[June-03-2026] Daily Cybersecurity Threat Report

1. Critical Data Breaches and Intelligence Leaks

1.1 Government, Military, and Critical Infrastructure

The analyzed period revealed unprecedented exposures of classified and citizen data across multiple nation-states.

China National Supercomputing Center (NSCC): A threat actor, identified in separate posts as tolerantcyber2 and stormbyteoverrideX, claimed to have exfiltrated over 10 petabytes of data from the NSCC in Tianjin. The dataset allegedly includes simulation data, design files, satellite telemetry, and classified military-aerospace research spanning stealth technology, gravitational wave sensors, and bunker-buster modeling. The actor claimed to have proof files, including directory listings and technical diagrams.
Russian Ministry of Internal Affairs (MVD): A threat actor named loptrgod is selling an alleged database dump covering passport and migration records from 2004 to 2023. The dataset totals approximately 636 GB across three tables and purportedly contains full names, passport numbers, SNILS insurance IDs, registration addresses, photos, and passport scans for an estimated 159 million Russian citizens.
Taiwan Psychological Warfare Team: A threat actor named yamadat0m99 claims to have leaked a verified and complete internal database purportedly belonging to Taiwan’s Psychological Warfare Team. The post alleges the organization is under surveillance by China, the United States, and Japan, though no content was available to confirm the data’s volume.
Indonesian Law Enforcement (POLRI / Polda Pamong Praja): Multiple breaches targeted Indonesian police. Threat actor 053o offered PII belonging to Indonesian National Police (POLRI) personnel across multiple regional commands. Separately, actor V0idix freely distributed an alleged database of 341,800 POLRI records in CSV format, claiming the release was retaliatory for a wrongful arrest. Furthermore, actor AlixploitCapung and the Rakyat Digital Crew leaked personnel records from the Indonesian Civil Service Police Unit (Polda Pamong Praja).
Mexican Government Entities: A threat actor named sativa claimed to have leaked 87.5 million rows (21.4 GB) of data spanning 1997–2026 from three Estado de Mexico systems: CAEM (water commission), SIAF (financial administration), and SIGED (document management). The leak allegedly includes PII on 10,513 employees, 763K payroll records, 16.1 million general ledger entries, 162K checks, and 1,105 decrypted SIAF user credentials. Additionally, Black0ut_Exi offered approximately 1 million highly sensitive biometric and immigration records from the Instituto Nacional de Migración (INM). Olympus_Group affiliates leaked 5.69 GB of pension records from ISSSTE and over 10,000 user records from the Nayarit Public Property Registry.
Central East Correctional Centre (Canada): Threat actor Moneyistime distributed alleged SQL database dumps totaling over 70 GB from this provincial jail. The data reportedly includes staff credentials, inmate cell assignments, informant registries, guard patrol schedules, and electronic access control configurations dated May 31, 2026.

1.2 Technology, Social Media, and Dating Platforms

Threat actors advertised massive datasets affecting hundreds of millions of users globally.

Tianya: Threat actor ChinaTomchent claims to have exfiltrated over 127 million rows of user data from the Chinese online community tianya.net on June 1, 2026. The actor alleged the breach was conducted via blind SQL injection against a TiDB cluster, exploiting launch-day DDoS chaos to mask low-frequency probing. The data, containing usernames, password hashes, and registration emails, was purportedly staged through the victim’s object storage and exfiltrated over twelve hours using a memory-resident webshell.
Instagram: A threat actor named tennezza offered an alleged database containing over 17 million US user records in a 1.3GB file, claiming verification against live accounts. Concurrently, actor Gh0s7 advertised a claimed full 2025 Instagram database, alongside premium databases from unnamed sites, on the CX forum.
Bumble and Grindr: Threat actor Euphoric_Reply_5727 offered a clean JSON dump containing over 32 million Bumble user records for $999 via Telegram. The dataset purportedly includes email addresses, bcrypt-hashed passwords, and detailed profile data such as political and religious preferences. Additionally, threat actors leakingshi and nilojeda independently advertised the alleged complete Grindr user database containing 15 million records of personal registration data for $400 in cryptocurrency.
Stripchat: Actor Euphoric_Reply_5727 offered an alleged database from stripchat.com containing records for approximately 62.3 million users and 408,763 models for $799.
Breached Forums: Actor un00000n shared a 905 GB magnet torrent link purportedly containing the full Breached Forums CDN database archive. Concurrently, actor gopher2004 distributed a file claimed to contain 150,000 URLs extracted from a SQL dump of the forum covering 2022-2024.

1.3 Retail, E-Commerce, and Corporate

Dukaan (mydukaan.io): Threat actor stalker8083 claims to be selling a full database dump from the Indian e-commerce platform, allegedly containing 100 million user records. The dataset reportedly spans multiple tables including user accounts, transaction history, and encrypted payment API keys.
Myntra: Actor ItsurJoker is reselling an alleged database from the Indian fashion e-commerce platform Myntra, claiming 17 million records dated April 2026, priced at $1,500.
Nissan Motor Co., Ltd.: The Everest ransomware group claims to have exfiltrated approximately 910 GB of data from an IT contractor’s FTP servers supporting the Nissan and Infiniti dealer network in North America, following a failed ransom demand. The leaked dataset reportedly contains over 2,352,984 customer records spanning 2013 to January 2026 across 1,211 CSV files.
Eleonor.mx: Actor MedData is selling the alleged complete clinical database of Mexico’s leading ambulatory EHR platform. The dataset purportedly includes 2,704,652 patient records with full PHI/PII, 1,246,885 prescriptions, and 184,842 verified national ID (CURP) numbers. The actor also claims active access, including OAuth refresh tokens and Google Calendar read/write access.
Charter Communications: Approximately 4.9 million customers of the US telecommunications company had personal information exposed in a cyberattack. Data of approximately 85,000 employees was also leaked after a hacking group failed to extort a ransom.

1.4 Finance, Cryptocurrency, and Energy Sector

Ledger and Trezor Hardware Wallets: Multiple exposures targeted cryptocurrency wallet owners. Actor Frenshyny offered a dataset attributed to Ledger containing 292,000 records at $300 per 50,000 lines. Actor Euphoric_Reply_5727 claimed to sell a deduplicated Excel file containing 70,927 US-based buyers of Ledger and Trezor wallets, allegedly extracted from a major shipping company’s internal database.
Cryptocurrency Exchanges: Actor vothan offered a large collection of databases from over 100 cryptocurrency exchanges and financial platforms, including Coinbase, CoinMarketCap, Celsius Network, and Crypto.com. Additionally, actor orvyn01 sold an alleged Binance user database containing KYC verification status for over 10,000 accounts for 7 XMR , and actor Frenshyny offered an alleged database of 1.7 million records from the Australian exchange Independent Reserve.
Energy Entities: Actor gang offered a 109.79 GB database allegedly belonging to Iberdrola, Spain’s largest energy group, containing over 7 million customer records. Actor Solana0011 sold an alleged database from Emirates National Oil Company (ENOC) containing up to 580,000 contacts. Actor V0idix leaked a partial dump of CEMIG’s IBM Watson AI agent conversation data, exposing approximately 474,519 unique PII entries.

2. Initial Access and Vulnerability Exploitation

Threat actors heavily advertised initial access to corporate and government networks, alongside the sale of zero-day exploits.

2.1 Initial Access Brokerage

Target Entity	Access Type & Privileges	Actor	Details & Pricing
Malaysian Municipal Government	OpenVPN (Domain Admin)	Toton	Network of ~50 hosts protected by Cylance AV/EDR. Listed at $978.
Indonesian Mining Company	ConnectWise RMM (Domain User)	tiger	Target has $1B–$5B revenue. No AV/EDR detected. Listed at $371.
Farmex Freshia Trading LLC (UAE)	Full System & Data Access (Admin)	blacknet00	Compromised Globiro ecommerce system. Listed at $100.
National Research Nuclear University MEPhI (Russia)	Remote Access / Internal Network	Infrastructure Destruction Squad	Compromised credentials for IT Systems Manager and nuclear employees. Actor intends to extort or sell to Ukraine.
Italian Pharmacy	Video Surveillance System (CCTV)	NoName057(16)	Real-time access to live CCTV feeds. Geopolitically motivated attack related to NATO support.
cartedepeche.fr (France)	Admin Web Panel	AplaGroup	Access to French fishing license authority. Seller notes an SQL vulnerability on the platform.

2.2 Exploits and Vulnerabilities

Mozilla SpiderMonkey 0day: Actor berz0k is offering a claimed zero-day remote code execution exploit targeting Mozilla’s SpiderMonkey JavaScript engine for $120,000. The exploit reportedly chains two memory corruption vulnerabilities to achieve arbitrary shellcode execution.
Windows Netlogon (CVE-2026-41089): A critical buffer overflow vulnerability in the Windows Netlogon service (CVSS 9.8/10) allows remote code execution without credentials. Despite a May 2026 Microsoft patch, threat actors are actively attempting to exploit this vulnerability in real-world attacks.
DarkForums SQL Injection: Actor lmfao_ibb_co_Kx4ct5Jy advertised the sale of an alleged SQL injection exploit targeting DarkForums via Telegram, providing an image link as proof.

3. Widespread Website Defacement Campaigns

June 2 and 3 saw highly coordinated mass defacement campaigns operated by distinct threat actor groups targeting global infrastructure.

3.1 The “0xteam” / “chinafans” Campaign

Operating under the group 0xteam, the threat actor “chinafans” executed a prolific string of website defacements, strictly targeting single-site paths (typically /0x.txt) rather than initiating mass homepage takeovers. This indicates a systemic file-drop compromise technique. The campaign targeted diverse global entities:

Australia & New Zealand: Beach House Realty , United Plumbing , Rules of the Road Australia , NZ Wholesale , and Ebb and Flow (redefacement).
United States: Garage Door Pro Solutions , TPP Landscape Services , Indy Travel Club , Advanced Flooring Inc , and Bradley P. Thomas.
Europe: 44andmore (Netherlands) , Validee (Belgium) , Korbiel (Poland) , National Institute of Nutrition (UK) , and Studio Commercialista Dottoressa Rosset (Italy, redefacement).
Latin America: Maxxima Travel (Brazil) , Rede Cidades Resendenses (Brazil) , AG Test (Brazil) , and Drinking Water Solutions (Mexico).
Asia & Africa: Comfort House (Pakistan) , Tiger4India , VOV Media (Vietnam) , Nha Hau Trong Goi (Vietnam) , FSI Mozambique , and IGI Nigeria.
Other domains targeted included: insightpicz.me , dapper.black , artisitiy.com , smartcampusplus.com , baggyco.com , iwaf.world , gelatoflos.com , babystukitaki.com , motivationalmantra.com , innovaipa.com , thetransformationchix.com , giftedhealth.com , brandlux.shop (redefacement) , uaenlpacademy.com (redefacement) , wangamukulukingdom.org , elderproductions.com , vnc-international.com (redefacement) , and indiajara.com. All incidents were archived via zone-xsec.com.

3.2 The “Zod” Mass Defacement Operation

Threat actor Zod executed a mass defacement campaign strictly targeting Linux-based servers, deploying defacement pages at the specific path /zod.html. The campaign’s signature suggests automated exploitation of a shared vulnerability across Linux web hosts. All incidents were mirrored at haxor.id. Victims included:

United Kingdom: Layka Travel World , Sanray , Godal Property , Eternal Garments Ltd , and Ghost LA Clothing Ltd.
India: Sukalp Magazine , Apple Crop , Neastha Sales , Coastal Kitchenware , pwps.in , and Chetan Singadia.
Greece: fhh.gr.
Multiple Stravelakis Domains: nextcoral.stravelakis.com , rr.stravelakis.com , and reflexologist.stravelakis.com.
Other targeted domains: dvincorporation.com , laykavisa.com , evershinedrug.com , and rainbowpaintmart.com.

3.3 The “DimasHxR” Campaign

Actor DimasHxR independently targeted specific subdirectories, particularly media and customer directory paths, indicating exploitation of web application file structures. Recorded via zone-xsec.com, the targets included:

Americas: Superior Pads (US) , Krames4Heart (US) , Krames4Lungs (US) , Breakthrough Clean (US) , PhotoColor (Brazil, redefacement) , Lemarcare (Brazil) , and Helly Hansen Chile (redefacement).
Europe & Oceania: Annys (Australia) , Creative Classrooms (New Zealand, redefacement) , La Perle de Marie Jo (France, redefacement) , yun-berlin.com (Germany) , scar.it (Italy) , rbautooprema.rs (Serbia) , macihome.eu (redefacement).
Russia: partnumber-710.ru , fakelfreedom.ru , longavitaimplantacia.ru , and mastermoskva.ru.
Asia: Reunion (Thailand).
Other domains: chowaniec.design , noyah.com , linkaskura.com (redefacement) , superiridium.com , zigtop.com , wonderland.shop , wellnessmarkshop.com (redefacement) , avinusa.com , rubafashion.store , ffsfacilitator.com , and awds.io.

3.4 Other Defacement Activity

Midas Haxor Team: Actor Marleng1337 defaced Daryl Balfour’s media site (targeting mrlg.php) and Swiss data services domain DataSign.
Claudexxx: Acting independently, Claudexxx redefaced the homepage of Indian energy utility Spark Vidyut and defaced Smart Education College.
Team Hazardous Pk: Actor overthrash1337 defaced the homepage of the Indian regional portal Jaisalmer Portal.
JUNZXSEC: Claimed defacement of the Pamekasan Regency government website (pamekasankab.go.id) in Indonesia.

4. Threat Actor Profiles and Operations

4.1 ShinyHunters

The ShinyHunters group maintained a highly visible operational tempo. The group claimed responsibility for breaching Cisco Systems through three vectors (UNC6040, Salesforce Aura, and AWS accounts), exposing over 3 million Salesforce records and internal corporate data. They also advertised access to MediaMart Vietnam. Concurrently, the group announced updates to their infrastructure, migrating from shinyhunte[.]rs to shinyhunters[.]ru, and promoted their Tor-based forum access. In official statements, ShinyHunters actively distanced themselves from impersonators (specifically naming “Mattys Savoie”), rejected unauthorized actions attributed to them regarding Salesforce, and announced the resurgence of the BreachForums platform.

4.2 Infrastructure Destruction Squad

This group demonstrated a focus on destructive operations and high-value intelligence theft, heavily targeting Russian infrastructure. They claimed successful attacks against a Russian factory , the compromise of senior officials’ phones , and the breach of the Russian National Nuclear Research University (MEPhI). At MEPhI, they allegedly compromised IT Systems Manager Konstantin Martinov and nuclear employee A.A. Ivanov, gaining full network access credentials. The group also compromised the Heartland Free Church in the US, utilizing a proprietary TRK25 ADVANCED SCADA exploitation tool to exploit Linux SMB null session vulnerabilities.

4.3 Advanced Persistent Threats (APTs)

Kimsuky (Velvet Chollima): Security researchers reported that the North Korean hacking group conducted sophisticated cyber attacks against South Korean military and corporate entities using a remote access trojan named HTTPSpy. The group utilized social engineering tactics, including fake security software installers and fraudulent Webex meeting invitations.

5. Cybercrime Services, Malware, and Carding Operations

Underground forums showcased a robust economy for financial fraud, malware distribution, and identity theft.

5.1 Malware and Phishing Infrastructure

DriveSurge Campaign: A hacking group named DriveSurge compromised thousands of websites to distribute malware via fake browser update pages. The social engineering tactic tricks users into executing commands under the guise of fixing technical issues.
Office 365 Token Harvester: Threat actor office_365shop offered a Microsoft Office 365 phishing panel that utilizes token-link techniques to silently harvest authenticated browser sessions. This bypasses credential requirements, granting full access to Outlook and OneDrive.
Browser Cache Loader: Actor PUSU advertised a tool designed to bypass Mark of the Web (MoTW) Zone.Identifier tagging and Windows SmartScreen protections, allowing payload execution without triggering security warnings.
VoIP Phishing Bot: Actor nicenicenice sold a Telegram-based P1 bot with its Asterisk source code, designed for automated VoIP phishing (vishing) campaigns with custom caller IDs and concurrent call capabilities.
RAT Distribution: A WhatsApp channel linked to “DEWATA BLACKHAT” offered to distribute a Remote Access Trojan (RAT) along with its source code via terminal.

5.2 Carding and Financial Fraud

Financial cybercrime offerings were prevalent, involving physical and digital fraud mechanisms.

Carding Services: Actor Nakedcave advertised a carding-based fulfillment service capable of placing fraudulent orders for food delivery, electronics, and travel bookings across platforms like Uber Eats, Airbnb, and Delta Airlines. Actor Casperdag offered cloned ATM cards, non-VBV cards, and freshly skimmed dumps with PINs (Track 101/201), alongside fraudulent PayPal and Western Union transfers. Actor Clara12 sold non-VBV stolen payment cards , while actor RICHOFccS offered stolen EBT cards and dumps via WhatsApp. Actor Bank boi sold credit cards and CVVs at $20–$30 per card.
Bank Accounts and Cryptocurrency: Actor Fsport sold self-made, aged, and verified US bank accounts (Chase, Bank of America, Coinbase) with cashout services. Actor Ramp advertised “LuxuCard,” a service offering no-KYC Visa and Mastercard cards purchasable with cryptocurrency. An actor named Alexandr offered a 10%+ commission to launder cryptocurrency by purchasing USDT to bypass Chinese policy restrictions.

5.3 Identity Theft and Credential Sales

Document Forgery: Actor silasclark sold fullz (SSN, DOB, DL), KYC-bypass documents, tax return fullz, Medicare leads, and children’s fullz (2013–2025). Actor jannatmirza11 and jannat123 offered similar fraudulent identity documents. Threat actor oaaaoxxz sold ID documents with selfie photos belonging to 252 individuals associated with the adult platform fanspicygroup.com.
Mail and Service Access: Actor EngineeringPhantom and DataxLogs advertised the sale of mail access credentials, configs, scripts, and combolists targeting countries globally. DataxLogs also advertised Python-based credential stuffing tools (Silverbullet, Openbullet 2). Actor Yuze sold targeted email account access to Hotmail, Yahoo, and service accounts (Walmart, eBay, Uber) for users in the USA, UK, and Canada.

Conclusion

The data provided for June 2-3, 2026, highlights a severe threat environment characterized by massive exfiltrations of nation-state intelligence, the systematic defacement of global web infrastructure, and a thriving underground economy for exploits, initial access, and financial fraud. The operations of groups like ShinyHunters and Infrastructure Destruction Squad demonstrate advanced capabilities targeting both corporate environments and critical nuclear and government infrastructure.

