[May-16-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This report details a massive series of recent cyber incidents, providing key intelligence for each event based strictly on the provided dataset. The threat landscape captured in this data reflects a highly active, organized, and deeply commodified underground cybercrime ecosystem operating primarily across open-web cracking forums (e.g., breached.st, cracked.st, patched.to, demonforums.net) and anonymous networks such as Telegram and Tor. The incidents span a vast geographical footprint—affecting the United States, France, Japan, Australia, Indonesia, Morocco, Israel, and numerous other nations.

The primary categories of threat activity observed include the rampant distribution and monetization of “Combo Lists” (credential sets used for automated account takeover attacks), high-impact corporate and government data breaches, the sale of Initial Access to corporate and government networks, systemic website defacement campaigns driven by hacktivist groups, and the illicit trade of malware, exploits, and financial fraud services. This report systematically breaks down these threats, profiling the responsible threat actors, analyzing the targeted victimology, and detailing the specific operational methodologies utilized in these compromises.

2. In-Depth Analysis of Data Breaches and Leaks

The dataset reveals an alarming number of high-profile data breaches across multiple sectors, including government, healthcare, telecommunications, retail, and technology. Threat actors are actively monetizing these databases, often offering samples via Pastebin or Hastebin and concluding sales through encrypted Telegram channels.

2.1. Government and Defense Breaches

Government entities are prime targets for extortion, espionage, and data brokering.

Morocco Government Portals: A threat actor operating under the alias “OxO” is selling an alleged breach of multiple Moroccan government portals, specifically targeting education and tax authority domains. The dataset allegedly contains 827,000 lines of data across 16MB, sourced from at least nine distinct gov.ma subdomains. The data was published on darkforums.su on May 15, 2026, with the actor directing buyers to a Telegram contact. Another actor, “fexus,” also claimed to have leaked approximately 78,082 lines of data from these same Moroccan education and tax ministry domains, distributing it for free.
CCAS Dunkerque (France): A threat actor known as “arpanet7444” leaked data allegedly belonging to CCAS Dunkerque, a French municipal social action center. The actor utilized a Tor-based forum to share the anonymous file-sharing link and simultaneously offered to sell 220 additional records of French personal data for $500 via Telegram.
Perum Daerah Tirta Musi (Indonesia): A database allegedly sourced from the Indonesian regional water utility, perumdatirtamusi.co.id, was listed for sale by the threat actor “Sorb”. The dataset contains over 437,000 customer records, including 257,000 unique phone numbers, names, addresses, meter data, and tariff codes. The asking price is $300, with escrow accepted.
Bengkalis Regency DPMPTSP (Indonesia): Threat actor “vicmeow” published an alleged 13MB SQL database dump of the Integrated Electronic Licensing Service (epinter.bengkaliskab.go.id) via a file-sharing link on darkforums.su.

2.2. Healthcare and Pharmaceutical Breaches

The healthcare sector faces immense risk due to the highly sensitive nature of patient and clinical data.

Eli Lilly: In a massive corporate compromise, the threat actor “TeamPCP” alleges to be selling over 1,200 internal source code repositories (totaling 80GB compressed) stolen from the pharmaceutical giant Eli Lilly. The repositories purportedly cover drug research tools, AI agents, medical devices, manufacturing systems, and clinical platforms. Furthermore, an additional 40GB of documents allegedly exfiltrated from Eli Lilly’s Veeva vault are included. The actor is demanding $70,000 USD for exclusive rights, threatening to leak the data if the company does not pay.
Arrotex Pharmaceuticals (Australia): Threat actor “wower” is offering an astonishing 2.5 TB of data allegedly exfiltrated from Australian healthcare company Arrotex Pharmaceuticals. The compromised files reportedly include recruitment records, partner/distributor information, financial documents, sales data, and strategic business plans.
Nirvasa (India): A database dump from Indian digital healthcare platform Nirvasa is being sold by “Masterbyte” for $600. The dataset contains roughly 3.5 million user records (2.9 million unique phone numbers), exposing first names, last names, emails, pincodes, and addresses from 2024 to 2026.
Afrilims (South Africa): Threat actor “yra404” leaked the full database of afrilims.co.za across all subdomains. This highly sensitive dump includes tables for doctors, patients, and users, exposing medical data, ICD-10 codes, dates of birth, and hashed passwords.
Wateen (Saudi Arabia): A database allegedly obtained from wateenapp.org, the official Saudi Ministry of Health blood donation application, was leaked by “lulzintel”. It exposes 180,438 blood donors’ names, blood groups, genders, mobile numbers, ID numbers, and blood bag details.

2.3. Retail, E-Commerce, and Hospitality

Retailers hold vast repositories of consumer data, making them lucrative targets.

Auchan (France): Threat actor “Lagui” is selling a database dump from French retail chain Auchan, encompassing 1.29 million customer records. The fresh, unprocessed dataset includes names, emails, phone numbers, postal addresses, and loyalty card numbers.
Nike (USA): The threat actor “Saikaa” listed an alleged database belonging to Nike (nike.com) on a Tor-based forum, though specific record counts or data types were withheld.
Maeva Group (France): Threat actor “ChimeraZ” leaked an immense database dump belonging to French vacation rental company Maeva Group, encompassing 4,575,065 customer records and 38,945 residence entries in JSON format. The data, spanning domains like maeva.com and vacansoleil.com, exposes passenger names, phone numbers, and reservation details.
eSky (Poland/Brazil): Threat actor “OxO” is selling a database from esky.com containing 10.3 million records related to Delta Airlines Brazil travelers, exposing dates of birth, genders, full names, addresses, and phone numbers.
Podarok (Israel): 5,802 Israeli user records from the e-commerce site podarok.co.il were leaked by “yra404,” exposing names, emails, passwords, and addresses.
Magic Seller (South Korea): An alleged database dump from magicseller.co.kr was shared by “KoreanAshley,” including SQL table schemas for user credentials and social media account references.

2.4. Telecommunications, Finance, and Technology

Movistar Venezuela: Threat actor “GordonFreeman” claims to have breached Movistar Venezuela, obtaining 4.15 million customer records (ID numbers, names, billing accounts, lifecycle status) dated 2026. A proof-of-concept of 5,000 rows was publicly shared.
Coinbase: Threat actor “OxO” has repeatedly listed a massive 1 million customer record database from Coinbase. The dataset purportedly includes rich PII (name, address, IP) alongside deeply sensitive financial metrics, such as total deposits, withdrawals, and annual income.
Binance Australia: Threat actor “DanzNismXst7” is selling 470,000 Binance Australia user records for $3000 USD via Telegram. The data includes PII and trading pair/exchange data.
Telegram: Multiple listings exist for Telegram user databases. For instance, “Meowl” and “OxO” are selling datasets of approximately 770,000 to 771,000 records containing user IDs, phone numbers, and usernames.
Rockstar Games: The notorious “ShinyHunters” group leaked 78.6 million Snowflake records allegedly belonging to Rockstar Games. The breach reportedly occurred through an Anodot.com integration. ShinyHunters distributed the data via a direct download link, clarifying it was a pure leak, not a ransom attempt.
BreachForums itself: In a twist of fate, “ShinyHunters” also claimed to have acquired the BreachForums database backup (bf_03_2026.sql.7z) following an unauthorized leak in January 2026. The group threatened to leak complete backups, private messages, and IPs if forum clones continued to operate, providing a direct SQL archive link on Telegram.

3. The Proliferation of Combo Lists and Credential Stuffing

The vast majority of the intelligence data comprises the distribution of “Combo Lists.” These are massive text files containing email (or username) and password combinations, typically aggregated from thousands of historical data breaches. Threat actors use these lists in conjunction with automated software (checkers) to perform “credential stuffing” attacks—testing the credentials against platforms like Netflix, banking sites, and email providers to find reused passwords.

The scale of credential distribution documented on May 15, 2026, is staggering, involving hundreds of millions of lines of data.

3.1. General and Mixed Mail Providers

Major email providers like Hotmail, Gmail, Yahoo, and Outlook are the most frequent targets, as compromising an email account often grants access to all linked services via password resets.

Hotmail/Outlook: Hotmail is highly targeted. Threat actor “Vows” distributed 4,000 UHQ Hotmail credentials sponsored by vows.solutions. Other actors shared massive datasets: 100,000 fresh Hotmail combos by “GhostlyGamer” , 394,000 records by “zubicks” , 722,000 USA Hotmail records by “MetaCloud3” , 265,000 semi-private records by “el_capitan” , and a massive 1.28 million mixed-country Hotmail list by “HqComboSpace”. Threat actors such as “GoldMailAccs” continuously flood forums with smaller, supposedly 100% valid, validated chunks of Hotmail hits (e.g., sets of 1,290; 8,335; 1,238; 2,874; 6,071; and 822 valid credentials).
Gmail: “Vows” distributed a massive 4.5 million UHQ Gmail combo list. Threat actor “el_capitan” also offered a 1.5 million Gmail combo list, actively advertising dumping and cracking tools on the side. “HqComboSpace” provided a 1.4 million line Gmail combo list. Furthermore, Vows distributed another 150,000 UHQ Gmail combo sponsored by slateaio.com.
Yahoo: “Vows” listed a 7.3K UHQ Yahoo list and a 40,000 credentials list. “CODER” distributed a staggering 1.2 million Yahoo credentials (across Yahoo.com, Yahoo.ie, and Sapo.pt) specifically targeted toward streaming services.
Mixed Providers: “Vows” shared a 1.2 million mixed mail combo list and a 10,000 UHQ mixed list. A threat actor operating as “distantguy” shared a massive URL:Login:Password (ULP) combo list containing up to 26 million lines , while “GoorG” shared a private 64 million line ULP combo list freely on a public forum. “lexityfr” distributed an incomprehensible 156 million ULP combo list alongside an 8 million line list. “NightFallCloud” advertised a 4.4 million mixed email combo list, boasting daily updates of 10,000–20,000 new lines.

3.2. Country-Specific Combo Lists

Threat actors explicitly curate and market combo lists by geographic region to facilitate localized fraud and bypass geographic security anomalies.

European Nations: “ImLupin” shared a 110,000 European email/password mix , and “Helpz11” shared a 120,000 European combo.
Germany: “el_capitan” offered a 140,000 Germany UHQ fresh combolist and “Megatron” offered 165,000 German credentials. “HqComboSpace” shared an 822,830-line German social and shopping platform combo list.
France: Threat actors shared numerous French lists, including 10,000 records by “zubicks” , 29,000 records targeting neuf.fr , 34,000 targeting numericable.fr , and 15,000 targeting orange.fr.
Asia & Oceania: “moser” distributed a 900,000 line Asia private list. “Maxleak” and “CobraEgy” supplied 31,000 Chinese email/password pairs. Japanese combos of 2,500 and 1,800 pairs were shared. “Megatron” shared 142,000 Indonesian records.
South & Central America: Extensive drops included 285,000 Mexican credentials by “el_capitan” , 129,000 Mexican by “Megatron” , 115,000 Colombian , 100,000 Argentine , 86,000 Ecuadorian , 71,000 Chilean , and 14,000 Dominican Republic credentials.
Eastern Europe: Drops included 280,000 Czech credentials , 107,000 Bulgarian credentials , 68,000 and 30,000 Polish records targeting onet.pl , and 19,000 Croatian credentials.
USA and UK: “el_capitan” supplied 310,000 USA credentials , while “T3z” sold a heavily filtered UK-targeted combolist.

3.3. Industry-Specific Combo Lists

Threat actors pre-sort credentials to maximize their value against specific industries.

Gaming: “CODER” distributed a staggering 13 million record gaming combo list , and later a 12 million Spotify/Gaming list. “zubicks” shared 295,000 gaming credentials. “MetaCloud3” distributed 733,000 records targeting Xbox and PlayStation Network (PSN) , 619,000 targeting Minecraft , and 702,000 targeting Eneba and G2A.
Streaming & Media: “Ra-Zi” marketed 140,000 credentials specifically for Netflix, Hulu, and Spotify. “HqComboSpace” distributed over 1 million lines targeted at streaming services via Hotmail accounts. “MetaCloud3” sold 700,000 records for music services.
Retail & E-commerce: “HqComboSpace” shared 616,904 credentials targeting European and German shopping services , and a 745,994 mixed-country shopping combo. “MetaCloud3” shared 581,000 lines for shopping/food , and 681,000 credentials targeting Etsy and eBay.
Education and Corporate: “zubicks” distributed 121,362 and 53,000 credentials tailored to the education sector. Corporate targeting included 75,205 corporate SMTP targets by “AiCombo” and 50,000 corporate-targeted combos by “GhostlyGamer”.
Cryptocurrency & Finance: “juanca02” offered crypto leads targeting the USA. “MetaCloud3” distributed 615,000 credentials aimed at cards and crypto platforms , while “Meowl” generated crypto leads of 1 million Coinbase targets and 500,000 international leads.

4. Initial Access Brokerage and Corporate Compromises

Initial Access Brokers (IABs) play a pivotal role in the modern ransomware and espionage lifecycle by compromising networks and selling that access to the highest bidder.

Government & Law Enforcement Access: In a highly concerning incident, threat actor “0056115” offered alleged direct portal access to law enforcement and government entities globally. This included the Royal Thai Police, Brazil Military Police, Argentina Police, and the Malaysia Government. The actor claimed capabilities for Emergency Disclosure Request (EDR) bypasses on major platforms like Instagram, Facebook, TikTok, Snapchat, Apple, and Microsoft—allowing unauthorized legal data retrieval without legitimate judicial process.
ICARO CLOUD S.L. MSP Compromise: The threat actor “macaroni” is selling highly sensitive network configuration data exfiltrated from the Spanish Managed Service Provider (MSP) ICARO CLOUD S.L.. By exploiting a single reused credential across managed devices, the actor obtained over 3,500 OPNsense configuration backups, WireGuard private keys, TLS certificates, and admin password hashes. This severely compromised 20 distinct corporate clients across healthcare, education, agriculture, and hospitality. The full dataset is priced at $3,750 in Monero (XMR).
Global Corporate RCE/SSH Access: Threat actor “apolloteller” is offering Remote Code Execution (RCE) and Secure Shell (SSH) access to multiple small to large corporations worldwide.
Military Domains: “lei_bf” is selling shell access to a military domain located in the Philippines. “shadowX,” affiliated with Nullsec Philippines, compromised the Ghana Military website (ga.mil.gh) and successfully deployed a webshell (rex.php), offering the access for sale via Telegram.
Cloud Infrastructure: Threat actor “PORTAL” rented out RDP access to critical cloud infrastructure spanning Azure, AWS, and DigitalOcean for $200.
Corporate Solicitation: A buyer operating under “mansory” publicly solicited suppliers of corporate network access, expressly excluding government or educational targets while showing a strong preference for “Tier 1” countries, proposing revenue-sharing models.

5. Malware, Exploitation Tools, and Hacker Services

The data highlights a thriving marketplace for sophisticated malicious tools, logs, and cybercriminal services.

5.1. Malware and Exploits

Millenium RAT: “shinyenigma” is actively selling Millenium RAT version 4.1 (a C++ trojan controlled via Telegram). The malware boasts keylogging, browser credential theft, Discord token grabbing, crypto wallet recovery, webcam/mic capture, privilege escalation, and anti-VM/anti-debug features, priced at a highly accessible $50/month or $90 for lifetime.
Nighthawk C2: The source code for Nighthawk C2 version 0.4 “Janus” is being sold on threat markets for approximately $7,500 USD, a discount from its original $10,000 price. The code was reportedly dumped and is actively circulated.
Soul Clipper v3: The threat actor “anonym” distributed a cracked version of Soul Clipper v3, a cryptocurrency clipper malware designed to intercept clipboard content and redirect crypto wallet addresses to the attacker.
BLAIIS 820: The “Infrastructure Destruction Squad” announced the development of BLAIIS 820, a specialized vulnerability scanning and exploitation tool aimed specifically at IIS servers and related industrial systems.
Trillium Security Multisploit Tool v4: Distributed on DemonForums, this modular framework integrates multiple exploit modules, payloads, and post-exploitation capabilities.
Amuse Crypt V2.0: A cracked version of this crypter was offered for free by “deanevan.” It provides polymorphic encryption, multi-layer obfuscation, and anti-detection capabilities to protect malicious payloads from antivirus detection.
Targeted Threats Against Binance: Following the freezing of their accounts, members of the “Infrastructure Destruction Squad” (developers of BankGhost Builder malware) launched a public vendetta against the Binance cryptocurrency exchange. They explicitly threatened to develop new malware targeting Binance News and other platforms, offering these tools for sale to anyone willing to execute retaliatory attacks.

5.2. Hacker Services and Utilities

OSINT/Doxing Bots: The forum user “threxian” distributed a free Telegram bot (@Leak4Base_Bot) that purportedly indexes over 100 billion data points globally. It allows threat actors to conduct deep OSINT lookups by phone number, email, or physical address.
Telegram Automation and Account Removal: Threat actor “cio” offered Telegram automation services for mass DMs, member scraping, and bot automation. Concurrently, “ivebtc” offered a paid service specifically to systematically remove and ban Telegram channels, personal accounts, and bots.
Fake Document Rendering: “SoulService” advertised a highly sophisticated fake document rendering service capable of producing fraudulent identity documents with generated MRZ codes, barcodes, and QR codes. The actor emphasized that all forensic traces of photo editing are algorithmically scrubbed.
Tooling: Numerous actors sold utilities to support the underground economy, such as “Hunter Mix Inbox Checker v8” (capable of validating accounts and bypassing security across 99% of email providers with bulk SMTP capabilities) , the cracked “Crosshair X” account checker , and “BasesPro,” a tool featuring over 3,000 methods for refactoring mail:pass databases.

6. Website Defacement Campaigns and Hacktivism

The dataset logs a massive wave of website defacements orchestrated by distinct threat actor groups seeking notoriety, hacktivist goals, or simply demonstrating exploitation capabilities. Most of these incidents were mirrored and cataloged on zone-xsec.com or haxor.id.

6.1. Leviathan Perfect Hunter (Actor: aexdy)

The threat actor “aexdy,” operating under the banner of “Leviathan Perfect Hunter,” executed a highly coordinated, targeted file-level defacement campaign. Instead of defacing the entire homepage, aexdy systematically uploaded defacement texts to specific file paths (often hx.txt) on victim servers.

Targets compromised on May 15, 2026, include:

thebardou.com (The Bardou)
the-ami.org (AMI)
theafricanplace.com (Retail)
thebobmerrill.com (USA)
yrfindonesia.id (YRF Indonesia)
wasabibistro.com (Wasabi Bistro)
zainelhasany.com (Zain El Hasany)
sosolidworld.com
trophyfilm.com (Entertainment/Film)
treasurehunt.id (Indonesian Gaming)
therogerssisters.com (USA Entertainment/Music)

6.2. Alpha Wolf Team (Actor: XYZ)

Operating under the “Alpha Wolf” team, the threat actor “XYZ” successfully compromised and defaced the homepage index of wingfield.co.jp, a Japanese organization hosted on a Linux web server.

6.3. SHENHAXSEC (Actor: Ruiixh4xor)

The threat actor “Ruiixh4xor” executed precision defacements targeting specific subdirectories or blog detail pages.

Targets included:

saraswathyhospitals.com: An Indian healthcare provider.
icdcindia.com: An Indian domain.
stammeringsolution.com: A healthcare/speech therapy site, noted specifically as a re-defacement, indicating persistent vulnerabilities on the host.

6.4. Zod (Mass Defacement)

Threat actor “Zod” orchestrated a mass defacement campaign targeting Linux-based servers. By deploying a specific defacement page (/zod.html), Zod compromised multiple hosts, including:

senesconstructions.com: A construction firm.
jerryfinance.org: A financial services organization, marking a high-value target in a broader mass exploitation sweep.

6.5. Independent Actors

Y4NZ404: A solo threat actor executing single-site homepage defacements. Targets included Nigerian news and media outlets unitytimesng.com and 9japress.com.
DimasHxR: Compromised the New Zealand-based website ficeda.co.nz, placing a defacement in a custom media directory.

7. Carding, Fraud, and Financial Cybercrime

The financial fraud ecosystem is aggressively sustained by the sale of stolen credit cards, bank logs, and comprehensive cashout services.

Fullz and Identity Fraud: Threat actor “silasclark” provides an expansive shop selling “fullz” (complete identity profiles containing SSNs, DOBs, and Driver’s Licenses), Dumps with PIN (Track 101/202), and complete identity documents accompanied by selfies and videos required for Know Your Customer (KYC) bypass. They also sold Medicare leads and company KYC documents for the US, UK, Canada, and Australia.
Credit Cards and Liquidation: Actors like “BraveLuck,” “Fotso,” and “2ajcas4868” actively sell non-VBV (Verified by Visa) credit cards with ATM PINs, cloned cards, and EBT SNAP/CASH data. Fotso explicitly promoted “test run deals,” exchanging small crypto deposits for massive payouts through stolen cards linked to Apple Pay, PayPal, and Venmo. “skanty” and “Oblocck” act as cashout liquidators, taking bank logs and PayPal accounts and laundering the funds directly into cryptocurrency for their clients.
Fraudulent Bookings & Linking Services: Threat actor “briteny” monetized stolen CCs and BINs by offering fraudulent booking services for flights, hotels (AirBnb), car rentals, and massive retail orders. Meanwhile, “clevie339” explicitly solicited beginners and forum members for verified CashApp and PayPal accounts to use as mules for rapid fraudulent cashouts.
Cryptocurrency Scams: On Telegram, actors operating in the “Squad Chat Marketplace” (using handles like “changshen”) executed coordinated money laundering and USDT purchasing scams. They offered to purchase USDT at 15-25% above market rates using classic laundering tactics, claiming Chinese policy restrictions and recruiting commission-based intermediaries to wash stolen funds.

8. Threat Actor Profiling and Forum Dynamics

The underground economy observed in this dataset is highly structured, relying on reputation, sponsorships, and tiered access models.

Key Threat Actors

Vows: An extremely prolific distributor of massive, high-quality (“UHQ”) combo lists. Vows operates systematically, releasing multi-million line datasets sponsored by credential stuffing software providers (like vows.solutions and slateaio.com). By offering free or low-cost data, Vows inherently drives traffic and demand for the very software needed to exploit that data.
s2lender: Functions as a premium credential broker. S2lender actively promotes a private, encrypted “members-only network,” claiming a reliable daily supply of 4,000–12,000 fresh, untouched credentials optimized explicitly for credential stuffing.
ShinyHunters: An infamous top-tier extortion group responsible for massive breaches, including the 78.6 million Rockstar Games Snowflake records. Their alleged acquisition and extortion of the BreachForums database highlights the cannibalistic nature of cybercrime, where hacker forums themselves become targets for extortion.
MetaCloud3 & RogenPlay/RogenCloud: These entities operate large-scale distribution networks for credential logs and combo lists. RogenPlay heavily utilizes sponsorships, positioning their stealer logs (for Netflix, Spotify, Amazon, Roblox) as vastly superior to widely circulated combo lists. MetaCloud3 focuses on multi-million line distributions targeted at social media, gaming, and crypto.

Forum Operations

Cybercrime forums operate much like legitimate businesses. For example, BreachForums posted public recruitment announcements seeking new administrators to handle “upcoming targeted actions” and “anticipated traffic surges,” indicating a highly organized administrative structure. Additionally, forum geopolitics play a role. One forum administrator enacted a strict policy prohibiting any activities, breaches, or leaks targeting Russia and the Commonwealth of Independent States (CIS). Such policies are common on Russian-speaking or Russian-aligned underground forums, aiming to avoid the scrutiny of local law enforcement.

9. Conclusion

The threat intelligence derived from this May 2026 dataset illustrates a severe, hyper-active cyber threat landscape. The absolute commodification of user credentials via combo lists—totaling hundreds of millions of lines distributed daily—ensures that credential stuffing, account takeovers, and subsequent identity fraud remain primary vectors of attack.

Corporate environments are under immense pressure from Initial Access Brokers who compromise foundational network architecture (e.g., MSPs, RDPs, VPNs) and sell the keys to ransomware operators. The continued evolution of malware (such as Millenium RAT and Nighthawk C2), combined with aggressive extortion tactics by groups like ShinyHunters and hacktivist defacements by Leviathan Perfect Hunter, demands rigorous, defense-in-depth security postures. Organizations must prioritize robust multi-factor authentication, proactive dark-web intelligence monitoring, stringent API and third-party vendor security, and advanced anomaly detection to mitigate these pervasive and evolving threats.

Detected Incidents Draft Data

Combo List: UHQ Hotmail credentials distributed
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 4,000 Hotmail credentials, marketed as UHQ and fresh. The post is sponsored by vows.solutions and shared on a public cracking forum.
Date: 2026-05-15T23:58:43Z
Network: openweb
Published URL: https://cracked.st/Thread-4K-UHQ-HOTMAIL-COMBO-FRESH–2094498
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 10K UHQ mixed mail combo list
Category: Combo List
Content: A threat actor is sharing a combo list of 10,000 mixed email credentials, marketed as UHQ and fresh. The post is sponsored by slateaio.com, suggesting use with credential-stuffing tools.
Date: 2026-05-15T23:58:12Z
Network: openweb
Published URL: https://cracked.st/Thread-10K-UHQ-MIXED-MAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mail access and credential lists across multiple countries
Category: Initial Access
Content: Threat actor operating under handle @DataxLogs is offering mail access across multiple countries (France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, Japan). The actor is advertising availability of configs, scripts, tools, hits, and combo lists (credential lists) with requests available upon contact.
Date: 2026-05-15T23:48:51Z
Network: telegram
Published URL: https://t.me/c/2613583520/82426
Screenshots:
None
Threat Actors: DataxLogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
UK Email/Password Combo List (2.7K credentials)
Category: Combo List
Content: A combo list containing approximately 2,700 UK email and password pairs has been shared on BreachForums. The content is hidden behind a registration/login requirement. No specific breached organization is identified.
Date: 2026-05-15T23:40:42Z
Network: openweb
Published URL: https://breachforums.rs/Thread-UK-Combolist-2-7K-Email-Pass
Screenshots:
None
Threat Actors: threads__
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 2.1K Mixed Mail Access Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 2,100 mixed mail access credentials. The content is gated behind registration or login on the forum. No specific breach source or targeted service is identified.
Date: 2026-05-15T23:40:31Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%902-1k-mixed-mail-access-%E2%AD%90
Screenshots:
None
Threat Actors: XLM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ mixed combo list with 21,590 credentials
Category: Combo List
Content: A threat actor known as Ebbicloud is distributing a mixed UHQ combo list containing approximately 21,590 credential pairs. The list is advertised as high quality (UHQ) and of mixed service type. No additional details are available from the post content.
Date: 2026-05-15T23:37:38Z
Network: openweb
Published URL: https://altenens.is/threads/21590x-uhq-mix_-ebbi_cloud.2941019/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ mix combo list
Category: Combo List
Content: A threat actor shared a UHQ mix combo list containing 19,588 credential pairs on a cybercrime forum. No additional details are available regarding the targeted services or origin of the credentials.
Date: 2026-05-15T23:37:14Z
Network: openweb
Published URL: https://altenens.is/threads/19588x-uhq-mix_-ebbi_cloud.2941020/unread
Screenshots:
None
Threat Actors: Ebbicloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
USA combo list of 1,000 email and password pairs
Category: Combo List
Content: A combo list of approximately 1,000 email and password pairs targeting USA-based accounts was shared on the forum. No additional details are available regarding the source or targeted services.
Date: 2026-05-15T23:24:21Z
Network: openweb
Published URL: https://breachforums.rs/Thread-USA-Combolist-1K-Email-Pass
Screenshots:
None
Threat Actors: threads__
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Japan combo list with 2.5K email/password credentials
Category: Combo List
Content: A threat actor shared a combo list containing approximately 2,500 email and password pairs associated with Japanese accounts. The content is hidden behind a login/registration wall on the forum.
Date: 2026-05-15T23:22:52Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Japan-Combolist-2-5K-Email-Pass
Screenshots:
None
Threat Actors: threads__
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of ULP combo list with 64 million lines
Category: Combo List
Content: A threat actor shared a URL:Login:Password (ULP) combo list containing 64 million lines, marketed as high quality and private. The dataset was made available for free on a public forum.
Date: 2026-05-15T23:20:16Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%AD%90ULP-URL-LOGIN-PASS-PRIVATE-64M-LINES%E2%AD%90HQ%E2%AD%90LEAKED%E2%AD%90BY-ACCGIR%E2%AD%90
Screenshots:
None
Threat Actors: GoorG
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of premium SMTP services for bulk email operations
Category: Services
Content: A threat actor operating under the alias office_365shop is selling access to premium SMTP services including AWS SES, SendGrid, SparkPost, Mandrill, Brevo, and others. These services are commonly abused for bulk phishing or spam email campaigns. The seller advertises daily updates and can be contacted via Telegram.
Date: 2026-05-15T23:20:01Z
Network: openweb
Published URL: https://demonforums.net/Thread-Buy-Premium-SMTPS-100-Trusted-Seller
Screenshots:
None
Threat Actors: office_365shop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting German social and shopping platforms
Category: Combo List
Content: A combo list of 822,830 email:password lines is being shared on a cracking forum, marketed as high-quality credentials targeting German social media and shopping platforms. No specific breached organization is identified; the credentials appear to be sourced from multiple breaches and intended for credential stuffing.
Date: 2026-05-15T23:06:36Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-822-830-Lines-%E2%9C%85-Social-and-Shopping-Target-Germany-HQ-Leaks
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Millenium RAT — C++ Telegram-Controlled RAT with Stealer and Keylogger
Category: Malware
Content: A threat actor is selling Millenium RAT version 4.1 (latest 4.5), a fully native C++ remote access trojan controlled via Telegram. The malware includes keylogging, browser credential and cookie theft, Discord token grabbing, cryptocurrency wallet recovery, webcam/microphone capture, privilege escalation, and anti-VM/anti-debug evasion. Licenses are offered at $50 for the first month or $90 for a lifetime license.
Date: 2026-05-15T23:04:57Z
Network: openweb
Published URL: https://hackforums.net/showthread.php?tid=6306020
Screenshots:
None
Threat Actors: shinyenigma
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Japan Combolist with 1.8K Email/Password Pairs
Category: Combo List
Content: A threat actor shared a combolist containing approximately 1,800 email and password pairs associated with Japanese accounts. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-15T23:04:33Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Japan-Combolist-1-8K-Email-Pass
Screenshots:
None
Threat Actors: threads__
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Development of BLAIIS 820 IIS Server Exploitation Tool
Category: Malware
Content: Infrastructure Destruction Squad announced the development of BLAIIS 820, a specialized tool designed for scanning, discovering, and exploiting vulnerabilities in IIS servers and related industrial systems.
Date: 2026-05-15T23:02:14Z
Network: telegram
Published URL: https://t.me/c/2735908986/4348
Screenshots:
None
Threat Actors: Infrastructure Destruction Squad
Victim Country: Unknown
Victim Industry: Industrial/IIS Infrastructure
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 1.3 Million URL Log Credentials
Category: Combo List
Content: A threat actor is sharing a combo list containing 1.3 million URL:login:password entries, dated 16 May. The content is gated behind forum registration or login.
Date: 2026-05-15T23:02:10Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%90-1-3-million-url-log-pass%E2%AD%90-16-may
Screenshots:
None
Threat Actors: XLM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with alleged high hit rate
Category: Combo List
Content: A threat actor is offering a combo list of 10,000 Hotmail credentials, marketed as fresh with a high hit rate. The list is intended for credential stuffing against Hotmail accounts. No additional details are available from the post content.
Date: 2026-05-15T23:00:04Z
Network: openweb
Published URL: https://altenens.is/threads/10k-fresh-hotmails-high-hit-rate.2941015/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of French email credentials (1.4K)
Category: Combo List
Content: A combo list containing approximately 1,400 France-based email and password pairs was shared on BreachForums. The post is categorized under combolists and appears to offer credentials potentially usable for credential stuffing. No additional details are available from the post content.
Date: 2026-05-15T22:49:21Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-1-4K-France-Email-Pass
Screenshots:
None
Threat Actors: threads__
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Russian Combo List 1.4K Email/Password Pairs
Category: Combo List
Content: A threat actor is sharing a combo list containing approximately 1,400 Russian email and password pairs on a cybercrime forum. The content is gated behind registration or login. No specific breached organization is identified.
Date: 2026-05-15T22:47:54Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Russian-Combolist-1-4K-Email-Pass
Screenshots:
None
Threat Actors: threads__
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 200K SUHQ mixed combo list
Category: Combo List
Content: A threat actor is sharing a mixed combo list containing 200,000 credentials marketed as super ultra high quality (SUHQ) and fresh. The post is sponsored by slateaio.com, suggesting the list may be intended for credential stuffing use.
Date: 2026-05-15T22:42:14Z
Network: openweb
Published URL: https://cracked.st/Thread-200K-SUHQ-MIXED-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Buyer seeking corporate network access from Tier 1 countries
Category: Initial Access
Content: A threat actor is soliciting suppliers of corporate network access, accepting any access type with a preference for Tier 1 country targets. Government, educational, and academic accesses are explicitly excluded. The buyer proposes revenue-sharing arrangements and lists a nominal starting price of $1 to comply with forum rules.
Date: 2026-05-15T22:32:33Z
Network: openweb
Published URL: https://tier1.life/thread/229
Screenshots:
None
Threat Actors: mansory
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Hotmail combo list
Category: Combo List
Content: A threat actor is distributing approximately 1,400 Hotmail credentials marketed as UHQ (ultra-high quality) hits. Free drops are advertised publicly, with a private cloud of additional credentials available for purchase via Telegram at @window_linux01.
Date: 2026-05-15T22:30:40Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9C%85-1-4k-uhq-hotmail-hit-%E2%9C%85
Screenshots:
None
Threat Actors: aurexopforu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of stealer logs bundle (5,191 logs)
Category: Logs
Content: A threat actor shared a bundle of 5,191 stealer logs via a file-sharing link on a darknet forum. The logs are marketed as fresh and were made available for free download. No specific victim organization or country is identified.
Date: 2026-05-15T22:27:10Z
Network: openweb
Published URL: https://darkforums.su/Thread-%F0%9F%9A%80-5191-LOGS-CLOUD-%E2%98%81-15-MAY-%E2%9D%A4%EF%B8%8F-FRESH-LOGS%E2%9D%97%EF%B8%8F
Screenshots:
None
Threat Actors: UP_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list (2K SUHQ, fresh)
Category: Combo List
Content: A threat actor shared a combo list of approximately 2,000 Hotmail credentials marketed as super ultra high quality (SUHQ) and fresh. The list is intended for credential stuffing against Hotmail accounts.
Date: 2026-05-15T22:26:42Z
Network: openweb
Published URL: https://altenens.is/threads/2k-suhq-hotmail-combo-fresh.2941008/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Movistar Venezuela
Category: Data Breach
Content: A threat actor claims to have breached Movistar Venezuela, obtaining 4.15 million customer records dated 2026. The dataset allegedly includes ID numbers, full names, account numbers, billing account numbers, geographic area, lifecycle status, payment method, product line, and subscriber IDs. A proof-of-concept sample of 5,000 rows was shared in the post.
Date: 2026-05-15T22:24:02Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-MOVISTAR-VENEZUELA-2026-DB-4-15-Million-Customer-Numbers
Screenshots:
None
Threat Actors: GordonFreeman
Victim Country: Venezuela
Victim Industry: Telecommunications
Victim Organization: Movistar Venezuela
Victim Site: movistar.com.ve
Alleged education sector combo list leak
Category: Combo List
Content: A combo list containing approximately 121,362 email and password pairs targeting the education sector was shared on a cybercrime forum. The credentials are marketed as an education-focused combolist, likely for use in credential stuffing attacks against educational platforms or institutions.
Date: 2026-05-15T22:08:55Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-121-362-%E2%9A%9C%EF%B8%8F-Edu-Combolist-Leaks
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Sale of 140K mixed email:password combo list
Category: Combo List
Content: A threat actor is offering a 140,000-record mixed email:password combo list for free download (reply-gated) and also selling higher-quality combo lists via Telegram. The list reportedly includes credentials across multiple email providers and countries including the US, UK, France, Germany, Italy, Canada, and Australia.
Date: 2026-05-15T22:08:34Z
Network: openweb
Published URL: https://altenens.is/threads/140k-fresh-hq-combolist-email-pass-mixed.2940992/unread
Screenshots:
None
Threat Actors: carlos080
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cryptocurrency leads targeting United States users
Category: Combo List
Content: A threat actor is offering multiple sets of cryptocurrency-related leads for sale, targeting United States users. The seller directs interested buyers to contact them via private message or Telegram. A sample link is provided via Pastebin, with full content gated behind forum registration.
Date: 2026-05-15T22:07:44Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-crypto-leads-for-sale-usa
Screenshots:
None
Threat Actors: juanca02
Victim Country: United States
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Combo List of USA Hotmail credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1,300 Hotmail email credentials targeting US accounts. The content is marked as private and requires forum registration to access. The post is dated May 15 and the data is noted as old.
Date: 2026-05-15T22:07:14Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%E2%84%B9%EF%B8%8F1-3k-usa-hotmail-mail-access-mix%E2%84%B9%EF%B8%8F%E2%9C%A8-15-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 140K email:password combo list marketed for Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify
Category: Combo List
Content: A threat actor is offering a combo list of approximately 140,000 email:password pairs, marketed as fresh and high quality for credential stuffing against services including Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify. The list is advertised as spanning multiple regions including the USA, UK, France, Germany, Italy, Canada, and Australia. The actor promotes a Telegram channel and an external cracking site, and offers additional combo list sales via direct message.
Date: 2026-05-15T21:53:03Z
Network: openweb
Published URL: https://demonforums.net/Thread-140k-Fresh-HQ-Combolist-Email-Pass-Netflix-Minecraft-Uplay-Steam-Hulu-spotify–204229
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged cryptocurrency money laundering and USDT purchasing scam operation
Category: Cyber Attack
Content: Threat actors operating in Squad Chat Marketplace are running a coordinated cryptocurrency scam offering to purchase USDT at 15-25% above market rates. The scheme uses classic money laundering tactics: claiming to be from China with policy restrictions, offering payment-first guarantees, and recruiting intermediaries for commission-based USDT transfers. Multiple accounts (changshen, Alexandr, Germany) post identical or near-identical messages promoting the scheme with contact handles @Hgwh1688 and @HK6880.
Date: 2026-05-15T21:43:22Z
Network: telegram
Published URL: https://t.me/c/2613583520/82359
Screenshots:
None
Threat Actors: changshen
Victim Country: Unknown
Victim Industry: cryptocurrency
Victim Organization: Unknown
Victim Site: Unknown
Alleged cyber attack operations by 313 Team – Attack resumption announcement
Category: Cyber Attack
Content: 313 Team announced that their cyber attack operations were temporarily halted due to server infrastructure malfunction. The group stated that work is underway to fix the issue and attacks will resume soon. The group identifies as Islamic Cyber Resistance in Iraq and operates across multiple platforms including Telegram and Beamed.
Date: 2026-05-15T21:42:53Z
Network: telegram
Published URL: https://t.me/c/2250158203/1163
Screenshots:
None
Threat Actors: 313 Team
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List for Venice shared on cracking forum
Category: Combo List
Content: A forum user shared an email:password combo list labeled VENICE on a cracking forum. No additional details regarding record count, targeted service, or data origin were provided in the post.
Date: 2026-05-15T21:42:18Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-VENICE
Screenshots:
None
Threat Actors: FlightUSA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 10,000 Hotmail credentials shared on cracking forum
Category: Combo List
Content: A threat actor shared a combo list of 10,000 Hotmail email and password pairs, marketed as UHQ (ultra-high quality) and private. The credentials are intended for credential stuffing against Hotmail accounts.
Date: 2026-05-15T21:42:01Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%AD%9010k-UHQ-HOTMAIL-HIT-100-PRIVATE-AND-RESH%E2%AD%90
Screenshots:
None
Threat Actors: Antaksio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged DDoS Attack Campaign by 313 Team – Attack Resumption Notice
Category: Cyber Attack
Content: 313 Team, a self-identified Iraqi Islamic Resistance cyber group, announced a temporary halt to ongoing attacks due to server malfunction, with explicit statement that attacks will resume soon. The group operates through Telegram channels and uses the Beamed network infrastructure.
Date: 2026-05-15T21:41:55Z
Network: telegram
Published URL: https://t.me/c/2250158203/1162
Screenshots:
None
Threat Actors: 313 Team
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mail access and credential materials by DataxLogs
Category: Logs
Content: Threat actor operating under handle @DataxLogs is advertising the sale of mail access credentials and related materials including configs, scripts, tools, hits, and combo lists. Access offered for multiple countries including France, Belgium, Australia, Canada, United Kingdom, United States, Netherlands, Poland, Germany, and Japan.
Date: 2026-05-15T21:41:51Z
Network: telegram
Published URL: https://t.me/c/2613583520/82366
Screenshots:
None
Threat Actors: DataxLogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of stealer logs (1.3GB, May 2026)
Category: Logs
Content: A forum user is distributing 1.3GB of stealer logs dated May 15, 2026. The post is a bump with no additional detail about the origin, targeted regions, or specific malware family used to collect the logs.
Date: 2026-05-15T21:41:36Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-%E2%AD%90%EF%B8%8FLOGS-FRESH-1-3GB-FROM-15-05-2026%E2%AD%90%EF%B8%8F-%E2%98%81
Screenshots:
None
Threat Actors: DaWeasel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list of 1,000 credentials freely shared
Category: Combo List
Content: A threat actor shared a combo list of 1,000 Hotmail credentials, marketed as UHQ (ultra-high quality) and private. The list was made available for free on a public forum.
Date: 2026-05-15T21:41:32Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%AD%901k-HOTMAIL-UHQ-COMBO-100-PRIVATE-AND-RESH%E2%AD%90
Screenshots:
None
Threat Actors: Antaksio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting gaming, shopping, and Yahoo services
Category: Combo List
Content: A threat actor shared a combo list containing approximately 965,637 email:password lines reportedly targeting gaming, shopping, and Yahoo services. The list is advertised for credential stuffing against these platforms. No additional details are available from the post content.
Date: 2026-05-15T21:41:04Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-965-637-Lines-%E2%9C%85-Gaming-and-Shopping-Target-Yahoo
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mix combo list with approximately 3,674 credentials
Category: Combo List
Content: A threat actor operating under the handle s2lender is offering a high-quality mixed combo list containing approximately 3,674 credential pairs, marketed as fresh and untouched. The post advertises daily supply of 4,000–12,000 credentials through a private members-only network with encrypted access.
Date: 2026-05-15T21:40:58Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-3674x-hq-mix-by-s2lender-txt
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 19K Mixed Country Credentials
Category: Combo List
Content: A threat actor has shared a mixed-country combo list containing approximately 19,000 credential pairs on a public forum. The content is hidden behind a registration or login wall. No specific targeted service or organization is identified.
Date: 2026-05-15T21:40:29Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-19k-mixed-country-combo-302831
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of NordVPN account credentials
Category: Combo List
Content: A forum user is distributing NordVPN account credentials behind a registration wall. The post does not specify the number of accounts or how the credentials were obtained.
Date: 2026-05-15T21:40:11Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%90%EF%B8%8Fnordvpn-accounts%E2%AD%90%EF%B8%8F-2026%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: databreach
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list shared on forum
Category: Combo List
Content: A threat actor shared a combo list of 764 Hotmail mail access credentials on a combolist forum. The content is gated behind registration or login. The data is noted as old.
Date: 2026-05-15T21:39:58Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%E2%84%B9%EF%B8%8Fx764-hotmail-mail-access%E2%84%B9%EF%B8%8F%E2%9C%A8-15-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 1.6K Germany mail access mix
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1,600 German email account credentials, described as a mail access mix. Access to the content requires forum engagement, suggesting it is being shared freely in exchange for replies.
Date: 2026-05-15T21:38:01Z
Network: openweb
Published URL: https://altenens.is/threads/sparklesinformation1-6k-germany-mail-access-mixinformationsparkles-15-05.2940934/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen credit and debit cards with cashout services
Category: Carding
Content: A threat actor is offering stolen credit and debit cards claimed to work for any country, with cashout capabilities via CashApp, Apple Pay, PayPal, Venmo, and ATMs. The seller advertises cards with PINs and promotes test run deals exchanging small deposits for significantly larger payouts. Contact is facilitated via Telegram.
Date: 2026-05-15T21:34:56Z
Network: openweb
Published URL: https://altenens.is/threads/enjoy-a-secure-dependable-service-anytime-begin-with-your-budget-and-receive-your-deposit-in-just-3-5-minutes-c4shapp-deposit-p4yp4l-deposit-cry.2940953/unread
Screenshots:
None
Threat Actors: Fotso
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Czech combo list of 280K+ credentials freely shared on forum
Category: Combo List
Content: A combo list of approximately 280,000 email:password pairs targeting Czech accounts was shared on a breach forum. The credentials are marketed as fresh and high quality. The content is hidden behind a registration or login requirement.
Date: 2026-05-15T21:31:35Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-280-K-Combo-%E2%9C%AA-Czech-%E2%9C%AA-15-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Ecuador combo list with 86K+ credentials
Category: Combo List
Content: A combo list containing over 86,000 credentials associated with Ecuador was shared on BreachForums. The post is dated May 15, 2026, and was published in the combolists section. No additional details about the targeted services or data fields are available.
Date: 2026-05-15T21:29:53Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-86-K-Combo-%E2%9C%AA-Ecuador-%E2%9C%AA-15-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Denmark distributed on breach forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 51,000+ email:password pairs associated with Denmark, marketed as fresh and high quality. The list was made available on a breach forum behind a registration/login gate.
Date: 2026-05-15T21:28:17Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-51-K-Combo-%E2%9C%AA-Denmark-%E2%9C%AA-15-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Cuba distributed on cybercrime forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 21,000 email:password credential pairs purportedly associated with Cuba. The credentials are marketed as fresh and high quality. The list is available to registered forum members as hidden content.
Date: 2026-05-15T21:26:36Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-21-K-Combo-%E2%9C%AA-Cuba-%E2%9C%AA-15-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list targeting Dominican Republic accounts
Category: Combo List
Content: A threat actor shared a combo list of approximately 14,000 email:password credential pairs described as fresh and high quality, targeting Dominican Republic accounts. The list was made available for free to registered forum members on BreachForums.
Date: 2026-05-15T21:24:54Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9C%AA-14-K-Combo-%E2%9C%AA-Dominican-Republic-%E2%9C%AA-15-MAY-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of high-quality mixed combo list by threat actor s2lender
Category: Combo List
Content: Threat actor s2lender is offering a mixed combo list marketed as high-quality and untouched, with a claimed daily supply of 4,000–12,000 credentials. The listing advertises private, encrypted access through a members-only network.
Date: 2026-05-15T21:19:56Z
Network: openweb
Published URL: https://crackingx.com/threads/75397/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen credit cards and bank logs with cashout services
Category: Combo List
Content: A threat actor is advertising stolen credit cards and bank logs with cashout services including transfers to CashApp and cryptocurrency. Services offered include bank log and PayPal liquidation as well as CC-to-crypto conversions. Contact is solicited via Telegram.
Date: 2026-05-15T21:19:38Z
Network: openweb
Published URL: https://crackingx.com/threads/75399/
Screenshots:
None
Threat Actors: skanty
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged US personal data database with 85,000 records
Category: Data Breach
Content: A threat actor is offering for sale a dataset of approximately 85,000 US individuals containing full names, addresses, gender, date of birth, email, and mobile numbers. The source organization of the data is not disclosed. The seller directs buyers to a Telegram channel for purchase.
Date: 2026-05-15T20:58:27Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-DATA-USA-PERSONAL-8-5MB-OR-85K-ROWS
Screenshots:
None
Threat Actors: OxO
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Morocco Government portals
Category: Data Breach
Content: A threat actor is selling an alleged breach of multiple Moroccan government portals spanning education and tax authority domains. The dataset is claimed to contain approximately 827,000 lines across 16MB, sourced from at least nine distinct gov.ma subdomains. A sample is provided via Hastebin and the seller is directing buyers to a Telegram contact.
Date: 2026-05-15T20:57:51Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-MOROCCO-GOVERNMENT-BREACH
Screenshots:
None
Threat Actors: OxO
Victim Country: Morocco
Victim Industry: Government
Victim Organization: Government of Morocco
Victim Site: gov.ma
Combo List: 510 Hotmail Valid Credentials
Category: Combo List
Content: A threat actor has shared a combo list of 510 claimed valid Hotmail credentials on a public forum. The content is hidden behind registration or login, indicating it is distributed to forum members. Hotmail is a credential-stuffing target, not the breach source.
Date: 2026-05-15T20:41:13Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%8F%87510-hotmail-valid-access-15-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list of 3.8K credentials freely shared
Category: Combo List
Content: A threat actor is distributing a combo list advertised as 3.8K high-quality Hotmail credential hits. The list is offered as a free drop, with a private version available for purchase via Telegram. Hotmail is a credential-stuffing target, not the breach source.
Date: 2026-05-15T20:40:43Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9C%85-3-8k-hq-hotmail-hit-%E2%9C%85
Screenshots:
None
Threat Actors: aurexopforu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free sharing of search dorks for credential stuffing or data harvesting
Category: Combo List
Content: A forum member shared a collection of search dorks freely with the community. The post is framed as a community contribution with no price indicated. No specific victim organization or record count is mentioned.
Date: 2026-05-15T20:40:39Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%90%EF%B8%8F-QUALITY-DORKS-%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: RomeF
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A forum user is distributing a combo list of 658 claimed valid Hotmail credentials, marketed as active as of May 15, 2026. The content is hidden behind a registration or login wall. Hotmail is the credential-stuffing target, not the breach source.
Date: 2026-05-15T20:40:22Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%8F%87658-hotmail-valid-access-15-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mix mail access combo list of 4.5K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 4,500 mixed mail access credentials. Free drops are advertised publicly, with a private cloud version available for purchase via Telegram.
Date: 2026-05-15T20:40:05Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9C%85-4-5k-hq-mix-mail-access-%E2%9C%85
Screenshots:
None
Threat Actors: aurexopforu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Discord store products
Category: Services
Content: A forum user is advertising discounted Discord store products with cryptocurrency (Litecoin) payment accepted. The seller directs interested buyers to a Telegram contact. No specific victim or compromised data is referenced.
Date: 2026-05-15T20:39:59Z
Network: openweb
Published URL: https://cracked.st/Thread-Sellix-Discord-store-discounts
Screenshots:
None
Threat Actors: CicadaHunter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ mix email combo list with 4,750 entries
Category: Combo List
Content: A forum user shared a combo list containing 4,750 mixed email credentials, marketed as UHQ (ultra-high quality). The actual content is hidden behind a registration or login wall.
Date: 2026-05-15T20:39:32Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-4750x-mix-mails-uhq
Screenshots:
None
Threat Actors: shhherrry
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 4,188 mixed mail credentials shared on forum
Category: Combo List
Content: A threat actor shared a combo list of 4,188 mixed email credentials on a leak forum. The content is gated behind registration or login. No specific breached organization is identified.
Date: 2026-05-15T20:39:06Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%EF%B8%8F-4188x-Verity-Vault-Mix-Mail-Drop-%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: Verityyyy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Mix Mail Access credentials shared on forum
Category: Combo List
Content: A forum user shared a combo list containing 3,161 mixed mail access credentials behind a registration/login gate. The post is categorized as a combolist targeting mail services with no specific victim organization identified.
Date: 2026-05-15T20:38:45Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-3161x-Mix-Mail-Access-Vault
Screenshots:
None
Threat Actors: RyuuLord
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list by threat actor s2lender
Category: Combo List
Content: Threat actor s2lender is offering a combo list of approximately 188 high-quality Hotmail credentials on a cracking forum. The post claims daily supply of 4,000–12,000 fresh credentials via a private members-only network. Credentials are marketed as untouched and high-performance for credential stuffing use.
Date: 2026-05-15T20:33:03Z
Network: openweb
Published URL: https://crackingx.com/threads/75363/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list mix (HQ Mix)
Category: Combo List
Content: A threat actor known as s2lender is offering a combo list marketed as 6033X HQ Mix on a cracking forum. The listing claims credentials are fresh and untouched, with daily supply of 4,000–12,000 lines available through a private members-only network.
Date: 2026-05-15T20:32:44Z
Network: openweb
Published URL: https://crackingx.com/threads/75364/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ Mix Combo List by threat actor s2lender
Category: Combo List
Content: Threat actor s2lender is offering a high-quality mixed combo list containing approximately 13,420 credential pairs. The post advertises daily supply of 4,000–12,000 fresh credentials distributed through a private members-only network. The credentials are marketed as untouched and optimized for credential stuffing.
Date: 2026-05-15T20:32:23Z
Network: openweb
Published URL: https://crackingx.com/threads/75367/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Spotify credential combo list
Category: Combo List
Content: A threat actor operating under the handle CODER is advertising a Spotify combo list on a cracking forum, directing interested parties to a Telegram channel for access. The post promotes free combo lists and associated tools via two Telegram groups.
Date: 2026-05-15T20:31:49Z
Network: openweb
Published URL: https://crackingx.com/threads/75368/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list by threat actor s2lender
Category: Combo List
Content: A threat actor operating as s2lender is offering a combo list of 134 high-quality Hotmail credentials on a cracking forum. The post advertises daily supply of 4,000–12,000 fresh credentials through a private members-only network. The credentials are marketed as untouched and optimized for credential stuffing.
Date: 2026-05-15T20:31:27Z
Network: openweb
Published URL: https://crackingx.com/threads/75372/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is sharing 836 Hotmail credential hits on a cracking forum. The post is categorized as a combo list of credentials likely obtained from credential stuffing or prior breaches. No additional details are provided beyond the download link.
Date: 2026-05-15T20:31:08Z
Network: openweb
Published URL: https://crackingx.com/threads/75373/
Screenshots:
None
Threat Actors: anonymous_cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list by threat actor s2lender
Category: Combo List
Content: Threat actor s2lender is offering a combo list of 260 high-quality Hotmail credentials, marketed as fresh and untouched. The post advertises daily supply of 4,000–12,000 credentials via a private members-only network with encrypted access.
Date: 2026-05-15T20:30:49Z
Network: openweb
Published URL: https://crackingx.com/threads/75374/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 2.4K credentials
Category: Combo List
Content: A threat actor shared a link via Mega.nz containing approximately 2,400 Hotmail email credentials. The list is distributed freely on a cracking forum and is marketed as mail access credentials for credential stuffing or account takeover purposes.
Date: 2026-05-15T20:30:28Z
Network: openweb
Published URL: https://crackingx.com/threads/75378/
Screenshots:
None
Threat Actors: WashingtonDC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed gaming combo list with 13 million credentials
Category: Combo List
Content: A threat actor is distributing a mixed gaming combo list containing approximately 13 million credential pairs via a Telegram channel. The post advertises free combos and tools through two separate Telegram groups.
Date: 2026-05-15T20:30:06Z
Network: openweb
Published URL: https://crackingx.com/threads/75384/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of ULP combo list with up to 26 million lines
Category: Combo List
Content: A threat actor on a cracking forum has freely shared a URL-Login-Password (ULP) combo list marketed as containing up to 26 million lines. An additional file of approximately 380,000 credentials labeled as a private May 2026 dump is also distributed via external file-sharing links.
Date: 2026-05-15T20:29:44Z
Network: openweb
Published URL: https://crackingx.com/threads/75388/
Screenshots:
None
Threat Actors: distantguy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mix combo list
Category: Combo List
Content: A threat actor operating as s2lender is offering a high-quality mixed combo list containing approximately 130,820 credential pairs. The listing claims daily supply of 4,000–12,000 fresh entries through a private, encrypted members-only network. No specific victim organization or service is identified.
Date: 2026-05-15T20:29:26Z
Network: openweb
Published URL: https://crackingx.com/threads/75389/
Screenshots:
None
Threat Actors: s2lender
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed combo list with 3,190 credentials
Category: Combo List
Content: A threat actor is offering a mixed combo list containing 3,190 credential pairs via an external paste site and a Telegram channel. The post advertises tiered paid access ranging from a 24-hour trial at $3 to three months at $100, with VIP access available through a Telegram bot.
Date: 2026-05-15T20:29:07Z
Network: openweb
Published URL: https://crackingx.com/threads/75392/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of database from alleged breach of undisclosed Spanish insurance company
Category: Data Breach
Content: A threat actor is selling a database allegedly dumped this week from a small Spanish insurance company. The data includes full names, national IDs, addresses, mobile numbers, and IBANs across 110,000 lines in CSV format, as well as a 50GB SQL Server backup file. Payment is accepted in BTC, XMR, and LTC.
Date: 2026-05-15T20:27:23Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-SPANISH-SMALL-INSURANCE-COMPANY-DUMPED-THIS-WEEK
Screenshots:
None
Threat Actors: albmstwntd
Victim Country: Spain
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
BreachForums Recruiting New Administrators
Category: Alert
Content: BreachForums posted an announcement seeking two new administrators to support moderation and daily operations. The post references upcoming targeted actions against companies and an anticipated traffic surge. Interested applicants are directed to contact forum leadership via qTox.
Date: 2026-05-15T20:23:27Z
Network: openweb
Published URL: https://breachforums.rs/Thread-IMPORTANT-READ-BreachForums-is-Recruiting-New-Administrators
Screenshots:
None
Threat Actors: Hollow
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 5,800 HQ mixed valid mail access combo list
Category: Combo List
Content: A threat actor is sharing a combo list containing 5,800 high-quality mixed valid mail access credentials. The post is categorized as a combo list offering on an underground forum. No additional details are available from the post content.
Date: 2026-05-15T20:14:33Z
Network: openweb
Published URL: https://altenens.is/threads/5-800-hq-mixed-valid-mail-access.2940880/unread
Screenshots:
None
Threat Actors: VegaM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mix Mail Access Combo List with 65K Credentials
Category: Combo List
Content: A combo list advertised as containing 65K mixed mail access credentials has been shared on the forum. The post is categorized as a combo list likely used for credential stuffing against various mail services. No additional details were available in the post content.
Date: 2026-05-15T20:14:08Z
Network: openweb
Published URL: https://altenens.is/threads/comet-65k-mix-mail-access-vaultcomet.2940891/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 740 entries
Category: Combo List
Content: A threat actor shared a combo list of 740 Hotmail credentials, marketed as fresh and dated May 15. The list is intended for credential stuffing or unauthorized email access.
Date: 2026-05-15T20:13:42Z
Network: openweb
Published URL: https://altenens.is/threads/740x-hotmail-fresh-mail-access-15-05.2940892/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Telegram OSINT/database search bot advertised on forum
Category: Services
Content: A forum user is sharing a free Telegram bot (@Leak4Base_Bot) that enables OSINT lookups by phone number, email, physical address, or username. The operator claims the bot indexes over 100 billion user data points from global sources. The service appears to aggregate leaked or scraped personal data to facilitate individual lookups.
Date: 2026-05-15T20:12:36Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Telegram-Database-Searcher–188910
Screenshots:
None
Threat Actors: threxian
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Coinbase with 1 million customer records
Category: Data Breach
Content: A threat actor is selling an alleged database of 1 million Coinbase customer records. The dataset purportedly includes personally identifiable information (name, address, phone, email, IP, gender) as well as financial activity fields such as total deposits, withdrawals, deposit counts, and annual income. A sample is linked via Pastebin.
Date: 2026-05-15T20:04:20Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-1M-COINBASE-LEADS
Screenshots:
None
Threat Actors: OxO
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Coinbase
Victim Site: coinbase.com
Combo List targeting Gmail accounts (4.5 million credentials)
Category: Combo List
Content: A threat actor has shared a combo list claimed to contain 4.5 million Gmail credentials, marketed as fresh and high quality. The post is sponsored by a third-party AIO service. Gmail is the credential-stuffing target, not the breach source.
Date: 2026-05-15T19:46:05Z
Network: openweb
Published URL: https://cracked.st/Thread-4-5M-UHQ-GMAIL-COMBO-FRESH–2094329
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of corporate SMTP combo list with 75,205 credentials
Category: Combo List
Content: A threat actor shared a combo list of 75,205 email:password pairs marketed as corporate SMTP targets. The post was made on a public cracking forum. No additional details about the source or affected organizations are available.
Date: 2026-05-15T19:45:47Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-75-205-Corp-SMTP-Target
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting European and German shopping services
Category: Combo List
Content: A combo list containing 616,904 email:password lines is being shared, marketed as targeting European and German shopping platforms. No specific breached organization is identified; this appears to be a credential stuffing list intended for use against retail or e-commerce services.
Date: 2026-05-15T19:45:29Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-616-904-Lines-%E2%9C%85-Europa-Germany-Shopping-Target
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 110K+ European email and password pairs
Category: Combo List
Content: A threat actor known as ImLupin (also referenced as TheLupin) shared a combo list containing over 110,000 European email and password pairs on a cracking forum. The credentials are described as SUHQ (super ultra high quality) and are marketed as suitable for credential stuffing across various services.
Date: 2026-05-15T19:45:07Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-110k-EUROPE-MIX-MAIL-PASSWORD-DATA-SUHQ-FOR-EVERYTHING-05-15
Screenshots:
None
Threat Actors: ImLupin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of European mix combo list with 110K email:password credentials
Category: Combo List
Content: A threat actor is distributing a combo list containing over 110,000 European email:password credential pairs, marketed as SUHQ (Super Ultra High Quality). The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-15T19:44:58Z
Network: openweb
Published URL: https://patched.to/Thread-110k-europe-mix-mail-password-data-suhq-for-everything-05-15
Screenshots:
None
Threat Actors: Helpz11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Gmail Combo List with 1.4 Million Lines
Category: Combo List
Content: A threat actor shared a Gmail combo list containing approximately 1.4 million email:password lines, marketed as high quality. The list is intended for credential stuffing against Gmail accounts.
Date: 2026-05-15T19:44:41Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-442-085-Lines-%E2%9C%85-Gmail-com-Combolist-HQ-LEaks
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 120K European combo list
Category: Combo List
Content: A threat actor is offering a combo list of over 120,000 European email:password pairs, marketed as SUHQ (super ultra high quality) for credential stuffing purposes. The content is hidden behind a registration or login gate on the forum.
Date: 2026-05-15T19:44:27Z
Network: openweb
Published URL: https://patched.to/Thread-120k-europe-mix-mail-password-data-suhq-for-everything-05-15
Screenshots:
None
Threat Actors: Helpz11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 1.2 million mixed mail credentials
Category: Combo List
Content: A threat actor shared a combo list of 1.2 million mixed email credentials, marketed as UHQ and fresh. The post is sponsored by an AIO checker service, suggesting the credentials are intended for credential stuffing use.
Date: 2026-05-15T19:44:12Z
Network: openweb
Published URL: https://cracked.st/Thread-1-2M-UHQ-MIXED-MAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A forum user shared a combo list marketed as UHQ Hotmail login credentials. The content is hidden behind a registration or login wall, limiting visibility into the datas scope or origin.
Date: 2026-05-15T19:43:56Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-hotmail-login-uhq-302783
Screenshots:
None
Threat Actors: BuggracK
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A forum thread on Cracked.st advertises a Hotmail UHQ combo list. The post content is a bump with no additional details provided about record count or data specifics.
Date: 2026-05-15T19:43:39Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Hotmail-Login-UHQ–2094415
Screenshots:
None
Threat Actors: BTC88
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 300K email:password combo list
Category: Combo List
Content: A threat actor operating under the alias CELESTIALHQ has freely distributed a combo list of approximately 300,000 email:password pairs, described as private and anti-public. The list is shared on a combolist forum with hidden content gated behind registration or login.
Date: 2026-05-15T19:43:24Z
Network: openweb
Published URL: https://patched.to/Thread-legendary-%E2%9C%85email-pass%E2%9C%85-%E2%AD%90300k-full-anti-public-private-mail%E2%AD%90-%E2%9A%A1drop-by-celestial-admin%E2%9A%A1-302786
Screenshots:
None
Threat Actors: CELESTIALHQ
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 300K email:password combo list
Category: Combo List
Content: A threat actor operating under the name CELESTIAL has freely distributed a combo list of approximately 300,000 email:password credential pairs, marketed as private and anti-public. The post offers the credentials at no charge while also advertising personal purchase options for additional drops.
Date: 2026-05-15T19:43:19Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%85EMAIL-PASS%E2%9C%85-%E2%AD%90300K-FULL-ANTI-PUBLIC-PRIVATE-MAIL%E2%AD%90-%E2%9A%A1DROP-BY-CELESTIAL-ADMIN%E2%9A%A1–2094420
Screenshots:
None
Threat Actors: CELESTIAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 4K Valid Fresh Mix
Category: Combo List
Content: A threat actor has shared a combo list advertised as containing 4,000 valid, fresh mixed credentials. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-15T19:42:57Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-4k-valid-fresh-mix
Screenshots:
None
Threat Actors: shhherrry
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted ChatGPT Plus accounts
Category: Services
Content: A threat actor is offering ChatGPT Plus accounts for $7.99, marketed as discounted alternatives to the standard $29 subscription. Accounts are advertised with instant delivery and payment via PayPal or cryptocurrency through an autobuy storefront.
Date: 2026-05-15T19:42:41Z
Network: openweb
Published URL: https://cracked.st/Thread-Shoppy-%E2%9A%A1%EF%B8%8F-CHATGPT-PLUS-1-MONTH-PRIVATE-ACCOUNT-%E2%9C%85-7-99-INSTEAD-OF-28-%E2%9C%85
Screenshots:
None
Threat Actors: Antaksio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: URL:Login:Pass credentials shared on forum
Category: Combo List
Content: A forum user shared a combo list described as fresh URL:login:password credentials. The content is hidden behind a registration or login wall, limiting visibility into scope or origin. No specific organization or country is identified as the breach source.
Date: 2026-05-15T19:42:25Z
Network: openweb
Published URL: https://patched.to/Thread-fresh-url-login-pass-private-302806
Screenshots:
None
Threat Actors: ZAMPARA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list with 1,004 valid entries
Category: Combo List
Content: A forum post on a combolist section advertises 1,004 allegedly valid Hotmail credentials dated May 14, 2026. The content is hidden behind a registration or login wall, limiting further detail. The listed credentials are intended for use in credential stuffing against Hotmail accounts.
Date: 2026-05-15T19:42:07Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%A5%801004-hotmail-valid-access-14-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Telegram content/account removal service offered on forum
Category: Services
Content: A forum user is advertising a paid service to remove Telegram channels, personal accounts, and bots. The seller accepts middleman (MM) arrangements and can be contacted via Telegram.
Date: 2026-05-15T19:42:02Z
Network: openweb
Published URL: https://patched.to/Thread-doing-telegram-removals-fastest-cheapest
Screenshots:
None
Threat Actors: ivebtc
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list of 3,500 credentials freely distributed
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 3,500 Hotmail credential hits at no cost, with private cloud access available for purchase via Telegram. The credentials are marketed as high quality and are intended for credential stuffing against Hotmail accounts.
Date: 2026-05-15T19:41:50Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9C%85-3-5k-hq-hotmail-hit-%E2%9C%85
Screenshots:
None
Threat Actors: aurexopforu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail with 953 alleged valid credentials
Category: Combo List
Content: A threat actor shared a combo list on a forum claiming to contain 953 valid Hotmail credentials, dated May 14, 2026. The content is gated behind registration or login. No additional details about the data source or composition are available.
Date: 2026-05-15T19:41:33Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%A5%80953-hotmail-valid-access-14-05-2026
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list drop of 725 credentials
Category: Combo List
Content: A threat actor shared a combo list of 725 Hotmail credentials on a leak forum. The content is hidden behind a registration or login requirement. No further details about the data origin or verification status are provided.
Date: 2026-05-15T19:40:54Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%EF%B8%8F-725x-Verity-Vault-Hotmail-Drop-%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: Verityyyy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fresh mix combo list with 102,164 lines
Category: Combo List
Content: A threat actor is sharing a mixed email:password combo list containing 102,164 lines, marketed as fresh. The content is gated behind forum registration or login. The actor promotes a Telegram channel for additional data distribution.
Date: 2026-05-15T19:40:30Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-102-164-Lines-Fresh-Mix-Combolist
Screenshots:
None
Threat Actors: stormtrooper
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged BreachForums Database Leak by ShinyHunters Group
Category: Data Leak
Content: ShinyHunters threat actor group claims to have obtained BreachForums database backup (bf_03_2026.sql.7z) following an unauthorized leak on January 9, 2026. The group states they have exploits for MyBB 1.8 versions and threatens to leak complete BreachForums backups including private messages, emails, IP addresses, and posts if current forum clones (.ai, .sb, .ac, .fi, .bf, .us) continue to operate. A downloadable SQL archive is provided via direct link.
Date: 2026-05-15T19:32:54Z
Network: telegram
Published URL: https://t.me/c/3500620464/7894
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Cybercriminal Forum/Platform
Victim Organization: BreachForums
Victim Site: breachforums.ai, breachforums.sb, breachforums.ac, breachforums.fi, breachforums.bf, breachforums.us
Sale of 300 SUHQ mix email access credentials
Category: Combo List
Content: A threat actor is sharing 300 so-called Super Ultra High Quality (SUHQ) mixed valid email access credentials on a clearnet forum. The post is categorized as a combo list offering, with credentials marketed as verified valid mail access. No specific victim organization or country is identified.
Date: 2026-05-15T19:32:27Z
Network: openweb
Published URL: https://altenens.is/threads/check-mark-buttonmail-accesscheck-mark-button-star300x-full-suhq-mix-valids-star.2940872/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 5,000 EDU-targeted email and password combo list
Category: Combo List
Content: A threat actor is offering a combo list of 5,000 email:password pairs targeted at educational institutions. The post markets the credentials as verified hits. No specific organization or breach source is identified.
Date: 2026-05-15T19:30:01Z
Network: openweb
Published URL: https://altenens.is/threads/check-mark-buttonemail-passcheck-mark-button-star5k-edu-targeted-combosstar-check-mark-buttonhits-assuredcheck-mark-button.2940873/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list containing 100K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 100,000 Hotmail credentials, marketed as fresh. Access to the list requires a reply to the thread, suggesting a gated free release.
Date: 2026-05-15T19:27:34Z
Network: openweb
Published URL: https://altenens.is/threads/check-mark-buttonprivate-hotmail-combocheck-mark-button-star100k-full-fresh-hotmail-combo-star.2940871/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 1 million username and password combo list with assured hits
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1 million username, login, and password credentials marketed as private and with assured hits. Access to the hidden content requires a reply to the thread.
Date: 2026-05-15T19:25:48Z
Network: openweb
Published URL: https://altenens.is/threads/check-mark-buttonu-l-pcheck-mark-button-star1m-full-private-u-l-pstar-check-mark-buttonhits-assuredcheck-mark-button.2940875/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 50,000 corporate-targeted email:password combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 50,000 corporate-targeted email:password pairs on a cybercrime forum. The post markets the credentials as yielding assured hits, suggesting prior validation. Access to the list requires forum engagement.
Date: 2026-05-15T19:24:47Z
Network: openweb
Published URL: https://altenens.is/threads/check-mark-buttonemail-passcheck-mark-button-star50k-corp-targeted-combosstar-check-mark-buttonhits-assuredcheck-mark-button.2940874/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fullz, dumps with PIN, identity documents, and fraud tools by threat actor silasclark
Category: Carding
Content: A threat actor operating as silasclark is selling a broad range of fraud-enabling goods including fullz (SSN, DOB, DL), dumps with PIN (Track 101/202), identity documents with selfies and video, company and KYC documents, Medicare leads, and various carding tutorials and tools. Offerings span multiple countries including the USA, UK, Canada, and Australia. The seller accepts cryptocurrency and advertises bulk discounts with 24/7 support via Telegram and other channels.
Date: 2026-05-15T19:21:20Z
Network: openweb
Published URL: https://crackingx.com/threads/75391/
Screenshots:
None
Threat Actors: silasclark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen credit cards and carding services including non-VBV cards, dumps, and cloned cards
Category: Carding
Content: A threat actor is offering stolen non-VBV credit cards with ATM PINs, dumps (101s/201s/211s), cloned cards, and stealer logs for sale via Telegram. The seller also advertises carding services for payment platforms including Cashapp, Venmo, PayPal, Google Pay, and Zelle, as well as order fraud services for DoorDash, UberEats, Walmart, and others. Payment is accepted in Bitcoin or CashApp.
Date: 2026-05-15T19:18:59Z
Network: openweb
Published URL: https://xforums.st/threads/selling-ccs-non-vbv-used-for-any-online-payment-or-online-shopping-with-high-good-of-balance-in-each-of-my-cards-comes-with-atm-pin.615207/
Screenshots:
None
Threat Actors: BraveLuck
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of fff.fr with 3.5 million French users
Category: Data Leak
Content: A threat actor has shared what is alleged to be a database dump from fff.fr containing approximately 3.5 million user records. The post was made on a known data breach forum. No additional details about the data fields or breach circumstances are available from the post content.
Date: 2026-05-15T19:11:29Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-FFF-FR-3-5M-USERS-FRENCH
Screenshots:
None
Threat Actors: xdbreachedww
Victim Country: France
Victim Industry: Unknown
Victim Organization: FFF
Victim Site: fff.fr
Alleged Rockstar Games data breach – 78.6M+ Snowflake records leaked by ShinyHunters
Category: Data Breach
Content: ShinyHunters threat actor claims responsibility for compromising Rockstar Games Snowflake instances through Anodot.com integration breach. The group states 78.6M+ total records were compromised and is now distributing the data via direct download link. The post clarifies that contrary to earlier reports, the data was never for sale and is being leaked rather than ransomed.
Date: 2026-05-15T19:00:23Z
Network: telegram
Published URL: https://t.me/c/3500620464/7893
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Entertainment/Gaming
Victim Organization: Rockstar Games
Victim Site: rockstargames.com
Alleged data breach of Arrotex Pharmaceuticals
Category: Data Breach
Content: A threat actor is offering for sale approximately 2.5 TB of data allegedly exfiltrated from Arrotex Pharmaceuticals. The data purportedly includes confidential business documents such as recruitment records, partner and distributor information, agreements, finance documents, sales data, and business plans. The actor can be contacted via email for further details.
Date: 2026-05-15T18:59:31Z
Network: openweb
Published URL: https://breached.st/threads/arrotex-pharmaceuticals-2-5-tb.87165/unread
Screenshots:
None
Threat Actors: wower
Victim Country: Australia
Victim Industry: Healthcare
Victim Organization: Arrotex Pharmaceuticals
Victim Site: arrotex.com.au
Alleged data leak of Podarok (podarok.co.il) — 5,802 Israeli user records
Category: Data Leak
Content: A threat actor leaked what they claim are 5,802 user records from the Israeli e-commerce site podarok.co.il. The exposed fields allegedly include names, email addresses, phone numbers, passwords, addresses, birthdays, and other account metadata. The data was shared freely on a public forum.
Date: 2026-05-15T18:58:42Z
Network: openweb
Published URL: https://breached.st/threads/il-5802-isreal-userdata-leaks.87164/unread
Screenshots:
None
Threat Actors: yra404
Victim Country: Israel
Victim Industry: Retail
Victim Organization: Podarok
Victim Site: podarok.co.il
Alert: Unintelligible forum post requesting Discord data
Category: Alert
Content: A forum user posted an unintelligible request on a database forum with no substantive threat content or actionable information.
Date: 2026-05-15T18:58:10Z
Network: openweb
Published URL: https://breached.st/threads/pls-data-discord.87166/unread
Screenshots:
None
Threat Actors: sltfils
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of multiple Morocco government websites
Category: Data Leak
Content: A threat actor known as fexus claims to have leaked data from multiple Moroccan government websites across education and tax ministry domains. The leak includes at least nine identified subdomains with a combined total of approximately 78,082 lines of data. The data has been made available for free download via a file-sharing service.
Date: 2026-05-15T18:57:41Z
Network: openweb
Published URL: https://breached.st/threads/gov-ma-websites-breach.87168/unread
Screenshots:
None
Threat Actors: fexus
Victim Country: Morocco
Victim Industry: Government
Victim Organization: Morocco Government
Victim Site: gov.ma
Forum posting and topic promotion service offered on dark web forums
Category: Services
Content: A threat actor operating under the alias digidi is selling a curated list of 180+ Russian and English-language shadow and general forums, alongside manual topic posting and bump/up services for advertisements. The service is priced at $13 for the forum list and $25–$50 minimum for posting campaigns, with payments accepted in USDT, LTC, and ETH. The offering targets those seeking to promote services or find sellers across dark web and shadow forums.
Date: 2026-05-15T18:56:39Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-%F0%9F%8C%9F-LIST-OF-FORUMS-MANUAL-POSTING-OF-YOUR-TOPICS-ON-FORUMS-UP-BUMPING-OF-TOPICS-%F0%9F%8C%9F
Screenshots:
None
Threat Actors: digidi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Nighthawk C2 v0.4 Janus source code on dark web
Category: Malware
Content: Source code for Nighthawk C2 version 0.4 Janus (reportedly the final version) is allegedly being sold on threat markets at approximately $7,500 USD, down from the original sellers asking price of $10,000 USD. The source code has reportedly been dumped and is being sold at discounted prices on dark web marketplaces.
Date: 2026-05-15T18:44:15Z
Network: telegram
Published URL: https://t.me/c/3575098403/203
Screenshots:
None
Threat Actors: Nighthawk C2
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of US consumer dataset containing 202 million records
Category: Data Leak
Content: A threat actor shared a link to a large compressed file purportedly containing data on 202 million US consumers. The dataset, approximately 20.6 GB in size, was made available via a file-sharing service. The source organization of the data is not identified in the post.
Date: 2026-05-15T18:40:29Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-I-stuck-this-on-Upgraded-Lounge-under-An-idea-for-Data-sorter-LLM-Ai
Screenshots:
None
Threat Actors: OriginalCrazyOldFart
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged compromise of Ghana Military website (ga.mil.gh) with webshell access
Category: Initial Access
Content: Threat actors claiming to have compromised the Ghana Military website (ga.mil.gh) and deployed a webshell (rex.php). Access is being offered for sale with contact via @PHTEAM_1. Attributed to shadowX and members from Nullsec Philippines (n.s.p).
Date: 2026-05-15T18:39:34Z
Network: telegram
Published URL: https://t.me/Pharaoh_e/28
Screenshots:
None
Threat Actors: shadowX
Victim Country: Ghana
Victim Industry: Government/Military
Victim Organization: Ghana Military
Victim Site: ga.mil.gh
Alleged data leak of wateenapp.org — Saudi Arabia blood donor database
Category: Data Leak
Content: A threat actor has leaked a database allegedly obtained from wateenapp.org, the official Saudi Ministry of Health blood donation application. The exposed data reportedly includes donor names, blood groups, gender, donation dates, mobile numbers, ID numbers, blood bag numbers, blood bank details, and donation status for approximately 180,438 blood donors. The data is being made available for free download on the forum.
Date: 2026-05-15T18:38:51Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-SA-wateenapp-org-Database-Leaked-Download
Screenshots:
None
Threat Actors: lulzintel
Victim Country: Saudi Arabia
Victim Industry: Healthcare
Victim Organization: Wateen
Victim Site: wateenapp.org
Alleged data breach of Binance Australia – 470K records
Category: Data Breach
Content: A threat actor claiming to possess a database of 470,000 Binance Australia user records is offering the data for sale at 3000 USD. The dataset includes personal identifiable information (ID, firstname, lastname, country, email, phone, date, trading pair, exchange data). The threat actor is attributed as DanzNismXst7.
Date: 2026-05-15T18:36:23Z
Network: telegram
Published URL: https://t.me/c/3841736872/446
Screenshots:
None
Threat Actors: DanzNismXst7
Victim Country: Australia
Victim Industry: Cryptocurrency Exchange
Victim Organization: Binance
Victim Site: binance.com
Sale of UHQ Hotmail combo list containing 15K credentials
Category: Combo List
Content: A threat actor is offering a combo list of 15,000 Hotmail credentials marketed as UHQ (ultra-high quality) and fresh. The list is advertised on a criminal forum and appears intended for credential stuffing against Hotmail/Outlook accounts.
Date: 2026-05-15T18:35:26Z
Network: openweb
Published URL: https://cracked.st/Thread-15K-UHQ-HOTMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: UHQ Outlook Credentials (6.5K)
Category: Combo List
Content: A threat actor is distributing a combo list of 6,500 Outlook credentials, marketed as UHQ (ultra-high quality) and fresh. The post is sponsored by a third-party AIO tool service.
Date: 2026-05-15T18:35:04Z
Network: openweb
Published URL: https://cracked.st/Thread-6-5K-UHQ-OUTLOOK-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Gmail combo list with 150,000 credentials
Category: Combo List
Content: A threat actor is sharing a combo list marketed as 150,000 UHQ Gmail credentials described as fresh. The post is sponsored by slateaio.com, suggesting association with credential-stuffing tooling. Gmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-15T18:34:41Z
Network: openweb
Published URL: https://cracked.st/Thread-150K-UHQ-GMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Alleged Hotmail valid mail access credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 1,290 allegedly valid Hotmail email account credentials. The content is hidden behind a registration or login wall on the forum. These credentials appear to be marketed as fully valid mail access.
Date: 2026-05-15T18:34:33Z
Network: openweb
Published URL: https://patched.to/Thread-1290-full-valid-hotmail-mail-access-302754
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 8,335 alleged full valid Hotmail email account credentials. The credentials are marketed as active and verified mail access. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-15T18:34:21Z
Network: openweb
Published URL: https://cracked.st/Thread-8335-FULL-VALID-HOTMAIL-MAIL-ACCESS
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Alleged Hotmail credential list with 8,335 valid entries
Category: Combo List
Content: A threat actor is distributing a combo list advertised as containing 8,335 fully valid Hotmail mail access credentials. The content is hidden behind a registration or login wall on the forum. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-15T18:34:12Z
Network: openweb
Published URL: https://patched.to/Thread-8335-full-valid-hotmail-mail-access
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Alleged Hotmail Credential Hits
Category: Combo List
Content: A forum user is distributing a combo list advertised as 1,238 fully valid Hotmail email account credentials. The content is hidden behind a registration or login wall. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-15T18:33:57Z
Network: openweb
Published URL: https://patched.to/Thread-1238-full-valid-hotmail-mail-access
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Yahoo combo list (7.3K credentials)
Category: Combo List
Content: A threat actor is sharing a combo list of 7.3K credentials marketed as UHQ and fresh, targeting Yahoo accounts. The post is sponsored by an AIO (all-in-one) checker service. No victim organization is identified as the source of the credentials.
Date: 2026-05-15T18:33:52Z
Network: openweb
Published URL: https://cracked.st/Thread-7-3K-UHQ-YAHOO-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email access combo list
Category: Combo List
Content: A threat actor is offering a combo list of 2,874 reportedly valid mixed email account credentials. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-15T18:33:34Z
Network: openweb
Published URL: https://patched.to/Thread-2874-full-valid-mix-mail-access
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of mixed email account credentials
Category: Combo List
Content: A combo list of 2,874 allegedly valid mixed email account credentials was shared on a cracking forum. The post is categorized under combolists and marketed as full valid access across multiple email providers.
Date: 2026-05-15T18:33:30Z
Network: openweb
Published URL: https://cracked.st/Thread-2874-FULL-VALID-MIX-MAIL-ACCESS
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mix mail access combo list
Category: Combo List
Content: A threat actor is sharing or selling a combo list of 1,063 reportedly valid mixed mail access credentials. The content is hidden behind a registration or login wall, limiting visibility into specific details.
Date: 2026-05-15T18:33:16Z
Network: openweb
Published URL: https://patched.to/Thread-1063-full-valid-mix-mail-access
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of mixed mail account credentials
Category: Combo List
Content: A combo list of 3,867 allegedly valid mixed mail account credentials was shared on a cracking forum. The post is categorized under combolists and marketed as fully valid mail access.
Date: 2026-05-15T18:33:02Z
Network: openweb
Published URL: https://cracked.st/Thread-3867-FULL-VALID-MIX-MAIL-ACCESS
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mix mail access combo list
Category: Combo List
Content: A threat actor is offering a combo list of 3,659 claimed valid mixed mail access credentials. The content is hidden behind a registration or login wall, limiting visibility into the specific providers or data fields included.
Date: 2026-05-15T18:32:58Z
Network: openweb
Published URL: https://patched.to/Thread-3659-full-valid-mix-mail-access
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged combo list of 1,701 valid mixed mail access credentials
Category: Combo List
Content: A forum user shared a combo list of 1,701 reportedly valid mixed email account credentials. The post is categorized as a combo list of mail access credentials. No additional details are available from the post content.
Date: 2026-05-15T18:32:32Z
Network: openweb
Published URL: https://cracked.st/Thread-1701-FULL-VALID-MIX-MAIL-ACCESS
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 100 credentials
Category: Combo List
Content: A threat actor on a cybercrime forum is distributing a combo list of approximately 100 Hotmail credentials, marketed as elite with no junk entries. The content is hidden behind a registration or login requirement, limiting full verification of the claimed data.
Date: 2026-05-15T18:32:26Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9A%A1-0-1k-elite-global-hotmail-zero-junk-pure-hits-%E2%9A%A1-302745
Screenshots:
None
Threat Actors: NokiaDB
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed mail access combo list with 5,229 entries
Category: Combo List
Content: A threat actor on a cracking forum is distributing a combo list advertised as 5,229 fully valid mixed mail access credentials. No additional details are available from the post content.
Date: 2026-05-15T18:32:13Z
Network: openweb
Published URL: https://cracked.st/Thread-5229-FULL-VALID-MIX-MAIL-ACCESS–2094389
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of multi-country combo list with ULP and mail lines
Category: Combo List
Content: A threat actor operating under the alias Coolconfigcloud is offering free and paid access to daily-updated ULP and mail combo lines sourced from multiple countries. Free lines are publicly available, while premium tiers are priced between $15 and $250 depending on subscription duration. The service is marketed as providing high-quality, consistently fresh credential lines.
Date: 2026-05-15T18:32:06Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%8C%A9-cool-cloud-%F0%9F%8C%A9-%F0%9F%93%A8-multiple-country-base-%F0%9F%93%A8-%F0%9F%94%A5-hq-mails-%F0%9F%94%A5
Screenshots:
None
Threat Actors: Coolconfigcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 822 valid credentials
Category: Combo List
Content: A forum post advertises 822 reportedly valid Hotmail email account credentials. The post is categorized as a combo list offering, with credentials likely harvested from prior breaches and verified for access. No additional details are available in the post content.
Date: 2026-05-15T18:31:40Z
Network: openweb
Published URL: https://cracked.st/Thread-822-FULL-VALID-HOTMAIL-MAIL-ACCESS
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list shared on forum
Category: Combo List
Content: A forum user shared a free ULP (URL:Login:Password) combo list on a cybercrime forum. The content is hidden behind a login/registration wall, so specific details about the data are unavailable.
Date: 2026-05-15T18:31:36Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%90free-ulp%E2%AD%90
Screenshots:
None
Threat Actors: databreach
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed mail access combo list
Category: Combo List
Content: A forum post on Cracked.st advertises 2,030 allegedly valid mixed mail access credentials. No additional details are available as the post content is empty.
Date: 2026-05-15T18:31:18Z
Network: openweb
Published URL: https://cracked.st/Thread-2030-FULL-VALID-MIX-MAIL-ACCESS–2094406
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of mixed UHQ combo list with 3,000 credentials
Category: Combo List
Content: A threat actor shared a mixed combo list marketed as UHQ (ultra-high quality) and fresh, containing approximately 3,000 credential pairs. The list was made available via an external paste link on rentry.co.
Date: 2026-05-15T18:31:05Z
Network: openweb
Published URL: https://patched.to/Thread-3k-mix-uhq-fresh
Screenshots:
None
Threat Actors: HolyCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Framer Pro subscription access on cybercrime forum
Category: Services
Content: A forum seller is offering 1-year Framer Pro access at $44.99, advertised as 88% off the official price of $360/year. The nature of the access — whether legitimate, shared, or obtained through unauthorized means — is not disclosed in the post.
Date: 2026-05-15T18:30:40Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-44-99-%E2%9C%85-Build-Stunning-Websites-Faster-with-Framer-Pro-%E2%80%94-Now-at-88-OFF-1-Year-Pro-A–2094364
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed mail access combo list with 4,542 entries
Category: Combo List
Content: A threat actor is offering a combo list of 4,542 alleged valid mixed email account credentials. The content is hidden behind a registration or login wall on the forum. No specific email provider or target service is identified in the post.
Date: 2026-05-15T18:30:35Z
Network: openweb
Published URL: https://patched.to/Thread-4542-full-valid-mix-mail-access
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting smtp.office365.com
Category: Combo List
Content: A forum post on PT – Combolist advertises a credential list targeting smtp.office365.com. The actual content is hidden behind a login/registration wall, so specific details such as record count and data composition are unavailable.
Date: 2026-05-15T18:30:17Z
Network: openweb
Published URL: https://patched.to/Thread-smtp-office365-com
Screenshots:
None
Threat Actors: Flexedz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 4 million URL:login:password credentials
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 4 million URL, login, and password combinations. The content is gated behind forum registration or login. No specific victim organization or targeted service is identified.
Date: 2026-05-15T18:29:53Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%90-4-million-url-login-pass%E2%AD%90
Screenshots:
None
Threat Actors: XLM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Alleged Hotmail credential list with 6,071 entries
Category: Combo List
Content: A forum user is sharing a combo list advertised as containing 6,071 fully valid Hotmail email access credentials. The content is hidden behind a registration or login requirement. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-15T18:29:46Z
Network: openweb
Published URL: https://patched.to/Thread-6071-full-valid-hotmail-mail-access
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Claude API keys with token balance
Category: Data Leak
Content: A threat actor is freely sharing alleged Anthropic Claude API keys with approximately 2 million tokens of remaining balance. The post offers a free sample and directs users to hidden content requiring forum registration to access the full set of leaked keys.
Date: 2026-05-15T18:29:34Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%90-2-million-tokens-claude-opus-4-7-and-more-api-key-%E2%AD%90
Screenshots:
None
Threat Actors: JVZU
Victim Country: United States
Victim Industry: Technology
Victim Organization: Anthropic
Victim Site: anthropic.com
Combo List: 753 Valid Hotmail Credentials Shared
Category: Combo List
Content: A forum user is sharing 753 allegedly valid Hotmail email account credentials. The content is hidden behind a registration or login wall. These credentials are marketed as fully valid mail access.
Date: 2026-05-15T18:29:16Z
Network: openweb
Published URL: https://patched.to/Thread-753-full-valid-hotmail-mail-access-302762
Screenshots:
None
Threat Actors: GoldMailAccs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 764 entries
Category: Combo List
Content: A threat actor is distributing a combo list of 764 Hotmail email and password pairs, marketed as high quality. The credentials are intended for credential stuffing against Hotmail accounts.
Date: 2026-05-15T18:29:05Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9D%84%E2%9D%84-764x-HQ-PREMIUM-HOTMAILS-%E2%9D%84%E2%9D%84–204190
Screenshots:
None
Threat Actors: He_Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fresh mix combo list with 444 credentials
Category: Combo List
Content: A threat actor shared a link to an external paste site containing a mix combo list advertised as fresh, consisting of approximately 444 credential pairs.
Date: 2026-05-15T18:28:46Z
Network: openweb
Published URL: https://patched.to/Thread-444x-fresh-mix
Screenshots:
None
Threat Actors: HolyCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 6,000 Hotmail credentials, marketed as high-quality hits. The content is gated behind forum registration or login and may be freely shared or sold.
Date: 2026-05-15T18:28:28Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85-6k-hq-hotmail-hit-%E2%9C%85-302770
Screenshots:
None
Threat Actors: RetroCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list of 564 Hotmail email and password pairs, marketed as premium and fresh. The list is offered as a free download on a dark web forum.
Date: 2026-05-15T18:28:24Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1564x-PREMIUM-FRESH-HOTMAILS-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: He_Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 3,340 mixed email credentials shared
Category: Combo List
Content: A forum user shared a combo list containing 3,340 mixed email and password credentials. The content is hidden behind a login/registration wall. No specific targeted service or breach source is identified.
Date: 2026-05-15T18:27:40Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3340x-MIX-MAIL
Screenshots:
None
Threat Actors: NotSellerXd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 1,300 Hotmail account credentials
Category: Combo List
Content: A forum post advertises 1,300 Hotmail account credentials. The thread appears to be sponsored by a proxy and SMS verification service. No further details about the source or validity of the accounts are provided.
Date: 2026-05-15T18:27:23Z
Network: openweb
Published URL: https://nulledbb.com/thread-X1300-Hotmail-Accounts–2294846
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email combo list
Category: Combo List
Content: A threat actor is offering a mixed mail combo list of approximately 1,100 lines on a cracking forum. The post is sponsored by a proxy and SMS verification service. No specific victim organization or breach source is identified.
Date: 2026-05-15T18:27:04Z
Network: openweb
Published URL: https://nulledbb.com/thread-X1100-Mixed-Mail-Lines–2294847
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 36K mixed mail access combo list
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 36,000 mixed email account credentials. The content is hidden behind a registration or login requirement on the forum. No specific targeted service or organization is identified.
Date: 2026-05-15T18:26:50Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-36K-MIXED-MAIL-ACCESS-GOODS
Screenshots:
None
Threat Actors: StrawHatBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 1,400 Hotmail account credentials
Category: Combo List
Content: A forum post advertises 1,400 Hotmail account credentials. The post appears to be sponsored by a proxy and SMS verification service. No additional details about the source or validity of the credentials are provided.
Date: 2026-05-15T18:26:43Z
Network: openweb
Published URL: https://nulledbb.com/thread-X1400-Hotmail-Accounts–2294848
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed mail combo list (2,200 lines)
Category: Combo List
Content: A forum user shared a mixed mail combo list containing 2,200 lines. The post is sponsored by a proxy and SMS verification service. No specific breach source or target service is identified.
Date: 2026-05-15T18:26:22Z
Network: openweb
Published URL: https://nulledbb.com/thread-X2200-Mixed-Mail-Lines–2294849
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 8K mixed email access combo list
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 8,000 mixed email credentials, marketed as fresh. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-15T18:26:13Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-8K-FRESH-MAIL-ACCESS-MIX
Screenshots:
None
Threat Actors: AlphaCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 1,800 Hotmail account credentials
Category: Combo List
Content: A forum post advertises 1,800 Hotmail accounts in a cracking forum. The post appears to be sponsored by a proxy and SMS verification service. No further details about the data source or contents are provided.
Date: 2026-05-15T18:26:02Z
Network: openweb
Published URL: https://nulledbb.com/thread-X1800-Hotmail-Accounts–2294850
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 2,500 mixed email credential combo list
Category: Combo List
Content: A forum post advertises 2,500 mixed email lines, consistent with a combo list offering. The post appears to be sponsored by a proxy and SMS verification service. No additional details about the source or content of the credentials are provided.
Date: 2026-05-15T18:25:42Z
Network: openweb
Published URL: https://nulledbb.com/thread-X2500-Mixed-Mail-Lines–2294851
Screenshots:
None
Threat Actors: EarlHickey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 140K Germany UHQ Fresh Combolist
Category: Combo List
Content: A threat actor is offering a 140,000-record German email:password combolist marketed as UHQ (ultra-high quality) and fresh. The content is hidden behind registration or login, with the actor also advertising spamming, dumping, and cracking tools and lessons via Telegram.
Date: 2026-05-15T18:25:38Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-140K-GERMANY-UHQ-Fresh-Combolist
Screenshots:
None
Threat Actors: el_capitan
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 265K Hotmail combo list
Category: Combo List
Content: A threat actor is offering a 265K Hotmail email:password combo list described as semi-private and high quality. The content is gated behind registration or login, with the seller also advertising combo, spamming, dumping, and cracking tools and lessons via Telegram.
Date: 2026-05-15T18:25:02Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-265K-HOTMAIL-Semi-Private-HQ-Combolist
Screenshots:
None
Threat Actors: el_capitan
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Mixed email credentials shared on forum
Category: Combo List
Content: A forum user is distributing a mixed email combo list marketed as private and fresh, verified by the poster. The content is hidden behind a login/registration wall, limiting visibility into the full scope of the dataset.
Date: 2026-05-15T18:24:44Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1MIX-MAIL%E2%9A%A1%E2%9A%A1PRIVATE%E2%9A%A1%E2%9A%A1FRESH%E2%9A%A1%E2%9A%A1CHEKED-BY-klyne05-%E2%9A%A1%E2%9A%A1–20688
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 310K USA email:password combo list
Category: Combo List
Content: A threat actor is offering a combo list of approximately 310,000 USA email:password credential pairs on a dark web forum. The content is hidden behind registration/login, with the seller also advertising cracking, spamming, and dumping tools and services via Telegram.
Date: 2026-05-15T18:24:26Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-310K-USA-Good-Quality-Combolist
Screenshots:
None
Threat Actors: el_capitan
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list release: 2,300 mixed credentials
Category: Combo List
Content: A threat actor shared a combo list containing approximately 2,300 mixed credentials, marketed as fresh. The content is gated behind forum registration or login.
Date: 2026-05-15T18:24:22Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-2300x-FRESH-MIX-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Nulled07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list sample shared on leak forum
Category: Combo List
Content: A sample combo list of 1,210 Hotmail credentials was shared on a leak forum. The content is hidden behind a registration or login wall. This post targets Hotmail as a credential-stuffing service, not as the breach origin.
Date: 2026-05-15T18:23:59Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-1210x-SAMPLE-HOTMAIL-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Stevejobs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ combo list targeting Mexico with 285K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 285,000 email:password pairs marketed as high-quality and associated with Mexican users. The post advertises additional services including spamming, dumping, and cracking tools. Contact is provided via Telegram.
Date: 2026-05-15T18:23:42Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-285K-MEXICO-HQ-Good-Combolist
Screenshots:
None
Threat Actors: el_capitan
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts
Category: Combo List
Content: A forum member is sharing a combo list purportedly containing 318 Hotmail account credentials. The content is hidden behind a registration or login wall. No further details about the data source or composition are available from the post.
Date: 2026-05-15T18:23:37Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-318x-HOTMAIL-ACCESS
Screenshots:
None
Threat Actors: MeiMisakix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail combo list shared on leak forum
Category: Combo List
Content: A user on a leak forum shared a combo list of 1,762 Hotmail credentials, marketed as high quality. The content is hidden behind a registration or login wall.
Date: 2026-05-15T18:23:15Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-X1762-HQ-Hotmail-%E2%9A%A1%E2%9A%A1-BY-Stevee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: stevee
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Gmail combo list with 1.5 million credentials
Category: Combo List
Content: A threat actor is offering a Gmail combo list containing approximately 1.5 million email and password pairs. The content is hidden behind a registration or login wall on the forum. The actor also advertises related services including spamming, dumping, and cracking tools via Telegram.
Date: 2026-05-15T18:22:59Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1-5M-GMAIL-Good-Combolist
Screenshots:
None
Threat Actors: el_capitan
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ mix combo list including Hotmail and private cloud credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 2,873 validated credentials marketed as UHQ mix, including Hotmail and private cloud accounts. The content is hidden behind a registration wall and the actor advertises via Telegram.
Date: 2026-05-15T18:22:53Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-X2873-Valid-UHQ-Mix-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of mixed email credentials
Category: Combo List
Content: A threat actor shared a combo list of 3,759 mixed email credentials, marketed as high quality. The list was made available for free download on the forum.
Date: 2026-05-15T18:22:21Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9D%84%E2%9D%84-3759x-HQ-PREMIUM-MIXED-MAILS-%E2%9D%84%E2%9D%84
Screenshots:
None
Threat Actors: He_Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo sorting tool for credential list organization
Category: Combo List
Content: A forum user is offering a combo sorting tool in the cracking tools section. The tool appears designed to sort or organize credential combo lists. Full details are hidden behind a registration or login wall.
Date: 2026-05-15T18:22:17Z
Network: openweb
Published URL: https://leakforum.io/Thread-COMBO-SORTER-Quick-tool-made-for-sorting
Screenshots:
None
Threat Actors: nexuss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of full database and admin access to Tata-Tour.com (Travel Agency, Djibouti)
Category: Initial Access
Content: A threat actor is offering for sale full database access and admin credentials to tata-tour.com, a Djibouti-based travel agency. The offering includes a 135-table PostgreSQL dump containing bookings, CRM data, payment transactions, and client contact information, as well as active admin account credentials and direct database connection strings. The asking price is $1,000 in cryptocurrency.
Date: 2026-05-15T18:21:10Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Tata-Tour-com-%E2%80%94-Full-Website-Database-Access-Travel-Agency-Djibouti
Screenshots:
None
Threat Actors: TrinityID
Victim Country: Djibouti
Victim Industry: Travel & Tourism
Victim Organization: Tata Tour
Victim Site: tata-tour.com
Sale of full database access to Hablax.com (VividPlate) restaurant platform in Ethiopia
Category: Initial Access
Content: A threat actor is selling full database access to Hablax.com (VividPlate), an Ethiopian restaurant platform. The offering includes a PostgreSQL database dump with 55 user records spanning restaurants, agents, cashiers, and waiters, along with order and payment data. The seller also claims active superadmin account access and direct PostgreSQL connectivity, priced at $300.
Date: 2026-05-15T18:19:27Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Hablax-com-VividPlate-%E2%80%94-Full-Database-Access-Restaurant-Platform-Ethiopia
Screenshots:
None
Threat Actors: TrinityID
Victim Country: Ethiopia
Victim Industry: Food & Beverage
Victim Organization: Hablax / VividPlate
Victim Site: hablax.com
Sale of CVVs, Dumps, Fullz, BINs, and Carding Methods for Multiple Countries
Category: Carding
Content: A threat actor is offering stolen payment card data including CVVs, dumps, fullz, and BINs for the United States, United Kingdom, Canada, and Australia across multiple card networks (Visa, Mastercard, Amex, Discover). The seller also advertises fraudulent booking services covering flights, hotels, car rentals, and retail orders. Contact is solicited via Telegram and WhatsApp.
Date: 2026-05-15T18:10:31Z
Network: openweb
Published URL: https://altenens.is/threads/hellooo-everyone-cvv-dumps-fullz-bins-and-methods-available-bookings-flight-booking-air-bnb-hotel-apartments-apple-orders-car-rentals-f.2940819/unread
Screenshots:
None
Threat Actors: briteny
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of CashApp and PayPal account linking service for fraudulent cashout
Category: Carding
Content: A threat actor is advertising a CashApp and PayPal account linking scheme, claiming to provide linkable accounts for quick cashout. The post targets beginners and solicits verified accounts from other forum members. Contact is offered via Telegram and WhatsApp.
Date: 2026-05-15T18:10:00Z
Network: openweb
Published URL: https://altenens.is/threads/cashapp-linkable-and-paypal-linkable-i-just-need-a-verified-account-tap-in-lets-work-official1dae-firefire.2940841/unread
Screenshots:
None
Threat Actors: clevie339
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Unity Times Nigeria by Threat Actor Y4NZ404
Category: Defacement
Content: On May 16, 2026, threat actor Y4NZ404 operating solo defaced the homepage of unitytimesng.com, a Nigerian news media outlet. The attack was a targeted single-site homepage defacement with no indication of mass defacement activity. The incident was mirrored and archived on zone-xsec.com.
Date: 2026-05-15T18:07:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922668
Screenshots:
None
Threat Actors: Y4NZ404, SOLO
Victim Country: Nigeria
Victim Industry: Media & News
Victim Organization: Unity Times Nigeria
Victim Site: unitytimesng.com
Sale of RCE and SSH access to multiple organizations across multiple countries
Category: Initial Access
Content: A threat actor is offering RCE and SSH access to multiple organizations spanning various countries and sizes, described as ranging from small to large corporations. The seller claims all access is private with proof-of-concept available, and is advertising below-market pricing.
Date: 2026-05-15T18:07:29Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Selling-RCE-SSH-Access-Looking-for-Buyer
Screenshots:
None
Threat Actors: apolloteller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of ULP combo lists from Europe and worldwide
Category: Combo List
Content: A threat actor is selling ULP (URL:Login:Password) combo lists sourced from Europe and other regions. The seller is advertising the credentials as good quality and is accepting contact via direct message or Telegram.
Date: 2026-05-15T18:07:02Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-ULP-combos
Screenshots:
None
Threat Actors: JohnnyMorton
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of compromised law enforcement and government portal access with EDR bypass capabilities
Category: Initial Access
Content: A threat actor is selling alleged direct portal access to law enforcement and government entities across multiple countries, including Royal Thai Police, Brazil Military Police, Argentina Police, Malaysia Government, and others. The offering includes claimed capabilities for Emergency Disclosure Request (EDR) bypasses on major platforms such as Instagram, Facebook, TikTok, Snapchat, Microsoft, and Apple, enabling unauthorized data retrieval without legal process. The seller also advertises forge
Date: 2026-05-15T18:05:20Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Gov-Access-EDR-Execution-Global-Inventory
Screenshots:
None
Threat Actors: 0056115
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of South Korean platform bestexp.co.kr
Category: Data Leak
Content: A threat actor is freely distributing an alleged database dump from the South Korean website bestexp.co.kr. The dataset reportedly contains approximately 11,000 user records including 6,000 email and SHA1-hashed password pairs.
Date: 2026-05-15T17:59:42Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-%E2%AD%90-South-Korea-Database-bestexp-co-kr-%E2%AD%90-11K-User%E2%AD%90-6K-Password-Email-SHA1
Screenshots:
None
Threat Actors: KoreanAshley
Victim Country: South Korea
Victim Industry: Unknown
Victim Organization: bestexp.co.kr
Victim Site: bestexp.co.kr
Alleged data leak of South Korean e-commerce platform magicseller.co.kr
Category: Data Leak
Content: A threat actor has freely shared an alleged database dump from magicseller.co.kr, a South Korean platform. The sample includes SQL table schema containing fields for user credentials, email addresses, names, IP addresses, and social media account references.
Date: 2026-05-15T17:59:14Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-%E2%AD%90%EF%B8%8F-South-Korea-Database-magicseller-co-kr-%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: KoreanAshley
Victim Country: South Korea
Victim Industry: Retail
Victim Organization: Magic Seller
Victim Site: magicseller.co.kr
Alleged data leak of djaboo.com — 25GB SQL and files
Category: Data Leak
Content: A threat actor has leaked approximately 25GB of SQL database files and system files allegedly sourced from djaboo.com. The post includes download links to a full database dump and archive files. Notable email addresses from various financial institutions and data protection contacts were observed within the dataset.
Date: 2026-05-15T17:57:31Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-djaboo-com-25Gb-sql-files-Leaked
Screenshots:
None
Threat Actors: justscyprus
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Djaboo
Victim Site: djaboo.com
Mix Mail Combo List Including Hotmail, Outlook, AOL, GMX, Inbox, iCloud, and Live
Category: Combo List
Content: A threat actor shared a mixed mail combo list targeting multiple email providers including Hotmail, Outlook, AOL, GMX, Inbox, iCloud, and Live. The credentials are gated behind a reply requirement and linked to a Telegram channel. No record count or additional details were disclosed in the post.
Date: 2026-05-15T17:54:29Z
Network: openweb
Published URL: https://altenens.is/threads/mix-mail-combo-hotmail-outlook-aol-gmx-inbox-icloud-live-2026-5-12.2940806/unread
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail access combo list with 3,350 hits
Category: Combo List
Content: A threat actor is distributing a combo list of 3,350 Hotmail credentials sourced from users across the USA, Europe, Asia, and Russia. The content is hidden behind a reply gate. The list is marketed as verified access hits suitable for credential stuffing.
Date: 2026-05-15T17:53:33Z
Network: openweb
Published URL: https://altenens.is/threads/3-350x-hotmail-access-combo-usa-europe-asia-russian.2940804/unread
Screenshots:
None
Threat Actors: Larry_Uchiha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of RDP access and compromised cloud service accounts
Category: Initial Access
Content: Threat actor PORTAL is offering rental of RDP access to Azure, AWS, and DigitalOcean infrastructure ($200), along with compromised domain email accounts (Gmail, Yahoo), GitHub student accounts, ChatGPT Plus subscriptions, and Claude 20x plan accounts. Services offered on daily/monthly rental basis with escrow payment option.
Date: 2026-05-15T17:51:25Z
Network: telegram
Published URL: https://t.me/c/2613583520/82257
Screenshots:
None
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 295K Gaming Credentials
Category: Combo List
Content: A threat actor shared a combo list containing approximately 295,000 email and password pairs described as high-quality gaming credentials. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-15T17:42:34Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-295K-Gaming-HQ-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail with 394K credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 394,000 email and password pairs marketed for use against Hotmail accounts. The post was made on BreachForums under the Combolists section. No additional details are available as the post content was not captured.
Date: 2026-05-15T17:40:52Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Hotmail-394K-Email-Pass–188875
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 13K Mixed Email and Password Credentials
Category: Combo List
Content: A threat actor is sharing a combo list containing approximately 13,000 mixed email and password credential pairs on a cybercrime forum. The content is gated behind a registration or login requirement. No specific targeted organization or service is identified.
Date: 2026-05-15T17:39:26Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-13K-Mixed-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of education sector combo list with 53K email/password pairs
Category: Combo List
Content: A combo list containing approximately 53,000 education-sector email and password pairs was shared on BreachForums. No additional details are available from the post content.
Date: 2026-05-15T17:39:01Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Edu-53K-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Sale of French email:password combo list with 10,000 credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 10,000 email and password pairs purportedly associated with French accounts. The content is gated behind forum registration or login. No specific breached organization is identified.
Date: 2026-05-15T17:37:33Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-FR-10K-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list mix of 5K email and password credentials
Category: Combo List
Content: A threat actor shared a combo list containing approximately 5,000 email and password pairs. The list is described as a mixed combo, suggesting credentials sourced from multiple services or breaches. No additional details are available from the post content.
Date: 2026-05-15T17:37:05Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Good-Mix-5K-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list with 1,961 hits
Category: Combo List
Content: A threat actor is distributing a combo list of 1,961 alleged valid Hotmail credentials marketed as premium hits. The post describes the content as a mix of mail formats stored on private cloud infrastructure.
Date: 2026-05-15T17:35:26Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1961x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: xdalphaa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of MSN combo list with 175K email and password pairs
Category: Combo List
Content: A threat actor is distributing a combo list of 175,000 MSN email and password pairs on a cybercrime forum. The content is hidden behind a registration or login requirement. MSN is the credential-stuffing target, not the breach source.
Date: 2026-05-15T17:34:58Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Msn-175K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Narod.ru Email and Password Credentials
Category: Combo List
Content: A threat actor shared a combo list of email and password credentials associated with Narod.ru accounts on a cybercrime forum. The content is gated behind forum registration or login. No record count or additional details were provided.
Date: 2026-05-15T17:33:17Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Narod-ru-Email-Pass
Screenshots:
None
Threat Actors: hansa__
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Hotmail with 16K email/password pairs
Category: Combo List
Content: A threat actor shared a combo list of approximately 16,000 Hotmail email and password pairs on a cybercrime forum. The content is hidden behind a registration or login requirement. This list is intended for credential stuffing or account takeover activity targeting Hotmail accounts.
Date: 2026-05-15T17:31:34Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Hotmail-16K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list: 2.6K fresh mail access mix
Category: Combo List
Content: A threat actor shared a combo list of approximately 2,600 email account credentials marketed as fresh. The post is dated May 15 and was shared on a known cybercrime forum.
Date: 2026-05-15T17:29:53Z
Network: openweb
Published URL: https://breachforums.rs/Thread-2-6K-Fresh-Mail-Access-Mix-15-05
Screenshots:
None
Threat Actors: MegaCloudShop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Neuf.fr with 29K email/password pairs
Category: Combo List
Content: A threat actor shared a combo list of approximately 29,000 email and password pairs associated with neuf.fr accounts on a cybercrime forum. The content is hidden behind a registration or login requirement. Neuf.fr is a French ISP-linked email service and is referenced as a credential-stuffing target, not necessarily the breach source.
Date: 2026-05-15T17:28:25Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Neuf-fr-29K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Numericable.fr users with 34K credentials
Category: Combo List
Content: A combo list of approximately 34,000 email and password pairs associated with Numericable.fr accounts was shared on BreachForums. The post contains no additional details about the origin or validity of the credentials.
Date: 2026-05-15T17:27:58Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Numericable-fr-34K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Poland with 68K email/password pairs
Category: Combo List
Content: A threat actor shared a combo list containing approximately 68,000 email and password pairs purportedly associated with Polish users. The content is hidden behind a registration/login wall on the forum. No specific breached organization is identified.
Date: 2026-05-15T17:26:33Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Poland-68K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting optonline.net with 12K credentials
Category: Combo List
Content: A combo list of approximately 12,000 email and password pairs associated with optonline.net accounts was posted on a cybercrime forum. The post appears in a combolists section, suggesting the credentials may be intended for credential stuffing or account takeover activity.
Date: 2026-05-15T17:26:03Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-optonline-net-12K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting onet.pl users with 30K email/password pairs
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 30,000 email and password pairs associated with onet.pl accounts. The content is hidden behind a registration or login requirement on the forum. This appears to be a credential stuffing list rather than a direct breach of onet.pl.
Date: 2026-05-15T17:24:37Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-onet-pl-30K-Email-Pass
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Nate.com with 12K email/password pairs
Category: Combo List
Content: A threat actor has shared a combo list of approximately 12,000 email and password pairs marketed for use against Nate.com. The content is gated behind forum registration or login. This is a credential stuffing list and does not represent a direct breach of Nate.com.
Date: 2026-05-15T17:24:10Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Nate-com-12K-Email-Pass–188893
Screenshots:
None
Threat Actors: mindreading
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email credential hits including Hotmail and private cloud accounts
Category: Combo List
Content: A threat actor is distributing a set of 3,731 credential hits described as a premium mixed mail combo list, including Hotmail and private cloud accounts. The post provides a download link and references a Telegram contact for further access.
Date: 2026-05-15T17:22:29Z
Network: openweb
Published URL: https://breachforums.rs/Thread-%E2%9A%A1%E2%9A%A1-3731x-PREMIUM-MIX-MAIL-HITS%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: xdalphaa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 1,536 verified Hotmail credentials
Category: Combo List
Content: A threat actor shared a list of 1,536 Hotmail credentials marketed as recently verified and active. The list was distributed via an external paste service.
Date: 2026-05-15T17:19:57Z
Network: openweb
Published URL: https://breached.st/threads/fire-fresh-drop-1-536-valid-hotmail-accounts-envelope-with-arrow.87154/unread
Screenshots:
None
Threat Actors: cryocrezaz4103
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Spotify combo list containing 10K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 10,000 credentials marketed for use against Spotify. The list is hosted on an external paste site. No information is provided about the origin of the credentials.
Date: 2026-05-15T17:19:27Z
Network: openweb
Published URL: https://breached.st/threads/10k-spotify-private-combo.87163/unread
Screenshots:
None
Threat Actors: supergirl
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Spanish phone numbers database
Category: Services
Content: A threat actor is selling a list of over 4,000 valid Spanish phone numbers, advertised as suitable for spam campaigns or other purposes. Contact is provided via Telegram.
Date: 2026-05-15T17:18:36Z
Network: openweb
Published URL: https://breached.st/threads/spanish-phone-numbers.87160/unread
Screenshots:
None
Threat Actors: nebulark
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cryptocurrency-focused email lead databases
Category: Combo List
Content: A threat actor is selling multiple cryptocurrency-themed email lead databases, including approximately 1 million leads targeting the Coinbase market, 500,000 international leads, and a 527K worldwide crypto email database. The seller is soliciting price offers via private message or Telegram.
Date: 2026-05-15T17:17:42Z
Network: openweb
Published URL: https://breached.st/threads/cryptocurrency-lead-generation-1-million-leads-for-the-coinbase-market-and-cryptocurrencies-and-500-000-international-leads.87155/unread
Screenshots:
None
Threat Actors: Meowl
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of JATCO Thailand
Category: Data Leak
Content: A threat actor has freely shared what is claimed to be JATCO Thailand customer personal and login data. The leaked dataset appears to include fields such as personal ID, age, email, address, province, marital status, and emergency contact information. The post is attributed to threat actors identifying as INFERNALIS, 404Crew, and EXADOS.
Date: 2026-05-15T17:17:10Z
Network: openweb
Published URL: https://breached.st/threads/jatco-co-th-jatco-thailand-dataleaks.87158/unread
Screenshots:
None
Threat Actors: yra404
Victim Country: Thailand
Victim Industry: Manufacturing
Victim Organization: JATCO Thailand
Victim Site: jatco.co.th
Alleged data breach of Afrilims
Category: Data Breach
Content: A threat actor claims to have dumped the full database of afrilims.co.za, a South African healthcare platform, across all subdomains. The dump reportedly includes tables for doctors, patients, and users, containing personal, medical, and credential data such as names, dates of birth, addresses, emails, phone numbers, ICD-10 codes, and hashed passwords. The data was shared freely on a clear-web forum.
Date: 2026-05-15T17:16:39Z
Network: openweb
Published URL: https://breached.st/threads/afrilims-co-za-all-subdomains-database-dumped.87159/unread
Screenshots:
None
Threat Actors: yra404
Victim Country: South Africa
Victim Industry: Healthcare
Victim Organization: Afrilims
Victim Site: afrilims.co.za
Alleged data leak of Aran Group (aranp-group.com)
Category: Data Leak
Content: A threat actor operating under the alias MDGhost has leaked data allegedly belonging to Aran Group, an Israeli industrial liquid packaging company. The post provides a session identifier and references the BlackH4t group. No specific record count or data fields were disclosed in the post.
Date: 2026-05-15T17:16:07Z
Network: openweb
Published URL: https://breached.st/threads/israeli-aranp-group-com-bag-in-box-bib.87161/unread
Screenshots:
None
Threat Actors: MDGhost
Victim Country: Israel
Victim Industry: Manufacturing
Victim Organization: Aran Group
Victim Site: aranp-group.com
Alleged sale of Telegram user database with 770K records
Category: Data Breach
Content: A threat actor is offering for sale an alleged Telegram database containing approximately 770,000 records. The dataset includes fields such as user ID, phone number, username, first name, and last name. A sample is provided via an external paste site, with purchase inquiries directed to a Telegram contact.
Date: 2026-05-15T17:15:35Z
Network: openweb
Published URL: https://breached.st/threads/770k-telegram-database.87162/unread
Screenshots:
None
Threat Actors: Meowl
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Telegram
Victim Site: telegram.org
Alleged data breach of Telegram with 771K user records
Category: Data Breach
Content: A threat actor is selling an alleged Telegram database containing approximately 771,000 records. The dataset includes user IDs, phone numbers, usernames, and first and last names. A sample is provided via an external paste site, with purchase directed through a Telegram contact.
Date: 2026-05-15T17:09:37Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-771K-TELEGRAM-DATABASE
Screenshots:
None
Threat Actors: OxO
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Telegram
Victim Site: telegram.org
Website Defacement of Wingfield by XYZ (Alpha Wolf Team)
Category: Defacement
Content: On May 15, 2026, the website wingfield.co.jp was defaced by attacker XYZ operating under the team Alpha Wolf. The attack targeted a Japanese organization hosted on a Linux server, resulting in the compromise and defacement of the sites index page. The incident was a singular targeted defacement, not part of a mass defacement campaign.
Date: 2026-05-15T17:06:10Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249232
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Wingfield
Victim Site: wingfield.co.jp
Website Defacement of Wingfield by XYZ (Alpha Wolf Team)
Category: Defacement
Content: On May 15, 2026, the website wingfield.co.jp was defaced by threat actor XYZ, operating under the team name Alpha Wolf. The attack targeted the homepage of the Japanese organization, resulting in a single-site defacement. No specific motive or server details were disclosed in connection with this incident.
Date: 2026-05-15T17:03:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922666
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Wingfield
Victim Site: wingfield.co.jp
Telegram automation and growth services offered on forum
Category: Services
Content: A forum seller is advertising Telegram automation and growth services including mass DMs, group member scraping, account sessions (TData), aged accounts, and bot automation. The services are marketed for digital marketing, lead collection, and promotional campaigns. Contact is provided via a Telegram handle.
Date: 2026-05-15T17:01:57Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-Telegram-Automation-Growth-Services
Screenshots:
None
Threat Actors: cio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Argentina combo list with 100K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 100,000 credentials marketed as high quality and targeting Argentine users. The content is gated behind a reply requirement on the forum. No specific breached organization is identified.
Date: 2026-05-15T16:56:32Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-100K-ARGENTINA-High-Quality-Combolist
Screenshots:
None
Threat Actors: Megatron
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 129K Mexico UHQ combo list
Category: Combo List
Content: A threat actor is sharing a combo list purportedly containing 129,000 UHQ credentials associated with Mexican accounts. No additional details are available from the post content.
Date: 2026-05-15T16:53:56Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-129K-MEXICO-UHQ-Combolist
Screenshots:
None
Threat Actors: Megatron
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 165K Germany HQ Fresh Combolist
Category: Combo List
Content: A threat actor is sharing a combolist of approximately 165,000 credentials marketed as high-quality and fresh, targeting German accounts. The content is hidden behind a reply gate on the forum.
Date: 2026-05-15T16:51:11Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-165K-Germany-HQ-Fresh-Combolist
Screenshots:
None
Threat Actors: Megatron
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
115K Colombia UHQ Combo List
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 115,000 credentials described as UHQ (ultra-high quality) and targeting Colombian accounts. The content is gated behind a reply requirement on a dark web forum.
Date: 2026-05-15T16:48:37Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-115K-Colombia-UHQ-Combolist
Screenshots:
None
Threat Actors: Megatron
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Indonesian combo list with 142K credentials
Category: Combo List
Content: A threat actor on a cybercrime forum is sharing a combo list purportedly containing 142,000 Indonesian credentials, marketed as high-quality and fresh. The content is gated behind a reply requirement, limiting immediate visibility into the specific services or data fields included.
Date: 2026-05-15T16:46:05Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-142K-INDONESIA-HQ-Fresh-Combolist
Screenshots:
None
Threat Actors: Megatron
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of shell access to military domain
Category: Initial Access
Content: Threat actor offering to sell shell access to a military domain. Contact: @lei_bf
Date: 2026-05-15T16:44:26Z
Network: telegram
Published URL: https://t.me/c/2590737229/1057
Screenshots:
None
Threat Actors: lei_bf
Victim Country: Philippines
Victim Industry: Military/Defense
Victim Organization: Military domain
Victim Site: Unknown
Website Defacement of Saraswathy Hospitals by Ruiixh4xor (SHENHAXSEC)
Category: Defacement
Content: On May 15, 2026, a threat actor identified as Ruiixh4xor, affiliated with the group SHENHAXSEC, defaced a page on saraswathyhospitals.com, an Indian healthcare providers website. The attack targeted a specific subdirectory rather than the homepage and was not conducted as part of a mass defacement campaign. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-15T16:39:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922664
Screenshots:
None
Threat Actors: Ruiixh4xor, SHENHAXSEC
Victim Country: India
Victim Industry: Healthcare
Victim Organization: Saraswathy Hospitals
Victim Site: saraswathyhospitals.com
Forum policy announcement prohibiting CIS-related threat content
Category: Alert
Content: The forum administrator announced a blanket prohibition on all activities targeting Russia and CIS member states, including data breaches and document leaks related to those countries. Violations will result in thread deletion and potential account bans. This is a forum policy update with no associated threat data.
Date: 2026-05-15T16:37:32Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-IMPORTANT-READ-Statement-Regarding-Russian-Data-CIS
Screenshots:
None
Threat Actors: John
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of private donor contact list linked to New York nonprofit
Category: Data Breach
Content: A threat actor is selling a private list of 520 names and email addresses purportedly belonging to wealthy or notable New Yorkers associated with an unnamed nonprofit organization based in New York City. The seller is advertising the dataset on a dark web forum and requesting contact via Session messenger.
Date: 2026-05-15T16:26:08Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-Private-New-York-donors-names-emails
Screenshots:
None
Threat Actors: Kurd
Victim Country: United States
Victim Industry: Nonprofit
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Perum Daerah Tirta Musi
Category: Data Breach
Content: A threat actor is selling a database allegedly sourced from perumdatirtamusi.co.id, an Indonesian regional water utility. The dataset contains over 437,000 customer records including names, addresses, phone numbers, meter data, and tariff codes, with 257,000 unique phone numbers. The seller is asking $300 and accepts escrow.
Date: 2026-05-15T16:23:36Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-Indonesia-perumdatirtamusi-co-id-437k
Screenshots:
None
Threat Actors: Sorb
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Perum Daerah Tirta Musi
Victim Site: perumdatirtamusi.co.id
Alleged data breach of Nirvasa (nirvasa.com)
Category: Data Breach
Content: A threat actor is offering for sale an alleged database dump from Nirvasa, an Indian digital healthcare platform, claiming approximately 3.5 million user records with 2.9 million unique phone numbers. The dataset purportedly includes fields such as first name, last name, telephone, email, pincode, and address, with data dated between 2024 and 2026. The seller is asking $600 and has provided sample records as proof.
Date: 2026-05-15T16:21:10Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-India-nirvasa-com-3-5kk-users
Screenshots:
None
Threat Actors: Masterbyte
Victim Country: India
Victim Industry: Healthcare
Victim Organization: Nirvasa
Victim Site: nirvasa.com
Alleged data breach of Stych
Category: Data Breach
Content: A threat actor is offering for sale an alleged database dump from Stych, a French driving school platform, containing approximately 1.34 million records. The dataset includes full names, email addresses, mobile phone numbers, dates of birth, postal codes, nationality, and other personal details. The seller claims the data is fresh and has not been previously circulated.
Date: 2026-05-15T16:18:39Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-FR-STYCH-DATABASE-1-3M
Screenshots:
None
Threat Actors: Lagui
Victim Country: France
Victim Industry: Education
Victim Organization: Stych
Victim Site: stych.fr
Alleged data breach of Auchan
Category: Data Breach
Content: A threat actor is selling an alleged database dump from French retail chain Auchan, containing approximately 1.29 million customer records. The dataset includes personally identifiable information such as names, email addresses, phone numbers, postal addresses, and loyalty card numbers. The seller claims the data is fresh, unprocessed, and not previously circulated.
Date: 2026-05-15T16:15:56Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-FR-AUCHAN-DATABASE-1-2M
Screenshots:
None
Threat Actors: Lagui
Victim Country: France
Victim Industry: Retail
Victim Organization: Auchan
Victim Site: auchan.fr
Sale of compromised network configurations and credentials from Spanish MSP ICARO CLOUD S.L. affecting 20 corporate clients
Category: Initial Access
Content: A threat actor is selling network configuration data exfiltrated from Spanish MSP ICARO CLOUD S.L., reportedly obtained via a single reused credential across all managed devices. The dataset includes over 3,500 OPNsense config backups, WireGuard private keys, TLS certificates, admin password hashes, and plaintext credentials affecting 20 client organizations across sectors including healthcare, education, agriculture, and hospitality. The full dataset is offered at $3,750 XMR with individual cli
Date: 2026-05-15T16:13:01Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-20-Spanish-Corporate-Networks-%E2%80%94-Full-Firewall-Configs-VPN-Keys-TLS-Certs-Internal
Screenshots:
None
Threat Actors: macaroni
Victim Country: Spain
Victim Industry: Information Technology
Victim Organization: ICARO CLOUD S.L.
Victim Site: Unknown
Alleged data breach of Nike
Category: Data Breach
Content: A threat actor is offering for sale an alleged database belonging to Nike (nike.com). No further details regarding the data type, record count, or sample files were provided in the post.
Date: 2026-05-15T16:06:53Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-nike-com
Screenshots:
None
Threat Actors: Saikaa
Victim Country: United States
Victim Industry: Retail
Victim Organization: Nike
Victim Site: nike.com
Free distribution of random stealer logs
Category: Logs
Content: A threat actor is freely distributing a collection of stealer logs on a dark web forum. The post offers the logs at no cost and markets them as fresh. No further details about the volume, origin, or affected organizations are provided.
Date: 2026-05-15T16:01:27Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-FREEBIES-Random-Logs
Screenshots:
None
Threat Actors: domainbreachkaduu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of cookies and combo list
Category: Logs
Content: A forum user is freely distributing a collection of cookies and combo list credentials. No specific victim organization, record count, or data details are provided in the post.
Date: 2026-05-15T15:58:30Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-FREEBIES-COOKIES-COMBO
Screenshots:
None
Threat Actors: domainbreachkaduu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Arabic Combo List
Category: Combo List
Content: A forum user shared an Arabic combo list as hidden content, requiring replies to access the download link. No details on record count, source, or targeted services were provided.
Date: 2026-05-15T15:56:03Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-Arabic-Combo-List
Screenshots:
None
Threat Actors: portoreu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Shany Tech
Category: Data Breach
Content: A threat actor is offering for sale an alleged database dump attributed to Shany Tech, an Israeli testing and measuring equipment company. The dataset totals 246.32 GB and includes CSV files for applications, devices, enterprise apps, groups, role assignments, and users. A sample is provided via an anonymous file-sharing link, with purchase directed to a Telegram channel.
Date: 2026-05-15T15:44:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-shany-tech-246-32-GB
Screenshots:
None
Threat Actors: OxO
Victim Country: Israel
Victim Industry: Technology
Victim Organization: Shany Tech
Victim Site: shany-tech.com
Alleged data breach of esky.com exposing Delta Airlines Brazil traveler records
Category: Data Breach
Content: A threat actor is selling an alleged database from esky.com containing 10.3 million records purportedly related to Delta Airlines Brazil travelers. The dataset reportedly includes date of birth, gender, full name, city, address, email, and phone number in CSV format. The seller is directing prospective buyers to a Telegram channel.
Date: 2026-05-15T15:44:16Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-10-3M-esky-com-Delta-Airlines-BR-Travelers-Poland-2026
Screenshots:
None
Threat Actors: OxO
Victim Country: Poland
Victim Industry: Travel
Victim Organization: eSky
Victim Site: esky.com
Sale of Coinbase and worldwide cryptocurrency email leads database
Category: Data Breach
Content: A threat actor is offering for sale multiple cryptocurrency-related email lead databases, including a dataset attributed to Coinbase users (USA) and a worldwide crypto email database of approximately 527,000 records totaling 231MB. The seller is soliciting price offers via private message or Telegram.
Date: 2026-05-15T15:43:32Z
Network: openweb
Published URL: https://darkforums.su/Thread-COINBASE-CRYPTO-LEADS-USA-AND-AROUND-THE-WORLD
Screenshots:
None
Threat Actors: OxO
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Coinbase
Victim Site: coinbase.com
Alleged data leak of Maeva Group
Category: Data Leak
Content: A threat actor claiming to be ChimeraZ has leaked an alleged database dump attributed to Maeva Group, a French vacation rental company. The dataset reportedly contains 4,575,065 customer records and 38,945 residence entries in JSON format across multiple affiliated domains including maeva.com, vacansoleil.com, and campings-paradis.com. Sample data includes full passenger names, phone numbers, reservation details, and dates of stay.
Date: 2026-05-15T15:42:28Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-FR-4-5M-MAEVA-GROUP
Screenshots:
None
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Hospitality
Victim Organization: Maeva Group
Victim Site: maeva.com
Alleged data leak of CCAS Dunkerque (France)
Category: Data Leak
Content: A threat actor has leaked data allegedly belonging to CCAS Dunkerque, a French municipal social action center, via an anonymous file-sharing link. The actor claims to also be selling 220 records of French personal data for $500 via Telegram.
Date: 2026-05-15T15:39:52Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-FR-CCAS-DUNKERQUE
Screenshots:
None
Threat Actors: arpanet7444
Victim Country: France
Victim Industry: Government
Victim Organization: CCAS Dunkerque
Victim Site: Unknown
Website Defacement of 9japress.com by Y4NZ404
Category: Defacement
Content: The Nigerian news/press website 9japress.com was defaced by a solo threat actor operating under the handle Y4NZ404. The attack involved a homepage defacement, replacing the sites content with the attackers message. The incident was recorded on May 15, 2026, with a mirror archived at zone-xsec.com.
Date: 2026-05-15T15:32:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922662
Screenshots:
None
Threat Actors: Y4NZ404, SOLO
Victim Country: Nigeria
Victim Industry: Media and Press
Victim Organization: 9ja Press
Victim Site: 9japress.com
Free combo list of 6.9K EU mixed valid mail access credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 6,900 EU mixed valid mail access credentials dated May 15. The list is gated behind a reply requirement on the forum.
Date: 2026-05-15T14:55:42Z
Network: openweb
Published URL: https://altenens.is/threads/6-9k-eu-mix-valid-mail-access-15-05.2940744/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment card data including CVV2, Dumps+PIN, and EBT+PIN
Category: Carding
Content: A threat actor is advertising a carding shop via Telegram offering stolen payment card data including CVV2, Dumps+PIN (Track1/2), EBT SNAP/CASH, SSN lookups, and Non-VBV BINs. The shop claims first-hand, non-reseller inventory with auto-delivery and a refund guarantee. Products are sold for cryptocurrency and other payment methods.
Date: 2026-05-15T14:55:08Z
Network: openweb
Published URL: https://altenens.is/threads/gem-stonegem-stone-encrypted-gem-stonegem-stone-best-cvv2-dumps-pin-ebt-pin-shop-the-best-products-all-in-one-store-first-hand-and-high-quality-fireencrypted-premium-bases.2940757/unread
Screenshots:
None
Threat Actors: 2ajcas4868
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 500K URL:Login:Password combo list
Category: Combo List
Content: A threat actor is offering a private combo list of 500,000 URL:login:password credentials, marketed as ultra high quality and suitable for general-purpose credential stuffing. The list is dated May 2026.
Date: 2026-05-15T14:39:06Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-PRIVATE-500K-ULP-%E2%9A%A1ULTRA-HIGH-QUALITY%E2%9A%A1MIX-USE-FOR-ANYTHING-YOU-NEED%E2%9A%A1-MAY-2026
Screenshots:
None
Threat Actors: artmolchanov
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of business corporate mail credentials combo list with 155,672 lines
Category: Combo List
Content: A threat actor is distributing a combo list containing 155,672 email and password pairs described as business corporate mail credentials with SMTP access. The post was shared on a public cracking forum. No specific victim organization or country is identified.
Date: 2026-05-15T14:38:43Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-155-672-Lines-%E2%9C%85-Business-Corp-Mail-Pass-SMTP-Leaks
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free South Korea email combo list (Batch 42/100)
Category: Combo List
Content: A threat actor is freely distributing a South Korea-focused email list as part of an ongoing batch series (42 of 100). The content is gated behind registration or login on the forum. No specific breached organization or record count is identified.
Date: 2026-05-15T14:38:33Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-free-premium-south-korea-email-list-batch-42-100
Screenshots:
None
Threat Actors: emaildbpro
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Germany mail access combo list (14K)
Category: Combo List
Content: A combo list advertised as 14,000 Germany mail access credentials has been shared on a public forum. The content is gated behind registration or login. No additional details about the source or format are available.
Date: 2026-05-15T14:38:02Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%9014k-germany-mail-access-%E2%AD%90
Screenshots:
None
Threat Actors: XLM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of premium Hotmail account combo list
Category: Combo List
Content: A threat actor is selling access to a collection of Hotmail accounts described as premium, private, and fresh. Access is offered via a private cloud service at tiered pricing of $20 for 7 days and $50 for 30 days. The content is gated behind registration or login on the forum.
Date: 2026-05-15T14:37:43Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-premium-private-hotmail-accounts-%E2%9A%A1-high-quality
Screenshots:
None
Threat Actors: acodark1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fresh Hotmail combo list subscription service
Category: Combo List
Content: A threat actor is selling subscription-based access to daily fresh Hotmail and mixed email credential lines, marketed as private with no duplicates. Pricing tiers range from $10 for a 3-day trial to $45 for one month. The credentials are advertised as suitable for credential stuffing against any target service.
Date: 2026-05-15T14:37:12Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%98%81%EF%B8%8F-mk2-cloud-fresh-hotmail-mail-access-full-private-%F0%9F%92%8E-302687
Screenshots:
None
Threat Actors: mk2clode
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list freely distributed
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 455 Hotmail credentials, marketed as high-quality and fresh. Free drops are advertised via a Telegram channel, with private access available for purchase through a separate Telegram contact.
Date: 2026-05-15T14:37:08Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-455X-HQ-FRESH-HOTMAIL-%E2%9C%85
Screenshots:
None
Threat Actors: chutguard
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of URL:Log:Pass combo list with 8+ million lines
Category: Combo List
Content: A threat actor shared a URL:Log:Pass combo list containing over 8 million lines on a cybercrime forum. The content is gated behind registration or login. No specific victim organization or country is identified.
Date: 2026-05-15T14:36:52Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-343
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email combo list by NightFallCloud
Category: Combo List
Content: A threat actor operating as NightFallCloud is distributing a large mixed email combo list containing approximately 4.4 million credential pairs, with a claimed daily update of 10,000–20,000 new lines. The list includes Hotmail and mixed email credentials marketed as fresh.
Date: 2026-05-15T14:36:36Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9A%A14400k-mixmail-uhq-nightfall-cloud
Screenshots:
None
Threat Actors: NightFallCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Senes Constructions by Threat Actor Zod
Category: Defacement
Content: On May 15, 2026, a threat actor operating under the alias Zod defaced the website of Senes Constructions by deploying a defacement page at the URL senesconstructions.com/zod.html. The attack targeted a Linux-based web server and was a single-site, non-mass defacement incident. A mirror of the defaced page was archived at haxor.id.
Date: 2026-05-15T14:36:11Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249230
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Construction
Victim Organization: Senes Constructions
Victim Site: senesconstructions.com
Bulgaria Email:Password Combo List with 107K+ Credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 107,000 email and password pairs purportedly sourced from Bulgaria, marketed as fresh and high quality. The credentials were made available via a hidden link requiring forum registration or login. The post references an external Telegram channel for additional combo lists.
Date: 2026-05-15T14:35:34Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-107-K-%E2%9C%A6-Bulgaria-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-15-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Bulgaria
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Bulgaria Email:Pass combo list with 107K credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 107,000 email and password pairs allegedly sourced from Bulgarian accounts. The credentials are marketed as fresh and high quality, dated May 15, 2026. The content is gated behind forum registration or login.
Date: 2026-05-15T14:35:22Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-107-K-%E2%9C%A6-Bulgaria-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-15-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Chile email:password combo list with 71K+ credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 71,000 email and password pairs purportedly sourced from Chile, marketed as fresh and high quality. The list is available behind a registration/login wall on the forum. Additional combo lists are advertised via a Telegram channel.
Date: 2026-05-15T14:35:04Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-71-K-%E2%9C%A6-Chile-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-15-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Chile
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of Chilean email credentials
Category: Combo List
Content: A threat actor shared a combo list containing over 71,000 email and password pairs purportedly sourced from Chile, marketed as fresh and high quality. The content is gated behind forum registration or login. No specific breached organization is identified.
Date: 2026-05-15T14:35:00Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-71-K-%E2%9C%A6-Chile-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-15-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
China email:password combo list leaked on forum
Category: Combo List
Content: A threat actor known as Maxleak has shared a combo list containing over 31,000 email and password pairs purportedly associated with Chinese users. The credentials are marketed as fresh and high quality, dated 15 May 2026. The content is gated behind forum registration or login.
Date: 2026-05-15T14:34:39Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9C%A6%E2%9C%A6-31-K-%E2%9C%A6-China-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-15-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Maxleak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free China email:password combo list with 31K+ credentials
Category: Combo List
Content: A threat actor shared a free combo list containing over 31,000 email and password pairs claimed to be from China, marketed as fresh and high quality. The list was made available on a cybercrime forum with a link to a Telegram channel for additional combo lists.
Date: 2026-05-15T14:34:33Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-31-K-%E2%9C%A6-China-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-15-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list marketed as fresh UHQ credentials
Category: Combo List
Content: A threat actor is distributing approximately 700 Hotmail credentials marketed as fresh UHQ (Ultra High Quality) via a hidden forum link. The content is gated behind registration or login and is associated with a service called GoodTimes Cloud.
Date: 2026-05-15T14:34:17Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%8E%9D-700-%E2%8E%A0-HOTMAIL-FRESH-UHQ%E2%9C%A8GOODTIMES-CLOUD
Screenshots:
None
Threat Actors: Lexser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Website Defacement of JerryFinance by Threat Actor Zod
Category: Defacement
Content: On May 15, 2026, threat actor Zod conducted a mass defacement campaign targeting jerryfinance.org, replacing the content of the page at /zod.html on a Linux-based server. The attack is part of a broader mass defacement operation attributed to Zod, with the defaced mirror archived at haxor.id. No specific motive or proof of concept has been publicly disclosed.
Date: 2026-05-15T14:34:13Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249231
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Jerry Finance
Victim Site: jerryfinance.org
Cuba email:password combo list with 19K+ credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 19,000 email and password pairs allegedly associated with Cuba, marketed as fresh and high quality. The credentials are shared behind a registration/login wall on a cybercrime forum.
Date: 2026-05-15T14:34:01Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-19-K-%E2%9C%A6-Cuba-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-15-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cracked crypto clipper malware (Soul Clipper v3)
Category: Malware
Content: A forum post on DemonForums offers a cracked version of Soul Clipper v3, a cryptocurrency clipper malware, available for download. Cryptocurrency clippers intercept clipboard content to redirect crypto wallet addresses to attacker-controlled addresses.
Date: 2026-05-15T14:33:35Z
Network: openweb
Published URL: https://demonforums.net/Thread-Crypto-clipper-soul-cracked-v3
Screenshots:
None
Threat Actors: anonym
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Croatia email:password combo list freely shared
Category: Combo List
Content: A threat actor shared a combo list of approximately 19,000 email and password pairs purportedly sourced from Croatia, marketed as fresh and high quality. The list was distributed freely via a hidden content link on a dark web forum. The post references a Telegram channel for additional combolists.
Date: 2026-05-15T14:33:30Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-19-K-%E2%9C%A6-Croatia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-15-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Croatia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting Poland with 20,000 email and password pairs
Category: Combo List
Content: A threat actor shared a combo list of approximately 20,000 email and password pairs associated with Polish users on a cybercrime forum. No additional details about the source or nature of the credentials are available from the post content.
Date: 2026-05-15T14:30:54Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Poland-20K-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 23K Mixed Email/Password Credentials
Category: Combo List
Content: A threat actor is sharing a mixed combolist containing approximately 23,000 email and password pairs. The content is gated behind forum registration or login. No specific target organization or service is identified.
Date: 2026-05-15T14:29:28Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Mixed-23K-Email-Pass–188869
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Libero.it with 27K email/password pairs
Category: Combo List
Content: A threat actor shared a combo list containing approximately 27,000 email and password pairs associated with Libero.it accounts. The content is gated behind forum registration or login. This represents a credential stuffing list, not a direct breach of Libero.it.
Date: 2026-05-15T14:29:00Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Libero-it-27K-Email-Pass
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List Mixed 50K Email/Pass
Category: Combo List
Content: A threat actor has shared a mixed combolist containing 50,000 email and password pairs on a cybercrime forum. The content is gated behind registration or login. No specific breached organization is identified.
Date: 2026-05-15T14:27:18Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Combolist-Mixed-50K-Email-Pass–188871
Screenshots:
None
Threat Actors: zubicks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting Microsoft services including SMTP, IMAP, Azure, Office, Xbox, and Copilot
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 7 million credential pairs targeting Microsoft services including SMTP, IMAP, Azure, Microsoft Office, Microsoft Surface, Xbox, and Copilot. The credentials are being offered via Telegram channels, with the actor advertising both free and paid access.
Date: 2026-05-15T14:24:28Z
Network: openweb
Published URL: https://crackingx.com/threads/75356/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed mail access combo list with 22,000 credentials
Category: Combo List
Content: A forum user is offering a mixed mail access combo list containing approximately 22,000 credentials. The content is restricted to registered users. No further details about the origin or targeted services are available from the post.
Date: 2026-05-15T14:24:10Z
Network: openweb
Published URL: https://crackingx.com/threads/75357/
Screenshots:
None
Threat Actors: FAITHINUS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 30,000 fresh mail access combo list mix
Category: Combo List
Content: A forum user is offering a combo list of 30,000 mixed mail access credentials, marketed as fresh. The content is restricted to registered users of the forum.
Date: 2026-05-15T14:23:51Z
Network: openweb
Published URL: https://crackingx.com/threads/75358/
Screenshots:
None
Threat Actors: AlphaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 141K USA-targeted combo list
Category: Combo List
Content: A threat actor is offering a 141K USA-targeted combo list containing email:password and user:password credential pairs. The post advertises coverage across multiple email providers and countries including AOL, Yahoo, Hotmail, and Outlook. The seller is marketing the combo list via Telegram handle @KOCsupport.
Date: 2026-05-15T14:23:32Z
Network: openweb
Published URL: https://crackingx.com/threads/75359/
Screenshots:
None
Threat Actors: alex12
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of South African local government website by hacktivist groups
Category: Data Leak
Content: Hacktivist groups Nullsec Nigeria, 404crews Cyber Team, and Infernalis claim to have breached the website of the Ephraim Mogale Local Municipality in South Africa, citing xenophobic attacks against Nigerians as motivation. The actors allege they obtained approximately 111GB of documents and have leaked a portion via a public file-sharing link. The post threatens further exposure if the South African government does not respond.
Date: 2026-05-15T14:04:17Z
Network: openweb
Published URL: https://breached.st/threads/opsouthafrica.87149/unread
Screenshots:
None
Threat Actors: ki4tane
Victim Country: South Africa
Victim Industry: Government
Victim Organization: Ephraim Mogale Local Municipality
Victim Site: ephraimmogalelm.gov.za
Combo List of Hotmail Credentials Shared on Cracking Forum
Category: Combo List
Content: A threat actor shared a combo list of 48,384 Hotmail credential hits on a cracking forum. The credentials are marketed as freshly checked and AntiPublic verified. The post includes a download link sponsored by RogenCloud.
Date: 2026-05-15T13:52:24Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8x48384-Hotmail-Hits-1-%E2%9C%A8-Freshly-Checked-AntiPublic-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 15K credentials available on forum
Category: Combo List
Content: A threat actor shared a combo list of 15,000 Hotmail credentials on a cybercrime forum. The credentials are marketed as fresh and unverified hits suitable for gaming and shopping account takeover. Content is gated behind forum registration.
Date: 2026-05-15T13:52:01Z
Network: openweb
Published URL: https://patched.to/Thread-15k-hotmail-goods-combolist-%E2%9C%94%EF%B8%8F-unraped-and-fresh-lines-%E2%9C%94%EF%B8%8Fgaming-shopping-fresh
Screenshots:
None
Threat Actors: Matrix432
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Hotmail combo list with 2,645 credentials
Category: Combo List
Content: A threat actor shared a combo list containing 2,645 Hotmail credentials, marketed as fresh. The content is hidden behind a registration or login wall on the forum.
Date: 2026-05-15T13:51:03Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-2645x-FRESH-HOTMAI-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Nulled07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Canada Email:Pass combo list with 243K credentials
Category: Combo List
Content: A threat actor is freely distributing a combo list of approximately 243,000 email and password pairs reportedly associated with Canadian accounts. The credentials are marketed as fresh and high quality, dated 15-5-2026. The post directs users to a Telegram channel for additional combo lists.
Date: 2026-05-15T13:50:38Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-243-K-%E2%9C%A6-Canada-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-15-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Colombia Email:Password Combo List of 165K Credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 165,000 email and password pairs attributed to Colombian users, marketed as fresh and high quality. The credentials were made available behind a registration/login gate on the forum. The post directs users to a Telegram channel for additional combolists.
Date: 2026-05-15T13:50:09Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-165-K-%E2%9C%A6-Colombia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6-15-5-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Colombia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of stealer logs and combo list (ULP/Logs/PC format, 0.57 GB)
Category: Logs
Content: A threat actor is distributing 0.57 GB of stealer logs in ULP, logs, and PC formats, marketed as fresh and high quality. The content is available to registered forum members via a hidden download link. Additional combo lists are advertised via a Telegram channel.
Date: 2026-05-15T13:50:04Z
Network: openweb
Published URL: https://demonforums.net/Thread-Request-%E2%9C%A6%E2%9C%A6-LOG-S-%E2%9C%A6%E2%9C%A6-ULP-LOGS-PC-%E2%9C%A6%E2%9C%A6-0-57-GB-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed combo list with valid credentials
Category: Combo List
Content: A threat actor is sharing a mixed combo list with purportedly valid credentials via a file download link. The post provides minimal detail regarding the source, record count, or targeted services.
Date: 2026-05-15T13:47:31Z
Network: openweb
Published URL: https://breachforums.rs/Thread-MIX-WITH-VALIDS-f1veu
Screenshots:
None
Threat Actors: yonatanlevin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
15K Germany valid mail access combo list
Category: Combo List
Content: A threat actor is distributing a combo list of 15,000 allegedly valid German email credentials, dated May 15. Access to the hidden content requires forum interaction.
Date: 2026-05-15T13:43:54Z
Network: openweb
Published URL: https://altenens.is/threads/15k-germany-valid-mail-access-15-05.2940727/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of AI-assisted patch-diffing pipeline and N-day exploit generation tooling targeting CVE-2026-27914 in Microsoft Management Console
Category: Vulnerability
Content: A researcher published a two-stage AI-assisted pipeline (PatchWatch and Pocsmith) capable of automating patch-diffing and generating N-day exploits from Patch Tuesday releases. The tooling was validated against CVE-2026-27914, an elevation-of-privilege vulnerability in Microsoft Management Console (mmc.exe), producing a verified proof-of-concept that escalates from Medium IL to High IL by abusing missing Mark-of-the-Web trust checks prior to patch KB5083768. The full exploit report and POC d
Date: 2026-05-15T13:43:03Z
Network: openweb
Published URL: https://tier1.life/thread/228
Screenshots:
None
Threat Actors: RedQueen
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Microsoft
Victim Site: microsoft.com
Alleged DDoS Attack on Austrian Government Websites by NoName057(16)
Category: Cyber Attack
Content: NoName057(16) threat actor announced plans to conduct cyberattacks against Austrian government infrastructure on May 16, 2026, in coordination with a protest action titled No Stage for Genocide in Vienna. The group claims previous attacks on Eurovision-related websites due to perceived government failures and political grievances regarding Palestine.
Date: 2026-05-15T13:39:59Z
Network: telegram
Published URL: https://t.me/c/3087552512/1958
Screenshots:
None
Threat Actors: NoName057(16)
Victim Country: Austria
Victim Industry: Government
Victim Organization: Austrian Government
Victim Site: Unknown
Alleged data leak of Sophos IP data
Category: Data Leak
Content: A threat actor has leaked a dataset allegedly containing Sophos IP-related data, comprising approximately 201,146 lines, via a file-sharing link on exploit.in. The data was shared freely on a data leaks forum without a stated price.
Date: 2026-05-15T13:33:52Z
Network: openweb
Published URL: https://tier1.life/thread/226
Screenshots:
None
Threat Actors: AccessTracker
Victim Country: United Kingdom
Victim Industry: Technology
Victim Organization: Sophos
Victim Site: sophos.com
Sale of IP lists for network devices via AccessTracker service
Category: Services
Content: A threat actor operating under the name AccessTracker is selling regularly updated IP lists of internet-exposed network devices from vendors including Cisco, Fortinet, WireGuard, SonicWall, Citrix, and RDWeb. The service is marketed as a minimal alternative to FOFA and Shodan, with purchases available via BTC/XMR through an automated Telegram bot. The seller states the service excludes CIS and BRICS-region infrastructure.
Date: 2026-05-15T13:27:46Z
Network: openweb
Published URL: https://tier1.life/thread/227
Screenshots:
None
Threat Actors: AccessTracker
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of combo list via Telegram channel
Category: Combo List
Content: A threat actor shared a ULP (URL:Login:Password) combo list via a Pixeldrain download link, with the password gated behind a Telegram channel. No specific victim organization, record count, or geographic scope was disclosed in the post.
Date: 2026-05-15T13:25:52Z
Network: openweb
Published URL: https://breached.st/threads/vip-ulp-by-hello_zod_bot.87148/unread
Screenshots:
None
Threat Actors: zoood
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Mixed Domain Email and Password List with 1.7 Million Records
Category: Combo List
Content: A combo list containing approximately 1.7 million email and password pairs across mixed domains has been shared on a cracking forum. The credentials are marketed as fresh leaks. No additional details are available from the post content.
Date: 2026-05-15T13:15:24Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-714-874-Mixed-Domain-Fresh-Leaks
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: HQ Hotmail Mail Access Credentials
Category: Combo List
Content: A combo list of approximately 200 Hotmail mail access credentials has been shared on a forum. The content is hidden behind a registration or login requirement. The credentials are marketed as high quality (HQ) and intended for mail access.
Date: 2026-05-15T13:15:08Z
Network: openweb
Published URL: https://patched.to/Thread-0-2k-hq-hotmail-mail-access-combolist-302653
Screenshots:
None
Threat Actors: liamgoat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Wanted: Germany mail access credentials targeting o2business.de
Category: Combo List
Content: A forum user is seeking to purchase German mail access credentials associated with the domain easyaccess.o2business.de. The buyer requests that the credentials be functional and is soliciting sellers via Telegram or direct forum messages.
Date: 2026-05-15T13:15:04Z
Network: openweb
Published URL: https://cracked.st/Thread-WTB-GERMANY-MAIL-ACCESS-TARGET
Screenshots:
None
Threat Actors: Sexydawn62
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Gmail combo list of 10,000 credentials
Category: Combo List
Content: A threat actor shared a combo list of 10,000 Gmail email and password combinations, marketed as private and fresh. The post is accompanied by a promotion for an account-selling store offering streaming, VPN, and Steam accounts.
Date: 2026-05-15T13:14:42Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%AD%9010k-UHQ-COMBO-DATABASE-GMAIL-100-PRIVATE-AND-RESH%E2%AD%90
Screenshots:
None
Threat Actors: Antaksio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 1K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 1,000 Hotmail mail access credentials on a cybercrime forum. The content is gated behind registration or login, with engagement incentivized by a request for likes.
Date: 2026-05-15T13:14:37Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-1k-hotmail-mail-access-%E2%9C%85-302656
Screenshots:
None
Threat Actors: D47
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials (1K)
Category: Combo List
Content: A threat actor shared a combo list containing 1,000 Hotmail email and password pairs. The post requests likes in exchange for additional releases. No breach of Hotmail/Microsoft is implied; the credentials are likely aggregated from prior breaches for use in credential stuffing.
Date: 2026-05-15T13:14:21Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1K-HOTMAIL-MAIL-ACCESS-%E2%9C%85–2094266
Screenshots:
None
Threat Actors: Drip443
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list with 11K hits
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 11,000 Hotmail credential hits, described as high quality. The content is hidden behind a registration or login requirement on the forum.
Date: 2026-05-15T13:14:04Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85-11k-hq-hotmail-hit-%E2%9C%85-302657
Screenshots:
None
Threat Actors: RetroCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 2.9 million URL:Login:Password credential combo list
Category: Combo List
Content: A forum user shared a combo list containing approximately 2.9 million URL:login:password credential pairs, marketed as fresh and high quality. The content is hidden behind a registration or login wall. No specific victim organization is identified.
Date: 2026-05-15T13:13:45Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9C%A8-2-9m-url-login-pass-%E2%9C%A8leak-private-url-login-pass%E2%9A%A1fresh-uhq%E2%9A%A1
Screenshots:
None
Threat Actors: Frisbeese
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 3,100 Line Mixed Mail Credentials Targeting Cloud Services
Category: Combo List
Content: A threat actor shared a combo list of 3,100 lines of mixed email credentials, marketed as fresh Hotmail accounts, purportedly valid for one cloud service. The content is gated behind registration or login on the forum.
Date: 2026-05-15T13:12:54Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F3100-LINE-MIXMAIL-ONE-CLOUD-%E2%9A%A1%EF%B8%8F%E2%9A%A1%EF%B8%8F
Screenshots:
None
Threat Actors: ALVIN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Hotmail distributed via Telegram
Category: Combo List
Content: A threat actor is distributing an 8 million entry combo list targeting Hotmail accounts via Telegram channels. The post advertises free combo lists and tools through two Telegram groups.
Date: 2026-05-15T13:09:45Z
Network: openweb
Published URL: https://crackingx.com/threads/75350/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fresh Hotmail combo list
Category: Combo List
Content: A threat actor is offering a set of 1,500 Hotmail credentials described as private and fresh. The post directs interested parties to a Telegram account for access. Content is gated behind forum registration.
Date: 2026-05-15T13:09:23Z
Network: openweb
Published URL: https://crackingx.com/threads/75353/
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alert: Deleted or unintelligible forum post
Category: Alert
Content: A forum post titled del was observed with no meaningful content. No threat data could be extracted.
Date: 2026-05-15T12:58:20Z
Network: openweb
Published URL: https://tier1.life/thread/225
Screenshots:
None
Threat Actors: RedQueen
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of military operations data for China and United States
Category: Data Breach
Content: A threat actor is offering for sale alleged information on future military operations involving China and the United States. The seller requests proof of funds via direct message and states samples and an inventory list will be provided upon contact. Escrow is accepted and the seller indicates interest in long-term clients.
Date: 2026-05-15T12:54:11Z
Network: openweb
Published URL: https://breached.st/threads/china-x-us-data.87143/unread
Screenshots:
None
Threat Actors: Jack_Falcone
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Sale of Microsoft credential hits combo list
Category: Combo List
Content: A threat actor is distributing a combo list marketed as VIP Microsoft Hits via a file-sharing link. Access to the password is gated through a Telegram channel. The post does not disclose the number of records or their origin.
Date: 2026-05-15T12:53:21Z
Network: openweb
Published URL: https://breached.st/threads/vip-microsoft-hits-by-hello_zod_bot.87144/unread
Screenshots:
None
Threat Actors: zoood
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UK-targeted combo list
Category: Combo List
Content: A threat actor is selling a UK-targeted combo list on a cybercrime forum. The seller claims garbage and duplicate entries have been filtered, and offers bulk discounts and samples upon request.
Date: 2026-05-15T12:42:26Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-UK-Targeted-Combolist–2094246
Screenshots:
None
Threat Actors: T3z
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Hotmail credentials advertised as fresh
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 12,000 Hotmail credentials marketed as fresh. The content is gated behind forum registration or login. The post promotes a Discord server for additional free drops.
Date: 2026-05-15T12:42:16Z
Network: openweb
Published URL: https://patched.to/Thread-gaming-%F0%9F%93%8C12k-fresh-hotmails-%F0%9F%93%8C
Screenshots:
None
Threat Actors: shinigami84
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of premium account access services including Claude, Cursor, and Hulu
Category: Services
Content: A forum seller is advertising a shop offering access to premium accounts for services including Claude, Cursor, and Hulu with claimed 24/7 support. The post appears to be a commercial storefront for account access services.
Date: 2026-05-15T12:41:56Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-1-THE-SHOP-%E2%9A%9C%EF%B8%8F-PREMIUM-HUB-%E2%9A%9C%EF%B8%8F-CLAUDE-CURSOR-HULU-%E2%9A%A1-24-7-SUPPORT-%E2%AD%90
Screenshots:
None
Threat Actors: Solane
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 260 premium hits shared on forum
Category: Combo List
Content: A threat actor shared a combo list advertised as 260 Hotmail premium hits on a public forum. The content is hidden behind a registration or login requirement. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-15T12:41:46Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%93%8C260x-hotmail-premium-hits%F0%9F%93%8C
Screenshots:
None
Threat Actors: Psyho70244
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fake document rendering service on cracking forum
Category: Services
Content: A threat actor operating as SoulService is advertising a fake document rendering service on a cracking forum. The service claims to produce fraudulent identity documents with generated MRZ codes, barcodes, and QR codes, and asserts that all outputs are checked to remove forensic traces of photo editing. Payment is accepted in BTC, USDT, and Ethereum.
Date: 2026-05-15T12:41:35Z
Network: openweb
Published URL: https://cracked.st/Thread-Sellix-SPACE-RENDERING-from-Soules
Screenshots:
None
Threat Actors: SoulService
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 9,805 credentials
Category: Combo List
Content: A threat actor has shared a combo list containing 9,805 Hotmail credentials on a public forum. The content is gated behind registration or login. Hotmail is a credential-stuffing target, not the breach source.
Date: 2026-05-15T12:41:28Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%94%A5%F0%9F%94%A5-9805x-hotmail-%F0%9F%94%A5%F0%9F%94%A5
Screenshots:
None
Threat Actors: NotSellerXd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 5,000 entries shared on forum
Category: Combo List
Content: A combo list titled Hotmail Unique Combo_3_5000 containing approximately 5,000 credential pairs was shared on a leak forum. The content is hidden behind a registration or login gate. The credentials appear to be targeted for use against Hotmail accounts.
Date: 2026-05-15T12:40:32Z
Network: openweb
Published URL: https://leakforum.io/Thread-Hotmail-Unique-Combo-3-5000–20665
Screenshots:
None
Threat Actors: UniqueComb
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 5,000 credentials
Category: Combo List
Content: A threat actor is offering a Hotmail combo list containing 5,000 email and password pairs on a cybercrime forum. The content is hidden behind a registration or login wall. The actor also advertises a shop (unique-combo.shop) selling combo lists of various countries and accepting custom requests.
Date: 2026-05-15T12:40:14Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-Hotmail-Unique-Combo-3-5000–204160
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Educational article on Linux virtual memory internals published on forum
Category: Alert
Content: A forum member published a long-form technical article (~25,000 words) on Linux virtual memory internals, covering page tables, TLB, demand paging, NUMA topology, and related performance topics. The post contains no threat activity, malicious tooling, or compromised data. It appears to be an educational or research-oriented article shared on the forum.
Date: 2026-05-15T12:32:52Z
Network: openweb
Published URL: https://tier1.life/thread/224
Screenshots:
None
Threat Actors: RedQueen
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of ICDC India by Ruiixh4xor (SHENHAXSEC)
Category: Defacement
Content: On May 15, 2026, the website icdcindia.com was defaced by threat actor Ruiixh4xor, operating under the team SHENHAXSEC. The attack targeted a specific blog detail page and was a singular, targeted defacement rather than a mass or home page compromise. A mirror of the defaced page was archived at zone-xsec.com.
Date: 2026-05-15T12:26:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922656
Screenshots:
None
Threat Actors: Ruiixh4xor, SHENHAXSEC
Victim Country: India
Victim Industry: Unknown
Victim Organization: ICDC India
Victim Site: icdcindia.com
Alleged malware development threat against Binance
Category: Malware
Content: Infrastructure Destruction Squad member threatens to develop malware and fraud platforms targeting Binance cryptocurrency exchange.
Date: 2026-05-15T12:20:24Z
Network: telegram
Published URL: https://t.me/c/2735908986/4340
Screenshots:
None
Threat Actors: Infrastructure Destruction Squad
Victim Country: Unknown
Victim Industry: Cryptocurrency/Financial Services
Victim Organization: Binance
Victim Site: binance.com
Free Mixed Combo List of 212,581 Lines
Category: Combo List
Content: A threat actor shared a mixed combo list containing 212,581 lines, marketed as fresh and high quality. The list is available for free download via Pixeldrain, with the password distributed through a Telegram channel.
Date: 2026-05-15T12:19:53Z
Network: openweb
Published URL: https://breached.st/threads/212581-lines-fresh-hq-mixed-combo-by-hello_zod_bot.87141/unread
Screenshots:
None
Threat Actors: zoood
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged threat to develop and sell malware targeting Binance News by Infrastructure Destruction Squad
Category: Malware
Content: A member of Infrastructure Destruction Squad claims to have developed BankGhost Builder malware and threatens to create new malicious software specifically targeting Binance News and other platforms in retaliation for account freezing. The threat actor states these tools will be offered for sale to anyone willing to use them against the targeted platforms.
Date: 2026-05-15T12:19:32Z
Network: telegram
Published URL: https://t.me/c/2735908986/4338
Screenshots:
None
Threat Actors: Infrastructure Destruction Squad
Victim Country: Unknown
Victim Industry: Cryptocurrency Exchange
Victim Organization: Binance News
Victim Site: binance.com
Alleged threat to develop malware targeting Binance by BankGhost Builder developers
Category: Malware
Content: A threat actor claiming to be part of the team that developed BankGhost Builder (a malicious tool targeting banks) has publicly threatened to create new malware specifically designed to target Binance News in retaliation for account freezing. The actor claims their funds were frozen without evidence and threatens to develop and sell malicious tools to expose corruption at Binance and other platforms.
Date: 2026-05-15T12:13:55Z
Network: telegram
Published URL: https://t.me/c/2735908986/4337
Screenshots:
None
Threat Actors: Infrastructure Destruction Squad
Victim Country: Unknown
Victim Industry: Financial Services/Cryptocurrency Exchange
Victim Organization: Binance
Victim Site: binance.com
Sale of combo list targeting FunPay
Category: Combo List
Content: A threat actor is distributing credentials marketed as FunPay Logs and described as freshly checked. The post is sponsored by RogenCloud and promotes high-quality combo lists as an alternative to overused credential sets. No record count or pricing details are specified.
Date: 2026-05-15T12:08:27Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8FunPay-Logs-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Orange.fr users with 15,000 credentials
Category: Combo List
Content: A combo list containing approximately 15,000 credentials associated with orange.fr accounts was shared on a cracking forum. The file was distributed by user VEOMINARINA with no additional post content available.
Date: 2026-05-15T12:08:15Z
Network: openweb
Published URL: https://cracked.st/Thread-15k-orange-fr-txt
Screenshots:
None
Threat Actors: VEOMINARINA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting Supercell accounts
Category: Combo List
Content: A threat actor is distributing credentials marketed as freshly checked Supercell account combos. The post advertises the content as high-quality and promotes an associated service called RogenCloud. A download link is implied but no record count or further technical details are provided.
Date: 2026-05-15T12:08:07Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8SuperCell-Logs-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of orange.fr credential hits shared on cracking forum
Category: Combo List
Content: A threat actor shared a combo list of 4,500 credential hits targeting orange.fr accounts, advertised as freshly checked and AntiPublic-checked. The post was sponsored by RogenCloud, a service promoting high-quality combolists. Orange.fr is the credential-stuffing target, not the breach source.
Date: 2026-05-15T12:07:52Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8x4500-orange-fr-Hits-1-%E2%9C%A8-Freshly-Checked-AntiPublic-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: France
Victim Industry: Telecommunications
Victim Organization: Unknown
Victim Site: Unknown
Sale of Roblox stealer logs marketed as freshly checked
Category: Logs
Content: A threat actor is distributing stealer logs targeting Roblox accounts, described as freshly checked. The post is sponsored by RogenCloud and promotes high-quality logs as an alternative to widely circulated combo lists. No record count or specific victim details are provided.
Date: 2026-05-15T12:07:47Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8Roblox-Logs-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail and streaming service combo list with over 1 million lines
Category: Combo List
Content: A threat actor is distributing a combo list containing over 1 million email and password combinations. The list is marketed as fresh and intended for credential stuffing against streaming services using Hotmail accounts.
Date: 2026-05-15T12:07:33Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-022-973-Lines-%E2%9C%85-Streaming-Target-Hotmail-Combolist-Fresh-Leaks
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged Apple TV+ account access or subscription service
Category: Services
Content: A forum user is offering a 12-month Apple TV+ streaming support package for $119.99, framed as viewing workflow guidance. The listing uses obfuscated language but is consistent with the sale of unauthorized or cracked streaming account access on a cracking forum.
Date: 2026-05-15T12:07:17Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-119-99-%E2%9C%85-Stream-Premium-Entertainment-All-Year-%E2%80%93-Apple-TV-12-Month-Viewing-Support
Screenshots:
None
Threat Actors: secur3rat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting orange.fr distributed on forum
Category: Combo List
Content: A combo list of approximately 5,000 credentials associated with orange.fr accounts has been shared on a forum. The content is hidden behind a registration or login requirement. Orange.fr is a credential-stuffing target, not necessarily the breached source.
Date: 2026-05-15T12:07:03Z
Network: openweb
Published URL: https://patched.to/Thread-5k-orange-fr-txt
Screenshots:
None
Threat Actors: veloorinaa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Spotify, Crunchyroll, and Claude accounts in bulk
Category: Services
Content: A forum seller is offering accounts for Spotify, Crunchyroll, and Claude in bulk quantities with warranty included. The post advertises these accounts as available at low prices, suggesting resale of compromised or cracked accounts.
Date: 2026-05-15T12:06:57Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%90-CHEAPEST-%E2%AD%90-SPOTIFY-CRUNCHYROLL-CLAUDE-%E2%9A%A1-BULK-READY-%E2%9C%85-WARRANTY-INCL-%E2%9A%9C%EF%B8%8F
Screenshots:
None
Threat Actors: Solane
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mixed mail access combo list
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 300 high-quality mixed mail access credentials on a cybercrime forum. The content is hidden behind a registration or login requirement. No specific victim organization or country is identified.
Date: 2026-05-15T12:06:42Z
Network: openweb
Published URL: https://patched.to/Thread-0-3k-hq-mixed-mail-access-combolist-302632
Screenshots:
None
Threat Actors: liamgoat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cracked Acunetix Web Vulnerability Scanner v13.0.2
Category: Vulnerability
Content: A forum post on DemonForums offers a cracked copy of Acunetix Web Vulnerability Scanner v13.0.2 for download. Acunetix is a commercial web security testing tool capable of detecting SQL injection, XSS, and other web application vulnerabilities. The post includes a file security verification result and a download link.
Date: 2026-05-15T12:05:34Z
Network: openweb
Published URL: https://demonforums.net/Thread-Acunetix-Web-Vulnerability-Scanner-v13-0-2–204155
Screenshots:
None
Threat Actors: sophia01
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mail access and credential combolists across multiple countries
Category: Combo List
Content: Threat actor advertising mail account access availability along with configs, scripts, tools, and credential combolists (combo) for multiple countries including France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, and Japan. Contact via @DataxLogs for requests.
Date: 2026-05-15T12:04:27Z
Network: telegram
Published URL: https://t.me/c/2613583520/82090
Screenshots:
None
Threat Actors: DataxLogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of dating site-based email list with personal data for spam campaigns
Category: Combo List
Content: A threat actor is distributing an email list sourced from dating sites, including fields such as email, gender, age, and location. The list is marketed for spam campaigns targeting dating sites and financial institutions. The data is offered via an external store and Telegram channel.
Date: 2026-05-15T12:03:37Z
Network: openweb
Published URL: https://altenens.is/threads/emails-list-1-including-email-gender-age-location-100-datingsite-based-good-for-spaaming-datingsite-and-financial-institution.2940646/unread
Screenshots:
None
Threat Actors: gray84a
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential hits
Category: Combo List
Content: A forum user shared a download link purportedly containing 1,764 Hotmail credential hits. The post provides no further details about the origin or validity of the credentials.
Date: 2026-05-15T11:56:40Z
Network: openweb
Published URL: https://crackingx.com/threads/75346/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 1,637 Hotmail credentials with inbox targets and country sort
Category: Combo List
Content: A threat actor has shared a combo list of 1,637 alleged high-quality Hotmail credential hits, distributed for free. The list includes keyword-targeted inbox results and credentials sorted by country.
Date: 2026-05-15T11:56:21Z
Network: openweb
Published URL: https://crackingx.com/threads/75347/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of JEM Systems by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On May 15, 2026, threat actor azraelzer0d4y, operating under the team b1ohaz4rd, defaced a media/custom directory page on the JEM Systems website. The attack was a targeted single-page defacement rather than a mass or home page compromise. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-05-15T11:54:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922655
Screenshots:
None
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: JEM Systems
Victim Site: www.jemsystems.com
Alleged sale of RDP access and compromised email accounts
Category: Initial Access
Content: Threat actor offering rental access to RDP servers hosted on Azure, AWS, and DigitalOcean infrastructure for daily/monthly rates ($200 mentioned). Also advertising compromised domain mail accounts, Gmail, Yahoo accounts, GitHub Student accounts, and ChatGPT Plus/Claude subscriptions. Services marketed as fresh RDP with good IP and best for inbox operations.
Date: 2026-05-15T11:51:45Z
Network: telegram
Published URL: https://t.me/c/2613583520/82097
Screenshots:
None
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of goakab.go.id (Indonesian government portal)
Category: Data Leak
Content: A threat actor operating under the alias Xyph0rix has shared a download link purportedly containing a database dump associated with goakab.go.id, an Indonesian government domain. The post provides a direct download URL with no additional context regarding the volume or nature of the data contained within.
Date: 2026-05-15T11:44:10Z
Network: openweb
Published URL: https://breached.st/threads/database-goakab-go-id.87137/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Goakab
Victim Site: goakab.go.id
Alleged data leak of US personal database
Category: Data Leak
Content: A threat actor shared a download link to a CSV file purportedly containing personal data belonging to individuals in the United States. No specific victim organization or record count was disclosed in the post.
Date: 2026-05-15T11:43:39Z
Network: openweb
Published URL: https://breached.st/threads/database-usa-personal.87139/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Spark Vidyut by Ruiixh4xor (SHENHAXSEC)
Category: Defacement
Content: On May 15, 2026, the homepage of sparkvidyut.in, an Indian energy or electrical services company, was defaced by threat actor Ruiixh4xor operating under the team SHENHAXSEC. The attack was a targeted homepage defacement and has been mirrored for record at zone-xsec.com. No mass defacement or prior redefacement activity was associated with this incident.
Date: 2026-05-15T11:34:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922654
Screenshots:
None
Threat Actors: Ruiixh4xor, SHENHAXSEC
Victim Country: India
Victim Industry: Energy / Utilities
Victim Organization: Spark Vidyut
Victim Site: sparkvidyut.in
Combo List targeting Riot Games accounts (783K credentials)
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 783,000 email:password credentials advertised as suitable for use against Riot Games accounts. The post describes the base as private and marketed as effective for credential stuffing. No specific breach source is identified.
Date: 2026-05-15T11:32:58Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1783K-RIOT-GAMES%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANYTHING-YOU-NEED%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting cards and crypto services with 615K credentials
Category: Combo List
Content: A threat actor on Cracked is distributing a combo list of approximately 615,000 email:password credentials marketed for use against cards and cryptocurrency services. The post claims the data is private and advertises an impressive hit rate. The list is labeled as new for 2026.
Date: 2026-05-15T11:32:34Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-615K-%E3%80%8D%E2%9A%A1-CARDS-AND-CRYPTO-%E2%9A%A1-100-PRIVATE-DATA-%E2%9A%A1IMPRESSIVE-HITRATE%E2%9A%A1-2026-NEW%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 700K music service combo list
Category: Combo List
Content: A threat actor is offering a combo list of approximately 700,000 email:password credentials marketed as a private base suitable for music services. The post claims the list is effective for general credential stuffing use.
Date: 2026-05-15T11:32:09Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1700K-MUSIC%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANYTHING-YOU-NEED%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed combo list with 673K credentials
Category: Combo List
Content: A threat actor on a cracking forum is distributing a mixed combo list containing approximately 673,000 email and password pairs. The list is marketed as private data with a high hit rate and is advertised as new for 2026.
Date: 2026-05-15T11:31:45Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-673K-%E3%80%8D%E2%9A%A1-MIX-%E2%9A%A1-100-PRIVATE-DATA-%E2%9A%A1IMPRESSIVE-HITRATE%E2%9A%A1-2026-NEW%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential hits combo list
Category: Combo List
Content: A threat actor is distributing 500 Hotmail credential hits described as freshly checked and AntiPublic-checked. The post is sponsored by RogenCloud, advertising high-quality combo lists. These credentials are marketed for credential stuffing against Hotmail accounts.
Date: 2026-05-15T11:31:18Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8x500-Hotmail-Hits-2-%E2%9C%A8-Freshly-Checked-AntiPublic-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of valid cookies
Category: Logs
Content: A forum post titled Valid Cookies was shared by user R0BIN1337 on a cracking forum. No content was available to determine the scope, origin, or target of the claimed cookies.
Date: 2026-05-15T11:31:11Z
Network: openweb
Published URL: https://cracked.st/Thread-Valid-Cookies–2094211
Screenshots:
None
Threat Actors: R0BIN1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Minecraft credential combo list with 619K entries
Category: Combo List
Content: A threat actor is offering a combo list of approximately 619,000 email:password credentials marketed for use against Minecraft accounts. The post claims the data is private and advertises a high hit rate. The list is presented as new for 2026.
Date: 2026-05-15T11:30:50Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-619K-%E3%80%8D%E2%9A%A1-MINECRAFT-EP-%E2%9A%A1-100-PRIVATE-DATA-%E2%9A%A1IMPRESSIVE-HITRATE%E2%9A%A1-2026-NEW%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of Booking.com stealer logs
Category: Logs
Content: A threat actor shared what are described as freshly checked Booking.com stealer logs via a download link on a cracking forum. The post advertises the logs as high quality and distinguishes them from previously used combo lists. The content is distributed for free and sponsored by a combo/log service called RogenCloud.
Date: 2026-05-15T11:30:46Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8Booking-Logs-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Travel
Victim Organization: Booking.com
Victim Site: booking.com
Free distribution of Grok account logs
Category: Logs
Content: A threat actor is distributing logs described as freshly checked Grok account credentials via a download link. The post is sponsored by RogenCloud, which advertises high-quality combo lists. No record count or additional technical details are provided.
Date: 2026-05-15T11:30:25Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8Grok-Logs-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential hits combo list
Category: Combo List
Content: A threat actor is distributing 500 Hotmail credential hits described as freshly checked and AntiPublic checked. The post is sponsored by RogenCloud and promotes high-quality combo lists for credential stuffing purposes.
Date: 2026-05-15T11:30:20Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8x500-Hotmail-Hits-1-%E2%9C%A8-Freshly-Checked-AntiPublic-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of Yahoo combo list
Category: Combo List
Content: A threat actor shared a combo list described as Yahoo Logs and marketed as freshly checked credentials. The post is sponsored by RogenCloud and advertises high-quality combos. A download link was included, though no record count was specified.
Date: 2026-05-15T11:29:59Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8Yahoo-Logs-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential hits combo list
Category: Combo List
Content: A threat actor is distributing 500 Hotmail credential hits described as freshly checked and AntiPublic checked. The post is sponsored by RogenCloud, a service advertising high-quality combo lists. These credentials are intended for credential stuffing and are not indicative of a breach of Hotmail or Microsoft.
Date: 2026-05-15T11:29:54Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8x500-Hotmail-Hits-3-%E2%9C%A8-Freshly-Checked-AntiPublic-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 933 valid credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 933 allegedly valid Hotmail credentials, dated 14 May 2026. The content is gated behind registration or login on the forum. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-15T11:29:15Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%A5%80933-hotmail-valid-access-14-05-2026-302609
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of URL:Log:Pass combo list with 18.2 billion lines
Category: Combo List
Content: A forum user is distributing a large URL:Log:Pass combo list containing approximately 18.242 billion lines. The content is hidden behind a registration or login wall. No specific victim organization is identified.
Date: 2026-05-15T11:28:43Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-The-best-Url-Log-Pass-18-242-888-M%C4%B1ll%C4%B1on-L%C4%B1nes
Screenshots:
None
Threat Actors: Max095
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed combo list with 4,272 entries
Category: Combo List
Content: A threat actor is selling a mixed combo list containing 4,272 credential entries. The list is offered at tiered pricing with subscription options ranging from $3 for 24 hours to $100 for three months, with access via a Telegram channel and external paste link.
Date: 2026-05-15T11:27:28Z
Network: openweb
Published URL: https://crackingx.com/threads/75341/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 100K UHQ Mixed Valid Combo List
Category: Combo List
Content: A threat actor shared a link to a combo list marketed as 100K UHQ mixed valid credentials. The list is described as high quality and mixed, suggesting credentials sourced from multiple services or regions.
Date: 2026-05-15T11:27:09Z
Network: openweb
Published URL: https://crackingx.com/threads/75342/
Screenshots:
None
Threat Actors: Vmoon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Japanese email credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 1,900 Japanese email credentials, marketed as fresh and dated 15.05. Access to the content requires forum registration.
Date: 2026-05-15T11:26:48Z
Network: openweb
Published URL: https://crackingx.com/threads/75343/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo lists and account credentials targeting dating sites and financial institutions
Category: Combo List
Content: A threat actor is offering email lists containing personal attributes (gender, age, location, country) sourced from dating sites, marketed as suitable for spamming dating platforms and financial institutions. The post also advertises combo lists, SSN data, webmail and Office365 credentials, and fresh accounts for multiple dating services. Hidden content is available to registered users.
Date: 2026-05-15T11:26:28Z
Network: openweb
Published URL: https://crackingx.com/threads/75344/
Screenshots:
None
Threat Actors: DatingBaseStore
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Bitcoin stealer malware distributed on cybercrime forum
Category: Malware
Content: A threat actor is distributing a Bitcoin stealer malware for free on a cybercrime forum. The tool appears to target cryptocurrency wallets and is available as Windows and Linux binaries. The post includes build instructions and references to blockchain data fetching via third-party servers.
Date: 2026-05-15T11:24:58Z
Network: openweb
Published URL: https://xforums.st/threads/bitcoin-stealer-absoloutly-free-stealer.615187/
Screenshots:
None
Threat Actors: cryptocarding007
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Prynt Stealer Cracked Version
Category: Malware
Content: A forum post advertises a cracked version of Prynt Stealer, an information-stealing malware capable of harvesting saved browser passwords, cookies, session tokens, financial data, and files from infected systems. The post includes download links gated behind forum registration. Distribution of cracked stealer builds is a common vector for malware proliferation in underground communities.
Date: 2026-05-15T11:24:13Z
Network: openweb
Published URL: https://xforums.st/threads/prynt-stealer-cracked.615189/
Screenshots:
None
Threat Actors: cryptocarding007
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged USA Personal Database Breach
Category: Data Breach
Content: Threat actor xyph0rix posted a database breach containing USA personal information on Breachforums. The breach appears to be a structured database dump with personal data records.
Date: 2026-05-15T11:23:45Z
Network: telegram
Published URL: https://t.me/Xyph0rix/369
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cryptocurrency clipper malware supporting multiple blockchain networks
Category: Malware
Content: A threat actor is offering a cryptocurrency clipper malware written in C++ without .NET dependencies. The malware supports address substitution for Bitcoin, Ethereum, TRX, DOGE, Monero, Litecoin, and TRC-20 Tether transactions. The actor provides a compiled executable and source for self-compilation.
Date: 2026-05-15T11:23:36Z
Network: openweb
Published URL: https://xforums.st/threads/supports-bitcoin-ethereum-trx-doge-monero-litecoin-and-trc-20-tether.615190/
Screenshots:
None
Threat Actors: cryptocarding007
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of root access to high-capacity EU server
Category: Services
Content: A threat actor is offering root access to a large EU-based server with 77TB storage, 24 cores, and 96GB RAM, with approximately 20TB in active use. The seller requests buyers contact via private message for pricing. It is unclear whether this is a compromised server or a self-operated resource being rented out.
Date: 2026-05-15T11:20:18Z
Network: openweb
Published URL: https://breachforums.rs/Thread-Massive-root-access-80TB-24-Core-96-Gb
Screenshots:
None
Threat Actors: apolloteller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
お知らせ | Orientaldiamond
Category: Cyber Attack
Content: Oriental Diamond announced that on May 4, 2026, it fell victim to a ransomware cyberattack carried out by a third party, which resulted in the encryption of data on its internal servers and a risk of personal data leakage. The company immediately isolated its servers from the network, reported the incident to the police and the Personal Data Protection Commission, and launched an investigation as well as restoration work entrusted to external experts. It stated that it would henceforth strive to prevent any recurrence and restore trust by implementing measures such as suspending VPN usage and strengthening authentication procedures.
Date: 2026-05-15T11:18:28Z
Network: openweb
Published URL: https://www.orientaldiamond.jp/お知らせ
Screenshots:
None
Threat Actors: Thegentlemen
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: 株式会社オリエンタルダイヤモンド
Victim Site: orientaldiamond.jp
Sale of multinational passport and ID numbers database
Category: Carding
Content: A threat actor is selling a database of 964 passport and national ID numbers spanning multiple countries including Canada, France, the USA, UK, Australia, Germany, India, and Nigeria. The data is offered in bulk or per piece, with pricing ranging from $2 per record to $800 for the full database. The origin or source of the passport and ID numbers is not disclosed in the post.
Date: 2026-05-15T11:15:03Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Passport-ID-Numbers-Database-%E2%80%94-964-pcs-USA-Canada-EU-UK-AU-more
Screenshots:
None
Threat Actors: TrinityID
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of initial access and data from Tata-Tour Travel Agency
Category: Initial Access
Content: A threat actor is selling a full access package for Tata-Tour, a travel agency operating in Ethiopia and Djibouti. The package includes admin credentials, a dealer database with names and phone numbers, agent KYC documents (passport scans and selfies), full database structure, and order history. The package is offered for $150, with cryptocurrency payment options accepted.
Date: 2026-05-15T11:13:21Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-Tata-Tour-Travel-Agency-%E2%80%94-Admin-Access-Dealer-Database-KYC-Documents
Screenshots:
None
Threat Actors: TrinityID
Victim Country: Ethiopia
Victim Industry: Travel & Tourism
Victim Organization: Tata-Tour
Victim Site: Unknown
Sale of live database connection strings with credentials across multiple sectors
Category: Initial Access
Content: A threat actor is selling 77 live database connection strings with usernames and passwords, offering direct backend access to databases across multiple sectors including e-commerce, healthcare, travel, fitness, dating, education, crypto, hospitality, and employment. The full pack is priced at $500, with individual connections available for $10 each. Targeted databases reportedly contain sensitive data including patient records, passport scans, financial transactions, and user credentials.
Date: 2026-05-15T11:11:22Z
Network: openweb
Published URL: https://breachforums.rs/Thread-SELLING-77-Live-Database-Access-%E2%80%94-Full-Connection-Strings-with-Passwords
Screenshots:
None
Threat Actors: TrinityID
Victim Country: Unknown
Victim Industry: Multiple
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment cards, dumps, and skimmer-obtained data across multiple countries
Category: Carding
Content: A threat actor is selling stolen payment card data including virtual credit cards (VCC), non-VbV cards, and dumps with PIN obtained via physical skimmers and POS terminals. Products cover cards from the US, UK, Canada, Australia, EU, and other regions, marketed with full cardholder details. The seller also advertises ATM cashout services for high-balance cards.
Date: 2026-05-15T11:07:14Z
Network: openweb
Published URL: https://altenens.is/threads/i-sell-legit-products-good-best-quality-services-contact-me-to-make-money-for-a-long-time.2940641/unread
Screenshots:
None
Threat Actors: wacri
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Argentine Ministry of Health affecting 52 million citizens
Category: Data Breach
Content: Two threat actors claim to have accessed a database belonging to Argentinas Ministry of Health, compromising medical records, identity information, addresses, health insurance details, and mental health files for approximately 52 million Argentine citizens. The exposed data is reported to total approximately 700 GB.
Date: 2026-05-15T11:05:07Z
Network: telegram
Published URL: https://t.me/c/1283513914/21723
Screenshots:
None
Threat Actors: Unknown (two threat actors)
Victim Country: Argentina
Victim Industry: Healthcare/Government
Victim Organization: Ministry of Health of Argentina
Victim Site: Unknown
Sale of supplier and company registration database with legal and contact information
Category: Data Breach
Content: A threat actor is offering for sale an XLSX database containing registration records of 556 supplier companies. The dataset includes company names, contact details, person in charge, business category, address, and legal identifiers such as NIB and NPWP, with most records showing a verification status of Pending. The origin of the database and the breached platform are not explicitly identified in the post.
Date: 2026-05-15T10:56:19Z
Network: openweb
Published URL: https://breached.st/threads/database-registrasi-supplier-perusahaan-status-verifikasi-pending.87134/unread
Screenshots:
None
Threat Actors: whoare
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Police Nationale database
Category: Data Leak
Content: A threat actor on Breached forum claims to be freely sharing a database allegedly belonging to the French Police Nationale. The data is made available via an external file-sharing link. No further details regarding record count or data fields are provided in the post.
Date: 2026-05-15T10:55:25Z
Network: openweb
Published URL: https://breached.st/threads/database-police-nationale.87135/unread
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: France
Victim Industry: Government
Victim Organization: Police Nationale
Victim Site: Unknown
Alleged data breach of ESDM
Category: Data Breach
Content: A forum post titled DATA BASE ESDM was shared by user CatNatXploit on a breach forum, suggesting a database associated with ESDM may have been leaked or sold. No content was available in the post to confirm details, data types, or record counts.
Date: 2026-05-15T10:54:53Z
Network: openweb
Published URL: https://breached.st/threads/data-base-esdm.87136/unread
Screenshots:
None
Threat Actors: CatNatXploit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: ESDM
Victim Site: Unknown
Alleged data breach of ESDM (Indonesian Ministry of Energy and Mineral Resources)
Category: Data Breach
Content: Threat actor Brotheroodcapung Indonesia claims to have leaked a database from ESDM (jdih.esdm.go.id), an Indonesian government ministry. Evidence shared via MediaFire link containing alleged compromised data.
Date: 2026-05-15T10:52:37Z
Network: telegram
Published URL: https://t.me/brotheroodbci/129
Screenshots:
None
Threat Actors: Brotheroodcapung Indonesia
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: ESDM (Ministry of Energy and Mineral Resources)
Victim Site: esdm.go.id
Alleged breach of French Police Nationale database
Category: Data Breach
Content: A threat actor using the handle xyph0rix has posted on Breachforums claiming access to a database from Frances Police Nationale. The breach thread is being shared and discussed within the Rakyat Digital Crew channel.
Date: 2026-05-15T10:50:26Z
Network: telegram
Published URL: https://t.me/Xyph0rix/364
Screenshots:
None
Threat Actors: xyph0rix
Victim Country: France
Victim Industry: Law Enforcement
Victim Organization: Police Nationale
Victim Site: Unknown
Website Defacement of Technofunda by DimasHxR
Category: Defacement
Content: On May 15, 2026, a threat actor identified as DimasHxR defaced a media/custom directory on technofunda.store, a technology-focused e-commerce domain. The incident was a targeted, non-mass defacement affecting a specific page rather than the site homepage. No team affiliation, exploit details, or stated motive were disclosed in connection with this attack.
Date: 2026-05-15T10:49:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922652
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-Commerce / Technology
Victim Organization: Technofunda
Victim Site: technofunda.store
Website Defacement of Triniti-SB by DimasHxR
Category: Defacement
Content: On May 15, 2026, the Ukrainian website triniti-sb.com.ua, associated with Triniti SB, was defaced by the threat actor DimasHxR. The attacker targeted a specific media/custom directory path rather than the sites homepage, suggesting a partial or targeted defacement. No team affiliation, stated motive, or technical exploitation details were disclosed alongside the incident.
Date: 2026-05-15T10:46:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922653
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Ukraine
Victim Industry: Security Services
Victim Organization: Triniti SB
Victim Site: triniti-sb.com.ua
Sale of Apple iCloud combo list with 644K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 644,000 email and password pairs marketed for use against Apple iCloud accounts. The post advertises a high hit rate and claims the data is private and new for 2026. Apple iCloud is the credential-stuffing target, not the breach source.
Date: 2026-05-15T10:43:57Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-644K-%E3%80%8D%E2%9A%A1-APPLE-ICLOUD-%E2%9A%A1-100-PRIVATE-DATA-%E2%9A%A1IMPRESSIVE-HITRATE%E2%9A%A1-2026-NEW%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 510K Bet365 combo list
Category: Combo List
Content: A threat actor is offering a combo list of approximately 510,000 email:password credentials marketed for use against Bet365. The post describes the base as private and suitable for multiple credential stuffing purposes.
Date: 2026-05-15T10:43:29Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1510K-BET365%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANYTHING-YOU-NEED%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail USA combo list of 722K credentials
Category: Combo List
Content: A threat actor on a cracking forum is distributing a combo list of approximately 722,000 Hotmail USA email and password pairs, marketed as private data with a high hit rate. The post claims the credentials are fresh for 2026. No specific breached organization is identified; the named service is a credential-stuffing target, not the breach victim.
Date: 2026-05-15T10:43:05Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-722K-%E3%80%8D%E2%9A%A1-HOTMAIL-USA-%E2%9A%A1-100-PRIVATE-DATA-%E2%9A%A1IMPRESSIVE-HITRATE%E2%9A%A1-2026-NEW%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting shopping and food platforms with 581K credentials
Category: Combo List
Content: A threat actor operating as MetaCloud3 is distributing a combo list of approximately 581,000 email and password pairs described as a private base suitable for credential stuffing against shopping and food platforms.
Date: 2026-05-15T10:42:42Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1581K-SHOPPING-AND-FOOD%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANYTHING-YOU-NEED%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of 8 million URL:Log:Pass credentials shared for free
Category: Combo List
Content: A threat actor shared a combo list containing over 8 million URL:login:password credential pairs on a cybercrime forum. The content is gated behind registration or login. This is part 342 of an ongoing series of free credential list releases by the same actor.
Date: 2026-05-15T10:42:30Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-342
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 12K Mixed Mail Access Combo List
Category: Combo List
Content: A forum user is sharing a combo list of approximately 12,000 mixed mail access credentials. The content is hidden behind a login/registration wall. No additional details about the source or origin of the credentials are available.
Date: 2026-05-15T10:41:59Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%9012k-mixed-mail-access-%E2%AD%90
Screenshots:
None
Threat Actors: XLM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of supplier registration database
Category: Data Breach
Content: A database containing supplier registration information and verification status has been posted on Breach Forums. The post references a supplier company database with pending verification status records.
Date: 2026-05-15T10:41:31Z
Network: telegram
Published URL: https://t.me/c/3841736872/444
Screenshots:
None
Threat Actors: DEWATA BLACKHAT
Victim Country: Indonesia
Victim Industry: Supply Chain/Procurement
Victim Organization: Unknown
Victim Site: Unknown
Sale of Trillium Security Multisploit Tool v4 Private Edition
Category: Malware
Content: A threat actor is distributing a tool called Trillium Security Multisploit Tool v4 Private Edition on a cracking forum. The tool is described as a modular framework integrating multiple exploit modules, payload delivery mechanisms, and post-exploitation capabilities. It is being offered with a download link and antivirus scan output.
Date: 2026-05-15T10:41:11Z
Network: openweb
Published URL: https://demonforums.net/Thread-Trillium-security-multisploit-tool-v4-private-edition
Screenshots:
None
Threat Actors: deanevan
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Hotmail accounts
Category: Combo List
Content: A combo list purportedly containing 5,000 unique Hotmail credentials was shared on a cracking forum. The full content is restricted to registered and signed-in members. No further details about the datas origin are available from the post.
Date: 2026-05-15T10:37:40Z
Network: openweb
Published URL: https://crackingx.com/threads/75337/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cloned cards, CVV, dumps, and fullz across multiple regions
Category: Carding
Content: A threat actor is offering stolen payment card data for sale including non-VBV credit cards, CVV/CCV, clone cards with ATM PINs, magnetic stripe dumps (Track 1 & 2 with and without PIN), BINs, DOBs, and fullz information. Cards are priced for US, UK, CA, AU, and EU regions across Visa, Mastercard, Amex, and Discover networks. Physical cloned cards with ATM PINs are also advertised for cash-out at ATMs and point-of-sale terminals.
Date: 2026-05-15T10:32:02Z
Network: openweb
Published URL: https://xforums.st/threads/sell-non-vbv-cc-cvv-ccv-clone-cards-carding-dumps.615186/
Screenshots:
None
Threat Actors: MrDumpsCC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged cPanel Account Credentials Combolist Leaked
Category: Combo List
Content: A user on Breachforums (JAX7) has shared a file named ACOONT_CPANEL.txt via MediaFire containing cPanel account credentials. The file appears to be a combolist of compromised cPanel accounts.
Date: 2026-05-15T10:21:59Z
Network: telegram
Published URL: https://t.me/byjax7/725
Screenshots:
None
Threat Actors: JAX7
Victim Country: Unknown
Victim Industry: hosting/web services
Victim Organization: Unknown
Victim Site: Unknown
Sale of cPanel account logs
Category: Logs
Content: A threat actor operating under the alias JAX7 has shared a TXT file containing cPanel account credentials via a MediaFire download link. The post provides no details regarding the number of records, targeted organizations, or geographic origin of the compromised accounts.
Date: 2026-05-15T10:21:13Z
Network: openweb
Published URL: https://breached.st/threads/234-9kb-account-cpanel.87133/unread
Screenshots:
None
Threat Actors: JAX7
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Bellavista School
Category: Data Breach
Content: The threat actor 404Crew Cyber Team claims to have breached the official website of Bellavista School, a South African educational institution. The alleged data includes names, email addresses, registration timestamps, and additional contact information such as phone numbers and account status.
Date: 2026-05-15T10:20:10Z
Network: openweb
Published URL: https://breached.st/threads/the-official-website-of-an-educational-school-in-south-africa-bellavista-school.87131/unread
Screenshots:
None
Threat Actors: 404Crew Cyber Team
Victim Country: South Africa
Victim Industry: Education
Victim Organization: Bellavista School
Victim Site: bellavista.co.za
Alleged data breach of Cargo International
Category: Data Breach
Content: A threat actor is sharing an alleged database belonging to Cargo International on a cybercrime forum. The post includes a sample of the data. No further details regarding record count or data fields are visible in the post.
Date: 2026-05-15T10:19:39Z
Network: openweb
Published URL: https://breached.st/threads/database-cargo-international.87132/unread
Screenshots:
None
Threat Actors: JAX7
Victim Country: Unknown
Victim Industry: Transportation
Victim Organization: Cargo International
Victim Site: Unknown
Free distribution of Minecraft credential logs
Category: Logs
Content: A threat actor is distributing what are described as freshly checked Minecraft logs via a download link. The post is sponsored by RogenCloud and markets the logs as higher quality than commonly circulated combos. No record count or specific victim organization is identified.
Date: 2026-05-15T10:08:46Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8Minecraft-Logs-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Twitch credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list marketed as Twitch Logs and described as freshly checked. The post is sponsored by RogenCloud and promotes high-quality credentials for credential stuffing purposes. No record count or price is specified.
Date: 2026-05-15T10:08:23Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8Twitch-Logs-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of Instagram credential logs
Category: Logs
Content: A threat actor is distributing Instagram credentials marketed as freshly checked logs. The post is sponsored by RogenCloud and includes a download link for the credential data. The content implies the logs are sourced from stealer output rather than a direct breach of Instagram.
Date: 2026-05-15T10:08:03Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8instagram-Logs-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of ChatGPT credential logs marketed as freshly checked
Category: Combo List
Content: A threat actor is distributing credentials marketed as freshly checked ChatGPT logs via a download link. The post is sponsored by RogenCloud and promotes the content as higher quality than commonly circulated combo lists.
Date: 2026-05-15T10:07:36Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8ChatGpt-Logs-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed combo list with fresh credentials
Category: Combo List
Content: A forum user shared a combo list containing 2,779 mixed email:password lines marketed as fresh. No additional details about the source or targeted services are available.
Date: 2026-05-15T10:07:30Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-x2779-Mix-Fresh-Lines
Screenshots:
None
Threat Actors: stvannx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of Netflix combo list
Category: Combo List
Content: A threat actor distributed a combo list marketed as freshly checked Netflix credentials. The post was sponsored by RogenCloud, a service advertising high-quality combos. No record count or additional details were provided.
Date: 2026-05-15T10:07:16Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8Netflix-Logs-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail (mixed regional domains)
Category: Combo List
Content: A combo list containing 315,323 email:password pairs for Hotmail accounts across multiple regional domains (.com, .fr, .es) has been shared on a cracking forum. The credentials are marketed as suitable for mixed-target credential stuffing. No specific breach source is identified.
Date: 2026-05-15T10:07:09Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-315-323-%E2%9C%85-hotmail-com-fr-es-Good-For-Mixed-Target
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Twitter stealer logs marketed as freshly checked
Category: Logs
Content: A threat actor is distributing stealer log output described as Twitter Logs and marketed as freshly checked. The post promotes RogenCloud as a source for high-quality combo material. No record count or pricing details are provided.
Date: 2026-05-15T10:06:56Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8Twitter-Logs-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Mixed Country Hotmail Combo List with 1.28 Million Lines
Category: Combo List
Content: A threat actor shared a mixed-country Hotmail combo list containing approximately 1.28 million email:password lines on a public forum. The list is marketed for credential stuffing against Hotmail/Outlook accounts. No further details are available as the post content was not accessible.
Date: 2026-05-15T10:06:40Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-282-207-Lines-%E2%9C%85-Mixed-Country-Hotmail-com-COmbolist-2026
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of Amazon stealer logs
Category: Logs
Content: A threat actor distributed what are described as freshly checked Amazon logs via a download link on a cracking forum. The post promotes RogenCloud as a source for high-quality combo lists. No record count or specific data fields were disclosed.
Date: 2026-05-15T10:06:35Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8Amazon-Logs-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Amazon
Victim Site: amazon.com
Combo list targeting social media platforms with 656K credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 656,000 email and password pairs claimed to target social media platforms. The post markets the credentials as private data with a high hit rate and labels them as new for 2026. No specific breached organization is identified.
Date: 2026-05-15T10:06:19Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-656K-%E3%80%8D%E2%9A%A1-SOCIAL-MEDIA-%E2%9A%A1-100-PRIVATE-DATA-%E2%9A%A1IMPRESSIVE-HITRATE%E2%9A%A1-2026-NEW%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list distribution — 500MB username:login:password dataset
Category: Combo List
Content: A threat actor is distributing a 500MB username:login:password combo list, marketed as fresh and high quality. The post advertises a Telegram channel (RogenCloud) for additional combo list parts. No specific breached organization is identified.
Date: 2026-05-15T10:06:14Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8500MB-U-L-P-%E2%9C%A8-Fresh-Other-Parts-On-TG-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list targeting Xbox and PSN accounts distributed on cracking forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 733,000 email and password pairs marketed for use against Xbox and PlayStation Network (PSN) accounts. The post claims the data is private and advertises an impressive hit rate. Xbox and PSN are credential-stuffing targets, not breach victims.
Date: 2026-05-15T10:05:51Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-733K-%E3%80%8D%E2%9A%A1-XBOX-PSN-%E2%9A%A1-100-PRIVATE-DATA-%E2%9A%A1IMPRESSIVE-HITRATE%E2%9A%A1-2026-NEW%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 25,000 Germany Mail Access Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 25,000 Germany-based email access credentials. The content is gated behind forum registration or login. No further details about the source or targeted services are available.
Date: 2026-05-15T10:05:45Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%9025k-germany-mail-access-%E2%AD%90
Screenshots:
None
Threat Actors: XLM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 702K credentials targeting Eneba and G2A
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 702,000 email:password credentials, described as a private base and marketed as suitable for credential stuffing against Eneba and G2A gaming platforms. The post claims the credentials are from a private source.
Date: 2026-05-15T10:05:28Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1702K-ENEBA-G2A%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANYTHING-YOU-NEED%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged combo list targeting Asia region with 900K credentials
Category: Combo List
Content: A forum user shared a hidden post titled 900K ASIA PRIVATE on a combolist forum, purportedly containing 900,000 credentials targeting the Asia region. The actual content is gated behind registration or login. No further details about the targeted services or data composition are available.
Date: 2026-05-15T10:05:15Z
Network: openweb
Published URL: https://patched.to/Thread-900k-asia-private
Screenshots:
None
Threat Actors: moser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting Etsy and eBay accounts
Category: Combo List
Content: A threat actor is offering a combo list of 681K email:password credentials marketed for credential stuffing against Etsy and eBay accounts. The post claims the data is private and boasts an impressive hit rate, with the content described as new for 2026.
Date: 2026-05-15T10:05:05Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E3%80%8C-681K-%E3%80%8D%E2%9A%A1-ETSY-EBAY-%E2%9A%A1-100-PRIVATE-DATA-%E2%9A%A1IMPRESSIVE-HITRATE%E2%9A%A1-2026-NEW%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale or distribution of 1 million EU combo list
Category: Combo List
Content: A forum member is sharing or selling a combo list advertised as containing 1 million European credentials. The content is hidden behind a registration or login requirement. No further details about the targeted services or data fields are available.
Date: 2026-05-15T10:04:47Z
Network: openweb
Published URL: https://patched.to/Thread-1ml-eu-private-302570
Screenshots:
None
Threat Actors: moser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 601K email access combo list
Category: Combo List
Content: A threat actor is distributing a combo list of 601,000 email and password credentials, marketed as a private base suitable for various credential stuffing purposes. The post offers no information on the source of the credentials or specific targeted services.
Date: 2026-05-15T10:04:42Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1601K-MAIL-ACCESS%E2%9A%A1PRIVATE-BASE-GOOD-ON-ANYTHING-YOU-NEED%E2%9A%A1
Screenshots:
None
Threat Actors: MetaCloud3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 617 valid credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 617 claimed valid Hotmail credentials, dated May 14, 2026. The content is gated behind forum registration or login. The credentials are marketed as verified valid access.
Date: 2026-05-15T10:04:28Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%A5%80617-hotmail-valid-access-14-05-2026-302565
Screenshots:
None
Threat Actors: SupportHotmail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged 1.2 million USA combo list
Category: Combo List
Content: A forum member is offering a private combo list purportedly containing 1.2 million US-based credentials. The full content is hidden behind a registration or login requirement. No additional details about the source or targeted services are available.
Date: 2026-05-15T10:04:11Z
Network: openweb
Published URL: https://patched.to/Thread-1-2ml-usa-private
Screenshots:
None
Threat Actors: moser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of cracked Money Robot Submitter 7.37 SEO software
Category: Services
Content: A forum post offers a free cracked version of Money Robot Submitter 7.37, an SEO automation tool, with an included loader. The post claims the software is fully functional and includes the latest Google algorithm updates. No victim organization or sensitive data is involved.
Date: 2026-05-15T10:02:48Z
Network: openweb
Published URL: https://demonforums.net/Thread-GET-Money-Robot-Submitter-7-37-Cracked-Free-Download-Crack-WORKING-LINK
Screenshots:
None
Threat Actors: anonym
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Binance with 1.5 million records
Category: Data Breach
Content: A threat actor is offering for sale an alleged Binance database containing 1.5 million records priced at $650. The dataset purportedly includes fields such as email, password, full name, phone number, country, last login date, 2FA status, KYC status, and USD balance. Sample records provided contain US-based user entries with dates referencing 2026.
Date: 2026-05-15T10:02:36Z
Network: openweb
Published URL: https://darkpro.net/threads/binance-2026-latest-database-1-5-million.23140/
Screenshots:
None
Threat Actors: ⭐ RED✘ ⭐
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Binance
Victim Site: binance.com
Sale of stolen CVV card data across multiple countries
Category: Carding
Content: A threat actor operating under the alias Devvy Curtis is offering stolen CVV card data for multiple countries including the US, UK, Canada, Australia, EU, France, and Mexico. Cards are advertised as updated daily and include full card details such as card number, expiration date, CVV2, cardholder name, billing address, and bank information. Payment is accepted via Bitcoin and USDT.
Date: 2026-05-15T09:57:17Z
Network: openweb
Published URL: https://altenens.is/threads/hello-all-buyer-my-nickname-is-devvy-curtis-i-sell-all-cvv-all-country-us-uk-ca-au-eu-fr-mx-all-cvv-is-updated-every-da.2940618/unread
Screenshots:
None
Threat Actors: Rich977
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo lists targeting multiple online services
Category: Combo List
Content: A threat actor is offering Hotmail combo lists via Telegram, advertising credentials usable for credential stuffing against multiple platforms including gaming services, LinkedIn, Tinder, Amazon, eBay, and GitHub. The actor directs interested parties to a Telegram contact and group channels for free combo lists and tools.
Date: 2026-05-15T09:55:50Z
Network: openweb
Published URL: https://crackingx.com/threads/75327/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Xfinity credential combo list
Category: Combo List
Content: A threat actor is advertising a combo list targeting Xfinity users via a Telegram channel. The post directs interested parties to a Telegram group offering free combo lists and related programs. No record count or sample data was provided in the post.
Date: 2026-05-15T09:55:26Z
Network: openweb
Published URL: https://crackingx.com/threads/75335/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 1,500 valid credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 1,500 purportedly valid Hotmail full mail access credentials via a Telegram channel. The credentials are described as fully valid and sourced from EU, USA, corporate, and mixed origins with daily updates. The post links to an external paste site containing the credential data.
Date: 2026-05-15T09:55:06Z
Network: openweb
Published URL: https://crackingx.com/threads/75336/
Screenshots:
None
Threat Actors: bigdatacombos
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Argentine government agencies BCRA, IOMA, and GDEBA
Category: Data Leak
Content: A threat actor claiming affiliation with EsqueleSquad is freely distributing data allegedly obtained from multiple Argentine government entities, including the BCRA (Central Bank of Argentina) with over 32 million credit scoring records, IOMA with over 2 million affiliate/patient records including names, addresses, and CUITs, and GDEBA with over 900 classified PDF documents. An additional dossier on Argentine provincial governor Axel Kicillof, allegedly containing personal contact details and fi
Date: 2026-05-15T09:51:33Z
Network: openweb
Published URL: https://breachforums.rs/Thread-DATABASE-Argentina-BCRA-IOMA-GDEBA
Screenshots:
None
Threat Actors: Skull1172
Victim Country: Argentina
Victim Industry: Government
Victim Organization: BCRA, IOMA, GDEBA
Victim Site: Unknown
Alleged defacement of KEC Sukabumi government website by Mr.PIMZZZXploit
Category: Defacement
Content: Threat actor Mr.PIMZZZXploit claims to have defaced the Sukabumi District Government website (kec-sukabumi.sukabumikab.go.id). Defacement message posted in BABAYO EROR SYSTEM channel with photo evidence.
Date: 2026-05-15T09:41:06Z
Network: telegram
Published URL: https://t.me/c/3865526389/950
Screenshots:
None
Threat Actors: Mr.PIMZZZXploit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: KEC Sukabumi (Sukabumi District Government)
Victim Site: kec-sukabumi.sukabumikab.go.id
Free distribution of Outlook stealer logs
Category: Logs
Content: A threat actor distributed what are described as freshly checked Outlook logs via a download link. The post is sponsored by RogenCloud, a combo/log service. No record count or specific victim details are provided.
Date: 2026-05-15T09:27:07Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8Outlook-Logs-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of YouTube credential logs
Category: Logs
Content: A threat actor is distributing what are described as freshly checked YouTube logs via a download link. The post is sponsored by RogenCloud, which is advertised as a source of high-quality combo lists. No further details on record count or data scope are provided.
Date: 2026-05-15T09:26:47Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8Youtube-Logs-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Trustpilot credential logs marketed as freshly checked
Category: Combo List
Content: A threat actor is distributing credentials advertised as Trustpilot Logs and marketed as freshly checked. The post promotes a service called RogenCloud offering high-quality combo lists. No record count or pricing details are specified.
Date: 2026-05-15T09:26:27Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8Trustpilot-Logs-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of SurfShark credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list marketed as freshly checked SurfShark credentials. The post advertises the content as high quality and includes a download link. The named service (SurfShark) is a credential-stuffing target, not necessarily the breach source.
Date: 2026-05-15T09:26:10Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8SurfShark-Logs-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of BPS Dompu by Ushiromiya
Category: Defacement
Content: On May 15, 2026, the attacker known as Ushiromiya defaced the homepage of bpsdompu.com, the website associated with BPS Dompu, the regional statistics agency of Dompu Regency in Indonesia. The attack was a targeted homepage defacement and was not part of a mass defacement campaign. The incident was documented and mirrored via zone-xsec.com.
Date: 2026-05-15T09:26:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922651
Screenshots:
None
Threat Actors: Ushiromiya, Ushiromiya
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: BPS Dompu (Badan Pusat Statistik Dompu)
Victim Site: bpsdompu.com
Sale of TikTok combo list marketed as freshly checked
Category: Combo List
Content: A forum user is distributing credentials marketed as freshly checked TikTok logs. The post promotes a service called RogenCloud offering combo lists. No record count or specific breach source is identified.
Date: 2026-05-15T09:25:48Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8TikTok-Logs-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged free release of Onet credential combo list
Category: Combo List
Content: A forum user distributed credentials described as Onet Logs and marketed as freshly checked. The post promotes RogenCloud as a source for high-quality combo lists. No record count or additional details were provided.
Date: 2026-05-15T09:25:25Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8Onet-Logs-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of Reddit credential combo list
Category: Combo List
Content: A threat actor is distributing a combo list marketed as Reddit Logs described as freshly checked. The post is sponsored by RogenCloud, a combo list service, and includes a download link for the credentials.
Date: 2026-05-15T09:25:05Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8Reddit-Logs-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free Spotify credential combo list
Category: Combo List
Content: A threat actor shared a combo list advertised as freshly checked Spotify credentials. The post promotes RogenCloud as a source for high-quality combos. No record count or specific breach source was disclosed.
Date: 2026-05-15T09:24:45Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8Spotify-Logs-%E2%9C%A8-Freshly-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cryptocurrency seed phrase generator and balance checker tool
Category: Malware
Content: A threat actor is offering a cryptocurrency seed phrase generator and balance checker tool capable of processing over 5 million phrases per hour. The basic version checks Bitcoin wallets, while a paid version supports 23 blockchain networks. The tool is designed to brute-force valid seed phrases and identify wallets with positive balances.
Date: 2026-05-15T09:11:11Z
Network: openweb
Published URL: https://altenens.is/threads/seed-phrase-generator-and-balance-checker-2026.2940543/unread
Screenshots:
None
Threat Actors: ananalbzoor
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment cards, EBT cards, and dumps via carding marketplace
Category: Carding
Content: A threat actor operating under the name BigDevvyTEAM is advertising a carding marketplace offering daily-updated EBT cards with PINs, credit cards with CVV2, and dumps with PINs covering all US states. The operation claims over 30,000 existing customers and is actively recruiting new sellers. The marketplace operates primarily via Telegram and Discord.
Date: 2026-05-15T09:04:30Z
Network: openweb
Published URL: https://altenens.is/threads/big-american-fraud-market-high-quality-we-update-daily-thousands-of-ebts-dumps-pin-ccs-cvv2-we-have-more-than-30-000-customers-already-wit.2940556/unread
Screenshots:
None
Threat Actors: noretta
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged Instagram database with 6 million records
Category: Data Breach
Content: A threat actor is selling an alleged Instagram database containing 6 million records. The dataset purportedly includes email addresses, first and last names, phone numbers, and Instagram IDs. Contact is offered via Telegram.
Date: 2026-05-15T08:59:11Z
Network: openweb
Published URL: https://breached.st/threads/instagram-6m-database-for-sale.87129/unread
Screenshots:
None
Threat Actors: Kevin Williams
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Instagram
Victim Site: instagram.com
Alleged data breach of Indonesia National Police
Category: Data Breach
Content: A threat actor is offering what they claim to be a database from the Indonesia National Police, containing fields such as officer ID, rank, name, position, unit, address, phone, and status. A sample is provided with a download link hosted on Mediafire. The post indicates negotiation is possible, suggesting the data may be for sale.
Date: 2026-05-15T08:58:19Z
Network: openweb
Published URL: https://breached.st/threads/indonesia-police-database.87128/unread
Screenshots:
None
Threat Actors: whoare
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Indonesia National Police
Victim Site: Unknown
Alleged data breach of Thai local government website kohkaewroiet.go.th
Category: Data Breach
Content: A threat actor claims to have hacked the Thai local government website kohkaewroiet.go.th and dumped all data, including admin credentials and over 10 internal accounts. The actor also claims to have a web shell and is soliciting contact via direct message or email.
Date: 2026-05-15T08:57:50Z
Network: openweb
Published URL: https://breached.st/threads/thai-local-gov-kohkaewroiet-go-th-hacked.87130/unread
Screenshots:
None
Threat Actors: yra404
Victim Country: Thailand
Victim Industry: Government
Victim Organization: Koh Kaew Roiet Local Government
Victim Site: kohkaewroiet.go.th
Free combo list of mixed mail credentials
Category: Combo List
Content: A threat actor has shared a combo list of approximately 3,600 mixed email credentials, advertised as freshly checked and AntiPublic verified. The list is being distributed freely via a Telegram channel. The post promotes the channel as a source for additional credential drops.
Date: 2026-05-15T08:43:42Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8x3600-Mix-Mail-Hits-2-%E2%9C%A8-Freshly-Checked-AntiPublic-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of mixed mail credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 3,600 mixed email credentials, marketed as freshly checked and AntiPublic verified. The list is being shared freely via a Telegram channel.
Date: 2026-05-15T08:43:22Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8x3600-Mix-Mail-Hits-1-%E2%9C%A8-Freshly-Checked-AntiPublic-CHecked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of mixed email combo list with 3,500 hits
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 3,500 mixed email credential hits, marketed as freshly checked and AntiPublic verified. The list is shared freely via a Telegram channel. No specific breached organization is identified.
Date: 2026-05-15T08:42:54Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8x3500-Mix-Mail-Hits-3%E2%9C%A8-Freshly-Checked-AntiPublic-CHecked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged combo list of mixed fresh credentials
Category: Combo List
Content: A forum post on Cracked.st advertises a combo list of 4,160 mixed fresh credentials. No additional details are available as the post content is empty.
Date: 2026-05-15T08:42:33Z
Network: openweb
Published URL: https://cracked.st/Thread-x4160-Mix-Fresh-Line
Screenshots:
None
Threat Actors: stvannx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of mixed mail combo list with 3,000 credential hits
Category: Combo List
Content: A threat actor is distributing a mixed mail combo list containing approximately 3,000 credential hits, described as freshly checked and AntiPublic-verified. The list is shared freely via a Telegram channel and promoted as high-quality, unused credentials.
Date: 2026-05-15T08:42:12Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85-%E2%9C%85-%E2%9C%85-%E2%9C%A8x3K-Mix-Mail-Hits-4-%E2%9C%A8-Freshly-Checked-AntiPublic-Checked-%E2%9C%A8-%E2%9C%85-%E2%9C%85-%E2%9C%85
Screenshots:
None
Threat Actors: RogenPlay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List or credentials shared for Figma PRO access
Category: Combo List
Content: A forum post offers hidden content purportedly enabling free access to Figma PRO accounts. The post likely contains credentials or account details for Figma, marketed as a method to obtain premium access at no cost.
Date: 2026-05-15T08:41:21Z
Network: openweb
Published URL: https://leakforum.io/Thread-Get-Figma-PRO-For-Free
Screenshots:
None
Threat Actors: Bug
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list sample (1,325 credentials)
Category: Combo List
Content: A threat actor shared a sample combo list of 1,325 Hotmail credentials on a leak forum. The content is hidden behind a registration or login requirement. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-15T08:40:48Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A11325x-SAMPLE-HOTMAIL-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Stevejobs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of mixed email credentials
Category: Combo List
Content: A threat actor shared a combo list containing 3,759 mixed email and password credentials, made available for free download on a cybercrime forum. The list is marketed as high quality and contains credentials from various email providers.
Date: 2026-05-15T08:40:33Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9D%84%E2%9D%84-3759x-HQ-MIXED-MAILS-%E2%9D%84%E2%9D%84
Screenshots:
None
Threat Actors: He_Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cracked credential stuffing tool Crosshair X
Category: Combo List
Content: A forum post in the Cracking Tools section advertises a cracked version of Crosshair X, a credential stuffing or account-checking tool, available for download. No further details about targeted services or record counts are provided.
Date: 2026-05-15T08:40:09Z
Network: openweb
Published URL: https://demonforums.net/Thread-Crosshair-X-CRACKED–204133
Screenshots:
None
Threat Actors: anonym
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 4,259 mixed email credentials with keyword targets
Category: Combo List
Content: A threat actor is distributing a combo list of 4,259 mixed email and password credentials, advertised as high quality. The post also includes a separate download for keyword-targeted credential sets.
Date: 2026-05-15T08:40:03Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9D%84%E2%9D%84-4259x-HQ-MIXED-MAILS-%E2%9D%84%E2%9D%84-KEYWORD-TARGETS
Screenshots:
None
Threat Actors: He_Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of ChatGPT credential stuffing configuration
Category: Combo List
Content: A threat actor is offering a credential stuffing configuration (config) targeting ChatGPT accounts. The post requires a reply to access the hidden content and directs interested parties to a Telegram contact for purchasing.
Date: 2026-05-15T08:38:42Z
Network: openweb
Published URL: https://altenens.is/threads/svb-chatgpt-config-2026.2940536/unread
Screenshots:
None
Threat Actors: GHOSTATN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of credential stuffing config for SVB targeting Crackermain
Category: Combo List
Content: A forum member is sharing a Crackermain credential stuffing configuration file targeting SVB. The content is gated behind a reply requirement. No further details about record counts or capture fields are disclosed in the post.
Date: 2026-05-15T08:38:11Z
Network: openweb
Published URL: https://altenens.is/threads/crackermain-full-capture-config-svb.2940537/unread
Screenshots:
None
Threat Actors: GHOSTATN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 1,527 hits
Category: Combo List
Content: A threat actor is offering a combo list of 1,527 claimed valid Hotmail credentials marketed as premium hits. The post requires a reply to access the hidden content, suggesting a free-share format contingent on forum engagement. The credentials are described as a private cloud mix of mail accounts.
Date: 2026-05-15T08:37:40Z
Network: openweb
Published URL: https://altenens.is/threads/snowflakesnowflake-1527x-premium-hotmail-hits-snowflakesnowflake.2940551/unread
Screenshots:
None
Threat Actors: alphacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Byterat V20 Malware with HVNC and Browser Credential Theft Capabilities
Category: Malware
Content: A forum post by GollumsCoder advertises what appears to be Byterat V20, a malware tool featuring UAC bypass, Chrome credential cloning, and a Super Fast HVNC (Hidden Virtual Network Computing) module. The post lacks detailed content but the thread title indicates a tool designed for stealthy remote access and browser credential theft. No victim or pricing details are available.
Date: 2026-05-15T08:36:54Z
Network: openweb
Published URL: https://hackforums.net/showthread.php?tid=6325441
Screenshots:
None
Threat Actors: GollumsCoder
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of RDP access to cloud infrastructure and premium accounts
Category: Initial Access
Content: Threat actor offering rental of RDP access to Azure, AWS, and DigitalOcean infrastructure on daily/monthly basis at $200. Also advertising domain email accounts (Gmail, Yahoo), GitHub Student accounts, ChatGPT Plus, and Claude 20x Max Plan access. Claims fresh IPs and limited stock availability. Escrow service offered.
Date: 2026-05-15T08:35:07Z
Network: telegram
Published URL: https://t.me/c/2613583520/81980
Screenshots:
None
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of compromised email account access to multiple platforms
Category: Initial Access
Content: Threat actor offering to sell valid, targeted email account access to multiple platforms including Hotmail, Yahoo, Reddit, Kleinanzeigen, Walmart, Grailed, Vinted, AT&T, eBay, Uber, Marriott, and Poshmark. Claims accounts are fresh, valid, and of top quality. Buyer can search for specific keywords/targets.
Date: 2026-05-15T08:32:45Z
Network: telegram
Published URL: https://t.me/c/2613583520/81984
Screenshots:
None
Threat Actors: Yuze
Victim Country: United States, United Kingdom, Canada
Victim Industry: Technology, E-commerce, Social Media, Telecommunications
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Indonesia Police database
Category: Data Breach
Content: A breach of the Indonesia Police database has been posted on Breached.st forum. The post includes a direct link to the breach thread discussing the compromised police database.
Date: 2026-05-15T08:18:57Z
Network: telegram
Published URL: https://t.me/c/3841736872/438
Screenshots:
None
Threat Actors: DEWATA BLACKHAT
Victim Country: Indonesia
Victim Industry: Government/Law Enforcement
Victim Organization: Indonesia Police
Victim Site: Unknown
Sale of alleged Rich People financial database containing 2 million records
Category: Data Breach
Content: A threat actor is offering for sale an alleged database of 2 million high-net-worth individuals priced at $2,000. The dataset purportedly originates from bank data and includes highly sensitive fields such as SSN, date of birth, drivers license number, bank account and routing numbers, net income, employment details, and contact information. The victim organization is not identified.
Date: 2026-05-15T08:09:12Z
Network: openweb
Published URL: https://breached.st/threads/rich-people-database-2m.87127/unread
Screenshots:
None
Threat Actors: Kevin Williams
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Alleged cyber attack on the Ethiopian Food and Drug Administration (EFDA)
Category: Cyber Attack
Content: The threat actor group 404Crew Cyber Team claims to have hacked the official website of the Ethiopian Food and Drug Administration (EFDA). No further details or proof were provided in the post.
Date: 2026-05-15T08:08:33Z
Network: openweb
Published URL: https://breached.st/threads/the-official-website-of-the-ethiopian-food-and-drug-administration-efda-was-hacked.87126/unread
Screenshots:
None
Threat Actors: 404Crew Cyber Team
Victim Country: Ethiopia
Victim Industry: Government
Victim Organization: Ethiopian Food and Drug Administration
Victim Site: efda.gov.et
Free distribution of URL:log credential combo list including admin panels, VPN, and Citrix access
Category: Combo List
Content: A threat actor is freely distributing a 5.97 MB credential list containing approximately 18 million URL:log:pass combinations. The dataset reportedly includes credentials for admin panels, proxies, VPN services, Citrix, DANA, and WordPress instances. The archive is shared via Mega.nz with a provided password.
Date: 2026-05-15T07:57:26Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-URLS-LOG-PASS-5-97-MB-ADMIN-VPN-CITRIX-DANA-REMOTE-FREE
Screenshots:
None
Threat Actors: psychologist
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List marketed for Shopping Corp Business
Category: Combo List
Content: A combo list containing 53,015 email:password lines has been shared on a cracking forum, marketed as suitable for use against shopping and corporate business targets. No additional details are available from the post content.
Date: 2026-05-15T07:57:22Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-53-015-Lines-%E2%9C%85-Combolist-Good-For-Shopping-Corp-Business
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ EU mixed combo list
Category: Combo List
Content: A threat actor is offering approximately 400 UHQ (ultra-high quality) EU mixed credentials on a cybercrime forum, marketed as VIP exclusive with high conversion rates. The content is hidden behind a registration or login wall. No specific victim organization or service is identified.
Date: 2026-05-15T07:56:53Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%F0%9F%91%91-0-4k-uhq-eu-mixed-vip-exclusive-access-high-conversion-%F0%9F%91%91-302528
Screenshots:
None
Threat Actors: BedrockDB
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Amuse Crypt V2.0 crypter/obfuscation tool
Category: Malware
Content: A threat actor is distributing a cracked version of Amuse Crypt V2.0, advertised as a fully unlocked crypter with polymorphic encryption, multi-layer obfuscation, and anti-detection capabilities. The tool is marketed for payload protection and evasion of threat detection systems. It is offered as a free install on a cracking forum.
Date: 2026-05-15T07:55:48Z
Network: openweb
Published URL: https://demonforums.net/Thread-Amuse-Crypt-V-2-0–204129
Screenshots:
None
Threat Actors: deanevan
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of BasesPro database redistribution and mail:pass combo tool
Category: Combo List
Content: A forum user is sharing a tool called BasesPro, advertised as offering 3,000+ methods for refactoring mail:pass databases. The content is hidden behind a login/register gate, suggesting it is distributed to registered forum members. This tool appears designed to support credential stuffing or combo list processing activities.
Date: 2026-05-15T07:55:33Z
Network: openweb
Published URL: https://leakforum.io/Thread-Cracked-BasesPro-database-redistribution-mail-pass
Screenshots:
None
Threat Actors: stak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Stammering Solution by Ruiixh4xor (SHENHAXSEC)
Category: Defacement
Content: On May 15, 2026, the website stammeringsolution.com was defaced by threat actor Ruiixh4xor, affiliated with the group SHENHAXSEC. This incident represents a redefacement of the homepage, indicating the site had been previously compromised and targeted again. The attack was an individual site defacement rather than a mass campaign.
Date: 2026-05-15T07:55:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922649
Screenshots:
None
Threat Actors: Ruiixh4xor, SHENHAXSEC
Victim Country: Unknown
Victim Industry: Healthcare / Speech Therapy
Victim Organization: Stammering Solution
Victim Site: stammeringsolution.com
Sale of credential stuffing tool X3 Solution Trial
Category: Combo List
Content: A forum user is distributing a trial version of a tool called X3 Solution in the cracking tools section. The post provides a download link with no further details about the tools capabilities or targets.
Date: 2026-05-15T07:55:20Z
Network: openweb
Published URL: https://demonforums.net/Thread-X3-Solution-Trial–204132
Screenshots:
None
Threat Actors: anonym
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 3.4 million Germany-targeted mail:pass combo list
Category: Combo List
Content: A threat actor is offering a combo list of approximately 3.4 million email and password pairs allegedly targeting German users, including web.de and gmx.de accounts. The list is advertised as available via Telegram. No specific breached organization is identified.
Date: 2026-05-15T07:47:04Z
Network: openweb
Published URL: https://crackingx.com/threads/75324/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 29,000 mixed mail access credentials
Category: Logs
Content: A combo list of approximately 29,000 reportedly valid mixed email access credentials was shared on the forum. The post is dated May 15 and is titled Full Valid Mail Access Mix, suggesting the credentials span multiple mail providers. No additional post content was available for further analysis.
Date: 2026-05-15T07:39:39Z
Network: openweb
Published URL: https://xforums.st/threads/29k-full-valid-mail-access-mix-15-05.613848/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of counterfeit currency (fake banknotes)
Category: Cyber Attack
Content: User qiyu repeatedly posts links to Telegram channels advertising the sale of counterfeit banknotes, described in Chinese as 精品假钞 (premium counterfeit currency) and 假钞天花板 (counterfeit currency ceiling/top tier). Multiple posts across the channel with consistent messaging and Telegram contact links for transactions.
Date: 2026-05-15T07:24:40Z
Network: telegram
Published URL: https://t.me/c/2613583520/81943
Screenshots:
None
Threat Actors: qiyu
Victim Country: Unknown
Victim Industry: Financial/Currency
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of uEngage restaurant ordering and delivery platform
Category: Data Breach
Content: A threat actor claims to have compromised uEngages internal database in May 2026, exfiltrating approximately 3 million records totaling 14GB. The dataset allegedly includes customer PII (name, address, phone, email, date of birth), KYC documents (Aadhaar card, PAN card, bank statements, selfies, FSSAI licenses), order records, delivery reports, and wallet ledger data. Sample records referencing Indian customers and businesses were provided as proof.
Date: 2026-05-15T07:23:32Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-uEngage-io-Restaurant-Ordering-Delivery-KYC-PII-PART
Screenshots:
None
Threat Actors: zSenior
Victim Country: India
Victim Industry: Technology
Victim Organization: uEngage
Victim Site: uengage.io
Website Defacement of Vipertek by aexdy of Leviathan Perfect Hunter
Category: Defacement
Content: On May 15, 2026, a threat actor known as aexdy, operating under the group Leviathan Perfect Hunter, defaced the Indonesian website vipertek.id. The attack targeted a specific file (hx.txt) on the domain and was neither a mass defacement nor a redefacement. The motive behind the attack remains unknown.
Date: 2026-05-15T07:21:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922640
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Vipertek
Victim Site: vipertek.id
Website Defacement of thebardou.com by aexdy of Leviathan Perfect Hunter
Category: Defacement
Content: On May 15, 2026, the website thebardou.com was defaced by threat actor aexdy, operating under the group Leviathan Perfect Hunter. The attack targeted a specific file path (hx.txt) rather than the homepage, suggesting a targeted file-level defacement. No specific motive or exploitation method was disclosed in the available data.
Date: 2026-05-15T07:20:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922627
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: The Bardou
Victim Site: thebardou.com
Website Defacement of the-ami.org by aexdy (Leviathan Perfect Hunter)
Category: Defacement
Content: The website the-ami.org was defaced by threat actor aexdy, operating under the group Leviathan Perfect Hunter, on May 15, 2026. The defacement targeted a specific file (hx.txt) on the domain and was not classified as a mass or home page defacement. The incident has been mirrored and archived by zone-xsec.com for record-keeping purposes.
Date: 2026-05-15T07:19:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922626
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: AMI
Victim Site: the-ami.org
Website defacement of The African Place by aexdy of Leviathan Perfect Hunter
Category: Defacement
Content: On May 15, 2026, threat actor aexdy, operating under the team Leviathan Perfect Hunter, defaced the website theafricanplace.com, targeting a file path at hx.txt. The incident was a targeted single-site defacement with no indication of mass or repeat defacement activity. Server and infrastructure details were not disclosed in the available intelligence.
Date: 2026-05-15T07:18:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922625
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Retail/E-Commerce
Victim Organization: The African Place
Victim Site: theafricanplace.com
Website Defacement of thebobmerrill.com by aexdy of Leviathan Perfect Hunter
Category: Defacement
Content: On May 15, 2026, the website thebobmerrill.com was defaced by threat actor aexdy, operating under the group Leviathan Perfect Hunter. The defacement targeted a specific text file at thebobmerrill.com/hx.txt and was not classified as a mass or home page defacement. The incident was recorded and mirrored by zone-xsec.com.
Date: 2026-05-15T07:17:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922628
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: United States
Victim Industry: Unknown
Victim Organization: The Bob Merrill
Victim Site: thebobmerrill.com
Sale of HQ fresh Hotmail combo list
Category: Combo List
Content: A threat actor is distributing a combo list advertised as containing 621 fresh high-quality Hotmail credentials via a Telegram channel. The actor also offers private cloud access for purchase through a separate Telegram contact. Hotmail is a credential-stuffing target, not the breach source.
Date: 2026-05-15T07:17:19Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85%E2%9C%A8-621X-HQ-FRESH-HOTMAIL-%E2%9C%85%E2%9C%A8
Screenshots:
None
Threat Actors: chutguard
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of YRF Indonesia by aexdy of Leviathan Perfect Hunter
Category: Defacement
Content: On May 15, 2026, a threat actor known as aexdy, operating under the group Leviathan Perfect Hunter, defaced the Indonesian website yrfindonesia.id. The defacement was a targeted single-site attack, not part of a mass defacement campaign. The incident was mirrored and documented by zone-xsec.com.
Date: 2026-05-15T07:17:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922646
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: YRF Indonesia
Victim Site: yrfindonesia.id
Sale of HQ Hotmail combo list
Category: Combo List
Content: A threat actor is offering a high-quality Hotmail combo list for sale via Telegram. The content is hidden behind a registration/login wall, with the seller directing buyers to contact them on Telegram at @window_linux01.
Date: 2026-05-15T07:16:42Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9C%85-hq-hotmail-hit-%E2%9C%85-302519
Screenshots:
None
Threat Actors: aurexopforu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Wasabi Bistro by aexdy of Leviathan Perfect Hunter
Category: Defacement
Content: On May 15, 2026, a threat actor identified as aexdy, affiliated with the group Leviathan Perfect Hunter, defaced the website of Wasabi Bistro, a restaurant-related domain. The defacement targeted a single page (hx.txt) and was neither a mass nor a redefacement event. The motivation and server details remain unknown.
Date: 2026-05-15T07:16:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922643
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: United States
Victim Industry: Food & Beverage / Restaurant
Victim Organization: Wasabi Bistro
Victim Site: wasabibistro.biz
Sale of HQ fresh Hotmail and mix combo list
Category: Combo List
Content: A threat actor is distributing a combo list described as high-quality and fresh Hotmail and mixed credentials, reportedly dropped in a private Telegram channel 24 hours prior. The content is hidden behind a registration or login requirement on the forum. No record count or pricing details are provided in the post.
Date: 2026-05-15T07:16:23Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%B4%EF%B8%8F-hq-fresh-hotmails-mix-%E2%9C%B4%EF%B8%8F-dropped-in-private-channel-24h-ago-%F0%9F%94%A5%F0%9F%94%A5-302522
Screenshots:
None
Threat Actors: nikyofficial
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of subscription upgrade services for streaming and software platforms
Category: Services
Content: A threat actor operating under the alias Wellix is offering cheap subscription upgrades on customers own accounts for a wide range of streaming, VPN, software, and media platforms including Netflix, ChatGPT, Disney+, Spotify, and many others. Services are sold via an autobuy storefront and advertised across Discord and Telegram. The offering suggests use of compromised or fraudulently obtained subscription credentials to upgrade third-party accounts.
Date: 2026-05-15T07:16:17Z
Network: openweb
Published URL: https://patched.to/Thread-nova-%E2%AD%90cheapest-upgrades%E2%AD%90-on-your-accounts-chatgpt-netflix-disney-supergrok-perplexitypro
Screenshots:
None
Threat Actors: Wellix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Open-source tool shared for using Telegram as cloud storage
Category: Alert
Content: A forum post shares hidden content advertising a free, open-source tool that enables users to use Telegram as a cloud storage solution similar to Google Drive. The actual content is gated behind registration or login. No threat actor, victim, or specific malicious activity is identifiable from the available post content.
Date: 2026-05-15T07:15:39Z
Network: openweb
Published URL: https://leakforum.io/Thread-Turn-Telegram-Into-Google-Drive-Free-Open-Source
Screenshots:
None
Threat Actors: Bug
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Youth United for Change by aexdy (Leviathan Perfect Hunter)
Category: Defacement
Content: On May 15, 2026, the website youthunitedforchange.com was defaced by threat actor aexdy, operating under the group Leviathan Perfect Hunter. The attack was a targeted single-site defacement, modifying a non-homepage resource at the specified path. No specific motivation or server details were disclosed in the available incident data.
Date: 2026-05-15T07:15:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922645
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Non-Profit / Youth Advocacy
Victim Organization: Youth United for Change
Victim Site: youthunitedforchange.com
Website Defacement of traffictalk.info by aexdy of Leviathan Perfect Hunter
Category: Defacement
Content: On May 15, 2026, the website traffictalk.info was defaced by threat actor aexdy, operating under the group Leviathan Perfect Hunter. The defacement targeted a specific file path (hx.txt) on the domain. This was a single targeted defacement, not a mass or redefacement incident, with the mirror archived on zone-xsec.com.
Date: 2026-05-15T07:14:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922634
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Transportation / Traffic Information
Victim Organization: Traffic Talk
Victim Site: traffictalk.info
Website Defacement of Virginia Woolf Blog by aexdy (Leviathan Perfect Hunter)
Category: Defacement
Content: On May 15, 2026, the website virginiawoolfblog.com was defaced by threat actor aexdy, operating under the team Leviathan Perfect Hunter. The defacement targeted a text file (hx.txt) on the domain, indicating a targeted file-level intrusion. This was a singular, non-mass defacement incident with no prior redefacement history recorded.
Date: 2026-05-15T07:13:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922641
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Media and Publishing
Victim Organization: Virginia Woolf Blog
Victim Site: virginiawoolfblog.com
Website Defacement of Storybank.id by Aexdy of Leviathan Perfect Hunter
Category: Defacement
Content: On May 15, 2026, the Indonesian website storybank.id was defaced by a threat actor known as aexdy, operating under the group Leviathan Perfect Hunter. The defacement targeted a specific file path (hx.txt) rather than the homepage, suggesting a targeted file-level intrusion. The incident was recorded and mirrored by zone-xsec.com, a known defacement tracking platform.
Date: 2026-05-15T07:13:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922621
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Indonesia
Victim Industry: Media / Digital Content
Victim Organization: Storybank
Victim Site: storybank.id
Website Defacement of The Station Inn by aexdy (Leviathan Perfect Hunter)
Category: Defacement
Content: On May 15, 2026, the website thestationinn.net was defaced by threat actor aexdy, operating under the group Leviathan Perfect Hunter. The defacement targeted a file path on the domain and was neither a mass nor redefacement incident. The Station Inn is likely a hospitality or live music venue based on its domain name.
Date: 2026-05-15T07:12:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922631
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: United States
Victim Industry: Hospitality / Entertainment
Victim Organization: The Station Inn
Victim Site: thestationinn.net
Website defacement of Wizard Mode Film by aexdy of Leviathan Perfect Hunter
Category: Defacement
Content: On May 15, 2026, the website wizardmodefilm.com was defaced by threat actor aexdy, operating under the group Leviathan Perfect Hunter. The defacement targeted a file path on the domain associated with a film production entity. The incident was a single-target, non-mass defacement with limited technical metadata available.
Date: 2026-05-15T07:11:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922644
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Entertainment / Film
Victim Organization: Wizard Mode Film
Victim Site: wizardmodefilm.com
Website Defacement of zainelhasany.com by aexdy of Leviathan Perfect Hunter
Category: Defacement
Content: On May 15, 2026, the website zainelhasany.com was defaced by threat actor aexdy, operating under the group Leviathan Perfect Hunter. The attack targeted a specific file path (hx.txt) on the domain and was neither a mass nor a redefacement incident. The defacement was documented and mirrored by zone-xsec.com.
Date: 2026-05-15T07:10:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922647
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Zain El Hasany
Victim Site: zainelhasany.com
Website Defacement of SoSolidWorld by aexdy of Leviathan Perfect Hunter
Category: Defacement
Content: On May 15, 2026, a threat actor identified as aexdy, operating under the team Leviathan Perfect Hunter, defaced the website sosolidworld.com by uploading a defacement file at /hx.txt. The attack was a targeted single-site defacement with no mass defacement or redefacement indicators reported.
Date: 2026-05-15T07:10:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922619
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: SoSolidWorld
Victim Site: sosolidworld.com
Website defacement of TrophyFilm by aexdy (Leviathan Perfect Hunter)
Category: Defacement
Content: The website trophyfilm.com was defaced by threat actor aexdy, operating under the team name Leviathan Perfect Hunter, on May 15, 2026. The defacement targeted a specific file path (hx.txt) rather than the homepage, suggesting a targeted file-level intrusion rather than a full site takeover. The incident was recorded and mirrored by zone-xsec.com with mirror ID 922637.
Date: 2026-05-15T07:09:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922637
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Entertainment/Film
Victim Organization: TrophyFilm
Victim Site: trophyfilm.com
Website Defacement of Treasurehunt.id by aexdy of Leviathan Perfect Hunter
Category: Defacement
Content: On May 15, 2026, a threat actor operating under the alias aexdy, affiliated with the group Leviathan Perfect Hunter, defaced a file hosted on treasurehunt.id, an Indonesian domain. The defacement targeted a specific text file (hx.txt) rather than the homepage, indicating a targeted file-level intrusion. The incident was recorded and mirrored by zone-xsec.com.
Date: 2026-05-15T07:08:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922635
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Indonesia
Victim Industry: Entertainment / Gaming
Victim Organization: Treasure Hunt
Victim Site: treasurehunt.id
Website Defacement of The Rogers Sisters by aexdy (Leviathan Perfect Hunter)
Category: Defacement
Content: On May 15, 2026, the website therogerssisters.com was defaced by threat actor aexdy, operating under the team Leviathan Perfect Hunter. The defacement targeted a specific file path (hx.txt) rather than the homepage, indicating a targeted file-level intrusion. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-05-15T07:07:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922630
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: United States
Victim Industry: Entertainment / Music
Victim Organization: The Rogers Sisters
Victim Site: therogerssisters.com
Combo list distribution on cracking forum
Category: Combo List
Content: A user on cracking forum CrackingX shared a post advertising a private ULP (URL:Login:Password) combo list dated 05/15/26. The post contains minimal detail beyond an access link, with no record count or target service specified.
Date: 2026-05-15T07:00:57Z
Network: openweb
Published URL: https://crackingx.com/threads/75306/
Screenshots:
None
Threat Actors: distantguy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of combo list targeting Yahoo and streaming services
Category: Combo List
Content: A threat actor is offering a combo list of approximately 1.2 million credentials associated with Yahoo.com, Yahoo.ie, and Sapo.pt accounts, marketed for use against streaming services. The list is advertised as available via Telegram, with the actor also promoting a free combo group channel.
Date: 2026-05-15T07:00:38Z
Network: openweb
Published URL: https://crackingx.com/threads/75307/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Spotify and Gaming Combo List
Category: Combo List
Content: A threat actor is offering a combo list of approximately 12 million credentials marketed as hits for Spotify and gaming platforms. The list is advertised via a cracking forum with distribution through Telegram channels. No specific breach source is identified.
Date: 2026-05-15T07:00:14Z
Network: openweb
Published URL: https://crackingx.com/threads/75318/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list targeting French mail accounts
Category: Combo List
Content: A threat actor shared a combo list of approximately 1,500 French email account credentials, marketed as valid and fresh as of May 15. The content is gated behind a reply requirement on the forum.
Date: 2026-05-15T06:59:18Z
Network: openweb
Published URL: https://altenens.is/threads/1-5k-france-valid-fresh-mail-access-15-05.2940472/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 94K credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 94,000 Hotmail mail access credentials via an external paste service. The credentials are marketed as fresh mail access. Hotmail is the credential-stuffing target, not the breach source.
Date: 2026-05-15T06:58:49Z
Network: openweb
Published URL: https://altenens.is/threads/94k-fresh-mail-access-hotmail.2940474/unread
Screenshots:
None
Threat Actors: Vekko
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 7,500 valid mail credentials across multiple regions
Category: Combo List
Content: A threat actor shared a combo list of approximately 7,500 email credentials described as valid, covering users from the USA, EU, Asia, and Russia. The list was dated May 15 and made available to forum members upon reply.
Date: 2026-05-15T06:58:21Z
Network: openweb
Published URL: https://altenens.is/threads/7-5k-usa-eu-asia-ru-valid-mail-access-15-05.2940482/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of FICEDA by DimasHxR
Category: Defacement
Content: On May 15, 2026, a threat actor identified as DimasHxR defaced a page on the New Zealand-based website ficeda.co.nz, targeting a media or custom content directory. The attack was a targeted, non-mass defacement and does not appear to be a redefacement. No specific motive, team affiliation, or server details were disclosed.
Date: 2026-05-15T06:39:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/922459
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: New Zealand
Victim Industry: Unknown
Victim Organization: FICEDA
Victim Site: www.ficeda.co.nz
Sale of TryHackMe Premium account upgrades
Category: Services
Content: A forum user is offering TryHackMe Premium account upgrades for sale at $19.99 for 3-month access and $49.99 for 1-year access. The seller claims the upgrades unlock premium content and include unspecified bonus gifts. It is unclear whether these are legitimate vouchers, compromised accounts, or unauthorized access methods.
Date: 2026-05-15T06:37:51Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%E2%9A%A1%E2%9A%A1Tryhackme-Premium-upgrade-Unlock-Your-Hacking-Potential%E2%AD%90%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed domain mixed target combo list with 856,784 credentials
Category: Combo List
Content: A combo list containing 856,784 email:password pairs across mixed domains and targets has been shared on a cracking forum. The list is described as mixed domain and mixed target, suggesting credentials sourced from multiple services and breaches.
Date: 2026-05-15T06:37:43Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-856-784-Mixed-Domain-Mixed-Target-Combolist
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted VAPI AI voice platform credits
Category: Services
Content: A forum seller is offering $200 VAPI (vapi.ai) platform credits with 12-month validity at an undisclosed price via direct message. The offer includes access to VAPIs real-time AI voice call and agent API, marketed toward developers, SaaS products, and AI calling automation use cases. Delivery is advertised as 12–24 hours with private activation on the buyers email.
Date: 2026-05-15T06:37:32Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9C%A8%E2%9C%A8%E2%9C%A8VAPI-%E2%80%94-200-CREDITS-12-MONTHS-Real-time-AI-voice-calls-agents%E2%9A%A1%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Steam account credential hits
Category: Combo List
Content: A threat actor is sharing 100 working credential hits for Steam accounts. The post is listed under a cracking forum section, indicating the credentials were tested against Steams platform via credential stuffing. No additional details about the data source are provided.
Date: 2026-05-15T06:37:13Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9C%A8STEAM%E2%9C%A8-%E2%9A%A1100-WORKING-HITS%E2%AD%90
Screenshots:
None
Threat Actors: digital26
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of IPTV service access credentials or subscription
Category: Combo List
Content: A forum user is sharing or selling access to an IPTV service marketed as IPTV4K, claiming access to 39,000 live channels including adult content. The post includes a link, likely to credentials or a subscription token for the service.
Date: 2026-05-15T06:36:54Z
Network: openweb
Published URL: https://nulledbb.com/thread-TEST-IPTV4K-39K-Live-Channels-Adult-Content
Screenshots:
None
Threat Actors: digital26
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free share of Netflix premium session cookies
Category: Combo List
Content: A threat actor shared Netflix premium session cookies on a cracking forum, marketed as working and checked as of May 15, 2026. The cookies were made available for free via an external link.
Date: 2026-05-15T06:36:36Z
Network: openweb
Published URL: https://nulledbb.com/thread-%E2%9D%A4%EF%B8%8F-NETFLIX-%E2%9D%A4%EF%B8%8F-PREMIUM-COOKIES-WORKING-CHECKED-%E2%9D%A4%EF%B8%8F-15-05-2026-%E2%9D%A4%EF%B8%8F
Screenshots:
None
Threat Actors: teemofacfeed
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of URL:Log:Pass combo list with 8+ million lines
Category: Combo List
Content: A forum user shared a URL:Log:Pass combo list containing over 8 million lines, distributed for free on a combolist forum. The content is hidden behind a registration/login wall. No specific victim organization or country is identified.
Date: 2026-05-15T06:36:32Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-url-log-pass-free-best-lines-8-million-lines-part-341
Screenshots:
None
Threat Actors: lexityfr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free sharing of Paramount Premium accounts
Category: Combo List
Content: A forum user shared two Paramount Premium account credentials in the cracking section. The accounts are described as being associated with United States users. No further details about the source or method of compromise are provided.
Date: 2026-05-15T06:36:12Z
Network: openweb
Published URL: https://nulledbb.com/thread-2-x-Paramount-Premuim-Accounts-United-States
Screenshots:
None
Threat Actors: teemofacfeed
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of German email credential combo list (54K)
Category: Combo List
Content: A threat actor is offering a combo list of approximately 54,000 German email credentials, advertised as mail access and marketed as top quality. The list appears to be restricted to German accounts and is available via the actors storefront at megacloudshop.top.
Date: 2026-05-15T06:35:30Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-54K-Just-Germany-Jyst-Mail-Access-Top-Quality-15-05
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
VPS and dedicated server hosting service advertised on cracking forum
Category: Services
Content: A forum seller operating under the brand ahost.eu is advertising VPS and dedicated server hosting services across 35 countries, with prices starting at €7/month for VPS and €67/month for dedicated servers. The seller claims to have been operating since 2011 and offers SSL certificates, NVMe SSD storage, and 24/7 support. This appears to be a commercial hosting service offering promoted to forum members.
Date: 2026-05-15T06:30:15Z
Network: openweb
Published URL: https://crackingx.com/threads/75315/
Screenshots:
None
Threat Actors: SeoHide
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 785 Hotmail fresh credential hits
Category: Combo List
Content: A threat actor shared 785 Hotmail credential hits described as fresh and high quality, dated May 15. Access to the content requires forum engagement.
Date: 2026-05-15T06:16:26Z
Network: openweb
Published URL: https://altenens.is/threads/785x-hotmail-fresh-hits-top-quality-15-05.2940427/unread
Screenshots:
None
Threat Actors: Megacloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Website Defacement of Thai Educational Institution by Alpha Wolf (XYZ)
Category: Defacement
Content: On May 15, 2026, threat actor XYZ operating under the team Alpha Wolf conducted a mass defacement campaign targeting www.suttawas.ac.th, a Thai educational institution hosted on a Linux server. The attack was part of a broader mass defacement operation, with the defaced page archived at haxor.id. This incident represents a non-targeted opportunistic defacement likely aimed at maximizing visibility across multiple sites simultaneously.
Date: 2026-05-15T06:05:38Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249229
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Thailand
Victim Industry: Education
Victim Organization: Suttawas School
Victim Site: www.suttawas.ac.th
Combo List targeting German gaming and casino services
Category: Combo List
Content: A threat actor shared a combo list containing 652,357 email:password lines purportedly targeting gaming and casino platforms in Germany. The list was posted on a public forum and appears intended for credential stuffing against German gaming and casino services.
Date: 2026-05-15T05:57:29Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-652-357-Lines-%E2%9C%85-Gaming-and-Casino-Target-Germany-DE-Leaks
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of unauthorized PostHog Scale plan access on cracking forum
Category: Services
Content: A forum seller is offering 1-year access to PostHog Scale plan accounts with 2× monthly limits, advertised at a fraction of the official $16,500+ value. The offer includes full platform features and is activated on the buyers own email. The nature of the access suggests unauthorized or fraudulently obtained account provisioning.
Date: 2026-05-15T05:56:21Z
Network: openweb
Published URL: https://cracked.st/Thread-Supreme-%E2%9A%A1-PostHog-Scale-%E2%80%93-1-Year-Access-2%C3%97-Monthly-Limits-%C2%A0%C2%A0%E2%9A%A1%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: wavesub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 7,000 claimed high-quality Hotmail credential hits on a cybercrime forum. The content is hidden behind a registration or login requirement. Hotmail is the credential-stuffing target, not the breach victim.
Date: 2026-05-15T05:55:56Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%85-7k-hq-hotmail-hit-%E2%9C%85-302515
Screenshots:
None
Threat Actors: RetroCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Credilink Brazil
Category: Data Breach
Content: A threat actor is selling an alleged database dump attributed to Credilink Brazil, reportedly containing 243 million records from 2024. The dataset includes CPF (national ID), full name, address, phone numbers, date of birth, mothers name, email, vehicle information, income estimates, and Federal Revenue status. The seller is requesting $200 USD payable in XMR or BTC.
Date: 2026-05-15T05:55:27Z
Network: openweb
Published URL: https://leakforum.io/Thread-DATABASE-CREDILINK-BRASIL-BRAZIL
Screenshots:
None
Threat Actors: Just23
Victim Country: Brazil
Victim Industry: Finance
Victim Organization: Credilink
Victim Site: Unknown
Sale of Hotmail combo list with 39,000 fresh credential hits
Category: Combo List
Content: A threat actor is advertising a combo list of approximately 39,000 Hotmail, Outlook, Live, and MSN email credentials marketed as fresh hits with a high hit rate. The seller claims to release 2–4 files daily via a Telegram channel, targeting accounts associated with US and European regions. No specific breached organization is identified; this appears to be a credential stuffing list aggregated from multiple sources.
Date: 2026-05-15T05:54:34Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-Hotmail-39k-Premium-Mail-Access-Fresh-Hits
Screenshots:
None
Threat Actors: mailcombo01
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged counterfeit currency sales operation
Category: Cyber Attack
Content: User qiyu is advertising the sale of counterfeit banknotes (described as 精品假钞 – premium counterfeit currency) through Telegram links. Multiple identical posts indicate an active counterfeit currency distribution scheme.
Date: 2026-05-15T05:49:41Z
Network: telegram
Published URL: https://t.me/c/2613583520/81886
Screenshots:
None
Threat Actors: qiyu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list with 38K fresh hits distributed via Telegram
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 38,000 Hotmail, Outlook, Live, and MSN credentials described as fresh hits with a high hit rate. The list is advertised as covering users from the US, EU, France, Germany, and Italy. Files are distributed daily via a Telegram channel under the alias HiddenAccessX.
Date: 2026-05-15T05:48:49Z
Network: openweb
Published URL: https://altenens.is/threads/hotmail-38k-premium-mail-access-fresh-hits.2940409/unread
Screenshots:
None
Threat Actors: mailcombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mix combo list of 73K premium email credentials with fresh hits
Category: Combo List
Content: A threat actor is distributing a combo list containing approximately 73,000 email credentials targeting Hotmail, Outlook, Live, and MSN accounts, marketed as fresh hits with a high hit rate. The list covers multiple regions including the US and several European countries. Access is advertised via a Telegram channel with daily drops of 2–4 files.
Date: 2026-05-15T05:48:12Z
Network: openweb
Published URL: https://altenens.is/threads/mix-73k-premium-mail-access-fresh-hits.2940410/unread
Screenshots:
None
Threat Actors: mailcombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: Hotmail credentials (5,000 records)
Category: Logs
Content: A combo list purportedly containing 5,000 unique Hotmail credentials was shared on a cybercrime forum. The post provides minimal details beyond the thread title. These credentials are likely intended for credential stuffing or account takeover activity.
Date: 2026-05-15T05:38:11Z
Network: openweb
Published URL: https://xforums.st/threads/hotmail-unique-combo_1_5000.613842/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed email credential combo list with multi-factor authentication details
Category: Combo List
Content: A threat actor on Cracked forum is sharing a combo list described as Valid Mail FA Private Mixed, suggesting the credentials include email and password pairs with associated multi-factor authentication details. The post provides minimal context regarding the origin, volume, or targeted services. The content appears to be offered as a form of community support.
Date: 2026-05-15T05:10:53Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-Valid-Mail-FA-Private-Mixed–2094079
Screenshots:
None
Threat Actors: Phantom4T
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo list of Hotmail credentials shared on cracking forum
Category: Combo List
Content: A threat actor shared a combo list of approximately 3,800 Hotmail email credentials on a cracking forum. The post is dated May 14 and the data is described as old. The credentials are marketed as mail access, suggesting usability for account takeover.
Date: 2026-05-15T05:10:29Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8%E2%9C%88%EF%B8%8F3-8k-HOTMAIL-MAIL-ACCESS%E2%9C%88%EF%B8%8F%E2%9C%A8-14-05
Screenshots:
None
Threat Actors: SecureTrax
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: HQ Mix credential list shared by Stevee36
Category: Combo List
Content: A user on a cracking forum shared a combo list of approximately 2,294 email:password pairs marketed as high quality. No specific breach source or targeted service was identified in the post.
Date: 2026-05-15T05:10:10Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X2294-HQ-Mix-%E2%9A%A1%E2%9A%A1-BY-Stevee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: steevee
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted Telegram Premium subscriptions and Stars on cybercrime forum
Category: Services
Content: A forum user is selling Telegram Premium subscriptions and Telegram Stars at below-market prices. Offerings include Premium plans ranging from 3 months at $15 to 1 year at $35, and Stars packages from 50 to 500,000 units. The origin or legitimacy of these subscriptions is not disclosed.
Date: 2026-05-15T05:09:43Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%8E%9Dcheapest%E2%8E%A0-telegram-premium%F0%9F%92%8Eand-stars%E2%AD%90-on-the-market%F0%9F%92%B8
Screenshots:
None
Threat Actors: Saudi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free South Korea email combo list (Batch 41/100)
Category: Combo List
Content: A threat actor shared a free South Korean email list as part of a series (Batch 41 of 100) on a public forum. The content is hidden behind registration/login, limiting visibility into specific record counts or data fields. The post is categorized as a combo list targeting South Korean email accounts.
Date: 2026-05-15T05:09:30Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-free-premium-south-korea-email-list-batch-41-100
Screenshots:
None
Threat Actors: emaildbpro
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Germany mail access combo list with 3.2K credentials
Category: Combo List
Content: A combo list of approximately 3,200 German email account credentials is being shared on a cybercrime forum. The content is hidden behind a registration or login requirement. The post is labeled as old data from a private collection by the user TraxGod.
Date: 2026-05-15T05:09:13Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%8C%BB3-2k-germany-mail-access-mix%F0%9F%8C%BB%E2%9C%A8-14-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail credential combo list
Category: Combo List
Content: A threat actor is sharing a combo list of 800 purportedly valid Hotmail credentials on a cybercrime forum. The content is gated behind registration or login. These credentials are likely intended for use in credential stuffing or account takeover activity.
Date: 2026-05-15T05:08:27Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-800x-Valid-HQ-Hotmails–204106
Screenshots:
None
Threat Actors: Sellerxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 800 valid credentials
Category: Combo List
Content: A threat actor is sharing a combo list containing 800 purportedly valid Hotmail credentials. The content is hidden behind a registration or login requirement on the forum. The credentials are marketed as high-quality (HQ) hits.
Date: 2026-05-15T05:08:20Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-800x-Valid-HQ-Hotmails
Screenshots:
None
Threat Actors: xleov
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of 800 Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of 800 alleged Hotmail credential hits on a cybercrime forum. The content is hidden behind registration or login. The credentials are marketed as high quality (HQ) hits.
Date: 2026-05-15T05:08:02Z
Network: openweb
Published URL: https://demonforums.net/Thread-NUM-PASS-%E2%9C%85-800-HQ-HOTMAIL-HIT-%E2%9C%85
Screenshots:
None
Threat Actors: AWSCRACKSISTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Canela Abogados by Anonym (3XPLOIT.ID)
Category: Defacement
Content: On May 15, 2026, the website of Canela Abogados, a law firm, was defaced by a threat actor operating under the alias Anonym affiliated with the Indonesian hacking group 3XPLOIT.ID. The defacement targeted a specific file path rather than the homepage, indicating a targeted intrusion rather than a mass or home page defacement. The incident was archived and mirrored via haxor.id.
Date: 2026-05-15T04:53:15Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249227
Screenshots:
None
Threat Actors: Anonym, 3XPLOIT.ID
Victim Country: Spain
Victim Industry: Legal Services
Victim Organization: Canela Abogados
Victim Site: canelaabogados.com
Mass Defacement of Canela Abogados Mail Server by 3XPLOIT.ID
Category: Defacement
Content: The threat actor Anonym operating under the team 3XPLOIT.ID conducted a mass defacement targeting the mail server of Canela Abogados, a law firm identifiable by the abogados (Spanish for lawyers) designation in the domain. The defacement was detected on May 15, 2026, and is classified as a mass defacement campaign rather than an isolated or repeated attack against this specific target. A mirror of the defacement was archived at haxor.id.
Date: 2026-05-15T04:50:05Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249228
Screenshots:
None
Threat Actors: Anonym, 3XPLOIT.ID
Victim Country: Unknown
Victim Industry: Legal Services
Victim Organization: Canela Abogados
Victim Site: mail.canelaabogados.com
Alleged data leak of infinition.es – CSV file distributed
Category: Data Leak
Content: A CSV file allegedly containing data from infinition.es has been leaked and made available for download via MediaFire. The post references KARAWANG ERROR SYSTEM and includes a photo allegedly showing the compromised system. The file is being distributed publicly without payment.
Date: 2026-05-15T04:44:22Z
Network: telegram
Published URL: https://t.me/KAR4WANG_ERROR_SYSTEM/499
Screenshots:
None
Threat Actors: KARAWANG ERROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: infinition.es
Victim Site: infinition.es
Alleged data breach of Ethiopian government NGO registration agency
Category: Data Breach
Content: The threat actor 404Crew Cyber Team posted in a database forum claiming a breach of an official Ethiopian government agency responsible for registering and auditing NGOs. No further details or post content were available to confirm the nature or scope of the data involved.
Date: 2026-05-15T04:36:44Z
Network: openweb
Published URL: https://breached.st/threads/official-government-agency-site-that-registers-and-audits-ngos-ngos-in-ethiopia.87124/unread
Screenshots:
None
Threat Actors: 404Crew Cyber Team
Victim Country: Ethiopia
Victim Industry: Government
Victim Organization: Ethiopian Government NGO Registration and Audit Agency
Victim Site: Unknown
DDoS-for-hire service offering with 90 attack methods across Layer 4 and Layer 7
Category: DDoS
Content: A threat actor is advertising a stress testing and DDoS-for-hire platform marketed as JINKUSU ATTACK featuring 90 attack methods spanning Layer 4 and Layer 7. The service includes additional capabilities such as a real IP finder, port scanner, proxy manager, and live traffic analytics.
Date: 2026-05-15T04:32:25Z
Network: openweb
Published URL: https://darkforums.su/Thread-JINKUSU-ATTACK-DDOS-MASTER
Screenshots:
None
Threat Actors: jinkusu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Auchan France
Category: Data Breach
Content: A threat actor is selling an alleged database dump from French retailer Auchan, containing approximately 1,291,028 records. The dataset includes customer names, email addresses, phone numbers, physical addresses, loyalty card numbers, and customer IDs. The seller claims the data is fresh and previously uncirculated, and directs interested buyers to contact via Telegram or Discord.
Date: 2026-05-15T04:29:48Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-FRENCH-DATABASE-AUCHAN-1-2M
Screenshots:
None
Threat Actors: Lagui
Victim Country: France
Victim Industry: Retail
Victim Organization: Auchan
Victim Site: auchan.fr
Sale of alleged US investor PII dataset containing 1 million records
Category: Data Breach
Content: A threat actor is offering for sale a dataset purportedly containing over one million US investor records. The data includes investor IDs, full names, email addresses, phone numbers, dates of birth, physical addresses, and account type information (e.g., Roth IRA, 401(k), Brokerage Account). The origin or breached organization has not been identified.
Date: 2026-05-15T04:29:10Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-SELL-PII-US-1001K-INCLUDE-INVESTOR-ID-FIRST-NAME-FUL-NAME-EMAIL-PHONE-DATOFBIRTH
Screenshots:
None
Threat Actors: 053o
Victim Country: United States
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Sale of credential stuffing tool targeting Crypto.com
Category: Combo List
Content: A threat actor is offering for sale a credential stuffing tool targeting Crypto.com for $900. The tool is written in GoLang, claims captcha-bypass capability, and supports high-speed checking (up to 200k CPM with HQ proxies). Full source code is included in the sale.
Date: 2026-05-15T04:28:34Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Selling-crypto-com-vm–76482
Screenshots:
None
Threat Actors: dragono
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of initial access to Directorate General of Drug Administration, Bangladesh
Category: Initial Access
Content: A threat actor is selling what appears to be session-based access to the Directorate General of Drug Administration (DGDA), a regulatory body under the Ministry of Health & Family Welfare of Bangladesh. The post includes a session token and lists the agencys functions covering drug registration, licensing, and pharmaceutical regulations. Access is priced at $500.
Date: 2026-05-15T04:28:01Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Directorate-General-of-Drug-Administration-Government-of-Bangladesh
Screenshots:
None
Threat Actors: dragono
Victim Country: Bangladesh
Victim Industry: Government
Victim Organization: Directorate General of Drug Administration
Victim Site: dgda.gov.bd
Alleged sale of MistralAI internal source code and repositories
Category: Data Breach
Content: A threat actor is offering for sale approximately 5GB of alleged internal source code and repositories from Mistral AI, priced at $5,000. The purported dataset includes repositories related to training, fine-tuning, benchmarking, model inference, platform dashboards, and future projects for both mistralai and mistral-solutions. The seller provided a list of sample repository names and a Session messaging contact for transaction.
Date: 2026-05-15T04:27:26Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-MistralAI-internal-source-code-repos
Screenshots:
None
Threat Actors: dragono
Victim Country: France
Victim Industry: Technology
Victim Organization: Mistral AI
Victim Site: mistral.ai
Alleged data breach of Cairo and Galala University
Category: Data Breach
Content: A threat actor identified as INT3X is offering for sale approximately 10GB of data allegedly exfiltrated from Cairo University and Galala University in Egypt. The dataset reportedly includes PII for approximately 45,000 students (41,000 from Cairo, 4,000 from Galala), encompassing national IDs, passwords, emails, phone numbers, guardian details, and addresses, along with student images and documents.
Date: 2026-05-15T04:26:50Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Egypt-Cairo-Galala-University-PII-Students-Images-Docs-10GB
Screenshots:
None
Threat Actors: INT3X
Victim Country: Egypt
Victim Industry: Education
Victim Organization: Cairo University and Galala University
Victim Site: Unknown
Sale of proxy business setup service
Category: Services
Content: A seller operating under the name Paxerr is advertising a proxy business setup service on a darknet forum. The offering includes unlimited revisions, a refund policy, and 24/7 support. The post outlines terms of service covering payment, delivery, ownership transfer, and liability limitations.
Date: 2026-05-15T04:25:51Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-%E2%9A%A1LAUNCH-YOUR-PROXY-BUSINESS-%E2%80%A2-100-REFUND-%E2%80%A2-UNLIMITED-REVISIONS-%E2%80%A2-24-7-SUPPORT%E2%9A%A1
Screenshots:
None
Threat Actors: BossOfBosses
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Aviso Wealth
Category: Data Breach
Content: A threat actor is selling an alleged database dump from Aviso Wealth (aviso.ca), a Canadian wealth management and financial services company. The dataset, purportedly breached on 1 May 2026, contains approximately 261,382 records including customer full names, street addresses, cities, provinces, postal codes, and phone numbers. A sample of Canadian records, predominantly from Alberta, was provided as proof.
Date: 2026-05-15T04:25:16Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Aviso-Wealth-aviso-ca-261-382
Screenshots:
None
Threat Actors: lowiqq
Victim Country: Canada
Victim Industry: Finance
Victim Organization: Aviso Wealth
Victim Site: aviso.ca
Graphic design and video editing services offered on dark forum
Category: Services
Content: A forum user is advertising graphic design, video editing, and GIF animation services on a dark web forum. The seller claims over 13 years of professional experience and offers logo design, promotional videos, motion graphics, and social media content. Contact is solicited via Telegram.
Date: 2026-05-15T04:24:29Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Hello-I%E2%80%99m-a-graphic-designer-and-video-editor
Screenshots:
None
Threat Actors: aslantr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of root access to high-capacity server in Germany
Category: Initial Access
Content: A threat actor is offering root access to a server located in Germany with 24 cores, 96GB RAM, and 80TB storage. The access is being auctioned to the highest bidder via Telegram. No victim organization is identified in the post.
Date: 2026-05-15T04:23:24Z
Network: openweb
Published URL: https://darkforums.su/Thread-Huge-access-sell-80Tb-24-core-96Gb-RAM
Screenshots:
None
Threat Actors: aptelleralone
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of CA Indosuez Spain
Category: Data Breach
Content: A threat actor is offering for sale approximately 200,000 lines of personally identifiable information allegedly extracted from CA Indosuez Spain account holders. The dataset includes phone numbers, full names, gender, email addresses, physical addresses, postal codes, and dates of birth. Sample records provided contain data consistent with Spanish residents.
Date: 2026-05-15T04:22:43Z
Network: openweb
Published URL: https://darkforums.su/Thread-SPAIN-ca-indosuez-com-PII-200k-lines
Screenshots:
None
Threat Actors: Tink3rTech
Victim Country: Spain
Victim Industry: Finance
Victim Organization: CA Indosuez
Victim Site: ca-indosuez.com
Alleged data leak of yalelodges.com
Category: Data Leak
Content: A threat actor operating under the handle 1877Team has freely distributed what is claimed to be the database of yalelodges.com via a file-sharing link. The post frames the release as free content for the new beginning, suggesting a promotional leak. No record count or data field details were specified in the post.
Date: 2026-05-15T04:21:00Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-yalelodges-com-database
Screenshots:
None
Threat Actors: 1877
Victim Country: Unknown
Victim Industry: Hospitality
Victim Organization: Yale Lodges
Victim Site: yalelodges.com
Alleged data leak of eak-electronic.com phone:password database
Category: Data Leak
Content: A threat actor known as 1877 has freely shared a phone:password database allegedly sourced from eak-electronic.com. The post is attributed to the #1877Team and directs users to a Telegram channel for access. No record count or additional technical details were provided.
Date: 2026-05-15T04:20:16Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-eak-electronic-com-phone-password-DB
Screenshots:
None
Threat Actors: 1877
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: EAK Electronic
Victim Site: eak-electronic.com
Alleged data leak of ssgmce.ac.in
Category: Data Leak
Content: A threat actor operating under the 1877 Team banner has freely released what they claim is a database associated with ssgmce.ac.in, an Indian engineering college. The data was made publicly available via a file-sharing link and promoted across their Telegram channel and affiliated site. No details regarding record count or specific data fields were disclosed in the post.
Date: 2026-05-15T04:19:34Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-ssgmce-ac-in-Databases
Screenshots:
None
Threat Actors: 1877
Victim Country: India
Victim Industry: Education
Victim Organization: Shri Sant Gajanan Maharaj College of Engineering
Victim Site: ssgmce.ac.in
Alleged data leak of Basij member information database
Category: Data Leak
Content: A threat actor operating under the 1877Team handle claims to have leaked a database containing detailed personal information on Basij members, including full names, national IDs, addresses, ranks, and phone numbers. A free sample is offered, with further details available via Telegram. The post is written in both English and Kurdish.
Date: 2026-05-15T04:18:58Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-BASIJ-MEMBER-INFO-DATABASE
Screenshots:
None
Threat Actors: 1877
Victim Country: Iran
Victim Industry: Government
Victim Organization: Basij (Islamic Revolutionary Guard Corps)
Victim Site: Unknown
Alleged data breach of RIMATEL.MR with ransom demand
Category: Cyber Attack
Content: Threat actor Signal404 claims to have compromised the internal infrastructure of RIMATEL, a private telecommunications company in Mauritania, and extracted customer personal identification records, payment receipts, transaction records, employee information, and billing/financial documents. Sample data includes customer subscription and invoicing records denominated in Mauritanian Ouguiya (MRU). The actor has issued a ransom demand, threatening to publish all data if payment is not received be
Date: 2026-05-15T04:18:14Z
Network: openweb
Published URL: https://darkforums.su/Thread-RIMATEL-MR-%E2%80%94-Internal-Database-Compromised
Screenshots:
None
Threat Actors: Signal404
Victim Country: Mauritania
Victim Industry: Telecommunications
Victim Organization: RIMATEL
Victim Site: rimatel.mr
Alleged data leak of Bangladesh Customs (customs.gov.bd)
Category: Data Leak
Content: A threat actor leaked a database allegedly belonging to Bangladesh Customs, operating under the National Board of Revenue (NBR). The leak reportedly contains email subscriptions related to customs enforcement and hashed passwords associated with the NBR and various private companies. The data was made available via an anonymous file-sharing link.
Date: 2026-05-15T04:17:30Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-customs-gov-bd-Bangladesh-Customs-enforcement
Screenshots:
None
Threat Actors: vicmeow
Victim Country: Bangladesh
Victim Industry: Government
Victim Organization: Bangladesh Customs / National Board of Revenue
Victim Site: customs.gov.bd
Alleged data leak of Bengkalis Regency Integrated Electronic Licensing Service (EPINTER)
Category: Data Leak
Content: A threat actor has leaked data from EPINTER, the Integrated Electronic Licensing Service platform of Bengkalis Regency, Indonesia, managed by the DPMPTSP. The leaked dataset allegedly contains email addresses and plaintext passwords for registered users of the platform. The data was made available via an external file-sharing link.
Date: 2026-05-15T04:16:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-epinter-bengkaliskab-go-id-Integrated-Electronic-Licensing-Service
Screenshots:
None
Threat Actors: vicmeow
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Bengkalis Regency DPMPTSP
Victim Site: epinter.bengkaliskab.go.id
Sale of mixed-country shopping combo list with 745,994 credentials
Category: Combo List
Content: A combo list containing approximately 745,994 email:password pairs is being shared on a cracking forum. The credentials are described as mixed-country and targeted toward shopping platforms. No specific breached organization is identified.
Date: 2026-05-15T04:10:57Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-745-994-Mixed-Country-Shopping-Target
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combo list of 635 Hotmail mail access credentials on a public forum. The content is gated behind registration or login. The post is dated May 14 and notes the data is old.
Date: 2026-05-15T04:10:28Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%8C%BBx635-hotmail-mail-access%F0%9F%8C%BB%E2%9C%A8-14-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: USA, Germany, and Switzerland mail access mix
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 2,400 mail access credentials sourced from the United States, Germany, and Switzerland. The content is hidden behind a registration or login requirement. The post is dated May 14 and is labeled as private data from the author.
Date: 2026-05-15T04:10:11Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%8C%BB2-4k-usa-de-ch-mail-access-mix%F0%9F%8C%BB%E2%9C%A8-14-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List: 30K UHQ Outlook Credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 30,000 Outlook credentials marketed as UHQ (ultra-high quality) and fresh. The post is sponsored by a third-party AIO service. These credentials are intended for credential stuffing against Outlook/Microsoft accounts.
Date: 2026-05-15T03:29:20Z
Network: openweb
Published URL: https://cracked.st/Thread-30K-UHQ-OUTLOOK-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 200K UHQ mixed mail combo list
Category: Combo List
Content: A threat actor is sharing a combo list of 200,000 mixed email credentials marketed as UHQ and fresh. The post is sponsored by slateaio.com, suggesting use with account-checking tools.
Date: 2026-05-15T03:29:00Z
Network: openweb
Published URL: https://cracked.st/Thread-200K-UHQ-MIXED-MAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Yahoo combo list with 40,000 credentials
Category: Combo List
Content: A threat actor is sharing a combo list of 40,000 Yahoo credentials marketed as UHQ and fresh. The post is sponsored by a third-party AIO service. This is a credential stuffing resource, not a breach of Yahoo itself.
Date: 2026-05-15T03:28:40Z
Network: openweb
Published URL: https://cracked.st/Thread-40K-UHQ-YAHOO-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Gmail combo list with 735,000 credentials
Category: Combo List
Content: A threat actor is distributing a combo list advertised as containing 735,000 UHQ Gmail credentials marketed as fresh. The post is sponsored by slateaio.com, suggesting association with credential-stuffing tooling.
Date: 2026-05-15T03:28:21Z
Network: openweb
Published URL: https://cracked.st/Thread-735K-UHQ-GMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of European email credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 1,200 European email credentials, described as private data from the poster. The list was made available for free on a cracking forum.
Date: 2026-05-15T03:28:02Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-%E2%9C%A8%E2%9C%88%EF%B8%8F1-2k-EUROPE-MAIL-ACCESS-MIX%E2%9C%88%EF%B8%8F%E2%9C%A8-14-05
Screenshots:
None
Threat Actors: SecureTrax
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting German social and shopping platforms
Category: Combo List
Content: A combo list of 845,641 email:password lines is being distributed, marketed as high-quality credentials targeting German social media and shopping platforms. The list is described as HQ (high quality) leaks intended for credential stuffing against German-language services.
Date: 2026-05-15T03:27:36Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-845-641-Lines-%E2%9C%85-Social-and-Shopping-Target-Germany-HQ-Leaks
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail combo list of 4K credentials marketed as daily fresh bases
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 4,000 Hotmail credentials, advertised as fresh and updated daily. The post is located in a combolist forum section and implies ongoing availability of fresh credential bases. No breach of Microsoft or Hotmail infrastructure is claimed.
Date: 2026-05-15T03:27:17Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%854K-HOTMAIL-ACCESS%E2%9C%89%EF%B8%8F%E2%9C%85EVERY-DAY-FRESH-BASES%E2%9C%89%EF%B8%8F%E2%9C%85
Screenshots:
None
Threat Actors: readyoffice
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 11K mixed credentials
Category: Combo List
Content: A threat actor shared a combo list of approximately 11,000 mixed credentials, claimed to be 100% valid and recently checked. The list was distributed freely on a cracking forum.
Date: 2026-05-15T03:26:59Z
Network: openweb
Published URL: https://cracked.st/Thread-11K-Mix-100-Valid-just-checked-COMBO
Screenshots:
None
Threat Actors: Bandyta
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of UHQ Hotmail combo list containing 63K credentials
Category: Combo List
Content: A threat actor is sharing a combo list of approximately 63,000 Hotmail credentials, marketed as ultra-high quality and fresh. The list is intended for credential stuffing against Hotmail/Microsoft accounts.
Date: 2026-05-15T03:26:38Z
Network: openweb
Published URL: https://cracked.st/Thread-63K-UHQ-HOTMAIL-COMBO-FRESH
Screenshots:
None
Threat Actors: Vows
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Instagram Custom Business Meta Verification Service
Category: Services
Content: A threat actor is advertising a service to obtain Instagram Business Meta verification badges without requiring legitimate documentation from the buyer. The service claims a 0-2 hour turnaround and allows any name and profile picture. This appears to be a fraudulent account verification service targeting Instagram/Metas verification system.
Date: 2026-05-15T03:26:26Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1-Instagram-Custom-Business-Meta-Verification%C2%A0-Fast-Turnaround-Best-Prices-%E2%9A%A1
Screenshots:
None
Threat Actors: Artistice
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List targeting Hotmail accounts (930 credentials)
Category: Combo List
Content: A threat actor shared a combo list of 930 Hotmail mail access credentials on a public forum. The content is gated behind registration or login. The post notes the data is old.
Date: 2026-05-15T03:25:57Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-%E2%9C%A8%F0%9F%8C%BBx930-hotmail-mail-access%F0%9F%8C%BB%E2%9C%A8-14-05
Screenshots:
None
Threat Actors: TraxGod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fraudulent document creation and KYC/AML bypass service
Category: Services
Content: A threat actor operating under the name Diamond Service is advertising a document forgery and KYC/AML verification bypass service. The service claims to produce falsified identity documents for over 70 countries, including correct barcode generation and metadata manipulation to avoid forensic detection. The offering targets account verification bypass and unblocking of restricted accounts across unspecified platforms.
Date: 2026-05-15T03:25:27Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9C%94%EF%B8%8F-Drawing-editing-documents-drops-templates-KYC-AML-V-erification–204093
Screenshots:
None
Threat Actors: Resddddf
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment cards, dumps, and financial account access
Category: Carding
Content: A threat actor is offering stolen credit cards (CC/CVV/Fulls), magnetic stripe dumps (101/201, with and without PIN), and compromised financial accounts including PayPal, CashApp, and verified bank wallets. The seller also advertises carding tutorials, order fulfillment from major retailers at 20–60% cost, and cashout services via Bitcoin exchange. Cards are claimed to have a 90–100% validity rate across USA, EU, and global BINs.
Date: 2026-05-15T03:24:45Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9C%94%EF%B8%8FDUMPS-CC-CVV-CLONE-CARDS-PAYPAL-CASHAPP-ACCOUNTS%E2%9C%94%EF%B8%8F–204098
Screenshots:
None
Threat Actors: Dayroeh
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of ELN Voces infrastructure by IRON ATLAS NEW GENERATION
Category: Defacement
Content: Threat actor IRON ATLAS NEW GENERATION claims to have compromised the digital infrastructure of ELN VOCES (Ejército de Liberación Nacional). The actor provides a link to allegedly hacked content at https://radio.eln-voces.net/public/frontera and references their official Telegram channel for further information.
Date: 2026-05-15T03:22:38Z
Network: telegram
Published URL: https://t.me/c/3518294966/144
Screenshots:
None
Threat Actors: IRON ATLAS NEW GENERATION
Victim Country: Colombia
Victim Industry: Political/Military Organization
Victim Organization: ELN VOCES (Ejército de Liberación Nacional)
Victim Site: eln-voces.net
Sale of bank logs with mail access and RDP credentials
Category: Logs
Content: A threat actor operating under the alias GHOSTLOGGY1 is advertising fresh bank logs with mail access and RDP credentials via a Telegram channel. The post markets these as valid and directs buyers to an external Telegram storefront.
Date: 2026-05-15T03:06:59Z
Network: openweb
Published URL: https://altenens.is/threads/bankjack-o-lanternlogsjack-o-lanternstore.2940343/unread
Screenshots:
None
Threat Actors: GHOSTLOGGY1
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Sale of Apple Pay-linked payment cards in bulk
Category: Carding
Content: A threat actor is advertising bulk Apple Pay-linked credit cards (CCs/Fullz) for sale, claiming no OTP is required and that cards auto-add. The seller offers replacement guarantees and guidance for new buyers, accepting cryptocurrency payments via Telegram.
Date: 2026-05-15T03:06:15Z
Network: openweb
Published URL: https://altenens.is/threads/check-mark-buttonall-newbies-trynna-chop-red-appleapple-pay-ccs-available-in-bulk.2940356/unread
Screenshots:
None
Threat Actors: Baintek
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 50,000 email credentials combo list
Category: Combo List
Content: A threat actor is offering a combo list of 50,000 email credentials marketed as valid full mail access. No additional details are available from the post content.
Date: 2026-05-15T02:42:34Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-50k-Full-MailAccess-Valid
Screenshots:
None
Threat Actors: private_crew
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen US payment cards with full billing information
Category: Carding
Content: A threat actor is selling fresh US payment cards with full billing information on a cybercrime forum. No further details regarding card volume, price, or source were provided in the post.
Date: 2026-05-15T02:42:30Z
Network: openweb
Published URL: https://cracked.st/Thread-S-FRESH-CARDS-W-FULL-BILLING
Screenshots:
None
Threat Actors: jinxsz
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of email inbox checker and credential validation tool targeting mixed email providers
Category: Combo List
Content: A threat actor is offering for sale a credential-checking tool called Hunter Mix Inbox Checker v8 capable of validating email accounts across 99% of email providers including Hotmail. The tool includes inbox viewing, bulk SMTP sending, proxy support, and webhook integration for pushing results to Discord or Telegram. Prospective buyers are directed to contact the seller via direct message.
Date: 2026-05-15T02:41:23Z
Network: openweb
Published URL: https://leakforum.io/Thread-%E2%9A%A1%E2%9A%A1Hunter-Mix-Inbox-Checker-v8%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: hunterX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Combo List of Hotmail credentials available on forum
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 2,600 Hotmail credentials, marketed as valid and high quality. The list is dated May 15 and is available to forum members upon reply.
Date: 2026-05-15T02:31:29Z
Network: openweb
Published URL: https://altenens.is/threads/2-6k-high-voltagehotmailhigh-voltagevalid-mail-access-15-05.2940329/unread
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 1,072 valid credentials
Category: Combo List
Content: A threat actor is distributing a combo list of 1,072 claimed valid Hotmail credentials, marketed as UHQ (ultra-high quality). The content is hidden behind registration and the actor is directing interested parties to a Telegram channel for access.
Date: 2026-05-15T01:59:32Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X1072-Valid-UHQ-Hotmail-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 1,072 valid credentials
Category: Combo List
Content: A threat actor is distributing a combo list containing 1,072 claimed valid Hotmail credentials, marketed as UHQ (ultra-high quality). The content is hidden behind registration or login, with the actor also advertising via Telegram.
Date: 2026-05-15T01:59:29Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A1-X1072-Valid-UHQ-Hotmail-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free combo list of 14,593 mixed credentials
Category: Combo List
Content: A threat actor shared a combo list containing 14,593 mixed credentials on a leak forum. The content is hidden behind registration or login, suggesting distribution to forum members. No specific victim organization or country is identified.
Date: 2026-05-15T01:59:07Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-14-593-Good-MIXED-GOODS-D4RKNETHUB-CLOUD
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed combo list via D4rkNetHub cloud service
Category: Combo List
Content: A threat actor operating as D4rkNetHub is selling a mixed combo list containing 14,593 email:password credentials via their cloud service. Access is offered on subscription tiers ranging from $10 for a 3-day trial to $50 for 30 days. The list is described as good hits with no specific victim organization identified.
Date: 2026-05-15T01:58:56Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-14-593-Good-MIXED-GOODS-D4RKNETHUB-CLOUD
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Chinese passport records
Category: Data Leak
Content: A threat actor has shared what appears to be a collection of 1,075 Chinese passport records via file hosting links. The archive is password-protected and posted on a carding forum. The origin or source of the passport data is not specified.
Date: 2026-05-15T01:53:06Z
Network: openweb
Published URL: https://altenens.is/threads/china-1075x-passport.2940282/unread
Screenshots:
None
Threat Actors: ketrin24
Victim Country: China
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Mix valid mail access combo list (82.6K credentials)
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 82,600 mixed email credentials, marketed as valid and private. The list is dated 15.05.2026 and is available via a reply-gated download on the forum.
Date: 2026-05-15T01:52:31Z
Network: openweb
Published URL: https://altenens.is/threads/82-6k-sparkles-mix-sparkles-valid-mail-access-15-05.2940308/unread
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Eli Lilly internal source code repositories and documents
Category: Data Breach
Content: A threat actor claims to be selling over 1,200 internal source code repositories totaling approximately 80GB (compressed) allegedly stolen from Eli Lilly, covering drug research tools, AI agents, medical devices, manufacturing systems, and clinical platforms. An additional 40GB of documents reportedly exfiltrated from Eli Lillys Veeva vault are also included in the offering. The actor is seeking $70,000 USD for exclusive sale and has offered to sell back to Eli Lilly directly, threatening to le
Date: 2026-05-15T01:28:21Z
Network: openweb
Published URL: https://breached.st/threads/eli-lilly-internal-codebases-for-drug-development-and-trials.87122/unread
Screenshots:
None
Threat Actors: TeamPCP
Victim Country: United States
Victim Industry: Healthcare
Victim Organization: Eli Lilly
Victim Site: lilly.com
Sale of stolen payment cards, bank logs, and cashout services
Category: Carding
Content: A threat actor is offering stolen credit cards, bank logs, and cashout services including transfers to CashApp and cryptocurrency. Services advertised include converting PayPal balances, bank logs, and CCs to crypto. Contact is directed to a Telegram handle.
Date: 2026-05-15T01:24:17Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Linkable-Ccs-Bank-logs-Slips
Screenshots:
None
Threat Actors: Oblocck
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free release of 156 million URL:Login:Password combo list
Category: Combo List
Content: A threat actor has shared a combo list containing 156 million URL:login:password credential pairs, marketed as high quality. The post appears to be a bump of a prior release thread on the forum.
Date: 2026-05-15T01:08:42Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-156M-%E2%9A%A1-URL-LOGIN-PASS-HQ-%E2%9A%A1
Screenshots:
None
Threat Actors: DevelMakss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mixed country combo list distribution
Category: Combo List
Content: A combo list containing 84,482 email:password credential pairs from mixed countries is being distributed on a cracking forum. The post is categorized as a mixed-country corporate combo list, suggesting credentials from various corporate targets.
Date: 2026-05-15T01:08:37Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-84-482-%E2%9A%9C%EF%B8%8F-Mixed-Country-Corp
Screenshots:
None
Threat Actors: AiCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of 1.8GB stealer logs
Category: Logs
Content: A threat actor is freely sharing 1.8GB of stealer logs described as full logs. The post contains no additional details about the origin, targeted regions, or specific malware family used to generate the logs.
Date: 2026-05-15T01:08:22Z
Network: openweb
Published URL: https://cracked.st/Thread-Other-1-8GB-%E2%AD%90%EF%B8%8F-STEALER-LOGS-FULL-LOGS-%E2%AD%90%EF%B8%8F–2094021
Screenshots:
None
Threat Actors: DevelMakss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of mixed-country Yahoo.com combo list with 1.6 million lines
Category: Combo List
Content: A threat actor shared a combo list of approximately 1.6 million email:password lines targeting Yahoo.com accounts, advertised as mixed-country. The post is categorized as a credential stuffing list and does not represent a breach of Yahoos infrastructure.
Date: 2026-05-15T01:08:15Z
Network: openweb
Published URL: https://cracked.st/Thread-Email-Pass-1-665-843-Lines-%E2%9C%85-Mixed-Country-Yahoo-com-COmbolist-2026
Screenshots:
None
Threat Actors: HqComboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Distribution of URL:Login:Pass combo list with 687K credentials
Category: Combo List
Content: A threat actor shared a URL:Login:Pass combo list containing approximately 687,000 credential pairs on a cybercrime forum. The content is hidden behind a registration/login gate. No specific victim organization is identified.
Date: 2026-05-15T01:07:45Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%AD%90%EF%B8%8F%E3%80%8C687k%E3%80%8D-url-login-pass-%E2%AD%90%EF%B8%8F-26-11-2025-%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: databreach
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Claude API tokens
Category: Data Leak
Content: A threat actor is distributing a claimed dataset of 2 million Claude API tokens at no cost on a forum. The post offers a free sample and directs users to hidden content requiring registration. It is unclear whether the tokens were obtained via a breach, credential stuffing, or scraping.
Date: 2026-05-15T01:07:27Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9D%A4%EF%B8%8F-claude-api-tokens-2-million-ai-tokies-%E2%9D%A4%EF%B8%8F
Screenshots:
None
Threat Actors: JVZU
Victim Country: United States
Victim Industry: Technology
Victim Organization: Anthropic
Victim Site: anthropic.com
Sale of Germany-targeted Hotmail combo list
Category: Combo List
Content: A threat actor is selling UHQ Hotmail and mixed email combo lists targeting Germany, marketed as fresh and private. The offering includes credentials, logs, and mail checkers available via a paid subscription service. A sample is provided with full access requiring purchase.
Date: 2026-05-15T01:07:19Z
Network: openweb
Published URL: https://patched.to/Thread-file-upload-pravet-germany-%F0%9F%87%A9%F0%9F%87%AA-mail-access-by-antalya-h
Screenshots:
None
Threat Actors: cloudantalya
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HQ mixed email combo list including Hotmail accounts
Category: Combo List
Content: A threat actor operating as Hunter Cloud is selling access to a subscription-based combo list service offering approximately 6,600 mixed email credentials, including Hotmail accounts with full mailbox access. Tiered VIP plans are offered ranging from a trial to lifetime access. The credentials are marketed as high quality and frequently updated.
Date: 2026-05-15T01:06:42Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-%E2%9A%A1%E2%9A%A16-6k-HQ-Mixed-Access-VALID-HITS-Frash-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: hunterX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment cards and fraudulent transfer services
Category: Carding
Content: A threat actor is advertising stolen non-VBV fullz cards, clone cards, and linkable accounts for payment platforms including CashApp, PayPal, Zelle, Chime, Venmo, Skrill, Google Pay, Apple Pay, and Western Union. The actor claims a 30–40% return rate and is soliciting buyers via Telegram. Bank transfers and crypto transfers are also offered on a promotional basis.
Date: 2026-05-15T00:47:08Z
Network: openweb
Published URL: https://altenens.is/threads/anyone-looking-to-make-quick-money-today-message-me-ive-got-a-100-full-proof-method-with-a-30-to-40-return-rate-trust-me-you-are-going-to-make-mon.2940251/unread
Screenshots:
None
Threat Actors: 04tr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Hotmail combo list with 4K valid email credentials
Category: Combo List
Content: A threat actor is distributing a combo list of approximately 4,000 Hotmail and mixed email credentials advertised as valid. Access to the hidden content requires a reply to the thread. The post encourages users to visit the authors profile for additional similar posts.
Date: 2026-05-15T00:46:30Z
Network: openweb
Published URL: https://altenens.is/threads/4k-sparkles-hotmail-mix-valid-mail-access-sparkles.2940266/unread
Screenshots:
None
Threat Actors: GhostlyGamer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged GoliathStress DDoS Stresser Service Advertisement
Category: Malware
Content: GoliathStress is being advertised as a Layer 4 & 7 DDoS stresser service claiming to bypass major protection systems including Cloudflare, OVH, Hetzner, Amazon, and Akamai. The service offers custom attack methods targeting game servers (PUBG, FiveM) and heavily protected websites with extreme GBPS power. No specific pricing is mentioned in the GoliathStress posts themselves.
Date: 2026-05-15T00:45:16Z
Network: telegram
Published URL: https://t.me/c/1669509146/98485
Screenshots:
None
Threat Actors: GoliathStress
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Baitzakat (baitzakat.org.eg) exposing 300,000 Egyptian records
Category: Data Leak
Content: A threat actor known as DR-X-LOL claims to have leaked a database from baitzakat.org.eg containing over 300,000 records of Egyptian individuals. The leaked data allegedly includes National ID numbers, phone numbers, government affiliation, full names, and email addresses. The data was made available via a post on a cybercrime forum.
Date: 2026-05-15T00:39:37Z
Network: openweb
Published URL: https://breached.st/threads/baitzakat-org-eg-100k-leaked-database-egypt-flag-egypt.87121/unread
Screenshots:
None
Threat Actors: DR-X-LOL
Victim Country: Egypt
Victim Industry: Government
Victim Organization: Baitzakat
Victim Site: baitzakat.org.eg
Alleged data breach of Colombian Ministry of Health (Ministerio de Salud de Colombia) by Iron Atlas New Generation
Category: Data Breach
Content: Iron Atlas New Generation claims to have breached the Colombian Ministry of Health (Ministerio de Salud de Colombia). The threat actor states they identified security vulnerabilities, notes that some have been patched but many remain unfixed, and has leaked backup files via MediaFire. A vulnerable API endpoint is referenced: https://www.minsalud.gov.co/_api/Web/AllProperties
Date: 2026-05-15T00:31:49Z
Network: telegram
Published URL: https://t.me/c/3518294966/143
Screenshots:
None
Threat Actors: Iron Atlas New Generation
Victim Country: Colombia
Victim Industry: Healthcare/Government
Victim Organization: Ministerio de Salud de Colombia
Victim Site: minsalud.gov.co
Social media account banning and removal service offered on forum
Category: Services
Content: A threat actor operating under the alias SamuraiDDos is advertising a paid service to get accounts banned or content removed across major social media platforms including Instagram, TikTok, YouTube, WhatsApp, Facebook, Twitter/X, Telegram, and Discord. Prices range from $300 to $1,400 depending on the platform, with processing times of up to 21 days. The actor also claims to offer data lookup and account recovery or unban services.
Date: 2026-05-15T00:19:45Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85Social-Media-Service-BAN-Instagram-WhatsApp-FB-TikTok-Youtube-X-Telegram-Discord
Screenshots:
None
Threat Actors: SamuraiDDos
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
DDoS-for-hire service offered by threat actor SamuraiDDos
Category: DDoS
Content: A threat actor operating under the alias SamuraiDDos is advertising a DDoS-for-hire service on the Cracked.st forum. No additional details regarding pricing, capacity, or targets are available from the post content.
Date: 2026-05-15T00:19:27Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9C%85DDOS-Attack-Powerful-DDOS-Service-Order-DDOS
Screenshots:
None
Threat Actors: SamuraiDDos
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged GoliathStress DDoS Stresser Service Advertisement
Category: Malware
Content: GoliathStress is being advertised as a Layer 4 & 7 DDoS stresser service claiming to bypass major protection systems including Cloudflare, OVH, Hetzner, Amazon, Akamai, and Hostinger. The service offers custom attack methods, extreme GBPS power, and specialized game server attack capabilities (PUBG, FiveM). Service is actively recruiting customers through Telegram.
Date: 2026-05-15T00:12:50Z
Network: telegram
Published URL: https://t.me/c/1669509146/98482
Screenshots:
None
Threat Actors: GoliathStress
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of IMAP combo list
Category: Combo List
Content: A threat actor is advertising an IMAP combo list, directing interested parties to a Telegram account and two Telegram groups offering free combos and tools. No details on record count, targeted services, or data origin are provided in the post.
Date: 2026-05-15T00:01:04Z
Network: openweb
Published URL: https://crackingx.com/threads/75296/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown