[May-12-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This report provides an in-depth analysis of a vast array of cyber incidents primarily recorded between May 11 and May 12, 2026. The threat landscape detailed in the dataset is highly active, reflecting an escalating trend in credential harvesting, data leaks, hacktivist defacements, and the commoditization of cybercrime services.

The documented incidents fall broadly into several categories: the widespread distribution of “Combo Lists” intended for credential stuffing, initial access brokering, massive data breaches affecting millions of global citizens, hacktivist-driven website defacements, and the sale of sophisticated malware and fraud services. Threat actors operate with impunity across both the open web and dark web forums, utilizing platforms like Telegram for secondary negotiations and data transactions.

2. Threat Landscape Overview

The digital underground remains a robust economy where data is freely shared to build threat actor reputations or sold for direct financial gain. The sheer volume of compromised credentials—totaling hundreds of millions of rows across various dumps—highlights a severe risk to organizational perimeters and consumer accounts alike. The targeted industries are diverse, encompassing healthcare, education, retail, telecommunications, government, and finance, with a global victimology that spares no specific region.

3. Primary Attack Vectors & Categories

3.1. Combo Lists and Credential Stuffing

The most frequently observed incident type is the distribution of Combo Lists. These lists contain combinations of emails/usernames and passwords, often labeled as “URL:Login:Password” (ULP), which are heavily utilized in credential stuffing attacks.

Scale and Volume: Threat actors like DevelMakss distributed immense combo lists, including a massive 66 million ULP credential pair list, and another list containing 64,000 mixed email credentials intended for mail access. Actor mr_daadaa released an even larger list containing approximately 70 million credentials.
Targeted Services: Threat actors often segment these lists to target specific high-value platforms. For example, actor Ra-Zi sold 120,000 credentials explicitly targeting streaming and gaming platforms like Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify. Adult entertainment platforms (XNXX, Pornhub) were also targeted by actor MetaCloud3 with 612,000 credentials.
Corporate vs. Personal: While many lists target personal accounts (like Hotmail, Yahoo, and Gmail), a significant portion targets corporate domains. AiCombo shared a list of 92,199 combinations specifically targeting business corporate domains.

3.2. Data Breaches and Data Leaks

Data breaches observed in this period affected millions of individuals, heavily leaning towards the exposure of Personally Identifiable Information (PII) and sensitive financial data.

Government & Healthcare: A massive breach alleged by XSVSHACKER involved an Indonesian COVID-19 antigen testing database containing approximately 20 million records, exposing Patient IDs, full names, national identification numbers, and test results.
Finance & Corporate: The Stormous Group (XOverStm) allegedly leaked 20GB of data from Arc Reinsurance Brokers, containing KYC documents, employee files, and financial records, purportedly after failed extortion negotiations. Additionally, an alleged leak from the UK contained payroll records with sensitive attributes such as ethnicity, religion, and sexual orientation.
Population Databases: Threat actor MisterD offered massive population databases for sale, including 20 million records from Japan and 9 million records from South Korea, containing national IDs, phone numbers, and residential addresses. Furthermore, an alleged 31 million records from RENIEC (Peru’s national civil registry) were leaked by ritok33000.

3.3. Website Defacements

Website defacements serve as a form of digital graffiti, often politically or ideologically motivated, or used to build hacker “clout.”

Mass Defacements in Indonesia: Actor lxrdk1773n executed a highly coordinated mass defacement campaign targeting multiple subdomains of MTsN 1 Ternate, an Indonesian state Islamic junior high school. The actor exploited a Linux-based server using a PHP shell (lol.php) to compromise attendance, e-learning, and archive portals.
Umbra Community Operations: A threat actor utilizing the alias Nicotine, affiliated with the Umbra Community, conducted widespread targeted defacements primarily against North American financial, real estate, and retail sites. Victims included Optimal Refinance, Quick Qualify Mortgages, Pick Realtors, and African Food Market.
Hidden Cyber Crime: The actor Inside Alone7 (part of Hidden Cyber Crime) compromised international sites, including targets in Tunisia (Magasins Fekih), Rwanda (cepurhuye.rw), Belgium (scribal.be), and France (PPS Security) by altering internal text files like 1000.txt.

3.4. Initial Access, Malware, and Logs Brokering

A thriving ecosystem exists for selling initial access, raw stealer logs, and sophisticated malware frameworks.

Stealer Logs: Threat actors routinely distribute gigabytes of raw info-stealer logs (from malware like RedLine), which contain session cookies, browser passwords, and cryptocurrency wallet data. Actor DevelMakss freely distributed 1.8GB of such logs.
Malware & Exploits: Actor GENERAL DARK advertised “AIRDC,” an AI-powered hidden remote desktop control application with kernel-level evasion and encrypted P2P tunneling via WireGuard/Tailscale. Additionally, Leakbase offered a cross-platform Remote Control System (RCS) exploit chain with zero-day kernel modules.
Initial Access: Threat actor Toton sold enterprise admin-level VPN access to a Japanese retail organization via Palo Alto GlobalProtect for a mere $25, while also brokering access to organizations in Turkey, Portugal, Brazil, Australia, and the UK.

4. Key Threat Actors Profile

Several threat actors and groups stand out due to their high volume of activity or the critical nature of their exploits:

MetaCloud3: Highly prolific in distributing themed combo lists, targeting everything from business emails (765K records) to streaming services (872K records), cryptocurrency platforms (503K records), and adult websites (612K records).
Nicotine (Umbra Community): Responsible for a sprawling defacement campaign targeting American mortgage, loan, and real estate agencies.
lxrdk1773n: Focused heavily on mass defacements of Indonesian educational infrastructure.
Leakbase: Operating at the higher end of the cybercrime spectrum, selling high-value zero-day exploits and premium databases, including alleged financial sector records from Hong Kong and an alleged Robinhood Crypto dump.
Fragtez & ZoneX404: Extremely active in distributing multi-million record ULP combo lists for free on forums to build reputation and drive traffic to private Telegram sales channels.

5. Victimology Analysis

5.1. By Industry

Finance & Cryptocurrency: Heavily targeted for direct monetization. Incidents include the sale of Softbank banking system source code targeting LATAM , an alleged OKX crypto exchange leak, and numerous mortgage company defacements.
Education: Indonesian Islamic schools were relentlessly defaced, while combo lists explicitly targeting .edu domains were distributed by actor CELESTIALHQ. Mansoura University in Egypt also allegedly suffered a 10GB breach of student records.
Healthcare: Medical data is highly sought after. Besides the 20 million Indonesian COVID records, Alameda_slim leaked data from 30 Mexican laboratories affiliated with Interlab.
Government & Defense: A highly alarming (though unverified) claim by mosad involved the sale of a classified DARPA AI/Autonomy Systems threat analysis report. Administrative access to Angolan government panels was sold for as low as $20.

5.2. By Country

Indonesia: A major hotspot for both massive data breaches (2.794 million PII records , 20 million COVID tests ) and localized hacktivist defacements.
United States: The primary target for financial defacements, PayPal credential requests, and leaks of platforms like City of Chicago Office data.
Europe (France, Germany, UK): Frequent targets for dedicated combo lists. E.g., HqComboSpace released 700,160 lines targeting German (.de) accounts , and French platforms like lasuite.numerique.gouv.fr were targeted for data exfiltration.

6. Detailed Incident Breakdown

6.1. High-Impact Data Breaches and Leaks

Indonesian COVID-19 Antigen Database: 20 million records exposed containing highly sensitive health and identity data, highlighting poor security controls in national health registries.
Hong Kong Financial Sector: 312,745 records of financial analysts and High-Net-Worth Individuals (HNWI) compiled from compromised CRM systems (HSBC, Morgan Stanley, Citi), demonstrating targeted espionage against the financial sector.
Robinhood & OKX Crypto Exchanges: Leaks of 6 million and 1 million records respectively, containing KYC documents (passports, selfies), credit cards, and portfolio data, representing a critical identity theft risk.
RENIEC (Peru): 31 million citizen records exposed, effectively compromising the digital identity of nearly the entire Peruvian population.

6.2. Website Defacement Campaigns

Defacements, while technically unsophisticated (often relying on simple PHP shell uploads or SQL injections), cause severe reputational damage.

Umbra Community’s Mortgage Targeting: Actor Nicotine systematically defaced US financial entities including Optimal Refinance, Quick Qualify Mortgages, VA Loans Pro, Strong Refinance Rates, Refisaver, Supra Mortgages, Stability Mortgages, and PreApprovalHub. This indicates a highly specific search dorking or vulnerability scanning campaign focused on the US real estate and loan sector.
Hidden Cyber Crime: Actor Inside Alone7 targeted diverse global domains like cepurhuye.rw (Rwanda), scribal.be (Belgium), and pps-security.fr (France), modifying the 1000.txt index files, indicating automated mass-exploitation tools.

6.3. The Industrialization of Credential Stuffing

The dataset reveals that credential stuffing is a highly organized, industrialized sector of cybercrime.

Combo List Segmentation: Threat actors no longer just dump random credentials. They parse and sort them using automated checkers (like OpenBullet) to create “premium” lists. We observed lists specifically parsed for Zalando , Riot Games , FuboTV , streaming services (Disney+, Hulu, HBO) , and payment processors (PayPal, Stripe, Revolut).
Volume Operations: Actors like ZoneX404 routinely drop lists ranging from 12 million to 39.9 million lines, effectively flooding the market with raw data to entice buyers into purchasing “unwrapped” (untested/fresh) premium lists via Telegram.

6.4. Fraud Services and Exploits

Forged Legal Documents: Actor convince sold forged court orders, MLAT requests, and subpoenas designed to bypass corporate Emergency Disclosure Requests (EDRs). This is paired with spoofed .gov emails and API buffer overflow exploits to force domain takedowns.
KYC Bypass & Verification Services: Fraudsters like PoolSearcher and Rasselkyc offer to bypass Know Your Customer (KYC) checks for $20-$1250 per account, enabling money laundering through cryptocurrency platforms.
Vishing Bots: The “BLACKP1” bot was sold to automate voice phishing (vishing), featuring Text-to-Speech script generation, SIP routing, and OTP (One-Time Password) interception to defeat Two-Factor Authentication (2FA).

7. Conclusion and Mitigation Recommendations

The cyber incidents documented in May 2026 present a highly commoditized and efficient cybercrime ecosystem. Threat actors are seamlessly bridging the gap between initial access, data exfiltration, and downstream fraud monetization. The sheer volume of Combo Lists being shared directly facilitates Account Takeover (ATO) attacks on a global scale.

Strategic Recommendations:

Mandatory Multi-Factor Authentication (MFA): Given the hundreds of millions of credentials circulating freely, organizations must enforce phishing-resistant MFA (such as FIDO2 security keys) to neutralize the threat of credential stuffing and ULP log exploitation.
Identity and KYC Verification Integrity: Financial institutions and cryptocurrency exchanges must enhance their KYC verification processes to detect deepfakes, forged documents, and accounts created by professional KYC-bypass services.
Proactive Dark Web Monitoring: Organizations must actively monitor cybercrime forums and Telegram channels for mentions of their domains, executive emails, and exposed employee credentials within stealer logs.
Vulnerability Management & Web Security: The mass defacements observed against educational and financial institutions highlight the need for rigorous patching, the deprecation of legacy PHP frameworks, and the implementation of Web Application Firewalls (WAF) to prevent basic shell uploads.
Zero Trust Architecture: With initial access brokers selling enterprise VPN credentials for nominal fees, organizations must implement Zero Trust network models, ensuring that compromised perimeter credentials do not result in lateral movement and catastrophic data breaches.

