[May-13-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This report provides a detailed, comprehensive analysis of over 550 cyber incidents detected and recorded primarily on May 12, 2026. The intelligence gathered is sourced from a variety of dark web and open-web cybercrime forums, including cracked.st, patched.to, breachforums.rs, nulledbb.com, altenens.is, darkforums.su, and illicit Telegram channels. The threat landscape depicted in these threads reveals a highly active, commodified, and segmented cybercrime ecosystem.

The most prominent threats identified in this dataset are the massive distribution of credential combo lists—amounting to hundreds of millions of exposed records—and high-impact data breaches targeting both government and private sector organizations globally. Furthermore, the dataset highlights widespread website defacements, the sale of Initial Access Broker (IAB) services, malware distribution (including ransomware and stealer logs), and fraudulent cybercrime-as-a-service (CaaS) offerings such as streaming account upgrades, stolen payment cards, and even counterfeit currency.

2. Threat Landscape and Typology of Cyber Incidents

2.1. Credential Harvesting and Combo Lists

The most frequent type of incident in the dataset is the distribution and sale of “Combo Lists” (combinations of emails/usernames and passwords), which are primarily used by threat actors for automated credential stuffing and account takeover (ATO) attacks. These lists are heavily marketed using buzzwords like “UHQ” (Ultra-High Quality), “SUHQ” (Super Ultra-High Quality), “Fresh,” and “Private”.

Massive Scale General and Provider-Specific Lists:

Gmail & Yahoo: The threat actor Vows is a prolific distributor of massive combo lists. Recorded incidents include the distribution of an 8.7 million Gmail credential list, a 1.5 million Gmail list, a 1.4 million Yahoo list, and a 50,000 Yahoo list. Another actor, D4rkNetHub, sold and distributed multiple Gmail lists, including blocks of 100,000 and 35,700 credentials.
Hotmail & Outlook: Hotmail and Outlook credentials are exceptionally common. Vows distributed 1.1 million Hotmail and 430,000 Outlook credentials. Threat actors like wasifurkchut, s2lender, CloudBase, and SupportHotmail routinely drop lists ranging from 500 to 30,000 Hotmail credentials.
Mixed & URL:Log:Pass (ULP) Lists: Massive aggregation lists are shared for broader automated attacks. Actor Daxus (via Fragtez) shared a 47.2 million record list and a 58.47 million ULP list. Actor DevelMakss dropped an 80 million ULP list. Actor marshel distributed a staggering 782 million ULP stealer log dataset, and wqorldks sold 988.7 GB of ULP credentials across 10,080 files. Another actor, ippsecrocks07, offered a 26GB file containing 37.8 million ULP lines.

Geographically and Sector-Targeted Combo Lists:

Many actors meticulously curate and sort their databases by country or industry to maximize their value to specialized attackers.

Geographical Targeting: Threat actor Fragtez dominates the distribution of geographically targeted combo lists. Fragtez distributed lists for France (1.54 million records), Spain (362,000 records via thejackal101), Mexico (151,000 records), Belgium (86,000 records), South Africa (58,000 records), Greece (46,000 records), Latvia (35,000 records), South Korea (23,000 records), Serbia (18,000 records), Kenya (17,000 records), Costa Rica (11,000 records), and Croatia (15,000 records). Actor CobraEgy also distributed lists for Serbia, Singapore, and Slovenia.
Sector Targeting: Actor HqComboSpace and Ra-Zi distributed multiple lists targeting the Education sector (151,886, 134,982, and 104,000 records). HqComboSpace also targeted shopping/e-commerce platforms (1.28 million records). CODER focused on the corporate and financial sectors, distributing a 7 million and a 12 million corporate business combo list, as well as an 8 million record list targeting banking and crypto platforms like Banco Santander, BBVA, and Mizuho Bank.

2.2. High-Impact Data Breaches and Data Leaks

The report details severe data breaches impacting government, retail, transportation, technology, and healthcare sectors.

Government and Law Enforcement:

Korps Brimob (Indonesian Police): Threat actor BabayoErorSystem freely distributed a database of 28,000 records belonging to the Indonesian National Police mobile brigade corps.
Virginia Department of Wildlife Resources (USA): Actor wikkid leaked 286,620 records containing highly sensitive PII, including full names, SSNs, driver’s licenses, biometrics, and hunting license histories.
Agence Nationale des Titres Sécurisés (France): Actor NormalLeVrai claimed a ransomware breach of the French National Agency for Secure Documents, demanding $20,000 and threatening to release 13 million records.
Marches Publics (France): Actor lazasec leaked 14 million documents and records from the French government public procurement platform.
African National Congress (South Africa): Actor wilson008 sold a database of 2 million records containing the full membership list of the ANC, including RSA ID numbers, birth dates, and physical addresses.
DPR RI (Indonesia): Actor JAX7 breached and leaked databases from the Indonesian House of Representatives and various local community organizations like BPJS RT/RW.
Kuwait Public Authority for Civil Information (PACI): A politically motivated threat actor breached PACI, exposing 5.23 million ID photo records, residential mapping, and demographic data.

Corporate, Retail, and Technology:

eZhire Car Rentals (UAE): Actor wikkid sold a massive 1.3TB data dump containing 906,492 customer records, KYC photos (passports/IDs), GPS coordinates, RSA private keys, and source code.
Instagram and TikTok: BabayoErorSystem shared 5.2 million scraped Instagram records, while kkkreoifezrg leaked an additional 17 million scraped Instagram profiles. JAX7 breached and distributed credentials for 10,000 TikTok accounts.
Substack (USA): wikkid leaked a database of 697,313 Substack user records, including Stripe customer IDs and phone numbers.
NetJets Aviation (USA): Actor Vyntra leaked 100,000 records containing personal names, aircraft tail numbers, and internal identifiers.
Sport 2000 & i-Run (France): French retailers were heavily targeted. kkkreoifezrg leaked 150,000 records from Sport 2000, and lowiqq leaked 1.2 million customer records from i-Run.
Binance & Crypto Platforms: Actor saref43135 offered 1.5 million Binance US user phone records. Actor Draco sold a database of 80,000 Coinbase users. Another actor, MichelMonet, sold a database from a crypto tax platform containing wallet addresses and balances from Binance, Coinbase, and Gemini.
Ersten Group LTD (Stalkerware): Actor wikkid leaked customer subscription data for “Struktura,” a stalkerware developer operating 26 different tracking software brands, exposing user IDs and hashed payment data.

2.3. Website Defacement and Hacktivism

Website defacement remains a prevalent form of cyber vandalism and hacktivism, primarily targeting under-secured WordPress or Linux-based servers. Defacements are routinely archived on mirror sites like haxor.id, hack-db.org, and zone-xsec.com as proof of compromise.

DimasHxR: A highly active independent defacer responsible for compromising numerous sites, including p-gamma.com, CoreMedTech, localsoccernews.com, okuloncesiboyama.com, casaoffmarket.fr, and pexpe.com. DimasHxR typically alters a readme.txt file or a specific HTML page.
Inside Alone7 (Hidden Cyber Crime): This actor/group systematically defaced organizational and religious sites, including lorieninstruments.com, cepurhuye.rw (redefacement), scribal.be (redefacement), findpeacewithgod.com, and reflectionscounselingtexas.com.
Babayo Eror System & Affiliates: Indonesian hacktivist groups defaced various sites. Mr.PIMZZZXploit defaced ascogo.co.id and 37 subdomains of demowebsiteclient.com. 4zz_30 (JABAR ERROR SYSTEM) defaced the Brazilian government consortium consorciociga.gov.br, uploading an RCE proof-of-concept.
Anonym (3XPLOIT.ID): Executed mass defacements against Brazilian targets, including konver.com.br.
Miyomar (Indonesian Payload Party): Defaced the Thai technology company CSI Tech.

2.4. Initial Access Brokers (IAB), Carding, and Cybercrime Services

The forums analyzed operate as fully-fledged illicit marketplaces offering specialized services to facilitate further cybercrime.

Initial Access and Hosting:

Law Enforcement Portals: Actor 0056113 sold compromised law enforcement and government email credentials and police portal access across Thailand, Brazil, Argentina, Malaysia, and others. These are explicitly marketed for submitting fraudulent Emergency Data Requests (EDRs) to tech giants like Apple, Microsoft, Meta, and TikTok to extract sensitive user data.
RDP and VPS Hosting: Actors like SeoHide, Jumperr (RDPWindows), and PORTAL sell bulletproof or compromised VPS, RDP, and VDS servers in the US, Netherlands, and globally. These are heavily advertised for VPNs, proxying, botting, and high-load DDoS or spamming applications.
AWS SMTP Access: Actor imi_jav1995 sold AWS Amazon SMTP access capable of bypassing spam filters to deliver 50,000+ messages to Office365 and Hotmail, specifically designed for phishing and spam campaigns.

Carding and Fraud Services:

Stolen Credit Cards: Actors like Miles121, Sirfergus, and Pepecard run dedicated carding operations. They sell live non-VBV credit cards, EBT cards with PINs, and full bank logs linked to CashApp, PayPal, and Apple Pay for fraudulent transfers.
Account Upgrades: A highly commodified service involves illicitly upgrading personal accounts for streaming and software services. Actor AairaX dominated this space, selling lifetime or 1-year upgrades with a “0% kick rate” for Netflix, Spotify, Canva Pro, Microsoft 365, YouTube Premium, Xbox Game Pass, and Adobe. Actor secur3rat sold deeply discounted access to Perplexity AI Pro, Intercom Pro, Amazon Prime Video, and Hostinger.
Certification Vouchers: Actor wavesub sold heavily discounted certification exam vouchers for Fortinet, Microsoft Azure, AWS, and CompTIA, allowing unqualified individuals to fraudulently obtain cybersecurity and cloud certifications.
KYC Bypass & Counterfeiting: Actor Zyrelin sold a course on bypassing KYC at neobanks using virtual cards and proxies. Astonishingly, actor Isa utilized Telegram to sell premium counterfeit currency guaranteed to bypass verification machines. Legal services shielding threat actors via “European attorney-client privilege” were also offered by LeadRoedl.

2.5. Malware, Ransomware, and Exploitation Tools

The deployment and monetization of malware form the technical backbone of the observed credential theft and network intrusions.

Ransomware Source Code: The Infrastructure Destruction Squad advertised the full source code for the BLACKNET-00 ransomware framework for $500. This advanced malware features Task Manager evasion, Windows Defender/SmartScreen disabling, data theft modules (crypto wallets, webcams, keylogging, WiFi passwords), and XMR cryptocurrency ransom interfaces.
Stealer Logs: Infostealers are the primary source of the massive ULP combo lists. Massive dumps of RedLine stealer logs (1.5GB to 3GB) and BeeTraffic stealer logs were freely distributed by actors like kingdevl10, primedata, and inspctr.
Supply Chain Attacks: A massive cyberattack was reported targeting npm and PyPI repositories. Attackers compromised developer credentials to inject self-replicating credential-stealing malware into legitimate packages like TanStack and Mistral AI.
Zero-Day Exploits: Actor berz0k attempted to sell a Linux Local Privilege Escalation (LPE) zero-day exploit on a darknet forum. Furthermore, Google reported an AI-generated Python zero-day exploit designed to bypass 2FA in open-source web management systems.
Automated Wallet Drainers: Actor crypto_brave advertised an automated cryptocurrency wallet exploitation service, checking a database of 1.3 billion wallets across 250 blockchains, offering a 70% payout split to clients.

3. Key Threat Actor Profiles

Analyzing the frequency and severity of posts allows for the profiling of several highly active threat actors shaping the May 2026 cybercrime landscape:

Vows: An elite data aggregator and distributor focused strictly on ultra-high-quality (UHQ) combo lists. Vows’ distributions consistently range in the millions (e.g., 8.7M Gmail, 1.4M Yahoo) and are heavily sponsored by AIO checker services, indicating strong ties to the credential stuffing infrastructure market.
Fragtez & Daxus: Fragtez specializes in curated, country-specific combo lists, suggesting they possess localized stealer logs or segmented breach data. Daxus operates as a premium provider of ULP databases (e.g., 58.47M and 22.52M records).
wikkid: A highly dangerous and capable data breach broker. Wikkid is responsible for leaking extremely sensitive and damaging databases, including stalkerware records (Struktura), UAE KYC documents (eZhire), and US state government PII (Virginia DWR, Texas Parks and Wildlife). Their activity signifies deep network intrusions and unmitigated data exfiltration.
s2lender: Operates a private, subscription-based cloud infrastructure for credential distribution. Unlike actors who dump millions of old records, s2lender focuses on providing 4,000 to 12,000 “fresh,” daily, untouched credentials specifically optimized for active credential stuffing.
lazasec: A threat actor demonstrating a distinct geographical focus on French infrastructure, successfully breaching government portals (Marches Publics), medical funds (CARMF), and retail chains (DELKO).
JAX7 & Babayo Eror System: Prominent Indonesian threat actors. JAX7 focuses on leaking Indonesian government data (DPR RI, BPJS) and social media accounts (TikTok). Babayo Eror System engages in both high-profile data leaks (Korps Brimob) and widespread hacktivist defacements.
AairaX: The premier vendor for CaaS account upgrades, monopolizing the forum market for illicit lifetime access to streaming, design, and productivity platforms using unauthorized billing bypasses or stolen infrastructure.

4. Victimology and Target Analysis

The telemetry from these incidents reveals distinct targeting patterns:

Geographic Focus: While the United States remains a constant target (e.g., Substack, TraxNYC, NASA, Virginia DWR, Binance US) , there is a massive surge in localized attacks against Indonesia (government agencies, police, retailers) and France (government procurement, health systems, e-commerce). Brazil and the UK also appear frequently in both defacements and targeted combo lists.
Industry Focus:
- Government: Highly targeted for PII and operational disruption. The sale of police portal access for forged EDRs represents a critical escalation in social engineering and data extortion.
- Retail/E-commerce & SaaS: Targeted heavily for financial data, Stripe IDs, and credential reuse (e.g., Substack, i-Run, Habibs, Customer.io).
- Education: Targeted for user data and potentially lateral movement into research infrastructure (e.g., Duolingo, Guidely, Smart Base Fizmasoft).

5. Infrastructure and Monetization Mechanics

The cybercrime ecosystem relies heavily on specialized platforms and communication channels.

Telegram: The primary vector for real-time transactions, automated bot services (e.g., BradMax’s log bot, crypto_brave’s wallet drainer), and C2 (Command & Control) communications.
Cloud Hosting: Threat actors extensively utilize platforms like Mega.nz, Pasteview, MediaFire, and custom private clouds to host terabytes of stolen data (e.g., the 1.3TB eZhire dump or 988GB ULP logs).
Monetization Pipeline: The lifecycle is strictly defined. Malware developers (Infrastructure Destruction Squad) sell tools. Distributors (kingdevl10) deploy stealers and collect logs. Aggregators (Vows, Fragtez) parse logs into combo lists. Finally, operators use tools (SilverBullet, Mega.nz checkers) to conduct credential stuffing, selling the verified outputs (streaming accounts, payment methods) back to the public via vendors like AairaX or Pepecard.

6. Conclusion

The threat intelligence derived from this dataset highlights a heavily industrialized cybercrime economy operating openly on clear-net and dark-net forums. The barrier to entry for conducting cyber attacks has been drastically lowered through the proliferation of Initial Access Brokers, credential combo lists, and highly sophisticated, commercially available malware.

The staggering volume of credentials—totaling nearly a billion exposed records across various lists—underscores the severe and ongoing risk of credential stuffing and password reuse attacks. Furthermore, the targeted breaches against government entities, particularly in Indonesia and France, demonstrate that threat actors possess the capability to infiltrate critical state infrastructure.

To mitigate these threats, organizations must enforce stringent multi-factor authentication (MFA) to combat the efficacy of combo lists, actively monitor dark web repositories for their corporate domains, and secure their supply chains against emerging threats like the NPM/PyPI malware injections and AI-generated zero-day exploits. The rampant sale of AWS SMTP servers and law enforcement portal access further dictates that email security protocols and strict verification for emergency data requests are paramount.

Detected Incidents Draft Data

Sale of corporate email:password combo list
Category: Combo List
Content: A threat actor is offering a private combo list of 100,000 corporate email:password credential pairs. The content is gated behind registration or login on the forum. No specific victim organization or country is identified.
Date: 2026-05-12T23:48:14Z
Network: openweb
Published URL: https://patched.to/Thread-email-pass-100k-corp-%E2%9A%AA-high-quality-private-combolist-2-%E2%9A%AA
Screenshots:
None
Threat Actors: uhqcomboseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed mail access combo list
Category: Combo List
Content: A threat actor is offering 950 mixed mail access credentials marketed as fresh via a Telegram channel. Private access to additional credentials is available for purchase via direct message.
Date: 2026-05-12T23:48:04Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85%E2%9C%A8-950X-HQ-FRESH-MIX-MAIL-ACCESS-%E2%9C%85%E2%9C%A8
Screenshots:
None
Threat Actors: wasifurkchut
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of corporate email:password combo list
Category: Combo List
Content: A threat actor is offering a private combo list of 100,000 corporate email and password pairs for sale. The content is hidden behind a registration or login requirement. The post markets the credentials as high quality and private.
Date: 2026-05-12T23:47:48Z
Network: openweb
Published URL: https://patched.to/Thread-email-pass-100k-corp-%E2%9A%AA-high-quality-private-combolist-3-%E2%9A%AA
Screenshots:
None
Threat Actors: uhqcomboseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A threat actor is distributing approximately 699 Hotmail credentials, marketed as high-quality and fresh, via a Telegram channel. The post also advertises a private credential cloud service available for purchase through direct message.
Date: 2026-05-12T23:47:45Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85%E2%9C%A8-699X-HQ-FRESH-HOTMAIL-%E2%9C%85%E2%9C%A8
Screenshots:
None
Threat Actors: wasifurkchut
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of corporate email:password combo list
Category: Combo List
Content: A threat actor is offering a private corporate email:password combo list containing approximately 100,000 credentials, marketed as high quality. The content is paywalled and requires forum registration or login to access.
Date: 2026-05-12T23:47:16Z
Network: openweb
Published URL: https://patched.to/Thread-email-pass-100k-corp-%E2%9A%AA-high-quality-private-combolist-4-%E2%9A%AA
Screenshots:
None
Threat Actors: uhqcomboseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 100K corporate email:password combo list
Category: Combo List
Content: A threat actor is offering a corporate email:password combo list containing 100,000 credentials, marketed as high quality and private. The content is hidden behind a registration or login wall on the forum. No specific victim organization or breach source is identified.
Date: 2026-05-12T23:47:00Z
Network: openweb
Published URL: https://patched.to/Thread-email-pass-100k-corp-%E2%9A%AA-high-quality-private-combolist-5-%E2%9A%AA
Screenshots:
None
Threat Actors: uhqcomboseller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of URL:Log:Pass combo list with 47.2 million records
Category: Combo List
Content: A threat actor shared a URL:Log:Pass combo list containing approximately 47.2 million records, marketed as UHQ (ultra-high quality), via an external paste link. The list was made available for free on the cracking forum.
Date: 2026-05-12T23:46:35Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%AD%90%EF%B8%8FURL-LOG-PASS-47-20-M-%E2%9C%85-DAXUS-PRO-UHQ-%E2%AD%90%EF%B8%8F–2293254
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Latvian email:password credentials freely shared
Category: Combo List
Content: A threat actor shared a combo list of approximately 35,000 email:password credential pairs marketed as fresh and associated with Latvia. The list was made available via an external paste service. No specific breached organization is identified.
Date: 2026-05-12T23:46:31Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%A6%E2%9C%A6-35-K-%E2%9C%A6-Latvia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-10-5-2026-%E2%9C%A6%E2%9C%A6–2293263
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of mixed mail hits
Category: Combo List
Content: A threat actor has shared a combo list of 3,627 mixed email credentials via an external paste link. The post is categorized as a mix of mail hits, suggesting credentials harvested from multiple sources and tested against various email providers.
Date: 2026-05-12T23:46:16Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-3627x-PREMIUM-MIX-MAIL-HITS%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F–2293292
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale or distribution of SMTP credentials collection
Category: Combo List
Content: A forum user shared a link to an external paste site purportedly containing SMTP credentials under the title SMTP Heist 2025. No additional details regarding record count, origin, or pricing were provided in the post.
Date: 2026-05-12T23:46:12Z
Network: openweb
Published URL: https://nulledbb.com/thread-SMTP-Heist-2025–2293283
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 38K HQ email access combo list
Category: Combo List
Content: A threat actor shared a combo list containing 38,000 claimed valid email access credentials via a Pasteview link. The credentials are marketed as high-quality (HQ) valid mail access pairs. No specific victim organization or country is identified.
Date: 2026-05-12T23:42:17Z
Network: openweb
Published URL: https://altenens.is/threads/38k-valid-mail-access-hq-combolist.2938704/unread
Screenshots:
None
Threat Actors: VegaM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of SMTP/IMAP/Office 365 combo list
Category: Combo List
Content: A threat actor is advertising a combo list of 7 million SMTP, IMAP, and Office 365 credentials via a cracking forum and Telegram channels. The post directs interested parties to contact the seller on Telegram or join free combo/tool distribution groups.
Date: 2026-05-12T23:29:15Z
Network: openweb
Published URL: https://crackingx.com/threads/75101/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of fresh databases and stolen account credentials across multiple countries and platforms
Category: Combo List
Content: Threat actor operating in Squad Chat Marketplace offering fresh databases from UK, DE, JP, NL, BR, PL, ES, US, IT and other countries. Specifically advertising access to compromised accounts on eBay, Offerup, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Amazon, Mercari, Kleinanzeigen, neosurf, and ntlworld webmails. Claims to operate private cloud infrastructure for credential storage. Also references NeZha CVV Groups, a known cybercriminal organization specializing in stolen payment card data trafficking.
Date: 2026-05-12T23:26:33Z
Network: telegram
Published URL: https://t.me/c/2613583520/80511
Screenshots:
None
Threat Actors: NeZha CVV Groups
Victim Country: United Kingdom, Germany, Japan, Netherlands, Brazil, Poland, Spain, United States, Italy
Victim Industry: Multiple (e-commerce, payment services, email providers)
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Instagram user database
Category: Data Leak
Content: A threat actor has freely shared an alleged database of Instagram user data containing approximately 5.2 million records. The post includes a sample of the data. The thread title references 130 million records, though the post body specifies 5.2 million.
Date: 2026-05-12T23:22:00Z
Network: openweb
Published URL: https://breached.st/threads/130-milliond-data-base-istagram.87041/unread
Screenshots:
None
Threat Actors: BabayoErorSystem
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Instagram
Victim Site: instagram.com
Free distribution of 80 million URL:login:password combo list
Category: Combo List
Content: A threat actor shared a combo list containing 80 million URL:login:password credential pairs. The post is described as high quality (HQ) and was made available for free on the forum.
Date: 2026-05-12T23:08:57Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-80M-%E2%9A%A1-URL-LOGIN-PASS-HQ-%E2%9A%A1–2092990
Screenshots:
None
Threat Actors: DevelMakss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail and Shopping Target combo list with 1.28 million credentials
Category: Combo List
Content: A threat actor shared a combo list containing approximately 1.28 million email and password pairs marketed as fresh leaks. The list is advertised for use against Hotmail and shopping target services. No specific breached organization is identified; this appears to be a credential stuffing resource compiled from multiple sources.
Date: 2026-05-12T23:08:50Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-287-932-Lines-%E2%9C%85-Shopping-Target-Hotmail-Combolist-Fresh-Leaks
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 1.2GB stealer logs
Category: Logs
Content: A threat actor is freely distributing 1.2GB of stealer logs described as full logs. The post contains minimal detail beyond the file size and is a bump of a prior thread.
Date: 2026-05-12T23:08:38Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-1-2GB-%E2%AD%90%EF%B8%8F-STEALER-LOGS-FULL-LOGS-%E2%AD%90%EF%B8%8F–2092989
Screenshots:
None
Threat Actors: DevelMakss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 18K Hotmail credentials shared on cracking forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 18,000 Hotmail credentials on a cracking forum. The post advertises the credentials as valid mail access. The named service is a credential-stuffing target, not the breach victim.
Date: 2026-05-12T23:08:32Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-18K-%E2%9C%A8-HOTMAIL-MIX-VALID-MAIL-ACCESS-%E2%9C%A8–2092988
Screenshots:
None
Threat Actors: DevelMakss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 1,100 Hotmail accounts shared for free
Category: Combo List
Content: A threat actor shared a combo list containing 1,100 Hotmail account credentials via an external paste link. The post was made in a cracking-focused forum section, suggesting the credentials may be intended for account takeover activity.
Date: 2026-05-12T23:07:46Z
Network: openweb
Published URL: https://nulledbb.com/thread-X1100-Hotmail-Accounts–2293214
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Mexico email:password credentials freely shared
Category: Combo List
Content: A combo list of approximately 151,000 email:password pairs purportedly from Mexico has been freely shared via an external paste link. The credentials are marketed as fresh, dated April 5, 2026. No specific breached organization is identified.
Date: 2026-05-12T23:07:37Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%A6%E2%9C%A6-151-K-%E2%9C%A6-Mexico-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-4-5-2026-%E2%9C%A6%E2%9C%A6–2293223
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 400K URL-login-password combo list
Category: Combo List
Content: A threat actor shared a combo list containing approximately 400,000 URL-login-password credential pairs via an external paste link. The list was posted on a cracking forum and is likely intended for credential stuffing use.
Date: 2026-05-12T23:07:28Z
Network: openweb
Published URL: https://nulledbb.com/thread-400K-URL-LOGIN-PASS-COMBOLIST-SHROUD20-txt–2293225
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Request for Konami credential stuffing config for SilverBullet
Category: Combo List
Content: A forum user is requesting a SilverBullet config targeting Konami for credential stuffing purposes. The post does not contain any data or credentials itself, only a solicitation for a full-capture configuration file.
Date: 2026-05-12T23:06:10Z
Network: openweb
Published URL: https://altenens.is/threads/konami.2938684/unread
Screenshots:
None
Threat Actors: Balota911
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 21,373 mixed email:password credentials
Category: Combo List
Content: A threat actor shared a combo list of 21,373 mixed email:password credential pairs, claimed to be fully valid. The list was made available for free download on the forum.
Date: 2026-05-12T23:02:41Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%AD%90%E2%AD%90%E2%AD%9021373-MIX-MAIL-PASS-FULL-VALID-100-%E2%AD%90%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: DexterCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Request for RMM Access (ScreenConnect & Syncro)
Category: Services
Content: A forum user is soliciting access to Remote Monitoring and Management (RMM) services, specifically ScreenConnect and Syncro. The post does not disclose intended targets or use cases. No breach or attack is claimed.
Date: 2026-05-12T22:59:19Z
Network: openweb
Published URL: https://hackforums.net/showthread.php?tid=6325316
Screenshots:
None
Threat Actors: dawalathebest009
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of education-targeted combo list
Category: Combo List
Content: A threat actor is offering an education-targeted combo list via a Telegram channel and group. The post advertises free combo lists and programs through external Telegram links. No specific organization, record count, or data details are disclosed.
Date: 2026-05-12T22:50:02Z
Network: openweb
Published URL: https://crackingx.com/threads/75097/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Sale of gaming combo list (1 million credentials)
Category: Combo List
Content: A threat actor is offering a gaming-focused combo list of approximately 1 million credentials via a cracking forum. The seller promotes a Telegram channel for free combo lists and tools. No specific breached organization is identified.
Date: 2026-05-12T22:49:43Z
Network: openweb
Published URL: https://crackingx.com/threads/75099/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Yahoo combo list
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 1,700 Yahoo credentials marketed as fresh and high quality. The list is intended for credential stuffing or account takeover activity. The post is sponsored by an AIO tool service.
Date: 2026-05-12T22:27:12Z
Network: openweb
Published URL: https://cracked.st/Thread-1-7K-UHQ-YAHOO-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Gmail combo list (33K credentials)
Category: Combo List
Content: A threat actor is sharing a combo list containing approximately 33,000 Gmail credentials, marketed as ultra-high quality and fresh. The post is sponsored by an AIO tool service. Gmail is a credential-stuffing target, not the breach victim.
Date: 2026-05-12T22:26:53Z
Network: openweb
Published URL: https://cracked.st/Thread-33K-UHQ-GMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: UHQ Outlook credentials
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 1,200 UHQ Outlook credentials marketed as fresh. The post is sponsored by an external service and targets Microsoft Outlook accounts for potential credential stuffing.
Date: 2026-05-12T22:26:29Z
Network: openweb
Published URL: https://cracked.st/Thread-1-2K-UHQ-OUTLOOK-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Intercom Pro account upgrade
Category: Services
Content: A forum seller is offering a 1-month Intercom Pro account upgrade for $34, advertised at 60% off the official price. The post markets access to AI-powered customer support tools, live chat, and workflow automation features. The nature of the discounted access (e.g., cracked, stolen, or resold credentials) is not explicitly stated.
Date: 2026-05-12T22:26:23Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-34-%E2%9C%85-Turn-Customer-Support-an-AI-Powered-Sales-Machine-%E2%80%94-Now-at-60-Intercom-Pro–2092967
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hostinger hosting plans at discounted prices on cracking forum
Category: Services
Content: A forum user is offering Hostinger Premium and Business hosting plans for sale at discounted prices ($24.99 and $34.99 respectively) via a cracking forum. The nature of the discounted pricing on a cracking forum suggests these may be fraudulently obtained or resold accounts. Contact is solicited via Telegram.
Date: 2026-05-12T22:26:04Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9A%A1-Hostinger-Premium-Business-Hosting-Plans-%E2%80%94-Professional-Web-Hosting-at-Huge-Savin–2092968
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of unauthorized Amazon Prime Video 12-month access
Category: Carding
Content: A threat actor is selling 12-month Amazon Prime Video access for $14.99, significantly below the retail price. The offering likely involves compromised or fraudulently obtained accounts. The seller provides activation support and can be contacted via Telegram.
Date: 2026-05-12T22:25:55Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-14-99-%E2%9A%A1-Amazon-Prime-Video-%E2%80%93-12-Months-Premium-Access-%E2%9C%85–2092966
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Amazon
Victim Site: primevideo.com
Hotmail combo list with 7.1K credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 7,100 Hotmail credentials, marketed as valid mail access. The list was made available via an external paste link.
Date: 2026-05-12T22:25:20Z
Network: openweb
Published URL: https://nulledbb.com/thread-7-1K-%E2%9A%A1Hotmail%E2%9A%A1Valid-Mail-Access-06-05–2293193
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 1,600 Hotmail accounts shared freely
Category: Combo List
Content: A threat actor shared a combo list of 1,600 Hotmail accounts via an external paste link. The credentials were distributed freely on a cracking forum.
Date: 2026-05-12T22:25:07Z
Network: openweb
Published URL: https://nulledbb.com/thread-X1600-Hotmail-Accounts–2293184
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alert: Forum post requiring reply to reveal hidden content
Category: Alert
Content: A forum post titled with a NASA-related document name requires users to reply before viewing hidden content. No threat data is visible in the post.
Date: 2026-05-12T22:20:43Z
Network: openweb
Published URL: https://altenens.is/threads/fw_-in-wide-ranging-interview-bill-nelson-lays-out-his-vision-for-nasa-pdf.2938662/unread
Screenshots:
None
Threat Actors: popfizz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of document related to Elon Musk
Category: Data Leak
Content: A forum user on AE shared a hidden post titled Elon_Musk.pdf in the leaked databases section. The content is gated behind a reply requirement, and no further details about the documents origin or contents are available.
Date: 2026-05-12T22:20:16Z
Network: openweb
Published URL: https://altenens.is/threads/elon_musk-pdf.2938663/unread
Screenshots:
None
Threat Actors: popfizz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of NASA documents
Category: Data Leak
Content: A forum user on AE is sharing what appears to be a PDF document titled NASA_issues.pdf in a leaked databases section. The content is hidden behind a reply gate and details of the documents contents are unknown.
Date: 2026-05-12T22:19:50Z
Network: openweb
Published URL: https://altenens.is/threads/nasa_issues-pdf.2938664/unread
Screenshots:
None
Threat Actors: popfizz
Victim Country: United States
Victim Industry: Government
Victim Organization: NASA
Victim Site: nasa.gov
Alleged document leak related to Elon Musk and regulators
Category: Data Leak
Content: A forum post on AE references a hidden file titled Re: Elon Musks War on Regulators.pdf, gated behind a reply requirement. The content and origin of the document are unverified and no additional details are provided in the post.
Date: 2026-05-12T22:19:23Z
Network: openweb
Published URL: https://altenens.is/threads/re_-elon-musks-war-on-regulators-pdf.2938665/unread
Screenshots:
None
Threat Actors: popfizz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak related to NASA
Category: Data Leak
Content: A forum post on AE claims to share hidden data related to a NASA document. The content is gated behind a reply requirement, so the exact nature and scope of the data cannot be confirmed.
Date: 2026-05-12T22:18:56Z
Network: openweb
Published URL: https://altenens.is/threads/re_-external_-re_-nasas-giant-leap-backwards-towards-moon-landing-pdf.2938666/unread
Screenshots:
None
Threat Actors: popfizz
Victim Country: United States
Victim Industry: Government
Victim Organization: NASA
Victim Site: nasa.gov
Alleged data leak of unknown organization
Category: Data Leak
Content: A forum post on AE titled Elon Musk_Bad for Democracy contains hidden data accessible only after replying. The actual content and nature of the leaked data cannot be determined from the visible post. No further details about the victim, data type, or record count are available.
Date: 2026-05-12T22:18:30Z
Network: openweb
Published URL: https://altenens.is/threads/elon-musk_bad-for-democracy.2938661/unread
Screenshots:
None
Threat Actors: popfizz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak related to The Machinists Union and ULA
Category: Data Leak
Content: A forum post on a leaked databases forum references a PDF document related to The Machinists Unions support of ULAs Tory Bruno on the National Space Council. The actual content is hidden behind a reply gate, so the nature and scope of the data cannot be confirmed.
Date: 2026-05-12T22:18:04Z
Network: openweb
Published URL: https://altenens.is/threads/re_-the-machinists-union-strongly-support-ulas-tory-bruno-remaining-on-national-space-council-pdf.2938667/unread
Screenshots:
None
Threat Actors: popfizz
Victim Country: United States
Victim Industry: Manufacturing
Victim Organization: The Machinists Union
Victim Site: Unknown
Sale of mixed combo list containing 110K email and user credentials
Category: Combo List
Content: A threat actor is selling a mixed combo list of approximately 110,000 email:password and user:password credential pairs spanning multiple countries and email providers including AOL, Yahoo, Hotmail, and Outlook. The credentials are advertised as high quality with a guarantee. The seller directs interested buyers to contact via Telegram.
Date: 2026-05-12T21:58:59Z
Network: openweb
Published URL: https://crackingx.com/threads/75095/
Screenshots:
None
Threat Actors: alex12
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list of 2,215 lines shared on cracking forum
Category: Combo List
Content: A combo list containing 2,215 email:password lines targeting Hotmail accounts was shared on a cracking forum via a Mega.nz link. The post references a Telegram channel and a bot for purchasing additional content.
Date: 2026-05-12T21:44:37Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-2215-lines-hotmail
Screenshots:
None
Threat Actors: Bob_Traher
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of corporate email and password combo list
Category: Combo List
Content: A threat actor is offering a combo list of 1,682 corporate email and password pairs via an external paste link. The post is categorized as a premium mix of corporate access credentials.
Date: 2026-05-12T21:44:16Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Mix-Corporate-1682-Access-Premium-mtbcloud
Screenshots:
None
Threat Actors: MTB_cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list distribution — Daily fresh mixed credentials
Category: Combo List
Content: A threat actor shared a free combo list containing 1,682 email:password pairs, marketed as fresh and valid. The credentials were made available via an external paste link on a public forum.
Date: 2026-05-12T21:43:57Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Mix-Daily-Fresh-1682-Mix-Valid-mtbcloud
Screenshots:
None
Threat Actors: MTB_cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1,500 Hotmail email and password pairs, marketed as fresh hits. The credentials are intended for use in credential stuffing attacks against Hotmail/Outlook accounts.
Date: 2026-05-12T21:43:37Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%AD%901500%E2%AD%90FRESH%E2%AD%90HOTMAIL%E2%AD%90HITS%E2%AD%90–2092959
Screenshots:
None
Threat Actors: tihyy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Mix Combo List with Valid Credentials
Category: Combo List
Content: A threat actor shared a combo list containing 1,682 email:password pairs, advertised as valid credentials. The list is distributed via an external paste service and marketed as elite-quality hits.
Date: 2026-05-12T21:43:17Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Mix-Elite-Access-1682-Mix-Valid-mtbcloud
Screenshots:
None
Threat Actors: MTB_cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Mixed email:password credentials shared freely
Category: Combo List
Content: A threat actor shared a mixed combo list containing 1,676 email:password credential pairs via an external paste link. The list is described as exclusive and private, shared under the alias MTB_cloud.
Date: 2026-05-12T21:42:55Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Mix-Exclusive-1676-Mix-Private-mtbcloud
Screenshots:
None
Threat Actors: MTB_cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 4.5K credentials
Category: Combo List
Content: A threat actor is offering 4,500 Hotmail credentials marketed as high-quality and fresh via a Telegram channel. The actor also advertises a private cloud service for purchase through a separate Telegram contact.
Date: 2026-05-12T21:42:35Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-4-5K-HQ-FRESH-VALID-HOTMAILS-%E2%9C%85
Screenshots:
None
Threat Actors: wasifurkchut
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of private Hotmail combo lists with logs and mail checker
Category: Combo List
Content: A threat actor is selling private Hotmail combo lists marketed as UHQ and fresh, including inbox combos, logs, and a mail checker tool. Access is offered via subscription through a Telegram channel. A sample is provided with full content gated behind registration or purchase.
Date: 2026-05-12T21:42:27Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-private-lines-hotmail-antalya-h-100-pvt
Screenshots:
None
Threat Actors: cloudantalya
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list available on forum
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 400 Hotmail credentials, marketed as high quality mail access. The content is gated behind forum registration or login.
Date: 2026-05-12T21:41:57Z
Network: openweb
Published URL: https://patched.to/Thread-0-4k-hq-hotmail-mail-access-combolist-301723
Screenshots:
None
Threat Actors: liamgoat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 110K email:password combo list targeting streaming and gaming services
Category: Combo List
Content: A threat actor is distributing and selling a combo list of approximately 110,000 email:password pairs marketed as fresh and high quality. The credentials are advertised as suitable for credential stuffing against services including Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify. The actor also promotes additional combo lists by region and mail provider via Telegram.
Date: 2026-05-12T21:40:51Z
Network: openweb
Published URL: https://demonforums.net/Thread-110k-Fresh-HQ-Combolist-Email-Pass-Netflix-Minecraft-Uplay-Steam-Hulu-spotify–203826
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mix combo list by threat actor s2lender
Category: Combo List
Content: Threat actor s2lender is offering a high-quality mixed combo list containing 7,582 credential pairs, marketed as fresh and untouched. The post advertises daily supply of 4K–12K credentials through a private members-only network. The combo list is described as optimized for credential stuffing with private and encrypted access.
Date: 2026-05-12T21:36:54Z
Network: openweb
Published URL: https://crackingx.com/threads/75089/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list by threat actor s2lender
Category: Combo List
Content: Threat actor s2lender is offering a combo list of 2,326 Hotmail credentials, marketed as high-quality and fresh. The post advertises a private members-only supply channel providing 4K–12K credentials daily, optimized for credential stuffing.
Date: 2026-05-12T21:36:37Z
Network: openweb
Published URL: https://crackingx.com/threads/75090/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of 1.3 million URL:log:pass credentials
Category: Combo List
Content: A threat actor shared a file via Mega.nz containing approximately 1.3 million URL:log:pass credential pairs. The dataset was distributed freely on a cracking forum.
Date: 2026-05-12T21:36:19Z
Network: openweb
Published URL: https://crackingx.com/threads/75093/
Screenshots:
None
Threat Actors: WashingtonDC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of ascogo.co.id by Mr.PIMZZZXploit
Category: Defacement
Content: Threat actor Mr.PIMZZZXploit claims to have defaced ascogo.co.id website. Defacement message posted with mirror link to hack-db.org. Post tagged with #allmember and #allaliance Babayo Eror System.
Date: 2026-05-12T21:29:07Z
Network: telegram
Published URL: https://t.me/c/3865526389/918
Screenshots:
None
Threat Actors: Mr.PIMZZZXploit
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: ascogo.co.id
Victim Site: ascogo.co.id
Sale of alleged classified US government documents including DOD, CIA, DHS, and DIA reports
Category: Data Breach
Content: A threat actor is offering for sale alleged top-secret documents attributed to US government agencies including the DOD, CIA, DHS, courts, and DIA. The seller claims to operate a data brokerage service, accepts escrow, and states availability is not limited to US data. Samples and pricing are provided upon contact.
Date: 2026-05-12T21:16:52Z
Network: openweb
Published URL: https://breached.st/threads/usa-top-secret-dod-cia-dhs-court-dia-reports.87040/unread
Screenshots:
None
Threat Actors: mosad
Victim Country: United States
Victim Industry: Government
Victim Organization: US Department of Defense / CIA / DHS / DIA
Victim Site: Unknown
Free release of 100K SUHQ combo list
Category: Combo List
Content: A threat actor operating under the handle Antaksio released a combo list of 100,000 credentials described as SUHQ (Super Ultra High Quality) sourced from a UHQ database. The post is associated with AntMarket, a store advertising discounted streaming, VPN, and Steam accounts. The credentials were made available for free on the Cracked.st forum.
Date: 2026-05-12T20:57:46Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%AD%90%E2%AD%90-100K-SUHQ-COMBO-FROM-UHQ-DATABASE%E2%AD%90%E2%AD%90-BY-ANTMARKET
Screenshots:
None
Threat Actors: Antaksio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail credential combo list shared on cracking forum
Category: Combo List
Content: A threat actor is freely sharing a Hotmail credential combo list described as HQ and private on a cracking forum. The actor promotes a Telegram channel offering daily combo lists for GMX, Web.de, and Hotmail accounts. These credentials are intended for credential stuffing, not indicative of a breach of the named email providers.
Date: 2026-05-12T20:56:18Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-HOTMAIL-HITLIST-HQ-and-PRIVATE
Screenshots:
None
Threat Actors: MXXM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Freenet credentials shared for free
Category: Combo List
Content: A threat actor is distributing a combo list of Freenet email credentials marketed as 100% valid. The actor promotes a Telegram channel offering daily hitlists for GMX, Web, and Hotmail services.
Date: 2026-05-12T20:55:51Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-FREENET-HITLIST-100-VALID
Screenshots:
None
Threat Actors: MXXM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
France mail:pass combo list of 40,000 credentials
Category: Combo List
Content: A threat actor shared a France-based mail:pass combo list containing 40,000 lines, marketed as unique credentials. The post was made on a public cracking forum and appears to target French email accounts for credential stuffing.
Date: 2026-05-12T20:55:23Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-40k-LINES-FRANCE-MAILPASS-2026-UNIQUE-COMBO-2
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting social, shopping, and education services
Category: Combo List
Content: A combo list of approximately 123,939 email:password lines is being distributed, marketed as targeting social media, shopping, and education platforms. The credentials are advertised as high-quality leaks suitable for credential stuffing against these service categories.
Date: 2026-05-12T20:55:03Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-123-939-Lines-%E2%9C%85-Social-and-Shopping-Target-Edu-education-HQ-Leaks
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Netflix hold payment update service
Category: Carding
Content: A threat actor is offering a service to update hold payments on Netflix accounts, pricing at $4 per account for US and $5 for Canadian and UK accounts. The service appears to involve unauthorized manipulation of payment details on compromised Netflix accounts. Contact is solicited via Telegram.
Date: 2026-05-12T20:54:37Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-Updating-Netflix-hold-payments-Cheapest-in-market-Trusted
Screenshots:
None
Threat Actors: BjornIronSide
Victim Country: Unknown
Victim Industry: Entertainment
Victim Organization: Netflix
Victim Site: netflix.com
Sale of ULP combo list with 58.47 million records
Category: Combo List
Content: A threat actor is sharing a URL:Login:Password (ULP) combo list containing approximately 58.47 million records, marketed as UHQ (ultra-high quality). The list is being distributed via an external paste link on a cracking forum.
Date: 2026-05-12T20:54:22Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%AD%90%EF%B8%8FURL-LOG-PASS-58-47-M-%E2%9C%85-ULP-DAXUS-PRO-UHQ-%E2%AD%90%EF%B8%8F–2293128
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Deezer account checker tool
Category: Combo List
Content: A forum user is sharing a credential-checking tool targeting Deezer accounts, referred to as Deezer Checker by PJ V1.1. The tool is distributed via an external paste link and is intended for credential stuffing or account validation against the Deezer streaming service.
Date: 2026-05-12T20:54:02Z
Network: openweb
Published URL: https://nulledbb.com/thread-BEST-DEEZER-CHECKER-BY-PJ-V1-1–2293157
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Gmail combo list shared on forum
Category: Combo List
Content: A user shared a combo list targeting Gmail accounts on a public forum. The content is hidden behind a registration or login wall. No further details on record count or data quality are available.
Date: 2026-05-12T20:53:50Z
Network: openweb
Published URL: https://patched.to/Thread-hq-gmail-com-combolist-shroud20-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Gmail combo list shared by ShroudX
Category: Combo List
Content: A user on a cracking forum shared a file purportedly containing a high-quality Gmail combo list. No additional details about record count or content are available from the post.
Date: 2026-05-12T20:53:42Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-GMAIL-COM-COMBOLIST-SHROUD20-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list
Category: Combo List
Content: A threat actor operating under the alias ShroudX has shared a Hotmail combo list on a cybercrime forum. The content is hidden behind a registration or login requirement, limiting visibility into the record count or data quality. The list appears to be marketed as high-quality credentials for use in credential-stuffing attacks.
Date: 2026-05-12T20:53:33Z
Network: openweb
Published URL: https://patched.to/Thread-hq-hotmail-com-combolist-shroud20-txt-301712
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list shared on cracking forum
Category: Combo List
Content: A Hotmail.com combo list was shared on a cracking forum by the user ShroudX. The post title indicates the list is marketed as high quality. No further details are available from the post content.
Date: 2026-05-12T20:53:22Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-HOTMAIL-COM-COMBOLIST-SHROUD20-txt–2293168
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mixed Countries Combo List
Category: Combo List
Content: A mixed-countries combo list was shared on a cracking forum by user ShroudX. No additional details about record count or targeted services are available from the post content.
Date: 2026-05-12T20:53:03Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-MIXED-COUNTRIES-COMBOLIST-SHROUD20-txt–2293169
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Belgian email:password credentials freely shared
Category: Combo List
Content: A threat actor shared a combo list of approximately 86,000 email:password pairs, marketed as fresh and associated with Belgian accounts. The list was made available via an external paste link.
Date: 2026-05-12T20:52:47Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%A6%E2%9C%A6-86-K-%E2%9C%A6-Belgium-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-1-5-2026-%E2%9C%A6%E2%9C%A6–2293137
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Outlook.com combo list
Category: Combo List
Content: A combo list targeting Outlook.com accounts is being shared on a cracking forum by user ShroudX. The post is advertised as high quality (HQ). No additional details are available from the post content.
Date: 2026-05-12T20:52:43Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-OUTLOOK-COM-COMBOLIST-SHROUD20-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Costa Rica distributed on forum
Category: Combo List
Content: A combo list containing approximately 11,000 credentials reportedly associated with Costa Rica was shared freely on a forum. The list was made available via an external paste link.
Date: 2026-05-12T20:52:28Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-11-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Costa-Rica-%E2%9C%AA-26-APR-2026-%E2%9C%AA–2293166
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Yahoo.com combo list
Category: Combo List
Content: A threat actor operating under the alias ShroudX has shared or is offering a combo list marketed as high-quality Yahoo.com credentials. No further details are available as the post contains no additional content.
Date: 2026-05-12T20:52:24Z
Network: openweb
Published URL: https://nulledbb.com/thread-HQ-YAHOO-COM-COMBOLIST-SHROUD20-txt
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 2,000 Hotmail credentials shared on forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 2,000 Hotmail credentials on a leaking forum. The content is hidden behind a registration/login gate. Hotmail is a credential-stuffing target, not the breach source.
Date: 2026-05-12T20:51:56Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%AD%90%EF%B8%8F2k-HOTMAIL-ACCESS%E2%AD%90%EF%B8%8F–20505
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment cards including EBT, dumps, and CC+CVV
Category: Carding
Content: A threat actor is selling stolen payment card data including EBT cards with PINs, dumps with PINs, and credit cards with CVVs at advertised low prices. The seller claims to offer weekly updates and accepts Bitcoin as payment, operating via Telegram. Cards are marketed as usable for TikTok, CashApp, Apple Pay, and PayPal transactions.
Date: 2026-05-12T20:51:34Z
Network: openweb
Published URL: https://demonforums.net/Thread-EBT-cards-pin-Dumps-pin-and-Cc-cvv-at-a-low-prices-https-t-me-clonecardsallow–203824
Screenshots:
None
Threat Actors: Miles121
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list mix distributed on cracking forum
Category: Combo List
Content: A threat actor distributed a combo list of approximately 10,866 credentials on a cracking forum, marketed as high-quality and fresh. The list is described as part of a private members-only network supplying 4K–12K credentials daily.
Date: 2026-05-12T20:50:46Z
Network: openweb
Published URL: https://crackingx.com/threads/75087/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of promo codes for Swapit
Category: Data Leak
Content: A threat actor has freely distributed 10 alleged $500 promotional codes associated with swapit-now.com, claiming they were cracked from the platform. No additional context regarding the method of compromise was provided.
Date: 2026-05-12T20:39:15Z
Network: openweb
Published URL: https://breachforums.rs/Thread-cracked-500-promo-codes-exchange-site
Screenshots:
None
Threat Actors: m0uzer
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Swapit
Victim Site: swapit-now.com
Alleged cracking and free release of Swapit Exchange account credentials
Category: Data Leak
Content: A threat actor claims to have cracked 12 Swapit Exchange accounts and freely distributed the credentials, including email:password pairs, account balances ranging from approximately $1,345 to $9,789, and Level 2 verified status with no 2FA enabled. The actor states the activity is motivated by amusement rather than financial gain.
Date: 2026-05-12T20:38:54Z
Network: openweb
Published URL: https://breachforums.rs/Thread-cracked-12-more-swapit-exchange-accounts-enjoy
Screenshots:
None
Threat Actors: m0uzer
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Swapit Exchange
Victim Site: swapit-now.com
Sale of personal data, credentials, and identity documents databases
Category: Services
Content: A seller is advertising multiple data products including company databases, identity document scans (ID, drivers license, passport), SSN/SIN databases, consumer and phone lists, email databases, and credential lists. The post directs buyers to a Telegram contact for transactions. No specific victim organizations or record counts are mentioned.
Date: 2026-05-12T20:34:15Z
Network: openweb
Published URL: https://crackingx.com/threads/75084/
Screenshots:
None
Threat Actors: jannatmirza11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting South Africa
Category: Combo List
Content: A combo list containing approximately 58,000 or more credential pairs purportedly associated with South Africa was shared on a cybercrime forum. The post was published on May 12, 2026, and no additional details about the data source or targeted service were provided.
Date: 2026-05-12T20:32:59Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-58-K-Combo-%E2%9C%AA-South-Africa-%E2%9C%AA-12-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Spain distributed on cybercrime forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 362,000 email:password pairs associated with Spain. The credentials are marketed as fresh and high quality. The list is available to registered forum members via hidden content.
Date: 2026-05-12T20:31:38Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-362-K-Combo-%E2%9C%AA-Spain-%E2%9C%AA-12-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of phone number database with demographic data
Category: Data Breach
Content: A threat actor is selling a database of phone numbers including country, gender, age, name, and telephone company fields. The dataset is marketed as suitable for vishing operations. No victim organization or record count is specified.
Date: 2026-05-12T20:23:51Z
Network: openweb
Published URL: https://breached.st/threads/mini-database-phone-numbers-format-flag-number-gender-age-telephone-company.87037/unread
Screenshots:
None
Threat Actors: nebulark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Korps Brimob Indonesian Police database
Category: Data Leak
Content: A threat actor is freely distributing an alleged database belonging to Korps Brimob, the Indonesian National Police mobile brigade corps. The dataset purportedly contains records of 28,000 members and is being shared at no cost on a cybercrime forum.
Date: 2026-05-12T20:22:55Z
Network: openweb
Published URL: https://breached.st/threads/28-k-database-korps-brimob-indonesian.87038/unread
Screenshots:
None
Threat Actors: BabayoErorSystem