Detected Incidents Draft Data – 2026-06-03 (run date)

Sale of alleged Instagram and multi-site database dumps
Category: Data Breach
Content: A threat actor on CX forum is advertising the sale of what they claim to be a full 2025 Instagram database along with premium databases from various unnamed websites. The post directs interested buyers to a Telegram channel. No record counts or sample data were provided in the post.
Date: 2026-06-03T04:42:18Z
Network: openweb
Published URL: https://crackingx.com/threads/77760/
Screenshots:
1 screenshot(s) available
Threat Actors: Gh0s7
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Instagram
Victim Site: instagram.com
Alleged Data Leak of Taiwan Psychological Warfare Team Internal Database
Category: Data Leak
Content: A threat actor claims to have leaked an internal database purportedly belonging to Taiwans Psychological Warfare Team, asserting it is verified and complete. The post alleges the organization is under surveillance by China, the United States, and Japan. No post content was available to confirm the nature or volume of the data.
Date: 2026-06-03T04:09:20Z
Network: openweb
Published URL: https://xforums.st/threads/exclusiveverified-and-complete-internal-database-of-the-taiwan-psychological-warfare-team-under-comprehensive-surveillance-by-china-the-us-japan.618499/
Screenshots:
None
Threat Actors: yamadat0m99
Victim Country: Taiwan
Victim Industry: Government
Victim Organization: Taiwan Psychological Warfare Team
Victim Site: Unknown
Alleged data breach of Arenateam
Category: Data Breach
Content: A threat actor claims to have had full access to the Arenateam panel, extracting all source code and SQL database files. The actor has made the data publicly available via an anonymous file-sharing link and provided a screenshot as proof of access.
Date: 2026-06-03T03:58:37Z
Network: openweb
Published URL: https://breached.su/threads/arenateam-ir.87836/unread
Screenshots:
1 screenshot(s) available
Threat Actors: nearlevrai
Victim Country: Iran
Victim Industry: Unknown
Victim Organization: Arenateam
Victim Site: arenateam.ir
Sale of initial access to Malaysian municipal government via OpenVPN with Domain Admin privileges
Category: Initial Access
Content: A threat actor is selling OpenVPN (OpenVPN) access to an unnamed Malaysian municipal government entity with Domain Admin privileges. The target network consists of approximately 50 hosts and is protected by Cylance AV/EDR. The access is listed at $978 and is available via direct message or through a darknet marketplace.
Date: 2026-06-03T03:38:25Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78666
Screenshots:
1 screenshot(s) available
Threat Actors: Toton
Victim Country: Malaysia
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Fokko Juweliers
Category: Data Breach
Content: A threat actor is selling a 1.5GB SQL and CSV database allegedly extracted from Fokko Juweliers, a Dutch online jewelry retailer. The sample data includes customer records with full names, email addresses, hashed passwords, IP addresses, and newsletter subscription details from the PrestaShop ps_customer table. The seller is advertising via Telegram under the handle @Darkmafiaxx.
Date: 2026-06-03T03:37:26Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Online-Gold-And-Jewelry-Store-Database-%E2%80%93-Fokkojuweliers-nl-Netherlands–78544
Screenshots:
1 screenshot(s) available
Threat Actors: DarkMafiaX
Victim Country: Netherlands
Victim Industry: Retail
Victim Organization: Fokko Juweliers
Victim Site: fokkojuweliers.nl
Alleged data breach of mydukaan.io exposing 100 million user records
Category: Data Breach
Content: A threat actor claims to be selling a full database dump from mydukaan.io, an Indian e-commerce platform, allegedly containing 100 million user records across multiple tables including user accounts, buyer addresses, transaction history, order costs, and encrypted payment API keys. Sample data includes phone numbers, email addresses, full names, and physical addresses consistent with Indian users. The dataset also reportedly includes purchase history and seller records.
Date: 2026-06-03T03:36:42Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78575
Screenshots:
1 screenshot(s) available
Threat Actors: stalker8083
Victim Country: India
Victim Industry: Retail
Victim Organization: Dukaan
Victim Site: mydukaan.io
Alleged data breach of Russian Ministry of Internal Affairs (MVD) passport database
Category: Data Breach
Content: A threat actor is selling an alleged database dump attributed to the Russian Ministry of Internal Affairs (MVD), covering passport and migration records from 2004 to 2023. The dataset, totaling approximately 636 GB across three tables, purportedly contains full names, passport numbers, SNILS insurance IDs, registration addresses, photos, and passport scans for an estimated 159 million citizens. The seller offers the data in SQL or CSV format and accepts escrow.
Date: 2026-06-03T03:36:03Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78614
Screenshots:
1 screenshot(s) available
Threat Actors: loptrgod
Victim Country: Russia
Victim Industry: Government
Victim Organization: Russian Ministry of Internal Affairs (MVD)
Victim Site: mvd.ru
Alleged data breach of Stripchat
Category: Data Breach
Content: A threat actor is selling an alleged database from stripchat.com containing records for approximately 62.3 million users and 408,763 models. The dataset is claimed to include full profile data and login emails. The seller is offering the data for $799 via Telegram.
Date: 2026-06-03T03:35:22Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78630
Screenshots:
1 screenshot(s) available
Threat Actors: Euphoric_Reply_5727
Victim Country: Unknown
Victim Industry: Entertainment
Victim Organization: Stripchat
Victim Site: stripchat.com
Alleged data breach of Bumble dating app
Category: Data Breach
Content: A threat actor is selling an alleged database dump from Bumble containing over 32 million user records. The dataset purportedly includes email addresses, bcrypt-hashed passwords, phone numbers, and detailed profile data such as name, date of birth, location, employment, education, political and religious preferences, and linked social accounts. The seller is offering the clean JSON dump for $999 via Telegram.
Date: 2026-06-03T03:34:40Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Bumble-dating-app-32-million-users-DB–78631
Screenshots:
1 screenshot(s) available
Threat Actors: Euphoric_Reply_5727
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Bumble
Victim Site: bumble.com
Alleged data breach of justeet.co.uk
Category: Data Breach
Content: A threat actor is selling an alleged database from justeet.co.uk, a food delivery platform based in Wales, UK. The dataset reportedly contains approximately 398,000 records with fields including user IDs, names, email addresses, phone numbers, date of birth, loyalty IDs, and account metadata. A data sample was shared via Pastebin as proof, with contact details provided for purchase inquiries.
Date: 2026-06-03T03:33:43Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78541
Screenshots:
1 screenshot(s) available
Threat Actors: Databroker1
Victim Country: United Kingdom
Victim Industry: Food Delivery
Victim Organization: Justeet
Victim Site: justeet.co.uk
Alleged data breach of German Volksbank
Category: Data Breach
Content: A threat actor is offering an alleged dataset attributed to German Volksbank for sale at $150. The listing claims 2.1 million lines of data, with samples and proof available via direct message. No further details on specific data fields were disclosed in the post.
Date: 2026-06-03T03:32:27Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78578
Screenshots:
1 screenshot(s) available
Threat Actors: Frenshyny
Victim Country: Germany
Victim Industry: Finance
Victim Organization: Volksbank
Victim Site: volksbank.de
Alleged data breach of undisclosed Japanese organization with 23 million records
Category: Data Breach
Content: A threat actor is selling an alleged database of Japanese citizens containing approximately 23 million lines. The full database is available for purchase, with half offered at $150. Samples and proof are available via direct message.
Date: 2026-06-03T03:31:49Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78579
Screenshots:
1 screenshot(s) available
Threat Actors: Frenshyny
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Ledger with 292,000 records offered for sale
Category: Data Breach
Content: A threat actor is offering for sale an alleged dataset attributed to Ledger, priced at $300 per 50,000 lines. The dataset reportedly contains 292,000 records with fields including email, full name, physical address, phone number, gender, date of birth, and identifiers. Sample records provided appear to contain US-based individuals.
Date: 2026-06-03T03:31:14Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78583
Screenshots:
1 screenshot(s) available
Threat Actors: Frenshyny
Victim Country: United States
Victim Industry: Finance
Victim Organization: Ledger
Victim Site: ledger.com
Sale of PII belonging to Indonesian National Police (POLRI) personnel
Category: Data Breach
Content: A threat actor is offering for sale personally identifiable information belonging to Indonesian National Police (POLRI) officers, including full name, rank, assignment/unit, phone number, and email address. Sample records expose personnel across multiple regional police commands (Polda) throughout Indonesia. The dataset appears to contain a significant number of records beyond the samples shown.
Date: 2026-06-03T03:29:31Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78594
Screenshots:
1 screenshot(s) available
Threat Actors: 053o
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Indonesian National Police (POLRI)
Victim Site: polri.go.id
Alleged data breach of ENOC (Emirates National Oil Company)
Category: Data Breach
Content: A threat actor is selling an alleged database from enoc.com containing up to 580,000 contacts. Sample records include full names, phone numbers, email addresses, gender, date of birth, nationality, insurance type, and account activation dates. The seller is directing interested buyers to a Telegram contact for purchase.
Date: 2026-06-03T03:28:53Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78596
Screenshots:
1 screenshot(s) available
Threat Actors: Solana0011
Victim Country: United Arab Emirates
Victim Industry: Energy
Victim Organization: Emirates National Oil Company (ENOC)
Victim Site: enoc.com
Sale of 0day RCE exploit for Mozilla SpiderMonkey JS Engine
Category: Vulnerability
Content: A threat actor is offering for sale a claimed 0day remote code execution exploit targeting Mozillas SpiderMonkey JavaScript engine. The seller states the exploit chains two memory corruption vulnerabilities to achieve arbitrary shellcode execution. The asking price is $120,000.
Date: 2026-06-03T03:27:45Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-0day-Mozilla-SpiderMonkey-JS-Engine-RCE–78628
Screenshots:
1 screenshot(s) available
Threat Actors: berz0k
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Mozilla
Victim Site: mozilla.org
Alleged data breach of Eleonor.mx — Mexicos leading ambulatory EHR platform with 2.7M patient records
Category: Data Breach
Content: A threat actor is selling the alleged complete clinical database of Eleonor.mx, described as Mexicos leading ambulatory EHR platform. The dataset purportedly includes 2,704,652 patient records with full PHI/PII, 1,246,885 prescriptions, 448,944 timestamped consultations, 264,969 minor patients, and 184,842 verified national ID (CURP) numbers spanning 2020 through May 2026. The actor also claims active access including OAuth refresh tokens and Google Calendar read/write access for thousands of p
Date: 2026-06-03T03:27:07Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78632
Screenshots:
3 screenshot(s) available
Threat Actors: MedData
Victim Country: Mexico
Victim Industry: Healthcare
Victim Organization: Eleonor
Victim Site: eleonor.mx
Alleged data breach of Binance
Category: Data Breach
Content: A threat actor is selling an alleged Binance user database containing email addresses, hashed passwords, and KYC verification status for over 10,000 accounts. The data is offered for 7 XMR and delivered as a CSV file. The claim is unverified and Binance has not publicly confirmed any such breach.
Date: 2026-06-03T03:26:22Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78641
Screenshots:
1 screenshot(s) available
Threat Actors: orvyn01
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Binance
Victim Site: binance.com
Alleged data breach of Iberdrola
Category: Data Breach
Content: A threat actor is selling an alleged database belonging to Iberdrola, Spains largest energy group, claimed to have been hacked by RP. The dataset reportedly contains over 7 million customer records with a file size of 109.79 GB. A 1,000-record sample is offered alongside the full database.
Date: 2026-06-03T03:25:44Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78656
Screenshots:
1 screenshot(s) available
Threat Actors: gang
Victim Country: Spain
Victim Industry: Energy
Victim Organization: Iberdrola
Victim Site: iberdrola.es
Sale of Multiple Crypto and Financial Organization Databases
Category: Data Breach
Content: A threat actor is offering for sale or trade a large collection of databases from numerous cryptocurrency exchanges, financial platforms, and related services, including major entities such as Coinbase, CoinMarketCap, Celsius Network, Crypto.com, and others. The post lists over 100 individual databases with record counts ranging from hundreds to tens of millions of records per organization. The combined dataset represents a significant exposure of user data across the global crypto and financial…
Date: 2026-06-03T03:25:03Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78683
Screenshots:
4 screenshot(s) available
Threat Actors: vothan
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged SQL injection vulnerability or exploit targeting DarkForums
Category: Vulnerability
Content: A threat actor is advertising the sale of an alleged SQL injection exploit targeting DarkForums via Telegram. The post includes an image link purportedly showing proof of the vulnerability. No further technical details or price were specified in the post.
Date: 2026-06-03T03:24:23Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-darkforum-sql-inj-ibb-co-Kx4ct5Jy-selling-randomnigabotsss1bot-TELEGRAM–78704
Screenshots:
1 screenshot(s) available
Threat Actors: lmfao_ibb_co_Kx4ct5Jy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: DarkForums
Victim Site: darkforums.su
Alleged data breach of Egyptian government domain exposing national ID card images
Category: Data Breach
Content: A threat actor claims to have exfiltrated a 2 GB archive of Egyptian national ID card images belonging to citizens and teachers from an unspecified Egyptian government domain. The actor is offering the data for sale via Telegram and has published a sample download link. The breach is alleged to have occurred in 2026.
Date: 2026-06-03T03:23:15Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78715
Screenshots:
1 screenshot(s) available
Threat Actors: Anonymous2090
Victim Country: Egypt
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Sale of Telegram-based P1 bot with VoIP phishing campaign features
Category: Phishing
Content: A threat actor is offering for sale a Telegram-based P1 bot along with its source code, designed to conduct automated VoIP phishing (vishing) campaigns. The tool supports configurable concurrent calls, custom caller IDs, campaign modes, CSV contact uploads, and press-1 lead capture. The seller claims the source code includes a pre-configured Asterisk setup and accepts trusted escrow for transactions.
Date: 2026-06-03T03:22:38Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78721
Screenshots:
1 screenshot(s) available
Threat Actors: nicenicenice
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Bolivia Ministry of Health Unified Health System (SUS)
Category: Data Breach
Content: A threat actor claims to have breached the Bolivian Unified Health System (SUS) and extracted 8,469,080 records in SQL format. The dataset includes national ID numbers, full names, dates of birth, sex, marital status, nationality, address details, and phone numbers of enrolled individuals. The data is being offered for sale on a dark web forum.
Date: 2026-06-03T03:21:13Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78754
Screenshots:
1 screenshot(s) available
Threat Actors: konata_izumi_shell
Victim Country: Bolivia
Victim Industry: Healthcare
Victim Organization: Ministry of Health Bolivia – Unified Health System (SUS)
Victim Site: Unknown
Alleged data breach of undisclosed US shipping company exposing hardware wallet buyer records
Category: Data Breach
Content: A threat actor claims to be selling a dataset of 70,927 US-based buyers of Ledger and Trezor hardware wallets, allegedly extracted from a major shipping companys internal database. The data covers purchases made between January and May 2026 and is offered as a cleaned, deduplicated Excel file. The records likely include personally identifiable information of cryptocurrency hardware wallet purchasers, making them high-value targets for social engineering and theft.
Date: 2026-06-03T03:19:25Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78768
Screenshots:
1 screenshot(s) available
Threat Actors: Euphoric_Reply_5727
Victim Country: United States
Victim Industry: Logistics
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of 2M records from Tianyancha (Chinese technology service)
Category: Data Breach
Content: Breachforums user mr-hanz-xploit is advertising the sale of approximately 2 million records allegedly from Tianyancha.com, a Chinese technology/business intelligence service. The listing indicates a data breach with stolen records being offered for sale on underground forums.
Date: 2026-06-03T02:43:20Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/344
Screenshots:
2 screenshot(s) available
Threat Actors: mr-hanz-xploit
Victim Country: China
Victim Industry: Technology/Business Intelligence
Victim Organization: Tianyancha
Victim Site: tianyancha.com
Sale of alleged database from Tianyancha (tianyancha.com) with 2 million records
Category: Data Breach
Content: A threat actor is offering for sale an alleged database from Tianyancha (tianyancha.com), a Chinese business intelligence and corporate data platform, claiming approximately 2 million records. The post provides minimal detail beyond a sample and contact instructions. The nature and contents of the data have not been independently verified.
Date: 2026-06-03T02:42:02Z
Network: openweb
Published URL: https://breached.su/threads/sell-technology-service-2m-china-tianyancha-com-2m.87835/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Mr. Hanz Xploit
Victim Country: China
Victim Industry: Technology
Victim Organization: Tianyancha
Victim Site: tianyancha.com
Alleged ShinyHunters Threat Actor Profile and Contact Information
Category: Cyber Attack
Content: ShinyHunters threat actor group has disclosed their official domain (shinyhunters.ru), breach forum profile, session ID, email contact ([email protected]), XMPP contact ([email protected]), and support contact handle (@shsupportsh). This represents active threat actor infrastructure and communication endpoints.
Date: 2026-06-03T02:18:26Z
Network: telegram
Published URL: https://t.me/c/3500620464/9066
Screenshots:
1 screenshot(s) available
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Fullz, Payment Card Dumps, and Identity Documents on Criminal Forum
Category: Carding
Content: A threat actor operating under the alias silasclark is advertising a wide range of fraudulent goods and stolen personal data on a cracking forum, including fullz (SSN, DOB, DL, NIN, SIN), payment card dumps with PIN (Track 101 and 202), KYC-bypass documents (passports, IDs with selfies/video), and various lead databases spanning multiple countries. Additional offerings include tax return fullz, Medicare leads, childrens fullz (2013–2025), and fake corporate documents for LLC/LTD/EIN entities.
Date: 2026-06-03T01:57:18Z
Network: openweb
Published URL: https://crackingx.com/threads/77746/
Screenshots:
1 screenshot(s) available
Threat Actors: silasclark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of initial access to Farmex Freshia Trading LLC (Globiro) ecommerce platform
Category: Initial Access
Content: A threat actor claims to have fully compromised Globiro, an ecommerce grocery management system operated by Farmex Freshia Trading LLC in the UAE. The actor is offering full system and data access for sale at $100, including customer PII (names, addresses, phone numbers, emails), order details, invoices, and admin dashboard access with editing permissions. The post includes a claimed proof of hack.
Date: 2026-06-03T01:56:30Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-RDP-UAE-ECOMMERCE-GROCERY-STORE-HACKED
Screenshots:
1 screenshot(s) available
Threat Actors: blacknet00
Victim Country: United Arab Emirates
Victim Industry: Retail
Victim Organization: Farmex Freshia Trading LLC
Victim Site: globiro.com
Alleged Cyber Attack on Heartland Free Church NAS Server
Category: Cyber Attack
Content: A threat actor claims to have breached a NAS server belonging to Heartland Free Church in the United States by exploiting a null session vulnerability via SMB. The actor alleges exfiltration of financial records, identity documents, server credentials, network configurations, and personal files belonging to approximately 25 employees and volunteers. The post offers stolen data and access for sale and notes the presence of trojan malware on the compromised server.
Date: 2026-06-03T01:54:45Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-HEARTLAND-FREE-CHURCH-SERVERS-BREACHED
Screenshots:
1 screenshot(s) available
Threat Actors: blacknet00
Victim Country: United States
Victim Industry: Religious Institution
Victim Organization: Heartland Free Church
Victim Site: Unknown
Alleged data breach of Tianya (tianye.net) exposing 127 million user records
Category: Data Breach
Content: A threat actor claims to have exfiltrated over 127 million rows of user data from Tianya (tianya.net), a large Chinese online community, on June 1, 2026. The actor alleges the breach was conducted by exploiting launch-day DDoS chaos to mask low-frequency probing, ultimately gaining database access via a weak privileged account and exfiltrating records containing usernames, password hashes, and registration emails. A memory-resident backdoor is claimed to have been left on compromised infrastruct…
Date: 2026-06-03T01:52:04Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-China-2026-6-1-tianye-net-Hackers-Memoir-Tianya-Twelve-Hours
Screenshots:
1 screenshot(s) available
Threat Actors: ChinaTomchent
Victim Country: China
Victim Industry: Technology
Victim Organization: Tianya
Victim Site: tianya.net
Sale of stolen payment cards, EBT cards, and card dumps with PINs
Category: Carding
Content: A threat actor is offering stolen EBT cards with PINs, debit and credit cards, and card dumps with PINs for sale via WhatsApp and TextNow. The seller claims all cards carry good balances. Contact is made through personal messaging channels.
Date: 2026-06-03T01:23:33Z
Network: openweb
Published URL: https://altenens.is/threads/whatsapp-1-681-313-5442-got-valid-ebt-pin-track-debit-cards-auto-adds-credit-cards-dumps-pin-all-coming-with-good-balances-inbox.2947992/unread
Screenshots:
1 screenshot(s) available
Threat Actors: RICHOFccS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Homzmart database
Category: Data Leak
Content: A threat actor claims to have leaked the full database of Homzmart, an e-commerce platform, including customer records, addresses, sales orders, payment data, and seller information. The dump consists of two SQL files totaling approximately 4.6GB, containing an estimated 9 million records across multiple tables including seller bank accounts and business information. The data is made available via a hidden download link on the forum.
Date: 2026-06-03T01:09:10Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78617
Screenshots:
1 screenshot(s) available
Threat Actors: hackformetome
Victim Country: Egypt
Victim Industry: Retail
Victim Organization: Homzmart
Victim Site: homzmart.com
Alleged Data Leak of Indonesian National Police Database
Category: Data Leak
Content: A threat actor known as V0idix has freely distributed an alleged database of 341,800 records from the Indonesian National Police. The dataset, provided in CSV format, contains personnel information including rank, name, unit, phone number, and email address. The actor claims the release is retaliatory, following what they allege was a wrongful arrest by Indonesian authorities.
Date: 2026-06-03T01:08:33Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78626
Screenshots:
1 screenshot(s) available
Threat Actors: V0idix
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Indonesian National Police
Victim Site: Unknown
Alleged Data Leak of CEMIG (IBM Watson AI Agent Dump)
Category: Data Leak
Content: A threat actor claims to have taken control of CEMIGs IBM Watson AI agent and exported conversation data spanning September 2022 to April 2026. A partial dump (~0.7% of the full 72GB compressed dataset) has been freely released, containing approximately 474,519 unique PII entries including CPFs, phone numbers, emails, and full customer conversation records. The released sample includes names, Brazilian tax IDs (CPF), contact details, and internal SIP/telephony infrastructure metadata.
Date: 2026-06-03T01:07:53Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78710
Screenshots:
1 screenshot(s) available
Threat Actors: V0idix
Victim Country: Brazil
Victim Industry: Energy
Victim Organization: CEMIG
Victim Site: cemig.com.br
Alleged data breach of Chinas National Supercomputing Center (NSCC) with claimed military and aerospace research leak
Category: Data Leak
Content: A threat actor claims to have exfiltrated over 10 petabytes of data from Chinas National Supercomputing Center in Tianjin and linked high-performance computing clusters associated with AVIC, COMAC, and Chinese space programs. The alleged dataset includes simulation data, design files, satellite telemetry, and classified military-aerospace research spanning stealth technology, gravitational wave sensors, and bunker-buster modeling. The actor claims proof files including directory listings and te
Date: 2026-06-03T01:07:31Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-CHINA-NSCC-SUPERCOMPUTING-BREACH-%E2%80%93-10-PETABYTES-OF-CLASSIFIED-MILITARY-HUGE-LEAK
Screenshots:
3 screenshot(s) available
Threat Actors: tolerantcyber2
Victim Country: China
Victim Industry: Government
Victim Organization: National Supercomputing Center (NSCC)
Victim Site: Unknown
Alleged data leak of Nissan Motor Co., Ltd. by Everest ransomware group
Category: Data Leak
Content: The Everest ransomware group claims to have exfiltrated approximately 910 GB of data from an IT contractors FTP servers supporting the Nissan and Infiniti dealer network in North America, after Nissan allegedly failed to meet ransom demands. The leaked dataset reportedly contains over 2,352,984 customer records spanning 2013 to January 2026, including full names, email addresses, phone numbers, physical addresses, and dealer information across 1,211 CSV files. Access was reportedly gained using
Date: 2026-06-03T01:07:15Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78737
Screenshots:
1 screenshot(s) available
Threat Actors: V0idix
Victim Country: Japan
Victim Industry: Automotive
Victim Organization: Nissan Motor Co., Ltd.
Victim Site: nissan.co.jp
Alleged data breach of Instituto Nacional de Migración (INM) Mexico
Category: Data Breach
Content: A threat actor is offering for sale an alleged database from Mexicos Instituto Nacional de Migración (INM) containing approximately 1 million records. The dataset reportedly includes highly sensitive personal, biometric, and immigration-related fields such as full name, date of birth, CURP, RFC, passport number, judicial orders, detention history, deportation resolutions, and biometric hashes. A sample has been published via an external file-sharing link.
Date: 2026-06-03T01:07:06Z
Network: openweb
Published URL: https://breached.su/threads/for-sale-inm-mx-database.87834/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Black0ut_Exi
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Instituto Nacional de Migración (INM)
Victim Site: inm.gob.mx
Website Defacement of Beach House Realty by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the attacker known as chinafans, affiliated with 0xteam, defaced the Australian real estate website beachhouserealty.com.au. The defacement targeted a specific file path (0x.txt) and was not classified as a mass or home page defacement. The incident was recorded and mirrored by zone-xsec.com.
Date: 2026-06-03T00:57:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930987
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Australia
Victim Industry: Real Estate
Victim Organization: Beach House Realty
Victim Site: beachhouserealty.com.au
Website Defacement of Garage Door Pro Solutions by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, threat actor chinafans operating under the group 0xteam defaced the website of Garage Door Pro Solutions, a home services company likely based in the United States. The attack was a targeted single-site defacement with no indication of mass or repeated defacement activity. The incident was archived and mirrored via zone-xsec.com for record-keeping purposes.