Detected Incidents Draft Data

Combo list of 64K mixed email credentials shared on cracking forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 64,000 mixed email:password lines on a cracking forum. The credentials are marketed for mail access. No specific breached organization is identified.
Date: 2026-05-11T23:43:39Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-64k-Mix-lines-Mail-Access
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 120,000 fresh email:password combo list targeting multiple streaming and gaming services
Category: Combo List
Content: A threat actor is distributing and selling a combo list of 120,000 email:password credentials marketed as fresh and high quality. The list is advertised as suitable for credential stuffing against services including Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify. The actor also offers additional combo lists segmented by email provider and country via Telegram.
Date: 2026-05-11T23:42:18Z
Network: openweb
Published URL: https://demonforums.net/Thread-120k-Fresh-HQ-Combolist-Email-Pass-Netflix-Minecraft-Uplay-Steam-Hulu-spotify–203718
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Indonesian COVID-19 antigen testing database
Category: Data Breach
Content: A threat actor known as XSVSHACKER is sharing what appears to be a large Indonesian COVID-19 antigen testing database containing approximately 20 million records. The exposed data includes Patient IDs, full names, national identification numbers (NICs), dates of birth, phone numbers, addresses, health facility names, and test results. The data appears to originate from multiple health facilities across Indonesia.
Date: 2026-05-11T23:21:46Z
Network: openweb
Published URL: https://darkforums.su/Thread-INDONESIAN-DATABASE-ANTIGEN-20M
Screenshots:
None
Threat Actors: XSVSHACKER
Victim Country: Indonesia
Victim Industry: Healthcare
Victim Organization: Unknown
Victim Site: Unknown
Alleged combo list targeting business corporate domains
Category: Combo List
Content: A combo list containing approximately 92,199 email and password combinations targeting business corporate domains was shared on a cracking forum. No additional details are available from the post content.
Date: 2026-05-11T23:15:10Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-92-199-Bussines-Corp-DOmain
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials with claimed valid access
Category: Combo List
Content: A forum user is distributing a combo list of 684 claimed valid Hotmail credentials. The content is gated behind registration or login on the forum. No breach of Hotmail is implied; these credentials are likely aggregated from prior breaches and tested against Hotmail.
Date: 2026-05-11T23:14:37Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%A7%A9684-hotmail-valid-access-11-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list by threat actor NovaCloud0x
Category: Combo List
Content: A threat actor operating under the alias NovaCloud0x is distributing a combo list of 775 Hotmail credentials, marketed as fresh and private. The content is hosted externally and requires forum registration to access.
Date: 2026-05-11T23:14:19Z
Network: openweb
Published URL: https://patched.to/Thread-775x-fresh-hotmail-prvt-by-nova
Screenshots:
None
Threat Actors: NovaCloud0x
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials
Category: Combo List
Content: A threat actor has freely shared a combo list of 1,616 Hotmail credential hits via an external paste link. The credentials are marketed as premium hits suitable for account access or credential stuffing.
Date: 2026-05-11T23:14:13Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1616x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F–2292752
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of full access credentials and cookies database with inbox searching
Category: Logs
Content: Threat actor offering full access to mailpass and cookies database sourced from private cloud infrastructure. Claims to have valid webmail credentials and cookies for multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT) with inbox searching capability filtered by keywords. Targets include eBay, OfferUp, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Mercari, Neosurf, Amazon, and Kleinanzeigen.
Date: 2026-05-11T23:14:04Z
Network: telegram
Published URL: https://t.me/c/2613583520/79898
Screenshots:
None
Threat Actors: Squad Chat Marketplace
Victim Country: Multiple (United Kingdom, Germany, Japan, Netherlands, Brazil, Poland, Spain, United States, Italy)
Victim Industry: Multiple (e-commerce, payment, travel, social)
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of stolen credit card data and compromised email accounts (UK, DE, JP, NL, BR, PL, ES, US, IT)
Category: Combo List
Content: Threat actor Num is advertising the sale of fresh stolen databases containing credit card data and compromised email accounts from multiple countries including UK, Germany, Japan, Netherlands, Brazil, Poland, Spain, US, and Italy. The seller claims to have access to accounts on platforms including eBay, OfferUp, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Amazon, Mercari, Kleinanzeigen, and Neosurf. The seller also claims to operate a private cloud with valid webmail credentials and offers to verify card validity before purchase.
Date: 2026-05-11T23:13:09Z
Network: telegram
Published URL: https://t.me/c/2613583520/79887
Screenshots:
None
Threat Actors: Num
Victim Country: United Kingdom, Germany, Japan, Netherlands, Brazil, Poland, Spain, United States, Italy
Victim Industry: Multiple (e-commerce, payment, email, booking platforms)
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mail access and credential lists
Category: Combo List
Content: Threat actor offering mail access credentials and combo lists (credential lists) across multiple countries including FR, BE, AU, CA, UK, US, NL, PL, DE, and JP. Also offering configs, scripts, tools, and hits. Contact via @DataxLogs.
Date: 2026-05-11T23:11:29Z
Network: telegram
Published URL: https://t.me/c/2613583520/79874
Screenshots:
None
Threat Actors: DataxLogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of clone cards, bank logs, CVVs, and fraudulent payment transfers
Category: Carding
Content: A threat actor is advertising clone cards, bank logs, CVVs/CCs with balances of $2,500–$10,000, and fraudulent transfers via PayPal, Cash App, Zelle, and Apple Pay at fixed price tiers. The seller directs buyers to contact via Telegram and accepts payment in BTC or USDT.
Date: 2026-05-11T23:06:54Z
Network: openweb
Published URL: https://altenens.is/threads/free-buttonnever-lose-hope-since-what-i-got-here-stillhundred-points-legit-safe-just-tapn-24-7-wit-your-budget-youll-receive-your-deposit-within-3-5-minutes-on-teleg.2938082/unread
Screenshots:
None
Threat Actors: Dhope
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting European and German shopping services
Category: Combo List
Content: A combo list containing 489,444 email:password lines is being shared, marketed as targeting European and German shopping services. No additional details are available from the post content.
Date: 2026-05-11T22:44:54Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-489-444-Lines-%E2%9C%85-Europa-Germany-Shopping-Target
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 1.8GB stealer logs
Category: Logs
Content: A threat actor is freely distributing 1.8GB of stealer logs on a cybercrime forum. The post contains full logs likely including credentials, cookies, and session data harvested via info-stealer malware. No specific victim organization or country is identified.
Date: 2026-05-11T22:44:38Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-1-8GB-%E2%AD%90%EF%B8%8F-STEALER-LOGS-FULL-LOGS-%E2%AD%90%EF%B8%8F–2092577
Screenshots:
None
Threat Actors: DevelMakss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of US email and password combo list with PII
Category: Combo List
Content: A threat actor is selling a combo list of approximately 480,000 lines targeting US-based email addresses, with 203,554 records containing valid credentials in plain text. The dataset reportedly includes full names, email addresses, IP addresses, physical addresses, and phone numbers. The seller is offering the list for $200 USD in Bitcoin via Telegram.
Date: 2026-05-11T22:44:33Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Combo-Email-Pass-USA-2026
Screenshots:
None
Threat Actors: ermukobar
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 66 million URL:Login:Password combo list
Category: Combo List
Content: A threat actor is distributing a combo list containing 66 million URL:login:password credential pairs, marketed as high quality. The post appears to be a bump of a previous release thread on a cracking forum.
Date: 2026-05-11T22:44:17Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-66M-%E2%9A%A1-URL-LOGIN-PASS-HQ-%E2%9A%A1
Screenshots:
None
Threat Actors: DevelMakss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 70K Hotmail Mix Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 70,000 Hotmail mixed credentials marketed as valid mail access. The post is shared on a public cracking forum and appears to be a free release.
Date: 2026-05-11T22:44:12Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-70K-%E2%9C%A8-HOTMAIL-MIX-VALID-MAIL-ACCESS-%E2%9C%A8
Screenshots:
None
Threat Actors: DevelMakss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Hotmail credentials shared on forum
Category: Combo List
Content: A threat actor shared a combo list of 1,974 claimed valid Hotmail credentials on a cybercrime forum. The content is gated behind registration or login. Credentials are marketed as valid access dated May 10, 2026.
Date: 2026-05-11T22:43:41Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%8C%8A1974-hotmail-valid-access-10-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Indonesian accounts
Category: Combo List
Content: A combo list containing over 273,000 credential pairs purportedly associated with Indonesian accounts was shared freely via an external paste link. The post was made on April 27, 2026, and attributed to the handle Elite_Cloud1.
Date: 2026-05-11T22:42:57Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-273-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Indonesia-%E2%9C%AA-27-APR-2026-%E2%9C%AA–2292723
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of mixed email combo list
Category: Combo List
Content: A threat actor shared a mixed mail lines combo list via an external paste link on a cracking forum. The post provides no additional context regarding origin, volume, or targeted services.
Date: 2026-05-11T22:42:48Z
Network: openweb
Published URL: https://nulledbb.com/thread-X850-Mixed-Mail-Lines–2292743
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ mixed combo list with 2 million credentials
Category: Combo List
Content: A threat actor is offering a mixed UHQ combo list containing approximately 2 million credentials via a cracking forum and Telegram channels. The post advertises both free and paid combo lists, directing interested parties to contact the seller on Telegram.
Date: 2026-05-11T22:39:07Z
Network: openweb
Published URL: https://crackingx.com/threads/74982/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 70 million credentials across mixed categories
Category: Combo List
Content: A threat actor shared a combo list of approximately 70 million URL:login:password (ULP) credentials spanning mixed categories. The list is made available via an external file-sharing link.
Date: 2026-05-11T22:38:46Z
Network: openweb
Published URL: https://crackingx.com/threads/74983/
Screenshots:
None
Threat Actors: mr_daadaa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of German email combo list targeting GMX, T-Online, and Web.de
Category: Combo List
Content: A threat actor is offering German-targeted combo lists via Telegram, advertising credentials associated with GMX, T-Online, and Web.de email services. The post directs interested parties to a Telegram contact and two channels for free combo lists and tools.
Date: 2026-05-11T22:38:25Z
Network: openweb
Published URL: https://crackingx.com/threads/74984/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Google Sheets automation and dashboard setup service offered on forum
Category: Services
Content: A forum member is advertising a commercial Google Sheets setup service, offering spreadsheet automation, dashboards, data analysis, and business workflow configuration. Pricing is variable based on client requirements. No threat activity is associated with this post.
Date: 2026-05-11T22:35:38Z
Network: openweb
Published URL: https://hackforums.net/showthread.php?tid=6325265
Screenshots:
None
Threat Actors: TheOlympus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of United Kingdom payroll records
Category: Data Leak
Content: A threat actor is distributing a dataset of 1,563 UK payroll records dated 2024. The data includes full names, national insurance numbers, birth dates, home addresses, bank account details (sort code, account number, bank name), and sensitive personal attributes such as ethnicity, religion, and sexual orientation. The source organization has not been identified.
Date: 2026-05-11T22:16:52Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-1-5k-United-Kingdom-payroll-data
Screenshots:
None
Threat Actors: Trezor
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Lopesan Hotel
Category: Data Leak
Content: A threat actor has leaked a dataset allegedly belonging to Lopesan Hotel in Spain, containing 27,629 guest records. The data includes guest names, email addresses, country codes, arrival and departure dates, room numbers, and other stay-related fields. The content is distributed via a hidden reply-gated post on a dark web forum.
Date: 2026-05-11T22:15:50Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-27k-Lopesan-Hotel-Spain
Screenshots:
None
Threat Actors: Trezor
Victim Country: Spain
Victim Industry: Hospitality
Victim Organization: Lopesan Hotel
Victim Site: lopesan.com
Combo list mix distributed for credential stuffing
Category: Combo List
Content: A threat actor shared a combo list titled Beast Mode 498 – Business on a cracking forum via an external paste link. The post contains email:password pairs marketed for credential stuffing against business accounts.
Date: 2026-05-11T22:06:39Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Mix-Beast-Mode-498-Business-mtbcloud
Screenshots:
None
Threat Actors: MTB_cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list distributed on cracking forum
Category: Combo List
Content: A combo list labeled Blaze 476 containing 476 email:password pairs was shared freely on a cracking forum. The credentials are marketed as valid and fresh. The list is hosted on an external paste service.
Date: 2026-05-11T22:06:17Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Mix-Blaze-476-Valid-Fresh-mtbcloud
Screenshots:
None
Threat Actors: MTB_cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Mixed Email:Password credentials shared freely
Category: Combo List
Content: A threat actor known as MTB_cloud shared a mixed email:password combo list via an external paste link. The post is part of a recurring Combo King series and markets the credentials as fresh. No specific victim organization or record count is disclosed.
Date: 2026-05-11T22:05:59Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Mix-Combo-King-498-Mix-Fresh-mtbcloud
Screenshots:
None
Threat Actors: MTB_cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Daily fresh mixed email:password combo list
Category: Combo List
Content: A threat actor shared a mixed email:password combo list containing 498 entries, marketed as fresh and valid. The list was made available via an external paste link on a cracking forum.
Date: 2026-05-11T22:05:38Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Mix-Daily-Fresh-498-Mix-Valid-mtbcloud
Screenshots:
None
Threat Actors: MTB_cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Polish accounts distributed on cracking forum
Category: Combo List
Content: A threat actor shared a combo list of 1,078 email:password credentials on a cracking forum, marketed as valid and fresh. The list is described as a mixed Polish combo and is hosted on an external paste site.
Date: 2026-05-11T22:05:19Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Poland-Valid-Fresh-1078-Mix-Private-mtbcloud
Screenshots:
None
Threat Actors: MTB_cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Telegram TData session files
Category: Logs
Content: A forum post by R0BIN1337 on Cracked.st advertises six Telegram TData session files. TData files contain Telegram session credentials and can be used to hijack accounts. No further details are available from the post content.
Date: 2026-05-11T22:05:06Z
Network: openweb
Published URL: https://cracked.st/Thread-x6-Valid-TData-File
Screenshots:
None
Threat Actors: R0BIN1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List — Russian email:password mix (1,061 lines)
Category: Combo List
Content: A threat actor shared a Russian email:password combo list containing 1,061 lines, marketed as fresh and private. The list was made available via an external paste link on a cracking forum.
Date: 2026-05-11T22:04:57Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Russia-Mix-Multi-1061-Fresh-Private-mtbcloud
Screenshots:
None
Threat Actors: MTB_cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
KYC bypass service offered for any site at $20
Category: Services
Content: A threat actor is offering to complete Know Your Customer (KYC) verification on any site for $20 per submission. Contact is solicited via Telegram under the handle poolsearcher. This service likely facilitates identity fraud or account creation under false identities.
Date: 2026-05-11T22:04:27Z
Network: openweb
Published URL: https://patched.to/Thread-nova-doing-kyc-any-site-20
Screenshots:
None
Threat Actors: PoolSearcher
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Outlook and Hotmail accounts
Category: Combo List
Content: A threat actor shared a combo list of 3,424 credentials targeting Outlook and Hotmail accounts on a public forum. The content is hidden behind a registration or login requirement.
Date: 2026-05-11T22:04:09Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-3-424-good-logs-combo-outlook-hotmail
Screenshots:
None
Threat Actors: cloudkaraoke
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of cracked Sendblaster Pro 4.1.13
Category: Services
Content: A forum user is distributing a cracked/activated version of Sendblaster Pro 4.1.13, a bulk email marketing tool, via an external paste link. The post does not reference a specific victim or breach.
Date: 2026-05-11T22:03:47Z
Network: openweb
Published URL: https://nulledbb.com/thread-Sendblaster-Pro-Version-4-1-13-Activated–2292685
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 70K Mixed Domains Valid Combolist
Category: Combo List
Content: A threat actor shared a combolist containing approximately 70,000 mixed-domain credentials via an external paste link. The list is marketed as valid and spans multiple domains.
Date: 2026-05-11T22:02:17Z
Network: openweb
Published URL: https://altenens.is/threads/70k-mixed-domains-valid-combolist.2938038/unread
Screenshots:
None
Threat Actors: VegaM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Hotmail combo list with 902 entries
Category: Combo List
Content: A threat actor is offering a combo list of 902 Hotmail credentials marketed as UHQ (ultra-high quality) drops. The list is available via a free download link as well as through paid subscription tiers ranging from $3 for 24 hours to $100 for three months.
Date: 2026-05-11T21:54:17Z
Network: openweb
Published URL: https://crackingx.com/threads/74977/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 5 million URL:Log:Pass combo list
Category: Combo List
Content: A threat actor shared a combo list containing 5 million URL:login:password credential pairs on a cracking forum. The content is restricted to registered users. No specific victim organization or targeted service was identified.
Date: 2026-05-11T21:53:57Z
Network: openweb
Published URL: https://crackingx.com/threads/74979/
Screenshots:
None
Threat Actors: Seaborg
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list by threat actor s2lender
Category: Combo List
Content: Threat actor s2lender is offering a combo list of 610 Hotmail credentials marketed as high-quality and fresh. The post advertises daily supply of 4,000–12,000 credentials through a private members-only network with encrypted access.
Date: 2026-05-11T21:53:38Z
Network: openweb
Published URL: https://crackingx.com/threads/74980/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of AI-powered hidden remote desktop control tool (AIRDC)
Category: Malware
Content: A threat actor is selling a tool called AIRDC, described as an AI-powered hidden remote desktop control application for Windows. The tool features stealth capabilities including kernel-level input interception, Session 0/headless virtual desktop operation, Protected Process Light (PPL) persistence to evade task managers, and encrypted P2P tunneling via WireGuard/Tailscale. Licensing is offered at $279/month (Lite) or $351/two months (Elite), with payment accepted in cryptocurrency.
Date: 2026-05-11T21:49:28Z
Network: openweb
Published URL: https://hackforums.net/showthread.php?tid=6325264
Screenshots:
None
Threat Actors: GENERAL DARK
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 5,783 stealer logs via cloud storage
Category: Logs
Content: A threat actor shared a collection of 5,783 stealer logs via a Pixeldrain link, marketed as fresh and dated May 11. The logs were made available for free on a dark web forum specializing in stealer log distribution.
Date: 2026-05-11T21:34:52Z
Network: openweb
Published URL: https://darkforums.su/Thread-%F0%9F%9A%80-5783-LOGS-CLOUD-%E2%98%81-11-MAY-%E2%9D%A4%EF%B8%8F-FRESH-LOGS%E2%9D%97%EF%B8%8F
Screenshots:
None
Threat Actors: UP_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 650K HQ Mix Email:Password Combo List
Category: Combo List
Content: A threat actor is offering a mixed email:password combo list containing approximately 650,000 credentials for sale via Telegram. The actor also advertises a Telegram group distributing free combo lists.
Date: 2026-05-11T21:25:12Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-650K-HQ-MIX-DATA-2-Email-Pass-Combolists
Screenshots:
None
Threat Actors: Orthorons
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alert: Unintelligible or off-topic forum post
Category: Alert
Content: The forum post contains no actionable threat intelligence. The author appears to be soliciting flash tether on TON, likely referring to fraudulent cryptocurrency, but no structured threat data is present.
Date: 2026-05-11T21:24:52Z
Network: openweb
Published URL: https://cracked.st/Thread-Who-have-flash-tether-on-ton-write-me
Screenshots:
None
Threat Actors: BOXOWNER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 381K UHQ Outlook credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 381,000 Outlook credentials, marketed as ultra-high quality and fresh. The list is intended for credential stuffing against Outlook/Microsoft accounts. The post is sponsored by an AIO tool service.
Date: 2026-05-11T21:24:31Z
Network: openweb
Published URL: https://cracked.st/Thread-381K-UHQ-OUTLOOK-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Yahoo combo list with 623K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 623K credentials marketed as UHQ and fresh, targeting Yahoo accounts. The post is sponsored by an AIO/checker tool service. Per combo list conventions, Yahoo is the credential-stuffing target, not the breach victim.
Date: 2026-05-11T21:24:09Z
Network: openweb
Published URL: https://cracked.st/Thread-623K-UHQ-YAHOO-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 2.2 million UHQ mixed mail credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 2.2 million mixed email credentials, marketed as fresh and high quality. The post is sponsored by a third-party AIO/checker service.
Date: 2026-05-11T21:23:47Z
Network: openweb
Published URL: https://cracked.st/Thread-2-2M-UHQ-MIXED-MAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 8.5 million alleged UHQ Gmail credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 8.5 million alleged UHQ Gmail credentials marketed as fresh. The post is sponsored by a third-party AIO tool service. Per combo list conventions, Gmail is a credential-stuffing target, not the breach source.
Date: 2026-05-11T21:23:24Z
Network: openweb
Published URL: https://cracked.st/Thread-8-5M-UHQ-GMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: UHQ Hotmail credentials (1.2M)
Category: Combo List
Content: A threat actor shared a combo list of 1.2 million Hotmail credentials, marketed as UHQ and fresh. The post is sponsored by slateaio.com, suggesting the list is intended for credential stuffing use.
Date: 2026-05-11T21:23:02Z
Network: openweb
Published URL: https://cracked.st/Thread-1-2M-UHQ-HOTMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted YouTube Premium account upgrades
Category: Services
Content: A threat actor is selling YouTube Premium individual account upgrades for $28 per year, significantly below the standard retail price. The seller claims to activate the subscription directly on the buyers personal email account. The discounted pricing suggests the upgrades are likely obtained through fraudulent or unauthorized means.
Date: 2026-05-11T21:22:29Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-28-%E2%9A%A1-YouTube-Premium-Individual-Upgrade-%E2%80%93-1-Year-on-Your-Email-%E2%9C%85
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted AI model API access service
Category: Services
Content: A seller operating under the name CloseRouter is advertising a cheap API access service for major AI models including ChatGPT, Claude, and Gemini on a forum. The service offers per-token pricing significantly below standard rates, with a free $2 trial balance and a 30% bonus for top-ups over $100. The service is accessible via closerouter.dev and may rely on unauthorized or resold API keys.
Date: 2026-05-11T21:22:19Z
Network: openweb
Published URL: https://patched.to/Thread-sellix-up-to-0-2-1%D0%BC-closerouter-cheap-api-for-ai-models-chatgpt-claude-gemini
Screenshots:
None
Threat Actors: CloseRouter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted API access service for AI models (ChatGPT, Claude, Gemini)
Category: Services
Content: A forum seller is advertising CloseRouter, a commercial API reseller service offering discounted access to AI models including OpenAI GPT, Anthropic Claude, Google Gemini, and others. Pricing is listed per million tokens with a promotional bonus for top-ups of $100 or more. The service operates via a dedicated website and Telegram support channel.
Date: 2026-05-11T21:22:09Z
Network: openweb
Published URL: https://cracked.st/Thread-Sellix-UP-TO-0-1-1%D0%9C-CloseRouter-CHEAP-API-FOR-AI-MODELS-CHATGPT-CLAUDE-GEMINI
Screenshots:
None
Threat Actors: CloseRouter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of VIP paid logs containing 1.6 million lines
Category: Logs
Content: A threat actor is selling a collection of stealer logs described as VIP paid logs containing approximately 1.6 million lines. The content is hidden behind a login/registration wall, limiting further detail. No specific victim organization or country is identified.
Date: 2026-05-11T21:21:40Z
Network: openweb
Published URL: https://patched.to/Thread-vip-paid-logs-1-6-million-lines
Screenshots:
None
Threat Actors: IGotABigDick
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials
Category: Combo List
Content: A combo list of approximately 200 Hotmail email credentials is being shared on a forum. The content is hidden behind a registration or login requirement.
Date: 2026-05-11T21:21:35Z
Network: openweb
Published URL: https://patched.to/Thread-0-2k-hq-hotmail-mail-access-combolist-301391
Screenshots:
None
Threat Actors: liamgoat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of Indonesian Islamic School by lxrdk1773n
Category: Defacement
Content: Threat actor lxrdk1773n conducted a mass defacement attack targeting the website of MTs Negeri 1 Ternate, an Indonesian state Islamic junior high school. The defacement was deployed via a PHP shell file (lol.php) on a Linux-based server. This incident is part of a broader mass defacement campaign attributed to the same actor.
Date: 2026-05-11T21:17:10Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249165
Screenshots:
None
Threat Actors: lxrdk1773n
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTs Negeri 1 Ternate
Victim Site: pmbm.mtsn1ternate.sch.id
Mass Website Defacement of Indonesian Islamic School by lxrdk1773n
Category: Defacement
Content: On May 12, 2026, a threat actor identified as lxrdk1773n conducted a mass defacement targeting the computer-based testing (CBT) subdomain of MTsN 1 Ternate, an Indonesian state Islamic junior high school. The attacker deployed a defacement page at the path /lol.php on a Linux-based server. This incident was part of a broader mass defacement campaign carried out by the attacker, as evidenced by the mass defacement flag.
Date: 2026-05-11T21:16:02Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249163
Screenshots:
None
Threat Actors: lxrdk1773n
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTsN 1 Ternate (State Islamic Junior High School 1 Ternate)
Victim Site: cbt.mtsn1ternate.sch.id
Mass Defacement of Indonesian Islamic School Website by lxrdk1773n
Category: Defacement
Content: On May 12, 2026, a threat actor operating under the alias lxrdk1773n conducted a mass defacement attack targeting the attendance subdomain of MTsN 1 Ternate, a state Islamic junior high school in Ternate, Indonesia. The defacement was deployed on a Linux-based server and was part of a broader mass defacement campaign. The incident was archived and mirrored via haxor.id.
Date: 2026-05-11T21:15:01Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249160
Screenshots:
None
Threat Actors: lxrdk1773n
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTsN 1 Ternate (State Islamic Junior High School 1 Ternate)
Victim Site: absen2.mtsn1ternate.sch.id
Website defacement of MTSN 1 Ternate by lxrdk1773n
Category: Defacement
Content: On May 12, 2026, a threat actor identified as lxrdk1773n defaced the attendance management subdomain of MTSN 1 Ternate, an Indonesian public Islamic junior high school. The attacker uploaded a defacement page (lol.php) to the Linux-based web server, targeting the schools attendance system. This was a single, targeted defacement with no affiliation to a known hacking group.
Date: 2026-05-11T21:14:09Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249159
Screenshots:
None
Threat Actors: lxrdk1773n
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Madrasah Tsanawiyah Negeri 1 Ternate (MTSN 1 Ternate)
Victim Site: absen.mtsn1ternate.sch.id
Mass Defacement of Indonesian Islamic Junior High School E-Learning Platform by lxrdk1773n
Category: Defacement
Content: On May 12, 2026, a threat actor identified as lxrdk1773n conducted a mass defacement campaign targeting the e-learning portal of MTsN 1 Ternate, a state Islamic junior high school in Ternate, Indonesia. The attacker uploaded a defacement file (lol.php) to the Linux-based web server, compromising the educational platform. This incident was part of a broader mass defacement operation and has been archived by haxor.id.
Date: 2026-05-11T21:12:56Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249164
Screenshots:
None
Threat Actors: lxrdk1773n
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTsN 1 Ternate (Madrasah Tsanawiyah Negeri 1 Ternate)
Victim Site: elearning.mtsn1ternate.sch.id
Mass defacement of Indonesian Islamic school website by lxrdk1773n
Category: Defacement
Content: The threat actor lxrdk1773n conducted a mass defacement campaign targeting the subdomain of MTsN 1 Ternate, an Islamic state junior high school in Ternate, Indonesia. The defacement was identified on May 12, 2026, with a malicious file (lol.php) uploaded to the web server running on Linux. This incident is part of a broader mass defacement operation attributed to the same actor.
Date: 2026-05-11T21:11:56Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249161
Screenshots:
None
Threat Actors: lxrdk1773n
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTsN 1 Ternate (Islamic Junior High School)
Victim Site: ard.mtsn1ternate.sch.id
Sale of Hotmail combo list
Category: Combo List
Content: A forum user is offering a combo list of 1,450 high-quality Hotmail credentials. The post advertises fresh and untouched credentials supplied daily in quantities of 4,000–12,000, marketed as optimized for credential stuffing.
Date: 2026-05-11T21:11:37Z
Network: openweb
Published URL: https://crackingx.com/threads/74971/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 1.7 million URL:login:password credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 1.7 million URL:login:password credentials via a Mega.nz link. The list was distributed freely on a cracking forum. No specific victim organization is identified.
Date: 2026-05-11T21:11:18Z
Network: openweb
Published URL: https://crackingx.com/threads/74972/
Screenshots:
None
Threat Actors: WashingtonDC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list by threat actor s2lender
Category: Combo List
Content: Threat actor s2lender is offering a combo list of 1,338 Hotmail credentials marketed as high-quality and fresh. The post advertises daily supply of 4,000–12,000 credentials through a private members-only network with encrypted access.
Date: 2026-05-11T21:10:59Z
Network: openweb
Published URL: https://crackingx.com/threads/74973/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement of Indonesian Islamic secondary school portal by lxrdk1773n
Category: Defacement
Content: On May 12, 2026, threat actor lxrdk1773n defaced the web portal of MTsN 1 Ternate, a state Islamic junior secondary school in Ternate, Indonesia. The incident was classified as a mass defacement, suggesting the attacker compromised multiple sites in the same campaign. The defacement was hosted on a Linux-based server and archived via haxor.id.
Date: 2026-05-11T21:10:44Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249166
Screenshots:
None
Threat Actors: lxrdk1773n
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTsN 1 Ternate (Madrasah Tsanawiyah Negeri 1 Ternate)
Victim Site: portal.mtsn1ternate.sch.id
Sale of mixed-access combo list targeting USA and Europe
Category: Combo List
Content: A threat actor is sharing a combo list of 3,380 credentials described as good and mixed access targeting users in the USA and Europe. The post includes a download link for the credential list.
Date: 2026-05-11T21:10:40Z
Network: openweb
Published URL: https://crackingx.com/threads/74974/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list by threat actor s2lender
Category: Combo List
Content: Threat actor s2lender is offering a combo list of 576 Hotmail credentials marketed as high quality and fresh. The post advertises daily supply of 4,000–12,000 credentials through a private members-only network. The credentials appear intended for credential stuffing or account takeover activity.
Date: 2026-05-11T21:10:20Z
Network: openweb
Published URL: https://crackingx.com/threads/74975/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of Indonesian Islamic Secondary School by lxrdk1773n
Category: Defacement
Content: On May 12, 2026, threat actor lxrdk1773n conducted a mass defacement attack targeting the archive subdomain of MTsN 1 Ternate, a state Islamic junior high school in Ternate, Indonesia. The attacker deployed a defacement page at the path /lol.php on a Linux-based server. This incident was part of a broader mass defacement campaign carried out by the same actor.
Date: 2026-05-11T21:09:32Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249162
Screenshots:
None
Threat Actors: lxrdk1773n
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTsN 1 Ternate (State Islamic Junior High School 1 Ternate)
Victim Site: arsipku.mtsn1ternate.sch.id
Free Hotmail credential hits shared on forum
Category: Combo List
Content: A forum user shared 1,269 valid Hotmail credential hits via an external paste service. The credentials are marketed as verified hits suitable for credential stuffing against Hotmail accounts.
Date: 2026-05-11T21:06:42Z
Network: openweb
Published URL: https://altenens.is/threads/1269x-valid-hotmail-hits-_ebbi_cloud.2938025/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of email credentials and combolists across multiple countries
Category: Combo List
Content: Threat actor offering for sale email:password combolists, mail access with cookies, and account credentials across multiple countries including US, UK, DE, FR, JP, NL, PL, BR, ES, IT, CA, and others. Seller claims to have private cloud hotmail UHQ access and combo lists with keyword searching capabilities for platforms including eBay, Amazon, Walmart, Kleinanzeigen, Poshmark, Depop, and Reddit. Prices mentioned starting at $1 for certain access types.
Date: 2026-05-11T20:55:44Z
Network: telegram
Published URL: https://t.me/c/2613583520/79815
Screenshots:
None
Threat Actors: DataxLogs
Victim Country: Multiple countries
Victim Industry: Multiple (email providers, e-commerce platforms)
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Optimal Refinance by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website optimalrefinance.com, a financial services domain likely offering refinancing products. The defacement was a targeted, single-site incident and does not appear to be part of a mass or repeated defacement campaign. Server and infrastructure details were not disclosed in the available intelligence.
Date: 2026-05-11T20:52:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920337
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Optimal Refinance
Victim Site: optimalrefinance.com
Virtual SMS number rental service advertised on forum
Category: Services
Content: A seller is advertising a virtual SMS number rental service operated via a Telegram bot. The service offers temporary numbers from over 40 countries for up to 90 days, supporting unlimited SMS reception and one-time activations. Payment is accepted in cryptocurrency and Monero.
Date: 2026-05-11T20:52:09Z
Network: openweb
Published URL: https://spear.cx/Thread-Rent-virtual-numbers-for-SMS-via-telegram-bot
Screenshots:
None
Threat Actors: LibrePass
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Quick Qualify Mortgages by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Quick Qualify Mortgages, a mortgage lending service. The incident was a targeted single-site defacement with no mass or repeat defacement indicators. The attackers motivation and technical exploitation method remain unknown.
Date: 2026-05-11T20:51:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920341
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United States
Victim Industry: Financial Services / Mortgage Lending
Victim Organization: Quick Qualify Mortgages
Victim Site: quickqualifymortgages.com
Website Defacement of Pick Realtors by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor operating under the alias Nicotine, affiliated with the group Umbra Community, defaced the website pickrealtors.com. The incident was a targeted, single-site defacement with no indication of mass or repeated compromise. The motive behind the attack remains unknown.
Date: 2026-05-11T20:50:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920338
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United States
Victim Industry: Real Estate
Victim Organization: Pick Realtors
Victim Site: pickrealtors.com
Website Defacement of VA Loans Pro by Nicotine (Umbra Community)
Category: Defacement
Content: On May 12, 2026, the website valoanspro.com was defaced by a threat actor known as Nicotine, operating under the group Umbra Community. The targeted domain suggests the victim is a financial services company specializing in VA (Veterans Affairs) loans in the United States. The incident was a single-target defacement, with a mirror of the defaced page archived at zone-xsec.com.
Date: 2026-05-11T20:49:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920359
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: VA Loans Pro
Victim Site: valoanspro.com
Website Defacement of Veteran Loan Service by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website veteranloan.pro, a domain associated with veteran loan financial services. The defacement targeted a specific index file (index.txt) and was not classified as a mass or home page defacement. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-11T20:48:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920363
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Veteran Loan
Victim Site: veteranloan.pro
Website Defacement of Strong Refinance Rates by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website strongrefinancerates.com, a financial services platform likely offering mortgage or loan refinancing information. The attack was a singular, targeted defacement rather than a mass or repeated compromise. No specific motive or server details were disclosed in the available intelligence.
Date: 2026-05-11T20:47:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920355
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Strong Refinance Rates
Victim Site: strongrefinancerates.com
Website Defacement of RealtorShopping.ai by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website realtorshopping.ai. The defacement targeted a real estate-related platform and was recorded as a single, non-mass, non-repeated defacement incident. The server details and specific motivation behind the attack remain unknown.
Date: 2026-05-11T20:47:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920345
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Real Estate
Victim Organization: Realtor Shopping
Victim Site: realtorshopping.ai
Website Defacement of Refisaver by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website refisaver.com. The attack targeted a file-level page (index.txt) rather than the homepage, indicating a targeted intrusion into the web server. The incident was recorded and mirrored by zone-xsec.com as a single-site defacement.
Date: 2026-05-11T20:46:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920347
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Refisaver
Victim Site: refisaver.com
Website Defacement of Supra Mortgages by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website of Supra Mortgages at supramortgages.com. The defacement targeted the index page of the financial services company and was recorded as a singular, non-mass incident. A mirror of the defacement was archived via zone-xsec.com.
Date: 2026-05-11T20:44:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920356
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Supra Mortgages
Victim Site: supramortgages.com
Website Defacement of PreApprovalHub by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website preapprovalhub.com. The defacement targeted a single page (index.txt) and was not classified as a mass or home page defacement. The incident was documented and mirrored via zone-xsec.com.
Date: 2026-05-11T20:44:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920339
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: PreApproval Hub
Victim Site: preapprovalhub.com
Website Defacement of Stability Mortgages by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Stability Mortgages, a mortgage lending organization. The attack targeted the sites index page and was recorded as a single, non-mass defacement. No specific motive or server details were disclosed in the available incident data.
Date: 2026-05-11T20:43:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920351
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United States
Victim Industry: Financial Services / Mortgage Lending
Victim Organization: Stability Mortgages
Victim Site: stabilitymortgages.com
Website Defacement of OnlineApprovals.net by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website onlineapprovals.net. The defacement targeted a single page (index.txt) and was not classified as a mass or home page defacement. Server and infrastructure details remain unknown, and no specific motive was disclosed.
Date: 2026-05-11T20:42:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920336
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Online Approvals
Victim Site: onlineapprovals.net
Website Defacement of RateFriendly by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor identified as Nicotine, affiliated with the group Umbra Community, defaced the website ratefriendly.com by altering the index.txt file. The incident was a targeted, single-site defacement with no indication of mass or repeated defacement activity. The motive and technical details of the intrusion remain unknown.
Date: 2026-05-11T20:41:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920342
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Finance / Rating Services
Victim Organization: RateFriendly
Victim Site: ratefriendly.com
Free distribution of fresh cloud stealer logs
Category: Logs
Content: A forum user is freely distributing fresh stealer logs described as dorked cloud logs on a daily basis. No further details are available regarding the volume or origin of the logs.
Date: 2026-05-11T20:40:58Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%98%81%EF%B8%8F-Free-Cloud-%E2%98%81%EF%B8%8F-Fresh-Dorkd-logs-daily–2092505
Screenshots:
None
Threat Actors: kirkenyahu12
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting PayPal, Stripe, and Revolut accounts
Category: Combo List
Content: A threat actor on Cracked is offering a combo list of approximately 678,000 email:password pairs marketed for use against PayPal, Stripe, and Revolut. The post claims the data is private and advertises an impressive hit rate. The credentials are described as fresh for 2026.
Date: 2026-05-11T20:39:41Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-678K-%E3%80%8D%E2%9A%A1-PAYPAL-STRIPE-REVOLUT-%E2%9A%A1-100-PRIVATE-DATA-%E2%9A%A1IMPRESSIVE-HITRATE%E2%9A%A1-2026-NEW%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting shopping platforms
Category: Combo List
Content: A threat actor is offering a combo list of approximately 597,000 email and password pairs described as a private base suitable for credential stuffing against shopping platforms. The list is marketed as effective for general use across multiple services.
Date: 2026-05-11T20:39:18Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1597K-SHOPPING%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANYTHING-YOU-NEED%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Zalando credential combo list with 528K records
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 528,000 email:password credentials marketed for use against Zalando. The post describes the base as private and suitable for various credential stuffing purposes.
Date: 2026-05-11T20:37:59Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1528K-ZALANDO%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANYTHING-YOU-NEED%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: WorldCombo Education Mixed Target (113,962 lines)
Category: Combo List
Content: A combo list of 113,962 email:password lines targeting educational services has been shared on a cracking forum. The list is marketed as a mixed-target combo for credential stuffing against education-related platforms. No specific breached organization is identified.
Date: 2026-05-11T20:37:37Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-113-962-Lines-%E2%9C%85-WorldCombo-Edu-Mixed-Target-2026
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of subscription-based stealer log cloud service with daily fresh logs
Category: Logs
Content: A threat actor is selling access to a private cloud service hosting stealer logs described as dorked and refreshed daily. Subscription tiers range from $7 for 3 days to $50 for lifetime access. A free tier is also advertised via a Telegram channel.
Date: 2026-05-11T20:36:55Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%98%81%EF%B8%8F-Private-Cloud-%E2%98%81%EF%B8%8F-Fresh-Dorkd-logs-daily-all-hits
Screenshots:
None
Threat Actors: kirkenyahu12
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of IMAP email checker tool with anti-detection engine
Category: Combo List
Content: A threat actor is selling Heimdallr, an IMAP email credential checking tool priced at $75 lifetime. The tool supports up to 500 threads, proxy rotation, and includes an anti-detection engine designed to bypass fingerprinting on Microsoft, Gmail, Yahoo, and AOL platforms. It automatically accesses validated inboxes and exports per-account reports.
Date: 2026-05-11T20:36:37Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%EF%B8%8FHeimdallar-Email-checker-and-Imap-Viewer-17-Modules-LTS-fingerprint-bypass-live
Screenshots:
None
Threat Actors: kirkenyahu12
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Fortnite external cheat software XANAX.AC with aimbot and ESP features
Category: Malware
Content: A threat actor is selling an external cheat for the game Fortnite under the brand XANAX.AC, advertised as undetected (UD) and tournament-safe. Features include aimbot, ESP, and radar. A 50% launch discount is offered sitewide with free test keys available on request.
Date: 2026-05-11T20:36:10Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%A8XANAX-AC-FN-EXTERNAL%E2%9C%A850-LAUNCH-SALE%E2%9C%A8UD%E2%9C%A8-AIMBOT%E2%9C%A8-ESP%E2%9C%A8TOURNEY-SAFE%E2%9C%A8RADAR%E2%9C%A8
Screenshots:
None
Threat Actors: Scream
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of game cheat software for Rust (XANAX.AC external cheat)
Category: Services
Content: A forum user is advertising a paid external cheat for the game Rust, branded as XANAX.AC, featuring aimbot, ESP, radar, and quality-of-life features, marketed as undetected (UD) with a 50% launch sale. No post content was available for further analysis.
Date: 2026-05-11T20:35:41Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%A8XANAX-AC-RUST-EXTERNAL%E2%9C%A850-LAUNCH-SALE%E2%9C%A8UD%E2%9C%A8-AIMBOT%E2%9C%A8-ESP%E2%9C%A8RADAR%E2%9C%A8QOL%E2%9C%A8
Screenshots:
None
Threat Actors: Scream
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 872K streaming combo list
Category: Combo List
Content: A threat actor operating as MetaCloud3 is distributing a combo list of approximately 872,000 email:password credentials marketed for use against streaming services. The list is described as a private base suitable for credential stuffing across multiple platforms.
Date: 2026-05-11T20:35:12Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1872K-STREAMING-%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANYTHING-YOU-NEED%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Sultan Butchery by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website sultanbutchery.com by altering its index page. The defacement was a targeted single-site attack with no indication of mass or repeated defacement activity. No specific motive or additional technical indicators were disclosed in the available report.
Date: 2026-05-11T20:35:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920113
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Food & Beverage / Retail
Victim Organization: Sultan Butchery
Victim Site: sultanbutchery.com
Website Defacement of Ozzy Food on Wheels by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Ozzy Food on Wheels, a food service business. The attack targeted the index page of the domain ozzyfoodonwheels.com and was recorded as a single, non-mass defacement. The incident was mirrored and archived by zone-xsec.com.
Date: 2026-05-11T20:34:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920108
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Food & Beverage
Victim Organization: Ozzy Food on Wheels
Victim Site: ozzyfoodonwheels.com
Combo List of 685K Mixed Credentials
Category: Combo List
Content: A threat actor is distributing a mixed combo list of approximately 685,000 email:password credentials, marketed as private data with a high hit rate. The post advertises the list as fresh for 2026. No specific victim organization or breach source is identified.
Date: 2026-05-11T20:33:36Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-685K-%E3%80%8D%E2%9A%A1-MIX-%E2%9A%A1-100-PRIVATE-DATA-%E2%9A%A1IMPRESSIVE-HITRATE%E2%9A%A1-2026-NEW%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of 1000power.co by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website 1000power.co. The defacement targeted the index page of the domain and was recorded as a singular, non-mass incident. No specific motive or server details were disclosed in connection with this attack.
Date: 2026-05-11T20:33:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920090
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: 1000 Power
Victim Site: 1000power.co
Free Hotmail combo list with 1,377 hits
Category: Combo List
Content: A threat actor has freely shared a combo list containing 1,377 Hotmail credential hits via an external paste service. The credentials are marketed as premium hits, suggesting they have been verified against Hotmail accounts.
Date: 2026-05-11T20:32:54Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1377x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F–2292632
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list targeting Belgium distributed on forum
Category: Combo List
Content: A combo list containing over 101,000 credential pairs associated with Belgium was shared freely via an external paste link. The post was made on a cracking/dumping forum under the handle Fragtez.
Date: 2026-05-11T20:32:34Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-101-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Belgium-%E2%9C%AA-25-APR-2026-%E2%9C%AA–2292663
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free USA email:password combo list
Category: Combo List
Content: A user on a cracking forum has freely shared a combo list of USA email:password credentials via an external paste link. The list is marketed as high quality and distributed without charge.
Date: 2026-05-11T20:32:30Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-USA-EMAILPASS-COMBOLIST-SHROUD20-txt–2292623
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of African Food Market by Nicotine (Umbra Community)
Category: Defacement
Content: On May 12, 2026, a threat actor identified as Nicotine, affiliated with the group Umbra Community, defaced the website of African Food Market at africanfoodmarket.net. The incident was a targeted single-site defacement with no stated motive recorded. The attack details were archived via zone-xsec.com mirror.
Date: 2026-05-11T20:32:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920091
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Food & Beverage Retail
Victim Organization: African Food Market
Victim Site: africanfoodmarket.net
Website Defacement of Subtown by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the Canadian website subtown.ca. The defacement targeted the index page of the site, replacing its content with the attackers message. No specific motive was disclosed for the attack.
Date: 2026-05-11T20:31:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920112
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Subtown
Victim Site: subtown.ca
Website Defacement of Bitmine Cellular by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website of Bitmine Cellular, a Canadian telecommunications entity. The defacement targeted the index page of the domain bitminecellular.ca. No specific motive or proof of compromise details were disclosed in the available intelligence.
Date: 2026-05-11T20:30:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920097
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Telecommunications
Victim Organization: Bitmine Cellular
Victim Site: bitminecellular.ca
Website defacement of BDS Capital by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of BDS Capital, a Canadian financial/investment entity. The defacement targeted the index.txt file of the domain bdscapital.ca. This was a single-target, non-mass defacement with no redefacement history recorded.
Date: 2026-05-11T20:29:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920095
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Finance/Investment
Victim Organization: BDS Capital
Victim Site: bdscapital.ca
Website Defacement of Purohit Thali by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website purohitthali.com. The incident was a targeted single-site defacement, with the defaced page archived at zone-xsec.com. No specific motive or server details were disclosed.
Date: 2026-05-11T20:29:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920084
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Food & Beverage / Restaurant
Victim Organization: Purohit Thali
Victim Site: purohitthali.com
Website Defacement of Tague Mount Real Estate by Nicotine (Umbra Community)
Category: Defacement
Content: On May 12, 2026, the real estate website taguemountrealestate.com was defaced by a threat actor operating under the handle Nicotine, affiliated with the group Umbra Community. The attack was a single targeted defacement of the sites index page. Server and infrastructure details were not disclosed in the available reporting.
Date: 2026-05-11T20:28:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920114
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Real Estate
Victim Organization: Tague Mount Real Estate
Victim Site: taguemountrealestate.com
Website Defacement of SoftSanitary by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website softsanitary.com. The attack targeted a single page (index.txt) and was not classified as a mass or home defacement. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-11T20:27:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920111
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Sanitation / Cleaning Products
Victim Organization: Soft Sanitary
Victim Site: softsanitary.com
Alleged data leak of Arc Reinsurance Brokers
Category: Data Leak
Content: A threat actor affiliated with the Stormous Group claims to have leaked approximately 20GB of data from Arc Reinsurance Brokers (Lebanon and Dubai operations) for free via Mega. The dump allegedly includes KYC documents, employee files, financial records, executive files, and Emirates ID documents. The release is stated to follow a failure to reach a resolution with the company.
Date: 2026-05-11T20:26:24Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DOCUMENTS-Arc-Reinsurance-Brokers-arc-reins-com-Lebanon-and-Dubai-FULL-DATA-DUMP-KYC
Screenshots:
None
Threat Actors: XOverStm
Victim Country: Lebanon
Victim Industry: Finance
Victim Organization: Arc Reinsurance Brokers
Victim Site: arc-reins.com
Website defacement of All Out Burger by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website of All Out Burger, a food and beverage establishment. The defacement targeted the index page of the domain alloutburger.com and was not classified as a mass or home defacement. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-11T20:26:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920092
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United States
Victim Industry: Food & Beverage / Restaurant
Victim Organization: All Out Burger
Victim Site: alloutburger.com
Website Defacement of Juland by Ashura_mode (Night Root)
Category: Defacement
Content: On May 12, 2026, a threat actor identified as Ashura_mode, operating under the team Night Root, defaced the website juland.co.tz hosted on a Linux server. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity.
Date: 2026-05-11T20:25:31Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249158
Screenshots:
None
Threat Actors: Ashura_mode, Night Root
Victim Country: Tanzania
Victim Industry: Unknown
Victim Organization: Juland
Victim Site: juland.co.tz
Website Defacement of Vrindavan Yatri Niwas by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Vrindavan Yatri Niwas, a hospitality or pilgrim accommodation service likely based in Vrindavan, India. The incident was a targeted single-site defacement with no mass or re-defacement indicators. The attack details were archived via zone-xsec.com mirror.
Date: 2026-05-11T20:24:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920085
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Hospitality / Tourism
Victim Organization: Vrindavan Yatri Niwas
Victim Site: vrindavanyatriniwas.com
Website Defacement of Sedal Construction by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Sedal Construction at sedalconstruction.com. The incident was a targeted, single-site defacement with no indication of mass or repeated defacement activity. Server and infrastructure details were not disclosed in the available reporting.
Date: 2026-05-11T20:23:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920110
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Construction
Victim Organization: Sedal Construction
Victim Site: sedalconstruction.com
Alleged data breach of La Suite Numérique (lasuite.numerique.gouv.fr)
Category: Data Breach
Content: A threat actor claims to have exfiltrated over 18 million records from lasuite.gouv.fr, a French government digital services platform. The data is allegedly being offered for sale via Telegram, with samples of up to 5,000 lines available upon request.
Date: 2026-05-11T20:22:31Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-lasuite-numerique-gouv-fr
Screenshots:
None
Threat Actors: exclode
Victim Country: France
Victim Industry: Government
Victim Organization: La Suite Numérique
Victim Site: lasuite.numerique.gouv.fr
Website Defacement of Sreenivas Invisible Grill by Nicotine (Umbra Community)
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Sreenivas Invisible Grill, an Indian home improvement and grill installation company. The incident was a targeted single-site defacement with no mass or repeated defacement indicators. The attack details were archived via zone-xsec.com mirror for record-keeping.
Date: 2026-05-11T20:17:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919822
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Construction / Home Improvement
Victim Organization: Sreenivas Invisible Grill
Victim Site: sreenivasinvisiblegrill.com
Website Defacement of Shrivara Hi Travels by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website of Shrivara Hi Travels, an Indian travel company. The defacement targeted the index page of the site and was recorded as a single, non-mass defacement incident. The attack was mirrored and archived at zone-xsec.com for reference.
Date: 2026-05-11T20:16:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919816
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Travel and Tourism
Victim Organization: Shrivara Hi Travels
Victim Site: shrivarahitravels.in
Website Defacement of Creative Capture DVG by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor identified as Nicotine, affiliated with the group Umbra Community, defaced the website of Creative Capture DVG (creativecapturedvg.com). The incident was a single targeted defacement, not part of a mass or repeat defacement campaign. No specific motive, server details, or proof of concept were disclosed.
Date: 2026-05-11T20:16:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919799
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Photography/Creative Services
Victim Organization: Creative Capture DVG
Victim Site: creativecapturedvg.com
Website Defacement of Balaji Tours by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor identified as Nicotine, affiliated with the group Umbra Community, defaced the website of Balaji Tours, a travel and tourism company. The defacement targeted a single page (index.txt) and was not part of a mass or redefacement campaign. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-11T20:15:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919796
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Travel and Tourism
Victim Organization: Balaji Tours
Victim Site: balajitours.co
Website Defacement of SLV Event Planner Rental Props by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of SLV Event Planner Rental Props, an Indian event planning and rental services company. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity. The attack details are documented via a mirror on zone-xsec.com.
Date: 2026-05-11T20:14:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919820
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Event Planning & Rentals
Victim Organization: SLV Event Planner Rental Props
Victim Site: slveventplannerrentalprops.in
Website Defacement of Skyroot Infra by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website skyrootinfra.com. The defacement targeted a single page and was not classified as a mass or redefacement incident. The attackers motivation and technical entry vector remain unknown at this time.
Date: 2026-05-11T20:13:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919819
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Information Technology / Infrastructure
Victim Organization: Skyroot Infra
Victim Site: skyrootinfra.com
Website Defacement of Khushi Ventures by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Khushi Ventures by altering the index page. The defacement was a targeted single-site attack with no mass or redefacement indicators. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-11T20:12:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919805
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Business Services
Victim Organization: Khushi Ventures
Victim Site: khushiventures.com
Website Defacement of Siddi Tours and Travels by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of Siddi Tours and Travels, an Indian travel and tourism company. The attack targeted the index page of the domain sidditoursandtravels.in. The incident was a single targeted defacement, not part of a mass defacement campaign.
Date: 2026-05-11T20:11:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919818
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Travel and Tourism
Victim Organization: Siddi Tours and Travels
Victim Site: sidditoursandtravels.in
Website Defacement of OneGen Healthcare by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, operating under the group Umbra Community, defaced the website of OneGen Healthcare. The defacement targeted the index page of the healthcare organizations domain. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-11T20:10:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919810
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: OneGen Healthcare
Victim Site: onegenhealthcare.com
Website Defacement of Bloom Balloons by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website bloomballoons.shop by altering the index.txt file. The attack was a targeted single-site defacement with no mass defacement or redefacement indicators noted. The motive and technical details of the intrusion remain unknown.
Date: 2026-05-11T20:09:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919797
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Retail / Event Supplies
Victim Organization: Bloom Balloons
Victim Site: bloomballoons.shop
Sale of forged legal documents, EDR forgery services, and domain seizure methods
Category: Services
Content: A threat actor is selling forged legal documents including court orders, MLAT requests, and subpoenas designed to impersonate law enforcement and bypass corporate compliance for Emergency Disclosure Requests (EDRs). The offering includes .gov email addresses to lend authenticity to fraudulent submissions, as well as domain seizure and suspension services and a private method described as involving header-spoofing and buffer overflow exploitation of reporting APIs. Prices range from $100 per docu
Date: 2026-05-11T20:09:12Z
Network: openweb
Published URL: https://breached.st/threads/forged-court-orders-domain-seizures-private-edr-method-gov-emails-included.87006/unread
Screenshots:
None
Threat Actors: convince
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Sri Chowdeshwari Astrology by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, operating under the team Umbra Community, defaced the website of Sri Chowdeshwari Astrology, an Indian astrology services website. The incident was a targeted single-site defacement with no mass or redefacement indicators. A mirror of the defaced page was archived at zone-xsec.com.
Date: 2026-05-11T20:08:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919823
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Astrology / Spiritual Services
Victim Organization: Sri Chowdeshwari Astrology
Victim Site: srichowdeshwariastrology.in
Alleged data breach of Chinese Lions Club
Category: Data Breach
Content: A threat actor claims to have accessed the Chinese Lions Club (狮子会) national management platform via default admin credentials (admin/123qwe). Financial dumps from the platform are allegedly being distributed via a Telegram link. The exposed data volume and record count are not specified in the post.
Date: 2026-05-11T20:08:19Z
Network: openweb
Published URL: https://breached.st/threads/271-leaked-financial-dumps-chinese-lions-club.87008/unread
Screenshots:
None
Threat Actors: cc5ab
Victim Country: China
Victim Industry: Non-Profit
Victim Organization: Chinese Lions Club
Victim Site: api.cclions.org.cn
Website Defacement of SMK Tours and Travels by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor known as Nicotine, affiliated with the group Umbra Community, defaced the website of SMK Tours and Travels, an Indian travel and tourism company. The incident was a targeted single-site defacement rather than a mass or home page defacement. A mirror of the defaced page was archived via zone-xsec.com.
Date: 2026-05-11T20:07:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919821
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Travel and Tourism
Victim Organization: SMK Tours and Travels
Victim Site: smktoursandtravels.in
Alleged data breach of Fédération Française de Ball-Trap (FFBT)
Category: Data Breach
Content: A forum post on SP – Databases references a database allegedly belonging to the Fédération Française de Ball-Trap (FFBT), a French clay shooting sports federation. No further details regarding the data contents, record count, or method of compromise are available from the post.
Date: 2026-05-11T20:04:40Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-F??d??ration-Fran??aise-de-Ball-Trap-FFBT
Screenshots:
None
Threat Actors: NormalLeVrai
Victim Country: France
Victim Industry: Sports
Victim Organization: Fédération Française de Ball-Trap
Victim Site: ffbt.fr
Combo list targeting Riot Games Valorant accounts
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 783,000 email:password credentials marketed for use against Riot Games Valorant accounts. The post claims a high hit rate and describes the data as private and current as of 2026.
Date: 2026-05-11T19:52:44Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-783K-%E3%80%8D%E2%9A%A1-RIOT-GAMES-VALORANT-%E2%9A%A1-100-PRIVATE-DATA-%E2%9A%A1IMPRESSIVE-HITRATE%E2%9A%A1-2026-NEW%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 765K business email credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 765,000 business email and password pairs, marketed as a private base suitable for credential stuffing across multiple services. The post is authored by MetaCloud3 and appears to be offered freely on a combolist forum.
Date: 2026-05-11T19:52:21Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1765K-BUSINESS%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANYTHING-YOU-NEED%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 872K email access credentials shared on forum
Category: Combo List
Content: A threat actor shared a combo list of 872,000 email:password credentials, marketed as a private base suitable for various credential stuffing purposes. The post was made on a public cracking forum and attributed to the user MetaCloud3.
Date: 2026-05-11T19:51:56Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1872K-MAIL-ACCESS%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANYTHING-YOU-NEED%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Disney+, DAZN, HBOGO, and Hulu streaming services
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 705,000 email:password credentials claimed to be effective against Disney+, DAZN, HBOGO, and Hulu streaming platforms. The post markets the list as private data with a high hit rate. These services are credential-stuffing targets, not the source of the breach.
Date: 2026-05-11T19:51:33Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-705K-%E3%80%8D%E2%9A%A1-DISNEY-DAZN-HBOGO-HULU-%E2%9A%A1-100-PRIVATE-DATA-%E2%9A%A1IMPRESSIVE-HITRATE%E2%9A%A1-2026-NEW%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Gmail combo list by D4rkNetHub
Category: Combo List
Content: A threat actor known as D4rkNetHub is offering a combo list of over 100,000 Gmail credentials on a cracking forum. The post is associated with a price indicator. No further details are available from the post content.
Date: 2026-05-11T19:51:11Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-100k-GMAIL-GOODS-D4RKNETHUB-8–2092467
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list of 3,666 credentials freely shared
Category: Combo List
Content: A threat actor shared a combo list of 3,666 Hotmail email and password pairs, marketed as fresh and private. The credentials are intended for credential stuffing against Hotmail/Outlook accounts. The post content is a bump, indicating the list was previously shared.
Date: 2026-05-11T19:50:52Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%85%E2%9C%A8-3666-FRESH-HOTMAILS-COMBOLIST-%E2%9C%A8%E2%9C%85PRIVATE-COMBO%E2%9C%852026-FRESH-UHQ%E2%9C%85
Screenshots:
None
Threat Actors: znx_hq
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of URL:Login:Pass credentials shared on forum
Category: Combo List
Content: A forum user shared a combo list advertised as fresh URL:Login:Pass credentials. No further details are available from the post content.
Date: 2026-05-11T19:50:32Z
Network: openweb
Published URL: https://cracked.st/Thread-FRESH-URL-LOG%C4%B0N-PASS-PRIVATE–2092489
Screenshots:
None
Threat Actors: RobotxTR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of ULP combo list sourced from RedLine stealer logs
Category: Combo List
Content: A threat actor is distributing a URL:login:password (ULP) combo list purportedly sourced from RedLine stealer logs, dated 11-05-2026 and marketed as fresh and high quality. The post directs users to a private channel via Telegram for access. No specific victim organization or record count is identified.
Date: 2026-05-11T19:50:15Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%AD%90%E2%AD%90FRESH-ULP-FROM-REDLINE-COUD-11-05-2026-UNRAPPED-UHQ-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: kingdevl10
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email credential combo list with claimed valid hits
Category: Combo List
Content: A threat actor is sharing or distributing a mixed email credential combo list purportedly containing 17,000 valid hits. The post directs users to a private channel via Telegram handle @Redline_Support4 for access to additional data. The credentials are marketed as fully validated and sourced from private, unreleased data.
Date: 2026-05-11T19:50:10Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%AD%90%E2%AD%9017K-MIX-MAIL-ACCES-FULL-VALID-HITS%E2%AD%90-PRIVATE-UNRAPPED-DATA-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: kingdevl10
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of fresh RedLine stealer logs (1GB)
Category: Logs
Content: A threat actor is distributing approximately 1GB of stealer logs purportedly collected via RedLine on 11-05-2026, described as fresh and unprocessed. The post directs users to a private Telegram channel for access. No specific victim organization or country is identified.
Date: 2026-05-11T19:49:53Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%AD%90%E2%AD%901GB-FRESH-UPP-LOGS%E2%AD%90-FROM-REDLINE-11-05-2026-UNRAPPED%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: kingdevl10
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of mixed-country corporate email credentials
Category: Combo List
Content: A combo list containing 88,025 email:password credential pairs targeting mixed-country corporate accounts was shared on a cracking forum. The post was made by user AiCombo with no additional content available beyond the thread title.
Date: 2026-05-11T19:49:49Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-88-025-Mixed-Country-Corp
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A threat actor shared a combo list of 750 allegedly valid Hotmail credentials on a cracking forum. The post markets the credentials as verified mail access hits. No further details are available from the post content.
Date: 2026-05-11T19:49:30Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8%E2%9A%9C%EF%B8%8F750X-VALID-Hotmail-MAIL-ACCESS-Cloucpr0-%E2%9A%9C%EF%B8%8F%E2%9C%A8-11-05
Screenshots:
None
Threat Actors: cloudpr00
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is offering 750 valid Hotmail account credentials on a cybercrime forum. The content is gated behind registration or login. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-11T19:49:15Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%E2%9A%9C%EF%B8%8F750x-valid-hotmail-mail-access-cloucpr0-%E2%9A%9C%EF%B8%8F%E2%9C%A8-11-05
Screenshots:
None
Threat Actors: ELJOKER1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Telegram Premium subscriptions
Category: Services
Content: A forum seller is offering Telegram Premium subscriptions at discounted prices for personal use, with plans ranging from 3 to 12 months. Contact is provided via Telegram handle.
Date: 2026-05-11T19:49:03Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%AD%90Cheap-Telegram-Premium-Personal-Usage-No-Risks
Screenshots:
None
Threat Actors: BjornIronSide
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 3,858 mixed mail credentials
Category: Combo List
Content: A combo list containing 3,858 mixed email credentials was shared on a forum. The content is hidden behind a registration or login wall. No specific breach source or target service is identified.
Date: 2026-05-11T19:48:59Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85%E2%9A%A13858x-mixmail%E2%9A%A1%E2%9C%85
Screenshots:
None
Threat Actors: NovaCloudx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A forum user is sharing a combo list advertised as 1,773 fresh Hotmail credential hits. The content is hidden behind a registration/login wall. No breach source or specific victim organization is identified.
Date: 2026-05-11T19:48:28Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-x1773-fresh-hotmail-hits
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list allegedly containing 13K+ credentials
Category: Combo List
Content: A threat actor shared a combo list containing over 13,000 credentials via an external paste link. The post is dated April 22, 2026 and references Micronesia in the title. No specific breached organization or service is identified.
Date: 2026-05-11T19:48:01Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-13-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Micronesia-%E2%9C%AA-22-APR-2026-%E2%9C%AA–2292603
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of cookies and credentials for cPanel, GOG, Epic Games, and other platforms
Category: Logs
Content: A threat actor shared a paste link containing cookies and credentials for multiple platforms including cPanel, GOG, and Epic Games. The content was made available for free on a cracking forum. The post appears to distribute stealer log output containing session cookies and account credentials.
Date: 2026-05-11T19:47:57Z
Network: openweb
Published URL: https://nulledbb.com/thread-cookies-cpanel-gog-epicgames-more–2292594
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list with 750 valid entries
Category: Combo List
Content: A forum user is sharing a combo list of 750 validated Hotmail credentials, marketed as valid mail access. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-11T19:47:28Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%9C%A8%E2%9A%9C%EF%B8%8F750X-VALID-Hotmail-MAIL-ACCESS-%E2%9A%9C%EF%B8%8F%E2%9C%A8-11-05
Screenshots:
None
Threat Actors: HOTMAILPR0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of government email access and law enforcement portal credentials
Category: Services
Content: A threat actor is selling access to government email accounts and claims to provide access to law enforcement portals. The seller accepts middleman (MM) arrangements and directs interested buyers to contact via Telegram or Discord. No specific countries or agencies are identified.
Date: 2026-05-11T19:44:49Z
Network: openweb
Published URL: https://breachforums.rs/Thread-sell-gov-mail
Screenshots:
None
Threat Actors: ayowitty
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of maidenstride.qa by Nicotine of Umbra Community
Category: Defacement
Content: On May 12, 2026, a threat actor operating under the alias Nicotine, affiliated with the group Umbra Community, defaced the website maidenstride.qa hosted in Qatar. The defacement targeted a specific index page and was neither a mass nor a redefacement incident. No specific motivation or server details were disclosed in the available intelligence.
Date: 2026-05-11T19:44:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919736
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Qatar
Victim Industry: Unknown
Victim Organization: Maiden Stride
Victim Site: maidenstride.qa
Sale of domain suspension and takedown service claiming registrar-level exploit method
Category: Services
Content: A threat actor operating under the alias convince is offering a commercial domain suspension and takedown service on Breachforums, claiming to force registrar-level administrative freezes on target domains. The actor alleges use of a proprietary method involving buffer overflow exploitation of registrar reporting APIs and header-spoofing scripts, priced at $500 per target or $2,000 for the full method. The technical claims are characteristic of social engineering or scam services commonly seen
Date: 2026-05-11T19:41:50Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-PRIVATE-DOMAIN-SUSPENSION-METHOD-REGISTRAR-LEVEL-TAKEDOWNS-SERVICE-AVAILABLE
Screenshots:
None
Threat Actors: convince
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Al-Ahram Plastic by Vazzle07
Category: Defacement
Content: On May 12, 2026, the homepage of Al-Ahram Plastic (alahramplastic.com) was defaced by a threat actor operating under the handle Vazzle07. The attacker performed a single targeted homepage defacement with no team affiliation recorded. The incident represents an initial defacement with no prior redefacement history on this domain.
Date: 2026-05-11T19:38:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919735
Screenshots:
None
Threat Actors: Vazzle07
Victim Country: Egypt
Victim Industry: Manufacturing / Plastics
Victim Organization: Al-Ahram Plastic
Victim Site: alahramplastic.com
Sale of stolen CVV/CC data, dumps with PIN, and carding methods across multiple countries
Category: Carding
Content: A threat actor is selling stolen credit card data (CVV/CCS, fullz, dumps with PIN) for the USA, UK, AU, and EU, advertised as high balance with a claimed 98% validity rate. The seller also offers BINs and carding methods targeting retailers such as Amazon, Nike, Argos, and Footasylum, as well as fraudulent loading of CashApp and PayPal accounts. Contact is facilitated via Telegram, Signal, and email.
Date: 2026-05-11T19:33:33Z
Network: openweb
Published URL: https://altenens.is/threads/update-done-cvv-ccs-instock-hitting-good-and-high-balance-98-valid-rate-i-do-refund-for-dead-cards-aswells.2938009/unread
Screenshots:
None
Threat Actors: Band7
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of webshell access by Pharaohs Team
Category: Initial Access
Content: Pharaohs Team threat actor group advertising the sale of webshell access. Post indicates active exploitation and monetization of compromised systems. ShadowX signature present.
Date: 2026-05-11T19:25:30Z
Network: telegram
Published URL: https://t.me/Pharaoh_e/9
Screenshots:
None
Threat Actors: Pharaohs Team
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 759K casino-themed combo list
Category: Combo List
Content: A threat actor on a cracking forum is distributing a combo list of approximately 759,000 email:password credentials described as a private base sourced from casino-related accounts. The post claims the list is usable for credential stuffing across multiple services.
Date: 2026-05-11T19:09:14Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1759K-CASINO%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANYTHING-YOU-NEED%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of EDU-targeted combo list
Category: Combo List
Content: A threat actor known as CELESTIALHQ has released a combo list of 10,000 email:password credentials targeted at educational institutions. The credentials are marketed as verified hits and are distributed freely on the forum. The actor also offers personal purchases via direct contact.
Date: 2026-05-11T19:08:58Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-%E2%9C%85email-pass%E2%9C%85-%E2%AD%9010k-edu-targeted-combos%E2%AD%90-%E2%9C%85hits-assured%E2%9C%85-%E2%9A%A1drop-by-celestial%E2%9A%A1-301339
Screenshots:
None
Threat Actors: CELESTIALHQ
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 10K education-targeted combo list
Category: Combo List
Content: A threat actor operating under the alias CELESTIAL is freely distributing a combo list of 10,000 email:password credentials targeted at educational institutions. The post advertises hits as assured and offers additional personal purchases. Victim organization is unknown as the list aggregates credentials across multiple sources.
Date: 2026-05-11T19:08:47Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%85EMAIL-PASS%E2%9C%85-%E2%AD%9010K-EDU-TARGETED-COMBOS%E2%AD%90-%E2%9C%85HITS-ASSURED%E2%9C%85-%E2%9A%A1DROP-BY-CELESTIAL%E2%9A%A1–2092449
Screenshots:
None
Threat Actors: CELESTIAL
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Free release of mixed email access combo list
Category: Combo List
Content: A threat actor operating under the alias CELESTIALHQ has freely distributed a combo list of approximately 200 mixed email access credentials, described as SUHQ (super ultra high quality) valid hits. The post invites engagement in exchange for future drops and offers personal purchases via direct contact.
Date: 2026-05-11T19:08:28Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-%E2%9C%85mail-access%E2%9C%85-%E2%AD%90200x-full-suhq-mix-valids-%E2%AD%90-%E2%9A%A1drop-by-celestial-admin%E2%9A%A1
Screenshots:
None
Threat Actors: CELESTIALHQ
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of corporate-targeted email:password combo list
Category: Combo List
Content: A threat actor known as CELESTIAL is freely distributing a combo list of 20,000 email:password pairs described as corporate-targeted. The post markets the credentials as verified hits and offers additional personal purchases via direct message.
Date: 2026-05-11T19:08:23Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%85EMAIL-PASS%E2%9C%85-%E2%AD%9020K-CORP-TARGETED-COMBOS%E2%AD%90-%E2%9C%85HITS-ASSURED%E2%9C%85-%E2%9A%A1DROP-BY-CELESTIAL%E2%9A%A1
Screenshots:
None
Threat Actors: CELESTIAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of private email combo list
Category: Combo List
Content: A threat actor operating under the alias CELESTIALHQ has freely distributed a combo list of approximately 30,000 email:password credential pairs, marketed as private and anti-public. The post encourages engagement in exchange for additional drops and offers personal bulk purchases.
Date: 2026-05-11T19:08:12Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-%E2%9C%85email-pass%E2%9C%85-%E2%AD%9030k-full-anti-public-private-mail%E2%AD%90-%E2%9A%A1drop-by-celestial-admin%E2%9A%A1-301337
Screenshots:
None
Threat Actors: CELESTIALHQ
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of private email:password combo list
Category: Combo List
Content: A forum user known as CELESTIAL has freely distributed a combo list of approximately 30,000 email:password credential pairs described as private and anti-public. The post encourages engagement and mentions the option for a personal purchase, suggesting additional private stock may be available.
Date: 2026-05-11T19:08:06Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%85EMAIL-PASS%E2%9C%85-%E2%AD%9030K-FULL-ANTI-PUBLIC-PRIVATE-MAIL%E2%AD%90-%E2%9A%A1DROP-BY-CELESTIAL-ADMIN%E2%9A%A1–2092447
Screenshots:
None
Threat Actors: CELESTIAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting Zalando, eBay, and Etsy
Category: Combo List
Content: A threat actor is offering a 677K combo list marketed for credential stuffing against Zalando, eBay, and Etsy. The post advertises a high hit rate and claims the data is private. The seller also promotes an ongoing combo cloud service.
Date: 2026-05-11T19:07:45Z
Network: openweb
Published URL: https://patched.to/Thread-shopping-%E3%80%8C-677k-%E3%80%8D%E2%9A%A1-zalando-ebay-etsy-%E2%9A%A1-100-private-data-%E2%9A%A1impressive-hitrate%E2%9A%A1-2026-new%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 400K username:login:password combo list
Category: Combo List
Content: A forum user known as CELESTIAL has publicly released a combo list containing approximately 400,000 username:login:password credential pairs. The post markets the list as private and assures hits, indicating the credentials may have been tested. The author also offers personal purchases via direct contact.
Date: 2026-05-11T19:07:37Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85U-L-P%E2%9C%85-%E2%AD%90400K-FULL-PRIVATE-U-L-P%E2%AD%90-%E2%9C%85HITS-ASSURED%E2%9C%85-%E2%9A%A1DROP-BY-CELESTIAL-ADMIN%E2%9A%A1–2092446
Screenshots:
None
Threat Actors: CELESTIAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged combo list targeting cryptocurrency services
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 503,000 credentials marketed as a private base suitable for use against cryptocurrency services. The post is associated with a self-described combo cloud service offering high-quality data and private lines.
Date: 2026-05-11T19:07:14Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9A%A1503k-crypto%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 10K HQ Hotmail Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 10,000 alleged high-quality Hotmail credentials. The list is marketed as containing verified hits suitable for credential stuffing. No additional details are available from the post content.
Date: 2026-05-11T19:07:08Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%85-10K-HQ-HOTMAIL-HIT-%E2%9C%85–2091915
Screenshots:
None
Threat Actors: THISNEW12
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 794K United States credentials offered for free
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 794,000 US-based credentials, marketed as a private base suitable for credential stuffing across multiple services. The content is hidden behind registration or login. The actor advertises a broader combo cloud service in their signature.
Date: 2026-05-11T19:06:54Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9A%A1794k-usa%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cryptocurrency user leads including wallet addresses and account data
Category: Data Breach
Content: A threat actor is selling a large quantity of cryptocurrency user leads claimed to be from a fresh, private source. The dataset allegedly includes email addresses, wallet addresses, referral codes, points balances, and account activity. No specific victim organization or volume is disclosed in the post.
Date: 2026-05-11T19:06:35Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-SELLING-LARGE-AMOUNT-OF-CRYPTO-LEADS-FRESH-PRIVATE-AND-EXTREMELY-HIGH-QUALITY
Screenshots:
None
Threat Actors: KuroCracks
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Sale of 723K mixed credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 723,000 mixed credentials, described as a private base suitable for credential stuffing across multiple services. The post promotes an associated combo cloud service offering high-quality data and private lines.
Date: 2026-05-11T19:06:20Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1723k-mix%E2%9A%A1private-base-good-on-anything-you-need%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of BLACKP1 Press-1 Bot with OTP and Vishing Capabilities
Category: Phishing
Content: A threat actor is selling BLACKP1, a web-based Press-1 (vishing) bot service featuring TTS script generation, multiple voice profiles, SIP routing, campaign management, and full API access for resale. The tool is marketed for conducting hyper-realistic fraudulent support calls and is advertised with a planned built-in OTP bot for credential interception. The service is accessible via blackp1.com and targets operators running phishing or social engineering call campaigns.
Date: 2026-05-11T19:06:14Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-BLACKP1-PRESS-1-BOT-FEATURE-RICH-GET-YOUR-PICKUPS-TODAY
Screenshots:
None
Threat Actors: KuroCracks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mixed mail access combo list
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 900 high-quality mixed mail credentials on a cybercrime forum. The content is gated behind registration or login. No specific victim organization or country is identified.
Date: 2026-05-11T19:05:43Z
Network: openweb
Published URL: https://patched.to/Thread-0-9k-hq-mixed-mail-access-combolist-301357
Screenshots:
None
Threat Actors: liamgoat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted YouTube Premium subscriptions
Category: Services
Content: A forum seller is offering YouTube Premium 1-year individual plan activations for $14 via activation codes applied to buyers own accounts. The seller claims the service works in any country and advertises via Telegram and Discord.
Date: 2026-05-11T19:05:32Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%8E%9D%E2%9A%A1-YOUTUBE-PREMIUM-1YEAR-14-INDIVIDUAL-PLAN-OWN-ACCOUNT-NO-LOGIN-NEEDED-%E2%9A%A1%E2%8E%A0
Screenshots:
None
Threat Actors: Totopi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting adult content platforms including XNXX, Xvideos, and Pornhub
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 612,000 credentials marketed as private data with a high hit rate against adult content platforms XNXX, Xvideos, and Pornhub. The post promotes the actors combo cloud service offering high-quality data and private lines.
Date: 2026-05-11T19:05:26Z
Network: openweb
Published URL: https://patched.to/Thread-porn-%E3%80%8C-612k-%E3%80%8D%E2%9A%A1-xnxx-xvideos-pornhub-%E2%9A%A1-100-private-data-%E2%9A%A1impressive-hitrate%E2%9A%A1-2026-new%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Mixed Mail Access Credentials (2,938 entries)
Category: Combo List
Content: A threat actor shared a combo list of 2,938 mixed mail access credentials on a public forum. The content is hidden behind a registration/login wall and requires user engagement to access. No specific breach source or targeted service is identified.
Date: 2026-05-11T19:04:54Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%94%A5-2938x-mix-mail-access-vault-%F0%9F%94%A5
Screenshots:
None
Threat Actors: RyuuMaster
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Hotmail accounts (3,067 credentials)
Category: Combo List
Content: A threat actor shared a combo list of 3,067 Hotmail credentials on a leak forum. The content is hidden behind a registration or login wall. No breach of Microsoft or Hotmail is implied; the credentials are likely sourced from prior breaches and tested against Hotmail.
Date: 2026-05-11T19:04:34Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%EF%B8%8F-3067x-Verity-Vault-Hotmail-Drop-%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: Verityyyy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of Singapore email:password combo list
Category: Combo List
Content: A threat actor leaked a combo list of approximately 12,000 Singapore-based email and password pairs, marketed as fresh and dated April 24, 2026. The credentials were made available via an external paste link at no stated cost.
Date: 2026-05-11T19:04:18Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%A6%E2%9C%A6-12-K-%E2%9C%A6-Singapore-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-24-4-2026-%E2%9C%A6%E2%9C%A6–2292530
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 1.3K Mix Mail Drop
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 1,300 email and password pairs described as a mixed mail drop. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-11T19:04:11Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%EF%B8%8F-1-3K-Verity-Vault-Mix-Mail-Drop-%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: Verityyyy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Nepalese Email:Password Credentials
Category: Combo List
Content: A threat actor has freely shared a combo list of over 10,000 email:password credential pairs purportedly associated with Nepal. The credentials are marketed as fresh, dated May 10, 2026, and distributed via an external paste site.
Date: 2026-05-11T19:03:58Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%A6%E2%9C%A6-10-K-%E2%9C%A6-Nepal-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-10-5-2026-%E2%9C%A6%E2%9C%A6–2292559
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 2,871 Hotmail Credentials
Category: Combo List
Content: A forum user is sharing a combo list containing 2,871 Hotmail credentials, referred to as an Access Vault. The content is hidden behind a login/registration wall and like requirement. This appears to be a credential stuffing list targeting Hotmail accounts.
Date: 2026-05-11T19:03:49Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-2871x-Hotmail-Access-Vault
Screenshots:
None
Threat Actors: RyuuLord
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 3,900 Hotmail credentials. The content is hidden behind a forum registration or login requirement. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-11T19:03:32Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%AD%90%EF%B8%8F3-9k-HOTMAIL-ACCESS%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Russian email:password combo list shared on cracking forum
Category: Combo List
Content: A threat actor shared a Russian email:password combo list via an external paste link on a cracking forum. The post contains no details on record count or source. The credentials appear to be targeting Russian email accounts for credential stuffing purposes.
Date: 2026-05-11T19:03:28Z
Network: openweb
Published URL: https://nulledbb.com/thread-RUSSIA-EMAILPASS-COMBOLIST-txt–2292580
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 4K Mix Mail Access Combo List
Category: Combo List
Content: A threat actor is sharing a mixed mail access combo list containing approximately 4,000 credentials. The content is gated behind forum registration or login. No specific breach source or targeted service is identified.
Date: 2026-05-11T19:03:05Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%AD%90%EF%B8%8F4k-MIX-MAIL-ACCESS%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 144K targeted corporate combo list
Category: Combo List
Content: A threat actor is selling a combo list of approximately 144,000 credentials marketed as corporate-targeted, containing EMAIL:PASS and USER:PASS pairs across multiple countries including the USA, UK, France, Germany, Italy, Canada, and Australia. The list includes coverage across multiple email providers such as AOL, Yahoo, Hotmail, and Outlook. The seller is directing buyers to contact them via Telegram.
Date: 2026-05-11T19:02:36Z
Network: openweb
Published URL: https://demonforums.net/Thread-144K-CORPS-TARGETED-COMBOLIST
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged vulnerability or bypass for AI services including ChatGPT shared for free
Category: Vulnerability
Content: A forum user claims to have found a vulnerability and AI bypass affecting ChatGPT and other services, offering the content for free. The actual content is hidden behind a registration or login wall, so no further details are available. The post is unverified and the nature of the claimed vulnerability is unclear.
Date: 2026-05-11T19:02:30Z
Network: openweb
Published URL: https://leakforum.io/Thread-Im-fund-vuln-ai-bypass-chatgpt-and-more-for-free-%E2%AD%95%EF%B8%8F
Screenshots:
None
Threat Actors: LukasWeber
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: OpenAI
Victim Site: chatgpt.com
Alleged data leak of logitgc.fr login credentials
Category: Data Leak
Content: A threat actor has freely shared login credentials for logitgc.fr, claiming the account provides access to customer personally identifiable information. A single username and password pair was posted publicly on the forum.
Date: 2026-05-11T18:48:32Z
Network: openweb
Published URL: https://breachforums.rs/Thread-https-logitgc-fr-login-credentials
Screenshots:
None
Threat Actors: phas3lock
Victim Country: France
Victim Industry: Unknown
Victim Organization: Logit GC
Victim Site: logitgc.fr
Sale of fresh credit cards, fullz, and dumps across multiple regions
Category: Carding
Content: A threat actor operating under the Telegram handle @Veefromdhood is selling stolen payment card data including Visa, Mastercard, Amex, and Discover cards, BINs, DOBs, fullz, and card dumps with Track 1 & 2 data across the US, UK, Canada, Australia, and EU. Prices range from $37 for DOB data to $235 per card dump with PIN. The post advertises fresh credit cards and ATM dumps for sale via Telegram.
Date: 2026-05-11T18:45:06Z
Network: openweb
Published URL: https://xforums.st/threads/list-price-for-fresh-credit-trusted-telegram-user-veefromdhood.613720/
Screenshots:
None
Threat Actors: McRich
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment cards, EBT cards, and dumps with PIN via fraud marketplace
Category: Carding
Content: A threat actor operating under the name JAXXJ1 Team is advertising a fraud marketplace offering daily-updated stolen EBTs with PIN, credit cards with CVV2, and dumps with PIN covering all US states. The seller claims over 30,000 existing customers and is actively recruiting additional sellers via Telegram and Discord.
Date: 2026-05-11T18:40:22Z
Network: openweb
Published URL: https://altenens.is/threads/big-american-fraud-market-high-quality-we-update-daily-thousands-of-ebts-dumps-pin-ccs-cvv2-we-have-more-than-30-000-customers-already-with.2937990/unread
Screenshots:
None
Threat Actors: K9S2A
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Directorate General of Drug Administration, Bangladesh
Category: Data Breach
Content: A threat actor is offering for sale a database dump allegedly obtained from the Directorate General of Drug Administration (DGDA) of Bangladesh. The leaked data includes personally identifiable information such as names, emails, mobile numbers, designations, and hashed passwords of government drug administration personnel. Sample data provided includes user account records with bcrypt-hashed passwords and registration details.
Date: 2026-05-11T18:38:35Z
Network: openweb
Published URL: https://breached.st/threads/directorate-general-of-drug-administration-government-of-bangladesh.87005/unread
Screenshots:
None
Threat Actors: wh6ami
Victim Country: Bangladesh
Victim Industry: Government
Victim Organization: Directorate General of Drug Administration
Victim Site: dgdagov.info
Alleged data leak of UniCredit
Category: Data Leak
Content: A threat actor posted a link to what is claimed to be a leaked dataset associated with UniCredit, a major Italian banking group. The data is being shared freely via an external file-hosting service. No further details regarding record count or specific data fields were provided in the post.
Date: 2026-05-11T18:31:29Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-UNICREDIT-LEAK-DATA-2026
Screenshots:
None
Threat Actors: Disease
Victim Country: Italy
Victim Industry: Finance
Victim Organization: UniCredit
Victim Site: unicredit.com
Combo list of 670,000 email:password credentials marketed for streaming services
Category: Combo List
Content: A threat actor shared a combo list of approximately 670,000 email and password pairs described as UHQ and marketed as suitable for credential stuffing against streaming services. The credentials are advertised as fresh data.
Date: 2026-05-11T18:22:58Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%AD%90-670-000-%E2%AD%90-MAILPASS-%E2%9A%A1UHQ-DATABASE-GOOD-FOR-STREAMING%E2%9A%A1-FRESH-DATA
Screenshots:
None
Threat Actors: ZEWS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Germany Mixed Target Combo List with 700,160 Lines
Category: Combo List
Content: A combo list of 700,160 email:password lines targeting German (.de) accounts across mixed services has been shared on a cracking forum. The credentials are marketed for credential stuffing against multiple unspecified targets.
Date: 2026-05-11T18:22:35Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-700-160-Lines-%E2%9C%85-Germany-de-Combolist-Mixed-Target
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list
Category: Combo List
Content: A threat actor is offering 3,500 alleged fresh valid Hotmail credentials via a Telegram channel. The post also advertises a private cloud service for purchase via direct message.
Date: 2026-05-11T18:22:15Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85%E2%9C%A8-3-5K-HQ-FRESH-VALID-HOTMAILS-%E2%9C%85%E2%9C%A8
Screenshots:
None
Threat Actors: wasifurkchut
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting streaming and gaming services
Category: Combo List
Content: A threat actor is distributing a combo list of 3.6 million email and password pairs marketed as high-quality and fresh, targeting accounts on services including Spotify, Hulu, Steam, Minecraft, and Netflix. The post was shared on a public cracking forum. No further details are available as the post contained no body content.
Date: 2026-05-11T18:21:54Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-3-6M-COMBOS-HQ-FRESH-Spotify-Hulu-Steam-Minecraft-Netflix
Screenshots:
None
Threat Actors: Nuttela
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list (600 entries)
Category: Combo List
Content: A threat actor is sharing a combo list of 600 Hotmail login credentials, marketed as UHQ (ultra-high quality). The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-11T18:21:17Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-600x-hotmail-login-uhq-301327
Screenshots:
None
Threat Actors: BuggracK
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Coursera Plus subscription access
Category: Services
Content: A threat actor is selling Coursera Plus 1-year subscription access for $29.99, significantly below the official price of $399/year. The offer includes access to professional courses and certificates. The nature of the access (whether from compromised accounts or unauthorized resale) is not explicitly stated.
Date: 2026-05-11T18:21:12Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-29%E2%9A%A1-Coursera-Plus-%E2%80%93-1-Year-Learning-Access-%E2%9C%85
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of HQ Hotmail Credentials
Category: Combo List
Content: A threat actor is sharing 2,077 allegedly high-quality Hotmail credentials on a combolist forum. The post advertises daily supply of 4,000–12,000 fresh credentials, marketed as optimized for high-performance credential stuffing.
Date: 2026-05-11T18:20:45Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-2077x-hq-hotmail-by-s2lender-txt
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted ChatGPT Business team access invites
Category: Services
Content: A threat actor is selling ChatGPT Business team invite access at $19.99, advertised as below the official per-user price. The offering includes access to advanced AI models and priority features. Buyers are directed to contact the seller via Telegram.
Date: 2026-05-11T18:20:38Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-19-99-%E2%9A%A1-ChatGPT-Business-Invite-%E2%80%93-Premium-Team-AI-Access-%E2%9C%85
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A forum member is sharing a combo list marketed as fresh Hotmail credentials. The content is hidden behind a registration or login wall, limiting further analysis.
Date: 2026-05-11T18:20:22Z
Network: openweb
Published URL: https://patched.to/Thread-fresh-hotmail-301330
Screenshots:
None
Threat Actors: ZAMPARA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Nigerian email:password combo list freely shared
Category: Combo List
Content: A threat actor known as Fragtez has freely shared a combo list of approximately 19,000 email:password credential pairs purportedly sourced from Nigerian accounts. The list is marketed as fresh and dated April 29, 2026. The credentials are hosted on an external paste service.
Date: 2026-05-11T18:19:41Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%A6%E2%9C%A6-19-K-%E2%9C%A6-Nigeria-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-29-4-2026-%E2%9C%A6%E2%9C%A6–2292501
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Nigeria
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail combo list of 1,816 credentials
Category: Combo List
Content: A threat actor shared a free combo list containing 1,816 Hotmail credential hits via an external paste link. The credentials are marketed as premium hits, suggesting they have been verified against Hotmail accounts.
Date: 2026-05-11T18:19:38Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1816x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F–2292521
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mail:pass combo list for multiple countries including Belarus, Mongolia, and others
Category: Combo List
Content: A threat actor is offering a mail:pass combo list covering multiple countries including Belarus, Mongolia, Nepal, Bhutan, Bangladesh, Sri Lanka, Malaysia, Singapore, Philippines, New Zealand, Chile, Peru, Colombia, Venezuela, Cuba, and Jamaica. The credentials are available via Telegram channel and group. No record count or pricing details are specified in the post.
Date: 2026-05-11T18:10:45Z
Network: openweb
Published URL: https://crackingx.com/threads/74912/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Office combo list
Category: Combo List
Content: A threat actor is offering an Office combo list via a Telegram channel and group. The post promotes free combo lists and tools through associated Telegram channels. No record count or specific data fields were disclosed.
Date: 2026-05-11T18:10:25Z
Network: openweb
Published URL: https://crackingx.com/threads/74915/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed credential combo list with 474 entries
Category: Combo List
Content: A threat actor is selling a mixed credential combo list containing 474 entries. The post offers tiered subscription pricing and links to external download and cloud storage channels. No specific victim organization or service is identified.
Date: 2026-05-11T18:10:03Z
Network: openweb
Published URL: https://crackingx.com/threads/74922/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of educational email and password combo list
Category: Combo List
Content: A threat actor operating under the alias CODER is distributing educational sector email and password combo lists, marketed as fresh. The credentials are being shared via Telegram channels and available upon request.
Date: 2026-05-11T18:09:33Z
Network: openweb
Published URL: https://crackingx.com/threads/74933/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 603 credentials
Category: Combo List
Content: A threat actor is selling a combo list of 603 Hotmail credentials marketed as fresh drops. The post offers tiered pricing from $3 for a 24-hour trial up to $100 for three months of access, with download links provided via external paste and Telegram channels.
Date: 2026-05-11T18:09:10Z
Network: openweb
Published URL: https://crackingx.com/threads/74938/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting Reddit and other forums (8 million records)
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 8 million credentials purportedly targeting Reddit and other online forums. The list is being offered via Telegram channels, with both free and contact-based distribution advertised.
Date: 2026-05-11T18:08:46Z
Network: openweb
Published URL: https://crackingx.com/threads/74944/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stealer logs by threat actor EchoCloud
Category: Combo List
Content: A threat actor operating as EchoCloud shared a download link to stealer logs via a file-hosting service. Access to the password is gated through a Telegram channel, suggesting the logs are being distributed to followers or customers.
Date: 2026-05-11T18:08:23Z
Network: openweb
Published URL: https://crackingx.com/threads/74949/
Screenshots:
None
Threat Actors: EchoCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged WordPress credentials or database dump
Category: Combo List
Content: A forum user is offering content related to WordPress on a cracking forum, with access gated behind registration and a password shared via Telegram. The full content of the post is not visible, but based on the forum context (Combolists & Dumps), it likely contains WordPress-related credentials or a database dump.
Date: 2026-05-11T18:07:54Z
Network: openweb
Published URL: https://crackingx.com/threads/74959/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mix combo list by threat actor s2lender
Category: Combo List
Content: Threat actor s2lender is offering a high-quality mixed combo list advertised as containing approximately 201,860 credential pairs. The listing claims daily supply of 4,000–12,000 fresh entries distributed through a private members-only network. The credentials are marketed as untouched and optimized for credential stuffing operations.
Date: 2026-05-11T18:07:31Z
Network: openweb
Published URL: https://crackingx.com/threads/74964/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of personal data including SSNs, ID documents, and financial records
Category: Carding
Content: A threat actor is offering for sale a variety of personal data types including government-issued ID documents (drivers licenses, passports), Social Security Numbers (SSNs), bank card data, and consumer databases. The seller advertises access via Telegram and claims to have large-site database dumps and citizen records. No specific victim organization or country is identified.
Date: 2026-05-11T18:05:44Z
Network: openweb
Published URL: https://crackingx.com/threads/74921/
Screenshots:
None
Threat Actors: jannatmirza11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged illegal marketplace offering stolen payment cards and unauthorized access services
Category: Initial Access
Content: Multiple threat actors advertising illegal services in Squad Chat Marketplace: Pepecard offering stolen credit/debit cards (US $1, international $1.50) with 75-95% validity rates; DataxLogs offering mail access and combo lists across multiple countries; PORTAL offering RDP rental for cloud services (Azure, AWS, DigitalOcean) at $200, domain mail accounts, and GitHub student accounts.
Date: 2026-05-11T18:05:11Z
Network: telegram
Published URL: https://t.me/c/2613583520/79743
Screenshots:
None
Threat Actors: Pepecard
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Indonesia loan data
Category: Data Breach
Content: A threat actor is offering Indonesian loan data for sale via Telegram. The post includes a sample image link but does not specify the source organization or record count.
Date: 2026-05-11T18:02:30Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Indonesia-Loan-Data-Available
Screenshots:
None
Threat Actors: Mikhel
Victim Country: Indonesia
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Sale of cracked DAZN accounts
Category: Combo List
Content: A forum post in the Cracked Accounts section advertises DAZN account credentials. No further details regarding record count, price, or data origin were provided in the post.
Date: 2026-05-11T17:57:18Z
Network: openweb
Published URL: https://breached.st/threads/dazn.87003/unread
Screenshots:
None
Threat Actors: jpaco69
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of 1win Casino Brazil
Category: Data Breach
Content: A threat actor is advertising an alleged database from 1win Casinos Brazil operations on a cybercrime forum. The post invites interested parties to contact the seller via Telegram for further details. No record count or sample data was provided.
Date: 2026-05-11T17:56:13Z
Network: openweb
Published URL: https://breached.st/threads/brazil-1win-casino-database.87004/unread
Screenshots:
None
Threat Actors: Kevin Williams
Victim Country: Brazil
Victim Industry: Gambling
Victim Organization: 1win Casino
Victim Site: 1win.com
Website Defacement of Magasins Fekih by Inside Alone7 (Hidden Cyber Crime)
Category: Defacement
Content: On May 12, 2026, a threat actor known as Inside Alone7, operating under the group Hidden Cyber Crime, defaced a file on the domain magasinsfekih.com. The defacement targeted a specific file path rather than the homepage, suggesting a targeted file-level intrusion. The incident was recorded and mirrored by zone-xsec.com, a known defacement tracking platform.
Date: 2026-05-11T17:51:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919730
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Tunisia
Victim Industry: Retail
Victim Organization: Magasins Fekih
Victim Site: magasinsfekih.com
Website Defacement of cepurhuye.rw by Inside Alone7 (Hidden Cyber Crime)
Category: Defacement
Content: On May 12, 2026, a threat actor known as Inside Alone7, affiliated with the group Hidden Cyber Crime, defaced a file on the Rwandan domain cepurhuye.rw. The defacement targeted a specific text file (1000.txt) rather than the homepage, indicating a targeted or opportunistic file-level intrusion. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-05-11T17:49:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919732
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Rwanda
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: cepurhuye.rw
Sale of Softbank Banking System Source Code targeting LATAM
Category: Malware
Content: A threat actor is offering for sale source code written in C# for a banking system attributed to Softbank, reportedly implemented across Latin American countries including Panama, Peru, Colombia, and Ecuador. Contact is provided via a Session messaging handle.
Date: 2026-05-11T17:48:56Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Sistema-Bancario-Softbank
Screenshots:
None
Threat Actors: V0lt4r0x
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Softbank
Victim Site: Unknown
Website Defacement of Scribal.be by Inside Alone7 of Hidden Cyber Crime
Category: Defacement
Content: On May 12, 2026, a threat actor known as Inside Alone7, affiliated with the group Hidden Cyber Crime, defaced a file hosted on the Belgian website scribal.be. The defacement targeted a specific text file (1000.txt) rather than the sites homepage, indicating a targeted file-level intrusion. No additional technical details such as server software or IP address were disclosed.
Date: 2026-05-11T17:47:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919728
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Belgium
Victim Industry: Unknown
Victim Organization: Scribal
Victim Site: scribal.be
Website defacement of PPS Security by Inside Alone7 (Hidden Cyber Crime)
Category: Defacement
Content: On May 12, 2026, a threat actor known as Inside Alone7, affiliated with the group Hidden Cyber Crime, defaced the website of PPS Security, a French security services company. The defacement targeted the domain pps-security.fr and was recorded as a single, non-mass and non-redefacement incident. No specific motive or proof of concept was disclosed.
Date: 2026-05-11T17:45:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919729
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: France
Victim Industry: Security Services
Victim Organization: PPS Security
Victim Site: pps-security.fr
Combo List of Mixed Domain Credentials
Category: Combo List
Content: A combo list of approximately 1.5 million email:password pairs from mixed domains has been shared on a cracking forum. The credentials are marketed as fresh leaks. No further details are available from the post content.
Date: 2026-05-11T17:44:12Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-519-236-Mixed-Domain-Fresh-Leaks
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
El proveedor de TI de notarías Notin, víctima de un nuevo ataque de ransomware cinco meses después
Category: Cyber Attack
Content: Le fournisseur de services informatiques Notin.es a été victime dune nouvelle attaque par rançongiciel, cette fois menée par le groupe Crypto24 utilisant le ransomware de Lockbit 5.0. Cette cyberattaque a affecté au moins quinze offices notariaux en Espagne, entraînant linterruption de leurs services et de leur messagerie électronique.
Date: 2026-05-11T17:43:55Z
Network: openweb
Published URL: https://www.escudodigital.com/ciberseguridad/notin-proveeedor-ti-notarias-ataque-ransomware.html
Screenshots:
None
Threat Actors: Everest
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Notin
Victim Site: notin.es
Sale of mixed corporate and personal email credentials combo list
Category: Combo List
Content: A threat actor is sharing a combo list of 2,800 claimed valid mixed personal and corporate email credentials with full mailbox access. The credentials are marketed as fresh and high quality. No specific victim organization or breach source is identified.
Date: 2026-05-11T17:43:50Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-2800-VALID-MIX-CORP-MAILPASS-FULL-MAIL-ACCES
Screenshots:
None
Threat Actors: CloudBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of URL:Log:Pass combo list with 1.8 million records
Category: Combo List
Content: A threat actor operating under the name NapoleonCorp is offering a combo list of approximately 1.8 million URL:log:pass credential pairs, described as private. The list is formatted with associated URLs, usernames/logins, and passwords, consistent with stealer log-derived credential sets packaged for credential stuffing use.
Date: 2026-05-11T17:43:21Z
Network: openweb
Published URL: https://cracked.st/Thread-1-8KK-NAPOLEON-CORP-UP-466-URL-LOG-PASS-PRIVATE
Screenshots:
None
Threat Actors: NapoleonCorp
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale and distribution of mixed mail access combo list
Category: Combo List
Content: A threat actor is distributing mixed mail access credentials described as private and fresh via a Telegram channel, with free drops available and private cloud access offered for sale. The post promotes contact via Telegram handles for purchasing or obtaining the combo list.
Date: 2026-05-11T17:43:00Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1Mix-Mail-Access-Full-Private-Fresh
Screenshots:
None
Threat Actors: wasifurkchut
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Manus Pro subscription credits
Category: Services
Content: A forum seller is offering Manus Pro 4,000 credits (12-month subscription) for $70, discounted from $240, advertised as requiring no login. The seller directs buyers to Discord and Telegram for purchase via Sellix.
Date: 2026-05-11T17:42:25Z
Network: openweb
Published URL: https://cracked.st/Thread-Sellix-Manus-Pro-4-000-Credits-12-Months-240-70-NO-LOGIN-%E2%9C%85
Screenshots:
None
Threat Actors: Lamboproxy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 2,584 credentials
Category: Combo List
Content: A threat actor is offering a combo list of 2,584 Hotmail credentials, marketed as high quality and fresh. The post advertises a private members-only network supplying 4,000–12,000 credentials daily, optimized for credential stuffing use.
Date: 2026-05-11T17:42:20Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-2584x-hq-hotmail-by-s2lender-txt-301317
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of upgraded/premium accounts for ChatGPT, Netflix, Steam and other services
Category: Services
Content: A forum seller is advertising a marketplace offering discounted premium account upgrades for services including ChatGPT, Netflix, and Steam. The post promotes a discount code and directs potential buyers to an external website and Discord server. No specific victim organization or breach is identified.
Date: 2026-05-11T17:41:55Z
Network: openweb
Published URL: https://cracked.st/Thread-Sellix-%E2%AD%90-UPGRADE-ACCOUNTS-%E2%AD%90CHEAPEAST-MARKET-CHAT-GPT-NETFLIX-STEAM-ETC-%E2%AD%90
Screenshots:
None
Threat Actors: Antaksio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 1,464 Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list containing 1,464 Hotmail credentials marketed as valid hits. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-11T17:41:49Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85%E2%9A%A11464x-good-hotmail%E2%9A%A1%E2%9C%85
Screenshots:
None
Threat Actors: NovaCloudx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mix combo list with 6,845 credentials
Category: Combo List
Content: A threat actor is offering a combo list of 6,845 mixed credentials marketed as high quality and fresh. The post advertises daily supply of 4K–12K credentials described as untouched and optimized for credential stuffing use.
Date: 2026-05-11T17:41:32Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-6845x-hq-mix-by-s2lender-txt
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List — 2,152 Hotmail credentials
Category: Combo List
Content: A threat actor is distributing a combo list containing 2,152 Hotmail login credentials marketed as UHQ (ultra-high quality). The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-11T17:41:15Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-2152x-hotmail-login-uhq
Screenshots:
None
Threat Actors: BuggracK
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Outlook.com email:password combo list shared on cracking forum
Category: Combo List
Content: A threat actor shared a combo list of Outlook.com email and password pairs via an external paste link on a cracking forum. The credentials are marketed as high quality and intended for credential stuffing use.
Date: 2026-05-11T17:41:07Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-OUTLOOK-COM-EMAILPASS-COMBOLIST-SHROUD20-txt–2292422
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of URL:Log:Pass combo list with 24.91 million records
Category: Logs
Content: A threat actor is sharing a URL:LOG:PASS stealer log dataset containing approximately 24.91 million records, advertised as UHQ (ultra-high quality). The logs are hosted on an external paste site and appear to be associated with the daxus.pro service.
Date: 2026-05-11T17:40:46Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%AD%90%EF%B8%8FURL-LOG-PASS-24-91-M-%E2%9C%85-DAXUS-PRO-UHQ-%E2%AD%90%EF%B8%8F–2292455
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Chile distributed on paste site
Category: Combo List
Content: A combo list containing over 94,000 credential pairs, described as targeting Chile, has been shared via an external paste site. The post was published on May 1, 2026, and the credentials are freely distributed without a listed price.
Date: 2026-05-11T17:40:36Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-94-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Chile-%E2%9C%AA-1-MAY-2026-%E2%9C%AA–2292464
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of URL:Log:Pass combo list targeting daxus.pro
Category: Combo List
Content: A threat actor is sharing a URL:LOG:PASS combo list containing approximately 6.01 million records, marketed as UHQ (ultra-high quality) and associated with daxus.pro. The list was posted on a cracking forum and linked to an external paste service.
Date: 2026-05-11T17:40:25Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%AD%90%EF%B8%8FURL-LOG-PASS-6-01-M-%E2%9C%85-DAXUS-PRO-UHQ-%E2%AD%90%EF%B8%8F–2292484
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 22K mixed mail access combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 22,000 mixed email and password credentials, marketed as fresh. The content is gated behind forum registration or login.
Date: 2026-05-11T17:39:53Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-22K-FRESH-MIX-MAIL-ACCESS
Screenshots:
None
Threat Actors: StrawHatBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 2,519 fresh hits
Category: Combo List
Content: A threat actor is distributing a combo list advertised as containing 2,519 fresh Hotmail credential hits. The content is gated behind a reply requirement. These credentials are likely intended for credential stuffing against Hotmail/Outlook accounts.
Date: 2026-05-11T17:36:30Z
Network: openweb
Published URL: https://altenens.is/threads/check-mark-buttoncheck-mark-button-2519x-fresh-private-hotmail-hits-check-mark-button-check-mark-button.2937950/unread
Screenshots:
None
Threat Actors: Angiecrax
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of mixed mail credentials with claimed valid Hotmail hits
Category: Combo List
Content: A threat actor distributed a combo list of 3,858 mixed email credentials, claiming valid Hotmail hits. The list is made available via a download link and promoted through a Telegram contact.
Date: 2026-05-11T17:31:21Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9A%A1%E2%9A%A1-3858x-PREMIUM-MIX-MAIL-HITS%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: xdalphaa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Vietnamese gambling organization
Category: Data Breach
Content: A threat actor is offering what they claim is gambling-related data from Vietnam for sale. The post provides minimal details and directs interested parties to contact via Telegram for more information. No specific organization, record count, or data fields have been disclosed.
Date: 2026-05-11T17:22:30Z
Network: openweb
Published URL: https://breached.st/threads/vietnam-gambling-data-available.87000/unread
Screenshots:
None
Threat Actors: Kevin Williams
Victim Country: Vietnam
Victim Industry: Gambling
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged Poland citizen database
Category: Data Breach
Content: A threat actor is offering for sale an alleged database of Polish citizens via a forum post. The seller advertises trial and premium data packages and directs interested buyers to a Telegram contact. No specific record count, data fields, or source organization are disclosed in the post.
Date: 2026-05-11T17:21:59Z
Network: openweb
Published URL: https://breached.st/threads/poland-citizen-database.87001/unread
Screenshots:
None
Threat Actors: Kevin Williams
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of PII database allegedly containing 2.794 million Indonesian individuals
Category: Data Breach
Content: A threat actor is offering for sale a dataset allegedly containing personally identifiable information of approximately 2.794 million Indonesian individuals. The data includes full names, email addresses, phone numbers, and employer/occupation details, with sample records indicating affiliation with Indonesian agricultural government bodies and universities. The seller is advertising the dataset on a cybercrime forum with contact details provided for purchase.
Date: 2026-05-11T17:21:28Z
Network: openweb
Published URL: https://breached.st/threads/sell-pii-indonesia-2794k-include-name-gmail-number.87002/unread
Screenshots:
None
Threat Actors: 053o
Victim Country: Indonesia
Victim Industry: Agriculture
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Edge.app
Category: Data Breach
Content: A threat actor is offering for sale an alleged database from edge.app containing approximately 175,000 email addresses. The actor is directing interested buyers to contact them via Telegram for samples.
Date: 2026-05-11T17:17:21Z
Network: openweb
Published URL: https://spear.cx/Thread-edge-app
Screenshots:
None
Threat Actors: empathy101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Edge.app
Victim Site: edge.app
Distribution of URL:Login:Password credential logs
Category: Logs
Content: A forum user is distributing a collection of URL:Login:Password (ULP) formatted credential logs, marketed as high quality and private. The post does not specify targeted organizations, record counts, or geographic scope.
Date: 2026-05-11T17:16:11Z
Network: openweb
Published URL: https://darkforums.su/Thread-%E2%AD%90%EF%B8%8F%E2%98%81URL-LOGIN-PASS%E2%AD%90%EF%B8%8F-ULP-%E2%AD%90%EF%B8%8FHQ-PRIVATE%E2%AD%90%EF%B8%8F–76010
Screenshots:
None
Threat Actors: MonkeyBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 350K stealer log credentials
Category: Logs
Content: A threat actor on a darknet forum leaked a dataset of 350,000 lines of stealer log credentials in URL:LOGIN:PASS format, totaling 24.6MB. The logs were made available for free download and are attributed to the Vermion Cloud log channel.
Date: 2026-05-11T17:15:32Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-350K-vermionlogs-VERMION-CLOUD
Screenshots:
None
Threat Actors: scandal
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of administrative credentials for Nicaraguas public procurement system (NicaraguaCompra)
Category: Logs
Content: A threat actor shared an administrative account credential for Nicaraguas public procurement platform SISCAE (NicaraguaCompra), which manages state acquisition and contracting processes. The post includes a username and password for what is claimed to be an administrative-level account. The credential was distributed freely on a stealer logs forum.
Date: 2026-05-11T17:14:54Z
Network: openweb
Published URL: https://darkforums.su/Thread-administrative-account-to-gestion-nicaraguacompra-gob-ni
Screenshots:
None
Threat Actors: Ranssi
Victim Country: Nicaragua
Victim Industry: Government
Victim Organization: NicaraguaCompra (SISCAE)
Victim Site: gestion.nicaraguacompra.gob.ni
Sale of undetected PC malware
Category: Malware
Content: A threat actor is offering undetected PC malware for sale at $50. No specific malware type or target is specified in the post.
Date: 2026-05-11T17:14:03Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-any-type-of-malware-for-50
Screenshots:
None
Threat Actors: sharpie787
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of initial access to undisclosed Argentine SaaS shop management platform
Category: Initial Access
Content: A threat actor is selling database access and an active session token to an unnamed Argentine SaaS platform providing shop management services. The platform reportedly has 138 total shops with 26 active paying stores and a largest customer revenue of 104K USD. The offering includes database access and a session credential.
Date: 2026-05-11T17:13:29Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Argentinan-SaaS-Platform-Shop-Management
Screenshots:
None
Threat Actors: KurdishWorm
Victim Country: Argentina
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: Unknown
Sale of initial access to undisclosed Japanese retail/e-commerce company via GlobalProtect VPN
Category: Initial Access
Content: A threat actor is selling enterprise admin-level VPN access (Palo Alto GlobalProtect) to an undisclosed Japanese retail/e-commerce organization with estimated revenue of $25M–$50M and approximately 1,000 hosts. The access is listed at $25 and was verified within the last 48 hours. The listing is cross-posted from the SiberianShelves darknet marketplace.
Date: 2026-05-11T17:12:54Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-VPN-GlobalProtect-Retail-E-Commerce-Japan-25M-50M-revenue
Screenshots:
None
Threat Actors: Toton
Victim Country: Japan
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Sale of initial access to multiple organizations across Turkey, Portugal, Brazil, Australia, and United Kingdom
Category: Initial Access
Content: A threat actor is offering for sale initial access to five organizations across multiple countries and sectors, including manufacturing (Turkey), telecommunications (Portugal), technology/SaaS (Brazil), energy/utilities (Australia), and insurance (United Kingdom). Access types include Cisco AnyConnect VPN, Exchange OWA, RDP, Citrix Gateway, and GlobalProtect VPN, with privilege levels ranging from domain user to root and network admin. The actor is accepting Bitcoin only.
Date: 2026-05-11T17:12:13Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Accessess-fresh-new-listings
Screenshots:
None
Threat Actors: Toton
Victim Country: Unknown
Victim Industry: Multiple
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged Hong Kong financial sector database containing analyst and HNWI investor profiles
Category: Data Breach
Content: A threat actor is selling an alleged database of 312,745 records sourced from Hong Kongs financial sector, claimed to have been obtained via targeted network infiltration between April 18–22, 2026. The dataset purportedly includes profiles of financial analysts, HNWI investors, family offices, and VC/PE principals, with data aggregated from private CRM systems attributed to institutions such as HSBC Wealth, Morgan Stanley Asia-Pacific, and Citi Private Bank. The seller is offering segmented pur
Date: 2026-05-11T17:11:19Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-PREMIUM-SALE-Exclusive-April-2026-Hong-Kong-Financial-Analysts-HNWI-Investors-DB–75984
Screenshots:
None
Threat Actors: Leakbase
Victim Country: Hong Kong
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Sale of cross-platform RCS exploit chain with zero-day kernel modules and FUD crypter
Category: Malware
Content: A threat actor is selling a full Remote Control System (RCS) exploit chain targeting Windows 10/11, Android 12–16, and macOS, advertised as fully undetected (FUD) with an optional rootkit add-on. The package includes zero-day kernel modules, a custom crypter with nightly stub updates, multiple delivery vectors (PDF, DOCX, browser zero-click, SMS), and compatibility with common C2 frameworks including Cobalt Strike and Mythic. Pricing ranges from $700 for a demo sample to $9,000 for an unlimited-
Date: 2026-05-11T17:10:45Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-%F0%9F%92%A5-WTS-Premium-RCS-Exploit-%E2%80%94-0-Day-Remote-Access-Chain-FUD-Cross-Platform-2026–75985
Screenshots:
None
Threat Actors: Leakbase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Robinhood Crypto
Category: Data Breach
Content: A threat actor is selling an alleged dataset from Robinhood Crypto purportedly stemming from an April 2026 security incident. The 6 million-record compilation is claimed to include user profiles, 3.5 million credit card records with CVVs, KYC verification documents (passports, drivers licenses), crypto portfolio data, transaction histories, and password hashes. The complete dataset is priced at $8,000 in cryptocurrency, with segmented subsets available upon inquiry.
Date: 2026-05-11T17:10:01Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-PREMIUM-EXCLUSIVE-Robinhood-Crypto-April-2026-Database-Leak-6M-Records-CCs-KYC–75986
Screenshots:
None
Threat Actors: Leakbase
Victim Country: United States
Victim Industry: Finance
Victim Organization: Robinhood Crypto
Victim Site: robinhood.com
Alleged data breach of OKX crypto exchange with KYC, financial, and payment card data offered for sale
Category: Data Breach
Content: A threat actor is selling an alleged database dump attributed to OKX, a major global cryptocurrency exchange, priced at $5,000. The dataset purportedly contains approximately 1 million full user profiles including full names, email addresses, phone numbers, residential addresses, government ID numbers, KYC documents (ID scans, selfies), credit card details (BIN, expiry, CVV), transaction histories, and account balances. The seller claims the dump is dated April 2026, has not been previously sold
Date: 2026-05-11T17:09:24Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-OKX-Crypto-Database-Full-Info-IDs-Credit-Cards-Fresh-Private-Dump-2026-%F0%9F%9B%91
Screenshots:
None
Threat Actors: Leakbase
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: OKX
Victim Site: okx.com
Sale of 20,000 alleged US Coinbase user leads
Category: Data Breach
Content: A threat actor is selling approximately 20,000 alleged Coinbase user leads sourced from the United States. The dataset reportedly includes first name, last name, email, phone number, source, and country fields. The seller claims the data originates from a private source.
Date: 2026-05-11T17:08:48Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-20kFresh-US-CB-Leads-Private-Souce
Screenshots:
None
Threat Actors: vegitaxi
Victim Country: United States
Victim Industry: Finance
Victim Organization: Coinbase
Victim Site: coinbase.com
Alleged sale of classified DARPA AI/Autonomy Systems threat analysis report
Category: Data Breach
Content: A threat actor is claiming to sell a 199-page alleged classified DARPA technical report (SECRET//NOFORN), purportedly dated February 14, 2026, detailing vulnerabilities in U.S. AI-driven autonomous weapons, ISR systems, and command infrastructure. The post includes claimed financial impact figures, exploitation vectors, and geolocated facility data attributed to the document. The authenticity of the document has not been verified.
Date: 2026-05-11T17:08:13Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-DARPA-AI-AUTONOMY-SYSTEMS-THREAT-ANALYSIS-2026-Full-Technical-Report–76049
Screenshots:
None
Threat Actors: mosad
Victim Country: United States
Victim Industry: Government
Victim Organization: DARPA
Victim Site: darpa.mil
Alleged data breach of Mansoura University, Egypt
Category: Data Breach
Content: A threat actor is selling approximately 10GB of data allegedly stolen from Mansoura University in Egypt. The dataset reportedly includes a CSV of ~989,000 student records spanning 2006 to 2026 with fields such as national IDs, passwords, and enrollment details, as well as thousands of research documents, internal documents, and student images.
Date: 2026-05-11T17:07:39Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Egypt-Mansoura-University-10GB-1M-pii-images-docs
Screenshots:
None
Threat Actors: INT3X
Victim Country: Egypt
Victim Industry: Education
Victim Organization: Mansoura University
Victim Site: Unknown
Sale of initial access to Packeta (packeta.ro)
Category: Initial Access
Content: A threat actor is offering full access to Packeta, an e-commerce logistics platform operating across over 30 European countries, for $10,000. The post provides contact details via a Session messenger address. No further details about the nature or extent of the access are disclosed.
Date: 2026-05-11T17:07:03Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-packeta-ro-full-acces
Screenshots:
None
Threat Actors: vegitaxi
Victim Country: Romania
Victim Industry: Logistics
Victim Organization: Packeta
Victim Site: packeta.ro
Alleged data breach of egrar.sa (Saudi Arabia)
Category: Data Breach
Content: A threat actor is offering two database files (xlsx format) allegedly obtained from egrar.sa, a Saudi digital platform for professional advisory and accounting services. The first database contains admin names, emails, and mobile phones; the second contains approximately 3,048 customer records with similar fields. The actor provides screenshots and a CSV sample as proof.
Date: 2026-05-11T17:06:30Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Saudi-Arabia-2DBs-from-egrar-sa–76183
Screenshots:
None
Threat Actors: BigBrother
Victim Country: Saudi Arabia
Victim Industry: Finance
Victim Organization: Egrar
Victim Site: egrar.sa
Website Defacement of Cafe Falcon by Tigris BD
Category: Defacement
Content: On May 12, 2026, the homepage of cafefalcon.com was defaced by a threat actor identified as Tigris BD. The attack targeted the sites index page and constitutes a homepage defacement. No specific motivation or proof of concept was disclosed in the available intelligence.
Date: 2026-05-11T17:06:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919713
Screenshots:
None
Threat Actors: Tigris BD
Victim Country: Unknown
Victim Industry: Food and Beverage / Hospitality
Victim Organization: Cafe Falcon
Victim Site: cafefalcon.com
Alleged data breach of FamilyBox (TEALCA Group) exposing 1.1 million customer records
Category: Data Breach
Content: A threat actor is selling an alleged database dump from familybox.store, an online supermarket affiliated with Venezuelan logistics company TEALCA Group. The dataset purportedly contains 1.1 million rows of customer PII including full names, email addresses, phone numbers, physical addresses, and transaction amounts in both VES and USD. A CSV sample and screenshot are provided as proof of access.
Date: 2026-05-11T17:05:56Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Venezuela-1-100-000-PII-from-familybox-store–76185
Screenshots:
None
Threat Actors: BigBrother
Victim Country: Venezuela
Victim Industry: Retail
Victim Organization: FamilyBox / TEALCA Group
Victim Site: familybox.store
Alleged data breach of Monstercars
Category: Data Breach
Content: A threat actor is selling an alleged database from monstercars.nl containing approximately 57,000 records. The dataset reportedly includes customer information, addresses, and order data. The seller accepts escrow or middleman transactions.
Date: 2026-05-11T17:05:21Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-monstercars-nl-57K-Netherlands-DataBase
Screenshots:
None
Threat Actors: wizard
Victim Country: Netherlands
Victim Industry: Retail
Victim Organization: Monstercars
Victim Site: monstercars.nl
Sale of admin access to multiple Angolan government websites and webmail panels
Category: Initial Access
Content: A threat actor is offering admin access to multiple Angolan government websites and webmail panels, including claimed access to the Angolan police and military police. Access is priced at $20 per website panel and $15–$30 per webmail, with prices described as negotiable.
Date: 2026-05-11T17:03:52Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Selling-Admin-Access-to-multiple-government-websites-and-webmail-panels
Screenshots:
None
Threat Actors: DuperKinger123
Victim Country: Angola
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Cyberangriff auf Baufirma Heberger – Schifferstadt
Category: Cyber Attack
Content: Lentreprise de construction Heberger, basée à Schifferstadt, a été victime dune cyberattaque la semaine dernière. Lincident, confirmé par une porte-parole de lentreprise, aurait eu lieu le jeudi 7 mai tôt le matin. Malgré des normes élevées en matière de sécurité informatique, lentreprise a été touchée par cette intrusion.
Date: 2026-05-11T17:03:47Z
Network: openweb
Published URL: https://www.rheinpfalz.de/lokal/ludwigshafen_artikel,-cyberangriff-auf-baufirma-heberger-_arid,5889199.html
Screenshots:
None
Threat Actors:
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Heberger
Victim Site: heberger.com
Sale of government and ministry email accounts across multiple countries
Category: Initial Access
Content: A threat actor is selling access to government webmail and ministry accounts across multiple countries including Angola, Tanzania, Zambia, Poland, Brazil, Colombia, Vietnam, and the United States. Offerings include admin-level access with the ability to create new government email addresses, priced between $5 and $100. Accounts span law enforcement, defense, economics, education, and criminal registry systems.
Date: 2026-05-11T17:03:18Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-gov-mails-admin-ministry-accounts-for-sale
Screenshots:
None
Threat Actors: limith
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Sale of mobile and residential Android proxy service via dark forum
Category: Services
Content: A threat actor operating under the name LTeasy is advertising a commercial mobile and residential Android proxy service on a dark forum. The service offers rotating and sticky SOCKS5/HTTPS proxies across multiple global regions using real mobile devices on carriers such as Verizon, T-Mobile, and AT&T. Promotional discounts and an affiliate program are offered to forum members.
Date: 2026-05-11T17:02:32Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-LTeasy-Mob-Resi-Android-Proxies-Worldwide-LTE-4G-5G-Wi-Fi-SOCK5-HTTPS-50-OFF
Screenshots:
None
Threat Actors: LTeasy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of full access to 1,169 Australian websites
Category: Initial Access
Content: A threat actor is offering full administrative access to 1,169 Australian websites for $400, to be sold to a single buyer. Access is provided in url:user:pass format, with claimed access to databases, source code, and emails via the compromised panels. The seller is associated with the PwnerSec group on X (Twitter).
Date: 2026-05-11T17:01:57Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-1169-Australian-websites-Full-Access
Screenshots:
None
Threat Actors: NormalLeVrai
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of activated Google Voice accounts
Category: Services
Content: A threat actor is offering activated and working Google Voice accounts for sale at $10 each. Contact is provided via Telegram. No details are given regarding the origin or quantity of the accounts.
Date: 2026-05-11T17:01:19Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Selling-activated-working-google-voice-account-s
Screenshots:
None
Threat Actors: NovaV1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of China citizens database with phone numbers and full names
Category: Data Breach
Content: A threat actor is offering for sale an alleged database of Chinese citizens containing phone numbers and full names, totaling 1.2 billion records. The data is distributed in RAR/TXT format with an uncompressed size of approximately 4.95 GB. Sample data includes Chinese mobile numbers paired with full names across multiple regions.
Date: 2026-05-11T17:00:39Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-China-All-Citizens-Database-Phone-Full-Name-1-2-Billion-Lines
Screenshots:
None
Threat Actors: MisterD
Victim Country: China
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of u-travel.hk (Hong Kong business commute and car rental service)
Category: Data Breach
Content: A threat actor is selling an alleged database dump from u-travel.hk, a Hong Kong-based business commute and car rental service. The dataset contains approximately 953,000 records including full names, phone numbers, Chinese name characters, gender, order amounts in HKD, order IDs, and transaction dates. Sample records indicate data spans 2024 and is provided in XLSX format (~81 MB).
Date: 2026-05-11T17:00:03Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Hong-Kong-Business-Commute-Car-Rental-Leak-u-travel-hk-953-000
Screenshots:
None
Threat Actors: MisterD
Victim Country: Hong Kong
Victim Industry: Transportation
Victim Organization: U-Travel
Victim Site: u-travel.hk
Alleged data breach of Indonesia population database
Category: Data Breach
Content: A threat actor is selling an alleged Indonesian population database containing 30 million records in CSV format, approximately 2.8 GB uncompressed. The dataset includes full names, phone numbers, dates of birth, sex, and residential addresses. The origin of the breach is unspecified, though the data appears to originate from a government or civil registration source.
Date: 2026-05-11T16:59:29Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Indonesia-Population-Database-30-Million-Lines
Screenshots:
None
Threat Actors: MisterD
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Japan population database
Category: Data Breach
Content: A threat actor is selling an alleged database of 20 million records pertaining to the Japanese population. The dataset is offered in CSV format (~5 GB uncompressed) and includes fields such as a national ID, date of birth, full name, city, address, and phone number. The origin and source of the breach have not been disclosed.
Date: 2026-05-11T16:58:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Japan-Population-Database-20-Million-Lines
Screenshots:
None
Threat Actors: MisterD
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Korean population records with 9 million individuals
Category: Data Breach
Content: A threat actor is selling an alleged Korean population database containing 9 million records in CSV format, approximately 3.4 GB uncompressed. The dataset includes full name, national ID number, sex, date of birth, phone number, email address, and residential address. The origin of the breach is unspecified; contact is provided via Telegram.
Date: 2026-05-11T16:58:20Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Korea-Population-Database-9-Million-Lines
Screenshots:
None
Threat Actors: MisterD
Victim Country: South Korea
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Sale of cryptocurrency database leak bundle pack containing 21.2 million lines
Category: Combo List
Content: A threat actor is selling a bundle pack of approximately 21.2 million lines aggregated from multiple cryptocurrency-related sources, including email:password combos, email leads, and customer records with phone numbers. The bundle claims to include data associated with platforms such as Poloniex, Coinbase, Binance, Ledger, KuCoin, Localbitcoins, and others across mixed countries. The pack is offered in txt, rar, csv, and xlsx formats totaling approximately 3.7 GB.
Date: 2026-05-11T16:57:46Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Crypto-Currency-Database-Leak-Bundle-Pack-21-2-Million-Lines
Screenshots:
None
Threat Actors: MisterD
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Taiwan health and insurance database
Category: Data Breach
Content: A threat actor is selling a CSV database purportedly containing 2.9 million records from Taiwans health, medical, and life insurance sector. The dataset is approximately 387 MB in size. Sample data is available to registered forum members upon reply or account upgrade.
Date: 2026-05-11T16:57:13Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Taiwan-Health-Medical-Life-Insurance-Database-2-9-Million-Lines
Screenshots:
None
Threat Actors: MisterD
Victim Country: Taiwan
Victim Industry: Healthcare
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Chinese shopping delivery address database
Category: Data Breach
Content: A threat actor is selling a database purportedly containing 810 million lines of Chinese shopping delivery address records. The dataset is approximately 18GB compressed and is offered in text format. The sellers identity and the source organization of the data are not disclosed.
Date: 2026-05-11T16:56:39Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-China-Shopping-Delivery-Address-Database-810-Million-Lines
Screenshots:
None
Threat Actors: MisterD
Victim Country: China
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Chinese phone number and IMEI database
Category: Data Leak
Content: A threat actor is offering a dataset purportedly containing 1.12 billion lines of Chinese phone numbers paired with IMEI identifiers. The data is available in RAR, tar.gz, and TSV formats with an uncompressed size of approximately 10.2 GB. The origin of the data and the breached organization are not identified in the post.
Date: 2026-05-11T16:56:06Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-China-Phone-IMEI-Leak-Database-1-12-Billion-Lines–75975
Screenshots:
None
Threat Actors: MisterD
Victim Country: China
Victim Industry: Telecommunications
Victim Organization: Unknown
Victim Site: Unknown
Sale of BLS International databases, source code, SSH keys, and biometric data
Category: Data Breach
Content: A threat actor is selling data allegedly exfiltrated from BLS International, an Indian visa and passport processing company. The offering includes up to 29 million database rows, backend source code, Amazon S3 bucket dumps, API and SMTP keys, biometric data (passport scans, liveness videos, facial and government documents), and MySQL root and SSH access to company servers, totaling 28 GB compressed.
Date: 2026-05-11T16:55:22Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-BLS-INTERNATIONAL-DATABASES-Source-Codes-SSH-Private-Keys
Screenshots:
None
Threat Actors: scatt3r
Victim Country: India
Victim Industry: Government
Victim Organization: BLS International
Victim Site: blsinternational.com
Sale of alleged SAWTAD R&D archive including SAW sensor IP, patents, and internal documents
Category: Data Breach
Content: A threat actor is selling a 2.19 GB archive purportedly containing the full intellectual property of the SAW-TAD (Smart Absorbent Wireless Technology for Absorbent Devices) project, including R&D documentation, provisional patents, PCB/Gerber files, firmware, prototype test reports, signed NDAs, and patent attorney correspondence. The archive also allegedly includes documents from SPMet (Sociedade Portuguesa de Metrologia), including conference archives, financial reports, and council meeting mi
Date: 2026-05-11T16:54:46Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-SAWTAD-Full-Archive-Leak-%E2%80%93-SAW-Sensor-Diaper-Tech-Metrology-Vault
Screenshots:
None
Threat Actors: zestix
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: SAWTAD / SAW-TAD Project
Victim Site: Unknown
Sale of credentials lookup service from stealer log database
Category: Services
Content: A threat actor is offering a paid service to extract email:password credentials for specific websites, applications, or games from a self-described private stealer log database accumulated over seven years. The service is priced at $20 per request, with variable pricing based on volume and requirements. The actor claims global geographic coverage.
Date: 2026-05-11T16:54:11Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-I-ll-get-your-request-link-from-the-email-pass-accounts-url-logins-access
Screenshots:
None
Threat Actors: coloradoemails
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Evalang
Category: Data Breach
Content: A threat actor is selling an alleged database attributed to Evalang, containing 3 million records — approximately 2.5 million French contacts and 500,000 international contacts. The seller references an external proof link as evidence of the breach.
Date: 2026-05-11T16:53:36Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-FR-Ev-lang-3M
Screenshots:
None
Threat Actors: 111grp
Victim Country: France
Victim Industry: Unknown
Victim Organization: Evalang
Victim Site: Unknown
Sale of fraudulent identity documents, PSD templates, and personal data scans
Category: Carding
Content: A threat actor operating as Kingscan is selling fraudulent and counterfeit identity documents including ID cards, drivers licenses, passports, and selfies, as well as editable PSD templates for document forgery. The seller claims to offer customized fake documents for over 60 countries within 2-3 hours of receiving personal details. Products also include bank statements, utility bills, SSNs, and certificates, marketed for use in identity fraud and KYC bypass.
Date: 2026-05-11T16:53:02Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-High-Quality-ID-DL-Passports-Selfies-Scans-Bills-Certs-PSD-Templates
Screenshots:
None
Threat Actors: Kingscan
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of forged or stolen identity documents from over 200 countries
Category: Services
Content: A threat actor is selling identity documents including passports, drivers licenses, ID cards, and selfies from over 200 countries. The seller claims a stock of over 200,000 private documents available individually or as sets. Contact is offered via Telegram.
Date: 2026-05-11T16:52:23Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-%E2%9C%85-BUY-DOCUMENTS-FROM-EVERY-COUNTRY%E2%9C%85-%E2%AD%90%E2%9A%A1-PASSPORT%E2%9A%A1-ID%E2%9A%A1-DL%E2%9A%A1-SELFIE%E2%9A%A1-%E2%AD%90
Screenshots:
None
Threat Actors: Brazzers
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Chinese Peoples Liberation Army military documents and test data
Category: Data Breach
Content: A threat actor is offering for sale alleged data from multiple Chinese Peoples Liberation Army (PLA) entities, including the Cyberspace Force Technology Research Institute, Rocket Force, Joint Staff Intelligence Directorate, and several other military research institutes. The seller claims to possess test data and reports and is targeting think tanks and similar organizations as prospective buyers. Samples are offered to serious buyers; no specific record count or file size was disclosed.
Date: 2026-05-11T16:51:37Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-CHINA-SECRET-MILITARY-Rocket-Force-Foreign-Affairs-Cyberforce-TEST-DATA-REPORTS
Screenshots:
None
Threat Actors: mosad
Victim Country: China
Victim Industry: Government
Victim Organization: Chinese Peoples Liberation Army
Victim Site: Unknown
Sale of 9,500 passport and national identity card documents from France and Turkey
Category: Carding
Content: A threat actor is offering for sale 9,542 passport and national identity card documents, primarily from France and Turkey, for $1,000. The dataset is approximately 4.01 GB compressed. The seller claims to provide samples and evidence via the Session messaging platform.
Date: 2026-05-11T16:51:03Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-9500-Passport-and-National-Identity-Card
Screenshots:
None
Threat Actors: NormalLeVrai
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Streaming and Software Accounts via ACCOUNTS.CX Storefront
Category: Services
Content: A forum seller is advertising a commercial account-selling service at ACCOUNTS.CX offering accounts for Netflix, Adobe, ChatGPT, MAX, VPN, and other platforms with an auto-replace guarantee. The post includes extensive SEO tag spam related to Discord Nitro and other subscription services. The seller appears to be operating an automated storefront reselling compromised or unauthorized accounts.
Date: 2026-05-11T16:50:23Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-%E2%AD%90-ACCOUNTS-CX-%E2%AD%90-AUTO-REPLACE-%E2%9C%85-%E2%9A%A1%EF%B8%8FNETFLIX-%E2%9A%A1ADOBE-%E2%9A%A1%EF%B8%8FGPT-%E2%9A%A1MAX-%E2%9A%A1VPN-%E2%9A%A1UPGRADES-MORE
Screenshots:
None
Threat Actors: bl4cklak3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of multi-capability offensive tools and services including DDoS, vulnerability scanning, and RCE
Category: Services
Content: A threat actor is offering a bundle of offensive services and tools priced at $0.25, including DDoS attacks, SMS verification, vulnerability finding, RCE, bot finding, password cracking, and scanning. The post links to an external page at gta6.page, likely serving as a storefront or additional details page. No specific victim or target is identified.
Date: 2026-05-11T16:49:42Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-DDoS-SMS-VERIFY-VULN-FINDER-RCE-BOT-FINDER-PASS-CRACK-SCANS-0-25
Screenshots:
None
Threat Actors: c00lssh
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Emergia Contact Center and Conalcréditos
Category: Data Breach
Content: Threat actors claiming collaboration between Petro_Escobar and NyxarGroup allege exfiltration of approximately 12 TB of data from Emergia Contact Center and its debt collection unit Conalcréditos, as well as Spain-based PLUS CONTACTO SERVICIOS INTEGRALES SL. The actors claim to have gained access by exploiting vulnerabilities in a perimeter Cisco ASA, pivoting through Fortinet infrastructure spanning Spain and Colombia, and ultimately gaining full domain control including GSuite and corporate em
Date: 2026-05-11T16:47:24Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-CO-Emergia-CC-LEAK-12-TB
Screenshots:
None
Threat Actors: Petro_Escobar
Victim Country: Colombia
Victim Industry: Finance
Victim Organization: Emergia Contact Center
Victim Site: emergiacc.com
Sale of Apple Business Manager corporate accounts with full admin access
Category: Services
Content: A threat actor is selling Apple Business Manager (ABM) company accounts from multiple regions including the US, Europe, Asia, and the Middle East. The accounts are advertised as verified company profiles with full admin access and ready for device enrollment and enterprise use. Pricing and availability are offered via Telegram.
Date: 2026-05-11T16:46:50Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-ABM-for-sell-Apple
Screenshots:
None
Threat Actors: Appledark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of SmartQuick
Category: Data Breach
Content: Threat actors affiliated with NyxarGroup are offering for sale 2 TB of QA and web production data allegedly exfiltrated from SmartQuick, a Colombian logistics technology platform. The dataset reportedly includes client records containing names, ID numbers, phone numbers, addresses, email addresses, and GPS coordinates. Clients of the platform whose data may be exposed include major Colombian companies such as Accenture, Nestlé de Colombia, Cruz Verde, Petrobras, and others.
Date: 2026-05-11T16:46:15Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-CO-SMARTQUICK-3-TB-LEAK
Screenshots:
None
Threat Actors: Petro_Escobar
Victim Country: Colombia
Victim Industry: Technology
Victim Organization: SmartQuick
Victim Site: smartquick.com.co
Alleged data leak of Hospital Clínica San Agustín patient records
Category: Data Leak
Content: A threat actor claims to have extracted PII for 170,000 patients and 44,000 laboratory test results from Hospital Clínica San Agustín in Ecuador approximately one month ago. The actor states they attempted to negotiate with the organization, which did not respond, and is now making the data available via hidden content on the forum. Sample data and a contact email are provided.
Date: 2026-05-11T16:45:38Z
Network: openweb
Published URL: https://darkforums.su/Thread-170k-pacientes-Ecuador-Hospital-Cl%C3%ADnica-San-Agust%C3%ADn
Screenshots:
None
Threat Actors: Alameda_slim
Victim Country: Ecuador
Victim Industry: Healthcare
Victim Organization: Hospital Clínica San Agustín
Victim Site: hcsa.ec
Alleged data breach of Polymarket
Category: Data Breach
Content: A threat actor is offering for sale a 2GB dataset allegedly extracted from Polymarket, a prediction market platform. The archive purportedly includes user interaction data, comments, event logs, gamma and liquidity metrics, and follower/wallet relationship records spanning 2025-2026. The seller is accepting offers in Monero or Bitcoin and claims to also possess the platforms source code.
Date: 2026-05-11T16:44:59Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Polymarket-2GB-Comprehensive-Archive-Comments-Events-Gamma-Data
Screenshots:
None
Threat Actors: BigDataSeller
Victim Country: United States
Victim Industry: Finance
Victim Organization: Polymarket
Victim Site: polymarket.com
Sale of Facebook session cookies targeting Vietnamese users
Category: Logs
Content: A threat actor is selling Facebook session cookies belonging to Vietnamese users for $5. The seller is seeking long-term business cooperation and can be contacted via Telegram.
Date: 2026-05-11T16:44:25Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Facebook-cookies-for-sale-in-Vietnam
Screenshots:
None
Threat Actors: lyheang
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: facebook.com
Sale of real-time order data from shopping websites in Hungary and neighboring countries
Category: Data Breach
Content: A threat actor is selling real-time order data allegedly sourced from e-commerce platforms operating in Hungary, Czech Republic, and Slovakia. The data includes customer names, email addresses, phone numbers, postal addresses, and order details. Sample records contain personally identifiable information for individual shoppers.
Date: 2026-05-11T16:43:36Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Selling-real-time-order-data-from-shopping-websites-in-Hungary-Czech-Republic-Slova
Screenshots:
None
Threat Actors: yijianqingan
Victim Country: Hungary
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of IndoAmerican Seafoods database
Category: Data Leak
Content: A threat actor leaked a database allegedly obtained from indoamericanseafoods.com via SQL injection. The dump contains 19 participant records and 4 admin records including names, emails, phone numbers, addresses, and dates of birth. The data was made available for free download in CSV format with no password protection.
Date: 2026-05-11T16:42:16Z
Network: openweb
Published URL: https://darkforums.su/Thread-Leak-IndoAmerican-Seafoods-Database-Peserta-Admin-19-records
Screenshots:
None
Threat Actors: Y4nz404
Victim Country: Indonesia
Victim Industry: Food & Beverage
Victim Organization: IndoAmerican Seafoods
Victim Site: indoamericanseafoods.com
Alleged data breach of Guatemalas Judiciary (OJ) criminal records database
Category: Data Breach
Content: A hacktivist group claiming affiliation with DIEHUNDEHACKER alleges to have compromised the Guatemalan Judiciarys systems and obtained approximately 13.5 million records, including criminal record certificates and access credentials to the portal. The group states they are motivated by hacktivism and information security advocacy, explicitly stating no financial motive. Sample attachments were shared as proof of the alleged breach.
Date: 2026-05-11T16:41:40Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-DOCUMENTOS-BASE-DE-DATOS-ANTECEDENTES-PENALES-OJ-GUATEMALA-13-5MILLONES–76053
Screenshots:
None
Threat Actors: DerArkiteck
Victim Country: Guatemala
Victim Industry: Government
Victim Organization: Organismo Judicial (OJ) Guatemala
Victim Site: oj.gob.gt
Alleged data breach of NSBM Green University
Category: Data Breach
Content: A threat actor is selling an alleged database dump from NSBM Green University in Sri Lanka for $3,000 in Bitcoin. The dataset reportedly contains over 400 student records including Student ID numbers, personal email addresses, residential addresses, National Identity Card numbers, and encrypted passwords. Sample data was provided in the post to substantiate the claim.
Date: 2026-05-11T16:41:05Z
Network: openweb
Published URL: https://darkforums.su/Thread-SRI-LANKA-NSBM-GREEN-UNIVERSITY-FRESH-DATABASE-LEAK
Screenshots:
None
Threat Actors: J0na255
Victim Country: Sri Lanka
Victim Industry: Education
Victim Organization: NSBM Green University
Victim Site: nsbm.ac.lk
Alleged data breach of NSBM Green University
Category: Data Leak
Content: A threat actor has leaked records of 400+ students from NSBM Green University, a Sri Lankan higher education institution. The exposed data reportedly includes full names, NIC numbers, email addresses, physical addresses, and contact numbers. A sample of 30 student email addresses was shared as proof of the breach.
Date: 2026-05-11T16:40:28Z
Network: openweb
Published URL: https://darkforums.su/Thread-BREACH-LEAK-NSBM-Green-University-400-Student-Records-Exposed
Screenshots:
None
Threat Actors: J0na255
Victim Country: Sri Lanka
Victim Industry: Education
Victim Organization: NSBM Green University
Victim Site: nsbm.ac.lk
Alleged Initial Access to Indonesia Supreme Court Government Web Portal
Category: Initial Access
Content: A threat actor is freely sharing alleged administrator access credentials to the Indonesian Supreme Courts case portal (putusan.mahkamahagung.go.id), including a direct admin URL. The post also includes a sample database dump containing court case records with virtual account numbers, party names, and financial billing data. The access is being distributed at no cost, reportedly to build forum reputation.
Date: 2026-05-11T16:39:52Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-%F0%9F%87%AE%F0%9F%87%A9-FREE-Mahkamah-Agung-RI-Supreme-Court-Admin-Access-Gov-WEBSITE
Screenshots:
None
Threat Actors: ZvokxGustav
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Mahkamah Agung Republik Indonesia (Supreme Court of Indonesia)
Victim Site: putusan.mahkamahagung.go.id
Alleged data leak of Bolivian National Police personnel records
Category: Data Leak
Content: A threat actor leaked data allegedly belonging to the Bolivian National Police, including personnel records with fields such as full name, national ID number, address, date of birth, contact numbers, email addresses, blood type, rank, and unit assignment. A sample record was shared publicly alongside a download link. The data appears to originate from a police personnel management system.
Date: 2026-05-11T16:39:18Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-BOLIVIA-POLICE-DATA
Screenshots:
None
Threat Actors: Alz_157s
Victim Country: Bolivia
Victim Industry: Government
Victim Organization: Bolivian National Police
Victim Site: Unknown
Alleged data leak of Interlab (30 Mexican laboratories)
Category: Data Leak
Content: A threat actor claims to have compromised a server belonging to Interlab (interlab.mx / biosystem.mx), a Mexican laboratory services company, and obtained data from 30 affiliated laboratories. After alleged failed ransom negotiations, the actor is freely distributing CSV files containing company and laboratory data to the forum community. The leaked content includes per-laboratory folders and company information files.
Date: 2026-05-11T16:38:38Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-30-Mexican-labs-data
Screenshots:
None
Threat Actors: Alameda_slim
Victim Country: Mexico
Victim Industry: Healthcare
Victim Organization: Interlab
Victim Site: interlab.mx
Alleged data leak of Express Networks Ltd customer data
Category: Data Leak
Content: A threat actor is freely distributing alleged customer data from Express Networks Ltd, comprising approximately 5,000 rows. The leaked dataset includes extensive billing, account, network service, and personal information such as names, addresses, phone numbers, email addresses, dates of birth, IP addresses, MAC addresses, and financial billing details. The actor states the data is being shared publicly due to a broken agreement.
Date: 2026-05-11T16:38:03Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Express-Networks-Ltd-Leaks-Download
Screenshots:
None
Threat Actors: FOSGANK
Victim Country: Unknown
Victim Industry: Telecommunications
Victim Organization: Express Networks Ltd
Victim Site: Unknown
Alleged data leak of Universidad Autónoma de Ciudad Juárez (UADEC) employee and student records
Category: Data Leak
Content: A threat actor is freely sharing two files allegedly containing student email addresses, enrollment numbers, and CURP identifiers, as well as employee information from a Mexican university. The post also includes apparent LDAP administrator credentials, claimed to allow creation and modification of university email account passwords.
Date: 2026-05-11T16:37:25Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Uadec-mail-data-for-free
Screenshots:
None
Threat Actors: ModeZitraks
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Universidad Autónoma de Ciudad Juárez
Victim Site: uadec.mx
Alleged data leak of Mexicos Secretaria de Educacion Publica
Category: Data Leak
Content: A threat actor known as Alz_157s claims to have leaked data belonging to the Secretaria de Educacion Publica of Mexico, reportedly including personal information of underage and adult students, administrative and teaching staff, and guardians. The data is made available for free download on a darknet forum. The post does not specify the exact number of records or the nature of the data fields exposed.
Date: 2026-05-11T16:36:48Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-MEXICO-SECRETARIA-DE-EDUCACION-PUBLICA
Screenshots:
None
Threat Actors: Alz_157s
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Secretaria de Educacion Publica
Victim Site: sep.gob.mx
Alleged website defacements by Mr.PIMZZZXploit
Category: Defacement
Content: Threat actor Mr.PIMZZZXploit claims to have defaced multiple websites, primarily hosted on demowebsiteclient.com and related domains. A mirror link is provided at hack-db.org. The post includes 40+ URLs allegedly compromised.
Date: 2026-05-11T16:36:13Z
Network: telegram
Published URL: https://t.me/c/3865526389/908
Screenshots:
None
Threat Actors: Mr.PIMZZZXploit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: demowebsiteclient.com
Alleged data breach of DELKO.FR
Category: Data Breach
Content: A threat actor operating as lapsec_xd claims to be selling a scraped database from DELKO.FR containing approximately 3.2 million customer records. The exposed data includes names, email addresses, phone numbers, vehicle registration plates, appointment details, and service types. A price is available via a Telegram channel, and sample records are provided as proof.
Date: 2026-05-11T16:36:06Z
Network: openweb
Published URL: https://darkforums.su/Thread-DELKO-FR-SCRAP-BY-LAPSEC
Screenshots:
None
Threat Actors: lapsec_xd
Victim Country: France
Victim Industry: Retail
Victim Organization: DELKO
Victim Site: delko.fr
Alleged data breach of Iran IRGC military personnel records
Category: Data Breach
Content: A threat actor operating under the alias MDGhost666 is offering for sale a database allegedly containing identity records of Iranian Islamic Revolutionary Guard Corps (IRGC) military personnel. The data purportedly includes full names, dates of birth, national IDs, birth certificate numbers, addresses, and phone numbers in TXT format. Sample records in Persian script were included in the post to substantiate the claim.
Date: 2026-05-11T16:35:27Z
Network: openweb
Published URL: https://darkforums.su/Thread-IRAN-IRGC-MILITARY-DB-2026
Screenshots:
None
Threat Actors: MDGhost666
Victim Country: Iran
Victim Industry: Government
Victim Organization: Islamic Revolutionary Guard Corps (IRGC)
Victim Site: Unknown
Purchase request for PayPal combo list targeting multiple countries
Category: Combo List
Content: A forum user is seeking to purchase PayPal-targeted combo lists for multiple countries including Germany, France, Switzerland, Italy, and others. The post is a buy request for credential lists intended for use against PayPal accounts.
Date: 2026-05-11T16:28:41Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%90Buying-Paypal-Combolist%E2%AD%90
Screenshots:
None
Threat Actors: Maxbrth
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 1,218 Hotmail Credentials
Category: Combo List
Content: A combo list of 1,218 claimed valid Hotmail credentials is being shared on a paste forum. The content is gated behind registration or login. Credentials are marketed as valid access dated 10.05.2026.
Date: 2026-05-11T16:28:26Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%8C%8A1218-hotmail-valid-access-10-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 1,551 Hotmail Credentials
Category: Combo List
Content: A threat actor has shared a combo list of 1,551 purportedly valid Hotmail credentials, marketed with a validity date of May 10, 2026. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-11T16:28:05Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%8C%8A1551-hotmail-valid-access-10-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of credential stuffing config and checker creation service
Category: Services
Content: A threat actor is offering a custom config and checker creation service supporting OpenBullet 2.0, SilverBullet, and custom Python/Go scripts. Pricing ranges from €20 to €60+ per config depending on target security level and concurrency requirements. Specialized builds include cookie checkers, captcha-solver integrations, and email protocol checkers.
Date: 2026-05-11T16:27:53Z
Network: openweb
Published URL: https://patched.to/Thread-nova-config-checker-service
Screenshots:
None
Threat Actors: UnrapedFigs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free South Korea email combo list (Batch 29/100)
Category: Combo List
Content: A threat actor is freely distributing a batch of South Korea-targeted email credentials, labeled as batch 29 of 100. The content is hidden behind a registration/login wall on the forum. No additional details regarding record count or data source are provided.
Date: 2026-05-11T16:27:33Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-free-premium-south-korea-email-list-batch-29-100
Screenshots:
None
Threat Actors: emaildbpro
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail combo list shared on cracking forum
Category: Combo List
Content: A threat actor shared a Hotmail combo list on a cracking forum, linking to an external paste site. The post markets the credentials as premium hits suitable for credential stuffing against Hotmail accounts.
Date: 2026-05-11T16:27:02Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1337x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F–2292365
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials
Category: Combo List
Content: A threat actor has freely shared a combo list of 1,052 Hotmail credential hits via an external paste link. The credentials are marketed as premium hits suitable for credential stuffing against Hotmail accounts.
Date: 2026-05-11T16:26:46Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1052x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F–2292374
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
AOL-targeted email:password combo list available on cracking forum
Category: Combo List
Content: A threat actor has shared an AOL-targeted email:password combo list on a cracking forum via an external paste link. The post markets the credentials as high quality and suitable for credential stuffing against AOL accounts.
Date: 2026-05-11T16:26:42Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-AOL-TARGET-EMAILPASS-COMBOLIST-txt–2292394
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of email access combo list with 40,000 credentials
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 40,000 email credentials, marketed as valid mail access. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-11T16:26:10Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-40K-GOOD-VALID-MAIL-ACCESS
Screenshots:
None
Threat Actors: AlphaCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A threat actor is distributing 1,220 alleged valid Hotmail credential hits on a cybercrime forum. The credentials are described as premium and sourced from a private cloud mix. Access to the list is gated behind forum registration or login.
Date: 2026-05-11T16:25:44Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1220x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F–203706
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of KYC-verified Coinbase accounts with authentication credentials
Category: Carding
Content: A threat actor is selling KYC-verified Coinbase accounts for $20 USD each, payable in Bitcoin. Each account includes access to an associated Proton email, Coinbase login credentials, and an authenticator setup key. Accounts are advertised as freshly verified and empty.
Date: 2026-05-11T16:13:50Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-KYC-verified-coinbase-accounts
Screenshots:
None
Threat Actors: unconcided
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: coinbase.com
Alleged data breach of kamsparis.com
Category: Data Breach
Content: A threat actor is selling an alleged customer database from kamsparis.com containing 187,927 records. The dataset includes personally identifiable information such as full name, address, phone number, date of birth, and IBAN numbers. The seller is offering the data for $350 and claims it will be sold only once.
Date: 2026-05-11T16:08:41Z
Network: openweb
Published URL: https://breached.st/threads/france-kamsparis-com-187-927.86998/unread
Screenshots:
None
Threat Actors: moxzey
Victim Country: France
Victim Industry: Retail
Victim Organization: Kams Paris
Victim Site: kamsparis.com
Request to purchase Shopline KYC or Cartpanda data
Category: Carding
Content: A forum user is seeking to purchase KYC data or account data related to Shopline or Cartpanda e-commerce platforms. The post directs interested parties to contact via Telegram. No further details on data volume or pricing are provided.
Date: 2026-05-11T15:55:14Z
Network: openweb
Published URL: https://cracked.st/Thread-Buying-Shopline-KYC-or-Cartpanda
Screenshots:
None
Threat Actors: fancyshop
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Sale of email:password combo list (mixed USA and Worldwide)
Category: Combo List
Content: A threat actor is selling a combo list of 595,000 email:password pairs described as mixed USA and Worldwide. The seller offers no refunds or replacements but allows testing prior to purchase.
Date: 2026-05-11T15:55:05Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-WTS-GOOD-COMBOS-EMAIL-PASS–2091678
Screenshots:
None
Threat Actors: Reoza
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Fresh Hotmail Credentials
Category: Combo List
Content: A threat actor is distributing a set of 1,985 Hotmail email and password combinations marketed as private and fresh. The credentials are shared via Telegram and posted on a public cracking forum.
Date: 2026-05-11T15:54:49Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1985x-%E2%AD%90%E2%AD%90-FRESH-HQ-HOTMAIL-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Foot Locker gift cards at discounted rates
Category: Carding
Content: A threat actor is offering Foot Locker gift cards totaling up to $6,000 at a 60% discount via Telegram. The listing accepts a middleman (MM), suggesting fraudulently obtained gift cards being sold for profit.
Date: 2026-05-11T15:54:45Z
Network: openweb
Published URL: https://cracked.st/Thread-60-OFF-SELLING-FOOTLOCKER-GIFTCARDS-UP-TO-%EF%B9%A96000-in-giftcards
Screenshots:
None
Threat Actors: fancyshop
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Foot Locker
Victim Site: footlocker.com
Alleged credential logs targeting mo-on.cloud
Category: Logs
Content: A forum post by R0BIN1337 advertises URL:log:pass credentials associated with mo-on.cloud, dated May 26. The actual content is hidden behind a login/register wall, limiting visibility into the full scope of the data.
Date: 2026-05-11T15:54:11Z
Network: openweb
Published URL: https://patched.to/Thread-url-log-pass-%F0%9F%94%92-may26-mo-on-cloud-799
Screenshots:
None
Threat Actors: R0BIN1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: mo-on.cloud
Combo list hits distribution via private messaging
Category: Combo List
Content: A forum user is soliciting contact from individuals with credential stuffing hits, advertising a rich plan via Telegram. The post references hidden content with what appears to be a paste link, suggesting credential list sharing through private channels.
Date: 2026-05-11T15:54:04Z
Network: openweb
Published URL: https://patched.to/Thread-any-one-inboxing-hits-dm-me-rich-plan-%F0%9F%94%A5%F0%9F%94%A5
Screenshots:
None
Threat Actors: Bazdawan
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed mail combo list
Category: Combo List
Content: A mixed mail combo list is being shared on a cybercrime forum. The content is hidden behind a registration or login wall, limiting visibility into the specifics of the dataset. No further details regarding record count or targeted services are available from the post.
Date: 2026-05-11T15:53:35Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-x9676-mixed-mail-combo
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged combo list of Bangladesh email:password credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 16,000 email:password pairs purportedly associated with Bangladesh-based accounts. The credentials are marketed as fresh and were made available via an external paste link.
Date: 2026-05-11T15:53:30Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%A6%E2%9C%A6-16-K-%E2%9C%A6-Bangladesh-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-1-5-2026-%E2%9C%A6%E2%9C%A6–2292315
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A threat actor is distributing a combo list advertised as 1,030 Hotmail premium hits. The content is hidden behind a registration or login wall on the forum. No further details about the source of credentials are provided.
Date: 2026-05-11T15:53:16Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85%E2%AD%901030x-hotmail-premium-hits%E2%9C%85%E2%AD%90
Screenshots:
None
Threat Actors: Psyho70244
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 10,000 mixed combo list targeting United States
Category: Combo List
Content: A threat actor shared a combo list of 10,000 mixed credentials via an external paste link on a cybercrime forum. The list is described as targeting United States-based accounts. No specific breached organization is identified.
Date: 2026-05-11T15:53:06Z
Network: openweb
Published URL: https://nulledbb.com/thread-10k-MIXED-GOOD-COMBO-USA–2292345
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Mixed Mail Credentials
Category: Combo List
Content: A user on a leak forum is distributing a mixed-mail combo list described as private and fresh, checked by the author. The content is hidden behind a registration or login wall, and no further details about record count or source are available.
Date: 2026-05-11T15:52:20Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1MIX-MAIL%E2%9A%A1%E2%9A%A1PRIVATE%E2%9A%A1%E2%9A%A1FRESH%E2%9A%A1%E2%9A%A1CHEKED-BY-klyne05-%E2%9A%A1%E2%9A%A1–20414
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free mixed email combo list distribution
Category: Combo List
Content: A forum user is distributing a mixed email:password combo list described as private and fresh, checked by the poster. Content is hidden behind a like/registration gate on the forum.
Date: 2026-05-11T15:52:14Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1MIX-MAIL%E2%9A%A1%E2%9A%A1PRIVATE%E2%9A%A1%E2%9A%A1FRESH%E2%9A%A1%E2%9A%A1CHEKED-BY-klyne05-%E2%9A%A1%E2%9A%A1–203698
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ mix combo list with valid Hotmail credentials
Category: Combo List
Content: A threat actor is offering a combo list marketed as UHQ Mix containing 1,899 claimed valid credentials, including Hotmail accounts. The content is hidden behind a registration or login wall and the seller directs interested parties to a Telegram handle for access.
Date: 2026-05-11T15:51:48Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X1899-Valid-UHQ-Mix-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 2.4K Hotmail credentials shared on forum
Category: Combo List
Content: A threat actor shared a combo list of 2,400 Hotmail credentials marketed as fresh and checked on May 11. The content is hidden behind a forum registration or login wall. The named service is a credential-stuffing target, not the breach source.
Date: 2026-05-11T15:41:37Z
Network: openweb
Published URL: https://breachforums.rs/Thread-2-4K-Fresh-Hotmail-Hits-Just-Checked-11-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Germany domain combo list with 376,124 lines
Category: Combo List
Content: A threat actor shared a combo list of 376,124 email and password pairs associated with German (.de) domain accounts on a public forum. The list is described as sourced from good leaks and is formatted as email:password credentials for credential stuffing use.
Date: 2026-05-11T15:22:51Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-376-124-Lines-%E2%9C%85-Good-Leaks-De-Germany-Domain-Combolist
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Germany-targeted combo list with 570,027 lines
Category: Combo List
Content: A threat actor on a cracking forum is sharing a mixed-target combo list of 570,027 email:password lines associated with German users. The list is marketed as a Germany-focused credential set suitable for credential stuffing attacks. No specific victim organization is identified.
Date: 2026-05-11T15:22:23Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-570-027-Lines-%E2%9C%85-DE-Germany-Mixed-Target-Combolist
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Germany domain combo list of 1,091,991 lines
Category: Combo List
Content: A combo list of approximately 1.09 million email:password lines targeting German (.de) domains was shared on a cracking forum. The list is described as sourced from good leaks and is formatted for credential stuffing use.
Date: 2026-05-11T15:22:05Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-091-991-Lines-%E2%9C%85-Good-Leaks-De-Germany-Domain-Combolist
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Germany mixed target combo list with 1.13 million lines
Category: Combo List
Content: A threat actor is distributing a Germany-focused mixed target combo list containing over 1.13 million email:password lines. The post was shared on a public cracking forum. No specific victim organization is identified.
Date: 2026-05-11T15:21:36Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-131-120-Lines-%E2%9C%85-DE-Germany-Mixed-Target-Combolist
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Italy email:password combo list of 10K credentials
Category: Combo List
Content: A threat actor has shared a combo list of approximately 10,000 email:password credential pairs targeting Italian users. The list is described as ultra-high quality (UHQ) and is being distributed freely on the forum.
Date: 2026-05-11T15:21:07Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%AD%90%E2%AD%90-10k-UHQ-ITALY-COMBO-EMAIL-PASS%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: Antaksio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting German shopping platforms (Payback, PayPal, Amazon)
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 500,000 email and password pairs purportedly targeting German users of Payback, PayPal, and Amazon. The list is shared freely via a download link on the forum. The actor is soliciting further requests from other members.
Date: 2026-05-11T15:20:46Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Germany-DE-500K-Shopping-Targeted
Screenshots:
None
Threat Actors: Immanuel_Kant
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of EDU private combo list
Category: Combo List
Content: A forum post advertises a private combo list targeting educational institutions (.edu accounts). No further details on record count or origin are available.
Date: 2026-05-11T15:20:24Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-EDU-PRIVATE-COMBOL%C4%B0ST–2091990
Screenshots:
None
Threat Actors: RobotxTR
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged Combo List targeting education domain accounts (131,488 lines)
Category: Combo List
Content: A threat actor is distributing a combo list containing 131,488 email:password lines targeting education (.edu) domain accounts. The list is described as sourced from good leaks and appears to be aggregated credentials intended for credential stuffing against educational institutions.
Date: 2026-05-11T15:20:05Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-131-488-Lines-%E2%9C%85-Good-Leaks-Edu-education-Domain-Combolist
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Sale of education sector combo list with 117,053 lines for .de domain
Category: Combo List
Content: A threat actor shared a combo list containing 117,053 email:password lines targeting education-sector accounts associated with .de domains. The list is marketed as high-quality and is likely intended for credential stuffing against educational institutions.
Date: 2026-05-11T15:19:44Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-117-053-Lines-%E2%9C%85-HQ-Leaks-Edu-education-Combolist-de-Domain
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted account upgrades and subscription services including Netflix and Steam
Category: Services
Content: A forum member is advertising a marketplace called CHEAPEAST MARKET offering discounted account upgrades and products for services including Netflix and Steam. The post promotes a discount code and directs users to an external website and Discord server. No breach or data leak is claimed.
Date: 2026-05-11T15:19:12Z
Network: openweb
Published URL: https://cracked.st/Thread-Sellix-%E2%AD%90-UPGRADE-ACCOUNTS-%E2%AD%90CHEAPEAST-MARKET-NETFLIX-STEAM-ETC-%E2%AD%90–2091117
Screenshots:
None
Threat Actors: Antaksio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of upgraded and cracked accounts for streaming and gaming platforms
Category: Services
Content: A threat actor is advertising a marketplace selling upgraded and cracked accounts for platforms such as Netflix and Steam. The service is promoted with a discount code and references to vouches on Discord. No specific victim organization or breach is identified.
Date: 2026-05-11T15:19:02Z
Network: openweb
Published URL: https://cracked.st/Thread-Sellix-%E2%AD%90-UPGRADE-ACCOUNTS-%E2%AD%90CHEAPEAST-MARKET-NETFLIX-STEAM-ETC-%E2%AD%90–2091116
Screenshots:
None
Threat Actors: Antaksio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Purchase request for PayPal account data targeting multiple countries
Category: Carding
Content: A threat actor is soliciting PayPal account data for Germany, France, UK, Israel, and Switzerland. The post includes a contact Telegram handle and a hidden content link, suggesting a private negotiation for the purchase of compromised PayPal credentials.
Date: 2026-05-11T15:18:33Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%90buying-paypal-data%E2%AD%90-301291
Screenshots:
None
Threat Actors: Amaxgng
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: PayPal
Victim Site: paypal.com
Sale of 1,800 Hotmail account credentials
Category: Combo List
Content: A forum post advertises 1,800 Hotmail account credentials. The post appears to be sponsored by a proxy and SMS verification service. No further details about the data source or composition are provided.
Date: 2026-05-11T15:17:57Z
Network: openweb
Published URL: https://nulledbb.com/thread-X1800-Hotmail-Accounts–2292308
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A threat actor is sharing a combo list of 1,828 Hotmail credentials, described as an Access Vault. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-11T15:17:46Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-1828x-Hotmail-Access-Vault
Screenshots:
None
Threat Actors: RyuuLord
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email combo list (X3800)
Category: Combo List
Content: A forum post advertises a mixed mail combo list of approximately 3,800 lines. The thread appears to be sponsored by a proxy and SMS verification service. No specific breach source or target service is identified.
Date: 2026-05-11T15:17:37Z
Network: openweb
Published URL: https://nulledbb.com/thread-X3800-Mixed-Mail-Lines–2292309
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail combo list with 4,330 credentials
Category: Combo List
Content: A threat actor shared a combo list of 4,330 Hotmail credentials marketed as fresh. The content is hidden behind a registration or login requirement on the forum. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-11T15:17:24Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-4330x-FRESH-HOTMAIL-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Nulled07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of MIXMAIL combo list marketed as fresh UHQ credentials
Category: Combo List
Content: A threat actor is distributing a mixed-mail combo list containing approximately 2,700 credentials, marketed as fresh and high quality. The content is hidden behind a registration/login wall on the forum. The post references a Telegram channel associated with GoodTimes Cloud for distribution.
Date: 2026-05-11T15:17:00Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%8E%9D-2700-%E2%8E%A0-MIXMAIL-FRESH-UHQ%E2%9C%A8GOODTIMES-CLOUD–20412
Screenshots:
None
Threat Actors: Lexser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list containing 8,000 credentials shared on forum
Category: Combo List
Content: A threat actor shared a Hotmail-targeted combo list containing approximately 8,000 email:password pairs on a cybercrime forum. The content is hidden behind registration or login. The actor also advertises a shop (unique-combo.shop) offering combo lists for various countries and on request.
Date: 2026-05-11T15:16:33Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-Hotmail-Unique-Combo-3-8000
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of forum accounts for xss.ac and exploit.in
Category: Services
Content: A threat actor is offering pre-registered accounts on the cybercrime forums xss.ac and exploit.in for $100, undercutting the standard $200 registration fee. The seller claims to have existing old accounts available for purchase.
Date: 2026-05-11T15:14:24Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Exploit-in-xss-ac-Acount-sale
Screenshots:
None
Threat Actors: Darkode1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Website Defacement of rapijatim.or.id by Irene (XmrAnonye.id)
Category: Defacement
Content: On May 11, 2026, a threat actor known as Irene operating under the team XmrAnonye.id conducted a mass defacement attack against rapijatim.or.id, a website associated with the Indonesian Citizens Radio Organization (RAPI) in East Java. The attacker defaced the site by deploying a custom defacement page at the path /hacked-by-irene on a Linux-based server. The incident was recorded as part of a broader mass defacement campaign, with a mirror archived at haxor.id.
Date: 2026-05-11T15:07:35Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249157
Screenshots:
None
Threat Actors: Irene, XmrAnonye.id
Victim Country: Indonesia
Victim Industry: Non-Profit / Association
Victim Organization: RAPI Jawa Timur (Radio Antar Penduduk Indonesia – East Java)
Victim Site: rapijatim.or.id
Alleged data leak of City of Chicago Office user data
Category: Data Leak
Content: A threat actor has freely distributed a dataset allegedly containing information on over 100 users associated with the City of Chicago Office, including the mayor, former mayors, council members, and clerks. The data was shared via a Telegram link on the Breached forum.
Date: 2026-05-11T15:00:55Z
Network: openweb
Published URL: https://breached.st/threads/leak-city-of-chicago-office-100-users-leaked-mayor-former-mayors-council-clerk-etc.86997/unread
Screenshots:
None
Threat Actors: cc5ab
Victim Country: United States
Victim Industry: Government
Victim Organization: City of Chicago
Victim Site: chicago.gov
Alleged distribution of stealer logs targeting Secret StarLink
Category: Logs
Content: A forum post by R0BIN1337 references stealer logs associated with Secret StarLink. No content is available to confirm the nature, scope, or authenticity of the data.
Date: 2026-05-11T14:48:35Z
Network: openweb
Published URL: https://cracked.st/Thread-Logs-Secret-StarLink
Screenshots:
None
Threat Actors: R0BIN1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Secret StarLink
Victim Site: Unknown
Alleged distribution of stealer logs (1.7GB)
Category: Logs
Content: A forum user shared a 1.7GB collection of stealer logs containing approximately 1,372 entries. No further details about the origin or content of the logs were provided in the post.
Date: 2026-05-11T14:48:10Z
Network: openweb
Published URL: https://cracked.st/Thread-Logs-1-7GB-Standart-1372x
Screenshots:
None
Threat Actors: R0BIN1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of stealer logs (10GB+)
Category: Logs
Content: A threat actor known as R0BIN1337 is freely distributing over 10GB of stealer logs on a cracking forum. The logs are hosted on SunCloud and shared with a password hint. No specific victim organization or country is identified.
Date: 2026-05-11T14:47:48Z
Network: openweb
Published URL: https://cracked.st/Thread-Logs-10GB-SunCloud
Screenshots:
None
Threat Actors: R0BIN1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 2.6GB stealer log pack
Category: Logs
Content: A threat actor on Cracked.st is distributing a 2.6GB pack of stealer logs described as private. No further details about the contents, origin, or affected organizations are available from the post.
Date: 2026-05-11T14:47:16Z
Network: openweb
Published URL: https://cracked.st/Thread-LOGS-2-6gb-private-pack
Screenshots:
None
Threat Actors: theboxjon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of RedLine stealer logs
Category: Logs
Content: A threat actor is freely distributing approximately 1GB of stealer logs purportedly collected via RedLine on 08-05-2026. The post references a private Telegram channel for additional content. The logs are described as fresh and unwrapped.
Date: 2026-05-11T14:46:48Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%AD%90%E2%AD%901GB-FRESH-UPP-LOGS%E2%AD%90-FROM-REDLINE-08-05-2026-UNRAPPED%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: kingdevl10
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Germany mail access mix (4.1K credentials)
Category: Combo List
Content: A threat actor shared a combo list of approximately 4,100 Germany-based email credentials on a cracking forum. The post is marked as private data from the author and is offered for free.
Date: 2026-05-11T14:46:09Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9D%84%EF%B8%8F4-1k-GERMANY-MAIL-ACCESS-MIX%E2%9D%84%EF%B8%8F-10-05
Screenshots:
None
Threat Actors: SecureTrax
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting orange.fr distributed on forum
Category: Combo List
Content: A threat actor shared a combo list of 5,433 credentials associated with orange.fr email addresses, marketed as high-quality and fresh. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-11T14:45:58Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-5433-orange-fr-hq-fresh-lines
Screenshots:
None
Threat Actors: megatronishere
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting South Africa
Category: Combo List
Content: A forum user posted what appears to be a combo list targeting South Africa in the Combolists section. No further details about record count, data source, or content were provided in the post.
Date: 2026-05-11T14:45:48Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-SOUTH-AFRICA–2092345
Screenshots:
None
Threat Actors: FlightUSA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting interia.pl users
Category: Combo List
Content: A threat actor is sharing a combo list of 8,089 credential lines associated with interia.pl email addresses, marketed as high-quality and fresh. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-11T14:45:40Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-8089-interia-pl-hq-fresh-lines
Screenshots:
None
Threat Actors: megatronishere
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Yahoo Japan combo list with 11,776 credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 11,776 @yahoo.co.jp email credentials, marketed as high-quality and fresh. The content is gated behind forum registration or login.
Date: 2026-05-11T14:45:09Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-11776-yahoo-co-jp-hq-fresh-lines
Screenshots:
None
Threat Actors: megatronishere
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Telegram with 30 million user records for sale
Category: Data Breach
Content: A threat actor is offering for sale an alleged database of 30 million Telegram users containing fields such as system number, first and last name, phone number, user ID, and nickname. A sample paste is provided as proof, with full data available via a Telegram contact. The origin of the data and method of acquisition are unspecified.
Date: 2026-05-11T14:44:56Z
Network: openweb
Published URL: https://cracked.st/Thread-30M-DATABASE-USERS-PHONES-TELEGRAM
Screenshots:
None
Threat Actors: Meowl
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Telegram
Victim Site: telegram.org
Sale of Hotmail combo list by NightFallCloud
Category: Combo List
Content: A threat actor operating as NightFallCloud is offering a Hotmail combo list marketed as fresh UHQ credentials, with 10,000 to 20,000 new lines reportedly added daily. The listing includes Hotmail combos and mixed credentials described as fresh. Content is gated behind registration or login on the forum.
Date: 2026-05-11T14:44:52Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9A%A1800-hotmail-uhq-nightfall-cloud
Screenshots:
None
Threat Actors: NightFallCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 2,800 corporate email credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 2,800 corporate email access credentials. The content is gated behind registration or login. The post indicates the data is from private sources compiled by the author.
Date: 2026-05-11T14:44:34Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%9A%B5%F0%9F%8F%BC2-8k-corp-mail-access-mix%F0%9F%9A%B5%F0%9F%8F%BC%E2%9C%A8-10-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A threat actor shared a combo list of approximately 1,900 Hotmail email account credentials, described as old data and labeled VIP Cloud. The content is gated behind forum registration and distributed freely to members.
Date: 2026-05-11T14:44:14Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%9A%B5%F0%9F%8F%BC1-9k-hotmail-mail-access%F0%9F%9A%B5%F0%9F%8F%BC%E2%9C%A8-10-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of URL:Log:Pass combo list with 18.59 million records
Category: Combo List
Content: A threat actor shared a URL:LOG:PASS combo list containing approximately 18.59 million records via an external paste link. The list is marketed as UHQ (ultra-high quality) and hosted on daxus.pro. No specific victim organization is identified.
Date: 2026-05-11T14:43:54Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%AD%90%EF%B8%8FURL-LOG-PASS-18-59-M-%E2%9C%85-DAXUS-PRO-UHQ-%E2%AD%90%EF%B8%8F–2292299
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sénégal : le Trésor public signale un incident informatique
Category: Cyber Attack
Content: La Direction générale de la Comptabilité publique et du Trésor (DGCPT) a annoncé une perturbation de ses systèmes dinformation depuis le dimanche 10 mai 2026, suite à un incident non précisé. Cette panne survient quelques mois après une attaque de cyber-extorsion ayant touché la Direction générale des Impôts et des Domaines (DGID). Ces événements sinscrivent dans un contexte africain marqué par une augmentation des cybermenaces ciblant les institutions publiques.
Date: 2026-05-11T14:43:41Z
Network: openweb
Published URL: https://fr.apanews.net/news/senegal-incident-technique-au-tresor-public/
Screenshots:
None
Threat Actors:
Victim Country: Sweden
Victim Industry: Unknown
Victim Organization: Direction générale de la Comptabilité publique et du Trésor
Victim Site: sentresor.org
Combo list targeting Polish accounts distributed on forum
Category: Combo List
Content: A combo list of approximately 688,000+ credentials allegedly associated with Poland was shared freely via an external paste link. The post was made on a known credential-sharing forum under the Dumps section.
Date: 2026-05-11T14:43:38Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-688-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Poland-%E2%9C%AA-29-APR-2026-%E2%9C%AA–2292279
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed mail combo list (X2600)
Category: Combo List
Content: A forum post in the cracking section advertises X2600 mixed mail lines, likely a combo list of email credentials. The thread is sponsored by a proxy and SMS verification service. No specific breach victim or data fields are identified.
Date: 2026-05-11T14:43:33Z
Network: openweb
Published URL: https://nulledbb.com/thread-X2600-Mixed-Mail-Lines–2292306
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 1,944 credentials shared on forum
Category: Combo List
Content: A combo list of 1,944 Hotmail email and password pairs was shared on a darknet forum by user Stevee36. The content is gated behind registration or login. These credentials are harvested from various sources and are not indicative of a breach of Hotmail/Microsoft.
Date: 2026-05-11T14:42:50Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X1944-HQ-Hotmail-%E2%9A%A1%E2%9A%A1-BY-Stevee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Gmail credentials, LinkedIn cookies, and email:password combolists
Category: Combo List
Content: Threat actor advertising sale of credential lists including Gmail email:password combinations, Gmail cookies, and LinkedIn credentials with passwords. No pricing explicitly stated in this message but presented as a sales offering.
Date: 2026-05-11T14:29:13Z
Network: telegram
Published URL: https://t.me/c/2613583520/79654
Screenshots:
None
Threat Actors: best_
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts for gaming and shopping services
Category: Combo List
Content: A threat actor shared a combo list containing 700,857 email:password lines targeting Hotmail accounts, marketed for credential stuffing against gaming and shopping platforms.
Date: 2026-05-11T14:10:55Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-700-857-Lines-%E2%9C%85-Gaming-and-Shopping-Target-Hotmail
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 8+ Million URL:Log:Pass Lines Freely Shared (Part 332)
Category: Combo List
Content: A threat actor shared a combo list containing over 8 million URL:login:password credential pairs, distributed as part 332 of an ongoing free release series. The content is hidden behind registration or login on the forum.
Date: 2026-05-11T14:10:49Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-332
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list shared on cracking forum
Category: Combo List
Content: A threat actor is distributing Hotmail credential hits via a Telegram channel and offering private combo lists for purchase. The post advertises both free drops and paid private access through a Telegram contact. No record count or sample data was provided in the post.
Date: 2026-05-11T14:10:36Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-HQ-HOTMAIL-HIT-%E2%9C%85–2092330
Screenshots:
None
Threat Actors: wasifurkchut
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 100 alleged pure hits
Category: Combo List
Content: A threat actor on a cybercrime forum is offering a combo list of approximately 100 Hotmail credentials, marketed as elite global hits with no junk. The content is hidden behind a registration or login wall, limiting further detail.
Date: 2026-05-11T14:10:18Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1-0-1k-elite-global-hotmail-zero-junk-pure-hits-%E2%9A%A1-301254
Screenshots:
None
Threat Actors: NokiaDB
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of gaming-targeted combo list with 2 million credentials
Category: Combo List
Content: A threat actor is offering a gaming-targeted combo list containing approximately 2 million credentials on a cybercrime forum. The content is hidden behind a registration or login requirement. No specific victim organization or platform is identified in the post.
Date: 2026-05-11T14:10:00Z
Network: openweb
Published URL: https://patched.to/Thread-gaming-2m-gaming-targeted-good-combolist
Screenshots:
None
Threat Actors: capitan911
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 295K credentials
Category: Combo List
Content: A threat actor is offering a combo list of 295K Hotmail credentials described as UHQ and fresh. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-11T14:09:41Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-295k-hotmail-uhq-fresh-combolist
Screenshots:
None
Threat Actors: capitan911
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of cookies and session logs for Nike, Safeway, and other platforms
Category: Logs
Content: A threat actor has shared a paste link containing cookies for multiple platforms including Nike and Safeway. The post offers free access to session cookies for these services. No further details on record count or affected accounts are provided.
Date: 2026-05-11T14:09:26Z
Network: openweb
Published URL: https://nulledbb.com/thread-cookies-nike-safeway-more–2292238
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of German combo list with 165K credentials
Category: Combo List
Content: A threat actor is distributing a combo list purportedly containing 165,000 credentials associated with German users, marketed as high-quality and fresh. The content is gated behind registration or login on the forum.
Date: 2026-05-11T14:09:10Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-165k-germany-hq-fresh-combolist
Screenshots:
None
Threat Actors: megatronishere
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 1,100 Hotmail account credentials
Category: Combo List
Content: A forum post advertises 1,100 Hotmail accounts, likely for credential stuffing or account takeover purposes. The post appears to be sponsored by a proxy and SMS verification service. No further details about the origin or content of the credentials are provided.
Date: 2026-05-11T14:09:05Z
Network: openweb
Published URL: https://nulledbb.com/thread-X1100-Hotmail-Accounts–2292245
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Colombia UHQ combo list with 115,000 credentials
Category: Combo List
Content: A threat actor is distributing a combo list advertised as 115,000 UHQ credentials associated with Colombian users. The content is gated behind registration or login on the forum. No specific breached organization is identified.
Date: 2026-05-11T14:08:49Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-115k-colombia-uhq-combolist
Screenshots:
None
Threat Actors: megatronishere
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email combo list (X500)
Category: Combo List
Content: A forum post in the cracking section offers a mixed mail combo list of 500 lines. The post is sponsored by Vaultproxies.net, a proxy and SMS verification service. No additional details about the credential source or targeted services are provided.
Date: 2026-05-11T14:08:41Z
Network: openweb
Published URL: https://nulledbb.com/thread-X500-Mixed-Mail-Lines
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 1,700 Hotmail account credentials
Category: Combo List
Content: A forum post advertises 1,700 Hotmail account credentials for cracking purposes. The thread is sponsored by a proxy and SMS verification service. No further details about the source or verification status of the credentials are provided.
Date: 2026-05-11T14:08:17Z
Network: openweb
Published URL: https://nulledbb.com/thread-X1700-Hotmail-Accounts–2292259
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Greek email:password credentials freely shared
Category: Combo List
Content: A threat actor known as Fragtez leaked a combo list of approximately 75,000 Greek email:password pairs via an external paste service. The credentials are marketed as fresh and dated 27 April 2026.
Date: 2026-05-11T14:08:06Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%A6%E2%9C%A6-75-K-%E2%9C%A6-Greece-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-27-4-2026-%E2%9C%A6%E2%9C%A6–2292248
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Brazil email:password combo list
Category: Combo List
Content: A threat actor shared a Brazil-targeted email:password combo list via an external paste site. The post is categorized as a combo list intended for credential stuffing rather than a breach of a specific organization.
Date: 2026-05-11T14:07:56Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-BRAZIL-EMAILPASS-COMBOLIST-SHROUD20-txt–2292270
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list sample
Category: Combo List
Content: A threat actor shared a sample combo list of 1,315 Hotmail credentials on a cybercrime forum. The content is hidden behind a registration/login wall, suggesting it may be a teaser for a larger offering.
Date: 2026-05-11T14:07:09Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-1315x-SAMPLE-HOTMAIL-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: HollowKnight
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail Combo List by Ebbicloud
Category: Combo List
Content: A threat actor known as Ebbicloud has shared a combo list of 1,188 Hotmail credentials via Pasteview. The post is categorized as UHQ (ultra-high quality), suggesting the credentials have been verified. This is a credential stuffing resource targeting Microsoft Hotmail accounts.
Date: 2026-05-11T14:00:52Z
Network: openweb
Published URL: https://altenens.is/threads/1188x-uhq-hotmails_ebbi_cloud.2937909/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Combo List of Hotmail Credentials
Category: Combo List
Content: A threat actor shared a combo list of 1,366 Hotmail credentials via Pasteview. The list is marketed as UHQ (ultra high quality) and distributed for free on a cybercrime forum.
Date: 2026-05-11T14:00:25Z
Network: openweb
Published URL: https://altenens.is/threads/1366x-uhq-hotmails_-ebbi_cloud.2937910/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Mansoura University (mans.edu.eg)
Category: Data Leak
Content: A threat actor operating under the handle INT3X has freely released a dataset allegedly containing 731 records from Mansoura University (mans.edu.eg). The leaked fields include full names, email addresses, telephone numbers, job titles, departments, and workplace affiliations. The actor states the data is being published for free after the university failed to respond to a prior disclosure.
Date: 2026-05-11T13:52:07Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-EGY-Edu-eg-Full-Contact-Leaks-Mansoura-University
Screenshots:
None
Threat Actors: INT3X
Victim Country: Egypt
Victim Industry: Education
Victim Organization: Mansoura University
Victim Site: mans.edu.eg
Alleged data leak of MPR RI Socialization Board (Indonesia)
Category: Data Leak
Content: A threat actor operating under the handle SCTH (Sadboy Cyber Team Hacktivist Indonesia) claims to have leaked a database of 50,000 records belonging to the MPR RI (Peoples Consultative Assembly of Indonesia) Socialization Board. The post includes a download link for a sample and appears politically motivated, demanding the dismissal of the Secretary of the MPR RI Socialization Agency.
Date: 2026-05-11T13:48:47Z
Network: openweb
Published URL: https://breached.st/threads/mpr-ri-socialization-board-indonesia.86995/unread
Screenshots:
None
Threat Actors: SCTH
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: MPR RI Socialization Board
Victim Site: Unknown
60K mixed mail access combo list
Category: Combo List
Content: A combo list of approximately 60,000 mixed mail access credentials has been shared on a cracking forum. No additional details are available from the post content.
Date: 2026-05-11T13:34:36Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%9060K-MIXED-MAIL-ACCESS-%E2%AD%90
Screenshots:
None
Threat Actors: Posts
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Request to purchase EU PayPal credentials
Category: Carding
Content: A forum user is soliciting the purchase of PayPal account data targeting users in Germany, France, and the United Kingdom. The post requests contact via Telegram and does not specify volume or price.
Date: 2026-05-11T13:34:17Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%90BUYING-EU-Paypal-Data%E2%AD%90
Screenshots:
None
Threat Actors: amaxgng
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list containing 8,000 credentials
Category: Combo List
Content: A combo list of 8,000 Hotmail email:password credentials was shared on a cracking forum. The list is marketed as unique and intended for credential stuffing use.
Date: 2026-05-11T13:34:01Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Hotmail-Unique-Combo-2-8000
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list mix targeting USA and Europe
Category: Combo List
Content: A threat actor is distributing a combo list marketed as country-specific credential hits from the USA and Europe. The content is hidden behind registration, and no further details on record count or targeted services are provided.
Date: 2026-05-11T13:33:57Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%AD%90%EF%B8%8Fby-countries%E2%AD%90%EF%B8%8Fhits-mix-usa%E2%AD%90%EF%B8%8Feurope%E2%AD%90%EF%B8%8Fexclusive-combolist%E2%98%81%E2%AD%90%EF%B8%8F-300499
Screenshots:
None
Threat Actors: hangover2055
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of account checker tool targeting Go3.lv with Cloudflare bypass
Category: Combo List
Content: A threat actor is selling a credential-checking tool targeting Go3.lv, featuring Cloudflare Bot Manager bypass, built-in AI captcha solvers with claimed 90% accuracy, and Oracle response leak exploitation. The tool is advertised as request-based, requiring only high-reputation proxies, and is being sold as a single copy with middleman accepted.
Date: 2026-05-11T13:33:29Z
Network: openweb
Published URL: https://cracked.st/Thread-Go3-lv-RegChecker-VM-CF-Bypassed-Inbuilt-captcha-Solver
Screenshots:
None
Threat Actors: DataKernel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A forum member is distributing a combo list described as fresh Hotmail credentials via a private Telegram channel. The content is hidden behind a registration/login gate. No record count or additional details are provided in the visible portion of the post.
Date: 2026-05-11T13:33:25Z
Network: openweb
Published URL: https://patched.to/Thread-nova-%F0%9F%93%A2private-lines-hotmail%F0%9F%93%A2-%E2%9C%85cypher-cloud%E2%9C%85-%F0%9F%8C%AC%EF%B8%8Fhotmail-fresh%F0%9F%8C%AC%EF%B8%8F
Screenshots:
None
Threat Actors: Cypheer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted premium account upgrade services for multiple platforms
Category: Services
Content: A forum seller is offering discounted premium account upgrades for multiple platforms including LinkedIn, Coursera, Microsoft 365, Adobe Creative Cloud, Canva, Telegram, Bumble, CapCut, Grammarly, and Duolingo. Upgrades are applied to the buyers own account and are advertised as legal and safe. Services are offered at prices ranging from $6 to $90 depending on platform and subscription duration.
Date: 2026-05-11T13:33:00Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%90-CHEAPEST-LEGAL-UPGRADES-%E2%AD%90LINKEDIN%E2%9A%A1COURSERA%E2%9A%A1GRAMMERLY%E2%9A%A1MICROSOFT-365%E2%9A%A1CAPCUT%E2%9A%A1BUMBLE%E2%AD%90
Screenshots:
None
Threat Actors: MINDHUNTER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Request for PayPal credentials targeting Germany and France
Category: Carding
Content: A forum user is soliciting PayPal account data targeting users in Germany and France. The post does not offer data for sale but rather requests it from other forum members. No record count or specific data fields are mentioned.
Date: 2026-05-11T13:32:53Z
Network: openweb
Published URL: https://patched.to/Thread-need-pp-data
Screenshots:
None
Threat Actors: Amaxgng
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: PayPal
Victim Site: paypal.com
Sale of Hotmail credential combo list with 3,136 hits
Category: Combo List
Content: A threat actor is distributing a combo list advertised as 3,136 premium Hotmail credential hits. The content is hidden behind a registration or login wall on the forum. These credentials are intended for use in credential stuffing against Hotmail/Outlook accounts.
Date: 2026-05-11T13:32:22Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%9C-3136x-premium-hotmail-hits-%E2%9A%9C
Screenshots:
None
Threat Actors: Anon75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of URL login credential logs
Category: Combo List
Content: A forum user is distributing URL:login:password credential lists, marketed as a new update. The content is gated behind registration or login. Further updates are indicated as forthcoming.
Date: 2026-05-11T13:32:18Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-box-main-new-url-log-pass-11-05-26%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8Fpart-1-301234
Screenshots:
None
Threat Actors: BOXOWNER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Wanted: PayPal account data for Germany and France targets
Category: Carding
Content: A forum user is soliciting PayPal account data targeting users in Germany and France. The post requests contact via Telegram and links to hidden content, suggesting an ongoing transaction or further details behind a paywall.
Date: 2026-05-11T13:32:04Z
Network: openweb
Published URL: https://patched.to/Thread-buying-pp-data%E2%AD%90
Screenshots:
None
Threat Actors: Amaxgng
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: PayPal
Victim Site: paypal.com
Hotmail credential combo list with 1,420 hits shared freely
Category: Combo List
Content: A threat actor shared a combo list of 1,420 Hotmail credential hits via an external paste link. The credentials are marketed as premium hits and made available for free on the forum.
Date: 2026-05-11T13:31:52Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1420x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F–2292168
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed valid mail access credentials
Category: Combo List
Content: A threat actor shared a list of approximately 13,300 mixed valid mail access credentials via an external paste link. The post is dated May 1st and markets the credentials as valid.
Date: 2026-05-11T13:31:32Z
Network: openweb
Published URL: https://nulledbb.com/thread-13-3K-%E2%9C%A8-Mix-%E2%9C%A8-Valid-Mail-Access-01-05–2292197
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Indonesia distributed on forum
Category: Combo List
Content: A combo list containing over 232,000 credential pairs, reportedly associated with Indonesian accounts, was freely shared on a cybercrime forum. The content was made available via an external paste link. No specific breached organization is identified.
Date: 2026-05-11T13:31:13Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-232-K-Combo-%E2%9C%AA-Indonesia-%E2%9C%AA-9-MAY-2026-%E2%9C%AA–2292218
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale or distribution of session cookies for Costco, Target, Shein, and other retailers
Category: Logs
Content: A threat actor shared a link allegedly containing session cookies for multiple retail platforms including Costco, Target, and Shein. The post provides no additional details on record volume or origin of the cookies.
Date: 2026-05-11T13:31:09Z
Network: openweb
Published URL: https://nulledbb.com/thread-cookies-costco-target-shein-more–2292217
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail access combo list targeting USA, Europe, Asia, and Russia
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 800 Hotmail credentials sourced from users in the USA, Europe, Asia, and Russia. The content is hidden behind a reply gate on the forum. The list is marketed as valid for account access.
Date: 2026-05-11T13:25:32Z
Network: openweb
Published URL: https://altenens.is/threads/800x-hotmail-access-combo-usa-europe-asia-russian.2937901/unread
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mix mail combo list including Hotmail, Outlook, AOL, GMX, Inbox, iCloud, and Live credentials
Category: Combo List
Content: A threat actor shared a mixed mail combo list targeting multiple email providers including Hotmail, Outlook, AOL, GMX, Inbox, iCloud, and Live. The content is hidden behind a reply gate and distributed via Telegram. No record count was disclosed.
Date: 2026-05-11T13:24:59Z
Network: openweb
Published URL: https://altenens.is/threads/mix-mail-combo-hotmail-outlook-aol-gmx-inbox-icloud-live-2026-5-8.2937903/unread
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 700 fresh Hotmail credential combo list
Category: Combo List
Content: A threat actor is distributing a list of 700 Hotmail credentials marketed as fresh and valid. Access to the content is gated behind a reply requirement on the forum.
Date: 2026-05-11T13:24:25Z
Network: openweb
Published URL: https://altenens.is/threads/sparkles-700x-fresh-hotmail-valid-sparkles.2937899/unread
Screenshots:
None
Threat Actors: Sellix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 163K Email/Password Credentials
Category: Combo List
Content: A threat actor is sharing a combo list containing 163,000 email and password pairs on a cybercrime forum. The content is gated behind registration or login. No specific breach source or target service is identified.
Date: 2026-05-11T13:18:55Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-163K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 46K USA Email/Password Credentials
Category: Combo List
Content: A threat actor is sharing a combo list containing approximately 46,000 email and password pairs purportedly associated with USA-based accounts. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-11T13:17:14Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-USA-46K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 26K Mail Access Mix
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 26,000 mail access credentials, marketed as fully valid. The list is described as a mixed mail access collection dated May 11.
Date: 2026-05-11T13:15:36Z
Network: openweb
Published URL: https://breachforums.rs/Thread-26K-Full-Valid-Mail-Access-Mix-11-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Mixed Email and Password Credentials
Category: Combo List
Content: A combo list of approximately 4,000 mixed email and password credential pairs is being shared on a cybercrime forum. The content is gated behind registration or login. No specific breach source or targeted service is identified.
Date: 2026-05-11T13:15:12Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-4K-Mixed-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 10K Mixed Email/Password Credentials
Category: Combo List
Content: A combo list containing 10,000 mixed email and password pairs has been shared on a cybercrime forum. The credentials are described as valid and are available to registered forum members behind a hidden content gate.
Date: 2026-05-11T13:14:48Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-10K-Mixed-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Department of Education (DepEd) Marinduque branch employee emails
Category: Data Leak
Content: A threat actor leaked a list of approximately 46 email addresses attributed to employees of the Department of Education (DepEd) Marinduque branch in the Philippines. The data includes official deped.gov.ph email addresses as well as some personal Gmail accounts. No passwords or additional personal data were included in the post.
Date: 2026-05-11T13:07:59Z
Network: openweb
Published URL: https://breached.st/threads/deped-branch.86993/unread
Screenshots:
None
Threat Actors: Z4ne0days
Victim Country: Philippines
Victim Industry: Government
Victim Organization: Department of Education (DepEd)
Victim Site: deped.gov.ph
Alleged data breach of Elephant Insurance
Category: Data Breach
Content: A threat actor has leaked data allegedly sourced from Elephant Insurance, containing approximately 1.8 million unique email addresses from 2023. The sample includes full names, dates of birth, email addresses, phone numbers, physical addresses, drivers license numbers, payment card holder details, and hashed credentials. The dataset appears to combine multiple data types including personal, financial, and account records.
Date: 2026-05-11T13:04:06Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Elephant-insurance-data-2023
Screenshots:
None
Threat Actors: [Mod] Tanaka
Victim Country: United States
Victim Industry: Finance
Victim Organization: Elephant Insurance
Victim Site: elephant.com
Combo list targeting Taiwan distributed on forum
Category: Combo List
Content: A combo list containing over 36,000 credentials associated with Taiwan was freely shared on a nulled forum. The post includes a link to an external paste site hosting the credential list. No specific breached organization is identified.
Date: 2026-05-11T12:51:15Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-36-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Taiwan-%E2%9C%AA-30-APR-2026-%E2%9C%AA–2292137
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of Hotmail credential hits
Category: Combo List
Content: A threat actor has shared a free combo list containing 2,056 alleged Hotmail credential hits via an external paste link. The post is categorized as a credential stuffing list targeting Hotmail accounts.
Date: 2026-05-11T12:51:11Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-2056x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F–2292158
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of CalendrIDEL French healthcare platform
Category: Data Leak
Content: A threat actor has leaked data allegedly sourced from CalendrIDEL, a French platform connecting independent nurses for replacements and collaborations. The leaked dataset contains approximately 1,400 records including email addresses, phone numbers, and usernames. The data was made available via an anonymous file-sharing link.
Date: 2026-05-11T12:46:06Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-CalendrIDEL
Screenshots:
None
Threat Actors: ridok61
Victim Country: France
Victim Industry: Healthcare
Victim Organization: CalendrIDEL
Victim Site: calendridel.fr
Sale of 8.6K valid mix combo list
Category: Combo List
Content: A combo list advertised as containing 8.6K valid credential pairs was shared on BreachForums. The post is categorized as a mixed combo list with no further details available from the post content.
Date: 2026-05-11T12:43:49Z
Network: openweb
Published URL: https://breachforums.rs/Thread-8-6K-valid-mix-combolist
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 9.1K valid credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 9,100 valid Hotmail email and password pairs on a cybercrime forum. The content is gated behind registration or login. The credentials appear to be intended for credential stuffing or account takeover activity.
Date: 2026-05-11T12:42:23Z
Network: openweb
Published URL: https://breachforums.rs/Thread-9-1K-valid-combolist-hotmail
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Hotmail with 1.8K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 1,800 Hotmail credentials marketed as fresh mail access. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-11T12:41:58Z
Network: openweb
Published URL: https://breachforums.rs/Thread-1-8K-Hotmail-Fresh-Mail-Access-Juast-top-Quality-11-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email/password combo list with 11,700 credentials
Category: Combo List
Content: A threat actor shared a mixed email/password combo list containing approximately 11,700 credential pairs on a cybercrime forum. The content is hidden behind a registration or login wall, limiting public access. No specific target service or origin breach is identified.
Date: 2026-05-11T12:40:18Z
Network: openweb
Published URL: https://breachforums.rs/Thread-11-7-combo-mixed-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email/password combo list with 12.7 million records
Category: Combo List
Content: A forum post on BreachForums advertises a mixed email/password combo list containing approximately 12.7 million credential pairs. No additional details about the source, targeted services, or pricing are available from the post content.
Date: 2026-05-11T12:39:54Z
Network: openweb
Published URL: https://breachforums.rs/Thread-12-7-combo-mixed-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
18K Mixed Email/Password Combo List
Category: Combo List
Content: A threat actor is sharing a combo list containing 18,000 mixed email and password credential pairs. The content is hidden behind a registration or login requirement on the forum. No specific breach source or target service is identified.
Date: 2026-05-11T12:38:28Z
Network: openweb
Published URL: https://breachforums.rs/Thread-18K-combo-mixed-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
200K Mixed Email/Password Combo List
Category: Combo List
Content: A combo list containing 200,000 mixed email and password credential pairs is being shared on a cybercrime forum. The content is gated behind registration or login. No specific breached organization or target service is identified.
Date: 2026-05-11T12:38:04Z
Network: openweb
Published URL: https://breachforums.rs/Thread-200K-combo-mixed-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of FuboTV credential-stuffing config with full capture
Category: Combo List
Content: A threat actor is selling an OpenBullet 2 (OB2) config targeting FuboTV accounts, priced at $150. The config is advertised with full capture capabilities including plan, billing cycle, add-ons, and other account details. High proxy quality is required for operation.
Date: 2026-05-11T12:13:47Z
Network: openweb
Published URL: https://cracked.st/Thread-FuboTv-Config-w-Full-Capture-150-OB2
Screenshots:
None
Threat Actors: 1999Dragon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of custom-name KYC-verified accounts for crypto and financial platforms
Category: Services
Content: A threat actor is selling custom-name KYC-verified accounts for numerous cryptocurrency and financial platforms including Bitget, KuCoin, Kraken, Bybit, Bitvavo, Crypto.com, Bitpanda, and others. The seller claims to create fraudulent identity documents and complete KYC verification on the buyers behalf using a supplied name and surname, with delivery in 1–48 hours. Prices range from approximately 60€ to 1,250€ per account depending on platform and IBAN country.
Date: 2026-05-11T12:13:43Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-SELL-CUSTOM-NAME-BITGET-KUCOIN-KRAKEN-BYBIT-BITVAVO-CRYPTO-COM-BITPANDA
Screenshots:
None
Threat Actors: Rasselkyc
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Sale of cryptocurrency cashout method
Category: Carding
Content: A forum user is offering a cryptocurrency cashout method for $600, framed as an educational guide covering Bitcoin, Ethereum, and Litecoin wallet recovery, private key management, and seed phrase analysis. Despite disclaimers of legality and educational intent, the post is listed in a cracking forum and advertises methods for accessing inactive or abandoned crypto wallets. The content is consistent with illicit cryptocurrency cashout or wallet-cracking tradecraft.
Date: 2026-05-11T12:13:08Z
Network: openweb
Published URL: https://nulledbb.com/thread-600-Crypto-Cashout-2026-Working-Method
Screenshots:
None
Threat Actors: ZamanX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Silent Doc Exploit Framework Targeting Office Documents
Category: Malware
Content: A threat actor is offering a tool called Silent Doc Exploit 2026, described as an exploit framework that injects hidden malicious code into Word/Office documents for silent execution. The tool claims to support delivery of RATs, keyloggers, and crypto miners without user awareness, with remote command-and-control capability. A download link and VirusTotal scan result are referenced in the post.
Date: 2026-05-11T12:12:00Z
Network: openweb
Published URL: https://demonforums.net/Thread-Silent-Doc-Exploit-2026
Screenshots:
None
Threat Actors: RaoX78
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Russian email account combo list
Category: Combo List
Content: A threat actor is offering a combo list of approximately 1,200 Russian email account credentials, marketed as fully valid mail access. The list is dated 11.05 and posted in the combolists section of a cybercrime forum.
Date: 2026-05-11T12:11:03Z
Network: openweb
Published URL: https://breachforums.rs/Thread-1-2K-Russian-Full-Valid-Mail-Access-11-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 2.8K Chinese email credentials
Category: Logs
Content: A threat actor shared a combo list containing approximately 2,800 Chinese email credentials, marketed as fresh and dated 11.05. The list is available via a hidden link requiring forum registration to access.
Date: 2026-05-11T11:54:41Z
Network: openweb
Published URL: https://xforums.st/threads/2-8k-china-fresh-mail-access-11-05.613698/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 35.5 million URL:login:password logs
Category: Logs
Content: A threat actor is distributing a collection of 35.5 million URL:login:password log entries, marketed as fresh and high-quality stealer log output. The post encourages users to claim valid credentials before others and advertises premium unwrapped bases via Telegram.
Date: 2026-05-11T11:40:50Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%9C%A8-35-5-MILLION-URL-LOG-PASS-%E2%9C%A8-PRIVATE-%E2%9C%A8-BEST-FOR-EVERYTHING-%E2%9C%A8
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 20.3 million URL:login:password combo list
Category: Logs
Content: A threat actor on Cracked.st has freely shared a collection of 20.3 million URL:login:password log entries, marketed as fresh and high-quality. The post promotes the content as suitable for credential stuffing across multiple services and advertises additional unwrapped bases available via Telegram.
Date: 2026-05-11T11:40:31Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%9C%A8-20-3-MILLION-URL-LOG-PASS-%E2%9C%A8-PRIVATE-%E2%9C%A8-BEST-FOR-EVERYTHING-%E2%9C%A8
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 39.9 million URL:Login:Password log credentials
Category: Logs
Content: A threat actor on Cracked.st is freely distributing a dataset claimed to contain 39.9 million URL:login:password entries described as fresh UHQ stealer logs. The post markets the credentials as valid hits and promotes additional unwrapped bases available via Telegram or the forum.
Date: 2026-05-11T11:40:11Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%9C%A8-39-9-MILLION-URL-LOG-PASS-%E2%9C%A8-PRIVATE-%E2%9C%A8-BEST-FOR-EVERYTHING-%E2%9C%A8
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Gmail accounts — Asia region
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 50,000 credential pairs targeting Gmail accounts sourced from Asia. The content is gated behind registration or login on the forum. No breach of a specific organization is claimed.
Date: 2026-05-11T11:39:56Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%8F%AE-asia-gmail-50k-private-lines-%E2%80%94-%F0%9F%8F%AE
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 12.3 million URL:log:pass combo list
Category: Logs
Content: A threat actor on Cracked.st has made available a collection of 12.3 million URL:log:pass entries, described as fresh UHQ stealer log output. The post encourages users to claim valid hits and advertises unwrapped bases available via Telegram or forum contact.
Date: 2026-05-11T11:39:51Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%9C%A8-12-3-MILLION-URL-LOG-PASS-%E2%9C%A8-PRIVATE-%E2%9C%A8-BEST-FOR-EVERYTHING-%E2%9C%A8–2092293
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting cloud and mail services
Category: Combo List
Content: A threat actor is distributing a combo list advertised as targeting cloud and mail services. The content is hidden behind a registration or login wall, limiting visibility into specifics. No record count or targeted service details are disclosed in the visible portion of the post.
Date: 2026-05-11T11:39:41Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E3%80%90-%F0%9F%94%A5-private-cloud-%E2%80%A2-mail-lines-%F0%9F%94%A5-%E3%80%91
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 25.3 million URL:login:password stealer logs
Category: Logs
Content: A threat actor on Cracked.st is freely distributing a collection of 25.3 million URL:login:password entries described as UHQ (ultra-high quality) stealer log output. The post markets the credentials as fresh and working, and directs users to Telegram or the forum for access to higher-quality unwrapped bases.
Date: 2026-05-11T11:39:32Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%9C%A8-25-3-MILLION-URL-LOG-PASS-%E2%9C%A8-PRIVATE-%E2%9C%A8-BEST-FOR-EVERYTHING-%E2%9C%A8
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A forum user is sharing a private combo list of approximately 3,000 Hotmail credentials. The content is gated behind registration or login on the forum. No details about data origin or verification status are available.
Date: 2026-05-11T11:39:22Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%94%A5%F0%9F%94%A5%F0%9F%94%A5-hotmail-%E2%80%A2-private-x3000-%F0%9F%94%A5%F0%9F%94%A5%F0%9F%94%A5
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 12.5 million URL:Log:Pass combo list
Category: Logs
Content: A threat actor on Cracked.st has shared a collection of 12.5 million URL:log:pass entries, described as fresh and high-quality stealer log output. The post encourages users to claim valid hits and offers unwrapped bases for sale via Telegram or the forum.
Date: 2026-05-11T11:39:13Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%9C%A8-12-5-MILLION-URL-LOG-PASS-%E2%9C%A8-PRIVATE-%E2%9C%A8-BEST-FOR-EVERYTHING-%E2%9C%A8–2092292
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 15.1 million URL:log:pass credential combo list
Category: Logs
Content: A threat actor on Cracked.st has freely shared a collection of 15.1 million URL:log:pass entries described as fresh UHQ stealer log output. The post markets the credentials as valid hits and promotes additional unwrapped bases available via Telegram or the forum.
Date: 2026-05-11T11:38:55Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%9C%A8-15-1-MILLION-URL-LOG-PASS-%E2%9C%A8-PRIVATE-%E2%9C%A8-BEST-FOR-EVERYTHING-%E2%9C%A8
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Gmail combo list with 2,840 credentials shared on forum
Category: Combo List
Content: A threat actor shared a combo list advertised as exclusive Gmail credentials, described as fresh. The content is hidden behind a registration/login wall on the forum. The listed count is 2,840 credential pairs.
Date: 2026-05-11T11:38:51Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%92%8E-gmail-exclusive-%E2%80%94-fresh-only-2840x%F0%9F%92%8E
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 31.7 million URL:login:password stealer logs
Category: Logs
Content: A threat actor on Cracked.st is distributing a dataset of 31.7 million URL:login:password entries described as fresh, high-quality stealer log outputs. The post markets the content as UHQ ULP logs with working credentials and directs users to Telegram for access to additional unwrapped bases.
Date: 2026-05-11T11:38:31Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%9C%A8-31-7-MILLION-URL-LOG-PASS-%E2%9C%A8-PRIVATE-%E2%9C%A8-BEST-FOR-EVERYTHING-%E2%9C%A8
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail EU/US accounts
Category: Combo List
Content: A threat actor is offering a combo list of approximately 802 Hotmail credentials targeting EU and US accounts on a cybercrime forum. The content is restricted to registered members only. The post is labeled private only, suggesting exclusive or limited distribution.
Date: 2026-05-11T11:38:21Z
Network: openweb
Published URL: https://patched.to/Thread-802x-%E2%97%8F%E2%80%94-hotmail-eu-us-%E2%80%94-private-only-%E2%80%94%E2%97%8F
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 31.5 million URL:log:pass credential logs
Category: Logs
Content: A threat actor on a cracking forum is distributing a collection of 31.5 million URL:login:password log entries, marketed as fresh and high-quality stealer log output. The post advertises the content as free and encourages users to collect valid hits before others. The actor also promotes private, unwrapped database sales via Telegram or the forum.
Date: 2026-05-11T11:38:12Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%9C%A8-31-5-MILLION-URL-LOG-PASS-%E2%9C%A8-PRIVATE-%E2%9C%A8-BEST-FOR-EVERYTHING-%E2%9C%A8–2092298
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Yahoo combo list shared on forum
Category: Combo List
Content: A threat actor shared a combo list marketed as a high-quality Yahoo private mix on a cybercrime forum. The content is hidden behind registration or login, limiting visibility into record count or data specifics. Credentials are intended for use in credential stuffing against Yahoo accounts.
Date: 2026-05-11T11:38:04Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-yahoo-%E2%80%A2-private-mix-%E2%80%A2-hq-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 26.4 million URL:login:password stealer logs
Category: Logs
Content: A threat actor on Cracked.st is freely distributing a collection of 26.4 million URL:login:password log entries, marketed as fresh and high-quality stealer log output. The post encourages users to claim valid hits quickly and advertises premium unwrapped bases available via Telegram or the forum.
Date: 2026-05-11T11:37:52Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%9C%A8-26-4-MILLION-URL-LOG-PASS-%E2%9C%A8-PRIVATE-%E2%9C%A8-BEST-FOR-EVERYTHING-%E2%9C%A8
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of fresh email credentials targeting USA and EU regions
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 50,000 email credentials described as fresh, targeting USA and EU regions. The content is gated behind registration or login on the forum.
Date: 2026-05-11T11:37:46Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9D%84%EF%B8%8F-fresh-mail-%E2%80%94-usa-eu-%E2%80%94-50k%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail-targeted combo list containing 1.7 million credentials
Category: Combo List
Content: A threat actor on Cracked.st is distributing a combo list of approximately 1.7 million email:password lines targeting Hotmail accounts. The list is marketed as a social-target combolist, likely intended for credential stuffing against Hotmail/Microsoft services.
Date: 2026-05-11T11:37:23Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-745-047-Lines-%E2%9C%85-Social-Target-Combolist-Hotmail
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mix mail access combo list with 14.5K credentials
Category: Combo List
Content: A threat actor shared a mixed email access combo list containing approximately 14,500 credential pairs on a combolist forum. The content is gated behind registration or login. No specific targeted service or organization is identified.
Date: 2026-05-11T11:37:16Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-14-5k%F0%9F%90%88%E2%80%8D%E2%AC%9Bmix-mail%F0%9F%90%88%E2%80%8D%E2%AC%9Baccess%F0%9F%90%88%E2%80%8D%E2%AC%9B
Screenshots:
None
Threat Actors: MeiMisaki
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Gmail/Mix private lines
Category: Combo List
Content: A forum member is sharing a combo list described as private lines containing Gmail and mixed credentials. The content is hidden behind a registration/login wall, limiting visibility into specifics such as record count or credential types.
Date: 2026-05-11T11:36:59Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%94%EF%B8%8F-private-lines-%E2%80%94-gmail-mix-%E2%9A%94%EF%B8%8F
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Binance.com credential validator and checking service
Category: Combo List
Content: A threat actor is selling credential checker tools targeting Binance.com, capable of validating email and phone number combinations at 2,000+ CPM without CAPTCHA. The seller also offers a checking-as-a-service option, pricing combo list validation at $12 per 10,000 to $800 per 1 million entries.
Date: 2026-05-11T11:36:46Z
Network: openweb
Published URL: https://cracked.st/Thread-Selling-Binance-com-Validators
Screenshots:
None
Threat Actors: fleahub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 98K Gmail Credentials
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 98,000 Gmail credential lines, marketed as high quality. The content is hidden behind a login/registration wall on the forum.
Date: 2026-05-11T11:36:42Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%96%AC%E2%96%AC%E2%96%AC-%E2%97%8F-98k-gmail-hq-lines-%E2%97%8F-%E2%96%AC%E2%96%AC%E2%96%AC
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail with 14K USA credentials
Category: Combo List
Content: A threat actor shared what is described as a high-quality Hotmail combo list containing approximately 14,000 US-based credentials. The content is gated behind registration or login on the forum. The listed service (Hotmail) is a credential-stuffing target, not the breach source.
Date: 2026-05-11T11:36:23Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8-hq-hotmail-%E2%80%94-private-cloud-%E2%9C%A8-14k-usa-%F0%9F%94%A5
Screenshots:
None
Threat Actors: BreachLeak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of mixed email credentials with keyword targets
Category: Combo List
Content: A threat actor on DemonForums is distributing a free combo list containing 3,259 mixed email and password credentials. The post also offers a separate download of keyword-targeted credential sets. No specific breach source or victim organization is identified.
Date: 2026-05-11T11:35:42Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9D%84%E2%9D%84-3259x-HQ-MIXED-MAILS-%E2%9D%84%E2%9D%84-KEYWORD-TARGETS
Screenshots:
None
Threat Actors: He_Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Redefacement of Flying Eagle Skates by DimasHxR
Category: Defacement
Content: The website of Flying Eagle Skates, a sporting goods brand operating under a .eu domain, was defaced by the threat actor DimasHxR on May 11, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised by the same or another attacker. No team affiliation, stated motive, or technical server details were disclosed in connection with this attack.
Date: 2026-05-11T11:35:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919704
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: European Union
Victim Industry: Retail / Sporting Goods
Victim Organization: Flying Eagle Skates
Victim Site: www.flyingeagleskates.eu
Free combo list of 3.7K mixed email credentials with keyword targets
Category: Combo List
Content: A threat actor on DemonForums has distributed a combo list of approximately 3,700 mixed email credentials described as fresh and high quality. The post also includes associated keyword targets, suggesting use for credential stuffing campaigns.
Date: 2026-05-11T11:35:04Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1-3-7k-FRESH-HQ-MIX-MAILS-%E2%9A%A1-KEYWORD-TARGETS
Screenshots:
None
Threat Actors: He_Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list
Category: Combo List
Content: A threat actor is offering a combo list of 1,910 Hotmail credentials, marketed as private and fresh. The content is hidden behind a registration/login wall on the forum.
Date: 2026-05-11T11:34:59Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-1910x-%E2%AD%90%E2%AD%90-FRESH-HQ-HOTMAIL-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: KiwiShioo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential hits combo list
Category: Combo List
Content: A forum post advertises 540 Hotmail credential hits as hidden content requiring registration or login to access. The credentials are marketed as verified hits for Hotmail accounts. No further details about origin or data composition are provided.
Date: 2026-05-11T11:34:34Z
Network: openweb
Published URL: https://leakforum.io/Thread-540x-HOTMAIL-HITS
Screenshots:
None
Threat Actors: MeiMisakix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list shared on forum
Category: Combo List
Content: A threat actor shared a Hotmail combo list containing approximately 8,000 email:password pairs as hidden content on a dark web forum. The post advertises a shop (unique-combo.shop) offering combo lists for various countries and on request.
Date: 2026-05-11T11:34:20Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-Hotmail-Unique-Combo-1-8000–203680
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of BBVA Bancomer Bank
Category: Data Breach
Content: A threat actor with the handle xyph0rix has posted on Breachforums regarding a database breach of BBVA Bancomer Bank. The post includes links to the threat actors profile and a dedicated thread discussing the breach.
Date: 2026-05-11T11:19:02Z
Network: telegram
Published URL: https://t.me/Xyph0rix/341
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: Mexico
Victim Industry: Financial Services/Banking
Victim Organization: BBVA Bancomer
Victim Site: bbva.com.mx
Alleged data leak of BBVA Bancomer Bank
Category: Data Leak
Content: A threat actor on a public forum is offering a free download of an alleged database attributed to BBVA Bancomer, a major Mexican bank. No details regarding the number of records, data fields, or method of acquisition were provided in the post.
Date: 2026-05-11T11:18:38Z
Network: openweb
Published URL: https://breached.st/threads/database-bbva-bancomer-bank.86991/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Mexico
Victim Industry: Finance
Victim Organization: BBVA Bancomer
Victim Site: bbvabancomer.com
Combo List targeting gaming services
Category: Combo List
Content: A combo list of 4.6 million email:password lines targeting gaming services was shared on a cracking forum. No additional details are available from the post content.
Date: 2026-05-11T11:06:03Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-4-6M-LINES-COMBO-GAMING
Screenshots:
None
Threat Actors: Nuttela
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Gmail gaming accounts with 1.5 million credentials
Category: Combo List
Content: A threat actor is freely distributing a combo list of approximately 1.5 million Gmail credentials targeted at gaming accounts. The list is advertised as gaming-targeted and is being shared on a public forum. The actor has indicated willingness to fulfill additional combo list requests.
Date: 2026-05-11T11:05:35Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Gmail-com-Gaming-Targeted-1-5M
Screenshots:
None
Threat Actors: Immanuel_Kant
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 3.2 million UHQ Gmail credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 3.2 million Gmail credentials, marketed as ultra-high quality and fresh. The post is sponsored by a credential-stuffing tool service. Gmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-11T11:04:38Z
Network: openweb
Published URL: https://cracked.st/Thread-3-2M-UHQ-GMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list with 5,000 hits
Category: Combo List
Content: A threat actor is distributing a combo list of 5,000 Hotmail credentials marketed as hits. The post was shared on a public cracking forum and includes a download link.
Date: 2026-05-11T11:03:40Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%AD%905000%E2%AD%90HOTMAIL%E2%AD%90HITS%E2%AD%90
Screenshots:
None
Threat Actors: tihyy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
EU Hotmail combo list offered on forum
Category: Combo List
Content: A threat actor is offering a combo list of approximately 100 EU Hotmail credentials, marketed as private and untouched. The content is gated behind registration or login on the forum.
Date: 2026-05-11T11:03:10Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%94%A5-0-1k-fresh-eu-hotmail-100-private-untouched-no-recycle-%F0%9F%94%A5-301202
Screenshots:
None
Threat Actors: BedrockDB
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Service request for social media account banning, unbanning, and claiming on Instagram, TikTok, and X
Category: Services
Content: A forum user is seeking individuals with tools or skills to ban, unban, and claim accounts on Instagram, TikTok, and X (Twitter) on behalf of a paying client. The post mentions a large database available for use and offers a referral fee for introductions to capable operators. Copyright/DMCA (CPR) strike capabilities are listed as a bonus.
Date: 2026-05-11T11:03:06Z
Network: openweb
Published URL: https://cracked.st/Thread-TIME-TO-MAKE-SOME-INSTANT-MONEY-BAN-UNBAN-IG-TIK-TOK-X
Screenshots:
None
Threat Actors: Dil8ert
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 2.9K mixed mail access combo list
Category: Combo List
Content: A threat actor shared a combo list containing approximately 2,900 mixed mail access credentials on a cybercrime forum. The content is hidden behind a registration or login wall, limiting visibility into specifics. The list is attributed to the user Kommander0 and dated May 11.
Date: 2026-05-11T11:02:36Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-2-9k-mix-mail-access-by-kommander0-11-05
Screenshots:
None
Threat Actors: AnticaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mix mail combo list with 3,970 credentials
Category: Combo List
Content: A threat actor shared a mixed mail combo list containing approximately 3,970 email and password combinations. The content is hidden behind a forum registration or login requirement. No specific targeted organization or service is identified.
Date: 2026-05-11T11:01:57Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3970x-MIX-MAIL
Screenshots:
None
Threat Actors: NotSellerXd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of mixed email credentials
Category: Combo List
Content: A threat actor has freely distributed a combo list containing 3,564 mixed email credentials on a public forum. The list is described as premium mixed mail credentials available for download.
Date: 2026-05-11T11:01:33Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9D%84%E2%9D%84-3564x-PREMIUM-MIXED-MAILS-%E2%9D%84%E2%9D%84
Screenshots:
None
Threat Actors: He_Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged eToro database with 2 million records
Category: Data Breach
Content: A threat actor is selling an alleged database belonging to eToro, a global retail investment platform. The post claims the dataset contains 2 million records and directs interested buyers to contact via Telegram. No further details on data fields or breach origin are provided.
Date: 2026-05-11T10:57:24Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Global-investor-Etoro-Database-2M
Screenshots:
None
Threat Actors: Mikhel
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: eToro
Victim Site: etoro.com
Website Defacement of Wild Devil Baits by DimasHxR
Category: Defacement
Content: On May 11, 2026, a threat actor identified as DimasHxR defaced a subdirectory of wilddevilbaits.de, a German fishing bait and tackle retailer. The attack targeted a specific media/custom path rather than the homepage and was carried out as a single, non-mass defacement. No specific motive or team affiliation was disclosed by the attacker.
Date: 2026-05-11T10:56:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919641
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Retail / Outdoor Sports & Fishing
Victim Organization: Wild Devil Baits
Victim Site: wilddevilbaits.de
Website Defacement of inbyo.eu by DimasHxR
Category: Defacement
Content: On May 11, 2026, a threat actor identified as DimasHxR defaced a media/customer address directory on the website inbyo.eu, a likely e-commerce or retail platform registered under the .eu top-level domain. The attack was a targeted single-site defacement, not part of a mass or redefacement campaign. Technical details such as the server software and attack vector were not disclosed.
Date: 2026-05-11T10:55:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919589
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: European Union
Victim Industry: E-commerce / Retail
Victim Organization: Inbyo
Victim Site: inbyo.eu
Website Defacement of Supermercado Boinelore by DimasHxR
Category: Defacement
Content: On May 11, 2026, a threat actor identified as DimasHxR defaced a subdirectory of the Brazilian supermarket website supermercadoboinelore.com.br. The attack was a targeted single-site defacement with no team affiliation reported. No specific motivation or server details were disclosed for this incident.
Date: 2026-05-11T10:54:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919633
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Retail / Grocery
Victim Organization: Supermercado Boinelore
Victim Site: supermercadoboinelore.com.br
Website Defacement of Brazilian Beach Tennis Retailer by DimasHxR
Category: Defacement
Content: On May 11, 2026, threat actor DimasHxR defaced the Brazilian online beach tennis retail store lojadebeachtennis.com.br. The attack targeted a media directory path and was carried out as a single, non-mass defacement with no stated motive. The incident was documented and mirrored by zone-xsec.com.
Date: 2026-05-11T10:54:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919598
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Retail / Sports & Recreation
Victim Organization: Loja de Beach Tennis
Victim Site: lojadebeachtennis.com.br
Website Defacement of Liguori.org by DimasHxR
Category: Defacement
Content: On May 11, 2026, the website liguori.org, associated with Liguori Publications, a Catholic religious publishing organization, was defaced by a threat actor operating under the alias DimasHxR. The attack targeted a subdirectory of the site and was carried out as a single, non-mass defacement. No specific motive or team affiliation was disclosed.
Date: 2026-05-11T10:53:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919595
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Religious / Non-Profit
Victim Organization: Liguori Publications
Victim Site: liguori.org
Alleged Planned Leak of Pakistan Intelligence Bureau and ISI Classified Data
Category: Data Leak
Content: Threat actor claims to have access to confidential and top-secret files from Pakistans Intelligence Bureau Division (IBD), Intelligence Bureau Headquarters (IBHQ), and Inter-Service Intelligence (ISI). Actor announces plans to leak this classified material and references Pakistan nuclear data. A paid version of agobub tool is mentioned as the distribution mechanism.
Date: 2026-05-11T10:52:44Z
Network: telegram
Published URL: https://t.me/c/3793980891/3413
Screenshots:
None
Threat Actors: Unknown
Victim Country: Pakistan
Victim Industry: Government/Intelligence
Victim Organization: Pakistan Intelligence Bureau, Inter-Service Intelligence (ISI)
Victim Site: Unknown
Website Defacement of Zipflux by DimasHxR
Category: Defacement
Content: On May 11, 2026, a threat actor identified as DimasHxR defaced a media-related page on zipflux.io, targeting a subdirectory associated with customer address data. The attack was a single targeted defacement, not part of a mass or redefacement campaign. Technical details such as server software and IP address remain unknown.
Date: 2026-05-11T10:52:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919645
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Technology / Media
Victim Organization: Zipflux
Victim Site: zipflux.io
Alleged sale of mail access credentials and combolists across multiple countries
Category: Combo List
Content: Threat actor operating under handle @DataxLogs is advertising mail access availability for multiple countries (FR, BE, AU, CA, UK, US, NL, PL, DE, JP). Post indicates availability of combolists, configs, scripts, tools, and hits. Requests available upon contact.
Date: 2026-05-11T10:52:29Z
Network: telegram
Published URL: https://t.me/c/2613583520/79543
Screenshots:
None
Threat Actors: DataxLogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Juntame by DimasHxR
Category: Defacement
Content: On May 11, 2026, a threat actor identified as DimasHxR defaced a media or customer address-related page on juntame.eu, a domain registered under the European Union (.eu) TLD. The defacement was a targeted, single-site incident with no affiliation to a known hacking team. No specific motivation or server details were disclosed in the available intelligence.
Date: 2026-05-11T10:51:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919594
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: European Union
Victim Industry: Unknown
Victim Organization: Juntame
Victim Site: juntame.eu
Website Defacement of Topmarks.ca by DimasHxR
Category: Defacement
Content: On May 11, 2026, a threat actor identified as DimasHxR defaced a subdirectory of topmarks.ca, a Canadian website. The attack targeted a media/customer path and was a single, non-mass defacement with no stated motivation recorded. No team affiliation was associated with the attacker.
Date: 2026-05-11T10:51:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919634
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Topmarks
Victim Site: topmarks.ca
Website Defacement of Intempo Distribution by DimasHxR
Category: Defacement
Content: On May 11, 2026, the attacker known as DimasHxR defaced a subdirectory of intempodistribution.it, an Italian distribution companys website. The incident was a targeted, non-mass defacement affecting a specific media path rather than the homepage. No team affiliation, stated motive, or technical details regarding the server environment were disclosed.
Date: 2026-05-11T10:50:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919590
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Italy
Victim Industry: Distribution / Logistics
Victim Organization: Intempo Distribution
Victim Site: intempodistribution.it
Website Defacement of Nefertari Body Care by DimasHxR
Category: Defacement
Content: On May 11, 2026, threat actor DimasHxR defaced the website of Nefertari Body Care, a personal care or cosmetics-related business. The attack targeted a subdirectory of the domain and was carried out as a single, non-mass defacement with no affiliated team. No specific motive or server details were disclosed.
Date: 2026-05-11T10:49:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919615
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Health & Beauty / Personal Care
Victim Organization: Nefertari Body Care
Victim Site: nefertaribodycare.com
Website Defacement of Manage My Groceries by DimasHxR
Category: Defacement
Content: On May 11, 2026, the Canadian grocery management website managemygroceries.ca was defaced by a threat actor operating under the alias DimasHxR. The attack targeted a subdirectory within the sites public media folder and was carried out as a single, non-mass defacement with no affiliated team. No specific motivation or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-11T10:49:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919604
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Canada
Victim Industry: Retail / E-Commerce
Victim Organization: Manage My Groceries
Victim Site: managemygroceries.ca
Website Defacement of MyCharger.am by DimasHxR
Category: Defacement
Content: On May 11, 2026, the Armenian website mycharger.am was defaced by the threat actor DimasHxR acting independently without a known team affiliation. The attack targeted a media/customer directory path and was not classified as a mass or home page defacement. Technical details such as server software and attack vector were not disclosed in the available intelligence.
Date: 2026-05-11T10:48:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919613
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Armenia
Victim Industry: E-Commerce / Retail
Victim Organization: MyCharger
Victim Site: mycharger.am
Website Defacement of MDReastStore by DimasHxR
Category: Defacement
Content: On May 11, 2026, threat actor DimasHxR defaced the website mdreaststore.com, targeting a file within the public media directory. The defacement was a targeted single-site attack with no team affiliation reported. No specific motive or server details were disclosed in connection with the incident.
Date: 2026-05-11T10:47:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919611
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-Commerce / Retail
Victim Organization: MDReast Store
Victim Site: mdreaststore.com
Website Defacement of Homemade.it by DimasHxR
Category: Defacement
Content: On May 11, 2026, the Italian website homemade.it was defaced by threat actor DimasHxR acting as an individual without team affiliation. The attack targeted a media/customer directory path on the site. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-11T10:46:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919642
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Italy
Victim Industry: Food & Beverage / E-commerce
Victim Organization: Homemade
Victim Site: www.homemade.it
Website Defacement of iamshubham.live by DimasHxR
Category: Defacement
Content: On May 11, 2026, a threat actor identified as DimasHxR defaced a subdirectory of the personal website iamshubham.live, targeting a media/customer path. The attack was a targeted single-site defacement with no team affiliation reported. Server and infrastructure details were not disclosed, and no specific motivation was recorded for the incident.
Date: 2026-05-11T10:46:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919588
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Personal/Blog
Victim Organization: Shubham (Personal Website)
Victim Site: iamshubham.live
Alleged IDOR Vulnerability in Ledger Payment Gateway with Exploitation Script
Category: Vulnerability
Content: A vulnerability researcher claiming to represent @xorcat is offering sale of an IDOR (Insecure Direct Object Reference) vulnerability discovered in Ledgers payment gateway. The vulnerability allegedly allows free access to personal information of users registered within the last six months. A ready-made live extraction script is being offered for $15,000. The seller is restricting sales to decisive and reliable people on a first-come, first-served basis.
Date: 2026-05-11T10:45:28Z
Network: telegram
Published URL: https://t.me/c/3793980891/3410
Screenshots:
None
Threat Actors: xorcat
Victim Country: Unknown
Victim Industry: Financial Technology / Cryptocurrency
Victim Organization: Ledger
Victim Site: ledger.com
Website Defacement of reyjayon.com by DimasHxR
Category: Defacement
Content: A threat actor identified as DimasHxR defaced a subpage of reyjayon.com, targeting a media/customer directory path on May 11, 2026. The attack was not classified as a mass or home page defacement, suggesting a targeted intrusion into a specific web directory. No team affiliation, motive, or server details were disclosed in connection with this incident.
Date: 2026-05-11T10:45:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919625
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Reyjayon
Victim Site: reyjayon.com
Website Defacement of Riemenenco by DimasHxR
Category: Defacement
Content: On May 11, 2026, the attacker known as DimasHxR defaced a subdirectory of the Dutch website riemenenco.nl. The defacement targeted a media/custom path and was not classified as a mass or home page defacement. No team affiliation, motive, or technical details regarding the server environment were disclosed.
Date: 2026-05-11T10:44:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919644
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Netherlands
Victim Industry: Manufacturing / Industrial
Victim Organization: Riemenenco
Victim Site: www.riemenenco.nl
Website Defacement of Equipster by DimasHxR
Category: Defacement
Content: On May 11, 2026, a threat actor identified as DimasHxR defaced a media/customer directory page on equipster.eu, a European equipment-related website. The attack was a targeted single-page defacement, not classified as a mass or home page defacement. No specific motive, proof of concept, or team affiliation was disclosed in connection with this incident.
Date: 2026-05-11T10:43:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919583
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: European Union
Victim Industry: E-commerce / Equipment Retail
Victim Organization: Equipster
Victim Site: equipster.eu
Website Defacement of Parasartfever.com by DimasHxR
Category: Defacement
Content: On May 11, 2026, the website parasartfever.com was defaced by the threat actor DimasHxR operating without a known affiliated team. The attacker targeted a subdirectory of the site, suggesting exploitation of a vulnerable web component or CMS media path. No specific motive or additional technical indicators were disclosed for this incident.
Date: 2026-05-11T10:43:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919621
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Arts and Entertainment
Victim Organization: Paras Art Fever
Victim Site: parasartfever.com
Website Defacement of Liquidalo by DimasHxR
Category: Defacement
Content: On May 11, 2026, the threat actor DimasHxR defaced a media/customer directory page on liquidalo.pe, a Peruvian e-commerce or retail website. The attack targeted a subdirectory rather than the homepage and was conducted without affiliation to a known hacking team. No specific motive or technical details were disclosed.
Date: 2026-05-11T10:42:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919596
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Peru
Victim Industry: E-commerce / Retail
Victim Organization: Liquidalo
Victim Site: liquidalo.pe
Website Defacement of Fama Tools by DimasHxR
Category: Defacement
Content: On May 11, 2026, threat actor DimasHxR defaced a media/customer address page on fama.tools, a technology tools platform. The attack was an individual, targeted defacement and not part of a mass defacement campaign. Technical details regarding the server environment and attacker motivation were not disclosed.
Date: 2026-05-11T10:41:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919585
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Technology / Software Tools
Victim Organization: Fama Tools
Victim Site: fama.tools
Website Defacement of Henima.sk by DimasHxR
Category: Defacement
Content: On May 11, 2026, the attacker known as DimasHxR defaced a page on henima.sk, a Slovak website, targeting a file path under the public media customer directory. The incident was a single targeted defacement with no team affiliation reported and no specific motivation disclosed. Server and infrastructure details were not available at the time of reporting.
Date: 2026-05-11T10:40:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919587
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Slovakia
Victim Industry: Unknown
Victim Organization: Henima
Victim Site: henima.sk
Website Defacement of Phoenix Music by DimasHxR
Category: Defacement
Content: On May 11, 2026, the attacker known as DimasHxR defaced a page on phoenixmusic.us, a music-related website based in the United States. The attack targeted a specific media/customer directory path rather than the homepage, indicating a targeted subdirectory defacement. The attacker operated independently without a known team affiliation.
Date: 2026-05-11T10:40:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919623
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Entertainment / Music
Victim Organization: Phoenix Music
Victim Site: phoenixmusic.us
Website Defacement of Jungleeny.com by DimasHxR
Category: Defacement
Content: On May 11, 2026, a threat actor operating under the alias DimasHxR defaced a media/customer subdirectory of jungleeny.com. The attacker acted independently without affiliation to a known group or team. No specific motive or technical details regarding the server environment were disclosed in connection with this incident.
Date: 2026-05-11T10:39:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919593
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Jungleeny
Victim Site: jungleeny.com
Sale of discounted Hostinger Business Plan hosting accounts
Category: Services
Content: A forum seller is offering Hostinger Business Plan 1-year hosting accounts for $50, significantly below the listed retail price. The accounts include 50-website hosting, NVMe storage, AI tools, and other premium features, activated via email. The discounted pricing suggests these may be unauthorized, resold, or otherwise illicitly obtained accounts.
Date: 2026-05-11T10:35:09Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%AD%90%E2%AD%90%E2%AD%90Hostinger-Business-Plan-%E2%80%93-1-Year-Premium-Hosting-Available-50%E2%9C%A8%E2%9C%A8%E2%9C%A8
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Disney+ Premium accounts with 6-month warranty
Category: Carding
Content: A threat actor is selling Disney+ Premium accounts at $20 each, providing email and password credentials with a claimed 6-month warranty and replacement guarantee. The accounts are likely obtained through credential stuffing or carding activity targeting the Disney+ platform.
Date: 2026-05-11T10:34:45Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%AD%90%E2%AD%90%E2%AD%90DISNEY-PLUS-PREMIUM-WARRANTY-6-MONTHS-20-%E2%9A%A1%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Grammarly Pro subscription upgrade service
Category: Services
Content: A forum seller is offering Grammarly Pro (Premium) subscription upgrades on buyers own accounts for $30 per month. The upgrade is described as being completed via Grammarly Team, suggesting unauthorized or fraudulently obtained subscription access. A one-month warranty and renewal option are included.
Date: 2026-05-11T10:34:21Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9A%A1%E2%9A%A1%E2%9A%A1Grammarly-Pro-Subscription-On-Your-Own-Account-30-%E2%AD%90%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Cursor Pro annual subscription access
Category: Services
Content: A forum user is offering one-year access to Cursor Pro, an AI-powered coding assistant, for $140. The listing advertises full pro-level features including autocomplete, AI test generation, and security flaw detection. Payment is accepted via cryptocurrency including BTC, LTC, and USDT.
Date: 2026-05-11T10:33:57Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9A%A1%E2%9A%A1%E2%9A%A1Cursor-Pro-%E2%80%93-1-Year-Access-for-Just-140-Full-AI-Coding-Power-140%E2%AD%90%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of social media follower and engagement boosting services across multiple platforms
Category: Services
Content: A threat actor is offering social media growth services including followers, likes, views, and subscribers across platforms such as TikTok, Instagram, Facebook, Twitter, YouTube, and Telegram. Payment is accepted via cryptocurrency and PayPal. The seller also advertises account upgrade services for platforms including Netflix, Spotify, and Canva.
Date: 2026-05-11T10:33:33Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%AD%90subscribers-all-platform-%E2%9C%85TikTok-%E2%9C%85Instagram-%E2%9C%85-Facebook-%E2%9C%85Twitter-%E2%9C%85Telegram-%E2%AD%90
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Speechify Premium accounts on cracking forum
Category: Services
Content: A threat actor is selling Speechify Premium 1-year access accounts on a cracking forum for $50, advertised as activating directly to the buyers email. The accounts are likely sourced from credential stuffing or unauthorized access, offered at a significant discount from the official price of approximately $139/year.
Date: 2026-05-11T10:33:08Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9C%A8%E2%9C%A8%E2%9C%A8Speechify-Premium-%E2%80%93-1-Year-Access-Available-Activation-directly-on-your-mail%E2%9A%A1%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of unauthorized Lovable Dev Pro premium subscription access
Category: Services
Content: A threat actor is selling purported Lovable Dev Pro premium subscription access at discounted rates, offering 1-year or 1-month plans significantly below official pricing. The seller claims instant activation and describes the offering as a genuine official subscription, suggesting resale of compromised or fraudulently obtained accounts.
Date: 2026-05-11T10:32:49Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9C%A8%E2%9C%A8%E2%9C%A8Lovable-Dev-Pro-%E2%80%93-1-Year-Premium-Access-Now-Available-%E2%9A%A1%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Lovable
Victim Site: lovable.dev
Free combo list distribution: URL:Log:Pass — 8+ million lines (Part 331)
Category: Combo List
Content: A threat actor on a cybercrime forum is freely distributing a URL:Log:Pass combo list containing over 8 million lines, labeled as Part 331 of an ongoing series. The content is gated behind forum registration or login. No specific victim organization is identified.
Date: 2026-05-11T10:32:27Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-331
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free South Korea email combo list (Batch 35/100)
Category: Combo List
Content: A threat actor is freely distributing a South Korea email list as part of an ongoing batch series (batch 35 of 100). The content is hidden behind a registration/login wall. No further details on record count or data fields are provided.
Date: 2026-05-11T10:32:10Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-free-premium-south-korea-email-list-batch-35-100
Screenshots:
None
Threat Actors: emaildbpro
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged purchase and resale of stolen Cursor AI account credentials
Category: Logs
Content: Threat actor actively purchasing large volumes of Cursor AI (cursor.com/cursor.ai) authentication cookies from Pro and Ultra subscription accounts at $2.5-$5 per cookie. Operating automated credential verification and payment system via Telegram bot (@cursorchecker_bot) to facilitate rapid processing of stolen account access tokens.
Date: 2026-05-11T10:31:29Z
Network: telegram
Published URL: https://t.me/c/1397463379/11278
Screenshots:
None
Threat Actors: Unknown
Victim Country: Unknown
Victim Industry: Software/AI Development Tools
Victim Organization: Cursor AI
Victim Site: cursor.com, cursor.ai
Sale of fraudulent shipping scans and FTID boxing service for refund fraud
Category: Services
Content: A threat actor operating as Fuzzy is selling fraudulent shipping scans (UPS, FedEx, USPS) and an FTID boxing service designed to facilitate refund fraud against retailers and couriers. The service covers USA, Canada, and worldwide shipments, offering fabricated tracking events such as lost-in-transit, damage reports, and return-to-sender scans. Customers are directed to order via a dedicated website or Telegram/Signal channels.
Date: 2026-05-11T10:30:17Z
Network: openweb
Published URL: https://breachforums.rs/Thread-OPEN-24-7-FUZZY-S-FTID-BOXING-SCANS-SERVICE-UPS-FEDEX-USPS-USA-WORLDWIDE
Screenshots:
None
Threat Actors: Fuzzy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of high-quality Forex and Crypto leads with full contact details
Category: Services
Content: A forum seller is offering Forex and Crypto leads for sale, purportedly sourced from major platforms including Binance, Coinbase, eToro, and others. Each lead includes full contact details such as name, email, phone, platform, and traffic source, filtered by high-interest actions like sign-ups, KYC, and trading activity. The leads are marketed toward affiliate networks, call centers, brokers, and fintech products across multiple global regions.
Date: 2026-05-11T10:28:01Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-High-Quality-Leads-for-Forex-Crypto
Screenshots:
None
Threat Actors: pm_rasel
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Free combo list targeting Hotmail accounts (50K credentials)
Category: Combo List
Content: A threat actor shared a combo list of 50,000 Hotmail credentials, marketed as fresh, via a Pasteview link on a public forum. The credentials are likely intended for use in credential stuffing attacks against Hotmail/Outlook accounts.
Date: 2026-05-11T10:24:30Z
Network: openweb
Published URL: https://altenens.is/threads/50k-fresh-hotmail-txt.2937822/unread
Screenshots:
None
Threat Actors: Vekko
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fraudulent transfer services and stolen payment cards
Category: Carding
Content: A threat actor is advertising fraudulent money transfer services across multiple platforms including CashApp, PayPal, Apple Pay, Revolut, Zelle, and Chime. The post also offers VBV and non-VBV credit and debit cards with balances ranging from $1,000 to $10,000 for $35 each, marketed for use in online payments, shopping, and phone orders. Free replacements are offered for non-functional cards, with payment accepted in cryptocurrency or USDT.
Date: 2026-05-11T10:14:41Z
Network: openweb
Published URL: https://altenens.is/threads/all-your-legit-and-trusted-transfer-flips-to-all-countries-here-only-takes-1-5-minutes-to-receive-your-funds-mrgins-cashapp-transfer-mil0rld-pay.2937824/unread
Screenshots:
None
Threat Actors: Heats
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Hotmail credential combolists and private cloud access
Category: Combo List
Content: Seller offering private cloud Hotmail UHQ (ultra high quality) credentials and combolists for multiple countries including DE, FR, IT, BR, UK, US, JP, PL, RU, ES, NL, MX, CA, SP, SG. Also advertising access to premium Hotmail data and country-specific datasets with associated platform credentials (Walmart, eBay, Kleinanzeigen, Uber, Poshmark, Depop). Targeting serious buyers only with keyword checking capability.
Date: 2026-05-11T09:59:41Z
Network: telegram
Published URL: https://t.me/c/2613583520/79530
Screenshots:
None
Threat Actors: Wěilóng
Victim Country: Unknown
Victim Industry: Technology, E-commerce, Ride-sharing
Victim Organization: Unknown
Victim Site: hotmail.com, walmart.com, ebay.com, kleinanzeigen.de, uber.com, poshmark.com, depop.com
Combo List: 55K Germany email credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 55,000 email:password credentials purportedly associated with German email accounts, marketed as valid. The post was made on a public cracking forum with no additional context available.
Date: 2026-05-11T09:58:47Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-55K-Germany-Jyst-Valid-Mail-Access-11-05
Screenshots:
None
Threat Actors: GoldenMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 731K cryptocurrency platform combo list targeting Binance, Stripe, Venmo, and PayPal
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 731,000 email:password pairs marketed as high-quality private lines for use against cryptocurrency and payment platforms including Binance, Stripe, Venmo, and PayPal. The post advertises the credentials as suitable for credential stuffing against these services.
Date: 2026-05-11T09:58:24Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%8E%9D-731K-CRYPTO%E2%8E%A0%E2%9A%A1100-PRIVATE-LINES%E2%9A%A1HIGH-QUALITY-COMBO%E2%9A%A1BINANCE-STRIPE-VENMO-PAYPAL%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 1.2M Hotmail combo list
Category: Combo List
Content: A threat actor is offering for sale a claimed 1.2 million Hotmail email:password combo list via Telegram. The actor also advertises a Telegram group distributing free combo lists.
Date: 2026-05-11T09:57:58Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-2M-HQ-HOTMAIL-Combolists
Screenshots:
None
Threat Actors: Orthorons
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 4.1 million Gmail combo list
Category: Combo List
Content: A threat actor is offering for sale a Gmail combo list containing 4.1 million email:password pairs, marketed as high quality. The seller directs prospective buyers to contact them via Telegram and also advertises a Telegram group where free combo lists are distributed.
Date: 2026-05-11T09:57:38Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-4-1M-HQ-GMAIL-Combolists
Screenshots:
None
Threat Actors: Orthorons
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 749K Cryptocurrency-Related Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 749,000 email:password pairs purportedly sourced from a private base and marketed as usable for cryptocurrency-related credential stuffing. The post advertises the list as suitable for multiple purposes.
Date: 2026-05-11T09:57:15Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1749K-CRYPTO%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANYTHING-YOU-NEED%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 519 Valid Hotmail Credentials Shared
Category: Combo List
Content: A threat actor is sharing 519 allegedly valid Hotmail email account credentials. The content is hidden behind a registration or login wall on the forum. These credentials appear to be marketed as fully valid mail access.
Date: 2026-05-11T09:57:05Z
Network: openweb
Published URL: https://patched.to/Thread-519-full-valid-hotmail-mail-access
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 4K Mixed Mail Access Credentials
Category: Combo List
Content: A combo list of approximately 4,000 mixed mail access credentials was shared on a cracking forum. The post appears to contain email account credentials potentially usable for credential stuffing or account takeover. No additional details are available from the post content.
Date: 2026-05-11T09:56:50Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%904K-MIXED-MAIL-ACCESS-%E2%AD%90–2092270
Screenshots:
None
Threat Actors: Posts
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed mail access combo list
Category: Combo List
Content: A forum user is offering a combo list of 2,030 purportedly valid mixed mail access credentials. The content is hidden behind a registration or login wall, limiting further details. The credentials appear to cover multiple mail providers.
Date: 2026-05-11T09:56:35Z
Network: openweb
Published URL: https://patched.to/Thread-2030-full-valid-mix-mail-access
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 5,229 mixed mail access credentials
Category: Combo List
Content: A forum user shared a combo list of 5,229 reportedly valid mixed email account credentials. The post is categorized as mail access credentials, suggesting they may be usable for account takeover. No additional details are available from the post content.
Date: 2026-05-11T09:56:30Z
Network: openweb
Published URL: https://cracked.st/Thread-5229-FULL-VALID-MIX-MAIL-ACCESS
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 538 Valid Hotmail Credentials Shared
Category: Combo List
Content: A forum user shared a combo list of 538 allegedly valid Hotmail email account credentials. The content is gated behind registration or login on the forum. These credentials are marketed as fully valid mail access.
Date: 2026-05-11T09:56:17Z
Network: openweb
Published URL: https://patched.to/Thread-538-full-valid-hotmail-mail-access-301186
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Hotmail credentials shared on forum
Category: Combo List
Content: A threat actor shared a list of 1,290 allegedly valid Hotmail email account credentials. The content is hidden behind a registration/login wall on the forum. These credentials appear intended for account takeover or further exploitation.
Date: 2026-05-11T09:56:05Z
Network: openweb
Published URL: https://patched.to/Thread-1290-full-valid-hotmail-mail-access
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of automated trading bot service
Category: Services
Content: A forum user operating under the alias Shield is advertising an automated trading bot claimed to generate approximately $50 per day. The seller directs interested buyers to contact them via Telegram. No specific victim organization or malicious activity is described.
Date: 2026-05-11T09:56:00Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-Advance-Trading-Bot-2026-By-Shield-Sit-and-earn
Screenshots:
None
Threat Actors: Shield
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Mixed Email Access Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 4,565 purportedly valid mixed email access credentials. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-11T09:55:44Z
Network: openweb
Published URL: https://patched.to/Thread-4565-full-valid-mix-mail-access
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of premium IPTV subscription service with discount offer
Category: Services
Content: A forum user is advertising a premium IPTV service called IPTVAL, offering 100K–200K+ movies and shows across all languages. A 30% discount is promoted for forum members using the code patched30. The post does not involve any breach, leak, or malicious activity.
Date: 2026-05-11T09:55:17Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%9030-off%E2%AD%90iptv%E2%AD%90premium-iptv-with-100k-200k-movies-shows-%E2%AD%90all-languages
Screenshots:
None
Threat Actors: Crackhed01
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Alleged Hotmail Valid Mail Access
Category: Combo List
Content: A threat actor is distributing a combo list of 1,181 alleged fully valid Hotmail mail access credentials. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-11T09:55:13Z
Network: openweb
Published URL: https://patched.to/Thread-1181-full-valid-hotmail-mail-access-301190
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Hotmail mail access credentials
Category: Combo List
Content: A threat actor shared a combo list of 944 Hotmail mail access credentials, described as old data. The content is gated behind forum registration or login.
Date: 2026-05-11T09:54:54Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%9A%B5%F0%9F%8F%BCx944-hotmail-mail-access%F0%9F%9A%B5%F0%9F%8F%BC%E2%9C%A8-10-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of US individuals with income and financial data (2018 collection)
Category: Data Leak
Content: A threat actor shared a dataset purportedly containing personal and financial information on US individuals from 2018, including full names, addresses, phone numbers, income ranges, credit ratings, net worth estimates, home ownership status, and in some cases email addresses. The data is made available on a breach forum behind a registration/login gate. The original source of the data is not identified.
Date: 2026-05-11T09:53:25Z
Network: openweb
Published URL: https://breachforums.rs/Thread-COLLECTION-Repost-US-People-With-Good-Income-2018
Screenshots:
None
Threat Actors: BitBandit
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged breach of Bangladesh Navy (bnhoc.navy.mil.bd)
Category: Cyber Attack
Content: Threat actors claiming to have breached Bangladesh Navys official domain (bnhoc.navy.mil.bd). Post includes proof-of-compromise link and attributes the breach to a coalition of threat groups (TAI, KCD, HCG). Actors identify as JORD4N and ALPHA O2.
Date: 2026-05-11T09:50:45Z
Network: telegram
Published URL: https://t.me/hind_cyber_ghost/103
Screenshots:
None
Threat Actors: HIND CYBER GHOST
Victim Country: Bangladesh
Victim Industry: Military/Defense
Victim Organization: Bangladesh Navy
Victim Site: bnhoc.navy.mil.bd
Alleged stolen credit card marketplace and credential database sales
Category: Combo List
Content: Multiple threat actors advertising stolen payment card services and credential databases. Pepecard operates as a card store claiming to offer 100,000+ valid cards daily (US/Canada/UK/Global) with 75-95% validity rates at $1-$1.50 per card. 9Check.me provides CVV validation services. Separate actor offering fresh database dumps containing credentials from eBay, Offerup, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Amazon, Mercari, and webmail accounts across multiple countries.
Date: 2026-05-11T09:50:05Z
Network: telegram
Published URL: https://t.me/c/2613583520/79505
Screenshots:
None
Threat Actors: Pepecard
Victim Country: United States, Canada, United Kingdom, Germany, Japan, Netherlands, Brazil, Poland, Spain, Italy
Victim Industry: Financial Services, E-commerce, Payment Processing
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Canadian contacts from Apollo
Category: Data Leak
Content: A threat actor has shared what appears to be a subset of Canadian contacts sourced from the Apollo data leak, made available via a Mediafire link. The post does not specify the number of records included.
Date: 2026-05-11T09:47:25Z
Network: openweb
Published URL: https://breachforums.rs/Thread-CANADIAN-CONTACTS-FROM-APPOLO-LEAK
Screenshots:
None
Threat Actors: courtika
Victim Country: Canada
Victim Industry: Technology
Victim Organization: Apollo
Victim Site: apollo.io
Alleged data breach of esky.com exposing Delta Airlines Brazilian traveler data
Category: Data Breach
Content: A threat actor is offering for sale an alleged database from esky.com containing 10.3 million records of Delta Airlines Brazilian travelers. The data purportedly includes date of birth, gender, full name, city, address, email, and phone number in CSV format. The post is attributed to The BlackH4t MD-Ghost.
Date: 2026-05-11T09:36:24Z
Network: openweb
Published URL: https://breached.st/threads/10-3m-esky-com-delta-airlines-br-travelers-poland-2026.86990/unread
Screenshots:
None
Threat Actors: MDGhost
Victim Country: Poland
Victim Industry: Travel
Victim Organization: eSky
Victim Site: esky.com
Germany domain combo list with 563,110 lines
Category: Combo List
Content: A combo list of 563,110 email:password lines targeting German (.de) domains was shared on a cracking forum. The list is marketed as high quality and contains credentials associated with German email accounts.
Date: 2026-05-11T09:22:51Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-563-110-Lines-%E2%9C%85-HQ-Leaks-Germany-Combolist-de-Domain
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Japan email combo list with 1.9K valid credentials
Category: Combo List
Content: A threat actor is offering a combo list of 1,900 Japan-based email credentials marketed as valid. The post was shared on a public cracking forum and appears to target Japanese email accounts.
Date: 2026-05-11T09:22:29Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-9K-Japan-Valid-Mail-Access
Screenshots:
None
Threat Actors: GoldenMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 1,000 US Mail Access Credentials
Category: Combo List
Content: A threat actor shared a combo list of 1,000 US-based mail access credentials, marketed as top quality. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-11T09:22:00Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1k-just-usa-mail-access-just-top-quality-11-05
Screenshots:
None
Threat Actors: MonnarhTeam
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Hotmail credentials shared
Category: Combo List
Content: A threat actor shared a combo list of 1,341 Hotmail credential hits via an external paste link. The credentials are marketed as premium hits, suggesting they have been verified against Hotmail accounts.
Date: 2026-05-11T09:21:28Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1341x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F–2292113
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mail credential checking tool (Hackus Mail Checker 2.3)
Category: Combo List
Content: A forum user shared a link to Hackus Mail Checker 2.3, a credential-checking tool distributed via an external paste service. The tool appears designed for credential stuffing or account validation against mail services.
Date: 2026-05-11T09:21:24Z
Network: openweb
Published URL: https://nulledbb.com/thread-HACKUS-MAIL-CHECKER-2-3–2292103
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list with 3,035 mixed credentials
Category: Combo List
Content: A threat actor shared a combo list of 3,035 mixed credentials, marketed as fresh. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-11T09:20:51Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-3035x-FRESH-MIX-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Nulled07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged source code leak of Claude Code
Category: Data Leak
Content: A forum user claims to have leaked the source code of Claude Code, allegedly exfiltrated on March 31, 2026, and shared a GitHub link. The poster warns that the shared code is infected and advises running it only within a virtual machine, suggesting the link may distribute malware. The legitimacy of this claim has not been verified.
Date: 2026-05-11T09:15:20Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SOURCE-CODE-Claude-code-source-code
Screenshots:
None
Threat Actors: sacage_x64
Victim Country: United States
Victim Industry: Technology
Victim Organization: Anthropic
Victim Site: anthropic.com
Sale of German email combo list (55K credentials)
Category: Combo List
Content: A threat actor is offering a combo list of 55,000 German email access credentials, marketed as valid as of May 11. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-11T09:06:53Z
Network: openweb
Published URL: https://breachforums.rs/Thread-55K-Germay-Fresh-Mail-Access-Just-valid-11-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Yahoo combo list with 2.1 million credentials
Category: Combo List
Content: A threat actor is selling a Yahoo-targeted combo list containing 2.1 million email:password pairs, marketed as high quality. The seller also advertises free combo lists via a Telegram group.
Date: 2026-05-11T08:50:11Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-2-1M-HQ-YAHOO-Combolists
Screenshots:
None
Threat Actors: Orthorons
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Chatprd Pro subscription accounts on cracking forum
Category: Services
Content: A forum seller is offering Chatprd Pro 1-year subscriptions for $25, delivered via coupon code. The listing includes access to premium AI models and integrations. The seller accepts middleman (MM) arrangements and provides Telegram-based proof and vouches.
Date: 2026-05-11T08:49:58Z
Network: openweb
Published URL: https://cracked.st/Thread-Chatprd-Pro-1-Year
Screenshots:
None
Threat Actors: MarshallDark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of 597 Hotmail email and password pairs, described as old data. The credentials are marketed for mail access and distributed freely on a cracking forum.
Date: 2026-05-11T08:49:49Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9D%84%EF%B8%8FX597-HOTMAIL-MAIL-ACCESS%E2%9D%84%EF%B8%8F-10-05
Screenshots:
None
Threat Actors: SecureTrax
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Gumloop Pro subscription access
Category: Services
Content: A forum user is selling Gumloop 1-year Pro plan access with 20k+ credits/month for $55, delivered via coupon code. The offering includes unlimited seats, concurrent runs, and agent interactions. This appears to be a resale of discounted or unauthorized subscription access to the Gumloop AI automation platform.
Date: 2026-05-11T08:49:37Z
Network: openweb
Published URL: https://cracked.st/Thread-Gumloop-1-Year-Pro-20k-Credits
Screenshots:
None
Threat Actors: MarshallDark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A threat actor shared a combo list of approximately 1,200 Hotmail email account credentials, described as VIP Cloud access. The content is hidden behind a registration/login requirement on the forum.
Date: 2026-05-11T08:49:07Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%9A%B5%F0%9F%8F%BC1-2k-hotmail-mail-access%F0%9F%9A%B5%F0%9F%8F%BC%E2%9C%A8-10-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list with 2,136 hits
Category: Combo List
Content: A threat actor is sharing a combo list of 2,136 Hotmail credential hits on a cybercrime forum. The content is gated behind registration or login. No additional details about data origin or fields are available from the post.
Date: 2026-05-11T08:48:51Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%9C-2136x-premium-hotmail-hits-%E2%9A%9C
Screenshots:
None
Threat Actors: Anon75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 1.4 million European combo list
Category: Combo List
Content: A threat actor shared a combo list containing approximately 1.4 million credential pairs targeting European users. The list was made available via an external paste link on a public forum.
Date: 2026-05-11T08:48:47Z
Network: openweb
Published URL: https://nulledbb.com/thread-1-4M-EUROPA-COMBO–2292050
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 10,000 US email credentials
Category: Combo List
Content: A threat actor shared a combo list containing 10,000 US-based email credentials via an external paste link. The post is categorized as a combo list as it contains email credentials sourced from multiple breaches, not tied to a single organization.
Date: 2026-05-11T08:48:25Z
Network: openweb
Published URL: https://nulledbb.com/thread-10k-USA-GOOD-MAILS-COMBO–2292083
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of mixed email credentials
Category: Combo List
Content: A threat actor has freely distributed a combo list of 3,937 mixed email credentials on a cracking forum. The post links to an external paste site hosting the credential data. No specific victim organization or breach source is identified.
Date: 2026-05-11T08:48:13Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-3937x-PREMIUM-MIX-MAIL-HITS%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F–2292074
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Indonesia Supreme Court BNI Virtual Account data with admin access
Category: Data Leak
Content: A threat actor is freely distributing data allegedly obtained from the Indonesia Supreme Courts case management system, including BNI virtual account numbers linked to legal cases and associated court fees. The post also claims admin access to the courts portal. The leaked dataset includes case agenda numbers, petitioner names, virtual account numbers, payment status, and case cost amounts.
Date: 2026-05-11T08:43:22Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-FREE-Indonesia-Supreme-Court-BNI-Virtual-Account-Data-Admin-Acces
Screenshots:
None
Threat Actors: Zvok
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Mahkamah Agung Republik Indonesia (Supreme Court)
Victim Site: putusan.mahkamahagung.go.id
Alleged sale of stolen credit card data and compromised databases (UK, DE, JP, NL, BR, PL, ES, US, IT)
Category: Combo List
Content: Threat actor offering fresh stolen databases and credit card data from multiple countries including UK, Germany, Japan, Netherlands, Brazil, Poland, Spain, US, and Italy. Claims to have access to compromised accounts from platforms including eBay, OfferUp, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Amazon, Mercari, Kleinanzeigen, and webmail services. Seller claims to operate a private cloud infrastructure and offers keyword-based searching. Pricing structure mentioned: US cards at $1, international cards at $1.50 with 75-95% validity guarantee.
Date: 2026-05-11T08:17:44Z
Network: telegram
Published URL: https://t.me/c/2613583520/79469
Screenshots:
None
Threat Actors: Num
Victim Country: United Kingdom, Germany, Japan, Netherlands, Brazil, Poland, Spain, United States, Italy
Victim Industry: E-commerce, Payment Processing, Email Services, Travel, Social Commerce
Victim Organization: Unknown
Victim Site: Unknown
Sale or distribution of CV template pack on cracking forum
Category: Alert
Content: A forum post on a cracking forum shares a link to an external paste site advertising a collection of professional CV templates in multiple languages. The content does not appear to constitute a direct cyber threat and may be spam or unrelated material posted in a cracking context.
Date: 2026-05-11T08:17:25Z
Network: openweb
Published URL: https://nulledbb.com/thread-Ultimate-Professional-CV-Template-Pack-all-languages–2292041
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 1,913 claimed valid Hotmail credentials. The post advertises the credentials as premium hits and references private cloud access. Content is hidden behind forum registration or login.
Date: 2026-05-11T08:16:44Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1913-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: alphaaxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of Hotmail credential hits combo list
Category: Combo List
Content: A threat actor shared 1,913 alleged valid Hotmail credential hits on a darknet forum. The content is gated behind registration or login and promoted via a Telegram handle. The post markets the credentials as premium and sourced from a private cloud mix.
Date: 2026-05-11T08:16:36Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1913-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail credential combo list sample (1,435 entries)
Category: Combo List
Content: A threat actor shared a sample combo list containing 1,435 Hotmail email and password pairs on a criminal forum. The content is gated behind registration or login. This is a credential stuffing resource, not a breach of the Hotmail service itself.
Date: 2026-05-11T08:16:12Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-1435x-SAMPLE-HOTMAIL-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: HollowKnight
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged breach of Federal Investigation Agency (FIA) Pakistan government systems
Category: Cyber Attack
Content: Threat actor claims to have compromised fia.gov.pk (Federal Investigation Agency Pakistan) and shared screenshots demonstrating access to internal systems with data deletion capabilities. Actor threatens to release additional data including intelligence-related information.
Date: 2026-05-11T08:10:09Z
Network: telegram
Published URL: https://t.me/c/3793980891/3406
Screenshots:
None
Threat Actors: Unknown
Victim Country: Pakistan
Victim Industry: Government/Law Enforcement
Victim Organization: Federal Investigation Agency (FIA)
Victim Site: fia.gov.pk
Alleged sale of phishing kit and credential harvesting tools by DataxLogs
Category: Phishing
Content: Threat actor operating under handle @DataxLogs is advertising the sale of phishing configuration tools including Silverbullet and Openbullet 2 with APIs for web, Android, and iOS platforms. The service includes captcha bypass capabilities (hCaptcha, Cloudflare, Captcha V2/V3, etc.) designed to automate credential harvesting and account compromise attacks.
Date: 2026-05-11T08:07:04Z
Network: telegram
Published URL: https://t.me/c/2613583520/79474
Screenshots:
None
Threat Actors: DataxLogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 3.3K Hotmail credentials shared on forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 3,300 Hotmail email account credentials, marketed as fresh and high quality. The content is hidden behind a forum registration or login wall.
Date: 2026-05-11T08:06:54Z
Network: openweb
Published URL: https://breachforums.rs/Thread-3-3K-Hotmail-Frersh-Mail-Access-Top-Quality-11-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of xacgdh.com by Vazzle07
Category: Defacement
Content: On May 11, 2026, the website xacgdh.com was defaced by a threat actor operating under the handle Vazzle07, targeting the file path /env.php. The attack was a single, non-mass defacement with no affiliated team claimed. No specific motive or additional technical details regarding the server environment were disclosed.
Date: 2026-05-11T07:49:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919546
Screenshots:
None
Threat Actors: Vazzle07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: xacgdh.com
Sale of Cisco CCNA exam vouchers and account upgrade services
Category: Services
Content: A forum seller is offering Cisco CCNA exam vouchers for sale via cryptocurrency and PayPal. The seller also advertises account upgrade services for platforms including Spotify, Netflix, Canva, and others. The post claims vouchers are genuine and sourced directly from an instructor.
Date: 2026-05-11T07:44:47Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%AD%90%E2%AD%90%E2%AD%90-CCNA-CiscoExam-NetworkingCertification-CiscoVoucher-LearnNetworking-CCNA
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed corporate domain combo list
Category: Combo List
Content: A combo list containing 110,244 mixed corporate domain email and password combinations has been shared on a cybercrime forum. The post is categorized as a credential list targeting corporate domain accounts. No additional details are available from the post content.
Date: 2026-05-11T07:44:33Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-110-244-Mixed-Corp-Domain
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Capsolver and CapMonster API keys
Category: Services
Content: A threat actor is selling discounted API keys for Capsolver and CapMonster CAPTCHA-solving services, claiming the keys do not belong to them. The keys are offered at $7.50 each or $12.50 for both, suggesting unauthorized resale of third-party accounts.
Date: 2026-05-11T07:44:27Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-SELL-CAPMONSTER-CAPSOLVER-API-KEY–2092241
Screenshots:
None
Threat Actors: BlazeAmor
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 10,000 credentials
Category: Combo List
Content: A threat actor is advertising a combo list of 10,000 Hotmail/Outlook/Live/MSN email:password credentials marketed as fresh and high hit rate. The listing claims daily drops of 2–4 files covering US, EU, FR, DE, and IT regions. Access is offered via a Telegram channel.
Date: 2026-05-11T07:44:12Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-10k-HOTMAIL–2092242
Screenshots:
None
Threat Actors: joye
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Cisco CCNA exam vouchers
Category: Services
Content: A forum user is offering Cisco CCNA exam vouchers for sale at $220. The post appears to be a commercial service listing for discounted certification exam access.
Date: 2026-05-11T07:44:07Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%AD%90%E2%AD%90%E2%AD%90Cisco-s-ccna-exams-voucher-220
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Hotmail and mixed credentials offered on forum
Category: Combo List
Content: A threat actor is distributing a combo list of Hotmail and mixed credentials, claiming the content was dropped in a private Telegram channel 24 hours prior. The content is hidden behind a forum registration wall. The actor references a Telegram channel with over 2,000 members.
Date: 2026-05-11T07:43:40Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%B4%EF%B8%8F-hq-fresh-hotmails-mix-%E2%9C%B4%EF%B8%8F-dropped-in-private-channel-24h-ago-%F0%9F%94%A5%F0%9F%94%A5-301162
Screenshots:
None
Threat Actors: nikyofficial
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with alleged fresh hits
Category: Combo List
Content: A threat actor is advertising a combo list of approximately 10,000 Hotmail, Outlook, Live, and MSN credentials marketed as fresh daily hits with a high hit rate. The list is claimed to target users across the US, EU, France, Germany, and Italy. Access is offered via a Telegram channel with 2–4 file drops daily.
Date: 2026-05-11T07:42:49Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-Hotmail-10k-Premium-Mail-Access-Fresh-Hits
Screenshots:
None
Threat Actors: mailcombo01
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email combo list with 30K fresh hits
Category: Combo List
Content: A threat actor is advertising a combo list of approximately 30,000 email credentials targeting Hotmail, Outlook, Live, and MSN accounts across US and EU regions. The credentials are marketed as fresh with a high hit rate, distributed in daily drops of 2–4 files via a Telegram channel.
Date: 2026-05-11T07:42:26Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-Mix-30k-Premium-Mail-Access-Fresh-Hits
Screenshots:
None
Threat Actors: mailcombo01
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Yemen infrastructure
Category: Data Breach
Content: A forum post titled Public Disclosure & Data Auction – The Yemen Infrastructure Breach claims a breach of Yemen-related infrastructure, with data allegedly being auctioned. No further details are available as the post content is empty.
Date: 2026-05-11T07:39:52Z
Network: openweb
Published URL: https://xforums.st/threads/public-disclosure-data-auction-the-yemen-infrastructure-breach.613690/
Screenshots:
None
Threat Actors: S4uD1Pwnz
Victim Country: Yemen
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of theciso.org by chinafans (0xteam)
Category: Defacement
Content: The website theciso.org, associated with cybersecurity and CISO (Chief Information Security Officer) community resources, was defaced by threat actor chinafans operating under the group 0xteam on May 11, 2026. The defacement targeted a specific file path (0x.txt) rather than the homepage, indicating a targeted content modification rather than a full site takeover. No specific motive or additional technical details were disclosed in connection with the incident.
Date: 2026-05-11T07:32:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919537
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Cybersecurity / Information Security
Victim Organization: The CISO
Victim Site: theciso.org
Website Defacement of 24by7homebids.com by chinafans (0xteam)
Category: Defacement
Content: The website 24by7homebids.com, a real estate or home bidding platform, was defaced by a threat actor operating under the alias chinafans, affiliated with the group 0xteam. The defacement was recorded on May 11, 2026, with a mirror of the defaced page archived at zone-xsec.com. The incident was a singular, targeted defacement rather than a mass or repeat defacement campaign.
Date: 2026-05-11T07:31:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919514
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Real Estate
Victim Organization: 24by7 Home Bids
Victim Site: 24by7homebids.com
Website Defacement of ScoreEdge by chinafans (0xteam)
Category: Defacement
Content: The website scoreedge.com was defaced by threat actor chinafans, operating under the group 0xteam, on May 11, 2026. The defacement targeted a specific file path (0x.txt) rather than the homepage, indicating a targeted file-level intrusion. A mirror of the defacement was archived at zone-xsec.com.
Date: 2026-05-11T07:30:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919516
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: ScoreEdge
Victim Site: scoreedge.com
Website Defacement of Usine à Histoires by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the Canadian website usineahistoires.ca was defaced by threat actor chinafans, operating under the group 0xteam. The defacement targeted a specific text file path (/0x.txt) and was recorded as a single, non-mass defacement incident. No specific motivation or server details were disclosed.
Date: 2026-05-11T07:29:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919526
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Canada
Victim Industry: Entertainment / Media
Victim Organization: Usine à Histoires
Victim Site: usineahistoires.ca
Website Defacement of Academicosbrasil.com by chinafans (0xteam)
Category: Defacement
Content: The website academicosbrasil.com, a Brazilian academic platform, was defaced by threat actor chinafans operating under the team 0xteam on May 11, 2026. The attacker placed a defacement file at the path /0x.txt on the target server. The incident was a standalone, non-mass defacement with no stated motivation recorded.
Date: 2026-05-11T07:28:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919498
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Brazil
Victim Industry: Education
Victim Organization: Academicos Brasil
Victim Site: academicosbrasil.com
Website Defacement of laboregen.com by chinafans (0xteam)
Category: Defacement
Content: The website laboregen.com was defaced by a threat actor using the handle chinafans, affiliated with the group 0xteam. The defacement was recorded on May 11, 2026, with a mirror of the defaced page archived at zone-xsec.com. No additional details regarding the server environment, attacker motivation, or victim country were disclosed.
Date: 2026-05-11T07:26:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919521
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Laboregen
Victim Site: laboregen.com
Website Defacement of Baguio Transient by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the website baguiotransient.net, associated with a transient accommodation service in Baguio, Philippines, was defaced by a threat actor using the handle chinafans operating under the group 0xteam. The defacement was a targeted, single-site intrusion with no indication of mass or repeat defacement activity. The incident was documented and mirrored by zone-xsec.com.
Date: 2026-05-11T07:25:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919528
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Philippines
Victim Industry: Hospitality / Short-Term Rentals
Victim Organization: Baguio Transient
Victim Site: baguiotransient.net
Website Defacement of Kara Short Rents by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website karashortrents.com, a short-term rental service. The attack was a targeted single-site defacement, with the defaced content hosted at the path /0x.txt, consistent with the groups naming conventions. No specific motivation or technical details were disclosed.
Date: 2026-05-11T07:25:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919518
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Real Estate / Short-Term Rentals
Victim Organization: Kara Short Rents
Victim Site: karashortrents.com
Alleged data leak of Vodafone by LAPSUS group
Category: Data Leak
Content: A threat actor claims to be distributing a full infrastructure and GitHub repository dump of Vodafone, attributed to the LAPSUS group. The archive is made available via an external file-sharing link. The post provides no further details on the scope or authenticity of the alleged leak.
Date: 2026-05-11T07:24:50Z
Network: openweb
Published URL: https://breached.st/threads/lapsus-vodafone-full-leak-may-2026.86989/unread
Screenshots:
None
Threat Actors: jeanboelard
Victim Country: Unknown
Victim Industry: Telecommunications
Victim Organization: Vodafone
Victim Site: vodafone.com
Website Defacement of Fenepay by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the payment platform Fenepay was defaced by threat actor chinafans operating under the group 0xteam. The defacement was a targeted single-site attack, with the defaced content hosted at fenepay.com/0x.txt. No specific motive or vulnerability details were disclosed.
Date: 2026-05-11T07:24:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919540
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Financial Services / Payment Processing
Victim Organization: Fenepay
Victim Site: fenepay.com
Website Defacement of GS Auto Transport by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, threat actor chinafans operating under the group 0xteam defaced the website of GS Auto Transport, an auto transport/logistics company. The defacement was a targeted single-site attack, with the defaced content hosted at gsautotransport.com/0x.txt. No specific motive or vulnerability details were disclosed.
Date: 2026-05-11T07:23:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919519
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Transportation & Logistics
Victim Organization: GS Auto Transport
Victim Site: gsautotransport.com
Website Defacement of DuBois College by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the website duboiscollege.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement targeted a text file on the colleges web server. The incident was a single-target defacement with no indication of mass or repeated compromise.
Date: 2026-05-11T07:23:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919529
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Education
Victim Organization: DuBois College
Victim Site: duboiscollege.com
Website Defacement of Clear Sky Farms by chinafans (0xteam)
Category: Defacement
Content: The website clearskyfarms.com was defaced by threat actor chinafans operating under the group 0xteam on May 11, 2026. The defacement targeted a page at the path /0x.txt, consistent with the teams naming convention. This was a singular, targeted defacement rather than a mass or home page defacement event.
Date: 2026-05-11T07:22:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919508
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Agriculture
Victim Organization: Clear Sky Farms
Victim Site: clearskyfarms.com
Website Defacement of ChinaLamp.org by Vazzle07
Category: Defacement
Content: On May 11, 2026, the threat actor Vazzle07 defaced the website www.chinalamp.org by compromising the file env.php. The attack was a targeted single-site defacement with no team affiliation reported. The victim appears to be a Chinese lighting or lamp manufacturing organization, and no specific motive or exploit details were disclosed.
Date: 2026-05-11T07:21:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919545
Screenshots:
None
Threat Actors: Vazzle07
Victim Country: China
Victim Industry: Manufacturing / Lighting
Victim Organization: China Lamp
Victim Site: www.chinalamp.org
Website Defacement of Google Business Profile Ranking Service by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, a threat actor identified as chinafans, affiliated with 0xteam, defaced the website rankmygooglebusinessprofile.co, a digital marketing or SEO-related service. The incident was a targeted single-site defacement, not part of a mass defacement campaign. No specific motive or server details were disclosed.
Date: 2026-05-11T07:20:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919497
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Digital Marketing / SEO Services
Victim Organization: Rank My Google Business Profile
Victim Site: rankmygooglebusinessprofile.co
Website Defacement of matriart.es by chinafans (0xteam)
Category: Defacement
Content: The website matriart.es was defaced by a threat actor known as chinafans, operating under the group 0xteam, on May 11, 2026. The defacement targeted a specific file path (0x.txt) rather than the homepage, indicating a targeted file-level intrusion. The incident was recorded and mirrored by zone-xsec.com under mirror ID 919523.
Date: 2026-05-11T07:19:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919523
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Spain
Victim Industry: Arts and Culture
Victim Organization: Matriart
Victim Site: matriart.es
Website Defacement of CBK Industries by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the website cbkindustries.com was defaced by threat actor chinafans operating under the group 0xteam. The attack targeted a specific file path (/0x.txt) on the domain, consistent with a standard web defacement operation. The incident was not classified as a mass or home page defacement, suggesting a targeted file-level intrusion.
Date: 2026-05-11T07:19:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919515
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Industrial/Manufacturing
Victim Organization: CBK Industries
Victim Site: cbkindustries.com
Website Defacement of bluelane.video by chinafans (0xteam)
Category: Defacement
Content: A threat actor identified as chinafans, operating under the group 0xteam, defaced the website bluelane.video on May 11, 2026. The defacement targeted a video-related media platform, with the attacker leaving a text file at the path /0x.txt as evidence of compromise. The incident was a single targeted defacement rather than a mass or home page defacement.
Date: 2026-05-11T07:18:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919517
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Media/Entertainment
Victim Organization: Blue Lane Video
Victim Site: bluelane.video
Website Defacement of Pillar3 by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website pillar3.co by altering a publicly accessible text file at the path /0x.txt. The defacement appears to be a targeted, non-mass incident with no prior redefacement history recorded. Technical details regarding the server environment and attack vector remain unknown.
Date: 2026-05-11T07:17:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919499
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Pillar3
Victim Site: pillar3.co
Website Defacement of eBuyDepot by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the e-commerce website ebuydepot.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement was a targeted single-site attack, leaving a text-based payload at the path /0x.txt. No specific motivation or exploitation method was publicly disclosed for this incident.
Date: 2026-05-11T07:16:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919509
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: E-Commerce / Retail
Victim Organization: eBuyDepot
Victim Site: ebuydepot.com
Website Defacement of b-dream.top by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans, operating under the group 0xteam, defaced the website b-dream.top on May 11, 2026. The defacement targeted a specific file path (0x.txt) rather than the homepage, indicating a targeted file-level intrusion. No additional details regarding the victim organization, motive, or attack vector were disclosed.
Date: 2026-05-11T07:16:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919536
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: b-dream.top
Website Defacement of Cyber Future Dialogue by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, a threat actor identified as chinafans operating under the group 0xteam defaced the website cyberfuturedialogue.org, targeting a platform likely associated with cyber policy and international dialogue. The defacement was a singular targeted incident, not a mass or home page defacement, with the malicious content hosted at the path /0x.txt. The incident was mirrored and recorded by zone-xsec.com under mirror ID 919495.
Date: 2026-05-11T07:15:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919495
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology / Policy / Think Tank
Victim Organization: Cyber Future Dialogue
Victim Site: cyberfuturedialogue.org
Website Defacement of vikngo.com by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans, operating under the group 0xteam, defaced the website vikngo.com on May 11, 2026. The defacement was a targeted, single-site incident rather than a mass or redefacement campaign. No specific motive or server details were disclosed in connection with this attack.
Date: 2026-05-11T07:14:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919511
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: vikngo.com
Website Defacement of youiht.com by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website youiht.com by uploading a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no additional technical indicators such as server software or IP address recorded. A mirror of the defacement was archived at zone-xsec.com.
Date: 2026-05-11T07:13:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919535
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: youiht.com
Website Defacement of rsaif.ai by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website rsaif.ai by uploading a defacement file at the path /0x.txt. The incident was a targeted, non-mass defacement affecting a single AI-related domain. No specific motive or server details were disclosed.
Date: 2026-05-11T07:13:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919501
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology / Artificial Intelligence
Victim Organization: Rsaif AI
Victim Site: rsaif.ai
Sale of Gmail combo list by D4rkNetHub
Category: Combo List
Content: A threat actor operating under the alias D4rkNetHub is offering a combo list of over 100,000 Gmail credentials on a cracking forum. No additional details are available from the post content.
Date: 2026-05-11T07:10:42Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-100k-GMAIL-GOODS-D4RKNETHUB-7–2092231
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Germany Mixed Target Combo List (722K Lines)
Category: Combo List
Content: A combo list of 722,208 email:password lines targeting German (.de) accounts across mixed services was shared on a cybercrime forum. The list is marketed as a mixed-target credential set for use in credential stuffing attacks.
Date: 2026-05-11T07:10:22Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-722-208-Lines-%E2%9C%85-Germany-de-Combolist-Mixed-Target
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free USA combo list with 680K credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 680,000 email and password combinations purportedly sourced from United States users. The post markets the credentials as fresh and previously unused. No specific breached organization is identified.
Date: 2026-05-11T07:10:04Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-680K-USA-COMBOLIST-%E2%9C%94%EF%B8%8F-UNRAPED-AND-FRESH-LINES-%E2%9C%94%EF%B8%8FSEXY-BASE
Screenshots:
None
Threat Actors: AstroBella
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of fraudulent US drivers licenses and identity documents
Category: Initial Access
Content: Threat actor offering counterfeit US drivers licenses (front and back) with optional SSN information at $5 per unit with minimum order of 10 pieces. Also offering paid instruction on obtaining fraudulent IDs, drivers licenses, SSNs, and bank checks.
Date: 2026-05-11T07:09:47Z
Network: telegram
Published URL: https://t.me/c/2613583520/79453
Screenshots:
None
Threat Actors: Benjamin
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
USA combo list of 496K credentials freely shared
Category: Combo List
Content: A threat actor shared a combo list of approximately 496,000 email and password combinations purportedly sourced from United States users. The post markets the credentials as fresh and previously unused. No specific breached organization is identified.
Date: 2026-05-11T07:09:35Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-496K-USA-COMBOLIST-%E2%9C%94%EF%B8%8F-UNRAPED-AND-FRESH-LINES-%E2%9C%94%EF%B8%8FSEXY-BASE
Screenshots:
None
Threat Actors: AstroBella
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list distribution: HQ Mix
Category: Combo List
Content: A forum user distributed a combo list of 1,483 credentials marketed as high quality. The content is hidden behind a registration or login wall on the forum. No specific breach victim or targeted service is identified.
Date: 2026-05-11T07:08:12Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-X1483-HQ-Mix-%E2%9A%A1%E2%9A%A1-BY-Stevee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: stevee
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ Mix combo list
Category: Combo List
Content: A combo list advertised as HQ Mix containing approximately 1,483 email:password credential pairs has been shared on a public forum. The content is hidden behind registration or login, suggesting distribution to forum members. No specific breach source or targeted service is identified.
Date: 2026-05-11T07:08:08Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X1483-HQ-Mix-%E2%9A%A1%E2%9A%A1-BY-Stevee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Delko.fr
Category: Data Breach
Content: A threat actor operating under the name LAPSEC claims to have breached Delko.fr, a French retailer, allegedly compromising data on 3.5 million customers. The actor is offering the database for sale via Telegram. No sample data was provided in the post.
Date: 2026-05-11T07:04:30Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DELKO-FR-BREACH-BY-LAPSEC
Screenshots:
None
Threat Actors: lapsussgroups
Victim Country: France
Victim Industry: Retail
Victim Organization: Delko
Victim Site: delko.fr
Website Defacement of cliente1.qar.cl by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced a file hosted on the Chilean domain cliente1.qar.cl. The defacement targeted a specific text file (0x.txt) rather than the homepage, indicating a targeted file-level intrusion. The incident was recorded as a single, non-mass defacement event.
Date: 2026-05-11T07:00:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919453
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Chile
Victim Industry: Unknown
Victim Organization: QAR
Victim Site: cliente1.qar.cl
Website Defacement of Alpine Camping by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the website alpinecamping.com was defaced by threat actor chinafans operating under the team 0xteam. The attacker uploaded a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no indication of mass or repeated compromise.
Date: 2026-05-11T06:59:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919481
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Outdoor Recreation / Retail
Victim Organization: Alpine Camping
Victim Site: alpinecamping.com
Website Defacement of rodztinttouch.com by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website rodztinttouch.com by uploading a file at the path /0x.txt. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity. Server and infrastructure details were not disclosed in the available data.
Date: 2026-05-11T06:59:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919477
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Rodztint Touch
Victim Site: rodztinttouch.com
Website Defacement of Saulhauls.com by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the website saulhauls.com was defaced by a threat actor identified as chinafans, operating under the group 0xteam. The defacement was a targeted single-site incident, with the defaced content hosted at saulhauls.com/0x.txt. No additional technical indicators such as server software or IP address were recorded for this incident.
Date: 2026-05-11T06:58:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919447
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Transportation / Logistics
Victim Organization: Saul Hauls
Victim Site: saulhauls.com
Website Defacement of My Heart Funerals by chinafans (0xteam)
Category: Defacement
Content: The website myheartfunerals.com was defaced by threat actor chinafans, operating under the group 0xteam, on May 11, 2026. The defacement was a targeted single-site compromise, with the attacker leaving a marker at the path /0x.txt. No specific motivation or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-11T06:57:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919485
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Funeral Services
Victim Organization: My Heart Funerals
Victim Site: myheartfunerals.com
Website Defacement of griplinestrap.com by chinafans (0xteam)
Category: Defacement
Content: The website griplinestrap.com was defaced by threat actor chinafans, operating under the group 0xteam, on May 11, 2026. The defacement was a targeted single-site attack, leaving a text file (0x.txt) as evidence of the intrusion. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-11T06:57:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919476
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Griplinestrap
Victim Site: griplinestrap.com
Website Defacement of Poty Ambiental by chinafans (0xteam)
Category: Defacement
Content: The Brazilian environmental services website potyambiental.com.br was defaced by threat actor chinafans operating under the group 0xteam on May 11, 2026. The defacement was a targeted, non-mass attack affecting a specific page on the domain. The incident was recorded and mirrored by zone-xsec.com under mirror ID 919463.
Date: 2026-05-11T06:56:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919463
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Brazil
Victim Industry: Environmental Services
Victim Organization: Poty Ambiental
Victim Site: potyambiental.com.br
Website Defacement of kimsaidit.com by chinafans of 0xteam
Category: Defacement
Content: On May 11, 2026, the website kimsaidit.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The attacker left a defacement file at the path /0x.txt. No specific motive, server details, or additional technical indicators were disclosed in connection with this incident.
Date: 2026-05-11T06:55:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919472
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Kim Said It
Victim Site: kimsaidit.com
Mass Website Defacement of inej.net by XYZ (Alpha Wolf Team)
Category: Defacement
Content: On May 11, 2026, threat actor XYZ operating under the Alpha Wolf team conducted a mass defacement attack targeting inej.net, hosted on a Linux-based server. The incident was classified as a mass defacement, suggesting multiple sites may have been compromised as part of the same campaign. A mirror of the defacement has been archived at haxor.id.
Date: 2026-05-11T06:54:46Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249149
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: inej.net
Website Defacement of Hutchison Machining by chinafans (0xteam)
Category: Defacement
Content: The website hutchisonmachining.com was defaced by threat actor chinafans, operating under the group 0xteam, on May 11, 2026. The defacement targeted a specific file path (/0x.txt) on the machining companys web server. This was a single, non-mass defacement incident with a mirror archived at zone-xsec.com.
Date: 2026-05-11T06:54:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919480
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Manufacturing
Victim Organization: Hutchison Machining
Victim Site: hutchisonmachining.com
Website Defacement of Industrial City Inc by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the website industrialcityinc.com was defaced by threat actor chinafans, operating under the group 0xteam. The attacker uploaded a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity.
Date: 2026-05-11T06:53:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919484
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Industrial/Manufacturing
Victim Organization: Industrial City Inc
Victim Site: industrialcityinc.com
Mass Defacement of mallas.inej.net by XYZ (Alpha Wolf Team)
Category: Defacement
Content: On May 11, 2026, threat actor XYZ operating under the team name Alpha Wolf conducted a mass defacement attack against mallas.inej.net, a subdomain associated with an educational institution likely linked to INEJ. The attack targeted a Linux-based server and was confirmed as part of a broader mass defacement campaign. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-11T06:52:43Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249150
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Instituto Nacional de Educación para Jóvenes y Adultos (INEJ)
Victim Site: mallas.inej.net
Website Defacement of Eco Building Technology Firm by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, a threat actor operating under the handle chinafans, affiliated with 0xteam, defaced a German eco building technology website. The targeted domain is a Punycode-encoded German domain representing eco-gebäudetechnik.de, suggesting a small to mid-sized building services or energy efficiency company. The incident was a single targeted defacement, not part of a mass defacement campaign.
Date: 2026-05-11T06:51:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919466
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Germany
Victim Industry: Construction / Building Technology
Victim Organization: Eco Gebäudetechnik
Victim Site: xn--eco-gebudetechnik-wqb.de
Website Defacement of Bayside Cabinetry by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, threat actor chinafans operating under the group 0xteam defaced the website of Bayside Cabinetry, a cabinetry and home improvement business. The attack was a targeted single-site defacement, leaving a text-based payload at a specific URL path. No technical server details were disclosed in the available intelligence.
Date: 2026-05-11T06:50:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919455
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Manufacturing / Home Improvement
Victim Organization: Bayside Cabinetry
Victim Site: baysidecabinetry.com
Website Defacement of Independent Energy by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans, operating under the team name 0xteam, defaced the website of Independent Energy (independentenergy.co) on May 11, 2026. The defacement was a targeted single-site intrusion, leaving a text-based proof of compromise at the path /0x.txt. No specific motivation or server details were disclosed in connection with this incident.
Date: 2026-05-11T06:50:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919469
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Energy
Victim Organization: Independent Energy
Victim Site: independentenergy.co
Website Defacement of jobjoe.nl by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the website jobjoe.nl, a Dutch job services platform, was defaced by a threat actor known as chinafans operating under the group 0xteam. The attacker published a defacement file at jobjoe.nl/0x.txt. The incident was a targeted single-site defacement with no indication of mass or repeated compromise.
Date: 2026-05-11T06:49:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919467
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Netherlands
Victim Industry: Employment / Job Services
Victim Organization: JobJoe
Victim Site: jobjoe.nl
Website Defacement of Apadana TPC by XYZ (Alpha Wolf)
Category: Defacement
Content: On May 11, 2026, the Iranian technology company Apadana TPC had its homepage defaced by a threat actor identified as XYZ, operating under the team name Alpha Wolf. The attack targeted the main homepage of the domain apadanatpc.ir and was not part of a mass defacement campaign. A mirror of the defacement was archived at zone-xsec.com.
Date: 2026-05-11T06:48:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919494
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Iran
Victim Industry: Technology
Victim Organization: Apadana TPC
Victim Site: apadanatpc.ir
Website Defacement of Apadana TPC by XYZ (Alpha Wolf)
Category: Defacement
Content: On May 11, 2026, the Iranian technology company Apadana TPC had its website defaced by a threat actor identified as XYZ, affiliated with the group Alpha Wolf. The defacement targeted the domain apadanatpc.ir and was recorded as a singular, non-mass defacement incident. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-11T06:47:38Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249156
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Iran
Victim Industry: Technology
Victim Organization: Apadana TPC
Victim Site: apadanatpc.ir
Website defacement of INEJ Reporteria by XYZ (Alpha Wolf)
Category: Defacement
Content: On May 11, 2026, a threat actor identified as XYZ, affiliated with the group Alpha Wolf, defaced a subdomain of the Nicaraguan Instituto Nacional de Estadísticas y Censos (INEJ) at reporteria.inej.net. The attack targeted a Linux-based server hosting the organizations reporting platform. The incident was recorded as a single, non-mass defacement with a mirror archived at haxor.id.
Date: 2026-05-11T06:46:58Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249148
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Nicaragua
Victim Industry: Government / Public Institution
Victim Organization: Instituto Nacional de Estadísticas y Censos (INEJ)
Victim Site: reporteria.inej.net
Website Defacement of Sip and Squeeze Straw by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the website sipandsqueezestraw.com was defaced by a threat actor using the handle chinafans, operating under the group 0xteam. The defacement was a targeted, single-site intrusion with no indication of mass or repeated defacement activity. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-11T06:46:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919479
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Retail / Consumer Goods
Victim Organization: Sip and Squeeze Straw
Victim Site: sipandsqueezestraw.com
Website defacement of TheDistriHub by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the website thedistrihub.com was defaced by threat actor chinafans, operating under the group 0xteam. The defacement targeted a specific file path (0x.txt) rather than the homepage, indicating a targeted file-level intrusion. No specific motive or exploitation method was disclosed in the available data.
Date: 2026-05-11T06:45:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919465
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Distribution/Logistics
Victim Organization: TheDistriHub
Victim Site: thedistrihub.com
Website Defacement of NAO Services by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the website naoservices.co.uk was defaced by threat actor chinafans operating under the group 0xteam. The defacement targeted a UK-based services organization and was recorded as a single, non-mass defacement incident. A mirror of the defacement was archived at zone-xsec.com.
Date: 2026-05-11T06:44:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919470
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United Kingdom
Victim Industry: Technology Services
Victim Organization: NAO Services
Victim Site: naoservices.co.uk
Website Defacement of Books by Gayle Wilson by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the website booksbygaylewilson.com was defaced by a threat actor known as chinafans, operating under the team 0xteam. The defacement targeted a page on the domain associated with an author or book retailer, likely Gayle Wilson. This was a single targeted defacement, not part of a mass or repeated defacement campaign.
Date: 2026-05-11T06:44:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919483
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Publishing / Retail
Victim Organization: Books by Gayle Wilson
Victim Site: booksbygaylewilson.com
Website Defacement of tricacxm.com by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the website tricacxm.com was defaced by a threat actor operating under the handle chinafans, affiliated with the hacking group 0xteam. The defacement was a targeted, non-mass incident affecting a single page (0x.txt) on the domain. No specific motive or additional technical details were disclosed in connection with the attack.
Date: 2026-05-11T06:38:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919397
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: tricacxm.com
Website Defacement of spiriting.co.il by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the Israeli website spiriting.co.il by uploading a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity.
Date: 2026-05-11T06:37:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919422
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Spiriting
Victim Site: spiriting.co.il
Website defacement of nogravity.cy by chinafans of 0xteam
Category: Defacement
Content: On May 11, 2026, the website nogravity.cy was defaced by threat actor chinafans, affiliated with the hacking group 0xteam. The defacement targeted a specific file path (0x.txt) on the Cypriot domain and was neither a mass nor redefacement incident. No specific motivation or server details were disclosed.
Date: 2026-05-11T06:36:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919415
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Cyprus
Victim Industry: Unknown
Victim Organization: No Gravity
Victim Site: nogravity.cy
Website Defacement of MarketGo Agency by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, a threat actor known as chinafans, operating under the team 0xteam, defaced the website of MarketGo Agency by uploading a defacement file at marketgo.agency/0x.txt. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity. The attack details, including the server infrastructure and specific exploit method, remain unknown.
Date: 2026-05-11T06:35:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919413
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Marketing / Digital Agency
Victim Organization: MarketGo Agency
Victim Site: marketgo.agency
Website Defacement of Thiet Ke Cua by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the Vietnamese website thietkecua.com, a domain associated with door design or construction services. The defacement was a targeted, single-site incident with no indication of mass or repeated defacement activity.
Date: 2026-05-11T06:34:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919418
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Vietnam
Victim Industry: Construction / Interior Design
Victim Organization: Thiet Ke Cua
Victim Site: thietkecua.com
Website Defacement of ekonomemk.sk by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, a threat actor identified as chinafans, operating under the group 0xteam, defaced the Slovak website ekonomemk.sk by placing a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no indicators of mass or repeated defacement activity. The mirror of the defacement was archived via zone-xsec.com.
Date: 2026-05-11T06:34:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919395
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Slovakia
Victim Industry: Unknown
Victim Organization: Ekonomemk
Victim Site: ekonomemk.sk
Website Defacement of nahsprado.com.br by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the Brazilian website nahsprado.com.br was defaced by a threat actor using the handle chinafans, operating under the group 0xteam. The defacement was a targeted single-site attack, with a mirror of the defaced content archived at zone-xsec.com. No additional details regarding the attackers motive or server infrastructure were disclosed.
Date: 2026-05-11T06:33:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919409
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Nahs Prado
Victim Site: nahsprado.com.br
Website Defacement of SmartphoneFixpoint by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the website smartphonefixpoint.nl, a smartphone repair service based in the Netherlands, was defaced by threat actor chinafans operating under the group 0xteam. The defacement was a targeted, non-mass incident affecting a specific file path on the domain. A mirror of the defaced content was archived via zone-xsec.com.
Date: 2026-05-11T06:32:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919412
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Netherlands
Victim Industry: Electronics Repair / Consumer Technology Services
Victim Organization: SmartphoneFixpoint
Victim Site: smartphonefixpoint.nl
Website Defacement of NNB Nutrition by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the website nnbnutrition.com was defaced by threat actor chinafans operating under the group 0xteam. The attacker uploaded a defacement file at the path /0x.txt. This was a targeted single-site defacement with no indication of mass or repeated compromise.
Date: 2026-05-11T06:31:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919411
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Health & Nutrition / Food Supplements
Victim Organization: NNB Nutrition
Victim Site: nnbnutrition.com
Website Defacement of anatex.org by chinafans (0xteam)
Category: Defacement
Content: The website anatex.org was defaced by threat actor chinafans, operating under the group 0xteam, on May 11, 2026. The defacement targeted a specific text file path (/0x.txt) on the domain, a common technique used to mark a successful intrusion. No server details, motivation, or proof-of-concept information were disclosed alongside the incident.
Date: 2026-05-11T06:31:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919421
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Anatex
Victim Site: anatex.org
Website Defacement of MamaMaters by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the website mamamatters.com was defaced by threat actor chinafans operating under the team 0xteam. The attacker uploaded a defacement file (0x.txt) to the target domain. The incident was a targeted, non-mass defacement with no prior redefacement history recorded.
Date: 2026-05-11T06:30:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919423
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Health & Wellness / Parenting
Victim Organization: Mama Matters
Victim Site: mamamatters.com
Website Defacement of specialfishies.org by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the website specialfishies.org was defaced by a threat actor using the handle chinafans, operating under the group 0xteam. The defacement targeted a specific file path (0x.txt) rather than the homepage, indicating a targeted file-level intrusion. The incident was recorded and mirrored by zone-xsec.com under mirror ID 919393.
Date: 2026-05-11T06:29:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919393
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Special Fishies
Victim Site: specialfishies.org
Website Defacement of Rainbow Graphics by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website rainbowgraphics.xyz. The incident was a targeted single-site defacement, with a mirror of the defaced page archived at zone-xsec.com. No specific motivation or technical exploitation details were disclosed.
Date: 2026-05-11T06:28:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919406
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Graphics / Creative Services
Victim Organization: Rainbow Graphics
Victim Site: rainbowgraphics.xyz
Website Defacement of Goram Laboratorios by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the website goramlaboratorios.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement targeted a specific file path (0x.txt) rather than the homepage, suggesting a targeted file-level intrusion. The incident was catalogued by zone-xsec.com and is classified as a single, non-mass defacement event.
Date: 2026-05-11T06:27:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919417
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Healthcare / Laboratories
Victim Organization: Goram Laboratorios
Victim Site: goramlaboratorios.com
Website Defacement of winmex.site by chinafans (0xteam)
Category: Defacement
Content: The website winmex.site was defaced by threat actor chinafans, operating under the group 0xteam, on May 11, 2026. The defacement was recorded at a specific text file path (0x.txt), suggesting a targeted file-level intrusion. The incident was neither a mass defacement nor a redefacement, indicating a singular targeted attack against this domain.
Date: 2026-05-11T06:26:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919403
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Mexico
Victim Industry: Unknown
Victim Organization: Winmex
Victim Site: winmex.site
Website Defacement of Tico y Rico Monteverde by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the website ticoyricomonteverde.com was defaced by threat actor chinafans operating under the group 0xteam. The defacement targeted a specific file path (0x.txt) rather than the homepage, suggesting a targeted file-level intrusion. No mass or redefacement indicators were noted, and server details remain unknown.
Date: 2026-05-11T06:26:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919419
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Costa Rica
Victim Industry: Hospitality / Food & Beverage
Victim Organization: Tico y Rico Monteverde
Victim Site: ticoyricomonteverde.com
Website Defacement of Marmoles Bamar by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, a threat actor known as chinafans, affiliated with 0xteam, defaced the website of Marmoles Bamar, a marble/stone materials company likely based in Spain. The defacement was a targeted, single-site compromise and does not appear to be part of a mass defacement campaign. A mirror of the defacement was archived via zone-xsec.com.
Date: 2026-05-11T06:25:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919399
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Spain
Victim Industry: Construction and Building Materials
Victim Organization: Marmoles Bamar
Victim Site: marmolesbamar.com
Website Defacement of Servitex by chinafans (0xteam)
Category: Defacement
Content: On May 11, 2026, the Colombian website servitex.com.co was defaced by threat actor chinafans operating under the group 0xteam. The attacker planted a defacement file at the path /0x.txt on the target server. The incident was catalogued as a single, targeted defacement with no indication of mass or repeated compromise.
Date: 2026-05-11T06:24:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919400
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Colombia
Victim Industry: Textile / Manufacturing
Victim Organization: Servitex
Victim Site: servitex.com.co
Sale of Spanish financial records containing IBAN data
Category: Data Breach
Content: A threat actor is offering for sale a dataset of Spanish individuals containing personally identifiable and financial information, including full names, city, phone number, IBAN number, and bank name. The post includes a sample image and directs interested buyers to a Telegram contact. The breached source organization is not identified.
Date: 2026-05-11T06:22:36Z
Network: openweb
Published URL: https://altenens.is/threads/spain-with-iban-data.2937763/unread
Screenshots:
None
Threat Actors: saref43135
Victim Country: Spain
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Tuttur.com
Category: Data Breach
Content: A threat actor is advertising what they claim to be betting user data from the Turkish platform Tuttur.com. A sample image is provided, with further details available via Telegram. No record count or specific data fields are disclosed in the post.
Date: 2026-05-11T06:22:09Z
Network: openweb
Published URL: https://altenens.is/threads/turkey-betting-data-tuttur-com.2937764/unread
Screenshots:
None
Threat Actors: bahisow611
Victim Country: Turkey
Victim Industry: Gambling
Victim Organization: Tuttur
Victim Site: tuttur.com
Alleged sale of Germany high income database
Category: Data Breach
Content: A threat actor is advertising a alleged high income database purportedly containing personal data of individuals in Germany. The seller directs interested parties to a Telegram account for additional details. No specific organization, record count, or data fields are disclosed in the post.
Date: 2026-05-11T06:21:42Z
Network: openweb
Published URL: https://altenens.is/threads/germany-high-income-database.2937765/unread
Screenshots:
None
Threat Actors: yenos68928
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of JP Industries by INDOHAXSEC Member RAZOR
Category: Defacement
Content: A threat actor operating under the alias ./RAZOR, affiliated with the Indonesian hacktivist group INDOHAXSEC, defaced a specific page on the JP Industries website (jpindustries.co.in/verify.php) on May 11, 2026. The attack targeted an Indian industrial company and was a targeted single-page defacement rather than a mass or home page defacement. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-11T06:18:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919392
Screenshots:
None
Threat Actors: ./RAZOR, INDOHAXSEC
Victim Country: India
Victim Industry: Manufacturing / Industrial
Victim Organization: JP Industries
Victim Site: jpindustries.co.in
Airbnb reviews removal service offered on forum
Category: Services
Content: A forum user is offering a paid service to remove negative reviews from Airbnb listings, advertising bulk orders and middleman support. Contact is facilitated via Telegram. No specific victim organization or data compromise is involved.
Date: 2026-05-11T06:04:41Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%90Airbnb-Reviews-Removal%E2%AD%90%E2%80%BC%EF%B8%8F
Screenshots:
None
Threat Actors: Slowredd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Lookiero personal shopping platform
Category: Data Breach
Content: A threat actor is offering a database allegedly containing 4.9 million records from Lookiero, a personal shopping platform. The exposed fields include usernames, email addresses, full names, physical addresses, postal codes, phone numbers, country codes, and account creation dates. The actor is directing interested parties to a Telegram contact for further details.
Date: 2026-05-11T05:55:01Z
Network: openweb
Published URL: https://altenens.is/threads/4-9-million-lookiero-com-personal-shopping-platform-customers-data.2937760/unread
Screenshots:
None
Threat Actors: xakoji3864
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Lookiero
Victim Site: lookiero.com
Alleged data leak of RENIEC — 31 million Peruvian citizens personal records
Category: Data Leak
Content: A threat actor has shared what is claimed to be a 10GB database dump from RENIEC, Perus national civil registry, allegedly containing records on 31 million citizens. The dataset includes full names, dates of birth, addresses, marital status, gender, phone numbers, and financial fields such as salary and credit. The post directs interested parties to a Telegram contact for further information.
Date: 2026-05-11T05:54:24Z
Network: openweb
Published URL: https://altenens.is/threads/reniec-10gb-leaked-31-million-peru-citizens-data.2937761/unread
Screenshots:
None
Threat Actors: ritok33000
Victim Country: Peru
Victim Industry: Government
Victim Organization: RENIEC
Victim Site: reniec.gob.pe
Sale of alleged identity documents and personal data including SSNs, drivers licenses, and passports
Category: Carding
Content: A forum thread advertises the sale of identity documents and personal data including drivers licenses, SSNs, passports, combo lists, email databases, and business entity information (LLC, EIN, LTD). No post content was available to confirm details of the offering.
Date: 2026-05-11T05:50:53Z
Network: openweb
Published URL: https://xforums.st/threads/drivers-license-ssn-passports-combo-emails-databases-llc-ein-ltd.613689/
Screenshots:
None
Threat Actors: jannat123
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of mixed email credentials with 2FA accounts
Category: Combo List
Content: A threat actor on Cracked.st shared a combo list described as Valid Mail FA Private Mixed, suggesting the list contains verified email credentials including accounts with two-factor authentication enabled. The post offers the content as a free release framed as a form of community support.
Date: 2026-05-11T05:35:26Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Valid-Mail-FA-Private-Mixed–2092227
Screenshots:
None
Threat Actors: Phantom4T
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Germany mail:pass combo list with 100,872 lines
Category: Combo List
Content: A combo list of 100,872 email:password lines targeting German mail accounts was shared on a cracking forum. The post is marketed as unique credentials for 2026. No further details are available from the post content.
Date: 2026-05-11T05:35:00Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-100872-LINES-GERMANY-MAILPASS-2026-UNIQUE-COMBO–2092228
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Social media content and account removal service offered on cybercrime forum
Category: Services
Content: A threat actor is advertising an Instagram and Facebook account and content removal service starting at $35, with bulk pricing available. The service claims to remove posts, reels, stories, highlights, and entire accounts, marketed for reputation protection and handling impersonation. The operator directs potential clients to contact via Telegram.
Date: 2026-05-11T05:34:24Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9A%9C%EF%B8%8F-instagram-facebook-account-removal-very-very-cheap-%E2%9A%9C%EF%B8%8F
Screenshots:
None
Threat Actors: FADEDME
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mixed mail access combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 700 mixed mail access credentials marketed as high quality. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-11T05:34:19Z
Network: openweb
Published URL: https://patched.to/Thread-0-7k-hq-mixed-mail-access-combolist-301154
Screenshots:
None
Threat Actors: liamgoat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 8,000 Hotmail credentials marketed as high-quality hits. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-11T05:34:01Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85-8k-hq-hotmail-hit-%E2%9C%85-301152
Screenshots:
None
Threat Actors: RetroCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of URL:Log:Pass combo list with 8+ million lines
Category: Combo List
Content: A threat actor shared a URL:Log:Pass combo list containing over 8 million lines on a cybercrime forum. The content is gated behind registration or login and distributed free of charge. No specific victim organization or country is identified.
Date: 2026-05-11T05:33:41Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-330
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Spain distributed on forum
Category: Combo List
Content: A combo list containing over 524,000 credentials associated with Spanish accounts was freely shared on a hacking forum. The list was posted with a link to an external paste service. No specific breached organization is identified.
Date: 2026-05-11T05:33:37Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-524-K-Combo-%E2%9C%AA-Spain-%E2%9C%AA-6-MAY-2026-%E2%9C%AA–2291961
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of Hotmail credential combo list
Category: Combo List
Content: A threat actor has freely distributed a combo list containing 1,158 Hotmail credential hits via an external paste link. The credentials are marketed as premium hits and are likely intended for credential stuffing or account takeover activity.
Date: 2026-05-11T05:33:09Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1158x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F–2291992
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 4,229 mixed mail hits
Category: Combo List
Content: A user on a cracking forum has freely shared a combo list of 4,229 mixed email credentials via an external paste link. The list is marketed as premium hits across multiple mail providers.
Date: 2026-05-11T05:33:05Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-4229x-PREMIUM-MIX-MAIL-HITS%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F–2291952
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Sirun (斯润) Technology companies in China
Category: Data Breach
Content: A threat actor identifying as SnowSoul is selling approximately 2GB of data allegedly exfiltrated from two affiliated Chinese technology companies — Sirun Hefei Technology Co. Ltd. and Sirun Tianlang (Beijing) Technology Co. Ltd. The data reportedly includes spreadsheets with bill of materials, personnel lists, production orders, procurement records, invoice lists, and financial balance data spanning 2021–2024. The asking price is $2,000 USD, with download links provided.
Date: 2026-05-11T05:17:03Z
Network: openweb
Published URL: https://breached.st/threads/chinese-data-zhong-guo-shu-ju-snowsoul-id-1314.86988/unread
Screenshots:
None
Threat Actors: 元帅*
Victim Country: China
Victim Industry: Technology
Victim Organization: 斯润合肥科技有限公司 / 斯润天朗（北京）科技有限公司
Victim Site: Unknown
Free distribution of stealer logs (ULP format, 0.5 GB)
Category: Logs
Content: A threat actor on a darknet forum is distributing approximately 0.5 GB of compressed stealer logs in ULP (URL:Login:Password) format. The logs are described as fresh and high quality. Access requires replying to the thread or upgrading the posters account tier.
Date: 2026-05-11T05:12:34Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-%E2%9C%AA-0-5-GB-%E2%9C%AA-CLOUD-S-%E2%9C%AA-ULP-LOG-S-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of premium AI service accounts including ChatGPT Pro and Claude Max
Category: Services
Content: A forum seller is advertising discounted ChatGPT Pro and Claude Max premium accounts for sale. No further details are available as the post content is empty.
Date: 2026-05-11T05:03:00Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%E2%9C%A8-Cheap-%E2%9C%A8-CHATGPT-PRO-%C2%A0%C2%A0%C2%A0-CLAUDE-MAX-PREMIUM-AI-ACCOUNTS%E2%9C%A8-AFFORDABLE-PRICE-%E2%9C%A8
Screenshots:
None
Threat Actors: cheapAi007
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting European and German shopping services
Category: Combo List
Content: A combo list of approximately 823,205 email:password lines is being shared, marketed as targeting European and German shopping services. No further details about the source or specific targeted platforms were provided in the post.
Date: 2026-05-11T05:02:01Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-823-205-Lines-%E2%9C%85-Europa-Germany-Shopping-Target
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of michael.tapley.demowebsiteclient.com by Mr.PIMZZZXploit
Category: Defacement
Content: Website defacement claimed by threat actor Mr.PIMZZZXploit. The compromised site is michael.tapley.demowebsiteclient.com with a mirror link provided at hack-db.org/mirror/128530.
Date: 2026-05-11T05:01:31Z
Network: telegram
Published URL: https://t.me/c/3865526389/903
Screenshots:
None
Threat Actors: Mr.PIMZZZXploit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: michael.tapley.demowebsiteclient.com
Victim Site: michael.tapley.demowebsiteclient.com
Social media post removal service advertised on cybercrime forum
Category: Services
Content: A forum user is advertising a social media post removal service targeting Instagram and Facebook, claiming to use copyright mechanisms to remove content. Pricing starts at $20 per post removal, with bulk pricing available at $1,500 for 100 removals. The seller claims fast turnaround and accepts middleman arrangements.
Date: 2026-05-11T05:01:25Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9A%9C%EF%B8%8F-cheapest-post-removals-here-only-%E2%9A%9C%EF%B8%8F
Screenshots:
None
Threat Actors: FADEDME
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Service offering Instagram and TikTok account ban attacks
Category: Services
Content: A threat actor is advertising a service to send bans against Instagram and TikTok accounts, claiming a turnaround time of 0-48 hours and a 100% success rate. The service is offered starting at $200 per ban, with middleman accepted, and contact provided via Telegram.
Date: 2026-05-11T05:01:06Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9A%9C%EF%B8%8Fsend-instagram-bans-tiktok-also-giving-in-the-cheapest-price%E2%9A%9C%EF%B8%8F
Screenshots:
None
Threat Actors: FADEDME
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Social media account unban and recovery service advertised on forum
Category: Services
Content: A threat actor operating under the alias FADEDME is advertising a service for social media account recovery, including copyright unbans and disabled account reinstatement. The seller claims 25+ successful unbans delivered overnight and markets the service to potential resellers. Contact is offered via Telegram.
Date: 2026-05-11T05:00:34Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9A%9C%EF%B8%8F-copyright-unbans-welcome-resellers-%E2%9A%9C%EF%B8%8F
Screenshots:
None
Threat Actors: FADEDME
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Social media account unban and recovery service offered on forum
Category: Services
Content: A forum user is advertising an account recovery and unban service, claiming to handle copyright-related bans and disabled accounts. The seller claims 25+ successful unbans delivered and markets the service to resellers. Contact is provided via Telegram.
Date: 2026-05-11T05:00:25Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%9C%EF%B8%8FCOPYRIGHT-UNBANS-WELCOME-RESELLERS%E2%9A%9C%EF%B8%8F
Screenshots:
None
Threat Actors: trustedi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Nigerian email:password credentials
Category: Combo List
Content: A threat actor has freely shared a combo list of approximately 16,000 email:password pairs allegedly associated with Nigerian users, marketed as fresh and dated May 5, 2026. The credentials were made available via an external paste link on a public forum.
Date: 2026-05-11T04:59:47Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%A6%E2%9C%A6-16-K-%E2%9C%A6-Nigeria-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-5-5-2026-%E2%9C%A6%E2%9C%A6–2291904
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of ULP combo list with 22.52 million records
Category: Combo List
Content: A threat actor is distributing a URL:Login:Password (ULP) combo list containing approximately 22.52 million records, marketed as UHQ (ultra-high quality). The list is hosted on an external paste site and shared on a cracking forum.
Date: 2026-05-11T04:59:38Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%AD%90%EF%B8%8FURL-LOG-PASS-22-52-M-%E2%9C%85-ULP-DAXUS-PRO-UHQ-%E2%AD%90%EF%B8%8F–2291895
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Poder Judicial del Estado de Tabasco, Mexico
Category: Data Leak
Content: A threat actor known as hackstage claims to have leaked a database belonging to the judicial administration body of the state of Tabasco, Mexico. The leaked data allegedly includes personal information of employees such as names, CURP, RFC, institutional and personal email addresses, phone numbers, marital status, and country. Approximately 11,741 worker records are reportedly exposed and have been made available via a public file-sharing link.
Date: 2026-05-11T04:37:17Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-PODER-JUDICIAL-DEL-ESTADO-DE-TABSACO-MEXICO
Screenshots:
None
Threat Actors: hackstage
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Poder Judicial del Estado de Tabasco
Victim Site: Unknown
Alleged data leak of 140,000 French mobile numbers
Category: Data Leak
Content: A threat actor shared a file via MediaFire containing approximately 140,000 French mobile phone numbers. No victim organization or source of the data was identified in the post.
Date: 2026-05-11T04:36:06Z
Network: openweb
Published URL: https://darkforums.su/Thread-140k-french-mobile-number
Screenshots:
None
Threat Actors: courtika
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Pakistani teachers data from educational board
Category: Data Leak
Content: A threat actor leaked data purportedly belonging to over 3,000 Pakistani teachers sourced from an educational board. The dataset allegedly includes names, contact information, roll numbers, and institute affiliations spanning 320+ institutions. The data was made available via a public file-sharing link.
Date: 2026-05-11T04:35:06Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-3k-Pakistani-Teachers-Data
Screenshots:
None
Threat Actors: GH051
Victim Country: Pakistan
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting mixed domain shopping services
Category: Combo List
Content: A combo list of approximately 1.47 million email:password credentials is being shared, marketed as targeting mixed domain shopping services. No additional details are available from the post content.
Date: 2026-05-11T04:27:36Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-476-571-%E2%AD%90%EF%B8%8F-Mixed-Domain-Shopping-target
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Sale of marketplace services including configs, proxies, checkers, and cracked accounts
Category: Services
Content: A threat actor is advertising a Telegram-based marketplace offering config tools, automation, proxies, checkers, captcha solving, and cracked account sellers. The platform is marketed toward vendors and buyers seeking cybercrime-related tools and services. No specific victim organization or breach is referenced.
Date: 2026-05-11T04:27:33Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1-%E2%9A%A1-High-quality-marketplace-built-for-serious-buy
Screenshots:
None
Threat Actors: Forge_mp
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free South Korea Email Combo List (Batch 34/100)
Category: Combo List
Content: A threat actor is distributing a free South Korean email list as part of a series (batch 34 of 100). The content is gated behind registration or login on the forum. No record count or specific targeted service was mentioned.
Date: 2026-05-11T04:26:57Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-free-premium-south-korea-email-list-batch-34-100
Screenshots:
None
Threat Actors: emaildbpro
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
France combo list with 153.3K credentials
Category: Combo List
Content: A threat actor has freely shared a combo list of approximately 153,300 French email credentials via an external paste link. The post is categorized under the Dumps forum section and marketed as mail access credentials.
Date: 2026-05-11T04:26:46Z
Network: openweb
Published URL: https://nulledbb.com/thread-153-3k-FRANCE-COMBO-MAILS-ACCESS–2291874
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Ugandan Catholics Online by Y4NZ404
Category: Defacement
Content: On May 11, 2026, a threat actor operating under the alias Y4NZ404, acting as a solo operator, defaced the WordPress-based website of Ugandan Catholics Online. The attack targeted a specific page within the site rather than the homepage. No specific motive or technical details were disclosed in association with this incident.
Date: 2026-05-11T04:03:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919390
Screenshots:
None
Threat Actors: Y4NZ404, SOLO
Victim Country: Uganda
Victim Industry: Religious Organization
Victim Organization: Ugandan Catholics Online
Victim Site: ugandancatholicsonline.com
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is sharing a combo list of 615 alleged valid Hotmail credentials on a public forum. The content is gated behind a registration/login wall with an external paste link provided.
Date: 2026-05-11T03:58:49Z
Network: openweb
Published URL: https://patched.to/Thread-615x-vailds-hotmails-by-nova
Screenshots:
None
Threat Actors: maska1235
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: HQ Hotmail Mail Access Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 600 Hotmail credentials marketed as high quality mail access. The content is hidden behind a registration or login wall on the forum. No breach of Microsoft or Hotmail is implied; the credentials are intended for credential stuffing against Hotmail accounts.
Date: 2026-05-11T03:58:30Z
Network: openweb
Published URL: https://patched.to/Thread-0-6k-hq-hotmail-mail-access-combolist-301143
Screenshots:
None
Threat Actors: liamgoat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 955K Germany mixed combo list
Category: Combo List
Content: A threat actor shared a combo list of approximately 955,000 credential pairs purportedly associated with German users. The list is described as a mixed combo and has been made available via an external paste link.
Date: 2026-05-11T03:57:59Z
Network: openweb
Published URL: https://nulledbb.com/thread-955k-GERMANY-GOOD-MIXED-COMBO–2291823
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of compromised Papa Johns accounts with stored rewards
Category: Combo List
Content: A threat actor is sharing four compromised Papa Johns accounts, each with $5 or more in stored rewards, as part of a self-described daily free drops series on a cracking forum. The accounts appear to be the result of credential stuffing against the Papa Johns platform.
Date: 2026-05-11T03:57:43Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%80%BC%EF%B8%8F-DAILY-FREE-DROPS-4X-Papa-John-s-5-Reward%E2%80%BC%EF%B8%8F–2291814
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Hotmail credentials distributed
Category: Combo List
Content: A threat actor shared a combo list of 2,254 Hotmail credential hits via an external paste link. The credentials are marketed as premium hits and are likely intended for credential stuffing or account takeover activity.
Date: 2026-05-11T03:57:39Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-2254x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F–2291845
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list by D4rkNetHub
Category: Combo List
Content: A threat actor operating under the handle D4rkNetHub is offering a combo list of 3,594 Hotmail credentials on a dark web forum. The credentials are available via a paid cloud subscription service with tiers ranging from $10 for a 3-day trial to $50 for 30-day access. The actor also promotes a shop at darknethub.top and a Telegram channel for transactions.
Date: 2026-05-11T03:56:57Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3-594-Good-HOTMAIL-GOODS-D4RKNETHUB-CLOUD
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 300K US email:password credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 300,000 US email and password credentials, marketed as 2026 data and described as UHQ (ultra-high quality) suitable for credential stuffing across multiple targets. The list was distributed freely on a cracking forum.
Date: 2026-05-11T03:29:22Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-300K-NEW-DATA-USA-UHQ-DROP-WORK-FOR-ALL-TARGETS-FROM-POLINGDBS–2091727
Screenshots:
None
Threat Actors: polingdbs
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of URL:Log:Pass combo list with 24.79 million records
Category: Combo List
Content: A threat actor operating under the handle DaxusHub is offering a URL:LOG:PASS combo list containing approximately 24.79 million records, marketed as UHQ (ultra-high quality). The post directs users to a Telegram channel for additional offerings.
Date: 2026-05-11T03:29:05Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%90%EF%B8%8FURL-LOG-PASS-24-79-M-%E2%9C%85-DAXUS-PRO-UHQ-%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: DaxusHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 3,627 mixed mail credentials
Category: Combo List
Content: A threat actor shared a free combo list of 3,627 mixed mail credentials via an external paste link. The post was made on a cracking forum and markets the credentials as premium hits.
Date: 2026-05-11T03:26:51Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-3627x-PREMIUM-MIX-MAIL-HITS%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F–2291784
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stealer logs containing URL:Log:Pass credentials (21.24 million records)
Category: Logs
Content: A threat actor operating under the alias Daxus is offering a URL:LOG:PASS dataset containing approximately 21.24 million records, advertised as UHQ (ultra-high quality) stealer log output. The dataset is available via the actors commercial platform at daxus.pro and associated Telegram channels.
Date: 2026-05-11T03:26:44Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%AD%90%EF%B8%8FURL-LOG-PASS-21-24-M-%E2%9C%85-DAXUS-PRO-UHQ-%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Service offering KYC/AML bypass and frozen crypto account unblocking
Category: Services
Content: A seller operating since 2013 is advertising a service to unblock frozen cryptocurrency wallets and exchange accounts, bypassing KYC and AML checks. The service works on a percentage-of-recovered-balance model, accepts cases involving balances of $3,000 or more, and claims to assist with documentation to pass identity and compliance checks. The operator excludes CIS/Russian banks and payment systems from their scope.
Date: 2026-05-11T03:07:56Z
Network: openweb
Published URL: https://spear.cx/Thread-Unblocking-wallets-crypto-exchanges-we-will-fix-KYC-AML
Screenshots:
None
Threat Actors: LibrePass
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting cryptocurrency services (Gmail)
Category: Combo List
Content: A combo list of approximately 1.21 million email:password lines is being shared, marketed as targeting cryptocurrency services and sourced from Gmail accounts. The credentials are intended for credential stuffing against crypto platforms. No additional details are available from the post content.
Date: 2026-05-11T02:56:51Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-210-729-Lines-%E2%9C%85-Crypto-target-Combolist-Gmail
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Netherlands email:password credentials freely distributed
Category: Combo List
Content: A threat actor distributed a combo list of approximately 319,000 email:password pairs purportedly associated with Netherlands-based accounts. The credentials are marketed as fresh and were made available via an external paste link.
Date: 2026-05-11T02:56:04Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%A6%E2%9C%A6-319-K-%E2%9C%A6-Netherlands-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-29-4-2026-%E2%9C%A6%E2%9C%A6–2291736
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free 90K EDU combo list for Office365 SMTP credential stuffing
Category: Combo List
Content: A threat actor has shared a combo list of approximately 90,000 education-sector credentials marketed for use against Office365 SMTP services. The list was made available via an external paste link on a cracking forum.
Date: 2026-05-11T02:55:50Z
Network: openweb
Published URL: https://nulledbb.com/thread-90K-EDU-COMBOLIST-FOR-OFFICE365-SMTP-S-SHROUDZERO-txt–2291755
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list targeting Mexico
Category: Combo List
Content: A combo list containing over 150,000 credentials targeting Mexico-based accounts was freely shared via an external paste link. The post provides no further details about the source or nature of the credentials.
Date: 2026-05-11T02:55:47Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-150-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Mexico-%E2%9C%AA-22-APR-2026-%E2%9C%AA–2291764
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is offering a combo list of 1,474 alleged valid Hotmail credentials marketed as UHQ (ultra-high quality). The post references private cloud storage for distribution and directs interested parties to a Telegram contact for access.
Date: 2026-05-11T02:55:02Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X1474-Valid-UHQ-Hotmail-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 7.6K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 7,600 Hotmail credentials, marketed as valid and private. The post is dated 11.05.2026 and requires a forum reply to access the download link.
Date: 2026-05-11T02:54:11Z
Network: openweb
Published URL: https://altenens.is/threads/7-6k-high-voltagehotmailhigh-voltagevalid-mail-access-11-05.2937724/unread
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of stolen credential databases and credit card data across multiple countries
Category: Combo List
Content: Threat actor operating carding and credential trafficking service. Offering fresh database access to compromised accounts across UK, DE, JP, NL, BR, PL, ES, US, IT and other countries. Claims to have stolen credentials for eBay, Uber, PSN, Booking, Amazon, Walmart, Mercari, and other platforms. Also operating Pepecard – a credit card trafficking service selling stolen US/Canada/UK/Global payment cards at $1-$1.50 per card with 75-95% validity rates.
Date: 2026-05-11T02:51:08Z
Network: telegram
Published URL: https://t.me/c/2613583520/79332
Screenshots:
None
Threat Actors: Pepecard
Victim Country: United Kingdom, Germany, Japan, Netherlands, Brazil, Poland, Spain, United States, Italy, Canada
Victim Industry: Multiple (e-commerce, payment, gaming, travel)
Victim Organization: Unknown
Victim Site: Unknown
Sale of cloned payment cards, bank logs, and fraudulent transfer services
Category: Carding
Content: A threat actor is selling cloned prepaid and credit/debit cards, bank logs, and linkable debit cards for use on platforms such as CashApp, PayPal, Apple Pay, Zelle, and Venmo. Pricing ranges from $20 to $450 depending on the product and associated balance. The seller also advertises fraudulent online money transfers across multiple payment platforms with claimed no-chargeback guarantees.
Date: 2026-05-11T02:46:18Z
Network: openweb
Published URL: https://altenens.is/threads/fresh-prepaid-linkable-debits-available-instock-for-cashapp-applepay-paypal-skrill-zelle-venmo-etc-and-they-really-hitting-lit-asf-clone-card.2937731/unread
Screenshots:
None
Threat Actors: Okash
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of access to private cloud database with stolen Hotmail credentials and company datasets
Category: Initial Access
Content: Threat actor offering sale of access to a private cloud database containing high-quality Hotmail credentials and country-specific datasets. Claims to have data from multiple regions (FR, IT, BR, UK, US, JP, PL, RU, ES, MX, CA, SG) and mentions associated data from Walmart, eBay, Kleinanzeigen, Uber, and Poshmark.
Date: 2026-05-11T02:27:54Z
Network: telegram
Published URL: https://t.me/c/2613583520/79324
Screenshots:
None
Threat Actors: Yhōu
Victim Country: Unknown
Victim Industry: Technology, E-commerce, Ride-sharing, Social Commerce
Victim Organization: Hotmail, Walmart, eBay, Uber, Poshmark, Kleinanzeigen
Victim Site: Unknown
Alleged sale of stolen payment card data and private cloud database access with Hotmail credentials
Category: Combo List
Content: Multiple threat actors advertising the sale of stolen payment card data (Pepecard and AllCards services offering 100k+ cards daily at $1-3 per valid card) and access to private cloud databases containing compromised Hotmail credentials and geo-specific personal data from major platforms (Walmart, eBay, Uber, Poshmark) across multiple countries.
Date: 2026-05-11T02:18:18Z
Network: telegram
Published URL: https://t.me/c/2613583520/79303
Screenshots:
None
Threat Actors: Pepecard
Victim Country: United States
Victim Industry: Financial Services, E-commerce, Technology
Victim Organization: Unknown
Victim Site: Unknown
Sale of URL:login:password combo list
Category: Combo List
Content: A forum user posted what appears to be a URL:login:password combo list labeled as Part 5, dated May 2026. No additional details are available due to absent post content.
Date: 2026-05-11T02:17:21Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-BOX-MAIN-NEW-URL-LOG-PASS-11-05-26%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8FPART-5
Screenshots:
None
Threat Actors: BOXOWNER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of URL:login:password combo list
Category: Combo List
Content: A threat actor shared a URL:login:password combo list as a free release, labeled as Part 7 of an ongoing series. The post indicates further updates are planned. No specific victim organization or record count was disclosed.
Date: 2026-05-11T02:16:04Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-BOX-MAIN-NEW-URL-LOG-PASS-11-05-26%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8FPART-7
Screenshots:
None
Threat Actors: BOXOWNER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of URL:login:password combo list
Category: Combo List
Content: A threat actor on Cracked.st is distributing a URL:login:password combo list labeled as a new update (Part 6). The post offers credentials in URL-login-password format with more updates promised. No specific victim organization or record count is disclosed.
Date: 2026-05-11T02:15:39Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-BOX-MAIN-NEW-URL-LOG-PASS-11-05-26%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8FPART-6
Screenshots:
None
Threat Actors: BOXOWNER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of URL:login:password combo list (Part 8)
Category: Combo List
Content: A threat actor distributed a URL:login:password combo list on a cybercrime forum, marketed as a new update (Part 8 in an ongoing series). No specific victim organization or record count was disclosed. Further updates were advertised by the author.
Date: 2026-05-11T02:15:21Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-BOX-MAIN-NEW-URL-LOG-PASS-11-05-26%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8FPART-8
Screenshots:
None
Threat Actors: BOXOWNER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail combo list containing 1.8K credentials
Category: Combo List
Content: A threat actor shared a free combo list of approximately 1,800 Hotmail email credentials on a public forum. The data is described as old and marketed as mail access. This is a credential stuffing list, not a breach of Hotmail or Microsoft infrastructure.
Date: 2026-05-11T02:15:03Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%88%EF%B8%8F1-8k-HOTMAIL-MAIL-ACCESS%E2%9C%88%EF%B8%8F-08-05
Screenshots:
None
Threat Actors: SecureTrax
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 1.2K USA email credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 1,200 mixed US email credentials on a cracking forum. The post is marked as old data from the actors private collection. No specific breached organization is identified.
Date: 2026-05-11T02:14:41Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8%E2%9A%9C%EF%B8%8F1-2k-USA-MAIL-ACCESS-MIX%E2%9A%9C%EF%B8%8F%E2%9C%A8-09-05
Screenshots:
None
Threat Actors: SecureTrax
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of paste-sharing platform MySnippet.dev including source code, server, database, and domain
Category: Services
Content: A forum user is selling the MySnippet.dev paste-sharing platform as a complete package, including full source code, EU server with 11 months remaining, domain with 7 months remaining, and associated database. The listing includes 300 active users, 1,400+ pastes, and community channels with 150+ combined members, with the seller claiming prior monthly revenue of approximately $1,300.
Date: 2026-05-11T02:14:37Z
Network: openweb
Published URL: https://cracked.st/Thread-SELLING-MYSNIPPET-DEV-FULL-SOURCE-SERVER-DATABASE-DOMAIN
Screenshots:
None
Threat Actors: CaesarJulius
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of handmade financial accounts including Stripe, Bunq, Wise, and Venmo
Category: Services
Content: A threat actor is advertising handmade financial accounts for Stripe, Bunq, Wise, and Venmo, claiming worldwide availability. The accounts appear to be freshly created (not stolen) and are offered for sale on a cracking forum. No further details are available as the post content is empty.
Date: 2026-05-11T02:14:09Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1-1-WORLDWIDE-OPEN-UPS-%E2%AD%90-HANDMADE-ACCOUNTS-STRIPE-BUNQ-WISE-%E2%AD%90-VENMO-%E2%9A%A1
Screenshots:
None
Threat Actors: Geminate
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 20K Hotmail credentials shared on cracking forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 20,000 Hotmail credentials marketed as valid mail access. The list was posted freely on a cracking forum and appears to be intended for credential stuffing or account takeover activity.
Date: 2026-05-11T02:14:04Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-20K-%E2%9C%A8-HOTMAIL-MIX-VALID-MAIL-ACCESS-%E2%9C%A8–2091910
Screenshots:
None
Threat Actors: DevelMakss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting France
Category: Combo List
Content: A user on a cracking forum shared what appears to be a French email:password combo list. The post requests that users do not leech, suggesting it is a free share. No further details about record count or data source are provided.
Date: 2026-05-11T02:13:41Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-FRANCE–2091013
Screenshots:
None
Threat Actors: FlightUSA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of URL login credential combo list
Category: Combo List
Content: A threat actor is distributing a URL:login:password combo list described as a new update (Part 9). The post offers minimal details but indicates more updates are forthcoming. The credentials appear to be compiled from multiple sources and are not tied to a single breached organization.
Date: 2026-05-11T02:13:19Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-BOX-MAIN-NEW-URL-LOG-PASS-11-05-26%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8FPART-9
Screenshots:
None
Threat Actors: BOXOWNER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of Hotmail credential hits
Category: Combo List
Content: A threat actor shared a combo list of 1,716 alleged Hotmail credential hits via an external paste link. The credentials are marketed as premium hits, suggesting they have been tested and verified against Hotmail accounts.
Date: 2026-05-11T02:12:46Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1716x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F–2291646
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 4,212 mixed mail credentials
Category: Combo List
Content: A threat actor shared a free combo list containing 4,212 mixed email credentials on a cracking forum. The list is described as premium mix mail hits and was made available via an external paste link.
Date: 2026-05-11T02:12:24Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-4212x-PREMIUM-MIX-MAIL-HITS%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F–2291667
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail credential combo list with 1,120 hits
Category: Combo List
Content: A threat actor shared a free combo list of 1,120 Hotmail credential hits via an external paste link. The credentials are marketed as premium hits suitable for credential stuffing against Hotmail accounts.
Date: 2026-05-11T02:12:10Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1120x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F–2291698
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list targeting Germany
Category: Combo List
Content: A threat actor shared a combo list of approximately 9,700 credential pairs via an external paste link. The list is described as mixed and marketed as valid, targeting German accounts.
Date: 2026-05-11T02:12:04Z
Network: openweb
Published URL: https://nulledbb.com/thread-9-7k-MIXED-GOOD-COMBO-VALIDITY-GERMANY–2291676
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email combo list with 64.3K credentials
Category: Combo List
Content: A threat actor is distributing a mixed email access combo list containing 64,300 credentials, marketed as valid and private. The list is dated May 11, 2026, and is available via a reply-gated download on the forum.
Date: 2026-05-11T02:08:39Z
Network: openweb
Published URL: https://altenens.is/threads/64-3k-sparkles-mix-sparkles-valid-mail-access-11-05.2937689/unread
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Cisco Secure Firewall Management Center RCE Vulnerability (CVE-2026-20131)
Category: Vulnerability
Content: A post shares details of CVE-2026-20131, a claimed critical vulnerability in Cisco Secure Firewall Management Center (FMC) Software. The flaw allegedly allows an unauthenticated remote attacker to execute arbitrary Java code as root via insecure deserialization of a user-supplied Java byte stream. A GitHub repository purportedly containing a PoC exploit is linked.
Date: 2026-05-11T01:59:25Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DOCUMENTS-Cisco-Secure-Firewall-Management-Center-vulnerability
Screenshots:
None
Threat Actors: DirtyEra
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Cisco
Victim Site: cisco.com
Alleged sale of mail access credentials and combo lists across multiple countries
Category: Logs
Content: Threat actor offering mail access credentials and combo lists (configs, scripts, tools, hits) for multiple countries including FR, BE, AU, CA, UK, US, NL, PL, DE, and JP. Service advertised through @DataxLogs channel with request-based availability.
Date: 2026-05-11T01:52:46Z
Network: telegram
Published URL: https://t.me/c/2613583520/79287
Screenshots:
None
Threat Actors: DataxLogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Italian email credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 3,000 Italian email and password pairs, marketed as mail access credentials. The post was shared on a public cracking forum and labeled as private data from the author.
Date: 2026-05-11T01:17:36Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%88%EF%B8%8F3-0k-ITALY-MAIL-ACCESS-MIX%E2%9C%88%EF%B8%8F-08-05
Screenshots:
None
Threat Actors: SecureTrax
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of URL:Login:Password combo list
Category: Combo List
Content: A threat actor on Cracked.st is distributing a URL:login:password combo list, posted as part of an ongoing series of updates. No specific victim organization or record count is disclosed.
Date: 2026-05-11T01:17:13Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-BOX-MAON-NEW-URL-LOG-PASS-11-05-26%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8FPART-1
Screenshots:
None
Threat Actors: BOXOWNER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged corporate email credential combo list with 75,818 lines
Category: Combo List
Content: A threat actor shared a combo list containing approximately 75,818 email and password pairs purportedly sourced from corporate accounts. The list is advertised as a 2026 leak. No further details are available from the post content.
Date: 2026-05-11T01:16:53Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-75-818-Lines-%E2%9C%85-Corp-mail-pass-Leaks-2026
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of URL:login:password combo list
Category: Combo List
Content: A threat actor distributed a URL:login:password combo list on a cracking forum, marketed as a new update with more updates promised. The post offers no details on record count or targeted services.
Date: 2026-05-11T01:16:31Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-BOX-MAIN-NEW-URL-LOG-PASS-11-05-26%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8FPART-2
Screenshots:
None
Threat Actors: BOXOWNER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of URL:login:password combo list
Category: Combo List
Content: A threat actor is distributing a URL:login:password combo list labeled as a new update (Part 3), posted on a combolist forum. The post advertises further updates and requests community support. No specific victim organization or record count is mentioned.
Date: 2026-05-11T01:16:03Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-BOX-MAIN-NEW-URL-LOG-PASS-11-05-26%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8FPART-3
Screenshots:
None
Threat Actors: BOXOWNER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of stealer logs (500 records)
Category: Logs
Content: A threat actor operating as KURZL0GS shared a batch of 500 stealer log records on a cracking forum. The logs are described as fresh and were made available for free.
Date: 2026-05-11T01:15:42Z
Network: openweb
Published URL: https://cracked.st/Thread-9-MAY-FRESH-L0GS-KURZL0GS-500PCS
Screenshots:
None
Threat Actors: KURZL0GS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of URL:login:password combo list
Category: Combo List
Content: A threat actor on Cracked.st is freely distributing a URL:login:password combo list described as a new update (Part 4). The post offers no details on record count or targeted services. Further updates are promised by the author.
Date: 2026-05-11T01:15:37Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-BOX-MAIN-NEW-URL-LOG-PASS-11-05-26%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8FPART-4
Screenshots:
None
Threat Actors: BOXOWNER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Germany mail:pass combo list with 100,725 lines
Category: Combo List
Content: A combo list advertised as containing 100,725 German email:password pairs was shared on a cracking forum. The list is marketed as unique and formatted as mail:pass credentials.
Date: 2026-05-11T01:15:18Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-100725-LINES-GERMANY-MAILPASS-2026-UNIQUE-COMBO–2092183
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 10 million URL:Login:Password combo list
Category: Combo List
Content: A threat actor operating under the alias ImLupin has freely distributed a combo list containing 10 million URL:login:password credential pairs, marketed as high quality and fresh as of May 2026. The list was shared on a public forum in exchange for reputation points and engagement.
Date: 2026-05-11T01:15:14Z
Network: openweb
Published URL: https://cracked.st/Thread-LUPIN-ULP-10-000-000-URL-LOGIN-PASS-HIGH-QUALITY-100-FRESH-05-10-2026
Screenshots:
None
Threat Actors: ImLupin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list targeting gaming services
Category: Combo List
Content: A combo list containing approximately 375,365 Hotmail credentials (hotmail.com, .fr, .es) is being shared on a cracking forum, marketed as targeting gaming services. The list consists of email:password pairs intended for credential stuffing against gaming platforms.
Date: 2026-05-11T01:14:58Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-375-365-hotmail-com-fr-es-Gaming-Target-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of private URL:Log:Pass (ULP) and Mail:Pass credential cloud service
Category: Services
Content: A threat actor operating as Raven Cloud is selling subscription-based access to private URL:Log:Pass (ULP) and Mail:Pass credential feeds sourced from paid log clouds, live traffic, and own traffic. Subscription tiers range from $10 for a one-day test to $600 for lifetime access. The service advertises antipublic, deduplicated credential lines and also offers a free weekly materials channel via Telegram.
Date: 2026-05-11T01:14:33Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-RAVEN-CLOUD-Private-URL-LOG-PASS-ULP-Cloud
Screenshots:
None
Threat Actors: Werajii
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of handmade financial account creation and KYC verification services
Category: Services
Content: A threat actor is offering account creation and KYC verification services for financial platforms including PayPal, KuCoin, Wise, and Airwallex. The seller advertises handmade accounts with bank verification capabilities. These services are marketed to forum members seeking fraudulent or anonymized access to financial platforms.
Date: 2026-05-11T01:14:10Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%90-GLOBAL-OPEN-UP-SERVICES-%E2%9A%A1-HANDMADE-ACCOUNTS-%E2%9A%A1-PAYPAL-%E2%80%A2-KUCOIN-%E2%80%A2-WISE-%E2%80%A2-AIRWALLEX-%E2%AD%90
Screenshots:
None
Threat Actors: Geminate
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list: mixed email:password credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 400 mixed email:password credential pairs on a public forum. The content is gated behind registration or login. No specific victim organization is identified.
Date: 2026-05-11T01:14:04Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%92%A0-0-4k-elite-mixed-email-pass-nokia-cloud-premier-drop-%F0%9F%92%A0
Screenshots:
None
Threat Actors: NokiaDB
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 100 Hotmail credentials, marketed as fresh, private, and non-recycled. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-11T01:13:38Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%9B%A1%EF%B8%8F-0-1k-fresh-secure-hotmail-100-private-encrypted-no-recycle-%F0%9F%9B%A1%EF%B8%8F
Screenshots:
None
Threat Actors: NokiaDB
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 7.1K credentials
Category: Combo List
Content: A threat actor shared a combo list of 7.1K Hotmail credentials via an external paste link, marketed as valid mail access. The list is freely distributed and appears intended for credential stuffing or account takeover activity.
Date: 2026-05-11T01:13:13Z
Network: openweb
Published URL: https://nulledbb.com/thread-7-1K-%E2%9A%A1Hotmail%E2%9A%A1Valid-Mail-Access-06-05–2291517
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 2,000 private mail credentials
Category: Combo List
Content: A threat actor has freely shared a combo list of approximately 2,000 email credentials via an external paste site. The post markets these as fully valid and sourced from private mail accounts. No specific victim organization or country is identified.
Date: 2026-05-11T01:12:54Z
Network: openweb
Published URL: https://nulledbb.com/thread-2k-FULL-VALID-COMBO-PRIVATE-MAILS-ACCESS–2291546
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Neptune RAT Special Edition malware shared on hacking forum
Category: Malware
Content: A forum post shares a link to Neptune RAT Special Edition, a remote access trojan (RAT), via an external paste service. The post appears to distribute or discuss the malware within a cracking/hacking forum context.
Date: 2026-05-11T01:12:50Z
Network: openweb
Published URL: https://nulledbb.com/thread-Neptune-RAT-Special-Edition-Rising-discussions-on-hacking-forums–2291508
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Denmark email:password credentials
Category: Combo List
Content: A threat actor has freely shared a combo list containing over 33,000 Denmark-based email:password credential pairs. The list is marketed as fresh, dated 9-5-2026, and distributed via an external paste service.
Date: 2026-05-11T01:12:32Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%A6%E2%9C%A6-33-K-%E2%9C%A6-Denmark-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-9-5-2026-%E2%9C%A6%E2%9C%A6–2291567
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of mixed mail lines distributed freely
Category: Combo List
Content: A threat actor shared a combo list described as X700 Mixed Mail Lines via an external paste link. The post offers no additional details regarding the source, format, or volume of the credentials.
Date: 2026-05-11T01:12:29Z
Network: openweb
Published URL: https://nulledbb.com/thread-X700-Mixed-Mail-Lines–2291587
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
New Zealand email:password combo list freely distributed
Category: Combo List
Content: A threat actor shared a combo list of approximately 29,000 email:password credential pairs purportedly associated with New Zealand users. The list was made available for free via an external paste link and is marketed as fresh, dated April 29, 2026.
Date: 2026-05-11T01:12:14Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%A6%E2%9C%A6-29-K-%E2%9C%A6-New-Zealand-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-29-4-2026-%E2%9C%A6%E2%9C%A6–2291596
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of URL:Log:Pass combo list
Category: Combo List
Content: A threat actor shared a URL:LOG:PASS combo list containing approximately 5.7 million credential pairs via an external paste link. The list is marketed as private and UHQ (ultra-high quality). No specific victim organization is identified.
Date: 2026-05-11T01:12:10Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9A%A1-5-7M-URL-LOG-PASS-PRIVATE-UHQ-08-02-2025%E2%9A%A1–2291616
Screenshots:
None
Threat Actors: Magites
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Willa Pod Jarzabami by Inside Alone7 (Hidden Cyber Crime)
Category: Defacement
Content: On May 11, 2026, a threat actor known as Inside Alone7, operating under the group Hidden Cyber Crime, defaced the website of Willa Pod Jarzabami, a Polish hospitality establishment. The attack was a targeted single-site defacement, not classified as mass or home page defacement. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-11T01:09:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919382
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Poland
Victim Industry: Hospitality / Tourism
Victim Organization: Willa Pod Jarzabami
Victim Site: www.willapodjarzabami.pl
Website Defacement of kjliderwroblowka.pl by Inside Alone7 of Hidden Cyber Crime
Category: Defacement
Content: On May 11, 2026, a threat actor operating under the handle Inside Alone7, affiliated with the group Hidden Cyber Crime, defaced a file on the Polish website kjliderwroblowka.pl. The incident targeted a specific text file (1000.txt) rather than the sites homepage, indicating a targeted file-level defacement. The attack was neither a mass defacement nor a redefacement, and server details remain unknown.
Date: 2026-05-11T01:08:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919383
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Kjlider Wróblówka
Victim Site: kjliderwroblowka.pl
Website Defacement of TFP Medical Packaging by Hidden Cyber Crime (Inside Alone7)
Category: Defacement
Content: On May 11, 2026, a threat actor operating under the alias Inside Alone7, affiliated with the group Hidden Cyber Crime, defaced the website of TFP Medical Packaging, a company operating in the medical packaging sector. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity. The attack details, including the server environment and attacker motivation, remain undisclosed.
Date: 2026-05-11T01:05:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919389
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Unknown
Victim Industry: Healthcare / Medical Packaging
Victim Organization: TFP Medical Packaging
Victim Site: tfp-medicalpackaging.com
Website Defacement of Bus Stop Solutions by Inside Alone7 (Hidden Cyber Crime)
Category: Defacement
Content: On May 11, 2026, a threat actor identified as Inside Alone7, affiliated with the group Hidden Cyber Crime, defaced a page on the website www.busstopsolutions.com. The incident was a targeted single-page defacement rather than a mass or home page defacement. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-05-11T01:04:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/919388
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Unknown
Victim Industry: Transportation / Infrastructure Solutions
Victim Organization: Bus Stop Solutions
Victim Site: www.busstopsolutions.com
Free combo list of 4,927 UHQ mixed credentials
Category: Combo List
Content: A threat actor shared a combo list of 4,927 UHQ mixed credentials via Pasteview. The list is described as ultra-high quality and is being distributed freely on the forum.
Date: 2026-05-11T01:01:34Z
Network: openweb
Published URL: https://altenens.is/threads/4927x-uhq-mix_-ebbi_cloud.2937651/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 4,997 UHQ mixed credentials
Category: Combo List
Content: A threat actor shared a combo list of 4,997 UHQ (ultra-high quality) mixed credentials via Pasteview. The list is described as mixed, indicating credentials span multiple services or platforms.
Date: 2026-05-11T01:01:06Z
Network: openweb
Published URL: https://altenens.is/threads/4997x-uhq-mix_-ebbi_cloud.2937652/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 10,015 mixed credentials
Category: Combo List
Content: A threat actor shared a combo list of 10,015 mixed credentials via Pasteview. The list is described as UHQ (ultra-high quality) and is being distributed for free on a cybercrime forum.
Date: 2026-05-11T01:00:37Z
Network: openweb
Published URL: https://altenens.is/threads/10015x-uhq-mix_-ebbi_cloud.2937653/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 11,752 UHQ mixed credentials
Category: Combo List
Content: A threat actor shared a combo list of 11,752 mixed credentials via Pasteview. The list is marketed as ultra-high quality (UHQ) and is freely distributed on the forum.
Date: 2026-05-11T01:00:10Z
Network: openweb
Published URL: https://altenens.is/threads/11752x-uhq-mix_-ebbi_cloud.2937654/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 13,030 UHQ mixed credentials
Category: Combo List
Content: A threat actor shared a combo list of 13,030 UHQ mixed credentials via Pasteview. The list is marketed as high quality and appears to target multiple services. No specific victim organization is identified.
Date: 2026-05-11T00:59:44Z
Network: openweb
Published URL: https://altenens.is/threads/13030x-uhq-mix_-ebbi_cloud.2937655/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting Java accounts
Category: Combo List
Content: A threat actor shared a set of 25 Java account credentials via an external paste link. The post directs users to a Telegram channel for future drops.
Date: 2026-05-11T00:45:33Z
Network: openweb
Published URL: https://crackingx.com/threads/74865/
Screenshots:
None
Threat Actors: kivaaq
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of balance-related combo list or credential drops
Category: Combo List
Content: A forum user shared an external link and Telegram channel advertising balance drops, likely referring to credentials or accounts with associated balances. No further details about the content, volume, or target service are provided in the post.
Date: 2026-05-11T00:44:59Z
Network: openweb
Published URL: https://crackingx.com/threads/74868/
Screenshots:
None
Threat Actors: kivaaq
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cPanel credentials shared freely on cracking forum
Category: Combo List
Content: A threat actor shared a collection of cPanel credentials via an external paste service on a cracking forum. The post promotes a Telegram channel associated with the actor. No specific victim organizations or record counts were disclosed.
Date: 2026-05-11T00:44:11Z
Network: openweb
Published URL: https://crackingx.com/threads/74873/
Screenshots:
None
Threat Actors: 1VOID032
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of Laravel and SMTP login credentials combo list
Category: Combo List
Content: A threat actor shared a combo list containing Laravel and SMTP login credentials via an external paste link. The content was distributed freely alongside a Telegram channel. No specific victim organization or record count was disclosed.
Date: 2026-05-11T00:43:36Z
Network: openweb
Published URL: https://crackingx.com/threads/74875/
Screenshots:
None
Threat Actors: 1VOID032
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed streaming service combo list (12 million records)
Category: Combo List
Content: A threat actor is offering a mixed streaming service combo list containing approximately 12 million credential pairs via a Telegram channel. The post advertises free combo lists and tools through associated Telegram groups. No specific breached organization is identified; the credentials are intended for credential stuffing against streaming platforms.
Date: 2026-05-11T00:39:50Z
Network: openweb
Published URL: https://crackingx.com/threads/74896/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed combo list with 1,608 entries
Category: Combo List
Content: A threat actor is selling a mixed combo list containing 1,608 credential entries, with tiered subscription pricing ranging from $3 for a 24-hour trial to $100 for three months. A partial free download is advertised via Telegram and an external paste service.
Date: 2026-05-11T00:39:28Z
Network: openweb
Published URL: https://crackingx.com/threads/74897/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 11 million mixed-country combo list
Category: Combo List
Content: A threat actor is offering an 11 million mixed-country combo list, directing interested parties to a Telegram channel for access. The post advertises both free combos and free programs via separate Telegram groups.
Date: 2026-05-11T00:38:53Z
Network: openweb
Published URL: https://crackingx.com/threads/74901/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 4 million mixed mail:pass credentials offered for free
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 4 million mixed mail:password credentials, marketed as fresh. The credentials are being shared freely via Telegram channels and groups operated by the actor.
Date: 2026-05-11T00:38:32Z
Network: openweb
Published URL: https://crackingx.com/threads/74902/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mail:pass combo lists for multiple countries
Category: Combo List
Content: A threat actor is offering mail:pass combo lists targeting users from multiple countries including Ireland, Thailand, Vietnam, Indonesia, Pakistan, Afghanistan, South Africa, Morocco, Algeria, Tunisia, Georgia, Armenia, Uzbekistan, and Turkmenistan. The credentials are being distributed via Telegram channels and advertised on a cracking forum.
Date: 2026-05-11T00:37:51Z
Network: openweb
Published URL: https://crackingx.com/threads/74904/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting unspecified service
Category: Combo List
Content: A threat actor operating under the alias CODER is advertising combo lists via Telegram channels, offering both free and paid credentials. No specific target service, record count, or data details are disclosed in the post.
Date: 2026-05-11T00:36:46Z
Network: openweb
Published URL: https://crackingx.com/threads/74910/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 9.8M username:login:password combo list targeting multiple countries
Category: Combo List
Content: A threat actor is offering for sale a combo list of approximately 9.8 million username:login:password credentials, marketed as private and high quality. The list is advertised as targeting users from the USA, UK, Germany, Poland, and other European countries.
Date: 2026-05-11T00:18:57Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%8E%9D-9-8M-U-L-P-%E2%8E%A0%E2%9A%A1100-PRIVATE%E2%9A%A1HIGH-QUALITY-LOGS%E2%9A%A1COUNTRY-TARGET-USA-UK-DE-PL-EUROPE-ETC%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of stealer logs (1.3GB)
Category: Logs
Content: A threat actor on Cracked.st is freely distributing 1.3GB of stealer logs described as full logs. No specific victim organization or country is identified in the post.
Date: 2026-05-11T00:18:31Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-1-3GB-%E2%AD%90%EF%B8%8F-STEALER-LOGS-FULL-LOGS-%E2%AD%90%EF%B8%8F–2092140
Screenshots:
None
Threat Actors: DevelMakss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 60 million URL:Login:Password combo list
Category: Combo List
Content: A threat actor has shared a combo list containing approximately 60 million URL:login:password credential pairs. The post markets the list as high quality. No specific victim organization or breach source is identified.
Date: 2026-05-11T00:17:57Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-60M-%E2%9A%A1-URL-LOGIN-PASS-HQ-%E2%9A%A1
Screenshots:
None
Threat Actors: DevelMakss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 11.8 million credentials freely shared on cracking forum
Category: Combo List
Content: A threat actor known as MetaCloud3 shared a combo list of 11.8 million URL:login:password (ULP) credential pairs on a cracking forum, marketed as private and fresh. The post claims the lines are of good quality. No specific victim organization is identified.
Date: 2026-05-11T00:16:40Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E3%80%8C11-8-MILLIONS-%E3%80%8D%E2%9A%A1-ULP%E2%9A%A1-100-PRIVATE-LINES-%E2%9A%A1-FRESH-%E2%9A%A1GOOD-QUALITY%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Large-scale combo list distribution of 511 GB ULP credential lines
Category: Combo List
Content: A threat actor shared a 511 GB collection of URL:Login:Password (ULP) credential lines, claimed to be previously unreleased and unused. The dataset was made available for free on a cybercrime forum.
Date: 2026-05-11T00:16:12Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-511-GB-PRIVATE-ULP-LINES-NEVER-SEEN-NOT-RAPED–2092171
Screenshots:
None
Threat Actors: Vaksen
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Italy combo list of 10,000 credentials
Category: Combo List
Content: A threat actor has shared a combo list of 10,000 email:password credentials purportedly sourced from Italian users, dated May 9, 2026. The list is marketed as UHQ (ultra-high quality) and was posted for free on a public forum.
Date: 2026-05-11T00:14:30Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-10k-UHQ-ITALY-COMBO-9-MAY-2026
Screenshots:
None
Threat Actors: Antaksio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed-country combo list targeting social media platforms
Category: Combo List
Content: A combo list containing approximately 894,550 email:password credential pairs targeting social media platforms has been posted on a cracking forum. The list is described as mixed-country in origin. No further details are available from the post content.
Date: 2026-05-11T00:13:37Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-894-550-%E2%9A%A1-Mixed-Country-Social-Target
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 4.5 million email:password combo list
Category: Combo List
Content: A threat actor on a cracking forum is distributing a combo list of approximately 4.5 million email:password pairs, marketed as fresh and high quality. The post encourages users to claim valid hits before others and references additional private bases available via Telegram.
Date: 2026-05-11T00:12:18Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8-4-5MILLION-EMAIL-PASS-FRESH-BASE-%E2%80%93-UHQ-PRIVATE-DATA
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 4.7 million email and password combo list
Category: Combo List
Content: A threat actor on a cracking forum has shared a combo list purportedly containing 4.7 million email and password pairs, marketed as fresh and high quality. The post encourages users to claim valid hits before others and directs interested parties to contact the author via Telegram or the forum for additional unreleased bases.
Date: 2026-05-11T00:11:51Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8-4-7MILLION-EMAIL-PASS-FRESH-BASE-%E2%80%93-UHQ-PRIVATE-DATA
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 7.9 million email and password combo list
Category: Combo List
Content: A threat actor on a cracking forum has shared a combo list containing approximately 7.9 million email and password pairs, marketed as fresh and high quality. The credentials are distributed freely and are intended for credential stuffing or account takeover activity.
Date: 2026-05-11T00:11:08Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8-7-9MILLION-EMAIL-PASS-FRESH-BASE-%E2%80%93-UHQ-PRIVATE-DATA
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 8 million email:password combo list
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 8 million email and password pairs, marketed as fresh and high quality. The post encourages users to claim credentials before others and advertises additional private bases available via Telegram or the forum.
Date: 2026-05-11T00:10:46Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8-8MILLION-EMAIL-PASS-FRESH-BASE-%E2%80%93-UHQ-PRIVATE-DATA
Screenshots:
None
Threat Actors: ZoneX404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 396,051 lines targeting social and shopping platforms
Category: Combo List
Content: A combo list containing 396,051 email:password lines has been shared on a cracking forum, marketed as suitable for credential stuffing against social media and shopping platforms. The post is attributed to the user HqComboSpace and references 2026 leaks.
Date: 2026-05-11T00:10:22Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-396-051-Lines-%E2%9C%85-Goods-For-Social-and-Shopping-Target-LEaks-2026
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 43.9K email combo list marketed for mail access
Category: Combo List
Content: A threat actor shared a combo list of approximately 43,900 email:password pairs marketed for mail account access. The post was made on a public cracking forum. No additional details about the source or targeted services are available.
Date: 2026-05-11T00:09:52Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-43-9k-COMBO-GOOD-FOR-MAILS-ACCESS
Screenshots:
None
Threat Actors: comboroboa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 650K HQ Mix Email:Pass Combo List
Category: Combo List
Content: A threat actor is offering a combo list of 650,000 email:password credential pairs for sale via Telegram. The actor also advertises free combo lists through a Telegram group.
Date: 2026-05-11T00:09:17Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-650K-HQ-MIX-DATA-1-Email-Pass-Combolists
Screenshots:
None
Threat Actors: Orthorons
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 780K Gmail email:password combo list
Category: Combo List
Content: A threat actor is offering for sale a combo list of 780,000 Gmail email:password pairs via Telegram. The post advertises high-quality databases for purchase and also promotes a Telegram group offering free combo lists.
Date: 2026-05-11T00:08:57Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-780K-HQ-GMAIL-1-Email-Pass-Combolists
Screenshots:
None
Threat Actors: Orthorons
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email credential combo list with 30K valid hits
Category: Combo List
Content: A threat actor is distributing a mixed email credential combo list claiming 30,000 valid hits. The post promotes a private channel for additional content and markets the credentials as verified. No specific victim organization or country is identified.
Date: 2026-05-11T00:08:34Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%AD%90%E2%AD%9030K-MIX-MAIL-ACCES-FULL-VALID-HITS%E2%AD%90-PRIVATE-UNRAPPED-DATA-%E2%AD%90%E2%AD%90–2092117
Screenshots:
None
Threat Actors: kingdevl10
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 480K Yahoo email:password combo list
Category: Combo List
Content: A threat actor is offering for sale a combo list of 480,000 Yahoo email and password pairs, marketed as high quality. The seller directs interested buyers to contact via Telegram and also advertises a Telegram group for free combo distributions.
Date: 2026-05-11T00:08:05Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-480K-HQ-YAHOO-1-Email-Pass-Combolists
Screenshots:
None
Threat Actors: Orthorons
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail email:password combo list
Category: Combo List
Content: A threat actor is selling a combo list of 425,000 Hotmail email:password pairs, marketed as high quality. The actor directs interested buyers to contact them via Telegram and also advertises free combo lists through a Telegram group.
Date: 2026-05-11T00:07:43Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-425K-HQ-HOTMAIL-1-Email-Pass-Combolists
Screenshots:
None
Threat Actors: Orthorons
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 5.7K credentials distributed on cracking forum
Category: Combo List
Content: A threat actor is distributing a combo list of 5,700 Hotmail credentials marketed as fresh valid hits. The post directs users to a private channel via Telegram for access to additional data. Content is offered freely in exchange for engagement (likes/reputation).
Date: 2026-05-11T00:07:19Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%AD%90%E2%AD%905-7K-FRESH-HOTMAIL-VALID-HITS-ONLY-%E2%AD%90-PRIVATE-UNRAPPED-DATA-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: kingdevl10
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 4,000 Hotmail valid credentials
Category: Combo List
Content: A threat actor shared a combo list of over 4,000 Hotmail valid credentials. The post claims the list contains working email and password pairs dated October 5th.
Date: 2026-05-11T00:06:36Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-4-000-HOTMAIL-VALIDS-05-10
Screenshots:
None
Threat Actors: ImLupin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 130K UHQ Mixed Mail Credentials
Category: Combo List
Content: A threat actor is distributing a combo list advertised as containing 130,000 mixed mail credentials marketed as fresh and high quality. The post is sponsored by slateaio.com. No specific breach source or victim organization is identified.
Date: 2026-05-11T00:06:13Z
Network: openweb
Published URL: https://cracked.st/Thread-130K-UHQ-MIXED-MAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 2.9 million mix data combo list
Category: Combo List
Content: A threat actor is offering a mixed combo list of 2.9 million email:password credentials for sale via Telegram, while also advertising free combos through a Telegram group.
Date: 2026-05-11T00:05:41Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-2-9M-MIX-DATA-Combolists
Screenshots:
None
Threat Actors: Orthorons
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 40,000 United States SUHQ Mail:Password Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 40,000 mail:password credential pairs described as SUHQ (Super Ultra High Quality) sourced from United States users.
Date: 2026-05-11T00:05:19Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-40-000-SUHQ-UNITED-STATES-DATA-MAIL-PASSWORD
Screenshots:
None
Threat Actors: ImLupin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mixed Country Combo List
Category: Combo List
Content: A combo list containing approximately 100,271 email and password pairs from mixed countries is being shared on the forum. The list is marketed as corporate credentials.
Date: 2026-05-11T00:04:56Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-100-271-%E2%AD%90%EF%B8%8F-Mixed-Country-Corp
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Outlook combo list with 64K credentials
Category: Combo List
Content: A threat actor is offering for sale a combo list of 64,000 purported Outlook email:password credentials via Telegram. The actor also advertises a Telegram group distributing free combo lists.
Date: 2026-05-11T00:04:25Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-64K-HQ-OUTLOOK-Combolists
Screenshots:
None
Threat Actors: Orthorons
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Gmail email:password combo list (780K records)
Category: Combo List
Content: A threat actor is selling a combo list marketed as 780K high-quality Gmail email:password credentials. The actor directs interested buyers to a Telegram channel and also advertises free combo lists via the same channel.
Date: 2026-05-11T00:03:54Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-780K-HQ-GMAIL-2-Email-Pass-Combolists
Screenshots:
None
Threat Actors: Orthorons
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged combo list of German mixed-domain credentials (293,404 lines)
Category: Combo List
Content: A threat actor shared a combo list containing 293,404 email:password lines described as Germany mixed-domain leaks. The list was posted on a public combolist forum and appears to aggregate credentials from multiple sources.
Date: 2026-05-11T00:03:30Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-293-404-Lines-%E2%9C%85-Germany-Mixed-Domain-leaks
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: UK Mail:Password credentials (15,000 records)
Category: Combo List
Content: A threat actor shared a combo list of approximately 15,000 UK email:password pairs, marketed as SUHQ (Super Ultra High Quality). The list was distributed freely on the forum.
Date: 2026-05-11T00:03:01Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-15-000-SUHQ-UNITED-KINGDOM-DATA-MAIL-PASSWORD
Screenshots:
None
Threat Actors: ImLupin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 25,000 Canada MAIL:PASSWORD credentials shared freely
Category: Combo List
Content: A threat actor shared a combo list of over 25,000 Canadian email:password pairs on a public forum. The credentials are marketed as super ultra high quality (SUHQ). No specific breached organization is identified.
Date: 2026-05-11T00:02:16Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-25-000-SUHQ-CANADA-DATA-MAIL-PASSWORD
Screenshots:
None
Threat Actors: ImLupin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail combo list with 60K credentials
Category: Combo List
Content: A threat actor shared a combo list containing approximately 60,000 Hotmail credentials described as valid mail access. The list is offered for free on a cracking forum. Content appears to be a mix of email and password pairs intended for credential stuffing.
Date: 2026-05-11T00:01:20Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-60K-%E2%9C%A8-HOTMAIL-MIX-VALID-MAIL-ACCESS-%E2%9C%A8
Screenshots:
None
Threat Actors: DevelMakss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of compromised streaming service accounts including Netflix, Disney+, and others
Category: Services
Content: A threat actor is offering compromised or unauthorized premium streaming accounts for sale, including Netflix, Disney+, YouTube, HBO Max, Crunchyroll, IPTV, F1 TV, Deezer, and X Premium. The seller advertises cheap prices, instant delivery, and yearly plans. Contact is facilitated via Telegram and Discord.
Date: 2026-05-11T00:00:14Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%90-STREAMING-HUB-%E2%AD%90-TRUSTED-SELLER-%E2%9C%85-%E2%9A%A1NETFLIX-%E2%9A%A1MAX-%E2%9A%A1PRIME-%E2%9A%A1DISNEY-%E2%9A%A1IPTV-MORE
Screenshots:
None
Threat Actors: A_W_Shop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown