTEM”.
MUI Indonesia: Employee records (149K) from the Majelis Ulama Indonesia were distributed by the “Sadboy Cyber Team Indonesia” (SCTH).

E-commerce, Retail, and Other Sectors:

Namshi.com (UAE): A database containing 428,000 records from the fashion platform Namshi was offered for sale by “Jeffrey Epstein,” containing names, phone numbers, and addresses.
BeautyMNL (Philippines): The same actor offered 431,000 records from this platform, including detailed shipping data.
Delko (France): Customer data scraped from the automotive retailer delko.fr was published by “lapsussgroups”.
TAP Air Portugal: Multiple actors (“ritok33000” and “bahisow611”) listed customer databases allegedly belonging to the airline.
Real Estate and Finance: Breaches included HOMES real estate platform (7 million records), GGI Insurance (325GB of confidential documents), VietLoan, Coinbase Canada, and BitMart cryptocurrency exchange.
Forums and Educational Institutes: Databases from DarkForums (420K+ records), ScriptMafia, X-PaSsWords, SDN Larangan 11 (Indonesian elementary school), SMK Raden Paku, Al-Aziziyah Islamic Boarding School, and NCBMS (Pakistan) were heavily circulated.

2. Credential Compromise and Combo Lists

The most frequent incident category observed is the distribution and sale of combo lists—text files containing massive volumes of username/email and password combinations. These lists are primarily utilized by cybercriminals for credential stuffing attacks to gain unauthorized account access.

Hotmail as a Primary Target: There is a distinct, high-volume targeting of Microsoft’s Hotmail platform. Dozens of threads advertise Hotmail credential “hits” (validated logins) ranging from hundreds of lines to massive lists exceeding 650,000 lines.

Actors like “Ebbicloud,” “Lowza9,” “SupportHotmail,” and “MegaCloudShop” frequently post multiple lists daily, claiming “UHQ” (ultra-high quality) and “unraped” (previously unused) status.
Lists are often curated by geographic region or paired with automated inbox-searching tools to extract valuable accounts linked to financial or gaming platforms.
Other Microsoft properties, such as Office365 (762K credentials by MetaCloud3) and OneDrive (768K credentials), are also heavily targeted.

Geographic and Platform-Specific Combo Lists:

Regional Lists: Threat actors are systematically curating and selling combo lists targeted by country. Prominent examples include lists for Brazil (513K, 205K), Australia (140K, 71K), Japan (245K), Italy (1M), Romania (105K), Korea (124K), Argentina (68K), Austria (61K), Belgium (61K), and Colombia (219K). Actors like “CobraEgy,” “Maxleak,” “iZED,” and “cloudantalya” actively deal in this geographic data.
Service-Specific Lists: Threat actors distribute combos optimized for specific platforms, such as Yahoo Canada, Comcast (150K), ExpressVPN, Amazon Prime Video, Roblox, and gaming services (Netflix, Minecraft, Uplay, Steam). A list of 14,000 student credentials from Universidad Autónoma del Noroeste with active Office 365 benefits was also offered.
Massive Mixed Lists: Several threat actors provided colossal volumes of mixed credentials. “el_capitan” sold a 3.1 million mixed list, while “dadazone” offered a staggering 156 million URL:Login:Password combo list, indicating massive data aggregation operations.

3. Website Defacements

A highly active and coordinated mass defacement campaign was observed, primarily carried out by Indonesian hacktivist groups.

Target Profiling: The vast majority of the defacements targeted subdomains of Indonesian educational institutions, particularly Universitas PGRI Semarang (UPGRIS) and its various branches (Bangka, Balikpapan, Bekasi, Batang, Lubuklinggau, Bengkulu). Subdomains related to physics departments, digital libraries, e-documents, administrative panels, and student portals were routinely compromised. Other international targets included Riverland Farms (Pakistan), We Spray On Paving, Lead-Pro SaaS (India), and tree.it (Italy).

Threat Actors and Groups:

Mr.spongebob: This actor was exceptionally prolific, operating under dual affiliations with the groups “HackerSec.ID” and “Sukabumi Blackhat”. They executed dozens of mass defacements against UPGRIS Linux-based servers.
BABAYO EROR SYSTEM: Actors “Mr.XycanKing” and the main group handled defacements of Indonesian elementary schools, government portals (Samarinda City Government PPID), and Indian SaaS platforms.
Zod: This actor targeted agricultural, construction, and personal websites.
Other Actors: “CAC./Ohang” (CyberOprationCulture), “Mr. Hanz Xploit” (Bekasi Eror System), “Owens” (Zenimous Crew), and “Inside Alone7” (Hidden Cyber Crime).

Virtually all defacement incidents were recorded and mirrored on haxor.id or zone-xsec.com, providing public proof of the attackers’ exploits.

4. Initial Access Brokers (IAB) and Vulnerabilities

Cybercriminals are actively trading initial access to corporate networks and exploiting vulnerabilities to bypass security controls.

Initial Access Brokerage:

Swedish Financial Services: Actor “CocoMel0n” offered GlobalProtect VPN access with Network Admin privileges to a Swedish firm with up to $1B in revenue, priced at $220.
Indian Real Estate: Actor “tiger” sold Azure AD Server Admin access to a company with $25M revenue.
Spanish Real Estate: “CocoMel0n” also sold RDWeb domain user access to a Spanish firm.
Angolan Government: “superduper1” offered admin panel access to roughly 20 Angolan government websites for $20 per login.
Webshells: “realmaul1337” sold webshell access to compromised domains with high SEO metrics.
Compromised Accounts: Actors like “Douglas” sold fresh Match.com/OurTime accounts, while “Dataxlogs” sold webmail access to European ISP accounts (Skynet.be, Telenet.be).

Vulnerabilities and Exploits:

CVE-2026-23918: An alleged critical double-free vulnerability in Apache mod_http2 was heavily discussed by “APT IRAN.” The vulnerability allows Denial of Service (DoS) attacks, with potential Remote Code Execution (RCE) requiring complex bypass techniques.
ScreenConnect 2FA Bypass: An actor (“leholowrd”) sold a zero-day or unpatched exploit bypassing two-factor authentication on ScreenConnect, bundled with Man-in-the-Middle (MITM) phishing components.
Law Enforcement Portal Exploit: Actor “convince” sold an exploit allegedly bypassing verification on law enforcement disclosure portals of major social media companies. This allows unauthorized extraction of subscriber data, messages, and IPs, priced at $300, and is bundled with forged court orders.

5. Cybercrime Services and Carding

The underground economy provides a robust suite of Services-as-a-Service, enabling fraud, harassment, and infrastructure abuse.

Carding and Financial Fraud:

Threat actors like “3z2a2y,” “Neas,” and “00FBN” sold stolen payment card data, including Virtual Credit Cards (VCC), non-VBV cards, dumps with PINs sourced from physical skimmers, and linkable debit cards for CashApp, PayPal, and Apple Pay.
Identity document databases containing IDs, selfies, and SSNs (e.g., California driver’s licenses) were sold by “antorislam1040” for KYC bypass.
“Cococheck” provided commercial credit card verification services for $0.01 per check.

Account Upgrades and Travel Fraud:

A major vendor, “MINDHUNTER” (and others like “Wellix”), dominated the sale of fraudulent premium account upgrades. They offered deeply discounted, allegedly “legal” upgrades applied directly to buyers’ accounts for services like ChatGPT Plus, Gemini Pro, Notion AI, Netflix, Bumble, Telegram Premium, and SuperGrok AI.
“cheaptravelzz” offered up to 60% discounts on flights, hotels, and car rentals, indicating carding-funded travel fraud operations.

Harassment and DDoS Services:

Social Media Bans: “RepsMedia” sold guaranteed account ban/takedown services for WhatsApp (starting at $150) and Instagram (starting at $250).
DDoS Stressers: “GoliathStress” and “Darkode1” (stressed.pw) advertised powerful botnets capable of Layer-4 and Layer-7 DDoS attacks, claiming to bypass Cloudflare and OVH protections.

Other Services:

“0056113” sold compromised law enforcement emails from global jurisdictions to file fraudulent Emergency Data Requests (EDRs) to platforms like Meta and Apple.
“devMacan” operated a digital goods marketplace (“MacanSell”) offering auto-delivery and anonymous crypto checkout for threat actors.

6. Malware and Stealer Logs

The propagation of info-stealing malware has resulted in a massive influx of “stealer logs”—comprehensive archives of credentials, cookies, and system information extracted from infected hosts.

Log Distribution: Threat actors like “VOID032”, “WhiteMelly”, “UP_DAISYCLOUD”, “yirmiyahu”, and “vultapower” distributed multi-gigabyte archives containing millions of URL:Login:Password (ULP) pairs. One actor boasted a dataset of 18.59 million ULP credentials. These logs are frequently dumped for free on Telegram channels or forums to build reputation, while exclusive logs are reserved for paying VIP customers.
Cookie Theft: “mr-hanz-xploit” specifically highlighted the leak of compromised session cookies for ChatGPT.
Malware Tools: “ZamanX” distributed the “ErebusTools V2.0” hacking toolkit, while “daniel12” sold the “Pentagon RAT 2026,” a Remote Access Trojan equipped with keylogging, webcam monitoring, and stealth capabilities. Furthermore, “Muro” sold the source code for an EXE-to-JPEG obfuscator designed to bypass antivirus signatures and AI sandboxes by hiding binary payloads in valid image files.

Conclusion

The threat intelligence derived from this dataset highlights a highly industrialized cybercrime ecosystem. The frictionless trade of combo lists and stealer logs fuels continuous credential stuffing and account takeover attacks worldwide. Meanwhile, high-tier threat actors focus on compromising major corporate databases and selling initial network access. The blatant sale of exploit methodologies (like the Law Enforcement portal bypass) and the highly automated nature of mass defacements underscore the evolving sophistication and persistent danger posed by these threat communities.

Detected Incidents Draft Data

Hotmail combo list of 700 credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 700 Hotmail credentials, marketed as valid. The content is gated behind registration or a like requirement on the forum.
Date: 2026-05-07T23:48:02Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%B00-7k%E2%9A%9C%EF%B8%8Fprivate%E2%9A%9C%EF%B8%8Fhotmail%E2%9A%9C%EF%B8%8Fvalid%F0%9F%94%B0
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of fresh ULP combo list from private channel
Category: Combo List
Content: A threat actor is distributing a URL:login:password (ULP) combo list claimed to originate from a private channel. The content is hidden behind a registration/login wall and a like requirement. No target service or record count is specified.
Date: 2026-05-07T23:47:46Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%B0fresh%E2%9A%9C%EF%B8%8Fgood%E2%9A%9C%EF%B8%8Flittle%E2%9A%9C%EF%B8%8Fulp%E2%9A%9C%EF%B8%8Ffrom%E2%9A%9C%EF%B8%8Fprivate%E2%9A%9C%EF%B8%8Fchannel%F0%9F%94%B0
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of stealer logs by threat actor VOID032
Category: Logs
Content: A forum user is distributing a collection of 145 stealer logs attributed to threat actor VOID032. The content is hidden behind a login/registration wall, limiting visibility into the specific data included. No further details about victim organizations or geographic scope are available.
Date: 2026-05-07T23:47:30Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%B0145%E2%9A%9C%EF%B8%8Flittle%E2%9A%9C%EF%B8%8Flogs%E2%9A%9C%EF%B8%8Fby%E2%9A%9C%EF%B8%8F-void032%F0%9F%94%B0
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Spain combo list with 150,000 credentials
Category: Combo List
Content: A threat actor has shared a combo list containing 150,000 credentials allegedly associated with Spanish users. The content is hidden behind a registration/login requirement on the forum.
Date: 2026-05-07T23:38:29Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Spain-Combolist-150K
Screenshots:
None
Threat Actors: mindreading
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of stolen payment card verification and database access services
Category: Combo List
Content: Threat actors operating AllCards and Cococheck platforms advertising stolen payment card verification services. AllCards claims to sell 100k+ cards daily at $1.20-3 per valid card across multiple countries. Cococheck offers card verification at $0.01 per check with bulk acquisition options. Additional post advertising fresh database access for UK, DE, JP, NL, BR, PL, ES, US, IT and other countries with email accounts and marketplace account access (eBay, Amazon, Walmart, PSN, Uber, etc.).
Date: 2026-05-07T23:36:54Z
Network: telegram
Published URL: https://t.me/c/2613583520/77420
Screenshots:
None
Threat Actors: AllCards
Victim Country: Unknown
Victim Industry: Financial services, E-commerce
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of credential combolists across multiple countries
Category: Combo List
Content: Threat actor advertising sale of credential combolists (email:password combinations) for multiple countries including US, DE, FR, IT, BR, UK, JP, PL, ES, NL, MX, CA, SG. Also offering access to compromised accounts on platforms including Hotmail, eBay, Reddit, Poshmark, Walmart, Amazon, and others. Pricing mentioned at $1.2-3 per valid credential depending on country.
Date: 2026-05-07T23:35:49Z
Network: telegram
Published URL: https://t.me/c/2613583520/77423
Screenshots:
None
Threat Actors: Wěilóng
Victim Country: Unknown
Victim Industry: Multiple (e-commerce, email, booking platforms)
Victim Organization: Unknown
Victim Site: Unknown
Hotmail mail access combo list (0.1K)
Category: Combo List
Content: A combo list of approximately 100 Hotmail mail access credentials is being shared on a cybercrime forum. The content is gated behind registration or login. Credentials are marketed as high quality (HQ).
Date: 2026-05-07T23:24:09Z
Network: openweb
Published URL: https://patched.to/Thread-0-1k-hq-hotmail-mail-access-combolist-299981
Screenshots:
None
Threat Actors: liamgoat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Philippines combo list with 3K credentials
Category: Combo List
Content: A combo list purportedly containing approximately 3,000 credentials associated with Philippines-based accounts is being shared freely on the forum. The content is hidden behind a registration/login requirement and a like-gate.
Date: 2026-05-07T23:23:29Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%B03k%E2%9A%9C%EF%B8%8Fphilippines%E2%9A%9C%EF%B8%8Fcombolist%F0%9F%94%B0
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Switzerland combo list with 4K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 4,000 credentials purportedly associated with Switzerland. The content is gated behind registration or login on the forum.
Date: 2026-05-07T23:22:59Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%B04k%E2%9A%9C%EF%B8%8Fswitzerland%E2%9A%9C%EF%B8%8Fcombolist%F0%9F%94%B0
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Yahoo Canada accounts
Category: Combo List
Content: A user on a combolist forum shared a combo list purportedly containing valid Yahoo Canada credentials. The content is hidden behind a registration or login wall, with engagement required to access it.
Date: 2026-05-07T23:22:42Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%B0good%E2%9A%9C%EF%B8%8Fvalid%E2%9A%9C%EF%B8%8Fyahoo%E2%9A%9C%EF%B8%8Fca%F0%9F%94%B0
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Comcast combo list with 150K email:password pairs
Category: Combo List
Content: A threat actor has shared a combo list of 150,000 email:password credentials associated with Comcast accounts on a cybercrime forum. The content is gated behind forum registration or login. This is a credential list likely compiled from prior breaches, not a direct breach of Comcast.
Date: 2026-05-07T23:20:13Z
Network: openweb
Published URL: https://breachforums.rs/Thread-150K-Combolist-Comcast
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of URL:Login:Pass combo list extracted from stealer logs
Category: Combo List
Content: A threat actor is distributing a 6GB URL:Login:Pass combo list derived from stealer logs via a Telegram channel. The dataset is advertised as a mix of credentials including Hotmail, Live, Outlook, and MSN accounts from multiple European regions. The actor also offers paid content through Telegram.
Date: 2026-05-07T23:16:08Z
Network: openweb
Published URL: https://altenens.is/threads/6gb-url-login-pass-lines-from-logs.2936222/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale and distribution of stealer logs and credential combos via Telegram
Category: Logs
Content: A threat actor is advertising daily free distribution and sale of stealer logs, cookies, combo lists, and leaked data via a Telegram channel. The offering includes mixed credentials targeting Hotmail, Live, Outlook, and MSN accounts across multiple European countries. Users are directed to a Telegram handle to purchase additional content.
Date: 2026-05-07T23:15:42Z
Network: openweb
Published URL: https://altenens.is/threads/1-5gb-full-logs.2936223/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 1,475 Hotmail credentials combo list
Category: Combo List
Content: A threat actor shared a combo list of 1,475 Hotmail credentials via Pasteview, marketed as UHQ (ultra-high quality). The credentials are intended for credential stuffing against Hotmail/Microsoft accounts.
Date: 2026-05-07T23:13:13Z
Network: openweb
Published URL: https://altenens.is/threads/1475x-hotmails-uhq.2936211/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 1,699 Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of 1,699 Hotmail credentials via Pasteview. The credentials are marketed as UHQ (ultra-high quality) and were made available for free on the forum.
Date: 2026-05-07T23:12:47Z
Network: openweb
Published URL: https://altenens.is/threads/1699x-hotmails-uhq.2936212/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 150K mixed email-password combo list
Category: Combo List
Content: A threat actor is offering a mixed combo list of 150,000 email:password and user:password credentials covering multiple email providers and countries including the US, UK, France, Germany, Italy, Canada, and Australia. The list is advertised as high quality and fresh. Contact is solicited via Telegram for purchase.
Date: 2026-05-07T23:12:21Z
Network: openweb
Published URL: https://altenens.is/threads/150k-fresh-hq-combolist-email-pass-mixed.2936210/unread
Screenshots:
None
Threat Actors: carlos080
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list (1,731 credentials)
Category: Combo List
Content: A threat actor shared a combo list of 1,731 Hotmail credentials, marketed as UHQ (ultra-high quality), via an external paste service. The content is hosted on pasteview.com and distributed freely on the forum.
Date: 2026-05-07T23:11:54Z
Network: openweb
Published URL: https://altenens.is/threads/1731x-hotmails-uhq.2936213/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 2,645 Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of 2,645 Hotmail credentials via Pasteview. The list is marketed as UHQ (ultra-high quality) and was made available for free on the forum.
Date: 2026-05-07T23:11:27Z
Network: openweb
Published URL: https://altenens.is/threads/2645x-hotmails-uhq.2936214/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of Hotmail combo list (3,394 credentials)
Category: Combo List
Content: A threat actor shared a combo list of 3,394 Hotmail credentials via Pasteview, marketed as UHQ (ultra-high quality). The list was made available for free on the forum.
Date: 2026-05-07T23:11:02Z
Network: openweb
Published URL: https://altenens.is/threads/3394x-hotmails-uhq.2936216/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list (4,635 credentials)
Category: Combo List
Content: A threat actor shared a combo list of 4,635 Hotmail credentials, marketed as UHQ (ultra-high quality), via an external Pasteview link. The credentials appear intended for credential stuffing against Hotmail/Outlook accounts.
Date: 2026-05-07T23:10:35Z
Network: openweb
Published URL: https://altenens.is/threads/4635x-hotmails-uhq.2936217/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of Hotmail combo list (6,024 credentials)
Category: Combo List
Content: A threat actor shared a combo list of 6,024 Hotmail credentials via Pasteview, marketed as UHQ (ultra-high quality). The list was made available for free on the forum.
Date: 2026-05-07T23:10:09Z
Network: openweb
Published URL: https://altenens.is/threads/6024x-hotmails-uhq.2936218/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email credential combo list
Category: Combo List
Content: A threat actor is distributing approximately 7,000 mixed email credentials including Hotmail, Live, Outlook, and MSN accounts sourced from multiple European countries. The post advertises free daily releases via Telegram alongside paid offerings including ULP combos, logs, cookies, and leaked data.
Date: 2026-05-07T23:09:42Z
Network: openweb
Published URL: https://altenens.is/threads/7k-mix-lines-mail-access.2936219/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of Hotmail combo list (8,944 credentials)
Category: Combo List
Content: A threat actor shared a combo list of 8,944 Hotmail credentials via Pasteview, marketed as UHQ (ultra-high quality). The list was made available for free on the forum.
Date: 2026-05-07T23:09:17Z
Network: openweb
Published URL: https://altenens.is/threads/8944x-hotmails-uhq.2936220/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 8,000 lines
Category: Combo List
Content: A threat actor is offering 8,000 Hotmail/Live/Outlook/MSN credential lines in ULP format, advertised as part of a broader mix of EU/UK regional combos. The actor promotes a Telegram channel distributing daily free logs, cookies, and combo lists, with additional material available for purchase via Telegram.
Date: 2026-05-07T23:08:51Z
Network: openweb
Published URL: https://altenens.is/threads/8k-hotmail-lines-mail-access.2936221/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of ScreenConnect 2FA bypass vulnerability with MITM phishing component
Category: Vulnerability
Content: A threat actor is offering for sale an alleged vulnerability in ScreenConnect that bypasses two-factor authentication, bundled with a MITM webpage designed to capture cookies and an email validator tool. The seller is directing interested parties to contact them via Telegram or Session for proof and further details.
Date: 2026-05-07T23:06:05Z
Network: openweb
Published URL: https://breached.st/threads/screen-vulnrability-off-the-record.86897/unread
Screenshots:
None
Threat Actors: leholowrd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of account access logs and credentials for multiple platforms
Category: Logs
Content: Threat actor offering for sale access logs and credentials (logs) for multiple high-value accounts including Hotmail, Gmail, Facebook Ads, LinkedIn, iCloud, Uber, Reddit, and various travel/dating platforms. Post indicates availability of account fullz, mailpass access, and RDP credentials.
Date: 2026-05-07T23:03:58Z
Network: telegram
Published URL: https://t.me/c/2613583520/77404
Screenshots:
None
Threat Actors: Yìchén
Victim Country: Unknown
Victim Industry: Technology, Social Media, Travel, Finance, Dating Services
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of stealer logs via cloud sharing
Category: Logs
Content: A threat actor shared 5,617 stealer logs via a cloud file-sharing link on a darknet forum. The logs are described as fresh and were made available for free download. No specific victim organization or country is identified.
Date: 2026-05-07T23:01:31Z
Network: openweb
Published URL: https://darkforums.su/Thread-%F0%9F%9A%80-5617-LOGS-CLOUD-%E2%98%81-08-MAY-%E2%9D%A4%EF%B8%8F-FRESH-LOGS%E2%9D%97%EF%B8%8F
Screenshots:
None
Threat Actors: UP_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 150K Fresh Email:Password Combo List for Multiple Streaming and Gaming Services
Category: Combo List
Content: A threat actor is offering a 150K credential combo list containing email:password pairs marketed as fresh and high quality. The list is advertised as effective against services including Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify. The actor also promotes additional combo lists segmented by email provider and country via Telegram.
Date: 2026-05-07T22:51:44Z
Network: openweb
Published URL: https://demonforums.net/Thread-150k-Fresh-HQ-Combolist-Email-Pass-Netflix-Minecraft-Uplay-Steam-Hulu-spotify–203277
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged doxing and extortion of breached.st owner by ShinyHunters affiliate
Category: Cyber Attack
Content: Threat actor claiming association with ShinyHunters group has doxed the owner of breached.st (identified as @pal3nt1r/Hasan) and is threatening to provide the information to law enforcement agencies (FBI, INTERPOL, CIA, EUROPOL) unless demands are met. Doxing information posted to doxbin.com. The actor is leveraging law enforcement as a coercion tactic.
Date: 2026-05-07T22:48:43Z
Network: telegram
Published URL: https://t.me/c/3500620464/7742
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: breached.st
Victim Site: breached.st
Alleged data breach of DarkForums – 420k+ records leaked
Category: Data Breach
Content: DarkForums, a dark web forum platform, has been breached with 420k+ records including posts, users, and IP addresses. The breach was disclosed on April 15, 2026. Multiple domain variants affected: darkforums.su, darkforums.st, darkforums.is, and darkforums.com.
Date: 2026-05-07T22:41:20Z
Network: telegram
Published URL: https://t.me/c/3500620464/7739
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: DarkForums
Victim Site: darkforums.su
Alleged data leak of Indonesian civil servant rank order records by Shadownex
Category: Data Leak
Content: A threat actor known as Shadownex claims to have leaked a list of rank order (DUK) records pertaining to Indonesian civil servants (PNS). The data is being made available for free download. No further details about the record count or source system were provided.
Date: 2026-05-07T22:41:16Z
Network: openweb
Published URL: https://breached.st/threads/list-of-rank-order-duk-of-civil-servants-pns-leak-by-shadownex.86896/unread
Screenshots:
None
Threat Actors: Shadownex
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Indonesian Civil Service (PNS)
Victim Site: Unknown
Alleged sale of breached data from multiple Fortune 500 companies by ShinyhunterS
Category: Data Breach
Content: Threat actor ShinyhunterS claims to possess breached data from Salesforce, Cisco, AT&T, Ticketmaster, Microsoft, Google, Victorias Secret, CrowdStrike, and Santander. Offering lifetime access to all stolen data for $10,000 USD. Contact details provided via XMPP, Telegram, and email. Session ID included in post.
Date: 2026-05-07T22:40:18Z
Network: telegram
Published URL: https://t.me/c/3500620464/7737
Screenshots:
None
Threat Actors: ShinyhunterS
Victim Country: Unknown
Victim Industry: Technology, Telecommunications, Retail, Financial Services, Cybersecurity
Victim Organization: Salesforce, Cisco, AT&T, Ticketmaster, Microsoft, Google, Victorias Secret, CrowdStrike, Santander
Victim Site: Unknown
Website Defacement of Homeworks Strawberry by CAC./Ohang of CyberOprationCulture
Category: Defacement
Content: On May 8, 2026, a threat actor identified as CAC./Ohang, operating under the team CyberOprationCulture, defaced the website hosted at transparencia.homeworksstrawberry.xyz. The targeted subdomain transparencia suggests a transparency or public information portal. The attack was carried out on a Linux-based server and is recorded as a standalone, non-mass defacement incident.
Date: 2026-05-07T22:35:24Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248959
Screenshots:
None
Threat Actors: CAC./Ohang, CyberOprationCulture
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Homeworks Strawberry
Victim Site: transparencia.homeworksstrawberry.xyz
Combo List: HQ Hotmail Mail Access Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 600 Hotmail email credentials marketed as high quality mail access. The content is gated behind registration or login on the forum.
Date: 2026-05-07T22:28:11Z
Network: openweb
Published URL: https://patched.to/Thread-0-6k-hq-hotmail-mail-access-combolist-299966
Screenshots:
None
Threat Actors: liamgoat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor shared a combo list of 800 Hotmail credentials marketed as fresh and valid. The list was made available via an external paste link. The post encourages users to join a channel for additional drops.
Date: 2026-05-07T22:27:41Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-x800-hotmail-fresh-valid
Screenshots:
None
Threat Actors: Aweex
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of US email combo list including Hotmail and mixed credentials
Category: Combo List
Content: A threat actor is selling a combo list of US email credentials advertised as including Hotmail and mixed accounts. The post directs interested buyers to contact via Telegram handle @antalya_H. No record count or pricing details are provided.
Date: 2026-05-07T22:27:25Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-private-mail-usa-%F0%9F%87%BA%F0%9F%87%B8-by-antalya-h
Screenshots:
None
Threat Actors: cloudantalya
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Japan-targeted email combo list
Category: Combo List
Content: A threat actor is offering for sale a combo list targeting Japan, described as containing Hotmail and mixed email credentials. The post directs interested buyers to contact the seller via a Telegram handle and channel.
Date: 2026-05-07T22:26:55Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-private-mail-japan-%F0%9F%87%AF%F0%9F%87%B5-by-antalya-h
Screenshots:
None
Threat Actors: cloudantalya
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Brazil-targeted combo list including Hotmail and mixed credentials
Category: Combo List
Content: A threat actor is selling a combo list of Brazilian email credentials, including Hotmail and mixed accounts. The listing directs interested buyers to contact the seller via direct message for access. No record count or price is specified in the post.
Date: 2026-05-07T22:26:38Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-private-mail-brazil-%F0%9F%87%A7%F0%9F%87%B7-by-antalya-h
Screenshots:
None
Threat Actors: cloudantalya
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting EU Hotmail accounts
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 100 EU Hotmail credentials, marketed as high-quality with no junk entries. The content is gated behind forum registration or login.
Date: 2026-05-07T22:26:20Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1-0-1k-elite-eu-hotmail-zero-junk-pure-hits-%E2%9A%A1
Screenshots:
None
Threat Actors: BedrockDB
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of German email combo list including Hotmail and mixed credentials
Category: Combo List
Content: A threat actor operating under the alias antalya_H is selling a combo list of German email credentials, including Hotmail and mixed accounts targeted by country. The post directs interested buyers to contact via direct message for access.
Date: 2026-05-07T22:25:50Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-private-mail-germany-%F0%9F%87%A9%F0%9F%87%AA-by-antalya-h
Screenshots:
None
Threat Actors: cloudantalya
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of French email combo list
Category: Combo List
Content: A threat actor is offering for sale a combo list of French email credentials, described as containing Hotmail and mixed accounts. The post advertises direct messaging for purchase access and targets France as the country of origin.
Date: 2026-05-07T22:25:33Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-private-mail-france-%F0%9F%87%AB%F0%9F%87%B7-by-antalya-h
Screenshots:
None
Threat Actors: cloudantalya
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 600K URL:log:pass combo list
Category: Combo List
Content: A threat actor shared a combo list of approximately 600,000 URL:log:pass credential pairs on a public forum. The content is gated behind registration or login. No specific victim organization or country is identified.
Date: 2026-05-07T22:25:18Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%90-600k-url-log-pass%E2%AD%90-08-may
Screenshots:
None
Threat Actors: agha24
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of SDN Larangan 11 elementary school student records
Category: Data Leak
Content: A threat actor leaked a database allegedly belonging to SDN Larangan 11, an Indonesian elementary school. The exposed records include student full names, national identity numbers (NIK), national student numbers (NISN), dates of birth, gender, mothers names, and class enrollment details. The data appears to involve minor students and was shared freely on a breach forum.
Date: 2026-05-07T22:23:00Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-Database-Sekolah-SDN-Larangan-11
Screenshots:
None
Threat Actors: RanzXZ
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SDN Larangan 11
Victim Site: Unknown
Alleged data breach of Teespring
Category: Data Breach
Content: A forum post references a Teespring Canadian contact database. No further details or post content are available to confirm the nature or extent of the alleged breach.
Date: 2026-05-07T22:21:20Z
Network: openweb
Published URL: https://breachforums.rs/Thread-teespring-canadian-contact
Screenshots:
None
Threat Actors: courtika
Victim Country: Canada
Victim Industry: Retail
Victim Organization: Teespring
Victim Site: teespring.com
Alleged Critical Double Free Vulnerability in Apache mod_http2 (CVE-2026-23918) with DoS and RCE Potential
Category: Vulnerability
Content: Technical analysis of CVE-2026-23918, a double free vulnerability in Apache 2.4.66s mod_http2 module within the m_stream_cleanup function in h2_mplx.c. The vulnerability allows attackers to trigger denial of service via crafted HEADERS and RST_STREAM frames. RCE is theoretically possible but requires: (1) Apache compiled with mmap memory allocator (common in Debian, Ubuntu, Docker), (2) a secondary information leak vulnerability to bypass ASLR, and (3) complex heap grooming techniques. DoS exploitation is straightforward and multiple PoCs exist on GitHub. RCE exploitation remains theoretical with no public working exploits confirmed, though researchers have demonstrated it on x86_64 architecture in controlled lab environments.
Date: 2026-05-07T22:14:52Z
Network: telegram
Published URL: https://t.me/c/3575098403/177
Screenshots:
None
Threat Actors: APT IRAN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged CVE-2026-23918 Double Free Vulnerability in Apache mod_http2 – DoS and RCE Analysis
Category: Vulnerability
Content: Technical analysis of CVE-2026-23918, a double free vulnerability in Apache 2.4.66s mod_http2 module within the m_stream_cleanup function in h2_mplx.c. The vulnerability allows attackers to trigger denial of service through crafted HEADERS and RST_STREAM frames. Post details exploitation requirements: mod_http2 must be enabled with threaded MPMs (event/worker). RCE is theoretically possible but requires additional conditions including mmap-based memory allocation, a secondary information leak vulnerability, heap grooming techniques, and ASLR bypass. Public DoS exploits exist on GitHub but no functional RCE exploits have been released. Affects only Apache 2.4.66; version 2.4.67 is patched and earlier versions are unaffected.
Date: 2026-05-07T22:13:36Z
Network: telegram
Published URL: https://t.me/c/3575098403/176
Screenshots:
None
Threat Actors: APT IRAN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Forum announcement: Telegram chat links posted by staff
Category: Alert
Content: A forum staff member posted official Telegram chat links associated with the BreachedForums community. The post lists three Telegram links described as leading to the same group chat. No threat content is present.
Date: 2026-05-07T22:12:30Z
Network: openweb
Published URL: https://breached.st/threads/telegram-chat-links.86895/unread
Screenshots:
None
Threat Actors: HasanBroker
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 100K USA Dehashed Credentials
Category: Combo List
Content: A threat actor is distributing a combo list claimed to contain 100,000 dehashed credentials targeting US users. The content is gated behind registration or login. No specific breached organization is identified.
Date: 2026-05-07T21:57:32Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-100k-usa-dehashed-very-private-combo-part1
Screenshots:
None
Threat Actors: Glowlex
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential hits combo list
Category: Combo List
Content: A threat actor on a combolist forum is distributing approximately 1,900 Hotmail credential hits marketed as fresh and verified. The content is gated behind forum registration. The named service (Hotmail) is a credential-stuffing target, not the breach source.
Date: 2026-05-07T21:57:13Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1-9-k-hotmail-access-valid-hit-fresh-%F0%9F%94%A5
Screenshots:
None
Threat Actors: NullShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Romania combo list containing 105K credentials
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 105,000 credentials marketed as fresh and associated with Romanian accounts. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-07T21:56:58Z
Network: openweb
Published URL: https://patched.to/Thread-shopping-105k-romania-fresh-good-combolist
Screenshots:
None
Threat Actors: iZED
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of 14,000 student credentials from Universidad Autónoma del Noroeste Saltillo
Category: Combo List
Content: Threat actor offering 14,000 compromised Outlook student accounts from Universidad Autónoma del Noroeste (UANE) in Saltillo, Mexico. Credentials include email addresses and passwords with active Office 365 benefits valid until 2029. Price listed at 1,300 Mexican Pesos. Sample credentials provided as proof.
Date: 2026-05-07T21:56:53Z
Network: telegram
Published URL: https://t.me/c/3764001014/119
Screenshots:
None
Threat Actors: MagoSpeak
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Universidad Autónoma del Noroeste
Victim Site: uane.mx
Sale of 13 ExpressVPN accounts with active plans
Category: Combo List
Content: A threat actor is sharing 13 ExpressVPN accounts with active subscription plans on a combolist forum. Access to the content is restricted to registered members. The accounts are being distributed for free behind a login/registration gate.
Date: 2026-05-07T21:56:40Z
Network: openweb
Published URL: https://patched.to/Thread-vpn-13-express-vpn-accounts-with-plan
Screenshots:
None
Threat Actors: YennYou
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail Credentials
Category: Combo List
Content: A threat actor shared a combo list containing 1,532 Hotmail credentials, marketed as fresh. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-07T21:56:24Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1532-full-fresh-hotmails
Screenshots:
None
Threat Actors: martcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Korea combo list with 124K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 124,000 credentials marketed as fresh and associated with Korean accounts. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-07T21:55:52Z
Network: openweb
Published URL: https://patched.to/Thread-shopping-124k-korea-fresh-good-combolist
Screenshots:
None
Threat Actors: iZED
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Amazon Prime Video account credentials
Category: Combo List
Content: A threat actor is sharing 5 Amazon Prime Video account credentials on a combolist forum. The content is gated behind registration or login. The named service is a credential-stuffing target and is not the breach victim.
Date: 2026-05-07T21:55:22Z
Network: openweb
Published URL: https://patched.to/Thread-streaming-5x-amazon-prime-video-%F0%9F%90%B1%E2%80%8D%F0%9F%8F%8D
Screenshots:
None
Threat Actors: YennYou
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Office365 combo list of 762K credentials available on forum
Category: Combo List
Content: A threat actor known as MetaCloud3 is distributing a combo list of approximately 762,000 credentials marketed as suitable for use against Office365. The post advertises the data as sourced from a private base and promotes the authors combo cloud service offering high-quality data.
Date: 2026-05-07T21:55:04Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9A%A1762k-office365%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
OneDrive combo list of 768K credentials
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 768,000 credentials marketed as suitable for credential stuffing against OneDrive. The post describes the data as from a private base and claims high quality. The content is gated behind registration or login.
Date: 2026-05-07T21:54:33Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1768k-onedrive%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list containing 150,000 credentials
Category: Combo List
Content: A threat actor is offering a combo list of 150,000 Hotmail credentials, marketed as fresh. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-07T21:53:53Z
Network: openweb
Published URL: https://patched.to/Thread-shopping-150k-hotmail-fresh-good-combolist-299920
Screenshots:
None
Threat Actors: iZED
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Yahoo combo list with 160K credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 160,000 Yahoo credentials, marketed as fresh. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-07T21:53:35Z
Network: openweb
Published URL: https://patched.to/Thread-shopping-160k-yahoo-fresh-good-combolist
Screenshots:
None
Threat Actors: iZED
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of USA combo list with 150,000 credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 150,000 credentials marketed as fresh and originating from US-based accounts. The content is hidden behind a registration/login wall on the forum.
Date: 2026-05-07T21:53:18Z
Network: openweb
Published URL: https://patched.to/Thread-shopping-150k-usa-fresh-good-combolist
Screenshots:
None
Threat Actors: iZED
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 626 Hotmail credentials
Category: Combo List
Content: A combo list of 626 Hotmail credentials marketed as valid access is being shared on a combolist forum. The content is hidden behind a registration or login wall. The named service is a credential-stuffing target, not the breach victim.
Date: 2026-05-07T21:53:03Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%E2%98%80%EF%B8%8F626-hotmail-valid-access-07-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 1,200 Hotmail credential hits
Category: Combo List
Content: A threat actor is distributing 1,200 claimed valid Hotmail credentials, marketed as UHQ and unraped (previously unused). The content is hidden behind a registration/login wall on the forum.
Date: 2026-05-07T21:52:23Z
Network: openweb
Published URL: https://patched.to/Thread-royal-%E2%9C%A8%E2%8E%9D1200-uhq-hotmail-valids-%E2%8E%A0%E2%9C%A8%E2%9C%85unraped-hotmails%E2%9C%85%E2%9A%A1private-hotmails%E2%9A%A1
Screenshots:
None
Threat Actors: baguja1472
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Free mixed credentials shared on forum
Category: Combo List
Content: A forum user shared a combo list of 837 mixed credentials described as fresh. The content is hidden behind a registration/login wall. No specific victim organization or service is identified.
Date: 2026-05-07T21:51:53Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-837x-fresh-mixed-data-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: Lowza9
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of compromised Roblox accounts with Robux balance
Category: Combo List
Content: A forum user is sharing 5 compromised Roblox full-access (FA) accounts advertised as containing Robux balances. The content is hidden behind a registration/login wall and requires a like to access.
Date: 2026-05-07T21:51:36Z
Network: openweb
Published URL: https://patched.to/Thread-gaming-%E2%9C%A8%E2%8E%9D5x-roblox-fa-accounts-%E2%8E%A0%E2%9C%A8%E2%9C%85full-capture-with-robux-%E2%9C%85%E2%9A%A1roblox-fa%E2%9A%A1
Screenshots:
None
Threat Actors: YennYou
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail with 657 alleged valid credentials
Category: Combo List
Content: A forum post on a combolist section claims to share 657 valid Hotmail credentials dated 07.05.2026. The content is hidden behind a registration or login wall. The named service is a credential-stuffing target, not a breached organization.
Date: 2026-05-07T21:51:07Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%E2%98%80%EF%B8%8F657-hotmail-valid-access-07-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Hotmail credentials (1,009 entries)
Category: Combo List
Content: A combo list containing 1,009 Hotmail login credentials is being shared on a combolist forum. The content is hidden behind a registration or login requirement. No breach source or additional context is provided.
Date: 2026-05-07T21:50:50Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1009x-hotmail-login-uhq
Screenshots:
None
Threat Actors: BuggracK
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A combo list of 2,766 allegedly valid Hotmail credentials was shared on a forum, dated May 6, 2026. The content is hidden behind a registration or login wall.
Date: 2026-05-07T21:50:34Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%E2%8C%9B%EF%B8%8F2766-hotmail-valid-access-06-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email combo list with 30K valid hits
Category: Combo List
Content: A threat actor is offering a mixed email access combo list of approximately 30,000 credentials marketed as fully valid hits. The post claims the data is private and unwrapped, with additional private data available via direct contact. The content itself is gated behind forum registration.
Date: 2026-05-07T21:50:15Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%AD%90%E2%AD%9030k-mix-mail-acces-full-valid-hits%E2%AD%90-private-unrapped-data-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: DAXCLOUUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list shared on forum
Category: Combo List
Content: A threat actor shared a Hotmail combo list on a cybercrime forum, requiring registration or login to access the hidden content. The post markets the credentials as high quality and requests likes from users.
Date: 2026-05-07T21:49:46Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%B0hq%E2%9A%9C%EF%B8%8Fhotmail%E2%9A%9C%EF%B8%8Fcombo%F0%9F%94%B0
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A threat actor is distributing approximately 1,400 Hotmail credentials marketed as fresh high-quality hits. The content is gated behind registration or login on the forum. These credentials are likely intended for credential stuffing against Hotmail/Outlook accounts.
Date: 2026-05-07T21:49:11Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%E2%9A%A1-1-4k-fresh-hq-hotmail-hits-%E2%9A%A1%E2%9A%A1-07-05
Screenshots:
None
Threat Actors: Lowza9
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 3.5K credentials
Category: Combo List
Content: A threat actor is freely sharing a combo list of approximately 3,500 Hotmail credentials on a public forum. The credentials are marketed as valid. Content is gated behind registration or a like requirement.
Date: 2026-05-07T21:48:42Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%B03-5k%E2%9A%9C%EF%B8%8Fvalid%E2%9A%9C%EF%B8%8Fhotmail%F0%9F%94%B0
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Instagram accounts with followers
Category: Combo List
Content: A threat actor is offering 300 Instagram accounts described as having followers and active inboxes. The content is hidden behind registration/login, suggesting a members-only distribution. These appear to be compromised or fraudulent accounts marketed for further abuse.
Date: 2026-05-07T21:48:14Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9C%A8%E2%8E%9D300x-instagram-fa-%E2%8E%A0%E2%9C%A8%E2%9C%85instagram-with-followers-%E2%9C%85%E2%9A%A1inboxed%E2%9A%A1
Screenshots:
None
Threat Actors: YennYou
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is offering a combo list of approximately 2,000 Hotmail credentials marketed as UHQ (ultra-high quality) hits. The content is gated behind registration or login on the forum.
Date: 2026-05-07T21:47:48Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85-2k-uhq-hotmail-hit-%E2%9C%85
Screenshots:
None
Threat Actors: RetroCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mail access combo lists targeting multiple countries
Category: Combo List
Content: A threat actor is offering high-quality mail access credentials and data targeting users across multiple countries including France, the United Kingdom, the United States, and India. The content is hidden behind a registration/login wall, limiting visibility into specific details. The post is advertised on a combolist-focused forum section.
Date: 2026-05-07T21:47:32Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-hq-mailaccess-datas-france-uk-usa-comcast-india-etc-anasxzerm-anasxzer00
Screenshots:
None
Threat Actors: anasxzer00
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted subscription account upgrades including ChatGPT Plus and streaming services
Category: Services
Content: A seller operating as 9Tail Store is advertising discounted subscription upgrades for numerous services including ChatGPT Plus, Netflix, NordVPN, Microsoft Office 365, and many others, priced at $17.99 for a one-year ChatGPT Plus upgrade applied to the buyers own account. The store accepts Apple Pay, Google Pay, PayPal, credit cards, and cryptocurrency, with automated delivery via 9tail.store.
Date: 2026-05-07T21:47:22Z
Network: openweb
Published URL: https://patched.to/Thread-nova-%E2%9A%A1%EF%B8%8F-chatgpt-plus-on-your-account-1-year-%E2%9C%85-17-99-%E2%9C%85-apple-pay-google-pay-paypal%E2%9C%85
Screenshots:
None
Threat Actors: Wellix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail combo list of 3K credentials
Category: Combo List
Content: A threat actor has shared a combo list of approximately 3,000 Hotmail email and password pairs via an external paste site. The credentials are marketed as high quality and are intended for credential stuffing use.
Date: 2026-05-07T21:46:03Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3K-HQ-HOTMAIL–203274
Screenshots:
None
Threat Actors: COYYYTOOOO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of lyfecrush.ru by Mr. Hanz Xploit of Bekasi Eror System
Category: Defacement
Content: On May 8, 2026, threat actor Mr. Hanz Xploit, operating under the group Bekasi Eror System, conducted a mass defacement campaign targeting lyfecrush.ru, a Russian-registered website hosted on a Linux server. The incident was catalogued as part of a broader mass defacement operation, with the mirror archived at haxor.id. No specific motivation or technical vulnerability details were disclosed.
Date: 2026-05-07T21:40:25Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248958
Screenshots:
None
Threat Actors: Mr. Hanz Xploit, Bekasi Eror System
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Lyfe Crush
Victim Site: lyfecrush.ru
Sale of compromised government and law enforcement email accounts and portals for EDR abuse and forged legal documents
Category: Services
Content: A threat actor is selling access to compromised law enforcement and government email accounts and portals from multiple countries, including Thailand, Brazil, Argentina, Malaysia, Bosnia, Pakistan, Vietnam, Nigeria, and others, advertised for use in fraudulent Emergency Data Requests (EDRs) submitted to major platforms including Meta, TikTok, Snapchat, Microsoft, and Apple. The actor also offers forged court orders, MLATs, and subpoenas starting at $100, as well as a full-service EDR submission
Date: 2026-05-07T21:38:20Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Selling-Government-Emails-and-Police-Emails-for-EDRs-and-forged-court-orders-and-doma–188249
Screenshots:
None
Threat Actors: 0056113
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Buehler Canada (buehler.ca)
Category: Data Leak
Content: A threat actor leaked what is claimed to be a database dump from buehler.ca, shared via a MediaFire download link. No details regarding record count or data fields were provided in the post.
Date: 2026-05-07T21:36:23Z
Network: openweb
Published URL: https://breachforums.rs/Thread-www-buehler-ca-db
Screenshots:
None
Threat Actors: courtika
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Buehler Canada
Victim Site: buehler.ca
Sale of alleged identity document database with 3,000 records including IDs, selfies, and SSNs
Category: Carding
Content: A threat actor is allegedly offering a database of 3,000 identity records including drivers license images (front and back), selfies, and Social Security Numbers. The records are marketed as fresh with no expired documents. No specific victim organization or country of origin is identified.
Date: 2026-05-07T21:34:46Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-3000-PICS-MIX-DL-FRONT-BACK-SELFIE-SSN-FULL-FRESH-NO-EXPIRED-PICS
Screenshots:
None
Threat Actors: antorislam1040
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged California drivers license image database with selfies
Category: Carding
Content: A threat actor is offering for sale a collection of approximately 60,000 images purportedly consisting of California drivers license front and back scans along with selfies. The seller claims the material was recently acquired and describes it as fresh. Such documents are commonly used for identity fraud and KYC bypass schemes.
Date: 2026-05-07T21:33:25Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-60K-PICS-USA-California-DL-FRONT-BACK-SELFIE
Screenshots:
None
Threat Actors: antorislam1040
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Jombang BAPENDA (Regional Tax Agency)
Category: Data Breach
Content: A threat actor is selling an alleged database dump from the Jombang Regional Revenue Agency (BAPENDA), a local government tax authority in East Java, Indonesia. The dataset reportedly contains 100,000 records in CSV format including service request numbers, applicant names, phone numbers, village/district information, and tax-related notes dated 2025–2026. Sample data provided in the post appears to reflect property tax service transactions.
Date: 2026-05-07T21:30:06Z
Network: openweb
Published URL: https://breached.st/threads/selling-jombang-bapenda-database-breach-in-2026.86894/unread
Screenshots:
None
Threat Actors: ShenChuyi88
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Badan Pendapatan Daerah Jombang (BAPENDA Jombang)
Victim Site: bapenda.jombangkab.go.id
Sale of initial access to undisclosed Swedish financial services provider via GlobalProtect VPN
Category: Initial Access
Content: A threat actor is offering VPN (GlobalProtect) access with Network Admin privileges to an undisclosed Swedish financial services organization with estimated revenue between $500M and $1B. The environment consists of approximately 50 hosts and is protected by SentinelOne EDR. The access is listed for $220.
Date: 2026-05-07T21:12:28Z
Network: openweb
Published URL: https://breachforums.rs/Thread-VPN-VPN-GlobalProtect-Financial-Services-Sweden-500M-1B-revenue
Screenshots:
None
Threat Actors: CocoMel0n
Victim Country: Sweden
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Free proxy list shared on hacking forum
Category: Combo List
Content: A forum user shared a free proxy list available for download. The post offers no additional context about the origin or type of proxies included.
Date: 2026-05-07T20:54:12Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%AD%90%EF%B8%8F%E2%AD%90%EF%B8%8F%E2%AD%90%EF%B8%8FFREE-PROXYLIST%E2%AD%90%EF%B8%8F%E2%AD%90%EF%B8%8F%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: DexterCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of fresh databases from multiple countries with platform account access
Category: Data Breach
Content: Threat actor offering fresh databases from UK, DE, JP, NL, BR, PL, ES, US, IT and other countries with inbox access. Claims to provide keyword searching functionality across major e-commerce and service platforms including eBay, OfferUp, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Amazon, Mercari, Kleinanzeigen, and Neosurf. Also claims to own private cloud with valid webmail access (ntlworld). Soliciting direct messages for requests and verification.
Date: 2026-05-07T20:37:49Z
Network: telegram
Published URL: https://t.me/c/2613583520/77343
Screenshots:
None
Threat Actors: Num
Victim Country: United Kingdom, Germany, Japan, Netherlands, Brazil, Poland, Spain, United States, Italy
Victim Industry: E-commerce, Technology, Travel, Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Sale of initial access to undisclosed Indian real estate company via Azure AD
Category: Initial Access
Content: A threat actor is offering for sale Azure AD access with Server Admin privileges to an undisclosed Indian real estate company with an estimated revenue of $10M–$25M and a network of approximately 100 hosts. The compromised environment is protected by Malwarebytes EDR. Access is being sold via a darknet marketplace.
Date: 2026-05-07T20:36:25Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Azure-AD-Real-Estate-India-10M-25M-revenue
Screenshots:
None
Threat Actors: tiger
Victim Country: India
Victim Industry: Real Estate
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment cards, dumps, and skimmer-sourced card data
Category: Carding
Content: A threat actor is selling stolen payment card data including virtual credit cards (VCC), non-VbV cards, and dumps with PIN sourced from skimmers and POS terminals across the US, UK, CA, AU, and EU. The seller claims to use physical skimming devices and offers card data with full cardholder details in structured format. ATM cashout via dumps with PIN is advertised as the primary monetization method.
Date: 2026-05-07T20:15:00Z
Network: openweb
Published URL: https://altenens.is/threads/i-sell-legit-products-good-best-quality-services-contact-me-to-make-money-for-a-long-time.2936104/unread
Screenshots:
None
Threat Actors: 3z2a2y
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Colombia (Part 3 of Latin America Series)
Category: Combo List
Content: A threat actor shared a combo list of approximately 219,000 credentials attributed to Colombia as part of an ongoing Latin America series. The file is freely available to forum members upon reply. No specific breached organization is identified.
Date: 2026-05-07T20:10:51Z
Network: openweb
Published URL: https://altenens.is/threads/colombia-co-219k-part-3-of-latin-america.2936112/unread
Screenshots:
None
Threat Actors: ImmanueKant
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cloned payment cards, bank logs, and fraudulent transfer services
Category: Carding
Content: A threat actor is offering cloned prepaid debit/credit cards, bank logs, and linkable debit cards for sale at various price tiers. The actor also advertises fraudulent online transfers via CashApp, PayPal, Venmo, Zelle, Skrill, and cryptocurrency platforms. Contact is solicited via Telegram and WhatsApp.
Date: 2026-05-07T20:08:48Z
Network: openweb
Published URL: https://altenens.is/threads/fresh-prepaid-linkable-debits-available-instock-for-cashapp-applepay-paypal-skrill-zelle-venmo-etc-and-they-really-hitting-lit-asf-clone-card.2936116/unread
Screenshots:
None
Threat Actors: Neas
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of mixed EU and USA credentials (130K)
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 130,000 mixed EU and USA credentials at no charge. The credentials are marketed as suitable for shopping and finance targets, among others.
Date: 2026-05-07T20:06:19Z
Network: openweb
Published URL: https://altenens.is/threads/high-quality-eu-usa-mix-130k.2936114/unread
Screenshots:
None
Threat Actors: ImmanueKant
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of AI Jailbreak Prompt for Gemini Pro Model
Category: Services
Content: A forum user is advertising an AI jailbreak prompt or method claimed to work on Google Gemini Pro. The post directs interested parties to contact the author via Telegram. No technical details or pricing are provided in the post.
Date: 2026-05-07T19:54:06Z
Network: openweb
Published URL: https://breached.st/threads/gemini-jailbreak-ai-jailbreak.86892/unread
Screenshots:
None
Threat Actors: ElectronCursed
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Deezer
Category: Data Leak
Content: A threat actor is freely distributing an alleged database dump from Deezer, a French music streaming platform, containing approximately 2,557,577 records. The dataset, labeled as a Russian user subset, is made available via an anonymous file-sharing link. The post is associated with the PwnerSec group and tagged as a free breach release.
Date: 2026-05-07T19:43:21Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Deezer-com-2M5
Screenshots:
None
Threat Actors: NormalLeVrai
Victim Country: France
Victim Industry: Entertainment
Victim Organization: Deezer
Victim Site: deezer.com
Alleged sale of unauthorized access to Salesforce domain server
Category: Initial Access
Content: Threat actor offering sale of domain server access to Salesforce with capability to download bulk information. Pricing: approximately $10,000 USD per user. Contact methods provided: XMPP ([email protected]), Telegram (@shinyc0rpsss), Email ([email protected]). Session ID included: 05108377c665c8b923d81fb3413658ea9fa893fa57ad185da91a0ceb5e4f5eeb58.
Date: 2026-05-07T19:38:30Z
Network: telegram
Published URL: https://t.me/c/3500620464/7731
Screenshots:
None
Threat Actors: shinyc0rpsss
Victim Country: Unknown
Victim Industry: SaaS/Cloud Services
Victim Organization: Salesforce
Victim Site: salesforce.com
Combo list targeting Polish accounts with 3,985 lines
Category: Combo List
Content: A threat actor shared a combo list containing 3,985 lines described as a good combo base for Poland. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-07T18:57:53Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-3-985-lines-good-combo-base-poland
Screenshots:
None
Threat Actors: cloudkaraoke
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 1,309 Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of 1,309 purportedly valid Hotmail credentials dated 06.05.2026. The content is hidden behind a registration/login wall on the forum.
Date: 2026-05-07T18:51:52Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%E2%8C%9B%EF%B8%8F1309-hotmail-valid-access-06-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list offered on forum
Category: Combo List
Content: A Hotmail combo list identified as X3177 has been shared on a cybercrime forum. The content is hidden behind a login/registration wall, limiting visibility into specific details such as record count or data fields. The list appears to be credential pairs intended for use in credential-stuffing activity.
Date: 2026-05-07T18:50:04Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-x3177-hotmail-combolist
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of 1,677 Hotmail credentials on a forum. Access to the content requires registration or login. The credentials are marketed as verified hits.
Date: 2026-05-07T18:48:17Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85%E2%9A%A11677x-good-hotmail%E2%9A%A1%E2%9C%85
Screenshots:
None
Threat Actors: NovaCloudx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list with 771 valid accounts
Category: Combo List
Content: A threat actor is distributing a combo list of 771 claimed valid Hotmail credentials, dated 06.05.2026. The content is gated behind forum registration or login. Hotmail is a credential-stuffing target, not the breach victim.
Date: 2026-05-07T18:46:21Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%E2%8C%9B%EF%B8%8F771-hotmail-valid-access-06-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 7,000 credentials
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 7,000 Hotmail credentials marketed as fresh full mail access. The content is gated behind registration or login on the forum. The post is sponsored by Resspy Private Cloud.
Date: 2026-05-07T18:45:32Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-7k-hotmail-fresh-full-mailaccess-resspy-cloud
Screenshots:
None
Threat Actors: Resspy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
WhatsApp permanent ban service offered on forum
Category: Services
Content: A threat actor is advertising a paid service to permanently ban WhatsApp accounts, with bulk deals available and a turnaround time of 1–48 hours starting at $150. The service is offered via Telegram contact and appears to be aimed at harassment or account-takedown operations against targeted individuals.
Date: 2026-05-07T18:43:55Z
Network: openweb
Published URL: https://patched.to/Thread-fast-and-permanent-whatsapp-ban-service
Screenshots:
None
Threat Actors: RepsMedia
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 7K Mixed Fresh Full Mail Access Combo List
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 7,000 mixed mail access credentials, marketed as fresh full mail access. The content is hosted on a private cloud service operated by the poster and requires forum registration to access.
Date: 2026-05-07T18:42:43Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-7k-mixed-fresh-full-mailaccess-resspy-cloud
Screenshots:
None
Threat Actors: Resspy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Instagram account takedown service offered on cybercrime forum
Category: Services
Content: A threat actor is advertising a paid service for permanently banning or removing Instagram profiles and pages, claiming a 100% success rate and a 0–48 hour turnaround. The service is priced starting at $250, with custom bulk rates available. Contact is provided via a Telegram handle.
Date: 2026-05-07T18:42:13Z
Network: openweb
Published URL: https://patched.to/Thread-fastest-instagram-ban-services-permanent
Screenshots:
None
Threat Actors: RepsMedia
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: instagram.com
Sale of mixed access combo list (ACRTIXX1 update)
Category: Combo List
Content: A forum user is distributing a mixed access combo list containing 4,719 credential entries, marketed as an updated release. The content is hidden behind a registration or login wall, limiting visibility into specific targets or data fields.
Date: 2026-05-07T18:39:22Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-4719-access-mix-acrtixx1-update-07-05
Screenshots:
None
Threat Actors: Flexedz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 1,564 Hotmail credentials shared on forum
Category: Combo List
Content: A threat actor shared a combo list of 1,564 Hotmail credentials, marketed as premium and fresh. The content is gated behind forum registration or login. These credentials are intended for credential stuffing against Hotmail/Outlook accounts.
Date: 2026-05-07T18:34:36Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%E2%9A%A1-1564x-premium-fresh-hotmails-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Lowza9
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 30K fresh mail access credentials
Category: Combo List
Content: A threat actor is sharing 30,000 mail access credentials marketed as fresh. The post advertises via a Telegram contact handle.
Date: 2026-05-07T18:28:29Z
Network: openweb
Published URL: https://nulledbb.com/thread-30K-FRESH-MAIL-ACCESS-PIKACHU
Screenshots:
None
Threat Actors: webvvork
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 2GB mixed private stealer logs
Category: Logs
Content: A threat actor has shared a 2GB collection of mixed private stealer logs via a Mega.nz link. The logs are described as private and mixed, suggesting data harvested from multiple sources using info-stealing malware.
Date: 2026-05-07T18:26:41Z
Network: openweb
Published URL: https://leakforum.io/Thread-More-2gb-mix-private-logs
Screenshots:
None
Threat Actors: yirmiyahu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 3.1M mixed email/password combo list
Category: Combo List
Content: A threat actor is offering a mixed combolist of 3.1 million email/password credentials, marketed as suitable for general credential stuffing. The post advertises additional services including spamming, dumping, and cracking tools.
Date: 2026-05-07T18:25:22Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3-1M-Mixed-Combolist-Good-For-All
Screenshots:
None
Threat Actors: el_capitan
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Italian combo list containing 1 million credentials
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 1 million email and password pairs purportedly associated with Italian users. The post advertises related services including spamming, dumping, and cracking tools.
Date: 2026-05-07T18:24:56Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1M-ITALY-Good-Combolist
Screenshots:
None
Threat Actors: el_capitan
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 475K Gmail combo list
Category: Combo List
Content: A threat actor is offering a 475K Gmail combo list described as UHQ and fresh. The post is behind a registration/login gate and the seller advertises additional services including spamming, dumping, and cracking tools via Telegram.
Date: 2026-05-07T18:23:15Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-475K-GMAIL-UHQ-Fresh-Combolist
Screenshots:
None
Threat Actors: el_capitan
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Japanese UHQ Combo List with 245K Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 245,000 email and password combinations targeting Japanese accounts, marketed as UHQ (ultra-high quality) and fresh. The post is associated with a seller offering combo lists, spamming, dumping, and cracking tools and lessons via Telegram.
Date: 2026-05-07T18:21:59Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-245K-JAPAN-UHQ-Fresh-Combolist
Screenshots:
None
Threat Actors: el_capitan
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Australia email:password combo list, 71K+ credentials
Category: Combo List
Content: A threat actor has shared an Australia-targeted email:password combo list containing over 71,000 lines, marketed as fresh and high quality. The credentials are available via hidden content requiring forum registration or login.
Date: 2026-05-07T18:21:22Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-71-K-%E2%9C%A6-Australia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-7-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Australian email:password credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 71,000 Australian email and password pairs, marketed as fresh and high quality. The credentials are available via hidden content requiring forum registration or login. The post also references an external Telegram channel for additional combolists.
Date: 2026-05-07T18:19:40Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-71-K-%E2%9C%A6-Australia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-7-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Brazil Email:Pass Combo List with 513K Credentials
Category: Combo List
Content: A combo list of approximately 513K email:password pairs targeting Brazil-based accounts was freely shared on a leak forum. The credentials are marketed as fresh, with a claimed date of 7-5-2026. No specific breached organization is identified; the post appears to be a credential stuffing list.
Date: 2026-05-07T18:18:30Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-513-K-%E2%9C%A6-Brazil-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-7-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Argentina email and password combo list available on forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 68,000 email and password pairs purportedly associated with Argentine users. The credentials are marketed as fresh and high quality, dated 7-5-2026. The list is available to registered forum members as hidden content.
Date: 2026-05-07T18:17:43Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-68-K-%E2%9C%A6-Argentina-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-7-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Argentina
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Austria Email:Password Combo List (61K+)
Category: Combo List
Content: A threat actor has shared a combo list of over 61,000 email and password pairs associated with Austrian accounts. The credentials are marketed as fresh and high quality. The content is gated behind forum registration or login.
Date: 2026-05-07T18:16:08Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-61-K-%E2%9C%A6-Austria-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-7-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Belgium email and password credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 61,000 email and password pairs purportedly sourced from Belgium. The credentials are marketed as fresh and high quality. Access to the list requires registration or login on the forum.
Date: 2026-05-07T18:15:46Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-61-K-%E2%9C%A6-Belgium-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-7-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Belgium
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Austria email:password combo list shared on forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 61,000 email and password pairs purportedly associated with Austrian accounts. The credentials are marketed as fresh and high quality. The content is hidden behind a registration/login wall on the forum.
Date: 2026-05-07T18:14:17Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-61-K-%E2%9C%A6-Austria-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-7-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Austria
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Bangladesh Email:Pass Combo List (16K+)
Category: Combo List
Content: A threat actor shared a combo list of over 16,000 email and password pairs purportedly associated with Bangladesh. The credentials are marketed as fresh and high quality, available via hidden content on the forum.
Date: 2026-05-07T18:13:06Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-16-K-%E2%9C%A6-Bangladesh-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-7-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Bangladesh
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Bolivia email and password combo list
Category: Combo List
Content: A threat actor shared a combo list of over 10,000 email and password pairs purportedly associated with Bolivian accounts. The credentials are marketed as fresh and high quality. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-07T18:12:25Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-10-K-%E2%9C%A6-Bolivia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-7-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Bolivia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Gmail-targeted combo list of 112K credentials
Category: Combo List
Content: A threat actor is distributing a Gmail-targeted combo list containing 112K email:password pairs. The post also advertises additional combo lists for sale covering multiple email providers and regions including AOL, Yahoo, Hotmail, Outlook, and various countries.
Date: 2026-05-07T18:10:53Z
Network: openweb
Published URL: https://demonforums.net/Thread-112K-GMAIL-TARGETED-COMBOLIST–203244
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Google Dork Premium Pack for OSINT and Vulnerability Reconnaissance
Category: Services
Content: A forum user is distributing a Dork Premium Pack 2024 containing categorized Google dork queries for discovering exposed admin panels, databases, login pages, cloud storage, IoT devices, and sensitive files. The pack is advertised for OSINT, reconnaissance, and vulnerability assessment purposes. Content is gated behind forum registration and hosted on MediaFire.
Date: 2026-05-07T18:10:23Z
Network: openweb
Published URL: https://demonforums.net/Thread-Dork-Premium-Pack-2024
Screenshots:
None
Threat Actors: lucas1056
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged DDoS stresser service GoliathStress offering Layer 4/7 attack capabilities
Category: Malware
Content: GoliathStress is advertised as a DDoS stresser service claiming to bypass major protection systems including Cloudflare, DDoS-Guard, OVH, Hetzner, Amazon, and Akamai. The service offers Layer 4 and Layer 7 attack methods with custom bypass techniques. Advertisement emphasizes capability to target heavily protected websites and game servers.
Date: 2026-05-07T17:53:09Z
Network: telegram
Published URL: https://t.me/c/1669509146/97603
Screenshots:
None
Threat Actors: GoliathStress
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of payment linkables, fullz, and non-VBV cards
Category: Carding
Content: A threat actor is offering payment linkables for PayPal, Apple Pay, CashApp, Samsung Pay, Google Pay, Zelle, and Venmo, targeting US, European, and Asian accounts. The seller also advertises fullz and non-VBV credit cards available via automated addition. Contact is solicited via DM to handle transactions.
Date: 2026-05-07T17:43:48Z
Network: openweb
Published URL: https://altenens.is/threads/we-all-talking-about-linkables-my-bruvs-being-sincere-and-straightforward-is-the-way-if-you-aint-having-your-burner-phone-then-you-gotta-be-kidding.2936035/unread
Screenshots:
None
Threat Actors: 00FBN
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Sale of premium mixed mail credential hits
Category: Combo List
Content: A threat actor is distributing a combo list of 3,937 mixed mail credentials, including Hotmail hits, marketed as premium and valid. The post requires forum engagement to access the hidden content and references a Telegram contact for further communication.
Date: 2026-05-07T17:42:10Z
Network: openweb
Published URL: https://altenens.is/threads/high-voltagehigh-voltage-3937x-premium-mix-mail-hitshigh-voltagehigh-voltage.2936039/unread
Screenshots:
None
Threat Actors: alphacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Delko France
Category: Data Breach
Content: A threat actor operating under the name lapsusgroup claims to have scraped customer data from delko.fr, a French automotive services retailer. The leaked records include client names, email addresses, phone numbers, vehicle registration plates, and appointment details. A sample of six records was posted publicly on the forum.
Date: 2026-05-07T17:40:29Z
Network: openweb
Published URL: https://breachforums.rs/Thread-delko-fr-france-scrap-by-lapsusgroup
Screenshots:
None
Threat Actors: lapsussgroups
Victim Country: France
Victim Industry: Retail
Victim Organization: Delko
Victim Site: delko.fr
Sale of Hotmail combo list with 2.3K fresh valid credentials
Category: Combo List
Content: A threat actor is distributing a combo list containing 2,300 Hotmail credentials marketed as fresh and valid as of May 7. The list is hosted on Mega.nz and shared via a forum post. Hotmail is a credential-stuffing target, not the breach victim.
Date: 2026-05-07T17:38:28Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-2-3K-HOTMAIL-Fresh-Valid-Mail-Access-07-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Namshi.com
Category: Data Breach
Content: A threat actor is selling an alleged database dump from Namshi.com, a fashion e-commerce platform owned by Noon Group. The dataset reportedly contains 428,000 records including usernames, names, email addresses, phone numbers, gender, city, country, and account metadata. The seller is accepting negotiable pricing via Telegram or Session with escrow.
Date: 2026-05-07T17:30:05Z
Network: openweb
Published URL: https://breached.st/threads/428k-namshi-com-username-surname-email-phone.86890/unread
Screenshots:
None
Threat Actors: Jeffrey Epstein
Victim Country: United Arab Emirates
Victim Industry: Retail
Victim Organization: Namshi
Victim Site: namshi.com
Alleged leak of ChatGPT session cookies
Category: Logs
Content: A forum post claims to leak session cookies for ChatGPT accounts. No further details or content are available from the post.
Date: 2026-05-07T17:28:48Z
Network: openweb
Published URL: https://breached.st/threads/leak-cookie-chatgpt.86888/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: OpenAI
Victim Site: chatgpt.com
Distribution of 750K ULP stealer logs via Vermion Cloud
Category: Logs
Content: A threat actor is distributing 750,000 URL:Login:Password (ULP) stealer log entries via the Vermion Cloud channel. The logs are marketed as fresh and high quality, available for free download. No specific victim organization or country is identified.
Date: 2026-05-07T17:20:20Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-750K-vermionlogs-VERMION-CLOUD
Screenshots:
None
Threat Actors: scandal
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of stealer logs and ULP credentials
Category: Logs
Content: A threat actor is freely distributing stealer logs and URL:Login:Password (ULP) credential data via file-sharing links. The post includes download links protected by a shared password, suggesting bundled credential output from info-stealer malware.
Date: 2026-05-07T17:18:42Z
Network: openweb
Published URL: https://darkforums.su/Thread-%E2%AD%90%E2%AD%90%E2%AD%90-STEALER-LOGS-AND-U-L-P-07-05-2026
Screenshots:
None
Threat Actors: watercloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Namshi.com with 428,000 UAE user records for sale
Category: Data Breach
Content: A threat actor is selling an alleged database dump of Namshi.com, a UAE-based fashion e-commerce platform owned by Noon Group, claiming 428,000 records. The dataset reportedly includes usernames, full names, phone numbers, email addresses, gender, city, country, PO box, account status, and login timestamps. The seller is accepting escrow and states the price is negotiable.
Date: 2026-05-07T17:13:34Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-428k-UAE%F0%9F%87%A6%F0%9F%87%AA-Namshi-com-Username-Surname-Email-Phone
Screenshots:
None
Threat Actors: Jeffery_Epstein
Victim Country: United Arab Emirates
Victim Industry: Retail
Victim Organization: Namshi
Victim Site: namshi.com
Alleged data leak of 10,000 Canadian phone records
Category: Data Leak
Content: A threat actor shared a CSV file via MediaFire containing approximately 10,000 phone records associated with Canadian individuals. No specific victim organization or industry was identified in the post.
Date: 2026-05-07T17:08:51Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-10k-phone-CANADA
Screenshots:
None
Threat Actors: courtika
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mail access to compromised email accounts
Category: Initial Access
Content: Threat actor advertising sale of mail access (email account credentials) to compromised accounts from multiple European ISPs and email providers including Skynet.be, Telenet.be, Alice.it, and Libero.it. Additional mail access claimed to be available. Contact via @Dataxlogs.
Date: 2026-05-07T17:07:15Z
Network: telegram
Published URL: https://t.me/c/2613583520/77256
Screenshots:
None
Threat Actors: Dataxlogs
Victim Country: Belgium, Italy
Victim Industry: Internet Service Providers, Email Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of ScriptMafia
Category: Data Leak
Content: A threat actor has freely shared an SQL dump allegedly obtained from a 2016 breach of ScriptMafia (scriptmafia.org), a site known for distributing nulled scripts and web development resources. The dataset reportedly contains 1,845 user records including usernames, email addresses, hashed passwords, and IP addresses spanning 2006 to 2016.
Date: 2026-05-07T17:06:19Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-ScriptMafia-scriptmafia-org-2016-09-18-1-84K-Users
Screenshots:
None
Threat Actors: Asha
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: ScriptMafia
Victim Site: scriptmafia.org
Alleged sale of compromised Match.com/OurTime dating platform accounts
Category: Initial Access
Content: Threat actor Douglas is selling freshly compromised Match.com and OurTime dating platform accounts. Posts indicate fresh self-scanned accounts available for purchase, suggesting recently harvested credentials from these dating services.
Date: 2026-05-07T17:05:46Z
Network: telegram
Published URL: https://t.me/c/2613583520/77262
Screenshots:
None
Threat Actors: Douglas
Victim Country: Unknown
Victim Industry: Dating/Social Networking
Victim Organization: Match.com / OurTime
Victim Site: match.com, ourtime.com
Alleged data breach of X-PaSsWords (x-passwords.com)
Category: Data Leak
Content: A threat actor has leaked the alleged database of X-PaSsWords (x-passwords.com), a now-defunct credential-sharing forum reported to have been breached in 2018. The dump reportedly contains approximately 81,000 records including usernames, email addresses, encrypted passwords, IP addresses, site activity, and social profiles stored via vBulletin. The data is being made available for free download on the forum.
Date: 2026-05-07T17:04:37Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-X-PaSsWords-Leaked-Download
Screenshots:
None
Threat Actors: Asha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: X-PaSsWords
Victim Site: x-passwords.com
Un posible ciberataque afecta a los servidores del Ayuntamiento de Valdemoro e impide realizar trámites
Category: Cyber Attack
Content: A network incident, potentially caused by a cyberattack, has affected the servers of the Ayuntamiento de Valdemoro, currently preventing residents from carrying out municipal procedures and online consultations. The municipality has notified the Centro Criptológico Nacional and is working to resolve the issue after taking its servers offline as a precautionary measure. Authorities are advising citizens to remain vigilant against fraud attempts and to change their passwords in anticipation of a possible breach of personal data.
Date: 2026-05-07T17:02:43Z
Network: openweb
Published URL: https://alcabodelacalle.es/en-portada/un-posible-ciberataque-afecta-a-los-servidores-del-ayuntamiento-de-valdemoro-e-impide-realizar-tramites/
Screenshots:
None
Threat Actors:
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Ayuntamiento de Valdemoro
Victim Site: valdemoro.es
Sale of Hotmail combo list sample (1,660 credentials)
Category: Combo List
Content: A threat actor is distributing a sample combo list of 1,660 Hotmail credentials on a public forum. The content is gated behind registration or login. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-07T16:35:57Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-1660x-SAMPLE-HOTMAIL-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Stevejobs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list with 3,645 mixed credentials
Category: Combo List
Content: A threat actor shared a combo list containing 3,645 mixed credentials on a public forum. The content is hidden behind registration or login. No specific target organization or service is identified.
Date: 2026-05-07T16:34:27Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-3645x-FRESH-MIX-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Nulled07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of ErebusTools V2.0 multipurpose hacking and automation toolkit
Category: Malware
Content: A forum post on NulledBB advertises ErebusTools V2.0, described as an all-in-one toolkit featuring cybersecurity, penetration testing, automation, and network analysis modules. The toolkit is distributed via multiple download links and is marketed as compatible with Windows, Linux, and cloud infrastructures. Despite ethical framing, the tool is being shared on a cracking forum, indicating likely malicious or unauthorized use.
Date: 2026-05-07T16:33:15Z
Network: openweb
Published URL: https://nulledbb.com/thread-ErebusTools-V2-0
Screenshots:
None
Threat Actors: ZamanX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ mixed combo list with valid Hotmail credentials
Category: Combo List
Content: A threat actor is offering a combo list of 1,854 alleged valid credentials marketed as UHQ mixed hits, including valid Hotmail accounts and private cloud access. The content is hidden behind forum registration and the seller directs interested parties to a Telegram channel. This appears to be a credential stuffing resource rather than a breach of any specific organization.
Date: 2026-05-07T16:32:44Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-X1854-Valid-UHQ-Mix-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of SMS verification service with promotional discount
Category: Services
Content: A forum member is advertising an SMS verification service via SMS.SB, offering 10 verifications for $2 with a promotional code totaling $20. The service appears to be marketed for account verification bypass or phone number verification purposes.
Date: 2026-05-07T16:31:46Z
Network: openweb
Published URL: https://nulledbb.com/thread-X10-2-SMS-Verification-Service-Promocode-20-Total
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: sms.sb
Sale of Hotmail combo list with 1,245 credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 1,245 Hotmail credentials, marketed as private and fresh. The content is gated behind forum registration or login. These are credential-stuffing assets, not the result of a breach of Hotmail/Microsoft.
Date: 2026-05-07T16:31:25Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-1245x-%E2%AD%90%E2%AD%90-FRESH-HQ-HOTMAIL-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: KiwiShioo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Premium Hotmail credential hits
Category: Combo List
Content: A threat actor is distributing 1,816 alleged valid Hotmail credential hits, described as premium and sourced from mixed mail providers. The content is shared via hidden forum content, with the actor promoting their Telegram channel.
Date: 2026-05-07T16:29:55Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1816x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F–20207
Screenshots:
None
Threat Actors: alphaaxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alert: Test post on BreachForums
Category: Alert
Content: This post appears to be a test thread with no threat-relevant content.
Date: 2026-05-07T16:16:36Z
Network: openweb
Published URL: https://breachforums.rs/Thread-test–188237
Screenshots:
None
Threat Actors: crrtrash
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged law enforcement data disclosure exploit and forged legal documents
Category: Vulnerability
Content: A threat actor is selling a method claimed to exploit a logic flaw in law enforcement disclosure portals used by major social media platforms, allegedly enabling unauthorized extraction of subscriber data, IP logs, private messages, and login history without a verified government email. The offering is priced at $300 and includes forged court orders and seizure warrants purportedly usable to take down domains. The seller claims the technique leverages public government infrastructure to spoof le
Date: 2026-05-07T16:10:06Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-THE-GHOST-DISCLOSURE-EXPLOIT-NO-LEA-EMAIL-REQUIRED-2026-PRIVATE–188239
Screenshots:
None
Threat Actors: convince
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of ChatGPT session cookies
Category: Logs
Content: A user on Breachforums (mr-hanz-xploit) has posted a thread distributing leaked ChatGPT cookies. This represents compromised session tokens that could allow unauthorized access to ChatGPT accounts.
Date: 2026-05-07T16:04:48Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/107
Screenshots:
None
Threat Actors: mr-hanz-xploit
Victim Country: Unknown
Victim Industry: AI/Technology
Victim Organization: OpenAI
Victim Site: chatgpt.com
Sale of admin panel access to approximately 20 Angolan government websites
Category: Initial Access
Content: A threat actor is offering admin panel access to approximately 20 Angolan government websites for sale at $20 per login, with discounts for bulk purchases. Access reportedly includes webmail administration and the ability to modify website content. The seller is accepting middlemen and can be contacted via Telegram.
Date: 2026-05-07T16:04:19Z
Network: openweb
Published URL: https://breached.st/threads/selling-website-admin-panel-access-to-around-20-different-angolan-governemnt-websties.86884/unread
Screenshots:
None
Threat Actors: superduper1
Victim Country: Angola
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of French business CRM database
Category: Data Leak
Content: A threat actor on a breach forum is distributing a 1.07 GB database allegedly sourced from a French business CRM system. The post provides a download link with no additional context about the affected organization or data fields. No price is mentioned, indicating the data is being shared freely.
Date: 2026-05-07T16:02:33Z
Network: openweb
Published URL: https://breached.st/threads/1-07-gb-database-crm-bisnis-prancis.86882/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of BPJS Kesehatan Indonesia with 280 million records
Category: Data Breach
Content: A threat actor claims to have gained access to the full database of BPJS Kesehatan, Indonesias national health insurance agency, allegedly covering approximately 98.25% of Indonesias population (~280 million records). The dataset reportedly includes names, national ID numbers (NIK), BPJS card numbers, dates of birth, medical record numbers, phone numbers, diagnosis codes, chronic risk scores, and social aid status. The actor claims to maintain live, active access to the database and is offerin
Date: 2026-05-07T16:01:15Z
Network: openweb
Published URL: https://breached.st/threads/access-db-bpjs-kesehatan-indonesia-280m-records-98-national-coverage-live-verification.86883/unread
Screenshots:
None
Threat Actors: alwayschina
Victim Country: Indonesia
Victim Industry: Healthcare
Victim Organization: BPJS Kesehatan
Victim Site: bpjs-kesehatan.go.id
Alleged data breach of NCBMS
Category: Data Breach
Content: A threat actor posted what appears to be a database dump from ncbms.edu.pk, a Pakistani educational institution. The post includes a code sample, though record count and full data fields are not disclosed.
Date: 2026-05-07T15:59:52Z
Network: openweb
Published URL: https://breached.st/threads/database-ncbms-edu-pk.86885/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Pakistan
Victim Industry: Education
Victim Organization: NCBMS
Victim Site: ncbms.edu.pk
Alleged data leak of BitMart crypto exchange
Category: Data Leak
Content: A threat actor on a breach forum is freely sharing an alleged database associated with BitMart, a cryptocurrency exchange. The post includes a download link for the database. No further details regarding record count or data fields were provided.
Date: 2026-05-07T15:57:53Z
Network: openweb
Published URL: https://breached.st/threads/database-bitmart-crypto.86886/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: BitMart
Victim Site: bitmart.com
Alleged data leak of Telegram user database
Category: Data Leak
Content: A threat actor has made available an alleged database of 28 million Telegram users. The post includes a download link for the database. No additional details about the data fields or origin of the breach are provided.
Date: 2026-05-07T15:56:30Z
Network: openweb
Published URL: https://breached.st/threads/28m-database-users-telegram.86887/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Telegram
Victim Site: telegram.org
Alleged sale of mail access, credential combolists, and carding verification services
Category: Combo List
Content: Threat actors operating in Squad Chat Marketplace advertising the sale of mail access credentials, combolists, and tools across multiple countries (FR, BE, AU, CA, UK, US, NL, PL, DE, JP). Additional posts advertise Cococheck credit card verification service ($0.01 per check) and fresh database sales including email accounts from various platforms (eBay, Uber, PSN, Amazon, Walmart, etc.) with inbox access.
Date: 2026-05-07T15:24:41Z
Network: telegram
Published URL: https://t.me/c/2613583520/77195
Screenshots:
None
Threat Actors: Dataxlogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: HQ Hotmail Credentials
Category: Combo List
Content: A threat actor is sharing over 1,000 alleged high-quality Hotmail credentials on a combolist forum. The content is hidden behind registration or login, with the author promoting a private channel for targeted inbox access.
Date: 2026-05-07T15:19:03Z
Network: openweb
Published URL: https://patched.to/Thread-hq-hotmails-x1000-299644
Screenshots:
None
Threat Actors: NuggetCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 740 mail access credentials
Category: Combo List
Content: A threat actor shared a combo list of 740 Hotmail email access credentials on a cybercrime forum. The content is gated behind registration or login. The post is dated 06.05 and the data is described as old.
Date: 2026-05-07T15:14:59Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%92%BDx740-hotmail-mail-access%F0%9F%92%BD%E2%9C%A8-06-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A combo list of 1,028 purportedly valid Hotmail credentials was shared on a combolist forum. The content is hidden behind a registration or login wall. The credentials are marketed as valid access as of May 6, 2026.
Date: 2026-05-07T15:14:05Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%E2%8C%9B%EF%B8%8F1028-hotmail-valid-access-06-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail credential combo list with 1.18K hits
Category: Combo List
Content: A threat actor shared a combo list of approximately 1,180 Hotmail credentials marketed as high-quality hits. The list was made available as a free download on a combolist forum.
Date: 2026-05-07T15:13:39Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1-18k%F0%9F%90%BEhq-hotmail%F0%9F%90%BEhits%F0%9F%90%BE
Screenshots:
None
Threat Actors: MeiMisaki
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Notion AI Business plan upgrades
Category: Services
Content: A forum seller is offering Notion AI Business plan upgrades for $15 for 3 months, advertised at 80% off. The seller claims no login details are required and that the upgrade is applied directly to the buyers own account. The listing includes features such as Notion Agent AI, SAML SSO, and enterprise search.
Date: 2026-05-07T15:12:49Z
Network: openweb
Published URL: https://patched.to/Thread-gladiator-%E2%AD%90-notion-ai-business-3-months-upgrade-on-your-own-account-mail%E2%9A%A180-off-%E2%AD%90
Screenshots:
None
Threat Actors: MINDHUNTER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged breach of 28 million Telegram users database
Category: Data Breach
Content: A user on Breachforums (xyph0rix) has posted about a database breach affecting 28 million Telegram users. The breach details are shared via a Breachforums thread.
Date: 2026-05-07T15:12:21Z
Network: telegram
Published URL: https://t.me/Xyph0rix/316
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: Unknown
Victim Industry: Messaging/Communication
Victim Organization: Telegram
Victim Site: telegram.org
Combo List: Fresh Hotmail Credentials (2K)
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 2,000 claimed valid Hotmail credentials dated 07.05. The credentials are marketed as fresh and valid. Content is hidden behind registration or login on the forum.
Date: 2026-05-07T15:11:58Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-2k-just-valid-fresh-hotmail-access-07-05
Screenshots:
None
Threat Actors: MonnarhTeam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mix mail access combo list of 7.4K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 7.4K mixed mail access credentials. The content is gated behind registration or login on the forum. No specific victim organization or country is identified.
Date: 2026-05-07T15:09:44Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%AD%90%EF%B8%8F7-4k-MIX-MAIL-ACCESS%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list on leak forum
Category: Combo List
Content: A threat actor operating under the alias Lexser is sharing a combo list of approximately 1,800 Hotmail credentials marketed as fresh and UHQ (Ultra High Quality). The content is gated behind forum registration and attributed to a service called GoodTimes Cloud.
Date: 2026-05-07T15:08:50Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%8E%9D-1800-%E2%8E%A0-HOTMAILFRESH-UHQ%E2%9C%A8GOODTIMES-CLOUD
Screenshots:
None
Threat Actors: Lexser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 5.7K Hotmail credentials shared on leak forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 5,700 Hotmail account credentials on a leak forum. The content is hidden behind a registration or login wall. Hotmail is the credential-stuffing target, not the breach source.
Date: 2026-05-07T15:07:49Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%AD%90%EF%B8%8F5-7k-HOTMAIL-ACCESS%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List – Mix Mail Credentials
Category: Combo List
Content: A user on a cybercrime forum has shared a mixed email and password combo list containing approximately 2,980 credentials. The content is hidden behind registration or login, suggesting free distribution to forum members.
Date: 2026-05-07T15:07:23Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-2980x-MIX-MAIL
Screenshots:
None
Threat Actors: NotSellerXd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A threat actor is distributing a combo list of 5,000 Hotmail email and password pairs on a cybercrime forum. The content is hidden behind registration or login. The actor also advertises a shop offering combos for various countries and custom requests.
Date: 2026-05-07T15:06:36Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-Hotmail-Unique-Combo-5-5000–203213
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail combo list containing 2,555 credentials
Category: Combo List
Content: A forum user leaked a combo list containing 2,555 Hotmail credentials, marketed as fresh. The content is hidden behind a login/register wall on the forum.
Date: 2026-05-07T15:06:02Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-2555x-FRESH-HOTMAIL-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Nulled07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list mix shared on forum
Category: Combo List
Content: A user shared a combo list of approximately 2,797 email:password credential pairs described as high quality (HQ) mix. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-07T15:05:03Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X2797-HQ-Mix-%E2%9A%A1%E2%9A%A1-BY-Stevee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged BitMart cryptocurrency exchange database breach
Category: Data Breach
Content: A user named xyph0rix has posted on Breachforums claiming access to a BitMart cryptocurrency exchange database. The post includes direct links to the breach thread on Breachforums, indicating a significant data compromise of the crypto trading platform.
Date: 2026-05-07T15:04:34Z
Network: telegram
Published URL: https://t.me/Xyph0rix/315
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: Unknown
Victim Industry: Cryptocurrency Exchange
Victim Organization: BitMart
Victim Site: bitmart.net
Sale of Hotmail combo list with 130,000 fresh hits
Category: Combo List
Content: A threat actor is advertising a combo list of approximately 130,000 Hotmail, Outlook, Live, and MSN credentials marketed as fresh hits with a high hit rate. The seller claims to drop 2–4 files daily targeting US and European accounts. Access is directed through a Telegram channel.
Date: 2026-05-07T15:03:39Z
Network: openweb
Published URL: https://demonforums.net/Thread-Hotmail-130k-Premium-Mail-Access-Fresh-Hits
Screenshots:
None
Threat Actors: mailcombo01
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Austria women leads (60+ age demographic)
Category: Services
Content: A threat actor is offering for sale a dataset of leads targeting women aged 60 and above in Austria. The seller directs interested buyers to contact them via Telegram for further details. No record count or pricing information was disclosed in the post.
Date: 2026-05-07T15:02:00Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Austria-Women-Leads-60-age
Screenshots:
None
Threat Actors: Mikhel
Victim Country: Austria
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of NCBMS (Pakistan educational institution)
Category: Data Breach
Content: A threat actor operating under the handle mr-hanz-xploit has posted on Breachforums regarding a database breach affecting NCBMS (National Center for Biosciences and Molecular Sciences or similar Pakistani educational institution). The breach details are being shared publicly on the forum.
Date: 2026-05-07T14:59:24Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/103
Screenshots:
None
Threat Actors: mr-hanz-xploit
Victim Country: Pakistan
Victim Industry: Education
Victim Organization: NCBMS
Victim Site: ncbms.edu.pk
Mix 130K Premium Mail Access Combo List
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 130,000 email credentials marketed as fresh hits targeting Hotmail, Outlook, Live, and MSN accounts across US and EU regions. The post advertises daily drops of 2–4 files via a Telegram channel. Credentials are described as high hit rate and premium quality.
Date: 2026-05-07T14:58:55Z
Network: openweb
Published URL: https://altenens.is/threads/mix-130k-premium-mail-access-fresh-hits.2935923/unread
Screenshots:
None
Threat Actors: mailcombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 23,000 fresh credential hits
Category: Combo List
Content: A threat actor is distributing combo lists marketed as fresh Hotmail, Outlook, Live, and MSN credential hits via a Telegram channel. The post advertises daily drops of 2–4 files targeting users across the US and multiple European countries. Credentials are described as high hit rate and premium quality.
Date: 2026-05-07T14:58:01Z
Network: openweb
Published URL: https://altenens.is/threads/hotmail-23k-premium-mail-access-fresh-hits.2935924/unread
Screenshots:
None
Threat Actors: mailcombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of TAP Air Portugal
Category: Data Breach
Content: A threat actor is selling an alleged customer database belonging to TAP Air Portugal. The post includes a sample image and directs interested buyers to a Telegram contact for further details. No record count or specific data fields were disclosed in the post.
Date: 2026-05-07T14:54:51Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-TAP-AIR-Customer-Database
Screenshots:
None
Threat Actors: ritok33000
Victim Country: Portugal
Victim Industry: Aviation
Victim Organization: TAP Air Portugal
Victim Site: tapairportugal.com
Sale of VietLoan Vietnam Online Loan Apps Data
Category: Data Breach
Content: A threat actor is offering for sale data allegedly sourced from VietLoan, a Vietnamese online loan application platform. The seller directs interested buyers to a Telegram contact and provides an image sample as proof. No record count or pricing details are specified in the post.
Date: 2026-05-07T14:53:57Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-VietLoan-Vietnam-Online-Loan-Apps-Data
Screenshots:
None
Threat Actors: saref43135
Victim Country: Vietnam
Victim Industry: Finance
Victim Organization: VietLoan
Victim Site: Unknown
Sale of alleged data breach of TAP Air Portugal (flytap.com)
Category: Data Breach
Content: A threat actor is offering for sale data allegedly obtained from TAP Air Portugals website (flytap.com). The post includes a sample image link and directs interested buyers to contact via Telegram. No record count or specific data fields were disclosed in the post.
Date: 2026-05-07T14:52:57Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Portugal-flytap-com-National-Airline-Data
Screenshots:
None
Threat Actors: bahisow611
Victim Country: Portugal
Victim Industry: Transportation
Victim Organization: TAP Air Portugal
Victim Site: flytap.com
Sale of alleged Burkina Faso government biometric database with passport and CNIB scans
Category: Data Breach
Content: A threat actor is offering for sale an alleged Burkina Faso government biometric database containing 58,547 verified records. The dataset reportedly includes full name, date of birth, address, phone, email, high-resolution passport scans, and CNIB (national ID) copies collected between 2024 and 2025, totaling over 30GB. The seller is accepting trusted middlemen and can be contacted via Telegram.
Date: 2026-05-07T14:51:55Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-AFRICA-Burkina-Faso-GOV-Biometric-Database-60-500-Records
Screenshots:
None
Threat Actors: smiro662
Victim Country: Burkina Faso
Victim Industry: Government
Victim Organization: Burkina Faso Government
Victim Site: Unknown
Alleged data breach of Coinbase Canada
Category: Data Breach
Content: A threat actor is offering for sale an alleged database associated with Coinbase Canada users. The seller directs interested buyers to a Telegram contact for further details. A sample image link is provided but no record count or specific data fields are disclosed in the post.
Date: 2026-05-07T14:51:03Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Canada-Coinbase-Database
Screenshots:
None
Threat Actors: yenos68928
Victim Country: Canada
Victim Industry: Finance
Victim Organization: Coinbase
Victim Site: coinbase.com
Sale of government email credentials
Category: Combo List
Content: A threat actor is advertising government email credentials for sale at a claimed low price. No further details are available from the post content.
Date: 2026-05-07T14:50:11Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-CHEAP-GOVERNMENT-MAILS
Screenshots:
None
Threat Actors: Kampuchean
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged email and credential list
Category: Combo List
Content: A threat actor is offering for sale a list of email addresses paired with MD5 password hashes and plaintext passwords. The credentials span multiple email providers including Gmail, Yahoo, Hotmail, and others across various countries. The seller markets the list as fresh and correct, directing interested buyers to contact via Qtox.
Date: 2026-05-07T14:48:44Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-I-have-fresh-and-correct-email-list
Screenshots:
None
Threat Actors: nai
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of initial access to undisclosed Spain-based real estate company
Category: Initial Access
Content: A threat actor is selling RDWeb access to an undisclosed real estate company based in Spain with an estimated annual revenue of $5M–$10M. The access is described as domain user level with Windows Defender as the only security control and a network of approximately 10,000 or more hosts. The seller directs interested buyers to a Tor-based storefront for further details.
Date: 2026-05-07T14:44:18Z
Network: openweb
Published URL: https://breachforums.rs/Thread-RDP-RDWeb-Real-Estate-Spain-5M-10M-revenue
Screenshots:
None
Threat Actors: CocoMel0n
Victim Country: Spain
Victim Industry: Real Estate
Victim Organization: Unknown
Victim Site: Unknown
Sale of 1,000 valid Hotmail credentials
Category: Combo List
Content: A threat actor is offering 1,000 purportedly valid Hotmail mail access credentials dated 07.05. The content is hidden behind a registration/login requirement on the forum.
Date: 2026-05-07T14:41:21Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-1k-Full-Valid-Hotmail-Mail-Access-07-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of French CRM business database – 1.07 GB
Category: Data Breach
Content: A user on Breachforums has posted a thread claiming a 1.07 GB CRM database breach involving French business data. The post was forwarded from a private channel (赛弗里克斯). The breach appears to be related to customer relationship management (CRM) systems used by French businesses.
Date: 2026-05-07T14:34:17Z
Network: telegram
Published URL: https://t.me/Xyph0rix/313
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: France
Victim Industry: Business/CRM
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Polish stealer logs including credentials and system info
Category: Logs
Content: A threat actor shared a free sample of stealer logs targeting Poland, including credentials and system information files. The content is hosted on a Tor-based onion service and requires forum registration to access the full dataset.
Date: 2026-05-07T14:33:15Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Poland-credentials-txt-system-info-txt
Screenshots:
None
Threat Actors: CocoMel0n
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of GGI Insurance
Category: Data Leak
Content: A threat actor is freely distributing approximately 325 GB of data allegedly obtained from GGI Insurance (ggipinsurance.com). The leaked data reportedly includes financial documents, employee records, customer and supplier contracts, strategic plans, confidential data, personal data, and insurance compensation records.
Date: 2026-05-07T14:27:52Z
Network: openweb
Published URL: https://breached.st/threads/ggipinsurance-com-ggi-insurance-leak-pii-and-etc.86876/unread
Screenshots:
None
Threat Actors: wower
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: GGI Insurance
Victim Site: ggipinsurance.com
Alleged credit card verification service (Cococheck) offering carding tools and bulk card validation
Category: Logs
Content: Cococheck advertises credit card verification services starting at $0.01 per check, claiming three years of stable operation. The service offers bulk card checking, batch uploads, and special rates for large clients acquiring cards in bulk. Multiple countries targeted (FR, BE, AU, CA, UK, US, NL, PL, DE, JP). Also advertises configs, scripts, tools, hits, and combolists. Contact via @Dataxlogs.
Date: 2026-05-07T14:26:55Z
Network: telegram
Published URL: https://t.me/c/2613583520/77176
Screenshots:
None
Threat Actors: Cococheck
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Sunset World Resorts
Category: Data Breach
Content: A threat actor is offering for sale 257 GB of data allegedly exfiltrated from Sunset World Group, a Mexican hotel and resort operator based in Cancun. The claimed dataset includes customer and supplier contracts, financial documents, Oracle database exports, employee records, and legal documents. The seller can be contacted via an onionmail address.
Date: 2026-05-07T14:26:24Z
Network: openweb
Published URL: https://breached.st/threads/sunsetworldresorts-com-sunset-world-resorts-hotels-data.86877/unread
Screenshots:
None
Threat Actors: wower
Victim Country: Mexico
Victim Industry: Hospitality
Victim Organization: Sunset World Group
Victim Site: sunsetworldresorts.com
Alleged data leak of SMK Raden Paku
Category: Data Leak
Content: A threat actor has freely distributed an alleged database dump belonging to SMK Raden Paku, an Indonesian vocational school, via a MediaFire download link. The post includes a sample but no further details regarding record count or data fields are provided.
Date: 2026-05-07T14:24:43Z
Network: openweb
Published URL: https://breached.st/threads/database-smk-raden-paku.86878/unread
Screenshots:
None
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMK Raden Paku
Victim Site: Unknown
Alleged data leak of Al-Aziziyah Islamic Boarding School
Category: Data Leak
Content: A threat actor leaked a database allegedly belonging to Al-Aziziyah Islamic Boarding School (pesantrenalaziziyah.com), sharing it freely on a hacking forum. The post suggests the release is intended to highlight weak security practices at the institution.
Date: 2026-05-07T14:23:59Z
Network: openweb
Published URL: https://breached.st/threads/free-database-pesantrenalaziziyah-com.86880/unread
Screenshots:
None
Threat Actors: MrJupiter
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Al-Aziziyah Islamic Boarding School
Victim Site: pesantrenalaziziyah.com
Alleged data breach of BeautyMNL (beautymnl.com)
Category: Data Breach
Content: A threat actor is selling an alleged database from BeautyMNL, a Philippine e-commerce platform. The dataset reportedly contains 431,000 records including contact information (usernames, emails, names, phone numbers) and detailed shipping data (addresses, order amounts, delivery status, tracking numbers). The seller is accepting negotiable pricing via Telegram or Session and allows escrow.
Date: 2026-05-07T14:22:46Z
Network: openweb
Published URL: https://breached.st/threads/431k-philippines-www-beautymnl-com-database-contact-and-shipping-data.86881/unread
Screenshots:
None
Threat Actors: Jeffrey Epstein
Victim Country: Philippines
Victim Industry: Retail
Victim Organization: BeautyMNL
Victim Site: beautymnl.com
Mass Website Defacement of Riverland Farms Mirpur by Threat Actor Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement campaign targeting riverlandfarmsmirpur.com, a farming-related website associated with the Mirpur region of Pakistan. The defacement was deployed on a Linux-based server and archived via haxor.id. This incident is part of a broader mass defacement operation attributed to the same actor.
Date: 2026-05-07T14:04:24Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248957
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Pakistan
Victim Industry: Agriculture / Farming
Victim Organization: Riverland Farms Mirpur
Victim Site: riverlandfarmsmirpur.com
Website Defacement of WesprayOnPaving by Threat Actor Zod
Category: Defacement
Content: On May 7, 2026, a threat actor operating under the alias Zod defaced the website of We Spray On Paving, a paving services company hosted on a Linux-based web platform. The defacement targeted a specific page (zod.html) and was a single-site, non-mass incident. No specific motivation or proof-of-concept was publicly disclosed.
Date: 2026-05-07T14:02:19Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248955
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Construction / Paving Services
Victim Organization: We Spray On Paving
Victim Site: wesprayonpaving.webfirmdemo.com
Website Defacement of baptistedaspet.com by Threat Actor Zod
Category: Defacement
Content: On May 7, 2026, a threat actor operating under the alias Zod defaced a page on baptistedaspet.com, a personal or small business website likely associated with an individual named Baptiste Daspet. The attack targeted a Linux-based web server and resulted in unauthorized modification of the page at the URL path /zod.html. This was a targeted single-page defacement, with no indication of mass or repeat defacement activity.
Date: 2026-05-07T13:59:31Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248956
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: France
Victim Industry: Unknown
Victim Organization: Baptiste Daspet
Victim Site: baptistedaspet.com
Free combo list targeting USA and Canada with 85K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 85,000 credential lines described as a USA/Canada mix. The content is gated behind registration or login on the forum. The credentials are marketed as ultra-fresh and recently extracted in 2026.
Date: 2026-05-07T13:54:31Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-ultra-fresh-85k-private-lines-usa-ca-mix-just-extracted-2026-299736
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list targeting EU users with 4.2K credentials
Category: Combo List
Content: A threat actor shared a combo list containing over 4,200 credential pairs described as fresh and targeting EU users. The content is hosted on MEGA and gated behind forum registration or login. No specific breached organization is identified.
Date: 2026-05-07T13:53:57Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-4-2k-fresh-records-eu-target-never-before-seen
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 65K validated credentials targeting AU/NZ/UK users
Category: Combo List
Content: A threat actor has shared a combo list of 65,000 validated credential lines via MEGA, targeting users from Australia, New Zealand, and the United Kingdom. The content is gated behind forum registration or login. No specific breached organization is identified.
Date: 2026-05-07T13:53:14Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%91%91%F0%9F%91%9165k-validated-lines-au-nz-uk-premium-quality%F0%9F%91%91%F0%9F%91%91
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list targeting IT/ES/PT regions with 55K+ credentials
Category: Combo List
Content: A threat actor shared a combo list containing over 55,000 credentials via MEGA, marketed as fresh with a high inbox rate. The list targets users from Italy, Spain, and Portugal. Access to the download is restricted to registered forum members.
Date: 2026-05-07T13:52:09Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-2026-first-batch-55k-fresh-data-it-es-pt-high-inbox-rate-299745
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting DE/AT/CH region with 30,000+ fresh leads
Category: Combo List
Content: A threat actor is offering a combo list of over 30,000 credentials marketed as fresh and hand-picked, targeting users in Germany, Austria, and Switzerland (DE/AT/CH). The content is hosted on MEGA and gated behind forum registration or login.
Date: 2026-05-07T13:51:22Z
Network: openweb
Published URL: https://patched.to/Thread-unseen-30k-fresh-leads-target-de-at-ch-hand-picked-stock-299746
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo lists across multiple geographies
Category: Combo List
Content: A threat actor is offering credential data marketed as fresh and private, available for any geographic region. The content is gated behind registration or login on the forum. No specific victim organization or record count is disclosed.
Date: 2026-05-07T13:50:33Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-fresh-data-on-demand-any-geo-100-private
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of SMK Raden Paku
Category: Data Breach
Content: A user named JAX7 has posted a database breach of SMK Raden Paku (a vocational school in Indonesia) on Breachforums. The breach includes a database dump shared via the Breachforums platform.
Date: 2026-05-07T13:50:07Z
Network: telegram
Published URL: https://t.me/bsnsbsksjsk/24
Screenshots:
None
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMK Raden Paku
Victim Site: Unknown
Combo List targeting Asia/Pacific region
Category: Combo List
Content: A threat actor is distributing a combo list of over 15,000 credentials marketed as fresh, high-quality leads targeting the Asia/Pacific region. The content is hosted on MEGA and gated behind forum registration or login.
Date: 2026-05-07T13:49:49Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-rare-find-15k-fresh-leads-asia-pacific-target-hq-quality
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 55K Fresh Mixed Domain Credentials
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 55,000 credentials described as fresh records across mixed domains. The content is gated behind registration or login and distributed via MEGA. The post claims weekly updates suggesting ongoing credential distribution.
Date: 2026-05-07T13:49:34Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-deep-scan-55k-fresh-records-mixed-domains-weekly-update-2026-299752
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of DACH region targeted combo list with 10,000+ lines
Category: Combo List
Content: A threat actor is distributing a combo list claimed to contain over 10,000 ultra-targeted lines focused on the DACH region (Germany, Austria, Switzerland). The content is gated behind forum registration or login and hosted on MEGA. The post describes the data as sourced from a private leak.
Date: 2026-05-07T13:48:56Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-boutique-data-10k-ultra-targeted-lines-dach-region-private-leak-299753
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail
Category: Combo List
Content: A user on a combolist forum is distributing a private Hotmail combo list. The content is hidden behind a registration or login requirement, limiting visibility into the full scope of the list.
Date: 2026-05-07T13:48:30Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-private-hotmail-batmanmail-2
Screenshots:
None
Threat Actors: BatmanMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 3,000 mixed email credentials
Category: Combo List
Content: A user on a combolist forum is sharing a mixed email combo list containing approximately 3,000 credential pairs. The content is hidden behind a login/registration wall. No specific target organization or country is identified.
Date: 2026-05-07T13:46:56Z
Network: openweb
Published URL: https://patched.to/Thread-3k-mix-mail
Screenshots:
None
Threat Actors: randiman11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail credential combo list distributed on forum
Category: Combo List
Content: A threat actor distributed a batch of Hotmail credential hits via a hidden download link on a combolist forum. The post is gated behind registration or login, suggesting distribution to vetted forum members. No record count or additional details were provided.
Date: 2026-05-07T13:46:11Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%91%91%F0%9F%91%91-hotmail-hits-%F0%9F%91%91%F0%9F%91%91-batch-may-2026
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale or leak of 156 million URL:Login:Password combo list with mixed categories
Category: Combo List
Content: A threat actor operating as @DADAZONE_V2 has shared or is distributing a combo list of approximately 156 million URL:login:password credential pairs across mixed categories. The content is hidden behind a registration/login wall, limiting further details. The list appears to include credentials paired with target URLs.
Date: 2026-05-07T13:45:44Z
Network: openweb
Published URL: https://patched.to/Thread-156m-ulp-target-url-logg-pass-mix-categories-by-dadazone-v2
Screenshots:
None
Threat Actors: dadazone
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of webshell access to compromised websites
Category: Initial Access
Content: Threat actor offering webshell access to compromised websites with domain authority (DA) and page authority (PA) metrics. Listing includes 4 sites (.com and .co.in domains) with pricing: 185,000 IDR per site or 400,000 IDR for all. Contact via Telegram handle @realmaul1337.
Date: 2026-05-07T13:36:48Z
Network: telegram
Published URL: https://t.me/c/3865526389/838
Screenshots:
None
Threat Actors: realmaul1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Hotmail Access Credentials (900 Entries, Multi-Region)
Category: Combo List
Content: A combo list of approximately 900 Hotmail credentials is being shared on a forum, covering accounts from the USA, Europe, Asia, and Russia. The content is hidden behind a reply gate and distributed via Telegram.
Date: 2026-05-07T13:32:53Z
Network: openweb
Published URL: https://altenens.is/threads/900x-hotmail-access-combo-usa-europe-asia-russian.2935905/unread
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mix Mail Combo List including Hotmail, Outlook, AOL, GMX, Inbox, iCloud, and Live
Category: Combo List
Content: A mixed mail combo list allegedly containing credentials for multiple email providers including Hotmail, Outlook, AOL, GMX, Inbox, iCloud, and Live was shared on a forum. The content is hidden behind a reply gate. No record count or additional details were disclosed.
Date: 2026-05-07T13:31:36Z
Network: openweb
Published URL: https://altenens.is/threads/mix-mail-combo-hotmail-outlook-aol-gmx-inbox-icloud-live-2026-5-4.2935907/unread
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of mixed mail access combo list
Category: Combo List
Content: A threat actor shared a combo list of approximately 2,500 mixed mail access credentials on a public forum. The content is gated behind a reply requirement. No specific targeted service or origin breach is identified.
Date: 2026-05-07T13:30:24Z
Network: openweb
Published URL: https://altenens.is/threads/2-5k-mail-access-mix-07-05.2935911/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list distributed freely
Category: Combo List
Content: A threat actor shared a list of 500 Hotmail credentials via a Mega.nz link, marketed as fresh mail access dated 07.05. The post offers the combo list freely without a stated price.
Date: 2026-05-07T13:28:45Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-500X-Just-Hotmail-Fresh-Mail-Access-07-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 5K mail access mix distributed freely
Category: Combo List
Content: A threat actor has freely distributed a combo list of approximately 5,000 email account credentials via a Mega.nz link. The list is described as a mix of valid mail access credentials dated 07.05.
Date: 2026-05-07T13:26:23Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-5K-Full-Valid-Mail-Access-Mix-07-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Instructure Canvas LMS affecting 275 million students and educational institutions
Category: Data Breach
Content: Hackers have claimed to have stolen information of approximately 275 million users from Instructures Canvas LMS educational platform. Canvas is used by thousands of schools, universities, and educational centers worldwide. This represents one of the largest data breaches in the online education sector, raising serious concerns about the security of student and educational institution data globally.
Date: 2026-05-07T13:07:55Z
Network: telegram
Published URL: https://t.me/c/1283513914/21603
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Unknown
Victim Industry: Education Technology / Online Learning
Victim Organization: Instructure
Victim Site: instructure.com
Sale of Google Gemini Pro premium account upgrades with 2TB storage
Category: Services
Content: A seller on a cybercrime forum is offering Google Gemini Pro premium upgrades including Veo 3.1, NotebookLM, and 2TB storage for $20 per 12 months. The seller claims no login details are required and advertises the service as a legal account upgrade with full warranty.
Date: 2026-05-07T12:54:31Z
Network: openweb
Published URL: https://patched.to/Thread-gladiator-gemini-pro-ai-veo-3-1-access-nano-banana-notebooklm-2tb-storage-12-18-months
Screenshots:
None
Threat Actors: MINDHUNTER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: URL:Log:Pass combination list with 8+ million lines (Part 321)
Category: Combo List
Content: A threat actor is distributing a free URL:Log:Pass combo list containing over 8 million lines, labeled as Part 321 of an ongoing series. The content is hidden behind a registration/login wall on the forum.
Date: 2026-05-07T12:53:48Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-321
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail inbox search script with multi-keyword support (Python, open source)
Category: Combo List
Content: A Python-based open-source script for searching Hotmail inboxes using multiple keywords is being shared on a combolist forum. The tool is likely intended for credential stuffing or account takeover operations against Hotmail accounts. Content is hidden behind registration.
Date: 2026-05-07T12:53:35Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-script-hotmail-inbox-searh-with-multi-keywords-searh-python-open-source
Screenshots:
None
Threat Actors: ELJOKER1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Bumble Premium account upgrade service
Category: Services
Content: A forum seller is offering Bumble Premium and Premium Plus subscription upgrades on buyers own accounts at discounted rates. Pricing ranges from $7 for one week to $90 for a lifetime Premium plan. The seller advertises full warranty and claims the service is safe and legal.
Date: 2026-05-07T12:53:08Z
Network: openweb
Published URL: https://patched.to/Thread-gladiator-%E2%AD%90-bumble-dating-accounts-premium-premium-plus-upgrade-on-your-own-account-%E2%9A%A190-off%E2%AD%90
Screenshots:
None
Threat Actors: MINDHUNTER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 100 UHQ global Hotmail credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 100 purportedly high-quality (UHQ) Hotmail credentials, marketed as having a fresh hit rate. The content is gated behind forum registration or login.
Date: 2026-05-07T12:52:50Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%8C%90-0-1k-uhq-global-hotmail-vip-exclusive-access-fresh-hitrate-%F0%9F%8C%90
Screenshots:
None
Threat Actors: NokiaDB
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Netflix premium account upgrades
Category: Services
Content: A forum seller is offering Netflix premium account upgrades at discounted prices ranging from $6 to $12 per month for Basic, Standard, and 4K Premium tiers. The seller claims the service is legal and safe, with worldwide access and a full-month warranty. Contact is provided via Telegram and Discord.
Date: 2026-05-07T12:51:58Z
Network: openweb
Published URL: https://patched.to/Thread-gladiator-%E2%AD%90-netflix-account-premium-upgrades-on-your-own-account%E2%9A%A1legal-safe%E2%9A%A160-off-%E2%AD%90
Screenshots:
None
Threat Actors: MINDHUNTER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Hotmail and mixed credentials distributed on forum
Category: Combo List
Content: A threat actor shared a combo list described as high-quality fresh Hotmail and mixed credentials, claiming the content was previously released in a private Telegram channel 24 hours prior. The actual content is hidden behind a forum registration wall. No record count or specific victim organization is identified.
Date: 2026-05-07T12:51:32Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%B4%EF%B8%8F-hq-fresh-hotmails-mix-%E2%9C%B4%EF%B8%8F-dropped-in-private-channel-24h-ago-%F0%9F%94%A5%F0%9F%94%A5-299672
Screenshots:
None
Threat Actors: nikyofficial
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted SuperGrok AI premium account upgrades
Category: Services
Content: A forum seller is offering SuperGrok AI premium account upgrades at discounted prices, advertised at $14 for one month and $100 for twelve months. The seller claims upgrades are applied to the buyers own account and markets access to Grok AI models, video generation, and other premium features. Contact is provided via Telegram and Discord.
Date: 2026-05-07T12:50:44Z
Network: openweb
Published URL: https://patched.to/Thread-gladiator-%E2%AD%90-supergrok-ai-premium-upgrade-on-your-own-account-mail%E2%9A%A1upto-65-off-%E2%AD%90-299719
Screenshots:
None
Threat Actors: MINDHUNTER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 21K Corporate and Mixed Mail Credentials
Category: Combo List
Content: A threat actor operating under the name MonnarhTeam shared a combo list purportedly containing 21,000 corporate and mixed mail access credentials, marketed as fully valid. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-07T12:50:18Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-21k-corp-mix-full-valid-mail-access-07-05
Screenshots:
None
Threat Actors: MonnarhTeam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
HQ Hotmail combo list with 658,317 lines
Category: Combo List
Content: A threat actor is distributing a combo list of 658,317 Hotmail credential pairs, marketed as high quality and fresh. The content is hidden behind a registration/login gate on the forum. No specific breach source is identified.
Date: 2026-05-07T12:47:56Z
Network: openweb
Published URL: https://leakforum.io/Thread-658-317-Lines-%E2%AD%90%EF%B8%8FHQ-HOTMAIL-COMBOLIST%E2%AD%90%EF%B8%8FPRIVATE-FRESH%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: XVF33t
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mail access and infostealer logs by Dataxlogs
Category: Logs
Content: Threat actor operating under handle Dataxlogs is offering mail access, credential combolists, configurations, scripts, tools, and hits targeting victims across France, Belgium, Australia, Canada, United Kingdom, United States, Netherlands, Poland, Germany, and Japan. The actor is actively soliciting requests for additional data.
Date: 2026-05-07T12:47:35Z
Network: telegram
Published URL: https://t.me/c/2613583520/77137
Screenshots:
None
Threat Actors: Dataxlogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Pentagon RAT 2026 Remote Access Trojan
Category: Malware
Content: A forum post advertises Pentagon RAT 2026, a remote access trojan offering remote desktop control, keylogging, credential theft, screenshot and webcam monitoring, and C2 communication capabilities. The malware is described as using stealth and persistence techniques to operate silently on infected systems. The post provides a download link via Mediafire, gated behind forum registration or login.
Date: 2026-05-07T12:47:21Z
Network: openweb
Published URL: https://leakforum.io/Thread-Cracked-Pentagon-RAT-2026
Screenshots:
None
Threat Actors: daniel12
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Karangasem Resident Database (PUSATDATA) – 578,382 records
Category: Data Breach
Content: Indonesian government resident database from Karangasem regency allegedly breached by threat actor BABAYO EROR SYSTEM. Approximately 578,382 resident records leaked in XLSX format (35 MB). Compromised data includes personal identifiers (pp_id, No_KK), names, addresses, and verification information. Data made available for free download. Evidence of defacement also reported on Samarinda City PPID website.
Date: 2026-05-07T12:46:25Z
Network: telegram
Published URL: https://t.me/BabayoErorSytem1/832
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: PUSATDATA Karangasem / Karangasem Regency Government
Victim Site: pusatdata.karangasem
Alleged defacement of Samarinda City Government PPID website by BABAYO EROR SYSTEM
Category: Defacement
Content: BABAYO EROR SYSTEM claims to have defaced the PPID (Public Information Service) website of Samarinda City Government (ppid.samarindakota.go.id). Defacement proof provided via URL showing hacked-by-babayo-eror-system message on the government website.
Date: 2026-05-07T12:46:03Z
Network: telegram
Published URL: https://t.me/c/3865526389/833
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Samarinda City Government – PPID
Victim Site: ppid.samarindakota.go.id
Sale of premium SMTP accounts for bulk mailing
Category: Services
Content: A threat actor is selling access to premium SMTP accounts across multiple providers including AWS, Sendgrid, Sparkpost, Mandrill, and others. Accounts are advertised as inbox-tested with varying sending limits. The seller directs interested buyers to contact via Telegram.
Date: 2026-05-07T12:45:29Z
Network: openweb
Published URL: https://demonforums.net/Thread-Selling-Premium-SMTPs-With-Different-Sending-Limit
Screenshots:
None
Threat Actors: imi_jav1995
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list shared on forum
Category: Combo List
Content: A threat actor shared a Hotmail combo list containing approximately 5,000 email:password credentials as hidden content on a carding forum. The post advertises a shop (unique-combo.shop) offering combo lists for various countries and on request.
Date: 2026-05-07T12:45:11Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-Hotmail-Unique-Combo-4-5000–203204
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 700 Fresh Hotmail Credentials Shared
Category: Combo List
Content: A threat actor is distributing a combo list of 700 Hotmail credentials marketed as fresh valid hits. The content is gated behind a reply requirement on the forum. This is a credential stuffing resource targeting Hotmail accounts, not a breach of Microsoft or Hotmail infrastructure.
Date: 2026-05-07T12:35:43Z
Network: openweb
Published URL: https://altenens.is/threads/sparkles-700x-fresh-hotmail-valid-sparkles.2935891/unread
Screenshots:
None
Threat Actors: Sellix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 21K corporate and mixed email access credentials
Category: Combo List
Content: A threat actor is offering 21,000 corporate and mixed email access credentials, marketed as fully valid and dated 07.05. The post requires forum registration or login to access the hidden content containing the credentials.
Date: 2026-05-07T12:34:08Z
Network: openweb
Published URL: https://breachforums.rs/Thread-21K-Corp-Mix-Full-valid-Mail-Access-07-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
DDoS-for-hire service offering botnet-based Layer-4 and Layer-7 attacks
Category: Services
Content: A threat actor is advertising a DDoS-for-hire service at stressed.pw, claiming to operate a powerful botnet capable of Layer-4 and Layer-7 attacks. The service targets websites, game servers, betting sites, and government or banking infrastructure. Anonymous payment is accepted and no personal information is required.
Date: 2026-05-07T12:31:53Z
Network: openweb
Published URL: https://breachforums.rs/Thread-stressed-pw-Launch-Cyberattacks-on-Websites-Botnet-Project
Screenshots:
None
Threat Actors: Darkode1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of MUI Indonesia employee records
Category: Data Leak
Content: A threat actor operating under the name Sadboy Cyber Team Indonesia has freely distributed what is claimed to be employee data from Majelis Ulama Indonesia (MUI), covering records from 2020 to 2025. The leaked archive reportedly contains spreadsheet files totaling 267MB uncompressed. The post includes a politically motivated message directed at the organization.
Date: 2026-05-07T12:26:27Z
Network: openweb
Published URL: https://breached.st/threads/149k-employee-mui-indonesia.86873/unread
Screenshots:
None
Threat Actors: SCTH
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Majelis Ulama Indonesia (MUI)
Victim Site: mui.or.id
Alleged data leak of Shanghai Government National Police (SHGA.gov.cn)
Category: Data Leak
Content: A threat actor known as MDGhost claims to have leaked approximately 500GB of data from the Shanghai Government National Police portal (shga.gov.cn), organized across 3 main tables. The data was allegedly previously published on a Telegram channel associated with the BlackH4t MD-Ghost group. No explicit record count or sample data was included in the post.
Date: 2026-05-07T12:25:46Z
Network: openweb
Published URL: https://breached.st/threads/only-500gb-shanghai-gov-shga-gov-cn-national-police.86874/unread
Screenshots:
None
Threat Actors: MDGhost
Victim Country: China
Victim Industry: Government
Victim Organization: Shanghai Government National Police
Victim Site: shga.gov.cn
Alleged data leak of population database from Karangasem Regency Government
Category: Data Leak
Content: A threat actor is distributing a population database allegedly sourced from the Karangasem Regency Government portal (pusatdata.karangasemkab.go.id) free of charge. The post claims the dataset contains 578,382 records and offers a sample to interested parties.
Date: 2026-05-07T12:25:04Z
Network: openweb
Published URL: https://breached.st/threads/data-base-penduduk-pusatdata-karangasem-578-382-thousand.86875/unread
Screenshots:
None
Threat Actors: BabayoErorSystem
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Karangasem Regency Government
Victim Site: pusatdata.karangasemkab.go.id
Alleged data breach of Pusatdata Karangasem resident database – 578,382 records
Category: Data Breach
Content: A database containing 578,382 resident records from Pusatdata Karangasem (Indonesia) has been leaked and made available for free distribution. The dataset includes personal identifiable information such as national ID numbers (pp_id), family card numbers (No_KK), family head names, addresses, resident names, input dates, and verification status. The data is in XLSX format (35 MB) and was posted on breached.st.
Date: 2026-05-07T12:23:43Z
Network: telegram
Published URL: https://t.me/c/3865526389/832
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government/Public Administration
Victim Organization: Pusatdata Karangasem
Victim Site: Unknown
Website Defacement of Indonesian Elementary School by Mr.XycanKing (BABAYO EROR SYSTEM)
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.XycanKing, operating under the group BABAYO EROR SYSTEM, defaced the website of an Indonesian Islamic integrated elementary school hosted at sditrr02.sch.id. The attack targeted a Linux-based web server and resulted in a single-page defacement of the institutions website. No mass or redefacement indicators were noted, and the incident was archived via haxor.id.
Date: 2026-05-07T12:14:54Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248954
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SDIT RR 02 (Islamic Integrated Elementary School)
Victim Site: sditrr02.sch.id
Alleged data breach of HOMES real estate platform (homes.at.world)
Category: Data Breach
Content: A threat actor is offering for sale an alleged database dump from HOMES, a real estate platform accessible at homes.at.world, containing approximately 7 million records across agent and investor lines. The dataset reportedly includes personally identifiable information such as names, emails, phone numbers, addresses, ID numbers, birth dates, passport expiry dates, nationality, and property-related fields in CSV format. The seller is asking $1,800 negotiable and has provided sample JSON records r
Date: 2026-05-07T12:00:25Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-7M-https-homes-at-world-HOMES-Real-Estate-Platform–189172
Screenshots:
None
Threat Actors: Moon_WALK
Victim Country: Unknown
Victim Industry: Real Estate
Victim Organization: HOMES
Victim Site: homes.at.world
Website Defacement of Lead-Pro SaaS Platform by Mr.XycanKing (BABAYO EROR SYSTEM)
Category: Defacement
Content: On May 7, 2026, the SaaS platform hosted at saas.lead-pro.in was defaced by threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM. The attack targeted a subdomain of the Lead-Pro platform running on a Linux server. The incident was a targeted single-site defacement with no mass or repeated defacement characteristics reported.
Date: 2026-05-07T11:50:54Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248953
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: India
Victim Industry: Software as a Service (SaaS) / Technology
Victim Organization: Lead-Pro
Victim Site: saas.lead-pro.in
Free distribution of URL:Log:Pass combo list with 8+ million lines
Category: Combo List
Content: A threat actor is freely distributing a URL:Log:Pass combo list claimed to contain over 8 million lines, posted as part 320 of an ongoing series. The content is hidden behind a forum registration/login wall.
Date: 2026-05-07T11:47:31Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-320
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 1,700 Hotmail credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1,700 Hotmail email credentials, claimed to be sourced from a private cloud. The content is gated behind forum registration or login.
Date: 2026-05-07T11:46:46Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9C%A8%E2%9A%9C%EF%B8%8Fx1700-hotmail-mail-access-full-vaild-from-private-cloud-%E2%9A%9C%EF%B8%8F%E2%9C%A8-04-05
Screenshots:
None
Threat Actors: ELJOKER1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is offering a combo list of approximately 4,000 Hotmail credentials marketed as high-quality hits. The content is hidden behind a registration/login wall on the forum.
Date: 2026-05-07T11:46:21Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85-4k-hq-hotmail-hit-%E2%9C%85-299675
Screenshots:
None
Threat Actors: RetroCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: HQ Hotmail Mail Access Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 300 Hotmail mail access credentials. The content is gated behind registration or login. The credentials are marketed as high quality.
Date: 2026-05-07T11:45:48Z
Network: openweb
Published URL: https://patched.to/Thread-0-3k-hq-hotmail-mail-access-combolist-299678
Screenshots:
None
Threat Actors: liamgoat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged combo list targeting gaming platforms (900K credentials)
Category: Combo List
Content: A threat actor is distributing a combo list marketed as gaming private containing approximately 900,000 credential pairs. The content is hidden behind a registration/login gate on the forum. No specific victim organization or platform is identified in the visible post.
Date: 2026-05-07T11:43:52Z
Network: openweb
Published URL: https://patched.to/Thread-900k-gaming-private
Screenshots:
None
Threat Actors: moser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Australian combo list with 140K credentials
Category: Combo List
Content: A threat actor is offering a combo list of approximately 140,000 Australian credentials, marketed as high-quality and fresh. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-07T11:43:30Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-140k-australia-hq-fresh-combolist
Screenshots:
None
Threat Actors: megatronishere
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Brazil UHQ combo list with 205,000 credentials
Category: Combo List
Content: A threat actor shared a combo list advertised as 205K UHQ credentials targeting Brazilian accounts. The content is gated behind registration or login on the forum. No specific breached organization is identified.
Date: 2026-05-07T11:43:06Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-205k-brazil-uhq-combolist
Screenshots:
None
Threat Actors: megatronishere
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 52K Hotmail Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 52,000 Hotmail credentials, described as private. The content is gated behind forum registration or login.
Date: 2026-05-07T11:42:31Z
Network: openweb
Published URL: https://patched.to/Thread-52k-hotmail-private-299690
Screenshots:
None
Threat Actors: moser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 61K credentials
Category: Combo List
Content: A forum member is sharing a combo list of 61,000 Hotmail.com credentials, marketed as high quality. The content is gated behind registration or login on the forum.
Date: 2026-05-07T11:41:42Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-61k-hotmail-com-hq-combolist
Screenshots:
None
Threat Actors: megatronishere
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 1.2K Hotmail credentials shared
Category: Combo List
Content: A combo list of approximately 1,200 Hotmail credentials marketed as fully valid was shared on a forum. The content is hidden behind a registration or login wall. The credentials appear intended for credential stuffing against Hotmail accounts.
Date: 2026-05-07T11:40:52Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1-2k-hotmail-full-valid-by-kommander0-07-05
Screenshots:
None
Threat Actors: AnticaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 1,200 Hotmail email credentials on a public forum. The post is gated behind registration or login and is described as old data. The credentials are marketed as mail access for Hotmail accounts.
Date: 2026-05-07T11:40:29Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%92%BD1-2k-hotmail-mail-access%F0%9F%92%BD%E2%9C%A8-06-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 500 credentials
Category: Combo List
Content: A forum user is distributing a combo list of 500 Hotmail credentials, marketed as updated on 07.05. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-07T11:39:48Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-500-access-hotmail-acrtixx1-update-07-05
Screenshots:
None
Threat Actors: Flexedz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail
Category: Combo List
Content: A combo list purportedly containing 1,078 Hotmail account credentials is being shared on a forum. The content is hidden behind a registration or login requirement. The post is dated May 7 and is labeled as an update to a prior release.
Date: 2026-05-07T11:39:13Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1078-access-hotmail-acrtixx1-update-07-05
Screenshots:
None
Threat Actors: Flexedz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail credential combo list with inbox targets sorted by country
Category: Combo List
Content: A threat actor is sharing a combo list of 1,482 Hotmail credential hits, marketed as high quality. The list includes inbox targets and is sorted by country. Content is hidden behind a registration/login wall on the forum.
Date: 2026-05-07T11:38:26Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9D%84-1482x-hq-hotmail-hits-%E2%9D%84-%F0%9F%94%8E-inboxes-targets-%F0%9F%94%8E-%F0%9F%8C%8Esorted-countries-%F0%9F%8C%8E-299697
Screenshots:
None
Threat Actors: Lowza9
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 2.9K credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 2,900 Hotmail email credentials on a cybercrime forum. The content is hidden behind a login/registration wall and requires a like to access. The post does not specify the source of the credentials.
Date: 2026-05-07T11:38:08Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-2-9k-hotmail-mail-access-%E2%9C%85-299680
Screenshots:
None
Threat Actors: D47
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Telegram Premium account upgrading service
Category: Services
Content: A forum member is offering a Telegram Premium account upgrading service via gift activation. Packages are priced at $15.99 for 3 months, $25.99 for 6 months, and $39.99 for 12 months, with contact provided via Telegram and Discord.
Date: 2026-05-07T11:37:38Z
Network: openweb
Published URL: https://patched.to/Thread-gladiator-%E2%9C%A8-1-telegram-account-premium-upgrading-service-via-gift-on-cio-must-try-%E2%9C%A8
Screenshots:
None
Threat Actors: MINDHUNTER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A forum user shared a combo list of purportedly fresh and valid Hotmail credentials. The content is hidden behind a registration/login wall, limiting visibility into the actual record count or data fields. The credentials are marketed as valid hits suitable for credential stuffing.
Date: 2026-05-07T11:37:01Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-x6312-fresh-hotmail-valid
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials distributed on forum
Category: Combo List
Content: A threat actor distributed a combo list of 469 Hotmail mail access credentials on a cybercrime forum. The content is described as old data and is shared behind a registration/login gate.
Date: 2026-05-07T11:36:37Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%92%BDx469-hotmail-mail-access%F0%9F%92%BD%E2%9C%A8-06-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Digital goods marketplace service offering low-fee crypto checkout and auto-delivery
Category: Services
Content: A forum seller is advertising MacanSell, a digital goods storefront service targeting underground marketplace vendors. The service offers a 4.9% flat fee, crypto payments with instant on-chain settlement, auto-delivery of digital goods, and custom domain hosting with DDoS protection. No KYC is required, and the platform supports delivery of files, license keys, credentials, and private links.
Date: 2026-05-07T11:36:15Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%90-macansell-%E2%80%94-sell-anything-digital-%E2%9A%A1-crypto-checkout-%E2%9A%A1-instant-delivery-%E2%9A%A1-4-9-flat
Screenshots:
None
Threat Actors: devMacan
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Hotmail credentials with claimed 100% hit rate
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1,500 Hotmail credentials, claimed to have a 100% hit rate. The content is gated behind forum registration or login. These credentials are likely intended for credential stuffing or account takeover.
Date: 2026-05-07T11:35:53Z
Network: openweb
Published URL: https://patched.to/Thread-1-5k-hotmail-100-hits-%E2%9C%85
Screenshots:
None
Threat Actors: dzplayer2211
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Discounted travel booking service offering flights, hotels, and car rentals at reduced rates
Category: Services
Content: A forum seller is advertising a service offering up to 60% off flights, hotels, and car rentals, likely facilitated through fraudulent or unauthorized bookings. Payment is accepted in cryptocurrency only, with escrow available, and fees are charged after booking confirmation. The operator communicates via Signal following repeated Telegram account removals.
Date: 2026-05-07T11:35:35Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9D%84%EF%B8%8F%E3%80%90%E2%9C%88%EF%B8%8F-flights-hotels-car-rentals-60-off%E3%80%91-%E2%9A%A1-inquire-100-safe-%E2%9A%A1travel-cheap
Screenshots:
None
Threat Actors: cheaptravelzz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed access combo list (853 entries)
Category: Combo List
Content: A forum user is distributing a mixed access combo list containing 853 entries, described as an update dated 07.05. The actual content is hidden behind a login/registration wall and no further details are available.
Date: 2026-05-07T11:35:02Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-853-access-mix-acrtixx1-update-07-05
Screenshots:
None
Threat Actors: Flexedz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list targeting French email services
Category: Combo List
Content: A threat actor shared a combo list of approximately 1,800 France-based email account credentials, described as mixed mail access. The content is hidden behind a registration/login gate and is labeled as private data from the poster.
Date: 2026-05-07T11:34:16Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%92%BD1-8k-france-mail-access-mix%F0%9F%92%BD%E2%9C%A8-06-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 2,047 Premium Hotmail Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 2,047 purportedly high-quality Hotmail credentials with inbox access. The content is gated behind forum registration or login. The credentials are marketed as premium and suitable for inbox-targeting activity.
Date: 2026-05-07T11:33:52Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%E2%9A%A1-2047x-premium-hq-hotmails-%E2%9A%A1%E2%9A%A1-%F0%9F%94%8E-inboxes-targets-%F0%9F%94%8E
Screenshots:
None
Threat Actors: Lowza9
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 170K cookies from stealer logs
Category: Logs
Content: A threat actor is distributing 170,000 cookie files sourced from stealer logs with duplicates removed. The content is gated behind registration or login on the forum.
Date: 2026-05-07T11:33:21Z
Network: openweb
Published URL: https://patched.to/Thread-diamond-170k-cookies-from-stealer-logs
Screenshots:
None
Threat Actors: rich
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Hotmail and OneDrive accounts
Category: Combo List
Content: A threat actor is freely sharing a combo list of 1,100 Hotmail credentials marketed as fresh, with noted utility for OneDrive (One Cloud) access. The content is hidden behind a forum registration or login requirement.
Date: 2026-05-07T11:32:51Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F1100-line-hotmail-one-cloud-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: ALVIN1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
China Fresh Mail Access Combo List
Category: Combo List
Content: A threat actor shared a combo list of approximately 2,300 Chinese email credentials, marketed as fresh and dated 07.05. The content is hidden behind a registration/login wall on the forum.
Date: 2026-05-07T11:31:52Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-2-3k-china-fresh-mail-access-07-05
Screenshots:
None
Threat Actors: MonnarhTeam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A user is sharing a combo list of 5,000 Hotmail credentials on a leak forum. The content is hidden behind a registration or login wall. No breach of a specific organization is claimed; the list appears intended for credential stuffing against Hotmail accounts.
Date: 2026-05-07T11:31:35Z
Network: openweb
Published URL: https://leakforum.io/Thread-Hotmail-Unique-Combo-1-5000–20182
Screenshots:
None
Threat Actors: UniqueComb
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list allegedly containing fresh checked credentials
Category: Combo List
Content: A forum user is distributing a Hotmail combo list described as private and freshly checked. The content is hidden behind a registration or login requirement. The credentials are intended for credential stuffing against Hotmail accounts.
Date: 2026-05-07T11:30:59Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1HOTMAIL%E2%9A%A1%E2%9A%A1PRIVATE%E2%9A%A1%E2%9A%A1FRESH%E2%9A%A1%E2%9A%A1CHEKED-BY-klyne05-%E2%9A%A1–20184
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts (5,000 credentials)
Category: Combo List
Content: A combo list containing 5,000 unique credentials targeting Hotmail accounts has been shared on a leak forum. The content is hidden behind a registration or login wall. No breach of a specific organization is claimed.
Date: 2026-05-07T11:30:25Z
Network: openweb
Published URL: https://leakforum.io/Thread-Hotmail-Unique-Combo-2-5000–20186
Screenshots:
None
Threat Actors: UniqueComb
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail combo list sample (565 credentials)
Category: Combo List
Content: A threat actor shared a sample combo list containing 565 Hotmail credentials on a public leak forum. The content is gated behind registration or login. These credentials appear intended for credential stuffing against Hotmail/Outlook accounts.
Date: 2026-05-07T11:29:42Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-565x-SAMPLE-HOTMAIL-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Stevejobs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 5,000 credentials
Category: Combo List
Content: A combo list containing 5,000 unique Hotmail credentials has been shared on a leak forum. The content is hidden behind a registration or login wall. The post is consistent with credential stuffing material targeting Hotmail accounts.
Date: 2026-05-07T11:29:11Z
Network: openweb
Published URL: https://leakforum.io/Thread-Hotmail-Unique-Combo-3-5000–20188
Screenshots:
None
Threat Actors: UniqueComb
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list
Category: Combo List
Content: A threat actor is sharing a combo list of 1,130 Hotmail credentials marketed as private and fresh. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-07T11:28:43Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-1130x-%E2%AD%90%E2%AD%90-FRESH-HQ-HOTMAIL-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: KiwiShioo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 6.2K HQ Mix Access Valid Hits
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 6,200 credentials marketed as high-quality valid hits. The content is hidden behind a registration or login wall on the forum. No specific targeted service or victim organization is identified in the post.
Date: 2026-05-07T11:27:58Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-6-2k-HQ-Mix-Access-VALID-HITS
Screenshots:
None
Threat Actors: hunterX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: HQ Hotmail credentials shared on forum
Category: Combo List
Content: A threat actor posted a combo list of 2,408 Hotmail credentials on a public forum. The content is hidden behind a login/registration gate. These credentials are likely intended for credential stuffing against Hotmail/Outlook accounts.
Date: 2026-05-07T11:27:29Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-X2408-HQ-Hotmail-%E2%9A%A1%E2%9A%A1-BY-Stevee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: stevee
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged Binance user leads database with 837K records
Category: Data Breach
Content: A threat actor is allegedly selling a dataset of 837,000 Binance user leads marketed as fresh 2026 records. The post was listed in a leads market forum section, suggesting the data may contain personal or contact information. No further details about the data fields or acquisition method are available.
Date: 2026-05-07T11:23:10Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-2026-Bianance-837k-Fresh-Leads-Are-Available
Screenshots:
None
Threat Actors: pm_rasel
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Binance
Victim Site: binance.com
Sale of mixed USA and Europe combo list
Category: Combo List
Content: A threat actor is distributing a combo list of credentials sorted by country, targeting users from the USA and Europe. The post markets the list as exclusive hits mix. No specific breached organization or record count is mentioned.
Date: 2026-05-07T11:19:59Z
Network: openweb
Published URL: https://altenens.is/threads/starby-countriesstarhits-mix-usastareuropestarexclusive-combolist-star.2935777/unread
Screenshots:
None
Threat Actors: hangover934
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Europe and USA distributed on forum
Category: Combo List
Content: A threat actor shared combo lists purportedly covering Europe and USA regions, marketed as high quality and fully valid. No specific record count, targeted service, or price was disclosed in the post.
Date: 2026-05-07T11:19:24Z
Network: openweb
Published URL: https://altenens.is/threads/star100-full-validstarhigh-qualitystareurope-usa-combolists-star.2935783/unread
Screenshots:
None
Threat Actors: hangover934
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Website Defacement of Indonesian Regional Government Legal Site by Anonsec Team
Category: Defacement
Content: On May 7, 2026, a threat actor operating under the alias Mr.spongebob affiliated with Anonsec Team conducted a mass defacement attack against the Indonesian Central Java Provincial Governments legal information website (JDIH). The defacement targeted the domain jdih.jatengprov.go.id and was confirmed as part of a broader mass defacement campaign. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-07T11:19:09Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248952
Screenshots:
None
Threat Actors: Mr.spongebob, Anonsec team
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Central Java Province Regional Government (Jawa Tengah) – Legal Documentation and Information Network (JDIH)
Victim Site: jdih.jatengprov.go.id
Combo list of phone number and password credentials
Category: Combo List
Content: A combo list of phone number and password pairs is being shared on a forum, marketed as high quality and private. No specific victim organization, record count, or targeted service is identified in the post.
Date: 2026-05-07T11:18:25Z
Network: openweb
Published URL: https://altenens.is/threads/star-phone-number-passstarhq-privatestar.2935786/unread
Screenshots:
None
Threat Actors: hangover934
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of WordPress admin credentials with login URLs
Category: Combo List
Content: A threat actor is sharing or selling a list of WordPress admin credentials paired with login URLs and passwords. The post advertises login:password combinations for WordPress admin panels. No record count or pricing details are specified.
Date: 2026-05-07T11:17:52Z
Network: openweb
Published URL: https://altenens.is/threads/check-mark-buttonstarwordpresscheck-mark-buttonstaradminstarurlsstarlogin-pass.2935790/unread
Screenshots:
None
Threat Actors: hangover934
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of URL:Login:Password credentials shared on forum
Category: Combo List
Content: A threat actor shared a URL:Login:Password (ULP) combo list on a cybercrime forum, marketed as high-quality and private. No specific target organization, record count, or geographic scope was identified in the post.
Date: 2026-05-07T11:17:19Z
Network: openweb
Published URL: https://altenens.is/threads/star-url-login-passstar-ulp-starhq-privatestar.2935791/unread
Screenshots:
None
Threat Actors: hangover934
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 3.8K valid credentials
Category: Combo List
Content: A threat actor shared a combo list of 3,800 reportedly valid Hotmail credentials via an external paste platform. The list is marketed as valid and is likely intended for credential stuffing against Hotmail/Outlook accounts.
Date: 2026-05-07T11:16:32Z
Network: openweb
Published URL: https://altenens.is/threads/3-8k-valid-hotmail-combolist.2935849/unread
Screenshots:
None
Threat Actors: VegaM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 11.4K valid credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 11,400 Hotmail credentials, marketed as valid and private. The post is dated 07.05.2026 and requires a forum reply to access the download link.
Date: 2026-05-07T11:15:32Z
Network: openweb
Published URL: https://altenens.is/threads/11-4k-high-voltagehotmailhigh-voltagevalid-mail-access-07-05.2935765/unread
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of initial access to government and medical organizations worldwide
Category: Initial Access
Content: A threat actor is seeking buyers for access to specific networks described as government, medical, and other non-standard targets worldwide, excluding Russia and CIS countries. No further details about the nature of the access or affected organizations are provided.
Date: 2026-05-07T11:14:27Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%D0%98%D1%89%D1%83-%D0%BF%D0%BE%D0%BA%D1%83%D0%BF%D0%B0%D1%82%D0%B5%D0%BB%D1%8F-%D0%BD%D0%B0-%D1%81%D0%BF%D0%B5%D1%86%D0%B8%D1%84%D0%B8%D1%87%D0%BD%D1%8B%D0%B5-%D0%B4%D0%BE%D1%81%D1%82%D1%83%D0%BF%D1%8B
Screenshots:
None
Threat Actors: motomotoc
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Astafad Iraq
Category: Data Leak
Content: A threat actor on BreachForums is freely distributing an alleged database dump attributed to Astafad, an Iraqi organization. The leaked data reportedly includes names, email addresses, phone numbers, dealer numbers and addresses, and payment information. A download link was shared alongside the post.
Date: 2026-05-07T11:12:06Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-DataBase-Astafad-IRAQ
Screenshots:
None
Threat Actors: FreeManX
Victim Country: Iraq
Victim Industry: Unknown
Victim Organization: Astafad
Victim Site: Unknown
Alleged data leak of 140,000 French mobile numbers
Category: Data Leak
Content: A forum post on BreachForums references a dataset containing approximately 140,000 French mobile numbers. No post content was available to confirm the source, format, or distribution method of the data.
Date: 2026-05-07T11:10:20Z
Network: openweb
Published URL: https://breachforums.rs/Thread-140k-french-mobile-number
Screenshots:
None
Threat Actors: courtika
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Equipment Seller Canada
Category: Data Breach
Content: A threat actor has shared what appears to be a database dump from equipmentsellercanada.com via a MediaFire link. No further details regarding record count or data types were provided in the post.
Date: 2026-05-07T11:08:53Z
Network: openweb
Published URL: https://breachforums.rs/Thread-equipmentsellercanada-com
Screenshots:
None
Threat Actors: courtika
Victim Country: Canada
Victim Industry: Retail
Victim Organization: Equipment Seller Canada
Victim Site: equipmentsellercanada.com
Alleged data leak of undisclosed French organization
Category: Data Leak
Content: A forum post advertises a database allegedly containing 50,000 records tied to a French organization. No additional details are available as the post content is empty.
Date: 2026-05-07T11:08:02Z
Network: openweb
Published URL: https://breachforums.rs/Thread-50K-french-database
Screenshots:
None
Threat Actors: courtika
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of undisclosed French organization
Category: Data Leak
Content: A threat actor shared a link to a database file allegedly containing 264,000 records associated with a French organization. The database is hosted on MediaFire and distributed freely. No further details about the source organization or data fields were provided.
Date: 2026-05-07T11:06:33Z
Network: openweb
Published URL: https://breachforums.rs/Thread-264K-french-database
Screenshots:
None
Threat Actors: courtika
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of French B2B Database
Category: Data Leak
Content: A threat actor has shared a link to a French B2B database via MediaFire. The post provides no additional details regarding the source organization, record count, or data fields included.
Date: 2026-05-07T11:06:08Z
Network: openweb
Published URL: https://breachforums.rs/Thread-French-b2b-database
Screenshots:
None
Threat Actors: courtika
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
1M French combo list
Category: Combo List
Content: A combo list containing approximately 1 million credential pairs targeting French users has been shared via a MediaFire link. The list is offered for free download in CSV format.
Date: 2026-05-07T11:04:26Z
Network: openweb
Published URL: https://breachforums.rs/Thread-1M-FRENCH-Combo
Screenshots:
None
Threat Actors: courtika
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of 10,000 Canadian phone numbers
Category: Data Leak
Content: A forum post claims to share a dataset containing 10,000 Canadian phone numbers. No further details about the source organization or data contents are available from the post.
Date: 2026-05-07T11:03:58Z
Network: openweb
Published URL: https://breachforums.rs/Thread-10k-canada-phone-number
Screenshots:
None
Threat Actors: courtika
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Mexican medical laboratory Laboratorio CEFLO
Category: Data Leak
Content: A threat actor claims to have stolen approximately 21,000 medical records from Mexican laboratory Laboratorio CEFLO, including patient names, birth dates, phone numbers, emails, test dates, test types, and results (including HIV, syphilis, and COVID). The data is being distributed for free after the actor claims the organization did not respond to extortion contact. The dump is hosted behind a registration wall on BreachForums.
Date: 2026-05-07T11:02:32Z
Network: openweb
Published URL: https://breachforums.rs/Thread-21K-test-HIV-sifilis-COVID-etc-positive-Mexican-CEFLO-LAB
Screenshots:
None
Threat Actors: Alameda_Slim
Victim Country: Mexico
Victim Industry: Healthcare
Victim Organization: Laboratorio CEFLO
Victim Site: laboratorioceflo.com
Combo list of 3,500 Hotmail credentials
Category: Combo List
Content: A threat actor is offering a combo list of approximately 3,500 Hotmail email account credentials, marketed as top quality and dated May 7. No additional details are available from the post content.
Date: 2026-05-07T11:02:06Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-3-5K-Hotmail-Mail-Access-Just-Top-Quality-07-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of German email credential combo list (15K records)
Category: Combo List
Content: A threat actor is offering a combo list of 15,000 German email credentials, marketed as fully valid as of May 7. The content is behind a registration/login wall on the forum.
Date: 2026-05-07T11:00:32Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-15K-Just-Germany-Mail-Access-Full-Valid-07-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of La France Insoumise political party social network (actionpopulaire.fr)
Category: Data Leak
Content: A threat actor leaked data allegedly dumped from actionpopulaire.fr, the social network of the French political party La France Insoumise. The leaked files include group and event membership data (messages, emails, phone numbers, names) as well as payment and subscription records (amounts, dates, personal addresses). The actor hints at exploitation of an RCE vulnerability in an outdated backend stack as the intrusion vector.
Date: 2026-05-07T11:00:00Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-FR-FRANCE-LA-FRANCE-INSOUMISE-actionpopulaire-fr-04-26-2026-120k
Screenshots:
None
Threat Actors: fuzzeddffmepg
Victim Country: France
Victim Industry: Government
Victim Organization: La France Insoumise
Victim Site: actionpopulaire.fr
Sale of Discord Token Checker Tool
Category: Combo List
Content: A threat actor is offering a Discord token checker tool, advertised as full capture, via a cracking forum. The tool is used to validate stolen Discord tokens. Contact is directed to a Telegram handle for acquisition.
Date: 2026-05-07T10:57:00Z
Network: openweb
Published URL: https://altenens.is/threads/full-capture-discord-token-checker.2935858/unread
Screenshots:
None
Threat Actors: GHOSTATN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail credential combo list with 2,064 hits
Category: Combo List
Content: A threat actor shared a combo list advertised as 2,064 premium Hotmail credential hits. The post was made in a combolist-focused forum section, suggesting the credentials are intended for credential stuffing or account takeover activity.
Date: 2026-05-07T10:55:01Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-2064x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: xdalphaa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Aurora Stealer logs from Canada distributed on forum
Category: Logs
Content: A threat actor is distributing 250 Aurora Stealer logs sourced from Canadian victims running Windows 11 Enterprise. The logs include credentials and cookies harvested via Chrome 122.x. Content is gated behind forum registration/login.
Date: 2026-05-07T10:51:14Z
Network: openweb
Published URL: https://breachforums.rs/Thread-URL-LOGIN-PASS-ULP-Aurora-Stealer-250-logs-CA
Screenshots:
None
Threat Actors: CocoMel0n
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged Forex trader database dump containing 6.4 million records
Category: Data Breach
Content: A threat actor is offering for sale an alleged Forex trader database purportedly compiled from 2,568 sites and containing approximately 6.4 million records. The dataset reportedly includes names, email addresses, and phone numbers of Forex traders. The post references a 2023 breach and promotes contact via Telegram and Skype.
Date: 2026-05-07T10:48:27Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-biggest-Forex-dump-leak-2568-sites-that-have-6486350-lines
Screenshots:
None
Threat Actors: aisdata
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Credit Institute of Vietnam
Category: Data Breach
Content: A threat actor is selling an alleged 2025 database belonging to the Credit Institute of Vietnam. Sample screenshots are provided, and interested buyers are directed to contact the seller via Telegram for further details.
Date: 2026-05-07T10:47:55Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Credit-Institute-of-Vietnam-Database-2025
Screenshots:
None
Threat Actors: xakoji3864
Victim Country: Vietnam
Victim Industry: Finance
Victim Organization: Credit Institute of Vietnam
Victim Site: Unknown
Sale of stolen cookies and credentials for multiple online services
Category: Logs
Content: A threat actor is distributing stolen cookies and credentials for multiple online services including Claude, Cursor, Netflix, Steam, and payment card data via an external file hosting link. The post appears to offer session cookies and account access data harvested via info-stealer malware.
Date: 2026-05-07T10:45:08Z
Network: openweb
Published URL: https://breached.st/threads/cookies-claude-cursor-netflix-steam-cc-more.86868/unread
Screenshots:
None
Threat Actors: bluestarcrack
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Clark International Airport
Category: Data Breach
Content: A threat actor is offering for sale an alleged database from Clark International Airport containing approximately 2 million passenger records. The data reportedly includes passport numbers, dates of birth, phone numbers, gender, and addresses in CSV format, priced at $2,780 USD. A sample of 29,000 records is offered freely as proof.
Date: 2026-05-07T10:43:35Z
Network: openweb
Published URL: https://breached.st/threads/2m-clarkinternationalairport-com-philippines-air-travel.86870/unread
Screenshots:
None
Threat Actors: MDGhost
Victim Country: Philippines
Victim Industry: Transportation
Victim Organization: Clark International Airport
Victim Site: clarkinternationalairport.com
Alleged data leak of Australian crypto-related individuals including personal and identity data
Category: Logs
Content: A threat actor is distributing stealer logs pertaining to over 300 Australian individuals with crypto-related activity. The data allegedly includes full names, addresses, phone numbers, and ID information. The content is shared behind a reply gate on a dark web forum and promoted via a Telegram channel.
Date: 2026-05-07T10:38:44Z
Network: openweb
Published URL: https://darkforums.su/Thread-300-AUSTRALIA-CRYPTO-RELATED-FULL-NAME-ADDRESS-PHONE-NUMBER-ID
Screenshots:
None
Threat Actors: dumpzeta
Victim Country: Australia
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of stealer logs (ULP format, 0.5 GB)
Category: Logs
Content: A threat actor shared approximately 0.5 GB of compressed stealer logs in URL:Login:Password (ULP) format on a dark web forum. The logs are marketed as fresh and high quality. Access requires replying to the thread or upgrading a forum account.
Date: 2026-05-07T10:38:06Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-%E2%9C%AA-0-5-GB-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-ULP-LOG-S-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged cross-platform RCS 0-day exploit chain with FUD evasion and rootkit
Category: Malware
Content: A threat actor is selling a claimed cross-platform Remote Control System (RCS) exploit chain targeting Windows 10/11, Android 12–16, and macOS, advertised as fully undetected (FUD) with optional rootkit, custom crypter, and C2 compatibility with Empire, Mythic, and Cobalt Strike. The offering includes multiple licensing tiers ranging from $3,000 for a single-device license to $9,000 for an unlimited Black Ops Edition with private C2 infrastructure. Features claimed include zero-day kernel-leve
Date: 2026-05-07T10:36:20Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-%F0%9F%92%A5-WTS-Premium-RCS-Exploit-%E2%80%94-0-Day-Remote-Access-Chain-FUD-Cross-Platform-2026–75604
Screenshots:
None
Threat Actors: Breachedforum
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Robinhood Crypto with 6 million records including payment cards, KYC documents, and crypto portfolio data
Category: Data Breach
Content: A threat actor is offering for sale an alleged database from Robinhood Crypto attributed to an April 2026 security incident, comprising approximately 6 million records. The dataset purportedly includes user profiles, 3.5 million credit card records with CVVs, 4 million KYC verification documents (passports, drivers licenses), crypto wallet balances, transaction histories, and password hashes. The complete dataset is priced at $8,000 in cryptocurrency, with segmented subsets available upon inqui
Date: 2026-05-07T10:35:36Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-PREMIUM-EXCLUSIVE-Robinhood-Crypto-April-2026-Database-Leak-6M-Records-CCs-KYC–75605
Screenshots:
None
Threat Actors: Breachedforum
Victim Country: United States
Victim Industry: Finance
Victim Organization: Robinhood Crypto
Victim Site: robinhood.com
Alleged sale of 500,000 credit card records from Capital One and Synchrony breach
Category: Carding
Content: A threat actor on a darknet forum is offering for sale an alleged dataset of 500,000 credit card records, claimed to have been sourced from a breach of Capital One and Synchrony systems in April 2026 via API exploits and phishing. The dataset is advertised as containing full card details (card numbers, CVVs, expiration dates) along with fullz (names, addresses, SSNs) for approximately 65% of records, spanning 50+ countries. Pricing ranges from $350 for a regional sample to $4,980 for the full da
Date: 2026-05-07T10:34:44Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-500K-Global-Credit-Card-Database-%E2%80%93-April-2026-Capital-One-Synchrony-Breach–75674
Screenshots:
None
Threat Actors: Leakbase
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Capital One, Synchrony
Victim Site: capitalone.com, synchrony.com
Alleged data breach of Ciputra University (ciputra.ac.id), Indonesia
Category: Data Breach
Content: A threat actor is selling a dataset allegedly obtained from Ciputra University in Surabaya, Indonesia, containing approximately 21,000 rows of student PII. The data includes names, birth dates, email addresses, mobile numbers, social media handles, parental information, academic scores, religious affiliation, and application credentials such as usernames and passwords. Proof offered includes one CSV file and five screenshots.
Date: 2026-05-07T10:34:00Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Indonesia-21k-row-PII-Data-ciputra-ac-id
Screenshots:
None
Threat Actors: BigBrother
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Ciputra University
Victim Site: ciputra.ac.id
Sale of alleged Crypto.com trader database with enriched financial and personal data
Category: Data Breach
Content: A threat actor is selling an alleged database of 185,742 trader profiles purportedly extracted from Crypto.coms trading and forex platform between April 22–28, 2026. The dataset is claimed to include full names, verified emails, phone numbers, KYC levels, deposit and trading volume history, hashed passwords, device fingerprints, and recent trade snippets. The seller is offering tiered pricing from $180 for a test pack to $4,200 for the full database, accepting BTC, XMR, and USDT.
Date: 2026-05-07T10:33:14Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Exclusive-April-2026-Crypto-com-Forex-CFD-Trader-Leads-Database–75725
Screenshots:
None
Threat Actors: Chinahacker
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Crypto.com
Victim Site: crypto.com
Sale of resume documents and personal data across multiple countries
Category: Data Breach
Content: A threat actor is offering for sale a dataset of resume/CV documents spanning individuals from over 180 countries, with the largest portions from France (11,480), the Philippines (5,098), the United Kingdom (4,105), the United States (3,848), and Germany (2,773). The source organization or platform from which the data was obtained is not disclosed. Full data is advertised via Telegram contact.
Date: 2026-05-07T10:31:29Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-%F0%9F%9A%A8-Resume-docs-data-across-globally-%F0%9F%87%AB%F0%9F%87%B7-FR-%F0%9F%87%B5%F0%9F%87%AD-PH-%F0%9F%87%AC%F0%9F%87%A7-GB-%F0%9F%87%BA%F0%9F%87%B8-US-%F0%9F%87%A9%F0%9F%87%AA-DE
Screenshots:
None
Threat Actors: attacker_company
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of classified data from Pakistan Government and Military Departments
Category: Data Breach
Content: A threat actor is selling approximately 40 GB of alleged classified data extracted from multiple Pakistani government and military departments, including the Ministry of Defence, Military Intelligence, FIA, and National Counter Terrorism Authority. The dataset purportedly includes classified documents and personal details of military officers and government officials. The seller is asking $4,500 and is offering samples upon request.
Date: 2026-05-07T10:30:42Z
Network: openweb
Published URL: https://darkforums.su/Thread-PK-GOVERNMENT-AND-MILITARY-DEPARTMENTS
Screenshots:
None
Threat Actors: ModernStealer
Victim Country: Pakistan
Victim Industry: Government
Victim Organization: Pakistan Ministry of Defence, Ministry of Interior, NACTA, Military Intelligence, FIA, CTD, NIFTAC, PIFTAC, Civil Defence
Victim Site: Unknown
Sale of aged and verified Facebook Business Manager accounts for advertising abuse
Category: Services
Content: A threat actor is selling aged and verified Facebook Business Manager accounts, marketed as suitable for running advertisements. Offerings include 2FA codes, user guides for safe login, and bulk pricing options. Payment is accepted via cryptocurrency and TransferWise.
Date: 2026-05-07T10:30:01Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Facebook-Verified-Aged-Business-Manager-BM-Reinstated-Accounts-Best-For-Ads
Screenshots:
None
Threat Actors: eyecarezone
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of passport scans and identity document photos
Category: Carding
Content: A threat actor operating via scano-ff.net is selling scanned passports, registration documents, and photos of individuals holding passports. Offerings cover documents primarily from Russia, CIS countries, and Europe, priced from $1 to $5.50 per item with bulk discounts available. The service operates as an automated 24/7 online shop.
Date: 2026-05-07T10:29:03Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Selling-scans-of-Passport-and-photos-with-a-Passport-in-hand
Screenshots:
None
Threat Actors: Alliono4ka
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fraudulent Chorus Pro invoicing software targeting French government
Category: Services
Content: A threat actor is offering for sale software purportedly designed to send, receive, and track invoices via Chorus Pro, the official French government invoicing platform used by municipalities, hospitals, and ministries. The tool appears intended for fraudulent public invoicing against French government entities. Contact is provided via Telegram.
Date: 2026-05-07T10:28:24Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-FR-CHORUS-PRO-SOFTWARE
Screenshots:
None
Threat Actors: ARPANET744
Victim Country: France
Victim Industry: Government
Victim Organization: Unknown
Victim Site: chorus-pro.gouv.fr
Sale of government email accounts and admin panels with law enforcement access for Angola and Spain
Category: Initial Access
Content: A threat actor is selling compromised government email accounts and admin panels for Angola and Spain, priced individually or in bundles. The seller claims all accounts carry law enforcement access, and Spanish government accounts reportedly include Kodex access or equivalent acceptance within one week. Access is offered via Telegram.
Date: 2026-05-07T10:27:19Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Government-Emails-Admin-Panels-LAW-ENFORCEMENT-ACCESS
Screenshots:
None
Threat Actors: KayoTheDon
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Sale of full admin access to undisclosed US medical transport network with 500,000+ patient records
Category: Initial Access
Content: A threat actor is offering for sale full administrative access to a live US Non-Emergency Medical Transportation (NEMT) platform, claiming control over an operational dashboard, provider management, and billing systems. The access reportedly includes a live database of 500,000+ patients containing demographic data, insurance details (Medi-Cal), SSNs, and medical records, as well as full source code for the platform identified as Smart-Data-Hub. The seller advertises monetization via fraudulent
Date: 2026-05-07T10:26:39Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Full-Admin-Access-to-Massive-US-Medical-Transport-Network-500k-Records-Provider
Screenshots:
None
Threat Actors: boltak
Victim Country: United States
Victim Industry: Healthcare
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Endesa Spain with 20M+ IBAN records
Category: Data Breach
Content: A threat actor is selling an alleged SQL database dump attributed to Endesa, a major Spanish energy provider, claiming it contains over 20 million records including IBAN data. The seller describes the data as fresh and previously unreleased, offered in a single .sql file of approximately 1TB. A 1,000-record sample was shared via an external link.
Date: 2026-05-07T10:25:52Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-ENDESA-SPAIN-2026-IBAN-20M–75730
Screenshots:
None
Threat Actors: Leads
Victim Country: Spain
Victim Industry: Energy
Victim Organization: Endesa
Victim Site: endesa.com
Sale of live Redis cache access from Brazilian AI WhatsApp automation platform
Category: Initial Access
Content: A threat actor is selling access to a live Redis cache belonging to an unidentified Brazilian AI-driven WhatsApp/SMS automation platform. The cache reportedly contains customer names, phone numbers, WhatsApp conversation logs, lead scores, debtor records, and agent performance data, with 9,741 total keys actively updating in real time. The seller is soliciting private messages from interested buyers.
Date: 2026-05-07T10:25:13Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Redis-Cache-%E2%80%94-Live-Brazilian-AI-Agent-System
Screenshots:
None
Threat Actors: KurdishWorm
Victim Country: Brazil
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: Unknown
Sale of undetected keylogger and file manager malware with Discord-based C2
Category: Malware
Content: Threat actor sharpie787 is selling two malware tools: an undetected keylogger for Windows using Discord webhooks to exfiltrate keystrokes, priced at $20, and an undetected file manager/RAT using a Discord bot as a C2 server with capabilities including file management, credential theft, and remote execution, priced at $45. Both tools are claimed to bypass all antivirus solutions.
Date: 2026-05-07T10:24:30Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Undetected-Malwares-for-20
Screenshots:
None
Threat Actors: sharpie787
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of United Kingdom citizens personal data
Category: Data Leak
Content: A threat actor is distributing a dataset purportedly containing full personal information (fullz) of United Kingdom citizens. The content is gated behind a reply or account upgrade requirement. The post references a Telegram channel (@atezhub) for additional data drops.
Date: 2026-05-07T10:22:27Z
Network: openweb
Published URL: https://darkforums.su/Thread-UNITED-KINGDOM-CITIZENS-DATABASE-FULLZ-INFO
Screenshots:
None
Threat Actors: dumpzeta
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Antel TuID Digital platform exposing Uruguayan citizen identity records
Category: Data Leak
Content: A threat actor claiming sustained API access to Antels TuID Digital platform has leaked samples of Uruguayan citizen identity data including national ID numbers, full names, birthdates, email addresses, phone numbers, and biometric validation status. The actor states they also downloaded 8 GB of internal Antel files including legal documents, employee feedback, infrastructure documents, and API keys. The full extracted database is reportedly not included in the leak, but samples and the 8 GB fi
Date: 2026-05-07T10:21:33Z
Network: openweb
Published URL: https://darkforums.su/Thread-uruguay-Antel-TuID-Digital-8GB-Data-Leak-Government
Screenshots:
None
Threat Actors: LaPampaLeaks
Victim Country: Uruguay
Victim Industry: Government
Victim Organization: Antel
Victim Site: antel.com.uy
Alleged data leak of Mexican medical laboratory CEFLO LAB exposing HIV, syphilis, and COVID patient records
Category: Data Leak
Content: A threat actor claims to have stolen approximately 21,000 medical records from Mexican laboratory CEFLO LAB, including patient names, birth dates, phone numbers, emails, and diagnostic test results for conditions such as HIV, syphilis, and COVID-19. The data is being distributed for free to the forum community. The actor states additional datasets are available for purchase.
Date: 2026-05-07T10:20:33Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-21K-HIV-sifilis-COVID-etc-positive-Mexican-CEFLO-LAB
Screenshots:
None
Threat Actors: Alameda_slim
Victim Country: Mexico
Victim Industry: Healthcare
Victim Organization: CEFLO LAB
Victim Site: Unknown
Request for US/CA shopping stealer logs
Category: Logs
Content: A forum user is seeking large quantities of stealer log data from US and Canadian shopping sites. The requested logs must include name, address, zip code, and related personal information, and must be unsold soft logs. Contact is solicited via Telegram.
Date: 2026-05-07T10:19:01Z
Network: openweb
Published URL: https://pwnforums.st/Thread-Seeking-fresh-US-CA-shopping-log-data–189167
Screenshots:
None
Threat Actors: xiniouer
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Sale of Belgian sports organization customer database with IBAN records
Category: Data Breach
Content: A threat actor is selling a database allegedly sourced from a Belgian sports organization, containing IBAN financial data for approximately 105,000 customers. The seller is offering 1,000 records for $90 or the full dataset for $8,500. No specific organization name or domain is disclosed.
Date: 2026-05-07T10:03:46Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-BE-SPORT-IBAN
Screenshots:
None
Threat Actors: shabat
Victim Country: Belgium
Victim Industry: Sports & Recreation
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of private cloud Hotmail credentials and combolists across multiple countries
Category: Combo List
Content: Threat actor offering access to private cloud database containing high-quality Hotmail credentials and geo-specific combolists (email:password lists) across multiple countries including FR, IT, BR, UK, US, JP, PL, RU, ES, MX, CA, SG and others. Also offering credentials for platforms including Walmart, eBay, Kleinanzeigen, Uber, Poshmark, Reddit, Depop, and Amazon. Targeting serious buyers only.
Date: 2026-05-07T09:47:02Z
Network: telegram
Published URL: https://t.me/c/2613583520/77093
Screenshots:
None
Threat Actors: Yhōu
Victim Country: Multiple countries
Victim Industry: Multiple (e-commerce, cryptocurrency, telecommunications)
Victim Organization: Unknown
Victim Site: Unknown
Alleged VOLTRUPTOR Malware Targeting SCADA Systems with Multi-Protocol Support
Category: Malware
Content: Infrastructure Destruction Squad has shared information about VOLTRUPTOR, a malware designed to target SCADA systems. The malware features multi-protocol support and is built with detection evasion and operational disruption capabilities.
Date: 2026-05-07T08:06:48Z
Network: telegram
Published URL: https://t.me/c/2735908986/4211
Screenshots:
None
Threat Actors: Infrastructure Destruction Squad
Victim Country: Unknown
Victim Industry: Critical Infrastructure
Victim Organization: Unknown
Victim Site: Unknown
Alleged cyber attack on Mexicos Monterrey water utility using AI for industrial target identification
Category: Cyber Attack
Content: Dragos security firm reported that attackers used Claude AI (Anthropic) and GPT models (OpenAI) in a January 2026 attack against Monterrey water and sewage organization (SADM) in Mexico. The AI automatically identified a vNode SCADA management interface and Industrial IoT (IIoT) systems, classified them as high-value targets, and recommended password spray attacks. While operational technology (OT) system compromise was unsuccessful, Dragos warned that AI usage could make industrial infrastructure more accessible to attackers.
Date: 2026-05-07T07:59:53Z
Network: telegram
Published URL: https://t.me/c/1283513914/21600
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Mexico
Victim Industry: Water/Utilities
Victim Organization: Monterrey Water and Sewage Organization (SADM)
Victim Site: Unknown
Un posible ciberataque afecta a los servidores del Ayuntamiento de Valdemoro e impide realizar trámites
Category: Cyber Attack
Content: Une incidence réseau, potentiellement due à une cyberattaque, a affecté les serveurs de lAyuntamiento de Valdemoro, empêchant actuellement la réalisation de démarches et consultations municipales en ligne. La municipalité a notifié lincident au Centro Criptológico Nacional et travaille à la résolution du problème après avoir déconnecté les serveurs par mesure préventive. Les autorités conseillent aux citoyens de rester vigilants face aux tentatives de fraude et de changer leurs mots de passe en prévision dun possible accès à des données personnelles.
Date: 2026-05-07T07:42:14Z
Network: openweb
Published URL: https://alcabodelacalle.es/en-portada/un-posible-ciberataque-afecta-a-los-servidores-del-ayuntamiento-de-valdemoro-e-impide-realizar-tramites/
Screenshots:
None
Threat Actors:
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Ayuntamiento de Valdemoro
Victim Site: valdemoro.es
Website Defacement of IPTV Italia by Vazzle07
Category: Defacement
Content: On May 7, 2026, the website iptv-italia.org, an Italian IPTV media platform, was defaced by a threat actor operating under the handle Vazzle07. The attack targeted the homepage and was carried out as a single-site defacement with no affiliation to a known hacking team. No specific motive or proof of concept was disclosed alongside the incident.
Date: 2026-05-07T07:27:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917745
Screenshots:
None
Threat Actors: Vazzle07
Victim Country: Italy
Victim Industry: Media and Entertainment
Victim Organization: IPTV Italia
Victim Site: iptv-italia.org
Alleged database breach of Israeli citizens
Category: Data Breach
Content: A threat actor using the handle xyph0rix has posted on Breachforums claiming to have a database of Israeli citizens. The post references database-warga-israel (Israeli citizen database) and includes a link to the threat actors Breachforums profile.
Date: 2026-05-07T07:06:09Z
Network: telegram
Published URL: https://t.me/Xyph0rix/310
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of ypam.ca by Inside Alone7 of Hidden Cyber Crime
Category: Defacement
Content: On May 7, 2026, a threat actor known as Inside Alone7, affiliated with the group Hidden Cyber Crime, defaced a page on the Canadian website ypam.ca. The incident targeted a specific file path (1000.txt) rather than the homepage, indicating a targeted file-level defacement. Server and technical details remain unknown, and no specific motive was provided.
Date: 2026-05-07T06:25:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917742
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: YPAM
Victim Site: ypam.ca
Website Defacement of EliteOnline Kazakhstan by Inside Alone7 of Hidden Cyber Crime
Category: Defacement
Content: On May 7, 2026, a threat actor known as Inside Alone7, operating under the group Hidden Cyber Crime, defaced the Kazakhstani website eliteonline.kz. The defacement targeted a specific file path (1000.txt) and was recorded as a singular, non-mass incident. No specific motive or server details were disclosed in connection with this attack.
Date: 2026-05-07T06:20:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917743
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Kazakhstan
Victim Industry: Unknown
Victim Organization: EliteOnline
Victim Site: www.eliteonline.kz
Alleged data breach of Progressive Oral Surgery – 240k+ patient records and financial data
Category: Data Breach
Content: NightSpire threat actor claims to have breached Progressive Oral Surgery (United States) and exfiltrated approximately 45GB of data including financial records and personal information of over 240,000 patients. The threat actor is selling access to the full dataset for $3,000 USD and has made sample patient records available for download via Tor.
Date: 2026-05-07T04:48:18Z
Network: telegram
Published URL: https://t.me/c/3619924522/47
Screenshots:
None
Threat Actors: NightSpire
Victim Country: United States
Victim Industry: Healthcare
Victim Organization: Progressive Oral Surgery
Victim Site: progressiveoralsurgery.com
Mass Web Defacement of Indonesian University by HackerSec.ID (Mr.spongebob)
Category: Defacement
Content: On May 7, 2026, a threat actor operating under the alias Mr.spongebob, affiliated with the Indonesian hacking group HackerSec.ID, conducted a mass web defacement targeting the research management information system (SIM LPPM) of Universitas PGRI Semarang in Indonesia. The attack was confirmed as part of a mass defacement campaign, affecting a Linux-based server, with a mirror of the defaced page archived at haxor.id.
Date: 2026-05-07T04:06:09Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248946
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS) – LPPM Research Institute
Victim Site: sim.lppm.upgrisba.ac.id
Mass Website Defacement of UPGRIS Balikpapan by Mr.spongebob (HackerSec.ID)
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.spongebob, affiliated with the group HackerSec.ID, conducted a mass defacement attack against mku.upgrisba.ac.id, a subdomain belonging to UPGRIS Balikpapan, an Indonesian university. The attack targeted a Linux-based web server and resulted in the replacement of web content with a defacement page. This incident was part of a broader mass defacement campaign attributed to the same actor.
Date: 2026-05-07T04:05:13Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248931
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang Balikpapan (UPGRIS Balikpapan)
Victim Site: mku.upgrisba.ac.id
Mass Website Defacement of UPGRIS BA University by Mr.spongebob (Sukabumi Blackhat)
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.spongebob, affiliated with the Indonesian hacktivist group Sukabumi Blackhat, conducted a mass defacement targeting the website of Universitas PGRI Silampari Baturaja (UPGRIS BA) in Indonesia. The defacement affected the informatika department subdomain running on a Linux server. A mirror of the defacement was archived at haxor.id, indicating the incident is part of a broader mass defacement campaign.
Date: 2026-05-07T04:03:20Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248893
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Silampari Baturaja (UPGRIS BA)
Victim Site: ti.upgrisba.ac.id
Mass Website Defacement of UPGRIS Semarang by HackerSec.ID (Mr.spongebob)
Category: Defacement
Content: On May 7, 2026, a threat actor operating under the alias Mr.spongebob, affiliated with the group HackerSec.ID, conducted a mass defacement attack targeting a subdomain of Universitas PGRI Semarang (UPGRIS), an Indonesian academic institution. The defaced page was hosted on a Linux-based server and replaced with attacker messaging. This incident was classified as a mass defacement, suggesting multiple sites or pages were compromised as part of the same campaign.
Date: 2026-05-07T04:02:32Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248930
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS)
Victim Site: snpsiti.upgrisba.ac.id
Mass Website Defacement of UPGRIS BA Entrepreneurship Portal by Mr.spongebob of HackerSec.ID
Category: Defacement
Content: On May 7, 2026, a threat actor identified as Mr.spongebob, affiliated with the group HackerSec.ID, defaced the entrepreneurship subdomain of UPGRIS BA, an Indonesian university. The incident was part of a mass defacement campaign targeting the Linux-based web server, with the defaced page archived at haxor.id.
Date: 2026-05-07T04:01:02Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248923
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang Balikpapan (UPGRIS BA)
Victim Site: kewirausahaan.upgrisba.ac.id
Mass Website Defacement of UPGRIS Semarang (upgrisba.ac.id) by Mr.spongebob of HackerSec.ID
Category: Defacement
Content: On May 7, 2026, a threat actor identified as Mr.spongebob, affiliated with the group HackerSec.ID, conducted a mass defacement attack targeting a subdomain of Universitas PGRI Semarang (UPGRIS), an Indonesian university. The attacker successfully defaced the page at unakerhum.upgrisba.ac.id/uid.html on a Linux-based server. This incident was part of a broader mass defacement campaign, with a mirror of the defaced page archived at haxor.id.
Date: 2026-05-07T04:00:02Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248943
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS)
Victim Site: unakerhum.upgrisba.ac.id
Mass Defacement of Indonesian University Website by Mr.spongebob of HackerSec.ID
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.spongebob, operating under the group HackerSec.ID, conducted a mass defacement campaign targeting the WordPress subdomain of Universitas PGRI Semarang (UPGRIS), an Indonesian university. The defaced page was hosted on a Linux server and archived via haxor.id. This incident was part of a broader mass defacement operation and did not target the sites homepage directly.
Date: 2026-05-07T03:58:22Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248918
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS)
Victim Site: wp.upgrisba.ac.id
Mass Website Defacement of Indonesian University by Mr.spongebob of Sukabumi Blackhat
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.spongebob, operating under the group Sukabumi Blackhat, conducted a mass defacement attack targeting the sociology department website of Universitas PGRI Silampari Baturaja in Indonesia. The attack targeted a Linux-based web server and resulted in the defacement of the page at the specified URL. This incident was part of a broader mass defacement campaign, with the mirror archived on haxor.id.
Date: 2026-05-07T03:57:51Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248911
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Silampari Baturaja (UPGRISBA) – Sociology Department
Victim Site: sosiologi.upgrisba.ac.id
Mass Website Defacement of Indonesian University by Sukabumi Blackhat
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.spongebob, affiliated with the group Sukabumi Blackhat, conducted a mass defacement attack targeting the Geography department website of Universitas PGRI Silampari Banyuasin (UPGRIS BA) in Indonesia. The attacker successfully compromised the Linux-based web server and replaced the page content at the targeted URL. The incident was recorded as part of a mass defacement campaign, with a mirror archived on haxor.id.
Date: 2026-05-07T03:56:11Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248905
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Silampari Banyuasin (UPGRIS BA) – Geography Department
Victim Site: geografi.upgrisba.ac.id
Mass Website Defacement of Indonesian University by Mr.spongebob of HackerSec.ID
Category: Defacement
Content: On May 7, 2026, a threat actor identified as Mr.spongebob, operating under the group HackerSec.ID, conducted a mass defacement attack targeting guruvokasi.upgrisba.ac.id, a subdomain associated with Universitas PGRI Semarang in Indonesia. The defacement was not limited to the home page and was part of a broader mass defacement campaign. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-07T03:55:11Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248924
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS)
Victim Site: guruvokasi.upgrisba.ac.id
Mass Website Defacement of Indonesian University by HackerSec.ID
Category: Defacement
Content: On May 7, 2026, a threat actor operating under the alias Mr.Spongebob, affiliated with the group HackerSec.ID, defaced a subdomain belonging to Universitas PGRI Semarang (UPGRIS), an Indonesian university. The attack was part of a mass defacement campaign targeting a Linux-based web server. The defaced page was archived via haxor.id, a known mirror service used to document defacement incidents.
Date: 2026-05-07T03:54:33Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248940
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS)
Victim Site: biologiterapan.upgrisba.ac.id
Mass Website Defacement of UPGRIS BA Physics Department by Sukabumi Blackhat
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.Spongebob, affiliated with the Indonesian hacktivist group Sukabumi Blackhat, conducted a mass defacement attack targeting the Physics Department website of Universitas PGRI Silampari Bangka (UPGRIS BA) in Indonesia. The attack was confirmed as part of a mass defacement campaign, affecting the subdomain fisika.upgrisba.ac.id running on a Linux server. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-07T03:53:39Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248904
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Silampari Bangka (UPGRIS BA) – Physics Department
Victim Site: fisika.upgrisba.ac.id
Mass Website Defacement of UPGRIS Semarang by Mr.spongebob / HackerSec.ID
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.spongebob, operating under the team HackerSec.ID, conducted a mass defacement targeting a subdomain of Universitas PGRI Semarang (UPGRIS), an Indonesian academic institution. The defaced page was hosted on a Linux server and archived via haxor.id. This incident is part of a broader mass defacement campaign attributed to the same actor.
Date: 2026-05-07T03:53:05Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248949
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS)
Victim Site: ebookstudihumanitass2.upgrisba.ac.id
Mass Website Defacement of Indonesian University by HackerSec.ID
Category: Defacement
Content: On May 7, 2026, a threat actor operating under the alias Mr.Spongebob, affiliated with the group HackerSec.ID, conducted a mass defacement attack targeting uptti.upgrisba.ac.id, a subdomain belonging to Universitas PGRI Semarang in Indonesia. The attack targeted a Linux-based web server and resulted in the defacement of the page uid.html. This incident was classified as a mass defacement, suggesting multiple sites or pages were simultaneously compromised.
Date: 2026-05-07T03:52:03Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248933
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS)
Victim Site: uptti.upgrisba.ac.id
Alleged data breach of The Country Club of Darien by NightSpire_Breach
Category: Data Breach
Content: NightSpire_Breach claims to have breached The Country Club of Darien (ccdarien.org) in the United States and stolen approximately 1TB of data including sales operations, manufacturing data, R&D projects, business administration records, and software/digital assets. The threat actor is offering the stolen data for sale at $2000 with a download link provided via Tor.
Date: 2026-05-07T03:50:29Z
Network: telegram
Published URL: https://t.me/c/3619924522/45
Screenshots:
None
Threat Actors: NightSpire_Breach
Victim Country: United States
Victim Industry: Hospitality/Country Club
Victim Organization: The Country Club of Darien
Victim Site: ccdarien.org
Mass Website Defacement of UPGRIS Balikpapan by Mr.spongebob of HackerSec.ID
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.spongebob, affiliated with the Indonesian hacking group HackerSec.ID, conducted a mass defacement attack targeting the assets subdomain of Universitas PGRI Balikpapan, an Indonesian university. The attack was carried out on a Linux-based server and was part of a broader mass defacement campaign, with the defaced page archived at haxor.id.
Date: 2026-05-07T03:49:53Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248919
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Balikpapan (UPGRIS Balikpapan)
Victim Site: assets.upgrisba.ac.id
Mass Web Defacement of Indonesian University Site by Mr.spongebob of Sukabumi Blackhat
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.spongebob, affiliated with the group Sukabumi Blackhat, conducted a mass web defacement targeting mbkm.upgrisba.ac.id, a subdomain associated with Universitas PGRI Semarang in Indonesia. The defaced page was hosted on a Linux server and archived via haxor.id. This incident was part of a mass defacement campaign rather than an isolated or repeated attack against the same target.
Date: 2026-05-07T03:48:27Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248895
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS)
Victim Site: mbkm.upgrisba.ac.id
Mass Website Defacement of UPGRIS Banyumas by Mr.spongebob / Sukabumi Blackhat
Category: Defacement
Content: On May 7, 2026, a threat actor identified as Mr.spongebob, affiliated with the group Sukabumi Blackhat, conducted a mass defacement attack targeting bk.upgrisba.ac.id, a subdomain belonging to the Indonesian university UPGRIS Banyumas. The attack involved replacing the target page with a defacement notice and was part of a broader mass defacement campaign operating on a Linux-based server. The defaced page was archived and mirrored at haxor.id.
Date: 2026-05-07T03:47:03Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248913
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang Banyumas (UPGRIS Banyumas)
Victim Site: bk.upgrisba.ac.id
Mass Website Defacement of UPGRIS Balikpapan Press by Mr.spongebob of Sukabumi Blackhat
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.spongebob, operating under the group Sukabumi Blackhat, conducted a mass defacement targeting the press subdomain of Universitas PGRI Balikpapan (UPGRIS Balikpapan), an Indonesian university. The defacement was confirmed as part of a mass defacement campaign running on a Linux-based server, with the defaced page archived at haxor.id. The incident represents a targeted attack against Indonesian academic infrastructure.
Date: 2026-05-07T03:46:16Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248898
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Balikpapan (UPGRIS Balikpapan)
Victim Site: press.upgrisba.ac.id
Mass Website Defacement of UPGRIS Banyumas GIS Portal by Mr.spongebob of Sukabumi Blackhat
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.spongebob, affiliated with the Indonesian hacktivist group Sukabumi Blackhat, conducted a mass defacement campaign targeting the GIS web portal of UPGRIS Banyumas, an Indonesian university. The defacement was confirmed as part of a mass defacement operation, with the compromised page archived at haxor.id. The targeted server was running on a Linux-based environment.
Date: 2026-05-07T03:45:39Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248897
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang Banyumas (UPGRIS Banyumas)
Victim Site: gis.upgrisba.ac.id
Mass Website Defacement of UPGRIS Semarang by Mr.spongebob / HackerSec.ID
Category: Defacement
Content: On May 7, 2026, the Indonesian hacker known as Mr.spongebob, affiliated with the group HackerSec.ID, conducted a mass defacement targeting the website of Universitas PGRI Semarang (UPGRIS), specifically the UPTBK subdomain. The defaced page was hosted on a Linux server and archived via haxor.id. This incident is classified as a mass defacement, indicating multiple sites were targeted as part of the same campaign.
Date: 2026-05-07T03:44:20Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248934
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS)
Victim Site: uptbk.upgrisba.ac.id
Mass Web Defacement of Indonesian University by Mr.spongebob (HackerSec.ID)
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.spongebob, operating under the team HackerSec.ID, conducted a mass web defacement targeting lppl.upgrisba.ac.id, a subdomain belonging to Universitas PGRI Semarang in Indonesia. The attack compromised a Linux-based web server and replaced the page content with a defacement page archived at haxor.id. This incident was part of a broader mass defacement campaign attributed to the same actor.
Date: 2026-05-07T03:43:34Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248932
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS)
Victim Site: lppl.upgrisba.ac.id
Mass Website Defacement of UPGRIS Bandar Lampung Catalog by Mr.spongebob / Sukabumi Blackhat
Category: Defacement
Content: On May 7, 2026, a threat actor identified as Mr.spongebob, affiliated with the group Sukabumi Blackhat, conducted a mass defacement attack targeting the online catalog subdomain of Universitas PGRI Bandar Lampung in Indonesia. The defacement was executed on a Linux-based server and is classified as a mass defacement campaign. A mirror of the defaced page has been archived at haxor.id.
Date: 2026-05-07T03:42:48Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248902
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Bandar Lampung (UPGRIS Bandar Lampung)
Victim Site: katalog.upgrisba.ac.id
Mass Defacement of Indonesian University Website by HackerSec.ID (Mr.spongebob)
Category: Defacement
Content: On May 7, 2026, a threat actor operating under the alias Mr.spongebob, affiliated with the group HackerSec.ID, conducted a mass defacement attack targeting a subdomain of Universitas PGRI Semarang (UPGRIS), an Indonesian university. The defaced page was hosted on a Linux-based server and archived via haxor.id. This incident was part of a broader mass defacement campaign attributed to the same actor.
Date: 2026-05-07T03:41:14Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248944
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS)
Victim Site: uppsarpras.upgrisba.ac.id
Mass defacement of Indonesian university site by Mr.spongebob of HackerSec.ID
Category: Defacement
Content: On May 7, 2026, the attacker Mr.spongebob operating under the group HackerSec.ID conducted a mass defacement campaign targeting the Studi Humanitas subdomain of Universitas PGRI Semarang (UPGRIS), an Indonesian higher education institution. The defacement was hosted on a Linux-based server and archived via haxor.id. This incident was part of a broader mass defacement operation rather than an isolated single-site attack.
Date: 2026-05-07T03:40:12Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248941
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS)
Victim Site: studihumanitas.upgrisba.ac.id
Mass Website Defacement of UPGRIS Sains Data Portal by Mr.spongebob (HackerSec.ID)
Category: Defacement
Content: On May 7, 2026, a threat actor using the handle Mr.spongebob, affiliated with the group HackerSec.ID, conducted a mass defacement targeting the Sains Data portal of Universitas PGRI Semarang (UPGRIS), an Indonesian academic institution. The defacement was hosted on a Linux-based server and archived via haxor.id. This incident is part of a mass defacement campaign rather than an isolated single-site attack.
Date: 2026-05-07T03:39:16Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248939
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS)
Victim Site: sainsdata.upgrisba.ac.id
Mass Website Defacement of Indonesian Educational Institution by HackerSec.ID
Category: Defacement
Content: On May 7, 2026, a threat actor operating under the alias Mr.Spongebob, affiliated with the group HackerSec.ID, conducted a mass defacement targeting a subdomain of Universitas PGRI Semarangs vocational education ebook portal in Indonesia. The defacement was carried out on a Linux-based server and was part of a broader mass defacement campaign. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-07T03:38:15Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248948
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS)
Victim Site: ebookpendidikanvokasi.upgrisba.ac.id
Mass Website Defacement of Indonesian University by Mr.spongebob (Sukabumi Blackhat)
Category: Defacement
Content: On May 7, 2026, a threat actor operating under the alias Mr.spongebob, affiliated with the group Sukabumi Blackhat, conducted a mass defacement attack targeting ppkn.upgrisba.ac.id, a subdomain belonging to an Indonesian university. The defacement was part of a broader mass defacement campaign and was archived via haxor.id. The targeted server was running on a Linux-based environment.
Date: 2026-05-07T03:37:25Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248914
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS) – PPKN Department
Victim Site: ppkn.upgrisba.ac.id
Mass Website Defacement of UPGRIS Bekasi University by Mr.spongebob (Sukabumi Blackhat)
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.spongebob, affiliated with the Indonesian hacktivist group Sukabumi Blackhat, conducted a mass defacement attack targeting ips.upgrisba.ac.id, a subdomain of Universitas PGRI Bekasi in Indonesia. The defaced page was hosted on a Linux server and archived via haxor.id. This incident is classified as a mass defacement, indicating multiple sites were targeted as part of the same campaign.
Date: 2026-05-07T03:36:13Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248912
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Bekasi (UPGRIS Bekasi)
Victim Site: ips.upgrisba.ac.id
Mass Website Defacement of Indonesian University (UPGRIS Batang) by Sukabumi Blackhat
Category: Defacement
Content: On May 7, 2026, a threat actor operating under the alias Mr.spongebob affiliated with the group Sukabumi Blackhat conducted a mass defacement attack targeting the Faculty of Economics and Business (FEB) subdomain of Universitas PGRI Batang, an Indonesian university. The attack was carried out on a Linux-based server, and a mirror of the defacement was archived at haxor.id. This incident was part of a broader mass defacement campaign attributed to the same actor.
Date: 2026-05-07T03:34:59Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248890
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Batang (UPGRIS Batang) – Faculty of Economics and Business
Victim Site: feb.upgrisba.ac.id
Mass Website Defacement of UPGRIS Bengkulu Mathematics Department by Sukabumi Blackhat
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.spongebob, operating under the group Sukabumi Blackhat, conducted a mass defacement campaign targeting matematika.upgrisba.ac.id, the Mathematics Department website of Universitas PGRI Silampari Bengkulu in Indonesia. The defacement was carried out on a Linux-based server and is part of a broader mass defacement operation. A mirror of the defacement has been archived at haxor.id.
Date: 2026-05-07T03:34:17Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248908
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Silampari Bengkulu (UPGRIS Bengkulu) – Mathematics Department
Victim Site: matematika.upgrisba.ac.id
Mass Website Defacement of Indonesian University by Mr.spongebob / HackerSec.ID
Category: Defacement
Content: On May 7, 2026, a threat actor identified as Mr.spongebob, operating under the group HackerSec.ID, conducted a mass defacement campaign targeting the S2 Indonesian Language Education subdomain of Universitas PGRI Semarang (UPGRIS) in Indonesia. The defacement was hosted on a Linux-based server and is classified as part of a mass defacement operation. The defaced page was archived via haxor.id mirror service.
Date: 2026-05-07T03:33:06Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248945
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS) – S2 Indonesian Language Education Program
Victim Site: s2pendidikanbahasaindonesia.upgrisba.ac.id
Mass Website Defacement of Indonesian University by Mr.spongebob (Sukabumi Blackhat)
Category: Defacement
Content: On May 7, 2026, a threat actor identified as Mr.spongebob, affiliated with the group Sukabumi Blackhat, conducted a mass defacement attack targeting the Informatics faculty website of Universitas PGRI Silampari Bengkulu in Indonesia. The defaced page was hosted on a Linux server and archived via haxor.id. The incident was classified as a mass defacement, suggesting multiple sites were targeted in the same campaign.
Date: 2026-05-07T03:32:12Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248906
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Silampari Bengkulu (UPGRIS Bengkulu) – Informatics Department
Victim Site: informatika.upgrisba.ac.id
Mass Website Defacement of Indonesian University Digital Library by Mr.spongebob of Sukabumi Blackhat
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.spongebob, affiliated with the group Sukabumi Blackhat, conducted a mass defacement attack targeting the digital library of UPGRIS Bandung (digilib.upgrisba.ac.id), an Indonesian academic institution. The attack was executed on a Linux-based server and is categorized as a mass defacement campaign. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-07T03:31:12Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248894
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: UPGRIS Bandung University Digital Library
Victim Site: digilib.upgrisba.ac.id
Mass Website Defacement of Indonesian University Site by HackerSec.ID (Mr.spongebob)
Category: Defacement
Content: On May 7, 2026, a threat actor operating under the alias Mr.spongebob, affiliated with the group HackerSec.ID, carried out a mass defacement attack targeting pkkip.upgrisba.ac.id, a subdomain associated with Universitas PGRI Semarang in Indonesia. The attack was classified as a mass defacement campaign, indicating multiple sites were likely compromised simultaneously. The defaced page was archived and mirrored at haxor.id.
Date: 2026-05-07T03:30:19Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248937
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS)
Victim Site: pkkip.upgrisba.ac.id
Mass Website Defacement of Indonesian University by Mr.spongebob (Sukabumi Blackhat)
Category: Defacement
Content: On May 7, 2026, a threat actor identified as Mr.spongebob, affiliated with the group Sukabumi Blackhat, conducted a mass defacement targeting the accounting department subdomain of Universitas PGRI Silampari Lubuklinggau in Indonesia. The attack compromised a Linux-based web server and altered the content of the target page at the /uid.html path. This incident was part of a broader mass defacement campaign, with a mirror archived on haxor.id.
Date: 2026-05-07T03:29:09Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248889
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Silampari Lubuklinggau (UPGRIS) – Accounting Department
Victim Site: akuntansi.upgrisba.ac.id
Website Defacement of UPGRIS Bengkulu Postgraduate Digital Library by Mr.spongebob (Sukabumi Blackhat)
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.spongebob, affiliated with the group Sukabumi Blackhat, defaced a page on the postgraduate digital library website of UPGRIS Bengkulu, an Indonesian university. The defacement targeted a single page (uid.html) on a Linux-based server and was not classified as a mass or home page defacement. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-07T03:28:11Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248888
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Silampari Bengkulu (UPGRIS Bengkulu) Postgraduate Digital Library
Victim Site: digilibpasca.upgrisba.ac.id
Mass Website Defacement of Indonesian University by Mr.spongebob (Sukabumi Blackhat)
Category: Defacement
Content: On May 7, 2026, a threat actor identified as Mr.spongebob, affiliated with the group Sukabumi Blackhat, conducted a mass defacement attack against infokampus.upgrisba.ac.id, a subdomain belonging to an Indonesian university. The attack targeted a Linux-based web server and resulted in the defacement of the page at the path /uid.html. The incident was archived and mirrored via haxor.id, a known defacement tracking platform.
Date: 2026-05-07T03:26:55Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248896
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Silampari Lubuklinggau (UPGRIS)
Victim Site: infokampus.upgrisba.ac.id
Mass Defacement of Indonesian University Website by Mr.spongebob of HackerSec.ID
Category: Defacement
Content: On May 7, 2026, a threat actor identified as Mr.spongebob, operating under the group HackerSec.ID, conducted a mass defacement attack targeting the website of Universitas PGRI Semarang (UPGRIS) in Indonesia. The defacement affected a subdomain of the university running on a Linux server. This incident was part of a broader mass defacement campaign, with a mirror of the defaced page archived at haxor.id.
Date: 2026-05-07T03:25:48Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248950
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS)
Victim Site: acest.upgrisba.ac.id
Mass Website Defacement of UPGRIS Batang Academic Portal by HackerSec.ID
Category: Defacement
Content: On May 7, 2026, a threat actor operating under the alias Mr.Spongebob, affiliated with the group HackerSec.ID, conducted a mass defacement attack targeting the International Relations Office web portal of Universitas PGRI Semarang Batang in Indonesia. The attack targeted a Linux-based server and was classified as a mass defacement campaign. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-07T03:24:55Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248921
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang Batang (UPGRIS Batang)
Victim Site: iro.upgrisba.ac.id
Mass Website Defacement of UPGRIS Balikpapan by Mr.spongebob / HackerSec.ID
Category: Defacement
Content: On May 7, 2026, a threat actor identified as Mr.spongebob, affiliated with the group HackerSec.ID, conducted a mass defacement attack targeting puspera.upgrisba.ac.id, a subdomain belonging to Universitas PGRI Balikpapan in Indonesia. The attack was executed on a Linux-based server and is classified as a mass defacement campaign. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-07T03:24:09Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248929
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Balikpapan (UPGRIS Balikpapan)
Victim Site: puspera.upgrisba.ac.id
Mass Website Defacement of Universitas PGRI Semarang by Mr.spongebob (HackerSec.ID)
Category: Defacement
Content: On May 7, 2026, a threat actor identified as Mr.spongebob, affiliated with the Indonesian hacking group HackerSec.ID, conducted a mass defacement targeting a subdomain of Universitas PGRI Semarang (UPGRIS), an Indonesian academic institution. The defacement was hosted on a Linux-based server and is classified as a mass defacement campaign. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-07T03:23:15Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248928
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS)
Victim Site: upb.upgrisba.ac.id
Mass Website Defacement of UPGRIS BA History Department by Mr.spongebob of Sukabumi Blackhat
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.spongebob, affiliated with the hacktivist group Sukabumi Blackhat, conducted a mass defacement attack targeting the History Department subdomain of Universitas PGRI Semarang Balikpapan (UPGRIS BA) in Indonesia. The attack affected a Linux-based web server and was confirmed as part of a broader mass defacement campaign. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-07T03:21:49Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248910
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang Balikpapan (UPGRIS BA)
Victim Site: sejarah.upgrisba.ac.id
Mass Website Defacement of Indonesian Academic Institution by Sukabumi Blackhat
Category: Defacement
Content: On May 7, 2026, a threat actor identified as Mr.spongebob, affiliated with the group Sukabumi Blackhat, conducted a mass defacement targeting the proceedings subdomain of UPGRIS, an Indonesian academic institution. The attack affected a Linux-based web server and resulted in the defacement of the page at the /uid.html path. A mirror of the defacement was archived at haxor.id, confirming the incident as part of a broader mass defacement campaign.
Date: 2026-05-07T03:20:34Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248899
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Silampari Lubuklinggau (UPGRIS)
Victim Site: prosiding.upgrisba.ac.id
Mass Web Defacement of UPGRIS Balikpapan University by HackerSec.ID
Category: Defacement
Content: On May 7, 2026, a threat actor operating under the alias Mr.spongebob affiliated with the Indonesian hacktivist group HackerSec.ID conducted a mass web defacement targeting edos.upgrisba.ac.id, a subdomain belonging to Universitas PGRI Balikpapan in Indonesia. The attack targeted a Linux-based server and replaced the content of the target page with defacement content. This incident is part of a mass defacement campaign attributed to the same actor.
Date: 2026-05-07T03:19:49Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248917
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Balikpapan (UPGRIS Balikpapan)
Victim Site: edos.upgrisba.ac.id
Mass Website Defacement of Indonesian University by Mr.spongebob / HackerSec.ID
Category: Defacement
Content: On May 7, 2026, a threat actor operating under the alias Mr.spongebob, affiliated with the group HackerSec.ID, conducted a mass defacement campaign targeting the website of Universitas PGRI Semarangs postgraduate humanities program in Indonesia. The attacker defaced the page at the path /uid.html on a Linux-based server. This incident was classified as a mass defacement, suggesting multiple sites were compromised as part of the same operation.
Date: 2026-05-07T03:19:02Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248927
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS) – Pascastudihumanitas
Victim Site: pascastudihumanitas.upgrisba.ac.id
Mass Website Defacement of UPGRIS Balikpapan by Mr.spongebob / HackerSec.ID
Category: Defacement
Content: On May 7, 2026, a threat actor identified as Mr.spongebob, operating under the team HackerSec.ID, conducted a mass defacement targeting pkbb.upgrisba.ac.id, a subdomain of Universitas PGRI Balikpapan in Indonesia. The defacement was hosted on a Linux-based server and archived via haxor.id. This incident is part of a mass defacement campaign attributed to the same actor.
Date: 2026-05-07T03:17:28Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248936
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Balikpapan (UPGRIS Balikpapan)
Victim Site: pkbb.upgrisba.ac.id
Mass Website Defacement of UPGRIS Banyumas by Mr.spongebob / HackerSec.ID
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.spongebob, affiliated with the group HackerSec.ID, conducted a mass defacement targeting tamandigital.upgrisba.ac.id, a subdomain belonging to UPGRIS Banyumas, an Indonesian university. The defaced page was published at the path /uid.html on a Linux-based server. A mirror of the defacement was archived at haxor.id, confirming the incident as part of a broader mass defacement campaign.
Date: 2026-05-07T03:16:12Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248942
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang Banyumas (UPGRIS Banyumas)
Victim Site: tamandigital.upgrisba.ac.id
Mass Website Defacement of Indonesian University Library by HackerSec.ID
Category: Defacement
Content: On May 7, 2026, a threat actor operating under the alias Mr.Spongebob, affiliated with the Indonesian hacking group HackerSec.ID, conducted a mass defacement campaign targeting the library portal of UPGRIS Batam University in Indonesia. The defacement was carried out on a Linux-based server and was part of a broader mass defacement operation. The incident was archived and mirrored at haxor.id.
Date: 2026-05-07T03:15:24Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248922
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: UPGRIS Batam University Library (Pustaka UPGRIS Batam)
Victim Site: pustaka.upgrisba.ac.id
Mass Website Defacement of Indonesian University by HackerSec.ID (Mr.spongebob)
Category: Defacement
Content: On May 7, 2026, a threat actor operating under the alias Mr.spongebob, affiliated with the group HackerSec.ID, conducted a mass defacement attack against the postgraduate website of Universitas PGRI Silampari (UPGRISBA) in Indonesia. The defacement targeted a Linux-based web server and was confirmed as part of a broader mass defacement campaign. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-07T03:14:34Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248925
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Silampari Pascasarjana (UPGRISBA)
Victim Site: pascasarjana.upgrisba.ac.id
Mass Website Defacement of Indonesian University by Mr.spongebob (HackerSec.ID)
Category: Defacement
Content: On May 7, 2026, a threat actor using the alias Mr.spongebob, affiliated with the group HackerSec.ID, conducted a mass defacement attack targeting a subdomain of Universitas PGRI Semarang (UPGRIS), an Indonesian academic institution. The defaced page was hosted on a Linux-based server and archived via haxor.id. This incident is part of a mass defacement campaign, suggesting multiple sites may have been simultaneously targeted.
Date: 2026-05-07T03:13:41Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248938
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS)
Victim Site: magangekonomi.upgrisba.ac.id
Mass Website Defacement of UPGRIS Bengkulu Academic Institution by Mr.spongebob of Sukabumi Blackhat
Category: Defacement
Content: On May 7, 2026, a threat actor identified as Mr.spongebob, affiliated with the Indonesian hacktivist group Sukabumi Blackhat, conducted a mass defacement attack targeting the LPPM (Research and Community Service Institute) subdomain of Universitas PGRI Silampari Bengkulu in Indonesia. The defacement was part of a broader mass defacement campaign targeting multiple websites, hosted on a Linux-based server. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-07T03:12:53Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248891
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Silampari Bengkulu (UPGRISBA) – Research and Community Service Institute (LPPM)
Victim Site: lppm.upgrisba.ac.id
Mass Website Defacement of Upgris Bangka Belitung University by HackerSec.ID
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.spongebob operating under the group HackerSec.ID conducted a mass defacement targeting the Faculty of Science and Technology (FSaintek) subdomain of Universitas PGRI Silampari Bangka Belitung in Indonesia. The attack affected a Linux-based web server and was part of a broader mass defacement campaign. The defaced page was archived and mirrored at haxor.id.
Date: 2026-05-07T03:11:35Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248947
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Silampari Bangka Belitung (UPGRIS Bangka Belitung)
Victim Site: fsaintek.upgrisba.ac.id
Mass Website Defacement of UPGRIS Batang Academic Site by Mr.spongebob / HackerSec.ID
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.spongebob, operating under the group HackerSec.ID, conducted a mass defacement attack against the academic website of UPGRIS Batang, an Indonesian university. The attack targeted a subdomain of the institution running on a Linux server, replacing the page content with a defacement page archived at haxor.id. This incident was part of a broader mass defacement campaign attributed to the same actor.
Date: 2026-05-07T03:10:33Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248935
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang – Batang Campus (UPGRIS Batang)
Victim Site: upcc.upgrisba.ac.id
Mass Website Defacement of UPGRIS BA Economics Faculty by Sukabumi Blackhat
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.spongebob, operating under the group Sukabumi Blackhat, defaced the economics faculty website of UPGRIS BA (ekonomi.upgrisba.ac.id). The attack was conducted as part of a mass defacement campaign targeting a Linux-based web server. The defaced page was archived at haxor.id, a known defacement mirror site.
Date: 2026-05-07T03:09:46Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248892
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang Balikpapan (UPGRIS BA) – Faculty of Economics
Victim Site: ekonomi.upgrisba.ac.id
Mass Website Defacement of UPGRIS Balikpapan by Mr.spongebob of Sukabumi Blackhat
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.spongebob, affiliated with the group Sukabumi Blackhat, conducted a mass defacement attack targeting the ebook subdomain of UPGRIS Balikpapan, an Indonesian university. The attack was carried out on a Linux-based server and was confirmed as part of a broader mass defacement campaign. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-07T03:08:55Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248900
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang Balikpapan (UPGRIS Balikpapan)
Victim Site: ebook.upgrisba.ac.id
Mass Website Defacement of UPGRIS Banjar University by Mr.spongebob / Sukabumi Blackhat
Category: Defacement
Content: On May 7, 2026, a threat actor identified as Mr.spongebob, affiliated with the group Sukabumi Blackhat, conducted a mass defacement attack targeting the e-skripsi (thesis submission) portal of Universitas PGRI Banjar in Indonesia. The defaced page was hosted on a Linux-based server and archived via haxor.id, indicating the attackers intent to publicly claim responsibility for the compromise.
Date: 2026-05-07T03:08:11Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248901
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Banjar (UPGRIS Banjar)
Victim Site: eskripsi.upgrisba.ac.id
Mass Website Defacement of UPGRIS Bengkulu Academic Administration Site by HackerSec.ID
Category: Defacement
Content: On May 7, 2026, a threat actor operating under the alias Mr.spongebob, affiliated with the group HackerSec.ID, conducted a mass defacement attack targeting the academic administration subdomain of Universitas PGRI Silampari Bengkulu in Indonesia. The defaced page was hosted on a Linux-based server and archived via haxor.id. This incident was part of a broader mass defacement campaign attributed to the same actor and team.
Date: 2026-05-07T03:07:23Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248920
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Silampari Bengkulu (UPGRIS Bengkulu)
Victim Site: bauk.upgrisba.ac.id
Mass Website Defacement of UPGRIS BA English Department by Mr.spongebob / Sukabumi Blackhat
Category: Defacement
Content: On May 7, 2026, a threat actor known as Mr.spongebob, affiliated with the group Sukabumi Blackhat, defaced a subdomain of the UPGRIS BA university website in Indonesia. The attack was part of a mass defacement campaign targeting the English departments web presence, hosted on a Linux server. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-07T03:06:34Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248907
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang Balikpapan (UPGRIS BA) – English Department
Victim Site: inggris.upgrisba.ac.id
Mass Website Defacement of Indonesian University by Sukabumi Blackhat (Mr.spongebob)
Category: Defacement
Content: On May 7, 2026, a threat actor operating under the alias Mr.spongebob, affiliated with the group Sukabumi Blackhat, conducted a mass defacement targeting fishum.upgrisba.ac.id, a subdomain of an Indonesian university. The attack targeted a Linux-based web server and was part of a broader mass defacement campaign. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-07T03:05:12Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248903
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Silampari Baturaja (UPGRISBA) – Faculty of Social and Humanities
Victim Site: fishum.upgrisba.ac.id
Mass Website Defacement of Indonesian University by Sukabumi Blackhat
Category: Defacement
Content: On May 7, 2026, a threat actor identified as Mr.spongebob operating under the group Sukabumi Blackhat conducted a mass defacement attack targeting the Biology department website of Universitas PGRI Semarang (UPGRIS) in Indonesia. The attack affected a Linux-based server and was part of a broader mass defacement campaign. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-07T03:04:01Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248909
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS)
Victim Site: biologi.upgrisba.ac.id
Mass Website Defacement of Indonesian University by HackerSec.ID (Mr.spongebob)
Category: Defacement
Content: On May 7, 2026, a threat actor operating under the alias Mr.spongebob, affiliated with the group HackerSec.ID, conducted a mass defacement campaign targeting a subdomain of Universitas PGRI Semarang (UPGRIS), an Indonesian academic institution. The defaced page was hosted on a Linux-based server and archived via haxor.id. This incident was part of a broader mass defacement operation attributed to the same actor.
Date: 2026-05-07T03:03:16Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248926
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS)
Victim Site: pascalingkungan.upgrisba.ac.id
Mass Website Defacement of UPGRIS Batang University by HackerSec.ID
Category: Defacement
Content: On May 7, 2026, a threat actor using the handle Mr.spongebob, operating under the group HackerSec.ID, conducted a mass defacement attack targeting the e-document portal of Universitas PGRI Batang in Indonesia. The defacement was carried out on a Linux-based server and is classified as a mass defacement campaign. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-07T03:02:25Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248916
Screenshots:
None
Threat Actors: Mr.spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Batang (UPGRIS Batang)
Victim Site: edocument.upgrisba.ac.id
Mass Website Defacement of Indonesian University by Mr.spongebob / Sukabumi Blackhat
Category: Defacement
Content: On May 7, 2026, a threat actor operating under the alias Mr.spongebob, affiliated with the group Sukabumi Blackhat, conducted a mass defacement attack targeting indonesia.upgrisba.ac.id, a subdomain associated with an Indonesian university. The attacker defaced the page at /uid.html on a Linux-based server. This incident is part of a broader mass defacement campaign attributed to the same actor.
Date: 2026-05-07T03:01:32Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248915
Screenshots:
None
Threat Actors: Mr.spongebob, Sukabumi Blackhat
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas PGRI Semarang (UPGRIS)
Victim Site: indonesia.upgrisba.ac.id
Combo List: HQ Hotmail Mail Access
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 500 Hotmail mail access credentials. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-07T02:41:29Z
Network: openweb
Published URL: https://patched.to/Thread-0-5k-hq-hotmail-mail-access-combolist-299633
Screenshots:
None
Threat Actors: liamgoat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stealer logs with URL:log:pass credentials
Category: Logs
Content: A threat actor is offering 15 million URL:log:pass credential records marketed as fresh stealer log output via vulta.pw. The logs are advertised on a leak forum with access to a web-based database portal. No specific victim organization is identified.
Date: 2026-05-07T02:37:35Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1URL-LOG-PASS-15-00-M-%E2%AD%90%EF%B8%8FVULTA-PW%E2%AD%90%EF%B8%8F-FRESH-%E2%9A%A1
Screenshots:
None
Threat Actors: vultapower
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Hotmail credentials shared on forum
Category: Combo List
Content: A threat actor shared a combo list of 1,890 claimed valid Hotmail credentials on a cybercrime forum. The post is hidden behind a registration/login gate and references a Telegram contact for further access. These credentials are not indicative of a breach of Hotmail/Microsoft but are intended for credential stuffing or account takeover.
Date: 2026-05-07T02:35:53Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X1890-Valid-UHQ-Hotmail-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of mixed email access credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 6,800 mixed valid email access credentials, marketed as private and high quality. The list is dated 07.05.2026 and made available for free via a hidden download link requiring forum reply.
Date: 2026-05-07T02:21:03Z
Network: openweb
Published URL: https://altenens.is/threads/6-8k-sparkles-mix-sparkles-valid-mail-access-07-05.2935764/unread
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 40K mixed credentials
Category: Combo List
Content: A threat actor shared a free combo list containing approximately 40,000 mixed credentials, marketed as fully valid. The list was made available on a public forum in the Combolists section.
Date: 2026-05-07T02:18:55Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%AD%90%EF%B8%8F%E2%AD%90%EF%B8%8F%E2%AD%90%EF%B8%8FFREE-40K-MIX-FULL-VALID-100-%E2%AD%90%EF%B8%8F%E2%AD%90%EF%B8%8F%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: DexterCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Universitas Islam Sumatera Utara
Category: Data Leak
Content: A threat actor operating under the alias Mr. Hanz Xploit claims to have leaked a sample database belonging to Universitas Islam Sumatera Utara, an Indonesian Islamic university. The post includes a sample code block, though the full dataset and record count are not disclosed. The content was shared freely on a public forum.
Date: 2026-05-07T02:10:20Z
Network: openweb
Published URL: https://breached.st/threads/sample-database-universitas-islam-sumatera-utara.86863/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas Islam Sumatera Utara
Victim Site: Unknown
Website Defacement of ennlog.top by Owens of Zenimous Crew
Category: Defacement
Content: On May 7, 2026, a threat actor known as Owens, operating under the group Zenimous Crew, defaced the homepage of ennlog.top. The attack was a targeted single-site defacement with no mass defacement activity reported. No specific motive or server details were disclosed in connection with this incident.
Date: 2026-05-07T02:00:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917679
Screenshots:
None
Threat Actors: Owens, Zenimous Crew
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ennlog.top
Sale of EXE-to-JPEG obfuscation tool source code with AV/filter bypass capability
Category: Malware
Content: A threat actor is sharing C-based MSVC source code for an EXE-to-JPEG obfuscation tool described as capable of bypassing antivirus signature scanners, email attachment filters, and gateway controls. The tool embeds binary payloads within valid JPEG files using byte reversal and XOR-based encryption, and includes a Python port of the deobfuscation logic intended for execution within AI sandbox environments. The source code is gated behind a points-based paywall on the forum.
Date: 2026-05-07T01:43:39Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SOURCE-CODE-Undetected-EXE-to-JPEG-Obfuscator-FUD-ve-Filtre-Bypass
Screenshots:
None
Threat Actors: Muro
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of tree.it by Inside Alone7 of Hidden Cyber Crime
Category: Defacement
Content: On May 7, 2026, a threat actor known as Inside Alone7, operating under the group Hidden Cyber Crime, defaced a file hosted on tree.it, an Italian website. The defacement targeted a specific text file (1000.txt) rather than the homepage, indicating a targeted file-level intrusion. No specific motivation or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-07T01:42:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/917678
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Tree.it
Victim Site: tree.it
Combo List with 399K URL-Login-Password credentials
Category: Combo List
Content: A combo list containing approximately 399,000 URL-login-password credential pairs was shared on a forum. The content is gated behind registration or login. No specific targeted organization or service is identified.
Date: 2026-05-07T01:33:36Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-399k-url-login-pass-07-05-26
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mixed mail access combo list
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 200 mixed mail access credentials on a cybercrime forum. The content is hidden behind a registration or login requirement. No specific victim organization or country is identified.
Date: 2026-05-07T01:32:51Z
Network: openweb
Published URL: https://patched.to/Thread-0-2k-hq-mixed-mail-access-combolist-299621
Screenshots:
None
Threat Actors: liamgoat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 11K Alleged Valid Hotmail Credentials
Category: Combo List
Content: A threat actor operating as NullShop is distributing approximately 11,000 Hotmail credentials marketed as verified and fresh hits. The content is gated behind forum registration and is described as part of regular drops. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-07T01:31:43Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-11-k-hotmail-access-valid-hit-fresh-%F0%9F%94%A5-299616
Screenshots:
None
Threat Actors: NullShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stealer logs containing 18.59 million URL:LOG:PASS credentials
Category: Logs
Content: A threat actor is advertising a large stealer log dataset containing approximately 18.59 million URL:login:password combinations via the forum and through the Daxus.pro service and associated Telegram channels. The logs are marketed as UHQ (ultra-high quality) and are available through a dedicated website and Telegram bot.
Date: 2026-05-07T01:30:01Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%AD%90%EF%B8%8FURL-LOG-PASS-18-59-M-%E2%9C%85-DAXUS-PRO-UHQ-%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: Daxus4
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of URL:LOG:PASS combo list with 18.59 million records via Daxus.pro
Category: Logs
Content: A threat actor operating under the alias Daxus is distributing a URL:LOG:PASS dataset containing approximately 18.59 million records, marketed as UHQ (ultra-high quality). The dataset is promoted via the Daxus.pro website and associated Telegram channels. Content appears to be stealer log output including URLs, usernames, and passwords.
Date: 2026-05-07T01:29:24Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%AD%90%EF%B8%8FURL-LOG-PASS-18-59-M-%E2%9C%85-DAXUS-PRO-UHQ-%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with targeted keywords across banking, crypto, social, and gaming sectors
Category: Combo List
Content: A threat actor is offering a Hotmail combo list advertised as containing over 200 targeted keyword hits spanning banking, cryptocurrency, social media, and gaming services. The content is hidden behind a registration or login requirement on the forum. No specific breach source or victim organization is identified.
Date: 2026-05-07T01:28:28Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-200-Targeted-Keywords-Hotmail-Access-Banking-Crypto-Social-Gaming
Screenshots:
None
Threat Actors: AWSCRACKSISTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Universitas Islam Sumatera Utara
Category: Data Breach
Content: A sample database from Universitas Islam Sumatera Utara (Islamic University of North Sumatra) has been posted on Breachforums by user mr-hanz-xploit. The breach includes database samples made available on the public breach forum.
Date: 2026-05-07T01:11:36Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/99
Screenshots:
None
Threat Actors: mr-hanz-xploit
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas Islam Sumatera Utara
Victim Site: Unknown
Escrow/Middleman Service Advertisement
Category: Services
Content: A forum user advertised an escrow/middleman service for transactions. The post contains no specific threat content and appears to be a sold-out listing promoting an escrow application.
Date: 2026-05-07T00:44:45Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SOLD-OUT-SOLD-OUT–189055
Screenshots:
None
Threat Actors: moxzey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of targeted email account access to multiple platforms
Category: Initial Access
Content: Threat actor offering for sale valid targeted email account access to multiple platforms including Hotmail, Yahoo, Gmail, Reddit, Kleinanzeigen, Walmart, Grailed, Vinted, AT&T, eBay, Uber, Marriott, and Poshmark. Claims credentials are fresh, valid, and uncompromised. Targeting users in USA, UK, and Canada. Soliciting direct messages for specific keyword searches.
Date: 2026-05-07T00:42:53Z
Network: telegram
Published URL: https://t.me/c/2613583520/77025
Screenshots:
None
Threat Actors: Yuze
Victim Country: United States, United Kingdom, Canada
Victim Industry: Multiple (email providers, e-commerce, travel, social platforms)
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Arizona eviction records, Ohio sheriff sale data, and VIN numbers
Category: Data Leak
Content: A threat actor has freely shared a compressed archive containing 2024–2025 Arizona eviction records and Ohio sheriff sale data, including full names, addresses, phone numbers, email addresses, property details, demographic attributes, and case numbers for affected individuals. The dataset appears to include appended consumer data fields such as household income, credit ratings, ethnicity, and contact information. VIN number data was also referenced but reportedly not included in this release.
Date: 2026-05-07T00:41:47Z
Network: openweb
Published URL: https://pwnforums.st/Thread-2025-Arizona-Evictions-Ohio-Sheriff-Sale-VIN-numbers-7z
Screenshots:
None
Threat Actors: OriginalCrazyOldFart
Victim Country: United States
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 900+ Hotmail valid credentials
Category: Combo List
Content: A threat actor shared a combo list of over 900 Hotmail valid credentials, marketed as 100% fresh and not previously posted or shared via Hulu. The content is distributed freely behind a registration wall and attributed to Zeta Data via a Telegram channel.
Date: 2026-05-07T00:31:38Z
Network: openweb
Published URL: https://patched.to/Thread-900-hotmail-valids-100-fresh-not-hulu-or-reposted-by-atezhub
Screenshots:
None
Threat Actors: dumpzeta
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list with 21K fresh mixed credentials
Category: Combo List
Content: A threat actor is distributing a combo list advertised as containing 21,000 fresh mixed valid email:password credential lines. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-07T00:29:49Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-21K-FRESH-MIX-VALID-LINES
Screenshots:
None
Threat Actors: StrawHatBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 16K valid email credentials combo list
Category: Combo List
Content: A forum user is sharing a combo list claimed to contain 16,000 valid email credentials. The content is hidden behind a registration or login wall on the forum. No specific breached organization is identified.
Date: 2026-05-07T00:27:01Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-16K-VALID-MAIL-ACCESS–203167
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of fresh email access database across multiple countries
Category: Logs
Content: Seller offering fresh database with email access for multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT) and various platforms including eBay, Offerup, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Amazon, Mercari, Kleinanzeigen, and Neosurf. Seller claims to own private cloud with valid webmails and offers keyword-based searches.
Date: 2026-05-07T00:16:16Z
Network: telegram
Published URL: https://t.me/c/2613583520/77011
Screenshots:
None
Threat Actors: Squad Chat Marketplace
Victim Country: Unknown
Victim Industry: Multiple (e-commerce, email, travel, payment platforms)
Victim Organization: Unknown
Victim Site: Unknown
Sale of 160K mixed email:password combo list
Category: Combo List
Content: A threat actor is distributing and selling a combo list of approximately 160,000 email:password and user:password credential pairs. The list is marketed as high quality and fresh, covering multiple email providers and countries including AOL, Yahoo, Hotmail, Outlook, and others across the US, UK, France, Germany, and additional regions. The actor advertises via Telegram for purchase inquiries.
Date: 2026-05-07T00:11:55Z
Network: openweb
Published URL: https://altenens.is/threads/160k-fresh-hq-combolist-email-pass-mixed.2935737/unread
Screenshots:
None
Threat Actors: carlos080
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

Executive Summary

1. Data Breaches and Data Leaks

2. Credential Compromise and Combo Lists

3. Website Defacements

4. Initial Access Brokers (IAB) and Vulnerabilities

5. Cybercrime Services and Carding

6. Malware and Stealer Logs

Conclusion

Related Posts

[September-3-2025] Daily Cybersecurity Threat Report

[April-22-2025] Daily Cybersecurity Threat Report – Part 2

[September-1-2025] Daily Cybersecurity Threat Report