Date: 2026-06-03T00:56:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931002
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Home Services / Construction
Victim Organization: Garage Door Pro Solutions
Victim Site: garagedoorprosolutions.com
Website Defacement of insightpicz.me by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website insightpicz.me, leaving a text-based defacement file at the path /0x.txt. The incident was a targeted, single-site defacement with no mass or re-defacement indicators. Limited technical details are available regarding the server environment or attack vector used.
Date: 2026-06-03T00:55:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930986
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: insightpicz.me
Website Defacement of validee.be by chinafans (0xteam)
Category: Defacement
Content: The website validee.be, a Belgian domain, was defaced by threat actor chinafans operating under the group 0xteam on June 3, 2026. The defacement was recorded as a single targeted incident, not classified as a mass or home page defacement. A mirror of the defaced content was archived by zone-xsec.com for documentation purposes.
Date: 2026-06-03T00:54:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931006
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Belgium
Victim Industry: Unknown
Victim Organization: Validee
Victim Site: validee.be
Website Defacement of Comforthouse by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans, operating under the team 0xteam, defaced the Pakistani home furnishings website comforthouse.pk on June 3, 2026. The defacement targeted a specific file path (0x.txt) rather than the homepage, indicating a targeted file drop rather than a full site takeover. The incident was recorded and mirrored by zone-xsec.com.
Date: 2026-06-03T00:54:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930989
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Pakistan
Victim Industry: Retail / Home Furnishings
Victim Organization: Comfort House
Victim Site: comforthouse.pk
Website defacement of tiger4india.com by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website tiger4india.com by uploading a defacement file at tiger4india.com/0x.txt. The attack appears to be a targeted single-site defacement, with the attacker leaving their signature on the compromised web server. The incident was archived and mirrored by zone-xsec.com for threat intelligence purposes.
Date: 2026-06-03T00:53:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931003
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: India
Victim Industry: Unknown
Victim Organization: Tiger4India
Victim Site: tiger4india.com
Website Defacement of dapper.black by chinafans (0xteam)
Category: Defacement
Content: The website dapper.black was defaced by threat actor chinafans, operating under the group 0xteam, on June 3, 2026. The attacker replaced or altered web content at the path /0x.txt as part of the defacement activity. No specific motive, server details, or proof of compromise were disclosed in the available intelligence.
Date: 2026-06-03T00:52:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931013
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Dapper Black
Victim Site: dapper.black
Website Defacement of Artisitiy by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website artisitiy.com was defaced by threat actor chinafans, operating under the group 0xteam. The defacement was a targeted single-site attack, leaving a text-based proof of compromise at the path /0x.txt. No specific motive or additional technical details were disclosed.
Date: 2026-06-03T00:51:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930994
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Arts and Entertainment
Victim Organization: Artisitiy
Victim Site: artisitiy.com
Website Defacement of TPP Landscape Services by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, threat actor chinafans operating under the group 0xteam defaced the website of TPP Landscape Services, a landscaping company likely based in the United States. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity. A mirror of the defaced page was archived at zone-xsec.com.
Date: 2026-06-03T00:51:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930990
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Landscaping / Horticulture Services
Victim Organization: TPP Landscape Services
Victim Site: tpplandscapeservices.com
Website Defacement of Smart Campus Plus by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans, operating under the group 0xteam, defaced the website smartcampusplus.com on June 3, 2026. The targeted domain suggests the victim is associated with smart campus or educational technology services. This was a targeted single-site defacement with no mass or re-defacement indicators reported.
Date: 2026-06-03T00:50:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931015
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Education Technology
Victim Organization: Smart Campus Plus
Victim Site: smartcampusplus.com
Website Defacement of Baggyco by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website baggyco.com was defaced by threat actor chinafans operating under the group 0xteam. The attacker planted a defacement file at baggyco.com/0x.txt, consistent with the teams naming convention. The incident was a targeted single-site defacement with no mass or repeated defacement indicators noted.
Date: 2026-06-03T00:49:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931017
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Retail/Fashion
Victim Organization: Baggyco
Victim Site: baggyco.com
Website Defacement of iwaf.world by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website iwaf.world by uploading a defacement file at the path /0x.txt. The incident was a targeted, non-mass defacement with no specific reason disclosed. The defacement was archived and mirrored via zone-xsec.com.
Date: 2026-06-03T00:48:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930999
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: iWAF
Victim Site: iwaf.world
Website Defacement of Drinking Water Solutions by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website of Drinking Water Solutions, a water treatment and environmental services company based in Mexico. The attack was a targeted single-site defacement, with a mirror of the defaced page archived at zone-xsec.com. No specific motive or vulnerability details were disclosed in connection with the incident.
Date: 2026-06-03T00:48:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931007
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Mexico
Victim Industry: Water Treatment / Environmental Services
Victim Organization: Drinking Water Solutions
Victim Site: drinkingwatersolutions.mx
Website Defacement of Gelato Flos by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website gelatoflos.com was defaced by threat actor chinafans operating under the group 0xteam. The attacker placed a defacement file at the path /0x.txt, a common technique used to demonstrate unauthorized access. This was not identified as a mass or home page defacement, suggesting a targeted file-level intrusion.
Date: 2026-06-03T00:47:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930982
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Food and Beverage
Victim Organization: Gelato Flos
Victim Site: gelatoflos.com
Website Defacement of United Plumbing by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the Australian plumbing services website united-plumbing.com.au was defaced by threat actor chinafans, operating under the group 0xteam. The attacker uploaded a defacement file (0x.txt) to the target web server. The incident was recorded as a singular, non-mass defacement with no prior redefacement history.
Date: 2026-06-03T00:46:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931000
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Australia
Victim Industry: Construction & Trades (Plumbing Services)
Victim Organization: United Plumbing
Victim Site: united-plumbing.com.au
Website Defacement of babystukitaki.com by chinafans (0xteam)
Category: Defacement
Content: The website babystukitaki.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement was recorded on June 3, 2026, with a mirror of the defaced content archived at zone-xsec.com. No specific motive, server details, or targeted infrastructure details were disclosed in connection with this incident.
Date: 2026-06-03T00:45:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930992
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Baby Stukitaki
Victim Site: babystukitaki.com
Alleged sale of RDP access and compromised cloud infrastructure credentials
Category: Initial Access
Content: Threat actor offering rental access to RDP servers hosted on Azure, AWS, and Digital Ocean for $200 daily/monthly rates. Also advertising compromised email accounts (domain mail, Gmail, Yahoo), GitHub Student accounts, and legitimate service subscriptions (ChatGPT Plus, Claude 20x, ElevenLabs Creator Plan) at discounted prices. Escrow service offered.
Date: 2026-06-03T00:45:46Z
Network: telegram
Published URL: https://t.me/c/2613583520/96130
Screenshots:
1 screenshot(s) available
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Motivational Mantra by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website motivationalmantra.com was defaced by threat actor chinafans, operating under the group 0xteam. The attacker uploaded a defacement file at the path /0x.txt, consistent with targeted single-site defacement activity. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-06-03T00:45:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930988
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Media / Personal Development
Victim Organization: Motivational Mantra
Victim Site: motivationalmantra.com
Website Defacement of InnovaIPA by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website innovaipa.com was defaced by threat actor chinafans operating under the group 0xteam. The attacker uploaded a defacement file at the path /0x.txt, consistent with the teams naming convention. No specific motive or vulnerability details were disclosed for this targeted defacement.
Date: 2026-06-03T00:44:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931011
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: InnovaIPA
Victim Site: innovaipa.com
Website Defacement of thetransformationchix.com by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor known as chinafans, affiliated with 0xteam, defaced the website thetransformationchix.com. The incident was a targeted, single-site defacement with no mass or repeat defacement indicators. No specific motive or server details were disclosed.
Date: 2026-06-03T00:43:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930997
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Health & Wellness / Lifestyle
Victim Organization: The Transformation Chix
Victim Site: thetransformationchix.com
Website Defacement of FSI Mozambique by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, threat actor chinafans operating under the group 0xteam defaced a web resource hosted on fsi.co.mz, a domain associated with a financial services entity in Mozambique. The defacement was a targeted single-site attack, with no indication of mass or repeated defacement activity. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-06-03T00:42:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931008
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Mozambique
Victim Industry: Financial Services
Victim Organization: FSI Mozambique
Victim Site: fsi.co.mz
Website Defacement of Gifted Health by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans, operating under the group 0xteam, defaced the website giftedhealth.com on June 3, 2026. The defacement targeted a specific file path (0x.txt) rather than the homepage, indicating a targeted file-level compromise. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-06-03T00:42:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930983
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Gifted Health
Victim Site: giftedhealth.com
Website Defacement of NZ Wholesale by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor operating under the alias chinafans, affiliated with 0xteam, defaced a page on nzwholesale.co.nz, a New Zealand-based wholesale business. The defacement was a targeted single-site incident, not part of a mass defacement campaign. No specific motivation or server details were disclosed in the available intelligence.
Date: 2026-06-03T00:41:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930978
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: New Zealand
Victim Industry: Wholesale/Retail
Victim Organization: NZ Wholesale
Victim Site: nzwholesale.co.nz
Website Defacement of IGI Nigeria by chinafans (0xteam)
Category: Defacement
Content: The website iginigeria.com was defaced by threat actor chinafans, operating under the group 0xteam, on June 3, 2026. The defacement was a targeted single-site attack, with the defaced content hosted at iginigeria.com/0x.txt. A mirror of the defacement was archived via zone-xsec.com.
Date: 2026-06-03T00:35:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930849
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Nigeria
Victim Industry: Unknown
Victim Organization: IGI Nigeria
Victim Site: iginigeria.com
Website Redefacement of Brandlux by chinafans (0xteam)
Category: Defacement
Content: The website brandlux.shop was redefaced by threat actor chinafans, operating under the group 0xteam, on June 3, 2026. This incident marks a redefacement, indicating the attacker had previously compromised the same target. The defacement was not classified as a mass or homepage defacement, suggesting a targeted file-level intrusion.
Date: 2026-06-03T00:34:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930852
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Retail/E-Commerce
Victim Organization: Brandlux
Victim Site: brandlux.shop
Website Redefacement of Ebb and Flow by chinafans (0xteam)
Category: Defacement
Content: The website ebbandflow.co.nz, a New Zealand-based organization, was redefaced by threat actor chinafans operating under the group 0xteam on June 3, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised by the same or a different attacker. The defacement was recorded and mirrored by zone-xsec.com under mirror ID 930828.
Date: 2026-06-03T00:33:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930828
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: New Zealand
Victim Industry: Unknown
Victim Organization: Ebb and Flow
Victim Site: ebbandflow.co.nz
Website Redefacement of UAE NLP Academy by chinafans (0xteam)
Category: Defacement
Content: The website uaenlpacademy.com was defaced by threat actor chinafans operating under the group 0xteam on June 3, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised and targeted again. The defacement was recorded and mirrored by zone-xsec.com under mirror ID 930848.
Date: 2026-06-03T00:33:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930848
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United Arab Emirates
Victim Industry: Education / Training
Victim Organization: UAE NLP Academy
Victim Site: uaenlpacademy.com
Alleged data breach of Instagram with 17M+ US user records offered for sale
Category: Data Breach
Content: A threat actor is offering for sale an alleged Instagram database containing 17M+ user records in a 1.3GB file. The dataset reportedly includes usernames, user IDs, phone numbers, emails, locations, and names. The seller claims the data was obtained via trade and states they verified its authenticity against a live account.
Date: 2026-06-03T00:32:31Z
Network: openweb
Published URL: https://cracked.st/Thread-INST4GR4M-2O26-US3R-D4T4B4SE-L3AK-17M-USERS-1-3GB-FOR-SALE
Screenshots:
1 screenshot(s) available
Threat Actors: tennezza
Victim Country: United States
Victim Industry: Technology
Victim Organization: Instagram
Victim Site: instagram.com
Website Defacement of Wangamukulu Kingdom by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans, operating under the group 0xteam, defaced the website of Wangamukulu Kingdom on June 3, 2026. The targeted file was wangamukulukingdom.org/0x.txt, indicating a direct file placement defacement rather than a full homepage takeover. The incident was a singular, non-mass defacement with no prior redefacement history recorded.
Date: 2026-06-03T00:32:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930827
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Cultural/Community Organization
Victim Organization: Wangamukulu Kingdom
Victim Site: wangamukulukingdom.org
Website Defacement of Indy Travel Club by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website indytravelclub.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement targeted a travel club website, with the defaced content accessible at the path /0x.txt. The incident was a targeted single-site defacement, not part of a mass defacement campaign.
Date: 2026-06-03T00:31:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930825
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Travel and Tourism
Victim Organization: Indy Travel Club
Victim Site: indytravelclub.com
Website Defacement of Maxxima Travel by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the Brazilian travel agency website maxximastravel.com.br. The defacement targeted a specific file path (/0x.txt) and was neither a mass nor a home page defacement, suggesting a targeted file-level compromise. The incident was archived via zone-xsec.com with mirror ID 930856.
Date: 2026-06-03T00:30:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930856
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Brazil
Victim Industry: Travel and Tourism
Victim Organization: Maxxima Travel
Victim Site: maxximastravel.com.br
Website Redefacement of Italian Accounting/Tax Professional Site by chinafans (0xteam)
Category: Defacement
Content: A threat actor using the handle chinafans, affiliated with 0xteam, conducted a redefacement of an Italian accounting professionals website on June 3, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised by the same or another actor. No specific motivation or technical details regarding the server infrastructure were disclosed.
Date: 2026-06-03T00:30:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930841
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Italy
Victim Industry: Professional Services / Accounting
Victim Organization: Studio Commercialista Dottoressa Rosset
Victim Site: commercialistadottoressarosset…
Website Defacement of VOV Media by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the Vietnamese media website vovmedia.com.vn was defaced by threat actor chinafans, operating under the group 0xteam. The attacker planted a defacement file at the path /0x.txt on the target server. The incident was a targeted single-site defacement with no indication of mass or repeated compromise.
Date: 2026-06-03T00:29:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930835
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Vietnam
Victim Industry: Media & Broadcasting
Victim Organization: VOV Media
Victim Site: vovmedia.com.vn
Website Defacement of 44andmore.nl by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the Dutch website 44andmore.nl by uploading a defacement file at the path /0x.txt. The incident was a targeted, single-site defacement with no mass defacement or redefacement indicators noted.
Date: 2026-06-03T00:28:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930850
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Netherlands
Victim Industry: Unknown
Victim Organization: 44andmore
Victim Site: 44andmore.nl
Website Defacement of Elder Productions by chinafans (0xteam)
Category: Defacement
Content: The website elderproductions.com was defaced by threat actor chinafans, operating under the group 0xteam, on June 3, 2026. The defacement targeted a specific file path (0x.txt) rather than the sites homepage, suggesting a targeted file-level intrusion. The incident was recorded as a single, non-mass defacement with a mirror archived at zone-xsec.com.
Date: 2026-06-03T00:28:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930833
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Entertainment / Media Production
Victim Organization: Elder Productions
Victim Site: elderproductions.com
Website Defacement of Rede Cidades Resendenses by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website redecidadesresendenses.com, a regional community network associated with Resende, Brazil. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity. Server and infrastructure details were not disclosed in the available data.
Date: 2026-06-03T00:27:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930855
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Brazil
Victim Industry: Community / Regional Network
Victim Organization: Rede Cidades Resendenses
Victim Site: redecidadesresendenses.com
Website Defacement of bradleypthomas.com by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website bradleypthomas.com was defaced by a threat actor using the handle chinafans, operating under the group 0xteam. The defacement targeted a specific file path (/0x.txt) rather than the homepage, indicating a targeted file-level compromise. The incident was recorded and mirrored by zone-xsec.com.
Date: 2026-06-03T00:26:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930836
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Bradley P. Thomas
Victim Site: bradleypthomas.com
Alleged data breach of Beach Houses Mauritius
Category: Data Breach
Content: A threat actor claims to be selling a database dump from beachhousesmauritius.com, a property rental and hospitality platform serving the Mauritius market. The alleged dataset contains approximately 2,876,619 records sourced from a Vtiger CRM deployment, including contact details, account records, email data, lead addresses, and activity-tracking information. The original SQL file is reported at approximately 44 MB compressed.
Date: 2026-06-03T00:26:05Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78680
Screenshots:
2 screenshot(s) available
Threat Actors: Cryptix
Victim Country: Mauritius
Victim Industry: Real Estate
Victim Organization: Beach Houses Mauritius
Victim Site: beachhousesmauritius.com
Website Redefacement of VNC International by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans, operating under the group 0xteam, carried out a redefacement of vnc-international.com on June 3, 2026. This incident marks a repeated compromise of the target, indicating the vulnerability was not fully remediated following a prior attack. The defacement was a targeted, non-mass attack with a mirror archived at zone-xsec.com.
Date: 2026-06-03T00:25:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930821
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: VNC International
Victim Site: vnc-international.com
Alleged data breach of carsworld.id Indonesian automotive marketplace
Category: Data Breach
Content: A threat actor known as Cryptix claims to have obtained and is sharing the carsworld.id SQL database containing approximately 213,303 merchant records from an Indonesian automotive services marketplace. The leaked data includes business names, contact details (email, phone, WhatsApp), geolocation data, operating hours, ratings, and workshop owner login session data including device, IP, and user agent information. The database is distributed as a SQL dump file of approximately 2.88 MB.
Date: 2026-06-03T00:25:22Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78686
Screenshots:
1 screenshot(s) available
Threat Actors: Cryptix
Victim Country: Indonesia
Victim Industry: Retail
Victim Organization: carsworld.id
Victim Site: carsworld.id
Website Defacement of Advanced Flooring Inc by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor known as chinafans, operating under the team 0xteam, defaced the website of Advanced Flooring Inc, a flooring services company likely based in the United States. The defacement was a targeted single-site attack, with the malicious content hosted at the path /0x.txt. No specific motive or server details were disclosed.
Date: 2026-06-03T00:25:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930854
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Construction / Home Improvement
Victim Organization: Advanced Flooring Inc
Victim Site: advancedflooringinc.com
Website Defacement of agtest.com.br by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the Brazilian website agtest.com.br was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement targeted a specific file path (0x.txt) rather than the homepage, indicating a targeted file-level intrusion. No specific motive or server details were disclosed in connection with this incident.
Date: 2026-06-03T00:24:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930840
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: AG Test
Victim Site: agtest.com.br
Alleged data breach of Instituto Tecnológico Superior de Huichapan
Category: Data Breach
Content: A threat actor is selling a 22.7 MB SQL database (16 files) allegedly stolen from Instituto Tecnológico Superior de Huichapan, a Mexican technical university. The dataset includes student records with names, majors, phone numbers, email addresses, CURP national identity numbers, blood types, and student IDs. The inclusion of CURP identifiers makes this a sensitive personal data exposure affecting students.
Date: 2026-06-03T00:24:07Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78758
Screenshots:
1 screenshot(s) available
Threat Actors: DN07
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Instituto Tecnológico Superior de Huichapan
Victim Site: Unknown
Alleged data leak of Indonesian Military (TNI) database
Category: Data Leak
Content: A forum post on Breached claims to leak a database associated with the Indonesian National Armed Forces (TNI), based on the thread title referencing MIL TNI MIL. No post content was available to confirm the nature, size, or authenticity of the alleged leak.
Date: 2026-06-03T00:24:01Z
Network: openweb
Published URL: https://breached.su/threads/leak-database-mil-tni-mil.87833/unread
Screenshots:
1 screenshot(s) available
Threat Actors: AlixploitCapung
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Indonesian National Armed Forces (TNI)
Victim Site: tni.mil.id
Website Defacement of Korbiel.pl by chinafans (0xteam)
Category: Defacement
Content: The website korbiel.pl was defaced by a threat actor known as chinafans, operating under the group 0xteam, on June 3, 2026. The defacement was a targeted, single-site attack rather than a mass or repeated defacement. A mirror of the defaced page was archived at zone-xsec.com.
Date: 2026-06-03T00:23:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930820
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Korbiel
Victim Site: korbiel.pl
Website Defacement of nhathautrongoi.vn by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor operating under the handle chinafans and affiliated with 0xteam defaced the Vietnamese website nhathautrongoi.vn, leaving a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no mass or repeat defacement indicators noted.
Date: 2026-06-03T00:22:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930847
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Vietnam
Victim Industry: Construction / Real Estate
Victim Organization: Nha Hau Trong Goi
Victim Site: nhathautrongoi.vn
Website Defacement of nin.org.uk by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website nin.org.uk was defaced by threat actor chinafans, operating under the group 0xteam. The attacker uploaded a defacement file (0x.txt) to the target domain. This was a targeted single-site defacement with no mass or redefacement indicators noted.
Date: 2026-06-03T00:22:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930858
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United Kingdom
Victim Industry: Non-Profit / Organization
Victim Organization: National Institute of Nutrition (NIN)
Victim Site: nin.org.uk
Website Defacement of Indiajara by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website indiajara.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement was a targeted single-site incident, with a mirror of the defaced page archived at zone-xsec.com. No specific motive, server details, or proof-of-concept were disclosed in connection with this attack.
Date: 2026-06-03T00:21:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930837
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Indiajara
Victim Site: indiajara.com
Website defacement of Rules of the Road Australia by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the Australian road safety and driver education website rulesoftheroad.com.au was defaced by threat actor chinafans, operating under the group 0xteam. The attacker uploaded a defacement file (0x.txt) to the web server. The incident was a targeted, single-site defacement with no indication of mass or repeated compromise.
Date: 2026-06-03T00:20:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930839
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Australia
Victim Industry: Education / Traffic Safety
Victim Organization: Rules of the Road Australia
Victim Site: rulesoftheroad.com.au

Detected Incidents Draft Data – 2026-06-02 (day before)

Alleged data breach of LEAD School (leadschool.in) exposing student and parent PII
Category: Data Leak
Content: A threat actor known as ShadowByt3S claims to have exfiltrated 765.9MB of data from LEAD Schools administrative platform (nucleus.leadschool.in), affecting multiple affiliated schools across India. The leaked data allegedly includes student PII (full names, dates of birth, addresses, academic records), parent contact information (names, phone numbers, email addresses), teacher certificates, lesson plans, and internal academic metrics. The data has been made available via a Mega.nz link.
Date: 2026-06-02T23:52:58Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78759
Screenshots:
2 screenshot(s) available
Threat Actors: ShadowByt3S
Victim Country: India
Victim Industry: Education
Victim Organization: LEAD School
Victim Site: leadschool.in
Alleged sale of mail access, credential lists, and database dumps across multiple countries
Category: Initial Access
Content: Threat actor advertising mail access (SUDO/PY/CC+) with proof/live testing available. Offering configs, scripts, tools, hits, and combolists. Geographic coverage includes FR, BE, AU, CA, UK, US, NL, PL, DE, JP. Contact via @EngineeringPhantom. Additionally, separate actor advertising fresh databases from UK, DE, JP, NL, BR, PL, ES, US, IT with inbox access, and private cloud webmail access (ntlworld). Targeting e-commerce platforms (eBay, Poshmark, Amazon, Walmart, Mercari, Kleinanzeigen) and pa…
Date: 2026-06-02T23:23:49Z
Network: telegram
Published URL: https://t.me/c/2613583520/96077
Screenshots:
1 screenshot(s) available
Threat Actors: EngineeringPhantom
Victim Country: France, Belgium, Australia, Canada, United Kingdom, United States, Netherlands, Poland, Germany, Japan, Brazil, Spain, Italy
Victim Industry: Multiple (e-commerce, webmail, payment services)
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged Saudi Arabia personal database with financial and demographic data
Category: Data Breach
Content: A threat actor is selling an alleged Saudi Arabia database marketed as fresh and validated for campaign use. The dataset purportedly contains phone numbers, emails, and personal details including name, gender, birthday, address, and occupation, with claimed segments covering bank users, investors, and high-income individuals. A sample file was made available via Mediafire for verification.
Date: 2026-06-02T23:09:09Z
Network: openweb
Published URL: https://crackingx.com/threads/77740/
Screenshots:
1 screenshot(s) available
Threat Actors: mr_daadaa
Victim Country: Saudi Arabia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Ecole de Roubaix student and staff records
Category: Data Leak
Content: A threat actor has leaked data allegedly obtained from the Ecole de Roubaix school system in France, affecting 31,551 records including minors personal data (names, dates of birth, addresses, parental details) and staff records. The actor claims the exploited vulnerability remains unpatched despite prior disclosure to French authorities ANSSI and CNIL. Data is freely distributed via multiple file-sharing mirrors.
Date: 2026-06-02T23:04:47Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-FR-Ecole-de-roubaix-31-551
Screenshots:
1 screenshot(s) available
Threat Actors: misere
Victim Country: France
Victim Industry: Education
Victim Organization: Ecole de Roubaix
Victim Site: education.gouv.fr
Sale of fraudulent identity documents and personal data including SSNs, driver licenses, and passports
Category: Carding
Content: A threat actor is offering fraudulent and stolen identity documents including driver licenses (PSD/non-PSD), passports, SSNs, and SINs, along with company databases, consumer info, phone lists, email lists, and credential pairs. The seller directs buyers to a Telegram channel for transactions. The post suggests access to multiple datasets spanning various categories of personally identifiable information.
Date: 2026-06-02T22:47:13Z
Network: openweb
Published URL: https://crackingx.com/threads/77725/
Screenshots:
1 screenshot(s) available
Threat Actors: jannatmirza11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Cisco Systems involving 3M+ Salesforce records and internal data
Category: Data Breach
Content: ShinyHunters claims responsibility for breaching Cisco Systems through three vectors: UNC6040, Salesforce Aura, and AWS accounts. The breach allegedly exposed over 3 million Salesforce records containing personally identifiable information (PII), GitHub repositories, AWS buckets, and other internal corporate data.
Date: 2026-06-02T22:20:41Z
Network: telegram
Published URL: https://t.me/c/3500620464/9064
Screenshots:
1 screenshot(s) available
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Technology/Networking
Victim Organization: Cisco Systems, Inc.
Victim Site: cisco.com
Alleged leak of Spanish identity documents
Category: Data Leak
Content: A threat actor on PwnForums has shared a collection of Spanish identity documents, including front and back scans of IDs and facial GIF images. The data is offered as hidden content accessible upon reply. The source of the documents and number of individuals affected are unknown.
Date: 2026-06-02T22:14:01Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-Spain-IDS
Screenshots:
1 screenshot(s) available
Threat Actors: catwoman
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Spanish national identity documents
Category: Data Leak
Content: A threat actor shared a collection of Spanish national identity documents (IDS), including front and back scans and facial GIF images of individuals. The post is the third installment in a series, with the author indicating more uploads are contingent on community engagement. No specific source organization or record count was disclosed.
Date: 2026-06-02T22:13:31Z
Network: openweb
Published URL: https://spear.cx/Thread-Spain-IDS-3
Screenshots:
1 screenshot(s) available
Threat Actors: catwoman
Victim Country: Spain
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Sale of 132,000 US BIN and Billing Records
Category: Carding
Content: A threat actor is offering for sale 132,000 records containing American BIN and billing information. The dataset includes BIN numbers, names, email addresses, phone numbers, and physical addresses. The seller advertises the data as suitable for identity fraud, phishing, account takeover, and other fraudulent activities.
Date: 2026-06-02T22:08:10Z
Network: openweb
Published URL: https://breached.su/threads/selling-132k-american-bin-billing-info.87828/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Jeffrey Epstein
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of access to MediaMart Vietnam
Category: Initial Access
Content: Threat actor ShinyHunters is offering access to mediamart.vn for sale with negotiable pricing. Contact available via Telegram (@shsupportsh). The actor claims to provide translation services from Vietnamese to English.
Date: 2026-06-02T22:00:25Z
Network: telegram
Published URL: https://t.me/c/3500620464/9061
Screenshots:
2 screenshot(s) available
Threat Actors: ShinyHunters
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: MediaMart
Victim Site: mediamart.vn
Carding service offering fraudulent orders, hotel bookings, and gift cards across multiple platforms
Category: Carding
Content: A threat actor is advertising a carding-based fulfillment service capable of placing fraudulent orders for food delivery, groceries, electronics, travel bookings (flights, hotels, car rentals), and e-gift cards across dozens of major US and UK platforms. Services span platforms including Uber Eats, Walmart, Airbnb, Delta Airlines, and Fairmont Hotels & Resorts, among others. The actor directs prospective buyers to a Telegram handle for additional offerings.
Date: 2026-06-02T21:40:26Z
Network: openweb
Published URL: https://cracked.st/Thread-CONVENIENT-LAYOUT-SERVICE-FAIRMONT-HOTELS-RESORT
Screenshots:
2 screenshot(s) available
Threat Actors: Nakedcave
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Threat: Squad Chat Marketplace
Category: Cyber Attack
Content: Legitimate marketplace spam/channel announcements and forwarded messages without threat intelligence value. ID 96028 contains a product advertisement for Shoppay Full Access which appears to be a marketplace listing, but lacks sufficient detail regarding actual compromise, breach, or threat indicators. Majority of messages are repetitive forwards and mentions without substantive threat content.
Date: 2026-06-02T21:16:15Z
Network: telegram
Published URL: https://t.me/c/2613583520/96020
Screenshots:
2 screenshot(s) available
Threat Actors: Squad Chat Marketplace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Personal Identity Documents and Database Collections
Category: Carding
Content: A threat actor is offering for sale a range of identity-related documents and databases, including driver licenses, passports, SSN/SIN records, selfies, LLC and LIN documents, consumer and phone databases, and credentials. The seller directs interested buyers to contact via Telegram. No specific victim organization or breach source is identified.
Date: 2026-06-02T20:59:07Z
Network: openweb
Published URL: https://xforums.st/threads/driver-license-ssn-selfie-llc-lin-passport-other-available.618493/
Screenshots:
1 screenshot(s) available
Threat Actors: jannat123
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Cryptocurrency Money Laundering Service Offering
Category: Cyber Attack
Content: User claiming to be from China offers to pay 10%+ commission for someone to purchase USDT on their behalf, citing policy restrictions. Requests contact via Telegram (@bbh6688) to establish long-term partnership with fund transfers. Classic money laundering/sanctions evasion scheme.
Date: 2026-06-02T20:57:38Z
Network: telegram
Published URL: https://t.me/c/2613583520/96027
Screenshots:
1 screenshot(s) available
Threat Actors: Alexandr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of initial access to undisclosed Indonesian mining company via ConnectWise RMM
Category: Initial Access
Content: A threat actor is selling RMM (ConnectWise) access to an unnamed Indonesian mining company with reported revenue of $1B–$5B. The access is listed at $371 with domain user privileges and no AV/EDR detected. The listing is offered exclusively to a single buyer via a darknet marketplace.
Date: 2026-06-02T20:47:18Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-RMM-ConnectWise-Mining-Indonesia-1B-5B-revenue
Screenshots:
1 screenshot(s) available
Threat Actors: tiger
Victim Country: Indonesia
Victim Industry: Mining
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of tube.inflatevids.xyz
Category: Data Breach
Content: A threat actor has shared SQL database dumps purportedly from tube.inflatevids.xyz, comprising two files (sqktube.users.sql and tube_playu.users.sql) with approximately 14,690 records. The post references HaveIBeenPwned as a source for the breach description. Content is gated behind forum points.
Date: 2026-06-02T20:45:46Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-tube-inflatevids-xyz-14-69k
Screenshots:
1 screenshot(s) available
Threat Actors: cornpop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Inflatevids
Victim Site: tube.inflatevids.xyz
Alleged data leak of Breached Forums CDN database collection (905 GB torrent)
Category: Data Leak
Content: A threat actor has shared a magnet torrent link purportedly containing the full Breached Forums CDN database archive, totaling 905 GB. The post claims the torrent remains active and includes all databases previously hosted on the platform. No additional details regarding specific data types or record counts were provided.
Date: 2026-06-02T20:18:48Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-COLLECTION-Breach-Forum-CDN-Torrent-magnet-Link-905-GB
Screenshots:
1 screenshot(s) available
Threat Actors: un00000n
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Breached Forums
Victim Site: breached.to
ShinyHunters Threat Actor Group Infrastructure Update and Domain Migration
Category: Cyber Attack
Content: ShinyHunters, a known threat actor group, announced updates to their operational infrastructure including migration from shinyhunte[.]rs to shinyhunters[.]ru domain, along with Tor-based forum access at breachforum.st and breachqr3dqbysbq5khaadg5ynnpxn2wrmw5y3rnzesun55l6lkq73yd.onion. The group also promoted their Telegram community and published PGP public key information for verification purposes.
Date: 2026-06-02T19:49:05Z
Network: telegram
Published URL: https://t.me/c/3500620464/9051
Screenshots:
3 screenshot(s) available
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Shopify payment system full access
Category: Initial Access
Content: Threat actor OGTEN advertising restocked Shoppay Full Access with a direct product link (ogtn.bgng.io/product/ShopPay). This appears to be compromised access to Shopify payment infrastructure being sold on underground marketplace.
Date: 2026-06-02T19:39:20Z
Network: telegram
Published URL: https://t.me/OGTNSHOPBULK/87
Screenshots:
1 screenshot(s) available
Threat Actors: OGTEN
Victim Country: Unknown
Victim Industry: E-commerce/Payment Processing
Victim Organization: Shopify
Victim Site: shopify.com
ShinyHunters Clarifies Identity and Announces BreachForums Resurgence
Category: Cyber Attack
Content: ShinyHunters threat actor group issued a statement clarifying their identity, distancing themselves from Mattys Savoie and other impersonators, and announcing the return of BreachForums platform. The group provided authentication details through their current infrastructure at shinyhunters.[ru] and rejected unauthorized actions attributed to them, including activities directed at Salesforce. The statement emphasizes verification of communications through their official channels.
Date: 2026-06-02T19:24:48Z
Network: telegram
Published URL: https://t.me/c/3500620464/9049
Screenshots:
2 screenshot(s) available
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Request for Brazilian credit card supplier on cybercrime forum
Category: Carding
Content: A forum user identifying as a major credit card seller in Brazil is soliciting a bulk supplier of Brazilian credit card data at competitive pricing. No specific victim or dataset is referenced; this is a procurement request within a cybercrime marketplace.
Date: 2026-06-02T19:20:59Z
Network: openweb
Published URL: https://breached.su/threads/looking-for-a-supplier-of-brazilian-infocc.87827/unread
Screenshots:
1 screenshot(s) available
Threat Actors: omavaldo
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Breached Forums CDN database collection via torrent
Category: Data Leak
Content: A threat actor is sharing a torrent link purportedly containing all Breached Forums CDN databases, totaling 905 GB in size. The content is gated behind a forum point requirement to unlock. No further details about the specific data fields or record counts are provided.
Date: 2026-06-02T19:20:43Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-COLLECTION-Breach-Forum-CDN-Torrent-Link-905-GB
Screenshots:
1 screenshot(s) available
Threat Actors: un00000n
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Breached Forums
Victim Site: Unknown
Alleged sale of Canadian B2B business directory with 13,000+ records
Category: Data Breach
Content: A threat actor is offering for sale a Canada-wide B2B dataset containing 13,000+ business records including full names, phone numbers, email addresses, physical addresses, and postal codes across all Canadian provinces. The data is presented in CSV/Excel/JSON format and marketed for business intelligence and market research purposes. The original source of the data is not disclosed.
Date: 2026-06-02T19:20:30Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78565
Screenshots:
1 screenshot(s) available
Threat Actors: Edric
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mail access credentials and hacking tools by DataxLogs
Category: Initial Access
Content: Threat actor operating under handle @DataxLogs is advertising the sale of mail access credentials across multiple countries (France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, Japan). The offering includes configs, scripts, tools, hits, and combolists. A separate post from the same actor advertises Python-based credential stuffing tools (Silverbullet, Openbullet 2), APIs for web/Android/iOS/Windows platforms, and captcha bypass capabilities for multiple services (hCaptcha,…
Date: 2026-06-02T19:18:17Z
Network: telegram
Published URL: https://t.me/c/2613583520/95966
Screenshots:
1 screenshot(s) available
Threat Actors: DataxLogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged ShinyHunters Group Identity Clarification and BreachForums Platform Resurgence
Category: Cyber Attack
Content: ShinyHunters threat actor group issued a statement clarifying their identity and rejecting association with Mattys Savoie. The group announced their current operational domain (shinyhunte[.]ru) following suspension of previous domain (shinyhunte[.]rs). Statement addresses impersonation attempts, misuse of PGP credentials, and unauthorized actions attributed to the group, particularly regarding Salesforce-related activities. Group emphasizes verification of communications through their current in…
Date: 2026-06-02T19:08:23Z
Network: telegram
Published URL: https://t.me/c/3500620464/9044
Screenshots:
2 screenshot(s) available
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of 6,290 UK citizens personal information
Category: Data Leak
Content: A threat actor has leaked a database allegedly containing full personal information (fullz) of 6,290 UK citizens. The post was shared on a public forum under the Other Leaks section. No specific source organization or breach origin is identified.
Date: 2026-06-02T18:56:53Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78684
Screenshots:
1 screenshot(s) available
Threat Actors: pat1395
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of localplace.jp
Category: Data Breach
Content: A threat actor is selling an alleged full database dump from localplace.jp containing approximately 1.14 million records. The dataset reportedly includes company details, phone numbers, full names, email addresses, and billing information. Contact was directed to a Telegram handle for purchase.
Date: 2026-06-02T18:55:53Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78739
Screenshots:
1 screenshot(s) available
Threat Actors: Koshyrman
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: LocalPlace
Victim Site: localplace.jp
Alleged data breach of Filabé (Switzerland)
Category: Data Breach
Content: Personal information of employees and clients, along with financial documents and other files from Filabé, a Swiss skincare company, have been made available. The breach was reported on 02/06/2026.
Date: 2026-06-02T18:48:11Z
Network: telegram
Published URL: https://t.me/c/1887244124/1643
Screenshots:
1 screenshot(s) available
Threat Actors: Jokers world of Database 😈
Victim Country: Switzerland
Victim Industry: Cosmetics/Skincare
Victim Organization: Filabé
Victim Site: filabe.ch
Alleged data leak of Estado de Mexico government agencies CAEM, SIAF, and SIGED
Category: Data Leak
Content: A threat actor claims to have leaked 87.5 million rows (21.4 GB) of data spanning 1997–2026 from three Mexican state government systems: CAEM (water commission), SIAF (financial administration), and SIGED (document management). The leak allegedly includes full PII on 10,513 employees (CURP, RFC, bank accounts, CLABE), 763K payroll records, 16.1 million general ledger entries, 162K checks with payee and CLABE data, and 1,105 decrypted SIAF user credentials recovered from TripleDES-CBC encryption.…
Date: 2026-06-02T18:33:25Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Estado-de-Mexico-%E2%80%93-CAEM-SIAF-SIGED-87-5M-rows-21-4GB-1997-2026
Screenshots:
2 screenshot(s) available
Threat Actors: sativa
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Estado de Mexico – CAEM, SIAF, SIGED
Victim Site: Unknown
Alleged data breach of Independent Reserve cryptocurrency exchange
Category: Data Breach
Content: A threat actor is offering for sale an alleged database of 1.7 million records attributed to Independent Reserve, an Australian cryptocurrency exchange. The dataset includes full names, email addresses, phone numbers, mobile carriers, HLR validation status, and physical addresses. Sample records show verified Australian customers with active phone numbers across major carriers including Vodafone and Telstra.
Date: 2026-06-02T18:32:11Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78730
Screenshots:
1 screenshot(s) available
Threat Actors: Frenshyny
Victim Country: Australia
Victim Industry: Finance
Victim Organization: Independent Reserve
Victim Site: independentreserve.com
Sale of mixed passport documents (10 pieces)
Category: Carding
Content: A forum user is offering 10 mixed passports claimed to be valid, gated behind a point-based paywall on the forum. The post does not disclose the countries of origin or further details about the documents.
Date: 2026-06-02T18:13:05Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DOCUMENTS-10PCS-MIXED-PASSPORTS-ALL-ARE-VALID
Screenshots:
1 screenshot(s) available
Threat Actors: happylalisawq011
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of vCarrd.com user database
Category: Data Leak
Content: A threat actor known as MirrorShell has freely distributed an alleged database dump from vCarrd.com on a dark web forum. The dataset reportedly contains 27,555 user records including names, email addresses, hashed passwords, profile images, and session tokens. A SQL insert sample was included as proof, showing structured user table data.
Date: 2026-06-02T18:10:54Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-vcarrd-com-Database-Leaked-Download
Screenshots:
1 screenshot(s) available
Threat Actors: MirrorShell
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: vCarrd
Victim Site: vcarrd.com
Alleged data breach of Elektroverband Bayern
Category: Data Breach
Content: Alleged breach of elektroverband-bayern.de, a German electrical industry association. Posted on 07/05/2025.
Date: 2026-06-02T17:52:35Z
Network: telegram
Published URL: https://t.me/c/1887244124/1641
Screenshots:
1 screenshot(s) available
Threat Actors: Jokers world of Database 😈
Victim Country: Germany
Victim Industry: Energy/Utilities
Victim Organization: Elektroverband Bayern
Victim Site: elektroverband-bayern.de
Sale of non-VBV stolen payment cards for various payment platforms
Category: Carding
Content: A threat actor operating under the alias Clara12 is offering non-VBV (Verified by Visa) stolen payment cards for sale, claiming 100% validity with a refund or replacement guarantee. The cards are advertised as compatible with multiple payment platforms including Cashapp, Apple Pay, Google Pay, eBay, Amazon, and others. Contact is directed via Telegram handle @lamar089.
Date: 2026-06-02T17:27:00Z
Network: openweb
Published URL: https://crackingx.com/threads/77664/
Screenshots:
1 screenshot(s) available
Threat Actors: Clara12
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of ISSSTE Pension System records
Category: Data Leak
Content: A threat actor affiliated with Olympus_Group claims to have leaked 5.69 GB of pension records from ISSSTE (Instituto de Seguridad y Servicios Sociales de los Trabajadores del Estado), covering direct and indirect retirees across Mexico from 2012 to 2026. The data is described as containing real personal data and has been made available for free download with no conditions. The post implies the data was obtained by exploiting weaknesses in Mexican government systems.
Date: 2026-06-02T17:21:41Z
Network: openweb
Published URL: https://breached.su/threads/mx-mexico-5-6-gb-from-the-issste-pension-system.87824/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Hermes_Olymp
Victim Country: Mexico
Victim Industry: Government
Victim Organization: ISSSTE
Victim Site: issste.gob.mx
Alleged breach of Armenian voter database by Wolves of Turan
Category: Data Breach
Content: Threat actor group Wolves of Turan claims to have compromised Armenian voter registration databases and is offering the stolen data for sale. The group threatens further attacks including data exfiltration, destruction, and sale of additional Armenian organizational data. An onion link is provided allegedly hosting the compromised data.
Date: 2026-06-02T17:01:58Z
Network: telegram
Published URL: https://t.me/c/3631190028/154
Screenshots:
2 screenshot(s) available
Threat Actors: Wolves of Turan
Victim Country: Armenia
Victim Industry: Government/Electoral
Victim Organization: Armenian voter registration system
Victim Site: Unknown
Mass Website Defacement of Layka Travel World by Threat Actor Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement attack targeting laykatravelworld.uk, a UK-based travel services website, on June 2, 2026. The defaced page was hosted at the path /zod.html on a Linux-based server. This incident is part of a broader mass defacement campaign attributed to the same actor, with the defacement archived at haxor.id.
Date: 2026-06-02T16:53:06Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249784
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: United Kingdom
Victim Industry: Travel and Tourism
Victim Organization: Layka Travel World
Victim Site: laykatravelworld.uk
Mass Defacement of Sukalp Magazine by Threat Actor Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement attack against sukalpmagazine.com, a media and publishing website, on June 2, 2026. The attacker defaced the site by placing a defacement page at the path /zod.html on a Linux-based server. This incident is part of a broader mass defacement campaign attributed to the Zod threat actor.
Date: 2026-06-02T16:52:37Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249789
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: India
Victim Industry: Media and Publishing
Victim Organization: Sukalp Magazine
Victim Site: sukalpmagazine.com
Mass Website Defacement of AppleCrop.in by Threat Actor Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement campaign targeting applecrop.in, an Indian agricultural website, on June 2, 2026. The defacement was hosted at a specific URL path rather than the homepage, indicating a targeted file-level compromise on a Linux-based server. This incident is part of a broader mass defacement operation attributed to the Zod threat actor.
Date: 2026-06-02T16:52:02Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249777
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: India
Victim Industry: Agriculture
Victim Organization: Apple Crop
Victim Site: applecrop.in
Mass Website Defacement of fhh.gr by Threat Actor Zod
Category: Defacement
Content: On June 2, 2026, threat actor Zod conducted a mass defacement attack targeting fhh.gr, a Greek website hosted on a Linux server. The attacker replaced the content of the target page with a defacement message as part of a broader mass defacement campaign. The incident has been archived and mirrored for public record.
Date: 2026-06-02T16:51:37Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249772
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Greece
Victim Industry: Unknown
Victim Organization: FHH
Victim Site: fhh.gr
Mass defacement of dvincorporation.com by threat actor Zod
Category: Defacement
Content: On June 2, 2026, threat actor Zod conducted a mass defacement campaign targeting dvincorporation.com, deploying a defacement page at the path /zod.html on a Linux-based server. The incident is classified as a mass defacement operation, indicating multiple sites were likely targeted simultaneously. No specific motive or proof of concept was disclosed.
Date: 2026-06-02T16:51:04Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249779
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Corporate/Business
Victim Organization: DV Incorporation
Victim Site: dvincorporation.com
Mass Website Defacement of Sanray by Threat Actor Zod
Category: Defacement
Content: On June 2, 2026, threat actor Zod conducted a mass defacement campaign targeting sanray.co.uk, a UK-based website hosted on a Linux server. The defacement was part of a broader mass defacement operation carried out by the Zod team, with the compromised page archived at haxor.id. No specific motivation or proof of concept was disclosed in the available intelligence.
Date: 2026-06-02T16:50:33Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249775
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Sanray
Victim Site: sanray.co.uk
Website Defacement of stravelakis.com by Zod
Category: Defacement
Content: On June 2, 2026, a threat actor operating under the alias Zod defaced a subdomain of stravelakis.com, targeting the page at nextcoral.stravelakis.com/zod.html. The attack was conducted on a Linux-based server and represents a single, targeted defacement rather than a mass or home page compromise. No specific motive or additional technical indicators were reported.
Date: 2026-06-02T16:49:57Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249771
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Stravelakis
Victim Site: nextcoral.stravelakis.com
Mass Website Defacement by Threat Actor Zod Targeting newasthasales.com
Category: Defacement
Content: On June 2, 2026, threat actor Zod conducted a mass defacement campaign targeting newasthasales.com, a sales-oriented website hosted on a Linux server. The defacement was confirmed as part of a mass defacement operation, with the defaced page archived at haxor.id. No specific motivation or proof of concept was disclosed alongside the incident.
Date: 2026-06-02T16:49:33Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249786
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: India
Victim Industry: Retail / Sales
Victim Organization: Neastha Sales
Victim Site: newasthasales.com
Mass Defacement of UK Property Website by Threat Actor Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement campaign targeting godalproperty.co.uk, a UK-based real estate website, on June 2, 2026. The defacement was hosted on a Linux-based server and archived via haxor.id. This incident is part of a broader mass defacement operation carried out by the Zod team.
Date: 2026-06-02T16:49:08Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249782
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: United Kingdom
Victim Industry: Real Estate
Victim Organization: Godal Property
Victim Site: godalproperty.co.uk
Mass Defacement of Coastal Kitchenware India by Threat Actor Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement campaign targeting coastalkitchenware.in, a kitchenware retail website hosted on a Linux server in India. The defacement was placed at a non-root path (zod.html), indicating a partial or secondary page compromise as part of a broader mass defacement operation. The incident was recorded on June 2, 2026, and archived via the Haxor.id mirror service.
Date: 2026-06-02T16:48:38Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249778
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: India
Victim Industry: Retail / E-Commerce (Kitchenware)
Victim Organization: Coastal Kitchenware
Victim Site: coastalkitchenware.in
Mass Website Defacement of Layka Visa by Threat Actor Zod
Category: Defacement
Content: On June 2, 2026, threat actor Zod conducted a mass defacement campaign targeting laykavisa.com, a visa and travel services website hosted on a Linux server. The defacement was confirmed as part of a broader mass defacement operation, with a mirror of the defaced page archived at haxor.id. The attack was not a redefacement, indicating this was the first successful compromise of the target.
Date: 2026-06-02T16:48:07Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249785
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Travel and Immigration Services
Victim Organization: Layka Visa
Victim Site: laykavisa.com
Mass Defacement of Layka Travel World by Threat Actor Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement campaign targeting laykatravelworld.com, a travel-related website, on June 2, 2026. The defacement was hosted on a Linux-based server and is classified as a mass defacement incident, suggesting multiple sites were targeted in the same campaign. A mirror of the defacement was archived at haxor.id.
Date: 2026-06-02T16:47:39Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249783
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Travel and Tourism
Victim Organization: Layka Travel World
Victim Site: laykatravelworld.com
Mass Web Defacement by Threat Actor Zod Targeting pwps.in
Category: Defacement
Content: Threat actor Zod, operating under the team name Zod, conducted a mass web defacement attack against the domain pwps.in, a website hosted on a Linux server. The defacement was recorded on June 2, 2026, and is classified as a mass defacement campaign, suggesting multiple sites were targeted simultaneously. A mirror of the defaced page was archived at haxor.id for documentation purposes.
Date: 2026-06-02T16:47:14Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249787
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: pwps.in
Mass defacement of Eternal Garments Ltd by threat actor Zod
Category: Defacement
Content: On June 2, 2026, a threat actor operating under the alias Zod conducted a mass defacement campaign targeting eternalgarmentsltd.co.uk, a UK-based garments company. The defacement was deployed on a Linux-hosted web server and archived via haxor.id. This incident is part of a broader mass defacement operation attributed to the same actor.
Date: 2026-06-02T16:46:46Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249780
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: United Kingdom
Victim Industry: Retail / Fashion & Apparel
Victim Organization: Eternal Garments Ltd
Victim Site: eternalgarmentsltd.co.uk
Website Defacement of Evershine Drug by Threat Actor Zod
Category: Defacement
Content: On June 2, 2026, a threat actor operating under the alias Zod defaced a page on evershinedrug.com, a website associated with a pharmaceutical or drug-related organization. The attack targeted a specific subpage (zod.html) on a Linux-based server and was not classified as a mass or home page defacement. The incident was archived via the haxor.id mirror service.
Date: 2026-06-02T16:46:18Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249770
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Pharmaceutical / Healthcare
Victim Organization: Evershine Drug
Victim Site: evershinedrug.com
Mass defacement of Rainbow Paint Mart by threat actor Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement campaign targeting rainbowpaintmart.com, a retail paint supply website. The defacement was deployed on a Linux-based server and involved a non-homepage page (zod.html), indicating a targeted file drop as part of a broader mass defacement operation. The incident was archived and mirrored on haxor.id on June 2, 2026.
Date: 2026-06-02T16:45:49Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249788
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Rainbow Paint Mart
Victim Site: rainbowpaintmart.com
Mass Website Defacement of chetansingadia.com by Threat Actor Zod
Category: Defacement
Content: On June 2, 2026, threat actor Zod conducted a mass defacement campaign targeting chetansingadia.com, a personal or professional website hosted on a Linux server. The attacker defaced a non-homepage resource at /zod.html as part of a broader mass defacement operation. The incident was archived and mirrored via haxor.id.
Date: 2026-06-02T16:45:19Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249776
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: India
Victim Industry: Personal/Professional Services
Victim Organization: Chetan Singadia
Victim Site: chetansingadia.com
Mass Defacement of rr.stravelakis.com by Threat Actor Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement attack targeting rr.stravelakis.com, deploying a defacement page at the path /zod.html on a Linux-based server. The incident, recorded on June 2, 2026, is classified as a mass defacement campaign, suggesting multiple sites were compromised as part of the same operation. A mirror of the defaced page has been archived at haxor.id.
Date: 2026-06-02T16:44:43Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249774
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Stravelakis
Victim Site: rr.stravelakis.com
Mass Website Defacement of Ghost LA Clothing Ltd by Threat Actor Zod
Category: Defacement
Content: On June 2, 2026, threat actor Zod conducted a mass defacement campaign targeting ghostlaclothingltd.co.uk, a UK-based clothing retailer. The attacker deployed a defacement page at the path /zod.html on a Linux-hosted web server. This incident is part of a broader mass defacement operation attributed to the same actor, as archived by haxor.id.
Date: 2026-06-02T16:44:13Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249781
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: United Kingdom
Victim Industry: Retail / Fashion & Apparel
Victim Organization: Ghost LA Clothing Ltd
Victim Site: ghostlaclothingltd.co.uk
Mass Web Defacement by Threat Actor Zod Targeting reflexologist.stravelakis.com
Category: Defacement
Content: On June 2, 2026, a threat actor operating under the alias Zod conducted a mass web defacement campaign, compromising reflexologist.stravelakis.com, a website associated with reflexology health services. The attacker deployed a defacement page at the target URL on a Linux-based server. This incident was part of a broader mass defacement operation attributed to the same actor.
Date: 2026-06-02T16:43:45Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249773
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Health and Wellness
Victim Organization: Stravelakis Reflexology
Victim Site: reflexologist.stravelakis.com
Website Defacement of Daryl Balfour by Marleng1337 of Midas Haxor Team
Category: Defacement
Content: On June 2, 2026, the website belonging to Daryl Balfour was defaced by threat actor Marleng1337, operating under the Midas Haxor Team. The attack targeted a specific PHP page (mrlg.php) and was not classified as a mass or home page defacement. The incident was recorded and mirrored by zone-xsec.com.
Date: 2026-06-02T16:16:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930816
Screenshots:
1 screenshot(s) available
Threat Actors: Marleng1337, Midas Haxor Team
Victim Country: Unknown
Victim Industry: Media and Photography
Victim Organization: Daryl Balfour
Victim Site: www.darylbalfour.com
Alleged cyber attack on Russian factory with internal server compromise
Category: Cyber Attack
Content: Infrastructure Destruction Squad claims a successful attack was launched against a factory in Russia, resulting in compromise of internal servers.
Date: 2026-06-02T16:15:43Z
Network: telegram
Published URL: https://t.me/c/2735908986/4652
Screenshots:
1 screenshot(s) available
Threat Actors: Infrastructure Destruction Squad
Victim Country: Russia
Victim Industry: Manufacturing
Victim Organization: Factory (unspecified)
Victim Site: Unknown
Alleged data leak of unspecified private dataset (~1.6GB)
Category: Data Leak
Content: A threat actor shared a Mega.nz link purporting to contain approximately 1.6GB of private data. No details about the victim organization, data type, or origin of the data were provided in the post.
Date: 2026-06-02T16:13:49Z
Network: openweb
Published URL: https://demonforums.net/Thread-leak-1-6gb-private
Screenshots:
1 screenshot(s) available
Threat Actors: niven938644
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of DataSign by Marleng1337 of Midas Haxor Team
Category: Defacement
Content: On June 2, 2026, the website datasign.ch was defaced by threat actor Marleng1337, operating under the Midas Haxor Team. The attack targeted a specific page on the Swiss data services domain and was a targeted single-site defacement. A mirror of the defacement was archived via zone-xsec.com.
Date: 2026-06-02T16:13:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930817
Screenshots:
1 screenshot(s) available
Threat Actors: Marleng1337, Midas Haxor Team
Victim Country: Switzerland
Victim Industry: Technology / Data Services
Victim Organization: DataSign
Victim Site: www.datasign.ch
AI-assisted vulnerability research workflow yielding 17 CVEs shared by security researcher
Category: Vulnerability
Content: A security researcher shared a detailed writeup of an AI-assisted vulnerability research workflow that produced 17 CVEs and 49 accepted vulnerabilities over six months, including a CVSS 8.1 privilege escalation in Grafana. The post describes a three-stage methodology covering target preprocessing, hypothesis generation, and candidate validation using AI agents. The author claims the #1 reputation ranking in Korea on HackerOne at the time of posting.
Date: 2026-06-02T16:11:23Z
Network: openweb
Published URL: https://tier1.life/thread/277
Screenshots:
5 screenshot(s) available
Threat Actors: RedQueen
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Venezuela SUNACOOP (Superintendencia Nacional de Cooperativas)
Category: Data Leak
Content: A threat actor has freely shared an alleged dataset attributed to SUNACOOP, the Venezuelan state agency responsible for cooperative associations. The leak contains 58,153 unique JSON-formatted records including full names, addresses, email addresses, login credentials, phone numbers, and postal codes. The data was made available via a hidden download link on a dark web forum.
Date: 2026-06-02T16:07:10Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78716
Screenshots:
1 screenshot(s) available
Threat Actors: malconguerra2
Victim Country: Venezuela
Victim Industry: Government
Victim Organization: Superintendencia Nacional de Cooperativas (SUNACOOP)
Victim Site: sunacoop.gob.ve
Alleged data leak of Indonesian Civil Service Police Unit (Polda Pamong Praja) personnel records
Category: Data Leak
Content: A threat actor operating under the alias AlixploitCapung has leaked what appears to be personnel records from the Indonesian Civil Service Police Unit (Pamong Praja). The data includes full names, academic titles, and employee identification numbers of at least 25 individuals. The post credits Komunitas Brotherhood Capung Indonesia for the data.
Date: 2026-06-02T16:06:50Z
Network: openweb
Published URL: https://breached.su/threads/data-base-polda-pamong-praja.87823/unread
Screenshots:
1 screenshot(s) available
Threat Actors: AlixploitCapung
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Polda Pamong Praja
Victim Site: Unknown
Alleged data breach of POLDA Pamong Praja (Indonesian Police)
Category: Data Breach
Content: A database allegedly from POLDA Pamong Praja (Indonesian police/law enforcement) has been posted on breached.su forum. The post was shared by Rakyat Digital Crew community with credits to Digital Crew and Brotherhood Capung Indonesia communities.
Date: 2026-06-02T15:53:09Z
Network: telegram
Published URL: https://t.me/alixploitreal/30
Screenshots:
2 screenshot(s) available
Threat Actors: Rakyat Digital Crew
Victim Country: Indonesia
Victim Industry: Law Enforcement
Victim Organization: POLDA Pamong Praja
Victim Site: Unknown
Alleged sale of targeted email account access to Hotmail, Yahoo, and service accounts (USA, UK, CA)
Category: Initial Access
Content: Threat actor Yuze is offering for sale targeted email account access across multiple platforms including Hotmail, Yahoo, and access to associated service accounts (Kleinanzeigen, Walmart, Reddit, Grailed, Vinted, AT&T, eBay, Uber, Marriott, Poshmark). Claims accounts are fresh and valid with unrape quality. Targeting users in USA, UK, and Canada. Seller requests direct messages for specific keyword searches.
Date: 2026-06-02T15:52:51Z
Network: telegram
Published URL: https://t.me/c/2613583520/95884
Screenshots:
1 screenshot(s) available
Threat Actors: Yuze
Victim Country: United States, United Kingdom, Canada
Victim Industry: Multiple (email providers, retail, travel, social platforms)
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Black Box (blackbox.com.sa)
Category: Data Leak
Content: A threat actor has leaked an alleged database from Black Box, a Saudi Arabian office products retail and distribution company. The dataset reportedly contains 116,094 customer records including names, emails, phone numbers, addresses, and order details. The data is made available for download on a dark web forum in exchange for forum points.
Date: 2026-06-02T15:52:02Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-SA-blackbox-com-sa-Database-Leaked-Download
Screenshots:
1 screenshot(s) available
Threat Actors: lulzintel
Victim Country: Saudi Arabia
Victim Industry: Retail
Victim Organization: Black Box
Victim Site: blackbox.com.sa
Alleged data leak of avafatea.com.br (Moodle LMS database)
Category: Data Leak
Content: A threat actor has leaked an alleged 2GB SQL database dump from avafatea.com.br, the Moodle-based learning management system of the Brazilian educational institution FATEA. The shared content includes SQL INSERT statements from Moodle core tables such as mdl_adminpresets and mdl_forum, indicating a full database extraction. The leak is made available via a hidden download link on the forum.
Date: 2026-06-02T15:51:19Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-%E2%AD%90-Fresh-Database-avafatea-com-br-%E2%AD%90-%C2%A02GB-SQL
Screenshots:
1 screenshot(s) available
Threat Actors: Sensitive2025
Victim Country: Brazil
Victim Industry: Education
Victim Organization: FATEA (Avafatea)
Victim Site: avafatea.com.br
Sale of initial access to test-civique.fr via moveup-formation.fr
Category: Initial Access
Content: A threat actor is offering for sale access to test-civique.fr, reportedly obtained via moveup-formation.fr, for 50 euros. The seller is soliciting contact through a Session messaging ID.
Date: 2026-06-02T15:51:06Z
Network: openweb
Published URL: https://breached.su/threads/1-access-test-civique-fr-by-moveup-formation-fr.87822/unread
Screenshots:
1 screenshot(s) available
Threat Actors: BugsBunny404
Victim Country: France
Victim Industry: Education
Victim Organization: test-civique.fr
Victim Site: test-civique.fr
Initial access team seeking top-tier geo material for partnership
Category: Initial Access
Content: A self-described experienced team is seeking partners with high-value geographic access material, indicating interest in acquiring initial access to targets outside Russia. The team states they operate through escrow, require agreements before any exchange, and explicitly exclude Russian-based targets. No specific victim organization or access type is disclosed.
Date: 2026-06-02T15:25:55Z
Network: openweb
Published URL: https://tier1.life/thread/276
Screenshots:
1 screenshot(s) available
Threat Actors: Nightshade
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of ID documents with selfie photos from fanspicygroup.com
Category: Data Breach
Content: A threat actor is selling government-issued ID documents with accompanying selfie photos belonging to 252 individuals associated with fanspicygroup.com, an adult content platform. The seller claims the dataset includes identification documents for the site owner, Antonio Suleiman. Sample files have been shared via external file hosting links, with the full dataset priced at $100.
Date: 2026-06-02T15:00:28Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-ID-document-with-Selfie-photo-252-person-from-fanspicygroup-com
Screenshots:
1 screenshot(s) available
Threat Actors: oaaaoxxz
Victim Country: Unknown
Victim Industry: Entertainment
Victim Organization: Fanspicy Group
Victim Site: fanspicygroup.com
Alleged data leak of undisclosed Spanish organization
Category: Data Leak
Content: A threat actor is freely distributing an alleged database originating from Spain containing approximately 65,000 records. The actor states the database was shared after an attempted scam. No specific victim organization or data fields are disclosed.
Date: 2026-06-02T14:53:41Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-DATABASE-FROM-SPAIN-65K
Screenshots:
1 screenshot(s) available
Threat Actors: 6nocclue
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Tambak Regency database
Category: Data Leak
Content: A threat actor operating under the alias NeuraSec claims to have leaked a database associated with Tambak Regency, an Indonesian regional government entity. The post asserts over 6,000 records are included in the leak. No post content was available to confirm data fields or download details.
Date: 2026-06-02T14:20:52Z
Network: openweb
Published URL: https://breached.su/threads/leaked-6000-database-tambak-regency.87821/unread
Screenshots:
1 screenshot(s) available
Threat Actors: NeuraSec
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Tambak Regency
Victim Site: Unknown
Alleged data breach of PT Kereta Commuter Indonesia (KCI) – Personal data exposure
Category: Data Breach
Content: Forwarded SQL injection payload containing personal identifiable information (Indonesian National ID number, phone number, email, and address) allegedly from KCI database. The data includes what appears to be a KCI employee email ([email protected]) and residential address in Jakarta, Indonesia. This suggests unauthorized database access and data exfiltration from KCIs systems.
Date: 2026-06-02T13:47:42Z
Network: telegram
Published URL: https://t.me/alixploitreal/24
Screenshots:
1 screenshot(s) available
Threat Actors: SANG GABUTNYA SI ALI
Victim Country: Indonesia
Victim Industry: Transportation/Public Transit
Victim Organization: PT Kereta Commuter Indonesia (KCI)
Victim Site: kci.id
Website Defacement of Jaisalmer Portal by overthrash1337 (Team Hazardous Pk)
Category: Defacement
Content: On June 2, 2026, the website jaisalmerportal.com, a regional information portal for Jaisalmer, India, was defaced by threat actor overthrash1337 operating under the Pakistani hacktivist group Team Hazardous Pk. The attack targeted the homepage in a single, targeted defacement rather than a mass campaign, and a mirror of the defacement was archived at zone-xsec.com.
Date: 2026-06-02T13:25:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930812
Screenshots:
1 screenshot(s) available
Threat Actors: overthrash1337, Team Hazardous Pk
Victim Country: India
Victim Industry: Travel and Tourism / Regional Information Portal
Victim Organization: Jaisalmer Portal
Victim Site: www.jaisalmerportal.com
Alleged data breach of Central East Correctional Centre (Canada)
Category: Data Leak
Content: A threat actor is distributing alleged SQL database dumps totaling over 70 GB from Central East Correctional Centre, a Canadian provincial jail. The leaked data reportedly includes staff credentials and personal files, electronic access control configurations, guard patrol schedules and blind spots, inmate cell assignments, informant registries, and ID-card reader movement logs. The data is described as a full infrastructure backup dated 31 May 2026, compressed and ready for transfer.
Date: 2026-06-02T13:23:42Z
Network: openweb
Published URL: https://darkforums.su/Thread-Canada-Central-East-Correctional-Centre-Jail-databases-SQL–78687
Screenshots:
1 screenshot(s) available
Threat Actors: Moneyistime
Victim Country: Canada
Victim Industry: Government
Victim Organization: Central East Correctional Centre
Victim Site: Unknown
Alleged Data Leak of Pacitan District Database
Category: Data Leak
Content: A forum user known as pumkin claims to be freely sharing a database allegedly belonging to the Pacitan District government. No further details are available as the post content is empty.
Date: 2026-06-02T13:23:00Z
Network: openweb
Published URL: https://breached.su/threads/free-pacitan-district-database.87819/unread
Screenshots:
1 screenshot(s) available
Threat Actors: pumkin
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Pacitan District Government
Victim Site: Unknown
Alleged data leak of Conectnet
Category: Data Leak
Content: A forum user shared a link to a GitHub repository allegedly containing a data leak attributed to Conectnet. The post provides no additional details about the nature or scope of the data. The claim is unverified.
Date: 2026-06-02T12:54:18Z
Network: openweb
Published URL: https://spear.cx/Thread-My-first-leak
Screenshots:
1 screenshot(s) available
Threat Actors: xyxz101020
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Conectnet
Victim Site: Unknown
Alleged cyber attacks by North Korean group Kimsuky (Velvet Chollima) against South Korean military and corporate targets
Category: Cyber Attack
Content: North Korean hacking group Kimsuky, also known as Velvet Chollima, conducted sophisticated cyber attacks against South Korean military and corporate entities in March and April 2026. The group employed social engineering tactics including fake security software installation pages and fraudulent Webex meeting invitations to deliver malware. A remote access trojan named HTTPSpy was disguised as legitimate security software installers, a tactic the group has consistently used since 2023.
Date: 2026-06-02T12:44:25Z
Network: telegram
Published URL: https://t.me/c/1283513914/22037
Screenshots:
2 screenshot(s) available
Threat Actors: Kimsuky
Victim Country: South Korea
Victim Industry: Military, Corporate
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Atlas Menu GTA V cheat service affecting 64,000 users
Category: Data Breach
Content: Atlas Menu, a cheat service for GTA V, was compromised in a cyberattack. Approximately 64,000 user accounts were affected, with the attacker claiming full system access and publishing the user database online. User information including credentials has been exposed and made publicly available.
Date: 2026-06-02T12:31:34Z
Network: telegram
Published URL: https://t.me/c/1283513914/22035
Screenshots:
2 screenshot(s) available
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Atlas Menu
Victim Site: Unknown
Alleged cyber attack and data theft targeting senior officials systems
Category: Cyber Attack
Content: Threat actor claims to have hacked systems and stolen data, with specific mention of compromising phones belonging to senior officials. Data allegedly provided to Russia. Claims systems contain vulnerabilities.
Date: 2026-06-02T12:25:20Z
Network: telegram
Published URL: https://t.me/c/2735908986/4643
Screenshots:
2 screenshot(s) available
Threat Actors: Infrastructure Destruction Squad
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged initial access compromise of National Research Nuclear University MEPhI (Russia)
Category: Initial Access
Content: Infrastructure Destruction Squad claims to have compromised the remote access system of National Research Nuclear University MEPhI in Russia. The group alleges they obtained credentials for user aaivanov (Ivanov A.A., nuclear university employee) with access to internal network. Screenshots allegedly show exposed network control panel, connected devices, and Windows SMB/RDP vulnerabilities. The threat actor indicates intent to extort payment before selling access to Ukraine.
Date: 2026-06-02T12:20:32Z
Network: telegram
Published URL: https://t.me/c/2735908986/4648
Screenshots:
1 screenshot(s) available
Threat Actors: Infrastructure Destruction Squad
Victim Country: Russia
Victim Industry: Nuclear Research/Government
Victim Organization: National Research Nuclear University MEPhI
Victim Site: Unknown
Alleged compromise of MEPhI IT infrastructure manager account with access to Russian nuclear research systems
Category: Cyber Attack
Content: Threat actor claims successful compromise of Konstantin Martinovs system, IT Systems Manager at National Research Nuclear University MEPhI in Moscow, Russia. Actor alleges obtaining full network access credentials and claims stolen data includes login credentials, associated users, and equipment management access. Actor states compromised access can be leveraged to infiltrate Russian nuclear network for espionage, system disruption, or data theft. Claims all stolen information stored in private …
Date: 2026-06-02T12:06:05Z
Network: telegram
Published URL: https://t.me/c/2735908986/4644
Screenshots:
3 screenshot(s) available
Threat Actors: Infrastructure Destruction Squad
Victim Country: Russia
Victim Industry: Nuclear Research/Education
Victim Organization: National Research Nuclear University MEPhI
Victim Site: Unknown
Alleged cyber attack on Russian National Nuclear Research University (MEPHI) with data theft
Category: Cyber Attack
Content: Infrastructure Destruction Squad claims to have hacked the systems of MEPHI (Russian National Nuclear Research University) and stolen data. The threat actor states they have accessed the organizations systems and are exfiltrating data.
Date: 2026-06-02T11:49:46Z
Network: telegram
Published URL: https://t.me/c/2735908986/4642
Screenshots:
2 screenshot(s) available
Threat Actors: Infrastructure Destruction Squad
Victim Country: Russia
Victim Industry: Nuclear Research / Government
Victim Organization: Russian National Nuclear Research University (MEPHI)
Victim Site: Unknown
Alleged data breach of Heartland Free Church via TRK25 ADVANCED SCADA exploitation
Category: Data Breach
Content: Infrastructure Destruction Squad claims to have successfully compromised a NAS server belonging to Heartland Free Church in the United States using a proprietary SCADA exploitation tool. The attack exploited null session vulnerabilities on a Linux SMB service, resulting in the theft of sensitive data from 25+ employees and volunteers. Attackers claim to have identified weak password policies, extracted financial records, personal documents, employee backups, and server credentials. Four Trojan m…
Date: 2026-06-02T11:45:32Z
Network: telegram
Published URL: https://t.me/c/2735908986/4641
Screenshots:
1 screenshot(s) available
Threat Actors: Infrastructure Destruction Squad
Victim Country: United States
Victim Industry: Religious Institution
Victim Organization: Heartland Free Church
Victim Site: Unknown
Alleged cyber attack on Japanese solar power station by trans-regional threat actor
Category: Cyber Attack
Content: A threat actor claiming trans-regional operations against the United States and allies announced they have compromised a solar power station in Japan. The post suggests ongoing attacks have commenced.
Date: 2026-06-02T11:44:44Z
Network: telegram
Published URL: https://t.me/c/2245031785/673
Screenshots:
1 screenshot(s) available
Threat Actors: Golden Falcon
Victim Country: Japan
Victim Industry: Energy/Critical Infrastructure
Victim Organization: Solar power station
Victim Site: Unknown
Sale of Microsoft Office 365 phishing panel with token harvesting and account takeover capabilities
Category: Phishing
Content: A threat actor is offering for sale a phishing panel targeting Microsoft Office 365 accounts. The tool uses token-link techniques to silently harvest authenticated browser sessions without requiring credentials, providing the attacker with full access to Outlook mailboxes, OneDrive, and account data. The panel includes features for multi-account extraction, email/phone harvesting, activity logging, and Telegram-based alerting.
Date: 2026-06-02T11:38:35Z
Network: openweb
Published URL: https://demonforums.net/Thread-Office365-Token-Link-Full-Access-To-All-Over-Office365
Screenshots:
2 screenshot(s) available
Threat Actors: office_365shop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Compromise of Italian Pharmacy Video Surveillance System by NoName057(16)
Category: Initial Access
Content: NoName057(16) claims to have gained full access to the video surveillance system of an Italian pharmacy, including internal and external IP cameras (IPC). The threat actor states they have real-time access to live CCTV feeds showing the pharmacy interior, entrance, cash register, and street views. The compromise is presented as part of a special operation with geopolitical motivation related to NATO support and anti-Russian sanctions.
Date: 2026-06-02T11:15:04Z
Network: telegram
Published URL: https://t.me/c/3087552512/2108
Screenshots:
1 screenshot(s) available
Threat Actors: NoName057(16)
Victim Country: Italy
Victim Industry: Healthcare/Pharmacy
Victim Organization: Italian pharmacy (farmacia)
Victim Site: Unknown
Website Defacement of Spark Vidyut by Claudexxx
Category: Defacement
Content: The website www.sparkvidyut.in was defaced by the threat actor known as Claudexxx, acting independently without a team affiliation. This incident is classified as a homepage defacement and represents a redefacement, indicating the site had been previously compromised. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-06-02T10:43:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930811
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: India
Victim Industry: Energy / Utilities
Victim Organization: Spark Vidyut
Victim Site: www.sparkvidyut.in
Alleged Critical Vulnerability in Windows Netlogon Service (CVE-2026-41089) with Active Exploitation
Category: Vulnerability
Content: A critical vulnerability (CVE-2026-41089) has been identified in the Windows Netlogon service with a severity score of 9.8/10. The vulnerability is a buffer overflow in the Netlogon service that allows remote code execution without requiring credentials. Although patched in Microsofts May 2026 Patch Tuesday update, reports indicate threat actors are actively attempting to exploit this vulnerability in real-world attacks.
Date: 2026-06-02T10:38:45Z
Network: telegram
Published URL: https://t.me/c/1283513914/22034
Screenshots:
2 screenshot(s) available
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Unknown
Victim Industry: Software/Technology
Victim Organization: Microsoft
Victim Site: Unknown
Alleged data breach of Jakarta.go.id
Category: Data Breach
Content: Breach of Jakarta.go.id database announced with reference to breached.su thread. Contact number provided (6283114467232). Jakarta.go.id is the official website of Jakarta provincial government in Indonesia.
Date: 2026-06-02T10:38:29Z
Network: telegram
Published URL: https://t.me/alixploitreal/23
Screenshots:
2 screenshot(s) available
Threat Actors: SANG GABUTNYA SI ALI
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Jakarta.go.id
Victim Site: jakarta.go.id
Alleged data breach of jakarta.go.id
Category: Data Breach
Content: A forum post in the Databases section references jakarta.go.id, suggesting an alleged breach or leak of data associated with the Jakarta provincial government website. No further details, record counts, or data types are available from the post content.
Date: 2026-06-02T10:38:04Z
Network: openweb
Published URL: https://breached.su/threads/jakarta-go-id.87815/unread
Screenshots:
8 screenshot(s) available
Threat Actors: AlixploitCapung
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Jakarta Provincial Government
Victim Site: jakarta.go.id
Alleged sale of compromised accounts and premium subscription access
Category: Initial Access
Content: Threat actor offering to sell verified accounts and premium subscription access (Spotify, ChatGPT, YouTube, Netflix) at discounted prices. Also advertises KYC verification services for accounts in Nigeria and claims to provide fast delivery of account credentials.
Date: 2026-06-02T10:26:41Z
Network: telegram
Published URL: https://t.me/c/2613583520/95729
Screenshots:
1 screenshot(s) available
Threat Actors: podresg
Victim Country: Unknown
Victim Industry: Technology/SaaS
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Claude API tokens distributed for free
Category: Data Leak
Content: A threat actor is freely distributing what they claim to be 2 million Claude API tokens via a third-party site (tokies.lol). The post does not clarify the origin of the tokens. If valid, these tokens could be used to abuse Anthropics Claude API at the expense of legitimate account holders.
Date: 2026-06-02T10:18:15Z
Network: openweb
Published URL: https://patched.to/Thread-%F0%9F%8E%81-claude-api-tokens-2-million-free-tokies-lol-%F0%9F%8E%81
Screenshots:
1 screenshot(s) available
Threat Actors: JVZU
Victim Country: United States
Victim Industry: Technology
Victim Organization: Anthropic
Victim Site: anthropic.com
Alleged data breach of GoTip (gotip.jp)
Category: Data Leak
Content: A threat actor claims to have leaked the complete GoTip.jp database, allegedly obtained during a data breach in April 2026. The dataset is reported to be 1.13 GB in SQL format and is being shared freely on the forum. The post states all user datasets were affected.
Date: 2026-06-02T10:07:13Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-GoTip-Leak-Database-gotip-jp
Screenshots:
1 screenshot(s) available
Threat Actors: 0xSec
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: GoTip
Victim Site: gotip.jp
Sale of No-KYC Visa/Mastercard Cards Purchasable with Cryptocurrency
Category: Carding
Content: A threat actor operating under the alias Ramp is advertising LuxuCard, a service offering no-KYC Visa and Mastercard cards purchasable with cryptocurrency. The service is promoted with a launch discount. No additional details are available from the post content.
Date: 2026-06-02T09:51:02Z
Network: openweb
Published URL: https://patched.to/Thread-luxucard-%E2%80%94-no-kyc-visa-mastercard-with-crypto-launch-discount
Screenshots:
2 screenshot(s) available
Threat Actors: Ramp
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free sharing of stolen payment card data on carding forum
Category: Carding
Content: A forum member is sharing stolen payment card data (CCs) described as fresh and updated daily. No further details are available from the post content.
Date: 2026-06-02T09:18:52Z
Network: openweb
Published URL: https://darkpro.net/threads/free-daily-fresh-ccs-lets-music-play-by-carding-forum.23322/
Screenshots:
1 screenshot(s) available
Threat Actors: CC-GuRu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Cloned ATM and Credit Cards with Worldwide Shipping
Category: Carding
Content: A forum user is advertising cloned ATM and credit cards for sale at prices ranging from $100 to $500 depending on the loaded balance, with claimed balances up to $9,000. The seller states the cards can be used at ATMs, gas stations, and for online purchases, and includes an ATM PIN for cash-out. Contact is solicited via Telegram handle ColdApollo.
Date: 2026-06-02T09:14:31Z
Network: openweb
Published URL: https://breached.su/threads/clone-atm-cards-ready-to-ship-worldwide-3k-4k-6k-with-24-hours-shipping-tracking-number.87814/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Casperdag
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cloned cards, dumps with PINs, and fraudulent transfer services
Category: Carding
Content: A forum seller is offering a range of carding products and services including credit cards with CVV, non-VBV cards, cloned ATM cards, freshly skimmed dumps with PINs (Track 101/201) from multiple countries (US, UK, CA, AU, EU), and fraudulent PayPal and Western Union transfers. Sample dump records are provided as proof, attributed to cards issued by Barclays, Natixis, CIBC, and Commonwealth Bank. Cloned cards are advertised for ATM cashout, gas station use, and online purchases at tiered pricing…
Date: 2026-06-02T09:12:30Z
Network: openweb
Published URL: https://breached.su/threads/legit-western-union-transfer-non-vbv-cards-linkables-cards-atm-cloned-cards-paypal-transfer-legit-fresh-firsthand-dumps-pins-track-101-201.87813/unread
Screenshots:
6 screenshot(s) available
Threat Actors: Casperdag
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged reconnaissance scanning of BMKG (Indonesian Meteorological Agency) infrastructure
Category: Cyber Attack
Content: Threat actor conducting systematic reconnaissance scanning against bmkg.go.id, probing for sensitive endpoints including administrative interfaces (/admin, /user), API endpoints (/api, /api/v1/users, /api/v2/data), configuration files (.env, config.json, config.xml), backup locations (/backup, /database), and exposed debug information (phpinfo.php, server-status). The scanning pattern suggests preparation for potential exploitation or unauthorized access.
Date: 2026-06-02T08:36:34Z
Network: telegram
Published URL: https://t.me/alixploitreal/12
Screenshots:
1 screenshot(s) available
Threat Actors: SANG GABUTNYA SI ALI
Victim Country: Indonesia
Victim Industry: Government – Meteorological Services
Victim Organization: BMKG (Badan Meteorologi, Klimatologi, dan Geofisika)
Victim Site: bmkg.go.id
Alleged defacement of pamekasankab.go.id by JUNZXSEC
Category: Defacement
Content: JUNZXSEC claims to have defaced the website pamekasankab.go.id (Pamekasan Regency government website, Indonesia). A photo proof is provided showing the defacement message HACKED BY JUNZXSEC.
Date: 2026-06-02T08:32:42Z
Network: telegram
Published URL: https://t.me/PhiserXman/339
Screenshots:
2 screenshot(s) available
Threat Actors: JUNZXSEC
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Pamekasan Regency Government
Victim Site: pamekasankab.go.id
Sale of Browser Cache Loader Bypassing Mark of the Web and SmartScreen
Category: Malware
Content: A threat actor on HackForums is advertising a Browser Cache Loader that bypasses Mark of the Web (MoTW) Zone.Identifier tagging and Windows SmartScreen protections. The tool is designed to load payloads without triggering common security warnings associated with downloaded files. No further technical details or pricing information are available from the post content.
Date: 2026-06-02T08:05:33Z
Network: openweb
Published URL: https://hackforums.net/showthread.php?tid=6326391
Screenshots:
2 screenshot(s) available
Threat Actors: PUSU
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of C4 Guanajuato 911 emergency response records
Category: Data Leak
Content: A threat actor has freely leaked over 170,000 pre-hospital care response forms (formatos de atención prehospitalaria) attributed to C4 Guanajuato 911, the emergency coordination center for the state of Guanajuato, Mexico. The data was made available for download on a cybercrime forum. The records likely contain sensitive personal and medical information related to emergency service calls.
Date: 2026-06-02T07:58:48Z
Network: openweb
Published URL: https://breached.su/threads/mexico-c4-guanajuato-911.87810/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Alz_157s
Victim Country: Mexico
Victim Industry: Government
Victim Organization: C4 Guanajuato 911
Victim Site: Unknown
Website Defacement of Smart Education College by Claudexxx
Category: Defacement
Content: On June 2, 2026, the threat actor known as Claudexxx defaced the homepage of smarteducationcollege.org, an educational institutions website. The attack was a targeted single-site defacement rather than a mass campaign. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-06-02T07:51:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930810
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Smart Education College
Victim Site: smarteducationcollege.org
Alleged malware distribution campaign by DriveSurge threat group using fake browser updates
Category: Malware
Content: Security researchers reported that a hacking group named DriveSurge has compromised thousands of websites to distribute malware. The attack uses social engineering tactics, redirecting users to fake pages requesting browser updates or execution of commands under the guise of fixing technical issues. Successful execution results in malware installation and opens pathways for subsequent attacks.
Date: 2026-06-02T07:18:19Z
Network: telegram
Published URL: https://t.me/c/1283513914/22029
Screenshots:
2 screenshot(s) available
Threat Actors: DriveSurge
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Charter Communications affecting 4.9 million customers
Category: Data Breach
Content: Approximately 4.9 million customers of Charter Communications (US telecommunications company) had their personal information exposed in a cyberattack, including names, emails, phone numbers, and addresses. Additionally, data of approximately 85,000 employees was leaked, including contact information and job titles. According to reports, a hacking group published the data after failing to extort ransom from the company.
Date: 2026-06-02T07:09:05Z
Network: telegram
Published URL: https://t.me/c/1283513914/22027
Screenshots:
2 screenshot(s) available
Threat Actors: Unknown hacking group
Victim Country: United States
Victim Industry: Telecommunications
Victim Organization: Charter Communications
Victim Site: charter.com
Alleged data leak of 150,000 URLs from Breached forum SQL dump (2022-2024)
Category: Data Leak
Content: A threat actor has freely distributed a file claimed to contain 150,000 URLs extracted from a SQL dump of the Breached forum covering 2022-2024. The data was shared via a Mediafire link with no stated price.
Date: 2026-06-02T07:06:08Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78662
Screenshots:
1 screenshot(s) available
Threat Actors: gopher2004
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Breached
Victim Site: breached.co
Buyer seeking stolen US credit card data on carding forum
Category: Carding
Content: A forum user is soliciting sellers of leaked US credit cards, requesting proof of source before purchase. The buyer specifies interest only in previously leaked cards and requests sellers send cards before payment.
Date: 2026-06-02T06:21:34Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-BUYING-I-Want-Buy-CC-USA-Leaks
Screenshots:
1 screenshot(s) available
Threat Actors: inameus
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Maskapai Penerbangan Portugal (Portuguese airline) customer data
Category: Data Leak
Content: CSV file containing data related to Maskapai Penerbangan Portugal (Portuguese airline) is being shared via MediaFire download link. The file format suggests structured customer or operational data exposure.
Date: 2026-06-02T05:51:49Z
Network: telegram
Published URL: https://t.me/KAR4WANG_ERROR_SYSTEM/785
Screenshots:
2 screenshot(s) available
Threat Actors: KARAWANG ERROR SYSTEM
Victim Country: Portugal
Victim Industry: Aviation/Airlines
Victim Organization: Maskapai Penerbangan Portugal
Victim Site: Unknown
Alleged Data Leak of Permata Bank Customer Account Data
Category: Data Leak
Content: A threat actor has freely shared a dataset allegedly sourced from Permata Bank, an Indonesian financial institution. The sample contains bank account numbers with associated timestamps. The full dataset size is not disclosed in the post.
Date: 2026-06-02T05:33:26Z
Network: openweb
Published URL: https://breached.su/threads/leak-database-permata-bank.87808/unread
Screenshots:
3 screenshot(s) available
Threat Actors: RanzXZ
Victim Country: Indonesia
Victim Industry: Finance
Victim Organization: Permata Bank
Victim Site: permatabank.com
Alleged data leak of Russian state-owned banks database
Category: Data Leak
Content: A threat actor claims to be freely sharing a complete database allegedly belonging to Russian state-owned banks. The post includes a download link and password for access. No details on record count or specific data fields were provided.
Date: 2026-06-02T05:32:52Z
Network: openweb
Published URL: https://breached.su/threads/database-central-bank-russia.87809/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Xyra.exe
Victim Country: Russia
Victim Industry: Finance
Victim Organization: Central Bank of Russia
Victim Site: Unknown
Alleged Distribution of RAT Malware with Source Code
Category: Malware
Content: User offering to distribute a RAT (Remote Access Trojan) via terminal along with source code. Post includes a WhatsApp channel link for distribution. Despite a disclaimer stating its not for illegal purposes, the context of RAT distribution in a blackhat channel indicates malicious intent.
Date: 2026-06-02T05:27:50Z
Network: telegram
Published URL: https://t.me/c/3841736872/646
Screenshots:
1 screenshot(s) available
Threat Actors: DEWATA BLACKHAT
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of historical personal data for skip tracing and background check databases
Category: Data Leak
Content: A forum user is sharing historical personal data collections allegedly used to build skip trace and background check databases, similar to those operated by National Public Data, Equifax, Experian, and TransUnion. The data includes names, addresses, phone numbers, emails, property records, and reportedly medical and criminal records. The poster describes selling such data to real estate companies, phone banks, and licensed private investigators, and encourages others to build their own historica…
Date: 2026-06-02T05:10:06Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-more-good-historical-data-used-to-make-Skip-Trace-Background-databases
Screenshots:
1 screenshot(s) available
Threat Actors: OriginalCrazyOldFart
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Chinas National Supercomputing Center (NSCC) with classified military and aerospace research
Category: Data Leak
Content: A threat actor claims to have exfiltrated over 10 petabytes of data from Chinas National Supercomputing Center in Tianjin and linked high-performance computing clusters associated with AVIC, COMAC, and national space programs. The alleged dataset purportedly includes classified military-aerospace simulation data, satellite telemetry, stealth and supersonic design files, and gravitational wave research. Proof files including directory listings and technical diagrams are claimed to be circulating
Date: 2026-06-02T04:43:07Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-CHINA-NSCC-SUPERCOMPUTING-BREACH-%E2%80%93-10-PETABYTES-OF-CLASSIFIED-MILITARY-LEAK–190264
Screenshots:
3 screenshot(s) available
Threat Actors: stormbyteoverrideX
Victim Country: China
Victim Industry: Government
Victim Organization: National Supercomputing Center (NSCC)
Victim Site: Unknown
Alleged data breach of Myntra (India) with 17 million records for sale
Category: Data Breach
Content: A threat actor is selling an alleged database from Myntra, a leading Indian fashion e-commerce platform, claiming 17 million records dated April 2026. The listing is priced at $1,500 and noted as a resale. No further details on specific data fields were provided in the post.
Date: 2026-06-02T04:22:10Z
Network: openweb
Published URL: https://breached.su/threads/selling-indian-myntra-fashion-database.87807/unread
Screenshots:
1 screenshot(s) available
Threat Actors: ItsurJoker
Victim Country: India
Victim Industry: Retail
Victim Organization: Myntra
Victim Site: myntra.com
Sale of stolen credit cards and CVVs on forum
Category: Carding
Content: A threat actor is offering stolen credit cards and CVVs for sale at $20–$30 per card, claiming 99.9% validity and high balances with full cardholder information. The seller advertises use cases including online shopping, carding, cashout, and bookings. Free replacement is offered if cards have low balance or fail to work.
Date: 2026-06-02T04:04:21Z
Network: openweb
Published URL: https://nulledbb.com/thread-All-your-best-card-for-your-online-purchase-and-payment-here
Screenshots:
1 screenshot(s) available
Threat Actors: Bank boi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Grindr with 15 million user records for sale
Category: Data Breach
Content: A threat actor is selling what they claim to be the complete Grindr user database, containing over 15 million records of personal registration data. The post advertises a sample and lists a price of $400 payable in cryptocurrency. Grindr is an LGBTQ+ dating platform, making potential exposure of user data particularly sensitive.
Date: 2026-06-02T03:40:54Z
Network: openweb
Published URL: https://breached.su/threads/grindr-full-database-15m.87806/unread
Screenshots:
1 screenshot(s) available
Threat Actors: leakingshi
Victim Country: United States
Victim Industry: Technology
Victim Organization: Grindr
Victim Site: grindr.com
Website Defacement of Annys.com.au by DimasHxR
Category: Defacement
Content: On June 2, 2026, the Australian website annys.com.au was defaced by a threat actor operating under the alias DimasHxR. The attacker targeted a media/customer directory path on the server. The defacement was an isolated, individual attack with no team affiliation, mass defacement activity, or stated motivation recorded.
Date: 2026-06-02T03:29:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930708
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Annys
Victim Site: annys.com.au
Website Defacement of Chowaniec Design by DimasHxR
Category: Defacement
Content: On June 2, 2026, the attacker known as DimasHxR defaced a media subdirectory of chowaniec.design, a design-oriented website. The attack was a targeted, single-site defacement with no team affiliation reported. Server and infrastructure details were not disclosed in the available data.
Date: 2026-06-02T03:26:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930715
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Design / Creative Services
Victim Organization: Chowaniec Design
Victim Site: chowaniec.design
Website Defacement of Reunion (Thailand) by DimasHxR
Category: Defacement
Content: On June 2, 2026, a threat actor operating under the handle DimasHxR defaced a subdirectory of the Thai website www.reunion.co.th. The attack targeted a specific path within the sites public media directory and was carried out as a single, non-mass defacement with no attributed team affiliation. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-06-02T03:20:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930683
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Thailand
Victim Industry: Unknown
Victim Organization: Reunion
Victim Site: www.reunion.co.th
Website Defacement of Noyah by DimasHxR
Category: Defacement
Content: On June 2, 2026, a threat actor known as DimasHxR defaced a page on www.noyah.com, targeting a media/customer directory path. The attack was an individual, non-mass defacement with no stated motive or team affiliation. The incident was archived and documented via zone-xsec.com.
Date: 2026-06-02T03:20:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930678
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / E-Commerce
Victim Organization: Noyah
Victim Site: www.noyah.com
Alleged data breach of Grindr with 15 million user records for sale
Category: Data Breach
Content: A threat actor is offering for sale an alleged complete Grindr user database containing over 15 million records of personal registration data. The seller is asking $400 in cryptocurrency and references a sample as proof. The nature of the platform makes this a high-sensitivity exposure potentially affecting LGBTQ+ individuals globally.
Date: 2026-06-02T03:19:56Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-GRINDR-DATABASE-15M
Screenshots:
1 screenshot(s) available
Threat Actors: nilojeda
Victim Country: United States
Victim Industry: Technology
Victim Organization: Grindr
Victim Site: grindr.com
Website Redefacement of PhotoColor Brazil by DimasHxR
Category: Defacement
Content: On June 2, 2026, the attacker known as DimasHxR conducted a redefacement of the Brazilian photography and media services website PhotoColor (photocolor.com.br). This incident marks a repeated compromise of the target, indicating persistent access or recurring vulnerability exploitation. The attacker operated independently without an affiliated team, targeting a subdirectory path within the site rather than the homepage.
Date: 2026-06-02T03:18:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930681
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Photography / Media Services
Victim Organization: PhotoColor
Victim Site: www.photocolor.com.br
Website Redefacement of Linkaskura by Threat Actor DimasHxR
Category: Defacement
Content: Threat actor DimasHxR conducted a redefacement attack against the website linkaskura.com, targeting a subdirectory within the sites public media folder. This incident marks a repeated compromise of the same target, suggesting persistent access or recurring vulnerabilities. No team affiliation, specific motive, or server details were disclosed.
Date: 2026-06-02T03:18:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930670
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-commerce / Retail
Victim Organization: Linkaskura
Victim Site: www.linkaskura.com
Website Defacement of scar.it by DimasHxR
Category: Defacement
Content: On June 2, 2026, the attacker known as DimasHxR defaced a subpath of the Italian website scar.it, targeting the media/customer directory. The defacement was an individual, non-mass, non-home page attack with no stated motive or team affiliation. Technical details such as server software and IP address were not disclosed in the available intelligence.
Date: 2026-06-02T03:17:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930684
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: SCAR
Victim Site: www.scar.it
Alleged data leak of Declaraciones Tecoman
Category: Data Leak
Content: A threat actor known as Black0ut_Exi has freely distributed 2,716 PDF declarations allegedly belonging to Declaraciones Tecoman, a Mexican government entity. The leaked files reportedly contain personal data including general information, address, academic credentials, employment data, work experience, and net income.
Date: 2026-06-02T03:17:10Z
Network: openweb
Published URL: https://breached.su/threads/dataleak-of-declaraciones-tecoman.87805/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Black0ut_Exi
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Declaraciones Tecoman
Victim Site: Unknown
Website Redefacement of La Perle de Marie Jo by DimasHxR
Category: Defacement
Content: The website www.laperledemariejo.com was redefaced by threat actor DimasHxR on June 2, 2026, marking a repeated compromise of this target. The attacker operated independently without an affiliated team, and the defacement targeted a subdirectory of the site rather than the homepage. This incident represents a redefacement, indicating the victims site had been previously compromised and may not have been fully remediated.
Date: 2026-06-02T03:16:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930669
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: France
Victim Industry: Retail / E-Commerce
Victim Organization: La Perle de Marie Jo
Victim Site: www.laperledemariejo.com
Website Defacement of Superior Pads by DimasHxR
Category: Defacement
Content: On June 2, 2026, the attacker known as DimasHxR defaced a page on the website of Superior Pads, a US-based automotive parts retailer. The defacement targeted a media directory path and was not classified as a mass or home page defacement. No team affiliation, specific motive, or server details were disclosed.
Date: 2026-06-02T03:15:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930686
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Retail / Automotive Parts
Victim Organization: Superior Pads
Victim Site: www.superiorpads.us
Website Defacement of Superiridium by DimasHxR
Category: Defacement
Content: On June 2, 2026, a threat actor identified as DimasHxR defaced a subdirectory of www.superiridium.com, targeting a media or customer-related path on the website. The attack was a targeted single-site defacement with no team affiliation reported. Technical details regarding the server infrastructure and attack vector remain unknown.
Date: 2026-06-02T03:14:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930687
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Technology/Materials
Victim Organization: Superior Iridium
Victim Site: www.superiridium.com
Website Redefacement of Helly Hansen Chile by DimasHxR
Category: Defacement
Content: The attacker known as DimasHxR conducted a redefacement of the Helly Hansen Chile website, targeting a media directory path on the domain. This incident marks a repeated compromise of the same target, suggesting persistent access or recurring vulnerability exploitation. No specific motive or team affiliation was disclosed.
Date: 2026-06-02T03:14:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930668
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Chile
Victim Industry: Retail / Sporting Goods
Victim Organization: Helly Hansen Chile
Victim Site: www.hellyhansenchile.cl
Website Redefacement of Creative Classrooms by DimasHxR
Category: Defacement
Content: The website creativeclassrooms.co.nz, a New Zealand-based educational platform, was defaced by the threat actor DimasHxR on June 2, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised by the same or another attacker. The attacker operated independently without affiliation to a known group, and no specific motive or proof of concept was disclosed.
Date: 2026-06-02T03:13:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930662
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: New Zealand
Victim Industry: Education
Victim Organization: Creative Classrooms
Victim Site: www.creativeclassrooms.co.nz
Website Defacement of partnumber-710.ru by DimasHxR
Category: Defacement
Content: On June 2, 2026, the Russian website partnumber-710.ru was defaced by the threat actor DimasHxR. The attack targeted a subdirectory of the site and was carried out as a single, non-mass defacement. No team affiliation, specific motivation, or technical details regarding the server infrastructure were disclosed.
Date: 2026-06-02T03:12:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930680
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Automotive Parts / E-commerce
Victim Organization: Partnumber-710
Victim Site: www.partnumber-710.ru
Website Defacement of Zigtop by DimasHxR
Category: Defacement
Content: On June 2, 2026, the website zigtop.com was defaced by a threat actor operating under the alias DimasHxR, acting independently without a known team affiliation. The attack targeted a subdirectory of the site rather than the homepage and was not part of a mass defacement campaign. Technical details regarding the server environment and attacker motivation remain unknown.
Date: 2026-06-02T03:11:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930694
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Zigtop
Victim Site: zigtop.com
Website Defacement of Wonderland Shop by DimasHxR
Category: Defacement
Content: On June 2, 2026, threat actor DimasHxR defaced a media/customer-facing page on the e-commerce website wonderland.shop. The attack was a targeted single-page defacement, not classified as a mass or home page defacement. No team affiliation, specific motive, or technical details regarding the server environment were disclosed.
Date: 2026-06-02T03:11:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930691
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-Commerce / Retail
Victim Organization: Wonderland Shop
Victim Site: www.wonderland.shop
Website Redefacement of macihome.eu by Threat Actor DimasHxR
Category: Defacement
Content: Threat actor DimasHxR conducted a redefacement attack against macihome.eu, indicating a prior defacement of the same target had occurred. The attacker operated without affiliation to a known group or team. The incident was not categorized as a mass defacement, suggesting a targeted attack against this specific organization.
Date: 2026-06-02T03:10:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930673
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: European Union
Victim Industry: Real Estate / Home Services
Victim Organization: Macihome
Victim Site: www.macihome.eu
Website Defacement of fakelfreedom.ru by DimasHxR
Category: Defacement
Content: On June 2, 2026, threat actor DimasHxR defaced a page on www.fakelfreedom.ru, a Russian-hosted website. The attack targeted a media or customer-related subdirectory path and was a single, targeted defacement rather than a mass or home page defacement. No affiliation with a known hacking team was reported, and technical server details were not disclosed.
Date: 2026-06-02T03:09:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930666
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Fakel Freedom
Victim Site: www.fakelfreedom.ru
Website Defacement of Longavita Implantacia by DimasHxR
Category: Defacement
Content: On June 2, 2026, a threat actor identified as DimasHxR defaced a subpage of longavitaimplantacia.ru, a Russian dental implant or healthcare-related website. The attack was a targeted single-page defacement rather than a mass or home page compromise. No team affiliation, specific motive, or technical details regarding the server environment were disclosed.
Date: 2026-06-02T03:08:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930671
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Healthcare / Dental Implants
Victim Organization: Longavita Implantacia
Victim Site: www.longavitaimplantacia.ru
Website Defacement of WellnessMark Shop by DimasHxR
Category: Defacement
Content: The website wellnessmarkshop.com was defaced by threat actor DimasHxR on June 2, 2026. This incident is recorded as a redefacement, indicating the attacker had previously compromised the same target. The defacement was not classified as a mass or home page defacement, suggesting it targeted a specific subdirectory or page within the site.
Date: 2026-06-02T03:08:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930690
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / Health and Wellness
Victim Organization: WellnessMark Shop
Victim Site: www.wellnessmarkshop.com
Website Defacement of yun-berlin.com by DimasHxR
Category: Defacement
Content: On June 2, 2026, the website yun-berlin.com was defaced by a threat actor operating under the handle DimasHxR, acting without a known affiliated group. The attacker targeted a media/customer-facing directory path, suggesting exploitation of a publicly accessible web file structure. No motive or technical details were disclosed for this isolated, non-mass defacement incident.
Date: 2026-06-02T03:07:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930693
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Yun Berlin
Victim Site: yun-berlin.com
Website Defacement of MasterMoskva by DimasHxR
Category: Defacement
Content: On June 2, 2026, threat actor DimasHxR defaced a page on the Russian website mastermoskva.ru, targeting a media or customer-related directory path. The attacker operated independently without affiliation to a known team. No specific motive, exploit method, or server details were disclosed in connection with this incident.
Date: 2026-06-02T03:06:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930674
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: MasterMoskva
Victim Site: www.mastermoskva.ru
Website Defacement of Krames4Heart by DimasHxR
Category: Defacement
Content: On June 2, 2026, threat actor DimasHxR defaced a page on krames4heart.com, a health-focused web platform. The attack targeted a specific subdirectory path rather than the homepage, indicating a targeted file-level compromise. No team affiliation, stated motive, or technical server details were disclosed in connection with this incident.
Date: 2026-06-02T03:00:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930625
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Healthcare
Victim Organization: Krames4Heart
Victim Site: krames4heart.com
Website Defacement of Avinusa by DimasHxR
Category: Defacement
Content: The website avinusa.com was defaced by a threat actor identified as DimasHxR on June 2, 2026. The attack targeted a subdirectory of the site rather than the homepage, indicating a partial or targeted defacement. No team affiliation, motive, or technical details regarding the server environment were disclosed.
Date: 2026-06-02T02:59:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930614
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Avinusa
Victim Site: avinusa.com
Website Defacement of Breakthrough Clean by DimasHxR
Category: Defacement
Content: On June 2, 2026, the website breakthroughclean.com was defaced by the threat actor DimasHxR acting independently without affiliation to a known group. The attack targeted a subdirectory of the domain and was a single, targeted defacement rather than a mass or home page compromise. No specific motive or server details were disclosed.
Date: 2026-06-02T02:57:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930617
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Consumer Goods / Cleaning Products
Victim Organization: Breakthrough Clean
Victim Site: breakthroughclean.com
Website Defacement of Ruba Fashion Store by DimasHxR
Category: Defacement
Content: On June 2, 2026, the attacker known as DimasHxR defaced the website rubafashion.store, an online fashion retail store. The incident was a targeted, single-site defacement with no affiliation to a known hacking team. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-06-02T02:57:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930638
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / Fashion E-commerce
Victim Organization: Ruba Fashion
Victim Site: rubafashion.store
Website Defacement of FFS Facilitator by DimasHxR
Category: Defacement
Content: On June 2, 2026, the website ffsfacilitator.com was defaced by a threat actor operating under the alias DimasHxR, acting independently without a known group affiliation. The attack targeted a specific subdirectory path within the sites public media folder, suggesting exploitation of a web application vulnerability. No specific motivation or technical details were disclosed for this incident.
Date: 2026-06-02T02:56:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930621
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Professional Services
Victim Organization: FFS Facilitator
Victim Site: ffsfacilitator.com
Website Defacement of Lemarcare by DimasHxR
Category: Defacement
Content: On June 2, 2026, the Brazilian website lemarcare.com.br was defaced by the threat actor DimasHxR operating without a team affiliation. The attacker targeted a subdirectory of the site rather than the homepage, indicating a targeted page-level defacement. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-06-02T02:55:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930627
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Lemarcare
Victim Site: lemarcare.com.br
Alleged Data Breach of US Law Enforcement RemoteCom Compliance Monitoring Database
Category: Data Breach
Content: A threat actor is offering what is claimed to be a structured database dump from RemoteCom, a compliance monitoring and communication tracking system used by US law enforcement agencies. The dataset allegedly includes account holder personal information, device/software details, client and probation officer email addresses, and compliance activity metrics. The sample records contain fields referencing officer emails hosted on .gov domains, suggesting the affected system services law enforcement
Date: 2026-06-02T02:55:09Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78572
Screenshots:
2 screenshot(s) available
Threat Actors: Edric
Victim Country: United States
Victim Industry: Government
Victim Organization: RemoteCom
Victim Site: Unknown
Website Defacement of Krames4Lungs by DimasHxR
Category: Defacement
Content: On June 2, 2026, the website krames4lungs.com was defaced by the threat actor DimasHxR acting independently without a team affiliation. The attack targeted a subdirectory of the site rather than the homepage, suggesting exploitation of a vulnerable file path within the web application. The incident was recorded and mirrored by zone-xsec.com, a known defacement tracking platform.
Date: 2026-06-02T02:54:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930626
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Healthcare
Victim Organization: Krames4Lungs
Victim Site: krames4lungs.com
Sale of Outlook Business Contact Database with 250,000+ Records
Category: Data Breach
Content: A threat actor is offering a dataset of 250,000+ Outlook business contact records for sale, advertised as a B2B directory covering multiple countries. The dataset includes company names, industry, business websites, company size, location, department, job function, and business contact information in Excel, CSV, or JSON format. Sample email addresses are provided as proof.
Date: 2026-06-02T02:54:31Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78629
Screenshots:
1 screenshot(s) available
Threat Actors: Edric
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: outlook.com
Website Defacement of RB Auto Oprema by DimasHxR
Category: Defacement
Content: On June 2, 2026, threat actor DimasHxR defaced a media/customer directory page on rbautooprema.rs, a Serbian automotive parts or accessories website. The defacement was a targeted, non-mass incident and did not affect the homepage. No specific motive or team affiliation was identified for this attack.
Date: 2026-06-02T02:53:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930637
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Serbia
Victim Industry: Automotive
Victim Organization: RB Auto Oprema
Victim Site: rbautooprema.rs
Website Defacement of awds.io by DimasHxR
Category: Defacement
Content: On June 2, 2026, a threat actor identified as DimasHxR defaced a subpath of awds.io, targeting the media/customer_address directory. The incident was a targeted single-site defacement with no team affiliation reported. Technical details regarding the server environment and attack vector remain unknown.
Date: 2026-06-02T02:52:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930615
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: AWDS
Victim Site: awds.io
Alleged data leak of KPK database
Category: Data Leak
Content: A threat actor shared what is claimed to be a free database associated with KPK. The post expresses frustration that purportedly public data has been made accessible without authorization. No further details on record count or data fields are provided.
Date: 2026-06-02T02:28:49Z
Network: openweb
Published URL: https://breached.su/threads/besplatnaa-baza-dannyh-baza-dannyh-kpk.87803/unread
Screenshots:
3 screenshot(s) available
Threat Actors: Mrsawit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: KPK
Victim Site: Unknown
Alleged data leak of Nayarit Public Property Registry user records
Category: Data Leak
Content: A threat actor associated with Olympus_Group has freely distributed a dataset allegedly containing over 10,000 user records from the Nayarit Public Property Registry (RPP Nayarit) in Mexico. The leaked data reportedly includes full names, personal information, and property records, with up to four property owners per entry. The data was made available at no cost via a cybercrime forum.
Date: 2026-06-02T02:28:16Z
Network: openweb
Published URL: https://breached.su/threads/mx-mexico-10-000-users-of-the-nayarit-public-property-registry.87804/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Hermes_Olymp
Victim Country: Mexico
Victim Industry: Government
Victim Organization: RPP Nayarit (Public Property Registry of Nayarit)
Victim Site: Unknown
Alleged Data Leak of Facebook 2019 Database
Category: Data Leak
Content: A threat actor on a darknet forum is claiming to share the Facebook 2019 leaked database contingent on receiving more than 10 comments on the thread. The dataset is likely the well-known 2019 Facebook data scrape previously circulated in various underground communities. No records count or sample has been provided at this time.
Date: 2026-06-02T02:02:14Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-FACEBOOK-2019-LEAK
Screenshots:
1 screenshot(s) available
Threat Actors: 88819Q
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Facebook
Victim Site: facebook.com
Sale of alleged source code for RELEX Solutions F&R Platform
Category: Data Breach
Content: A threat actor is offering for sale what they claim to be the full proprietary source code of RELEX Solutions Plan platform, a supply chain and retail execution platform used by multiple companies worldwide. The seller is asking 500 XMR and notes the company is valued at approximately 5 billion USD. Proof is available upon request via private message.
Date: 2026-06-02T01:19:38Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SOURCE-CODE-RELEX-Solutions-F-R-Platform
Screenshots:
1 screenshot(s) available
Threat Actors: hh29hc9
Victim Country: Finland
Victim Industry: Technology
Victim Organization: RELEX Solutions
Victim Site: relexsolutions.com
Sale of aged self-made verified USA bank accounts across multiple financial institutions
Category: Carding
Content: A threat actor is offering for sale self-made, aged, and verified US bank accounts across dozens of financial institutions including Chase, Bank of America, Capital One, Coinbase, and others. Accounts are available on the sellers own fullz or the buyers provided fullz, with options including ACH, Wire, Zelle, VCC, and crypto capabilities. The seller also advertises cashout services for Wire, ACH, and Zelle transfers to cryptocurrency.
Date: 2026-06-02T01:18:35Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-Selling-Aged-Self-Made-Verified-USA-Bank-Accounts-on-my-or-your-fullz
Screenshots:
2 screenshot(s) available
Threat Actors: Fsport
Victim Country: United States
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Iberdrola
Category: Data Breach
Content: A threat actor is selling an alleged database dump attributed to Iberdrola, Spains largest energy group. The post claims the dataset contains records for over 7 million customers, with a file size of approximately 109.79 GB, and includes a sample. The breach is attributed to a group identified as RP.
Date: 2026-06-02T01:17:48Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-SPAIN-IBERDROLA-ELECTRICITY-DATABASE
Screenshots:
1 screenshot(s) available
Threat Actors: spain
Victim Country: Spain
Victim Industry: Energy
Victim Organization: Iberdrola
Victim Site: iberdrola.es
Sale of admin panel access to cartedepeche.fr, a French fishing license authority
Category: Initial Access
Content: A threat actor is selling administrative web panel access to cartedepeche.fr, a French organization that issues fishing licenses, with scope limited to department 67 but claimed to be expandable. The seller also indicates the presence of an SQL vulnerability on the platform, suggesting potential for broader data access.
Date: 2026-06-02T01:16:59Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-FR-cartedepeche-fr-admin-acces
Screenshots:
1 screenshot(s) available
Threat Actors: AplaGroup
Victim Country: France
Victim Industry: Government
Victim Organization: cartedepeche.fr
Victim Site: cartedepeche.fr
Alleged data breach of CA Indosuez Spain
Category: Data Breach
Content: A threat actor is offering for sale an alleged dataset of 200,000 records attributed to CA Indosuez Spain, a financial group. The data reportedly includes account holder PII such as full name, phone number, gender, email address, postal address, city, postal code, region, and date of birth. Sample records provided in the post appear to contain Spanish residential addresses and international email domains.
Date: 2026-06-02T01:16:02Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SPAIN-ca-indosuez-com-PII-200k-lines
Screenshots:
1 screenshot(s) available
Threat Actors: DogmaT3ch
Victim Country: Spain
Victim Industry: Finance
Victim Organization: CA Indosuez
Victim Site: ca-indosuez.com
Alleged data breach of Tianya (tianye.net) exposing 127 million user records
Category: Data Breach
Content: A threat actor claims to have conducted a SQL injection attack against Tianya (tianya.net), a Chinese online community platform, on June 1, 2026, exploiting high-load conditions during the sites relaunch. The actor alleges to have exfiltrated 127,851,826 rows of user data including accounts and passwords via blind injection against TiDB cluster infrastructure. The dump was reportedly staged through the victims own object storage and exfiltrated using a webshell over approximately twelve hours.
Date: 2026-06-02T00:10:07Z
Network: openweb
Published URL: https://tier1.life/thread/275
Screenshots:
2 screenshot(s) available
Threat Actors: ChinaTomchent
Victim Country: China
Victim Industry: Technology
Victim Organization: Tianya
Victim Site: tianya.net