[May-11-2026] Daily Cybersecurity Threat Report

This comprehensive cyber threat intelligence report provides an in-depth analysis of a vast array of cyber incidents, data breaches, website defacements, credential leaks, and illicit services detected primarily on May 10, 2026. Based strictly on the provided data, this report categorizes and details the activities of numerous threat actors across underground forums, Telegram channels, and open-web platforms.

Executive Summary

The cyber threat landscape on May 10, 2026, was characterized by high-volume credential stuffing operations, pervasive website defacements by hacktivist and cybercriminal groups, significant data breaches targeting government and corporate entities, and the rampant sale of initial access, malware, and fraudulent services. Threat actors operated across platforms like cracked.st, nulledbb.com, breachforums.rs, patched.to, demonforums.net, and Telegram.

Key trends observed include:

Massive Credential Distribution: The distribution of millions of compromised credentials, predominantly in the form of “Combo Lists” (email:password or URL:Log:Pass pairs), heavily targeting Microsoft (Hotmail/Outlook) services and specific geographic regions.
Systematic Website Defacement: Widespread and organized website defacements led by groups such as “Umbra Community” and “BABAYO EROR SYSTEM,” targeting vulnerable web servers in India, Turkey, the Philippines, and the UAE.
High-Impact Data Breaches: The compromise of sensitive databases belonging to government agencies (e.g., Indonesia’s Ministry of Transportation), massive e-commerce platforms (e.g., Taobao, Tokopedia, Sport 2000), and specialized sectors (e.g., high-net-worth individuals, crypto exchanges).
Illicit Services Ecosystem: A thriving market for fraudulent identity documents, KYC bypass services, discounted or stolen subscription upgrades, and malware-as-a-service.

1. Data Breaches and Information Leaks

A significant portion of the recorded incidents involved the unauthorized extraction and subsequent sale or distribution of sensitive databases from government bodies, corporations, and specialized institutions.

Government and Public Sector Breaches

Indonesia Ministry of Transportation (KEMENHUB / DISHUB): A threat actor known as “Kyyzo” offered an alleged 93GB+ database from the Indonesian Ministry of Transportation (kemenhub.go.id / dishub.go.id) for $8,500. The dataset reportedly covers 38 provinces and 514 cities/regencies, containing hundreds of thousands of vehicle and owner records, including names, license plates, chassis/engine numbers, and inspection data. Another actor, “Mr. Hanz Xploit”, also claimed to be selling or leaking a database belonging to the same ministry.
Directorate General of Drug Administration (DGDA), Bangladesh: “Kyyzo” also offered a database purportedly from Bangladesh’s DGDA (dgdagov.info). The data includes pharmacy registration records, business names, addresses, license numbers, and national IDs.
Bangladesh Agricultural Development Corporation (BADC): Threat actor “vicmeow” claimed to have leaked the full private Git repositories of the BADC (badc.gov.bd), including payment gateway credentials, database passwords, and sensitive documents, while concurrently disrupting the portal’s administrator logins.
Oyo State Commerce, Nigeria: “ki4tane” (Nullsec Nigeria) claimed to have hacked the Oyo State Commerce website as part of “opNigeria”, distributing MySQL logs and other data via a download link.
Kota Gunungsitoli, Indonesia: Threat actor “JAX7” leaked a database allegedly belonging to the city government of Kota Gunungsitoli, Indonesia, providing a sample of the data.
Vietnam Government Police: A database allegedly belonging to the Vietnam Government Police was distributed freely on a breach forum.
Iran Nuclear Program: Actor “NormalLeVrai” claimed to have obtained 77.56 GB of data related to Iran’s nuclear program, demanding a €5,000 ransom from the Iranian government by May 15th under threat of public release.
Mossad (Israel): “Mr. Hanz Xploit” claimed to share a database allegedly belonging to the Israeli intelligence agency, Mossad, though no sample data was provided to verify the claim.

Corporate, Retail, and E-commerce Breaches

Taobao (China): Threat actor “RubiconH4ck” offered a massive database of over 500 million Taobao delivery address records, allegedly containing recipient names, phone numbers, and email addresses.
Sport 2000 (France): Actor “bahisow611” sold an alleged database of 4 million Sport 2000 customer records. The data included personal identifiers, loyalty card details, purchase history, RFM segmentation, and marketing opt-in flags.
Tokopedia (Indonesia): “XSVSHACKER” shared a database dump containing approximately 40,000 records from Tokopedia, including user IDs, full names, dates of birth, emails, phone numbers, shipping addresses, order details, and payment methods.
Favo (Indonesia): Consumer data from favo.id, an Indonesian beauty and health retailer, was offered by “saref43135”, containing names, emails, addresses, phone numbers, and total spent amounts.
Arup Group (UK): “FulcrumSec” claimed to have breached the global engineering firm Arup Group, allegedly obtaining access to 10,000 repositories and 3.5TB of Azure/AWS infrastructure data and sensitive documents.
NIPRP SALES (Thailand): “Anonymous Switzerland” claimed to have compromised the internal network of NIPRP SALES, a medical device distributor, alleging complete system compromise, theft of all data, and control over the company’s domain.

Technology, Education, and Specialized Leaks

Coinbase (US): Threat actor “Darkroot” offered an alleged Coinbase user database containing 80,000 US-based records from 2026 for $850. The data included full names, cities, emails, mobile numbers, and crypto balances (BTC, ETH, USDT).
High Net Worth Individuals: Actor “Mikhel” sold an alleged “Rich People Database” of 800,000 individuals for $1,200 USD. Records contained SSNs, DOBs, driver’s license numbers, addresses, emails, net income, employment details, and bank routing/account numbers.
Google Gemini (US): A user named “xyph0rix” posted a thread claiming access to a Google Gemini database (gemini.google.com).
Anthropic’s Claude API Keys: “JVZU” distributed alleged API keys for Anthropic’s Claude models, claiming access to 1.5 million tokens across accounts, including Claude Opus.
Lyceena Academy (Tunisia): Actor “crucialwork77” claimed to have breached this online educational platform, offering teacher/student names, Auth0 IDs, emails, and phone numbers.
Royal Netherlands Academy of Arts and Sciences (KNAW): “MDGhost” offered a database containing over 60 million records in CSV format, including emails, names, addresses, roles, and SHA-hashed passwords.f
Universitas Islam 45 Bekasi (Indonesia): “doyokSX” distributed login credentials, student ID numbers (NPM), and virtual account payment transaction histories.
IPS Corp (Vietnam): “cc5ab” claimed to have leaked PII of 13,914 users by exploiting an unauthenticated IDOR vulnerability on an API endpoint.
Epstein Files: “Moriartoff” shared RAR archives purportedly containing documents and letters related to the Epstein Files.

2. Initial Access Brokers and Malware Distribution

Threat actors frequently traded initial access to corporate networks and distributed malicious software intended to facilitate further intrusions.

Initial Access Sales

Norwegian Mining Company: “HighWayToShell” sold network-level access (Network Admin privileges) obtained via Citrix Gateway to an undisclosed Norwegian mining company with 50 hosts and $5M-$10M in revenue. The environment used Malwarebytes EDR.
US Legal Services Firm: The same actor, “HighWayToShell”, offered Cloud Admin (Owner) access to a Microsoft Exchange OWA instance of a US legal firm with $10M-$25M revenue and Carbon Black EDR.
Brazilian AI Agent Platform: “Kurd” offered access to a Redis instance of an AI platform handling WhatsApp and SMS. The data exposed 9,741 active session keys, customer names, phone numbers, and WhatsApp messages.
General SIP/P1 Access: “temp362” advertised manual SIPs (Session Initiation Protocol access) or P1 (admin-level) access via Telegram.

Malware and Exploit Tooling

Dolphin X RAT: “Kontraktnik” sold Dolphin X RAT, a remote access trojan featuring stealer functionality, Hidden Virtual Network Computing (HVNC), undetected (UD) status, and metamorphic code capabilities.
“xia” DLL Stealer: “jackborrin” sold a fully undetected DLL-based information stealer capable of DLL sideloading, DPAPI credential decryption, cookie theft, credit card harvesting, UAC bypass, targeting 25 crypto wallet extensions, Ring-3 rootkit capabilities, and anti-VM/anti-debug evasion.
888 RAT v1.3.3: “Magites” distributed a cracked version of 888 RAT, bypassing its licensing system.
Email Grabber 3.0: “CyberPaladin” sold a tool ($50/week to $200/lifetime) designed to validate email credentials, download attachments, access OneDrive files, and scan for cryptocurrency seed phrases/private keys.
DDoS Tooling: “WatesSecTeam” distributed a Python-based DDoS tool (dos.py) via MediaFire.
Hacking Courses and Toolsets: “person131” sold a hacking course offering shell access to Indonesian targets, WordPress exploitation, exploit kits, and automated backlinking. “DataxLogs” advertised credential stuffing infrastructure (Silverbullet, Openbullet 2) with extensive CAPTCHA bypass capabilities (hCaptcha, Cloudflare, reCAPTCHA v3). “GOLLUM” sold an email campaign toolset (bulk mailer, contact fetcher, list cleaner) for $300.

3. Website Defacement Campaigns

May 10, 2026, saw an extraordinary volume of website defacements. These attacks generally targeted vulnerable web servers (predominantly Linux-based) and involved replacing the index.html or index.txt files with attacker-controlled messages. The attacks can be grouped by the highly active threat actor collectives involved.

The Umbra Community (Threat Actor: Nicotine)

A threat actor using the alias “Nicotine”, affiliated with the “Umbra Community”, was responsible for a prolific, targeted defacement campaign. Many of these incidents were “redefacements,” indicating the sites had been previously compromised and vulnerabilities were left unpatched. Targets included:

India: WisdomMCA (wisdommca.com) , IndiasBazaar (indiasbazaar.in) , MedResearchIndia (medresearchindia.com) , Indian Fitness Hub (indianfitnesshub.com) , CTR Shoe Store (ctrshoestore.in) , Azure Soft Tech Solutions (azuresofttechsolutions.in) , PrimePayIndia (primepayindia.com) , Neksoft Consultancy (neksoftconsultancy.in) , JS Builders (jsbuilders.in).
Turkey: Akmar Makina (akmarinmakina.com) , akzer.com.tr , deryakizil.com.tr , Araf Metal (arafmetal.com.tr) , Damla Manti (damlamanti.com.tr) , Cagan Iskender (caganiskender.com.tr) , Beyaz Tekstil (beyaztekstil.com) , Birsa Makina (birsamakina.com) , Alkan Reklam (alkanreklam.com) , alpturkyazici.com.
United Arab Emirates: SSP Solutions (sspsolutions.ae) , Pest Control in UAE (pestcontrolinuae.com).
Mexico: apos.mx , aplica.mx.
Other Locations: KaratPatch (Canada) , Cabinet Coman (Romania) , Cryotek (Ecuador) , Bihar Foundation NL (Netherlands) , and numerous uncategorized domains such as gujaratithalrestaurant.com , jasmfitandflex.com , targetcargoservices.com , madeenasteeltrading.com , greendomaincleaning.com , kkapms.com , mymindlevel.com , mughaltechnicalservices.com , gsansoa.online , tourbestie.com , esgwings.website , nithiyam.com , intellcubes.com , amaze-interiors.com , ccmspl.com , dodomarin.com , endermefrusat.com , poojaproduct.com , posadaarcoshotel.com , humo.website , fazeelatengineering.org , apnisuno.com , and vikasvartul.org.

BABAYO EROR SYSTEM (Threat Actors: Mr.XycanKing, Mr.PIMZZZXploit)

This group specialized in mass defacement campaigns, compromising multiple websites simultaneously, largely targeting Linux-based servers.

Mr.XycanKing targeted: SLL Data Services Corp (slldataservicescorp.com) , SpeedWave Fiber (speedwavefiber.website) , TechnoTrend Tarlac (Philippines) , walastik-billingsystem.com , AA Fiber Link Solutions (aafiberlinksolutions-billingsystem.com) , MNM Wireless Internet Services (mnmwirelessinternetservices.com) , Miarah Internet (miarahinternet.com) , RAE Network Dimataling (Philippines) , radfibernet.com , MDDV Telecoms (mddvtelecoms-billingsystem.com) , Marc Jayden Network (marcjaydennetwork.com) , jegsamtech.com , intanettonetworksaguday.com , LNOC Merida (Mexico) , and NShops Jewels CRM (India).
Mr.PIMZZZXploit targeted wbao.co.in.

Other Defacement Actors

Zod: Targeted ardagucluer.com.tr (Turkey) and Caritas Mityana (Uganda).
HanzOFC (Dream Hack): Defaced infocikarang.com (Indonesia).
XYZ (Alpha Wolf): Defaced Kpembe Nursing and Midwifery Training College (Ghana), targeting the robots.txt file.
Boss Ranzen & Ng1ndex (Team D704T): Defaced polyfabme.com (targeting /403.php) and a Chilean sewing machine repair service (reparacionmaquinascoser.cl).
BARZXPLOIT (DigitalStormSec): Defaced Arab Data Hub’s event portal (events.arabdatahub.org) and API Seberang Perai (Malaysia).
Y4NZ404: Defaced the Indian Textile Journal (indiantextilejournal.com).
Cyber Islamic Resistance: Defaced DFx Engineering (Israel) as part of their “Waad Al-Sinwar Operations” in support of resistance in Lebanon.

4. Massive Credential Distribution: Combo Lists and Stealer Logs

The most voluminous activity on May 10 was the distribution of “Combo Lists” (email:password, user:password, or number:password pairs) and Stealer Logs (URL:Login:Password formats). These datasets are explicitly curated for automated credential stuffing and account takeover attacks.

High-Volume and Mega Combo Lists

Threat actors distributed lists containing millions of credential lines, often derived from aggregating previous breaches or parsing fresh stealer logs:

URL:Log:Pass Massive Datasets: Actor “Carpenter121” distributed an astonishing 960 million line deduplicated ULP dataset. “Magites” sold a 24.67 million record UHQ stealer log dataset and another list of 13.68 million records. “Daxus” shared 23.16 million ULP records. “lexityfr” distributed an 8+ million line ULP combo list. “R0BIN1337” shared 5.6 million ULP credentials. “NapoleonCorp” sold 1.8 million private URL:log:pass credentials. “vultapower” offered 3.9 million URL:log:pass stealer records.
Gaming and Streaming Combos: “Nuttela101” sold lists of 4.6 million lines targeting gaming platforms , 3.6 million credentials targeting Spotify, Hulu, Steam, Minecraft, and Netflix , and 3.5 million lines targeting Facebook, Instagram, Snapchat, and X. “MetaCloud3” distributed 660K credentials targeting Roblox/Minecraft , 835K gaming lines , and 702K targeting Eneba and G2A gift cards. “Magites” shared a 2.7 million gaming combo list.
General Mixed Bases: “CELESTIALHQ” freely distributed 1 million ULP credentials , 500K user:pass credentials from logs , 500K email:password pairs , and 100K phone number/password pairs.

Focused Provider Targeting (Microsoft/Hotmail)

A massive campaign specifically targeted Microsoft email providers (Hotmail, Outlook, Live, MSN). These are not breaches of Microsoft’s infrastructure, but rather targeted parsing of credentials to be validated against Microsoft’s login portals.

uhqcomboseller: Prominently sold multiple batches of 2 million Hotmail email:password credentials, marketed as high quality and private.
MetaCloud3: Distributed 759K Microsoft-targeted credentials , 679K Microsoft records , 675K OneDrive credentials , and 591K credentials aimed at Office365.
s2lender: Maintained a private network offering daily supplies of 4,000–12,000 fresh Hotmail credentials, with specific batches of 14,740 , 23,413 , 3,805 , 2,821 , 2,287 , and 1,363.
mailcombo / mailcombo01: Distributed batches of 62K and 56K Hotmail/Outlook/Live credentials via Telegram.
Dhyazribi001 & cloudantalya: Sold subscription access to private cloud services hosting UHQ Hotmail, SMTP combos, and logs.
Numerous other actors (Magites, EarlHickey, BreachLeak, Lowza9, SupportHotmail) distributed smaller lists (ranging from 500 to 16,000 entries) of “checked” or “premium hit” Hotmail credentials.

Geographic Targeting

Combo lists were frequently parsed and marketed by geographic region to facilitate localized credential stuffing and fraud:

Europe: Germany (51.5K , 50K T-Online , 30K , 1 million lines ), France (email:pass , 5K list ), Italy (6K list ), Portugal (75K lines ), Sweden (44K lines ), Switzerland (91K lines ), Ireland (23K lines ), Lithuania (17K , 11K ), Poland (190K ), Latvia (35K ), Belarus (21K ), and Montenegro (57K ).
Americas: USA (704K , Comcast list ), Canada (188K lines ), Mexico (151K , 144K , 200K ), Uruguay (10K ), Dominican Republic (16K ).
Asia & Africa: India (252K lines ), Malaysia (51K lines ), South Korea (multiple batches ), Sri Lanka (15K lines ), Nepal (10K ), Kenya (17K ), and general “British Indian” lists (18K ).

Other Specific Targets

PayPal: 855K credentials offered by MetaCloud3.
Pornhub: 795K credentials offered by MetaCloud3.
AOL / Comcast / T-Online / sfr.fr: Specific provider lists were actively traded (e.g., 31.9K Comcast , 2,759 sfr.fr ).
DeBank: A credential checking tool specifically targeting DeBank to verify multi-chain wallet balances was distributed.

5. Services: Fraud, Counterfeiting, and Underground Economy

The cybercrime ecosystem relies heavily on auxiliary services that facilitate fraud, anonymity, and asset liquidation.

Compromised Accounts and Subscriptions

Threat actors openly sold unauthorized access or upgrades to premium software and services, often heavily discounted:

Hosting & Development: Hostinger Premium/Business plans ($24.99/$34.99) , Factory.ai Pro (81% off) , Framer Pro ($44.99) , Cursor Pro / Cursor AI Pro ($29.99 vs $219 retail).
AI and Automation: Perplexity AI Pro ($59.99 for a $200 value) , Gumloop Pro ($44.99 vs $444/year retail).
Business Tools: Intercom Pro ($34 vs $85/month) , Microsoft Windows 10/11 Pro and Office 365 keys (starting at $4).
Entertainment & Media: YouTube Premium (39€/year) , Deezer Premium ($29.99/year via team plan addition).
Social Media: Sale of aged Instagram accounts (2016-2018), which are highly valued because they reduce the likelihood of being flagged for spam or fraud.

Carding and Financial Fraud

Payment Card Data (CC/CVV): Actors like “Pepecard” and “Genesis11Kk” sold stolen Visa/Mastercard data, magnetic stripe dumps (Track 1 & 2), and cloned physical cards (usable at ATMs and gas stations, with FedEx delivery). Prices ranged from $1 for basic card data to $500 for physical clones. “Magites” offered free “drops” of J.Crew-linked Visa/Mastercards.
Cashout Sites: Actor “Virus” attempted to sell a private gift card and prepaid card cashout site for $1,500, noting it was currently blocked by a Cloudflare Turnstile challenge.
Western Union Fraud: “Brbr1424” advertised Western Union money transfer services at half the standard rate, claiming funds were sent before payment—a classic indicator of money laundering or fraud cashout operations.

Identity Forgery and KYC Bypass

Fake IDs and Deepfakes: Actors like “bussystreet109” and “decipher” sold fraudulent identity documents, including Italian driver’s licenses ($50), US SSN cards, and passports. Notably, “bussystreet109” offered high-grade deepfakes specifically designed to bypass Know Your Customer (KYC) verification systems like Onfido, SumSub, and Jumio to enable fraud on exchanges like Binance, Coinbase, and Kraken. “NormalLeVrai” offered a massive trove of 9,500 passport and ID scans from France and Turkey for $1,000.

Infrastructure and Hack-for-Hire

SMTP Services: “office_365shop” sold compromised premium SMTP accounts (AWS SES, SendGrid, SparkPost, Mandrill) for bulk phishing and spam distribution.
Bulletproof Hosting: “gravem1nd” advertised “bubbl.cx”, a disposable, no-log RDP/VPS service with a WireGuard kill switch and permanent instance destruction, designed for anonymous cybercrime operations.
Hacking-for-Hire: “Gpdforever” advertised a broad range of services, including social media compromise, DDoS attacks, and website exploitation. “Darkode1” offered targeted social engineering hacks for Instagram, Snapchat, and WhatsApp ($200-$400).

Conclusion

The threat intelligence data from May 10, 2026, reveals a highly industrialized and efficient cybercrime ecosystem. The sheer volume of combo lists—numbering in the hundreds of millions of credentials—indicates that credential stuffing remains a primary vector for initial access and account takeover. Furthermore, the persistent defacement campaigns by hacktivist groups demonstrate ongoing vulnerabilities in poorly secured web infrastructure, while the sale of advanced KYC bypass services highlights the sophisticated methods criminals use to launder funds through modern financial platforms.

Detected Incidents Draft Data

Sale of discounted Hostinger hosting plans on cracking forum
Category: Services
Content: A forum seller is offering Hostinger Premium and Business hosting plans at discounted prices ($24.99 and $34.99 respectively). The listings are likely resold or fraudulently obtained accounts being marketed to forum members for web hosting purposes.
Date: 2026-05-10T23:59:47Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9A%A1-Hostinger-Premium-Business-Hosting-Plans-%E2%80%94-Professional-Web-Hosting-at-Huge-Savin
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Intercom Pro account access on cracking forum
Category: Services
Content: A threat actor is selling 1-month Intercom Pro account upgrades at $34, discounted from the official $85/month price. The offer includes AI-powered customer support tools, live chat, workflow automation, and inbox management. The nature of the access — whether cracked, stolen, or resold — is not explicitly stated in the post.
Date: 2026-05-10T23:59:20Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-34-%E2%9C%85-Turn-Customer-Support-an-AI-Powered-Sales-Machine-%E2%80%94-Now-at-60-Intercom-Pro
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Framer Pro subscription access
Category: Services
Content: A forum seller is offering Framer Pro 1-year subscription access for $44.99, advertised as 88% off the official price of $360/year. The listing promotes features including website builder tools, CMS, hosting, and custom domain support. The nature of the access (whether legitimate, shared, or otherwise obtained) is not disclosed.
Date: 2026-05-10T23:58:57Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-44-99-%E2%9C%85-Build-Stunning-Websites-Faster-with-Framer-Pro-%E2%80%94-Now-at-88-OFF-1-Year-Pro-A
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mail accounts checker tool
Category: Combo List
Content: A threat actor is offering a mail accounts checker tool for sale on a cracking forum, priced at 10€ per month or 30€ for a lifetime license. The tool is advertised for checking mail account credentials, consistent with credential stuffing or account validation activity.
Date: 2026-05-10T23:58:36Z
Network: openweb
Published URL: https://cracked.st/Thread-maraud3r-Mail-Accounts-Checker
Screenshots:
None
Threat Actors: Plonder
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Perplexity AI Pro subscription promo codes
Category: Services
Content: A forum seller is offering Perplexity AI Pro one-year promo codes for $59.99, advertised as having a $200 value. The listing targets fresh accounts and includes activation guidance, suggesting the codes may be obtained through unauthorized or exploited promotional channels.
Date: 2026-05-10T23:58:13Z
Network: openweb
Published URL: https://cracked.st/Thread-Perplexity-AI-Pro-1-Year-59
Screenshots:
None
Threat Actors: EarthOwner
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted YouTube Premium subscription service
Category: Services
Content: A forum seller is offering YouTube Premium 12-month subscriptions for 39€, advertised as account upgrades with ad-free viewing, background play, and YouTube Music Premium. The listing directs buyers to an external shop and Discord server for purchases and support.
Date: 2026-05-10T23:57:45Z
Network: openweb
Published URL: https://cracked.st/Thread-YouTube-Premium-1-YEAR-39-Account-Upgrade
Screenshots:
None
Threat Actors: EarthOwner
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Microsoft Windows and Office product keys at discounted prices
Category: Services
Content: A forum seller is offering Microsoft Windows and Office product keys (including Office 2016/2019/2021 Professional Plus, Office 365, Windows 10 Pro, and Windows 11 Pro) at prices starting from $4. The seller advertises the keys as genuine and includes a warranty. Contact is provided via Discord.
Date: 2026-05-10T23:57:17Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%90%EF%B8%8F-Microsoft-Windows-Office%E2%AD%90%EF%B8%8F-Cheap-Price-%E2%9C%85-Genuine-Keys-%E2%9C%85-Full-Warranty-%E2%9C%85
Screenshots:
None
Threat Actors: vutrain
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of credential checker targeting Go3.lv with CAPTCHA bypass
Category: Combo List
Content: A threat actor is selling a Python-based mail/password checker targeting Go3.lv, advertised with Cloudflare Turnstile, Bot Manager, and reCAPTCHA v3 bypass capabilities. The tool is described as request-based with no external solver required, achieving 1,000–1,500+ CPM. The seller is offering a single copy with middleman support accepted.
Date: 2026-05-10T23:56:44Z
Network: openweb
Published URL: https://cracked.st/Thread-Go3-lv-Mail-Pass-Checker-Cloudflare-Turnstile-ReCAPTCHA-Both-Bypassed
Screenshots:
None
Threat Actors: DataKernel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of private gift card and prepaid card cashout site
Category: Carding
Content: A threat actor is offering a private gift card and prepaid card cashout site for sale at $1,500. The seller states the site displays card data in plaintext but is blocked by a Turnstile challenge they are unable to bypass. Sale is conducted via Telegram.
Date: 2026-05-10T23:56:20Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-SELLING-PRIVATE-GIFTCARD-PREPAID-CASHOUT-SITE
Screenshots:
None
Threat Actors: Virus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of aged Instagram accounts
Category: Services
Content: A threat actor is offering aged Instagram accounts (created 2016–2018 or older) for sale, with or without verification badges. The seller claims aged accounts reduce the likelihood of being flagged by the platform. Contact is via Telegram.
Date: 2026-05-10T23:55:23Z
Network: openweb
Published URL: https://cracked.st/Thread-Instagram-aged-accounts-available
Screenshots:
None
Threat Actors: Slowredd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Gumloop Pro account upgrade
Category: Services
Content: A threat actor is selling Gumloop Pro 1-year account upgrades at a heavily discounted price of $44.99, compared to the official price of $444/year. The accounts are advertised as providing access to AI workflow automation tools, unlimited agents, and team collaboration features. The nature of the discounted accounts — whether unauthorized, stolen, or otherwise illicitly obtained — is not explicitly stated.
Date: 2026-05-10T23:54:58Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-44-99-%E2%9C%85-Automate-Any-Workflow-with-AI-Agents-%E2%80%94-Now-at-90-OFF-Gumloop-Pro-1-Year-Acc
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Factory.ai Pro account upgrades on cybercrime forum
Category: Services
Content: A forum seller is offering Factory.ai Pro one-year account upgrades at $44.99, advertised as 81% off the official $240/year price. The listing includes AI coding agent features such as build, test, and deploy workflow support. Contact is provided via Telegram.
Date: 2026-05-10T23:54:35Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-44-99-%E2%9C%85-AI-Coding-Agents-That-Build-Test-and-Deploy-Faster-%E2%80%94-Now-81-OFF-Factory-ai
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: factory.ai
Sale of discounted Cursor Pro subscriptions via unauthorized upgrade service
Category: Services
Content: A threat actor is selling Cursor Pro 1-year subscriptions at $29.99, significantly below the retail price of $219. The seller offers instant delivery via an automated storefront and accepts PayPal and cryptocurrency. The listing is consistent with account upgrade services leveraging unauthorized or fraudulently obtained subscription access.
Date: 2026-05-10T23:54:11Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%90%E2%9A%A1-CURSOR-PRO-1-YEAR-UPGRADE-29-99-%E2%9A%A1-CHEAPEAST-UPGRADES-CHEAPEAST-ACCOUNTS-%E2%9A%A1-%E2%AD%90
Screenshots:
None
Threat Actors: Antaksio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Cursor AI Pro account upgrades
Category: Services
Content: A threat actor is offering one-year Cursor AI Pro account upgrades for $29.99, significantly below the standard retail price of $219. The seller accepts PayPal and cryptocurrency and advertises instant delivery via an automated storefront. The nature of the discounted access — whether sourced through compromised accounts, reselling, or other means — is not disclosed in the post.
Date: 2026-05-10T23:53:48Z
Network: openweb
Published URL: https://cracked.st/Thread-Sellix-%E2%9A%A1%EF%B8%8F-Cursor-AI-Pro-Upgrade-On-Your-Account-1-Year%E2%9C%85-29-99-%E2%9C%85
Screenshots:
None
Threat Actors: Antaksio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Saudi Arabia email list sample shared on forum
Category: Combo List
Content: A forum user shared what is described as a sample email list of 3,000 entries purportedly associated with Saudi Arabia. The content is hidden behind a login/registration wall, limiting further analysis. No specific breached organization is identified.
Date: 2026-05-10T23:52:21Z
Network: openweb
Published URL: https://patched.to/Thread-saudia-arab-email-list-3k-sample
Screenshots:
None
Threat Actors: dadazone
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of AOL email and password combo list
Category: Combo List
Content: A user is distributing an AOL email and password combo list on a cracking forum. The list is marketed as high quality (HQ) and attributed to the user ShroudX. No further details on record count or pricing are available.
Date: 2026-05-10T23:51:37Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-AOL-EMAILPASS-COMBOLIST-SHROUD20-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
France email:password combo list shared on cracking forum
Category: Combo List
Content: A threat actor shared a combo list of French email and password pairs on a cracking forum. The file is marketed as high quality and targets French email accounts for credential stuffing purposes. No further details are available from the post content.
Date: 2026-05-10T23:51:13Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-FRANCE-EMAILPASS-COMBOLIST-SHROUD20-txt–2291343
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 650 Hotmail account credentials
Category: Combo List
Content: A forum post advertises 650 Hotmail account credentials in a cracking forum. The post is sponsored by Vaultproxies.net, a proxy and SMS verification service. No additional details about the source or validity of the credentials are provided.
Date: 2026-05-10T23:50:51Z
Network: openweb
Published URL: https://nulledbb.com/thread-X650-Hotmail-Accounts–2291344
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 1.9K Hotmail credentials shared
Category: Combo List
Content: A combo list of approximately 1,900 Hotmail credentials, marketed as fully valid, was shared on a forum by the user Kommander0. The content is hidden behind a registration or login requirement. No breach of Hotmail or Microsoft infrastructure is claimed.
Date: 2026-05-10T23:50:45Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1-9k-hotmail-full-valid-by-kommander0-11-05
Screenshots:
None
Threat Actors: AnticaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Germany email:password combo list leak
Category: Combo List
Content: A user shared a combo list advertised as high-quality Germany-based email:password credentials. No further details are available from the post content.
Date: 2026-05-10T23:50:31Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-GERMANY-EMAILPASS-COMBOLIST-SHROUD20-txt–2291345
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mixed email:password combo list
Category: Combo List
Content: A forum member shared a mixed email:password combo list on a cracking forum. No further details about the source, size, or content of the combo list are available from the post.
Date: 2026-05-10T23:50:07Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-MIXED-EMAILPASS-COMBOLIST-SHROUD20-txt–2291346
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of mixed mail combo list
Category: Combo List
Content: A forum post in the cracking section offers a mixed mail combo list of approximately 1,100 lines. The post is sponsored by a proxy and SMS verification service. No specific breach source or target service is identified.
Date: 2026-05-10T23:49:34Z
Network: openweb
Published URL: https://nulledbb.com/thread-X1100-Mixed-Mail-Lines–2291369
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Mexico email:password combo list with 151K credentials
Category: Combo List
Content: A threat actor shared a free combo list containing approximately 151,000 email:password credential pairs, marketed as fresh and targeting Mexican accounts. The list was made available via an external paste link. No specific breached organization is identified.
Date: 2026-05-10T23:49:20Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%A6%E2%9C%A6-151-K-%E2%9C%A6-Mexico-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-4-5-2026-%E2%9C%A6%E2%9C%A6–2291353
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Canada Email:Password Combo List
Category: Combo List
Content: A threat actor is distributing a combo list of Canadian email:password credentials via an external paste link. The list is marketed as high quality and is likely intended for credential stuffing attacks.
Date: 2026-05-10T23:49:14Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-CANADA-EMAILPASS-COMBOLIST-txt–2291374
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Dominican Republic accounts
Category: Combo List
Content: A combo list containing over 16,000 credentials associated with Dominican Republic accounts has been shared via an external paste link. The list was posted freely on a public forum with no price indicated.
Date: 2026-05-10T23:48:59Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-16-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Dominican-Republic-%E2%9C%AA-26-APR-2026-%E2%9C%AA–2291384
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 1,600 Hotmail accounts shared on cracking forum
Category: Combo List
Content: A threat actor shared a combo list of 1,600 Hotmail accounts on a cracking forum. The post is sponsored by a proxy and SMS verification service. No additional details about the source or validity of the credentials are provided.
Date: 2026-05-10T23:48:51Z
Network: openweb
Published URL: https://nulledbb.com/thread-X1600-Hotmail-Accounts–2291378
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting British and Indian users distributed
Category: Combo List
Content: A combo list containing over 18,000 credentials described as British Indian was freely shared via an external paste link. The post was made on a public forum and attributed to the handle Elite_Cloud1. No specific breached organization is identified.
Date: 2026-05-10T23:48:38Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-18-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-British-Indian-%E2%9C%AA-1-MAY-2026-%E2%9C%AA–2291415
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 600 Hotmail account credentials
Category: Combo List
Content: A forum post advertises 600 Hotmail account credentials. The thread appears to be sponsored by a proxy and SMS verification service. No additional details about the data source or contents are provided.
Date: 2026-05-10T23:48:30Z
Network: openweb
Published URL: https://nulledbb.com/thread-X600-Hotmail-Accounts–2291385
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Ireland distributed on forum
Category: Combo List
Content: A combo list containing over 23,000 credential pairs, described as Ireland-based, has been freely shared via an external paste link on a cracking forum. No specific breached organization is identified; the list appears intended for credential stuffing use.
Date: 2026-05-10T23:48:14Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-23-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Ireland-%E2%9C%AA-27-APR-2026-%E2%9C%AA–2291444
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of MetaMask wallet checker tool for automated credential validation
Category: Combo List
Content: A threat actor shared a tool called Metamask Checker V1.0 capable of scanning multiple cryptocurrency wallets automatically. The tool appears designed to validate or crack MetaMask wallet credentials in bulk. It was made available via an external paste link on a cracking forum.
Date: 2026-05-10T23:48:08Z
Network: openweb
Published URL: https://nulledbb.com/thread-Metamask-Checker-V1-0-Scan-multiple-wallets-automatically–2291406
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed valid email access credentials
Category: Combo List
Content: A threat actor shared a list of approximately 15,400 mixed valid email access credentials via an external paste link. The post is dated April 23 and the credentials are advertised as valid mail access across multiple providers.
Date: 2026-05-10T23:47:51Z
Network: openweb
Published URL: https://nulledbb.com/thread-15-4K-%E2%9C%A8-Mix-%E2%9C%A8-Valid-Mail-Access-23-04–2291467
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of URL:Log:Pass combo list with 24.67 million records
Category: Logs
Content: A threat actor on a cracking forum is distributing a URL:LOG:PASS stealer log dataset containing approximately 24.67 million records, marketed as UHQ quality. The data appears to be stealer log output hosted on an external paste service.
Date: 2026-05-10T23:47:46Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%AD%90%EF%B8%8FURL-LOG-PASS-24-67-M-%E2%9C%85-DAXUS-PRO-UHQ-%E2%AD%90%EF%B8%8F–2291435
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sri Lanka email:password combo list freely distributed
Category: Combo List
Content: A threat actor shared a combo list of approximately 15,000 email:password pairs, marketed as fresh and associated with Sri Lanka. The credentials were made available for free via an external paste link.
Date: 2026-05-10T23:47:31Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%A6%E2%9C%A6-15-K-%E2%9C%A6-Sri-Lanka-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-30-4-2026-%E2%9C%A6%E2%9C%A6–2291488
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of DeBank account cracker and multi-chain wallet balance checker tool
Category: Combo List
Content: A threat actor is distributing a credential-stuffing and account-checking tool targeting DeBank, advertised as capable of verifying multi-chain wallet balances. The tool is shared via an external paste link on a cracking forum. No specific victim organization or record count is identified in the post.
Date: 2026-05-10T23:47:23Z
Network: openweb
Published URL: https://nulledbb.com/thread-DeBank-Account-Cracker-2026-Advanced-Multi-Chain-Wallet-Balance-Checker-Tool–2291458
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail credential hits shared on paste site
Category: Combo List
Content: A threat actor shared 1,450 Hotmail credential hits via an external paste site. The post is categorized as a combo list, as the credentials appear to be tested hits against Hotmail accounts rather than a breach of a specific organization.
Date: 2026-05-10T23:47:03Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1450x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F–2291479
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 4.8K Hotmail credentials shared on forum
Category: Combo List
Content: A forum user shared a combo list purportedly containing 4,800 Hotmail account credentials. The content is hidden behind a registration or login wall. Hotmail is the credential-stuffing target, not the breach source.
Date: 2026-05-10T23:46:57Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%AD%90%EF%B8%8F4-8k-HOTMAIL-ACCESS%E2%AD%90%EF%B8%8F–20379
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mix Mail Access Combo List
Category: Combo List
Content: A threat actor is distributing a mixed mail access combo list on a leak forum. The content is hidden behind a registration/login wall, limiting visibility into specific details such as record count or targeted services.
Date: 2026-05-10T23:46:35Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%AD%90%EF%B8%8FMIX-MAIL-ACCESS%E2%AD%90%EF%B8%8F–20378
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of premium SMTP services for bulk email delivery
Category: Services
Content: A threat actor is selling access to premium SMTP services including AWS SES, SendGrid, SparkPost, Mandrill, Brevo, and others. These services are commonly used for phishing campaigns, spam distribution, or other bulk email abuse. The seller advertises via Telegram for additional tools and offerings.
Date: 2026-05-10T23:46:04Z
Network: openweb
Published URL: https://demonforums.net/Thread-Selling-Premium-SMTPs-100-Trusted-Seller
Screenshots:
None
Threat Actors: office_365shop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of SMTP services for email abuse
Category: Services
Content: A threat actor is offering compromised or fraudulently obtained SMTP accounts from multiple providers including AWS, SendGrid, SparkPost, Mandrill, and others. The seller advertises fast delivery and secure payment, marketing the accounts for use in email campaigns. Contact is conducted via Telegram.
Date: 2026-05-10T23:45:36Z
Network: openweb
Published URL: https://demonforums.net/Thread-Hundreds-of-SMTPs-Available-Fast-Delivery-Secure-Payment
Screenshots:
None
Threat Actors: office_365shop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 130K email:password combo list targeting multiple streaming and gaming services
Category: Combo List
Content: A threat actor is offering a combo list of approximately 130,000 email:password credential pairs, marketed as fresh and high quality. The list is advertised as effective against multiple services including Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify. The actor also promotes additional combo sales via Telegram.
Date: 2026-05-10T23:45:31Z
Network: openweb
Published URL: https://demonforums.net/Thread-130k-Fresh-HQ-Combolist-Email-Pass-Netflix-Minecraft-Uplay-Steam-Hulu-spotify–203629
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of stolen credential databases and private cloud access containing email accounts from multiple countries
Category: Combo List
Content: Multiple threat actors advertising the sale of stolen credential databases (combolists) and private cloud access containing email:password combinations, cookies, and account data from various countries (UK, DE, JP, NL, BR, PL, ES, US, IT, etc.) and platforms (eBay, Walmart, Amazon, Kleinanzeigen, PSN, Uber, Poshmark, Alibaba, Mercari, neosurf). Sellers claim to have valid Hotmail accounts and offer keyword-based searching capabilities. Prices mentioned range from $1 per item.
Date: 2026-05-10T23:45:00Z
Network: telegram
Published URL: https://t.me/c/2613583520/79228
Screenshots:
None
Threat Actors: Num
Victim Country: United Kingdom, Germany, Japan, Netherlands, Brazil, Poland, Spain, United States, Italy, Mexico, Canada, Singapore, Russia, France
Victim Industry: Multiple (e-commerce, email providers, booking platforms)
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of compromised email accounts and platform access credentials
Category: Initial Access
Content: Threat actor offering for sale valid compromised email accounts and access credentials to multiple platforms including Hotmail, Yahoo, Gmail, Reddit, eBay, Uber, Marriott, Poshmark, Walmart, and others. Claims to have fresh, valid, and uncompromised quality accounts across USA, UK, Canada and other countries. Soliciting direct messages for specific keyword searches.
Date: 2026-05-10T23:39:42Z
Network: telegram
Published URL: https://t.me/c/2613583520/79245
Screenshots:
None
Threat Actors: Yuze
Victim Country: United States, United Kingdom, Canada
Victim Industry: Multiple (email providers, e-commerce, travel, social media)
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 50K Mixed Mail Access Credentials
Category: Combo List
Content: A threat actor is distributing a combo list containing 50,000 mixed mail access credential lines. The post offers no additional details regarding the source or composition of the credentials.
Date: 2026-05-10T23:31:21Z
Network: openweb
Published URL: https://altenens.is/threads/50k-mix-lines-mail-access.2937631/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale and distribution of Hotmail combo list with 10,000 credential lines
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 10,000 Hotmail/Live/Outlook/MSN credential lines via a Telegram channel. The post advertises a mix of European regional credentials (EU, UK, FR, PL, DE, IT) including ULP combos, logs, cookies, and leaked data shared daily for free, with additional content available for purchase via Telegram.
Date: 2026-05-10T23:30:55Z
Network: openweb
Published URL: https://altenens.is/threads/10k-hotmail-lines-mail-access.2937632/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 130K mixed email-password combo list
Category: Combo List
Content: A threat actor is offering a mixed email:password and user:password combo list of approximately 130,000 credentials for free download (reply-gated) and also advertising higher-volume combo lists for sale via Telegram. The list includes credentials across multiple email providers and geographic regions including AOL, Yahoo, Hotmail, Outlook, and others spanning the US, UK, France, Germany, and additional countries.
Date: 2026-05-10T23:30:27Z
Network: openweb
Published URL: https://altenens.is/threads/130k-fresh-hq-combolist-email-pass-mixed.2937641/unread
Screenshots:
None
Threat Actors: carlos080
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of checked Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of 6,369 checked Hotmail credentials via an external paste platform. The credentials are marketed as UHQ (ultra-high quality) and verified hits.
Date: 2026-05-10T23:29:56Z
Network: openweb
Published URL: https://altenens.is/threads/6369xchecked-hotmails-uhq_-ebbi_cloud.2937647/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
⭐⭐⭐35k MIX MAIL:PASS UHQ VALID 100%⭐⭐⭐
Category: Combo List
Content: New thread posted by DexterCloud: ⭐⭐⭐35k MIX MAIL:PASS UHQ VALID 100%⭐⭐⭐
Date: 2026-05-10T23:18:43Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%AD%90%E2%AD%90%E2%AD%9035k-MIX-MAIL-PASS-UHQ-VALID-100-%E2%AD%90%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: DexterCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
customs.gov.bd | customs administration in Bangladesh
Category: Alert
Content: New thread posted by vicmeow: customs.gov.bd | customs administration in Bangladesh
Date: 2026-05-10T23:11:27Z
Network: openweb
Published URL: https://breachforums.rs/Thread-customs-gov-bd-customs-administration-in-Bangladesh
Screenshots:
None
Threat Actors: vicmeow
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hello world
Category: Alert
Content: New thread posted by hitlern: Hello world
Date: 2026-05-10T23:06:49Z
Network: openweb
Published URL: https://altenens.is/threads/hello-world.2937635/unread
Screenshots:
None
Threat Actors: hitlern
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of URL:Login:Password combo list derived from stealer logs
Category: Combo List
Content: A threat actor is distributing a 2.2GB URL:login:password combo list derived from stealer logs via a Telegram channel. The dataset is described as a mix of credentials including Hotmail, Live, Outlook, and MSN accounts from multiple European countries. The actor also advertises paid offerings via Telegram.
Date: 2026-05-10T22:38:08Z
Network: openweb
Published URL: https://altenens.is/threads/2-2gb-url-login-pass-lines-from-logs.2937633/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale and distribution of mixed stealer logs and credential combo lists via Telegram
Category: Logs
Content: A threat actor is advertising 1.4GB of mixed stealer logs, cookies, combo lists (ULP/MAILPASS), and leaked data via a Telegram channel. The offering includes credentials from multiple European regions and webmail providers including Hotmail, Live, Outlook, and MSN. Free daily distributions are advertised alongside paid options via Telegram.
Date: 2026-05-10T22:37:39Z
Network: openweb
Published URL: https://altenens.is/threads/1-4gb-full-logs.2937634/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 5,588 stealer logs via cloud link
Category: Logs
Content: A threat actor operating as UP_DAISYCLOUD shared 5,588 stealer logs via a Pixeldrain link on a dark web forum. The logs are described as fresh and dated May 10. No specific victim organization or country is identified.
Date: 2026-05-10T22:28:51Z
Network: openweb
Published URL: https://darkforums.su/Thread-%F0%9F%9A%80-5588-LOGS-CLOUD-%E2%98%81-10-MAY-%E2%9D%A4%EF%B8%8F-FRESH-LOGS%E2%9D%97%EF%B8%8F
Screenshots:
None
Threat Actors: UP_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 3,805 HQ Hotmail Credentials
Category: Combo List
Content: A threat actor shared a combo list of 3,805 Hotmail credentials, marketed as high quality and fresh. The post advertises daily supply of 4,000–12,000 credentials for private members.
Date: 2026-05-10T21:48:43Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-3805x-hq-hotmail-by-s2lender-txt
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 450K URL:Login:Password credentials
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 450,000 URL:login:password credential pairs. The content is hidden behind a forum registration or login requirement. No specific target organization or country is identified.
Date: 2026-05-10T21:48:23Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%98%81-450k-url-login-pass-%E2%98%81
Screenshots:
None
Threat Actors: agha24
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is sharing 520 allegedly valid Hotmail credentials on a combolist forum. The content is hidden behind a registration or login requirement. These credentials are likely intended for credential stuffing or account takeover activity.
Date: 2026-05-10T21:48:11Z
Network: openweb
Published URL: https://patched.to/Thread-contributor-%E2%9C%A8-520x-fresh-hotmail-valid-%E2%9C%A8-301085
Screenshots:
None
Threat Actors: SNSS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of ULP combo list with 13.68 million records
Category: Combo List
Content: A threat actor shared a URL:LOG:PASS combo list containing approximately 13.68 million records, marketed as UHQ quality. The list was made available via an external paste link on a cracking forum.
Date: 2026-05-10T21:47:44Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%AD%90%EF%B8%8FURL-LOG-PASS-13-68-M-%E2%9C%85-ULP-DAXUS-PRO-UHQ-%E2%AD%90%EF%B8%8F–2291256
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list of 657 accounts shared on cracking forum
Category: Combo List
Content: A threat actor shared a combo list of 657 Hotmail mail access credentials on a cracking forum. The list is advertised as UHQ (ultra-high quality) and is made available via an external paste link.
Date: 2026-05-10T21:47:24Z
Network: openweb
Published URL: https://nulledbb.com/thread-HOTMAIL-MAIL-ACCESS-X657-%E2%9C%85-DAXUS-PRO-UHQ-%E2%AD%90%EF%B8%8F–2291285
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Sweden distributed on forum
Category: Combo List
Content: A combo list of approximately 44,000 credentials purportedly associated with Sweden was shared freely on a forum. The list was made available via an external paste link and is dated April 24, 2026.
Date: 2026-05-10T21:47:20Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-44-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Sweden-%E2%9C%AA-24-APR-2026-%E2%9C%AA–2291237
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 850 Hotmail credentials
Category: Combo List
Content: A threat actor has shared a combo list of 850 Hotmail credentials described as premium hits. The list is distributed freely via an external paste link. This is a credential stuffing resource, not a breach of Hotmail or Microsoft.
Date: 2026-05-10T21:47:04Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-850x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F–2291315
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 7.1K credentials
Category: Combo List
Content: A threat actor leaked a combo list of approximately 7,100 Hotmail credentials, marketed as valid mail access. The list was shared freely via an external paste service.
Date: 2026-05-10T21:47:00Z
Network: openweb
Published URL: https://nulledbb.com/thread-7-1K-%E2%9A%A1Hotmail%E2%9A%A1Valid-Mail-Access-05-05–2291265
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 500 Hotmail account credentials
Category: Combo List
Content: A forum post advertises 500 Hotmail accounts in a cracking forum context. The post body appears to be a sponsored advertisement for a proxy and SMS verification service rather than containing actual credential content.
Date: 2026-05-10T21:46:43Z
Network: openweb
Published URL: https://nulledbb.com/thread-X500-Hotmail-Accounts–2291340
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged combo list of Uruguayan email:password credentials
Category: Combo List
Content: A threat actor shared a combo list of over 10,000 email:password pairs purportedly associated with Uruguayan users, made available via an external paste link. The credentials are marketed as fresh and dated April 25, 2026.
Date: 2026-05-10T21:46:39Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%A6%E2%9C%A6-10-K-%E2%9C%A6-Uruguay-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-25-4-2026-%E2%9C%A6%E2%9C%A6–2291294
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 1,500 mixed mail credentials
Category: Combo List
Content: A forum post shares 1,500 mixed mail combo lines. The thread is sponsored by Vaultproxies.net, advertising proxy and SMS verification services. No additional details about the credential source or targeted services are provided.
Date: 2026-05-10T21:46:21Z
Network: openweb
Published URL: https://nulledbb.com/thread-X1500-Mixed-Mail-Lines–2291341
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Coinbase
Category: Data Breach
Content: A threat actor is offering for sale an alleged Coinbase user database containing 80,000 records dated 2026, priced at $850. The dataset includes full names, cities, email addresses, mobile numbers, and cryptocurrency balances (BTC, ETH, USDT). Sample records provided appear to contain US-based users.
Date: 2026-05-10T21:45:21Z
Network: openweb
Published URL: https://darkpro.net/threads/coinbase-database-80k-users-2026.23086/
Screenshots:
None
Threat Actors: Darkroot
Victim Country: United States
Victim Industry: Finance
Victim Organization: Coinbase
Victim Site: coinbase.com
Alleged sale of credential checking and captcha bypass tools by DataxLogs
Category: Malware
Content: Threat actor DataxLogs is advertising configuration services for credential stuffing and phishing attacks, offering Python-based tools (Silverbullet, Openbullet 2) with APIs for multiple platforms (Web, Android, iOS, Windows) and comprehensive captcha bypass capabilities (hCaptcha, Cloudflare, reCAPTCHA v2/v3, Perimeterx, Akamai, etc.). This infrastructure is designed to facilitate large-scale credential compromise and fraud operations.
Date: 2026-05-10T21:35:10Z
Network: telegram
Published URL: https://t.me/c/2613583520/79170
Screenshots:
None
Threat Actors: DataxLogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of DFx Engineering website by Cyber Islamic Resistance
Category: Defacement
Content: Cyber Islamic Resistance claims to have defaced the website of DFx Engineering (dfx-eng.co.il), an Israeli electronics testing and design company. The group posted defacement proof via Zone-H mirror (ID: 42052321) as part of their Waad Al-Sinwar Operations campaign in support of resistance in Lebanon.
Date: 2026-05-10T21:31:33Z
Network: telegram
Published URL: https://t.me/c/1651470668/1908
Screenshots:
None
Threat Actors: Cyber Islamic Resistance
Victim Country: Israel
Victim Industry: Electronics Testing & Design
Victim Organization: DFx Engineering
Victim Site: dfx-eng.co.il
Sale of Fully Undetected DLL Stealer Malware
Category: Malware
Content: A threat actor is selling a DLL-based information stealer named xia, marketed as fully undetected at both scan time and runtime. The stealer features DLL sideloading, DPAPI credential decryption, cookie theft, credit card harvesting, 25 crypto wallet extension targeting, UAC bypass, Ring-3 rootkit capabilities, anti-VM/anti-debug evasion, and persistence mechanisms. The seller advertises compatibility with all modern Windows 10 and 11 versions and provides contact via Signal.
Date: 2026-05-10T21:28:47Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Fully-Undetected-Stealer-Runtime-Scantime
Screenshots:
None
Threat Actors: jackborrin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of database belonging to Directorate General of Drug Administration (DGDA) of Bangladesh
Category: Data Breach
Content: A threat actor is offering for sale a database purportedly belonging to the Directorate General of Drug Administration (DGDA) of Bangladesh. Sample data includes pharmacy registration records with fields such as business names, addresses, license numbers, national IDs, and contact information. The seller provided a Telegram contact for inquiries.
Date: 2026-05-10T21:23:24Z
Network: openweb
Published URL: https://breached.st/threads/dgda-database.86985/unread
Screenshots:
None
Threat Actors: Kyyzo
Victim Country: Bangladesh
Victim Industry: Government
Victim Organization: Directorate General of Drug Administration
Victim Site: dgdagov.info
Alleged sale of stolen payment cards and credential combolists across multiple countries
Category: Combo List
Content: User Wěilóng is offering to sell stolen credential combolists (email:password lists) for Hotmail and multiple e-commerce platforms (kleinanzeigen, eBay, Reddit, Poshmark, Depop, Walmart, Amazon) across multiple countries including DE, FR, IT, BR, UK, US, JP, PL, RU, ES, NL, MX, CA, SP, SG. Seller claims to have private cloud Hotmail UHQ credentials and offers keyword verification for serious buyers only.
Date: 2026-05-10T21:08:02Z
Network: telegram
Published URL: https://t.me/c/2613583520/79177
Screenshots:
None
Threat Actors: Wěilóng
Victim Country: Germany, France, Italy, Brazil, United Kingdom, United States, Japan, Poland, Russia, Spain, Netherlands, Mexico, Canada, Singapore
Victim Industry: e-commerce, email services
Victim Organization: Unknown
Victim Site: hotmail.com, ebay.com, amazon.com, walmart.com, reddit.com, poshmark.com, depop.com, kleinanzeigen.de
Distribution of 773K URL:Login:Pass combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 773,000 URL:login:password credential pairs, marketed as fresh and high quality. The content is gated behind registration or login on the forum.
Date: 2026-05-10T20:31:10Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9C%A8-773k-url-login-pass-%E2%9C%A8leak-private-url-login-pass%E2%9A%A1fresh-uhq%E2%9A%A1
Screenshots:
None
Threat Actors: Frisbeese
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mix combo list with approximately 23,413 credentials
Category: Combo List
Content: A threat actor known as s2lender is offering a high-quality mixed combo list containing approximately 23,413 credential pairs, marketed as fresh and untouched. The post advertises daily supply of 4,000–12,000 credentials through a private members-only network. Access to the content is restricted to registered forum members.
Date: 2026-05-10T20:30:53Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-23413x-hq-mix-by-s2lender-txt
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Microsoft combo list of 759K credentials offered on forum
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 759,000 credentials advertised as a private base targeting Microsoft accounts. The post claims the credentials are suitable for various credential-stuffing purposes. The author also promotes an affiliated combo cloud service offering private-line data.
Date: 2026-05-10T20:30:35Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1759k-microsoft%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Office365 combo list with 591K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 591,000 credentials marketed for use against Office365, advertised as private data with a high hit rate. The post is associated with a combo cloud service offering high-quality data and private lines.
Date: 2026-05-10T20:29:56Z
Network: openweb
Published URL: https://patched.to/Thread-%E3%80%8C-591k-%E3%80%8D%E2%9A%A1office365-%E2%9A%A1-100-private-data-%E2%9A%A1impressive-hitrate%E2%9A%A1-2026-new%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Roblox and Minecraft gaming platforms
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 660,000 credentials marketed as suitable for use against Roblox and Minecraft platforms. The post claims the data originates from a private base and is described as effective for various credential-stuffing purposes. The author also advertises an ongoing combo cloud service.
Date: 2026-05-10T20:29:16Z
Network: openweb
Published URL: https://patched.to/Thread-gaming-%E2%9A%A1660k-roblox-minecraft%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting Eneba and G2A gift card platforms
Category: Combo List
Content: A threat actor is distributing a combo list of 702,000 credentials marketed as private data with a high hit rate, targeting Eneba and G2A gift card platforms. The post is associated with a combo cloud service advertised in the authors signature.
Date: 2026-05-10T20:28:44Z
Network: openweb
Published URL: https://patched.to/Thread-gaming-%E3%80%8C-702k-%E3%80%8D%E2%9A%A1-eneba-g2a-gift-cards%E2%9A%A1-100-private-data-%E2%9A%A1impressive-hitrate%E2%9A%A1-2026-new%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Pornhub distributed on cybercrime forum
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 795,000 credentials marketed as suitable for use against Pornhub. The post advertises the dataset as a private base and is associated with a broader combo cloud service offering.
Date: 2026-05-10T20:28:26Z
Network: openweb
Published URL: https://patched.to/Thread-porn-%E2%9A%A1795k-pornhub%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Hotmail credentials offered by threat actor s2lender
Category: Combo List
Content: A threat actor operating as s2lender is sharing or selling a combo list of approximately 1,363 Hotmail credentials marketed as high quality. The post advertises daily supply of 4,000–12,000 fresh credentials via a private members-only network with encrypted access.
Date: 2026-05-10T20:27:55Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1363x-hq-hotmail-by-s2lender-txt
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 2,880 lines from mixed countries
Category: Combo List
Content: A threat actor has shared a Hotmail combo list containing 2,880 credential lines sourced from mixed countries. The content is gated behind registration or login on the forum. This is a credential stuffing list, not a breach of Hotmail/Microsoft.
Date: 2026-05-10T20:27:29Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-2-880-good-lines-mix-countries-hotmail-combo
Screenshots:
None
Threat Actors: cloudkaraoke
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of disposable RDP/VPS service with no-log policy
Category: Services
Content: A threat actor is advertising a disposable RDP service at bubbl.cx offering Windows and Linux instances accessible via browser, with a WireGuard kill switch, no email signup, and cryptocurrency payment options. Plans range from $9/mo to $39/mo with servers in Frankfurt, NYC, and Sydney. The service emphasizes no-log operation and permanent destruction of the instance upon termination.
Date: 2026-05-10T20:27:22Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%AB%A7-bubbl-cx-%F0%9F%AB%A7-disposable-rdp-%F0%9F%AB%A7-windows-linux-%F0%9F%AB%A7-btc-xmr-%F0%9F%AB%A7-from-9-mo-%F0%9F%AB%A7
Screenshots:
None
Threat Actors: gravem1nd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 544 Hotmail Valid Credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 544 allegedly valid Hotmail credentials dated 10.05.2026. The content is hidden behind a registration/login wall on the forum. These credentials are likely intended for credential stuffing or account takeover activity.
Date: 2026-05-10T20:27:05Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%8C%8A544-hotmail-valid-access-10-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 1,103 hits shared for free
Category: Combo List
Content: A threat actor shared a combo list of 1,103 alleged Hotmail credential hits via an external paste link. The post is categorized as a combo list targeting Hotmail accounts for credential stuffing purposes.
Date: 2026-05-10T20:26:32Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1103x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F–2291170
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Portugal distributed on forum
Category: Combo List
Content: A combo list containing over 75,000 credential pairs associated with Portugal was shared freely on a forum. The list was made available via an external paste link. No specific breached organization is identified.
Date: 2026-05-10T20:26:18Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-75-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Portugal-%E2%9C%AA-23-APR-2026-%E2%9C%AA–2291179
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free drop of J.Crew Visa/Mastercard payment card data
Category: Carding
Content: A threat actor is freely distributing three J.Crew-linked Visa and Mastercard payment card records as part of an advertised daily free drop series. The cards were shared via an external paste link on a cracking forum.
Date: 2026-05-10T20:26:14Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%80%BC%EF%B8%8F-DAILY-FREE-DROPS-3X-jCrew-VI-MC%E2%80%BC%EF%B8%8F–2291199
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: J.Crew
Victim Site: jcrew.com
Distribution of cracked Sendblaster Pro email marketing software
Category: Services
Content: A forum user shared a link to an activated/cracked version of Sendblaster Pro 4.1.13, a bulk email marketing application. The software is being distributed via an external paste link. Sendblaster Pro is commonly used in spam and phishing campaigns.
Date: 2026-05-10T20:25:54Z
Network: openweb
Published URL: https://nulledbb.com/thread-Sendblaster-Pro-Version-4-1-13-Activated–2291228
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Lyceena Academy
Category: Data Breach
Content: A threat actor claims to have breached Lyceena Academy, a Tunisian online educational platform, and is offering the stolen database for sale. The exposed data reportedly includes teacher and student names, nicknames, Auth0 IDs, email addresses, and phone numbers. Sample records were shared as proof of the claimed intrusion.
Date: 2026-05-10T20:21:07Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Selling-lyceena-academy-leaked-database
Screenshots:
None
Threat Actors: crucialwork77
Victim Country: Tunisia
Victim Industry: Education
Victim Organization: Lyceena Academy
Victim Site: Unknown
Hacking-for-hire services advertised on cracking forum
Category: Services
Content: A forum user is advertising a broad range of hacking-for-hire services including social media account compromise, DDoS attacks, phone hacking, credential recovery, and website exploitation. Contact is provided via Telegram and ProtonMail. No specific victim or breach is identified.
Date: 2026-05-10T20:09:59Z
Network: openweb
Published URL: https://crackingx.com/threads/74854/
Screenshots:
None
Threat Actors: Gpdforever
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Redefacement of WisdomMCA by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, carried out a redefacement of wisdommca.com, suggesting the site had been previously compromised. The defacement targeted a specific page (index.txt) rather than the home page, indicating a selective intrusion. This incident marks at least a second compromise of the same target by this actor or group.
Date: 2026-05-10T20:08:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919380
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Education
Victim Organization: WisdomMCA
Victim Site: wisdommca.com
Website Redefacement of Gujarati Thal Restaurant by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, carried out a redefacement of the website belonging to Gujarati Thal Restaurant. This incident marks a repeated targeting of the same domain, indicating persistent interest or unresolved vulnerabilities on the victims web infrastructure. No specific motive or exploited technology was disclosed in the available data.
Date: 2026-05-10T20:07:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919358
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Food & Beverage / Restaurant
Victim Organization: Gujarati Thal Restaurant
Victim Site: gujaratithalrestaurant.com
Website Redefacement of JasmFitandFlex by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, carried out a redefacement of the fitness-related website jasmfitandflex.com. This incident marks a repeated targeting of the same site, indicating persistent interest or unresolved vulnerabilities. The defacement was recorded and mirrored by zone-xsec.com with ID 919360.
Date: 2026-05-10T20:06:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919360
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Health & Fitness
Victim Organization: JasmFitandFlex
Victim Site: jasmfitandflex.com
Website Redefacement of Target Cargo Services by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, carried out a redefacement of targetcargoservices.com, indicating the site had been previously compromised. The attack targeted the index page of a cargo and logistics services company. No specific motivation or additional technical details were disclosed in connection with this incident.
Date: 2026-05-10T20:05:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919376
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Logistics and Cargo Services
Victim Organization: Target Cargo Services
Victim Site: targetcargoservices.com
Website Redefacement of Madeena Steel Trading by Nicotine (Umbra Community)
Category: Defacement
Content: The website of Madeena Steel Trading was defaced by a threat actor known as Nicotine, operating under the group Umbra Community. This incident is classified as a redefacement, indicating the target had been previously compromised and defaced. The attack was recorded on May 11, 2026, with limited technical details available regarding the server infrastructure or exploit method used.
Date: 2026-05-10T20:04:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919364
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Manufacturing / Steel Trading
Victim Organization: Madeena Steel Trading
Victim Site: madeenasteeltrading.com
Website Redefacement of SSP Solutions by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, conducted a redefacement of sspsolutions.ae, a technology solutions provider based in the United Arab Emirates. This incident marks a repeated targeting of the same organization, indicating persistent intent. The defacement was recorded and mirrored by zone-xsec.com under mirror ID 919375.
Date: 2026-05-10T20:03:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919375
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United Arab Emirates
Victim Industry: Technology / IT Solutions
Victim Organization: SSP Solutions
Victim Site: sspsolutions.ae
Website Redefacement of Green Domain Cleaning by Nicotine of Umbra Community
Category: Defacement
Content: The website greendomaincleaning.com was redefaced on May 11, 2026, by a threat actor known as Nicotine, operating under the group Umbra Community. This incident is classified as a redefacement, indicating the site had been previously compromised and targeted again. No specific motivation or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-10T20:02:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919357
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Cleaning Services
Victim Organization: Green Domain Cleaning
Victim Site: greendomaincleaning.com
Website Redefacement of UAE Pest Control Service by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, conducted a redefacement of pestcontrolinuae.com, a pest control services website based in the United Arab Emirates. This incident marks a repeated compromise of the same target, suggesting persistent access or recurring vulnerability exploitation. The defacement was recorded and mirrored by zone-xsec.com.
Date: 2026-05-10T20:01:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919369
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United Arab Emirates
Victim Industry: Pest Control / Home Services
Victim Organization: Pest Control in UAE
Victim Site: pestcontrolinuae.com
Website Redefacement of kkapms.com by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, carried out a redefacement of kkapms.com. This incident marks a repeated compromise of the same target, suggesting persistent access or unresolved vulnerabilities. The defacement was limited to a single page and was not part of a mass defacement campaign.
Date: 2026-05-10T20:00:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919361
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: kkapms.com
Website Redefacement of mymindlevel.com by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, the website mymindlevel.com was defaced by a threat actor known as Nicotine, operating under the group Umbra Community. This incident is classified as a redefacement, indicating the site had been previously compromised and targeted again. The attack involved the placement of a defacement page at the index.txt path, with the mirror archived on zone-xsec.com.
Date: 2026-05-10T19:59:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919367
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: My Mind Level
Victim Site: mymindlevel.com
Website Redefacement of Mughal Technical Services by Nicotine of Umbra Community
Category: Defacement
Content: The website mughaltechnicalservices.com was redefaced by a threat actor known as Nicotine, operating under the group Umbra Community, on May 11, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised and defaced. No specific motive or proof-of-concept was disclosed, and technical details such as server software and IP address remain unknown.
Date: 2026-05-10T19:59:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919366
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology/Technical Services
Victim Organization: Mughal Technical Services
Victim Site: mughaltechnicalservices.com
Alleged data breach of Indonesias Ministry of Transportation (KEMENHUB)
Category: Data Breach
Content: A threat actor is offering for sale a purported 93GB+ database from Indonesias Ministry of Transportation (kemenhub.go.id) for $8,500. The dataset allegedly covers 38 provinces and 514 cities/regencies, containing vehicle and owner records including names, license plates, chassis numbers, engine numbers, and inspection data. Sample data includes structured vehicle registration records from the Jakarta capital region.
Date: 2026-05-10T19:55:32Z
Network: openweb
Published URL: https://breached.st/threads/kemenhub-go-id-database-93gb.86981/unread
Screenshots:
None
Threat Actors: Kyyzo
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Indonesia Ministry of Transportation (KEMENHUB)
Victim Site: kemenhub.go.id
Alleged data leak of Oyo State Commerce website by Nullsec Nigeria
Category: Data Leak
Content: A threat actor identified as Nullsec Nigeria claims to have hacked the Oyo State Commerce website as part of opNigeria. The actor has made available what they describe as MySQL logs and other data via a download link, stating additional leaks are forthcoming.
Date: 2026-05-10T19:54:33Z
Network: openweb
Published URL: https://breached.st/threads/opnigeria.86982/unread
Screenshots:
None
Threat Actors: ki4tane
Victim Country: Nigeria
Victim Industry: Government
Victim Organization: Oyo State Commerce
Victim Site: Unknown
Alleged ransom and data leak threat targeting Irans nuclear program data
Category: Cyber Attack
Content: A threat actor operating under the alias NormalLeVrai claims to have obtained approximately 77.56 GB of data related to Irans nuclear program, including structured databases, insurance records, budget documents, and telephone number lists. The actor is demanding €5,000 from the Iranian government by May 15th, threatening to publicly release all data if the ransom is not paid. The post also claims defacement of multiple Iranian websites and extraction of their databases.
Date: 2026-05-10T19:53:53Z
Network: openweb
Published URL: https://breached.st/threads/ransom-iran-nuclear-77-56-gb.86984/unread
Screenshots:
None
Threat Actors: NormalLeVrai
Victim Country: Iran
Victim Industry: Government
Victim Organization: Iranian Government / Nuclear Program
Victim Site: Unknown
Website Redefacement of gsansoa.online by Nicotine of Umbra Community
Category: Defacement
Content: A threat actor identified as Nicotine, affiliated with the group Umbra Community, conducted a redefacement of the website gsansoa.online on May 11, 2026. This incident marks at least a second compromise of the target, indicating persistent adversarial interest in the site. No specific motivation or server details were disclosed in the available defacement record.
Date: 2026-05-10T19:52:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919326
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: gsansoa.online
Website Defacement of IndiasBazaar by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website indiasbazaar.in, an Indian e-commerce or retail platform. The defacement targeted a specific page (index.txt) rather than the sites homepage and was not part of a mass defacement campaign. No specific motive or server details were disclosed in connection with this incident.
Date: 2026-05-10T19:51:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919303
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: E-Commerce / Retail
Victim Organization: Indias Bazaar
Victim Site: indiasbazaar.in
Website Defacement of MedResearchIndia by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, successfully defaced the website medresearchindia.com, a medical research organization based in India. The defacement targeted a specific page (index.txt) rather than the home page, suggesting a targeted file-level intrusion. The incident was recorded and mirrored by zone-xsec.com with mirror ID 919306.
Date: 2026-05-10T19:50:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919306
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Healthcare / Medical Research
Victim Organization: Med Research India
Victim Site: medresearchindia.com
Website Defacement of tourbestie.com by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website tourbestie.com. The defacement targeted a specific file (index.txt) rather than the homepage, indicating a targeted file-level intrusion. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-05-10T19:49:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919310
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Travel and Tourism
Victim Organization: Tour Bestie
Victim Site: tourbestie.com
Website Defacement of Indian Fitness Hub by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor identified as Nicotine, operating under the group Umbra Community, defaced the website indianfitnesshub.com by altering the index.txt file. The attack targeted an Indian health and fitness platform and was neither a mass defacement nor a redefacement. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-05-10T19:48:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919302
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Health & Fitness
Victim Organization: Indian Fitness Hub
Victim Site: indianfitnesshub.com
Website Defacement of esgwings.website by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website esgwings.website. The defacement targeted a single page and was not classified as a mass or home page defacement. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-10T19:47:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919325
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: ESG Wings
Victim Site: esgwings.website
Website Redefacement of CTR Shoe Store by Nicotine of Umbra Community
Category: Defacement
Content: A threat actor known as Nicotine, operating under the group Umbra Community, conducted a redefacement of ctrshoestore.in, an Indian online shoe retail website, on May 11, 2026. This incident marks a repeated compromise of the target, indicating persistent access or vulnerability exploitation. The defacement was not part of a mass defacement campaign and targeted a specific page rather than the homepage.
Date: 2026-05-10T19:46:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919311
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Retail
Victim Organization: CTR Shoe Store
Victim Site: ctrshoestore.in
Website Defacement of Nithiyam by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website nithiyam.com. The defacement targeted the index page of the site and was recorded as a standalone, non-mass defacement incident. No specific motive or server details were disclosed in connection with the attack.
Date: 2026-05-10T19:45:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919307
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Nithiyam
Victim Site: nithiyam.com
Website Defacement of Intellcubes by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, the website intellcubes.com was defaced by a threat actor known as Nicotine, operating under the group Umbra Community. The attack targeted a specific page (index.txt) rather than the homepage, indicating a targeted single-page defacement. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-05-10T19:45:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919304
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Intellcubes
Victim Site: intellcubes.com
Sale of 2 million Hotmail email:password combo list
Category: Combo List
Content: A threat actor is offering for sale a combo list containing approximately 2 million Hotmail email:password credential pairs, marketed as high quality. The content is gated behind forum registration or login.
Date: 2026-05-10T19:41:03Z
Network: openweb
Published URL: https://patched.to/Thread-email-pass-2m-hotmail-%E2%9A%AA-high-quality-private-combolist-2-%E2%9A%AA
Screenshots:
None
Threat Actors: uhqcomboseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 2 million credentials
Category: Combo List
Content: A threat actor is offering a combo list of 2 million Hotmail email:password credentials, marketed as high quality. The content is hidden behind a registration or login gate on the forum.
Date: 2026-05-10T19:40:44Z
Network: openweb
Published URL: https://patched.to/Thread-email-pass-2m-hotmail-%E2%9A%AA-high-quality-private-combolist-3-%E2%9A%AA
Screenshots:
None
Threat Actors: uhqcomboseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 2 million credentials
Category: Combo List
Content: A threat actor is offering a combo list of 2 million Hotmail email and password pairs on a cybercrime forum. The content is gated behind registration or login. The credentials are marketed as high quality and private.
Date: 2026-05-10T19:40:24Z
Network: openweb
Published URL: https://patched.to/Thread-email-pass-2m-hotmail-%E2%9A%AA-high-quality-private-combolist-4-%E2%9A%AA
Screenshots:
None
Threat Actors: uhqcomboseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 2 million credentials
Category: Combo List
Content: A threat actor is offering a combo list of 2 million Hotmail email and password pairs on a cybercrime forum. The content is gated behind registration or login. The credentials are marketed as high quality and private.
Date: 2026-05-10T19:39:53Z
Network: openweb
Published URL: https://patched.to/Thread-email-pass-2m-hotmail-%E2%9A%AA-high-quality-private-combolist-5-%E2%9A%AA
Screenshots:
None
Threat Actors: uhqcomboseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail email:password combo list
Category: Combo List
Content: A threat actor is offering a combo list of 2 million Hotmail email:password credentials on a cybercrime forum. The list is marketed as high quality and private. Content is gated behind registration or login.
Date: 2026-05-10T19:39:11Z
Network: openweb
Published URL: https://patched.to/Thread-email-pass-2m-hotmail-%E2%9A%AA-high-quality-private-combolist-6-%E2%9A%AA
Screenshots:
None
Threat Actors: uhqcomboseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Amaze Interiors by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Amaze Interiors at amaze-interiors.com. The defacement targeted a single page (index.txt) and was not classified as a mass or home page defacement. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-10T19:38:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919182
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Interior Design / Home Furnishings
Victim Organization: Amaze Interiors
Victim Site: amaze-interiors.com
Sale of Hotmail email:password combo list
Category: Combo List
Content: A threat actor is offering a combo list of 2 million Hotmail email:password pairs, marketed as high quality. The content is gated behind registration or login on the forum. No specific breach source is identified.
Date: 2026-05-10T19:38:42Z
Network: openweb
Published URL: https://patched.to/Thread-email-pass-2m-hotmail-%E2%9A%AA-high-quality-private-combolist-7-%E2%9A%AA
Screenshots:
None
Threat Actors: uhqcomboseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 2 million credentials
Category: Combo List
Content: A threat actor is offering a combo list of 2 million Hotmail email and password pairs on a cybercrime forum. The content is gated behind registration or login. The credentials are marketed as high quality and private.
Date: 2026-05-10T19:38:15Z
Network: openweb
Published URL: https://patched.to/Thread-email-pass-2m-hotmail-%E2%9A%AA-high-quality-private-combolist-8-%E2%9A%AA
Screenshots:
None
Threat Actors: uhqcomboseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 2 million credentials
Category: Combo List
Content: A threat actor on a cybercrime forum is offering a combo list of 2 million Hotmail email and password pairs, marketed as high quality and private. The content is gated behind registration or login. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-10T19:37:59Z
Network: openweb
Published URL: https://patched.to/Thread-email-pass-2m-hotmail-%E2%9A%AA-high-quality-private-combolist-9-%E2%9A%AA
Screenshots:
None
Threat Actors: uhqcomboseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of stealer logs and ULP credentials
Category: Logs
Content: A threat actor identified as WaterCloud is distributing stealer logs and URL:Login:Password (ULP) credential sets on a forum. The content is hidden behind registration and requires a password to access. No specific victim organization or record count is disclosed.
Date: 2026-05-10T19:37:44Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%90%E2%AD%90%E2%AD%90-stealer-logs-and-u-l-p-10-05-2026
Screenshots:
None
Threat Actors: WaterCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Kpembe NMTC Ghana by XYZ (Alpha Wolf)
Category: Defacement
Content: On May 11, 2026, a threat actor identified as XYZ, operating under the team name Alpha Wolf, defaced the website of Kpembe Nursing and Midwifery Training College in Ghana. The attack targeted the robots.txt file on a Linux-based server. The incident was a singular, targeted defacement rather than a mass or redefacement campaign.
Date: 2026-05-10T19:37:33Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249147
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Ghana
Victim Industry: Education
Victim Organization: Kpembe Nursing and Midwifery Training College
Victim Site: kpembenmtc.edu.gh
Sale of Hotmail combo list with 2 million credentials
Category: Combo List
Content: A threat actor is offering a combo list of 2 million Hotmail email and password pairs on a cybercrime forum. The credentials are marketed as high quality and private. Content is gated behind registration or login.
Date: 2026-05-10T19:37:28Z
Network: openweb
Published URL: https://patched.to/Thread-email-pass-2m-hotmail-%E2%9A%AA-high-quality-private-combolist-10-%E2%9A%AA
Screenshots:
None
Threat Actors: uhqcomboseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Lithuanian accounts distributed on forum
Category: Combo List
Content: A combo list containing over 17,000 credential pairs, reportedly associated with Lithuanian accounts, was freely shared on a hacking forum via an external paste link. The post is dated April 28, 2026, and attributed to the user Magites.
Date: 2026-05-10T19:36:55Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-17-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Lithuania-%E2%9C%AA-28-APR-2026-%E2%9C%AA–2291130
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of vikasvartul.org by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor identified as Nicotine, affiliated with the group Umbra Community, defaced the website vikasvartul.org. The defacement targeted a specific index file and was not classified as a mass or home page defacement. The incident was documented and mirrored by zone-xsec.com.
Date: 2026-05-10T19:36:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919181
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Vikas Vartul
Victim Site: vikasvartul.org
Sale of mixed email access combo list (47.5K credentials)
Category: Combo List
Content: A threat actor is offering a mixed email and password combo list containing approximately 47,500 credentials as hidden content on the forum. The actor also advertises bulk combo packages ranging from 100K to 10 million records at various price points, as well as gaming and shopping-specific combos. Access to a private combo group is available via subscription tiers starting at $50 per week.
Date: 2026-05-10T19:36:18Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-47-5k-MIXED-COMBO-MAILS-ACCESS-GOOD
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of German T-Online email credential combo list
Category: Combo List
Content: A threat actor is offering for sale a combo list of approximately 20,200 T-Online Germany email credentials. The seller also advertises bulk combo list packages and subscription-based access to a private combo group via Telegram.
Date: 2026-05-10T19:35:53Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-20-2k-T-ONLINE-GERMANY-MAILS-ACCESS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of corporate email combo list with 125.1K credentials
Category: Combo List
Content: A threat actor is selling a combo list advertised as 125,100 corporate email credentials. The seller offers tiered pricing for bulk combo lists and operates a private subscription group via Telegram.
Date: 2026-05-10T19:35:30Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-125-1k-CORPS-MAILS-ACCESS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of CCMSPL by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website ccmspl.com. The attacker replaced the index page with a defacement file (index.txt), leaving server and infrastructure details undisclosed. No specific motive or reason was cited for the attack.
Date: 2026-05-10T19:35:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919173
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: CCMSPL
Victim Site: ccmspl.com
Sale of mixed mail access combo list with 24K credentials
Category: Combo List
Content: A threat actor on DemonForums is sharing a mixed mail access combo list containing approximately 24,000 credentials. The content is hidden behind a registration or login requirement. No specific targeted organization or country is identified.
Date: 2026-05-10T19:34:50Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-24K-Good-Mix-Mail-Access
Screenshots:
None
Threat Actors: StrawHatBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of email access combo list with 19K valid credentials
Category: Combo List
Content: A threat actor on DemonForums is distributing a combo list advertised as containing 19,000 valid email credentials. The content is gated behind registration or login. No specific targeted organization or country is identified.
Date: 2026-05-10T19:34:29Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-19K-VALID-MAIL-ACCESS–203623
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Akmar Makina by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Akmar Makina, a Turkish machinery company. The defacement targeted a specific page (index.txt) rather than the homepage, indicating a targeted intrusion. The incident was recorded and mirrored by zone-xsec.com with mirror ID 918738.
Date: 2026-05-10T19:29:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918738
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Turkey
Victim Industry: Manufacturing / Machinery
Victim Organization: Akmar Makina
Victim Site: akmarinmakina.com
Alleged data leak of Bangladesh Agricultural Development Corporation private Git repositories
Category: Data Leak
Content: A threat actor claims to have leaked the full private Git repositories of the Bangladesh Agricultural Development Corporation (BADC), an autonomous government body under the Ministry of Agriculture. The leaked data allegedly includes payment gateway configuration credentials, database passwords, and sensitive documents. The actor also claims to have disrupted the BADC portal during the intrusion, preventing administrator logins.
Date: 2026-05-10T19:29:06Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SOURCE-CODE-badc-gov-bd-Bangladesh-Agricultural-Development-Corporation-full-private-git-repo
Screenshots:
None
Threat Actors: vicmeow
Victim Country: Bangladesh
Victim Industry: Government
Victim Organization: Bangladesh Agricultural Development Corporation
Victim Site: badc.gov.bd
Website Defacement of akzer.com.tr by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the Turkish website akzer.com.tr. The defacement was a targeted single-site attack, with the defaced page archived at zone-xsec.com. No specific motivation or server details were disclosed in connection with the incident.
Date: 2026-05-10T19:28:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918739
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Akzer
Victim Site: akzer.com.tr
Website Defacement of deryakizil.com.tr by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor identified as Nicotine, affiliated with the group Umbra Community, defaced the Turkish website deryakizil.com.tr. The defacement was a targeted, non-mass attack against a single website. No specific motive or server details were disclosed in connection with this incident.
Date: 2026-05-10T19:27:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918737
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Derya Kizil
Victim Site: deryakizil.com.tr
Website Redefacement of KaratPatch by Nicotine (Umbra Community)
Category: Defacement
Content: The website karatpatch.ca was defaced by a threat actor known as Nicotine, operating under the group Umbra Community, on May 11, 2026. This incident is recorded as a redefacement, indicating the site had been previously compromised by the same or another attacker. The defacement was isolated to a specific page rather than the sites homepage, suggesting targeted file-level access to the web server.
Date: 2026-05-10T19:26:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918728
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Retail / E-commerce
Victim Organization: KaratPatch
Victim Site: karatpatch.ca
Website Defacement of MSI Certifications by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor operating under the alias Nicotine, affiliated with the group Umbra Community, defaced the website of MSI Certifications. The attack targeted a single page and was not classified as a mass or home page defacement. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-10T19:25:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918730
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Professional Certifications / Training
Victim Organization: MSI Certifications
Victim Site: msicertifications.com
Website Defacement of Araf Metal by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, the website arafmetal.com.tr, belonging to Turkish metal industry company Araf Metal, was defaced by a threat actor known as Nicotine operating under the group Umbra Community. The defacement targeted a specific page (index.txt) and was neither a mass nor a home page defacement. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-10T19:25:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918742
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Turkey
Victim Industry: Manufacturing / Metal Industry
Victim Organization: Araf Metal
Victim Site: arafmetal.com.tr
Website Defacement of Damla Manti by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the Turkish website damlamanti.com.tr. The attacker modified the index page, leaving a defacement message. No specific motivation or technical details regarding the attack vector were disclosed.
Date: 2026-05-10T19:24:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918746
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Turkey
Victim Industry: Food & Beverage / Retail
Victim Organization: Damla Manti
Victim Site: damlamanti.com.tr
Website Defacement of aaztydemo.xyz by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website aaztydemo.xyz. The defacement targeted a single page and was not classified as a mass or home defacement. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-10T19:23:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918716
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: aaztydemo.xyz
Website Defacement of Caganiskender by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website caganiskender.com.tr, a Turkish food and beverage establishment. The defacement targeted a specific page (index.txt) and was neither a mass nor a redefacement incident. The mirror of the defacement was archived via zone-xsec.com.
Date: 2026-05-10T19:22:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918745
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Turkey
Victim Industry: Food and Beverage
Victim Organization: Cagan Iskender
Victim Site: caganiskender.com.tr
Sale of premium mixed mail combo list with 3,833 hits
Category: Combo List
Content: A threat actor is distributing a combo list of 3,833 mixed mail credentials, including Hotmail hits, marketed as premium and valid. The post is gated behind a reply requirement and references a Telegram contact for further access.
Date: 2026-05-10T19:22:20Z
Network: openweb
Published URL: https://altenens.is/threads/high-voltagehigh-voltage-3833x-premium-mix-mail-hitshigh-voltagehigh-voltage.2937601/unread
Screenshots:
None
Threat Actors: alphacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Azure Soft Tech Solutions by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Azure Soft Tech Solutions, an Indian IT services company. The attack was a targeted single-site defacement, not part of a mass defacement campaign. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-10T19:22:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918717
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Information Technology
Victim Organization: Azure Soft Tech Solutions
Victim Site: azuresofttechsolutions.in
Website Defacement of Beyaz Tekstil by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, the Turkish textile company Beyaz Tekstil had its website defaced by a threat actor known as Nicotine, operating under the group Umbra Community. The defacement targeted a specific page (index.txt) rather than the homepage and was neither a mass nor a repeated defacement event. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-10T19:21:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918743
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Turkey
Victim Industry: Textile / Manufacturing
Victim Organization: Beyaz Tekstil
Victim Site: beyaztekstil.com
Website Defacement of cabinetcoman.ro by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor identified as Nicotine, affiliated with the group Umbra Community, defaced the website cabinetcoman.ro, a Romanian professional services or medical cabinet website. The defacement targeted a specific page (index.txt) rather than the homepage, indicating a targeted file-level intrusion. The incident was neither a mass defacement nor a redefacement, suggesting a singular opportunistic or targeted attack.
Date: 2026-05-10T19:20:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918733
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Romania
Victim Industry: Healthcare / Professional Services
Victim Organization: Cabinet Coman
Victim Site: cabinetcoman.ro
Website Defacement of Cryotek by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Cryotek, an Ecuadorian organization. The defacement targeted the index page of the domain cryotek.ec and was recorded as a single, non-mass defacement incident.
Date: 2026-05-10T19:19:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918729
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Ecuador
Victim Industry: Technology
Victim Organization: Cryotek
Victim Site: cryotek.ec
Website Defacement of Birsa Makina by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Birsa Makina, a Turkish machinery-related organization. The defacement targeted a specific index file at birsamakina.com/index.txt and was neither a mass nor a redefacement incident. A mirror of the defacement was archived via zone-xsec.com.
Date: 2026-05-10T19:18:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918744
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Turkey
Victim Industry: Manufacturing / Machinery
Victim Organization: Birsa Makina
Victim Site: birsamakina.com
Website Defacement of Dodomarin by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website dodomarin.com, targeting the index.txt file. The attack was a single targeted defacement, not part of a mass defacement campaign. No specific motive or technical details regarding the server environment were disclosed in the available information.
Date: 2026-05-10T19:17:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918747
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Dodomarin
Victim Site: dodomarin.com
Website Defacement of endermefrusat.com by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website endermefrusat.com. The attack was a single-target defacement, with the index page replaced and mirrored on zone-xsec.com. No specific motive, server details, or victim organization information were disclosed.
Date: 2026-05-10T19:17:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918748
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: endermefrusat.com
Alleged data breach of Dinas Perhubungan Indonesia (dishub.go.id)
Category: Data Breach
Content: A threat actor is selling an alleged 93GB+ database attributed to Indonesias Dinas Perhubungan (DISHUB), the national transportation authority, for $8,500. The dataset purportedly covers all 38 provinces and 514 cities/regencies across Indonesia, including hundreds of thousands of vehicle and owner records. Sample data includes vehicle owner names, license plate numbers, vehicle identification details, engine/chassis numbers, and inspection records.
Date: 2026-05-10T19:16:42Z
Network: openweb
Published URL: https://breached.st/threads/93gb-database-dishub-go-id.86980/unread
Screenshots:
None
Threat Actors: Kyyzo
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Dinas Perhubungan Indonesia (DISHUB)
Victim Site: dishub.go.id
Website Defacement of Pooja Product by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, the website poojaproduct.com was defaced by a threat actor known as Nicotine, operating under the group Umbra Community. The attack resulted in a page-level defacement targeting a specific index file rather than the sites homepage. No motive or technical details regarding the server environment were disclosed.
Date: 2026-05-10T19:16:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918726
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Retail / Consumer Products
Victim Organization: Pooja Product
Victim Site: poojaproduct.com
Website Defacement of Alkan Reklam by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Alkan Reklam, a Turkish advertising company. The defacement targeted the index page of the domain alkanreklam.com and was recorded as a singular, non-mass incident. No specific motive or technical exploitation details were disclosed.
Date: 2026-05-10T19:15:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918740
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Turkey
Victim Industry: Advertising & Marketing
Victim Organization: Alkan Reklam
Victim Site: alkanreklam.com
Website Defacement of alpturkyazici.com by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website alpturkyazici.com. The defacement targeted a single page and was not part of a mass or redefacement campaign. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-10T19:14:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918741
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Alp Türk Yazıcı
Victim Site: alpturkyazici.com
Alleged sale of access to private cloud database with stolen Hotmail and e-commerce credentials
Category: Logs
Content: Threat actors are advertising access to private cloud databases containing stolen Hotmail credentials and geo-specific datasets from multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT, FR, etc.). The actors claim to have access to email accounts and data from platforms including eBay, Uber, Poshmark, Alibaba, Walmart, Amazon, Kleinanzeigen, and other e-commerce services. Access is being offered for purchase with pricing starting at $1 per card for US credentials.
Date: 2026-05-10T19:10:08Z
Network: telegram
Published URL: https://t.me/c/2613583520/79113
Screenshots:
None
Threat Actors: Num
Victim Country: Multiple (United States, United Kingdom, Germany, Japan, Netherlands, Brazil, Poland, Spain, Italy, France, Russia, Mexico, Canada, Singapore)
Victim Industry: Technology, E-commerce, Email Services
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of PrimePayIndia by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, the website primepayindia.com was defaced by a threat actor known as Nicotine, affiliated with the hacktivist or cybercriminal group Umbra Community. The defacement targeted an Indian payment services provider, with the attacker replacing the index page content. The incident was recorded as a single, non-mass defacement with a mirror archived at zone-xsec.com.
Date: 2026-05-10T19:08:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918539
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Financial Services / Payment Processing
Victim Organization: PrimePay India
Victim Site: primepayindia.com
Website Defacement of Posada Arcos Hotel by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Posada Arcos Hotel by altering the index.txt file. The attack was a targeted single-site defacement with no indication of mass or repeated defacement activity. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-10T19:07:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918547
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Hospitality
Victim Organization: Posada Arcos Hotel
Victim Site: posadaarcoshotel.com
Website Defacement of apos.mx by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor identified as Nicotine, affiliated with the group Umbra Community, defaced the website apos.mx, targeting a Mexican organization. The defacement was a single targeted incident, not part of a mass defacement campaign, with the mirror of the defaced page archived at zone-xsec.com.
Date: 2026-05-10T19:06:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918543
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Mexico
Victim Industry: Unknown
Victim Organization: APOS
Victim Site: apos.mx
Website Defacement of humo.website by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor identified as Nicotine, operating under the group Umbra Community, defaced the website humo.website. The defacement targeted the index page of the domain and was recorded as a singular, non-mass incident. Server and infrastructure details were not disclosed in the available data.
Date: 2026-05-10T19:04:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918553
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Humo
Victim Site: humo.website
Free distribution of stealer logs (1.1GB)
Category: Logs
Content: A threat actor shared 1.1GB of stealer logs dated May 10, 2026 on a cybercrime forum. The content is gated behind registration or login and no further details about the affected organizations or individuals are available.
Date: 2026-05-10T19:04:00Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%90%EF%B8%8Flogs-fresh-1-1gb-from-10-05-2026%E2%AD%90%EF%B8%8F-%E2%98%81
Screenshots:
None
Threat Actors: blackcloudd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 53K mixed mail access combo list
Category: Combo List
Content: A threat actor is sharing a mixed mail access combo list containing approximately 53,000 credentials. The content is hidden behind a registration or login wall on the forum. No specific victim organization or country is identified.
Date: 2026-05-10T19:03:55Z
Network: openweb
Published URL: https://patched.to/Thread-53k-mail-access-mixed-combolist
Screenshots:
None
Threat Actors: Vonmoon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Fazeelat Engineering by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website of Fazeelat Engineering at fazeelatengineering.org. The incident was a targeted single-site defacement, not part of a mass defacement campaign. A mirror of the defacement was archived at zone-xsec.com.
Date: 2026-05-10T19:03:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918549
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Engineering
Victim Organization: Fazeelat Engineering
Victim Site: fazeelatengineering.org
Sale of mixed email:password combo list with 90,000 credentials
Category: Combo List
Content: A threat actor is offering a mixed email:password combo list containing approximately 90,000 credentials, marketed as high quality and private. The content is paywalled and requires forum registration or login to access.
Date: 2026-05-10T19:03:25Z
Network: openweb
Published URL: https://patched.to/Thread-email-pass-90k-mixed-%E2%9A%AA-high-quality-private-combolist-5-%E2%9A%AA
Screenshots:
None
Threat Actors: uhqcomboseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of Indian email and password credentials
Category: Combo List
Content: A threat actor has freely shared a combo list of approximately 252,000 email and password pairs purportedly associated with Indian users. The list was posted on a public paste site and shared via a nulledbb forum thread dated May 4, 2026.
Date: 2026-05-10T19:03:15Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-Email-%E2%9C%AA-Password-%E2%9C%AA-252-K-%E2%9C%AA-Combo-%E2%9C%AA-India-%E2%9C%AA-4-MAY-2026-%E2%9C%AA–2291067
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of apnisuno.com by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website apnisuno.com. The defacement targeted a specific page (index.txt) rather than the homepage, indicating a targeted file-level intrusion. The incident was recorded and mirrored by zone-xsec.com with mirror ID 918533.
Date: 2026-05-10T19:02:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918533
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Apni Suno
Victim Site: apnisuno.com
Free gaming combo list of 2.7 million credentials
Category: Combo List
Content: A threat actor shared a combo list containing approximately 2.7 million credentials targeting gaming platforms. The list was made available via an external paste link. No specific victim organization or breach source was identified.
Date: 2026-05-10T19:02:54Z
Network: openweb
Published URL: https://nulledbb.com/thread-2-7M-GAMING-COMBO–2291096
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of mixed premium mail credentials
Category: Combo List
Content: A threat actor on a cracking forum has freely shared a combo list of 3,568 premium mixed mail credentials. The list is hosted on an external paste site and marketed as verified hits.
Date: 2026-05-10T19:02:34Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-3568x-PREMIUM-MIX-MAIL-HITS%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F–2291087
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Poland email:password combo list
Category: Combo List
Content: A threat actor shared a free Poland-targeted email:password combo list via an external paste link. The post is categorized as a combo list intended for credential stuffing purposes. No specific victim organization or record count was disclosed.
Date: 2026-05-10T19:02:14Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-POLAND-EMAILPASS-COMBOLIST-SHROUD20-txt–2291117
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Comcast mail accounts
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 31,900 credentials advertised as valid for Comcast mail account access. The list is marketed for use against Comcast email services. No further details are provided in the post content.
Date: 2026-05-10T19:02:10Z
Network: openweb
Published URL: https://nulledbb.com/thread-31-9k-COMCAST-USA-GOOD-FOR-MAILS-ACCESS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of aplica.mx by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor operating under the handle Nicotine and affiliated with the group Umbra Community defaced the website aplica.mx, targeting a text file on the server. The defacement was a targeted single-site attack with no indication of mass or prior redefacement activity. Server and infrastructure details remain unknown at this time.
Date: 2026-05-10T19:01:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918542
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Mexico
Victim Industry: Unknown
Victim Organization: Aplica
Victim Site: aplica.mx
Sale of mixed email and password combo list
Category: Combo List
Content: A threat actor is distributing a mixed email and password combo list containing approximately 19,600 credentials, with access gated behind forum registration or login. The actor also advertises bulk combo lists ranging from 100K to 10 million records at various price points, as well as category-specific combos targeting gaming and shopping services.
Date: 2026-05-10T19:01:09Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-19-6k-MIXED-COMBO-MAILS-ACCESS-GOOD
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Bihar Foundation NL by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website of Bihar Foundation NL, a foundation likely associated with the Bihar community in the Netherlands. The attack was a targeted single-site defacement, with a mirror of the defaced page archived at zone-xsec.com. No specific motivation or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-10T19:01:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918551
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Netherlands
Victim Industry: Non-Profit / Foundation
Victim Organization: Bihar Foundation NL
Victim Site: biharfoundationnl.org
Free Hotmail combo list by Stevee36
Category: Combo List
Content: A user identified as Stevee36 has shared a combo list containing 2,125 HQ Hotmail credentials on a leak forum. The content is hidden behind a registration or login wall. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-10T19:01:01Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-X2125-HQ-Hotmail-%E2%9A%A1%E2%9A%A1-BY-Stevee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: stevee
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 1,584 valid credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 1,584 claimed valid Hotmail credentials, described as UHQ (ultra-high quality). The content is gated behind forum registration or login, with the actor also advertising via Telegram handle @noiraccesss.
Date: 2026-05-10T19:00:41Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X1584-Valid-UHQ-Hotmail-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Hotmail combo list
Category: Combo List
Content: A threat actor is offering a combo list of 1,584 allegedly valid Hotmail credentials on a leak forum. The post advertises the list as UHQ (ultra-high quality) and includes a private cloud link accessible to registered members. Contact is via Telegram handle @noiraccesss.
Date: 2026-05-10T19:00:36Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-X1584-Valid-UHQ-Hotmail-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of German email combo list with 51.5K credentials
Category: Combo List
Content: A threat actor is offering a German email and password combo list containing approximately 51,500 credentials. The seller also advertises bulk combo lists by country and category (gaming, shopping) and offers subscription-based access to a private combo group via Telegram.
Date: 2026-05-10T19:00:16Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-51-5k-GERMANY-COMBO-MAILS-ACCESS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Neksoft Consultancy by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Neksoft Consultancy, an IT consultancy firm based in India. The defacement targeted a specific page rather than the homepage and was not part of a mass defacement campaign. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-10T19:00:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918552
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Information Technology / Consulting
Victim Organization: Neksoft Consultancy
Victim Site: neksoftconsultancy.in
Website Defacement of JS Builders by Nicotine of Umbra Community
Category: Defacement
Content: On May 11, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website of JS Builders, an Indian construction company. The defacement targeted the index page of the domain jsbuilders.in. The incident was a single targeted defacement, not part of a mass defacement campaign.
Date: 2026-05-10T18:59:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918558
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Construction
Victim Organization: JS Builders
Victim Site: jsbuilders.in
Alleged credential stuffing and phishing service offered by DataxLogs
Category: Phishing
Content: DataxLogs is advertising a credential stuffing/phishing service offering Python-based tools (Silverbullet, Openbullet 2) with APIs for multiple platforms (Web, Android, iOS, Windows) and captcha bypass capabilities across multiple providers (hCaptcha, Cloudflare, Captcha V2/V3, etc.). This is a malicious service designed to facilitate automated credential harvesting and account takeover attacks.
Date: 2026-05-10T18:54:12Z
Network: telegram
Published URL: https://t.me/c/2613583520/79103
Screenshots:
None
Threat Actors: DataxLogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential hits combo list
Category: Combo List
Content: A threat actor is sharing 1,894 alleged valid Hotmail credential hits, marketed as premium. The post is gated behind a reply requirement and references a Telegram contact for further distribution.
Date: 2026-05-10T18:46:46Z
Network: openweb
Published URL: https://altenens.is/threads/snowflakesnowflake-1894x-premium-hotmail-hits-snowflakesnowflake.2937596/unread
Screenshots:
None
Threat Actors: alphacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo lists across multiple geographies
Category: Combo List
Content: A threat actor is advertising fresh credential data available for any geographic region, marketed as 100% private. The actual content is hidden and requires forum registration or login to view. No further details about the data source, volume, or specific targets are available.
Date: 2026-05-10T18:32:03Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-fresh-data-on-demand-any-geo-100-private-300980
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Hotmail credential hits
Category: Combo List
Content: A threat actor shared a combo list containing 3,654 alleged Hotmail credential hits on a cybercrime forum. The content is gated behind registration or login. These credentials are likely sourced from prior breaches and tested against Hotmail accounts.
Date: 2026-05-10T18:31:45Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%94%A5%F0%9F%94%A5%F0%9F%94%A5-x3654-hotmail-hits-%F0%9F%94%A5%F0%9F%94%A5%F0%9F%94%A5
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 1,850 Fresh Hotmail Credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 1,850 Hotmail credentials described as fresh. The content is hidden behind a registration or login wall on the forum. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-10T18:31:29Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%AD%90%E2%AD%90-1850x-fresh-hotmail-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 2,210 Hotmail Credentials
Category: Combo List
Content: A threat actor shared a combo list containing 2,210 Hotmail credentials, marketed as fresh. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-10T18:30:40Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-2210x-fresh-hotmails%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 4,000 Hotmail Credentials Marketed as Fresh Hits
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 4,000 Hotmail credentials marketed as fresh hits. The content is gated behind forum registration or login. Hotmail is the credential-stuffing target, not the breach source.
Date: 2026-05-10T18:30:21Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%91%91%F0%9F%91%91-4k-hotmail-fresh-hits-%F0%9F%91%91%F0%9F%91%91
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 16K HQ Hotmail Credentials
Category: Combo List
Content: A threat actor is distributing a combo list advertised as 16K high-quality Hotmail credential hits. The content is hidden behind a registration or login requirement on the forum. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-10T18:29:51Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85-16k-hq-hotmail-hit-%E2%9C%85-300983
Screenshots:
None
Threat Actors: RetroCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed combo list targeting Germany and other regions
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 6,000 credential pairs described as a mixed-base collection targeting Germany and other unspecified countries. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-10T18:28:34Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-6k-good-combo-mixed-base-germany-others
Screenshots:
None
Threat Actors: cloudkaraoke
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of combo list with username, login, and password credentials
Category: Combo List
Content: A threat actor operating under the alias CELESTIAL ADMIN has shared a combo list containing approximately 1 million username, login, and password credentials. The list is described as private and is being distributed freely, with personal purchase options also offered. No specific victim organization or service is identified in the post.
Date: 2026-05-10T18:28:14Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-%E2%9C%85u-l-p%E2%9C%85-%E2%AD%901m-full-private-u-l-p%E2%AD%90-%E2%9C%85hits-assured%E2%9C%85-%E2%9A%A1drop-by-celestial-admin%E2%9A%A1-301011
Screenshots:
None
Threat Actors: CELESTIALHQ
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 500K email:password combo list extracted from stealer logs
Category: Combo List
Content: A threat actor operating under the alias CELESTIALHQ has freely distributed a combo list of approximately 500,000 email:password pairs claimed to be extracted from stealer logs. The content is hidden behind a registration/login requirement on the forum. The actor also advertises personal purchases for higher-volume or targeted data.
Date: 2026-05-10T18:27:49Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-%E2%9C%85email-pass%E2%9C%85-%E2%AD%90500k-hq-email-pass-from-logs%E2%AD%90-%E2%9A%A1drop-by-celestial-admin%E2%9A%A1
Screenshots:
None
Threat Actors: CELESTIALHQ
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 500K Private User:Pass Credentials from Logs
Category: Combo List
Content: A threat actor operating under the alias CELESTIALHQ is distributing a combo list of approximately 500,000 user:pass credentials purportedly sourced from stealer logs. The content is gated behind registration but is offered freely to forum members, with personal purchase options also available.
Date: 2026-05-10T18:27:28Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-%E2%9C%85user-pass%E2%9C%85-%E2%AD%90500k-private-hq-user-pass-from-logs%E2%AD%90-%E2%9A%A1drop-by-celestial-admin%E2%9A%A1-301013
Screenshots:
None
Threat Actors: CELESTIALHQ
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 100K email:password combo list
Category: Combo List
Content: A forum user distributed a combo list of 100,000 email:password credential pairs, described as private and anti-public. The credentials were shared freely with registered forum members and marketed as fresh drops.
Date: 2026-05-10T18:26:57Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-%E2%9C%85email-pass%E2%9C%85-%E2%AD%90100k-full-anti-public-private-mail%E2%AD%90-%E2%9A%A1drop-by-celestial-admin%E2%9A%A1-301014
Screenshots:
None
Threat Actors: CELESTIALHQ
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of private number:password combo list from stealer logs
Category: Combo List
Content: A threat actor operating under the alias CELESTIALHQ is freely distributing a set of 100,000 phone number and password credential pairs sourced from stealer logs. The content is described as private and high-quality. The actor also offers personal purchase arrangements for additional material.
Date: 2026-05-10T18:26:35Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-%E2%9C%85num-pass%E2%9C%85-%E2%AD%90100k-private-hq-number-pass-from-logs-%E2%AD%90-%E2%9A%A1drop-by-celestial-admin%E2%9A%A1-301015
Screenshots:
None
Threat Actors: CELESTIALHQ
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 50K corporate-targeted combo list
Category: Combo List
Content: A threat actor operating under the alias CELESTIALHQ has shared a combo list of approximately 50,000 email:password pairs described as corporate-targeted. The credentials are made available to registered forum members, with the actor also offering personal purchases via direct contact.
Date: 2026-05-10T18:26:09Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-%E2%9C%85email-pass%E2%9C%85-%E2%AD%9050k-corp-targeted-combos%E2%AD%90-%E2%9C%85hits-assured%E2%9C%85-%E2%9A%A1drop-by-celestial%E2%9A%A1-301016
Screenshots:
None
Threat Actors: CELESTIALHQ
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Canada distributed on forum
Category: Combo List
Content: A combo list containing over 188,000 credentials purportedly associated with Canadian accounts was freely shared on a forum. The list was made available via an external paste link posted on May 7, 2026.
Date: 2026-05-10T18:25:29Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-188-K-Combo-%E2%9C%AA-Canada-%E2%9C%AA-7-MAY-2026-%E2%9C%AA–2291042
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale or distribution of session cookies for Claude, Cursor, Grok, Netflix, and other services
Category: Logs
Content: A threat actor shared a paste containing session cookies for multiple services including Claude, Cursor, Grok, and Netflix. The post appears to distribute stealer log output or harvested session cookies across various platforms. No further details on record count or victim origin were provided.
Date: 2026-05-10T18:25:03Z
Network: openweb
Published URL: https://nulledbb.com/thread-cookies-claude-cursor-grok-154-netflix-more–2291032
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A threat actor is distributing a combo list of 1,722 Hotmail credentials, marketed as drops for credential stuffing. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-10T18:24:56Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%EF%B8%8F-1722x-Verity-Vault-Hotmail-Drop-%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: Verityyyy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Betternet VPN Premium cracked software
Category: Services
Content: A forum user shared a link purportedly providing access to a cracked full version of Betternet VPN Premium 4.4.0. The post contains an external paste link hosting the content. No breach or victim organization is identified.
Date: 2026-05-10T18:24:42Z
Network: openweb
Published URL: https://nulledbb.com/thread-Betternet-VPN-Premium-Version-4-4-0-Full–2291058
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list distribution: mixed mail drop credentials (1,636 entries)
Category: Combo List
Content: A threat actor is distributing a combo list of 1,636 mixed mail credentials marketed as a Vault Mix Mail Drop. The content is hidden behind a login/registration wall on the forum. No specific victim organization or country is identified.
Date: 2026-05-10T18:24:30Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%EF%B8%8F-1636x-Verity-Vault-Mix-Mail-Drop-%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: Verityyyy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A threat actor is distributing a combo list containing 1,813 Hotmail credentials, marketed as an Access Vault. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-10T18:24:03Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-1813x-Hotmail-Access-Vault
Screenshots:
None
Threat Actors: RyuuLord
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Western Union money transfer service advertised on cybercrime forum
Category: Services
Content: A forum user is advertising a Western Union money-transfer service offering transfers at below half the standard rate, attributed to a Telegram contact. The post frames the offer as a referral and warns against upfront-payment scams, claiming the provider sends funds before receiving payment. This is consistent with money laundering or cashout service advertising.
Date: 2026-05-10T18:21:56Z
Network: openweb
Published URL: https://altenens.is/threads/receive-then-pay-western-union-service-for-less-than-half-price.2937584/unread
Screenshots:
None
Threat Actors: Brbr1424
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of infocikarang.com by HanzOFC of Dream Hack
Category: Defacement
Content: On May 11, 2026, the Indonesian website infocikarang.com was defaced by threat actor HanzOFC, operating under the group Dream Hack. The incident was a targeted single-site defacement hosted on a cloud-based server. No specific motive was publicly disclosed for the attack.
Date: 2026-05-10T18:19:46Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249146
Screenshots:
None
Threat Actors: HanzOFC, Dream Hack
Victim Country: Indonesia
Victim Industry: Media / Information Services
Victim Organization: Info Cikarang
Victim Site: infocikarang.com
Combo List: 5.3K Fresh Mixed Mail Access Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 5.3K mixed mail access credentials, marketed as fresh and valid as of May 10. The content is hidden behind a forum registration or login requirement.
Date: 2026-05-10T18:14:51Z
Network: openweb
Published URL: https://breachforums.rs/Thread-5-3K-Fresh-Mail-Access-Mix-Just-Valid-Mail-10-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Indian Textile Journal by Attacker Y4NZ404
Category: Defacement
Content: On May 11, 2026, the homepage of Indian Textile Journal (indiantextilejournal.com) was defaced by a solo threat actor operating under the handle Y4NZ404. The attack targeted the main page of the website, a publication focused on the Indian textile industry. No specific motive or reason was provided by the attacker.
Date: 2026-05-10T18:08:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918532
Screenshots:
None
Threat Actors: Y4NZ404, SOLO
Victim Country: India
Victim Industry: Media and Publishing
Victim Organization: Indian Textile Journal
Victim Site: indiantextilejournal.com
Advertisement for Western Union money transfer fraud service
Category: Services
Content: A forum user is advertising a Western Union money transfer service via Telegram, claiming funds are sent before payment. The post warns against scammers while promoting a specific Telegram contact, exhibiting characteristics consistent with a money mule or fraud cashout operation.
Date: 2026-05-10T18:08:00Z
Network: openweb
Published URL: https://altenens.is/threads/receive-then-pay-western-unions-trusted-service.2937585/unread
Screenshots:
None
Threat Actors: Brbr1424
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of ipscorp.vn user data
Category: Data Leak
Content: A threat actor claims to have leaked personally identifiable information of 13,914 users from ipscorp.vn, including names, emails, phone numbers, corporate affiliations, and account details. The actor states the data was obtained by exploiting an unauthenticated IDOR vulnerability on the API endpoint /api/services/app/User/GetAll. The dataset has been made available via a Telegram link.
Date: 2026-05-10T18:05:44Z
Network: openweb
Published URL: https://breached.st/threads/leak-ipscorp-vn-users-leak.86979/unread
Screenshots:
None
Threat Actors: cc5ab
Victim Country: Vietnam
Victim Industry: Technology
Victim Organization: IPS Corp
Victim Site: ipscorp.vn
Combo list targeting Belarus shared on forum
Category: Combo List
Content: A combo list containing over 21,000 credentials allegedly associated with Belarus was freely shared on a cybercrime forum. The post links to an external paste service hosting the credential list. No specific victim organization or targeted service is identified.
Date: 2026-05-10T17:54:21Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-21-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Belarus-%E2%9C%AA-25-APR-2026-%E2%9C%AA–2290981
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of mixed credential hits from checker
Category: Combo List
Content: A threat actor has freely distributed a mixed combo list described as high-quality hits generated from a credential checker. The list is hosted on an external paste site and marketed as the latest output from a checker tool.
Date: 2026-05-10T17:54:14Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-MIX-HITS-LATEST-FROM-CHECKER–2290971
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of email credential combo list with 7.9K entries
Category: Combo List
Content: A threat actor shared a combo list containing approximately 7,900 email credentials via an external paste link. The post markets the credentials as valid mail access. No specific breached organization is identified.
Date: 2026-05-10T17:53:59Z
Network: openweb
Published URL: https://nulledbb.com/thread-7-9k-COMBO-GOOD-MAILS-ACCESS–2291012
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free USA email:password combo list shared on cracking forum
Category: Combo List
Content: A threat actor shared a link to a USA-based email:password combo list on a cracking forum. The list is described as high quality and is freely available via an external paste service. No specific organization is identified as the source of the credentials.
Date: 2026-05-10T17:53:55Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-USA-EMAILPASS-COMBOLIST-txt–2291003
Screenshots:
None
Threat Actors: Magites
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Epstein Files documents
Category: Data Leak
Content: A forum user shared a link to a RAR archive purportedly containing documents and letters related to the Epstein Files. The post provides no further context regarding the source, authenticity, or completeness of the materials.
Date: 2026-05-10T17:49:25Z
Network: openweb
Published URL: https://breachforums.rs/Thread-EPSTEIN-FILES–188475
Screenshots:
None
Threat Actors: Moriartoff
Victim Country: United States
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 800 fresh valid credentials
Category: Combo List
Content: A forum user is distributing a combo list containing 800 Hotmail credentials marketed as fresh and valid. Access to the list is gated behind a reply requirement. The named service (Hotmail) is a credential-stuffing target, not the breach victim.
Date: 2026-05-10T17:48:38Z
Network: openweb
Published URL: https://altenens.is/threads/sparkles-800x-fresh-hotmail-valid-sparkles.2937532/unread
Screenshots:
None
Threat Actors: Sellix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Epstein Files documents
Category: Data Leak
Content: A forum user shared a link purportedly containing documents and letters related to the Epstein Files. The post does not specify the volume or source of the materials. The files are being made available for free download via an external hosting link.
Date: 2026-05-10T17:43:51Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-EPSTEIN-FILES
Screenshots:
None
Threat Actors: Moriartoff
Victim Country: United States
Victim Industry: Government
Victim Organization: United States Government
Victim Site: Unknown
Sale of manual SIPs or P1 access
Category: Initial Access
Content: A threat actor is advertising manual SIPs (Session Initiation Protocol access) or P1 (priority/admin-level) access for sale via Telegram. No specific victim organization or sector is identified. Interested parties are directed to contact the seller directly.
Date: 2026-05-10T17:41:11Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Manual-SIPs-or-P1-access–188473
Screenshots:
None
Threat Actors: temp362
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 2,000 fresh checked Hotmail combo list
Category: Logs
Content: A threat actor is distributing a combo list of 2,000 Hotmail credentials marketed as freshly checked, dated May 10. Access to the content requires forum registration.
Date: 2026-05-10T17:38:58Z
Network: openweb
Published URL: https://xforums.st/threads/2k-hotmail-fresh-checked-mail-10-05.613667/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Taobao with 500 million Chinese delivery records
Category: Data Breach
Content: A threat actor is offering a purported database of 500 million+ Taobao delivery address records, allegedly containing recipient names, phone numbers, and email addresses. The actor is soliciting interested buyers via Telegram and offering samples upon contact.
Date: 2026-05-10T17:31:23Z
Network: openweb
Published URL: https://breached.st/threads/500million-chinese-taobao-delivery-data-leak.86977/unread
Screenshots:
None
Threat Actors: RubiconH4ck
Victim Country: China
Victim Industry: Retail
Victim Organization: Taobao
Victim Site: taobao.com
Alleged leak of Moroccan email addresses from CatForums
Category: Data Leak
Content: A leak of Moroccan email addresses from CatForums platform has been shared. The post references a welcome back V2 version, suggesting this may be a re-release or updated version of previously leaked data.
Date: 2026-05-10T17:24:33Z
Network: telegram
Published URL: https://t.me/c/2746641043/364
Screenshots:
None
Threat Actors: BlackMaskers Army
Victim Country: Morocco
Victim Industry: Unknown
Victim Organization: CatForums
Victim Site: cat-forums.ct.ws
Sale of Hotmail combo list by threat actor s2lender
Category: Combo List
Content: Threat actor s2lender is offering a combo list of approximately 2,821 Hotmail credentials, marketed as high quality and fresh. The post advertises daily supply of 4,000–12,000 credentials through a private members-only network.
Date: 2026-05-10T17:19:41Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-2821x-hq-hotmail-by-s2lender-txt
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Claude API keys with token access
Category: Data Leak
Content: A threat actor is freely distributing alleged API keys for Anthropics Claude models, claiming access to 1.5 million tokens across accounts including Claude Opus. The post is shared on a leak forum as a free sample with hidden content gated behind registration.
Date: 2026-05-10T17:19:03Z
Network: openweb
Published URL: https://patched.to/Thread-nova-%E2%9C%A8-1-5-million-tokens-claude-opus-4-7-and-more-api-key-%E2%9C%A8
Screenshots:
None
Threat Actors: JVZU
Victim Country: United States
Victim Industry: Technology
Victim Organization: Anthropic
Victim Site: anthropic.com
France Email:Password Combo List
Category: Combo List
Content: A threat actor shared a French email:password combo list via an external paste link on a cracking forum. The credentials are marketed as high quality and appear to target French-language email accounts. No specific organization or record count is mentioned.
Date: 2026-05-10T17:18:34Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-FRANCE-EMAILPASS-COMBOLIST-txt–2290942
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free sharing of mixed mail credential hits combo list
Category: Combo List
Content: A threat actor shared a combo list of 5,713 mixed mail credential hits via an external paste link. The post is categorized as a combo list distributed freely on a cracking forum.
Date: 2026-05-10T17:18:14Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-5713x-PREMIUM-MIX-MAIL-HITS%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F–2290961
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is offering a combo list of 2,564 Hotmail credentials, marketed as high-quality and fully valid. The list is available for download on the forum.
Date: 2026-05-10T17:17:39Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-2564x-HQ-Full-Valid-Hotmail-Access-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: He_Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list
Category: Combo List
Content: A threat actor is offering a combo list of 735 Hotmail credentials, marketed as private and fresh. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-10T17:17:31Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-735x-%E2%AD%90%E2%AD%90-FRESH-HQ-HOTMAIL-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: KiwiShioo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail-targeted combo list of 177K credentials available on forum
Category: Combo List
Content: A threat actor is distributing a 177K Hotmail-targeted combo list via a forum post, with additional combo lists available for purchase covering multiple email providers and countries including AOL, Yahoo, Outlook, and others. The actor advertises email:pass and user:pass formats and promotes a Telegram channel and cracking-related website.
Date: 2026-05-10T17:17:14Z
Network: openweb
Published URL: https://demonforums.net/Thread-177K-HOTMAIL-TARGETED-COMBOLIST
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Rich People database containing financial and personal records
Category: Data Breach
Content: A threat actor is selling an alleged database of 800,000 high-net-worth individuals for $1,200 USD. The dataset reportedly includes personally identifiable information such as full name, SSN, date of birth, drivers license number, address, phone numbers, email, net income, employment details, and bank account information including routing and account numbers. The origin of the database is not disclosed.
Date: 2026-05-10T17:15:31Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-Rich-People-Database-800k
Screenshots:
None
Threat Actors: Mikhel
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Polyfabme by Boss Ranzen (Team D704T)
Category: Defacement
Content: On May 11, 2026, the website polyfabme.com was defaced by threat actor Boss Ranzen, operating under the team designation D704T. The attacker targeted the /403.php page in a single-site, non-mass defacement incident. No specific motive or server details were disclosed.
Date: 2026-05-10T17:11:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918528
Screenshots:
None
Threat Actors: Boss Ranzen, D704T
Victim Country: Unknown
Victim Industry: Manufacturing/Fabrication
Victim Organization: Polyfabme
Victim Site: polyfabme.com
Alleged data leak of Universitas Islam 45 Bekasi (UNISMA Bekasi)
Category: Data Leak
Content: A threat actor has freely distributed what is claimed to be login credentials and student records from Universitas Islam 45 Bekasi (UNISMA Bekasi). The leaked data reportedly includes active student ID numbers (NPM), login credentials, and virtual account payment transaction histories. A download link and sample credentials were shared in the forum post.
Date: 2026-05-10T17:11:23Z
Network: openweb
Published URL: https://breachforums.rs/Thread-COLLECTION-LOGIN-ACC-UNISMABEKASI-AC-ID-by-DyKsx
Screenshots:
None
Threat Actors: doyokSX
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas Islam 45 Bekasi
Victim Site: unismabekasi.ac.id
Alert: COLLECTIONPow3r$h3ll Database Tracker thread with no content
Category: Alert
Content: A thread titled COLLECTIONPow3r$h3ll Database Tracker was posted on BreachForums but contains no readable content. No threat data can be extracted from this post.
Date: 2026-05-10T17:10:58Z
Network: openweb
Published URL: https://breachforums.rs/Thread-COLLECTION-Pow3r-h3ll-Database-Tracker
Screenshots:
None
Threat Actors: naty
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Royal Netherlands Academy of Arts and Sciences (KNAW)
Category: Data Breach
Content: A threat actor known as MDGhost is selling an alleged database from knaw.nl, the Royal Netherlands Academy of Arts and Sciences, containing over 60 million records in CSV format. The dataset reportedly includes fields such as UID, email, name details, telephone, discipline, organisation, address, roles, and SHA-hashed passwords. The actor provides a sample and directs interested parties to contact via Telegram or Session.
Date: 2026-05-10T16:55:29Z
Network: openweb
Published URL: https://breached.st/threads/60m-knaw-nl-royal-netherlands-academy-of-arts-and-sciences.86976/unread
Screenshots:
None
Threat Actors: MDGhost
Victim Country: Netherlands
Victim Industry: Education
Victim Organization: Royal Netherlands Academy of Arts and Sciences
Victim Site: knaw.nl
Sale of fresh education sector combo list
Category: Combo List
Content: A forum member is offering a combo list marketed as fresh credentials targeting the education sector. The content is hidden behind a registration or login requirement. No further details about record count or specific targets are available.
Date: 2026-05-10T16:44:35Z
Network: openweb
Published URL: https://patched.to/Thread-fresh-edu-combolist-300937
Screenshots:
None
Threat Actors: ZAMPARA
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mix combo list with approximately 130,530 credentials
Category: Combo List
Content: A threat actor operating as @s2lender_txt is offering a high-quality mixed combo list containing approximately 130,530 credentials. The listing advertises daily supply of 4,000–12,000 fresh entries and claims the content is private and optimized for credential stuffing. Access is restricted to registered forum members.
Date: 2026-05-10T16:44:17Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-13053x-hq-mix-by-s2lender-txt
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of French Hotmail combo list by cloudantalya
Category: Combo List
Content: A threat actor is selling a combo list marketed as private, fresh French Hotmail credentials (email:password pairs) with inbox access. The offering includes a mix of ULP combos, logs, and a mail/Hotmail checker tool. Access is offered via direct message with subscription discounts advertised.
Date: 2026-05-10T16:44:00Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-private-france-%F0%9F%87%AB%F0%9F%87%B7-mail-access-by-antalya-h
Screenshots:
None
Threat Actors: cloudantalya
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of SMTP combo list including Hotmail credentials
Category: Combo List
Content: A threat actor is selling access to a private cloud combo list service containing approximately 1,200 credentials, including uHQ Hotmail and mixed inbox combos marketed as fresh and valid SMTP credentials. Subscription plans are offered ranging from 3 days to lifetime access, with payment accepted in cryptocurrency.
Date: 2026-05-10T16:43:43Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%B01-2k%E2%9A%9C%EF%B8%8Fgood%E2%9A%9C%EF%B8%8Fvalid%E2%9A%9C%EF%B8%8Fsmtp%F0%9F%94%B0
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting sfr.fr
Category: Combo List
Content: A threat actor is sharing a combo list of 2,759 credentials associated with sfr.fr email accounts, marketed as fresh. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-10T16:43:26Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%92%8E-2759x-fresh-sfr-fr-private-%F0%9F%92%8E
Screenshots:
None
Threat Actors: Lowza9
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of SMTP access and combo lists targeting US Hotmail accounts
Category: Combo List
Content: A threat actor is offering for sale a private combo list service targeting Hotmail and mixed email accounts, marketed as UHQ and fresh. The offering includes inbox combos, SMTP access, logs, and a mail checker tool, with a sample download provided. Buyers are directed to contact the seller via Telegram for subscription access.
Date: 2026-05-10T16:43:07Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-private-smtp-usa-%F0%9F%87%BA%F0%9F%87%B8-mail-access-by-antalya-h
Screenshots:
None
Threat Actors: cloudantalya
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Germany-targeted Hotmail combo list
Category: Combo List
Content: A threat actor is selling and distributing Germany-targeted Hotmail combo lists marketed as UHQ and fresh private mix inbox combos. The offering includes credential logs, a mail checker tool, and country-targeted combolists available via direct message or download. Discounted subscription access is advertised via the handle @antalya_H.
Date: 2026-05-10T16:42:51Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-private-germany-%F0%9F%87%A9%F0%9F%87%AA-mail-access-by-antalya-h
Screenshots:
None
Threat Actors: cloudantalya
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 500 Hotmail credentials, marketed as high quality mail access. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-10T16:42:20Z
Network: openweb
Published URL: https://patched.to/Thread-0-5k-hq-hotmail-mail-access-combolist-300934
Screenshots:
None
Threat Actors: liamgoat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Comcast.net email combo list targeting United States users
Category: Combo List
Content: A threat actor is offering a combo list of Comcast.net email credentials, marketed as UHQ and fresh, alongside Hotmail combos and stealer logs. The post advertises a subscription-based private channel with additional access via direct message, including a sample download for prospective buyers.
Date: 2026-05-10T16:42:03Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-private-comcast-net-usa-%F0%9F%87%BA%F0%9F%87%B8-mail-access-by-antalya-h
Screenshots:
None
Threat Actors: cloudantalya
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of HQ Hotmail credentials shared on forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 14,740 high-quality Hotmail credentials on a carding/combolist forum. The post advertises daily supply of 4,000–12,000 fresh credentials marketed as untouched and optimized for high-performance credential stuffing.
Date: 2026-05-10T16:41:45Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1474x-hq-hotmail-by-s2lender-txt
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of mixed mail access credentials across multiple countries
Category: Combo List
Content: A threat actor shared a combo list of approximately 3,988 email credentials covering multiple countries including France, Germany, Italy, Netherlands, Poland, and Australia. The content is gated behind forum registration or login. No specific breached organization is identified.
Date: 2026-05-10T16:41:14Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-3-988-good-combo-mixed-mail-access-fr-de-it-nl-pl-au
Screenshots:
None
Threat Actors: cloudkaraoke
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 10.1K valid credentials
Category: Combo List
Content: A threat actor shared a combo list of 10,100 purportedly valid Hotmail credentials via an external paste link. The list is marketed as valid mail access as of April 29.
Date: 2026-05-10T16:40:35Z
Network: openweb
Published URL: https://nulledbb.com/thread-10-1K-%E2%9A%A1Hotmail%E2%9A%A1Valid-Mail-Access-29-04–2290922
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cracked 888 RAT v1.3.3 with licensing bypass
Category: Malware
Content: A threat actor is distributing a cracked version of 888 RAT v1.3.3 with the licensing system bypassed. The malware is shared via an external paste link. 888 RAT is a known remote access trojan capable of system control, data exfiltration, and surveillance.
Date: 2026-05-10T16:40:31Z
Network: openweb
Published URL: https://nulledbb.com/thread-888-RAT-v1-3-3-Cracked-Licensing-systems–2290913
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 3,180 credentials
Category: Combo List
Content: A threat actor is distributing a combo list containing 3,180 Hotmail credentials, marketed as fresh. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-10T16:40:04Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-3180x-FRESH-HOTMAIL-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Nulled07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Tokopedia
Category: Data Breach
Content: A threat actor is sharing an alleged database dump from Tokopedia, an Indonesian e-commerce platform, containing approximately 40,000 records. The dataset includes user IDs, full names, dates of birth, email addresses, phone numbers, shipping addresses, order details, payment methods, and order statuses. The data appears to reflect customer transaction records from the platform.
Date: 2026-05-10T16:17:58Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-WWW-TOKOPEDIA-COM-40K
Screenshots:
None
Threat Actors: XSVSHACKER
Victim Country: Indonesia
Victim Industry: Retail
Victim Organization: Tokopedia
Victim Site: tokopedia.com
Alleged sale of stolen payment card data and private cloud database access with personal information
Category: Combo List
Content: Multiple threat actors advertising the sale of stolen payment card data (US/Canada/UK/Global) with validity rates of 75-95%, starting at $1 per card. Additionally, actors are offering access to private cloud databases containing Hotmail credentials and country-specific personal datasets (FR, IT, BR, UK, US, JP, PL, RU, ES, MX, CA, SG, etc.) with inbox access. Pepecard claims to process over 100,000 card renewals daily and offers free card verification services.
Date: 2026-05-10T16:12:34Z
Network: telegram
Published URL: https://t.me/c/2613583520/79043
Screenshots:
None
Threat Actors: Pepecard
Victim Country: United States, Canada, United Kingdom, France, Italy, Brazil, Japan, Poland, Russia, Spain, Mexico, Singapore
Victim Industry: Financial services, email providers, e-commerce platforms
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ Mixed Mail Access Combo List
Category: Combo List
Content: A threat actor is sharing a combo list containing approximately 100 high-quality mixed mail access credentials. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-10T16:12:04Z
Network: openweb
Published URL: https://patched.to/Thread-0-1k-hq-mixed-mail-access-combolist-300927
Screenshots:
None
Threat Actors: liamgoat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A forum user is sharing a combo list containing 850 Hotmail credential hits. Access to the content is gated behind forum registration or login. The post includes a like-gate enforcement warning.
Date: 2026-05-10T16:11:29Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85%E2%9A%A1850x-good-hotmail%E2%9A%A1%E2%9C%85-300929
Screenshots:
None
Threat Actors: NovaCloudx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 1.7K mixed mail access combo list
Category: Combo List
Content: A combo list containing approximately 1,700 mixed mail access credentials was shared on a forum by the user Kommander0. The content is hidden behind a registration or login wall, limiting visibility into specific details.
Date: 2026-05-10T16:11:12Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1-7k-mix-mail-access-by-kommander0-10-05
Screenshots:
None
Threat Actors: AnticaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Switzerland distributed on forum
Category: Combo List
Content: A combo list containing over 91,000 credential pairs associated with Switzerland was shared freely on a forum. The list is dated April 30, 2026, and was made available via an external paste link.
Date: 2026-05-10T16:10:34Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-91-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Switzerland-%E2%9C%AA-30-APR-2026-%E2%9C%AA–2290864
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail credential combo list with 1,520 hits
Category: Combo List
Content: A threat actor has freely shared a combo list containing 1,520 purported Hotmail credential hits via an external paste link. The credentials are marketed as premium hits suitable for credential stuffing.
Date: 2026-05-10T16:10:17Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1520x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F–2290884
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of professional email campaign and harvesting tool suite
Category: Services
Content: A threat actor operating as GOLLUM is selling a suite of four email infrastructure tools — a bulk mailer, contact fetcher, list cleaner, and geographic sorter — for $300 as a lifetime bundle. The toolset is designed to support large-scale email campaigns, including harvesting contacts from compromised mailboxes via email:password list input. Tools are advertised with lifetime licenses and Telegram-based support.
Date: 2026-05-10T16:08:50Z
Network: openweb
Published URL: https://hackforums.net/showthread.php?tid=6325189
Screenshots:
None
Threat Actors: GOLLUM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List mix of 62K credentials across multiple regions
Category: Combo List
Content: A threat actor is distributing a mixed combo list of approximately 62,000 credentials targeting Hotmail, Outlook, Live, and MSN accounts across US and EU regions. The credentials are marketed as fresh with a high hit rate, distributed daily via a Telegram channel. The post advertises an ongoing subscription-style service offering 2–4 files daily.
Date: 2026-05-10T16:01:56Z
Network: openweb
Published URL: https://altenens.is/threads/mix-62k.2937497/unread
Screenshots:
None
Threat Actors: mailcombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of large-scale stealer log dataset containing URL:Login:Password credentials
Category: Logs
Content: A threat actor is distributing a large dataset of URL:Login:Password credentials via Telegram, claimed to contain over 960 million lines deduplicated. The data is formatted as stealer log output and made available for free download.
Date: 2026-05-10T15:57:04Z
Network: openweb
Published URL: https://breachforums.rs/Thread-URL-LOGIN-PASS-%E2%9C%AA-960-M-%E2%9C%AA-ULP-LOG-S-Date-%E2%9C%AA-cloud-%E2%9C%AA
Screenshots:
None
Threat Actors: Carpenter121
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of malicious hacking course with shell access, exploits, and malware tools
Category: Initial Access
Content: Threat actor advertising a paid course offering illegal hacking services including: shell access to Indonesian targets, website cloaking, WordPress exploitation, shell deployment, anti-deletion techniques, telegram-based attacks, exploit kits, and automated backlinking. Contact via Telegram for purchase.
Date: 2026-05-10T15:51:31Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/131
Screenshots:
None
Threat Actors: person131
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 9,500 passport and national identity card scans from France and Turkey
Category: Carding
Content: A threat actor is offering for sale 9,542 passport and national identity card scans, primarily from France and Turkey, priced at $1,000 for a 4.01 GB compressed archive. The seller claims to provide samples via the Session messaging app and associates the listing with the PwnerSec group on X (Twitter).
Date: 2026-05-10T15:47:03Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-9500-Passport-and-National-Identity-Card
Screenshots:
None
Threat Actors: NormalLeVrai
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of credential stuffing and phishing infrastructure by DataxLogs
Category: Phishing
Content: Threat actor DataxLogs is advertising malicious services including Python-based config builders (Silverbullet, Openbullet 2), captcha bypass tools (Hcaptcha, Cloudflare, Captcha V2/V3, etc.), and APIs for web, Android, iOS, and Windows platforms. These tools are typically used for credential stuffing, phishing, and automated account takeover attacks.
Date: 2026-05-10T15:42:44Z
Network: telegram
Published URL: https://t.me/c/2613583520/79014
Screenshots:
None
Threat Actors: DataxLogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mix mail combo list with 5,565 hits
Category: Combo List
Content: A threat actor is offering a mixed mail combo list advertised as containing 5,565 hits. The credentials are shared via a paid private cloud service with tiered subscription pricing. No specific victim organization or breach source is identified.
Date: 2026-05-10T15:37:50Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9C%855565x-hq-mix-mail-hit-%E2%9C%85
Screenshots:
None
Threat Actors: aurexopforu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail credential combo list with 1,089 hits
Category: Combo List
Content: A threat actor has freely distributed a combo list of 1,089 Hotmail credential hits via an external paste link. The credentials are marketed as premium hits, suggesting they have been verified against Hotmail accounts.
Date: 2026-05-10T15:37:14Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1089x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F–2290858
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list (56K credentials)
Category: Combo List
Content: A threat actor is advertising a combo list of approximately 56,000 Hotmail/Outlook/Live/MSN credentials via a Telegram channel. The listings are marketed as fresh, high hit-rate packs targeting multiple regions including the US and EU. Files are claimed to be dropped daily in 2–4 batches.
Date: 2026-05-10T15:36:43Z
Network: openweb
Published URL: https://demonforums.net/Thread-hotmail-56k
Screenshots:
None
Threat Actors: mailcombo01
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email combo list (62K credentials)
Category: Combo List
Content: A threat actor is advertising a mixed email combo list of approximately 62,000 credentials targeting Hotmail, Outlook, Live, and MSN accounts across US and European regions. The credentials are marketed as fresh with a high hit rate, distributed via a Telegram channel at a claimed rate of 2–4 files daily.
Date: 2026-05-10T15:36:03Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-mix-62k
Screenshots:
None
Threat Actors: mailcombo01
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of email access combo list with 18K valid credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 18,000 claimed valid email credentials behind a registration/login wall on a cybercrime forum. The content is restricted to registered members. No specific targeted service or origin is identified.
Date: 2026-05-10T15:06:29Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-18K-VALID-MAIL-ACCESS–203600
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 704K US credentials offered for free
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 704,000 US credentials, marketed as a private base suitable for general credential stuffing. The post is associated with a self-described combo cloud service advertising high-quality data and private lines.
Date: 2026-05-10T15:05:48Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1704k-usa%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 2.6K credentials
Category: Combo List
Content: A threat actor on a criminal forum is sharing a combo list of 2,600 Hotmail email and password pairs, marketed as top quality. The content is gated behind registration or login, with a link to the actors external store at megacloudshop.top.
Date: 2026-05-10T15:05:27Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-2-6K-HOTMAIL-Jutst-%C2%A0Top-Quality-10-05
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A threat actor shared a combo list of 1,016 Hotmail credentials on a cybercrime forum. The content is hidden behind a login/register wall, limiting visibility. The post is consistent with credential stuffing list distributions targeting Hotmail accounts.
Date: 2026-05-10T15:05:09Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%94%B1-1016x-hydra-hotmail-%F0%9F%94%B1
Screenshots:
None
Threat Actors: LordOfSea91
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo lists including Hotmail and mixed credentials via private cloud service
Category: Combo List
Content: A threat actor is offering access to a private cloud service containing combo lists, including uHQ Hotmail credentials, fresh mixed combos, and inbox combos. Subscription plans are available ranging from 3 days to lifetime access, with payment accepted in cryptocurrency. The post also references CC, dump, and 3D content, suggesting card-related data may also be included.
Date: 2026-05-10T15:04:52Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%B0cc%E2%9A%9C%EF%B8%8Fdump%E2%9A%9C%EF%B8%8F3d%E2%9A%9C%EF%B8%8Fbut%E2%9A%9C%EF%B8%8Fold%E2%9A%9C%EF%B8%8Fcombo%F0%9F%94%B0
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list via private cloud service
Category: Combo List
Content: A threat actor is offering subscription-based access to a private cloud containing approximately 1,000 Hotmail credentials marketed as fresh and high-quality. Plans range from $10 for 3 days to $260 for lifetime access, with payment accepted in cryptocurrency. Contact is facilitated via Telegram handle @VOID032.
Date: 2026-05-10T15:04:16Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%B01k%E2%9A%9C%EF%B8%8Fvalid%E2%9A%9C%EF%B8%8Fhotmail%F0%9F%94%B0
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is offering a combo list of 1,600 Hotmail credentials on a cybercrime forum. The content is gated behind registration or login. No additional details about the datas origin or composition are available.
Date: 2026-05-10T15:03:36Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%A5-1600x-hotmails-velocemarket-%F0%9F%94%A5
Screenshots:
None
Threat Actors: xHitCheap
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list (2.6K credentials)
Category: Combo List
Content: A threat actor is offering a combo list of approximately 2,600 Hotmail credentials, marketed as top quality. The content is gated behind registration or login on the forum.
Date: 2026-05-10T15:03:06Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-2-6k-hotmail-jutst-top-quality-10-05
Screenshots:
None
Threat Actors: MonnarhTeam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 16K Mixed Mail Access Credentials
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 16,000 email and password combinations described as mixed mail access. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-10T15:01:51Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-16K-Good-Mix-Mail-Access
Screenshots:
None
Threat Actors: StrawHatBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free sharing of Udemy course content for Advanced Windows Active Directory Penetration Testing
Category: Data Leak
Content: A forum user is sharing a download link for a Udemy course on Advanced Windows Active Directory Penetration Testing. The content appears to be pirated course material distributed freely on a leak forum.
Date: 2026-05-10T14:59:33Z
Network: openweb
Published URL: https://altenens.is/threads/udemy-advanced-windows-active-directory-penetration-testingsparklescheck-mark-button.2937486/unread
Screenshots:
None
Threat Actors: popfizz
Victim Country: United States
Victim Industry: Education
Victim Organization: Udemy
Victim Site: udemy.com
Alleged Data Leak of Udemy Course: Advanced Practical Initial Access (Social Engineering)
Category: Data Leak
Content: A forum user is sharing hidden content purportedly related to a Udemy course titled Advanced Practical Initial Access (Social Engineering). The post requires a reply to access the content, and no further details about the nature or volume of the leaked data are provided.
Date: 2026-05-10T14:59:14Z
Network: openweb
Published URL: https://altenens.is/threads/udemy-advanced-practical-initial-access-social-engineering.2937488/unread
Screenshots:
None
Threat Actors: popfizz
Victim Country: United States
Victim Industry: Education
Victim Organization: Udemy
Victim Site: udemy.com
Free list of 15 vulnerable websites for legal penetration testing practice
Category: Alert
Content: A forum member shared a hidden list of 15 websites intended for legal penetration testing and hacking practice. The content is gated behind a reply requirement. No specific victim organization or threat activity is identified.
Date: 2026-05-10T14:58:56Z
Network: openweb
Published URL: https://altenens.is/threads/15-vulnerable-websites-for-legal-penetration-hacking-practice.2937487/unread
Screenshots:
None
Threat Actors: popfizz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Email Grabber Tool for Credential Checking and Data Extraction
Category: Malware
Content: A threat actor is selling Email Grabber 3.0, a tool designed to check and validate email account credentials, download emails and attachments, access OneDrive files, and search for cryptocurrency seed phrases and private keys across emails, attachments, and images. The tool supports IMAP and Microsoft web accounts (Hotmail/Outlook) and is offered at prices ranging from $50 per week to $200 for a lifetime license. The tool is marketed for bulk email account management and data extraction, consi
Date: 2026-05-10T14:56:15Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Email-Downloader-Download-Emails-Download-Attachments-Download-OneDriive
Screenshots:
None
Threat Actors: CyberPaladin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of DDoS tool by WatesSecTeam
Category: Malware
Content: A DDoS tool (dos.py) is being distributed via MediaFire link by WatesSecTeam/watesXploit associated with the Babayo Error System group.
Date: 2026-05-10T14:55:34Z
Network: telegram
Published URL: https://t.me/c/3865526389/901
Screenshots:
None
Threat Actors: WatesSecTeam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of social media account hacking services via social engineering
Category: Services
Content: A threat actor is offering paid account compromise services targeting Instagram, Snapchat, Facebook, and WhatsApp, priced between $200 and $400 per account. The actor claims to use a custom Android application combined with social engineering techniques to gain unauthorized access. All services are advertised with a 24-48 hour turnaround, with contact via Telegram.
Date: 2026-05-10T14:48:56Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Professional-Hacker-Carder-Training-Package
Screenshots:
None
Threat Actors: Darkode1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fraudulent Italian drivers licenses and identity documents
Category: Carding
Content: A threat actor is selling purportedly valid Italian drivers licenses (front and back) for $50 each, advertising favorable expiration dates. The seller also claims to offer passports and other identity documents for multiple countries, with contact facilitated via Telegram.
Date: 2026-05-10T14:42:03Z
Network: openweb
Published URL: https://breached.st/threads/valid-italian-drivers-licenses-for-sale-front-back.86973/unread
Screenshots:
None
Threat Actors: decipher
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of ardagucluer.com.tr by Threat Actor Zod
Category: Defacement
Content: A threat actor operating under the alias Zod defaced the Turkish website ardagucluer.com.tr on May 10, 2026, targeting a specific page (zod.html) hosted on a Linux-based server. The incident was a targeted single-site defacement with no indication of mass or repeat defacement activity.
Date: 2026-05-10T14:41:45Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249144
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Arda Güçlüer
Victim Site: ardagucluer.com.tr
Alleged data leak of Mossad Israel database
Category: Data Leak
Content: A forum post claims to share a database allegedly belonging to Mossad, the Israeli intelligence agency. No sample data or record count is provided in the visible post content. The nature and authenticity of the claimed data cannot be verified.
Date: 2026-05-10T14:41:07Z
Network: openweb
Published URL: https://breached.st/threads/database-mossad-israel.86974/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Israel
Victim Industry: Government
Victim Organization: Mossad
Victim Site: Unknown
Website Defacement of Caritas Mityana by Threat Actor Zod
Category: Defacement
Content: On May 10, 2026, a threat actor operating under the alias Zod defaced the website of Caritas Mityana, a Catholic charitable organization based in the Mityana Diocese of Uganda. The attacker targeted a specific page (zod.html) on a Linux-based server, indicating a targeted single-page defacement rather than a mass or home page compromise. The incident was archived and mirrored via haxor.id, a known defacement archiving platform.
Date: 2026-05-10T14:39:36Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249145
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Uganda
Victim Industry: Non-Profit / Religious Organization
Victim Organization: Caritas Mityana
Victim Site: caritasmityana.org
Hotmail credential combo list with 2,600 hits
Category: Combo List
Content: A threat actor is sharing a combo list of 2,600 Hotmail credential hits on a leak forum. The content is hidden behind a registration or login wall. These credentials are marketed as verified hits against Hotmail accounts.
Date: 2026-05-10T14:28:35Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%9A%A1%E2%9A%A1-2-600x-HOTMAIL-HITS-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: lpbPrivate
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list
Category: Combo List
Content: A threat actor is offering a set of 1,585 Hotmail credentials marketed as private and fresh. The content is hidden behind a registration or login wall on the forum. Contact is provided via Telegram handle @KingBaldwinXD.
Date: 2026-05-10T14:28:10Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-1585x-%E2%AD%90%E2%AD%90-FRESH-HQ-HOTMAIL-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: KiwiShioo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list sample (970 credentials)
Category: Combo List
Content: A threat actor on DemonForums shared a sample combo list of 970 Hotmail email:password credentials. The content is hidden behind a registration or login wall. No breach of Hotmail/Microsoft is implied; these credentials are likely sourced from prior breaches and intended for credential stuffing.
Date: 2026-05-10T14:27:50Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-970x-SAMPLE-HOTMAIL-%E2%9A%A1%E2%9A%A1–203598
Screenshots:
None
Threat Actors: HollowKnight
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 1,463 Hotmail credentials marketed as fresh private hits
Category: Combo List
Content: A threat actor shared a combo list of 1,463 Hotmail credentials described as fresh and private hits. The post is gated behind a reply requirement to access the download link. These credentials are intended for credential stuffing against Hotmail/Outlook accounts.
Date: 2026-05-10T14:25:05Z
Network: openweb
Published URL: https://altenens.is/threads/check-mark-buttoncheck-mark-button-1463x-fresh-private-hotmail-hits-check-mark-button-check-mark-button.2937485/unread
Screenshots:
None
Threat Actors: Angiecrax
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Mossad (Israel) Database Breach
Category: Data Breach
Content: A Breachforums user mr-hanz-xploit has posted a thread claiming to have breached and obtained a database from Mossad, Israels intelligence agency. The breach is being discussed and shared on the Breachforums platform.
Date: 2026-05-10T14:22:58Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/130
Screenshots:
None
Threat Actors: mr-hanz-xploit
Victim Country: Israel
Victim Industry: Government/Intelligence
Victim Organization: Mossad
Victim Site: Unknown
Sale of alleged Chinese PLA military intelligence data including cyberforce and rocket force documents
Category: Data Breach
Content: A threat actor is offering for sale alleged data from multiple divisions of the Chinese Peoples Liberation Army (PLA), including the Cyberspace Force Technology Research Institute, Rocket Force intelligence institutes, and other military research bodies. The seller claims the data includes test data and reports, and states they are open to buyers such as think tanks. Samples are offered to serious buyers upon request.
Date: 2026-05-10T14:08:55Z
Network: openweb
Published URL: https://breached.st/threads/china-secret-military-rocket-force-foreign-affairs-cyberforce-test-data-reports.86972/unread
Screenshots:
None
Threat Actors: mosad
Victim Country: China
Victim Industry: Government
Victim Organization: Chinese Peoples Liberation Army
Victim Site: Unknown
Alleged data leak of Discord database
Category: Data Leak
Content: A forum post on Breached claims to offer a free download of a Discord database. The post contains minimal detail beyond a download link. The nature and contents of the alleged database are unspecified.
Date: 2026-05-10T14:08:03Z
Network: openweb
Published URL: https://breached.st/threads/database-discord.86971/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: United States
Victim Industry: Technology
Victim Organization: Discord
Victim Site: discord.com
Alleged leak of institutional database with personal information
Category: Data Leak
Content: A database structure dump was shared containing fields for institutional data (nama_lembaga, alamat_lembaga, email, no_telepon) and coordinator personal information (nama_koordinator, alamat_koordinator, email_koordinator, no_telepon_koordinator) along with administrative metadata. The data appears to be from an Indonesian institution or testing/certification system based on field naming conventions.
Date: 2026-05-10T13:57:34Z
Network: telegram
Published URL: https://t.me/Xyph0rix/337
Screenshots:
None
Threat Actors: 赛弗里克斯
Victim Country: Indonesia
Victim Industry: Education/Testing/Certification
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Hotmail accounts
Category: Combo List
Content: A threat actor is distributing a combo list of 2,740 Hotmail credentials described as fully valid. The content is hidden behind a forum registration or login wall.
Date: 2026-05-10T13:56:17Z
Network: openweb
Published URL: https://patched.to/Thread-2740x-hotmail-full-valid
Screenshots:
None
Threat Actors: poisonyt007
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 764 HQ Hotmail credentials
Category: Combo List
Content: A threat actor is sharing 764 alleged high-quality Hotmail credentials on a combolist forum. The content is gated behind registration or login. These credentials are likely intended for credential stuffing or account takeover activity.
Date: 2026-05-10T13:55:38Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9D%84%E2%9D%84-764x-hq-premium-hotmails-%E2%9D%84%E2%9D%84
Screenshots:
None
Threat Actors: Lowza9
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list with 15.5K mixed mail access credentials
Category: Combo List
Content: A forum user is distributing a combo list containing approximately 15.5K mixed email access credentials. The content is hidden behind a registration or login wall. No specific breached organization is identified.
Date: 2026-05-10T13:55:02Z
Network: openweb
Published URL: https://leakforum.io/Thread-15-5K-%E2%80%8D%E2%AC%9BMIX-MAIL-%E2%80%8D%E2%AC%9BACCESS-%E2%80%8D%E2%AC%9B
Screenshots:
None
Threat Actors: MeiMisakix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mix mail access combo list with 11,155 credentials
Category: Combo List
Content: A threat actor has shared a mix mail access combo list containing 11,155 credentials. The post is categorized as a free release on a leak forum.
Date: 2026-05-10T13:54:39Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-11155x%E2%9A%A1MIX-MAIL%E2%9A%A1ACCESS%E2%9A%A1
Screenshots:
None
Threat Actors: RedHat29x
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 100K Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 100,000 Hotmail credentials via Pasteview. The list is marketed as high quality (HQ) and is available for free on the forum.
Date: 2026-05-10T13:49:20Z
Network: openweb
Published URL: https://altenens.is/threads/100k-hq-hotmail-txt.2937478/unread
Screenshots:
None
Threat Actors: Vekko
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Discord Database Breach
Category: Data Breach
Content: User Xyph0rix has posted on breached.st forum referencing a Discord database breach. A thread titled Database Discord is linked, suggesting a database dump or credential leak related to Discord platform.
Date: 2026-05-10T13:44:44Z
Network: telegram
Published URL: https://t.me/Xyph0rix/336
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Unknown
Victim Industry: Technology/Communication Platform
Victim Organization: Discord
Victim Site: discord.com
Mass Defacement by Mr.XycanKing of BABAYO EROR SYSTEM targeting network and data solutions provider
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement campaign that included the website of 3DS and B Network and Data Solution, a network and data solutions provider. The attack targeted a Linux-based web server and was confirmed as part of a broader mass defacement operation. A mirror of the defaced page has been archived at haxor.id.
Date: 2026-05-10T13:43:41Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249141
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Information Technology
Victim Organization: 3DS and B Network and Data Solution
Victim Site: 3dsandbnetworkanddatasolution.com
Mass Website Defacement by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM, conducted a mass defacement attack targeting the website hosted at 2zjr-janiuay.com running on a Linux server. The incident was classified as a mass defacement campaign, suggesting multiple sites were compromised as part of the same operation. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T13:42:25Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249143
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 2zjr-janiuay.com
Mass Defacement of Ace Fiber Solution by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement campaign targeting acefibersolution.com, a fiber solutions provider. The attack was carried out on a Linux-based server and is classified as a mass defacement event, suggesting multiple sites were simultaneously compromised. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T13:40:57Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249139
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Fiber Solutions
Victim Organization: Ace Fiber Solution
Victim Site: acefibersolution.com
Mass Defacement of ZXavier Tech by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement campaign targeting zxaviertech.com, a technology-oriented website running on a Linux server. The incident was classified as a mass defacement, suggesting multiple sites were compromised as part of the same operation. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T13:39:52Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249142
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: ZXavier Tech
Victim Site: zxaviertech.com
Alleged phishing and stolen payment card sales operation (9Check.me and PepeCard)
Category: Phishing
Content: Multiple threat actors operating stolen payment card sales and CVV validation services. ID 78967 promotes 9Check.me, a tool for validating stolen credit card CVV numbers and credit limits. ID 78974 advertises PepeCard, a card shop claiming to sell 100,000+ valid stolen cards daily from US/Canada/UK/Global regions at $1-$1.50 per card with 75-95% validity rates. ID 78979 offers combolists for multiple countries (DE, FR, IT, BR, UK, US, JP, PL, RU, ES, NL, MX, CA, SG) and access credentials for various platforms (Kleinanzeigen, eBay, Reddit, Poshmark, Depop, Walmart, Amazon).
Date: 2026-05-10T13:39:16Z
Network: telegram
Published URL: https://t.me/c/2613583520/78967
Screenshots:
None
Threat Actors: PepeCard
Victim Country: United States
Victim Industry: Financial services, e-commerce
Victim Organization: Unknown
Victim Site: Unknown
Alleged website defacement by Mr.PIMZZZXploit
Category: Defacement
Content: Threat actor Mr.PIMZZZXploit claimed responsibility for defacing multiple websites across demowebsiteclient.com and devwebs.co.in domains. The post lists approximately 50+ defaced URLs with defacement banner claiming Hacked By Mr.PIMZZZXploit.
Date: 2026-05-10T13:38:42Z
Network: telegram
Published URL: https://t.me/c/3865526389/895
Screenshots:
None
Threat Actors: Mr.PIMZZZXploit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: demowebsiteclient.com, devwebs.co.in
Mass Defacement by Mr.XycanKing of BABAYO EROR SYSTEM Targeting Billing System Platform
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the team BABAYO EROR SYSTEM conducted a mass defacement campaign targeting aafiberlinksolutions-billingsystem.com, a billing system platform associated with AA Fiber Link Solutions, an internet service provider. The attack was carried out on a Linux-based server and was confirmed as part of a broader mass defacement operation. The defaced page was archived via haxor.id, a known defacement mirroring service.
Date: 2026-05-10T13:38:38Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249140
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Internet Services
Victim Organization: AA Fiber Link Solutions
Victim Site: aafiberlinksolutions-billingsystem.com
Alleged data leak of Germar Breton database with 3.4 million records
Category: Data Leak
Content: A threat actor has shared a download link purportedly containing a database associated with Germar Breton, claimed to contain 3.4 million records. The post provides an external download link with no additional details about the data fields or breach origin.
Date: 2026-05-10T13:37:48Z
Network: openweb
Published URL: https://breached.st/threads/database-data-germar-breton-3-4m.86968/unread
Screenshots:
None
Threat Actors: JAX7
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Germar Breton
Victim Site: Unknown
Alleged data breach of Kementerian Perhubungan Republik Indonesia
Category: Data Breach
Content: A threat actor claims to be selling or leaking a database belonging to the Ministry of Transportation of the Republic of Indonesia. The post includes a sample section but no further details or record count are provided.
Date: 2026-05-10T13:37:18Z
Network: openweb
Published URL: https://breached.st/threads/database-kementerian-perhubungan-republik-indonesia.86969/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Kementerian Perhubungan Republik Indonesia
Victim Site: Unknown
Alleged data leak of Vietnam Government Police database
Category: Data Leak
Content: A threat actor on a breach forum is distributing an alleged database belonging to the Vietnam Government Police. The post includes a download link, suggesting the data is being shared freely. No further details regarding record count or data fields are provided.
Date: 2026-05-10T13:36:44Z
Network: openweb
Published URL: https://breached.st/threads/database-vietnam-gov-police.86970/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Vietnam
Victim Industry: Government
Victim Organization: Vietnam Government Police
Victim Site: Unknown
Mass Web Defacement Campaign by Mr.XycanKing of BABAYO EROR SYSTEM Targeting wiis.site
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM, conducted a mass defacement attack against the website wiis.site hosted on a Linux server. The incident is classified as a mass defacement campaign, indicating multiple sites were likely targeted simultaneously. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T13:32:38Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249133
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: wiis.site
Mass Web Defacement by Mr.XycanKing of BABAYO EROR SYSTEM Targeting yopipz-optinet.com
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass web defacement campaign targeting yopipz-optinet.com, a domain associated with internet or network services provider Optinet. The attack was executed on a Linux-based server and is categorized as a mass defacement, suggesting multiple sites were simultaneously compromised. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-10T13:31:37Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249136
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Internet Services
Victim Organization: Optinet
Victim Site: yopipz-optinet.com
Mass Defacement of WinsTech Network by Mr.XycanKing (BABAYO EROR SYSTEM)
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM, conducted a mass defacement attack targeting winstechnetwork.com, a technology-oriented website running on a Linux server. The incident was classified as a mass defacement, suggesting multiple sites may have been simultaneously compromised. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-10T13:30:11Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249135
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: WinsTech Network
Victim Site: winstechnetwork.com
Mass Defacement of yuktitimes.com by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, the website yuktitimes.com was defaced by threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM. The attack was carried out as part of a mass defacement campaign, targeting the index page of the site hosted on a cloud server. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T13:28:44Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249137
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: India
Victim Industry: Media and News
Victim Organization: Yukti Times
Victim Site: yuktitimes.com
Mass Defacement by Mr.XycanKing of BABAYO EROR SYSTEM targeting winstechcompandnetcenter.com
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the team BABAYO EROR SYSTEM conducted a mass defacement campaign targeting winstechcompandnetcenter.com, a technology and networking services organization. The attack was executed on a Linux-based server and is part of a broader mass defacement operation. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-10T13:27:35Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249134
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Technology / IT Services
Victim Organization: Wins Tech Computer and Net Center
Victim Site: winstechcompandnetcenter.com
Mass Website Defacement by Mr.XycanKing of BABAYO EROR SYSTEM Targeting Web Hosting Billing Platform
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the team BABAYO EROR SYSTEM conducted a mass defacement campaign targeting weborbitinternet-billingsystem.com, a web hosting or internet billing platform running on a Linux server. The defacement was not a redefacement, indicating this was the first successful compromise of the target, and was part of a broader mass defacement operation. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T13:26:26Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249138
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Internet Services / Web Hosting
Victim Organization: WebOrbit Internet Billing System
Victim Site: weborbitinternet-billingsystem.com
Sale of Hotmail combo list with 1,190 valid credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 1,190 claimed valid Hotmail credentials, dated May 9, 2026. The content is gated behind forum registration or login. No breach of a specific organization is indicated; the credentials are likely sourced from prior leaks and tested against Hotmail.
Date: 2026-05-10T13:25:28Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%91%BB1190-hotmail-valid-access-09-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Mix Mail Credentials (3,730 records)
Category: Combo List
Content: A user shared a mixed mail combo list containing 3,730 credential pairs on a public forum. The content is hidden behind a login/registration wall. No specific victim organization or country is identified.
Date: 2026-05-10T13:24:57Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%94%A5%F0%9F%94%A5-3730x-mix-mail-%F0%9F%94%A5%F0%9F%94%A5-300869
Screenshots:
None
Threat Actors: NotSellerXd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 1,296 Valid Hotmail Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 1,296 claimed valid Hotmail credentials, dated May 9, 2026. The content is gated behind registration or login on the forum. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-10T13:24:13Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%91%BB1296-hotmail-valid-access-09-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A forum user is sharing a combo list purportedly containing 4,800 Hotmail account credentials. The content is hidden behind a registration or login wall, limiting visibility into the datas composition or origin.
Date: 2026-05-10T13:23:38Z
Network: openweb
Published URL: https://leakforum.io/Thread-4-8K-HOTMAIL-ACCESS
Screenshots:
None
Threat Actors: MeiMisakix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list with 6,510 mixed credentials
Category: Combo List
Content: A threat actor shared a combo list containing 6,510 mixed credentials, marketed as fresh. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-10T13:23:15Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-6510x-FRESH-MIX-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Nulled07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Vietnam Government Police database
Category: Data Breach
Content: Threat actor Xyph0rix has posted on breached.st forum claiming access to a Vietnamese government police database. A dedicated thread exists on the forum discussing the breach with direct link provided.
Date: 2026-05-10T13:23:07Z
Network: telegram
Published URL: https://t.me/Xyph0rix/335
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Vietnam
Victim Industry: Government/Law Enforcement
Victim Organization: Vietnam Government Police
Victim Site: Unknown
Mass Defacement of snsllorente.com by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement attack against snsllorente.com, hosted on a Linux-based server. The incident was part of a broader mass defacement campaign, with the defaced page archived at haxor.id. No specific motivation or proof of concept was publicly disclosed.
Date: 2026-05-10T13:20:32Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249130
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: SNS Llorente
Victim Site: snsllorente.com
Mass Web Defacement by Mr.XycanKing of BABAYO EROR SYSTEM Targeting spiderwebnetworksbohol.com
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass web defacement campaign targeting spiderwebnetworksbohol.com, a likely internet service provider based in Bohol, Philippines. The attack was carried out on a Linux-based server and is classified as a mass defacement incident. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T13:19:29Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249128
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Philippines
Victim Industry: Telecommunications / Internet Services
Victim Organization: Spider Web Networks Bohol
Victim Site: spiderwebnetworksbohol.com
Mix Mail Combo List (Hotmail, Outlook, AOL, GMX, Inbox, iCloud, Live)
Category: Combo List
Content: A threat actor shared a mixed mail combo list targeting multiple email providers including Hotmail, Outlook, AOL, GMX, Inbox, iCloud, and Live. The credentials are hidden behind a reply gate and linked to a Telegram channel. Record count is not disclosed.
Date: 2026-05-10T13:19:24Z
Network: openweb
Published URL: https://altenens.is/threads/mix-mail-combo-hotmail-outlook-aol-gmx-inbox-icloud-live-2026-5-7.2937458/unread
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 380 fresh valid credentials
Category: Combo List
Content: A threat actor is offering a combo list of 380 Hotmail credentials marketed as fresh and valid. The content is gated behind a reply requirement, suggesting distribution within the forum community. This is a credential stuffing resource targeting Hotmail accounts.
Date: 2026-05-10T13:18:35Z
Network: openweb
Published URL: https://altenens.is/threads/sparkles-380x-fresh-hotmail-valid-sparkles.2937476/unread
Screenshots:
None
Threat Actors: Sellix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of SLL Data Services Corp by Mr.XycanKing (BABAYO EROR SYSTEM)
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement campaign targeting slldataservicescorp.com, a data services organization running on a Linux-based server. The attack was classified as a mass defacement, indicating multiple sites were likely compromised simultaneously as part of the same operation. The incident was archived and mirrored via haxor.id.
Date: 2026-05-10T13:18:26Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249131
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Information Technology / Data Services
Victim Organization: SLL Data Services Corp
Victim Site: slldataservicescorp.com
Alleged data breach of Kementerian Perhubungan (Indonesian Ministry of Transportation)
Category: Data Breach
Content: A threat actor operating under the handle mr-hanz-xploit has posted on Breachforums regarding a database breach of Kementerian Perhubungan Republik Indonesia (Indonesian Ministry of Transportation). The breach details are being shared publicly on the forum.
Date: 2026-05-10T13:18:11Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/125
Screenshots:
None
Threat Actors: mr-hanz-xploit
Victim Country: Indonesia
Victim Industry: Government – Transportation
Victim Organization: Kementerian Perhubungan Republik Indonesia
Victim Site: Unknown
Mass Defacement by Mr.XycanKing of BABAYO EROR SYSTEM Targeting stratanetwork-v2.com
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the team BABAYO EROR SYSTEM conducted a mass defacement campaign targeting stratanetwork-v2.com, a technology or networking-related platform running on a Linux server. The defacement was confirmed as part of a broader mass defacement operation, with the mirror archived at haxor.id. No specific motive or proof-of-concept details were disclosed.
Date: 2026-05-10T13:17:00Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249127
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Technology / Networking
Victim Organization: Strata Network
Victim Site: stratanetwork-v2.com
Mass Web Defacement by Mr.PIMZZZXploit of BABAYO EROR SYSTEM Targeting Mobile Services Site in India
Category: Defacement
Content: On May 10, 2026, threat actor Mr.PIMZZZXploit operating under the group BABAYO EROR SYSTEM conducted a mass web defacement campaign targeting sumitmobileservice.bw.devwebs.co.in, a mobile services business hosted on a Linux server in India. The defacement was confirmed as part of a broader mass defacement operation, with the mirror archived on haxor.id. No specific motive or vulnerability details were disclosed.
Date: 2026-05-10T13:16:21Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249132
Screenshots:
None
Threat Actors: Mr.PIMZZZXploit, BABAYO EROR SYSTEM
Victim Country: India
Victim Industry: Retail / Mobile Services
Victim Organization: Sumit Mobile Service
Victim Site: sumitmobileservice.bw.devwebs.co.in
Sale of DarkVision RAT Ultimate Edition
Category: Malware
Content: A threat actor is selling DarkVision RAT Ultimate Edition, a remote access tool written in native C++ and ASM, for $60 USD per contract. The listing outlines terms of service including update rights tied to contract compliance.
Date: 2026-05-10T13:15:57Z
Network: openweb
Published URL: https://hackforums.net/showthread.php?tid=6227378
Screenshots:
None
Threat Actors: DarkVision
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement of SpeedWave Fiber by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement campaign targeting speedwavefiber.website, a telecommunications and fiber internet service provider. The attack was carried out on a Linux-based web server and is classified as a mass defacement, indicating multiple sites may have been simultaneously compromised. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T13:15:19Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249129
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Internet Services
Victim Organization: SpeedWave Fiber
Victim Site: speedwavefiber.website
Alleged database breach of Germar Breton with 3.4M records
Category: Data Breach
Content: Threat actor JAX7 has posted a database breach involving Germar Breton with approximately 3.4 million records on Breachforums. The actors profile and breach thread are publicly accessible on the platform.
Date: 2026-05-10T13:10:34Z
Network: telegram
Published URL: https://t.me/byjax7/600
Screenshots:
None
Threat Actors: JAX7
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Germar Breton
Victim Site: Unknown
Mass Defacement of TechnoTrend Tarlac by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, the website of TechnoTrend Tarlac, a technology-related organization based in Tarlac, Philippines, was defaced by threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM. The incident was classified as a mass defacement campaign, suggesting multiple sites were targeted simultaneously. The attack was executed on a Linux-based server, and a mirror of the defaced page was archived at haxor.id.
Date: 2026-05-10T13:09:24Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249126
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Philippines
Victim Industry: Technology
Victim Organization: TechnoTrend Tarlac
Victim Site: technotrend-tarlac.com
Website Defacement of Chilean Sewing Machine Repair Service by Ng1ndex (Team D704T)
Category: Defacement
Content: On May 10, 2026, a threat actor identified as Ng1ndex, operating under the team D704T, defaced a Chilean sewing machine repair service website at reparacionmaquinascoser.cl. The incident was a targeted single-site defacement, not classified as mass or home page defacement. The attack was documented and mirrored by zone-xsec.com with mirror ID 918453.
Date: 2026-05-10T13:08:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918453
Screenshots:
None
Threat Actors: Ng1ndex, D704T
Victim Country: Chile
Victim Industry: Small Business / Repair Services
Victim Organization: Reparacion Maquinas Coser
Victim Site: reparacionmaquinascoser.cl
Sale of Hotmail combo list with 3.3K fresh credentials
Category: Combo List
Content: A threat actor is offering for sale a combo list of 3,300 Hotmail email credentials, marketed as fresh and dated May 10. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-10T13:08:30Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-3-3K-Hotmail-fresh-Mail-Access-%C2%A010-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Website Defacement of Billing System Platform by Mr.XycanKing (BABAYO EROR SYSTEM)
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement attack targeting walastik-billingsystem.com, a billing system platform running on a Linux server. The attack was confirmed as a mass defacement campaign, with the defaced mirror archived at haxor.id. No specific motive or proof-of-concept details were disclosed.
Date: 2026-05-10T13:07:57Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249119
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Financial Services / Billing Technology
Victim Organization: Walastik Billing System
Victim Site: walastik-billingsystem.com
Website Defacement of vibradosmass.cl by Ng1ndex (Team D704T)
Category: Defacement
Content: On May 10, 2026, threat actor Ng1ndex, operating under team D704T, defaced a specific page (sa.html) on the Chilean website vibradosmass.cl. The incident was a targeted single-page defacement rather than a mass or home page defacement. No motive or technical vulnerability details were disclosed.
Date: 2026-05-10T13:07:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918454
Screenshots:
None
Threat Actors: Ng1ndex, D704T
Victim Country: Chile
Victim Industry: Unknown
Victim Organization: Vibrados Mass
Victim Site: vibradosmass.cl
Website Defacement of cvcv.cl by Ng1ndex (Team D704T)
Category: Defacement
Content: On May 10, 2026, the Chilean website cvcv.cl was defaced by threat actor Ng1ndex, operating under the team D704T. The attacker targeted a specific page (sa.html) rather than the homepage, indicating a targeted sub-page defacement. The incident was recorded and mirrored by zone-xsec.com with mirror ID 918445.
Date: 2026-05-10T13:06:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918445
Screenshots:
None
Threat Actors: Ng1ndex, D704T
Victim Country: Chile
Victim Industry: Unknown
Victim Organization: CVCV
Victim Site: www.cvcv.cl
Website Defacement of yb-dotab.com.ng by PH.BL4KE of STORM BREAKER SECURITY
Category: Defacement
Content: On May 10, 2026, the Nigerian website yb-dotab.com.ng was defaced by threat actor PH.BL4KE, operating under the group STORM BREAKER SECURITY. The attack targeted the homepage in a single-site defacement operation. No specific motive or server details were disclosed.
Date: 2026-05-10T13:05:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918455
Screenshots:
None
Threat Actors: PH.BL4KE, STORM BREAKER SECURITY
Victim Country: Nigeria
Victim Industry: Unknown
Victim Organization: YB Dotab
Victim Site: yb-dotab.com.ng
Mass Web Defacement of TK WiFi Billing System by Mr.XycanKing (BABAYO EROR SYSTEM)
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing, operating under the team BABAYO EROR SYSTEM, conducted a mass web defacement targeting tkwifi-billingsystem.com, a platform associated with WiFi billing services. The attack was carried out on a Linux-based server and is classified as a mass defacement campaign. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-10T13:04:30Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249124
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Internet Services
Victim Organization: TK WiFi Billing System
Victim Site: tkwifi-billingsystem.com
Website Defacement of ChileLogo by Ng1ndex (Team D704T)
Category: Defacement
Content: On May 10, 2026, threat actor Ng1ndex, operating under the team designation D704T, defaced the website chilelogo.com. The attack targeted a specific page (sa.html) rather than the homepage, indicating a targeted sub-page defacement. A mirror of the defaced content was archived at zone-xsec.com.
Date: 2026-05-10T13:03:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918446
Screenshots:
None
Threat Actors: Ng1ndex, D704T
Victim Country: Chile
Victim Industry: Unknown
Victim Organization: ChileLogo
Victim Site: chilelogo.com
Mass Defacement Campaign by BABAYO EROR SYSTEM Targeting Wanit Solutions Billing System
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM, conducted a mass defacement attack against the Wanit Solutions billing system web portal hosted on a Linux server. The incident was classified as a mass defacement, suggesting multiple sites were targeted in the same campaign. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-10T13:02:56Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249120
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Information Technology / Billing Services
Victim Organization: Wanit Solutions
Victim Site: wanitsolutions-billingsystem.com
Sale of stolen payment cards, dumps, and bank logs for fraud
Category: Carding
Content: A threat actor is advertising stolen credit/debit cards (CC+CVV, non-VBV), dumps with PIN, clone cards, and bank logs via Telegram. The seller claims to offer fraudulent transfers via CashApp, PayPal, Venmo, Zelle, Chime, and other payment platforms, and advertises usability for online purchases at Amazon, Walmart, and similar retailers.
Date: 2026-05-10T13:02:49Z
Network: openweb
Published URL: https://altenens.is/threads/i-got-valid-cc-cvv-non-vbv-good-balance-cards-for-yall-hits-on-everything-amazon-bills-online-orders-walmart-mil0rld-hello-ladies-and-gen.2937464/unread
Screenshots:
None
Threat Actors: Yentie
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Renuevahogar by Ng1ndex (Team D704T)
Category: Defacement
Content: On May 10, 2026, the Chilean home improvement website renuevahogar.cl was defaced by threat actor Ng1ndex, operating under the team D704T. The attacker targeted a specific page (sa.html) rather than the homepage, suggesting a targeted page-level defacement. The incident was recorded and mirrored by zone-xsec.com.
Date: 2026-05-10T13:02:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918452
Screenshots:
None
Threat Actors: Ng1ndex, D704T
Victim Country: Chile
Victim Industry: Home Improvement / Retail
Victim Organization: Renuevahogar
Victim Site: renuevahogar.cl
Mass Defacement of WanFiber by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, the website wanfiber.net was defaced by threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM. The incident was classified as a mass defacement campaign targeting a Linux-based web server. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-10T13:01:03Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249121
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Internet Service Provider
Victim Organization: WanFiber
Victim Site: wanfiber.net
Mass defacement of surf-n-slurf-billing-system.com by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement campaign targeting surf-n-slurf-billing-system.com, a billing services platform running on a Linux server. The attack was part of a broader mass defacement operation, with the defaced mirror archived at haxor.id. No specific motivation or proof-of-concept details were disclosed.
Date: 2026-05-10T13:00:26Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249123
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Financial Services / Billing
Victim Organization: Surf-N-Slurf Billing System
Victim Site: surf-n-slurf-billing-system.com
Mass Defacement of Billing System Platform by Mr.XycanKing / BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM, conducted a mass defacement attack targeting surelinknetwork-billingsystem.com, a network billing platform running on a Linux server. The attack was classified as a mass defacement, suggesting multiple sites or pages were compromised simultaneously. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T12:59:13Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249122
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Billing Services
Victim Organization: SureLink Network Billing System
Victim Site: surelinknetwork-billingsystem.com
Mass Defacement by Mr.XycanKing of BABAYO EROR SYSTEM targeting triplesingko.com
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement attack targeting triplesingko.com, hosted on a Linux-based server. The incident was confirmed as part of a mass defacement campaign, with a mirror of the defaced page archived at haxor.id. No specific motive or vulnerability details were disclosed.
Date: 2026-05-10T12:58:25Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249125
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Triple Singko
Victim Site: triplesingko.com
Mass Website Defacement by Mr.XycanKing of BABAYO EROR SYSTEM Targeting vinzonskonek.com
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement campaign targeting vinzonskonek.com, hosted on a Linux-based server. The attack was confirmed as part of a broader mass defacement operation, with the defaced page archived via haxor.id. No specific motive or vulnerability details were disclosed.
Date: 2026-05-10T12:51:50Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249118
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Philippines
Victim Industry: Unknown
Victim Organization: Vinzons Konek
Victim Site: vinzonskonek.com
Combo list of 2.6 million URL:login:password credentials shared
Category: Combo List
Content: A forum user has shared a combo list containing approximately 2.6 million URL, login, and password combinations. The content is gated behind registration or login. No specific victim organization or country is identified.
Date: 2026-05-10T12:49:27Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%98%81-2-6-million-url-login-pass-%E2%98%81
Screenshots:
None
Threat Actors: agha24
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Website Defacement by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement campaign targeting unohandnylpisonet.com, hosted on a Linux-based server. The incident was classified as a mass defacement, indicating multiple sites were likely compromised in the same operation. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-10T12:48:56Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249117
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: unohandnylpisonet.com
Alleged breach of Spanish database with 9 million records
Category: Data Breach
Content: Threat actor claims to have cracked a large Spanish database containing over 9 million records. Follow-up message suggests unauthorized access was taken after client failed to respond to contact attempts.
Date: 2026-05-10T12:45:21Z
Network: telegram
Published URL: https://t.me/c/3793980891/3393
Screenshots:
None
Threat Actors: xorcat
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 34K corporate email credentials targeting USA, EU, and RU
Category: Combo List
Content: A threat actor is offering a combo list of approximately 34,000 purportedly valid corporate email credentials spanning the USA, EU, and Russia, dated May 10. The content is gated behind registration or login on the forum.
Date: 2026-05-10T12:42:01Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-34K-Full-Valid-Usa-EU-RU-Corp-Mail-Access-10-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Dolphin X RAT with stealer, HVNC, and metamorphic capabilities
Category: Malware
Content: A forum seller is offering Dolphin X RAT, a remote access trojan advertised with stealer functionality, Hidden Virtual Network Computing (HVNC), undetected (UD) status, and metamorphic code capabilities. The post is listed in the sellers section of a cybercrime forum. No further technical details or pricing information are available from the post content.
Date: 2026-05-10T12:39:52Z
Network: openweb
Published URL: https://breachforums.rs/Thread-MALWARE-%E2%AD%90-Dolphin-X-RAT-%E2%AD%90-Stealer%E2%9A%A1%EF%B8%8F-HVNC-%E2%9A%A1%EF%B8%8F-UD-%E2%9A%A1%EF%B8%8F-Metamorphic
Screenshots:
None
Threat Actors: Kontraktnik
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of wbao.co.in by Mr.PIMZZZXploit of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.PIMZZZXploit operating under the team BABAYO EROR SYSTEM defaced the website wbao.co.in, hosted on a Linux server. The defacement targeted a specific page rather than the homepage and does not appear to be part of a mass defacement campaign. The incident was archived via haxor.id mirror service.
Date: 2026-05-10T12:36:11Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249116
Screenshots:
None
Threat Actors: Mr.PIMZZZXploit, BABAYO EROR SYSTEM
Victim Country: India
Victim Industry: Unknown
Victim Organization: WBAO
Victim Site: wbao.co.in
Alleged data breach of Saylove.fun – 100,000 user profiles
Category: Data Breach
Content: Threat actor claims to have obtained and is selling a complete user database from saylove.fun, a Chinese dating and romance game platform. The database allegedly contains 100,721 unique user profiles. The actor is offering one copy for $750 USD.
Date: 2026-05-10T12:27:22Z
Network: telegram
Published URL: https://t.me/c/3793980891/3392
Screenshots:
None
Threat Actors: Unknown
Victim Country: China
Victim Industry: Dating/Romance Gaming
Victim Organization: Saylove.fun (Weinan Xinfeiyue Network Technology Co., Ltd.)
Victim Site: saylove.fun
Mass Defacement of SKA Network and Data Solution by Mr.XycanKing / BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the team BABAYO EROR SYSTEM conducted a mass defacement attack against skanetworkanddatasolution.com, a network and data solutions provider. The attack targeted a Linux-based web server and was part of a broader mass defacement campaign. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T12:24:53Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249111
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Information Technology / Network Services
Victim Organization: SKA Network and Data Solution
Victim Site: skanetworkanddatasolution.com
Mass Website Defacement of Rocnet Billing System by Mr.XycanKing / BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement attack against rocnet-billingsystem.com, a billing system platform likely associated with a telecommunications or internet service provider. The targeted Linux-based web server was compromised and defaced as part of a broader mass defacement campaign. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T12:23:23Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249115
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Billing Services
Victim Organization: Rocnet Billing System
Victim Site: rocnet-billingsystem.com
Mass defacement of roleowis.com by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, the website roleowis.com was defaced by threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM. The incident was classified as a mass defacement campaign targeting a Linux-based server. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T12:22:04Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249113
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: roleowis.com
Website Defacement of SDLink Network by Mr.XycanKing (BABAYO EROR SYSTEM)
Category: Defacement
Content: On May 10, 2026, the website sdlinknetwork.com was defaced by threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM. The attack targeted a Linux-based web server and resulted in a single-page defacement of the target site. No specific motive or reason was attributed to the incident, and it was not classified as a mass or redefacement event.
Date: 2026-05-10T12:20:47Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249114
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Networking
Victim Organization: SDLink Network
Victim Site: sdlinknetwork.com
Mass Defacement of SG Internet Solutions by Mr.XycanKing / BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, the threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM, conducted a mass defacement campaign targeting sginternetsolutions.com, a website hosted on a Linux server. The attack was not a redefacement, indicating this was the first successful compromise of this target. A mirror of the defacement was archived at haxor.id, confirming the incidents documentation within the defacement community.
Date: 2026-05-10T12:19:50Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249112
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Information Technology
Victim Organization: SG Internet Solutions
Victim Site: sginternetsolutions.com
Free distribution of URL:Log:Pass combo list with 8+ million lines
Category: Combo List
Content: A threat actor shared a URL:Log:Pass combo list containing over 8 million lines on a cybercrime forum. The content is available for free to registered members. No specific victim organization or country is identified.
Date: 2026-05-10T12:18:11Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-329
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of URL:Log:Pass combo list with 8+ million lines
Category: Combo List
Content: A threat actor on a cybercrime forum has shared a URL:Log:Pass combo list containing over 8 million lines, distributed for free. The content is hidden behind a registration/login wall on the forum.
Date: 2026-05-10T12:17:44Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-326
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Hotmail credentials advertised as private lines
Category: Combo List
Content: A threat actor is distributing a combo list of Hotmail credentials described as private lines via a hidden content link. The actual content and record count are not visible without registration or login.
Date: 2026-05-10T12:17:03Z
Network: openweb
Published URL: https://patched.to/Thread-nova-%E2%9C%94%EF%B8%8F%F0%9F%92%8E-hotmail-lines-private-atom-cloud%E2%9C%94%EF%B8%8F%F0%9F%92%8E-300849
Screenshots:
None
Threat Actors: Cypheer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list subscription service
Category: Combo List
Content: A threat actor is selling a subscription-based combo list service advertising fresh Hotmail and mixed email credentials. The service is offered in tiers ranging from $10 for a 3-day trial to $45 for one month. The seller claims lines are private and deduplicated, marketed as suitable for credential stuffing against any target.
Date: 2026-05-10T12:16:45Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%98%81%EF%B8%8F-mk2-cloud-fresh-hotmail-mail-access-full-private-%F0%9F%92%8E-300852
Screenshots:
None
Threat Actors: mk2clode
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list (10K hits)
Category: Combo List
Content: A forum user is sharing a list of 10,000 alleged Hotmail credential hits. The content is gated behind registration or login. These credentials are intended for use in credential stuffing against Hotmail accounts.
Date: 2026-05-10T12:16:37Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85-10k-hq-hotmail-hit-%E2%9C%85-300851
Screenshots:
None
Threat Actors: RetroCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail and OneDrive combo list of 900 lines
Category: Combo List
Content: A threat actor is distributing a combo list of 900 Hotmail credentials marketed as fresh, with claimed validity for OneDrive (One Cloud) access. The content is hidden behind a forum registration/login wall.
Date: 2026-05-10T12:16:33Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F900-LINE-HOTMAIL-ONE-CLOUD-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: ALVIN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list sample (1,145 credentials)
Category: Combo List
Content: A threat actor shared a sample combo list containing 1,145 Hotmail credentials on a leak forum. The content is gated behind registration or login. No additional details about the data origin or validity are provided.
Date: 2026-05-10T12:16:29Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-1145x-SAMPLE-HOTMAIL-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Stevejobs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list sample shared on forum
Category: Combo List
Content: A threat actor shared a sample combo list of 1,145 Hotmail credentials on a public forum. The content is gated behind registration or login. The credentials are intended for use in credential stuffing against Hotmail accounts.
Date: 2026-05-10T12:15:32Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-1145x-SAMPLE-HOTMAIL-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: HollowKnight
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of compromised email accounts and mailbox access across multiple countries
Category: Logs
Content: Multiple threat actors operating in Squad Chat Marketplace advertising the sale of fresh compromised email credentials, mailbox access with cookies, and database credentials from multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT). Sellers claim to have private cloud access to valid webmails and offer targeted searches by keyword for platforms including eBay, Uber, PSN, Booking, Poshmark, Alibaba, Walmart, Amazon, Mercari, Kleinanzeigen, Hotmail, Yahoo, Reddit, Grailed, Vinted, and ATT. Pricing appears to start at $1 per credential.
Date: 2026-05-10T12:14:37Z
Network: telegram
Published URL: https://t.me/c/2613583520/78917
Screenshots:
None
Threat Actors: Num
Victim Country: United Kingdom, Germany, Japan, Netherlands, Brazil, Poland, Spain, United States, Italy
Victim Industry: Multiple (e-commerce, email providers, travel, social platforms)
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of RM Tech IT Solutions by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement campaign targeting rmtechitsolutions.com, an IT solutions provider. The attack was carried out on a Linux-based server and is classified as a mass defacement operation. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T12:13:47Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249107
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Information Technology
Victim Organization: RM Tech IT Solutions
Victim Site: rmtechitsolutions.com
Mass Defacement of RMFiberNet by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, the website rmfibernet.com, associated with a fiber internet service provider, was defaced by threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM. The incident was classified as a mass defacement, indicating multiple sites were targeted in the same campaign. The targeted server was running on a Linux-based environment.
Date: 2026-05-10T12:12:55Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249108
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Internet Services
Victim Organization: RMFiberNet
Victim Site: rmfibernet.com
Mass Defacement of RNJ Network and Data Solution by Mr.XycanKing / BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement campaign targeting rnjnetworkanddatasolution.com, a network and data solutions provider. The attack was carried out on a Linux-based server and is classified as a mass defacement operation. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T12:11:38Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249106
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Information Technology / Network Services
Victim Organization: RNJ Network and Data Solution
Victim Site: rnjnetworkanddatasolution.com
Mass Defacement of redjacobjaden.com by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement attack targeting redjacobjaden.com, hosted on a Linux server. The incident was classified as a mass defacement campaign, suggesting multiple sites were targeted simultaneously. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-10T12:10:39Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249110
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Red Jacob Jaden
Victim Site: redjacobjaden.com
Mass Defacement of RM Internet Services by Mr.XycanKing / BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement campaign targeting rminternetservices.com, a Linux-based web hosting or internet services provider. The attack was confirmed as a mass defacement event, suggesting multiple sites may have been compromised simultaneously. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-10T12:09:33Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249109
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Information Technology / Internet Services
Victim Organization: RM Internet Services
Victim Site: rminternetservices.com
Combo List of 250K UK Mixed Email/Password Credentials
Category: Combo List
Content: A threat actor has shared a combo list containing approximately 250,000 UK mixed email and password credential pairs on a cybercrime forum. The content is hidden behind a registration or login requirement. No specific breached organization is identified.
Date: 2026-05-10T12:06:25Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-250K-UK-Mix-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Web.de with 364,000 credentials
Category: Combo List
Content: A threat actor has shared a combo list of 364,000 email and password pairs associated with Web.de, a German email service. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-10T12:06:02Z
Network: openweb
Published URL: https://breachforums.rs/Thread-364K-Combo-Web-de
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Mexican email:password combo list with 200K credentials
Category: Combo List
Content: A threat actor is sharing a Mexican combo list containing over 200,000 email and password pairs on a cybercrime forum. The content is gated behind registration or login. No specific breached organization is identified.
Date: 2026-05-10T12:04:25Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Mexican-Combo-200K-Ready-now
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of RAE Network Dimataling by Mr.XycanKing / BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, the website raenetworkdimataling.com was defaced by threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM. The incident was classified as a mass defacement campaign targeting a Linux-based web server. The attack was archived via haxor.id, indicating public documentation of the intrusion.
Date: 2026-05-10T12:03:25Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249103
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Philippines
Victim Industry: Telecommunications / Networking
Victim Organization: RAE Network Dimataling
Victim Site: raenetworkdimataling.com
Netherlands mixed combo list of 323K email/password pairs
Category: Combo List
Content: A threat actor shared a combo list of approximately 323,000 email and password pairs associated with Netherlands-based accounts. The list is described as mixed and is available to registered forum members.
Date: 2026-05-10T12:02:20Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Netherlands-Mixed-Combo-323K
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of Radfibernet.com by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, the website radfibernet.com was defaced by threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM. The incident was classified as a mass defacement targeting a Linux-based web server. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-10T12:02:08Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249105
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Internet Service Provider
Victim Organization: Radfibernet
Victim Site: radfibernet.com
Mass Defacement by BABAYO EROR SYSTEM Targeting IT Solutions Billing Platform
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement campaign targeting rdnetitsolutions-billingsystem.com, an IT solutions billing platform running on a Linux server. The incident was confirmed as part of a broader mass defacement operation, with the defaced page archived at haxor.id. No specific motivation or proof of concept details were disclosed.
Date: 2026-05-10T12:00:37Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249102
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Information Technology
Victim Organization: RD Net IT Solutions
Victim Site: rdnetitsolutions-billingsystem.com
Mass Website Defacement of ptopfiber.com by Mr.XycanKing (BABAYO EROR SYSTEM)
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement attack against ptopfiber.com, a fiber internet service provider. The attack targeted a Linux-based server and was part of a broader mass defacement campaign. The defaced page was archived and mirrored at haxor.id.
Date: 2026-05-10T11:58:44Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249104
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Internet Services
Victim Organization: PTOP Fiber
Victim Site: ptopfiber.com
Mass Website Defacement by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement campaign targeting redjacobjaden-oslob.com, hosted on a Linux server. The incident was classified as a mass defacement, suggesting multiple sites were simultaneously compromised. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-10T11:57:31Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249101
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Philippines
Victim Industry: Unknown
Victim Organization: Red Jacob Jaden Oslob
Victim Site: redjacobjaden-oslob.com
Mass Website Defacement of orfijohnm.com by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM defaced the website orfijohnm.com as part of a mass defacement campaign targeting a Linux-based web server. The attack resulted in the compromise of the sites index page, with the defacement archived at haxor.id. No specific motive or vulnerability details were disclosed in the available data.
Date: 2026-05-10T11:51:23Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249098
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: orfijohnm.com
Alleged website defacements by Mr.XycanKing and Mr.PIMZZZXploit
Category: Defacement
Content: BABAYO EROR SYSTEM group claims multiple website defacements. Mr.XycanKing claims responsibility for defacing 10 websites including lnoc-merida.com, mabbysnetworkanddatasolution.com, marcjaydennetwork.com, mangjuaninet.com, mddvtelecoms-billingsystem.com, miarahinternet.com, mlinternetinstallationservices.com, mnmwirelessinternetservices.com, mrrightcoolgeekstechnologysamar.com, and mtsuperfiber.com. A mirror archive is referenced at haxor.id. Mr.PIMZZZXploit claims defacement of 50+ websites hosted on demowebsiteclient.com and devwebs.co.in domains.
Date: 2026-05-10T11:50:57Z
Network: telegram
Published URL: https://t.me/c/3865526389/881
Screenshots:
None
Threat Actors: Mr.XycanKing
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of Financial Services Site by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing, affiliated with the group BABAYO EROR SYSTEM, conducted a mass defacement campaign targeting networthsolutionssystem.com, a financial solutions platform hosted on a Linux server. The attack was part of a broader mass defacement operation, with a mirror of the defaced page archived at haxor.id. No specific motivation or vulnerability details were disclosed.
Date: 2026-05-10T11:49:11Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249100
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Networth Solutions System
Victim Site: networthsolutionssystem.com
Mass Defacement of Billing System Site by Mr.XycanKing / BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement campaign targeting ntouch-billingsystem.com, a billing system platform running on a Linux server. The defacement was not a redefacement and did not target the home page specifically, suggesting broader directory or subdirectory compromise consistent with a mass defacement operation. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-10T11:47:07Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249099
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Billing Services
Victim Organization: NTouch Billing System
Victim Site: ntouch-billingsystem.com
Mass Defacement of Indonesian Vocational School by BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, the attacker Mr.XycanKing operating under the team BABAYO EROR SYSTEM defaced the PPDB (student admissions) subdomain of SMKN 1 Banjarmargo, an Indonesian state vocational high school. The incident was classified as a mass defacement, suggesting multiple sites were targeted simultaneously. The defaced page was archived via haxor.id with mirror reference 249096.
Date: 2026-05-10T11:41:09Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249096
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMKN 1 Banjarmargo (State Vocational High School 1 Banjarmargo)
Victim Site: ppdb.smkn1banjarmargo.sch.id
Mass Defacement of Navotas Community Platform by Mr.XycanKing (BABAYO EROR SYSTEM)
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement attack targeting pipol-navotas.com, a community-oriented platform associated with Navotas, Philippines. The attack was carried out on a Linux-based server and was confirmed as part of a broader mass defacement campaign. The defacement was archived via haxor.id.
Date: 2026-05-10T11:39:09Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249097
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Philippines
Victim Industry: Community/Public Services
Victim Organization: Pipol Navotas
Victim Site: pipol-navotas.com
Sale of Hotmail combo list with 1,088 hits
Category: Combo List
Content: A threat actor is sharing a combo list advertised as 1,088 Hotmail premium hits on a public forum. The content is hidden behind registration or login. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-10T11:35:39Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85%E2%9C%85%E2%9C%851088x-hotmail-premium-hits%E2%9C%85%E2%9C%85%E2%9C%85
Screenshots:
None
Threat Actors: Psyho70244
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list by threat actor s2lender
Category: Combo List
Content: A threat actor operating as s2lender is offering a combo list of approximately 2,287 Hotmail credentials, marketed as high quality. The seller claims to provide daily supplies of 4,000–12,000 fresh credentials through a private members-only network.
Date: 2026-05-10T11:35:09Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-2287x-hq-hotmail-by-s2lender-txt
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials shared by threat actor GLITCH
Category: Combo List
Content: A threat actor operating under the alias GLITCH is distributing a combo list of approximately 4,001 Hotmail credentials, marketed as high-quality and fresh. The list is available for free download via hidden content on the forum. The post encourages engagement to support further free leaks.
Date: 2026-05-10T11:34:31Z
Network: openweb
Published URL: https://patched.to/Thread-4001-hq-fresh-hotmails-part-1-by-glitch
Screenshots:
None
Threat Actors: mrglitchxxxx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 2,000 Hotmail credentials
Category: Combo List
Content: A threat actor on a combolist forum is distributing a set of 2,000 Hotmail credentials marketed as fresh. The content is hidden behind a login/registration wall. No breach of Microsoft or Hotmail infrastructure is claimed; the credentials are likely harvested from third-party breaches and tested against Hotmail.
Date: 2026-05-10T11:33:52Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-2000x-fresh-hotmail-data-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: Pirate999
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed combo list with 837 entries
Category: Combo List
Content: A forum user is sharing a mixed combo list containing 837 credential entries. The content is gated behind registration or login. No specific victim organization or country is identified.
Date: 2026-05-10T11:33:35Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-837x-fresh-mixed-data-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-300845
Screenshots:
None
Threat Actors: Lowza9
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 27,000 full mail access credentials
Category: Combo List
Content: A combo list containing 27,000 full mail access credentials of mixed providers is being shared on BreachForums. The content is hidden behind a registration or login wall, suggesting it is available to forum members upon authentication.
Date: 2026-05-10T11:29:27Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-27K-Full-Mail-Access-MIX-08-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting French mail accounts
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1,300 French email account credentials, marketed as fresh and valid as of May 8. The content is gated behind forum registration or login.
Date: 2026-05-10T11:29:04Z
Network: openweb
Published URL: https://breachforums.rs/Thread-1-3K-France-Fresh-Valid-Mail-Access-08-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 200K email/password pairs
Category: Combo List
Content: A threat actor has shared a combo list containing 200,000 Hotmail email and password pairs on a cybercrime forum. The content is hidden behind a registration or login requirement. This list is intended for credential stuffing or account takeover activity.
Date: 2026-05-10T11:27:27Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Hotmail-200K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 50K t-online.de Germany combo list
Category: Combo List
Content: A threat actor is offering a combo list of 50,000 t-online.de credentials on a cybercrime forum. The listed credentials are likely intended for credential stuffing against German email accounts. No further details are available as the post contains no content.
Date: 2026-05-10T11:25:50Z
Network: openweb
Published URL: https://breachforums.rs/Thread-50K-t-online-de-Germany-Combo
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 30,000 German email credentials shared on forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 30,000 German email account credentials, marketed as fully valid mail access. The content is hidden behind a forum registration or login wall.
Date: 2026-05-10T11:23:57Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-30K-GERMAY-Full-Valid-Mail-Access-10-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Arab Data Hub Events Portal by BARZXPLOIT (DigitalStormSec)
Category: Defacement
Content: On May 10, 2026, threat actor BARZXPLOIT, operating under the team DigitalStormSec, defaced the events portal of Arab Data Hub at events.arabdatahub.org. The attack targeted a Linux-based web server hosting the organizations events subdomain. The incident was a targeted single-site defacement, and a mirror of the defaced page was archived at haxor.id.
Date: 2026-05-10T11:15:54Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249095
Screenshots:
None
Threat Actors: BARZXPLOIT, DigitalStormSec
Victim Country: Unknown
Victim Industry: Technology / Data Services
Victim Organization: Arab Data Hub
Victim Site: events.arabdatahub.org
Website Defacement of API Seberang Perai by BARZXPLOIT of DigitalStormSec
Category: Defacement
Content: On May 10, 2026, the threat actor BARZXPLOIT, affiliated with the group DigitalStormSec, defaced the website of API Seberang Perai, a Malaysian educational institution. The attack targeted a Linux-based web server and resulted in unauthorized modification of the sites content. The incident was recorded as a standalone defacement, not part of a mass or repeated campaign.
Date: 2026-05-10T11:13:51Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249094
Screenshots:
None
Threat Actors: BARZXPLOIT, DigitalStormSec
Victim Country: Malaysia
Victim Industry: Education
Victim Organization: API Seberang Perai (Politeknik)
Victim Site: www.api-sp.edu.my
Sale of ASIA Fresh Mail Access Combo List (2.8K)
Category: Combo List
Content: A threat actor is offering a combo list of approximately 2,800 email access credentials targeting ASIA-region accounts, dated May 10. The credentials are marketed as fresh mail access and are available behind a registration/login gate on the forum.
Date: 2026-05-10T11:11:19Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-2-8K-ASIA-%C2%A0Fresh-Mail-Access-10-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Kota Gunungsitoli government database
Category: Data Leak
Content: A threat actor known as JAX7 has leaked a database allegedly belonging to Kota Gunungsitoli, a city government entity in Indonesia. The post includes a sample of the data. No further details regarding record count or specific data fields are provided in the post.
Date: 2026-05-10T11:05:55Z
Network: openweb
Published URL: https://breached.st/threads/leak-database-data-kota-gunungsitoli.86966/unread
Screenshots:
None
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Kota Gunungsitoli
Victim Site: Unknown
Sale of Hotmail combo list by threat actor s2lender
Category: Combo List
Content: A threat actor operating under the handle s2lender is offering a combo list of approximately 1,388 Hotmail credentials marketed as high quality. The actor advertises daily supply of 4,000–12,000 fresh credentials with private and encrypted access. The content itself is hidden behind a registration or login requirement on the forum.
Date: 2026-05-10T10:54:39Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1388x-hq-hotmail-by-s2lender-txt
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Japan mail services
Category: Combo List
Content: A forum user is distributing a combo list of approximately 2,900 Japan-based email account credentials. The content is hidden behind a registration or login wall. No specific breached organization is identified.
Date: 2026-05-10T10:54:20Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%902-9k-japan-mail-access-%E2%AD%90
Screenshots:
None
Threat Actors: agha24
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 1.1K Hotmail credentials shared on forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 1,100 Hotmail email credentials on a combolist forum. The content is hidden behind a login/register wall and is described as old data. No price is mentioned, indicating the list was distributed for free.
Date: 2026-05-10T10:54:04Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%9A%871-1k-hotmail-mail-access%F0%9F%9A%87%E2%9C%A8-09-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 1,264 Hotmail credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 1,264 Hotmail credentials marketed as premium and fresh. The content is gated behind registration or login on the forum. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-10T10:53:44Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%E2%9A%A1-1264x-premium-fresh-hotmails-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Lowza9
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ Mix Combo List
Category: Combo List
Content: A threat actor is offering a combo list of approximately 18,421 credential pairs marketed as high-quality mixed accounts. The listing claims daily supply of 4,000–12,000 fresh credentials available through a private members-only channel.
Date: 2026-05-10T10:53:07Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-18421x-hq-mix-by-s2lender-txt
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 519 credentials
Category: Combo List
Content: A threat actor is offering a combo list of 519 alleged high-quality Hotmail credentials on a cybercrime forum. The post advertises daily supplies of 4,000–12,000 fresh credentials, marketed as optimized for credential stuffing. The content is gated behind forum registration or login.
Date: 2026-05-10T10:52:32Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-519x-hq-hotmail-by-s2lender-txt
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of daily fresh email combo lists including Hotmail and mixed mail access
Category: Combo List
Content: A threat actor is selling subscription-based access to daily fresh mixed email combo lists, including Hotmail credentials, marketed as private with no duplicates. Subscription tiers range from $10 for a 3-day trial to $45 for one month. The seller claims the credentials are suitable for any target, suggesting use in credential stuffing operations.
Date: 2026-05-10T10:52:14Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%98%81%EF%B8%8F-mk2-cloud-fresh-mix-mail-access-full-private-%F0%9F%92%8E-300836
Screenshots:
None
Threat Actors: mk2clode
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of netlinkph.com by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement campaign targeting netlinkph.com, a Philippines-based internet or networking services provider. The attack compromised the sites index page running on a Linux server. The incident was confirmed as part of a broader mass defacement operation, with a mirror archived at haxor.id.
Date: 2026-05-10T10:51:14Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249093
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Philippines
Victim Industry: Telecommunications / Internet Services
Victim Organization: Netlink
Victim Site: netlinkph.com
Combo List of Hotmail credentials
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 3,000 Hotmail email and password credentials marketed as fresh. The content is hidden behind registration or login. The actor advertises an external store at megacloudshop.top.
Date: 2026-05-10T10:51:03Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3K-HOTMAIL-FRESH-MAIL-ACCESS-Just-Top-Quality-10-05
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of US phone:password combo list with 14 million lines
Category: Combo List
Content: A threat actor is offering a US-based phone number and password combo list containing 14 million lines, marketed for credential stuffing against various targets including private services, social media, and online shops. The seller claims to possess significantly larger datasets totaling approximately 1.5 billion US lines and 2 billion EU/Asia lines available upon request.
Date: 2026-05-10T10:49:27Z
Network: openweb
Published URL: https://breachforums.rs/Thread-USA-phone-pass-14m-lines
Screenshots:
None
Threat Actors: numpass_usa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 42K mixed email/password credentials
Category: Combo List
Content: A threat actor is sharing a mixed combolist containing approximately 42,000 email and password combinations. The content is gated behind forum registration or login. No specific target organization or service is identified.
Date: 2026-05-10T10:47:49Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combo-Mixed-42K-Ready
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of mixed credentials (86K records)
Category: Combo List
Content: A mixed combo list containing approximately 86,000 credential pairs was shared on a breach forum. No additional details are available regarding the source or composition of the list.
Date: 2026-05-10T10:46:11Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combo-Mixed-86K-Ready
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list targeting Germany with 205K credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 205,000 credentials via Pasteview, marketed as fresh and targeting Germany. The list was made available for free on the forum.
Date: 2026-05-10T10:37:53Z
Network: openweb
Published URL: https://altenens.is/threads/205k-fresh-germany-txt.2937363/unread
Screenshots:
None
Threat Actors: Vekko
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fraudulent payment transfers and stolen credit/debit cards
Category: Carding
Content: A threat actor is offering fraudulent transfers via CashApp, PayPal, Western Union, Apple Pay, and Revolut targeting USA, UK, and other countries, with transfer ratios ranging from $25 for $250 up to $65 for $650. The actor is also selling stolen credit and debit cards with balances of $1,000–$8,000 for $10 each, advertised as suitable for online purchases, bill payments, and phone orders. Payment is accepted in cryptocurrency including BTC, USDT, LTC, ETH, and XRP.
Date: 2026-05-10T10:37:28Z
Network: openweb
Published URL: https://altenens.is/threads/hello-im-active-envelopeand-i-am-doing-transfers-to-all-countries-seven-oclock-cashapp-credit-cardtransfers-usa-uk-25-250-test-run-35-350-45-450-55-550-65-650-g.2937371/unread
Screenshots:
None
Threat Actors: Frafaridd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Optavia
Category: Data Breach
Content: A threat actor claims to be selling a database dump from optavia.com containing full names, email addresses, passwords, phone numbers, rewards balances, and partial payment card details (type, expiration, last four digits). Sample records include plaintext credentials paired with Mastercard, Visa, and Discover card metadata. The actor directs interested parties to a Telegram contact for further information.
Date: 2026-05-10T10:32:51Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-optavia-com-website-USA-data
Screenshots:
None
Threat Actors: numpass_usa
Victim Country: United States
Victim Industry: Retail
Victim Organization: Optavia
Victim Site: optavia.com
Alleged data breach of Lenme.com exposing US user records with SSNs
Category: Data Breach
Content: A threat actor is selling a database allegedly sourced from Lenme.com, a US-based Bitcoin investment platform. The sample data includes full names, email addresses, plaintext passwords, physical addresses, phone numbers, and full Social Security Numbers (SSNs). The post describes the shared records as a small portion of a larger dataset.
Date: 2026-05-10T10:31:14Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-lenme-com-invest-btc-data-usa-with-SSN
Screenshots:
None
Threat Actors: numpass_usa
Victim Country: United States
Victim Industry: Finance
Victim Organization: Lenme
Victim Site: lenme.com
Sale of US high-profile real estate investor leads
Category: Services
Content: A threat actor is offering for sale leads purportedly belonging to high-profile real estate investors in the United States. No further details regarding the source, record count, or data fields are provided in the post.
Date: 2026-05-10T10:28:28Z
Network: openweb
Published URL: https://breachforums.rs/Thread-USA-high-profile-real-estates-investors-leads
Screenshots:
None
Threat Actors: darkbigfoot
Victim Country: United States
Victim Industry: Real Estate
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Kota Gunungsitoli database
Category: Data Leak
Content: A database leak from Kota Gunungsitoli has been posted on Breachforums by user JAX7. The leak includes database data from the city/region of Kota Gunungsitoli, Indonesia.
Date: 2026-05-10T10:26:04Z
Network: telegram
Published URL: https://t.me/byjax7/597
Screenshots:
None
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Kota Gunungsitoli
Victim Site: Unknown
Alleged data leak of Gemini (Google) database
Category: Data Leak
Content: A threat actor claims to be freely sharing a database allegedly associated with gemini.google.com, noting that others have previously sold this data. The post provides a download link but does not specify the record count or data fields included.
Date: 2026-05-10T10:23:58Z
Network: openweb
Published URL: https://breached.st/threads/database-gemini-google-com.86965/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: United States
Victim Industry: Technology
Victim Organization: Google
Victim Site: gemini.google.com
Sale of Germany combo list with 1 million credentials
Category: Combo List
Content: A threat actor is offering a combo list of 1 million credentials purportedly from German users, marketed as high quality and fresh. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-10T10:11:33Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-1m-germany-high-quality-fresh-combolist
Screenshots:
None
Threat Actors: capitan911
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Microsoft credential combo list with 630,000 records
Category: Combo List
Content: A forum user is sharing a combo list advertised as containing 630,000 Microsoft credentials. The content is hidden behind a registration or login requirement. This list is intended for credential stuffing against Microsoft services and does not represent a breach of Microsoft itself.
Date: 2026-05-10T10:11:16Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-630k-microsoft-good-quality-combolist
Screenshots:
None
Threat Actors: capitan911
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Polish combo list with 190,000 credentials
Category: Combo List
Content: A threat actor is distributing a combo list claimed to contain 190,000 fresh, high-quality credentials associated with Polish users. The content is hidden behind a registration or login requirement on the forum. No specific breached organization is identified.
Date: 2026-05-10T10:10:59Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-190k-poland-fresh-hq-combolist
Screenshots:
None
Threat Actors: capitan911
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
OneDrive combo list of 675K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 675,000 credentials marketed as a private base suitable for credential stuffing against OneDrive. The post is shared on a combolist forum and requires registration to access the hidden content.
Date: 2026-05-10T10:10:39Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1675k-onedrive%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Google Gemini Database Breach
Category: Data Breach
Content: A user on Breachforums (xyph0rix) has posted a thread claiming access to a Google Gemini database. The post includes a direct link to the breach discussion thread on Breachforums, a known dark web marketplace for stolen data and exploits.
Date: 2026-05-10T10:10:28Z
Network: telegram
Published URL: https://t.me/Xyph0rix/331
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: United States
Victim Industry: Technology/Cloud Services
Victim Organization: Google
Victim Site: gemini.google.com
Sale of gaming combo list targeting Minecraft and Roblox users
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 835,000 credential pairs marketed as private lines targeting gaming platforms including Minecraft and Roblox. The post advertises the data as high quality and is associated with a combo cloud service offering.
Date: 2026-05-10T10:10:08Z
Network: openweb
Published URL: https://patched.to/Thread-gaming-%E2%8E%9D-835k-gaming%E2%8E%A0%E2%9A%A1100-private-lines%E2%9A%A1high-quality-combo%E2%9A%A1minecraft-roblox%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list with 1,836 hits
Category: Combo List
Content: A threat actor is distributing a combo list containing 1,836 claimed hits for Hotmail accounts, marketed as premium credentials. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-10T10:09:38Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%9C-1836x-premium-hotmail-hits-%E2%9A%9C
Screenshots:
None
Threat Actors: Anon75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Microsoft credential combo list of 679K records
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 679,000 credentials marketed as a private Microsoft-related base. The post claims the credentials are suitable for multiple use cases, consistent with credential stuffing activity.
Date: 2026-05-10T10:09:20Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1679k-microsoft%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of PayPal combo list with 855K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 855,000 credentials advertised as a private base for use against PayPal. The post references a combo cloud service offering high-quality data and private lines.
Date: 2026-05-10T10:08:53Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9A%A1855k-paypal%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of credential stuffing and account checker services
Category: Services
Content: A threat actor is offering credential stuffing and account checking services, accepting client-supplied combo lists and delivering verified working credentials against specified targets. The actor also advertises custom-built private checker tools engineered to evade detection on target platforms. Pricing is described as competitive and volume-based.
Date: 2026-05-10T10:08:27Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9A%A1-permaservices-%E2%9A%A1
Screenshots:
None
Threat Actors: Impermanently
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list (1,100 entries)
Category: Combo List
Content: A threat actor is distributing a combo list of 1,100 Hotmail login credentials, marketed as UHQ (ultra-high quality). The content is gated behind registration or login on the forum.
Date: 2026-05-10T10:08:21Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1100x-hotmail-login-uhq
Screenshots:
None
Threat Actors: BuggracK
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ valid mail combo list
Category: Combo List
Content: A threat actor is distributing a combo list advertised as 1,800 UHQ valid email credentials. The content is hidden behind a registration or login wall on the forum. No specific victim organization or country is identified.
Date: 2026-05-10T10:08:06Z
Network: openweb
Published URL: https://patched.to/Thread-1-8k-uhq-valid-mail-300818
Screenshots:
None
Threat Actors: shamirrandi11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement of mycloudbytes.link by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, the website mycloudbytes.link was defaced by threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM. The incident was classified as a mass defacement campaign targeting a Linux-based web server. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T10:00:58Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249086
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Technology / Cloud Services
Victim Organization: My Cloud Bytes
Victim Site: mycloudbytes.link
Mass Website Defacement by Mr.XycanKing of BABAYO EROR SYSTEM Targeting Internet Installation Services Provider
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement campaign targeting mlinternetinstallationservices.com, an internet installation services provider. The attack was carried out on a Linux-based server, and the defacement was archived via haxor.id. This incident is part of a broader mass defacement operation attributed to the same threat actor.
Date: 2026-05-10T10:00:05Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249089
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Internet Services
Victim Organization: ML Internet Installation Services
Victim Site: mlinternetinstallationservices.com
Mass Defacement of Multi-ISP Billing System by Mr.XycanKing (BABAYO EROR SYSTEM)
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM, conducted a mass defacement attack against multi-ispbillingsystem.com, a web platform associated with ISP billing services. The attack targeted a Linux-based server and was confirmed as a mass defacement campaign. The defaced page was archived via haxor.id, a common mirror service used to document web defacements.
Date: 2026-05-10T09:59:17Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249087
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Information Technology / Telecommunications
Victim Organization: Multi-ISP Billing System
Victim Site: multi-ispbillingsystem.com
Mass Defacement of MT Super Fiber by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM, conducted a mass defacement campaign targeting mtsuperfiber.com, a likely fiber internet service provider. The attack was carried out on a Linux-based server and is classified as a mass defacement, suggesting multiple sites were compromised in the same operation. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T09:58:14Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249092
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Internet Services
Victim Organization: MT Super Fiber
Victim Site: mtsuperfiber.com
Combo List of 333K US Email/Password Credentials
Category: Combo List
Content: A combo list containing approximately 333,000 email and password pairs reportedly associated with US users was shared on a breach forum. No additional details regarding the source or targeted services were provided in the post.
Date: 2026-05-10T09:57:43Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-usa-333K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement by Mr.XycanKing (BABAYO EROR SYSTEM) targeting technology sector site
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement campaign targeting mrrightcoolgeekstechnologysamar.com, a technology-related website hosted on a Linux server. The defacement was not a re-defacement and did not target the home page specifically. The incident was archived and mirrored on haxor.id.
Date: 2026-05-10T09:57:15Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249091
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Mr Right Cool Geeks Technology Samar
Victim Site: mrrightcoolgeekstechnologysamar.com
Spotify credential combo list with 400K email/password pairs
Category: Combo List
Content: A threat actor is sharing a combo list of 400,000 email and password pairs marketed as Spotify hits. The content is hidden behind a registration or login requirement on the forum. This is a credential stuffing list and does not represent a breach of Spotify itself.
Date: 2026-05-10T09:56:22Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Spotify-Hits-mix-Combo-400K
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of MNM Wireless Internet Services by Mr.XycanKing (BABAYO EROR SYSTEM)
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM, conducted a mass defacement attack against mnmwirelessinternetservices.com, a wireless internet services provider. The attack targeted a Linux-based server and was confirmed as part of a broader mass defacement campaign. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T09:56:02Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249090
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Internet Services
Victim Organization: MNM Wireless Internet Services
Victim Site: mnmwirelessinternetservices.com
Mass defacement of miarahinternet.com by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement attack against miarahinternet.com, an internet service provider running on a Linux-based server. The attack was classified as a mass defacement, suggesting multiple sites may have been targeted simultaneously. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T09:55:10Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249088
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Internet Services
Victim Organization: Miarah Internet
Victim Site: miarahinternet.com
Combo List targeting Hotmail accounts
Category: Combo List
Content: A forum user is sharing a combo list of 950 claimed valid Hotmail mail access credentials. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-10T09:34:49Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%E2%9A%9C%EF%B8%8F950x-valid-hotmail-mail-access-cloucpr0-%E2%9A%9C%EF%B8%8F%E2%9C%A8-10-05
Screenshots:
None
Threat Actors: ELJOKER1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ fresh mixed combo list
Category: Combo List
Content: A forum user is sharing a combo list advertised as containing 537 high-quality, fresh mixed credentials. The content is hidden behind a registration or login wall. No specific victim organization or country is identified.
Date: 2026-05-10T09:34:07Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-537x-hq-fresh-mixed-data-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-300799
Screenshots:
None
Threat Actors: Lowza9
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 1,564 Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of 1,564 Hotmail credentials, marketed as premium and fresh. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-10T09:33:38Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%E2%9A%A1-1564x-premium-fresh-hotmails-%E2%9A%A1%E2%9A%A1-300796
Screenshots:
None
Threat Actors: Lowza9
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential hits combo list sorted by country
Category: Combo List
Content: A threat actor is sharing 637 alleged high-quality Hotmail credential hits, marketed as sorted by country and targeting inboxes. The content is gated behind registration or login on the forum.
Date: 2026-05-10T09:33:08Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9D%84-637x-hq-hotmail-hits-%E2%9D%84-%F0%9F%94%8E-inboxes-targets-%F0%9F%94%8E-%F0%9F%8C%8Esorted-countries-%F0%9F%8C%8E
Screenshots:
None
Threat Actors: Lowza9
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Miners’ data targeted as hackers hold software provider to ransom
Category: Cyber Attack
Content: Several Australian mining companies are experiencing difficulties following a major cyberattack targeting a software provider in the sector, with a ransom demand issued. Among the potentially affected companies are Northern Star Resources and Evolution Mining, two of the countrys largest gold miners. These companies are currently working to restore access to their critical technology systems.
Date: 2026-05-10T09:32:56Z
Network: openweb
Published URL: https://www.afr.com/technology/miners-data-targeted-as-hackers-hold-software-provider-to-ransom-20260508-p5zv16
Screenshots:
None
Threat Actors:
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Scope Systems
Victim Site: scopesystems.com.au
Blitz dei pirati informatici. Attacco alla Unoaerre: “Dateci 3,8 milioni in bitcoin”
Category: Cyber Attack
Content: Unoaerre, a silversmithing company, fell victim to a cyberattack that paralyzed its operating system, prompting cybercriminals to demand a ransom of 3.8 million euros in bitcoin. Initial investigations suggest the attack may have links to countries in the Middle East and Eastern Europe. Despite the disruption, preliminary assessments indicate that the damage may not be irreversible and that production could resume.
Date: 2026-05-10T09:32:52Z
Network: openweb
Published URL: https://www.lanazione.it/arezzo/cronaca/attacco-hacker-unoaerre-p5f5bo2d
Screenshots:
None
Threat Actors:
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unoaerre
Victim Site: unoaerre.it
Sale of clone cards, CVV, and payment card dumps across multiple countries
Category: Carding
Content: A threat actor is offering cloned payment cards, CVV/fullz data, and magnetic stripe dumps (Track 1 & 2 with/without PIN) for multiple countries including the US, UK, Canada, Australia, and EU. Cloned cards are advertised as usable at ATMs, gas stations, and for online purchases, with physical delivery via FedEx. Pricing ranges from $150 to $500 for clone card orders and $20 to $235 per unit for individual card data and dumps.
Date: 2026-05-10T09:17:43Z
Network: openweb
Published URL: https://xforums.st/threads/sell-clone-cards-cc-cvv-ccv.613616/
Screenshots:
None
Threat Actors: Genesis11Kk
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged cyber attack on NIPRP SALES (Thailand) with network compromise and data theft
Category: Cyber Attack
Content: Anonymous Switzerland claims to have compromised the internal network of NIPRP SALES, a Thai medical device distribution company and subsidiary of Niprp Corporation. The threat actor alleges complete system compromise, theft of all company data, and control over the companys domain. The group claims to have video evidence of network access and states they have full control over all company devices. NIPRP SALES operates multiple branches across Vietnam, Myanmar, Laos, and the Philippines.
Date: 2026-05-10T09:17:12Z
Network: telegram
Published URL: https://t.me/Anonymous_Switzerland/236
Screenshots:
None
Threat Actors: Anonymous Switzerland
Victim Country: Thailand
Victim Industry: Medical devices and healthcare equipment distribution
Victim Organization: NIPRP SALES
Victim Site: Unknown
Sale of invites to CS cheating forum vacban.wtf
Category: Services
Content: A forum user is offering invites to vacban.wtf, described as a popular Counter-Strike hacking and cheating forum. Access to the invites is gated behind a reply or account upgrade on the posting forum.
Date: 2026-05-10T09:09:14Z
Network: openweb
Published URL: https://darkforums.su/Thread-invite-vacban-wtf-invite-cs-cheating-forum
Screenshots:
None
Threat Actors: bluczikao
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: vacban.wtf
Combo List targeting Hotmail with 3K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 3,000 Hotmail email credentials. The content is hidden behind a registration or login wall on the forum. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-10T09:03:01Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%903k-hotmail-mail-access-%E2%AD%90
Screenshots:
None
Threat Actors: agha24
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 13K Mixed Country Credentials
Category: Combo List
Content: A combo list containing approximately 13,000 mixed-country credentials has been shared on a forum. The content is hidden behind a registration or login wall. No specific targeted service or organization is identified.
Date: 2026-05-10T09:02:31Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-13k-mixed-country-combo-300791
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of Pakistani Sports Training Site by Threat Actor Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement campaign targeting the Pakistani sports training website fs.trainingsports.pk on May 10, 2026. The defacement was identified as part of a broader mass defacement operation rather than an isolated attack. The incident was archived and mirrored via haxor.id for threat intelligence documentation purposes.
Date: 2026-05-10T08:53:38Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249085
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Pakistan
Victim Industry: Sports & Recreation
Victim Organization: Training Sports PK
Victim Site: fs.trainingsports.pk
Mass Website Defacement of TrainingSports.pk by Threat Actor Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement campaign targeting trainingsports.pk, a Pakistan-based sports training website. The defacement was recorded on May 10, 2026, with the malicious page hosted at the /zod.html path. This incident is part of a broader mass defacement operation attributed to the same actor.
Date: 2026-05-10T08:51:53Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249084
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Pakistan
Victim Industry: Sports & Recreation
Victim Organization: Training Sports
Victim Site: trainingsports.pk
Sale of alleged data breach of Mansoura University, Egypt
Category: Data Breach
Content: A threat actor is offering for sale an alleged dataset from Mansoura University in Egypt, claiming the data exceeds 10GB and includes approximately 1 million PII records along with images and documents.
Date: 2026-05-10T08:48:43Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Egypt-Mansoura-University-10GB-1M-pii-images-docs
Screenshots:
None
Threat Actors: INT3X
Victim Country: Egypt
Victim Industry: Education
Victim Organization: Mansoura University
Victim Site: Unknown
Mass Defacement Campaign by Mr.XycanKing of BABAYO EROR SYSTEM Targeting mangjuaninet.com
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement attack against mangjuaninet.com, a Linux-hosted web property. The incident was classified as a mass defacement, suggesting multiple sites were targeted in the same campaign. A mirror of the defaced page has been archived at haxor.id.
Date: 2026-05-10T08:45:58Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249082
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Internet Services
Victim Organization: Mangjuani Net
Victim Site: mangjuaninet.com
Mass Defacement of Mabbys Network and Data Solution by Mr.XycanKing / BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, the threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM, conducted a mass defacement campaign targeting mabbysnetworkanddatasolution.com, a network and data solutions provider. The attack was executed on a Linux-based server and is classified as a mass defacement, indicating multiple sites were likely affected simultaneously. No specific motivation or vulnerability details were disclosed, but the incident has been archived via haxor.id.
Date: 2026-05-10T08:44:57Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249080
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Information Technology / Network Services
Victim Organization: Mabbys Network and Data Solution
Victim Site: mabbysnetworkanddatasolution.com
Mass Defacement of lnoc-merida.com by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, the threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM, conducted a mass defacement campaign targeting lnoc-merida.com, hosted on a Linux-based server. The incident was confirmed as a mass defacement operation and is archived via haxor.id. No specific motive or proof-of-concept details were disclosed.
Date: 2026-05-10T08:44:04Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249079
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Mexico
Victim Industry: Unknown
Victim Organization: LNOC Merida
Victim Site: lnoc-merida.com
Mass Defacement of Telecommunications Billing System by Mr.XycanKing / BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, the threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM, conducted a mass defacement targeting the billing system portal of MDDV Telecoms. The attack targeted a Linux-based web server hosting the organizations customer billing infrastructure. This incident is part of a broader mass defacement campaign attributed to the same actor and group.
Date: 2026-05-10T08:42:44Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249083
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications
Victim Organization: MDDV Telecoms
Victim Site: mddvtelecoms-billingsystem.com
Mass Defacement of marcjaydennetwork.com by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM, conducted a mass defacement campaign targeting marcjaydennetwork.com, hosted on a Linux-based server. The incident was confirmed as a mass defacement operation, suggesting multiple sites were simultaneously compromised. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-10T08:41:31Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249081
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Technology / Networking
Victim Organization: Marc Jayden Network
Victim Site: marcjaydennetwork.com
Free combo list of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of 364 Hotmail credentials marketed as high-quality premium accounts. The content is gated behind forum registration or login. No specific breach victim is identified.
Date: 2026-05-10T08:29:34Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9D%84%E2%9D%84-364x-hq-premium-hotmails-%E2%9D%84%E2%9D%84
Screenshots:
None
Threat Actors: Lowza9
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 1.8K UHQ mixed email credentials shared on forum
Category: Combo List
Content: A forum user shared a combo list of 1,800 mixed email credentials described as ultra-high quality (UHQ). The content is hidden behind a registration or login wall. No specific breach source or target service is identified.
Date: 2026-05-10T08:29:03Z
Network: openweb
Published URL: https://patched.to/Thread-1-8k-uhq-mix-mail
Screenshots:
None
Threat Actors: shamirrandi11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Malaysia email:password combo list freely shared
Category: Combo List
Content: A threat actor shared a combo list of approximately 51,000 email and password pairs purportedly associated with Malaysian accounts. The credentials are marketed as fresh and high quality. The content is accessible to registered forum members.
Date: 2026-05-10T08:27:54Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-51-K-%E2%9C%A6-Malaysia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-10-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Malaysia email and password combo list allegedly containing 51K+ credentials
Category: Combo List
Content: A threat actor shared a combo list containing over 51,000 email and password pairs purportedly sourced from Malaysia, marketed as fresh and high quality. The credentials are available to registered forum members via hidden content. The post directs users to a Telegram channel for additional combo lists.
Date: 2026-05-10T08:27:46Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-51-K-%E2%9C%A6-Malaysia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-10-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Malaysia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of Latvian email:password credentials
Category: Combo List
Content: A threat actor has shared a combo list containing over 35,000 email and password pairs associated with Latvian accounts. The credentials are marketed as fresh and high quality, dated May 10, 2026. The content is gated behind forum registration or login.
Date: 2026-05-10T08:27:31Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-35-K-%E2%9C%A6-Latvia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-10-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Latvia Email:Password Combo List (35K+)
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 35,000 email and password pairs purportedly associated with Latvian accounts. The credentials are marketed as fresh and high quality, dated May 10, 2026. The content is gated behind forum registration or login.
Date: 2026-05-10T08:27:20Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-35-K-%E2%9C%A6-Latvia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-10-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Latvia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list targeting Kenyan email accounts
Category: Combo List
Content: A threat actor has shared a combo list containing over 17,000 email and password pairs associated with Kenya, marketed as fresh and high quality. The list is available to registered forum members via hidden content. This appears to be a credential stuffing resource rather than a breach of any specific organization.
Date: 2026-05-10T08:27:09Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-17-K-%E2%9C%A6-Kenya-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-10-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Kenya email credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 17,000 email and password pairs purportedly associated with Kenyan users. The credentials are marketed as fresh and high quality, with access restricted to registered forum members. The post references an external Telegram channel for additional combolists.
Date: 2026-05-10T08:26:56Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-17-K-%E2%9C%A6-Kenya-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-10-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Kenya
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Lithuania email:password combo list with 11K+ credentials
Category: Combo List
Content: A threat actor shared a combo list containing over 11,000 email and password pairs allegedly associated with Lithuanian accounts. The credentials are marketed as fresh and high quality. The content is gated behind registration or login on the forum.
Date: 2026-05-10T08:26:28Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-11-K-%E2%9C%A6-Lithuania-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-10-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Lithuania
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Nepal email and password combo list allegedly containing over 10,000 credentials
Category: Combo List
Content: A threat actor is distributing a combo list of email and password pairs purportedly from Nepal, containing over 10,000 lines. The credentials are marketed as fresh and high quality, with access gated behind forum registration or login.
Date: 2026-05-10T08:26:05Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-10-K-%E2%9C%A6-Nepal-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-10-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Nepal
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of Pakistani Government Website by Alpha Wolf (XYZ)
Category: Defacement
Content: On May 10, 2026, a threat actor known as XYZ, operating under the team Alpha Wolf, conducted a mass defacement attack targeting the Pakistani government website gbp.gov.pk. The attack was carried out on a Linux-based server and was classified as a mass defacement campaign. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-10T08:18:45Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249078
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Pakistan
Victim Industry: Government
Victim Organization: Government of Pakistan (GBP)
Victim Site: gbp.gov.pk
Mass Website Defacement of Pakistani Government Domain by Alpha Wolf (XYZ)
Category: Defacement
Content: On May 10, 2026, a threat actor identified as XYZ operating under the team name Alpha Wolf conducted a mass defacement attack targeting trs.gbp.gov.pk, a subdomain associated with the Government of Pakistans Gilgit-Baltistan Press. The defacement was confirmed as part of a mass defacement campaign running on a Linux-based server. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T08:17:01Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249076
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Pakistan
Victim Industry: Government
Victim Organization: Government of Pakistan – Gilgit-Baltistan Press
Victim Site: trs.gbp.gov.pk
Mass Web Defacement of Pakistani Government Planning Commission Site by Alpha Wolf (XYZ)
Category: Defacement
Content: On May 10, 2026, a threat actor identified as XYZ, operating under the team name Alpha Wolf, conducted a mass web defacement targeting pc.gbp.gov.pk, a Pakistani government domain associated with the Planning Commission. The defacement was confirmed as part of a mass defacement campaign running on a Linux-based server. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-10T08:14:49Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249077
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Pakistan
Victim Industry: Government
Victim Organization: Planning Commission of Pakistan (Government of Pakistan)
Victim Site: pc.gbp.gov.pk
Alleged data breach of Trezor
Category: Data Breach
Content: A threat actor is advertising a dataset allegedly obtained from Trezor, a cryptocurrency hardware wallet provider. The data reportedly includes gender, name, email, phone number, and date fields. The actor is directing interested parties to a Telegram account for further details.
Date: 2026-05-10T08:11:43Z
Network: openweb
Published URL: https://altenens.is/threads/trezor-crypto-hardware-wallet-data.2937280/unread
Screenshots:
None
Threat Actors: yenos68928
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Trezor
Victim Site: trezor.io
Mass Defacement of JZ Tech Air Fiber Internet by Mr.XycanKing (BABAYO EROR SYSTEM)
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM, conducted a mass defacement campaign targeting jztechairfiberinternet.com, a telecommunications and internet service provider. The attack was carried out on a Linux-based server and was identified as part of a broader mass defacement operation. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-10T08:08:51Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249075
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Internet Services
Victim Organization: JZ Tech Air Fiber Internet
Victim Site: jztechairfiberinternet.com
Mass defacement of kconnect-billingsystem.com by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing, affiliated with the group BABAYO EROR SYSTEM, conducted a mass defacement attack against kconnect-billingsystem.com, a telecommunications or billing services platform running on a Linux server. The attack was confirmed as a mass defacement campaign, with a mirror of the defaced page archived at haxor.id. No specific motive or proof-of-concept details were disclosed.
Date: 2026-05-10T08:06:53Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249074
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Billing Services
Victim Organization: KConnect Billing System
Victim Site: kconnect-billingsystem.com
Alleged data breach of Pitney Bowes Inc.
Category: Data Breach
Content: A threat actor affiliated with the ShinyHunters group claims to have compromised over 25 million Salesforce records belonging to Pitney Bowes Inc., reportedly dated April 8, 2026. The dataset, offered in CSV format, allegedly contains PII including names, email addresses, phone numbers, job titles, departments, and geographic data for approximately 8.3 million unique email addresses. Sample records appear to include active and inactive employee and customer Salesforce user accounts associated wi
Date: 2026-05-10T08:05:47Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Pitney-Bowes-Inc-pb-com
Screenshots:
None
Threat Actors: [Mod] Tanaka
Victim Country: United States
Victim Industry: Technology
Victim Organization: Pitney Bowes Inc.
Victim Site: pb.com
Hotmail combo list shared on forum
Category: Combo List
Content: A Hotmail combo list is being shared on a public forum under the SkylightCloud branding. The content is hidden behind a login/registration wall, so specific details such as record count and data format are not accessible. The post is categorized as a credential list intended for use against Hotmail accounts.
Date: 2026-05-10T07:57:34Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-skylight-public-cloud-hotmail-300764
Screenshots:
None
Threat Actors: SkylightCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 364 HQ Gmail credentials shared on forum
Category: Combo List
Content: A forum user shared a list of 364 purportedly high-quality Gmail credentials. The content is hidden behind a registration or login requirement. No breach of Google or Gmail infrastructure is claimed; this is a credential stuffing list targeting Gmail accounts.
Date: 2026-05-10T07:57:17Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9D%84%E2%9D%84-364x-hq-premium-gmails-%E2%9D%84%E2%9D%84
Screenshots:
None
Threat Actors: Lowza9
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Hotmail accounts
Category: Combo List
Content: A threat actor shared a combo list of 856 Hotmail credentials on a forum. The content is gated behind registration or login. The post requires user engagement (likes) to access the hidden content.
Date: 2026-05-10T07:56:15Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85%E2%9A%A1856x-good-hotmail%E2%9A%A1%E2%9C%85-300769
Screenshots:
None
Threat Actors: NovaCloudx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list targeting Montenegro email:password credentials
Category: Combo List
Content: A threat actor known as Maxleak has shared a combo list of approximately 57,000+ email:password credential pairs associated with Montenegro. The credentials are marketed as fresh and high quality, dated May 10, 2026. The content is gated behind forum registration or login.
Date: 2026-05-10T07:55:11Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-57-K-%E2%9C%A6-Montenegro-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-10-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Montenegro
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mexico Email:Password Combo List with 144K+ Credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 144,000 email and password pairs purportedly sourced from Mexico, marketed as fresh and high quality. The list is available via hidden content requiring forum registration or login. The post directs users to a Telegram channel for additional combo lists.
Date: 2026-05-10T07:54:25Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-144-K-%E2%9C%A6-Mexico-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-10-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Mexico
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of initial access to undisclosed US legal services firm via Exchange OWA
Category: Initial Access
Content: A threat actor is offering for sale Cloud Admin (Owner) level access to a Microsoft Exchange OWA instance belonging to an undisclosed US legal services firm with estimated revenue of $10M–$25M and approximately 50 hosts. The environment is protected by Carbon Black EDR. The listing was cross-posted from an external marketplace.
Date: 2026-05-10T07:44:18Z
Network: openweb
Published URL: https://xforums.st/threads/exchange-owa-legal-services-united-states-10m-25m-revenue.613608/
Screenshots:
None
Threat Actors: HighWayToShell
Victim Country: United States
Victim Industry: Legal Services
Victim Organization: Unknown
Victim Site: Unknown
Sale of initial access to undisclosed Norwegian mining company via Citrix Gateway
Category: Initial Access
Content: A threat actor is offering for sale network-level access to an undisclosed Norwegian mining company obtained via Citrix Gateway. The access carries Network Admin privileges on a network of approximately 50 hosts, with the target organization reporting revenues between $5M and $10M. Malwarebytes EDR is noted as the active endpoint security solution.
Date: 2026-05-10T07:42:21Z
Network: openweb
Published URL: https://xforums.st/threads/citrix-gateway-mining-norway-5m-10m-revenue.613610/
Screenshots:
None
Threat Actors: HighWayToShell
Victim Country: Norway
Victim Industry: Mining
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Sport 2000
Category: Data Breach
Content: A threat actor is selling an alleged database of 4 million Sport 2000 customer records. The dataset includes personal identifiers (first name, last name, email, date of birth, address, mobile number), loyalty card details, purchase history, RFM segmentation, and marketing opt-in flags. The actor is directing interested buyers to a Telegram contact for further information.
Date: 2026-05-10T07:38:03Z
Network: openweb
Published URL: https://altenens.is/threads/4-million-sport2000-database.2937279/unread
Screenshots:
None
Threat Actors: bahisow611
Victim Country: France
Victim Industry: Retail
Victim Organization: Sport 2000
Victim Site: sport2000.fr
Free South Korea Email Combo List (Batch 33/100)
Category: Combo List
Content: A threat actor is freely distributing a batch of South Korea-based email credentials, labeled as batch 33 of 100. The content is hidden behind a registration/login wall on the forum. No further details on record count or targeted services are provided.
Date: 2026-05-10T07:25:35Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-free-premium-south-korea-email-list-batch-33-100
Screenshots:
None
Threat Actors: emaildbpro
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of favo.id Indonesian beauty and health retailer
Category: Data Breach
Content: A threat actor is offering consumer data allegedly sourced from favo.id, an Indonesian beauty and health store. The dataset includes fields such as first name, last name, email, address, phone number, and total spent. The actor is directing interested parties to a Telegram account for further details.
Date: 2026-05-10T07:18:10Z
Network: openweb
Published URL: https://altenens.is/threads/indonesia-favo-id-beauty-and-health-store-consumers.2937275/unread
Screenshots:
None
Threat Actors: saref43135
Victim Country: Indonesia
Victim Industry: Retail
Victim Organization: Favo
Victim Site: favo.id
Sale of stolen payment card data including CC, CVV, holder name, and expiry
Category: Carding
Content: A threat actor is offering stolen payment card data for sale, including card numbers, CVV codes, cardholder names, and expiration dates. No further details regarding the source, volume, or geographic origin of the cards are available from the post.
Date: 2026-05-10T07:14:59Z
Network: openweb
Published URL: https://xforums.st/threads/selling-cc-cvv-holder-name-exp.613609/
Screenshots:
None
Threat Actors: HighWayToShell
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale or distribution of Hotmail credential combo list
Category: Combo List
Content: A forum user shared a combo list advertised as 7,000 high-quality Hotmail credential hits. The content is hidden behind a registration/login wall. These credentials are intended for credential stuffing against Hotmail accounts.
Date: 2026-05-10T06:56:14Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85-7k-hq-hotmail-hit-%E2%9C%85-300760
Screenshots:
None
Threat Actors: RetroCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Indonesian personal data with KTP numbers
Category: Data Breach
Content: A threat actor is offering for sale a dataset of over 200,000 Indonesian individuals personal records including national ID (KTP) numbers, names, gender, email, date of birth, phone number, birth place, address, company name, and monthly income. The origin of the data is not disclosed. Buyers are directed to contact the seller via Telegram.
Date: 2026-05-10T06:53:29Z
Network: openweb
Published URL: https://altenens.is/threads/indonesia-personal-data-with-ktp-number-200k.2937269/unread
Screenshots:
None
Threat Actors: xakoji3864
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Instagram users
Category: Data Breach
Content: A threat actor is offering an alleged database of 5 million Instagram users for sale via Telegram. The dataset reportedly includes email addresses, first and last names, phone numbers, and Instagram IDs. A sample image was shared as proof.
Date: 2026-05-10T06:52:59Z
Network: openweb
Published URL: https://altenens.is/threads/5-million-instagram-users-database.2937274/unread
Screenshots:
None
Threat Actors: ritok33000
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Instagram
Victim Site: instagram.com
Mass Defacement of JuanFiber4Je Network by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM, conducted a mass defacement campaign targeting juanfiber4jenetwork.com, a domain associated with a fiber/internet network provider. The attack was carried out on a Linux-based server and is classified as a mass defacement event. A mirror of the defaced content has been archived at haxor.id.
Date: 2026-05-10T06:36:54Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249073
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Internet Services
Victim Organization: JuanFiber4Je Network
Victim Site: juanfiber4jenetwork.com
Alleged update to Agath malware tool with enhanced legitimacy and rate-limiting features
Category: Malware
Content: Threat actor announced a major update to Agath, a malicious tool suite. Updates include: HLEGIT (credential legitimacy checker) with improved performance, HBROW (browser automation tool) with higher rate limits and legitimacy features, and a new telemetry dashboard for monitoring active tasks. The tool is being actively marketed with purchase links and support channels. Despite claims of educational purposes, this is a commercial malware service.
Date: 2026-05-10T06:35:10Z
Network: telegram
Published URL: https://t.me/agathxl/21
Screenshots:
None
Threat Actors: Agath
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement of jochrisservices.com by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, the website jochrisservices.com was defaced by threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM. The incident was classified as a mass defacement campaign targeting a Linux-based web server. The defacement was archived and mirrored via haxor.id.
Date: 2026-05-10T06:30:58Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249072
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Services
Victim Organization: Jo Chris Services
Victim Site: jochrisservices.com
Combo List with Alleged Fresh Credentials
Category: Combo List
Content: A forum user is distributing a combo list advertised as fresh access on a hidden download link. The content is gated behind registration or login and no further details about the credentials or targeted services are provided.
Date: 2026-05-10T06:28:23Z
Network: openweb
Published URL: https://patched.to/Thread-fresh-access
Screenshots:
None
Threat Actors: JOYK
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of URL:Log:Pass combo list with 8+ million lines
Category: Combo List
Content: A threat actor on a cybercrime forum is freely distributing a URL:Log:Pass combo list containing over 8 million lines, labeled as part 328 of an ongoing series. The content is gated behind registration or login to the forum.
Date: 2026-05-10T06:28:06Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-328
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 1K Hotmail credentials shared on forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 1,000 Hotmail email credentials on a public forum. The content is described as old data and is gated behind registration or login. The post is marketed as mail access credentials for Hotmail accounts.
Date: 2026-05-10T06:27:48Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%9A%871-0k-hotmail-mail-access%F0%9F%9A%87%E2%9C%A8-09-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of URL:Log:Pass Combo List by NapoleonCorp (1.8 Million Records)
Category: Combo List
Content: A threat actor operating under the name NapoleonCorp is offering a combo list of approximately 1.8 million URL:log:pass credential pairs, advertised as private. The post is part of an ongoing series (entry #466), suggesting a recurring distribution operation.
Date: 2026-05-10T05:57:53Z
Network: openweb
Published URL: https://patched.to/Thread-1-8kk-napoleon-corp-up-466-url-log-pass-private
Screenshots:
None
Threat Actors: NapoleonCorp
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of stealer logs and combo list (ULP format, 3.83 GB)
Category: Logs
Content: A threat actor is distributing 3.83 GB of stealer logs in ULP (URL:Login:Password) format, marketed as fresh and high quality. The content is gated behind forum registration or login and is associated with a Telegram channel for additional combo lists.
Date: 2026-05-10T05:56:39Z
Network: openweb
Published URL: https://demonforums.net/Thread-Request-%E2%9C%A6%E2%9C%A6-LOG-S-%E2%9C%A6%E2%9C%A6-ULP-LOGS-PC-%E2%9C%A6%E2%9C%A6-3-83-GB-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free South Korea Email Combo List (Batch 32/100)
Category: Combo List
Content: A threat actor is freely distributing a batch of South Korea-focused email credentials, labeled as batch 32 of 100. The content is hidden behind a forum registration or login wall. No specific victim organization or record count is disclosed.
Date: 2026-05-10T05:29:41Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-free-premium-south-korea-email-list-batch-32-100
Screenshots:
None
Threat Actors: emaildbpro
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of jegsamtech.com by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement attack against jegsamtech.com, a technology-related website running on a Linux server. The incident was part of a broader mass defacement campaign and has been archived on the haxor.id mirror service. No specific motivation or technical exploitation details were disclosed.
Date: 2026-05-10T05:29:15Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249070
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Jegsam Tech
Victim Site: jegsamtech.com
Combo list of 4,387 Hotmail credentials shared on forum
Category: Combo List
Content: A threat actor shared a combo list containing 4,387 Hotmail credentials on a leak forum. The content is hidden behind a registration or login requirement. Hotmail is the credential-stuffing target, not the breach source.
Date: 2026-05-10T05:28:58Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-4-387-Good-HOTMAIL-GOODS-D4RKNETHUB-CLOUD
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Unknown Target by Vazzle07
Category: Defacement
Content: On May 10, 2026, a threat actor identified as Vazzle07 defaced a web page hosted at the IP address 18.135.199.100, targeting the file env.php. The IP address resolves to an AWS EC2 instance located in the United Kingdom region. No team affiliation, motive, or specific exploitation method was disclosed for this incident.
Date: 2026-05-10T05:28:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918434
Screenshots:
None
Threat Actors: Vazzle07
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 18.135.199.100
Website Defacement of layanansmaubp.my.id by YIIX103
Category: Defacement
Content: On May 10, 2026, a threat actor operating under the alias YIIX103 defaced the website layanansmaubp.my.id, targeting a specific PHP page (yo.php). The defacement was a singular, targeted attack with no team affiliation, mass defacement, or prior redefacement recorded. The victim domain uses an Indonesian country-code TLD (.my.id), suggesting an Indonesian target likely associated with an educational or service-oriented organization.
Date: 2026-05-10T05:27:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918436
Screenshots:
None
Threat Actors: YIIX103
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Layanan SMA UBP
Victim Site: layanansmaubp.my.id
Website Defacement of Host at 74.208.112.248 by Vazzle07
Category: Defacement
Content: On May 10, 2026, a threat actor identified as Vazzle07 defaced a web page located at 74.208.112.248/env.php. The incident was a targeted, single-site defacement with no team affiliation reported. The attackers motivation and the underlying server details remain unknown.
Date: 2026-05-10T05:26:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/918435
Screenshots:
None
Threat Actors: Vazzle07
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 74.208.112.248
Sale of cloned cards, CVV, dumps, and fullz across multiple regions
Category: Carding
Content: A threat actor operating as MrDumpsCC is selling non-VBV credit cards, CVV/CCV data, cloned physical cards with ATM PINs, dumps with Track 1 and 2 data, BINs, DOBs, and fullz for US, UK, CA, AU, and EU cardholders. Physical cloned cards are priced between $250 and $1,000 depending on balance, while individual CVVs and dumps are offered at fixed per-unit rates. Contact is facilitated via Telegram.
Date: 2026-05-10T05:25:36Z
Network: openweb
Published URL: https://xforums.st/threads/sell-non-vbv-cc-cvv-ccv-clone-cards.613604/
Screenshots:
None
Threat Actors: MrDumpsCC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of jandecomputerenterprises.com by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, the threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM, conducted a mass defacement campaign targeting jandecomputerenterprises.com, a computer services enterprise running on a Linux server. The attack was part of a broader mass defacement operation, with the defaced page archived at haxor.id. No specific motive or proof of concept was disclosed alongside the incident.
Date: 2026-05-10T05:25:04Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249067
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Technology / Computer Services
Victim Organization: Jande Computer Enterprises
Victim Site: jandecomputerenterprises.com
Mass Defacement of JBNet Billing System by Mr.XycanKing (BABAYO EROR SYSTEM)
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM, conducted a mass defacement attack targeting jbnet-billingsystem.com, a billing system platform running on a Linux server. The attack was classified as a mass defacement campaign, suggesting multiple sites may have been compromised simultaneously. The defacement was archived via haxor.id, a known defacement mirroring service.
Date: 2026-05-10T05:24:15Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249066
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Information Technology / Billing Services
Victim Organization: JBNet Billing System
Victim Site: jbnet-billingsystem.com
Mass Defacement of jcmecommunications.com by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement campaign targeting jcmecommunications.com, a communications sector website hosted on a Linux server. The attack was part of a broader mass defacement operation, with the defaced page archived at haxor.id. No specific motive or proof of concept was publicly disclosed.
Date: 2026-05-10T05:23:15Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249065
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications
Victim Organization: JCME Communications
Victim Site: jcmecommunications.com
Mass Defacement of jdm-internet.com by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement attack against jdm-internet.com, a Linux-based web server. The incident was classified as a mass defacement, suggesting multiple sites or pages were affected simultaneously. A mirror of the defacement has been archived at haxor.id.
Date: 2026-05-10T05:22:33Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249071
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Internet Services / Technology
Victim Organization: JDM Internet
Victim Site: jdm-internet.com
Mass Defacement of jadconnfiber.com by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement attack against jadconnfiber.com, a fiber internet/telecommunications provider running on a Linux server. The incident was classified as a mass defacement, suggesting multiple sites were compromised in the same campaign. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T05:21:35Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249068
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Internet Services
Victim Organization: Jadconn Fiber
Victim Site: jadconnfiber.com
Mass Defacement of jackrownetwork.com by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing, affiliated with the group BABAYO EROR SYSTEM, conducted a mass defacement attack against jackrownetwork.com, a Linux-based web server. The attack was classified as a mass defacement, suggesting multiple sites or pages were simultaneously compromised. A mirror of the defaced content was archived at haxor.id.
Date: 2026-05-10T05:20:51Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249069
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Technology/Networking
Victim Organization: Jack Row Network
Victim Site: jackrownetwork.com
Mass Web Defacement by Mr.XycanKing of BABAYO EROR SYSTEM targeting jewelscrm.nshops.in
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM defaced the website jewelscrm.nshops.in, a jewelry-focused CRM platform hosted in India. The attack was part of a mass defacement campaign targeting multiple sites running on Linux-based servers. The defacement was archived and mirrored on haxor.id.
Date: 2026-05-10T05:14:52Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249064
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: India
Victim Industry: Retail / E-Commerce
Victim Organization: NShops Jewels CRM
Victim Site: jewelscrm.nshops.in
Alleged data leak of Daisy Private Cloud
Category: Data Leak
Content: A threat actor on a leak forum has shared what is alleged to be data from Daisy Private Cloud, consisting of 1,222 records. The content is hidden behind a registration/login wall, limiting visibility into the specific data types included. A bonus is mentioned alongside the primary dataset.
Date: 2026-05-10T05:01:41Z
Network: openweb
Published URL: https://patched.to/Thread-daisy-private-cloud-01222-pcs-bonus
Screenshots:
None
Threat Actors: R0BIN1337
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Daisy Private Cloud
Victim Site: Unknown
Alleged combo list mix distributed as bonus content
Category: Combo List
Content: A forum user shared a mix combo list of 16,100 credentials as a bonus post associated with the account FATETRAFFIC. The content is hidden behind a login/registration wall, limiting further analysis of the data composition or targeted services.
Date: 2026-05-10T05:01:12Z
Network: openweb
Published URL: https://patched.to/Thread-bonus-fatetraffic-16100-mix-08-05-2026
Screenshots:
None
Threat Actors: R0BIN1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 5.6 million URL:Login:Password credentials shared on forum
Category: Combo List
Content: A threat actor shared a combo list containing over 5.6 million URL:Login:Password credential pairs on a clearnet forum. The content is gated behind registration or login. No specific victim organization or breach source is identified.
Date: 2026-05-10T05:00:41Z
Network: openweb
Published URL: https://patched.to/Thread-5-6-millions-hq-ulp-url-log-pass
Screenshots:
None
Threat Actors: R0BIN1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Hotmail credentials shared on forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 695 Hotmail email credentials on a combolist forum. The content is hidden behind a registration/login wall. The data is described as old and marketed as VIP Cloud Hotmail mail access.
Date: 2026-05-10T05:00:26Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%9A%87×695-hotmail-mail-access%F0%9F%9A%87%E2%9C%A8-09-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Website Defacement by Mr.XycanKing of BABAYO EROR SYSTEM targeting intanettonetworksaguday.com
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement campaign targeting intanettonetworksaguday.com, a Linux-hosted networking-related website. The defacement was not a redefacement and did not target the home page, suggesting a deeper directory or subpage compromise. The incident was archived and mirrored at haxor.id, a known defacement archiving platform.
Date: 2026-05-10T04:46:24Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249063
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Technology / Networking
Victim Organization: Intanet To Networks Aguday
Victim Site: intanettonetworksaguday.com
Mass Defacement Campaign by Mr.XycanKing of BABAYO EROR SYSTEM Targeting intanettonetwork.com
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement attack against intanettonetwork.com, a domain associated with internet or network services. The attack targeted a Linux-based web server and was archived via the Haxor.id mirror platform. This incident is part of a broader mass defacement campaign attributed to the same threat actor.
Date: 2026-05-10T04:40:18Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249062
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Internet Services
Victim Organization: Intanetto Network
Victim Site: intanettonetwork.com
Mass Defacement of Billing System by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, a threat actor identified as Mr.XycanKing, operating under the group BABAYO EROR SYSTEM, conducted a mass defacement targeting infineload-billingsystem.com, a billing system platform running on a Linux server. The attack was confirmed as a mass defacement campaign, suggesting multiple sites may have been compromised simultaneously. The defacement was archived and mirrored via haxor.id.
Date: 2026-05-10T04:38:51Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249060
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Financial Services / Billing
Victim Organization: Infineload Billing System
Victim Site: infineload-billingsystem.com
Website Defacement of Ink Computer and Internet Services by Mr.XycanKing (BABAYO EROR SYSTEM)
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the team BABAYO EROR SYSTEM defaced the website of Ink Computer and Internet Services. The attack targeted a Linux-based web server and resulted in a single-site defacement. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T04:36:49Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249061
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Information Technology and Internet Services
Victim Organization: Ink Computer and Internet Services
Victim Site: inkcomputerandinternetservices.com
Alleged defacement of instantbroadcast.in by Mr.XycanKing
Category: Defacement
Content: Website defacement of instantbroadcast.in claimed by threat actor Mr.XycanKing. Proof URL provided showing defaced content.
Date: 2026-05-10T04:22:56Z
Network: telegram
Published URL: https://t.me/c/3865526389/871
Screenshots:
None
Threat Actors: Mr.XycanKing
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: instantbroadcast.in
Victim Site: instantbroadcast.in
Sale of fraudulent transfer services and stolen payment cards
Category: Carding
Content: A threat actor is offering fraudulent money transfer services via CashApp, PayPal, Crypto, Apple Pay, Zelle, and others, advertising multiplied returns on sent amounts. The actor is also selling VBV and non-VBV credit and debit cards with purported balances of $1,000–$10,000 for $20 each, marketed for online payments, shopping, and bookings.
Date: 2026-05-10T04:17:54Z
Network: openweb
Published URL: https://altenens.is/threads/starall-your-legit-and-trusted-transfer-flips-to-all-countries-here-only-takes-1-5-minutes-to-receive-your-funds-mrgins-credit-cardcashapp-transfer-test-run.2937234/unread
Screenshots:
None
Threat Actors: Minesinsdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of multiple Chinese banking institutions including Bank of China, ICBC, and China Construction Bank
Category: Data Leak
Content: A threat actor known as MDGhost is distributing alleged data from at least 11 Chinese banking institutions, including Bank of China, China Construction Bank, ICBC, and others. The dataset, totaling 349GB (17GB compressed), purportedly contains highly sensitive financial and personal data including account numbers, PINs, balances, mobile banking passwords, ID card numbers, and other personally identifiable information. The data is being shared freely on the forum.
Date: 2026-05-10T04:14:13Z
Network: openweb
Published URL: https://breached.st/threads/854-millions-bank-of-china-industrial-and-commercial-bank-of-china-icbc-and-china-construction-bank.86866/unread
Screenshots:
None
Threat Actors: MDGhost
Victim Country: China
Victim Industry: Finance
Victim Organization: Bank of China, ICBC, China Construction Bank, and others
Victim Site: Unknown
Mass Defacement of imjwanklikinternet.com by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, the website imjwanklikinternet.com was defaced by threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM. The incident was identified as part of a mass defacement campaign targeting a Linux-based web server. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T04:13:57Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249059
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: imjwanklikinternet.com
Mass Defacement of Billing System Platform by Mr.XycanKing / BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement targeting imtechmlang-billingsystem.com, a technology-oriented billing platform running on a Linux server. The incident was classified as a mass defacement, indicating multiple sites may have been simultaneously compromised. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-10T04:12:36Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249057
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Technology / Billing Services
Victim Organization: IMTech MLang Billing System
Victim Site: imtechmlang-billingsystem.com
Mass Defacement of Wireless Internet Services Provider by Mr.XycanKing / BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the team BABAYO EROR SYSTEM conducted a mass defacement campaign targeting impaswirelessinternetservices.com, a wireless internet services provider. The attack was executed on a Linux-based server and is confirmed to be part of a broader mass defacement operation rather than an isolated incident. A mirror of the defaced page has been archived at haxor.id.
Date: 2026-05-10T04:10:36Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249058
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Internet Services
Victim Organization: Impas Wireless Internet Services
Victim Site: impaswirelessinternetservices.com
Mass Defacement of iaccessnetwork.net by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement attack against iaccessnetwork.net, a network or internet access service provider. The attack targeted a Linux-based server and was confirmed as part of a broader mass defacement campaign. The incident was archived and mirrored on haxor.id.
Date: 2026-05-10T04:04:24Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249056
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Internet Services
Victim Organization: iAccess Network
Victim Site: iaccessnetwork.net
Sale of stealer logs with email access and RDP credentials
Category: Logs
Content: A threat actor operating as Ghostloggy is advertising a Telegram-based shop selling stealer logs that include email access and RDP credentials. The shop is claimed to be available 24/7. No specific victim organization or record count is disclosed.
Date: 2026-05-10T03:57:28Z
Network: openweb
Published URL: https://altenens.is/threads/fresh-cheap-logs-with-email-access-rdp.2937224/unread
Screenshots:
None
Threat Actors: Ghostloggy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fraudulent money transfer services via Western Union, bank transfer, CashApp, and PayPal
Category: Services
Content: A threat actor operating under the alias SWIFTZ00Z is offering fraudulent money transfer services including Western Union, bank transfers, CashApp, and PayPal transactions worldwide. The seller claims transfers are clean and legit with no chargebacks or disputes, indicative of money laundering or fraud-as-a-service activity. Contact is offered via Jabber, Telegram, Tox, and Signal.
Date: 2026-05-10T03:45:53Z
Network: openweb
Published URL: https://breached.st/threads/selling-western-union-bank-transfer-cashapp-paypal-transferring-worldwide-clean-legit.86963/unread
Screenshots:
None
Threat Actors: Toku Wa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of hivenet-wis.com by Mr.XycanKing of BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement campaign targeting hivenet-wis.com, a Linux-based web service. The attack was confirmed as a mass defacement operation, with a mirror of the defaced page archived at haxor.id. No specific motive or proof-of-concept details were disclosed.
Date: 2026-05-10T03:41:28Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249055
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Technology / Web Services
Victim Organization: Hivenet WIS
Victim Site: hivenet-wis.com
Sale of CoreBank Financial Business System 1.8 source code
Category: Malware
Content: A threat actor is offering for sale the source code of CoreBank Financial Business System 1.8, a banking software written in C# reportedly weighing 8GB. The seller claims the system is deployed across five Latin American countries: Ecuador, Peru, Colombia, Costa Rica, and the Dominican Republic. Contact is provided via a Session messenger identifier.
Date: 2026-05-10T03:39:49Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-CoreBank-Financial-Business-System-1-8
Screenshots:
None
Threat Actors: karina692026
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of HCA Internet Provider by Mr.XycanKing / BABAYO EROR SYSTEM
Category: Defacement
Content: On May 10, 2026, threat actor Mr.XycanKing operating under the group BABAYO EROR SYSTEM conducted a mass defacement attack targeting hcainternetprovider.com, a website associated with an internet service provider. The attack was carried out on a Linux-based server and is classified as a mass defacement campaign. A mirror of the defaced page has been archived at haxor.id.
Date: 2026-05-10T03:35:19Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249054
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Telecommunications / Internet Services
Victim Organization: HCA Internet Provider
Victim Site: hcainternetprovider.com
Combo List of Hotmail Credentials (5.2K)
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 5,200 Hotmail credentials on a cybercrime forum. The content is gated behind registration or login. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-10T03:33:46Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%EF%B8%8F-5-2k-verity-vault-hotmail-drop-%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: VerityVault
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 5.1K valid credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 5,100 claimed valid Hotmail credentials, dated May 10, 2026. The post markets the list as private and high quality. Access to the download requires forum engagement.
Date: 2026-05-10T03:29:06Z
Network: openweb
Published URL: https://altenens.is/threads/5-1k-high-voltagehotmailhigh-voltagevalid-mail-access-10-05.2937221/unread
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement campaign by BABAYO EROR SYSTEM targeting gametech-gusa.com
Category: Defacement
Content: On May 10, 2026, the threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM, conducted a mass defacement attack against gametech-gusa.com, a gaming or technology-related website hosted on a Linux server. The incident was classified as a mass defacement, suggesting multiple sites were targeted as part of the same campaign. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-10T03:18:08Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249052
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Gaming / Technology
Victim Organization: GameTech GUSA
Victim Site: gametech-gusa.com
Mass Defacement of Tunisian Real Estate Site by BABAYO EROR SYSTEM (Mr.XycanKing)
Category: Defacement
Content: On May 10, 2026, the Tunisian real estate website Hammamet Immobilier was defaced by threat actor Mr.XycanKing, operating under the group BABAYO EROR SYSTEM. This incident was part of a mass defacement campaign, with a mirror of the defacement archived at haxor.id. The attack targeted a property and real estate services platform based in Hammamet, Tunisia.
Date: 2026-05-10T03:15:43Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249053
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Tunisia
Victim Industry: Real Estate
Victim Organization: Hammamet Immobilier
Victim Site: hammamet-immobilier.tn
Free South Korea email combo list (Batch 31/100)
Category: Combo List
Content: A threat actor is freely distributing a batch of South Korea-focused email credentials, labeled as batch 31 of 100. The content is gated behind forum registration or login. No further details on record count or data source are provided.
Date: 2026-05-10T03:04:43Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-free-premium-south-korea-email-list-batch-31-100
Screenshots:
None
Threat Actors: emaildbpro
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stealer logs with URL:LOG:PASS credentials
Category: Logs
Content: A threat actor is offering a dataset of 3.9 million URL:log:pass credential records marketed as fresh stealer log output. The content is hidden behind registration or login. The seller advertises the service via vulta.pw and a Telegram channel.
Date: 2026-05-10T03:03:34Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%9A%A1URL-LOG-PASS-3-9-M-%E2%AD%90%EF%B8%8FVULTA-PW%E2%AD%90%EF%B8%8F-FRESH-%E2%9A%A1
Screenshots:
None
Threat Actors: vultapower
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email combo list with 11.6K valid credentials
Category: Combo List
Content: A threat actor is distributing a mixed combo list of 11.6K valid email credentials, marketed as private and high quality. The list is dated May 10, 2026, and is available via a hidden download link requiring forum registration or login.
Date: 2026-05-10T03:03:24Z
Network: openweb
Published URL: https://leakforum.io/Thread-11-6K-%E2%9C%A8-Mix-%E2%9C%A8-Valid-Mail-Access-10-05
Screenshots:
None
Threat Actors: RedCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fake identity documents, deepfakes, and KYC bypass services
Category: Carding
Content: A threat actor operating via Telegram (@kirkjnr) is advertising fraudulent identity documents including passports, drivers licenses, and SSN cards for multiple countries, alongside high-grade deepfakes designed to bypass KYC verification systems such as Onfido, SumSub, and Jumio. The seller claims the ability to verify accounts on major cryptocurrency exchanges and financial platforms including Binance, Coinbase, Revolut, and Stripe. Physical and digital document forgeries including bank statem
Date: 2026-05-10T03:02:47Z
Network: openweb
Published URL: https://demonforums.net/Thread-TELEGRAM-kirkjnr-ALWAYS-AT-YOUR-SERVICE–203547
Screenshots:
None
Threat Actors: bussystreet109
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fraudulent identity documents, deepfakes, and KYC bypass services
Category: Combo List
Content: A threat actor is advertising fraudulent identity documents (passports, drivers licenses, SSN cards) and high-grade deepfakes for bypassing KYC verification on financial platforms including Binance, Coinbase, Revolut, Kraken, and others. Services include physical and digital fake IDs for multiple countries, as well as fabricated financial documents such as bank statements, W2s, and pay stubs. The actor claims to support KYC bypass on major verification providers including Onfido, SumSub, and Ju
Date: 2026-05-10T03:02:43Z
Network: openweb
Published URL: https://demonforums.net/Thread-TELEGRAM-kirkjnr-ALWAYS-AT-YOUR-SERVICE–203550
Screenshots:
None
Threat Actors: bussystreet109
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed mail:pass combo list with 35K credentials
Category: Combo List
Content: A threat actor is distributing a mixed mail:pass combo list containing approximately 35,000 credentials, marketed as high quality and fully valid. The post provides a download link with no additional context about the origin of the credentials.
Date: 2026-05-10T02:57:27Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%AD%90%E2%AD%90%E2%AD%9035k-MIX-MAIL-PASS-HIGH-QUALITY-FULL-VALID-100-DEXTERCLOUD7%E2%AD%90%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: DexterCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of URL:LOG:PASS combo list with 23.16 million records
Category: Logs
Content: A threat actor operating under the name Daxus has shared a URL:LOG:PASS dataset containing approximately 23.16 million records, advertised as UHQ (ultra-high quality) stealer log output. The content is made available via a hidden link on the forum, with a full database accessible through the actors commercial platform at daxus.pro and associated Telegram channels.
Date: 2026-05-10T02:32:31Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%AD%90%EF%B8%8FURL-LOG-PASS-23-16-M-%E2%9C%85-DAXUS-PRO-UHQ-%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Bappeda Sulut Province
Category: Data Leak
Content: A threat actor using the handle JunedXsec shared what is claimed to be a database belonging to Bappeda Sulut Province (North Sulawesi Regional Development Planning Agency) on a data leak forum. No further details or post content are available to confirm the scope or nature of the data.
Date: 2026-05-10T02:15:58Z
Network: openweb
Published URL: https://breached.st/threads/shared-database-bappeda-sulut-prov.86961/unread
Screenshots:
None
Threat Actors: JunedXsec
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Bappeda Sulut Province
Victim Site: Unknown
Alleged data breach of Arup Group
Category: Data Breach
Content: A threat actor known as FulcrumSec claims to have breached Arup Group, a global engineering firm, allegedly obtaining access to 10,000 repositories and 3.5TB of Azure/AWS infrastructure data along with sensitive documents. The post references £2.2B ARR, suggesting the actor is highlighting the targets financial scale. No further details are available as the post content was not accessible.
Date: 2026-05-10T01:40:25Z
Network: openweb
Published URL: https://darkforums.su/Thread-FRESH-BREACH-ARUP-GROUP-%C2%A32-2B-ARR-10k-REPOS-3-5TB-AZURE-AWS-INFRA-SENSITIVE-DOCS
Screenshots:
None
Threat Actors: FulcrumSec
Victim Country: United Kingdom
Victim Industry: Engineering
Victim Organization: Arup Group
Victim Site: arup.com
Sale of Italian combo list with approximately 6,000 credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 6,000 credentials targeting Italian users. The post also advertises a custom script-building service for credential stuffing operations. Content is gated behind forum registration or login.
Date: 2026-05-10T01:31:58Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%B06k%E2%9A%9C%EF%B8%8Fcombo%E2%9A%9C%EF%B8%8Fitaly%F0%9F%94%B0
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Deezer Premium subscription upgrade service
Category: Services
Content: A forum seller is offering Deezer Premium one-year upgrades for $29.99, claiming the service is 100% legal. Buyers are required to provide their Deezer account credentials, after which the seller adds them to a team plan. The service is advertised with autobuy available via an external storefront.
Date: 2026-05-10T01:31:27Z
Network: openweb
Published URL: https://patched.to/Thread-nova-%E2%AD%90deezer-premium-1-year%E2%AD%90upgrade-your-account%E2%AD%90100-legal%E2%9C%85fast-delivery%E2%AD%90only-29-99
Screenshots:
None
Threat Actors: pollymydolly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Hotmail credentials offered by Cypheer
Category: Combo List
Content: A forum member is distributing a combo list of Hotmail credential lines, marketed as private. The actual content is hidden behind a registration/login gate, so volume and data specifics are unknown.
Date: 2026-05-10T01:31:12Z
Network: openweb
Published URL: https://patched.to/Thread-nova-%E2%9C%94%EF%B8%8F%F0%9F%92%8E-hotmail-lines-private-cypher-cloud%E2%9C%94%EF%B8%8F%F0%9F%92%8E
Screenshots:
None
Threat Actors: Cypheer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list shared via Mega file hosting
Category: Combo List
Content: A threat actor shared a link to a ~200MB combo list file hosted on Mega.nz. No further details about the contents, target services, or origin of the credentials were provided.
Date: 2026-05-10T01:29:55Z
Network: openweb
Published URL: https://demonforums.net/Thread-200mb-lines-private
Screenshots:
None
Threat Actors: niven938644
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Argentinian SaaS platform for shop management
Category: Data Breach
Content: A forum post in the Access Market section references an Argentinian SaaS platform for shop management. No content was available to confirm details of the alleged breach, sale, or data involved.
Date: 2026-05-10T01:19:54Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Argentian-SaaS-Platform-Shop-Management
Screenshots:
None
Threat Actors: Kurd
Victim Country: Argentina
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: Unknown
Sale of initial access to undisclosed Brazilian AI agent platform via Redis
Category: Initial Access
Content: A threat actor is offering access to a Redis instance belonging to an undisclosed Brazilian AI agent platform that handles WhatsApp and SMS communications. The exposed data includes customer names, phone numbers, WhatsApp messages, and lead scores across 9,741 active session keys. A session token is also included in the listing.
Date: 2026-05-10T01:18:32Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Brazilian-AI-agent-WhatsApp-SMS
Screenshots:
None
Threat Actors: Kurd
Victim Country: Brazil
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Germany distributed freely
Category: Combo List
Content: A threat actor shared a combo list of approximately 22,000 credentials described as fresh and associated with German accounts. The list was made available for free via an external paste service.
Date: 2026-05-10T01:17:05Z
Network: openweb
Published URL: https://crackingx.com/threads/74722/
Screenshots:
None
Threat Actors: COYYYTO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Multi-country combo list offered for free distribution
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 5 million credentials spanning multiple countries including the USA, Germany, France, Italy, Spain, Turkey, Kazakhstan, China, Japan, Korea, India, Brazil, Canada, and Mexico. The list is being made available via Telegram channels operated by the actor.
Date: 2026-05-10T01:15:48Z
Network: openweb
Published URL: https://crackingx.com/threads/74726/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Multi-country combo list of 11.2 million credentials spanning Europe and Middle East
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 11.2 million credentials covering multiple countries including Poland, Sweden, Norway, Finland, Denmark, Netherlands, Belgium, Switzerland, Austria, Greece, Portugal, Iran, Iraq, Saudi Arabia, and the United Kingdom. The list is advertised as free via Telegram channels operated by the actor.
Date: 2026-05-10T01:14:49Z
Network: openweb
Published URL: https://crackingx.com/threads/74730/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts distributed via PandaCloud service
Category: Combo List
Content: A threat actor is distributing what they claim are fresh, fully valid Hotmail credentials via a file-sharing link. The post advertises a Telegram-based service called PandaCloud offering both public and private email databases updated daily. Private databases are marketed as previously unused and spam-free.
Date: 2026-05-10T01:14:01Z
Network: openweb
Published URL: https://crackingx.com/threads/74734/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 3K mixed mail access combo list
Category: Combo List
Content: A threat actor shared a link via Mega.nz containing approximately 3,000 mixed mail access credentials. The list was made available for free on a cracking forum. No specific target organization or country was identified.
Date: 2026-05-10T01:13:14Z
Network: openweb
Published URL: https://crackingx.com/threads/74737/
Screenshots:
None
Threat Actors: WashingtonDC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free mixed logs targeting Hotmail and other services
Category: Combo List
Content: A threat actor shared a free collection of approximately 7,300 mixed stealer logs targeting Hotmail and other unspecified services. The logs were made available for download on a cracking forum.
Date: 2026-05-10T01:12:42Z
Network: openweb
Published URL: https://crackingx.com/threads/74740/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Hotmail accounts shared on cracking forum
Category: Combo List
Content: A combo list of approximately 39,340 Hotmail credentials was shared on a cracking forum by the user s2lender. The list is marketed as high quality (HQ). No additional details are available as the post content was not captured.
Date: 2026-05-10T01:12:21Z
Network: openweb
Published URL: https://crackingx.com/threads/74741/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list mix shared by s2lender
Category: Combo List
Content: A threat actor known as s2lender shared a combo list mix on a cracking forum. The post contains no additional details about the source or targeted services. The dataset appears to consist of approximately 7,163 credential entries.
Date: 2026-05-10T01:12:05Z
Network: openweb
Published URL: https://crackingx.com/threads/74742/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A combo list purportedly containing high-quality Hotmail credentials was shared on a cracking forum by user s2lender. No post content was available for further analysis.
Date: 2026-05-10T01:11:49Z
Network: openweb
Published URL: https://crackingx.com/threads/74743/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list mix shared by s2lender
Category: Combo List
Content: A user on CrackingX shared a combo list mix containing an unspecified mix of credentials. No additional details about the targeted services or data origin are available from the post.
Date: 2026-05-10T01:11:24Z
Network: openweb
Published URL: https://crackingx.com/threads/74745/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Mixed Mail Access Credentials
Category: Combo List
Content: A threat actor published a combo list containing approximately 5,200 mixed mail access credentials. The post was shared on a cracking forum under the combolists and dumps section. No additional details about the source or targeted services were available in the post content.
Date: 2026-05-10T01:09:50Z
Network: openweb
Published URL: https://crackingx.com/threads/74755/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Hotmail combo list shared on cracking forum
Category: Combo List
Content: A forum post titled HOTMAIL JUST IN was identified on a cracking forum in the Combolists & Dumps section. No content was available to assess the nature, volume, or validity of the claimed combo list.
Date: 2026-05-10T01:09:25Z
Network: openweb
Published URL: https://crackingx.com/threads/74757/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ combo list mix by threat actor s2lender
Category: Combo List
Content: Threat actor s2lender is offering a high-quality mixed combo list containing approximately 1,896 credential pairs. The post advertises daily supply of 4,000–12,000 fresh credentials via a private, members-only network. No specific target service or victim organization is identified.
Date: 2026-05-10T01:09:11Z
Network: openweb
Published URL: https://crackingx.com/threads/74758/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list by threat actor s2lender
Category: Combo List
Content: A threat actor operating as s2lender is offering a Hotmail combo list containing approximately 467 credentials, marketed as high-quality and fresh. The post advertises daily supply of 4K–12K credentials through a private members-only network. The credentials are intended for use in credential stuffing against Hotmail accounts.
Date: 2026-05-10T01:08:31Z
Network: openweb
Published URL: https://crackingx.com/threads/74764/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list by threat actor s2lender
Category: Combo List
Content: A threat actor operating as s2lender is offering a combo list of approximately 3,205 Hotmail credentials on a cracking forum. The post advertises the credentials as high quality and fresh, with claims of daily supply ranging from 4,000 to 12,000 entries. The listing is marketed as exclusive to private members of the sellers network.
Date: 2026-05-10T01:08:10Z
Network: openweb
Published URL: https://crackingx.com/threads/74765/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale and distribution of fresh USA email combo lists via PandaCloud service
Category: Combo List
Content: A threat actor is advertising a service called PandaCloud offering free and paid email databases, including fresh USA email combo lists claimed to be fully valid. Both public and private databases are available, with private databases marketed as unused and spam-free. A download link and Telegram channel are provided for access.
Date: 2026-05-10T01:07:48Z
Network: openweb
Published URL: https://crackingx.com/threads/74766/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list by threat actor s2lender
Category: Combo List
Content: A threat actor operating as s2lender is offering a combo list of 1,640 Hotmail credentials marketed as high-quality and fresh. The post advertises daily supply of 4,000–12,000 credentials through a private members-only network with encrypted access.
Date: 2026-05-10T01:07:03Z
Network: openweb
Published URL: https://crackingx.com/threads/74771/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fresh mixed email combo lists via PandaCloud service
Category: Combo List
Content: A threat actor operating under the PandaCloud brand is selling subscription-based access to fresh mixed email databases via Telegram, with plans ranging from $30 per week to $500 for lifetime access. The service claims to provide regularly updated, unique email databases including private bases sold exclusively to a single buyer. A free sample is also shared via an external file-hosting link.
Date: 2026-05-10T01:06:28Z
Network: openweb
Published URL: https://crackingx.com/threads/74775/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mix combo list
Category: Combo List
Content: A threat actor operating as @s2lender_txt is offering a combo list marketed as 5890X HQ Mix on a cracking forum. The listing claims credentials are fresh and untouched, with a daily supply of 4,000–12,000 entries. The post advertises private, encrypted access to a members-only network for distribution.
Date: 2026-05-10T01:05:41Z
Network: openweb
Published URL: https://crackingx.com/threads/74779/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list by threat actor s2lender
Category: Combo List
Content: A threat actor operating as s2lender is offering a combo list of 1,626 Hotmail credentials on a cracking forum. The listing claims credentials are high quality and sourced from a private, members-only supply channel providing 4,000–12,000 fresh credentials daily.
Date: 2026-05-10T01:05:19Z
Network: openweb
Published URL: https://crackingx.com/threads/74780/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed combo list with 5,340 credentials
Category: Combo List
Content: A threat actor is offering a mixed combo list containing 5,340 credential pairs via external links. The list is available for free download and through a paid VIP subscription tier ranging from $3 for a 24-hour trial to $100 for three months.
Date: 2026-05-10T01:04:20Z
Network: openweb
Published URL: https://crackingx.com/threads/74784/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail Credentials Advertised for Distribution
Category: Combo List
Content: A threat actor advertised a combo list of 1,256 high-quality Hotmail credentials on a cracking forum. The post claims daily supply of 4,000–12,000 fresh credentials through a private members-only network with encrypted access.
Date: 2026-05-10T01:03:56Z
Network: openweb
Published URL: https://crackingx.com/threads/74785/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mix combo list by threat actor s2lender
Category: Combo List
Content: Threat actor s2lender is offering a combo list advertised as 704X HQ Mix on a cracking forum. The post claims daily supply of 4,000–12,000 fresh credentials through a private members-only network. The credentials are marketed as high quality and optimized for credential stuffing.
Date: 2026-05-10T01:03:34Z
Network: openweb
Published URL: https://crackingx.com/threads/74786/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list distribution targeting educational sector across multiple countries
Category: Combo List
Content: A threat actor operating under the alias CODER is distributing free combo lists described as Edu Mixed Country Leaks via Telegram channels. The post advertises access to credential lists and associated tools through two Telegram groups. No specific victim organization or record count is disclosed.
Date: 2026-05-10T01:01:28Z
Network: openweb
Published URL: https://crackingx.com/threads/74796/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Comcast combo list offered via Telegram
Category: Combo List
Content: A threat actor is advertising a Comcast-themed combo list via a cracking forum, directing interested parties to a Telegram account and group channels for free combo lists and tools. No details regarding record count or data fields are provided in the post.
Date: 2026-05-10T01:01:05Z
Network: openweb
Published URL: https://crackingx.com/threads/74797/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
combo icloud
Category: Combo List
Content: New thread posted by CODER: combo icloud
Date: 2026-05-10T01:00:17Z
Network: openweb
Published URL: https://crackingx.com/threads/74800/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 3.5 million email:password credentials for social media platforms
Category: Combo List
Content: A threat actor is distributing a combo list of 3.5 million email:password pairs marketed as valid for credential stuffing against Facebook, Instagram, Snapchat, and X. The content is hidden behind a forum registration or login requirement.
Date: 2026-05-10T00:43:39Z
Network: openweb
Published URL: https://patched.to/Thread-3-5m-lines-mail-pass-good-for-facebook-instagram-snapchat-x
Screenshots:
None
Threat Actors: Nuttela101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 3.6 million combo list targeting streaming and gaming services
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 3.6 million credentials marketed as high-quality and fresh, targeting services including Spotify, Hulu, Steam, Minecraft, and Netflix. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-10T00:43:08Z
Network: openweb
Published URL: https://patched.to/Thread-3-6m-combos-hq-fresh-spotify-hulu-steam-minecraft-netflix
Screenshots:
None
Threat Actors: Nuttela101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of gaming combo list with 4.6 million lines
Category: Combo List
Content: A threat actor is distributing a combo list containing 4.6 million lines targeting gaming platforms. The actual content is hidden behind a registration or login wall on the forum.
Date: 2026-05-10T00:42:39Z
Network: openweb
Published URL: https://patched.to/Thread-4-6m-lines-combo-gaming
Screenshots:
None
Threat Actors: Nuttela101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 4.7 million credential combo list marketed as UHQ private leak
Category: Combo List
Content: A threat actor is offering a combo list of approximately 4.7 million credentials on a cybercrime forum, marketed as UHQ (ultra-high quality) and described as suitable for credential stuffing across multiple services. The content is gated behind forum registration or login.
Date: 2026-05-10T00:42:09Z
Network: openweb
Published URL: https://patched.to/Thread-uhq-4-7m-combolist-private-good-for-everything-vip-leak
Screenshots:
None
Threat Actors: Nuttela101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
French combo list of 5K credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 5,000 French credentials on a cybercrime forum. The post also advertises a custom script-building service for credential stuffing. No specific victim organization is identified.
Date: 2026-05-10T00:41:18Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%B05k%E2%9A%9C%EF%B8%8Ffrench%E2%9A%9C%EF%B8%8Fcombo%F0%9F%94%B0
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 26K Valid Mail Credentials
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 26,000 claimed valid email access credentials. The content is hidden behind a registration or login wall on the forum. No specific email provider or geographic region is identified in the post.
Date: 2026-05-10T00:40:39Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-26K-VALID-MAIL-ACCESS–203530
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 26K mixed mail access credentials
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 26,000 mixed email access credentials on a public forum. The content is hidden behind registration or login. No specific targeted service or origin breach is identified.
Date: 2026-05-10T00:40:08Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-26K-Good-Mix-Mail-Access
Screenshots:
None
Threat Actors: StrawHatBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 45,000 valid email access combo list
Category: Combo List
Content: A threat actor shared a combo list of 45,000 claimed valid email credentials via an external paste service. The list is advertised as containing active mail access credentials. No specific organization or country is identified as the source of the data.
Date: 2026-05-10T00:30:31Z
Network: openweb
Published URL: https://altenens.is/threads/45k-valid-mail-access-combolist.2937144/unread
Screenshots:
None
Threat Actors: VegaM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Hotmail combo list via private cloud service
Category: Combo List
Content: A threat actor is selling access to a private cloud service containing UHQ Hotmail combo lists marketed as fresh inbox combos. Subscription tiers are offered ranging from 3 days at $10 to lifetime access at $260, with payment accepted in cryptocurrency. Contact is facilitated via Telegram handle @VOID032.
Date: 2026-05-10T00:16:56Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%B0good%E2%9A%9C%EF%B8%8Fdump%E2%9A%9C%EF%B8%8Fulp%E2%9A%9C%EF%B8%8Fprivate%F0%9F%94%B0
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Hotmail combo list
Category: Combo List
Content: A threat actor is offering Hotmail combo lists described as UHQ, fresh, and private via a subscription-based cloud service. Plans range from $10 for 3 days to $260 for lifetime access, with payment accepted in cryptocurrency. The listing markets the credentials as inbox combos suitable for credential stuffing.
Date: 2026-05-10T00:16:28Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%B0uhq%E2%9A%9C%EF%B8%8Fhotmail%E2%9A%9C%EF%B8%8Fvalid%F0%9F%94%B0
Screenshots:
None
Threat Actors: Dhyazribi001
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list service via private Telegram channel
Category: Combo List
Content: A threat actor is advertising a paid private Telegram channel offering combo lists marketed as high-quality and frequently updated. Membership plans range from $8 for 3 days to $50 for one month, with access available via direct message on Telegram.
Date: 2026-05-10T00:15:11Z
Network: openweb
Published URL: https://altenens.is/threads/hotmail-cloud-account-vip.2937132/unread
Screenshots:
None
Threat Actors: hussien07x
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of 14 million crypto user email database
Category: Data Leak
Content: A threat actor has freely shared a database purportedly containing 14 million records associated with cryptocurrency platform users. The dataset includes fields such as email, first and last name, address, city, state, zip, IP address, and website source. A sample of 1 million records was made available via an external file-sharing link.
Date: 2026-05-10T00:02:26Z
Network: openweb
Published URL: https://breached.st/threads/14-million-crypto-email-database.86951/unread
Screenshots:
None
Threat Actors: Pijush508
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Sale of multiple consumer and business email databases across various countries
Category: Data Breach
Content: A threat actor is advertising a collection of over 8TB of email and consumer databases spanning multiple countries including the United States, UK, China, India, France, and others. The datasets include consumer email lists, business leads, crypto user databases, financial investor lists, and sector-specific records such as healthcare, forex, and SSN-linked data. The seller directs interested buyers to a Telegram channel.
Date: 2026-05-10T00:01:45Z
Network: openweb
Published URL: https://breached.st/threads/8tb-database-available.86952/unread
Screenshots:
None
Threat Actors: Pijush508
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged solicitation to breach and leak database of Deadeye OSINT platform
Category: Cyber Attack
Content: A forum user is soliciting someone to breach and exfiltrate the full database of deadeye.cc, an OSINT website. The poster claims willingness to pay but requires proof of access before payment. The underlying database technology is unknown to the requester.
Date: 2026-05-10T00:01:11Z
Network: openweb
Published URL: https://breached.st/threads/do-something-for-me.86954/unread
Screenshots:
None
Threat Actors: aua
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Deadeye
Victim Site: deadeye.cc