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Korps Brimob
Victim Site: Unknown
Alleged data breach of AimSmarter
Category: Data Breach
Content: A threat actor claims that AIM Smarter (aimsmarter.co.uk) suffered a data breach on or about May 11th 2026, exposing approximately 6,500+ rows of structured database records. Compromised data allegedly includes customer identity and contact details, financial records (credit limits, VAT numbers, payment methods), business classification data, and internal employee login credentials (emails and MD5-hashed passwords). The actor has shared a download link purportedly containing the SQL dataset.
Date: 2026-05-12T20:22:22Z
Network: openweb
Published URL: https://breached.st/threads/uk-aimsmarter-data-breach.87039/unread
Screenshots:
None
Threat Actors: Shinigami
Victim Country: United Kingdom
Victim Industry: Technology
Victim Organization: AIM Smarter
Victim Site: aimsmarter.co.uk
Texas Parks and Wildlife – 3.2M SSN, Drivers license, Biometrics
Category: Alert
Content: New thread posted by wikkid: Texas Parks and Wildlife – 3.2M SSN, Drivers license, Biometrics
Date: 2026-05-12T19:53:20Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Texas-Parks-and-Wildlife-3-2M-SSN-Drivers-license-Biometrics
Screenshots:
None
Threat Actors: wikkid
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
ohno.gg
Category: Alert
Content: New thread posted by ragnarok: ohno.gg
Date: 2026-05-12T19:51:03Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-ohno-gg
Screenshots:
None
Threat Actors: ragnarok
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Korps Brimob (Indonesian Police Mobile Brigade) – 28K records
Category: Data Breach
Content: A database containing approximately 28,000 records from Korps Brimob (Indonesian Police Mobile Brigade) has been breached and is being discussed on a public breach forum. The breach details are shared via a forum thread on breached.st.
Date: 2026-05-12T19:49:40Z
Network: telegram
Published URL: https://t.me/BabayoErorSytem1/917
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government/Law Enforcement
Victim Organization: Korps Brimob
Victim Site: Unknown
Alleged data breach of Korps Brimob (Indonesian Police Mobile Brigade) – 28K records
Category: Data Breach
Content: A database containing approximately 28,000 records from Korps Brimob (Indonesian Police Mobile Brigade) has been breached and shared on breached.st forum. The breach exposes sensitive information from Indonesias paramilitary police force.
Date: 2026-05-12T19:48:56Z
Network: telegram
Published URL: https://t.me/c/3865526389/917
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government/Law Enforcement
Victim Organization: Korps Brimob
Victim Site: Unknown
Civil Aviation Authority Malaysia DATA LEAK
Category: Data Breach
Content: New thread posted by Grim: Civil Aviation Authority Malaysia DATA LEAK
Date: 2026-05-12T19:47:52Z
Network: openweb
Published URL: https://darkforums.su/Thread-Civil-Aviation-Authority-Malaysia-DATA-LEAK
Screenshots:
None
Threat Actors: Grim
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Investigadores buscando informacion
Category: Alert
Content: New thread posted by V0lt4r0x: Investigadores buscando informacion
Date: 2026-05-12T19:47:06Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Investigadores-buscando-informacion
Screenshots:
None
Threat Actors: V0lt4r0x
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
77K – UHQ OUTLOOK COMBO (FRESH)
Category: Alert
Content: New thread posted by Vows: 77K – UHQ OUTLOOK COMBO (FRESH)
Date: 2026-05-12T19:38:52Z
Network: openweb
Published URL: https://cracked.st/Thread-77K-UHQ-OUTLOOK-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
100k Private Cookies From StealerLogs @Primedatanet
Category: Alert
Content: New thread posted by primedata: 100k Private Cookies From StealerLogs @Primedatanet
Date: 2026-05-12T19:38:36Z
Network: openweb
Published URL: https://cracked.st/Thread-100k-Private-Cookies-From-StealerLogs-Primedatanet–2092912
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
100K – UHQ YAHOO COMBO (FRESH)
Category: Alert
Content: New thread posted by Vows: 100K – UHQ YAHOO COMBO (FRESH)
Date: 2026-05-12T19:38:30Z
Network: openweb
Published URL: https://cracked.st/Thread-100K-UHQ-YAHOO-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
1.5M – UHQ GMAIL COMBO (FRESH0
Category: Alert
Content: New thread posted by Vows: 1.5M – UHQ GMAIL COMBO (FRESH0
Date: 2026-05-12T19:38:09Z
Network: openweb
Published URL: https://cracked.st/Thread-1-5M-UHQ-GMAIL-COMBO-FRESH0
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ combo list targeting Spain
Category: Combo List
Content: A threat actor shared a combo list of approximately 180,000 credentials marketed as UHQ (ultra high quality) targeting Spain. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-12T19:37:59Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-180k-spain-uhq-combolist
Screenshots:
None
Threat Actors: capitan911
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list
Category: Combo List
Content: A threat actor is offering approximately 3,500 Hotmail credentials marketed as high-quality and fresh valid hits. The post directs buyers to a Telegram channel and offers a private cloud service via direct message.
Date: 2026-05-12T19:37:41Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85%E2%9C%A8-3-5K-HQ-FRESH-VALID-HOTMAILS-%E2%9C%85%E2%9C%A8–2092910
Screenshots:
None
Threat Actors: wasifurkchut
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Italian combo list with 215K credentials
Category: Combo List
Content: A threat actor is offering a combo list purportedly containing 215,000 Italian credentials. The content is hidden behind a login/registration wall, limiting visibility into specific data fields or targeted services.
Date: 2026-05-12T19:37:28Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-215k-italy-high-quality-combolist
Screenshots:
None
Threat Actors: capitan911
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 411K mixed email credentials
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 411,000 mixed email credentials, marketed as fresh and high quality. The post is sponsored by a credential-stuffing tool service.
Date: 2026-05-12T19:37:19Z
Network: openweb
Published URL: https://cracked.st/Thread-411K-UHQ-MIXED-MAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Brazilian combo list with 226K credentials
Category: Combo List
Content: A threat actor is sharing a combo list allegedly containing 226,000 high-quality credentials associated with Brazilian users. The content is hidden behind a registration or login wall on the forum. No specific breached organization is identified.
Date: 2026-05-12T19:37:11Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-226k-brazil-hq-good-combolist
Screenshots:
None
Threat Actors: capitan911
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
292K UNITED KINGDOM HQ Fresh Combolist
Category: Alert
Content: New thread posted by capitan911: 292K UNITED KINGDOM HQ Fresh Combolist
Date: 2026-05-12T19:36:54Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-292k-united-kingdom-hq-fresh-combolist
Screenshots:
None
Threat Actors: capitan911
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
2.500 GOOD COMBO LOGS ALL TARGETS (HOTMAIL)
Category: Alert
Content: New thread posted by cloudkaraoke: 2.500 GOOD COMBO LOGS ALL TARGETS (HOTMAIL)
Date: 2026-05-12T19:36:22Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-2-500-good-combo-logs-all-targets-hotmail
Screenshots:
None
Threat Actors: cloudkaraoke
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
⚡️ 1709x Verity Vault Hotmail Drop ⚡️
Category: Alert
Content: New thread posted by Verityyyy: ⚡️ 1709x Verity Vault Hotmail Drop ⚡️
Date: 2026-05-12T19:35:42Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%EF%B8%8F-1709x-Verity-Vault-Hotmail-Drop-%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: Verityyyy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
⚡️ 5325x Verity Vault Mixmail Drop ⚡️
Category: Alert
Content: New thread posted by Verityyyy: ⚡️ 5325x Verity Vault Mixmail Drop ⚡️
Date: 2026-05-12T19:35:19Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%EF%B8%8F-5325x-Verity-Vault-Mixmail-Drop-%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: Verityyyy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
? 2640x Hotmail Access Vault ?
Category: Alert
Content: New thread posted by RyuuLord: ? 2640x Hotmail Access Vault ?
Date: 2026-05-12T19:34:57Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-2640x-Hotmail-Access-Vault
Screenshots:
None
Threat Actors: RyuuLord
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 104K EDU-targeted combo list
Category: Combo List
Content: A threat actor is selling and distributing a combo list of approximately 104,000 credentials targeted at educational institutions. The list includes EMAIL:PASS and USER:PASS formats spanning multiple countries including the USA, UK, France, Germany, Canada, and Australia. The actor advertises the credentials as high quality with a guarantee and promotes additional combo list services via Telegram.
Date: 2026-05-12T19:34:30Z
Network: openweb
Published URL: https://demonforums.net/Thread-104K-EDU-TARGETED-COMBOLIST
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Smart Base Fizmasoft (smaktab.uz) in Uzbekistan
Category: Data Breach
Content: A threat actor claims to have hacked multiple subdomains and systems belonging to Smart Base Fizmasoft, an Uzbekistan-based company, exploiting SQL injection, XSS/CSP, CORS misconfiguration, subdomain takeover, and CVE-2025-53589 (Nginx 1.28.0). The actor posted sample records containing student personal data including full names, dates of birth, gender, class information, and parent contact phone numbers. The actor also claims to have accessed IP cameras associated with the organization.
Date: 2026-05-12T19:28:00Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Hello-Uzbekistan-SQL-Injection-Subdomens-Xss-Csp-CORS-Takeover-SSL-certificate
Screenshots:
None
Threat Actors: Anonymo_us
Victim Country: Uzbekistan
Victim Industry: Education
Victim Organization: Smart Base Fizmasoft
Victim Site: smaktab.uz
Sale of UHQ Hotmail combo list
Category: Combo List
Content: A threat actor is selling a combo list of 590 Hotmail credentials marketed as UHQ (ultra-high quality). Access is offered via tiered subscription pricing ranging from $3 for a 24-hour trial to $100 for three months.
Date: 2026-05-12T19:12:02Z
Network: openweb
Published URL: https://crackingx.com/threads/75078/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of DPR email database
Category: Data Leak
Content: A forum post titled DATABASE EMAIL DPR was shared on a database leak forum by user Alixploit. No content was available to determine the nature, scope, or origin of the alleged data.
Date: 2026-05-12T19:09:58Z
Network: openweb
Published URL: https://breached.st/threads/database-email-dpr.87036/unread
Screenshots:
None
Threat Actors: Alixploit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Virginia Department of Wildlife Resources
Category: Data Leak
Content: A threat actor has freely shared a dataset allegedly sourced from the Virginia Department of Wildlife Resources (DWR), containing 286,620 records. Compromised data includes full names, SSNs, dates of birth, gender, ethnicity, contact information, drivers license numbers, and hunting/fishing license history. Sample records with PII were posted alongside the download link.
Date: 2026-05-12T19:06:17Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Virginia-Department-of-Wildlife-Resources-Leaked-Download
Screenshots:
None
Threat Actors: wikkid
Victim Country: United States
Victim Industry: Government
Victim Organization: Virginia Department of Wildlife Resources
Victim Site: dwr.virginia.gov
Alleged data leak of Struktura stalkerware operator (Ersten Group LTD)
Category: Data Leak
Content: A threat actor leaked customer subscription data allegedly belonging to Struktura, a stalkerware developer operating under the UK front company Ersten Group LTD. The leaked data includes email addresses, user IDs, invoice IDs, currency, subscription pricing, and MD5-hashed credit/debit card numbers with last-four digits, spanning customers across approximately 26 stalkerware and tracking software brands. Sample records were published freely on the forum.
Date: 2026-05-12T19:05:28Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Struktura-stalkerware-Leaked-Download
Screenshots:
None
Threat Actors: wikkid
Victim Country: United Kingdom
Victim Industry: Technology
Victim Organization: Ersten Group LTD
Victim Site: Unknown
Alleged data leak of TraxNYC
Category: Data Leak
Content: A threat actor leaked a CSV database allegedly belonging to TraxNYC, a New York City-based jewelry retailer. The dataset contains 182,327 records including full names, email addresses, phone numbers, shipping addresses, order IDs, order dates, order statuses, and product information. The data was made available for free download on the forum.
Date: 2026-05-12T19:04:41Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-TraxNYC-Leaked-Download
Screenshots:
None
Threat Actors: wikkid
Victim Country: United States
Victim Industry: Retail
Victim Organization: TraxNYC
Victim Site: traxnyc.com
Alleged data breach of Substack
Category: Data Leak
Content: A threat actor has leaked an alleged database dump from Substack, the publishing platform, claimed to originate from a breach in October 2025 and circulated more widely in February 2026. The dataset contains approximately 697,313 records including usernames, email addresses, bios, phone numbers, internal metadata, and Stripe customer IDs. The data is being freely distributed via a downloadable CSV file.
Date: 2026-05-12T19:03:53Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Substack-Leaked-Download
Screenshots:
None
Threat Actors: wikkid
Victim Country: United States
Victim Industry: Technology
Victim Organization: Substack
Victim Site: substack.com
Alleged data breach of Agence Nationale des Titres Sécurisés (ANTS) with ransom demand
Category: Data Breach
Content: A threat actor operating under the alias NormalLeVrai claims to have breached the French National Agency for Secure Documents (ANTS), which manages online procedures for identity cards, passports, driving licences, and vehicle registration. The actor is demanding a ransom of $20,000 by May 18, 2026, threatening to release approximately 13 million records publicly if payment is not received. Data samples and screenshots were provided as proof of access.
Date: 2026-05-12T18:59:15Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-RANSOM-13M-Agence-Nationale-des-Titres-S%C3%A9curis%C3%A9s
Screenshots:
None
Threat Actors: NormalLeVrai
Victim Country: France
Victim Industry: Government
Victim Organization: Agence Nationale des Titres Sécurisés
Victim Site: ants.gouv.fr
Alleged data breach of axisproerp.com
Category: Data Breach
Content: A Breachforums user xyph0rix has posted a thread referencing a leak/database breach related to axisproerp.com. The breach is being discussed on Breachforums platform.
Date: 2026-05-12T18:58:08Z
Network: telegram
Published URL: https://t.me/Xyph0rix/347
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: axisproerp.com
Victim Site: axisproerp.com
Alleged combo list of business corporate mail credentials with SMTP leaks
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 74,899 lines of business corporate email and password pairs, advertised as including SMTP leak data. The post is categorized as a credential list targeting corporate mail accounts.
Date: 2026-05-12T18:50:44Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-74-899-Lines-%E2%9C%85-Business-Corp-Mail-Pass-SMTP-Leaks
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list sample distributed on cracked.st forum
Category: Combo List
Content: A threat actor shared a free sample of a mixed email combo list on cracked.st, marketing it as suitable for credential stuffing across multiple services. The post promotes a Telegram channel offering combo lists, logs, ULP, and checkers.
Date: 2026-05-12T18:50:22Z
Network: openweb
Published URL: https://cracked.st/Thread-Private-Mix-Mail-Good-For-All-1
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list sample distributed on cracking forum
Category: Combo List
Content: A threat actor distributed a free sample of a mixed email combo list on a cracking forum, marketing it as suitable for general use. The post also advertises a Telegram channel offering mix mail, logs, ULP, and checkers.
Date: 2026-05-12T18:50:02Z
Network: openweb
Published URL: https://cracked.st/Thread-Private-Mix-Mail-Good-For-All-2
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list sample distributed on cracking forum
Category: Combo List
Content: A threat actor distributed a free sample combo list described as a mixed mail collection marketed as suitable for multiple services. The post directs users to a Telegram channel offering mix mail, logs, ULP, and checkers.
Date: 2026-05-12T18:49:44Z
Network: openweb
Published URL: https://cracked.st/Thread-Private-Mix-Mail-Good-For-All-3–2092906
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list with 500 valid hits
Category: Combo List
Content: A threat actor on a cracking forum is distributing a free sample of 500 alleged valid Hotmail credential hits. The post promotes a Telegram channel offering mixed mail, logs, ULP, and checkers.
Date: 2026-05-12T18:49:24Z
Network: openweb
Published URL: https://cracked.st/Thread-500x-Private-Hotmails-Valid-Hits
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of mixed stealer logs and credential combo lists
Category: Logs
Content: A threat actor is freely distributing approximately 3GB of mixed stealer logs, email credentials, and ULP (URL:Login:Password) combos via a Telegram channel. The release includes checkers and is advertised as valid across multiple services. No specific victim organization is identified.
Date: 2026-05-12T18:49:14Z
Network: openweb
Published URL: https://cracked.st/Thread-3Gb-Private-Logs-Primedatanet-Good-For-all
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list sample: Hotmail valid hits
Category: Combo List
Content: A threat actor shared a free sample of 700 claimed valid Hotmail credential hits on a cracking forum. The post promotes a Telegram channel offering mix mail, logs, ULP, and checkers. Credentials are marketed as private and valid.
Date: 2026-05-12T18:49:07Z
Network: openweb
Published URL: https://cracked.st/Thread-700x-Private-Hotmails-Valid-Hits
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Perplexity AI Pro subscription upgrades
Category: Services
Content: A threat actor is offering Perplexity AI Pro one-year subscription upgrades for $29.99, significantly below the stated retail price of $240+/year. The seller claims to activate the upgrade directly on the buyers personal email account. The method of obtaining these subscriptions at reduced cost is not disclosed.
Date: 2026-05-12T18:48:43Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-29-99-%E2%9A%A1-Perplexity-AI-Pro-%E2%80%93-1-Year-Upgrade-on-Your-Personal-Email-%E2%9C%85
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 1,257 Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of 1,257 Hotmail credentials on a forum. The content is gated behind registration or a like requirement. No breach of Microsoft or Hotmail is claimed; the credentials are likely sourced from prior breaches and tested against Hotmail accounts.
Date: 2026-05-12T18:48:25Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85%E2%9A%A11257x-good-hotmail%E2%9A%A1%E2%9C%85
Screenshots:
None
Threat Actors: NovaCloudx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 35K Mixed Access Credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 35,000 mixed-access email:password credentials via an external paste link. The list is described as private and is being freely distributed on the forum.
Date: 2026-05-12T18:47:01Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-35K-MIXED-ACCESS-PRIVATE
Screenshots:
None
Threat Actors: COYYT
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of International Cyprus University
Category: Data Leak
Content: A threat actor leaked what is claimed to be user and token data from International Cyprus University via a file-sharing link. The post provides no further details on the volume or nature of the exposed records.
Date: 2026-05-12T18:46:14Z
Network: openweb
Published URL: https://breachforums.rs/Thread-International-Cyprus-University-some-user-token-data
Screenshots:
None
Threat Actors: karahanli31
Victim Country: Cyprus
Victim Industry: Education
Victim Organization: International Cyprus University
Victim Site: Unknown
Sale of Hotmail combo list with 1,067 credentials
Category: Combo List
Content: A threat actor is offering a combo list of 1,067 Hotmail credentials, marketed as high-quality and fresh. The post advertises daily supply of 4,000–12,000 credentials through a private members-only network.
Date: 2026-05-12T18:44:06Z
Network: openweb
Published URL: https://crackingx.com/threads/75074/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of 4,764 Hotmail credentials marketed as premium hits. The post includes a download link and was shared on a cracking forum.
Date: 2026-05-12T18:43:47Z
Network: openweb
Published URL: https://crackingx.com/threads/75075/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Germany-based combo list with 1,352 lines
Category: Combo List
Content: A threat actor shared a combo list containing 1,352 credential pairs described as Germany-based. The list was made available for download on a cracking forum.
Date: 2026-05-12T18:43:27Z
Network: openweb
Published URL: https://crackingx.com/threads/75076/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email:password combo list with 16,557 credentials
Category: Combo List
Content: A threat actor is distributing a mixed email:password combo list advertised as containing 16,557 fully valid credentials. The list appears to aggregate credentials from multiple sources. No specific victim organization or targeted service is identified.
Date: 2026-05-12T18:33:31Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%AD%90%E2%AD%90%E2%AD%9016557-MIX-MAIL-PASS-FULL-VALID-100-%E2%AD%90%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: DexterCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of multiple Indonesian companies including Nakamura, Premmiere, Hitech Computer, and Elefan
Category: Data Breach
Content: A threat actor is selling databases from four Indonesian companies totaling over 120GB of data. The actor claims to be negotiating with the affected companies for deletion of the data and provides sample SQL dumps containing personally identifiable information including names, addresses, national ID numbers, email addresses, religious affiliation, and hashed credentials. The actor indicates some data has already been previously published.
Date: 2026-05-12T18:21:03Z
Network: openweb
Published URL: https://breached.st/threads/4-indonesia-company-database-120gb.87032/unread
Screenshots:
None
Threat Actors: Kyyzo
Victim Country: Indonesia
Victim Industry: Retail
Victim Organization: Nakamura, Premmiere, Hitech Computer, Elefan
Victim Site: nakamura.co.id, premmiere.co.id, hitechcomputer.co.id, elefan.co.id
Alleged data breach of indonesia.go.id
Category: Data Breach
Content: A threat actor is offering a sample database allegedly sourced from indonesia.go.id, an Indonesian government domain. The post indicates the full dataset is available for purchase via direct contact. No record count or data fields are specified in the post.
Date: 2026-05-12T18:20:10Z
Network: openweb
Published URL: https://breached.st/threads/sample-database-indonesia-go-id.87031/unread
Screenshots:
None
Threat Actors: Mr. Hanz Xploit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Indonesian Government
Victim Site: indonesia.go.id
Alleged data leak of axisproerp.com
Category: Data Leak
Content: A threat actor on a cybercrime forum claims to have leaked a database associated with axisproerp.com and has made it available for download. No further details regarding record count, data types, or the nature of the compromise were provided in the post.
Date: 2026-05-12T18:19:39Z
Network: openweb
Published URL: https://breached.st/threads/leak-database-axisproerp-com.87033/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Axis Pro ERP
Victim Site: axisproerp.com
Alleged data breach of eZhire Car Rentals
Category: Data Breach
Content: A threat actor is selling data allegedly exfiltrated from eZhire, a UAE-based on-demand car rental platform. The offering includes approximately 906,492 customer records, a 300GB MySQL dump, KYC photos of government-issued IDs, source code, RSA private keys, API keys, 500k Twilio messages, and over 7 million files totaling 1.3TB spanning 2016 to 2026. Compromised data fields include full name, date of birth, phone number, address, email, hashed passwords, GPS coordinates, IMEI numbers, passport
Date: 2026-05-12T18:15:49Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-UAE-eZhire-Car-Rentals-KYC-PHOTOS-DB-1M
Screenshots:
None
Threat Actors: wikkid
Victim Country: United Arab Emirates
Victim Industry: Transportation
Victim Organization: eZhire
Victim Site: ezhire.com
Alleged data breach of 145VPN
Category: Data Breach
Content: Threat actor xyph0rix posted a leaked database from 145VPN on Breachforums. The breach includes customer data from the VPN service.
Date: 2026-05-12T18:09:37Z
Network: telegram
Published URL: https://t.me/Xyph0rix/346
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: Unknown
Victim Industry: VPN/Cybersecurity
Victim Organization: 145VPN
Victim Site: 145vpn.com
Alleged data breach of Qualita Indonesia HRIS portal
Category: Data Breach
Content: A threat actor known as DarkMafiaX is offering a 140MB SQL database dump allegedly sourced from the HRIS portal of Qualita Indonesia. The dump contains structured user records including usernames, hashed passwords, employee names, email addresses, and system metadata. The data is being made available on a darknet forum behind a reply or account upgrade requirement.
Date: 2026-05-12T18:08:31Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Database-Of-The-Site-hris-qualita-indonesia-net-Indonesia–76294
Screenshots:
None
Threat Actors: DarkMafiaX
Victim Country: Indonesia
Victim Industry: Human Resources
Victim Organization: Qualita Indonesia
Victim Site: hris.qualita-indonesia.net
Alleged data breach of SMAN 1 Gondang
Category: Data Breach
Content: A threat actor is sharing an alleged SQL database dump from sman1gondang.com, an Indonesian secondary school. The dataset includes usernames, bcrypt-hashed passwords, email addresses, IP addresses, and user role information. The database is approximately 30MB in size and is offered as hidden content requiring account upgrade or a reply.
Date: 2026-05-12T18:07:44Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Database-Of-The-Site-sman1gondang-com-Indonesia
Screenshots:
None
Threat Actors: DarkMafiaX
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMAN 1 Gondang
Victim Site: sman1gondang.com
Combo List: 336K UHQ Outlook Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 336,000 Outlook credentials marketed as UHQ and fresh. The list is sponsored by slateaio.com and appears intended for credential stuffing against Outlook/Microsoft accounts.
Date: 2026-05-12T17:57:57Z
Network: openweb
Published URL: https://cracked.st/Thread-336K-UHQ-OUTLOOK-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of ULP combo list sourced from RedLine stealer logs
Category: Combo List
Content: A threat actor is distributing a ULP (URL:Login:Password) combo list claimed to be sourced from RedLine stealer logs, dated 12-05-2026. The content is being shared freely via a public Telegram channel, with a private channel also advertised. No specific victim organization or record count is identified.
Date: 2026-05-12T17:57:40Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%AD%90%E2%AD%90FRESH-ULP-FROM-REDLINE-COUD-12-05-2026-UNRAPPED-UHQ-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: kingdevl10
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Yahoo (1.4M credentials)
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 1.4 million Yahoo credentials, marketed as UHQ (ultra-high quality) and fresh. The post is sponsored by a credential-stuffing tool service.
Date: 2026-05-12T17:57:34Z
Network: openweb
Published URL: https://cracked.st/Thread-1-4M-UHQ-YAHOO-COMBO-FRESH0
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of GOG.com user cookies
Category: Logs
Content: A threat actor shared cookies associated with 372 GOG.com game accounts, made available via a Gofile link. The credentials are marketed as fresh session cookies.
Date: 2026-05-12T17:57:11Z
Network: openweb
Published URL: https://cracked.st/Thread-COOKIES-gog-com-372-Games-Fresh
Screenshots:
None
Threat Actors: HULKMAD
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: GOG
Victim Site: gog.com
Sale of UK email combo list targeting Hotmail, Blueyonder, and AOL
Category: Combo List
Content: A combo list of 25,146 email:password credentials targeting UK-based Hotmail, Blueyonder, and AOL accounts has been shared on a cracking forum. The post is categorized as a mixed-target leak combining multiple email service providers. No additional details are available from the post content.
Date: 2026-05-12T17:57:07Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-25-146-hotmail-blueyonder-aol-UK-Mixed-Target-Leaks
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of RedLine stealer logs
Category: Logs
Content: A threat actor is distributing approximately 1.5GB of stealer logs purportedly collected via RedLine, dated 12-05-2026. The post references a Telegram channel for access to additional or private log content. No specific victim organization or country is identified.
Date: 2026-05-12T17:56:50Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%AD%90%E2%AD%901-5GB-FRESH-UPP-LOGS%E2%AD%90-FROM-REDLINE-12-05-2026-UNRAPPED%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: kingdevl10
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ mix mail access combo list
Category: Combo List
Content: A threat actor is distributing a combo list of 6,548 mixed mail access credentials via a Telegram channel. The post advertises free drops on Telegram and offers a private cloud service for purchase via direct message.
Date: 2026-05-12T17:56:45Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85%E2%9A%A16548X-UHQ-MIX-MAIL-ACCESS%E2%9A%A1%E2%9C%85
Screenshots:
None
Threat Actors: wasifurkchut
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list allegedly containing 2,078 fresh valid credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 2,078 purportedly fresh and valid Hotmail credentials via a Telegram channel. The actor is also offering a private version for purchase via direct message on Telegram.
Date: 2026-05-12T17:56:22Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85%E2%9A%A12078X-HQ-FRESH-VALID-HOTMAIL%E2%9A%A1%E2%9C%85
Screenshots:
None
Threat Actors: wasifurkchut
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Crunchyroll account upgrade service
Category: Services
Content: A forum user is advertising a Crunchyroll account upgrade service, claiming it is legal, lifetime, and has a 0% kick rate. The service appears to offer upgrades to personal accounts for a fee.
Date: 2026-05-12T17:56:14Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9A%A1crunchyroll-upgrade-%E2%9A%A1legal-lifetime-0-kick-rate%E2%AD%90upgrade-your-personal-acc-now
Screenshots:
None
Threat Actors: AairaX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Microsoft 365 account upgrade service
Category: Services
Content: A forum seller is advertising a Microsoft 365 account upgrade service, claiming it is legal, lifetime, and has a 0% kick rate. No further details are available from the post content.
Date: 2026-05-12T17:55:49Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9A%A1microsoft-365-upgrade-%E2%9A%A1legal-lifetime-0-kick-rate%E2%AD%90upgrade-your-acc-now
Screenshots:
None
Threat Actors: AairaX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of KYC bypass and fraudulent account opening course
Category: Carding
Content: A threat actor is selling a course titled Zyrelin Course focused on bypassing KYC verification processes at neobanks and payment processors. The course claims to cover account warming techniques, virtual card and proxy infrastructure setup, and methods to maintain fraudulent accounts without triggering fraud detection systems. The offering targets financial institutions identity verification and risk-assessment controls.
Date: 2026-05-12T17:55:44Z
Network: openweb
Published URL: https://cracked.st/Thread-BEYOND-THE-GATE-Mastering-KYC-High-Tier-Open-Ups
Screenshots:
None
Threat Actors: Zyrelin
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Sale of Netflix lifetime upgrade service
Category: Services
Content: A forum seller is advertising a Netflix lifetime upgrade service for customer-owned accounts. No further details are available in the post content.
Date: 2026-05-12T17:55:25Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%94%A5-netflix-lifetime-upgrade-%E2%9A%A1on-your-own-account-%E2%9A%A1
Screenshots:
None
Threat Actors: AairaX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ Mix Combo List with 28,925 credentials
Category: Combo List
Content: A threat actor operating as @s2lender_txt is offering a combo list of 28,925 mixed credentials, marketed as high quality and fresh. The actor advertises daily supply of 4K–12K credentials described as untouched, with access restricted to private members of their network.
Date: 2026-05-12T17:54:55Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-28925x-hq-mix-by-s2lender-txt
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Xbox Game Pass subscription upgrade service
Category: Services
Content: A forum seller is advertising Xbox Game Pass subscription upgrades, claiming they are legal, lifetime, and have a 0% kick rate. The service appears to offer account upgrades for personal accounts. No further details are available from the post content.
Date: 2026-05-12T17:54:49Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9A%A1xbox-gamepass-%E2%9A%A1legal-lifetime-0-kick-rate%E2%AD%90upgrade-your-personal-acc-now
Screenshots:
None
Threat Actors: AairaX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Canva Pro lifetime account upgrade service
Category: Services
Content: A forum seller is advertising a Canva Pro lifetime upgrade for $17, applied to the buyers own account. No further details are available from the post content.
Date: 2026-05-12T17:54:23Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%92%96canva-pro-lifetime%F0%9F%92%9617-only%F0%9F%92%96on-your-own-account%F0%9F%92%96
Screenshots:
None
Threat Actors: AairaX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 23K mixed email credentials from RedLine stealer logs
Category: Combo List
Content: A threat actor is offering approximately 23,000 mixed email credentials described as full valid hits sourced from RedLine stealer output. The data is advertised as private and unwrapped. Access to the content requires registration or login on the forum.
Date: 2026-05-12T17:54:17Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%AD%90%E2%AD%9023k-mix-mail-acces-full-valid-hits-from-redline%E2%AD%90-private-unrapped-data-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: DAXCLOUUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 5,284 premium mixed mail combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 5,284 mixed email credentials, including Hotmail accounts, marketed as valid hits. The content is gated behind a reply requirement on the forum.
Date: 2026-05-12T17:45:21Z
Network: openweb
Published URL: https://altenens.is/threads/high-voltagehigh-voltage-5284x-premium-mix-mail-hitshigh-voltagehigh-voltage.2938591/unread
Screenshots:
None
Threat Actors: alphacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of VPS/VDS hosting services across 20+ global locations
Category: Services
Content: A seller on the forum is advertising VPS/VDS hosting plans starting at $2.50/month, offered through ProfitServer (profitserver.ru). The service includes unlimited bandwidth, SSD storage, Windows and Linux options, KVM virtualization, and L3-L4 DDoS protection across 20+ locations. The offering is marketed for use cases including VPN, proxies, bots, AI automation, and crypto services.
Date: 2026-05-12T17:43:00Z
Network: openweb
Published URL: https://crackingx.com/threads/75063/
Screenshots:
None
Threat Actors: SeoHide
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of NetJets Aviation database
Category: Data Leak
Content: A threat actor is freely sharing an alleged database associated with NetJets Aviation containing approximately 100,000 records. The dataset includes personal names, email addresses, company names, aircraft tail numbers, and internal identifiers. Sample records referencing individuals linked to multiple aviation companies are provided as proof.
Date: 2026-05-12T17:42:13Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Net-Jets-Aviation-Database-100K–188642
Screenshots:
None
Threat Actors: Vyntra
Victim Country: United States
Victim Industry: Aviation
Victim Organization: NetJets Aviation
Victim Site: netjets.com
Alleged data leak of Australian Migration Centre employee and user data
Category: Data Leak
Content: A threat actor has freely shared two databases allegedly belonging to the Australian Migration Centre. The user database contains personal information including names, contact numbers, dates of birth, email addresses, ID numbers, and visa categories. The employee database includes credentials (passwords, TFA secrets, tokens) alongside organizational and account metadata.
Date: 2026-05-12T17:39:32Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-Australian-Migration-Centre-Employee-and-User-Leak
Screenshots:
None
Threat Actors: kkkreoifezrg
Victim Country: Australia
Victim Industry: Government
Victim Organization: Australian Migration Centre
Victim Site: Unknown
Sale of 782 million URL:Login:Password stealer log credentials
Category: Logs
Content: A threat actor is offering a dataset of 782 million URL:login:password credential pairs described as fresh stealer logs with daily updates and deduplicated entries. The dataset is distributed via a Telegram channel.
Date: 2026-05-12T17:37:30Z
Network: openweb
Published URL: https://breachforums.rs/Thread-URL-LOGIN-PASS-782M-URL-USER-PASS-FRESH-LOGS-DAILY-UPDATE-cloud
Screenshots:
None
Threat Actors: marshel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stealer logs containing URL:Login:Password credentials (988.7 GB)
Category: Logs
Content: A threat actor is selling a private cloud-hosted collection of stealer logs totaling 988.7 GB across more than 10,080 files in URL:Login:Password format. The data is hosted on an external domain and marketed as exclusive. No specific victim organization or industry is identified.
Date: 2026-05-12T17:35:16Z
Network: openweb
Published URL: https://breachforums.rs/Thread-URL-LOGIN-PASS-988-7-GB-%E2%AD%90%EF%B8%8F%E2%98%81URL-LOGIN-PASS%E2%AD%90%EF%B8%8F-10080-exclusive-files-available-%E2%AD%90%EF%B8%8Fcloud-PRIVATE%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: wqorldks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of fresh compromised account databases from multiple countries
Category: Combo List
Content: Seller advertising fresh database access containing compromised accounts from multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT) with inbox access. Claims to have credentials for eBay, OfferUp, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Amazon, Mercari, Kleinanzeigen, and Neosurf accounts. Also claims access to valid webmail accounts (ntlworld) via private cloud infrastructure. Accepting custom keyword searches.
Date: 2026-05-12T17:32:18Z
Network: telegram
Published URL: https://t.me/c/2613583520/80376
Screenshots:
None
Threat Actors: Num
Victim Country: Multiple countries
Victim Industry: Multiple (e-commerce, gaming, travel, payment services)
Victim Organization: Unknown
Victim Site: Unknown
Sale of fresh mix combolist with 52,837 lines
Category: Combo List
Content: A threat actor is distributing a mixed combolist containing 52,837 lines, marketed as fresh. The content is available to registered users on the forum and promoted via a Telegram channel.
Date: 2026-05-12T17:30:04Z
Network: openweb
Published URL: https://crackingx.com/threads/75060/
Screenshots:
None
Threat Actors: Browzchel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list by threat actor s2lender
Category: Combo List
Content: Threat actor s2lender is offering a combo list of approximately 1,898 Hotmail credentials, marketed as high-quality and fresh. The post advertises daily supply of 4,000–12,000 credentials through a private members-only network with encrypted access.
Date: 2026-05-12T17:29:41Z
Network: openweb
Published URL: https://crackingx.com/threads/75064/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: HQ Hotmail Credentials
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 1,278 high-quality Hotmail credentials. The post markets the credentials as fresh and untouched, with claims of daily supply ranging from 4,000 to 12,000 entries.
Date: 2026-05-12T17:29:20Z
Network: openweb
Published URL: https://crackingx.com/threads/75065/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list
Category: Combo List
Content: A threat actor on a cracking forum is offering a set of 770 Hotmail credentials described as private and fresh. The post directs interested parties to contact the seller via Telegram. Content is gated behind forum registration.
Date: 2026-05-12T17:29:01Z
Network: openweb
Published URL: https://crackingx.com/threads/75066/
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list by threat actor s2lender
Category: Combo List
Content: Threat actor s2lender is offering a combo list of 1,828 alleged high-quality Hotmail credentials on a cracking forum. The post advertises daily supply of 4K–12K fresh credentials through a private members-only network. The credentials are marketed as untouched and optimized for credential stuffing.
Date: 2026-05-12T17:28:40Z
Network: openweb
Published URL: https://crackingx.com/threads/75067/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of multiple websites by DanzNismXst7
Category: Defacement
Content: Threat actor DanzNismXst7 claims to have defaced 10 websites, all appearing to be demo/client websites hosted on demowebsiteclient.com domain. URLs provided include various subdomain defacements.
Date: 2026-05-12T17:28:04Z
Network: telegram
Published URL: https://t.me/c/3841736872/410
Screenshots:
None
Threat Actors: DanzNismXst7
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: demowebsiteclient.com
Mass Defacement of Brazilian Website konver.com.br by 3XPLOIT.ID (Anonym)
Category: Defacement
Content: On May 13, 2026, a threat actor known as Anonym, operating under the group 3XPLOIT.ID, conducted a mass defacement campaign targeting konver.com.br, a Brazilian website hosted on a Linux server. The defacement was confirmed as part of a broader mass defacement operation, with a mirror of the attack archived at haxor.id. No specific motivation or proof-of-concept details were disclosed.
Date: 2026-05-12T17:28:00Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249210
Screenshots:
None
Threat Actors: Anonym, 3XPLOIT.ID
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Konver
Victim Site: konver.com.br
Sale of non-VBV credit cards and bank logs for fraudulent use
Category: Carding
Content: A threat actor is offering live non-VBV (Verified by Visa) credit cards claimed to be linkable to payment platforms including Apple Pay, Cash App, Google Pay, PayPal, eBay, and Amazon. The seller also advertises bank logs and PayPal transfers, with cards purportedly available across multiple countries. Prospective buyers are directed to contact the seller via Telegram.
Date: 2026-05-12T17:25:07Z
Network: openweb
Published URL: https://altenens.is/threads/live-non-vbv-cc-available-police-car-lightpolice-car-lightcredit-card-non-vbv-cc-apple-pay-card-credit-cardlinkable-for-any-method-circled-mcheck-mark-button-cash-app-apple-pay-gpay-ebay-amazon-paypal-etc-check-mark-button.2938573/unread
Screenshots:
None
Threat Actors: Sirfergus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of BLACKNET-00 ransomware framework with advanced stealth and encryption capabilities
Category: Malware
Content: Infrastructure Destruction Squad is advertising the sale of BLACKNET-00 ransomware framework source code. The malware includes stealth features (no process visibility, Task Manager evasion), security bypass capabilities (SmartScreen, Windows Defender disable), data theft modules (cryptocurrency wallets, browser credentials, documents, WiFi passwords, keylogging), surveillance features (screenshots, webcam, microphone), file encryption, persistence mechanisms, and a ransom interface demanding XMR cryptocurrency. The threat actor is offering full source code to maximum 2 buyers at 500 USD price point.
Date: 2026-05-12T17:25:02Z
Network: telegram
Published URL: https://t.me/c/2735908986/4274
Screenshots:
None
Threat Actors: Infrastructure Destruction Squad
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Konver by Anonym of 3XPLOIT.ID
Category: Defacement
Content: On May 13, 2026, a threat actor known as Anonym, operating under the group 3XPLOIT.ID, defaced a subdomain of konver.com.br, a Brazilian organization. The defacement targeted a Linux-based web server and was recorded as a single, non-mass defacement incident. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-12T17:22:01Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249209
Screenshots:
None
Threat Actors: Anonym, 3XPLOIT.ID
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Konver
Victim Site: info.konver.com.br
Alleged data breach of 145VPN
Category: Data Leak
Content: A threat actor known as Xyph0rix claims to have leaked a database dump associated with 145VPN (145vpn.com), a VPN service provider. The data has been made available for download on a database-sharing forum, though the record count and specific contents have not been detailed in the post.
Date: 2026-05-12T16:58:55Z
Network: openweb
Published URL: https://breached.st/threads/leaked-database-145vpn.87029/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: 145VPN
Victim Site: 145vpn.com
Alleged data breach of FutureShop Egypt
Category: Data Breach
Content: A threat actor claims to have breached FutureShop, an Egyptian grocery delivery platform, asserting that the entire API was exposed without authentication. Personal data is alleged to have been obtained. Further details are being shared via a Telegram channel.
Date: 2026-05-12T16:58:25Z
Network: openweb
Published URL: https://breached.st/threads/271-egypt-futureshop-breach-pii.87030/unread
Screenshots:
None
Threat Actors: cc5ab
Victim Country: Egypt
Victim Industry: Retail
Victim Organization: FutureShop
Victim Site: Unknown
Website Defacement of Brazilian Government Consortium by 4zz_30 (JABAR ERROR SYSTEM)
Category: Defacement
Content: On May 12, 2026, threat actor 4zz_30, affiliated with the group JABAR ERROR SYSTEM, defaced the Brazilian government consortium website consorciociga.gov.br, uploading a remote code execution proof-of-concept file. The attack targeted a Linux-based server and was recorded as a single, non-mass defacement incident. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-12T16:53:12Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249208
Screenshots:
None
Threat Actors: 4zz_30, JABAR ERROR SYSTEM
Victim Country: Brazil
Victim Industry: Government
Victim Organization: Consórcio CIGA
Victim Site: consorciociga.gov.br
Distribution of education-sector credential combolist with 151,886 lines
Category: Combo List
Content: A threat actor distributed a combolist containing 151,886 credential lines targeting the education sector with mixed domains. The dataset was shared on a criminal forum under a combolist section.
Date: 2026-05-12T16:35:02Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-151-886-Lines-%E2%9C%85-Edu-education-Mixed-Domain-leaks
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Fortinet certification exam voucher codes
Category: Services
Content: A threat actor is offering Fortinet exam voucher codes covering multiple certification levels, from Fundamentals through Expert, including Network Security, Cloud Security, and OT Security tracks. The listing is advertised on a cybercrime forum with delivery via voucher code.
Date: 2026-05-12T16:34:53Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9A%A1Fortinet-Certified-Fundamentals-Cybersecurity-%E2%9C%A8-Associate-Level%E2%9C%A8Professional%E2%9C%A8Expert
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 2.5K mixed credentials combolist targeting multiple regions
Category: Combo List
Content: A threat actor on a combolist forum has freely shared a mixed credentials combolist containing approximately 2,500 entries. The list is described as covering users from the USA, EU, Asia, and Russia.
Date: 2026-05-12T16:34:41Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-2-5K-COMBO-USA-EU-ASIA-RU
Screenshots:
None
Threat Actors: supermind696
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Microsoft Azure certification exam voucher codes
Category: Services
Content: A threat actor on a cybercrime forum is offering Microsoft Azure certification exam voucher codes for $70 each, covering a wide range of Azure certifications from fundamentals to expert level. The listing claims vouchers are available for immediate delivery via direct message.
Date: 2026-05-12T16:34:29Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9C%A8%E2%9C%A8Microsoft-Azure-is-the-Future-of-Cloud-%E2%80%94-Get-Certified-Now-book-your-exam-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Gmail credential combolist containing 100,000+ records
Category: Combo List
Content: A threat actor operating under the alias D4rkNetHub is selling a combolist of 100,000+ Gmail credentials on a cybercrime forum, priced at $10. The credentials are marketed as goods with no further details on their origin or freshness.
Date: 2026-05-12T16:34:18Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-100k-GMAIL-GOODS-D4RKNETHUB-10–2092837
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of AWS certification exam voucher codes
Category: Services
Content: A threat actor is offering AWS certification exam voucher codes for $60 each, covering Foundational and Associate level certifications. The listing advertises delivery via voucher code and claims limited availability.
Date: 2026-05-12T16:34:09Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9C%A8%E2%9C%A8AWS-is-the-World-s-1-Cloud-Platform-%E2%80%94-Get-Certified-Now-Associate-Foundational%E2%9A%A1%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of YouTube Premium account upgrade service
Category: Services
Content: A threat actor is offering a YouTube Premium upgrade service claimed to provide 12 months of access without requiring login credentials. The listing targets personal accounts and is advertised on a cybercrime forum.
Date: 2026-05-12T16:33:43Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9A%A1youtube-premium-%E2%9A%A112-months-no-login-required%E2%AD%90upgrade-your-personal-acc-now
Screenshots:
None
Threat Actors: AairaX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of mail access combo list with 12,100 credential lines
Category: Combo List
Content: A threat actor distributed a combo list marketed as containing 12,100 high-quality mail access credential pairs. The content is gated behind forum registration or login. No specific victim organization or country is identified.
Date: 2026-05-12T16:33:24Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-12-100-good-lines-mail-access-combo-hq
Screenshots:
None
Threat Actors: cloudkaraoke
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Spotify Premium upgrade service advertised on forum
Category: Services
Content: A threat actor is offering a Spotify Premium upgrade service claiming a one-year subscription with a 0% kick rate. The listing targets personal accounts and is advertised on a cybercrime forum.
Date: 2026-05-12T16:33:19Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9A%A1spotify-premium%E2%9A%A11-year-0-kick-rate%E2%AD%90upgrade-your-personal-acc-now
Screenshots:
None
Threat Actors: AairaX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list
Category: Combo List
Content: A threat actor has shared a combo list of 1,070 Hotmail credentials via an external paste site. The credentials are marketed as valid, high-quality, and fresh.
Date: 2026-05-12T16:33:01Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1070-hotmail-hits-valids-uhq-fresh
Screenshots:
None
Threat Actors: ayelmay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of streaming, software, and VPN service accounts across multiple platforms
Category: Services
Content: A threat actor is offering account access to a wide range of subscription services including Netflix, Spotify, Xbox Game Pass, Adobe, Microsoft 365, Disney+, and multiple VPN providers. The listing advertises delivery to the buyers own account across dozens of platforms.
Date: 2026-05-12T16:32:55Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9D%A4%EF%B8%8F%C2%A0%E2%9A%A1-spotify-netflix-xbox-canva-more-%E2%9A%A1on-your-own-account%E2%9A%A1
Screenshots:
None
Threat Actors: AairaX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list
Category: Combo List
Content: A threat actor distributed a combo list containing 1,501 Hotmail credentials marketed as premium valid hits. The content is gated behind forum registration or login and includes mixed mail accounts described as private cloud access.
Date: 2026-05-12T16:32:41Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1501x-premium-hotmail-hits-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: alphaaxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of South Korea credential combo list
Category: Combo List
Content: A threat actor has freely distributed a combo list containing approximately 23,000 credentials purportedly associated with South Korean accounts. The list was posted on a dump forum and made available via an external paste link, dated May 6, 2026.
Date: 2026-05-12T16:32:15Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-23-K-Combo-%E2%9C%AA-South-Korea-%E2%9C%AA-6-MAY-2026-%E2%9C%AA–2293062
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of credential logs for Netflix, Reddit, Funpay, and other platforms
Category: Logs
Content: A threat actor has shared a collection of credentials and cookies for multiple platforms including Netflix, Reddit, and Funpay via an external paste link. The data was made available at no stated cost on a cracking forum.
Date: 2026-05-12T16:32:06Z
Network: openweb
Published URL: https://nulledbb.com/thread-cookie-netflix-ramble-reddit-funpay-more–2293082
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list sample
Category: Combo List
Content: A threat actor distributed a sample combo list containing 1,270 Hotmail credentials on a combolist forum. The content is gated behind registration or login, suggesting it serves as a preview to attract further engagement.
Date: 2026-05-12T16:31:19Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-1270x-SAMPLE-HOTMAIL-%E2%9A%A1%E2%9A%A1–203807
Screenshots:
None
Threat Actors: HollowKnight
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of African National Congress membership database allegedly containing 2 million records
Category: Data Breach
Content: A threat actor on a leaks forum is selling a dataset claimed to be the full membership list of the African National Congress (South Africa). The data purportedly includes RSA ID numbers, full names, birth dates, gender, language, email addresses, phone numbers, and detailed physical addresses. Sample records provided in the post appear consistent with the described schema.
Date: 2026-05-12T16:27:29Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-South-Africa-African-National-Congress-Members-Database-2M-records
Screenshots:
None
Threat Actors: wilson008
Victim Country: South Africa
Victim Industry: Government
Victim Organization: African National Congress
Victim Site: Unknown
Alleged data leak of Disabilitas Aceh government database
Category: Data Leak
Content: A threat actor operating under the name CIAMIS CYBER TEAM claims to have leaked a database belonging to Disabilitas Aceh, an Indonesian government entity. The leaked data reportedly includes full names, addresses, national identification numbers (NIK), sub-district information, gender, and dates of birth. The record count is unknown and the data has been made available via a shared link on a database leaks forum.
Date: 2026-05-12T16:04:00Z
Network: openweb
Published URL: https://breached.st/threads/leaked-database-disabilitas-aceh.87028/unread
Screenshots:
None
Threat Actors: CIAMIS CYBER TEAM
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Disabilitas Aceh
Victim Site: Unknown
Distribution of French email and password combo list
Category: Combo List
Content: A threat actor distributed a combo list claimed to contain 40,000 lines of French email and password credentials. The list is marketed as unique combinations and dated 2026.
Date: 2026-05-12T15:38:30Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-40k-LINES-FRANCE-MAILPASS-2026-UNIQUE-COMBO-1
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of URL:login:password credential logs
Category: Combo List
Content: A threat actor operating under the handle BOXOWNER is distributing URL:login:password credential logs, marketed as a new update (Part 5 of an ongoing series). Additional updates are indicated as forthcoming.
Date: 2026-05-12T15:38:10Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-BOX-MAIN-NEW-URL-LOG-PASS-12-05-26%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8FPART-5
Screenshots:
None
Threat Actors: BOXOWNER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 50,000 Yahoo credential combo list
Category: Combo List
Content: A threat actor known as Vows has shared a combo list containing 50,000 Yahoo credentials on a cracking forum. The credentials are marketed as fresh and ultra-high quality (UHQ).
Date: 2026-05-12T15:37:48Z
Network: openweb
Published URL: https://cracked.st/Thread-50K-UHQ-YAHOO-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 43K Outlook credential combo list
Category: Combo List
Content: A threat actor on a combolist forum has made available a combo list of approximately 43,000 Outlook credentials marketed as fresh and ultra-high quality. The listing is sponsored by an external service and attributed to the user Vows.
Date: 2026-05-12T15:37:26Z
Network: openweb
Published URL: https://cracked.st/Thread-43K-UHQ-OUTLOOK-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 1.1M Gmail credential combo list
Category: Combo List
Content: A threat actor distributed a combo list containing approximately 1.1 million Gmail credentials, marketed as fresh. The list was shared on a combolist forum and is sponsored by a third-party service.
Date: 2026-05-12T15:37:04Z
Network: openweb
Published URL: https://cracked.st/Thread-1-1M-UHQ-GMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 400K mixed email credential combo list
Category: Combo List
Content: A threat actor on a combolist forum has distributed a combo list containing approximately 400,000 mixed email credentials marketed as fresh. The post is sponsored by an external service and no specific victim organization or industry is identified.
Date: 2026-05-12T15:36:35Z
Network: openweb
Published URL: https://cracked.st/Thread-400K-UHQ-MIXED-MAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combolist marketed as fresh
Category: Combo List
Content: A threat actor operating under the handle Vows has distributed a combolist containing approximately 1,100 Hotmail credentials, marketed as fresh. The post is sponsored by vows.solutions and was shared on a public combolist forum.
Date: 2026-05-12T15:36:10Z
Network: openweb
Published URL: https://cracked.st/Thread-1-1K-SUHQ-HOTMAIL-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of alleged high-quality Brazil email:password combolist
Category: Combo List
Content: A threat actor operating under the alias ShroudX is distributing a credential combolist marketed as high-quality Brazil email and password combinations. The content is gated behind forum registration or login, limiting visibility into the datasets scope or origin.
Date: 2026-05-12T15:35:57Z
Network: openweb
Published URL: https://patched.to/Thread-hq-brazil-emailpass-combolist-shroud20-txt-300660
Screenshots:
None
Threat Actors: ShroudX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged cryptocurrency wallet exploitation and theft service
Category: Malware
Content: Threat actor operating under handle crypto_brave is advertising an automated cryptocurrency wallet exploitation service. The actor claims to operate a database of 1.3 billion wallets and offers to check wallets across 250 EVM and non-EVM blockchains with 50 different derivations. The service appears designed to monetize stolen cryptocurrency wallet credentials, offering 70% payout to clients. Contact methods include Telegram bot (@crypto_otrabotka_bot) and direct message (@crypto_brave), with presence on multiple underground forums (Lolz, Exploit, XSS, BHF).
Date: 2026-05-12T15:35:32Z
Network: telegram
Published URL: https://t.me/c/1397463379/11284
Screenshots:
None
Threat Actors: crypto_brave
Victim Country: Unknown
Victim Industry: cryptocurrency
Victim Organization: Unknown
Victim Site: Unknown
Sale of CompTIA certification exam voucher codes
Category: Services
Content: A threat actor is offering voucher codes for CompTIA certification exams across multiple tracks, including core, cybersecurity, and specialist certifications. The listing claims codes allow buyers to book and complete exams remotely, with interested parties directed to contact via direct message.
Date: 2026-05-12T15:35:27Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%AD%90%E2%AD%90%E2%AD%90COMPTIA-CERTIFICATIONS-%E2%80%94-VOUCHER-CODE-AVAILABLE-%E2%AD%90%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of alleged valid Hotmail credential combo list
Category: Combo List
Content: A forum user is distributing a combo list purportedly containing valid Hotmail credentials. The content is hidden behind a registration or login requirement, limiting visibility into the scope or format of the data.
Date: 2026-05-12T15:35:19Z
Network: openweb
Published URL: https://patched.to/Thread-hotmail-valid-301615
Screenshots:
None
Threat Actors: ZAMPARA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of URL:Login:Password combo list with 8 million lines
Category: Combo List
Content: A threat actor distributed a combo list containing over 8 million URL:login:password credential pairs on a cybercrime forum. The content was shared as part of an ongoing free series (part 335) under the handle lexityfr.
Date: 2026-05-12T15:35:00Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-335
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Croatian credential combo list
Category: Combo List
Content: A threat actor has freely distributed a combo list containing approximately 15,000 credentials purportedly associated with Croatian accounts. The list is dated May 7, 2026, and was shared via an external paste service.
Date: 2026-05-12T15:34:27Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-15-K-Combo-%E2%9C%AA-Croatia-%E2%9C%AA-7-MAY-2026-%E2%9C%AA–2293031
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Netflix account checker tool
Category: Services
Content: A threat actor on a cracking forum has shared a link to a Netflix account checker tool. The post provides an external URL hosting the checker, suggesting it is being distributed freely to forum members.
Date: 2026-05-12T15:34:08Z
Network: openweb
Published URL: https://nulledbb.com/thread-Netflix-Account-Checker–2293052
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of mixed credentials combolist
Category: Combo List
Content: A threat actor on a combolist forum is distributing a set of approximately 1,700 mixed credentials marketed as fresh. The content is gated behind registration or login, limiting visibility into the specific services or regions targeted.
Date: 2026-05-12T15:33:51Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-1700x-FRESH-MIX-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Nulled07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of mixed credentials combo list containing 22,000 entries
Category: Combo List
Content: A threat actor operating under the name UniqueCombo has shared a combo list of approximately 22,000 mixed credentials on a combolist forum. The post references an associated shop (unique-combo.shop) offering combo lists by country and on request. No specific victim organization or industry is identified.
Date: 2026-05-12T15:33:08Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-MIX-Unique-Combo-5-22000
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of cracked Notes AIO tool
Category: Alert
Content: A threat actor shared multiple download mirrors for a cracked version of Notes AIO, attributed to revpub. The tool is being distributed freely on a cracking-focused forum.
Date: 2026-05-12T15:32:51Z
Network: openweb
Published URL: https://demonforums.net/Thread-Notes-aio-cracked-by-revpub
Screenshots:
None
Threat Actors: makitabosch
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of alleged valid mixed credential combolist
Category: Combo List
Content: A threat actor is distributing a combolist marketed as containing valid Hotmail and mixed credentials, advertised as UHQ (ultra-high quality). The content is hidden behind registration or login, with additional contact via Telegram handle @noiraccesss.
Date: 2026-05-12T15:32:47Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X1594-Valid-UHQ-Mix-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of La Suite Numérique (French government digital platform)
Category: Data Breach
Content: A threat actor on BF3 claims to have exfiltrated over 400,000 records from lasuite.numerique.gouv.fr, a French government digital services platform. The data is offered for sale via direct message, with samples of up to 5,000 lines available on request.
Date: 2026-05-12T15:31:28Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELL-LASUITE-GOV-DATABASE-FR
Screenshots:
None
Threat Actors: exclode
Victim Country: France
Victim Industry: Government
Victim Organization: La Suite Numérique
Victim Site: lasuite.numerique.gouv.fr
Distribution of Hotmail Spain combolist with 8.8K credentials
Category: Combo List
Content: A combolist containing approximately 8,800 Hotmail email and password combinations attributed to Spanish accounts has been shared on a criminal forum. The content is hidden behind a registration or login requirement.
Date: 2026-05-12T15:27:22Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-8-8K-Hotmail-Es-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Yahoo credential combo list
Category: Combo List
Content: A combo list containing approximately 10,000 Yahoo email and password combinations has been made available on a combolist forum. The post was authored by mindreading with no additional details provided regarding the origin or freshness of the credentials.
Date: 2026-05-12T15:26:55Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Yahoo-10K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of mnechnach.com by Threat Actor Zod
Category: Defacement
Content: On May 12, 2026, a threat actor operating under the alias Zod defaced the website mnechnach.com, targeting a specific page (zod.html) hosted on a Linux-based server. The incident was a targeted single-page defacement, with no mass or repeated defacement activity reported. The attackers motive and the victims organizational details remain unknown.
Date: 2026-05-12T15:24:12Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249206
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: mnechnach.com
Website Defacement of Jomav Homes Blog by Threat Actor Zod
Category: Defacement
Content: On May 12, 2026, a threat actor operating under the alias Zod defaced the website jomavhomesblog.com, a real estate blog platform. The attack targeted a specific page (zod.html) on a Linux-based server and was recorded as a single, non-mass defacement. The incident was archived and mirrored via haxor.id, indicating public attribution by the attacker.
Date: 2026-05-12T15:22:18Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249207
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Real Estate / Blogging
Victim Organization: Jomav Homes
Victim Site: jomavhomesblog.com
Distribution of Hotmail credential combo list
Category: Combo List
Content: A threat actor distributed a combo list containing an undisclosed number of Hotmail credentials on a cybercrime forum. The list is marketed as high quality and is attributed to the user @Stevee36.
Date: 2026-05-12T15:18:00Z
Network: openweb
Published URL: https://crackingx.com/threads/75048/
Screenshots:
None
Threat Actors: stevee36
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combolist
Category: Combo List
Content: A threat actor operating under the alias D4rkNetHub has shared a combolist containing 3,888 Hotmail credentials on a cybercrime forum. The credentials are marketed as good quality and hosted via an external image-sharing and content link.
Date: 2026-05-12T15:17:41Z
Network: openweb
Published URL: https://crackingx.com/threads/75049/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 62K email access credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list purportedly containing 62,000 valid email access credentials, marketed as full mail access mix of top quality. The content is gated behind forum registration and was posted on a combolists and dumps forum.
Date: 2026-05-12T15:17:22Z
Network: openweb
Published URL: https://crackingx.com/threads/75050/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged cryptocurrency laundering service advertisement
Category: Cyber Attack
Content: User Every posted an advertisement for cryptocurrency-to-cash conversion services, emphasizing discretion and limited access availability. The post includes repeated Telegram group links and suggests illicit financial activity facilitation.
Date: 2026-05-12T15:17:14Z
Network: telegram
Published URL: https://t.me/setforge/9
Screenshots:
None
Threat Actors: Every
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is offering a combo list of 935 Hotmail credentials marketed as private and fresh. Access to the content requires forum registration or sign-in, with contact directed to a Telegram handle.
Date: 2026-05-12T15:17:03Z
Network: openweb
Published URL: https://crackingx.com/threads/75051/
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of NVMe VPS/VDS hosting services in the Netherlands
Category: Services
Content: A threat actor on a cybercrime forum is offering VPS/VDS servers hosted in the Netherlands starting at €5/month, featuring KVM virtualization, full root SSH access, unlimited traffic, and a 1Gbps port. The listing promotes suitability for VPN/proxy services, automation bots, and high-load applications.
Date: 2026-05-12T15:15:31Z
Network: openweb
Published URL: https://crackingx.com/threads/75047/
Screenshots:
None
Threat Actors: SeoHide
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Prim Ferry Tattoo Studio
Category: Data Breach
Content: A threat actor posted content referencing Prim Ferry Tattoo Studio, an Indonesian tattoo studio located in Batam, Riau Islands. The post appears to include a reconstructed or scraped webpage displaying the studios price list. No specific data type or record count was disclosed.
Date: 2026-05-12T15:06:08Z
Network: openweb
Published URL: https://breached.st/threads/script-blogger-to-prim-ferry-tattoo-studio-to-batam-riau-islands.87026/unread
Screenshots:
None
Threat Actors: mr999x
Victim Country: Indonesia
Victim Industry: Retail
Victim Organization: Prim Ferry Tattoo Studio
Victim Site: Unknown
Alleged data breach of ZAMECO 1 utility company in the Philippines
Category: Data Breach
Content: A threat actor operating under the handle Z4ne0days claims to be selling data allegedly obtained from ZAMECO 1, a utility company in the Philippines. The dataset contains 43 records including customer names, email addresses, and account numbers. The data is being offered for sale on a database-focused forum.
Date: 2026-05-12T15:04:39Z
Network: openweb
Published URL: https://breached.st/threads/zameco-1-comapny-branch-breach.87027/unread
Screenshots:
None
Threat Actors: Z4ne0days
Victim Country: Philippines
Victim Industry: Utilities
Victim Organization: ZAMECO 1
Victim Site: Unknown
Distribution of URL:login:password credential combo list
Category: Combo List
Content: A threat actor distributed a combo list formatted as URL:login:password credentials, marketed as a new update. Additional updates were indicated as forthcoming, with support offered for further releases.
Date: 2026-05-12T14:40:03Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-BOX-MAIN-NEW-URL-LOG-PASS-12-05-26%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8FPART-3
Screenshots:
None
Threat Actors: BOXOWNER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of URL:login:password credential logs
Category: Combo List
Content: A threat actor distributed a set of URL:login:password credential logs, marketed as a new update and labeled as part four of an ongoing series. Additional updates are indicated as forthcoming by the poster.
Date: 2026-05-12T14:39:42Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-BOX-MAIN-NEW-URL-LOG-PASS-12-05-26%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8FPART-4
Screenshots:
None
Threat Actors: BOXOWNER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Europa/Germany mixed combolist containing over 1.1 million credential lines
Category: Combo List
Content: A threat actor distributed a mixed combolist reportedly containing 1,131,827 lines of credentials, described as targeting European and German accounts. The list was shared on a public forum under the handle HqComboSpace.
Date: 2026-05-12T14:39:23Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-131-827-Lines-%E2%9C%85-Europa-Germany-Mixed-Combolist
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of corporate business combolist containing 81,643 credentials
Category: Combo List
Content: A threat actor on a combolist forum has made available a combolist marketed as Corp Lead Business containing 81,643 credential records. No additional details regarding the origin, targeted industries, or verification status of the credentials are available from the post.
Date: 2026-05-12T14:38:54Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-81-643-%E2%9C%85-Corp-Lead-Bussines-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of ULP credential log file
Category: Logs
Content: A threat actor distributed a ULP (URL:Login:Password) format credential log file via a Telegram channel, posted on 2026-05-12. No victim organization, industry, or record count was specified in the post.
Date: 2026-05-12T14:38:31Z
Network: openweb
Published URL: https://cracked.st/Thread-ULP-TXT-LOG-12-05-26
Screenshots:
None
Threat Actors: ULPTXT
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Germany-targeted credential combo list
Category: Combo List
Content: A threat actor distributed a credential combo list purportedly targeting Germany on a combolist forum. No record count, victim organization, or data source was specified in the post.
Date: 2026-05-12T14:38:27Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-GERMANY–2092797
Screenshots:
None
Threat Actors: FlightUSA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of BeeTraffic stealer logs containing credentials
Category: Logs
Content: A threat actor distributed 1,500 stealer logs (1.4 GB) for free on a criminal forum under the BeeTraffic label. The logs are dated May 7–9, 2026, and are described as originating from installs.
Date: 2026-05-12T14:38:09Z
Network: openweb
Published URL: https://cracked.st/Thread-BeeTraffic-1500x-logs-free
Screenshots:
None
Threat Actors: inspctr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list of 2,893 Hotmail credentials marketed as high-quality and fresh via a Telegram channel. A private cloud service containing additional credentials is also offered for sale via direct message.
Date: 2026-05-12T14:37:55Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%E2%9A%A1-2893x-HQ-FRESH-VALID-HOTMAIL-12-5%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: wasifurkchut
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list
Category: Combo List
Content: A threat actor operating under the alias D47 has shared a combo list of approximately 1,400 Hotmail credentials on a cybercrime forum. The content is gated behind registration or login, with the poster soliciting likes for further distributions.
Date: 2026-05-12T14:37:37Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1-4k-hotmail-mail-access-%E2%9C%85-301599
Screenshots:
None
Threat Actors: D47
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 1,000 Hotmail credentials combo list
Category: Combo List
Content: A threat actor distributed a combo list containing approximately 1,000 Hotmail account credentials. The post labels the data as old and references a VIP Cloud source. Content is gated behind forum registration or login.
Date: 2026-05-12T14:37:17Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%92%A41-0k-hotmail-mail-acces%F0%9F%92%A4%E2%9C%A8-11-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 1.4K Hotmail credentials combo list
Category: Combo List
Content: A threat actor operating under the name MonnarhTeam has shared a combo list containing approximately 1,400 Hotmail credentials, marketed as valid and dated May 12. The content is gated behind forum registration or login.
Date: 2026-05-12T14:37:00Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1-4k-just-valid-hotmail-access-12-05
Screenshots:
None
Threat Actors: MonnarhTeam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of usage guide for CT Eagles MBY credential checker tool
Category: Services
Content: A threat actor shared a guide for CT Eagles MBY 2.2.0.4, described as a credential checking tool. The guide was made available via an external paste link on a cracking forum.
Date: 2026-05-12T14:36:41Z
Network: openweb
Published URL: https://nulledbb.com/thread-CT-Eagles-MBY-2-2-0-4-Guide-Learn-to-Use-This-Powerful-Checker-Tool–2292955
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of French email:password combo list
Category: Combo List
Content: A threat actor known as Fragtez has freely distributed a combo list of approximately 1,547,000 email and password credential pairs purportedly associated with French users. The credentials are marketed as fresh and were posted on a dump forum with a link to an external paste service.
Date: 2026-05-12T14:36:25Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%A6%E2%9C%A6-1-547-K-%E2%9C%A6-France-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-27-4-2026-%E2%9C%A6%E2%9C%A6–2292965
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of SMS verification service with promotional pricing
Category: Services
Content: A threat actor is offering an SMS verification service at $2 per use, advertised with a promotional code providing $20 in total value. The listing is hosted on an external paste site and promoted via a cracking forum.
Date: 2026-05-12T14:36:21Z
Network: openweb
Published URL: https://nulledbb.com/thread-X10-2-SMS-Verification-Service-Promocode-20-Total–2292988
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Kenyan email:password credential combolist
Category: Combo List
Content: A threat actor distributed a combolist of approximately 17,000 email and password credential pairs purportedly associated with Kenyan users via an external paste link. The credentials are marketed as fresh with a noted date of May 10, 2026.
Date: 2026-05-12T14:36:04Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%A6%E2%9C%A6-17-K-%E2%9C%A6-Kenya-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-10-5-2026-%E2%9C%A6%E2%9C%A6–2292997
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of credential cookies for eBay, Apple, Temu, Lowes and other platforms
Category: Logs
Content: A threat actor has publicly shared a collection of credential cookies targeting multiple consumer platforms including eBay, Apple, Temu, and Lowes, among others. The data was made available via an external paste link on a cracking forum.
Date: 2026-05-12T14:36:00Z
Network: openweb
Published URL: https://nulledbb.com/thread-cookies-ebay-apple-temu-lowes-more–2293017
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list
Category: Combo List
Content: A threat actor distributed a combo list of 2,935 Hotmail credentials on a cybercrime forum. The credentials are marketed as fresh. The content is gated behind registration or login.
Date: 2026-05-12T14:35:28Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-2935x-FRESH-HOTMAIL-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Nulled07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of AWS Amazon SMTP service with high-volume sending capability
Category: Services
Content: A threat actor is offering AWS Amazon SMTP access for sale, claiming 100% inbox delivery to Office365 and Hotmail with a sending limit exceeding 50,000 messages. The service is marketed as suitable for email and SMS spamming, with inbox testing available before purchase. Contact is facilitated via Telegram.
Date: 2026-05-12T14:35:07Z
Network: openweb
Published URL: https://demonforums.net/Thread-Selling-AWS-Amazon-SMTP-Inbox-Tested
Screenshots:
None
Threat Actors: imi_jav1995
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 7 million corporate business credential combo list
Category: Combo List
Content: A threat actor operating under the alias CODER is distributing a credential combo list marketed as corporate business accounts, reportedly containing 7 million records. The list is being shared via Telegram channels and a forum post, with direct contact offered for additional combo requests.
Date: 2026-05-12T14:26:06Z
Network: openweb
Published URL: https://crackingx.com/threads/75038/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of mixed email credential combolist
Category: Combo List
Content: A threat actor operating under the alias NotSellerxd has distributed a combolist containing approximately 4,210 mixed email credentials via a cybercrime forum. The list is being made available for free download with no stated victim organization or country of origin.
Date: 2026-05-12T14:25:44Z
Network: openweb
Published URL: https://crackingx.com/threads/75042/
Screenshots:
None
Threat Actors: NotSellerxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list with 1,637 entries
Category: Combo List
Content: A threat actor has freely distributed a combo list containing 1,637 Hotmail credentials marketed as high-quality hits. The list is accompanied by keyword-based targets and country-sorted subsets.
Date: 2026-05-12T14:25:24Z
Network: openweb
Published URL: https://crackingx.com/threads/75043/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 30K credential combolist on cybercrime forum
Category: Combo List
Content: A threat actor operating under the alias RandomUpload has shared a combolist containing approximately 30,000 credentials on a cybercrime forum. The origin, industry, and targeted organizations associated with the credentials are unknown. The content was made available to registered forum users.
Date: 2026-05-12T14:25:06Z
Network: openweb
Published URL: https://crackingx.com/threads/75046/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of mixed email and password combo list
Category: Combo List
Content: A threat actor distributed a combo list containing approximately 5,300 mixed email and password credential pairs on a combolist forum. No further details regarding the source or targeted services were provided.
Date: 2026-05-12T14:23:55Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combo-5-3K-Mixed-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list
Category: Combo List
Content: A combo list containing approximately 5,800 Hotmail email and password pairs has been shared on a cracking forum. The content is gated behind registration or login to access.
Date: 2026-05-12T14:22:30Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combo-5-8K-Hotmail-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of law enforcement email credentials and police portal access for emergency data requests
Category: Initial Access
Content: A threat actor on BreachForums is offering compromised law enforcement and government email credentials along with access to police portals across multiple countries including Thailand, Brazil, Argentina, Malaysia, Bosnia, Pakistan, Vietnam, Nigeria, and others, with prices ranging from $20 to $100 per access. The credentials are advertised for use in emergency data requests (EDRs) targeting major platforms including Instagram, Facebook, WhatsApp, TikTok, Snapchat, Microsoft, and Apple to extrac
Date: 2026-05-12T14:17:16Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Selling-Government-Emails-and-Police-Emails-for-EDRs-and-forged-court-orders-and-doma–188620
Screenshots:
None
Threat Actors: 0056113
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Distribution of alleged TikTok credential combo list
Category: Combo List
Content: A threat actor known as JAX7 has distributed a list of approximately 10,000 alleged TikTok account credentials via a MediaFire download link. A sample was included in the post.
Date: 2026-05-12T14:12:31Z
Network: openweb
Published URL: https://breached.st/threads/10k-accounts-tiktok.87025/unread
Screenshots:
None
Threat Actors: JAX7
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of alleged database labeled DPR-RI
Category: Data Leak
Content: A forum user shared what appears to be a database labeled DPR-RI at no cost, providing a download link and sample. No details regarding record count, data types, or victim organization were disclosed in the post.
Date: 2026-05-12T14:10:49Z
Network: openweb
Published URL: https://breached.st/threads/database-data-dpr-ri.87024/unread
Screenshots:
None
Threat Actors: JAX7
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of CSI Tech by Miyomar of Indonesian Payload Party
Category: Defacement
Content: On May 12, 2026, a threat actor known as Miyomar, affiliated with the group Indonesian Payload Party, defaced a page on the Thai technology company CSI Techs website. The attack targeted a specific subdirectory rather than the homepage and is not classified as a mass or repeat defacement. The incident was mirrored and archived by zone-xsec.com.
Date: 2026-05-12T14:10:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920687
Screenshots:
None
Threat Actors: Miyomar, Indonesian Payload Party
Victim Country: Thailand
Victim Industry: Technology
Victim Organization: CSI Tech
Victim Site: www.csitech.co.th
Alleged breach of 10,000 TikTok accounts
Category: Data Breach
Content: A threat actor operating under the handle jax7 on Breachforums has posted about a breach involving 10,000 TikTok accounts. The breach details are shared on Breachforums thread discussing the compromised accounts.
Date: 2026-05-12T14:09:31Z
Network: telegram
Published URL: https://t.me/byjax7/641
Screenshots:
None
Threat Actors: jax7
Victim Country: Unknown
Victim Industry: Social Media
Victim Organization: TikTok
Victim Site: tiktok.com
Alleged sale of RDP access to cloud infrastructure and email accounts
Category: Initial Access
Content: Threat actor PORTAL is advertising rental of RDP access to Azure, AWS, and DigitalOcean infrastructure on a daily/monthly basis for $200. Also offering domain email accounts (Gmail, Yahoo), domain access, and GitHub Student accounts. Service includes escrow protection.
Date: 2026-05-12T13:55:09Z
Network: telegram
Published URL: https://t.me/c/2613583520/80278
Screenshots:
None
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 1.2 million URL:Login:Password credential combo list
Category: Combo List
Content: A threat actor operating under the handle KURZL0GS has freely distributed a combo list containing approximately 1.2 million URL:login:password credential pairs on a criminal forum. The list is marketed as private and high-quality (UHQ). No specific victim organization or industry is identified.
Date: 2026-05-12T13:44:37Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%9A%A1-1-2M-URL-LOG-PASS-PRIVATE-UHQ-BY-KURZL0GS%E2%9A%A1–2092777
Screenshots:
None
Threat Actors: KURZL0GS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of free credential logs sample set by threat actor BradMax
Category: Logs
Content: A threat actor known as BradMax has distributed a free sample set of approximately 1,500 credential logs dated May 2026 via a Telegram channel. The post indicates this is a periodic test release intended to promote a larger commercial log service available through an automated bot. Full log purchases are advertised through the actors Telegram contact.
Date: 2026-05-12T13:43:47Z
Network: openweb
Published URL: https://cracked.st/Thread-LEAK-FREE-TEST-LOGS-1500-logs-May-2026-samples
Screenshots:
None
Threat Actors: BradMax
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of alleged fresh Hotmail credential combo list
Category: Combo List
Content: A threat actor operating under the alias Cypheer is distributing a combo list of Hotmail credentials, marketed as fresh private lines. The content is gated behind forum registration or login.
Date: 2026-05-12T13:42:58Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%93%A2private-lines-hotmail%F0%9F%93%A2-%E2%9C%85cypher-cloud%E2%9C%85-%F0%9F%8C%AC%EF%B8%8Fhotmail-fresh%F0%9F%8C%AC%EF%B8%8F
Screenshots:
None
Threat Actors: Cypheer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list
Category: Combo List
Content: A threat actor on a criminal forum has distributed a combo list containing 1,367 Hotmail credentials marketed as premium hits. The list was made available for free download.
Date: 2026-05-12T13:42:50Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%9C-1367x-PREMIUM-HOTMAIL-HITS-%E2%9A%9C
Screenshots:
None
Threat Actors: ANON49
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list with 1,405 claimed hits
Category: Combo List
Content: A threat actor has shared a combo list of 1,405 Hotmail credentials marketed as premium hits on a cybercrime forum. The content is hidden behind registration or login, limiting visibility into the datas origin or verification status.
Date: 2026-05-12T13:42:16Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85%E2%AD%901405x-hotmail-premium-hits%E2%9C%85%E2%AD%90
Screenshots:
None
Threat Actors: Psyho70244
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combolist
Category: Combo List
Content: A combolist of approximately 1,200 Hotmail credentials, marketed as fully valid, has been shared on a combolist forum by the user AnticaCloud, attributed to @Kommander0. The content is gated behind registration or login on the forum.
Date: 2026-05-12T13:41:56Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1-2k-hotmail-full-valid-by-kommander0-12-05
Screenshots:
None
Threat Actors: AnticaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of credential combo list targeting Serbian users
Category: Combo List
Content: A threat actor distributed a combo list containing approximately 18,000 credentials via an external paste service. The list is dated April 29, 2026, and is marketed as targeting Serbia.
Date: 2026-05-12T13:41:34Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-18-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Serbia-%E2%9C%AA-29-APR-2026-%E2%9C%AA–2292935
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of private torrent tracker invitations on cracking forum
Category: Services
Content: A threat actor is selling invitations to multiple private torrent trackers including PassThePopcorn, Empornium, Nebulance, UHDBits, and BeyondHD, with prices ranging from $100 to $350 per invite. Payment is accepted in LTC or BTC, with contact via Telegram, Discord, and Google Hangouts.
Date: 2026-05-12T13:41:05Z
Network: openweb
Published URL: https://nulledbb.com/thread-Selling-BeyondHD-invite-250–2292930
Screenshots:
None
Threat Actors: ZoOqO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Windows 10/11 activation tool on cracking forum
Category: Malware
Content: A forum user is distributing a Windows 10/11 activator via a download link on a cracking tools forum. Tools of this type are commonly associated with malware distribution or unwanted software bundling.
Date: 2026-05-12T13:40:20Z
Network: openweb
Published URL: https://demonforums.net/Thread-Windows-10-11-Activator
Screenshots:
None
Threat Actors: anonym
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of cracking tool X3 Solution trial version
Category: Alert
Content: A forum post on a cracking tools forum is distributing a trial version of a tool referred to as X3 Solution via a download link. No further details about the tools capabilities or intended targets are provided in the post.
Date: 2026-05-12T13:39:56Z
Network: openweb
Published URL: https://demonforums.net/Thread-X3-Solution-Trial
Screenshots:
None
Threat Actors: anonym
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Serbian email:password combo list
Category: Combo List
Content: A threat actor known as CobraEgy has shared a combo list of over 13,000 email and password credential pairs purportedly associated with Serbia. The credentials are marketed as fresh and high quality, with a noted date of May 12, 2026.
Date: 2026-05-12T13:39:21Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-13-K-%E2%9C%A6-Serbia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-12-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of cracked Crosshair X software
Category: Malware
Content: A threat actor is distributing a cracked version of Crosshair X on a cracking forum. The post provides a download link with no further technical details disclosed.
Date: 2026-05-12T13:39:09Z
Network: openweb
Published URL: https://demonforums.net/Thread-Crosshair-X-CRACKED
Screenshots:
None
Threat Actors: anonym
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Singapore email:password combo list
Category: Combo List
Content: A threat actor known as CobraEgy has shared a combo list of approximately 11,000 email and password credential pairs purportedly associated with Singapore. The credentials are marketed as fresh and high quality, dated May 12, 2026, and are available behind a registration or login wall on the forum.
Date: 2026-05-12T13:38:41Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-11-K-%E2%9C%A6-Singapore-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-12-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of alleged Fortnite game tweaking tool
Category: Alert
Content: A forum post advertises a tool described as an Ultimate Fortnite Tweak with a download link. No additional technical details, pricing, or payload information are provided in the post.
Date: 2026-05-12T13:38:36Z
Network: openweb
Published URL: https://demonforums.net/Thread-Ultimate-Fortnite-Tweak
Screenshots:
None
Threat Actors: anonym
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Slovenian email:password combo list
Category: Combo List
Content: A threat actor operating under the alias CobraEgy has shared a combo list purportedly containing over 11,000 email and password credential pairs associated with Slovenia. The credentials are marketed as fresh and high quality, with a claimed date of May 12, 2026.
Date: 2026-05-12T13:38:18Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-11-K-%E2%9C%A6-Slovenia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-12-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of alleged cracked CapCut Pro software
Category: Alert
Content: A forum post advertises a download link purportedly providing access to a cracked version of CapCut Pro. No further technical details or payload information are provided in the post.
Date: 2026-05-12T13:38:12Z
Network: openweb
Published URL: https://demonforums.net/Thread-CapCut-Pro
Screenshots:
None
Threat Actors: anonym
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 14,000 mixed email access credentials
Category: Combo List
Content: A threat actor distributed a combo list of approximately 14,000 email credentials marketed as fresh mixed mail access. The content is gated behind forum registration or login, suggesting distribution to forum members only.
Date: 2026-05-12T13:37:57Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-14K-FRESH-MIX-MAIL-ACCESS–203786
Screenshots:
None
Threat Actors: StrawHatBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of alleged Spotify Premium credential combo list
Category: Combo List
Content: A forum user shared a link purportedly containing Spotify Premium credentials. No record count or additional details were provided in the post.
Date: 2026-05-12T13:37:53Z
Network: openweb
Published URL: https://demonforums.net/Thread-Spotify-Premium–203785
Screenshots:
None
Threat Actors: anonym
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of mixed credentials combo list containing 22,000 entries
Category: Combo List
Content: A threat actor operating under the alias UniqueCombo has shared a combo list of approximately 22,000 mixed credentials on a combolist forum. The content is gated behind registration or login. The actor also advertises a shop offering combo lists by country and on request.
Date: 2026-05-12T13:37:29Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-MIX-Unique-Combo-4-22000
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of leaked credential logs via file-sharing link
Category: Logs
Content: A threat actor shared a Mega.nz link purportedly containing private logs with credentials. No victim organization, industry, or record count was specified in the post.
Date: 2026-05-12T13:37:24Z
Network: openweb
Published URL: https://demonforums.net/Thread-Leak-private-logs
Screenshots:
None
Threat Actors: niven938644
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of marches-publics.gouv.fr (French government procurement portal)
Category: Data Leak
Content: A threat actor identified as lazasec claims to have leaked approximately 14 million documents associated with marches-publics.gouv.fr, the French government public procurement platform. The data was shared on a forum under the Other Leaks category. No further details regarding the content or method of exfiltration are available from the post.
Date: 2026-05-12T13:35:37Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DOCUMENTS-14M-records-marches-publics-gouv-fr-Lazasec
Screenshots:
None
Threat Actors: lazasec
Victim Country: France
Victim Industry: Government
Victim Organization: marches-publics.gouv.fr
Victim Site: marches-publics.gouv.fr
Sale of fraudulent transfer services and compromised payment cards
Category: Carding
Content: A threat actor is offering fraudulent transfer flips via CashApp, PayPal, Apple Pay, Zelle, Revolut, Chime, and bank platforms, with advertised returns ranging from $200 to $500 per transaction. The actor is also selling VBV and non-VBV credit and debit cards for $20 each, claimed to carry balances of $1,000–$10,000 and accompanied by full cardholder information. Payment is requested in cryptocurrency or USDT.
Date: 2026-05-12T13:33:03Z
Network: openweb
Published URL: https://altenens.is/threads/starall-your-legit-and-trusted-transfer-flips-to-all-countries-here-only-takes-1-5-minutes-to-receive-your-funds-mrgins-credit-cardcashapp-transfer-test-run.2938481/unread
Screenshots:
None
Threat Actors: Sirfergus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of CARMF (carmf.fr)
Category: Data Breach
Content: Threat actor lazasec claims to have compromised carmf.fr, the website of the French medical retirement fund CARMF, and extracted 2.4 million records. Sample data shared in the post includes contributor IDs, full names, postal codes, cities, and declaration dates. The data has been made available on BreachForums.
Date: 2026-05-12T13:30:26Z
Network: openweb
Published URL: https://breachforums.rs/Thread-carmf-fr-by-lazasec
Screenshots:
None
Threat Actors: lazasec
Victim Country: France
Victim Industry: Unknown
Victim Organization: CARMF
Victim Site: carmf.fr
Distribution of Hotmail credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list of 500 Hotmail credentials purportedly covering accounts from the USA, Europe, Asia, and Russia. The list is shared via a hidden reply-gate on a criminal forum, with access also referenced via Telegram.
Date: 2026-05-12T13:21:37Z
Network: openweb
Published URL: https://altenens.is/threads/500x-hotmail-access-combo-usa-europe-asia-russian.2938448/unread
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of mixed email credential combo list across multiple providers
Category: Combo List
Content: A threat actor known as Larry_Uchiha has shared a combo list containing credentials for multiple email providers including Hotmail, Outlook, AOL, GMX, Inbox, iCloud, and Live. The list was distributed on a forum with access gated behind a reply requirement.
Date: 2026-05-12T13:21:03Z
Network: openweb
Published URL: https://altenens.is/threads/mix-mail-combo-hotmail-outlook-aol-gmx-inbox-icloud-live-2026-5-9.2938450/unread
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of DPR RI (Indonesian House of Representatives)
Category: Data Breach
Content: Threat actor JAX7 posted on Breachforums claiming to have breached and leaked database from DPR RI (Dewan Perwakilan Rakyat Republik Indonesia – the Indonesian House of Representatives). This represents a significant breach of a critical government institution.
Date: 2026-05-12T13:18:45Z
Network: telegram
Published URL: https://t.me/byjax7/631
Screenshots:
None
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: DPR RI (Dewan Perwakilan Rakyat Republik Indonesia)
Victim Site: Unknown
Distribution of mixed combolist containing 2.4K email and password credentials
Category: Combo List
Content: A threat actor distributed a mixed combolist containing approximately 2,400 email and password credential pairs on a cybercrime forum. The origin, industry, and victim organizations associated with the credentials are unknown.
Date: 2026-05-12T13:18:20Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Mixed-2-4K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail .at combolist with 3.9K credentials
Category: Combo List
Content: A threat actor has shared a combolist containing approximately 3,900 Hotmail .at email and password combinations on a cybercrime forum. The content is gated behind registration or login, limiting immediate public access.
Date: 2026-05-12T13:16:47Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Hotmail-at-3-9K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combolist
Category: Combo List
Content: A threat actor has shared a combolist containing approximately 3,200 Hotmail email and password combinations on a cybercrime forum. No additional context regarding the origin or recency of the credentials is available.
Date: 2026-05-12T13:16:23Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Hotmail-3-2K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail .nl credential combolist
Category: Combo List
Content: A threat actor has shared a combolist containing approximately 4,200 Hotmail .nl email and password combinations on a cybercrime forum. The content is gated behind registration or login, suggesting distribution to forum members.
Date: 2026-05-12T13:14:44Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Hotmail-nl-4-2K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combolist containing 4.1K email and password pairs
Category: Combo List
Content: A threat actor has shared a combolist of approximately 4,100 Hotmail email address and password combinations on a cybercrime forum. The content is gated behind registration or login, restricting access to forum members.
Date: 2026-05-12T13:14:08Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Hotmail-4-1K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of mixed email and password combolist containing 5.7K credentials
Category: Combo List
Content: A threat actor has shared a combolist of approximately 5,700 mixed email and password combinations on a criminal forum. The content is gated behind registration or login. No victim organization, industry, or country of origin is specified.
Date: 2026-05-12T13:12:25Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-5-7K-Mixed-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Kuwait Public Authority for Civil Information (PACI)
Category: Data Breach
Content: A threat actor claiming to be politically motivated alleges a breach of Kuwaits Public Authority for Civil Information (PACI) at paci.gov.kw, asserting compromise of multiple systems including population statistics, identity issuance, deceased records, mapping, and the Mobile ID application. The actor claims 5.23 million ID photo records and associated personal data were exposed, along with sensitive military and residential mapping data. The post frames the operation as retaliation over allege
Date: 2026-05-12T13:06:20Z
Network: openweb
Published URL: https://breached.st/threads/kuwait-paci-https-paci-gov-kw.87021/unread
Screenshots:
None
Threat Actors: 0cx00iq
Victim Country: Kuwait
Victim Industry: Government
Victim Organization: Public Authority for Civil Information (PACI)
Victim Site: paci.gov.kw
Alleged cryptocurrency money laundering service advertisement
Category: Cyber Attack
Content: User Every posted an advertisement for cryptocurrency conversion services with language suggesting illicit money laundering operations. The post includes operational security guidance (stay out of sight, move with intent) and warns that access wont last, indicating a temporary or hidden service. Multiple Telegram links are provided for access.
Date: 2026-05-12T12:52:14Z
Network: telegram
Published URL: https://t.me/setforge/12
Screenshots:
None
Threat Actors: Every
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of credential harvesting configs and fresh database dumps across multiple countries
Category: Combo List
Content: Threat actor DataxLogs offering Python-based credential harvesting configurations (Silverbullet, Openbullet 2) with APIs for multiple platforms and advanced captcha bypass capabilities (hCaptcha, Cloudflare, reCAPTCHA v2/v3, etc.). Separate actor advertising fresh database dumps and credential access across UK, DE, JP, NL, BR, PL, ES, US, IT and other countries, including email accounts, shopping platforms (eBay, Amazon, Walmart, Alibaba), and payment services.
Date: 2026-05-12T12:48:51Z
Network: telegram
Published URL: https://t.me/c/2613583520/80251
Screenshots:
None
Threat Actors: DataxLogs
Victim Country: United Kingdom, Germany, Japan, Netherlands, Brazil, Poland, Spain, United States, Italy
Victim Industry: Multiple (e-commerce, email, payment services)
Victim Organization: Unknown
Victim Site: Unknown
Distribution of mixed-country Yahoo credential combo list
Category: Combo List
Content: A threat actor distributed a combo list containing 1,655,713 lines of credentials marketed as mixed-country and mixed-target Yahoo accounts. The list was shared on a criminal forums combolist section.
Date: 2026-05-12T12:40:54Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-655-713-Lines-%E2%9C%85-Mixed-Coutry-and-Mixed-Target-Yahoo
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 2,500 Hotmail credentials marketed as high-quality and fresh. The credentials are being shared via a Telegram channel, with a private cloud service also offered for purchase via direct message.
Date: 2026-05-12T12:40:33Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85%E2%9C%A8-2-5K-HQ-FRESH-VALID-HOTMAILS-%E2%9C%85%E2%9C%A8
Screenshots:
None
Threat Actors: wasifurkchut
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 4.8K mixed mail access credentials
Category: Combo List
Content: A threat actor is distributing approximately 4,800 mixed mail access credentials, marketed as high quality, via a Telegram channel. A private version of the credential set is also offered for sale through direct message contact.
Date: 2026-05-12T12:40:13Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%854-8k-HQ-MIX-MAIL-ACCESS-%E2%9C%85%E2%9C%A8
Screenshots:
None
Threat Actors: wasifurkchut
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 317K URL:Login:Password combo list
Category: Combo List
Content: A threat actor operating under the alias Frisbeese has distributed a combo list containing approximately 317,000 URL:login:password credential pairs. The credentials are marketed as private, fresh, and ultra-high quality (UHQ). Content is gated behind forum registration or login.
Date: 2026-05-12T12:39:58Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9C%A8-317k-url-login-pass-%E2%9C%A8leak-private-url-login-pass%E2%9A%A1fresh-uhq%E2%9A%A1
Screenshots:
None
Threat Actors: Frisbeese
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 188,000 URL:login:password credential combo list
Category: Combo List
Content: A threat actor distributed a combo list of approximately 188,000 URL:login:password credential pairs on a combolist forum. The credentials are marketed as private, fresh, and ultra-high quality (UHQ). Full content is gated behind forum registration or login.
Date: 2026-05-12T12:39:36Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9C%A8-188k-url-login-pass-%E2%9C%A8leak-private-url-login-pass%E2%9A%A1fresh-uhq%E2%9A%A1
Screenshots:
None
Threat Actors: Frisbeese
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Greece-themed credential combo list
Category: Combo List
Content: A threat actor distributed a combo list containing approximately 46,000 credentials, marketed as Greece-related and dated May 9, 2026. The content is gated behind forum registration or login. No further details regarding the targeted organizations or data sources are available.
Date: 2026-05-12T12:39:18Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%AA-46-k-combo-%E2%9C%AA-greece-%E2%9C%AA-9-may-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list containing 846 alleged valid Hotmail credentials, marketed with an expiry date of May 11, 2026. The content is gated behind forum registration or login.
Date: 2026-05-12T12:38:50Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%A7%A9846-hotmail-valid-access-11-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged website defacements by Mr.PIMZZZXploit
Category: Defacement
Content: Threat actor Mr.PIMZZZXploit claims to have hacked multiple websites, primarily targeting demowebsiteclient.com subdomains and related domains. A mirror link is provided at hack-db.org. The post lists approximately 37 affected URLs across various subdomains.
Date: 2026-05-12T12:38:43Z
Network: telegram
Published URL: https://t.me/c/3865526389/912
Screenshots:
None
Threat Actors: Mr.PIMZZZXploit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: demowebsiteclient.com
Distribution of Hotmail credential combolist
Category: Combo List
Content: A threat actor is distributing a combolist containing 1,356 purportedly valid Hotmail credentials, marketed with a validity date of May 11, 2026. The content is gated behind forum registration or login.
Date: 2026-05-12T12:38:31Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%A7%A91356-hotmail-valid-access-11-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 625K URL:Login:Password combo list
Category: Combo List
Content: A threat actor has shared a combo list containing approximately 625,000 URL:login:password credential pairs. The credentials are marketed as fresh and UHQ (ultra-high quality) private leaks. Content is gated behind forum registration or login.
Date: 2026-05-12T12:38:14Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9C%A8-625k-url-login-pass-%E2%9C%A8leak-private-url-login-pass%E2%9A%A1fresh-uhq%E2%9A%A1
Screenshots:
None
Threat Actors: Frisbeese
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of targeted personal data leads for call center and marketing operations
Category: Services
Content: A threat actor operating as Atlas_VoIP is selling categorized personal data leads tailored for call centers, media buyers, and high-volume marketing campaigns. Offerings include senior consumer records, banking institution-specific leads, business owner contacts, and cryptocurrency platform user data (Coinbase and Binance), with pricing ranging from €75 to €250 per 1,000 records. Leads are advertised with filtering options by age, gender, country, and institution.
Date: 2026-05-12T12:37:50Z
Network: openweb
Published URL: https://cracked.st/Thread-Atlas-Leads-%E2%80%93-Exclusive-Call-Center-Leads-High-Intent-Data-Scalable-Lead-Delivery
Screenshots:
None
Threat Actors: Atlas_VoIP
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list
Category: Combo List
Content: A threat actor operating under the alias RetroCloud is distributing a combo list of approximately 5,000 Hotmail credentials, marketed as high-quality hits. The content is gated behind forum registration or login on a combolist forum.
Date: 2026-05-12T12:37:43Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85-5k-hq-hotmail-hit-%E2%9C%85-301557
Screenshots:
None
Threat Actors: RetroCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 32K mail access combo list
Category: Combo List
Content: A threat actor operating under the name MonnarhTeam has made available a combo list purportedly containing 32,000 valid email account credentials. The content is gated behind forum registration or login, suggesting distribution to vetted forum members.
Date: 2026-05-12T12:37:32Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-32k-full-valid-mail-access-mix-12-05
Screenshots:
None
Threat Actors: MonnarhTeam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged website defacement of multiple domains by Mr.PIMZZZXploit
Category: Defacement
Content: Threat actor claiming to have defaced multiple websites across demowebsiteclient.com and related domains, as well as midiarioenchile.com and designsfunnelserver.com. The actor posted a list of 35+ allegedly compromised URLs.
Date: 2026-05-12T12:37:18Z
Network: telegram
Published URL: https://t.me/c/3865526389/911
Screenshots:
None
Threat Actors: Mr.PIMZZZXploit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: demowebsiteclient.com
Distribution of credential combo list marketed as Micronesia-related
Category: Combo List
Content: A threat actor known as Fragtez has freely distributed a combo list of approximately 20,000 credentials via an external paste site. The list is dated April 28, 2026, and is marketed as Micronesia-related.
Date: 2026-05-12T12:37:00Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-20-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Micronesia-%E2%9C%AA-28-APR-2026-%E2%9C%AA–2292832
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list
Category: Combo List
Content: A threat actor distributed a list of 1,158 Hotmail credentials on a cracking forum. The credentials are marketed as premium hits and made available via an external paste link.
Date: 2026-05-12T12:36:45Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1158x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F–2292823
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of British-Indian credential combo list containing approximately 18,000 records
Category: Combo List
Content: A threat actor operating as Fragtez has publicly shared a combo list of approximately 18,000 credentials via an external paste service. The dataset is described as targeting British and Indian accounts, dated May 1, 2026. No victim organization or industry has been specified.
Date: 2026-05-12T12:36:32Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-18-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-British-Indian-%E2%9C%AA-1-MAY-2026-%E2%9C%AA–2292861
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of mixed email credential combo list
Category: Combo List
Content: A threat actor shared a combo list containing approximately 1,700 mixed mail lines via an external paste link on a cracking forum. The credentials are of unknown origin and industry. No price was mentioned, indicating free distribution.
Date: 2026-05-12T12:36:19Z
Network: openweb
Published URL: https://nulledbb.com/thread-X1700-Mixed-Mail-Lines–2292852
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Serbian email:password combo list
Category: Combo List
Content: A threat actor distributed a combo list of approximately 16,000 email and password credential pairs purportedly associated with Serbian accounts. The credentials are marketed as fresh, with a stated date of June 5, 2026, and were made available via an external paste link.
Date: 2026-05-12T12:36:06Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%A6%E2%9C%A6-16-K-%E2%9C%A6-Serbia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-6-5-2026-%E2%9C%A6%E2%9C%A6–2292893
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list
Category: Combo List
Content: A threat actor on a cracking forum has freely distributed a list of 1,000 Hotmail account credentials via an external paste link. No further details regarding the origin or freshness of the credentials were provided.
Date: 2026-05-12T12:35:56Z
Network: openweb
Published URL: https://nulledbb.com/thread-X1000-Hotmail-Accounts–2292883
Screenshots:
None
Threat Actors: Fragtez
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of URL:log:pass combo list containing 22.52 million credentials
Category: Combo List
Content: A threat actor operating under the handle Daxus has distributed a combo list of approximately 22.52 million URL, username, and password combinations via a hidden forum link. The credentials are marketed as UHQ+, suggesting high quality. The actor promotes additional content through their website and Telegram channel.
Date: 2026-05-12T12:35:15Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%AD%90%EF%B8%8FURL-LOG-PASS-22-52-M-%E2%9C%85-DAXUS-PRO-UHQ-%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of commercial VPN service on cybercrime forum
Category: Services
Content: A seller on CX is offering a VPN service branded as Fast VPN with servers in the Netherlands and Finland, advertised at $1.50/month with a 10% forum discount. The service promises 100 Mbps speeds, unlimited traffic, and two simultaneous connections delivered via a config file.
Date: 2026-05-12T12:27:07Z
Network: openweb
Published URL: https://crackingx.com/threads/75026/
Screenshots:
None
Threat Actors: SeoHide
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of SMIDA (Ukrainian State Fiscal Service)
Category: Data Leak
Content: Leaked CSV file allegedly containing data from smida.gov.ua (Ukraines State Fiscal Service/Ministry of Finance database). File is being distributed via MediaFire download link. The breach appears to target Ukrainian government infrastructure.
Date: 2026-05-12T12:26:56Z
Network: telegram
Published URL: https://t.me/KAR4WANG_ERROR_SYSTEM/464
Screenshots:
None
Threat Actors: KARAWANG ERROR SYSTEM
Victim Country: Ukraine
Victim Industry: Government
Victim Organization: SMIDA (State Fiscal Service of Ukraine)
Victim Site: smida.gov.ua
Website Defacement of May Cleaning Service by PH.BL4KE (STORM BREAKER SECURITY)
Category: Defacement
Content: On May 12, 2026, the website of May Cleaning Service, a UK-based cleaning company, was defaced by threat actor PH.BL4KE operating under the group STORM BREAKER SECURITY. The attack was a homepage defacement targeting the organizations primary web presence. No reason or technical details were disclosed for the intrusion.
Date: 2026-05-12T12:23:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920655
Screenshots:
None
Threat Actors: PH.BL4KE, STORM BREAKER SECURITY
Victim Country: United Kingdom
Victim Industry: Cleaning Services
Victim Organization: May Cleaning Service
Victim Site: maycleaningservice.co.uk
Distribution of French personal data with email and address details
Category: Data Leak
Content: A threat actor on a database leak forum is distributing a dataset containing personal records of individuals in France, including first name, last name, street address, city, country, and email fields. The post includes a sample image and directs interested parties to a Telegram contact for additional information. The victim organization and total record count are unknown.
Date: 2026-05-12T12:21:50Z
Network: openweb
Published URL: https://altenens.is/threads/france-email-data-with-address.2938426/unread
Screenshots:
None
Threat Actors: ritok33000
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Alipay exposing 50 million records
Category: Data Breach
Content: A threat actor is claiming to possess a database dump containing 50 million records allegedly sourced from Alipay (alipay.com). The post includes a sample image and directs interested parties to a Telegram contact for further details.
Date: 2026-05-12T12:21:21Z
Network: openweb
Published URL: https://altenens.is/threads/alipay-50-million-data.2938423/unread
Screenshots:
None
Threat Actors: xakoji3864
Victim Country: China
Victim Industry: Finance
Victim Organization: Alipay
Victim Site: alipay.com
Alleged data breach of undisclosed US gambling organization
Category: Data Breach
Content: A threat actor is advertising a database purportedly containing personal information of US gamblers, including fields such as name, address, phone number, email, IP address, and gender. A sample image has been shared, with the actor directing interested parties to a Telegram contact for further details.
Date: 2026-05-12T12:20:52Z
Network: openweb
Published URL: https://altenens.is/threads/usa-gamblers-database.2938431/unread
Screenshots:
None
Threat Actors: saref43135
Victim Country: United States
Victim Industry: Gambling
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Kleinanzeigen (kleinanzeigen.de)
Category: Data Leak
Content: A threat actor claims to possess 13 million email records associated with German classifieds platform Kleinanzeigen (kleinanzeigen.de). The data is being offered via direct message, with a sample image provided as purported evidence. Only email addresses are indicated in the dataset header.
Date: 2026-05-12T12:20:26Z
Network: openweb
Published URL: https://altenens.is/threads/kleinanzeigen-de-13-million-email-data.2938434/unread
Screenshots:
None
Threat Actors: bahisow611
Victim Country: Germany
Victim Industry: Classifieds/E-commerce
Victim Organization: Kleinanzeigen
Victim Site: kleinanzeigen.de
Alleged data breach of cutout.pro
Category: Data Breach
Content: A threat actor claims to possess a database of 20 million users associated with cutout.pro, a Hong Kong-based service. The purported dump includes fields such as email, IP address, API key, and username. The actor is directing interested parties to a Telegram channel for further details.
Date: 2026-05-12T12:19:58Z
Network: openweb
Published URL: https://altenens.is/threads/20-million-cutout-pro-users-db-hong-kong.2938435/unread
Screenshots:
None
Threat Actors: yenos68928
Victim Country: Hong Kong
Victim Industry: Unknown
Victim Organization: cutout.pro
Victim Site: cutout.pro
Sale of Forex depositor leads across multiple European countries and Canada
Category: Services
Content: A threat actor on a leads market forum is selling 35,957 forex depositor leads sourced from an undisclosed private source, spanning Canada, the United Kingdom, France, Italy, Spain, Poland, and several other European countries. Each record allegedly includes personally identifiable information such as full name, email, phone number, deposit amount, deposit date, and associated broker account details. Sample records were provided as proof of the datas validity.
Date: 2026-05-12T12:14:29Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Forex-High-Quality-Depositor-Leads–188597
Screenshots:
None
Threat Actors: sxxmj
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged widespread supply chain attack compromising npm and PyPI packages with credential-stealing malware
Category: Malware
Content: A large-scale cyberattack targeted npm (Node Package Manager) and PyPI (Python Package Index) repositories, resulting in hundreds of compromised software packages. Attackers exploited developer credentials to publish malicious versions of legitimate packages including TanStack and Mistral AI projects. The malware appears legitimate upon installation but steals sensitive data including passwords, access keys, and authentication tokens. The malware exhibits self-replicating capabilities and can propagate to other projects, with remnants persisting even after package removal.
Date: 2026-05-12T12:11:14Z
Network: telegram
Published URL: https://t.me/c/1283513914/21679
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Unknown
Victim Industry: Software Development
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Learning4Leaders by XYZ (Alpha Wolf Team)
Category: Defacement
Content: On May 12, 2026, the website learning4leaders.co.uk, a UK-based leadership education platform, was defaced by a threat actor identified as XYZ operating under the group Alpha Wolf. The attack targeted the homepage directly and was not part of a mass defacement campaign. A mirror of the defacement was archived at zone-xsec.com.
Date: 2026-05-12T11:32:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920654
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: United Kingdom
Victim Industry: Education / Leadership Training
Victim Organization: Learning4Leaders
Victim Site: learning4leaders.co.uk
Alleged defacement of sukajadi.bandung.go.id by Babayo Eror System
Category: Defacement
Content: Threat actor claiming responsibility for defacing a Bandung city government website (sukajadi.bandung.go.id). The defacement claim includes a specific URL path and is signed with the Babayo Eror System handle.
Date: 2026-05-12T11:29:14Z
Network: telegram
Published URL: https://t.me/c/3865526389/910
Screenshots:
None
Threat Actors: Babayo Eror System
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Sukajadi Bandung Government
Victim Site: sukajadi.bandung.go.id
Website Defacement of p-gamma.com by DimasHxR
Category: Defacement
Content: On May 12, 2026, a threat actor identified as DimasHxR defaced the website p-gamma.com, leaving a readme.txt file as evidence of the compromise. The attacker operated independently without an affiliated team. Server and infrastructure details remain unknown, and no specific motive was disclosed for the attack.
Date: 2026-05-12T11:26:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920626
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: P-Gamma
Victim Site: p-gamma.com
Website Defacement of CoreMedTech by DimasHxR
Category: Defacement
Content: On May 12, 2026, threat actor DimasHxR defaced the website of CoreMedTech, a likely healthcare technology organization, by altering a readme.txt file on the server. The attack was conducted as an individual defacement rather than a mass or redefacement campaign. Technical details such as the server software and web IP were not disclosed in the available data.
Date: 2026-05-12T11:25:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920616
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Healthcare Technology
Victim Organization: CoreMedTech
Victim Site: coremedtech.com
Website Defacement of khalidspectrum.com by DimasHxR
Category: Defacement
Content: On May 12, 2026, the website khalidspectrum.com was defaced by the threat actor DimasHxR, operating independently without an affiliated team. The attacker targeted the readme.txt file on the server. No specific motive, server details, or proof of concept were disclosed in connection with this incident.
Date: 2026-05-12T11:24:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920623
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Khalid Spectrum
Victim Site: khalidspectrum.com
Website Defacement of Aslein Books by DimasHxR
Category: Defacement
Content: On May 12, 2026, the website asleinbooks.com was defaced by a threat actor operating under the handle DimasHxR, acting independently without an affiliated team. The defacement targeted a readme.txt file on the domain, suggesting a web server compromise. No specific motive, proof of concept, or technical exploitation details were disclosed in connection with this incident.
Date: 2026-05-12T11:23:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920612
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / Publishing
Victim Organization: Aslein Books
Victim Site: asleinbooks.com
Website Defacement of APIT-SA by DimasHxR
Category: Defacement
Content: On May 12, 2026, the website apit-sa.com was defaced by the threat actor DimasHxR, acting independently without a team affiliation. The defacement targeted a readme.txt file on the server, and the incident was neither a mass defacement nor a redefacement of a previously compromised site.
Date: 2026-05-12T11:22:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920611
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Saudi Arabia
Victim Industry: Unknown
Victim Organization: APIT-SA
Victim Site: apit-sa.com
Distribution of corporate email and password combo list
Category: Combo List
Content: A threat actor on a combolist forum has shared or distributed a collection of corporate email and password credentials, marketed under the label EmailPass Corps 2026. No further details regarding the source, record count, or affected organizations are available from the post.
Date: 2026-05-12T11:22:15Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-EmailPass-Corps-2026-domainstre1
Screenshots:
None
Threat Actors: Domainstore
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of email and password combo list targeting multiple country-specific domains
Category: Combo List
Content: A threat actor is distributing an email-password combo list containing credentials associated with .be, .cz, .it, .jp, and .kr domains. The list is being shared via Telegram.
Date: 2026-05-12T11:21:43Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-EmailPass-be-cz-it-jp-kr-domainstre1
Screenshots:
None
Threat Actors: Domainstore
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combolist with 256,278 records
Category: Combo List
Content: A threat actor on a combolist forum has shared a credential list containing 256,278 records associated with Hotmail accounts across multiple regional domains including .com, .fr, and .es variants. The combolist is marketed as suitable for mixed-target use.
Date: 2026-05-12T11:21:15Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-256-278-hotmail-com-fr-es-Good-For-Mixed-Target
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Laryin Salon by DimasHxR
Category: Defacement
Content: On May 12, 2026, the website laryinsalon.com, belonging to a salon business, was defaced by a threat actor identified as DimasHxR operating without a team affiliation. The defacement targeted a specific file path (readme.txt) rather than the homepage, indicating a targeted file modification. No specific motive or exploitation method was disclosed in the available incident data.
Date: 2026-05-12T11:21:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920625
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Beauty and Personal Care
Victim Organization: Laryin Salon
Victim Site: laryinsalon.com
Distribution of URL:Login:Password combo list with 8 million lines
Category: Combo List
Content: A threat actor known as lexityfr has shared a combo list containing over 8 million URL:login:password credential pairs on a cybercrime forum. The content, labeled as part 334 of an ongoing series, is being distributed for free to registered forum members.
Date: 2026-05-12T11:20:20Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-334
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Khalid Scientific by DimasHxR
Category: Defacement
Content: On May 12, 2026, the website khalidscientific.com was defaced by the threat actor DimasHxR operating without a team affiliation. The attack targeted a specific page rather than the homepage and does not appear to be part of a mass or repeated defacement campaign. No motive, server details, or proof-of-concept were disclosed in the available reporting.
Date: 2026-05-12T11:20:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920622
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Science / Technology
Victim Organization: Khalid Scientific
Victim Site: khalidscientific.com
Distribution of WordPress admin credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list containing WordPress admin panel URLs paired with login credentials. The post provides no details regarding the origin, volume, or freshness of the credentials.
Date: 2026-05-12T11:20:09Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%85%E2%AD%90%EF%B8%8FWORDPRESS%E2%9C%85%E2%AD%90%EF%B8%8FADMIN%E2%AD%90%EF%B8%8FURL-S%E2%AD%90%EF%B8%8FLOGIN-PASS–2292804
Screenshots:
None
Threat Actors: hangover2055
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Russian email:password combo list containing 352K credentials
Category: Combo List
Content: A threat actor operating under the alias Maxleak has shared a combo list purportedly containing over 352,000 email and password combinations associated with Russian accounts. The credentials are marketed as fresh and high quality, dated May 12, 2026. The content is gated behind forum registration or login.
Date: 2026-05-12T11:19:16Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-352-K-%E2%9C%A6-Russia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-12-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Russian email:password combo list
Category: Combo List
Content: A threat actor known as CobraEgy is distributing a combo list purportedly containing over 352,000 email and password credential pairs associated with Russian accounts. The credentials are marketed as fresh and high quality, dated May 12, 2026. The content is gated behind forum registration or login.
Date: 2026-05-12T11:19:12Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-352-K-%E2%9C%A6-Russia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-12-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of KSC Consumer by DimasHxR
Category: Defacement
Content: On May 12, 2026, the threat actor DimasHxR defaced the website kscconsumer.com, targeting a readme.txt file on the server. The attacker operated independently without a team affiliation. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-05-12T11:19:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920624
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Consumer Services
Victim Organization: KSC Consumer
Victim Site: kscconsumer.com
Distribution of Portuguese email:password combo list
Category: Combo List
Content: A threat actor known as CobraEgy is distributing a combo list of approximately 66,000 email and password credential pairs claimed to target Portugal. The credentials are marketed as fresh and high quality, with a stated date of 12-5-2026.
Date: 2026-05-12T11:18:54Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-66-K-%E2%9C%A6-Portugal-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-12-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Portuguese email:password combo list with 66K+ credentials
Category: Combo List
Content: A threat actor known as Maxleak is distributing a combo list containing over 66,000 email and password combinations purportedly sourced from Portugal. The credentials are marketed as fresh and high quality, dated May 12, 2026. Access to the list is restricted to registered forum members.
Date: 2026-05-12T11:18:50Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-66-K-%E2%9C%A6-Portugal-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-12-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Romanian email:password combo list
Category: Combo List
Content: A threat actor known as CobraEgy has distributed a combo list of approximately 44,000 email and password credential pairs purportedly associated with Romanian accounts. The credentials are marketed as fresh and high quality, with a claimed date of May 12, 2026. The content is gated behind forum registration or login.
Date: 2026-05-12T11:18:32Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-44-K-%E2%9C%A6-Romania-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-12-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Romanian email:password combo list
Category: Combo List
Content: A threat actor operating under the alias Maxleak is distributing a combo list of approximately 44,000 email and password credential pairs purportedly sourced from Romania. The credentials are marketed as fresh and high quality, with a datestamp of May 12, 2026. Access to the list requires forum registration or login.
Date: 2026-05-12T11:18:28Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-44-K-%E2%9C%A6-Romania-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-12-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Khalid Pharma by DimasHxR
Category: Defacement
Content: On May 12, 2026, the threat actor DimasHxR defaced the website of Khalid Pharma by modifying the readme.txt file hosted at khalidpharma.com. The attack was a targeted, non-mass defacement with no team affiliation reported. The incident was archived and mirrored via zone-xsec.com, a known defacement tracking platform.
Date: 2026-05-12T11:18:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920621
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Pharmaceuticals / Healthcare
Victim Organization: Khalid Pharma
Victim Site: khalidpharma.com
Distribution of Slovak email:password combo list
Category: Combo List
Content: A threat actor known as CobraEgy has shared a combo list of approximately 25,000 email and password credential pairs purportedly associated with Slovakia. The credentials are marketed as fresh and high quality, with a referenced date of May 12, 2026. The content is gated behind forum registration or login.
Date: 2026-05-12T11:18:03Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-25-K-%E2%9C%A6-Slovakia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-12-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of BravoITM by DimasHxR
Category: Defacement
Content: On May 12, 2026, the website bravoitm.com was defaced by a threat actor identified as DimasHxR acting independently without a team affiliation. The attacker targeted a readme.txt file on the domain, which appears to be associated with an IT management or services organization. No specific motive, proof of compromise, or additional technical details were disclosed in connection with this incident.
Date: 2026-05-12T11:17:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920615
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Information Technology
Victim Organization: BravoITM
Victim Site: bravoitm.com
Distribution of alleged high-quality Europe and USA combolists
Category: Combo List
Content: A threat actor on a combolist forum is distributing credential combolists purportedly sourced from European and US accounts, marketed as fully valid and high quality. No victim organization, record count, or pricing details were specified in the post.
Date: 2026-05-12T11:14:45Z
Network: openweb
Published URL: https://crackingx.com/threads/75021/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list sample
Category: Combo List
Content: A threat actor on a cybercrime forum has freely distributed a sample combo list containing 1,960 Hotmail credentials. The list is marketed with emphasis on its freshness via a direct download link.
Date: 2026-05-12T11:14:24Z
Network: openweb
Published URL: https://crackingx.com/threads/75025/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Local Soccer News by DimasHxR
Category: Defacement
Content: On May 12, 2026, the website localsoccernews.com was defaced by a threat actor operating under the handle DimasHxR, acting independently without a known affiliated group. The defacement targeted a specific page (b.html) rather than the sites homepage, indicating a targeted single-page intrusion. No motive or technical details regarding the attack vector were disclosed.
Date: 2026-05-12T11:10:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920602
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Sports Media / News
Victim Organization: Local Soccer News
Victim Site: localsoccernews.com
Alleged data breach of emedals.com
Category: Data Breach
Content: A threat actor has leaked what appears to be a database dump from emedals.com, a Canadian retail/e-commerce site specializing in medals and collectibles. The shared data includes customer records with email addresses, names, passwords, billing and shipping addresses, and associated account metadata. The record count is unknown based on available information.
Date: 2026-05-12T11:09:25Z
Network: openweb
Published URL: https://breachforums.rs/Thread-emedals-com
Screenshots:
None
Threat Actors: courtika
Victim Country: Canada
Victim Industry: Retail/E-Commerce
Victim Organization: emedals.com
Victim Site: emedals.com
Alleged data breach of amgtime.com
Category: Data Breach
Content: A threat actor has leaked what appears to be a database dump from amgtime.com, a workforce management solutions provider. The sample includes customer records containing names, email addresses, company details, and password hashes. The full dataset has been made available via an external file-sharing link.
Date: 2026-05-12T11:09:00Z
Network: openweb
Published URL: https://breachforums.rs/Thread-amgtime-com
Screenshots:
None
Threat Actors: courtika
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: amgtime.com
Victim Site: amgtime.com
Alleged data leak of Abrigo (abrigo.com)
Category: Data Leak
Content: A threat actor operating under the alias courtika has shared what is claimed to be data associated with Abrigo (abrigo.com) via an external file-sharing link. No details regarding the data type or record count were provided in the post.
Date: 2026-05-12T11:07:23Z
Network: openweb
Published URL: https://breachforums.rs/Thread-abrigo-com
Screenshots:
None
Threat Actors: courtika
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Abrigo
Victim Site: abrigo.com
Alleged data breach of French Government public procurement platform Marches Publics
Category: Data Breach
Content: A threat actor operating under the alias lazasec claims to have breached marches-publics.gouv.fr and extracted 14 million records, including 10.2 million rows of personal and business data and 3.5 million rows of procurement and contract data. The alleged dump purportedly contains company identifiers (SIRET/SIREN), contact details including government email addresses across multiple French ministries, phone numbers, and contract values. The data was posted on BreachForums.
Date: 2026-05-12T11:05:46Z
Network: openweb
Published URL: https://breachforums.rs/Thread-marches-publics-gouv-fr-14-MILLION-records-breached
Screenshots:
None
Threat Actors: lazasec
Victim Country: France
Victim Industry: Government
Victim Organization: French Government – Marches Publics
Victim Site: marches-publics.gouv.fr
Website Defacement of Okuloncesiboyama by DimasHxR
Category: Defacement
Content: On May 12, 2026, a threat actor identified as DimasHxR defaced the website okuloncesiboyama.com, a Turkish-language platform likely associated with preschool or early childhood educational content (the domain translates to preschool coloring in Turkish). The defacement was a targeted, non-mass incident affecting a single page rather than the homepage. No team affiliation, stated motive, or technical server details were disclosed in connection with this incident.
Date: 2026-05-12T11:03:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920525
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Turkey
Victim Industry: Education
Victim Organization: Okuloncesiboyama
Victim Site: okuloncesiboyama.com
Distribution of 10.7 million credentials from private logs
Category: Logs
Content: A threat actor operating under the alias GHOSTATN has shared a collection of 10.7 million credentials sourced from private logs on a cybercrime forum. Access to the data requires users to reply to the thread before the content is revealed. The victim organization, industry, and country of origin are unknown.
Date: 2026-05-12T11:03:45Z
Network: openweb
Published URL: https://altenens.is/threads/10-7m-private-log.2938306/unread
Screenshots:
None
Threat Actors: GHOSTATN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 10 million credentials from private logs
Category: Logs
Content: A threat actor known as GHOSTATN has shared a dataset purportedly containing 10 million credentials sourced from private logs on a leak forum. The content is gated behind a reply requirement, limiting visibility of further details regarding victim scope or origin.
Date: 2026-05-12T11:03:17Z
Network: openweb
Published URL: https://altenens.is/threads/10m-private-log.2938320/unread
Screenshots:
None
Threat Actors: GHOSTATN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of pexpe.com by DimasHxR
Category: Defacement
Content: On May 12, 2026, a threat actor identified as DimasHxR defaced the website pexpe.com by altering a readme.txt file. The attacker operated without affiliation to a known group or team. No specific motive or technical details regarding the server environment were disclosed in connection with this incident.
Date: 2026-05-12T11:03:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920528
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Pexpe
Victim Site: pexpe.com
Distribution of alleged combo list containing 4.8 million records
Category: Data Breach
Content: A threat actor operating under the alias GHOSTATN has shared an alleged combo list described as 4.8M Ultra Quality ULP on a leak forum. The dataset contains approximately 4.8 million records, with no victim organization, industry, or country identified. Access to the content is gated behind a reply requirement.
Date: 2026-05-12T11:02:40Z
Network: openweb
Published URL: https://altenens.is/threads/4-8m-ultra-quality-ulp.2938321/unread
Screenshots:
None
Threat Actors: GHOSTATN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 6.8M credential logs on underground forum
Category: Logs
Content: A threat actor known as GHOSTATN has shared a collection of approximately 6.8 million private log entries on an underground forum. The dataset reportedly contains credentials, accessible to users who reply to the thread.
Date: 2026-05-12T11:02:14Z
Network: openweb
Published URL: https://altenens.is/threads/6-8m-private-log.2938319/unread
Screenshots:
None
Threat Actors: GHOSTATN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of SGK Bilgisi by DimasHxR
Category: Defacement
Content: On May 12, 2026, the Turkish website sgkbilgisi.com, which appears to provide information related to Turkeys Social Security Institution (SGK), was defaced by the threat actor DimasHxR operating without a team affiliation. The defacement targeted a readme.txt file on the domain and was neither a mass nor a redefacement incident. The attackers motive and technical details regarding the server infrastructure remain unknown.
Date: 2026-05-12T11:02:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920530
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Turkey
Victim Industry: Government / Social Security Information
Victim Organization: SGK Bilgisi
Victim Site: sgkbilgisi.com
Website Defacement of halkaarz.co by DimasHxR
Category: Defacement
Content: A threat actor identified as DimasHxR defaced the website halkaarz.co on May 12, 2026, targeting a readme.txt file. The defacement was carried out as a single, non-mass incident with no affiliated team or stated motive recorded. Technical details regarding the server infrastructure and exploitation method remain unknown.
Date: 2026-05-12T11:01:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920508
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Halka Arz
Victim Site: halkaarz.co
Website Defacement of Kirafiyatlari.com by DimasHxR
Category: Defacement
Content: On May 12, 2026, the Turkish website kirafiyatlari.com, likely a rental prices or real estate platform, was defaced by the threat actor DimasHxR operating independently without a known team affiliation. The attacker modified the readme.txt file on the server, and the incident was recorded as a singular, non-mass defacement with no stated political or ideological motive.
Date: 2026-05-12T11:00:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920513
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Turkey
Victim Industry: Real Estate / Rental Services
Victim Organization: Kirafiyatlari
Victim Site: kirafiyatlari.com
Distribution of Snapchat credential combolist
Category: Combo List
Content: A threat actor known as GHOSTATN is distributing a combolist containing approximately 10,000 Snapchat credentials on a cybercrime forum. Access to the list is gated behind a reply requirement. No further details regarding the origin or recency of the credentials are provided.
Date: 2026-05-12T10:59:53Z
Network: openweb
Published URL: https://altenens.is/threads/10k-snapchat-combolist.2938308/unread
Screenshots:
None
Threat Actors: GHOSTATN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Teknoloji Hakkinda by DimasHxR
Category: Defacement
Content: On May 12, 2026, a threat actor identified as DimasHxR defaced the Turkish technology website teknolojihakkinda.com. The attacker targeted a specific page (readme.t…) rather than the homepage, indicating a targeted file-level defacement. No team affiliation, stated motive, or technical details regarding the exploitation method were disclosed.
Date: 2026-05-12T10:59:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920532
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Turkey
Victim Industry: Technology/Media
Victim Organization: Teknoloji Hakkinda
Victim Site: teknolojihakkinda.com
Distribution of Instagram combolist containing 103,000 credentials
Category: Combo List
Content: A threat actor operating under the alias GHOSTATN has shared a combolist of approximately 103,000 Instagram credentials on a cybercrime forum. Access to the content is gated behind a reply requirement. No further details regarding the origin or recency of the data were provided.
Date: 2026-05-12T10:59:26Z
Network: openweb
Published URL: https://altenens.is/threads/103k-instagram-combolist.2938309/unread
Screenshots:
None
Threat Actors: GHOSTATN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Netflix credential combolist containing 39,000 entries
Category: Combo List
Content: A threat actor operating under the alias GHOSTATN has shared a combolist of approximately 39,000 Netflix credentials on a cybercrime forum. Access to the content is gated behind a reply requirement. No further details regarding the origin or recency of the credentials were provided.
Date: 2026-05-12T10:58:58Z
Network: openweb
Published URL: https://altenens.is/threads/39k-netflix-combolist.2938310/unread
Screenshots:
None
Threat Actors: GHOSTATN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of indirbig.com by DimasHxR
Category: Defacement
Content: On May 12, 2026, a threat actor identified as DimasHxR defaced the website indirbig.com by altering the readme.txt file. The attacker operated without affiliation to a known group or team. The incident was a targeted single-site defacement with no mass or redefacement indicators reported.
Date: 2026-05-12T10:58:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920510
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Technology / File Sharing
Victim Organization: Indirbig
Victim Site: indirbig.com
Distribution of Riot Games credential combolist
Category: Combo List
Content: A threat actor distributed a combolist of approximately 37,000 credentials allegedly associated with Riot Games accounts. The list is gated behind a reply requirement on the forum.
Date: 2026-05-12T10:58:27Z
Network: openweb
Published URL: https://altenens.is/threads/37k-riot-combolist.2938315/unread
Screenshots:
None
Threat Actors: GHOSTATN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Steam credentials combolist containing 81,000 entries
Category: Combo List
Content: A threat actor on a cybercrime forum is distributing a combolist of approximately 81,000 Steam credentials. The content is gated behind a reply requirement, suggesting the list is being shared at no direct monetary cost.
Date: 2026-05-12T10:57:59Z
Network: openweb
Published URL: https://altenens.is/threads/81k-steam-combolist.2938311/unread
Screenshots:
None
Threat Actors: GHOSTATN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of olunur.net by DimasHxR
Category: Defacement
Content: On May 12, 2026, a threat actor identified as DimasHxR defaced the website olunur.net by altering a readme.txt file. The attacker operated independently without affiliation to a known group or team. No specific motive or technical details regarding the server environment were disclosed in connection with this incident.
Date: 2026-05-12T10:57:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920526
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: olunur.net
Distribution of İnovapin configuration file for credential stuffing tool
Category: Malware
Content: A threat actor operating under the alias GHOSTATN has shared an İnovapin configuration file in SVB format on a combo list forum. Access to the content is gated behind a reply requirement, a common distribution method on credential stuffing communities.
Date: 2026-05-12T10:57:30Z
Network: openweb
Published URL: https://altenens.is/threads/inovapin-config-svb.2938318/unread
Screenshots:
None
Threat Actors: GHOSTATN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Mojang credential combolist containing 4.5K records
Category: Combo List
Content: A threat actor operating under the alias GHOSTATN is distributing a combolist of approximately 4,500 Mojang account credentials on a cybercrime forum. Access to the list is gated behind a reply requirement. The credentials are marketed as a Mojang-specific combolist, suggesting targeting of gaming platform accounts.
Date: 2026-05-12T10:57:04Z
Network: openweb
Published URL: https://altenens.is/threads/4-5k-mojang-combolist.2938313/unread
Screenshots:
None
Threat Actors: GHOSTATN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of ikazlamba.net by DimasHxR
Category: Defacement
Content: On May 12, 2026, a threat actor identified as DimasHxR defaced the website ikazlamba.net, targeting a readme.txt file. The attacker operated independently without an affiliated team. No specific motive or vulnerability details were disclosed in connection with this incident.
Date: 2026-05-12T10:57:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920509
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Ikazlamba
Victim Site: ikazlamba.net
Distribution of 102,000-entry email credentials combolist
Category: Combo List
Content: A threat actor operating under the alias GHOSTATN has shared a combolist containing approximately 102,000 credential pairs purportedly associated with major email providers including Gmail, Outlook, Hotmail, Yahoo, Live, MSN, and iCloud. The list is gated behind a reply requirement on the forum. No further details regarding origin or freshness were provided.
Date: 2026-05-12T10:56:30Z
Network: openweb
Published URL: https://altenens.is/threads/102k-gmail-outlook-hotmail-yahoo-live-msn-icloud-combolist.2938314/unread
Screenshots:
None
Threat Actors: GHOSTATN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Haberzade by DimasHxR
Category: Defacement
Content: The website haberzade.net was defaced by a threat actor operating under the alias DimasHxR on May 12, 2026. The attacker targeted a readme.txt file on the domain, which appears to be a news or media-related website based on the haber prefix, a Turkish word for news. The incident was a standalone, non-mass defacement with no stated motive or team affiliation recorded.
Date: 2026-05-12T10:56:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920507
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: News/Media
Victim Organization: Haberzade
Victim Site: haberzade.net
Distribution of phone number and password combo list
Category: Combo List
Content: A threat actor is distributing a combo list consisting of phone number and password pairs, marketed as high-quality and private. No victim organization, industry, or record count was specified in the post.
Date: 2026-05-12T10:56:01Z
Network: openweb
Published URL: https://altenens.is/threads/star-phone-number-passstarhq-privatestar.2938352/unread
Screenshots:
None
Threat Actors: hangover934
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen financial data including CC, CVV, dumps, fullz, and bank logs
Category: Carding
Content: A threat actor operating under the alias Binanceboyy is offering a range of stolen financial data for sale, including credit card dumps (Track 101/201 with PIN), fullz with SSN/DOB, bank logs, clone cards, and EBT dumps. The seller claims worldwide availability and a 100% approval rate. Contact is conducted via Telegram.
Date: 2026-05-12T10:55:34Z
Network: openweb
Published URL: https://altenens.is/threads/cc-cvv-vbv-non-vbv-dumps-fullz-bank-logs-full-info-best-all-linkables-quality-product-list-always-selling-stuff-high-qualit.2938346/unread
Screenshots:
None
Threat Actors: Binanceboyy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Konya Ulaşım by DimasHxR
Category: Defacement
Content: On May 12, 2026, a threat actor identified as DimasHxR defaced the website of Konya Ulaşım, a transportation services organization based in Turkey. The attacker targeted a readme.txt file on the domain, leaving a defacement artifact. The incident was a single targeted defacement with no team affiliation reported.
Date: 2026-05-12T10:55:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920514
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Turkey
Victim Industry: Transportation / Public Services
Victim Organization: Konya Ulaşım
Victim Site: konyaulasim.com
Website Defacement of kapaksozler.org by DimasHxR
Category: Defacement
Content: On May 12, 2026, the website kapaksozler.org was defaced by a threat actor identified as DimasHxR acting independently without a team affiliation. The attacker targeted a readme.txt file on the domain, which appears to be a Turkish lyrics or entertainment website. The incident was a single-target defacement with no indication of mass or repeated compromise.
Date: 2026-05-12T10:54:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920512
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Turkey
Victim Industry: Entertainment/Lyrics
Victim Organization: Kapak Sozler
Victim Site: kapaksozler.org
Website Defacement of izmirodak.com by DimasHxR
Category: Defacement
Content: The website izmirodak.com was defaced by a threat actor known as DimasHxR on May 12, 2026. The defacement targeted a readme.txt file on the domain, which appears to be a Turkish organization based on the domain name. The attacker operated independently without an affiliated team, and the incident was a single targeted defacement rather than a mass or repeat attack.
Date: 2026-05-12T10:53:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920511
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Izmir Odak
Victim Site: izmirodak.com
Website Defacement of narcobi.com by DimasHxR
Category: Defacement
Content: On May 12, 2026, a threat actor operating under the alias DimasHxR defaced the website narcobi.com, targeting a readme.txt file. The attacker acted independently without affiliation to a known group or team. No specific motive, proof of concept, or server details were disclosed in connection with this incident.
Date: 2026-05-12T10:53:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920523
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Narcobi
Victim Site: narcobi.com
Distribution of 272k mixed-domain credential combolist
Category: Combo List
Content: A threat actor is distributing a combolist of approximately 272,000 credentials across mixed domains, marketed as valid as of May 12, 2026. The content is shared behind a registration or login gate on a combolist forum.
Date: 2026-05-12T10:51:27Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%99%8B-272k-MIX-DOMAIN-WITH-VALID-12-05-26-%E2%99%8B
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 1,000 US email credentials combolist
Category: Combo List
Content: A threat actor distributed a combolist containing approximately 1,000 US email credentials, marketed as valid and dated May 12. The content is gated behind forum registration or login.
Date: 2026-05-12T10:51:05Z
Network: openweb
Published URL: https://breachforums.rs/Thread-1K-USA-%C2%A0-Just-Valid-Mail-12-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 85,000 Hotmail credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 85,000 Hotmail domain credentials, marketed as valid as of May 12, 2026. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-12T10:49:28Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%99%8B-85k-HOTMAIL-DOMAIN-WITH-VALID-12-05-26-%E2%99%8B
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Skymoon Diamonds by DimasHxR
Category: Defacement
Content: On May 12, 2026, the attacker known as DimasHxR defaced the website of Skymoon Diamonds by altering a publicly accessible readme.txt file on the domain skymoondiamonds.com. The incident was a targeted, single-site defacement with no team affiliation reported. No specific motive, exploited vulnerability, or server details were disclosed in the available intelligence.
Date: 2026-05-12T10:41:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920489
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / Jewelry
Victim Organization: Skymoon Diamonds
Victim Site: skymoondiamonds.com
Website Defacement of casaoffmarket.fr by DimasHxR
Category: Defacement
Content: On May 12, 2026, the threat actor DimasHxR defaced the website casaoffmarket.fr, a French real estate platform, by altering the readme.txt file. The attack was conducted independently without affiliation to a known group. No specific motive, proof of concept, or technical infrastructure details were disclosed in connection with this incident.
Date: 2026-05-12T10:34:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920427
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: France
Victim Industry: Real Estate
Victim Organization: Casa Off Market
Victim Site: casaoffmarket.fr
Sale of Mega.nz credential checking tool
Category: Services
Content: A threat actor is offering for sale a Mega.nz account checker tool priced at $150 for lifetime access. The tool is advertised as captchaless with a speed of 2,000+ checks per minute and requires proxy usage.
Date: 2026-05-12T10:18:18Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-Selling-Mega-nz-Valid-mail-checker
Screenshots:
None
Threat Actors: fleahub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of alleged South Korea email credential combolist (Batch 37/100)
Category: Combo List
Content: A threat actor operating under the handle emaildbpro is distributing what is described as a free premium South Korean email list, labeled as Batch 37 of a 100-part series. The content is gated behind forum registration or login, suggesting the distribution is intended to grow forum engagement. No record count or specific data fields beyond email credentials are disclosed in the post.
Date: 2026-05-12T10:17:54Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-free-premium-south-korea-email-list-batch-37-100
Screenshots:
None
Threat Actors: emaildbpro
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 1.5 million Anthropic Claude API tokens
Category: Logs
Content: A threat actor has distributed an alleged set of 1.5 million API tokens associated with api.claude.ai on a public forum. The credentials were shared freely, with a sample provided and hidden content available to registered users. The post markets the tokens as belonging to Anthropics Claude AI platform.
Date: 2026-05-12T10:17:30Z
Network: openweb
Published URL: https://patched.to/Thread-nova-%E2%9D%A4%EF%B8%8F-claude-api-tokens-1-5-million-ai-tokies-%E2%9D%A4%EF%B8%8F
Screenshots:
None
Threat Actors: JVZU
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Anthropic
Victim Site: api.claude.ai
Distribution of Hotmail credential combolist
Category: Combo List
Content: A threat actor is distributing a combolist containing 807 Hotmail credentials, marketed as valid access. The content is gated behind forum registration or login.
Date: 2026-05-12T10:17:24Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%A7%A9807-hotmail-valid-access-11-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of mixed credentials combo list containing 22,000 records
Category: Logs
Content: A threat actor known as UniqueCombo has distributed a mixed combo list containing 22,000 credential records on a combolist forum. The dataset is described as unique. No further details regarding origin, targeted services, or victim industry are available.
Date: 2026-05-12T10:12:45Z
Network: openweb
Published URL: https://xforums.st/threads/mix-unique-combo_3_22000.613737/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 58,000 German email access credentials
Category: Combo List
Content: A threat actor distributed a combo list containing 58,000 email credentials purportedly belonging to German users, marketed as fully valid and high quality. The list is dated 12.05 and is accessible to forum members upon reply.
Date: 2026-05-12T10:09:12Z
Network: openweb
Published URL: https://altenens.is/threads/58k-germany-full-valid-mail-access-top-quality-12-05.2938304/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of compromised email accounts and SMTP access
Category: Initial Access
Content: Threat actor offering SendGrid SMTP credentials and access to compromised Gmail and Office 365 inboxes in bulk quantities (50k-100k limits). Contact information provided for orders and testing. This represents initial access infrastructure commonly used for phishing campaigns and spam distribution.
Date: 2026-05-12T10:08:17Z
Network: telegram
Published URL: https://t.me/c/2613583520/80199
Screenshots:
None
Threat Actors: MailingExpert
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Habibs (habibs.com)
Category: Data Breach
Content: A threat actor claims to possess personal data of approximately 3.9 million customers of Habibs, a Brazilian fast food chain. The advertised dataset reportedly includes names, email addresses, dates of birth, CPF numbers, phone numbers, IP addresses, and device identifiers. The actor is directing interested parties to a Telegram contact for further information.
Date: 2026-05-12T10:07:34Z
Network: openweb
Published URL: https://altenens.is/threads/3-9m-brazil-habibs-com-fast-food-restaurants-customers-data.2938295/unread
Screenshots:
None
Threat Actors: xakoji3864
Victim Country: Brazil
Victim Industry: Retail
Victim Organization: Habibs
Victim Site: habibs.com
Alleged data breach of esball.com Chinese online casino
Category: Data Breach
Content: A threat actor is claiming to possess a database dump from esball.com, a China-based online casino platform. The post includes a sample image and header fields suggesting the data contains account details, real names, balances, transaction counts, contact information including phone numbers, email addresses, and QQ IDs. The actor directs interested parties to a Telegram contact for further information.
Date: 2026-05-12T10:07:07Z
Network: openweb
Published URL: https://altenens.is/threads/esball-com-china-casino-database.2938299/unread
Screenshots:
None
Threat Actors: ritok33000
Victim Country: China
Victim Industry: Gambling
Victim Organization: esball.com
Victim Site: esball.com
Alleged data breach of Binance exposing 1.5 million US user phone records
Category: Data Breach
Content: A threat actor on a leaked databases forum is claiming to possess phone data for 1.5 million Binance users based in the United States. The post includes a sample image and directs interested parties to a Telegram contact for further details. No price was publicly listed.
Date: 2026-05-12T10:06:39Z
Network: openweb
Published URL: https://altenens.is/threads/1-5-million-binance-usa-phone-data.2938301/unread
Screenshots:
None
Threat Actors: saref43135
Victim Country: United States
Victim Industry: Finance
Victim Organization: Binance
Victim Site: binance.com
Alleged data breach of China Stock Exchange
Category: Data Breach
Content: A threat actor is claiming to possess personal data of approximately 1 million users allegedly sourced from China Stock Exchange. The dataset purportedly includes fields such as name, phone number, carrier, financial amount, registered account, and site code. The actor directs interested parties to a Telegram contact for further information and has shared a sample image as proof.
Date: 2026-05-12T10:06:10Z
Network: openweb
Published URL: https://altenens.is/threads/1m-china-stock-exchange-users-data.2938302/unread
Screenshots:
None
Threat Actors: bahisow611
Victim Country: China
Victim Industry: Finance
Victim Organization: China Stock Exchange
Victim Site: Unknown
Alleged data breach of Duolingo
Category: Data Breach
Content: A threat actor on a data leak forum claims to be offering a dataset of 2.6 million Duolingo user records described as scraped data. The dataset allegedly includes email addresses, usernames, profile details, learning activity, and account metadata. A sample image and a Telegram contact for further inquiries were provided.
Date: 2026-05-12T10:05:43Z
Network: openweb
Published URL: https://altenens.is/threads/2-6-million-duolingo-scrape-data.2938303/unread
Screenshots:
None
Threat Actors: yenos68928
Victim Country: Unknown
Victim Industry: Education Technology
Victim Organization: Duolingo
Victim Site: duolingo.com
Sale of confidential legal and compliance services on cybercrime forum
Category: Services
Content: A threat actor operating as Lead Roedl is advertising confidential legal assistance services on a cybercrime forum, claiming to offer corporate structuring, asset protection, GDPR/AML compliance, and international business law under European attorney-client privilege. The listing emphasizes absolute confidentiality and privacy-focused legal architecture. Such services advertised on criminal forums are commonly associated with facilitating illicit financial activity or shielding threat actors f
Date: 2026-05-12T10:01:25Z
Network: openweb
Published URL: https://crackingx.com/threads/75013/
Screenshots:
None
Threat Actors: LeadRoedl
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list
Category: Combo List
Content: A threat actor has shared a combo list containing approximately 3,500 Hotmail credentials, marketed as fresh valid mail access dated 12.05. The content is restricted to registered users of the forum.
Date: 2026-05-12T09:59:00Z
Network: openweb
Published URL: https://crackingx.com/threads/75012/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combolist marketed as fresh
Category: Combo List
Content: A threat actor is offering a set of 732 Hotmail credentials marketed as fresh via a combolist post on a cybercrime forum. The listing provides both a free download link and tiered subscription pricing ranging from $3 for 24 hours to $100 for three months.
Date: 2026-05-12T09:58:40Z
Network: openweb
Published URL: https://crackingx.com/threads/75014/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Gaming Gmail 1.5M credential combolist
Category: Combo List
Content: A threat actor has shared a combolist containing approximately 1.5 million credentials, described as gaming-related Gmail accounts. The list was made available via an external file-sharing link on a combolist forum.
Date: 2026-05-12T09:55:56Z
Network: openweb
Published URL: https://breached.st/threads/gaming-gmail-1-5m-combolist.87018/unread
Screenshots:
None
Threat Actors: aaz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 6,000 mixed email access credentials
Category: Combo List
Content: A combolist containing approximately 6,000 mixed email access credentials has been shared on a criminal forum. The origin, targeted services, and freshness of the credentials are unknown.
Date: 2026-05-12T09:43:07Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%906K-MIXED-MAIL-ACCESS-%E2%AD%90
Screenshots:
None
Threat Actors: Posts
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list
Category: Combo List
Content: A threat actor distributed a combo list of approximately 1,000 Hotmail credentials on a cybercrime forum. The data is described as old and marketed under the label HOTMAIL VIP CLOUD. No victim organization or industry context was provided.
Date: 2026-05-12T09:42:42Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%99%A8%EF%B8%8F1-0k-HOTMAIL-MAIL-ACCESS%E2%99%A8%EF%B8%8F-11-05
Screenshots:
None
Threat Actors: SecureTrax
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of education sector credential combolist with approximately 134,982 records
Category: Combo List
Content: A threat actor known as HqComboSpace has distributed a combolist containing approximately 134,982 credential records targeting the education sector. The list is described as mixed-country in origin. No additional details regarding affected organizations or sites were provided.
Date: 2026-05-12T09:42:21Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-134-982-Lines-%E2%9C%85-Mixed-Country-Edu-education-Leaks
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Sport 2000 France
Category: Data Leak
Content: A threat actor claims to have leaked a database associated with French sporting goods retailer Sport 2000, reportedly stemming from a breach disclosed in April 2024. The dataset purportedly contains 150,000 records including email addresses, names, physical addresses, phone numbers, dates of birth, and purchase history. The data is being shared as hidden content on the forum.
Date: 2026-05-12T09:30:29Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-Sport-2000-FR-leak
Screenshots:
None
Threat Actors: kkkreoifezrg
Victim Country: France
Victim Industry: Retail
Victim Organization: Sport 2000
Victim Site: Unknown
Alleged scraped data leak of Instagram affecting 17 million records
Category: Data Leak
Content: A threat actor has shared an alleged dataset of 17 million scraped Instagram records on a hacking forum, purportedly obtained via an Instagram API in January 2026. The data reportedly includes usernames, display names, account IDs, and geolocation data, with 6.2 million records containing associated email addresses and some including phone numbers. The content is available via a hidden link requiring forum registration.
Date: 2026-05-12T09:30:05Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-Instagram-17M-Leaked-scraped-data
Screenshots:
None
Threat Actors: kkkreoifezrg
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Instagram
Victim Site: instagram.com
Alleged data breach of BPJS RT/RW and LPM Karangrejo (Indonesia)
Category: Data Breach
Content: A Breachforums user (jax7) has posted a thread claiming a data breach involving BPJS RT/RW (Indonesian social security/community organization) and LPM Karangrejo (community institution in Metro Utara district). The breach details are shared on Breachforums.
Date: 2026-05-12T09:23:39Z
Network: telegram
Published URL: https://t.me/byjax7/625
Screenshots:
None
Threat Actors: jax7
Victim Country: Indonesia
Victim Industry: Government/Social Services
Victim Organization: BPJS RT/RW and LPM Karangrejo
Victim Site: Unknown
Alleged data leak of BPJS Karangrejo Kec. Metro Utara government documents
Category: Data Leak
Content: A threat actor identified as JAX7 has shared what are claimed to be documents belonging to BPJS Karangrejo Kec. Metro Utara, an Indonesian government administrative body. The data, described as PDF-format files related to RT, RW, and LPM records, was made available via a public download link.
Date: 2026-05-12T09:20:26Z
Network: openweb
Published URL: https://breached.st/threads/data-bpjs-rt-rw-dan-lpm-karangrejo-kec-metro-utara.87017/unread
Screenshots:
None
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: BPJS Karangrejo Kec. Metro Utara
Victim Site: Unknown
Alleged sale of stolen payment cards and email credentials with cookies (Pepecard and infostealer logs)
Category: Logs
Content: Multiple threat actors advertising stolen payment card data and infostealer logs. Pepecard claims to operate a card store offering 100,000+ cards daily (US/Canada/UK/Global) with 75-95% validity at $1-$1.50 per card. Separately, user liyu is selling full access credentials including email:password combinations and cookies from compromised accounts across multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT) with access to services including eBay, OfferUp, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Mercari, Neosurf, Amazon, and Kleinanzeigen.
Date: 2026-05-12T09:19:00Z
Network: telegram
Published URL: https://t.me/c/2613583520/80163
Screenshots:
None
Threat Actors: Pepecard
Victim Country: United States, Canada, United Kingdom, Germany, Japan, Netherlands, Brazil, Poland, Spain, Italy
Victim Industry: Multiple (financial services, e-commerce, gaming, travel, marketplace platforms)
Victim Organization: Unknown
Victim Site: Unknown
Distribution of corporate credential combolist containing 100,000 records
Category: Combo List
Content: A combolist containing approximately 100,000 corporate credentials has been shared on a combolist forum. The victim organization, industry, and country of origin are unknown based on available post content.
Date: 2026-05-12T09:07:05Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%90100k-CORP-COMBOLIST%E2%AD%90
Screenshots:
None
Threat Actors: Posts
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combolist
Category: Combo List
Content: A threat actor on a criminal forum has shared a combolist containing 2,029 Hotmail credentials. The list is marketed as good hits dated May 26, 2025.
Date: 2026-05-12T09:06:44Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-2-029-Good-HOTMAIL-GOODS-12-05-26
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 35.7K Gmail credential combo list
Category: Combo List
Content: A threat actor on a cybercrime forum has shared a combo list containing approximately 35,700 Gmail credentials. No further details regarding the origin or freshness of the data were provided in the post.
Date: 2026-05-12T09:05:29Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-35-7k-Gmail
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of URL:Login:Password combo list with 8 million lines
Category: Combo List
Content: A threat actor is distributing a combo list containing over 8 million URL, login, and password credential pairs. The content is shared as part of a recurring series (part 333) on a combolist forum, accessible to registered members.
Date: 2026-05-12T09:02:53Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-333
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 35.7K Gmail credential combo list
Category: Combo List
Content: A threat actor operating under the alias D4rkNetHub is distributing a combo list containing approximately 35,700 Gmail credentials via a forum post on LF – Combolist. The content is gated behind registration or login, limiting visibility into the specific data fields included.
Date: 2026-05-12T09:01:57Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-35-7k-Gmail-D4RKNETHUB-CLOUD
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list
Category: Combo List
Content: A threat actor distributed a combo list containing 2,464 Hotmail credentials marketed as premium, valid hits. The content is hidden behind a forum registration or login requirement and is associated with a Telegram contact.
Date: 2026-05-12T09:01:48Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-2464x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of DELKO (delko.fr)
Category: Data Breach
Content: A threat actor operating under the handle lazasec claims to have exfiltrated the full customer database from DELKO (delko.fr), a French automotive services provider. The allegedly stolen data includes customer IDs, email addresses, phone numbers, full names, vehicle registration plates, account creation dates, and appointment and service details across 12 columns. The complete database is being offered for sale via contact on the forum.
Date: 2026-05-12T08:58:24Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DELKO-FR-Full-Customer-Database
Screenshots:
None
Threat Actors: lazasec
Victim Country: France
Victim Industry: Automotive Services
Victim Organization: DELKO
Victim Site: delko.fr
Alleged Counterfeit Currency Distribution Service – Premium Fake Notes Pass Verification Machines
Category: Cyber Attack
Content: User Isa repeatedly promotes a Telegram channel offering counterfeit currency (Chinese: 精品假钞可过验钞机 = Premium fake notes that pass verification machines). The service claims to distribute high-quality counterfeit notes capable of bypassing currency verification equipment. This represents illegal counterfeiting and fraud operations.
Date: 2026-05-12T08:55:47Z
Network: telegram
Published URL: https://t.me/c/2613583520/80147
Screenshots:
None
Threat Actors: Isa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of HQ mix combolist by threat actor Stevee36
Category: Combo List
Content: A threat actor operating under the handle Stevee36 has distributed a combolist identified as X1563 HQ Mix on a credential-sharing forum. The list contains credentials of unknown origin, volume, and industry targeting.
Date: 2026-05-12T08:53:37Z
Network: openweb
Published URL: https://crackingx.com/threads/75005/
Screenshots:
None
Threat Actors: stevee36
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combolist
Category: Combo List
Content: A threat actor distributed a combolist containing 2,029 Hotmail credentials via a forum post on CX. The content is gated behind registration or sign-in on an external hosting platform.
Date: 2026-05-12T08:53:17Z
Network: openweb
Published URL: https://crackingx.com/threads/75006/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 500K Gmail credential combo list marketed as fresh
Category: Combo List
Content: A threat actor on a combolist forum is distributing a combo list containing approximately 500,000 Gmail credentials, marketed as fresh. The post is sponsored by an external service. No victim organization or geographic scope is specified.
Date: 2026-05-12T08:31:54Z
Network: openweb
Published URL: https://cracked.st/Thread-500K-UHQ-GMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of mixed-target credential combolist containing approximately 1.75 million records
Category: Combo List
Content: A threat actor on a criminal forum has distributed a combolist of approximately 1,756,778 credentials described as mixed-target and mixed-country in origin. The dataset appears to aggregate credentials from multiple unidentified sources and organizations.
Date: 2026-05-12T08:31:50Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-756-778-Mixed-Target-Mixed-Country-Combo
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 203K mixed credential combo list
Category: Combo List
Content: A threat actor on a combolist forum is distributing a set of approximately 203,000 mixed credentials marketed as private. The origin, industry, and targeted organizations are unknown based on available post content.
Date: 2026-05-12T08:31:46Z
Network: openweb
Published URL: https://patched.to/Thread-203k-mix-private
Screenshots:
None
Threat Actors: moser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 203K mixed credential combo list
Category: Combo List
Content: A threat actor has shared a combo list containing approximately 203,000 mixed credentials on a criminal forum. The dataset is marketed as private. No further details regarding the origin or targeted services are available.
Date: 2026-05-12T08:31:42Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-203K-MIX-PRIVATE
Screenshots:
None
Threat Actors: moser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of gaming-sector combo list containing 1 million credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1 million credentials targeting the gaming industry. The content is gated behind forum registration or login, limiting visibility into specifics. No victim organization or site is identified in the post.
Date: 2026-05-12T08:31:37Z
Network: openweb
Published URL: https://patched.to/Thread-1ml-gaming-private
Screenshots:
None
Threat Actors: moser
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 1 million gaming-sector credentials combolist
Category: Combo List
Content: A threat actor known as moser has shared a combolist of approximately 1 million credentials marketed as private gaming-sector data. No further details regarding the source, affected organizations, or data freshness are available from the post.
Date: 2026-05-12T08:31:34Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1ML-GAMING-PRIVATE
Screenshots:
None
Threat Actors: moser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list
Category: Combo List
Content: A threat actor operating under the name SkylightCloud is distributing a combo list targeting Hotmail accounts via a restricted forum post. The content is gated behind registration or login, limiting visibility into the scope or format of the credentials.
Date: 2026-05-12T08:30:32Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-skylight-public-cloud-hotmail-301496
Screenshots:
None
Threat Actors: SkylightCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list
Category: Combo List
Content: A forum user distributed a combo list containing Hotmail credentials under the Skylight Public Cloud label. No further details regarding record count or data origin were provided in the post.
Date: 2026-05-12T08:30:28Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-SKYLIGHT-PUBLIC-CLOUD-HOTMAIL–2092689
Screenshots:
None
Threat Actors: Skylight0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list
Category: Combo List
Content: A threat actor distributed a combo list of approximately 3,000 Hotmail credentials, marketed as valid mail access. The content was shared on a combolist forum and is gated behind registration or login.
Date: 2026-05-12T08:29:58Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%E2%9A%9C%EF%B8%8F3k-hotmail-mail-access-full-vaild-%E2%9A%9C%EF%B8%8F%E2%9C%A8-12-05
Screenshots:
None
Threat Actors: ELJOKER1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of mixed credentials combolist containing 22,000 entries
Category: Combo List
Content: A threat actor on a cybercrime forum has made available a mixed credentials combolist containing 22,000 entries. The list is described as unique and is being distributed to registered forum members.
Date: 2026-05-12T08:17:57Z
Network: openweb
Published URL: https://crackingx.com/threads/75004/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Sivvi (sivvi.com) exposing ~300,000 UAE retail customer records
Category: Data Breach
Content: A threat actor operating under the alias Databroker1 claims to be selling a database allegedly breached from sivvi.com, a UAE-based retail platform. The dataset purportedly contains approximately 300,000 records spanning user credentials, customer profiles, behavioral tracking, loyalty program data, engagement metrics, and marketing campaign details. The actor is offering the data for sale via Telegram and Session, with forum escrow accepted.
Date: 2026-05-12T08:04:52Z
Network: openweb
Published URL: https://darkforums.su/Thread-sivvi-com-300kUAE-Full-records-ID-contact-location-shopping-payment-device
Screenshots:
None
Threat Actors: Databroker1
Victim Country: United Arab Emirates
Victim Industry: Retail
Victim Organization: Sivvi
Victim Site: sivvi.com
Sale of credential combo list attributed to japanese-edu.org.hk with 137,000 lines
Category: Combo List
Content: A threat actor on a criminal forum is offering a combo list of approximately 137,000 email and password pairs, attributed to japanese-edu.org.hk and described as originating from the China/Hong Kong region. The credentials are formatted as plaintext email:password combinations spanning multiple email providers including Yahoo, Gmail, and Hotmail. Contact details for purchase are referenced in the actors signature.
Date: 2026-05-12T08:04:18Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-CHINA-www-japanese-edu-org-hk-combo-list-137k-lines
Screenshots:
None
Threat Actors: Tink3rTech
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of stolen payment card data and compromised account credentials
Category: Combo List
Content: Threat actor advertising fresh databases containing compromised account credentials for multiple e-commerce and service platforms (eBay, Amazon, Uber, PSN, Booking, Poshmark, Alibaba, Walmart, Mercari, Kleinanzeigen) across multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT). Claims to have access to valid webmails and private cloud infrastructure. Separate actor (Pepecard) advertising stolen credit card sales with 75-95% validity rates at $1-$1.50 per card.
Date: 2026-05-12T07:58:12Z
Network: telegram
Published URL: https://t.me/c/2613583520/80121
Screenshots:
None
Threat Actors: Pepecard
Victim Country: United Kingdom, Germany, Japan, Netherlands, Brazil, Poland, Spain, United States, Italy, Canada
Victim Industry: E-commerce, Financial Services, Technology
Victim Organization: Unknown
Victim Site: Unknown
Distribution of shopping-targeted Hotmail combolist containing over 1.1 million credential pairs
Category: Combo List
Content: A threat actor distributed a combolist containing 1,104,182 lines of Hotmail credentials reportedly targeting shopping platforms. The credentials are marketed as fresh leaks. No further details regarding origin or verification are available.
Date: 2026-05-12T07:56:22Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-104-182-Lines-%E2%9C%85-Shopping-Target-Hotmail-Combolist-Fresh-Leaks
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged phishing and social engineering campaign targeting Israeli citizens
Category: Phishing
Content: Israeli cyber authority issued a security warning about suspicious messages being sent to users containing phishing links and requests to contact unknown numbers. Users are advised to avoid clicking unknown links and not to share these messages. The campaign appears designed for information gathering.
Date: 2026-05-12T07:55:58Z
Network: telegram
Published URL: https://t.me/c/1283513914/21671
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged AI-Generated Zero-Day Exploit Bypassing 2FA Authentication
Category: Vulnerability
Content: Google has issued a security warning regarding the emergence of zero-day exploits generated using artificial intelligence. According to security reports, attackers have successfully created a Python-based zero-day exploit capable of bypassing two-factor authentication (2FA) mechanisms in an open-source web management system. Technical analysis indicates the code was likely generated with AI assistance and is designed for targeted vulnerability exploitation campaigns.
Date: 2026-05-12T07:55:16Z
Network: telegram
Published URL: https://t.me/c/1283513914/21672
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Unknown
Victim Industry: Technology/Web Management Systems
Victim Organization: Google
Victim Site: Unknown
Distribution of Hotmail credential combolist
Category: Combo List
Content: A threat actor on a combolist forum is distributing a set of 1,484 credentials described as a Verity Vault Hotmail Drop. The content is gated behind forum registration or login, suggesting it is shared with registered members rather than sold.
Date: 2026-05-12T07:55:09Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%EF%B8%8F-1484x-Verity-Vault-Hotmail-Drop-%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: Verityyyy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Active Malware Marketplace RAT Shop Discovered Selling Remote Access Trojans, Stealers, and Ransomware
Category: Malware
Content: A website named RAT Shop has been identified as a marketplace for selling various malware tools including Remote Access Trojans (RAT), information stealers (Stealer), and ransomware (Ransomware). Specific malware tools offered include BOFAMET Stealer, Cyber Stealer, and Crax RAT.
Date: 2026-05-12T07:52:07Z
Network: telegram
Published URL: https://t.me/c/1283513914/21670
Screenshots:
None
Threat Actors: RAT Shop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fullz, identity documents, dumps, and leads via Telegram storefront
Category: Combo List
Content: A threat actor operating under the Telegram handle @Fullzpros is advertising a broad range of personal data products including fullz with SSN/NIN/SIN, identity documents with selfies and video, dumps with PIN, and various targeted leads spanning multiple countries. Additional offerings include carding tutorials, scam pages, remote access tools, and credential brutes. All items are marketed as available for sale on demand.
Date: 2026-05-12T07:48:39Z
Network: openweb
Published URL: https://crackingx.com/threads/75003/
Screenshots:
None
Threat Actors: silasclark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged DDoS and Penetration Testing Attack Service Offering
Category: Cyber Attack
Content: Threat actor advertising penetration testing and DDoS attack services with only 5 available slots. Contact handle provided: @itsurjoker
Date: 2026-05-12T07:06:58Z
Network: telegram
Published URL: https://t.me/c/1887244124/1635
Screenshots:
None
Threat Actors: itsurjoker
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of WEB.DE and GMX credential combo list
Category: Combo List
Content: A threat actor is offering credentials for WEB.DE and GMX accounts (across .de, .net, .com, .at, and .ch domains) marketed as private hits with 99% validity. The seller claims the data is suitable for general use and directs interested buyers to a Telegram contact.
Date: 2026-05-12T06:53:08Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-SELLING-WEB-DE-GMX-DE-NET-COM-AT-CH-PRIVATE-HITS–2092674
Screenshots:
None
Threat Actors: MXXM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Spotify credential combo list containing 2 million records
Category: Combo List
Content: A threat actor operating under the alias CODER is distributing a combo list of approximately 2 million Spotify credentials via a Telegram channel. The list is advertised as freely available through the actors Telegram group.
Date: 2026-05-12T06:48:54Z
Network: openweb
Published URL: https://crackingx.com/threads/74999/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo lists
Category: Combo List
Content: A threat actor is selling combo lists marketed as fresh, verified Hotmail and mixed email credentials, advertised at 5,000–100,000 lines updated daily. Subscription tiers are offered at $10 for one week, $25 for one month, and $40 for three months, with payment accepted in cryptocurrency.
Date: 2026-05-12T06:48:35Z
Network: openweb
Published URL: https://crackingx.com/threads/75000/
Screenshots:
None
Threat Actors: Haydayx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Themida static devirtualization research and techniques
Category: Alert
Content: A technical article authored by IDontCode and naci, published on a forum, details static devirtualization methods targeting Themida and CodeVirtualizer protections on Windows. The research covers symbolic execution, IR lowering, control flow analysis, and dead dependency elimination. The authors note the techniques are broadly applicable to other VM-based obfuscators.
Date: 2026-05-12T06:46:36Z
Network: openweb
Published URL: https://tier1.life/thread/219
Screenshots:
None
Threat Actors: RedQueen
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of ocvs.my.id by YanXsec
Category: Defacement
Content: On May 12, 2026, a threat actor operating under the alias YanXsec defaced the homepage of ocvs.my.id, a website hosted under Indonesias .my.id domain. The defacement was a targeted single-site attack, replacing the homepage content with the attackers branding. No specific motive or team affiliation was disclosed in connection with this incident.
Date: 2026-05-12T06:45:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920423
Screenshots:
None
Threat Actors: Hacked By YanXsec
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: OCVS
Victim Site: ocvs.my.id
Website defacement of beelift.digiet.com by Inside Alone7 of Hidden Cyber Crime
Category: Defacement
Content: A threat actor known as Inside Alone7, operating under the group Hidden Cyber Crime, defaced a subdomain hosted on digiet.com targeting the Beelift web property. The defacement was performed on a Linux-based server on May 12, 2026, with a mirror of the defaced page archived at haxor.id. The incident was a targeted single-site defacement rather than a mass or repeated attack.
Date: 2026-05-12T06:22:19Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249173
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Beelift
Victim Site: beelift.digiet.com
Sale of aged Instagram accounts on criminal forum
Category: Services
Content: A threat actor operating under the alias Slowredd is offering aged Instagram accounts for sale, dated from 2016–2018 or older, with or without verification badges. The seller claims aged accounts reduce the likelihood of being flagged by platform detection mechanisms. Contact is facilitated via Telegram.
Date: 2026-05-12T06:22:10Z
Network: openweb
Published URL: https://cracked.st/Thread-Instagram-aged-accounts-available
Screenshots:
None
Threat Actors: Slowredd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of stealer log credentials mix by fatetraffic
Category: Logs
Content: A threat actor operating under the name fatetraffic has distributed a set of approximately 1,500 mixed credentials sourced from stealer logs, dated 12-05-2026. The content was shared on a forum with access restricted to registered users.
Date: 2026-05-12T06:21:49Z
Network: openweb
Published URL: https://patched.to/Thread-nova-%F0%9F%93%97-fatetraffic-1500-mix-12-05-2026-stealer-logs
Screenshots:
None
Threat Actors: fatetraffic
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement of bizcrm.digiet.com by Inside Alone7 of Hidden Cyber Crime
Category: Defacement
Content: On May 12, 2026, a threat actor known as Inside Alone7, operating under the group Hidden Cyber Crime, conducted a mass defacement attack targeting bizcrm.digiet.com, a CRM-related web service hosted on a Linux server. The defacement was not a redefacement and did not target the home page directly, suggesting broader automated or targeted exploitation of subdomains or specific paths. A mirror of the defaced content was archived at haxor.id.
Date: 2026-05-12T06:20:13Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249174
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Unknown
Victim Industry: Technology / CRM Software
Victim Organization: BizCRM (Digiet)
Victim Site: bizcrm.digiet.com
Distribution of threat hunting guidance for unmanaged PowerShell execution techniques
Category: Alert
Content: A Russian-language article published on a forum details techniques for executing PowerShell without powershell.exe using unmanaged hosting via DLL injection and Windows APIs. The post covers tools such as PowerShdll and SharpPick, simulates adversary tradecraft, and provides detection guidance using Elastic and Sigma rules. APT35 is referenced as a known user of such techniques.
Date: 2026-05-12T06:20:00Z
Network: openweb
Published URL: https://tier1.life/thread/218
Screenshots:
None
Threat Actors: RedQueen
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Website Defacement by Inside Alone7 of Hidden Cyber Crime targeting digiet.com
Category: Defacement
Content: On May 12, 2026, a threat actor known as Inside Alone7, affiliated with the group Hidden Cyber Crime, conducted a mass defacement attack targeting bridge.digiet.com, a subdomain associated with Digiet. The attack was carried out on a Linux-based server, with the defacement content hosted at a numbered text file path. The incident is categorized as a mass defacement, suggesting multiple sites or subdomains were simultaneously targeted.
Date: 2026-05-12T06:18:21Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249175
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Unknown
Victim Industry: Technology/Internet Services
Victim Organization: Digiet
Victim Site: bridge.digiet.com
Distribution of mixed credentials combolist containing 22,000 entries
Category: Combo List
Content: A threat actor on a cybercrime forum has shared a mixed unique combolist containing approximately 22,000 credential entries. The origin, targeted services, and validity of the credentials are unknown based on available information.
Date: 2026-05-12T06:17:02Z
Network: openweb
Published URL: https://crackingx.com/threads/74996/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of mixed credentials combo list by threat actor snowstormxd
Category: Combo List
Content: A threat actor operating under the handle snowstormxd is distributing a combo list containing 2,858 mixed credential entries via an external paste service and a Telegram channel. The listing offers both a free cloud access option and tiered paid subscription plans ranging from $3 for 24 hours to $100 for three months.
Date: 2026-05-12T06:16:44Z
Network: openweb
Published URL: https://crackingx.com/threads/74997/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of Sheraj Tiles by Inside Alone7 of Hidden Cyber Crime
Category: Defacement
Content: On May 12, 2026, a threat actor identified as Inside Alone7, affiliated with the group Hidden Cyber Crime, conducted a mass web defacement targeting sherajtiles.expertteam.top, a website associated with a tiles or construction materials business. The attack was carried out on a Linux-based server, with the defacement archived and mirrored at haxor.id. This incident is part of a broader mass defacement campaign attributed to the same threat actor.
Date: 2026-05-12T06:12:28Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249169
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Unknown
Victim Industry: Construction Materials / Building Supplies
Victim Organization: Sheraj Tiles
Victim Site: sherajtiles.expertteam.top
Mass Web Defacement Campaign by Inside Alone7 of Hidden Cyber Crime
Category: Defacement
Content: On May 12, 2026, a threat actor operating under the alias Inside Alone7, affiliated with the group Hidden Cyber Crime, conducted a mass defacement attack targeting rmk.expertteam.top, a subdomain hosted on a Linux-based server. The defacement was confirmed as part of a broader mass defacement campaign, with a mirror archived at haxor.id. No specific geopolitical motivation or victim industry was identified based on available data.
Date: 2026-05-12T06:10:03Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249168
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: RMK Expert Team
Victim Site: rmk.expertteam.top
Website Defacement of rik.expertteam.top by Inside Alone7 of Hidden Cyber Crime
Category: Defacement
Content: On May 12, 2026, a threat actor identified as Inside Alone7, affiliated with the group Hidden Cyber Crime, defaced a text resource hosted on the domain rik.expertteam.top. The attack targeted a Linux-based server and involved the modification of a publicly accessible file at the path /1000.txt. The incident was a single-target, non-mass defacement with no prior redefacement history recorded.
Date: 2026-05-12T06:07:53Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249167
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Expert Team
Victim Site: rik.expertteam.top
Website Defacement of Digiet by Inside Alone7 of Hidden Cyber Crime
Category: Defacement
Content: On May 12, 2026, a threat actor known as Inside Alone7, operating under the group Hidden Cyber Crime, defaced a file hosted on digiet.com. The defacement targeted a specific text file (1000.txt) rather than the homepage, indicating a targeted file-level intrusion. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-12T06:01:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920422
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Digiet
Victim Site: digiet.com
Website Defacement of gumafixa.id by Inside Alone7 of Hidden Cyber Crime
Category: Defacement
Content: On May 12, 2026, a threat actor known as Inside Alone7, operating under the group Hidden Cyber Crime, defaced the Indonesian website gumafixa.id by targeting the license.txt file. The attack was a single-target defacement with no mass or redefacement indicators. A mirror of the defaced page was archived at zone-xsec.com.
Date: 2026-05-12T05:55:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920420
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Gumafixa
Victim Site: gumafixa.id
Distribution of 500 HQ email credentials combo list
Category: Combo List
Content: A threat actor distributed a combo list of 500 credentials marketed as valid and fresh, including Hotmail, mixed, and corporate mail access entries. The data is shared as full mailpass with claimed full mail access.
Date: 2026-05-12T05:51:22Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-500-VALID-HOTMAIL-MIX-CORP-MAILPASS-FULL-MAIL-ACCES–2091365
Screenshots:
None
Threat Actors: CloudBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combolist with claimed full mail access
Category: Combo List
Content: A threat actor distributed a combolist of 2,050 credentials targeting Hotmail accounts, marketed as valid and fresh. The data reportedly includes mail password pairs with full mailbox access. The list was shared freely on a combolist forum.
Date: 2026-05-12T05:50:55Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-2050-VALID-HOTMAIL-MAILPASS-FULL-MAIL-ACCES
Screenshots:
None
Threat Actors: CloudBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 24K credential combo list
Category: Combo List
Content: A threat actor distributed a combo list containing approximately 24,000 credentials via an external paste link. The credentials are marketed as fresh access with no specified victim organization or industry.
Date: 2026-05-12T05:49:22Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-24K-FRESH-ACCESS
Screenshots:
None
Threat Actors: COYYT
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list
Category: Combo List
Content: A threat actor distributed a combo list containing approximately 21,000 Hotmail credentials via an external paste link. The list is marketed as containing good (presumably valid) account credentials.
Date: 2026-05-12T05:44:39Z
Network: openweb
Published URL: https://altenens.is/threads/21k-good-hotmail-combolist.2938255/unread
Screenshots:
None
Threat Actors: VegaM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Lorien Instruments by Inside Alone7 (Hidden Cyber Crime)
Category: Defacement
Content: On May 12, 2026, a threat actor identified as Inside Alone7, affiliated with the group Hidden Cyber Crime, defaced a page on lorieninstruments.com. The incident targeted a file path on the domain and was neither a mass nor a redefacement event. No specific motive or technical infrastructure details were disclosed.
Date: 2026-05-12T05:44:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920419
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Unknown
Victim Industry: Manufacturing / Instrumentation
Victim Organization: Lorien Instruments
Victim Site: lorieninstruments.com
Distribution of Chinese and Taiwanese passport documents on leak forum
Category: Data Leak
Content: A threat actor has shared a collection of 30 passport documents belonging to individuals from China and Taiwan, described as organized and non-expired. The documents were made available via file hosting links on a carding and leaked database forum.
Date: 2026-05-12T05:40:51Z
Network: openweb
Published URL: https://altenens.is/threads/30-china-and-taiwan-passport-organized-not-expired.2938254/unread
Screenshots:
None
Threat Actors: ketrin24
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of large-scale ULP credential combolist containing 37.8 million lines
Category: Combo List
Content: A threat actor is offering for sale a 26GB ULP-format combolist containing approximately 37,842,005 credential lines, priced between $400 and $500. The seller is directing buyers to contact them via Session for payment, after which a cloud download link is provided. Sample entries include URL-login-password combinations targeting various WordPress-based sites.
Date: 2026-05-12T05:38:45Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-ULP-26GB-File
Screenshots:
None
Threat Actors: ippsecrocks07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 900 Hotmail credential combo list
Category: Combo List
Content: A threat actor known as CloudBase is distributing a combo list containing 900 purportedly valid Hotmail mail-password pairs with claimed full mailbox access. The content is gated behind forum registration or login.
Date: 2026-05-12T05:18:29Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-900-valid-hotmail-mailpass-full-mail-acces
Screenshots:
None
Threat Actors: CloudBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of gaming-targeted combolist containing over one million credentials
Category: Combo List
Content: A threat actor on a combolist forum has distributed a credential list marketed as targeting gaming platforms, containing approximately 1,039,983 records. The list is described as mixed country in origin. No further details regarding the source or verification status of the credentials are available.
Date: 2026-05-12T05:18:20Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-039-983-%E2%9C%85-Mixed-Country-Gaming-Target
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list
Category: Combo List
Content: A threat actor known as CloudBase has shared a combo list purportedly containing 2,100 valid Hotmail mail:password credential pairs. The post claims full mail access, suggesting the credentials may grant direct inbox access. Content is gated behind forum registration or login.
Date: 2026-05-12T05:18:11Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-2100-valid-hotmail-mailpass-full-mail-acces
Screenshots:
None
Threat Actors: CloudBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Germany mixed-domain credential combolist
Category: Combo List
Content: A combolist containing 1,170,506 lines of credentials has been shared on a cracking forum, marketed as Germany mixed-domain leaks. No additional details regarding the source or data composition were provided.
Date: 2026-05-12T05:18:00Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-170-506-Lines-%E2%9C%85-Germany-Mixed-Domain-leaks
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed credential combolist with corporate mail access
Category: Combo List
Content: A threat actor operating under the alias CloudBase is offering a combolist of approximately 3,200 credentials marketed as valid, comprising a mix of general and corporate email/password pairs with claimed full mail access. The post content is gated behind forum registration, limiting further detail.
Date: 2026-05-12T05:17:41Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-3200-valid-mix-corp-mailpass-full-mail-acces
Screenshots:
None
Threat Actors: CloudBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of mixed and corporate mail credentials combo list
Category: Combo List
Content: A threat actor operating under the alias CloudBase is distributing a combo list claimed to contain 4,450 valid mixed and corporate email credentials with full mail access. The content is gated behind forum registration or login, limiting direct verification of the claimed data.
Date: 2026-05-12T05:17:23Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-4450-valid-mix-corp-mailpass-full-mail-acces
Screenshots:
None
Threat Actors: CloudBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Distribution of BLACKNET-00 Ransomware with Windows Defender Evasion Instructions
Category: Malware
Content: Threat actor sharing updated BLACKNET-00 ransomware program along with instructions for disabling Windows Defender and SmartScreen protection mechanisms to evade detection and facilitate infection.
Date: 2026-05-12T05:14:27Z
Network: telegram
Published URL: https://t.me/c/2735908986/4269
Screenshots:
None
Threat Actors: Infrastructure Destruction Squad
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of URL:login:password credential logs
Category: Combo List
Content: A forum user distributed a collection of URL:login:password credential logs, labeled as a new update and identified as part two of an ongoing release series. Additional updates were indicated as forthcoming.
Date: 2026-05-12T04:48:22Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-BOX-MAIN-NEW-URL-LOG-PASS-12-05-26%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8FPART-2
Screenshots:
None
Threat Actors: BOXOWNER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list with 30,000 claimed valid entries
Category: Combo List
Content: A threat actor known as hunterX is distributing a combo list of approximately 30,000 Hotmail credentials, marketed as high-quality valid hits. The content is gated behind forum registration or login.
Date: 2026-05-12T04:47:28Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A130k-HQ-Hotmail-Access-VALID-HITS%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: hunterX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail inbox checker tool on criminal forum
Category: Services
Content: A threat actor operating under the alias hunterX is advertising a tool called Hotmail Inbox Checker V7.7 on a criminal forum. The tool is claimed to support inbox viewing without login, email deletion, and multi-keyword scanning. Further details are available upon request from the seller.
Date: 2026-05-12T04:47:06Z
Network: openweb
Published URL: https://leakforum.io/Thread-Hotmail-Inbox-Checker-V7-7-%E2%80%94-Updated–20452
Screenshots:
None
Threat Actors: hunterX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Groupe Barid Al-Maghrib (Morocco Postal Service)
Category: Data Leak
Content: A threat actor known as Sejjil has claimed to leak a database associated with Groupe Barid Al-Maghrib, the Moroccan postal services group, on a data leak forum. The post references the SDTM system. No further details regarding record count or data types are available.
Date: 2026-05-12T04:42:00Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-Morocco-SDTM-Groupe-Barid-Al-Maghrib-database-leak
Screenshots:
None
Threat Actors: Sejjil
Victim Country: Morocco
Victim Industry: Postal Service
Victim Organization: Groupe Barid Al-Maghrib
Victim Site: Unknown
Sale of RDP and Linux VPS hosting services on cybercrime forum
Category: Services
Content: A forum vendor operating under the name RDPWindows is offering Windows Server 2022 Admin RDP and Linux VPS plans with full root/admin access via a USA-based infrastructure. Plans range from $7.99 to $69.99 per month with promotional discounts advertised for first-month purchases.
Date: 2026-05-12T04:16:15Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-RDPWINDOWS-ADMIN-RDP-LINUX-VPS-10GBPS-INSTANT-DELIVERY
Screenshots:
None
Threat Actors: Jumperr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of initial access credentials to OpenDesa Indonesia government platform
Category: Initial Access
Content: A threat actor is offering credentials for OpenDesa, an Indonesian government village administration platform. The listing claims to include admin and operator accounts with access to site management panels, databases, email, and hosting environments. Contact is solicited via Telegram.
Date: 2026-05-12T03:46:41Z
Network: openweb
Published URL: https://breached.st/threads/opendesa-indonesia-data.87013/unread
Screenshots:
None
Threat Actors: whoare
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: OpenDesa
Victim Site: Unknown
Distribution of business corporate mail credentials combolist
Category: Combo List
Content: A combolist containing 114,511 lines of business corporate email and password combinations, marketed as SMTP leaks, has been made available on a combolist forum. The threat actor HqComboSpace distributed the dataset, which appears to target corporate mail accounts across unspecified organizations and industries.
Date: 2026-05-12T03:35:09Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-114-511-Lines-%E2%9C%85-Business-Corp-Mail-Pass-SMTP-Leaks
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Gmail credential combolist by D4rkNetHub
Category: Combo List
Content: Threat actor D4rkNetHub has made available a combolist containing 100,000 or more Gmail credentials on a cracking forum. No additional details regarding the origin or freshness of the credentials were provided in the post.
Date: 2026-05-12T03:34:49Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-100k-GMAIL-GOODS-D4RKNETHUB-9–2092629
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Windows Admin RDP and Linux VPS hosting services on criminal forum
Category: Services
Content: A threat actor operating under the name RDPWindows is offering Windows Server 2022 Admin RDP and Linux VPS plans for sale on a criminal forum. Plans are advertised with full admin/root access, USA-based infrastructure, AMD EPYC processors, and 10Gbps connectivity, with pricing starting at $3.20 per month after promotional discounts.
Date: 2026-05-12T03:34:22Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-RDPWindows-High-Performance-Admin-RDP-Linux-VPS-Instant-Delivery-10Gbps
Screenshots:
None
Threat Actors: Jumperr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of alleged South Korea email credential combo list
Category: Combo List
Content: A forum user distributed a free email combo list purportedly targeting South Korean accounts, labeled as batch 36 of 100. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-12T03:34:16Z
Network: openweb
Published URL: https://patched.to/Thread-free-premium-south-korea-email-list-batch-36-100
Screenshots:
None
Threat Actors: emaildbpro
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of alleged Hotmail credential combo list
Category: Combo List
Content: A threat actor operating as NovaCloud0x has shared what is claimed to be a combo list of valid Hotmail credentials via an external paste link. The record count and origin of the credentials are unknown. Content is gated behind forum registration or login.
Date: 2026-05-12T03:33:59Z
Network: openweb
Published URL: https://patched.to/Thread-hotmail-all-vailds
Screenshots:
None
Threat Actors: NovaCloud0x
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged database leak of UK gambling collection
Category: Data Leak
Content: A threat actor known as BitBandit has shared or distributed an alleged database dump purportedly containing 5 million records associated with UK gambling entities. The collection is described as a compilation of leads. No further details regarding the affected organizations or data fields are available from the post.
Date: 2026-05-12T03:25:51Z
Network: openweb
Published URL: https://breachforums.rs/Thread-COLLECTION-UK-GAMBLING-COLLECTION-5-MILLION-LEADS
Screenshots:
None
Threat Actors: BitBandit
Victim Country: United Kingdom
Victim Industry: Gambling
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged data breach of Guidely (guidely.in), Indian ed-tech platform
Category: Data Breach
Content: A threat actor on a leaks forum is offering for sale an alleged dataset of 1,500,000 rows of PII from Guidely.in, an Indian ed-tech platform formerly known as IBPSGuide. The dataset is offered in CSV format and purportedly includes names, email addresses, mobile numbers, hashed data possibly representing passwords, account types, sex, and dates of birth. The seller is asking $5,000 worth of cryptocurrency.
Date: 2026-05-12T02:56:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-India-1-500-000-rows-of-PII-from-Guidely-in
Screenshots:
None
Threat Actors: BigBrother
Victim Country: India
Victim Industry: Education
Victim Organization: Guidely
Victim Site: guidely.in
Recruitment of penetration testers targeting Chinese websites and CMS vulnerabilities
Category: Services
Content: A forum user is recruiting penetration testers on a remote, long-term basis to conduct offensive operations exclusively against Chinese websites and CMS platforms. Roles include 0day/nday vulnerability research through source code analysis and obtaining web shells on Chinese targets. Applicants are offered a $50 test payment upon demonstrating web shell access to a provided target.
Date: 2026-05-12T02:56:04Z
Network: openweb
Published URL: https://darkforums.su/Thread-Buying-Hiring-Penetration-Testers
Screenshots:
None
Threat Actors: jackstanton787
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Indonesian government and agriculture sector PII dataset with 2.79 million records
Category: Data Breach
Content: A threat actor on a darknet forum is offering for sale a dataset of approximately 2,795,000 records allegedly containing personal information of Indonesian individuals, including full names, email addresses, phone numbers, and employer or institutional affiliations. Sample data indicates records are associated with Indonesian government agricultural agencies, provincial agriculture offices, and related institutions. The listing is titled SELL PII INDONESIA and includes fields for name, email,
Date: 2026-05-12T02:55:24Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-SELL-PII-INDONESIA-2795K-INCLUDE-NAME-GMAIL-NUMBER
Screenshots:
None
Threat Actors: 053o
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of i-Run (i-run.fr)
Category: Data Breach
Content: A threat actor on a cybercrime forum claims to have breached i-Run, a French online sports retailer, with a reported breach date of 11 April 2026. The dataset allegedly contains 1,223,520 records including customer names, email addresses, dates of birth, postal addresses, and phone numbers. A sample of records was shared in the post as evidence.
Date: 2026-05-12T02:54:49Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-i-Run-i-run-fr-1-223-520
Screenshots:
None
Threat Actors: lowiqq
Victim Country: France
Victim Industry: Retail
Victim Organization: i-Run
Victim Site: i-run.fr
Sale of alleged Linux local privilege escalation zero-day exploit
Category: Vulnerability
Content: A threat actor on DF Sellers Place is offering what they claim to be a zero-day local privilege escalation (LPE) vulnerability affecting Linux systems. No further technical details or pricing information were available in the post.
Date: 2026-05-12T02:54:06Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-0day-Linux-LPE
Screenshots:
None
Threat Actors: berz0k
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of undisclosed crypto tax platform
Category: Data Breach
Content: A threat actor operating under the alias MichelMonet is selling a database allegedly obtained from a crypto tax platform, dated February. The dataset purportedly includes user email addresses, wallet addresses, exchange sync data, and account balances across multiple platforms including Coinbase, Binance US, and Gemini.
Date: 2026-05-12T02:52:39Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Crypto-Tax-Platform-DB
Screenshots:
None
Threat Actors: MichelMonet
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Crypto Tax Platform
Victim Site: Unknown
Alleged data leak of Russian medical laboratory MyAreal (myareal.ru)
Category: Data Leak
Content: A threat actor on a database leak forum claims to have leaked data from MyAreal, a Russian allergy testing laboratory, allegedly obtained in November 2025. The archive reportedly contains over 300 records including user CSV files, test result CSV files, and PDF allergy test reports, with affected data including names, email addresses, phone numbers, physical addresses, and medical test results. Sample records with patient names and allergy test outcomes were shared publicly in the post.
Date: 2026-05-12T02:51:23Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-russian-myareal-ru-leak
Screenshots:
None
Threat Actors: dnst
Victim Country: Russia
Victim Industry: Healthcare
Victim Organization: MyAreal
Victim Site: myareal.ru
Alleged data breach of Gabloty.pl
Category: Data Breach
Content: A threat actor operating under the alias Katarinka has leaked an alleged database dump from Gabloty.pl, a Polish retail website. The dump totals 66,435 rows across 64 CSV tables and includes customer records, admin user data, order and address information, and marketing leads.
Date: 2026-05-12T02:50:48Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Gabloty-pl-dump
Screenshots:
None
Threat Actors: Katarinka
Victim Country: Poland
Victim Industry: Retail
Victim Organization: Gabloty.pl
Victim Site: gabloty.pl
Sale of alleged Canva admin panel access with 500-user capacity
Category: Initial Access
Content: A threat actor on a criminal forum is offering purported Canva Owner/Admin Panel access for approximately $30, advertised as supporting up to 500 users with a 3-year validity period. The listing claims full administrative control, including user management and access to Canva AI tools and Brand Kit features. The offer targets agencies, resellers, and businesses.
Date: 2026-05-12T02:43:54Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%AD%90%E2%AD%90%E2%AD%90Ca-nva-Verified-Owner-and-Admin-Panel-%E2%80%93-500-Users-3-Years-Access-30%E2%9A%A1%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Software/Technology
Victim Organization: Canva
Victim Site: canva.com
Sale of Manus AI Pro Plan subscription at discounted price
Category: Services
Content: A threat actor is offering a one-year Manus AI Pro Plan subscription for $130, discounted from the advertised retail price of $240. The listing claims to provide private activation credentials delivered via email, with 4,000 monthly credits and full Pro feature access.
Date: 2026-05-12T02:43:33Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9A%A1%E2%9A%A1%E2%9A%A1Unlock-the-Power-of-Manus-AI-%E2%80%94-PRO-PLAN-1-YEAR-130-%E2%9C%A8%E2%9C%A8%E2%9C%A8
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Make.com Team Plan subscription
Category: Services
Content: A threat actor is offering a one-year Make.com Team Plan subscription for $65, significantly below the stated retail price. The listing advertises full plan features including 120,000 operations per year and unlimited active scenarios, with activation delivered via email.
Date: 2026-05-12T02:43:16Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9C%A8%E2%9C%A8%E2%9C%A8Make-com-Team-Plan-%E2%80%93-1-Year-Activation-Directly-in-your-email-65%E2%AD%90%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of TextShift PRO one-year premium subscription access
Category: Services
Content: A threat actor on a cybercrime forum is selling one-year premium access to TextShift PRO, an AI text humanizer service, for $65 per account. Access is advertised as activated on the buyers own email with no shared accounts.
Date: 2026-05-12T02:42:58Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%AD%90%E2%AD%90%E2%AD%90TextShift-PRO-%E2%80%93-1-Year-Premium-Access-Available-on-your-own-email-65%E2%9A%A1%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of mixed-country credential logs
Category: Logs
Content: A threat actor distributed a collection of over 10,000 credential logs described as a geographic mix of countries via a file-sharing link. The logs are marketed as fresh and were shared at no stated cost on a criminal forum.
Date: 2026-05-12T02:42:43Z
Network: openweb
Published URL: https://cracked.st/Thread-HQ-LOGS-GeoMIX-COUNTRY-10000-Fresh
Screenshots:
None
Threat Actors: HULKMAD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Customer.io one-year subscription access
Category: Services
Content: A threat actor is offering a one-year Customer.io plan for $60, advertised as activated via a private email account with no shared access. Customer.io is a customer engagement and marketing automation platform; the legitimacy and origin of the offered access are unverified.
Date: 2026-05-12T02:42:39Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%AD%90%E2%AD%90%E2%AD%90Customer-io-%E2%80%94-1-YEAR-PLAN-%E2%9A%A1-Own-Email-Activation-60
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Warpfix Pro Plan subscription via forum listing
Category: Services
Content: A threat actor is offering a one-year Warpfix Pro Plan subscription for $60, significantly below the advertised retail price of $144. The listing claims activation on the buyers GitHub account with access to features including unlimited repository support, AI-assisted PR review, and security auto-patching. The origin or legitimacy of these subscriptions is unverified.
Date: 2026-05-12T02:42:21Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9A%A1-WARPFIX-%E2%80%94-PRO-PLAN-1-YEAR-In-Your-Email-60%E2%9A%A1
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Germany-targeted credential combo lists by threat actor @antalya_H
Category: Combo List
Content: A threat actor operating as @antalya_H is selling credential combo lists reportedly targeting Germany, marketed as private, fresh, and including Hotmail and mixed email combos. The listing advertises UHQ (ultra-high quality) inbox combos alongside logs and mail checkers, available via subscription or direct purchase. A sample is offered to prospective buyers.
Date: 2026-05-12T02:41:53Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-private-germany-%F0%9F%87%A9%F0%9F%87%AA-by-antalya-h-100-pvt
Screenshots:
None
Threat Actors: cloudantalya
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of German credential combo list containing 46,364 records
Category: Combo List
Content: A threat actor operating under the handle D4rkNetHub has distributed a combo list purportedly containing 46,364 credential pairs targeting German users. The content is hosted behind a registration or login gate on a dark net hub platform.
Date: 2026-05-12T02:41:16Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-46-364-Good-Germany-D4RKNETHUB-CLOUD
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Redefacement of cepurhuye.rw by Inside Alone7 of Hidden Cyber Crime
Category: Defacement
Content: On May 12, 2026, a threat actor known as Inside Alone7, operating under the group Hidden Cyber Crime, conducted a redefacement attack against the Rwandan website cepurhuye.rw. This incident marks a repeated compromise of the same target, indicating persistent adversary interest or unresolved security vulnerabilities on the victims web infrastructure. The defacement was documented and mirrored via zone-xsec.com.
Date: 2026-05-12T02:33:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920411
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Rwanda
Victim Industry: Unknown
Victim Organization: Cepurhuye
Victim Site: www.cepurhuye.rw
Website Redefacement of Scribal.be by Inside Alone7 of Hidden Cyber Crime
Category: Defacement
Content: The website scribal.be was redefaced on May 12, 2026, by threat actor Inside Alone7, operating under the group Hidden Cyber Crime. This incident is classified as a redefacement, indicating the site had been previously compromised and defaced. The attack was not categorized as a mass or home page defacement, suggesting a targeted file-level intrusion.
Date: 2026-05-12T02:31:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920407
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Belgium
Victim Industry: Unknown
Victim Organization: Scribal
Victim Site: www.scribal.be
Distribution of 12 million corporate business credentials combo list
Category: Combo List
Content: A threat actor known as CODER is distributing a combo list marketed as containing approximately 12 million corporate business credentials via Telegram channels. The list is advertised as freely available through associated Telegram groups, with direct requests also accepted via the actors personal Telegram handle.
Date: 2026-05-12T02:30:09Z
Network: openweb
Published URL: https://crackingx.com/threads/74991/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 8 million banking, crypto, and gaming credential combo list
Category: Combo List
Content: A threat actor operating under the alias CODER is distributing a combo list of approximately 8 million credentials purportedly covering banking, cryptocurrency, and gaming services, including named entities such as Mitsubishi UFJ Financial Group, Mizuho Bank, Banco Santander, and BBVA. The list is being made available via Telegram channels and a forum post.
Date: 2026-05-12T02:29:50Z
Network: openweb
Published URL: https://crackingx.com/threads/74993/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of FindPeaceWithGod.com by Inside Alone7 (Hidden Cyber Crime)
Category: Defacement
Content: On May 12, 2026, a threat actor known as Inside Alone7, affiliated with the group Hidden Cyber Crime, defaced a page on findpeacewithgod.com, a religious or faith-based website. The incident was a targeted single-page defacement, not classified as a mass or home page defacement. The attack details were mirrored and archived on zone-xsec.com.
Date: 2026-05-12T02:24:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920396
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: United States
Victim Industry: Religious/Non-Profit
Victim Organization: Find Peace With God
Victim Site: findpeacewithgod.com
Website Defacement of Reflections Counseling Texas by Inside Alone7 (Hidden Cyber Crime)
Category: Defacement
Content: On May 12, 2026, a threat actor known as Inside Alone7, affiliated with the group Hidden Cyber Crime, defaced the website of Reflections Counseling Texas, a mental health counseling service based in the United States. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity. Technical details such as server software and IP address were not disclosed.
Date: 2026-05-12T02:23:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920398
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: United States
Victim Industry: Healthcare / Mental Health Services
Victim Organization: Reflections Counseling Texas
Victim Site: reflectionscounselingtexas.com
Website Redefacement of Reflections Counseling Texas by Inside Alone7 (Hidden Cyber Crime)
Category: Defacement
Content: The website of Reflections Counseling Texas, a mental health counseling service based in Texas, USA, was defaced by threat actor Inside Alone7 operating under the group Hidden Cyber Crime on May 12, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised and targeted again. The attack was neither a mass defacement nor a homepage defacement, suggesting a targeted intrusion into a specific page or section of the site.
Date: 2026-05-12T02:21:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920403
Screenshots:
None
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: United States
Victim Industry: Healthcare / Mental Health Services
Victim Organization: Reflections Counseling Texas
Victim Site: www.reflectionscounselingtexas.com
Alleged data breach of MBet Brazilian online casino
Category: Data Breach
Content: A threat actor claims to have compromised the full customer database of MBet (mbet.br.com), a Brazilian online sports betting platform, in May 2026. The alleged breach exposes over 300,000 PII records including CPF numbers, phone numbers, dates of birth, mothers names, and account balances, alongside over 200,000 KYC documents such as ID cards, utility bills, and selfies. A data sample and partial database are being shared on a cybercrime forum.
Date: 2026-05-12T02:06:26Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-MBet-br-com-Online-Casino-Full-Database-KYC-PII-PART
Screenshots:
None
Threat Actors: zSenior
Victim Country: Brazil
Victim Industry: Gambling/Online Casino
Victim Organization: MBet
Victim Site: mbet.br.com
Website defacement of RM Future Tech by threat actor YIIX103
Category: Defacement
Content: On May 12, 2026, threat actor YIIX103 defaced the website of RM Future Tech, an Indian technology company, targeting the file yo.php. The attack was a singular, non-mass defacement with no team affiliation reported. Technical details such as server software and IP address were not disclosed in the available incident data.
Date: 2026-05-12T02:04:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/920381
Screenshots:
None
Threat Actors: YIIX103
Victim Country: India
Victim Industry: Technology
Victim Organization: RM Future Tech
Victim Site: rmfuturetech.co.in
Sale of proxy service credentials including ABC, PIA, and Luna proxies
Category: Services
Content: A threat actor on a criminal forum is offering 800 GB of proxy resources spanning ABC, PIA, and Luna proxy services at an undisclosed price. Interested buyers are directed to contact the seller directly.
Date: 2026-05-12T01:56:46Z
Network: openweb
Published URL: https://cracked.st/Thread-SELL-800-GB-ABC-PROXY-PIA-PROXY-ABC-PROXY-Luna-PROXY-PRICE-GOOD–2092611
Screenshots:
None
Threat Actors: foxsunday
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Spotify Premium upgrade service
Category: Services
Content: A threat actor is offering a one-year Spotify Premium account upgrade for $44.99, significantly below the listed retail price. The service purports to upgrade a buyers existing personal account with ad-free streaming, offline downloads, and unlimited skips.
Date: 2026-05-12T01:56:25Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-44-99-%E2%9A%A1-Spotify-Premium-%E2%80%93-1-Year-Upgrade-on-Your-Account-%E2%9C%85
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of corporate SMTP credential combo list with approximately 99,940 records
Category: Combo List
Content: A threat actor on a combolist forum has distributed a credential list marketed as corporate SMTP targets, containing approximately 99,940 records. No further details regarding the origin, affected organizations, or geographic scope were provided in the post.
Date: 2026-05-12T01:55:28Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-99-940-%E2%9A%A1-Corp-SMTP-Target
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of residential/datacenter proxy bandwidth on criminal forum
Category: Services
Content: A threat actor is offering 800 GB of proxy bandwidth across multiple providers, including ABC Proxy, PIA, and Luna Proxy, for sale on a criminal forum. The seller directs interested buyers to contact them directly for pricing details.
Date: 2026-05-12T01:55:01Z
Network: openweb
Published URL: https://cracked.st/Thread-SELLL-800-GB-ABC-PROXY-PIA-PROXY-ABC-PROXY-Luna-PROXY-PRICE-GOOD
Screenshots:
None
Threat Actors: foxsunday
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of USA mail access combo list
Category: Combo List
Content: A threat actor distributed a combo list labeled X808 USA MAIL ACCESS MIX containing credentials for US-based mail accounts. The content is described as private data from the poster and is accessible to registered forum members.
Date: 2026-05-12T01:54:41Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%92%A4x808-usa-mail-access-mix%F0%9F%92%A4%E2%9C%A8-11-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Twitter/X API bypass service via TWTAPI.IO
Category: Services
Content: A threat actor is advertising TWTAPI.IO, a commercial API service that claims to bypass X (Twitter) fingerprinting, query ID rotation, and authentication controls. The service offers account login via username, password, and 2FA, returning session tokens and cookies for reuse. Tiered pricing ranges from a free tier to enterprise plans supporting up to 1,000 requests per second.
Date: 2026-05-12T01:54:33Z
Network: openweb
Published URL: https://patched.to/Thread-diamond-twtapi-io-%E2%80%94-simplified-api-for-x-twitter
Screenshots:
None
Threat Actors: twtdev
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 1.3K Poland-Canada email credentials combo list
Category: Combo List
Content: A threat actor distributed a combo list of approximately 1,300 email account credentials purportedly associated with Poland and Canada. The data is shared as hidden content requiring forum registration and is described as old data from a private collection.
Date: 2026-05-12T01:54:24Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%92%A41-3k-poland-canada-mail-access-mix%F0%9F%92%A4%E2%9C%A8-11-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of phishing kit with cookie-stealing and 2FA bypass capabilities
Category: Phishing
Content: A threat actor is offering phishing pages designed to steal session cookies from multiple platforms including Office 365, Gmail, Yahoo, Facebook, iCloud, Intuit, and AOL. The kit advertises automatic OTP and 2FA bypass functionality, with results delivered via Telegram and an admin panel. The offering supports custom domain configuration and is marketed as optimized for both mobile and desktop targets.
Date: 2026-05-12T01:53:36Z
Network: openweb
Published URL: https://demonforums.net/Thread-Selling-Cookies-Grab-Page-Auto-2FA-OTP-Bypass-24-7-Support
Screenshots:
None
Threat Actors: imi_jav1995
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail account access tool
Category: Services
Content: A threat actor is offering a tool advertised as an Ultimate Hotmail Access Tool on a cracking forum. The content is hidden behind registration or login, limiting visibility into specific capabilities or pricing.
Date: 2026-05-12T01:53:10Z
Network: openweb
Published URL: https://demonforums.net/Thread-ULTIMATE-HOTMAIL-ACCESS-TOOL
Screenshots:
None
Threat Actors: AWSCRACKSISTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list containing 10.1K entries
Category: Combo List
Content: A threat actor operating under the alias RedCloud has distributed a combo list of approximately 10,100 Hotmail credentials, marketed as valid and ultra-high quality. The content is gated behind forum registration and also promoted via Telegram.
Date: 2026-05-12T01:52:34Z
Network: openweb
Published URL: https://demonforums.net/Thread-10-1K-%E2%9A%A1Hotmail%E2%9A%A1Valid-Mail-Access-12-05
Screenshots:
None
Threat Actors: RedCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 9.9 GB credential log compilation
Category: Logs
Content: A threat actor known as thejackal101 is distributing a 9.9 GB compressed collection of ULP-format credential logs on a cybercrime forum. The credentials are marketed as fresh and high quality, with additional logs available via a linked Telegram channel.
Date: 2026-05-12T01:52:30Z
Network: openweb
Published URL: https://demonforums.net/Thread-Request-%E2%9C%AA-9-9-GB-%E2%9C%AA-CLOUD-S-%E2%9C%AA-ULP-LOG-S-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Peru credential combo list containing 114K records
Category: Combo List
Content: A threat actor distributed a combo list of approximately 114,000 credentials allegedly associated with Peru. The list is dated May 11, 2026, and was shared on a combolist forum.
Date: 2026-05-12T01:48:45Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-114-K-Combo-%E2%9C%AA-Peru-%E2%9C%AA-11-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Philippines credential combo list
Category: Combo List
Content: A threat actor distributed a combo list containing approximately 98,000 email and password pairs purportedly sourced from the Philippines. The credentials are marketed as fresh and high quality, dated May 11, 2026. The content is gated behind forum registration or login.
Date: 2026-05-12T01:47:20Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-98-K-Combo-%E2%9C%AA-Philippines-%E2%9C%AA-11-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Pakistani credential combo list containing 43,000 entries
Category: Combo List
Content: A threat actor on a combolist forum has distributed a credential combo list purportedly containing over 43,000 entries associated with Pakistan, dated May 11, 2026. The list was shared freely on the forum with no additional context provided.
Date: 2026-05-12T01:45:43Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-43-K-Combo-%E2%9C%AA-Pakistan-%E2%9C%AA-11-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of New Zealand credential combo list
Category: Combo List
Content: A threat actor distributed a combo list containing over 20,000 credentials purportedly associated with New Zealand users, dated May 11, 2026. The list was shared on a combolist forum by the user thejackal101. No further details regarding the source or targeted services are available.
Date: 2026-05-12T01:44:21Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-20-K-Combo-%E2%9C%AA-New-Zealand-%E2%9C%AA-11-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Nigerian credential combo list
Category: Combo List
Content: A threat actor distributed a combo list containing approximately 15,000 credentials reportedly associated with Nigeria, dated May 11, 2026. The list was shared on a combolist forum by the user thejackal101.
Date: 2026-05-12T01:42:57Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-15-K-Combo-%E2%9C%AA-Nigeria-%E2%9C%AA-11-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Norwegian credential combo list
Category: Combo List
Content: A threat actor distributed a combo list containing approximately 15,000 credentials allegedly associated with Norway. The list is dated May 11, 2026, and was shared on a combolist forum.
Date: 2026-05-12T01:41:35Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-15-K-Combo-%E2%9C%AA-Norway-%E2%9C%AA-11-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of webshells by threat actor
Category: Initial Access
Content: Threat actor advertising the sale of webshells with contact via @muchbetterkyless. Webshells are commonly used for initial access and post-exploitation persistence.
Date: 2026-05-12T01:33:12Z
Network: telegram
Published URL: https://t.me/cashnetworkc2/365
Screenshots:
None
Threat Actors: muchbetterkyless
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of mixed credential combolist containing 90.9K entries
Category: Combo List
Content: A threat actor distributed a combolist of approximately 90,900 email access credentials via a Mediafire link on a combolist forum. The post markets the entries as valid, private, and ultra-high quality, dated May 12, 2026. No specific victim organization or industry is identified.
Date: 2026-05-12T01:28:51Z
Network: openweb
Published URL: https://crackingx.com/threads/74988/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged valid Hotmail credential combo list
Category: Combo List
Content: A threat actor operating under the alias noir is offering a combo list purportedly containing valid Hotmail credentials, marketed as UHQ (ultra-high quality). The listing references a private cloud download and directs interested parties to a Telegram handle for access.
Date: 2026-05-12T01:28:31Z
Network: openweb
Published URL: https://crackingx.com/threads/74990/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of webshells
Category: Initial Access
Content: Threat actor advertising the sale of webshells at low prices, offering direct message contact for transactions.
Date: 2026-05-12T01:27:54Z
Network: telegram
Published URL: https://t.me/c/2315649855/365
Screenshots:
None
Threat Actors: muchbetterkyless
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of URL:login:password credential combo list
Category: Combo List
Content: A threat actor operating under the handle BOXOWNER distributed a credential combo list in URL:login:password format, dated May 26, 2025. The post indicates additional updates are planned. No specific victim organization, industry, or record count was disclosed.
Date: 2026-05-12T01:04:03Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F-BOX-MAIN-NEW-URL-LOG-PASS-12-05-26%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8FPART-1
Screenshots:
None
Threat Actors: BOXOWNER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Europa Germany Mixed Combolist containing approximately 706,850 credential lines
Category: Combo List
Content: A threat actor distributed a combolist of approximately 706,850 lines described as a mixed Europa/Germany credential dataset. The list was shared on a criminal forums combolist section. No additional details regarding data origin or freshness were provided in the post.
Date: 2026-05-12T01:03:43Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-706-850-Lines-%E2%9C%85-Europa-Germany-Mixed-Combolist
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of mixed credential logs and ULP combolist sample
Category: Logs
Content: A threat actor is freely distributing a sample combolist described as containing mixed email credentials, logs, and ULP (URL:Login:Password) entries. The data is promoted via a Telegram channel and associated website. No victim organization, industry, or record count is specified.
Date: 2026-05-12T01:03:34Z
Network: openweb
Published URL: https://cracked.st/Thread-Private-Ulp-From-Primedatanet-Good-For-all
Screenshots:
None
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 1.2K French email access combo list
Category: Combo List
Content: A threat actor known as SecureTrax has shared a combo list of approximately 1,200 email access credentials purportedly associated with France-based accounts, dated 11.05. The post notes the data is older and sourced from a private collection maintained by the author.
Date: 2026-05-12T01:03:23Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%99%A8%EF%B8%8F1-2k-FRANCE-MAIL-ACCESS-MIX%E2%99%A8%EF%B8%8F-11-05
Screenshots:
None
Threat Actors: SecureTrax
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Hotmail credential combo list
Category: Combo List
Content: A threat actor distributed a combo list of Hotmail credentials, labeled as old data, on a combolist forum. The content is gated behind registration or login. No record count or pricing was specified.
Date: 2026-05-12T01:03:03Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%92%A4x781-hotmail-mail-access%F0%9F%92%A4%E2%9C%A8-11-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 1.5K Hotmail credential combolist
Category: Combo List
Content: A threat actor distributed a combolist containing approximately 1,500 Hotmail credentials on a cybercrime forum. The data is labeled as old and marketed as VIP Cloud mail access. Access to the content requires forum registration or login.
Date: 2026-05-12T01:02:45Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%92%A41-5k-hotmail-mail-access%F0%9F%92%A4%E2%9C%A8-11-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Netherlands credential combo list
Category: Combo List
Content: A threat actor distributed a combo list containing approximately 165,000 credentials purportedly associated with Netherlands-based accounts. The content is dated May 11, 2026, and is gated behind forum registration or login.
Date: 2026-05-12T01:02:27Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%AA-165-k-combo-%E2%9C%AA-netherlands-%E2%9C%AA-11-may-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of Netherlands email:password combo list
Category: Combo List
Content: A threat actor distributed a combo list of approximately 165,000 email and password pairs purportedly associated with Netherlands-based accounts. The credentials are marketed as fresh and high quality, dated May 11, 2026.
Date: 2026-05-12T01:02:17Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%AA-165-K-Combo-%E2%9C%AA-Netherlands-%E2%9C%AA-11-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Binance user database
Category: Data Leak
Content: A threat actor operating under the alias dRACO claims to have leaked a database allegedly belonging to Binance (binance.com), containing approximately 1.5 million records. The post was shared on a database leaks forum, though post content is restricted and the claim remains unverified.
Date: 2026-05-12T01:01:19Z
Network: openweb
Published URL: https://darkpro.net/threads/binance-2026-latest-database-1-5-million-by-draco-top-carder.23112/
Screenshots:
None
Threat Actors: Draco
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Binance
Victim Site: binance.com
Distribution of 2.5 GB mixed private logs
Category: Logs
Content: A threat actor known as glyn11 is distributing approximately 2.5 GB of mixed private logs containing credentials on a cybercrime forum. The content is gated behind registration or login, suggesting access is limited to forum members.
Date: 2026-05-12T01:01:12Z
Network: openweb
Published URL: https://demonforums.net/Thread-2-5-gb-mix-private-logs
Screenshots:
None
Threat Actors: glyn11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged Coinbase database affecting 80,000 users
Category: Data Breach
Content: A threat actor identified as Draco is offering for sale an alleged database dump attributed to Coinbase (coinbase.com) containing records on approximately 80,000 users, priced at $490. The listing is dated 2026 and includes sample data accessible to registered forum members. Contact is directed through a Telegram handle.
Date: 2026-05-12T01:01:01Z
Network: openweb
Published URL: https://darkpro.net/threads/coinbase-database-80k-users-2026-by-draco-from-darpro-legitcarders.23113/
Screenshots:
None
Threat Actors: Draco
Victim Country: United States
Victim Industry: Finance
Victim Organization: Coinbase
Victim Site: coinbase.com
Alleged leak of Israeli personal records database
Category: Data Leak
Content: A threat actor shared what is claimed to be a database of 8,300 Israeli personal records. Each record allegedly contains fields including national ID, full name, previous name, date of birth, parental names, birth country, and immigration year. The data was made available on a database leak forum.
Date: 2026-05-12T01:00:42Z
Network: openweb
Published URL: https://darkpro.net/threads/israel-personal-database-8-3k-complete-records.23114/
Screenshots:
None
Threat Actors: Draco
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Forum post requesting assistance on BF3 Databases
Category: Data Breach
Content: A user on the BF3 Databases forum posted a plea asking not to be banned and requesting help. No content was available for further analysis; no specific threat, victim, or data exposure was identified.
Date: 2026-05-12T00:59:35Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Before-you-ban-me-please-read-this-%E2%80%94-I-genuinely-need-help
Screenshots:
None
Threat Actors: usernameff1234567890
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of stolen payment cards and credential combolists by Pepecard and associates
Category: Combo List
Content: Pepecard, a carding service claiming three years of operation, is selling stolen payment cards (US/Canada/UK/Global) at $1-$1.50 per card with 75-95% validity rates. Operator Wěilóng is simultaneously offering combolists for Hotmail, kleinanzeigen, eBay, Reddit, Poshmark, Depop, Walmart, Amazon and other platforms across multiple countries (DE, FR, IT, BR, UK, US, JP, PL, RU, ES, NL, MX, CA, SG).
Date: 2026-05-12T00:49:58Z
Network: telegram
Published URL: https://t.me/c/2613583520/79916
Screenshots:
None
Threat Actors: Pepecard
Victim Country: United States, Canada, United Kingdom, Germany, France, Italy, Brazil, Japan, Poland, Russia, Spain, Netherlands, Mexico, Singapore
Victim Industry: Financial services, e-commerce, email providers
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 120,000 mixed credentials combolist
Category: Combo List
Content: A threat actor operating under the alias alex12 is distributing a combolist of approximately 120,000 email and password credential pairs, marketed as fresh and high quality. The list purportedly includes credentials from multiple providers and regions including AOL, Yahoo, Hotmail, Outlook, and users from the US, UK, France, Germany, and other countries. The actor also advertises paid combo services via Telegram.
Date: 2026-05-12T00:36:21Z
Network: openweb
Published URL: https://crackingx.com/threads/74985/
Screenshots:
None
Threat Actors: alex12
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen credit cards, fullz, and financial account access services
Category: Carding
Content: A threat actor is offering stolen credit cards, fullz with full personal information, ATM dumps with Track 1/2 and PIN, cloned ATM cards, CVV/CCV data, and PayPal account loading services. The listing also includes freshly updated EBT dumps and state-specific inventory across multiple US states. The actor is soliciting business partners and new customers via direct message.
Date: 2026-05-12T00:31:50Z
Network: openweb
Published URL: https://altenens.is/threads/i-want-to-introduce-you-all-to-my-service-im-hacker-and-a-money-making-vendor-i-provide-the-best-tools-on-here-im-on-here-looking-for-a-busine.2938172/unread
Screenshots:
None
Threat Actors: 247ywg
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of UHQ Yahoo combo list with 500K credentials
Category: Combo List
Content: A threat actor distributed a combo list of 500,000 Yahoo credentials marketed as UHQ and fresh. The post was sponsored by slateaio.com. Per combo list conventions, Yahoo is the credential-stuffing target, not the breach victim.
Date: 2026-05-12T00:15:36Z
Network: openweb
Published URL: https://cracked.st/Thread-500K-UHQ-YAHOO-COMBO-FRESH–2092594
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 430K UHQ Outlook credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 430,000 Outlook credentials marketed as UHQ and fresh. The post is sponsored by an AIO checker service, suggesting the credentials are intended for credential stuffing use.
Date: 2026-05-12T00:15:13Z
Network: openweb
Published URL: https://cracked.st/Thread-430K-UHQ-OUTLOOK-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Gmail combo list with 8.7 million credentials
Category: Combo List
Content: A threat actor is offering a combo list containing 8.7 million Gmail credentials, marketed as ultra-high quality and fresh. The post is sponsored by an AIO/checker tool service. The credentials are intended for credential stuffing and are not indicative of a breach of Gmail itself.
Date: 2026-05-12T00:14:50Z
Network: openweb
Published URL: https://cracked.st/Thread-8-7M-UHQ-GMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 2.3 million UHQ mixed mail credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 2.3 million mixed mail credentials, marketed as fresh and high quality. The post is sponsored by a credential-stuffing tool service.
Date: 2026-05-12T00:14:27Z
Network: openweb
Published URL: https://cracked.st/Thread-2-3M-UHQ-MIXED-MAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 1.1 million UHQ Hotmail credentials
Category: Combo List
Content: A threat actor is distributing a combo list advertised as containing 1.1 million UHQ Hotmail credentials marketed as fresh. The post is sponsored by vows.solutions.
Date: 2026-05-12T00:14:05Z
Network: openweb
Published URL: https://cracked.st/Thread-1-1M-UHQ-HOTMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Sneak Energy products via forum
Category: Services
Content: A forum user is advertising discounted Sneak Energy products at 50% off via Telegram, with delivery estimated at 1-2 weeks. The post does not contain explicit threat content but appears to be a resale or fraudulent retail offer on a cybercrime forum.
Date: 2026-05-12T00:14:01Z
Network: openweb
Published URL: https://cracked.st/Thread-B4U-ACETATED-SNEAK-ENERGY-50-OFF-CHEAP-CAFFEINE-FAST-DELIVERY
Screenshots:
None
Threat Actors: acetated
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of Hotmail combo list
Category: Combo List
Content: A threat actor is distributing a combo list of 1,500 Hotmail credentials, marketed as fresh and high quality. The content is gated behind registration or login on the forum. No breach of a specific organization is claimed.
Date: 2026-05-12T00:13:24Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1500x-%E2%AD%90%E2%AD%90-fresh-hq-hotmails-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: Pirate999
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment cards, dumps, and skimmer services
Category: Carding
Content: A threat actor is selling stolen payment card data including virtual credit cards (VCCs), card dumps with PINs, and skimmer-sourced data from the US, UK, CA, AU, EU, and other regions. The seller claims to operate physical skimmers and POS terminals and offers dumps with full cardholder details including card number, expiration date, CVV, and address. Contact is facilitated via Telegram.
Date: 2026-05-12T00:07:25Z
Network: openweb
Published URL: https://altenens.is/threads/i-sell-legit-products-good-best-quality-services-contact-me-to-make-money-for-a-long-time.2938140/unread
Screenshots:
None
Threat Actors: rhuellemann
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of URL:Login:Password combo lines derived from stealer logs
Category: Combo List
Content: A threat actor is distributing a 2.4GB collection of URL:login:password lines sourced from stealer logs, advertised as a daily free release via Telegram. The dataset includes mixed regional credentials spanning EU, UK, and various European countries, as well as Hotmail, Live, Outlook, and MSN accounts. The actor also advertises cookies and cloud-related data, with additional items available for purchase via Telegram.
Date: 2026-05-12T00:06:37Z
Network: openweb
Published URL: https://altenens.is/threads/2-4gb-url-login-pass-lines-from-logs.2938144/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 63K mixed email credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 63,000 mixed email credentials, including Hotmail, Live, Outlook, and MSN accounts sourced from multiple European countries. The post advertises daily free releases of combo lists, logs, and cookies via a Telegram channel, with additional material available for purchase.
Date: 2026-05-12T00:01:39Z
Network: openweb
Published URL: https://altenens.is/threads/63k-mix-lines-mail-access.2938139/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with approximately 6,000 lines
Category: Combo List
Content: A threat actor is distributing approximately 6,000 Hotmail/Live/Outlook credential lines via a Telegram channel. The post advertises mixed EU combo lists including UK, FR, PL, DE, and IT entries, along with logs and cookies, offered both freely and for sale via Telegram.
Date: 2026-05-12T00:01:08Z
Network: openweb
Published URL: https://altenens.is/threads/6k-hotmail-lines-mail-access.2938141/unread
Screenshots:
None
Threat Actors: WhiteMelly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown