[June-05-2026] Daily Cybersecurity Threat Report

Executive Summary

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data. The threat landscape during this two-day period is characterized by massive data exfiltration and sale, widespread automated website defacement campaigns, extensive distribution of carding materials and financial fraud tutorials, and the proliferation of malware and initial access brokering.

1. Data Breaches and Leaks

A significant portion of the observed cybercriminal activity involves the breach, leak, and sale of corporate, government, and consumer databases.

1.1 The ‘Aquahack’ Operations

A highly prolific threat actor known as “Aquahack” is responsible for a massive campaign of data sales, primarily targeting international retail, telecommunications, and educational sectors.

Taiwan: Aquahack is selling 623,000 customer and order records from the e-commerce platform buy123.com.tw. They are also offering 742,000 consumer contact and business profile records from Ruten (ruten.com.tw) for $1,200. Additionally, they listed 420,000 active sales leads and contact details from Weikeng (weikeng.com.tw) for $1,300.
Saudi Arabia: The actor is selling 427,000 records from the business registry platform Maroof (maroof.sa) for $1,300, which includes sensitive fields like national IDs. They also listed 472,000 recruitment records from jobzaty.com for $1,300 , and 742,000 contact and membership records from kkf.org.sa for $1,400.
South Africa: Aquahack targeted telecommunications and energy sectors, offering 427,000 customer records from Vox (vox.co.za) , 742,000 customer records from WebAfrica , and 472,000 corporate account records from Africoil.
South Korea: The actor is selling 425,000 personal and education records from the online education platform Etoos (etoos.com). They also listed 512,000 user profiles with hashed passwords from SayClub , and 670,000 user contacts and purchase records from the e-commerce platform Hmall.
Spain: Aquahack offered 365,000 professional registration records from the Colegio de Trabajo Social de Salamanca , 628,000 user profiles from online fashion retailer Privalia , and 737,000 customer contact and order records from telecommunications provider Euskaltel for $1,000.
Mexico: The actor listed 732,000 student records from the Universidad del Valle de México (UVM) , as well as 712,000 customer contact and purchase history records from the retail chain Sanborns (sanborns.com.mx).
Netherlands: Healthcare and retail were targeted, with 421,000 medical contact records from BiomedOnline (biomedonline.nl) , 482,000 customer contacts and IP logs from BBizz Shop (bbizzshop.nl) , and 452,000 active user records from the booking platform hotels.nl.
New Zealand & Pakistan: Aquahack is selling 438,000 user records from New Zealand’s Trade Me (trademe.co.nz) for $900. In Pakistan, they listed 462,000 records from the Competition Commission of Pakistan (cc.gov.pk).
Italy: The actor is selling 723,000 customer records from ISP Tiscali, including hashed passwords and tax codes. This was listed alongside another Tiscali post detailing 627,000 records involving Wi-Fi credentials. They also offered 458,000 customer and order records from retailer IBS.it.
Japan: Aquahack listed 742,000 corporate contact and employment records from software company OBIC Co., Ltd. , 742,000 records from Asahi Culture Center (asahiculture.jp) for $1,400 , and 317,000 customer profiles from electronics retailer BicCamera for $1,100.
Latvia & Lesotho: The actor is selling 195,000 active medical records from Latvian medical portal doktori.lv for $1,100. They also listed 145,000 contact records from Lesotho’s First Class Cre8tivity for $1,200.
Greece & Hong Kong: Aquahack offered 184,000 candidate and job records from Greek platform kariera.gr for $1,100. They also listed 563,000 customer contact and account records from Hong Kong Broadband Network (HKBN) for $900.
Hungary: E-commerce platform eMAG (emag.hu) suffered an alleged breach of 417,000 user accounts, offered for $1,200. Aquahack also listed 526,000 records from tarr.hu for $900 , and 743,000 records from the legal platform Jogaszvilag (jogaszvilag.hu).
India: The actor listed 742,000 personal contacts and research records from SANDEE/ICIMOD (sandee.icimod.org). Educational targets included 768,000 records from the Rajasthan Rajya Madhyamik Shiksha Abhiyan (rajrmsa.nic.in) and 682,000 student records from EduNext Technologies.
Philippines: Aquahack is selling 582,000 verified business contacts and professional details from Yellow Pages Philippines (yellow-pages.ph) for $1,200.
Portugal: The actor listed 427,000 contact and user details from an undisclosed Portuguese organization for $1,200. Another listing from an undisclosed Portuguese organization contained 278,000 records including hashed passwords and MFA status. They also offered 439,000 user profiles and order histories from web3.pt for $1,100.
Russia: Aquahack is selling 430,000 user profiles and purchase history records from kupivip.ru for $1,300. They also listed 437,000 retail customer contacts from mamadeti.ru for $900 , and 584,000 automotive owner contacts from auto-hifi.ru for $1,300.
Czech Republic: The actor offered 312,000 business contacts and credentials from edb.cz for $1,200 , and 438,000 user contact and medical records from libimseti.cz for $1,300.
Egypt: Aquahack is selling 467,000 personal and contact records from Egypt Knowledge Bank (ekb.eg) for $900.

1.2 The ‘DBHunter’ Operations

The threat actor “DBHunter” has been actively distributing numerous databases, primarily focusing on government and educational institutions.

Education: DBHunter leaked an alleged database from Instituto Tecnológico del Istmo in Mexico, containing detailed personal and academic data. They claimed to have full access to studentqr.com, a Malaysian website. In India, they leaked a database from NHCollegeLive Patcharkuchi containing student enrollment details. They also claimed to have compromised Infinite Campus, Inc., exposing contract records and PII related to multiple US school districts.
Government: DBHunter distributed a dataset of approximately 2.606 million village resident records from Bulelang, Indonesia. They leaked official wealth disclosure reports (LHKPN) for PSI fraction members of the Jakarta Regional House of Representatives (2024-2029). In Malaysia, they leaked a member database from the government cooperative My Kospra, exposing details of senior Malaysian Anti-Corruption Commission officials. In Mexico, they leaked PDF records from the Comision Nacional de Seguros y Fianzas (CNSF) exposing 95,178 individuals.
Other Sectors: DBHunter leaked customer data from French music retailer allegromusique.fr. They leaked a database from the anonymous email provider cock.li containing email addresses and plaintext passwords. They leaked sensitive personal info from Indiana Athletics (indianathletics.in). They also leaked a 3,000-line CSV containing employee records from UAE/KSA services company Khidmah.com , and claimed to share a source code database from an undisclosed Israeli target.

1.3 Indonesian Government Targeting

A distinct pattern of targeting Indonesian government and educational infrastructure is evident, primarily driven by threat actors like “JAX7” and “MatxCysec”.

JAX7 Breaches: JAX7 posted multiple breaches including an employee database from the Surabaya city government (eperformance.surabaya.go.id) , employee records from the Tanjung Pinang City Government (sinergi.tanjungpinangkota.go.id) , and a database from the Kupang City Government (e-danapem.kupangkota.go.id). JAX7 also claimed to sell an employee database from the Indonesian Supreme Court (komdanas.mahkamahagung.go.id). They further leaked a database of training participants from Satu Sika Shu.
Other Indonesian Breaches: MatxCysec claimed to possess databases from the Madiun City Government (madiunkota.go.id) and Universitas Teknokrat (teknokrat.ac.id). The actor “RanzXZ” freely shared structured employee records from the Indonesian Supreme Court. Mr.PIMZZZXploit defaced biztechssr.politeknikssr.ac.id.

1.4 High-Profile Corporate and Government Extortion

Ticketmaster: Threat actors “The Silent Com” and “ShinyHunters” claimed to have stolen approximately 700 million records from Ticketmaster in a classic extortion/ransom demand.
Vercel: ShinyHunters is selling verified access to Vercel Company for $100,000 USD, including access keys, source code, and internal directory data (1.7TB total), warning of a potential massive supply chain attack.
Charter Communications: An actor affiliated with ShinyHunters exfiltrated data from Charter Communications, leaking 4.9 million unique records after the company failed to pay a ransom.
Baker Distributing Company: ShinyHunters leaked over 260,000 Salesforce records and corporate data after the company failed to reach a ransom agreement.
Military and Space Agencies: Actor “MrDarkRoot” offered top-secret US and Israeli military location data for $100,000, claiming the operation supported Hezbollah. “mosad” leaked confidential inspection documents for the Boeing CH-47F Chinook helicopter. The actor “node6240” claimed to have compromised the European Space Agency, offering 200GB of source code and credentials for $5,000.
National Governments: Actor “GordonFreeman” (L4TAMFUCK3RS) claimed to have breached Ecuador’s National Electoral Council, exfiltrating 13.5 million voter records and demanding a 4 BTC ransom. “neat” offered an entire population database from an undisclosed European country. “MrDarkRoot” offered citizen records for 10 million Kenyan individuals. Sensitive navigation system documents were allegedly stolen from Pakistan’s Ministry of Science and Technology and SUPARCO. Threat actors leaked an alleged database of 2 million records from the Mexican state of Coahuila. Data was also leaked from the Mexico City Health Secretariat. The actor “Xyph0rix” leaked a database allegedly belonging to the Russian FSB related to Ukraine intelligence operations , as well as a database from the Bermuda Police Service.
Corporate Data: “Masterbyte” offered 53 GB of data from Hyundai Steel Mexico for 1 BTC. “node6240” offered source code from Insightsoftware for $3,200 and Credera for $1,500. They also claimed access to audio systems manufacturer Tymphany for $10,000. Data from 340,000 users of the International Kiteboarding Organization was offered for $2,000. A database of 5 million records from Turkish ISP TTNET was made available for free. Threat actor “sc@ry_cRow” offered data from India’s Alhind Group, soliciting bids starting at $10,000. Actor “nearlevrai” claimed to sell 19 million records from French health insurance platform Ameli alongside 24 million parcel delivery records for 5,000 BTC.

2. Website Defacement Campaigns

The reporting period saw an extraordinary volume of website defacements, largely automated and conducted by specific threat actor groups targeting vulnerable web infrastructure globally.

2.1 The ‘chinafans’ (0xteam) Campaign

The most active defacement entity identified is “chinafans,” operating under the group “0xteam.” Their campaign overwhelmingly involved targeted, single-site defacements where a proof-of-compromise file (typically /0x.txt) was placed on the server, rather than mass homepage defacements. Victims spanned diverse industries and geographic locations:

Technology & Digital: PGI Digitales , CloudPulse IT , DBS Network Pakistan , Smartfact , Here You Go Solutions.
Retail & E-commerce: buyforce.shop , Bike Auto Reifen Service (Germany) , Officeworks Cyprus , Safetywaysales.
Construction & Agriculture: Diamond Quality Contractors , Starlight Farm LLC , Maharaja Farms (India).
Other Industries: DM Coaching , The Kings Country , 1stplace.com.br (Brazil) , best-meeting.cn (China) , sharonback.com , marrefi.com.br (Brazil) , Emtage Electric , vajrh.in (India) , shortlisted.work , a Thai Punycode domain , Easy Eaters , starte-die.cloud , Translation Linker , Life Readiness University , The Mag Moment , AutoShot Marketing , Pharma221 (Senegal) , Clasica Rock , SFBS (Ireland) , Wasl Al-Khair , derkanun.ch (Switzerland) , Oak Range Online (UK) , Valo Design (UK) , HepAction , flow-mat.com , pardesia.com , thehustlehustle.com.

2.2 CYKOMNEPAL Operations

The threat actor “CYKOMNEPAL” conducted multiple defacements, generally targeting individual pages or subdirectories.

Victims: Sundarbans Sindhuja (India) , IIT Bengaluru (India) , Excelium Consulting Compta , Dublins Electricians (Ireland) , HTAIPL (India) , Aash Logistics , and Buffalo Companion Animal Clinic (US).

2.3 Maw3six Mass Defacements

Unlike the file-placement tactics of 0xteam, threat actor “Maw3six” engaged in mass defacement campaigns, frequently altering content across multiple sites simultaneously.

Victims: DM Coaching , evelyse.fr (France) , canonistes.org , energetic.fr (France) , al-amiable.org , and estellei.eu.

2.4 Other Notable Defacement Activity

XLTAY HACK TEAM: This group conducted targeted defacements, including re-defacements of previously compromised sites. Victims included Yeou-Ching (Taiwan) , LSH Hotel , and Grand Test.
Phantom Sec Team (Claudexxx): The actor “Claudexxx” defaced ICMK Kannur (India) , A2E Enterprises (India) , and Zaptax (India).
Zod: Conducted mass defacements targeting Arete Soft Global and D. Marquis Selections.
Mr.PIMZZZXploit: Claimed responsibility for a widespread defacement campaign across multiple domains including erp.f-means.com and give4paws.org , biztechssr.politeknikssr.ac.id , yourlyfeapp.com , and Safe Space Foundation.
StarsX Neura-Sec Team: Claimed defacements against Indian domains itadvanceeducation.in and hcsm.co.in.
Miscellaneous Actors: Actor “azraelzer0d4y” (b1ohaz4rd) defaced the German platform wirhelfen.shop. Actor “omgsmok” (S4uD1Pwnz) defaced the official website of Madagascar’s Ministry of Communication. “CAC./Ohang” defaced Legal Divorce Docs. “OCTOPUS” (Midas Haxor Team) defaced Fenty Cover.

3. Carding and Financial Fraud Operations

The dark web forums “Darknet Army” and “Altenens” showed exceptionally high volume regarding the sale and free distribution of stolen payment card details, fraudulent identities, and money transfer services.

3.1 Carding Forums and Tutorials

Data Distribution: Threat actors like “SharkBank” and “linuxDaddy” heavily distributed fresh credit card data and “fullz” (full cardholder information), often associating them with specific Bank Identification Numbers (BINs) such as BIN 559888. SharkBank freely shared batches of stolen cards (e.g., x34, x32, x37, x30, x35) using reply-and-react engagement gates to drive forum participation. Another actor, “CC-GuRu,” offered free dumps, tracks, and PINs to registered forum users.
Tutorials and Methods: The actor “SyntaxSin” was highly active in publishing carding tutorials targeting specific platforms. These tutorials covered methods for bypassing anti-fraud systems on Wish , Nike , Cash App , Ding recharge service , Hotels , StockX , Canva Pro , AliExpress , and PUBG UC in-game currency.
Identity Fraud: Actors offered extensive identity fraud services. A 40GB database of identity documents (passports, IDs, driving licences) from multiple countries, including selfies and verification images, was offered for $400. Users actively sought fake ID vendors to open fraudulent bank accounts. Actor “cocosasha” sold scannable physical documents, business fullz, verified payment accounts, and cryptocurrency mixing services. Fake passports for the Netherlands , Romania , and Slovakia were also observed.

3.2 Fraudulent Transfer Services

A persistent campaign by a threat actor operating under the handle “@shag577” (or “Ghhhavsg136”) dominated the carding space.

Global Reach: This actor aggressively advertised stolen, validated, “non-VBV” credit cards sourced from the United States, United Kingdom, Canada, Australia, Germany, China, and Norway.
OTP Bypass & Cashout: The service was marketed with claims that the cards could bypass One-Time Password (OTP) verification. They were advertised as linkable to Apple Pay, Google Pay, CashApp, PayPal, and eBay. Furthermore, the actor offered “fraudulent cash transfer services” acting as a money mule operation, promising payouts at highly inflated return ratios.
Bank Accounts: Another actor, “AlmightyXiV,” sold fraudulent bank account “openups” with physical debit cards across major US, UK, and EU financial institutions (USAA, Chase, HSBC, etc.), alongside custom-name accounts for crypto exchanges and identity verification bypass services (Sumsub/Onfido).

4. Malware, Vulnerabilities, and Initial Access

The ecosystem surrounding the facilitation of cyber attacks remains robust, with the trade of Remote Access Trojans (RATs), vulnerability disclosures, and initial access brokering.

4.1 Malware Distribution

Remote Access Trojans (RATs): Multiple RATs were observed in distribution. A private edition RAT called “DRX-RAT X” was sold for $299, claiming support for Windows, Android, and iOS, featuring kernel-level persistence and sandbox evasion. The actor “zerodark” freely distributed historical and newer RATs, framing them as educational or research tools; these included SubSeven 2.2 , SS-RAT 0.3 Beta , XpertRAT v3.0.10 , and SharpEye-RAT 1.0 Beta 2.
Frameworks & Drainers: “zerodark” also distributed the “Universal Framework,” a modular cyber tool for multi-stage execution patterns , and STORM v2.6.0.2 for vulnerability scanning. Actor “Darkode1” sold an advanced crypto drainer service designed to steal cryptocurrency without requiring seed phrases. A tool previously known as “Bitcoin Hunter” was also distributed for unauthorized wallet access.
The Atlas Malware: Security researchers identified a Chinese-speaking hacker group deploying a new malware called “Atlas” against organizations in Germany, Italy, the UK, and South Africa. Delivered via spear-phishing, Atlas allows attackers to steal files, log activities, and access webcams/microphones.

4.2 Vulnerability Exploitation

Adobe Acrobat Reader: A detailed technical write-up exposed a Use-After-Free (UAF) vulnerability in Adobe Acrobat Reader’s Escript.api module. Triggered via the __defineGetter__() JavaScript API, the flaw leads to a dangling pointer and potential Remote Code Execution (RCE).
Creative Sound Blaster: Researchers detailed a vulnerability in the Creative Sound Blaster Katana V2X firmware, allegedly allowing unauthenticated attackers within Bluetooth range (15 meters) to compromise the device, turning it into a surveillance tool or HID injection device.
NASA: A vulnerability was reported in NASA’s science.nasa.gov domain regarding an exposed wp-admin endpoint.

4.3 Initial Access Brokers

Compromised Accounts: Threat actors offered 28 compromised Telegram accounts sourced from various countries in a packaged zip file. Actor “Yuze” sold targeted email access to Hotmail, Yahoo, and AT&T accounts, highlighting linked services like Walmart, Uber, and Reddit. Actor “pipl1on33uku” sold compromised TikTok (including stores and 500k+ follower accounts) and Shein accounts.
Infrastructure Access: The actor “PORTAL” offered RDP access rentals to cloud infrastructure providers including Azure, AWS, and DigitalOcean for $200. Free SFTP access credentials were also shared on a hacking forum.

5. Strategic Threat Landscape Analysis & Trends

An analysis of the intelligence compiled from report.txt over this intense 48-hour monitoring period reveals distinct strategic pivots within the cybercriminal ecosystem. The sheer velocity of data listings, automated infrastructure compromises, and systemic financial manipulation underscores several critical trends that security teams must anticipate.

5.1 The Bureaucratization and Aggregation of Data Sales

The operational cadence of actors such as Aquahack and DBHunter highlights a shift toward industrial-scale data brokering. Rather than storing stolen repositories for internal exploitation, threat actors are aggressively categorizing, structuring, and monetizing exfiltrated assets. Databases are routinely segmented into practical, scannable subsets (e.g., separating user PII, transaction data, and authentication histories) to optimize their appeal to downstream malicious actors who specialize in targeted social engineering and credential stuffing.

5.2 Supply Chain and Infrastructure Vulnerabilities as Force Multipliers

The extortion campaigns led by advanced groups like ShinyHunters and The Silent Com demonstrate that threat actors are intentionally aiming for high-leverage points within corporate supply chains. The targeting of web deployment platforms like Vercel with the explicit intent to orchestrate downstream Next.js package update supply chain attacks signals a highly sophisticated understanding of modern software architecture. Compromising single, centralized development pipelines allows actors to implicitly bypass traditional perimeter defenses across thousands of downstream environments simultaneously.

5.3 Automated Perimeter Probing and Opportunistic Attacks

The relentless website defacement campaigns observed across global regions—most notably by chinafans (0xteam) and Maw3six—serve as an operational diagnostic tool for the broader threat landscape. While individual defacements carry lower immediate financial impact than double-extortion ransomware, these activities indicate widespread, successful mass-scanning for common web server vulnerabilities, unpatched Content Management Systems (CMS), or misconfigured file management paths (such as the identified KindEditor path vulnerabilities). Sites vulnerable to proof-of-compromise file writes (/0x.txt) are inherently exposed to higher-severity intrusions, such as webshell deployment, database access-log harvesting, and persistent malware injection.

6. Targeted Defensive Recommendations

To address the multifaceted vectors detailed throughout this threat intelligence analysis, organizations should implement the following defensive actions immediately:

6.1 Database and API Security Optimization

Enforce Strict Schema and API Token Controls: Restrict GraphQL and REST endpoints from unauthenticated enumeration. Implement aggressive rate-limiting and behavior-based blocking to prevent actors from performing scraping operations via public endpoints, as seen in the Spotify and Whatnot incidents.
Implement Cryptographic Database Masking: Ensure that sensitive fields—such as national identifiers (CURP, NIK, SSN), bank accounts, and health registration numbers—are stored using robust encryption algorithms rather than plaintext or basic hashing configurations.

6.2 Perimeter and Web Server Hardening

Establish Regular File Integrity Monitoring (FIM): Configure automated alerts to detect unauthorized file creations or modifications across all root and subdirectory environments. This directly mitigates the silent file-upload techniques used by groups like 0xteam to prove system compromise.
Perform Patch Management Audits: Ensure that content management modules, text editors, and third-party extensions are locked down, updated, or decommissioned if they expose accessible administrative endpoints (/wp-admin) or default file-upload scripts.

6.3 Identity and Session Security

Enforce Phishing-Resistant Multi-Factor Authentication (MFA): With Initial Access Brokers (IABs) actively selling tested session tokens and compromised RDP/Cloud provider infrastructure, traditional password-based authentication is fundamentally compromised. Organizations must transition to hardware tokens or cryptographic passkeys to ensure that exfiltrated session cookies cannot easily grant access to cloud deployments.

7. Conclusion

The situational data derived from report.txt presents a sobering picture of a highly responsive, commercially driven cybercrime network. Threat actors have demonstrated an ability to pivot rapidly from network intrusion and credential harvesting to monetized extortion and bulk data leaks.

Whether dealing with opportunistic text-file defacements or coordinated, multi-million dollar extortion schemes targeting critical corporate platforms, the primary lesson is clear: cybercriminals are treating vulnerabilities as commodity raw materials for their financial supply chains. Defense-in-depth is no longer a theoretical framework; it is an active operational necessity. Organizations must aggressively shrink their external attack surface, systematically audit public-facing APIs, and treat the security of internal corporate infrastructure as a direct element of global supply chain integrity.

Detected Incidents Draft Data – 2026-06-05 (run date)

Alleged data leak of Coahuila government database with 2 million records
Category: Data Leak
Content: A threat actor identified as V01, affiliated with the group EXILIADOS, has freely distributed an alleged database attributed to the Mexican state of Coahuila. The dataset reportedly contains approximately 2 million records including national ID numbers (CVE/CURP), full names, dates of birth, gender, and addresses. The data is being made available via an external file-sharing link.
Date: 2026-06-05T04:15:31Z
Network: openweb
Published URL: https://breached.su/threads/choahuila-database-2-millon-records.87982/unread
Screenshots:
1 screenshot(s) available
Threat Actors: V01
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Coahuila State Government
Victim Site: Unknown
Sale of 40GB Identity Document Database Including Passports, IDs, and Driving Licences
Category: Carding
Content: A threat actor is offering for sale a 40GB+ collection of identity documents including passports, national IDs, and driving licences from multiple countries. The dataset reportedly includes front and back scans, selfies, and other verification images, compressed in 7Z/ZIP/RAR format. The seller is asking $400 and directing interested buyers to a Telegram handle.
Date: 2026-06-05T03:45:24Z
Network: openweb
Published URL: https://breached.su/threads/40gb-composed-passport-ids-driving-licences-passport-controlidentification-card.87981/unread
Screenshots:
1 screenshot(s) available
Threat Actors: gravenet
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Ticketmaster data breach – 700M records claimed by The Silent Com & ShinyHunters
Category: Data Breach
Content: Threat actors claiming to have breached Ticketmaster and stolen approximately 700 million records. The actors (The Silent Com and ShinyHunters) are offering to negotiate before releasing the data publicly on BF (likely referring to a breach forum). This represents a classic extortion/ransom demand.
Date: 2026-06-05T03:29:58Z
Network: telegram
Published URL: https://t.me/c/3500620464/9239
Screenshots:
1 screenshot(s) available
Threat Actors: The Silent Com
Victim Country: United States
Victim Industry: Entertainment/Ticketing
Victim Organization: Ticketmaster
Victim Site: ticketmaster.com
Website Defacement of DM Coaching by Threat Actor maw3six
Category: Defacement
Content: Threat actor maw3six defaced the website of DM Coaching, a professional coaching service operating under the .eu domain, on June 5, 2026. The defacement targeted a non-home page of the site and was not part of a mass or redefacement campaign. The compromised server was running on a Linux-based environment.
Date: 2026-06-05T03:29:27Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249802
Screenshots:
1 screenshot(s) available
Threat Actors: maw3six
Victim Country: European Union
Victim Industry: Coaching / Professional Services
Victim Organization: DM Coaching
Victim Site: dmcoaching.eu
Website Defacement of PGI Digitales by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website pgidigitales.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement was a targeted single-site incident, with a mirror of the defaced page archived at zone-xsec.com. No specific motive or vulnerability information was disclosed in connection with the attack.
Date: 2026-06-05T03:28:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931333
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Digital Services / Technology
Victim Organization: PGI Digitales
Victim Site: pgidigitales.com
Website Defacement of The Kings Country by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website thekingscountry.com was defaced by a threat actor using the handle chinafans, operating under the group 0xteam. The defacement was a targeted, single-site incident with a text file (0x.txt) placed on the server as proof of compromise. No additional technical details regarding the server infrastructure or motivation were disclosed.
Date: 2026-06-05T03:27:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931344
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: The Kings Country
Victim Site: thekingscountry.com
Alleged distribution of phishing kit and credential harvesting materials
Category: Phishing
Content: Threat actor distributing phishing materials with social engineering lure text designed to trick users into entering credentials. Associated Telegram repository (BF REPO V 3) referenced for file distribution.
Date: 2026-06-05T03:26:50Z
Network: telegram
Published URL: https://t.me/c/3500620464/9235
Screenshots:
1 screenshot(s) available
Threat Actors: Breach
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of 1stplace.com.br by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the Brazilian website 1stplace.com.br. The incident was a targeted, single-site defacement with a mirror archived at zone-xsec.com. No specific motive or server details were disclosed in connection with the attack.
Date: 2026-06-05T03:26:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931346
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: 1st Place
Victim Site: 1stplace.com.br
Website defacement of best-meeting.cn by chinafans (0xteam)
Category: Defacement
Content: The website best-meeting.cn was defaced by threat actor chinafans, operating under the group 0xteam, on June 5, 2026. The defacement was a targeted single-site attack, with a mirror of the defaced page archived at zone-xsec.com. No specific motivation or server details were disclosed in connection with this incident.
Date: 2026-06-05T03:25:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931331
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: China
Victim Industry: Unknown
Victim Organization: Best Meeting
Victim Site: best-meeting.cn
Alleged Threat Actor Contact Information – The Silent Com
Category: Cyber Attack
Content: Threat actor group The Silent Com (also referenced as The Com) has published official contact information for breach negotiations. Contact methods include Session encrypted messaging application (Account ID: 05ad43fbd1cfde283214281275c69f7f72abdfa8ff69200793f90eb76589889e20) and Telegram handle @node6240.
Date: 2026-06-05T03:25:03Z
Network: telegram
Published URL: https://t.me/c/3500620464/9206
Screenshots:
1 screenshot(s) available
Threat Actors: The Silent Com
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of buyforce.shop by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor operating under the alias chinafans, affiliated with 0xteam, defaced the website buyforce.shop by altering the file located at the path /0x.txt. The incident was a targeted, single-site defacement with no indication of mass or repeated defacement activity. Technical details such as the server environment and IP address were not disclosed in the available reporting.
Date: 2026-06-05T03:24:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931328
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: E-commerce / Retail
Victim Organization: BuyForce
Victim Site: buyforce.shop
Website Defacement of wirhelfen.shop by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On June 5, 2026, threat actor azraelzer0d4y, operating under the team b1ohaz4rd, defaced the website wirhelfen.shop, a German e-commerce platform. The attack targeted a media directory path and was a singular, targeted defacement rather than a mass or repeated incident. The defacement was documented and mirrored by zone-xsec.com.
Date: 2026-06-05T03:23:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931352
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Germany
Victim Industry: E-Commerce / Retail
Victim Organization: Wirhelfen Shop
Victim Site: wirhelfen.shop
Website Defacement of sharonback.com by chinafans (0xteam)
Category: Defacement
Content: The website sharonback.com was defaced by threat actor chinafans operating under the group 0xteam on June 5, 2026. The defacement targeted a specific file path (/0x.txt) rather than the homepage, suggesting a targeted file-level intrusion. The incident was recorded and mirrored by zone-xsec.com under mirror ID 931327.
Date: 2026-06-05T03:22:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931327
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Sharon Back
Victim Site: sharonback.com
Website Defacement of marrefi.com.br by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the Brazilian website marrefi.com.br was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement was a targeted single-site incident, with a mirror of the defaced content archived at zone-xsec.com. No specific motivation or server details were disclosed in connection with the attack.
Date: 2026-06-05T03:21:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931329
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Marrefi
Victim Site: marrefi.com.br
Website Defacement of CloudPulseIT by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website cloudpulseit.net was defaced by threat actor chinafans operating under the group 0xteam. The defacement targeted a specific file path (/0x.txt) rather than the homepage, indicating a targeted file-level intrusion. The incident was recorded and mirrored by zone-xsec.com as reference ID 931340.
Date: 2026-06-05T03:20:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931340
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Information Technology
Victim Organization: CloudPulse IT
Victim Site: cloudpulseit.net
Request to purchase stolen payment cards and fullz
Category: Carding
Content: A forum user is seeking sellers of stolen credit cards (Visa, Mastercard, Amex), fullz, and non-VBV cards, with escrow accepted. The post includes contact details via Telegram and Jabber. No specific victim or dataset is referenced.
Date: 2026-06-05T03:15:41Z
Network: openweb
Published URL: https://darkforums.su/Thread-Buying-looking-for-seller-cc-fullz%C2%A0-visa-master-amex–78974
Screenshots:
1 screenshot(s) available
Threat Actors: durand
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Bike-Auto-Reifen-Service by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor identified as chinafans, operating under the team 0xteam, defaced the German automotive and tire service website bike-auto-reifen-service.de. The incident was a targeted single-site defacement, not classified as a mass or home page defacement. The attack details are documented via a mirror archived on zone-xsec.com.
Date: 2026-06-05T03:14:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931323
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Germany
Victim Industry: Automotive Services / Retail
Victim Organization: Bike Auto Reifen Service
Victim Site: bike-auto-reifen-service.de
Website Defacement of Emtage Electric by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website emtageelectric.com was defaced by threat actor chinafans operating under the group 0xteam. The defacement targeted a specific file path (/0x.txt) rather than the sites homepage, indicating a targeted file-level intrusion. The incident was catalogued and mirrored by zone-xsec, a known defacement tracking platform.
Date: 2026-06-05T03:13:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931273
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Energy & Utilities
Victim Organization: Emtage Electric
Victim Site: emtageelectric.com
Website Defacement of vajrh.in by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the Indian website vajrh.in. The defacement was a targeted single-site attack, with the defaced content accessible at the path /0x.txt. A mirror of the defacement was archived via zone-xsec.com.
Date: 2026-06-05T03:12:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931288
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: vajrh.in
Website Defacement of shortlisted.work by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website shortlisted.work by uploading a defacement file at the path /0x.txt. The incident was a targeted, single-site defacement with no mass or re-defacement indicators. The attackers motivation and server details remain unknown.
Date: 2026-06-05T03:12:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931321
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Shortlisted
Victim Site: shortlisted.work
Website Defacement by chinafans of 0xteam
Category: Defacement
Content: On June 5, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced a website hosted on the domain xn--12c1baev3c1c3jnaw1b.com, which appears to be a Punycode-encoded Thai internationalized domain name. The incident was a targeted single-site defacement and has been archived via zone-xsec. No specific motive, server details, or organizational victim information were disclosed.
Date: 2026-06-05T03:11:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931315
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Thailand
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: xn--12c1baev3c1c3jnaw1b.com
Alleged Data Leak of Viva Communications Inc. (viva.com.ph)
Category: Data Leak
Content: A threat actor claiming affiliation with DeathNoteHackersPH has freely released approximately 10GB of data allegedly exfiltrated from Viva Communications Inc., a major Philippine entertainment conglomerate. The dump reportedly includes project permits, internal memos, and employee and associate email data. The actor claims this is a repeat intrusion following a prior breach in 2024, asserting the organization failed to remediate security weaknesses.
Date: 2026-06-05T03:11:23Z
Network: openweb
Published URL: https://breached.su/threads/viva-com-ph-data-leak-have-fun.87979/unread
Screenshots:
2 screenshot(s) available
Threat Actors: DNH
Victim Country: Philippines
Victim Industry: Entertainment
Victim Organization: Viva Communications Inc.
Victim Site: viva.com.ph
Alleged data leak of Krys.com partial customer database
Category: Data Leak
Content: A threat actor has leaked a partial database allegedly belonging to Krys.com, a French optical retail chain with over 1,000 stores. The dump contains approximately 294,206 lines covering 201,202 individuals in JSON format, including order records with names, addresses, dates of birth, French social security numbers (NSS), and financial totals. The actor also announced an upcoming sale of 153,675 additional customer-related files.
Date: 2026-06-05T03:11:16Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78979
Screenshots:
1 screenshot(s) available
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Retail
Victim Organization: Krys
Victim Site: krys.com
Website Defacement of Officeworks Cyprus by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor identified as chinafans, operating under the group 0xteam, defaced a page on the officeworks.cy domain, targeting what appears to be a Cypriot office supplies or retail organization. The defacement was a targeted single-site incident, with a mirror of the defaced content archived at zone-xsec.com. No additional technical details such as server software or exploitation method were disclosed.
Date: 2026-06-05T03:10:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931316
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Cyprus
Victim Industry: Retail
Victim Organization: Officeworks Cyprus
Victim Site: officeworks.cy
Website Defacement of Easy Eaters by chinafans (0xteam)
Category: Defacement
Content: The website easy-eaters.com was defaced by threat actor chinafans, operating under the group 0xteam, on June 5, 2026. The defacement was recorded as a single targeted incident, not classified as a mass or redefacement event. A mirror of the defaced page has been archived at zone-xsec.com.
Date: 2026-06-05T03:09:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931274
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Food & Beverage
Victim Organization: Easy Eaters
Victim Site: easy-eaters.com
Website Defacement of starte-die.cloud by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor known as chinafans, operating under the team 0xteam, defaced the website starte-die.cloud, leaving a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no additional technical indicators such as server software or IP address recorded. The attack was documented and mirrored by zone-xsec.com.
Date: 2026-06-05T03:09:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931304
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: starte-die.cloud
Website Defacement of Translation Linker by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website translationlinker.com was defaced by threat actor chinafans operating under the group 0xteam. The defacement targeted a language and translation services platform, with a mirror of the defaced page archived at zone-xsec.com. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity.
Date: 2026-06-05T03:08:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931325
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Language Services / Translation
Victim Organization: Translation Linker
Victim Site: translationlinker.com
Website Defacement of Life Readiness University by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website lifereadinessuniversity.com was defaced by threat actor chinafans operating under the group 0xteam. The attack was a targeted single-site defacement, replacing the sites content with the attackers messaging. No specific motive or server details were disclosed in the available intelligence.
Date: 2026-06-05T03:07:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931287
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Life Readiness University
Victim Site: lifereadinessuniversity.com
Website Defacement of DBS.net.pk by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced a page on the Pakistani web domain dbs.net.pk, leaving a file at the path /0x.txt. The incident was a targeted, single-site defacement with no indication of mass or repeated defacement activity. The attack was mirrored and recorded by zone-xsec.com under mirror ID 931281.
Date: 2026-06-05T03:07:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931281
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Pakistan
Victim Industry: Technology / Internet Services
Victim Organization: DBS Network Pakistan
Victim Site: dbs.net.pk
Alleged sale of Vercel access keys, source code, and database by ShinyHunters
Category: Initial Access
Content: ShinyHunters threat actor is selling verified access to Vercel Company including access keys, source code, database dumps, and multiple employee accounts with internal deployment access. The sale includes API keys (NPM tokens, GitHub tokens), and internal user directory data (1.7TB total). Threat actor explicitly describes potential for largest supply chain attack via Next.js package updates affecting millions of developers globally. Price: $100k USD. Contact via XMPP, Telegram, and email provid…
Date: 2026-06-05T03:07:05Z
Network: telegram
Published URL: https://t.me/c/3500620464/9195
Screenshots:
1 screenshot(s) available
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Cloud Computing / Web Development Platform
Victim Organization: Vercel
Victim Site: vercel.com
Website Defacement of ThemagMoment by chinafans (0xteam)
Category: Defacement
Content: The website themagmoment.com was defaced by threat actor chinafans operating under the group 0xteam on June 5, 2026. The defacement was a targeted, single-site attack rather than a mass or home page defacement. A mirror of the defaced content was archived at zone-xsec.com.
Date: 2026-06-05T03:06:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931309
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: The Mag Moment
Victim Site: themagmoment.com
Website defacement of Smartfact by chinafans of 0xteam
Category: Defacement
Content: On June 5, 2026, the website smartfact.io was defaced by threat actor chinafans operating under the group 0xteam. The defacement targeted a specific file path (0x.txt) rather than the homepage, suggesting a targeted file-level intrusion. The incident was neither a mass defacement nor a redefacement, indicating a singular targeted attack against the Smartfact platform.
Date: 2026-06-05T03:05:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931295
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Smartfact
Victim Site: smartfact.io
Website Defacement of Diamond Quality Contractors by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website of Diamond Quality Contractors was defaced by a threat actor operating under the handle chinafans, affiliated with the group 0xteam. The attack targeted a construction services company and resulted in a single-page defacement of a non-homepage URL. No specific motivation or vulnerability details were disclosed in the available intelligence.
Date: 2026-06-05T03:05:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931326
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Construction
Victim Organization: Diamond Quality Contractors
Victim Site: diamondqualitycontractors.com
Website Defacement of HereYouGoSolutions by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website hereyougosolutions.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement targeted a specific file path (/0x.txt) rather than the homepage, indicating a targeted file placement or partial defacement. No mass or repeated defacement patterns were observed in this incident.
Date: 2026-06-05T03:04:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931290
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology / IT Services
Victim Organization: Here You Go Solutions
Victim Site: hereyougosolutions.com
Website Defacement of AutoShot Marketing by chinafans (0xTeam)
Category: Defacement
Content: The website autoshotmarketing.com was defaced by threat actor chinafans, operating under the group 0xTeam, on June 5, 2026. The defacement targeted a specific file path (0x.txt) on the marketing companys web server. The incident was a single targeted defacement rather than a mass or redefacement campaign.
Date: 2026-06-05T03:03:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931293
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Marketing
Victim Organization: AutoShot Marketing
Victim Site: autoshotmarketing.com
Website Defacement of pharma221.sn by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website pharma221.sn, a pharmaceutical-related entity based in Senegal. The defacement targeted a specific text file (0x.txt) on the server, a common technique used to demonstrate unauthorized access. The incident was recorded as a single, non-mass defacement event.
Date: 2026-06-05T03:03:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931297
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Senegal
Victim Industry: Pharmaceuticals / Healthcare
Victim Organization: Pharma221
Victim Site: pharma221.sn
Website Defacement of ClasicarRock by chinafans (0xTeam)
Category: Defacement
Content: On June 5, 2026, the website clasicarock.com was defaced by threat actor chinafans operating under the group 0xTeam. The attacker uploaded a defacement file at clasicarock.com/0x.txt. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity.
Date: 2026-06-05T03:02:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931272
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Entertainment/Music
Victim Organization: Clasica Rock
Victim Site: clasicarock.com
Website defacement of SFBS by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the attacker known as chinafans, operating under the team 0xteam, defaced a page on sfbs.ie, an Irish domain likely associated with financial or business services. The defacement was a targeted, non-mass incident affecting a single page rather than the sites homepage. A mirror of the defacement was archived on zone-xsec.com.
Date: 2026-06-05T03:01:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931291
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Ireland
Victim Industry: Financial Services
Victim Organization: SFBS (South Fingal Business Services)
Victim Site: sfbs.ie
Website Defacement of Wasl Al-Khair by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website wasl-alkhair.com. The defacement was a targeted single-page attack rather than a mass or home page defacement. The incident was archived and mirrored via zone-xsec.com for documentation purposes.
Date: 2026-06-05T03:00:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931289
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Wasl Al-Khair
Victim Site: wasl-alkhair.com
Website Defacement of Starlight Farm LLC by chinafans (0xteam)
Category: Defacement
Content: The website of Starlight Farm LLC, an agricultural business, was defaced by threat actor chinafans operating under the group 0xteam on June 5, 2026. The attacker uploaded a defacement file (0x.txt) to the target web server. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity.
Date: 2026-06-05T03:00:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931318
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Agriculture
Victim Organization: Starlight Farm LLC
Victim Site: starlightfarmllc.com
Website Defacement of derkanun.ch by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the Swiss website derkanun.ch by altering a text file (0x.txt). The incident was a targeted defacement, not classified as mass or home page defacement. The attack was mirrored and documented by zone-xsec.com.
Date: 2026-06-05T02:59:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931292
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Switzerland
Victim Industry: Unknown
Victim Organization: Der Kanun
Victim Site: derkanun.ch
Website Defacement of SafetywayS ales by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website safetywaysales.com was defaced by threat actor chinafans operating under the group 0xteam. The defacement was a targeted, single-site incident with the defaced content hosted at the path /0x.txt. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-06-05T02:58:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931275
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Retail / Safety Equipment Sales
Victim Organization: Safetywaysales
Victim Site: safetywaysales.com
Website Defacement of Oak Range Online by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website oakrangeonline.co.uk was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement was a targeted single-site incident, with the defaced content mirrored at zone-xsec.com. No specific motive or server details were disclosed in connection with this attack.
Date: 2026-06-05T02:58:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931277
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Oak Range Online
Victim Site: oakrangeonline.co.uk
Website Defacement of Valo Design by chinafans (0xteam)
Category: Defacement
Content: The website valodesign.co.uk, belonging to UK-based design firm Valo Design, was defaced by threat actor chinafans operating under the group 0xteam on June 5, 2026. The defacement was recorded as a single targeted incident, not part of a mass or repeated defacement campaign. A mirror of the defaced page was archived at zone-xsec.com.
Date: 2026-06-05T02:57:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931282
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United Kingdom
Victim Industry: Design / Creative Services
Victim Organization: Valo Design
Victim Site: valodesign.co.uk
Website Defacement of HepAction by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website hepaction.org was defaced by threat actor chinafans operating under the group 0xteam. The attacker targeted a specific file path (0x.txt) on the domain, likely associated with a hepatitis awareness or advocacy organization. The incident was recorded as a single targeted defacement rather than a mass or redefacement event.
Date: 2026-06-05T02:56:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931320
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Healthcare/Non-Profit
Victim Organization: HepAction
Victim Site: hepaction.org
Website Defacement of flow-mat.com by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website flow-mat.com was defaced by a threat actor operating under the handle chinafans, affiliated with the hacking group 0xteam. The attacker targeted the domain and planted a defacement file at flow-mat.com/0x.txt. The incident was a single-target, non-mass defacement with no specific motive publicly disclosed.
Date: 2026-06-05T02:55:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931269
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Flow Mat
Victim Site: flow-mat.com
Website Defacement of pardesia.com by chinafans (0xteam)
Category: Defacement
Content: The website pardesia.com was defaced by a threat actor known as chinafans, operating under the group 0xteam, on June 5, 2026. The defacement targeted a specific file path (0x.txt) rather than the homepage, suggesting a targeted file-level compromise. The incident was neither a mass defacement nor a redefacement, and technical details such as server software and IP address were not disclosed.
Date: 2026-06-05T02:55:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931284
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Pardesia
Victim Site: pardesia.com
Website Defacement of Maharaja Farms by chinafans (0xteam)
Category: Defacement
Content: The website themaharajafarms.co.in, belonging to Maharaja Farms in India, was defaced by threat actor chinafans operating under the group 0xteam on June 5, 2026. The defacement was a targeted, non-mass attack against a single agricultural sector domain. A mirror of the defaced page has been archived at zone-xsec.com.
Date: 2026-06-05T02:54:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931279
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: India
Victim Industry: Agriculture
Victim Organization: Maharaja Farms
Victim Site: themaharajafarms.co.in
Website Defacement of thehustlehustle.com by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor known as chinafans, affiliated with 0xteam, defaced the website thehustlehustle.com, leaving a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no indication of mass or repeated compromise. Server and infrastructure details were not disclosed.
Date: 2026-06-05T02:53:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931312
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: The Hustle Hustle
Victim Site: thehustlehustle.com
Sale of DRX-RAT remote access trojan supporting Windows, Android, and iOS
Category: Malware
Content: A threat actor is offering a private edition RAT called DRX-RAT X for $299 with claimed support for Windows, Android, and iOS platforms. The malware is advertised with features including FUD crypted payloads, kernel-level persistence, sandbox evasion, and a cloud-based C2 infrastructure. The seller claims limited availability of three copies before removing the listing.
Date: 2026-06-05T02:44:47Z
Network: openweb
Published URL: https://darknetarmy.io/threads/drx-rat-x-the-ultimate-remote-access-trojan-tool-framework-limited-access.136023/
Screenshots:
1 screenshot(s) available
Threat Actors: cyberhexa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of BIN information for ProCredit Bank Bulgaria VISA Credit Business card
Category: Carding
Content: A forum post on a carding community shares BIN information (416379) associated with a VISA Credit Business card issued by ProCredit Bank (Bulgaria) AD. The content is gated behind a reaction requirement, suggesting it is used to drive forum engagement. The post provides BIN-level card details usable for carding or fraud activity.
Date: 2026-06-05T02:43:59Z
Network: openweb
Published URL: https://darknetarmy.io/threads/%F0%9D%97%95%F0%9D%97%B6%F0%9D%97%BB-%F0%9D%97%9C%F0%9D%97%BB%F0%9D%97%B3%F0%9D%97%BC-%E2%9E%AA-416379-%F0%9F%82%A1-%F0%9D%97%9C%F0%9D%97%BB%F0%9D%97%B3%F0%9D%97%BC-%E2%9E%AA-visa-credit-business-%F0%9F%82%A1-%F0%9D%97%95%F0%9D%97%AE%F0%9D%97%BB%F0%9D%97%B8-%E2%9E%AA-procredit-bank-bulgaria-ad-%F0%9F%82%A1-%F0%9D%97%96%F0%9D%97%BC%F0%9D%98%82%F0%9D%97%BB%F0%9D%98%81%F0%9D%97%BF%F0%9D%98%BA-%E2%9E%AA-bulgaria-%F0%9F%87%A7%F0%9F%87%AC.136047/
Screenshots:
1 screenshot(s) available
Threat Actors: NickNix
Victim Country: Bulgaria
Victim Industry: Finance
Victim Organization: ProCredit Bank (Bulgaria) AD
Victim Site: Unknown
Alleged data leak of allegromusique.fr
Category: Data Leak
Content: A threat actor known as DBHunter has freely distributed a database allegedly belonging to allegromusique.fr, a French music retailer. The leaked data includes customer names, phone numbers, email addresses, birth dates, and account status fields. The post includes a sample of structured JSON records with IDs reaching into the millions, suggesting a potentially large dataset.
Date: 2026-06-05T02:43:16Z
Network: openweb
Published URL: https://darknetarmy.io/threads/database-fr-allegromusique-fr-leaked-download.129234/
Screenshots:
2 screenshot(s) available
Threat Actors: DBHunter
Victim Country: France
Victim Industry: Retail
Victim Organization: Allegro Musique
Victim Site: allegromusique.fr
Alleged data leak of Instituto Tecnológico del Istmo, Mexico
Category: Data Leak
Content: A threat actor is distributing an alleged database dump from Instituto Tecnológico del Istmo, Mexico. The dataset reportedly includes full names, phone numbers, personal email addresses, dates of birth, home addresses, CURP (national ID), academic program, disability status, indigenous language data, household information, and income details. The data is made available via a gated download link requiring forum engagement.
Date: 2026-06-05T02:42:38Z
Network: openweb
Published URL: https://darknetarmy.io/threads/database-m%C3%89xico-instituto-tecnol%C3%93gico-del-istmo.129229/
Screenshots:
1 screenshot(s) available
Threat Actors: DBHunter
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Instituto Tecnológico del Istmo
Victim Site: Unknown
Alleged data breach of cock.li email service
Category: Data Breach
Content: A threat actor has leaked what appears to be a database dump from cock.li, an anonymous email provider. The shared data includes email addresses, plaintext passwords, and IP addresses stored in an accounts table with records dating from 2018 to 2025. The post contains SQL schema and sample INSERT statements but the total record count is not specified.
Date: 2026-06-05T02:42:17Z
Network: openweb
Published URL: https://darknetarmy.io/threads/database-cock-li-database.87432/
Screenshots:
1 screenshot(s) available
Threat Actors: DBHunter
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: cock.li
Victim Site: cock.li
Alleged data breach of studentqr.com
Category: Data Breach
Content: A threat actor known as DBHunter claims to be leaking or selling the full database of studentqr.com, a Malaysian website. The post advertises full database access, suggesting a complete compromise of the platforms data. No further details are available from the post content.
Date: 2026-06-05T02:41:49Z
Network: openweb
Published URL: https://darknetarmy.io/threads/database-studentqr-com-malaysian-website-full-database-full-access.73723/
Screenshots:
1 screenshot(s) available
Threat Actors: DBHunter
Victim Country: Malaysia
Victim Industry: Education
Victim Organization: StudentQR
Victim Site: studentqr.com
Alleged data leak of My Kospra Malaysia member database
Category: Data Leak
Content: A threat actor has freely shared what appears to be a member database from My Kospra, a Malaysian government cooperative. The leaked data includes national ID numbers, full names, government email addresses, office and mobile phone numbers, member numbers, payroll numbers, membership dates, and membership status. Exposed individuals include senior Malaysian Anti-Corruption Commission (SPRM) officials based on the email domain sprm.gov.my.
Date: 2026-06-05T02:40:29Z
Network: openweb
Published URL: https://darknetarmy.io/threads/source-code-data-anggota-my-kospra-malaysia.74069/
Screenshots:
1 screenshot(s) available
Threat Actors: DBHunter
Victim Country: Malaysia
Victim Industry: Government
Victim Organization: My Kospra (Koperasi Perkhidmatan Awam Malaysia)
Victim Site: mykospra.com.my
Alleged data leak of Bulelang village resident data, Indonesia
Category: Data Leak
Content: A threat actor known as DBHunter has freely shared an alleged dataset containing approximately 2.606 million village resident records from Bulelang, Indonesia. The leaked data includes national identity numbers (NIK), family card numbers (KK), full names, dates of birth, and addresses at the village and sub-district level. The breach is claimed to have occurred in 2025.
Date: 2026-06-05T02:40:04Z
Network: openweb
Published URL: https://darknetarmy.io/threads/source-code-village-resident-data-sentsit-bulelang-2606-thousand.71200/
Screenshots:
2 screenshot(s) available
Threat Actors: DBHunter
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Sentsit Bulelang Village Administration
Victim Site: Unknown
Alleged data breach of Indiana Athletics
Category: Data Breach
Content: A threat actor known as DBHunter has shared what appears to be a SQL database dump from indianathletics.in, dated February 2023. The leaked data includes sensitive personal information such as full names, dates of birth, gender, nationality, email addresses, plaintext passwords, mobile numbers, Aadhaar numbers, and physical addresses of registered athletes. The data also contains references to identity documents including passport and photograph files.
Date: 2026-06-05T02:39:20Z
Network: openweb
Published URL: https://darknetarmy.io/threads/sql-indianathletics-in.97418/
Screenshots:
2 screenshot(s) available
Threat Actors: DBHunter
Victim Country: India
Victim Industry: Sports
Victim Organization: Indiana Athletics
Victim Site: indianathletics.in
Alleged data breach of NHCollegeLive Patcharkuchi
Category: Data Breach
Content: A threat actor known as DBHunter has leaked what appears to be a database dump from nhcollegelive.co.in, an Indian educational institutions online platform. The exposed data includes student names, addresses, email addresses, phone numbers, passwords, and enrollment details. The post was shared on a darknet forum under a hacked database leaks section.
Date: 2026-06-05T02:38:26Z
Network: openweb
Published URL: https://darknetarmy.io/threads/source-code-nhcollegelive-patcharkuchi-nhcollegelive-co-in.68728/
Screenshots:
1 screenshot(s) available
Threat Actors: DBHunter
Victim Country: India
Victim Industry: Education
Victim Organization: NHCollegeLive Patcharkuchi
Victim Site: nhcollegelive.co.in
Alleged data leak of Khidmah.com employee records (UAE and KSA)
Category: Data Leak
Content: A threat actor known as DBHunter has leaked a CSV database purportedly containing employee records from Khidmah.com, a services company operating in the UAE and KSA. The dataset contains approximately 3,000 lines and is being made available for free on a dark web forum in exchange for user reactions. The specific data fields included have not been disclosed in the post.
Date: 2026-06-05T02:37:49Z
Network: openweb
Published URL: https://darknetarmy.io/threads/khidmah-com-employees-uae-and-ksa-database-leak.68953/
Screenshots:
1 screenshot(s) available
Threat Actors: DBHunter
Victim Country: Unknown
Victim Industry: Services
Victim Organization: Khidmah
Victim Site: khidmah.com
Alleged source code database leak targeting Israel
Category: Data Leak
Content: A forum post on Darknet Army claims to share a source code database associated with an Israeli target. The content is gated behind a reply-and-react requirement, limiting visibility of specifics. No organization name, record count, or further details are disclosed in the post.
Date: 2026-06-05T02:37:25Z
Network: openweb
Published URL: https://darknetarmy.io/threads/source-code-database-israel.68039/
Screenshots:
1 screenshot(s) available
Threat Actors: DBHunter
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Casino/Gambling Database Records from Multiple Countries
Category: Data Breach
Content: A threat actor is offering gambling/casino database records from multiple countries including Germany, Netherlands, Vietnam, Indonesia, and Canada, advertised as 2026 data. The seller claims millions of records are available, priced at $500 per 100,000 lines, with payment accepted in fiat and cryptocurrency. No specific victim organizations are named.
Date: 2026-06-05T02:29:25Z
Network: openweb
Published URL: https://breachforum.su/Thread-SELLING-Casino-Databases-2026-Germany-Netharlands-Vietnam-Indonesia-Canada
Screenshots:
1 screenshot(s) available
Threat Actors: Business2025
Victim Country: Unknown
Victim Industry: Gambling
Victim Organization: Unknown
Victim Site: Unknown
Request for fake ID vendors and fullz with bank accounts
Category: Carding
Content: A forum user is soliciting recommendations for vendors who can produce fake IDs using fullz (full personal identity records) to facilitate fraudulent bank account opening or check cashing. The user is also seeking to purchase fullz that already have associated bank accounts.
Date: 2026-06-05T01:53:59Z
Network: openweb
Published URL: https://altenens.is/threads/help-with-ids-and-being-able-to-open-bank-account-cash-check.2950936/unread
Screenshots:
None
Threat Actors: mccjohnson69
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fraudulent identity documents, fullz, and financial accounts
Category: Carding
Content: A threat actor is offering fraudulent physical identity documents including drivers licenses, SSNs, and birth certificates, advertised as scannable with UV and raised text features. The seller also claims to provide business fullz (EIN, owner SSN, credit reports), verified payment accounts (CashApp, Zelle, PayPal), and a cryptocurrency mixing service routing BTC through Monero. Shipment is offered domestically and internationally.
Date: 2026-06-05T01:43:18Z
Network: openweb
Published URL: https://darknetarmy.io/threads/scannable-uv-and-raised-text-if-walk-in.136012/
Screenshots:
1 screenshot(s) available
Threat Actors: cocosasha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Wish Carding Tutorial Posted on Dark Net Army Forum
Category: Carding
Content: A forum member posted a carding tutorial targeting Wish, gated behind a Reply & React engagement requirement. The actual tutorial content is hidden and not visible in the post. No specific card data or victim organization is disclosed.
Date: 2026-06-05T01:42:30Z
Network: openweb
Published URL: https://darknetarmy.io/threads/%F0%9F%94%B0wish-carding-tutorial%F0%9F%94%B0.116476/
Screenshots:
1 screenshot(s) available
Threat Actors: SyntaxSin
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: wish.com
Free credit cards shared on carding forum
Category: Carding
Content: A forum member on a carding-focused forum is offering free credit card data gated behind a reply-and-react engagement mechanism. The actual card data is hidden and only accessible after user interaction. No further details about the card count, origin, or victim are available.
Date: 2026-06-05T01:42:08Z
Network: openweb
Published URL: https://darknetarmy.io/threads/free-credit-cards-enjoy.116470/
Screenshots:
1 screenshot(s) available
Threat Actors: SyntaxSin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Nike carding method and BIN shared on forum
Category: Carding
Content: A forum member has shared a carding method and associated BIN targeting Nike, gated behind a reply-and-react engagement requirement. The post is part of a carding tutorials and tools forum section. No further technical details are visible without user interaction.
Date: 2026-06-05T01:41:47Z
Network: openweb
Published URL: https://darknetarmy.io/threads/nike-carding-method-with-bin.116467/
Screenshots:
1 screenshot(s) available
Threat Actors: SyntaxSin
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Nike
Victim Site: nike.com
Carding tutorial shared on darknet forum
Category: Carding
Content: A forum post on Darknet Army advertises a carding tutorial titled How to Become a Professional Carder. The content is gated behind a reaction requirement and the actual tutorial material is not visible. No specific victim, card data, or operational details are disclosed in the visible portion of the post.
Date: 2026-06-05T01:41:21Z
Network: openweb
Published URL: https://darknetarmy.io/threads/%F0%9F%94%B0how-to-become-a-professional-carder%F0%9F%94%B0.116461/
Screenshots:
1 screenshot(s) available
Threat Actors: SyntaxSin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Credit card response codes tutorial shared on carding forum
Category: Carding
Content: A forum post on a carding-focused forum offers content related to credit card response codes, gated behind a reply-and-react requirement. The actual content is hidden and not visible in the post.
Date: 2026-06-05T01:41:01Z
Network: openweb
Published URL: https://darknetarmy.io/threads/credit-card-response-codes.116447/
Screenshots:
1 screenshot(s) available
Threat Actors: SyntaxSin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Cash App Carding Method Tutorial Shared on Forum
Category: Carding
Content: A forum user shared a carding tutorial targeting Cash App, gated behind a reply-and-react requirement. The post advertises a working guide for beginners on carding Cash App accounts or transactions. No specific victim data or credentials are included in the visible post content.
Date: 2026-06-05T01:40:31Z
Network: openweb
Published URL: https://darknetarmy.io/threads/cash-app-carding-method-%E2%80%93-working-guide-for-beginners.116450/
Screenshots:
1 screenshot(s) available
Threat Actors: SyntaxSin
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: cash.app
Carding method shared for Ding recharge service using BIN
Category: Carding
Content: A forum member is sharing a carding method targeting the Ding international recharge service, gated behind a reply-and-react requirement. The post references a specific BIN for use in the carding technique.
Date: 2026-06-05T01:40:08Z
Network: openweb
Published URL: https://darknetarmy.io/threads/ding-recharge-method-with-bin.116443/
Screenshots:
1 screenshot(s) available
Threat Actors: SyntaxSin
Victim Country: Unknown
Victim Industry: Telecommunications
Victim Organization: Ding
Victim Site: ding.com
Carding tutorial: How to card hotels
Category: Carding
Content: A forum member posted a tutorial on carding hotels, gated behind engagement requirements. No specific victim organization or payment card data is disclosed in the visible portion of the post.
Date: 2026-06-05T01:39:50Z
Network: openweb
Published URL: https://darknetarmy.io/threads/how-to-card-hotels.116436/
Screenshots:
1 screenshot(s) available
Threat Actors: SyntaxSin
Victim Country: Unknown
Victim Industry: Hospitality
Victim Organization: Unknown
Victim Site: Unknown
StockX carding method shared on forum
Category: Carding
Content: A forum member is sharing a carding method targeting StockX, gated behind engagement reactions. The full content of the method is not visible without user interaction.
Date: 2026-06-05T01:39:28Z
Network: openweb
Published URL: https://darknetarmy.io/threads/stockx-carding-method.115314/
Screenshots:
1 screenshot(s) available
Threat Actors: SyntaxSin
Victim Country: United States
Victim Industry: Retail
Victim Organization: StockX
Victim Site: stockx.com
Alleged data breach of Infinite Campus, Inc.
Category: Data Breach
Content: A threat actor known as DBHunter claims to have compromised Salesforce records belonging to Infinite Campus, Inc., an education software provider. The leaked data allegedly includes contract records containing PII and internal corporate data such as account names, billing information, contract financials, and account owner details. A sample of the data referencing multiple school districts across the United States was shared on the forum, gated behind a reaction requirement.
Date: 2026-06-05T01:38:35Z
Network: openweb
Published URL: https://darknetarmy.io/threads/infinite-campus-inc.129252/
Screenshots:
2 screenshot(s) available
Threat Actors: DBHunter
Victim Country: United States
Victim Industry: Education
Victim Organization: Infinite Campus, Inc.
Victim Site: infinitecampus.com
Alleged data leak of Comision Nacional de Seguros y Fianzas (CNSF), Mexico
Category: Data Leak
Content: A threat actor known as DBHunter claims to have leaked data from Mexicos Comision Nacional de Seguros y Fianzas (CNSF), allegedly exposing 95,178 individuals. The leaked records, in PDF format, purportedly contain personal identifiers including full name, CURP, RFC, cedula number, validity period, occupation, and a photo. The actor states the leak was performed on January 30, 2026, and that only a filtered subset has been shared.
Date: 2026-06-05T01:38:01Z
Network: openweb
Published URL: https://darknetarmy.io/threads/data-leak-of-comision-nacional-de-seguros-y-fianzas-mx.129249/
Screenshots:
1 screenshot(s) available
Threat Actors: DBHunter
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Comision Nacional de Seguros y Fianzas
Victim Site: cnsf.gob.mx
Alleged data leak of LHKPN wealth reports for PSI DPRD DKI Jakarta members (2024-2029)
Category: Data Leak
Content: A threat actor operating under the alias SHENIRA6CORE has allegedly leaked official wealth disclosure reports (LHKPN) for 8 PSI fraction members of the Jakarta Regional House of Representatives covering the 2024-2029 cycle. The exposed data includes full names, national ID numbers (NIK), official positions, residential addresses, and detailed asset and liability information including real estate, vehicles, securities, and bank balances. The data is being distributed freely via a gated reply-to
Date: 2026-06-05T01:37:35Z
Network: openweb
Published URL: https://darknetarmy.io/threads/database-data-exposure-by-shenira6core-lhkpn-psi-dprd-dki-jakarta-2024-2029.129244/
Screenshots:
2 screenshot(s) available
Threat Actors: DBHunter
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: PSI Fraction – Jakarta Regional House of Representatives (DPRD DKI Jakarta)
Victim Site: Unknown
Alleged leak of Indian identity documents including ID and drivers license
Category: Data Leak
Content: A threat actor has freely shared what are claimed to be Indian identity documents, including national IDs and drivers licenses, via a file-sharing link. The post provides no further details on the source, volume, or origin of the documents.
Date: 2026-06-05T01:33:39Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78997
Screenshots:
1 screenshot(s) available
Threat Actors: Arnoldsudney
Victim Country: India
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of DIF Colima – Mexican Family Development Agency
Category: Data Leak
Content: Threat actors SoulHemTeam and Sqx claim to have leaked data from DIF Colima, a Mexican government family development agency. The leaked data allegedly includes full names, national IDs (DNIs), RUTs, CVs, government program records, and photos in XLSX, PDF, and TXT formats. The data was made available via a public file-sharing link, with actors citing poor security as the enabler.
Date: 2026-06-05T01:33:30Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Sistema-Integral-Para-El-Desarrollo-De-La-Familia
Screenshots:
1 screenshot(s) available
Threat Actors: sqx
Victim Country: Mexico
Victim Industry: Government
Victim Organization: DIF Colima (Sistema Integral para el Desarrollo de la Familia)
Victim Site: Unknown
Website Defacement of Madagascar Ministry by S4uD1Pwnz Team Member omgsmok
Category: Defacement
Content: On June 5, 2026, the official website of Madagascars Ministry of Communication (mincc.gov.mg) was defaced by threat actor omgsmok, operating under the team S4uD1Pwnz. The attack targeted a Linux-based government web server and resulted in a single-page defacement. No specific political motive or technical vulnerability was disclosed in the available incident data.
Date: 2026-06-05T01:22:36Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249801
Screenshots:
1 screenshot(s) available
Threat Actors: omgsmok, S4uD1Pwnz
Victim Country: Madagascar
Victim Industry: Government
Victim Organization: Ministry of Communication (Madagascar)
Victim Site: mincc.gov.mg
Alleged data breach of Moroccan Ministry of Education internal examination platform
Category: Data Leak
Content: A threat actor claiming to be Jabaroot alleges unauthorized access to systems associated with the Moroccan Ministry of Educations internal examination platform. The actor claims to have extracted internal reports, audit logs, and validation records prior to an incident-response purge, and has leaked documents purportedly including structural analysis of the 2026 Mathematics Baccalaureate examination. Supporting files and screenshots have been made available via external hosting links.
Date: 2026-06-05T00:50:00Z
Network: openweb
Published URL: https://breachforum.su/Thread-DOCUMENTS-LEAK-Moroccan-Ministry-of-Education-%E2%80%93-Internal-Examination-Platform
Screenshots:
1 screenshot(s) available
Threat Actors: jabaroot0
Victim Country: Morocco
Victim Industry: Government
Victim Organization: Moroccan Ministry of Education
Victim Site: Unknown
Alleged data leak of Root-Me.org challenge files
Category: Data Leak
Content: A threat actor is freely distributing a scraped archive of all challenges from Root Me, a French cybersecurity training platform, comprising 15,200 files across 660 folders. The data has been made available via two external download links. The post does not indicate a database breach but rather a bulk scrape or unauthorized collection of platform content.
Date: 2026-06-05T00:46:24Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78995
Screenshots:
1 screenshot(s) available
Threat Actors: Kiria
Victim Country: France
Victim Industry: Education
Victim Organization: Root Me
Victim Site: root-me.org
Alleged data breach of 2026Russia Online Legal Consultation platform
Category: Data Breach
Content: A threat actor has allegedly published or is offering data from a Russian online legal consultation platform, reportedly affecting 1 million users. No additional details are available from the post content. The breach appears to target a legal services provider based in Russia.
Date: 2026-06-05T00:42:02Z
Network: openweb
Published URL: https://breachforum.su/Thread-2026Russia-Online-Legal-Consultation-1M-Users
Screenshots:
1 screenshot(s) available
Threat Actors: FGHY9980
Victim Country: Russia
Victim Industry: Legal Services
Victim Organization: 2026Russia Online Legal Consultation
Victim Site: Unknown
Alleged data leak of Root-Me challenge files
Category: Data Leak
Content: A threat actor known as Kiria is freely sharing what they claim to be a scrape of all challenge-related files from the cybersecurity training platform Root-Me, comprising 15,200 files across 660 folders. The content is made available via two external file-sharing links. No credentials or personal data are explicitly mentioned; the leak appears to target the platforms challenge content.
Date: 2026-06-05T00:30:33Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78995
Screenshots:
1 screenshot(s) available
Threat Actors: Kiria
Victim Country: France
Victim Industry: Education
Victim Organization: Root Me
Victim Site: root-me.org

Detected Incidents Draft Data – 2026-06-04 (day before)

Sale or sharing of 559,888 stolen payment cards with full info
Category: Carding
Content: A forum user on a carding-focused forum is distributing alleged stolen payment card data described as 559,888 CCs with full info, gated behind a reply-and-react engagement requirement. No specific victim organization or country is identified in the post.
Date: 2026-06-04T23:38:41Z
Network: openweb
Published URL: https://darknetarmy.io/threads/spammed-559888-ccs-with-full-info.135975/
Screenshots:
1 screenshot(s) available
Threat Actors: linuxDaddy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Webdoc (webdoc.com.pk)
Category: Data Breach
Content: A threat actor is offering for sale an alleged database dump from webdoc.com.pk, a Pakistani healthcare platform, containing over 1.955 million records. The dataset reportedly originates from a CRM system and includes full names, phone numbers, dates of birth, and CNIC (national identity) numbers for approximately 1.575 million individuals. The seller is asking $600 and has provided a sample CSV confirming the data structure.
Date: 2026-06-04T23:31:01Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Pakistan-webdoc-com-pk-1900000-people
Screenshots:
2 screenshot(s) available
Threat Actors: Sorb
Victim Country: Pakistan
Victim Industry: Healthcare
Victim Organization: Webdoc
Victim Site: webdoc.com.pk
Alleged ransomware attack and data exfiltration targeting Ecuadors National Electoral Council (CNE)
Category: Cyber Attack
Content: A threat actor group identifying as L4TAMFUCK3RS claims to have gained full SSH access to Ecuadors National Electoral Council internal network via RAT-based intrusion, exfiltrating 13.5 million voter records from the electoral registry database. The actors claim to have installed persistence mechanisms and backdoors, and allege lateral movement into election results transmission systems. A ransom demand of 4 BTC is issued, with threats to wipe, corrupt, or inject ghost voters into the elector
Date: 2026-06-04T23:30:01Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78990
Screenshots:
3 screenshot(s) available
Threat Actors: GordonFreeman
Victim Country: Ecuador
Victim Industry: Government
Victim Organization: Consejo Nacional Electoral (CNE)
Victim Site: cne.gob.ec
Alleged website defacement attributed to LockBit
Category: Defacement
Content: Post claims a website defacement attributed to LockBit threat actor. An origin IP is referenced but not fully specified in the message.
Date: 2026-06-04T23:05:03Z
Network: telegram
Published URL: https://t.me/c/3896868760/389
Screenshots:
1 screenshot(s) available
Threat Actors: LockBit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Boeing CH-47F Chinook confidential inspection documents
Category: Data Leak
Content: A threat actor is freely distributing what they claim are confidential inspection photos and documents related to the Boeing CH-47F Chinook military helicopter. The content is made available via a Telegram channel and a hidden forum link requiring registration. The leaked materials purportedly contain sensitive defense-related documentation.
Date: 2026-06-04T23:02:09Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-USA-Boeing-CH-47F-Chinook-Confidential-Inspection-Photos-Docs
Screenshots:
1 screenshot(s) available
Threat Actors: mosad
Victim Country: United States
Victim Industry: Defense
Victim Organization: Boeing
Victim Site: boeing.com
Sale of Fresh Credit Cards with BIN 559888 and Fullz
Category: Carding
Content: A forum member is offering fresh credit cards associated with BIN 559888 along with fullz (full cardholder information) on a carding forum. Access to the content requires user engagement via reactions. No further details on record count or victim organization are provided.
Date: 2026-06-04T23:00:32Z
Network: openweb
Published URL: https://darknetarmy.io/threads/fresh-ccs-559888-bin-fullz.135940/
Screenshots:
1 screenshot(s) available
Threat Actors: SharkBank
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fresh credit cards with fullz under BIN 559888
Category: Carding
Content: A forum user is offering fresh credit cards with fullz (full personal and financial details) under BIN 559888. Access to the content requires a reaction on the post. No specific victim organization or record count is mentioned.
Date: 2026-06-04T23:00:02Z
Network: openweb
Published URL: https://darknetarmy.io/threads/fresh-ccs-559888-with-fullz.135953/
Screenshots:
1 screenshot(s) available
Threat Actors: linuxDaddy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fraudulent Netherlands passport documents
Category: Carding
Content: A forum user is offering what appears to be a fraudulent Netherlands passport, accessible only to users who reply to the thread. The content is gated behind a reply-wall, limiting visibility of specific details.
Date: 2026-06-04T22:56:28Z
Network: openweb
Published URL: https://altenens.is/threads/netherlands-passport.2950789/unread
Screenshots:
1 screenshot(s) available
Threat Actors: –•™DAXEN16™•–
Victim Country: Netherlands
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Fake Romania Passport
Category: Carding
Content: A forum user is offering what appears to be a fake Romania passport, shared as hidden content requiring a reply to access. The post is listed in a Fake ID & Passport forum section, suggesting fraudulent identity document activity.
Date: 2026-06-04T22:55:59Z
Network: openweb
Published URL: https://altenens.is/threads/romania-passport.2950791/unread
Screenshots:
1 screenshot(s) available
Threat Actors: –•™DAXEN16™•–
Victim Country: Romania
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged fake Slovakia passport document
Category: Carding
Content: A forum user is offering what appears to be a fake or fraudulent Slovakia passport, hidden behind a reply-gate on a fake ID and passport forum. The content is not visible without interaction, but the post context indicates document fraud services or templates.
Date: 2026-06-04T22:55:29Z
Network: openweb
Published URL: https://altenens.is/threads/slovakia-passport.2950793/unread
Screenshots:
1 screenshot(s) available
Threat Actors: –•™DAXEN16™•–
Victim Country: Slovakia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Mexico City Health Secretariat (salud.cdmx.gob.mx)
Category: Data Leak
Content: A threat actor operating under the SoulHem Team has freely distributed an alleged database dump from the Mexico City Health Secretariat. The leaked data reportedly includes full names, email addresses, phone numbers, physical addresses, organizational details such as department, directorate, position type, and registration dates. The file was made available via a public file-sharing service and promoted through a Telegram channel.
Date: 2026-06-04T22:46:44Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Leak-salud-cdmx-gob-mx
Screenshots:
1 screenshot(s) available
Threat Actors: l1ghtSoulHem
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Mexico City Health Secretariat
Victim Site: salud.cdmx.gob.mx
Alleged sale of US and Israeli military location data following claimed military surveillance system breach
Category: Data Breach
Content: A threat actor operating under the name MrDarkRoot is offering for sale what they claim is top-secret US and Israeli military location data, including nuclear sites, safe houses, air and ground bases, and armories, alleging the data was obtained through a breach of a US military surveillance system. The actor states the operation was conducted in support of Hezbollah and Irans IRGC, with proceeds designated for Palestinian relief. The dataset is listed at $100,000 and purportedly contains over
Date: 2026-06-04T22:46:37Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78986
Screenshots:
1 screenshot(s) available
Threat Actors: MrDarkRoot
Victim Country: United States
Victim Industry: Government
Victim Organization: United States Military / Israeli Military
Victim Site: Unknown
Alleged defacement of multiple websites by Mr.PIMZZZXploit
Category: Defacement
Content: Threat actor claiming responsibility for defacing multiple websites across various domains including erp.f-means.com, give4paws.org, zonixtech.ttpixel.top, sajbilas.ttpixel.top, urban.theblueprint.co.za, mariposacolorim.com subdomains, barnyardtracker.mycompanyportfolio.com, avanzandojuntos.mycompanyportfolio.com, and others. A mirror link is provided at hack-db.org.
Date: 2026-06-04T22:24:46Z
Network: telegram
Published URL: https://t.me/c/3865526389/1158
Screenshots:
1 screenshot(s) available
Threat Actors: Mr.PIMZZZXploit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Carding tutorial for obtaining Canva Pro access
Category: Carding
Content: A forum post on a carding-focused board offers a tutorial on obtaining Canva Pro access, gated behind a reply-and-react requirement. The content type suggests payment fraud or account takeover methods targeting Canvas subscription service.
Date: 2026-06-04T22:16:42Z
Network: openweb
Published URL: https://darknetarmy.io/threads/how-to-get-canva-pro.116497/
Screenshots:
1 screenshot(s) available
Threat Actors: SyntaxSin
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Canva
Victim Site: canva.com
Sale of stolen Thau credit cards (x34)
Category: Carding
Content: A forum user is sharing 34 stolen credit cards behind a reaction gate on a carding-focused forum. The post requires user interaction to unlock the hidden content. No further details about card origin or geography are available.
Date: 2026-06-04T22:16:21Z
Network: openweb
Published URL: https://darknetarmy.io/threads/thau-credit-cards-x34.135933/
Screenshots:
1 screenshot(s) available
Threat Actors: SharkBank
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Sale of credit cards and fullz with BIN 559888
Category: Carding
Content: A forum user is sharing credit card details and fullz associated with BIN 559888, gated behind a reply-and-react requirement. No specific victim organization or record count is disclosed in the post.
Date: 2026-06-04T22:15:57Z
Network: openweb
Published URL: https://darknetarmy.io/threads/ccs-fullz-559888-bin.135936/
Screenshots:
1 screenshot(s) available
Threat Actors: SharkBank
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Russian digital medical card records
Category: Data Leak
Content: A threat actor has shared a dataset purportedly containing 1 million Russian digital medical card records. The leaked data includes phone numbers, full names, dates of birth, SNILS (Russian national insurance numbers), and residential addresses. The records appear to be associated with Moscow-area residents based on sample entries.
Date: 2026-06-04T22:14:16Z
Network: openweb
Published URL: https://breachforum.su/Thread-2026-Russian-Digital-Medical-Card-1M
Screenshots:
1 screenshot(s) available
Threat Actors: FGHY9980
Victim Country: Russia
Victim Industry: Healthcare
Victim Organization: Unknown
Victim Site: Unknown
Sale of Japanese SMTP-based email sending service for inbox delivery
Category: Phishing
Content: A threat actor is selling a bulk email sending service leveraging Japanese SMTP servers, advertised as capable of bypassing spam filters to ensure inbox delivery. Two packages are offered — a Basic package (4 SMTPs, 50k send limit) at $150 and a GodMod package (8 SMTPs, 100k send limit) at $250, both including a privately coded sender tool and setup assistance. The service features randomization of sender names, subjects, reply-to addresses, headers, and user agents, consistent with phishing or
Date: 2026-06-04T22:01:45Z
Network: openweb
Published URL: https://breached.su/threads/japan-smtps-inbox-all-domains.87977/unread
Screenshots:
2 screenshot(s) available
Threat Actors: Skybat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of MadiunKota government website
Category: Data Breach
Content: A threat actor known as MatxCysec claims to possess a database from madiunkota.go.id, the official website of the Madiun City Government in Indonesia. No further details regarding the contents, record count, or exfiltration method are available from the post.
Date: 2026-06-04T22:00:38Z
Network: openweb
Published URL: https://breached.su/threads/data-base-madiunkota-go-id.87976/unread
Screenshots:
5 screenshot(s) available
Threat Actors: MatxCysec
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Madiun City Government
Victim Site: madiunkota.go.id
Sale of advanced crypto drainer malware service
Category: Malware
Content: A threat actor is advertising a crypto drainer service via crypdrainer.com, offering malicious scripts designed to steal cryptocurrency from victims wallets without requiring private keys or seed phrases. The service is sold through a dedicated website with Telegram-based support. The drainer is marketed as capable of fully emptying cryptocurrency wallets by tricking users into approving malicious transactions.
Date: 2026-06-04T21:39:32Z
Network: openweb
Published URL: https://breachforum.su/Thread-crypdrainer-com-Advanced-Crypto-Drainers
Screenshots:
1 screenshot(s) available
Threat Actors: Darkode1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen credit cards (x34)
Category: Carding
Content: A forum user is offering 34 credit cards on a carding-focused forum, gated behind a reply-and-react requirement. No additional details about card origin, country, or BIN information are visible in the post.
Date: 2026-06-04T21:33:40Z
Network: openweb
Published URL: https://darknetarmy.io/threads/goodness-credit-cards-x34.135924/
Screenshots:
1 screenshot(s) available
Threat Actors: SharkBank
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of possible credit cards (x32)
Category: Carding
Content: A forum user is sharing 32 possible credit cards on a carding-focused forum, gated behind a reply-and-react requirement. No additional details about card origin, BINs, or country of issuance are provided.
Date: 2026-06-04T21:33:10Z
Network: openweb
Published URL: https://darknetarmy.io/threads/possible-credit-cards-x32.135926/
Screenshots:
1 screenshot(s) available
Threat Actors: SharkBank
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free sharing of 32 credit cards on carding forum
Category: Carding
Content: A forum user on a carding-focused forum is sharing 32 credit cards gated behind a reply-and-react engagement mechanism. The post is categorized under carding tutorials, tools, cardable websites, and free CCs/BINs. No additional details about the card origin or issuing institutions are provided.
Date: 2026-06-04T21:32:47Z
Network: openweb
Published URL: https://darknetarmy.io/threads/mantul-credit-cards-x32.135927/
Screenshots:
1 screenshot(s) available
Threat Actors: SharkBank
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of AliExpress anti-fraud bypass carding method
Category: Carding
Content: A forum member is offering a private method for bypassing AliExpress anti-fraud systems, gated behind engagement reactions. The post is categorized as a carding tutorial targeting AliExpress.
Date: 2026-06-04T21:32:24Z
Network: openweb
Published URL: https://darknetarmy.io/threads/how-bypass-anti-fraud-aliexpress-priv-method.116794/
Screenshots:
1 screenshot(s) available
Threat Actors: SyntaxSin
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: AliExpress
Victim Site: aliexpress.com
Free sharing of 37 credit cards on carding forum
Category: Carding
Content: A forum user on a carding-focused forum is sharing 37 stolen credit cards, gated behind a reply-and-react engagement requirement. No additional details about the card origin or victim country are provided in the post.
Date: 2026-06-04T21:31:49Z
Network: openweb
Published URL: https://darknetarmy.io/threads/taws-credit-cards-x37.135929/
Screenshots:
1 screenshot(s) available
Threat Actors: SharkBank
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of PUBG UC Carding Method Video
Category: Carding
Content: A forum member is sharing a private video tutorial for carding PUBG UC (Unknown Cash) in-game currency, gated behind a reaction requirement. The post is categorized under carding tutorials and tools on the forum.
Date: 2026-06-04T21:31:26Z
Network: openweb
Published URL: https://darknetarmy.io/threads/pupg-uc-carding-method-video-prv8.116515/
Screenshots:
1 screenshot(s) available
Threat Actors: SyntaxSin
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen credit card data (x30 cards)
Category: Carding
Content: A forum user is sharing a set of 30 credit cards behind a reply-gate on a carding-focused forum. The content is hidden and requires a reaction to unlock, suggesting it is being distributed in exchange for engagement rather than direct payment.
Date: 2026-06-04T21:31:03Z
Network: openweb
Published URL: https://darknetarmy.io/threads/map-credit-cards-x30.135931/
Screenshots:
1 screenshot(s) available
Threat Actors: SharkBank
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free stolen payment cards shared on carding forum
Category: Carding
Content: A forum user on a carding-focused forum is sharing stolen payment card data (pieces) for free, described as fresh from their own orders. Content is gated behind a reply-and-react engagement requirement.
Date: 2026-06-04T21:30:40Z
Network: openweb
Published URL: https://darknetarmy.io/threads/here%E2%80%99s-some-pieces-for-y%E2%80%99all-i-dont-use-fresh-from-my-orders.135932/
Screenshots:
1 screenshot(s) available
Threat Actors: SharkBank
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of data allegedly stolen from Hyundai Steel Mexico
Category: Data Breach
Content: A threat actor is offering for sale 53 GB of data allegedly belonging to Hyundai Steel Mexico, S. de R.L. de C.V., the Mexican subsidiary of South Korean steelmaker Hyundai Steel. The dataset, covering the period 2018–2026, reportedly includes invoices, delivery and cargo documents, claims, orders, and employee personal data including identification documents. The seller is asking 1 BTC and providing contact via Telegram.
Date: 2026-06-04T21:29:56Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-HYUNDAI-STEEL-MEXICO-S-DE-RL-DE-CV-53-gb
Screenshots:
6 screenshot(s) available
Threat Actors: Masterbyte
Victim Country: Mexico
Victim Industry: Manufacturing
Victim Organization: Hyundai Steel Mexico
Victim Site: Unknown
Alleged sale of 28 compromised Telegram accounts
Category: Initial Access
Content: Threat actor offering 28 tested Telegram accounts for sale in Zip format (82.7MB). Accounts sourced from various countries. Purchase facilitated through Telegram bot (@ThreatMarketBot).
Date: 2026-06-04T20:48:53Z
Network: telegram
Published URL: https://t.me/c/3881618514/128
Screenshots:
2 screenshot(s) available
Threat Actors: Threat Market
Victim Country: Unknown
Victim Industry: Communications/Social Media
Victim Organization: Telegram users
Victim Site: telegram.org
Alleged sale of 28 compromised Telegram accounts
Category: Initial Access
Content: Threat actor offering 28 tested Telegram accounts for sale via Telegram bot. Accounts packaged in 82.7MB zip file, sourced from various countries. Buyer directed to @ThreatMarketBot for purchase.
Date: 2026-06-04T20:47:36Z
Network: telegram
Published URL: https://t.me/c/3881618514/127
Screenshots:
2 screenshot(s) available
Threat Actors: Threat Market
Victim Country: Unknown
Victim Industry: Communications/Social Media
Victim Organization: Unknown
Victim Site: telegram.org
Alleged data leak of Baker Distributing Company
Category: Data Leak
Content: The threat actor ShinyHunters claims to have leaked data from Baker Distributing Company, comprising over 260,000 Salesforce records and corporate data from various SharePoint sites. The actor states the company failed to reach a ransom agreement, resulting in the data being made available for free download on BreachForums. The post was last updated on 04 June 2026.
Date: 2026-06-04T20:44:21Z
Network: openweb
Published URL: https://breachforum.su/Thread-DATABASE-Baker-Distributing-Company
Screenshots:
1 screenshot(s) available
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Retail
Victim Organization: Baker Distributing Company
Victim Site: bakerdist.com
Sale of 35 laundry credit cards
Category: Carding
Content: A forum user is sharing 35 alleged laundry-related credit cards behind a reply-gate on a carding forum. Access to the content requires a reaction to the post. No additional details about card origin or geographic scope are provided.
Date: 2026-06-04T20:42:41Z
Network: openweb
Published URL: https://darknetarmy.io/threads/laundry-credit-cards-x35.135921/
Screenshots:
1 screenshot(s) available
Threat Actors: SharkBank
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free credit card data shared on carding forum
Category: Carding
Content: A threat actor is distributing 31 credit cards for free on a carding forum, gated behind a reply-and-react engagement requirement. No victim organization or country of origin is specified.
Date: 2026-06-04T20:42:13Z
Network: openweb
Published URL: https://darknetarmy.io/threads/friday-credit-cards-x31.135923/
Screenshots:
1 screenshot(s) available
Threat Actors: SharkBank
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Yeou-Ching by XLTAY HACK TEAM
Category: Defacement
Content: On June 5, 2026, the threat actor group XLTAY HACK TEAM defaced a page on the Taiwanese website www.yeou-ching.com.tw. The incident was a targeted single-page defacement, not a mass or home page defacement. No specific motive or vulnerability details were disclosed.
Date: 2026-06-04T20:18:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931177
Screenshots:
1 screenshot(s) available
Threat Actors: XLTAY HACK TEAM, XLTAY HACK TEAM
Victim Country: Taiwan
Victim Industry: Unknown
Victim Organization: Yeou-Ching
Victim Site: www.yeou-ching.com.tw
Website Defacement of LSH Hotel by XLTAY HACK TEAM
Category: Defacement
Content: The threat actor group XLTAY HACK TEAM conducted a defacement attack against the LSH Hotel website, targeting a subdirectory of the KindEditor file management path. This incident is recorded as a redefacement, indicating the same target had been previously compromised by the same or another actor. No specific motive or technical details were disclosed.
Date: 2026-06-04T20:17:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931176
Screenshots:
1 screenshot(s) available
Threat Actors: XLTAY HACK TEAM, XLTAY HACK TEAM
Victim Country: Unknown
Victim Industry: Hospitality
Victim Organization: LSH Hotel
Victim Site: www.lsh-hotel.com
Website Defacement of grand-test.com by XLTAY HACK TEAM
Category: Defacement
Content: The threat actor group XLTAY HACK TEAM conducted a defacement attack against www.grand-test.com, targeting a static subdirectory of the site. This incident is identified as a redefacement, indicating the site had been previously compromised by the same or another attacker. The attack was recorded on June 5, 2026, with limited technical details available regarding the server infrastructure or exploitation method used.
Date: 2026-06-04T20:14:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931175
Screenshots:
1 screenshot(s) available
Threat Actors: XLTAY HACK TEAM, XLTAY HACK TEAM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Grand Test
Victim Site: www.grand-test.com
Alleged data leak of vladars.rs — Serbian government database
Category: Data Leak
Content: Threat actor INF GRUPA is freely distributing an alleged database from vladars.rs, a government website associated with the Republic of Srpska administration. The leaked data reportedly includes full names, addresses, cities, phone numbers, and JMBG/JIB national identification numbers for 51,173 individuals.
Date: 2026-06-04T20:08:51Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-GOV-vladars-rs-51-1K-Database
Screenshots:
1 screenshot(s) available
Threat Actors: INFGRUPA
Victim Country: Bosnia and Herzegovina
Victim Industry: Government
Victim Organization: Vlada Republike Srpske
Victim Site: vladars.rs
Website Defacement of Sundarbans Sindhuja by CYKOMNEPAL
Category: Defacement
Content: On June 5, 2026, the threat actor CYKOMNEPAL defaced a page on the Indian website sundarbansindhuja.in. The attack targeted a sub-page rather than the homepage and was not conducted as part of a mass defacement campaign. The defacement was documented and mirrored by zone-xsec.com.
Date: 2026-06-04T20:08:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931174
Screenshots:
1 screenshot(s) available
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: India
Victim Industry: Unknown
Victim Organization: Sundarbans Sindhuja
Victim Site: sundarbansindhuja.in
Alleged data breach of Mahak Charity (mahak-charity.org)
Category: Data Breach
Content: A threat actor operating under the 1877Team banner claims to have extracted a database from mahak-charity.org, an Iranian government-affiliated charitable organization. The alleged data includes phone numbers, card numbers, payment information, usernames, passwords, and corporate and individual donor names for both registered and non-registered users. The post is tagged with #OpIran, suggesting a politically motivated operation.
Date: 2026-06-04T20:08:09Z
Network: openweb
Published URL: https://pwnforums.st/Thread-Database-mahak-charity-org–190527
Screenshots:
1 screenshot(s) available
Threat Actors: XCodeBoyX
Victim Country: Iran
Victim Industry: Non-Profit
Victim Organization: Mahak Charity
Victim Site: mahak-charity.org
Alleged data breach of Purvapor (FR/CH)
Category: Data Breach
Content: A threat actor claims to have breached Purvapor (purvapor.fr and purvapor.ch), a French/Swiss e-commerce site, exposing 11,099 user records including names, emails, phone numbers, postal codes, dates of birth, and decrypted passwords. The actor states access was obtained via a webshell from a linked website and claims 85 additional sites were compromised through the same vector.
Date: 2026-06-04T20:07:30Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-FR-CH-Purvapor-fr-ch-11-099
Screenshots:
1 screenshot(s) available
Threat Actors: misere
Victim Country: France
Victim Industry: Retail
Victim Organization: Purvapor
Victim Site: purvapor.fr
Alleged data breach of International Judo Federation
Category: Data Breach
Content: A forum post on PwnForums references a database associated with the International Judo Federation. No post content was available to confirm details of the alleged breach, dataset size, or data types involved.
Date: 2026-06-04T20:06:53Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-International-Judo-Federation
Screenshots:
1 screenshot(s) available
Threat Actors: webscn
Victim Country: Unknown
Victim Industry: Sports
Victim Organization: International Judo Federation
Victim Site: Unknown
Alleged data breach of RIC Publications Australia
Category: Data Breach
Content: A threat actor is sharing an alleged database dump from RIC Publications, an Australian educational publishing company. The dataset reportedly contains over 116,000 customer order records including full names, email addresses, physical addresses, phone numbers, IP addresses, school names, and order/payment details. Sample records include customers from Australia and Hong Kong.
Date: 2026-06-04T20:06:05Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-RIC-Publications-Australia-116K-Customers
Screenshots:
1 screenshot(s) available
Threat Actors: 2019
Victim Country: Australia
Victim Industry: Education
Victim Organization: RIC Publications
Victim Site: ricpublications.com.au
Alleged data leak of Vladars.rs — 51K records
Category: Data Leak
Content: A threat actor operating under the name INF GRUPA has freely distributed a database allegedly belonging to vladars.rs, containing 51,173 records. Exposed data includes full names, cities, home addresses, phone numbers, and JMBG/JIB personal identification numbers. The data was made available for free on a dark web forum with a sample provided for verification.
Date: 2026-06-04T20:05:57Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78937
Screenshots:
1 screenshot(s) available
Threat Actors: vvvv
Victim Country: Bosnia and Herzegovina
Victim Industry: Unknown
Victim Organization: Vladars
Victim Site: vladars.rs
Alleged data leak of Spotify Community user profile data via unauthenticated API enumeration
Category: Data Leak
Content: A threat actor has freely shared a dataset of approximately 3 million records scraped from community.spotify.com, containing usernames, user IDs, rank data, avatar URLs, and private profile metrics. The actor claims the data was obtained by exploiting an unauthenticated API endpoint that Spotify declined to remediate. The dataset was released publicly at no charge on a known cybercrime forum.
Date: 2026-06-04T19:55:39Z
Network: openweb
Published URL: https://breachforum.su/Thread-FREE-3M-COMMUNITY-SPOTIFY-COM-Usernames-and-private-profile-metrics-scrape
Screenshots:
1 screenshot(s) available
Threat Actors: FawnTheFairy
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Spotify
Victim Site: community.spotify.com
Alleged data leak of Whatnot.com — 4 million user records scraped via GraphQL API
Category: Data Leak
Content: A threat actor has freely released a dataset allegedly scraped from Whatnot.com via an exposed GraphQL API endpoint, containing approximately 4 million user records. The data includes numeric IDs, usernames, display names, bios, following counts, seller status, and account creation dates. The actor suggests the platform has unresolved GraphQL security issues.
Date: 2026-06-04T19:55:06Z
Network: openweb
Published URL: https://breachforum.su/Thread-FREE-4M-WHATNOT-COM-Username-and-Real-Name-scrape
Screenshots:
1 screenshot(s) available
Threat Actors: FawnTheFairy
Victim Country: United States
Victim Industry: Retail
Victim Organization: Whatnot
Victim Site: whatnot.com
Alleged data breach of Turkish Freemasons Governance System
Category: Data Leak
Content: A threat actor has freely shared an alleged database from the Turkish Freemasons governance platform (blos64.com), containing member records including panel IDs, user IDs, member IDs, names, email addresses, and mobile phone numbers. The dataset reportedly includes information on approximately 18,000 members. The data was made available via an external file-sharing link.
Date: 2026-06-04T19:54:25Z
Network: openweb
Published URL: https://breachforum.su/Thread-Turkish-Freemasons-Governance-System-Database-2026-blos64-com
Screenshots:
1 screenshot(s) available
Threat Actors: cyberescobar
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Turkish Freemasons Governance System
Victim Site: blos64.com
Distribution of WiFi Password Recovery Tool with Potential Malicious Use
Category: Malware
Content: A forum post is distributing WIFI PASSWORD PRO v5.6.0, an unlocked/cracked wireless credential recovery tool capable of generating and revealing WEP, WPA, and WPA2 passwords. The tool is framed as a legitimate security utility but is being shared on a leaked-tools forum alongside a VirusTotal link, suggesting potential malicious use. The software may be used for unauthorized access to wireless networks.
Date: 2026-06-04T19:44:31Z
Network: openweb
Published URL: https://spear.cx/Thread-Source-Code-WIFI-PASSWORD-PRO-v5-6-0-Unlocked-Algorithm-Generate-WEP-WPA-WPA2
Screenshots:
2 screenshot(s) available
Threat Actors: zerodark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of STORM v2.6.0.2 vulnerability scanning and security testing tool
Category: Vulnerability
Content: A threat actor is distributing STORM v2.6.0.2, described as a multifunctional tool for vulnerability scanning, security testing, network analysis, and performance monitoring. The post offers free download links while directing users to Telegram for purchase of additional tools. A VirusTotal report is referenced alongside the download links.
Date: 2026-06-04T19:43:48Z
Network: openweb
Published URL: https://spear.cx/Thread-Free-STORM-v2-6-0-2-Released-Vulnerability-scanning
Screenshots:
1 screenshot(s) available
Threat Actors: zerodark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of SubSeven 2.2 RAT Source Code on Underground Forum
Category: Malware
Content: A forum post on SP is distributing SubSeven 2.2, a historic remote access trojan, framed as an educational resource for studying early RAT development. The post includes a VirusTotal link and a download link for the tool. Despite the educational framing, the post makes the malware binary or source code available to forum members.
Date: 2026-06-04T19:43:11Z
Network: openweb
Published URL: https://spear.cx/Thread-Source-Code-SubSeven-2-2-Helps-understand-modern-RAT-evolution
Screenshots:
1 screenshot(s) available
Threat Actors: zerodark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of SS-RAT 0.3 Beta Remote Access Trojan
Category: Malware
Content: A threat actor known as zerodark is offering SS-RAT 0.3 Beta, a lightweight remote access trojan (RAT), for sale on a cybercrime forum. The post includes a VirusTotal report reference and a MediaFire download link, with a prompt to contact the seller for premium tools.
Date: 2026-06-04T19:42:31Z
Network: openweb
Published URL: https://spear.cx/Thread-Source-Code-SS-RAT-0-3-Beta
Screenshots:
1 screenshot(s) available
Threat Actors: zerodark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of XpertRAT v3.0.10 Remote Access Trojan
Category: Malware
Content: A threat actor is distributing XpertRAT v3.0.10, a Remote Access Trojan (RAT), via a forum post with a download link. The malware is described as capable of remote system control, file access, hardware activation (webcam/microphone), and sensitive data theft. A VirusTotal hash reference is included in the post.
Date: 2026-06-04T19:41:49Z
Network: openweb
Published URL: https://spear.cx/Thread-Free-XpertRAT-v3-0-10-Activate-hardware-like-webcam-or-microphone
Screenshots:
1 screenshot(s) available
Threat Actors: zerodark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Leak of SharpEye-RAT 1.0 Beta 2 Source Code
Category: Malware
Content: A forum post distributes SharpEye-RAT 1.0 Beta 2, a remote access trojan, via a download link accompanied by a VirusTotal reference. The post frames the tool under the guise of cybersecurity research while highlighting capabilities including unauthorized system access and surveillance. The malware is being made available freely on a leaked tools forum.
Date: 2026-06-04T19:41:13Z
Network: openweb
Published URL: https://spear.cx/Thread-Source-Code-SharpEye-RAT-1-0-Beta-2-Data-exposure
Screenshots:
1 screenshot(s) available
Threat Actors: zerodark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of modular cyber attack framework with multi-stage execution capabilities
Category: Malware
Content: A threat actor is offering a modular cyber tool framework for sale, advertising features including multi-stage execution patterns, attack chain simulation, and potential use in unauthorized environments. The post includes a download link hosted on MediaFire and references a VirusTotal report. The tool is attributed to a developer named Blackwolf and marketed under the name Universal Framework.
Date: 2026-06-04T19:37:09Z
Network: openweb
Published URL: https://spear.cx/Thread-Free-Universal-Framework-Modular-architecture-of-cyber-tools–1273
Screenshots:
1 screenshot(s) available
Threat Actors: zerodark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of IIT Bengaluru by CYKOMNEPAL
Category: Defacement
Content: On June 5, 2026, the threat actor CYKOMNEPAL defaced the blog page of iitbengaluru.com, an educational institution website associated with IIT Bengaluru in India. The incident was a targeted single-site defacement, not part of a mass defacement campaign. The attack was recorded and mirrored by zone-xsec.com under mirror ID 931173.
Date: 2026-06-04T19:17:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931173
Screenshots:
1 screenshot(s) available
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: India
Victim Industry: Education
Victim Organization: IIT Bengaluru
Victim Site: iitbengaluru.com
Alleged data leak of Mexico Secretaría de Salud Cervical Cancer Prevention Program
Category: Data Leak
Content: Threat actor Z3usOlymp, claiming affiliation with Olympus Group, has leaked data allegedly belonging to 1,500+ patients enrolled in Mexicos Secretaría de Salud cervical cancer prevention program. The post includes a proof-of-concept (PoC) purporting to demonstrate the exploited vulnerability. The leaked data reportedly contains sensitive personal health information belonging to women patients.
Date: 2026-06-04T18:57:49Z
Network: openweb
Published URL: https://breached.su/threads/mx-secretaria-de-salud-programa-de-prevencion-y-control-de-cancer-cervicouterino.87973/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Z3usOlymp
Victim Country: Mexico
Victim Industry: Healthcare
Victim Organization: Secretaría de Salud – Programa de Prevención y Control de Cáncer Cervicouterino
Victim Site: gob.mx
Alleged data breach of bienvenue-hautemarne.fr by LunarisSEC
Category: Data Breach
Content: Threat actor group LunarisSEC claims to have exploited a vulnerability in bienvenue-hautemarne.fr, a French regional website, obtaining approximately 5.7GB of SQL database data and 130MB of access logs. The post includes partial SQL schema and data from a Matomo analytics backend as proof, exposing user and admin credentials. The data is being made available publicly by the actors.
Date: 2026-06-04T18:57:14Z
Network: openweb
Published URL: https://breached.su/threads/breach-bienvenue-hautemarne-fr-lunarissec.87974/unread
Screenshots:
3 screenshot(s) available
Threat Actors: pwn2dd
Victim Country: France
Victim Industry: Government
Victim Organization: Bienvenue Haute-Marne
Victim Site: bienvenue-hautemarne.fr
Sale of fraudulent bank accounts, financial documents, and crypto wallets across multiple regions
Category: Carding
Content: A threat actor is selling fraudulent or compromised bank account openups (with physical debit cards) across numerous US, UK, EU, and other regional financial institutions including USAA, Chase, Wells Fargo, HSBC, Barclays, and others. The seller also offers custom-name accounts for banks and crypto exchanges (Binance, Coinbase, Bybit, etc.) with SEPA access, as well as identity verification bypass services via Sumsub/Onfido. Prices range from $70 to $600 depending on account type and region.
Date: 2026-06-04T18:31:10Z
Network: openweb
Published URL: https://crackingx.com/threads/78029/
Screenshots:
4 screenshot(s) available
Threat Actors: AlmightyXiV
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Excelium Consulting by CYKOMNEPAL
Category: Defacement
Content: On June 5, 2026, the threat actor CYKOMNEPAL defaced the website of Excelium Consulting Compta, an accounting and consulting firm. The attack was a targeted single-site defacement with no mass or re-defacement indicators. The attackers motivation and technical details remain unknown based on available information.
Date: 2026-06-04T18:19:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931155
Screenshots:
1 screenshot(s) available
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Unknown
Victim Industry: Professional Services / Accounting & Consulting
Victim Organization: Excelium Consulting Compta
Victim Site: excelium-consulting-compta.clo…
Alleged data leak of Bermuda Police Service
Category: Data Leak
Content: A threat actor is freely distributing an alleged database belonging to the Bermuda Police Service. The post claims the data is full and complete, though no record count or data fields are specified.
Date: 2026-06-04T18:17:44Z
Network: openweb
Published URL: https://breached.su/threads/database-bermuda-police-service.87971/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Xyph0rix
Victim Country: Bermuda
Victim Industry: Government
Victim Organization: Bermuda Police Service
Victim Site: Unknown
Alleged data leak of FSB Ukraine Intelligence database
Category: Data Leak
Content: A threat actor is freely distributing a database allegedly belonging to the Russian Federal Security Service (FSB) related to Ukraine intelligence operations. The post provides a download link but does not specify record count or data fields contained within the database.
Date: 2026-06-04T18:17:11Z
Network: openweb
Published URL: https://breached.su/threads/database-fsb-ukraine-intelligence.87972/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Xyph0rix
Victim Country: Russia
Victim Industry: Government
Victim Organization: Federal Security Service (FSB)
Victim Site: Unknown
Alleged breach of FSB Ukraine intelligence database
Category: Data Breach
Content: A Breachforums user (xyph0rix) has posted about an alleged database breach involving FSB (Russian Federal Security Service) Ukraine intelligence data. The thread on Breachforums discusses the leaked database.
Date: 2026-06-04T18:15:10Z
Network: telegram
Published URL: https://t.me/Xyph0rix/503
Screenshots:
2 screenshot(s) available
Threat Actors: xyph0rix
Victim Country: Russia
Victim Industry: Government/Intelligence
Victim Organization: FSB
Victim Site: Unknown
Website Defacement of Legal Divorce Docs by CAC./Ohang
Category: Defacement
Content: On June 5, 2026, the website legaldivorcedocs.com, a legal document services platform, was defaced by the threat actor CAC./Ohang operating without a team affiliation. The attack targeted a Linux-based server and resulted in a single-page defacement of an interior page rather than the homepage. No specific motive or proof-of-concept details were disclosed.
Date: 2026-06-04T18:08:03Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249800
Screenshots:
1 screenshot(s) available
Threat Actors: CAC./Ohang
Victim Country: United States
Victim Industry: Legal Services
Victim Organization: Legal Divorce Docs
Victim Site: legaldivorcedocs.com
Alleged data breach of Bermuda Police Service
Category: Data Breach
Content: A Breachforums user (xyph0rix) has posted about a database breach involving the Bermuda Police Service. The breach details are shared on Breachforums thread discussing the compromised police service database.
Date: 2026-06-04T18:06:44Z
Network: telegram
Published URL: https://t.me/Xyph0rix/502
Screenshots:
2 screenshot(s) available
Threat Actors: xyph0rix
Victim Country: Bermuda
Victim Industry: Law Enforcement
Victim Organization: Bermuda Police Service
Victim Site: Unknown
Alleged vulnerability in NASA science.nasa.gov wp-admin endpoint
Category: Vulnerability
Content: User reports discovering a vulnerability in NASAs science.nasa.gov domain, specifically an accessible wp-admin endpoint with postpass action parameter. Classified as P5/medium severity. User suggests reporting through bug bounty program.
Date: 2026-06-04T17:55:31Z
Network: telegram
Published URL: https://t.me/BhayangkaraID/154
Screenshots:
1 screenshot(s) available
Threat Actors: BhayangkaraID
Victim Country: United States
Victim Industry: Government/Space Agency
Victim Organization: NASA
Victim Site: science.nasa.gov
Alleged data breaches of Indonesian government agencies and Universitas Teknokrat by JAX7
Category: Data Breach
Content: Threat actor JAX7 posted multiple database breaches on Breachforums including: training participant database (Satu Sika Shu), employee database of Mahkamah Agung (Supreme Court), e-Danapem Kupang City database, employee database of Sinergi Tanjungpinang, Universitas Teknokrat database, and employee database of e-Performance Surabaya. Additionally, personal data containing names and ID numbers from Sumatera Utara region was shared.
Date: 2026-06-04T17:55:13Z
Network: telegram
Published URL: https://t.me/c/3755871403/703
Screenshots:
8 screenshot(s) available
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Government, Education
Victim Organization: Multiple Indonesian Government Agencies and Universitas Teknokrat
Victim Site: Unknown
Alleged data breach of French health insurance and parcel delivery databases
Category: Data Breach
Content: A threat actor claims to be selling two French databases: 19 million records from health insurance platform Ameli and 24 million records from a private parcel delivery service, offered together for 5,000 BTC. The actor provided links to alleged table schemas as proof of ownership and warned this is the beginning of a major wave of cyberattacks.
Date: 2026-06-04T17:50:16Z
Network: openweb
Published URL: https://breached.su/threads/french-database-2026.87970/unread
Screenshots:
1 screenshot(s) available
Threat Actors: nearlevrai
Victim Country: France
Victim Industry: Healthcare
Victim Organization: Ameli (Assurance Maladie) and private parcel service
Victim Site: ameli.fr
Alleged data breach of eperformance.surabaya.go.id
Category: Data Breach
Content: A threat actor has posted an alleged employee database from eperformance.surabaya.go.id, a performance management portal belonging to the Surabaya city government in Indonesia. The post includes a data sample but no further details on record count or data fields are provided.
Date: 2026-06-04T17:47:46Z
Network: openweb
Published URL: https://breached.su/threads/employee-database-of-eperformance-surabaya-go-id.87968/unread
Screenshots:
2 screenshot(s) available
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Surabaya City Government
Victim Site: eperformance.surabaya.go.id
Alleged data breach of digital-avocat.fr (French legal platform)
Category: Data Breach
Content: Threat actor group LunarisSec claims to be selling a database extracted from digital-avocat.fr, a French legal services platform. The dataset allegedly contains personal and professional information on lawyers, users, and administrators, including names, emails, addresses, phone numbers, payment data (Stripe IDs, card details, SEPA information), and call logs. The actors state the breach affects lawyers across France and includes Transsphere payment system records.
Date: 2026-06-04T17:47:09Z
Network: openweb
Published URL: https://breached.su/threads/selling-database-entreprise-https-www-digital-avocat-fr.87969/unread
Screenshots:
5 screenshot(s) available
Threat Actors: pwn2dd
Victim Country: France
Victim Industry: Legal
Victim Organization: digital-avocat.fr
Victim Site: digital-avocat.fr
Alleged employee database breach of ePerformance Surabaya
Category: Data Breach
Content: A user identified as JAX7 has posted on Breachforums regarding a breach of the employee database belonging to ePerformance Surabaya (go.id domain). The breach details are shared in a public thread on the Breachforums platform.
Date: 2026-06-04T17:21:03Z
Network: telegram
Published URL: https://t.me/byjax7/1120
Screenshots:
2 screenshot(s) available
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: ePerformance Surabaya
Victim Site: go.id
Alleged data breach of Charter Communications (Spectrum)
Category: Data Breach
Content: A threat actor affiliated with the ShinyHunters group reportedly exfiltrated data from Charter Communications, the parent company of Spectrum, in May 2026 following an extortion campaign. The published dataset allegedly contains 4.9 million unique records including names, email addresses, phone numbers, and physical addresses, with approximately 85,000 records from an internal employee directory also including job titles. Charter Communications confirmed the incident but stated no sensitive pers…
Date: 2026-06-04T17:20:06Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78924
Screenshots:
1 screenshot(s) available
Threat Actors: Blastoize
Victim Country: United States
Victim Industry: Telecommunications
Victim Organization: Charter Communications
Victim Site: charter.com
Alleged data breach of Republic of Kenya citizen records
Category: Data Breach
Content: A threat actor is offering for sale alleged citizen records for 10 million Kenyan individuals, with a separate folder per citizen. The dataset purportedly includes extensive personal, biometric, financial, medical, criminal, and business information, including national ID numbers, passport numbers, banking records, medical history, and criminal records.
Date: 2026-06-04T17:17:52Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78938
Screenshots:
2 screenshot(s) available
Threat Actors: MrDarkRoot
Victim Country: Kenya
Victim Industry: Government
Victim Organization: Republic of Kenya
Victim Site: Unknown
Alleged data leak of Recursos Humanos Salta (Argentina HR Agency)
Category: Data Leak
Content: A threat actor identifying as Blackout | Exiliados has freely distributed a dataset allegedly belonging to Recursos Humanos Salta, an Argentine government human resources agency. The leak reportedly exposes 116,589 individuals and includes personal identifiers such as full name, national ID number, CUIL (tax ID), blood type, email address, military service status, family members, and employment details. The data was made available via an external file-sharing link and promoted through a Telegr
Date: 2026-06-04T17:17:30Z
Network: openweb
Published URL: https://breached.su/threads/dataleak-of-recursos-humanos-salta.87967/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Black0ut_Exi
Victim Country: Argentina
Victim Industry: Government
Victim Organization: Recursos Humanos Salta
Victim Site: Unknown
Alleged sale of RDP access and compromised email accounts
Category: Initial Access
Content: Threat actor offering rental of RDP access to cloud infrastructure providers (Azure, AWS, DigitalOcean) at $200, along with compromised domain email accounts, Gmail, Yahoo accounts, and GitHub Student accounts. Service advertised as available for daily/monthly rental with escrow payment option.
Date: 2026-06-04T17:06:27Z
Network: telegram
Published URL: https://t.me/c/2613583520/97135
Screenshots:
1 screenshot(s) available
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Dublins Electricians by CYKOMNEPAL
Category: Defacement
Content: On June 4, 2026, the website dublinselectricians.ie, an Irish electrical services company, was defaced by the threat actor CYKOMNEPAL operating under the same team name. The attack was a homepage defacement and is not classified as a mass or redefacement incident. The motivation behind the attack remains unknown.
Date: 2026-06-04T17:00:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931154
Screenshots:
1 screenshot(s) available
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Ireland
Victim Industry: Electrical Services / Trades
Victim Organization: Dublins Electricians
Victim Site: dublinselectricians.ie
Alleged vulnerability in Creative Sound Blaster Katana V2X allowing unauthenticated Bluetooth-range compromise
Category: Vulnerability
Content: A researcher published a technical writeup detailing vulnerabilities discovered in the Creative Sound Blaster Katana V2X firmware. The flaws allegedly allow an unauthenticated attacker within approximately 15 meters to compromise the device via Bluetooth without pairing, turning it into a covert surveillance tool or HID injection device (Rubber Ducky). The research involved firmware reverse engineering, analysis of the proprietary CTP protocol, and OTA update mechanisms.
Date: 2026-06-04T16:52:19Z
Network: openweb
Published URL: https://tier1.life/thread/284
Screenshots:
7 screenshot(s) available
Threat Actors: RedQueen
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Creative Technology
Victim Site: creative.com
Alleged data leak of zloffshore.com
Category: Data Leak
Content: A threat actor using the handle RanzXZ claims to be freely sharing a database dump from zloffshore.com. The post includes references to a sample and a download link, though no record count or specific data fields are mentioned.
Date: 2026-06-04T16:40:53Z
Network: openweb
Published URL: https://breached.su/threads/database-zloffshore-com.87964/unread
Screenshots:
1 screenshot(s) available
Threat Actors: RanzXZ
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: ZL Offshore
Victim Site: zloffshore.com
Alleged data breach of Sinergi Tanjung Pinang City Government
Category: Data Breach
Content: A threat actor on a cybercrime forum claims to possess and is sharing an employee database from the Tanjung Pinang City Governments Sinergi portal. The post includes a sample of the alleged data. Full dataset size and additional details were not disclosed in the post.
Date: 2026-06-04T16:40:08Z
Network: openweb
Published URL: https://breached.su/threads/employee-database-of-sinergi-tanjungpinangkota-go-id.87965/unread
Screenshots:
5 screenshot(s) available
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Tanjung Pinang City Government
Victim Site: sinergi.tanjungpinangkota.go.id
Alleged data breach of Universitas Teknokrat
Category: Data Breach
Content: A threat actor posted what appears to be a database from Universitas Teknokrat on a cybercrime forum. No further details are available as the post content is empty.
Date: 2026-06-04T16:39:30Z
Network: openweb
Published URL: https://breached.su/threads/data-base-universitas-teknokrat.87966/unread
Screenshots:
3 screenshot(s) available
Threat Actors: MatxCysec
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Universitas Teknokrat
Victim Site: teknokrat.ac.id
Alleged data breach of Sinergi Tanjungpinang (Indonesian government)
Category: Data Breach
Content: A Breachforums user (JAX7) has posted an employee database breach allegedly from Sinergi Tanjungpinang (sinergi.tanjungpinangkota.go.id), an Indonesian municipal government organization. The breach thread is publicly accessible on Breachforums, indicating unauthorized access to employee records.
Date: 2026-06-04T16:32:17Z
Network: telegram
Published URL: https://t.me/Jax702/72
Screenshots:
2 screenshot(s) available
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Sinergi Tanjungpinang
Victim Site: sinergi.tanjungpinangkota.go.id
Website Defacement of HTAIPL by CYKOMNEPAL
Category: Defacement
Content: On June 4, 2026, the threat actor CYKOMNEPAL defaced the mechanical services page of htaipl.com, a website associated with an apparent mechanical or engineering firm. The defacement was a targeted, single-site attack with no mass or home page compromise reported. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-06-04T16:20:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931152
Screenshots:
1 screenshot(s) available
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: India
Victim Industry: Manufacturing / Mechanical Engineering
Victim Organization: HTAIPL
Victim Site: htaipl.com
Mass Defacement of Arete Soft Global by Threat Actor Zod
Category: Defacement
Content: On June 4, 2026, threat actor Zod conducted a mass defacement campaign targeting aretesoftglobal.com, a software company. The defacement was hosted at a specific URL path (zod.html) rather than the homepage, indicating a targeted file placement as part of a broader mass defacement operation. The incident has been archived and mirrored via haxor.id.
Date: 2026-06-04T16:14:36Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249798
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Technology / Software
Victim Organization: Arete Soft Global
Victim Site: aretesoftglobal.com
Website Defacement of dmarquisselections.com by Threat Actor Zod
Category: Defacement
Content: On June 4, 2026, a threat actor operating under the alias Zod defaced a page on dmarquisselections.com, a website associated with a selections or retail business. The defacement targeted a specific page (zod.html) on a Linux-based server and was not classified as a mass or home page defacement. The incident was archived and mirrored via haxor.id.
Date: 2026-06-04T16:12:06Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249799
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: United States
Victim Industry: Retail/E-Commerce
Victim Organization: D. Marquis Selections
Victim Site: dmarquisselections.com
Alleged data breach of e-danapem.kupangkota.go.id
Category: Data Breach
Content: A threat actor is sharing an alleged database dump from e-danapem.kupangkota.go.id, a subdomain of the Kupang City Government (kupangkota.go.id) in Indonesia. The post includes a sample section but no record count or additional details were provided.
Date: 2026-06-04T16:04:43Z
Network: openweb
Published URL: https://breached.su/threads/database-of-e-danapem-kupangkota-go-id.87963/unread
Screenshots:
2 screenshot(s) available
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Kupang City Government
Victim Site: e-danapem.kupangkota.go.id
Alleged data leak of Mahkamah Agung Indonesia (Supreme Court) employee records
Category: Data Leak
Content: A threat actor using the alias RanzXZ has freely shared a dataset allegedly sourced from komdanas.mahkamahagung.go.id, the personnel management portal of the Indonesian Supreme Court. The leaked data includes structured employee records containing full names, national identification numbers (NIP), ranks, positions, and employment status of judicial staff across multiple provinces. No record count was specified, but the sample indicates structured government HR data.
Date: 2026-06-04T16:04:07Z
Network: openweb
Published URL: https://breached.su/threads/data-leak-komdanas-mahkamahagung-go-id.87962/unread
Screenshots:
4 screenshot(s) available
Threat Actors: RanzXZ
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Mahkamah Agung (Supreme Court of Indonesia)
Victim Site: komdanas.mahkamahagung.go.id
Alleged data breach of e-danapem.kupangkota.go.id (Kupang City Government)
Category: Data Breach
Content: A Breachforums user (JAX7) has posted a thread claiming a database breach of e-danapem.kupangkota.go.id, an Indonesian government system belonging to Kupang City. The breach details are shared on Breachforums.
Date: 2026-06-04T15:59:41Z
Network: telegram
Published URL: https://t.me/Jax702/71
Screenshots:
2 screenshot(s) available
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: e-danapem.kupangkota.go.id
Victim Site: kupangkota.go.id
Alleged data breach of Mahkamah Agung Indonesia (komdanas.mahkamahagung.go.id)
Category: Data Breach
Content: A threat actor operating under the alias JAX7 claims to be selling or leaking an employee database from komdanas.mahkamahagung.go.id, the internal portal of Indonesias Supreme Court. The post includes a sample of the alleged data. Full scope and record count are not specified in the available post content.
Date: 2026-06-04T15:20:33Z
Network: openweb
Published URL: https://breached.su/threads/employee-database-komdanas-mahkamahagung-go-id.87961/unread
Screenshots:
3 screenshot(s) available
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Mahkamah Agung (Supreme Court of Indonesia)
Victim Site: komdanas.mahkamahagung.go.id
Alleged data breach of Mahkamah Agung (Indonesian Supreme Court) employee database
Category: Data Breach
Content: A Breachforums user (JAX7) has posted a thread claiming to have breached and leaked an employee database from Komdanas Mahkamah Agung (Indonesian Supreme Court). The breach includes employee records from a government judicial institution.
Date: 2026-06-04T15:19:34Z
Network: telegram
Published URL: https://t.me/Jax702/68
Screenshots:
2 screenshot(s) available
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Government/Judicial
Victim Organization: Mahkamah Agung (Indonesian Supreme Court)
Victim Site: mahkamahagung.go.id
Sale of alleged whole population data from an undisclosed European country
Category: Data Breach
Content: A threat actor is offering for sale a dataset claimed to contain the entire population records of an undisclosed European country. The dataset allegedly includes full names, SSNs, dates of birth, physical addresses, email addresses, phone numbers, ID data, workplace history, medical information, relatives information, and financial data. The country of origin will only be disclosed upon provision of a valid proof of funds.
Date: 2026-06-04T14:51:25Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-Whole-Population-Data-PRIVATE
Screenshots:
1 screenshot(s) available
Threat Actors: neat
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of clubesubaru.com.br
Category: Data Leak
Content: A threat actor is freely distributing an alleged database dump from clubesubaru.com.br, a Brazilian Subaru enthusiast community. The leaked data includes member IDs, names, email addresses, IP addresses, password hashes and salts, and various account metadata fields. The data appears to originate from an Invision Power Board (IPB) forum installation.
Date: 2026-06-04T14:48:29Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-%E2%AD%90-Fresh-Free-Database-clubesubaru-com-br
Screenshots:
1 screenshot(s) available
Threat Actors: Sensitive2025
Victim Country: Brazil
Victim Industry: Automotive
Victim Organization: Clube Subaru Brasil
Victim Site: clubesubaru.com.br
Alleged data leak of demo.ahasolar.in
Category: Data Leak
Content: A threat actor has freely shared what appears to be a database dump from demo.ahasolar.in, a solar energy platform. The leaked data includes customer and installer records with fields such as names, email addresses, mobile numbers, addresses, hashed passwords, and activation codes. The post requires forum engagement to access the full download link.
Date: 2026-06-04T14:47:36Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-%E2%AD%90-Fresh-Database-demo-ahasolar-in
Screenshots:
1 screenshot(s) available
Threat Actors: Sensitive2025
Victim Country: India
Victim Industry: Energy
Victim Organization: Aha Solar
Victim Site: demo.ahasolar.in
Alleged data breach of Satu Sika Shu – training participants database
Category: Data Breach
Content: A Breachforums user (JAX7) has posted a thread disclosing a database containing training participants from Satu Sika Shu organization. The breach details are available on Breachforums.
Date: 2026-06-04T14:47:27Z
Network: telegram
Published URL: https://t.me/Jax702/66
Screenshots:
2 screenshot(s) available
Threat Actors: JAX7
Victim Country: Unknown
Victim Industry: Training/Education
Victim Organization: Satu Sika Shu
Victim Site: Unknown
Alleged data leak of Satu Sika Shu training participants database
Category: Data Leak
Content: A threat actor on Breached forum has shared what is alleged to be a database of training participants associated with Satu Sika Shu. The post includes a sample but provides no further details on record count or data fields. The data appears to have been made available for free.
Date: 2026-06-04T14:46:19Z
Network: openweb
Published URL: https://breached.su/threads/database-of-training-participants-satu-sika-shu.87960/unread
Screenshots:
9 screenshot(s) available
Threat Actors: JAX7
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Satu Sika Shu
Victim Site: Unknown
Free SFTP access shared on hacking forum
Category: Initial Access
Content: A forum user on Cracked.st is sharing free SFTP access credentials or connection details with the community. No specific victim organization or target details are provided in the post.
Date: 2026-06-04T14:37:50Z
Network: openweb
Published URL: https://cracked.st/Thread-FREE-SFTP
Screenshots:
1 screenshot(s) available
Threat Actors: breezetechie
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged vulnerability disclosure in digital-avocat.fr by LunarisSec
Category: Vulnerability
Content: LunarisSec, a threat actor group, claims to have discovered a critical security vulnerability on the official website of digital-avocat.fr (French legal services). The group states they reported the flaw and positions this as part of a mission to address cybersecurity issues affecting France. The post includes a threat actor signature and social media link.
Date: 2026-06-04T14:37:08Z
Network: telegram
Published URL: https://t.me/c/3733257070/61
Screenshots:
2 screenshot(s) available
Threat Actors: LunarisSec
Victim Country: France
Victim Industry: Legal Services
Victim Organization: digital-avocat.fr
Victim Site: digital-avocat.fr
Sale of stolen payment cards and fraudulent transfer services across multiple countries
Category: Carding
Content: A threat actor operating under the handle @shag577 is offering stolen credit cards from multiple countries including the United States, United Kingdom, Canada, Australia, Germany, China, and Norway. The cards are advertised as validated, non-VBV, and compatible with Apple Pay, Google Pay, CashApp, PayPal, and other platforms without OTP verification. The actor also claims to offer fraudulent cash transfer services via CashApp and PayPal under a test run model.
Date: 2026-06-04T14:29:15Z
Network: openweb
Published URL: https://altenens.is/threads/www.2950223/unread
Screenshots:
6 screenshot(s) available
Threat Actors: Ghhhavsg136
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment cards and fraudulent transfer services
Category: Carding
Content: A threat actor operating as @shag577 is advertising stolen payment cards (CCs) from multiple countries including the US, UK, Canada, Australia, Germany, and others, marketed as validated and non-VBV. The seller also claims to offer fraudulent CashApp and PayPal transfers at a ratio of 10:1, with a replacement or refund policy if cards fail to add.
Date: 2026-06-04T14:28:46Z
Network: openweb
Published URL: https://altenens.is/threads/good-spammer.2950225/unread
Screenshots:
6 screenshot(s) available
Threat Actors: Ghhhavsg136
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment cards and fraudulent transfer services across multiple countries
Category: Carding
Content: A threat actor operating under the handle @shag577 is advertising stolen credit cards from multiple countries including the UK, USA, Canada, Australia, Germany, China, and Norway, marketed as validated and non-VBV. The seller also offers Apple Pay, Google Pay, CashApp, and PayPal-linked cards without OTP verification, along with fraudulent transfer services at fixed price tiers.
Date: 2026-06-04T14:28:18Z
Network: openweb
Published URL: https://altenens.is/threads/available.2950226/unread
Screenshots:
6 screenshot(s) available
Threat Actors: Ghhhavsg136
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment cards and fraudulent transfer services across multiple countries
Category: Carding
Content: A threat actor operating under the handle @shag577 is advertising stolen credit cards from multiple countries including the US, UK, Canada, Australia, China, and Germany, marketed as validated and non-VBV. The seller also offers fraudulent CashApp and PayPal transfer services with claimed test-run pricing tiers.
Date: 2026-06-04T14:27:49Z
Network: openweb
Published URL: https://altenens.is/threads/face-blowing-a-kiss-flag-united-statesmobile-phone-with-arrowmobile-phone-with-arrowmobile-phone-with-arrowmobile-phone-with-arrowmobile-phone-with-arrowmobile-phone-with-arrowmobile-phone-with-arrow.2950229/unread
Screenshots:
6 screenshot(s) available
Threat Actors: Ghhhavsg136
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment cards and fraudulent transfer services
Category: Carding
Content: A threat actor operating under the handle @shag577 is advertising stolen credit cards from multiple countries including the US, UK, Canada, Australia, Germany, and China, marketed as validated and non-VBV. The seller also offers Apple Pay, Google Pay, CashApp, and PayPal-linked cards, along with fraudulent cash transfer services at a markup, claiming no OTP verification is required.
Date: 2026-06-04T14:27:18Z
Network: openweb
Published URL: https://altenens.is/threads/active-now.2950232/unread
Screenshots:
6 screenshot(s) available
Threat Actors: Ghhhavsg136
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of small shop user database
Category: Data Leak
Content: A threat actor is sharing a small database of shop users on a darknet forum, claiming it was obtained via Google dorking. The dataset reportedly includes email addresses, hashed passwords, and plain-text passwords. No specific organization or record count was disclosed.
Date: 2026-06-04T14:19:50Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-Small-DB-of-shop-users
Screenshots:
1 screenshot(s) available
Threat Actors: domainbreachkaduu
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of CAF.fr
Category: Data Leak
Content: A threat actor operating under the alias KnoxTeam is freely sharing an alleged database from caf.fr, the French family benefits agency. The post provides no details on record count, data fields, or the original breach source. The content is gated behind a reply requirement on the forum.
Date: 2026-06-04T14:17:26Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-FR-CAF-FR-Free
Screenshots:
1 screenshot(s) available
Threat Actors: KnoxTeam
Victim Country: France
Victim Industry: Government
Victim Organization: Caisse dAllocations Familiales (CAF)
Victim Site: caf.fr
Sale of stolen payment cards and fraudulent transfer services across multiple countries
Category: Carding
Content: A threat actor operating under the handle @shag577 is advertising stolen credit cards from multiple countries including the US, UK, Canada, Australia, Germany, China, and Norway, marketed as checked, validated, and non-VBV. The seller also offers Apple Pay, Google Pay, CashApp, and PayPal-linkable cards, along with fraudulent transfer services via Telegram.
Date: 2026-06-04T14:03:10Z
Network: openweb
Published URL: https://altenens.is/threads/best-channel-for-ya-ccs.2950183/unread
Screenshots:
6 screenshot(s) available
Threat Actors: Ghhhavsg136
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment cards and fraudulent transfer services across multiple countries
Category: Carding
Content: A threat actor is offering stolen credit cards from multiple countries including the US, UK, Canada, Australia, Germany, Norway, and China, marketed as validated and non-VBV. The seller also advertises fraudulent CashApp and PayPal transfer services and claims to provide Apple Pay, Google Pay, and other payment platform-linked cards without OTP verification.
Date: 2026-06-04T14:02:42Z
Network: openweb
Published URL: https://altenens.is/threads/hmu-flag-united-statesflag-united-statesflag-united-statesflag-united-statesflag-united-statesflag-united-statesglobe-showing-asia-australiaglobe-showing-asia-australiaglobe-showing-asia-australiasports-medalsports-medalsports-medalsports-medalsports-medalsports-medalsports-medalsports-medalsports-medalsports-medal.2950185/unread
Screenshots:
6 screenshot(s) available
Threat Actors: Ghhhavsg136
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment cards and fraudulent transfer services across multiple countries
Category: Carding
Content: A threat actor operating under the handle @shag577 is advertising stolen credit cards from multiple countries including the UK, USA, Canada, Australia, Germany, China, and Norway, marketed as checked and validated with no OTP required. The seller also offers non-VBV auto-add cards compatible with Apple Pay, Google Pay, CashApp, PayPal, and other platforms. Additionally, fraudulent transfer services are advertised with claims of test-run payouts at a 10x return ratio.
Date: 2026-06-04T14:02:14Z
Network: openweb
Published URL: https://altenens.is/threads/tags.2950186/unread
Screenshots:
6 screenshot(s) available
Threat Actors: Ghhhavsg136
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment cards and fraudulent transfer services across multiple countries
Category: Carding
Content: A forum user is advertising stolen credit cards from multiple countries including the UK, USA, Canada, Australia, and others, marketed as validated and non-VBV. The seller also offers fraudulent CashApp and PayPal transfer services and claims to provide refunds if cards fail to add.
Date: 2026-06-04T14:01:47Z
Network: openweb
Published URL: https://altenens.is/threads/buy-from-globe-showing-asia-australiaglobe-showing-asia-australiaglobe-showing-asia-australiaglobe-showing-asia-australiaglobe-showing-asia-australia.2950188/unread
Screenshots:
6 screenshot(s) available
Threat Actors: Ghhhavsg136
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment cards and fraudulent transfer services
Category: Carding
Content: A threat actor operating under the handle @shag577 is advertising stolen payment cards from multiple countries including the US, UK, Canada, Australia, Germany, and China, marketed as validated and non-VBV. The actor also offers fraudulent CashApp and PayPal transfer services with a test-run pricing model, and claims to provide Apple Pay and Google Pay linked cards without OTP verification.
Date: 2026-06-04T14:01:19Z
Network: openweb
Published URL: https://altenens.is/threads/rdp-for-free-unlimited-no-download-no-account-just-link.2950180/unread
Screenshots:
6 screenshot(s) available
Threat Actors: Ghhhavsg136
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment cards and fraudulent transfer services across multiple countries
Category: Carding
Content: A threat actor operating under the handle @shag577 is advertising stolen credit cards from multiple countries including the US, UK, Canada, Australia, Germany, China, and Norway, marketed as checked and validated with no OTP required. The offering includes non-VBV auto-add cards compatible with Apple Pay, Google Pay, CashApp, PayPal, and eBay. The actor also claims to offer fraudulent cash transfer services via CashApp and PayPal at a multiplied return rate, consistent with money mule or fraudul…
Date: 2026-06-04T14:00:58Z
Network: openweb
Published URL: https://altenens.is/threads/all-checked-validated.2950209/unread
Screenshots:
6 screenshot(s) available
Threat Actors: Ghhhavsg136
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment cards and fraudulent transfer services across multiple countries
Category: Carding
Content: A threat actor operating under the handle @shag577 is advertising stolen credit cards from multiple countries including the United States, United Kingdom, Canada, Australia, Germany, and others, marketed as validated and non-VBV. The actor also offers fraudulent CashApp and PayPal transfer services and claims to support Apple Pay, Google Pay, and other digital wallet platforms without OTP verification.
Date: 2026-06-04T14:00:29Z
Network: openweb
Published URL: https://altenens.is/threads/whos-interested-ya-got-it-here.2950212/unread
Screenshots:
6 screenshot(s) available
Threat Actors: Ghhhavsg136
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen credit cards and payment-linked account services across multiple countries
Category: Carding
Content: A threat actor operating under the handle @shag577 is advertising stolen credit cards from multiple countries including the UK, US, Canada, Australia, Germany, and others, marketed as validated and non-VBV. The seller also offers Apple Pay, Google Pay, CashApp, and PayPal-linked cards without OTP verification, along with fraudulent transfer services.
Date: 2026-06-04T14:00:01Z
Network: openweb
Published URL: https://altenens.is/threads/whos-online.2950205/unread
Screenshots:
4 screenshot(s) available
Threat Actors: Ghhhavsg136
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment cards across multiple countries
Category: Carding
Content: A threat actor operating under the handle @shag577 is advertising stolen credit cards from multiple countries including the United States, United Kingdom, Canada, Australia, Germany, China, and Norway. The cards are marketed as validated, non-VBV, and linkable to payment platforms including Apple Pay, Google Pay, PayPal, CashApp, and eBay. The actor also offers fraudulent transfer services via Telegram.
Date: 2026-06-04T13:59:32Z
Network: openweb
Published URL: https://altenens.is/threads/ccs.2950221/unread
Screenshots:
6 screenshot(s) available
Threat Actors: Ghhhavsg136
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of fentycover.com by OCTOPUS of Midas Haxor Team
Category: Defacement
Content: On June 4, 2026, the website fentycover.com was defaced by a threat actor known as OCTOPUS, operating under the Midas Haxor Team. The attack targeted the homepage of the site in a single targeted defacement operation. No specific motivation or server details were disclosed in connection with the incident.
Date: 2026-06-04T13:52:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931151
Screenshots:
1 screenshot(s) available
Threat Actors: OCTOPUS, Midas Haxor Team
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Fenty Cover
Victim Site: fentycover.com
Website Defacement of ICMK Kannur by Claudexxx (Phantom Sec Team)
Category: Defacement
Content: On June 4, 2026, the website of ICMK Kannur was defaced by threat actor Claudexxx, operating under the Phantom Sec Team. This incident is classified as a re-defacement, indicating the site had been previously compromised by the same or another actor. The attack targeted the homepage and does not appear to be part of a mass defacement campaign.
Date: 2026-06-04T13:40:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931148
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx, Phantom Sec Team
Victim Country: India
Victim Industry: Non-Profit / Religious Organization
Victim Organization: ICMK Kannur
Victim Site: www.icmkannur.org
Alleged data leak of Abendgymnasium Wien (campus.abendgymnasium.at)
Category: Data Leak
Content: A threat actor has freely shared an alleged database dump from the Austrian educational institution Abendgymnasium Wien. The dataset contains approximately 23,000 user records with highly sensitive personal information including full names, dates of birth, gender, religion, addresses, phone numbers, marital status, nationality, employer details, and email addresses. The data appears to originate from the campus management platform at campus.abendgymnasium.at.
Date: 2026-06-04T13:39:47Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-%E2%AD%90-Fresh-Database-Austria-campus-abendgymnasium-at-23K-User
Screenshots:
1 screenshot(s) available
Threat Actors: Sensitive2025
Victim Country: Austria
Victim Industry: Education
Victim Organization: Abendgymnasium Wien
Victim Site: campus.abendgymnasium.at
Bowman, North Dakota parks files encrypted in cyberattack
Category: Cyber Attack
Content: Bowman Parks & Recreation had its files encrypted during a cyberattack, though the date of the attack and its public impact remain unknown. The attack affected the parks departments access to internal files, including backups stored on USB drives. Although a message was received from the attacker, the files were decrypted following the intervention of an expert. It has not been confirmed that any data was exfiltrated or that public services were disrupted. The incident led the city council to re…
Date: 2026-06-04T13:35:14Z
Network: openweb
Published URL: https://dysruptionhub.com/bowman-parks-cyberattack/
Screenshots:
None
Threat Actors:
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Bowman Parks & Recreation
Victim Site: bowmannd.com
Sale of cloned debit/credit cards, bank logs, and fraudulent online transfers
Category: Carding
Content: A threat actor is selling cloned prepaid debit cards, credit cards, and bank logs at tiered price points, with claimed balances ranging from $2,000 to $18,000. The actor also advertises fraudulent online transfers via CashApp, PayPal, Venmo, Zelle, Skrill, and cryptocurrency platforms. Contact is solicited via Telegram and WhatsApp.
Date: 2026-06-04T13:10:40Z
Network: openweb
Published URL: https://altenens.is/threads/fresh-prepaid-linkable-debits-available-instock-for-cashapp-applepay-paypal-skrill-zelle-venmo-etc-and-they-really-hitting-lit-asf-clone-card.2950112/unread
Screenshots:
3 screenshot(s) available
Threat Actors: Calaw
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Pôle Emploi with 10 million records for sale
Category: Data Breach
Content: A threat actor is selling a dataset allegedly exfiltrated from Pôle Emploi, the French public employment agency, containing 10 million records. The data reportedly includes employee and agency identifiers, names, postal codes, national identification numbers (NIR), and internal reference codes. The seller is asking 500 USDT and notes the data can be used for identity theft and microloan fraud.
Date: 2026-06-04T12:42:22Z
Network: openweb
Published URL: https://breachforum.su/Thread-SELLING-10-million-leaked-messages-from-French-company-P%C3%B4le-Emploi
Screenshots:
1 screenshot(s) available
Threat Actors: S646
Victim Country: France
Victim Industry: Government
Victim Organization: Pôle Emploi
Victim Site: pole-emploi.fr
Website Defacement of Aash Logistics by CYKOMNEPAL
Category: Defacement
Content: On June 4, 2026, the threat actor CYKOMNEPAL defaced the website of Aash Logistics, targeting a blog or content page on the domain. The defacement was carried out as a singular targeted attack, not part of a mass defacement campaign. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-06-04T12:16:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931140
Screenshots:
1 screenshot(s) available
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Unknown
Victim Industry: Logistics and Transportation
Victim Organization: Aash Logistics
Victim Site: www.aashlogistics.com
Alleged defacement of biztechssr.politeknikssr.ac.id by Mr.PIMZZZXploit
Category: Defacement
Content: Website defacement claimed by threat actor Mr.PIMZZZXploit. Defaced site: https://biztechssr.politeknikssr.ac.id. Mirror/proof link provided: https://hack-db.org/mirror/138188
Date: 2026-06-04T12:06:32Z
Network: telegram
Published URL: https://t.me/c/3865526389/1142
Screenshots:
2 screenshot(s) available
Threat Actors: Mr.PIMZZZXploit
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Politeknik SSR
Victim Site: biztechssr.politeknikssr.ac.id
Alleged defacement of yourlyfeapp.com by Mr.PIMZZZXploit
Category: Defacement
Content: Threat actor Mr.PIMZZZXploit claims to have defaced yourlyfeapp.com. Defacement proof and mirror link provided. Post includes hashtags referencing Babayo Eror System.
Date: 2026-06-04T12:03:57Z
Network: telegram
Published URL: https://t.me/c/3865526389/1141
Screenshots:
2 screenshot(s) available
Threat Actors: Mr.PIMZZZXploit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: yourlyfeapp.com
Victim Site: yourlyfeapp.com
Alleged data breach of Under Armour
Category: Data Breach
Content: A threat actor is distributing what appears to be a database dump of Under Armour customer transaction records, including transaction IDs, user IDs, purchase dates, product IDs, prices, and email addresses. The sample data references purchases dated October 2025. The dataset is being made available via an external file-sharing link with contact via Telegram.
Date: 2026-06-04T12:03:33Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78921
Screenshots:
1 screenshot(s) available
Threat Actors: LauraAllen
Victim Country: United States
Victim Industry: Retail
Victim Organization: Under Armour
Victim Site: underarmour.com
Alleged website defacement of Safe Space Foundation by Mr.PIMZZZXploit
Category: Defacement
Content: Threat actor Mr.PIMZZZXploit claims to have defaced safespacefoundation.org and posted proof images. Mirror links provided at hack-db.org.
Date: 2026-06-04T11:55:54Z
Network: telegram
Published URL: https://t.me/c/3865526389/1140
Screenshots:
2 screenshot(s) available
Threat Actors: Mr.PIMZZZXploit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Safe Space Foundation
Victim Site: safespacefoundation.org
Website Defacement of Buffalo Companion Animal Clinic by CYKOMNEPAL
Category: Defacement
Content: On June 4, 2026, the threat actor CYKOMNEPAL defaced the website of Buffalo Companion Animal Clinic, a veterinary services provider likely based in Buffalo, United States. The incident was a targeted single-site defacement with no indication of mass or repeated compromise. The attackers motivation was not publicly disclosed.
Date: 2026-06-04T11:53:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931137
Screenshots:
1 screenshot(s) available
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: United States
Victim Industry: Veterinary / Animal Healthcare
Victim Organization: Buffalo Companion Animal Clinic
Victim Site: buffalocompanionanimalclinic.com
Sale of Spanish banking leads database with 30 million records
Category: Data Breach
Content: A threat actor is selling a database of over 30 million Spanish banking leads containing personal and financial data including full names, IBAN numbers, NIF/NIE/CIF identifiers, phone numbers, email addresses, dates of birth, and complete addresses. The dataset purportedly covers customers of multiple major Spanish financial institutions including CaixaBank, Banco Santander, BBVA, Banco Sabadell, and others. Payment is accepted in cryptocurrency only.
Date: 2026-06-04T11:13:30Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-BOT-LEADS-BANKING-BANKS-SPAIN
Screenshots:
1 screenshot(s) available
Threat Actors: jordanbelfortwolf
Victim Country: Spain
Victim Industry: Finance
Victim Organization: Multiple Spanish Banks
Victim Site: Unknown
Alleged data breach of marches-publics.gouv.fr (French Government Procurement Portal)
Category: Data Breach
Content: A threat actor claims to have exploited an SQL injection vulnerability on the French government public procurement portal marches-publics.gouv.fr, allegedly obtaining over one million user records. The exposed data reportedly includes names, email addresses, plaintext or weakly hashed passwords, phone numbers, addresses, and session identifiers. The actor is offering the database for sale on a dark web forum.
Date: 2026-06-04T11:12:35Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-FR-SQL-marches-publics-gouv-fr
Screenshots:
1 screenshot(s) available
Threat Actors: 365d
Victim Country: France
Victim Industry: Government
Victim Organization: marches-publics.gouv.fr
Victim Site: marches-publics.gouv.fr
Alleged data breach of Mihnati (mihnati.com)
Category: Data Breach
Content: A threat actor claims to be selling a database allegedly breached from mihnati.com, a Saudi Arabian recruitment platform. The dataset purportedly contains 422,000 records including candidate profiles, contact information, personal details (date of birth, gender, marital status, nationality), and experience data. The actor is offering the data for sale via Telegram.
Date: 2026-06-04T11:11:52Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-422k-Saudi-Arabia-https-www-mihnati-com-Data
Screenshots:
1 screenshot(s) available
Threat Actors: NetBreach
Victim Country: Saudi Arabia
Victim Industry: Recruitment
Victim Organization: Mihnati
Victim Site: mihnati.com
Alleged data breach of Environmental Management Bureau of the Philippines
Category: Data Breach
Content: A threat actor claims to be selling 127,000 Philippine government-issued ID records allegedly scraped from the Environmental Management Bureau of the Philippines. The dataset is reported to be over 90GB and includes PhilHealth IDs, Professional IDs, PRC IDs, Pag-IBIG IDs, National IDs, Business Permits, and Drivers Licenses. The actor is soliciting buyers via Telegram and private message on the forum.
Date: 2026-06-04T10:46:41Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-127k-Philippines-IDs-FRESH-FROM-GOV
Screenshots:
1 screenshot(s) available
Threat Actors: Japoy
Victim Country: Philippines
Victim Industry: Government
Victim Organization: Environmental Management Bureau of the Philippines
Victim Site: emb.gov.ph
Alleged data leak of French personal and financial records including IBAN details
Category: Data Leak
Content: A threat actor has freely shared a dataset containing French individuals personal and financial information, including full names, dates of birth, home addresses, phone numbers, email addresses, and IBAN/BIC banking details. The data was made available via a file-sharing link with sample records provided. The source organization of the breach is not identified in the post.
Date: 2026-06-04T10:42:37Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78919
Screenshots:
1 screenshot(s) available
Threat Actors: LauraAllen
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Request for SuperCard X or NFC Devil malware access
Category: Malware
Content: A forum user is seeking a seller or operator of SuperCard X or NFC Devil malware, expressing interest in renting access or working on a revenue-sharing arrangement. No specific victim or deployment details are mentioned. The post indicates demand for NFC-based malware tools within the criminal ecosystem.
Date: 2026-06-04T10:25:24Z
Network: openweb
Published URL: https://tier1.life/thread/282
Screenshots:
1 screenshot(s) available
Threat Actors: drop_nation
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Use-After-Free vulnerability in Adobe Acrobat Reader Escript.api leading to RCE
Category: Vulnerability
Content: A detailed technical write-up by Michele Campa (Exodus Intelligence) describes a use-after-free vulnerability in Adobe Acrobat Readers Escript.api module, discovered in February 2025 and patched in April 2026. The vulnerability is triggered via the defineGetter() JavaScript API on non-configurable built-in object properties, leading to a desynchronization between reference counting and the event-scope stack that results in a dangling pointer and exploitable UAF condition with RCE potential.
Date: 2026-06-04T10:23:58Z
Network: openweb
Published URL: https://tier1.life/thread/281
Screenshots:
6 screenshot(s) available
Threat Actors: RedQueen
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Adobe
Victim Site: adobe.com
Sale of BTC Wallet Recovery Tool (Bitcoin Hunter)
Category: Malware
Content: A forum user is distributing a tool marketed as a BTC wallet recovery tool, formerly known as Bitcoin Hunter, via Mediafire and MEGA file-sharing links. Such tools are commonly used for unauthorized access to cryptocurrency wallets and may contain malicious functionality.
Date: 2026-06-04T10:23:47Z
Network: openweb
Published URL: https://crackingx.com/threads/77955/
Screenshots:
1 screenshot(s) available
Threat Actors: Zxhuwu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of International Kiteboarding Organization (IKO) – 340k users
Category: Data Breach
Content: International Kiteboarding Organization (IKO) data breach containing 340k unique users personal information including names, email addresses, localities, countries, user IDs, insurance status, and GPS positions. Breach verified on Have I Been Pwned. Being sold for $2000 USD by threat actor @node6240.
Date: 2026-06-04T10:13:02Z
Network: telegram
Published URL: https://t.me/c/3500620464/9175
Screenshots:
1 screenshot(s) available
Threat Actors: node6240
Victim Country: Unknown
Victim Industry: Sports/Education
Victim Organization: International Kiteboarding Organization
Victim Site: iko.net
Alleged data breach of Insightsoftware – Atlas Source Code
Category: Data Breach
Content: Threat actor claiming to have compromised Insightsoftware Atlas Source Code and offering it for sale at $3200. Insightsoftware is a comprehensive provider of solutions for finance, accounting, and operations.
Date: 2026-06-04T10:11:43Z
Network: telegram
Published URL: https://t.me/c/3500620464/9173
Screenshots:
1 screenshot(s) available
Threat Actors: node6240
Victim Country: Unknown
Victim Industry: Software/Finance Technology
Victim Organization: Insightsoftware
Victim Site: insightsoftware.com
Alleged data breach of Credera – Source code, credentials, and confidential documents
Category: Data Breach
Content: Threat actor offering sale of compromised Credera data including confidential documents, Terraform files, internal customer documents, source codes, SSL certificates, hardcoded credentials, SMTP credentials, API keys, private/public keys, SQL files, customer source codes, certificates, GitHub projects, and pipeline builds. Asking price: $1,500.
Date: 2026-06-04T10:09:33Z
Network: telegram
Published URL: https://t.me/c/3500620464/9169
Screenshots:
1 screenshot(s) available
Threat Actors: node6240
Victim Country: Unknown
Victim Industry: Technology/Consulting
Victim Organization: Credera
Victim Site: credera.com
Alleged data breach of European Space Agency – 200GB of source code and credentials
Category: Data Breach
Content: Threat actor claims to have compromised European Space Agency (ESA) services and stolen over 200GB of data including private Bitbucket repositories, source codes, CI/CD pipelines, API tokens, access tokens, confidential documents, configuration files, Terraform files, SQL files, and hardcoded credentials. Data is being offered for sale at $5000.
Date: 2026-06-04T10:09:22Z
Network: telegram
Published URL: https://t.me/c/3500620464/9161
Screenshots:
1 screenshot(s) available
Threat Actors: node6240
Victim Country: Multiple (International Organization)
Victim Industry: Space/Aerospace
Victim Organization: European Space Agency
Victim Site: esa.int
Alleged sale of access and data from Tymphany audio systems manufacturer
Category: Initial Access
Content: Threat actor claims 2-day access to Tymphany services with exfiltration of source codes, confidential documents, RSA private keys, SQL files, access keys, configuration files, hardcoded credentials, and SMTP credentials. Asking $10,000 USD for the data.
Date: 2026-06-04T10:09:11Z
Network: telegram
Published URL: https://t.me/c/3500620464/9160
Screenshots:
1 screenshot(s) available
Threat Actors: node6240
Victim Country: Unknown
Victim Industry: Audio Systems Manufacturing
Victim Organization: Tymphany
Victim Site: Unknown
Alleged data breach of TTNET (Türk Telekom) – 5 million records leaked
Category: Data Breach
Content: A database allegedly containing approximately 5 million records from TTNET A.Ş. (Turkish ISP operating under Türk Telekom brand) from December 2015 has been made available for free download. The leaked data reportedly includes exposed email addresses, names, physical addresses, phone numbers, and telecom package information for subscribers. The breach was originally posted on Raid Forums and is now being redistributed via multiple file hosting services.
Date: 2026-06-04T10:09:01Z
Network: telegram
Published URL: https://t.me/c/3500620464/9159
Screenshots:
1 screenshot(s) available
Threat Actors: Addka72424
Victim Country: Turkey
Victim Industry: Telecommunications
Victim Organization: TTNET A.Ş. (Türk Telekom)
Victim Site: ttnet.com.tr
Alleged sale of targeted email account access to Hotmail, Yahoo, AT&T and associated service accounts
Category: Initial Access
Content: Threat actor Yuze is offering for sale targeted email account access credentials for multiple platforms including Hotmail, Yahoo, and AT&T accounts with associated access to linked services (Walmart, eBay, Uber, Marriott, Poshmark, Reddit, Grailed, Vinted, Kleinanzeigen). Claims credentials are fresh, valid, and uncracked. Targeting users in USA, UK, and Canada. Soliciting direct messages for specific keyword searches.
Date: 2026-06-04T09:47:41Z
Network: telegram
Published URL: https://t.me/c/2613583520/96924
Screenshots:
1 screenshot(s) available
Threat Actors: Yuze
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of bestfriendmatch.com user database
Category: Data Leak
Content: A threat actor has freely shared an alleged database dump from bestfriendmatch.com containing approximately 11,000 user records. The dataset includes personally identifiable information such as names, email addresses, hashed passwords, gender, sexual orientation, location data, birth dates, IP addresses, and social media identifiers. The data appears to originate from a dating or social matchmaking platform.
Date: 2026-06-04T09:47:27Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-%E2%AD%90-Fresh-Database-bestfriendmatch-com-11K-user
Screenshots:
1 screenshot(s) available
Threat Actors: Sensitive2025
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: BestFriendMatch
Victim Site: bestfriendmatch.com
Alleged data breach of undisclosed US Forex platform
Category: Data Breach
Content: A threat actor is distributing a database allegedly sourced from a US-based Forex platform, containing detailed personal and financial records of depositors. Exposed fields include full name, address, phone number, IP address, gender, deposit and withdrawal totals, and annual income brackets. The data is made available via a file-sharing link with contact through Telegram.
Date: 2026-06-04T09:47:19Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78910
Screenshots:
1 screenshot(s) available
Threat Actors: LauraAllen
Victim Country: United States
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Pakistan Ministry of Science and Technology (MoST)
Category: Data Breach
Content: A threat actor claims to be selling documents related to Navigation Systems allegedly obtained from Pakistans Ministry of Science and Technology (MoST). The seller is offering sample data and pricing via qTox contact. No record count or additional details were provided in the post.
Date: 2026-06-04T09:12:26Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78887
Screenshots:
1 screenshot(s) available
Threat Actors: Jon1234
Victim Country: Pakistan
Victim Industry: Government
Victim Organization: Ministry of Science and Technology (MoST)
Victim Site: most.gov.pk
Sale of sensitive government documents linked to Pakistan SUPARCO and Ministry of Science & Technology
Category: Data Breach
Content: A threat actor is selling sensitive documents allegedly obtained from Pakistans Ministry of Science and Technology and the Space and Upper Atmosphere Research Commission (SUPARCO). The documents reportedly contain critical information related to indigenous navigation systems, including Pak-SBAS and Pak-GBAS programs. The seller is directing interested buyers to contact via a Session messaging identifier.
Date: 2026-06-04T09:11:44Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78889
Screenshots:
1 screenshot(s) available
Threat Actors: ModernStealer
Victim Country: Pakistan
Victim Industry: Government
Victim Organization: Pakistan Ministry of Science and Technology / SUPARCO
Victim Site: suparco.gov.pk
Sale of alleged sensitive documents from Pakistan Ministry of Science and Technology and SUPARCO
Category: Data Breach
Content: A threat actor is offering for sale sensitive documents allegedly obtained from Pakistans Ministry of Science and Technology (MoST) and the Space and Upper Atmosphere Research Commission (SUPARCO). The documents purportedly contain critical information related to indigenous navigation systems, including Pak-SBAS and Pak-GBAS programs. The seller is directing prospective buyers to contact them via Session messenger for sample data.
Date: 2026-06-04T09:11:04Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78890
Screenshots:
1 screenshot(s) available
Threat Actors: Mipor
Victim Country: Pakistan
Victim Industry: Government
Victim Organization: Pakistan Ministry of Science and Technology / SUPARCO
Victim Site: suparco.gov.pk
Sale of Web3/Crypto Wallet Holder leads database
Category: Data Breach
Content: A threat actor is offering for sale a database of 100,000 Web3 and cryptocurrency wallet holders. The dataset includes usernames, email addresses, ETH addresses, Solana balances, DeBank portfolio values in USD, and account status. The seller is pricing the data between $600 and $2,500+ and directing buyers to a Telegram contact.
Date: 2026-06-04T09:10:23Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78902
Screenshots:
1 screenshot(s) available
Threat Actors: HiddenHq
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of HungerStation
Category: Data Breach
Content: A threat actor is selling an alleged database from hungerstation.com, a Saudi Arabian food delivery platform. The dataset reportedly contains 324,000 records including customer IDs, names, emails, mobile numbers, city, region, country, loyalty points, preferred language, order count, and last purchase date. The actor accepts escrow and can be contacted via Telegram or Session.
Date: 2026-06-04T09:09:45Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78905
Screenshots:
1 screenshot(s) available
Threat Actors: JeffData
Victim Country: Saudi Arabia
Victim Industry: Retail
Victim Organization: HungerStation
Victim Site: hungerstation.com
Sale of free dumps, tracks, and PINs on carding forum
Category: Carding
Content: A forum user is offering free access to dumps, tracks, and PINs on a carding forum. The post requires registration or sign-in to view the actual content, so specific details are unavailable. The material appears to consist of stolen payment card data including magnetic stripe tracks and associated PINs.
Date: 2026-06-04T08:55:49Z
Network: openweb
Published URL: https://darkpro.net/threads/free-dumps-tracks-pins-by-carding-forum.23341/
Screenshots:
1 screenshot(s) available
Threat Actors: CC-GuRu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of payment card dumps with high limits
Category: Carding
Content: A forum user operating as CC-GuRu is offering free payment card dumps advertised as having good limits. The actual content is gated behind registration or sign-in, so no further details about the cards or their origin are available.
Date: 2026-06-04T08:55:32Z
Network: openweb
Published URL: https://darkpro.net/threads/free-dumps-good-limits-by-cc-guru.23342/
Screenshots:
1 screenshot(s) available
Threat Actors: CC-GuRu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment card data by CC-GuRu
Category: Carding
Content: A forum user operating under the alias CC-GuRu is advertising fresh stolen payment card data on a dark web forum. The post content is restricted to registered members only, so specific details about card counts, BINs, or pricing are unavailable. The listing appears in the Dumps & Tracks section, indicating stolen card track data or CVV records.
Date: 2026-06-04T08:55:15Z
Network: openweb
Published URL: https://darkpro.net/threads/fresh-ccs-by-cc-guru.23343/
Screenshots:
1 screenshot(s) available
Threat Actors: CC-GuRu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Chinese hacker group deploying Atlas malware against European organizations
Category: Malware
Content: Security researchers identified a Chinese-speaking hacker group conducting cyber attacks against organizations in Germany, Italy, United Kingdom, and South Africa using a new malware called Atlas. The group uses spear-phishing emails with subjects related to payroll, taxes, invoices, and administrative notices. The Atlas malware provides attackers with capabilities to steal files and information, log user activities, capture screenshots, and access webcams and microphones. Researchers warn the m…
Date: 2026-06-04T08:54:42Z
Network: telegram
Published URL: https://t.me/c/1283513914/22063
Screenshots:
2 screenshot(s) available
Threat Actors: Chinese-speaking hacker group
Victim Country: Germany, Italy, United Kingdom, South Africa
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of stolen database archive containing military documents, personal information, and credentials from 65+ countries
Category: Data Breach
Content: DarkForums operator advertising a private cloud archive containing stolen databases from multiple continents including military documents, company databases, personal identification documents, consumer information, phone lists, email lists, financial data, SSN/SIN records, and credential lists (email:password, username:password combinations). Service claims 24/7 support, fresh data, and daily updates. Subscription pricing offered: $300/month, $600/3-months, or $1500 lifetime access with premium …
Date: 2026-06-04T08:38:00Z
Network: telegram
Published URL: https://t.me/c/3881241221/27
Screenshots:
1 screenshot(s) available
Threat Actors: DarkForums
Victim Country: Multiple countries (65+ across Europe, Asia, Africa, Americas, Australia)
Victim Industry: Multiple (military, corporate, financial, government, consumer)
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of A2E Enterprises by Claudexxx (Phantom Sec Team)
Category: Defacement
Content: On June 4, 2026, the website a2eenterprises.in was defaced by threat actor Claudexxx, operating under the Phantom Sec Team. The attack targeted the homepage of what appears to be an Indian business enterprise. The incident was recorded as a singular, non-mass defacement event with a mirror archived at zone-xsec.com.
Date: 2026-06-04T08:30:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931115
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx, Phantom Sec Team
Victim Country: India
Victim Industry: Business Services
Victim Organization: A2E Enterprises
Victim Site: a2eenterprises.in
Alleged data breach of HSBC Mexico
Category: Data Breach
Content: A threat actor is offering for sale an alleged database attributed to HSBC Mexico containing approximately 35 million records. The dataset reportedly includes account numbers, RFC and CURP tax/identity identifiers, full names, addresses, postal codes, and phone numbers. Sample records were shared as proof, with the seller pricing the full dataset at $1,200 USD via Telegram.
Date: 2026-06-04T08:16:38Z
Network: openweb
Published URL: https://darkpro.net/threads/hsbc-mx-database-for-sale-by-carding-forum.23340/
Screenshots:
1 screenshot(s) available
Threat Actors: ⭐ RED✘ ⭐
Victim Country: Mexico
Victim Industry: Finance
Victim Organization: HSBC Mexico
Victim Site: hsbc.com.mx
Alleged data breach of buy123.com.tw exposing customer and order data
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from buy123.com.tw, a Taiwanese e-commerce platform, containing approximately 623,000 records. The dataset is structured across three sections covering customer contact information (names, emails, phone numbers, addresses), order management records (payment methods, amounts, tracking), and delivery logs. The data reportedly includes buyer and receiver personal details along with purchase history and account status.
Date: 2026-06-04T07:19:39Z
Network: openweb
Published URL: https://breached.su/threads/623k-taiwan-https-www-buy123-com-tw-buyer-and-receiver-contact-info-with-purchase-history-and-account-status-details.87951/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Taiwan
Victim Industry: Retail
Victim Organization: buy123
Victim Site: buy123.com.tw
Alleged data breach of Ruten (ruten.com.tw) exposing 742K customer and order records
Category: Data Breach
Content: A threat actor is selling an alleged database from Ruten, a Taiwanese e-commerce platform, for $1,200. The dataset purportedly contains 742,000 records spanning three sections: customer contact profiles (including full name, email, phone, IP, and birth date), order history (including payment and shipment details), and support tickets (including ticket descriptions and satisfaction scores).
Date: 2026-06-04T07:19:05Z
Network: openweb
Published URL: https://breached.su/threads/742k-taiwan-https-www-ruten-com-tw-consumer-contacts-and-business-profiles-database.87952/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Taiwan
Victim Industry: Retail
Victim Organization: Ruten
Victim Site: ruten.com.tw
Alleged data breach of Maroof SA (Saudi Arabia business registry platform)
Category: Data Breach
Content: A threat actor is selling an alleged dataset from maroof.sa, a Saudi Arabian business registry platform, for $1,300. The dataset reportedly contains approximately 427,000 records spanning customer personal data (names, DOB, national IDs, contact details, social accounts), shop branch locations, and customer order history. Sensitive fields include national ID numbers, dates of birth, email addresses, and mobile phone numbers.
Date: 2026-06-04T06:56:37Z
Network: openweb
Published URL: https://breached.su/threads/427k-saudi-arabia-https-maroof-sa-public-business-and-personal-contact-records-including-emails-and-phone-numbers.87935/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Saudi Arabia
Victim Industry: Government
Victim Organization: Maroof
Victim Site: maroof.sa
Alleged data breach of jobzaty.com exposing recruitment and job seeker data
Category: Data Breach
Content: A threat actor is offering for sale a dataset allegedly sourced from jobzaty.com, a Saudi Arabian recruitment platform. The dataset reportedly contains 472,000 records spanning contacts, job applications, and support tickets, including personal identifiers such as name, email, phone number, date of birth, address, employment history, and LinkedIn profile. The seller is asking $1,300 and accepting forum escrow for the transaction.
Date: 2026-06-04T06:56:04Z
Network: openweb
Published URL: https://breached.su/threads/472k-saudi-arabia-www-jobzaty-com-recruitment-consultant-contacts-and-job-listings-data.87937/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Saudi Arabia
Victim Industry: Recruitment
Victim Organization: Jobzaty
Victim Site: jobzaty.com
Alleged data breach of kkf.org.sa exposing 742K Saudi Arabian contact and membership records
Category: Data Breach
Content: A threat actor is selling a dataset allegedly originating from kkf.org.sa, priced at $1,400. The dataset is structured across three tables covering contacts, project assessments, and membership subscriptions, containing fields such as full names, email addresses, phone numbers, company names, mailing addresses, and membership details. The seller claims the data is fresh and comprises approximately 742,000 records.
Date: 2026-06-04T06:55:31Z
Network: openweb
Published URL: https://breached.su/threads/742k-saudi-arabia-https-kkf-org-sa-comprehensive-contact-and-marketing-data-including-emails-and-user-profiles.87938/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Saudi Arabia
Victim Industry: Unknown
Victim Organization: KKF
Victim Site: kkf.org.sa
Alleged data breach of Vox Telecommunications South Africa
Category: Data Breach
Content: A threat actor on Breached forums is offering for sale an alleged dataset originating from vox.co.za, a South African telecommunications provider. The dataset reportedly contains 427,000 records across three structured sections: customer account and contact details, sales orders, and delivery logs. Exposed fields include customer names, phone numbers, email addresses, VAT numbers, billing and delivery addresses, payment terms, and geolocation data.
Date: 2026-06-04T06:54:58Z
Network: openweb
Published URL: https://breached.su/threads/427k-south-africa-https-www-vox-co-za-business-customer-contacts-and-account-details-dataset.87940/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: South Africa
Victim Industry: Telecommunications
Victim Organization: Vox
Victim Site: vox.co.za
Alleged defacement of itadvanceeducation.in by StarsX Neura-Sec Team
Category: Defacement
Content: Claim of website defacement of itadvanceeducation.in attributed to StarsX Neura-Sec Team. Defaced URL provided: https://itadvanceeducation.in/?page_id=3. Post includes contact information for the threat actor group.
Date: 2026-06-04T06:54:33Z
Network: telegram
Published URL: https://t.me/NeuraSCTA/38
Screenshots:
2 screenshot(s) available
Threat Actors: StarsX Neura-Sec Team
Victim Country: India
Victim Industry: Education
Victim Organization: IT Advance Education
Victim Site: itadvanceeducation.in
Alleged data breach of WebAfrica
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from WebAfrica, a South African internet service provider, containing approximately 742,000 customer records. The data is structured across three sections — Contact, Subscription, and Support Case — and includes personally identifiable information such as names, email addresses, phone numbers, date of birth, mailing addresses, subscription details, payment metadata, and support ticket history. Sample files were shared via Gofile links as p…
Date: 2026-06-04T06:54:25Z
Network: openweb
Published URL: https://breached.su/threads/742k-south-africa-https-www-webafrica-co-za-customer-contacts-with-emails-phone-numbers-and-demographic-info.87941/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: South Africa
Victim Industry: Telecommunications
Victim Organization: WebAfrica
Victim Site: webafrica.co.za
Alleged data breach of Africoil – Corporate accounts and contact data exposed
Category: Data Breach
Content: A threat actor is offering for sale an alleged dataset originating from Africoil, a South African oil and gas sector company. The dataset reportedly contains approximately 472,000 records across three structured tables: customer contact information, distributor linkage details, and order/trip logistics logs. Data fields include account names, contact emails, phone numbers, VAT numbers, payment terms, credit limits, distributor contract details, and shipment tracking information.
Date: 2026-06-04T06:53:52Z
Network: openweb
Published URL: https://breached.su/threads/472k-south-africa-https-www-africoil-co-za-corporate-accounts-and-contact-data-in-oil-gas-sector.87942/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: South Africa
Victim Industry: Oil & Gas
Victim Organization: Africoil
Victim Site: africoil.co.za
Alleged data breach of Etoos (etoos.com) exposing 425K South Korean user records
Category: Data Breach
Content: A threat actor is offering for sale an alleged dataset of 425,000 records from South Korean online education platform Etoos (etoos.com). The data is structured across three sections — Contact, Order History, and Student Enrollment — containing personal identifiers including full names, dates of birth, resident registration numbers, email addresses, phone numbers, addresses, and academic information. The dataset also reportedly includes order and payment metadata as well as student enrollment det…
Date: 2026-06-04T06:53:18Z
Network: openweb
Published URL: https://breached.su/threads/425k-south-korea-https-www-etoos-com-personal-contact-and-education-data-including-emails-phone-numbers-addresses-birth-dates.87943/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: South Korea
Victim Industry: Education
Victim Organization: Etoos
Victim Site: etoos.com
Alleged data breach of SayClub
Category: Data Breach
Content: A threat actor is offering for sale an alleged dataset from SayClub, a South Korean platform, containing approximately 512,000 user records. The dataset is structured across three sections covering user profiles with hashed passwords, personal contact details (including full name, date of birth, personal ID number, phone numbers, and home/office addresses), membership points activity, and privacy preferences. The data reportedly includes sensitive fields such as personal ID numbers and GDPR cons…
Date: 2026-06-04T06:52:45Z
Network: openweb
Published URL: https://breached.su/threads/512k-south-korea-https-www-sayclub-com-user-profiles-with-hashed-passwords-and-personal-contact-data.87944/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: South Korea
Victim Industry: Technology
Victim Organization: SayClub
Victim Site: sayclub.com
Alleged data breach of Hmall (hmall.com) exposing 670K user contacts and purchase records
Category: Data Breach
Content: A threat actor is offering for sale an alleged dataset originating from hmall.com, a South Korean e-commerce platform, containing approximately 670,000 records. The dataset is structured across three sections — Contacts, Orders, and Delivery Logs — and includes personally identifiable information such as full names, email addresses, phone numbers, mailing addresses, and registration numbers, as well as order transaction details including payment methods, bank information, pricing, and shipment t…
Date: 2026-06-04T06:52:12Z
Network: openweb
Published URL: https://breached.su/threads/670k-south-korea-https-www-hmall-com-user-contacts-and-purchase-records-dataset.87945/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: South Korea
Victim Industry: Retail
Victim Organization: Hmall
Victim Site: hmall.com
Alleged data breach of Colegio de Trabajo Social de Salamanca
Category: Data Breach
Content: A threat actor is offering a dataset allegedly sourced from the Colegio de Trabajo Social de Salamanca, a Spanish social workers professional association. The dataset spans three sections — Contacts, Course Enrollments, and Company Information — containing personal identifiers such as names, email addresses, phone numbers, tax ID numbers, and membership details for approximately 365,000 individuals. The data also includes financial and enrollment records, as well as associated employer/company i…
Date: 2026-06-04T06:51:38Z
Network: openweb
Published URL: https://breached.su/threads/365k-spain-https-www-colegiodetrabajosocialdesalamanca-org-social-worker-contacts-and-professional-registrations-dataset.87946/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Spain
Victim Industry: Professional Services
Victim Organization: Colegio de Trabajo Social de Salamanca
Victim Site: colegiodetrabajosocialdesalamanca.org
Alleged data breach of Privalia Spain
Category: Data Breach
Content: A threat actor is offering an alleged dataset from Privalia, a Spanish online fashion retailer, containing approximately 628,000 records. The dataset is structured across three sections — Contacts, Orders, and Delivery Logs — and includes personally identifiable information such as national IDs, emails, full names, phone numbers, addresses, order and payment transaction details, and shipment tracking data. The post describes the data as fresh and organized for practical use.
Date: 2026-06-04T06:51:04Z
Network: openweb
Published URL: https://breached.su/threads/628k-spain-www-privalia-com-user-profiles-with-emails-locations-account-tiers-contact-preferences.87947/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Spain
Victim Industry: Retail
Victim Organization: Privalia
Victim Site: privalia.com
Alleged data breach of Euskaltel exposing customer contacts, orders, and support tickets
Category: Data Breach
Content: A threat actor is selling an alleged dataset from Euskaltel, a Spanish telecommunications provider, containing approximately 737,000 records. The dataset is structured across three sections — Contacts, Orders, and Support Tickets — and includes personally identifiable information such as names, emails, phone numbers, addresses, Tax IDs, membership status, payment method, and support case details. The seller is asking $1,000 and accepts forum escrow for the transaction.
Date: 2026-06-04T06:50:31Z
Network: openweb
Published URL: https://breached.su/threads/737k-spain-https-www-euskaltel-com-customer-contacts-emails-phone-numbers-addresses-membership-data.87948/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Spain
Victim Industry: Telecommunications
Victim Organization: Euskaltel
Victim Site: euskaltel.com
Sale of alleged data breach of Weikeng
Category: Data Breach
Content: A threat actor is offering for sale an alleged dataset of approximately 420,000 records originating from weikeng.com.tw in Taiwan. The dataset reportedly includes customer contact details (names, emails, phone numbers, addresses, dates of birth), support ticket content with internal notes, and website interaction logs. The seller is asking $1,300 and can be contacted via Telegram.
Date: 2026-06-04T06:49:57Z
Network: openweb
Published URL: https://breached.su/threads/420k-taiwan-www-weikeng-com-tw-active-sales-leads-and-contact-details-dataset.87950/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Taiwan
Victim Industry: Unknown
Victim Organization: Weikeng
Victim Site: weikeng.com.tw
Sale of alleged database and source code from Alhind Group India
Category: Data Breach
Content: A threat actor is offering for sale data allegedly exfiltrated from Alhind Group, a major Indian travel and hospitality conglomerate. The purported dataset includes financial records, employee data, client personal information, passport and visa details, employee salaries, and source code for web applications. The actor is soliciting bids starting at $10,000 and requests contact via Session messenger.
Date: 2026-06-04T06:49:13Z
Network: openweb
Published URL: https://breached.su/threads/alhind-group-india-database-2026-flag-india.87936/unread
Screenshots:
1 screenshot(s) available
Threat Actors: sc@ry_cRow
Victim Country: India
Victim Industry: Travel and Tourism
Victim Organization: Alhind Group
Victim Site: alhind.com
Alleged data breach of Dexprint
Category: Data Breach
Content: A forum post on Breached claims to reference a database associated with Dexprint. No content was available in the post, so no details regarding the scope, data types, or veracity of the alleged breach can be assessed.
Date: 2026-06-04T06:48:29Z
Network: openweb
Published URL: https://breached.su/threads/data-base-dexprint.87939/unread
Screenshots:
3 screenshot(s) available
Threat Actors: MatxCysec
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Dexprint
Victim Site: Unknown
Alleged data leak of Damsons Estate
Category: Data Leak
Content: A threat actor known as NeuraSec claims to have leaked a database associated with Damsons Estate, reportedly containing over 3,000 records. No additional details or post content were available to verify the claim or confirm the nature of the exposed data.
Date: 2026-06-04T06:47:52Z
Network: openweb
Published URL: https://breached.su/threads/leaked-3000-database-damsons-estate.87949/unread
Screenshots:
2 screenshot(s) available
Threat Actors: NeuraSec
Victim Country: Unknown
Victim Industry: Real Estate
Victim Organization: Damsons Estate
Victim Site: Unknown
Alleged sale of compromised TikTok and Shein accounts with verified status
Category: Initial Access
Content: Threat actor offering for sale multiple compromised social media accounts including TikTok US personal accounts, TikTok US store accounts with violation appeal status, Shein US and EU LLC accounts, and bulk TikTok accounts with 500k+ followers. Prices range from $100-$800 USD. Contact handle provided: @pipl1on33uku
Date: 2026-06-04T06:45:08Z
Network: telegram
Published URL: https://t.me/c/2613583520/96818
Screenshots:
1 screenshot(s) available
Threat Actors: pipl1on33uku
Victim Country: United States
Victim Industry: Social Media, E-commerce
Victim Organization: TikTok, Shein
Victim Site: tiktok.com, shein.com
Website Defacement of Zaptax by Claudexxx of Phantom Sec Team
Category: Defacement
Content: On June 4, 2026, a threat actor known as Claudexxx, operating under the Phantom Sec Team, defaced the Indian taxation services website zaptax.in. The defacement targeted a specific page (Cl4udexxx.html) rather than the homepage, indicating a targeted page-level intrusion. The incident was recorded and mirrored by zone-xsec.com with mirror ID 931095.
Date: 2026-06-04T06:44:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931095
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx, Phantom Sec Team
Victim Country: India
Victim Industry: Financial Services / Taxation
Victim Organization: Zaptax
Victim Site: zaptax.in
Alert: Spam or Off-Topic Market Research Post on Cracking Forum
Category: Malware
Content: A forum post on a cracking forum contains what appears to be a spam or off-topic market research report on the global infusion pumps industry, with no threat-relevant content. The post does not contain any stolen data, credentials, malware, or cybercriminal activity. It is likely unsolicited commercial content or spam.
Date: 2026-06-04T06:10:06Z
Network: openweb
Published URL: https://crackingx.com/threads/77938/
Screenshots:
2 screenshot(s) available
Threat Actors: reena761
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of Indian website by StarsX Neura-Sec Team
Category: Defacement
Content: Claim of website defacement targeting hcsm.co.in. The post attributes the defacement to StarsX Neura-Sec Team and includes a defaced URL. Contact information provided via Telegram channels for the threat actor group.
Date: 2026-06-04T06:09:17Z
Network: telegram
Published URL: https://t.me/NeuraSCTA/37
Screenshots:
2 screenshot(s) available
Threat Actors: StarsX Neura-Sec Team
Victim Country: India
Victim Industry: Unknown
Victim Organization: hcsm.co.in
Victim Site: hcsm.co.in
Sale of stolen payment cards via NOREF.CASH
Category: Carding
Content: A threat actor operating under the alias NOREFCC is advertising a carding service at NOREF.CASH, claiming to offer high-validity stolen payment cards with regularly updated inventory. The post markets the service based on freshness, reliability, and competitive pricing. No specific victim organization or card volume is disclosed.
Date: 2026-06-04T06:08:25Z
Network: openweb
Published URL: https://crackingx.com/threads/77940/
Screenshots:
2 screenshot(s) available
Threat Actors: NOREFCC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: noref.cash
Alleged data breach of Yellow Pages Philippines
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from yellow-pages.ph, containing approximately 582,000 records across three sections: Contacts, Distribution Lists, and Order History. The dataset includes personally identifiable information such as email addresses, phone numbers, mailing addresses, job titles, social media profiles, and company details. The seller is offering the data for $1,200 via Telegram.
Date: 2026-06-04T06:06:50Z
Network: openweb
Published URL: https://breached.su/threads/582k-philippines-https-www-yellow-pages-ph-verified-business-contacts-and-professional-details-dataset.87928/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Philippines
Victim Industry: Business Directory Services
Victim Organization: Yellow Pages Philippines
Victim Site: yellow-pages.ph
Alleged data breach of undisclosed Portuguese organization with 427K records
Category: Data Breach
Content: A threat actor is selling a dataset allegedly originating from a Portuguese organization, priced at $1,200. The dataset contains approximately 427,000 records across three sections: Contacts (including full names, email addresses, phone numbers, and tax IDs), Orders (including payment method, delivery details, and order status), and Delivery Addresses (including geolocation coordinates and shipping details). The data appears to include personally identifiable and financial transaction informatio…
Date: 2026-06-04T06:06:17Z
Network: openweb
Published URL: https://breached.su/threads/427k-portugal-https-data-export-560956-portugal-contact-and-user-details-including-emails-and-phone-numbers.87929/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Portugal
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: data-export-560956.portugal
Alleged data breach of undisclosed Portuguese organization exposing customer PII and security profiles
Category: Data Breach
Content: A threat actor is offering a dataset purportedly sourced from a Portuguese organization containing approximately 278,000 records. The dataset spans three sections: Contacts (full names, emails, phone numbers, tax IDs, postal codes, consent data), Order Histories (order details, payment methods, shipping info), and Customer Security Profiles (hashed passwords, MFA status, login IPs, security question hashes, session data). The data is being sold on a cybercrime forum and is described as fresh and…
Date: 2026-06-04T06:05:44Z
Network: openweb
Published URL: https://breached.su/threads/278k-portugal-https-data-export-580208-portugal-full-names-emails-phones-postal-codes-user-records.87930/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Portugal
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: data-export-580208.portugal
Alleged data breach of web3.pt exposing user profiles, order history, and support tickets
Category: Data Breach
Content: A threat actor is selling an alleged dataset from web3.pt, a Portuguese organization, containing approximately 439,000 records across three sections: customer contacts with personal and company details, order history, and support tickets. The data reportedly includes names, tax IDs, email addresses, phone numbers, physical addresses, and order/payment information. The seller is asking $1,100 and accepting forum escrow.
Date: 2026-06-04T06:05:11Z
Network: openweb
Published URL: https://breached.su/threads/439k-portugal-https-www-web3-pt-user-profiles-with-contact-and-location-data.87931/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Portugal
Victim Industry: Technology
Victim Organization: web3.pt
Victim Site: web3.pt
Alleged data breach of kupivip.ru with user profiles and purchase history
Category: Data Breach
Content: A threat actor is selling an alleged dataset from Russian e-commerce platform kupivip.ru, comprising approximately 430,000 records. The dataset is structured across three sections: Contact (personal and contact details including email, phone, birthdate, and IP), Order History (purchase and cart data including payment method and fraud score), and Address Book (physical addresses with geolocation). The seller is offering the dataset for $1,300.
Date: 2026-06-04T06:04:38Z
Network: openweb
Published URL: https://breached.su/threads/430k-russia-www-kupivip-ru-user-profiles-with-contact-info-and-purchase-history-data.87932/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Russia
Victim Industry: Retail
Victim Organization: KupiVIP
Victim Site: kupivip.ru
Alleged data breach of mamadeti.ru — Russian retail customer dataset offered for sale
Category: Data Breach
Content: A threat actor is selling an alleged dataset from Russian retail website mamadeti.ru, priced at $900. The dataset reportedly contains approximately 437,000 records spanning three sections: customer contacts (including full names, emails, phone numbers, addresses, and social security numbers), order history, and customer support tickets. The seller accepts forum escrow and can be reached via Telegram.
Date: 2026-06-04T06:04:04Z
Network: openweb
Published URL: https://breached.su/threads/437k-russia-https-mamadeti-ru-retail-customer-contacts-with-emails-phones-and-timestamps.87933/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Russia
Victim Industry: Retail
Victim Organization: Mamadeti
Victim Site: mamadeti.ru
Alleged data breach of auto-hifi.ru exposing 584K Russian automotive customer records
Category: Data Breach
Content: A threat actor is selling an alleged dataset from Russian automotive electronics retailer auto-hifi.ru, claimed to contain 584,000 records across three sections: Contacts, Service Orders, and Customer Support Tickets. The data reportedly includes full names, phone numbers, mailing addresses, email addresses, payment details, and service order information. The seller is asking $1,300 and directing buyers to contact via Telegram.
Date: 2026-06-04T06:03:31Z
Network: openweb
Published URL: https://breached.su/threads/584k-russia-https-www-auto-hifi-ru-automotive-owner-contacts-with-phone-and-address-details.87934/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Russia
Victim Industry: Retail
Victim Organization: auto-hifi.ru
Victim Site: auto-hifi.ru
Mass Website Defacement of evelyse.fr by Maw3six
Category: Defacement
Content: On June 4, 2026, threat actor Maw3six conducted a mass defacement campaign targeting www.evelyse.fr, a French website. The defacement was confirmed as part of a mass defacement operation, with a mirror of the defaced content archived at haxor.id. No specific motive or team affiliation was identified for this incident.
Date: 2026-06-04T05:54:00Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249793
Screenshots:
1 screenshot(s) available
Threat Actors: Maw3six
Victim Country: France
Victim Industry: Unknown
Victim Organization: Evelyse
Victim Site: www.evelyse.fr
Mass Defacement of canonistes.org by Maw3six
Category: Defacement
Content: On June 4, 2026, threat actor Maw3six conducted a mass defacement campaign targeting canonistes.org, a website likely associated with canonical or religious studies. The defacement was confirmed via a mirror archived at haxor.id and represents part of a broader mass defacement operation rather than an isolated single-site attack. No specific motivation or server details were disclosed in connection with this incident.
Date: 2026-06-04T05:53:02Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249796
Screenshots:
1 screenshot(s) available
Threat Actors: Maw3six
Victim Country: Unknown
Victim Industry: Religious or Canonical Studies
Victim Organization: Canonistes
Victim Site: canonistes.org
Mass Defacement of energetic.fr by Maw3six
Category: Defacement
Content: On June 4, 2026, threat actor Maw3six conducted a mass defacement campaign targeting energetic.fr, a French website. The defacement was part of a broader mass defacement operation, with the altered content hosted at a text file path on the domain. The incident was archived and mirrored via haxor.id.
Date: 2026-06-04T05:52:11Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249795
Screenshots:
1 screenshot(s) available
Threat Actors: Maw3six
Victim Country: France
Victim Industry: Unknown
Victim Organization: Energetic
Victim Site: energetic.fr
Mass Defacement of al-amiable.org by Threat Actor Maw3six
Category: Defacement
Content: Threat actor Maw3six conducted a mass defacement attack targeting al-amiable.org, with the defacement file hosted at the path /maw.txt. The incident was recorded on June 4, 2026, and is classified as a mass defacement campaign, indicating multiple sites were likely targeted simultaneously. No specific motivation or team affiliation was identified for this attack.
Date: 2026-06-04T05:50:55Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249797
Screenshots:
1 screenshot(s) available
Threat Actors: Maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Al-Amiable
Victim Site: al-amiable.org
Mass Defacement of estellei.eu by Threat Actor Maw3six
Category: Defacement
Content: Threat actor Maw3six conducted a mass defacement attack targeting estellei.eu, a .eu-registered domain, on June 4, 2026. The defacement was confirmed as part of a mass defacement campaign, with the malicious content hosted at the path /maw.txt. A mirror of the defacement was archived at haxor.id, indicating the incident has been catalogued by the defacement tracking community.
Date: 2026-06-04T05:49:25Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249794
Screenshots:
1 screenshot(s) available
Threat Actors: Maw3six
Victim Country: European Union
Victim Industry: Unknown
Victim Organization: Estellei
Victim Site: estellei.eu
Alleged data breach of Universidad del Valle de México (UVM)
Category: Data Breach
Content: A threat actor is offering for sale an alleged dataset from uvm.mx, a Mexican university, containing approximately 732,000 records. The dataset includes contact records with personally identifiable information (names, emails, phone numbers, passwords, consent details, and mailing addresses), peer review assignments, and linked organizational account data. The data is structured across three interconnected sections and is marketed as fresh and organized.
Date: 2026-06-04T05:43:26Z
Network: openweb
Published URL: https://breached.su/threads/732k-mexico-https-www-uvm-mx-university-student-records-with-emails-contacts-and-consent-details.87921/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Universidad del Valle de México
Victim Site: uvm.mx
Alleged data breach of Sanborns Mexico with customer records and purchase history
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from sanborns.com.mx, a Mexican retail chain, containing approximately 712,000 records. The dataset is structured across three sections: customer contacts (including full name, phone, email, birth date, and loyalty program ID), customer support cases, and marketing leads. The seller has provided sample download links and markets the data for research and analysis purposes.
Date: 2026-06-04T05:42:53Z
Network: openweb
Published URL: https://breached.su/threads/712k-mexico-www-sanborns-com-mx-customer-records-with-contact-details-and-purchase-history.87922/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Mexico
Victim Industry: Retail
Victim Organization: Sanborns
Victim Site: sanborns.com.mx
Alleged data breach of BiomedOnline Netherlands — medical contacts database with 421K records
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from biomedonline.nl, a Netherlands-based medical platform. The dataset reportedly contains 421,000 records spanning three sections: Contacts (including names, emails, phone numbers, job titles, and consent flags), Medical Orders (including billing details, payment methods, and shipping addresses), and Support Tickets (including issue categories, resolution data, and satisfaction scores). Sample files were shared via Gofile links as proo…
Date: 2026-06-04T05:42:19Z
Network: openweb
Published URL: https://breached.su/threads/421k-netherlands-https-biomedonline-nl-medical-contacts-database-with-emails-phone-numbers-and-job-titles.87923/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Netherlands
Victim Industry: Healthcare
Victim Organization: BiomedOnline
Victim Site: biomedonline.nl
Alleged data breach of bbizzshop.nl exposing customer contacts, orders, and IP logs
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from bbizzshop.nl, a Netherlands-based online retailer. The dataset reportedly contains approximately 482,000 records spanning three tables: customer contacts (including names, emails, phone numbers, IP addresses, and marketing attributes), order transaction details (including billing/shipping addresses, payment types, and invoice data), and Webwinkelkeur review invite logs. The data is described as fresh and structured across interconne…
Date: 2026-06-04T05:41:46Z
Network: openweb
Published URL: https://breached.su/threads/482k-netherlands-https-www-bbizzshop-nl-customer-contacts-with-emails-phones-purchase-dates-and-ip-logs.87924/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Netherlands
Victim Industry: Retail
Victim Organization: BBizz Shop
Victim Site: bbizzshop.nl
Alleged data breach of hotels.nl with 452K Netherlands user records
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from hotels.nl, a Netherlands-based hotel booking platform. The dataset contains approximately 452,000 records organized across three sections: customer contact details (including emails, phone numbers, date of birth, gender, and marketing preferences), hotel property master data, and booking history (including payment method, booking status, and travel preferences). The data is being sold on the Breached forum.
Date: 2026-06-04T05:41:13Z
Network: openweb
Published URL: https://breached.su/threads/452k-netherlands-https-www-hotels-nl-active-user-contact-data-with-emails-phones-and-travel-preferences.87925/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Netherlands
Victim Industry: Hospitality
Victim Organization: hotels.nl
Victim Site: hotels.nl
Alleged data breach of Trade Me (trademe.co.nz) exposing 438K user records
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from trademe.co.nz, New Zealands largest online marketplace, for $900. The dataset reportedly contains approximately 438,000 records spanning three structured sections: Contact (names, emails, phone numbers, addresses, timestamps), Orderhistory (payment details, transaction records, billing/shipping addresses), and Businessaccount (business names, industry, revenue, account details). Sample files were shared via external hosting links.
Date: 2026-06-04T05:40:41Z
Network: openweb
Published URL: https://breached.su/threads/438k-new-zealand-https-www-trademe-co-nz-user-contacts-with-emails-phone-numbers-locations-timestamps.87926/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: New Zealand
Victim Industry: Retail
Victim Organization: Trade Me
Victim Site: trademe.co.nz
Alleged data breach of Pakistan Competition Commission (cc.gov.pk)
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from cc.gov.pk, the Competition Commission of Pakistan, containing approximately 462,000 records. The dataset spans three structured tables covering member contacts (including encrypted passwords, emails, phone numbers, and organizational roles), member interests and specializations, and office address details. Sample download links were provided alongside the post.
Date: 2026-06-04T05:40:05Z
Network: openweb
Published URL: https://breached.su/threads/462k-pakistan-https-cc-gov-pk-consumer-rights-data-including-contacts-emails-and-organizational-roles.87927/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Pakistan
Victim Industry: Government
Victim Organization: Competition Commission of Pakistan
Victim Site: cc.gov.pk
Alleged massive data breach compilation of 50+ organizations with session tokens
Category: Data Breach
Content: Threat actor claiming access to breached data from 50+ major organizations including Microsoft, AT&T, Rockstar Games, Santander, Ticketmaster, TransUnion, SoundCloud, Pornhub, and others. Post includes session tokens attributed to The Silent Com and Shinycorp operations, with threat actor handles UNC6040 (@node6240) and Shinycorp (@shsupportsh) mentioned. Appears to be advertising access to compromised credentials and session data.
Date: 2026-06-04T05:26:16Z
Network: telegram
Published URL: https://t.me/c/3500620464/9149
Screenshots:
1 screenshot(s) available
Threat Actors: UNC6040
Victim Country: Unknown
Victim Industry: Multiple sectors (technology, finance, retail, entertainment, insurance, food service)
Victim Organization: Multiple (50+ organizations)
Victim Site: Unknown
Alleged data breach of Tiscali Italy — 723K customer records including personal and subscription data
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from Tiscali, an Italian ISP, containing approximately 723,000 records. The data is structured across three sections — Contacts, Subscriptions, and Service Tickets — and includes fields such as full names, dates of birth, tax codes, email addresses, hashed passwords, phone numbers, physical addresses, contract details, and support ticket information. Sample files have been shared via Gofile links.
Date: 2026-06-04T05:20:33Z
Network: openweb
Published URL: https://breached.su/threads/723k-italy-www-tiscali-it-customer-contact-data-including-emails-phones-addresses-dates-of-birth.87914/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Italy
Victim Industry: Telecommunications
Victim Organization: Tiscali
Victim Site: tiscali.it
Alleged data breach of IBS.it with customer, order, and delivery records
Category: Data Breach
Content: A threat actor is offering a dataset allegedly sourced from ibs.it, an Italian online retailer, containing approximately 458,000 records across three sections: Customers, Orders, and Delivery Logs. The customer section includes personal and company contact details, fiscal codes, VAT numbers, purchase history, and marketing preferences. Order and delivery sections contain transaction details, shipment tracking, and delivery address information.
Date: 2026-06-04T05:19:59Z
Network: openweb
Published URL: https://breached.su/threads/458k-italy-https-www-ibs-it-customer-records-with-contact-company-and-purchase-history-details.87915/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Italy
Victim Industry: Retail
Victim Organization: IBS
Victim Site: ibs.it
Alleged data breach of OBIC Co., Ltd. with corporate contact and employment records
Category: Data Breach
Content: A threat actor is selling an alleged dataset of 742,000 records originating from OBIC Co., Ltd., a Japanese enterprise software company. The dataset reportedly includes three sections: Contacts (with PII such as full name, birth date, nationality, marital status, and financial details), Sales Orders (with employee salary and tax information), and Employee Benefits (with pension numbers, national identification numbers, health insurance IDs, and full bank account details). The seller is asking $1…
Date: 2026-06-04T05:19:23Z
Network: openweb
Published URL: https://breached.su/threads/742k-japan-https-www-obic-co-jp-corporate-contact-and-employment-records-with-personal-details.87916/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Japan
Victim Industry: Technology
Victim Organization: OBIC Co., Ltd.
Victim Site: obic.co.jp
Alleged data breach of Asahi Culture Center (asahiculture.jp)
Category: Data Breach
Content: A threat actor is offering for sale a dataset allegedly originating from asahiculture.jp, a Japanese cultural education organization. The dataset reportedly contains approximately 742,000 records spanning contacts, class bookings, and membership subscriptions, including full names, dates of birth, phone numbers, addresses, email addresses, and membership credentials. The seller is asking $1,400 and accepts forum escrow for the transaction.
Date: 2026-06-04T05:18:46Z
Network: openweb
Published URL: https://breached.su/threads/742k-japan-https-www-asahiculture-jp-personal-contact-and-address-records-from-cultural-course-participants.87917/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Japan
Victim Industry: Education
Victim Organization: Asahi Culture Center
Victim Site: asahiculture.jp
Alleged data breach of BicCamera
Category: Data Breach
Content: A threat actor is selling an alleged dataset from BicCamera, a Japanese electronics retailer, comprising approximately 317,000 customer records. The dataset reportedly includes customer contact details (names, emails, phone numbers, addresses, encrypted passwords, date of birth), order history, and customer support tickets organized across three structured sections. The seller is asking $1,100 and accepts forum escrow for the transaction.
Date: 2026-06-04T05:18:13Z
Network: openweb
Published URL: https://breached.su/threads/317k-japan-https-www-biccamera-com-customer-profiles-with-emails-names-addresses-purchase-history.87918/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Japan
Victim Industry: Retail
Victim Organization: BicCamera
Victim Site: biccamera.com
Alleged data breach of Latvian medical portal doktori.lv with patient records for sale
Category: Data Breach
Content: A threat actor is selling an alleged dataset of 195,000 records originating from doktori.lv, a Latvian medical portal. The dataset is claimed to include patient contact details, professional qualifications, and appointment history, with fields such as name, email, phone, birthdate, billing codes, and license numbers. The seller is asking $1,100 and accepts forum escrow.
Date: 2026-06-04T05:17:38Z
Network: openweb
Published URL: https://breached.su/threads/195k-latvia-patient-contacts-https-www-doktori-lv-active-medical-records-including-emails-and-phone-numbers.87919/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Latvia
Victim Industry: Healthcare
Victim Organization: Doktori.lv
Victim Site: doktori.lv
Alleged data breach of First Class Cre8tivity (firstclasscre8tivity.co.ls)
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from firstclasscre8tivity.co.ls, a creative services organization in Lesotho. The dataset reportedly contains approximately 145,000 records across three tables — Contacts, Booking History, and Customer Support Tickets — including full names, email addresses, phone numbers, mailing addresses, hashed passwords, and support ticket details. The data is offered for sale at $1,200 via Telegram contact.
Date: 2026-06-04T05:17:04Z
Network: openweb
Published URL: https://breached.su/threads/145k-lesotho-https-firstclasscre8tivity-co-ls-contact-records-with-emails-phones-personal-details.87920/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Lesotho
Victim Industry: Creative Services
Victim Organization: First Class Cre8tivity
Victim Site: firstclasscre8tivity.co.ls
Alleged data breach of kariera.gr exposing candidate and job records
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from kariera.gr, a Greek job platform, containing approximately 184,000 records across three sections: Contacts, Job Applications, and Job Postings. The Contacts section includes personally identifiable information such as full names, email addresses, phone numbers, physical addresses, LinkedIn profiles, and job titles. The dataset is priced at $1,100 and offered via Telegram or forum escrow.
Date: 2026-06-04T04:57:10Z
Network: openweb
Published URL: https://breached.su/threads/184k-greece-kariera-gr-active-candidate-and-it-job-records-database-184k-greece-kariera-gr-active-candidate-and-it-job-records-database.87905/unread
Screenshots:
2 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Greece
Victim Industry: Recruitment
Victim Organization: kariera.gr
Victim Site: kariera.gr
Alleged data breach of HKBN (Hong Kong Broadband Network)
Category: Data Breach
Content: A threat actor is selling an alleged dataset from HKBN (hkbn.net) containing approximately 563,000 records across three categories: customer contacts, orders, and support tickets. The data reportedly includes full names, email addresses, phone numbers, mailing addresses, birthdates, and other personal and account details. The seller is asking $900 and accepts forum escrow for the transaction.
Date: 2026-06-04T04:56:37Z
Network: openweb
Published URL: https://breached.su/threads/563k-hong-kong-www-hkbn-net-customer-contact-and-account-records-with-emails-and-timestamps.87906/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Hong Kong
Victim Industry: Telecommunications
Victim Organization: Hong Kong Broadband Network
Victim Site: hkbn.net
Alleged data breach of eMAG Hungary (emag.hu) exposing 417K user records
Category: Data Breach
Content: A threat actor is selling an alleged dataset from emag.hu, a Hungarian e-commerce platform, for $1,200. The dataset reportedly contains 417,000 records spanning three sections: Contacts (user PII including emails, phone numbers, registration dates, and marketing preferences), Order History (purchase records, payment methods, shipping/billing addresses, and tracking data), and Content Contributors (admin/developer accounts with permission flags, login attempts, and security clearance levels). Sam…
Date: 2026-06-04T04:56:03Z
Network: openweb
Published URL: https://breached.su/threads/417k-hungary-https-www-emag-hu-user-accounts-with-emails-registration-dates-and-activity-status-data.87907/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Hungary
Victim Industry: Retail
Victim Organization: eMAG
Victim Site: emag.hu
Alleged data breach of tarr.hu with 526K records including contacts, support tickets, and order history
Category: Data Breach
Content: A threat actor is offering for sale a dataset allegedly originating from tarr.hu, a Hungarian organization, priced at $900. The dataset reportedly contains approximately 526,000 records across three sections: Contacts (personal and professional details), Support Tickets (case handling records), and Order History (transaction and billing data). The seller is accepting contact via Telegram and offers forum escrow for the transaction.
Date: 2026-06-04T04:55:30Z
Network: openweb
Published URL: https://breached.su/threads/526k-hungary-www-tarr-hu-active-email-addresses-and-phone-contacts-database.87908/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Hungary
Victim Industry: Unknown
Victim Organization: Tarr
Victim Site: tarr.hu
Alleged data breach of Jogaszvilag (Hungarian legal professionals platform)
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from jogaszvilag.hu, a Hungarian legal professionals platform, containing approximately 743,000 records. The dataset is structured across three sections: contact details (including personal identifiers, phone numbers, and addresses), legal case records (including plaintiff names, case descriptions, and court details), and newsletter subscriber information. Sample data links were provided via Gofile to substantiate the claim.
Date: 2026-06-04T04:54:56Z
Network: openweb
Published URL: https://breached.su/threads/743k-hungary-https-www-jogaszvilag-hu-legal-professionals-contact-and-subscription-data.87909/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Hungary
Victim Industry: Legal
Victim Organization: Jogaszvilag
Victim Site: jogaszvilag.hu
Alleged data breach of SANDEE/ICIMOD with personal contacts and research records
Category: Data Breach
Content: A threat actor is offering a dataset allegedly sourced from sandee.icimod.org, containing approximately 742,000 records across three structured sections: contacts (including personal identifiers, phone numbers, email addresses, and mailing addresses), research profiles (academic background, publications, and funding sources), and project applications (research proposals, budgets, and reviewer decisions). The data appears to pertain to researchers and individuals engaged with SANDEE, a regional e…
Date: 2026-06-04T04:54:23Z
Network: openweb
Published URL: https://breached.su/threads/742k-india-https-sandee-icimod-org-detailed-personal-contacts-and-communication-records-dataset.87910/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: India
Victim Industry: Research
Victim Organization: SANDEE (South Asian Network for Development and Environmental Economics) / ICIMOD
Victim Site: sandee.icimod.org
Alleged data breach of Rajasthan Rajya Madhyamik Shiksha Abhiyan (rajrmsa.nic.in)
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from rajrmsa.nic.in, an Indian government education portal, containing approximately 768,000 records. The data includes student contact details, enrollment records, and guardian PII such as names, dates of birth, phone numbers, email addresses, password hashes, and financial information across three structured sections. Sample download links were shared publicly on the forum.
Date: 2026-06-04T04:53:49Z
Network: openweb
Published URL: https://breached.su/threads/768k-india-https-rajrmsa-nic-in-personal-and-contact-records-including-education-and-communication-preferences.87911/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: India
Victim Industry: Education
Victim Organization: Rajasthan Rajya Madhyamik Shiksha Abhiyan
Victim Site: rajrmsa.nic.in
Alleged data breach of EduNext Technologies exposing student personal and education records
Category: Data Breach
Content: A threat actor is selling a dataset allegedly sourced from EduNext Technologies, an Indian education technology platform, containing approximately 682,000 records. The data spans three structured sections: student contact details (including PII such as date of birth, phone, address, parent names, and email), student enrollment records (including academic, financial, and disciplinary data), and inquiry management records (including lead scoring and marketing data). The dataset is offered via exte…
Date: 2026-06-04T04:53:16Z
Network: openweb
Published URL: https://breached.su/threads/682k-india-https-www-edunexttechnologies-com-student-contacts-personal-info-education-records-emails.87912/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: India
Victim Industry: Education
Victim Organization: EduNext Technologies
Victim Site: edunexttechnologies.com
Alleged data breach of LocalPlace.jp
Category: Data Leak
Content: A threat actor known as Satanic allegedly breached LocalPlace.jp in May 2024, resulting in a database of approximately 840,000 records. The dataset reportedly includes client IDs, company names, full company information, phone numbers, full names, email addresses, and billing information. The data has been made available as a free download on the forum.
Date: 2026-06-04T04:52:47Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-LocalPlace-jp%C2%A0-leak-Repost
Screenshots:
1 screenshot(s) available
Threat Actors: Tanaka
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: LocalPlace
Victim Site: localplace.jp
Alleged data breach of Tiscali (Italy) — personal contacts database
Category: Data Breach
Content: A threat actor is offering for sale an alleged database originating from Tiscali, an Italian internet and media services provider, containing approximately 627,000 records. The dataset is structured across three sections — Contact, Service Contract, and Communication Preferences — and includes personally identifiable information such as names, birthdates, tax codes, email addresses, phone numbers, physical addresses, hashed passwords, Wi-Fi credentials, device identifiers, and marketing consent
Date: 2026-06-04T04:52:40Z
Network: openweb
Published URL: https://breached.su/threads/627k-italy-https-www-tiscali-it-personal-contacts-database-including-emails-phones-and-addresses.87913/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Italy
Victim Industry: Telecommunications
Victim Organization: Tiscali
Victim Site: tiscali.it
Sale of stolen credit cards with OTP bypass capability
Category: Carding
Content: A threat actor is offering stolen credit cards advertised as capable of bypassing OTP verification. The cards are marketed as having high balances and being linkable to payment platforms such as CashApp, PayPal, and Apple Pay. The seller claims a refund or replacement policy and provides Telegram and email contacts for orders.
Date: 2026-06-04T04:32:48Z
Network: openweb
Published URL: https://crackingx.com/threads/77930/
Screenshots:
1 screenshot(s) available
Threat Actors: Aaron Abrams
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of edb.cz — Czech business contacts and credential database
Category: Data Breach
Content: A threat actor is selling an alleged database dump from edb.cz, a Czech business contact platform, for $1,200. The dataset reportedly contains approximately 312,000 records spanning three tables: contact details (names, emails, phone numbers, addresses, LinkedIn/Twitter profiles), inquiry submissions, and user authentication records including hashed passwords. The seller is offering transaction via forum escrow or trusted middlemen.
Date: 2026-06-04T04:26:08Z
Network: openweb
Published URL: https://breached.su/threads/312k-czech-republic-https-www-edb-cz-business-contacts-and-professional-email-database.87891/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Czech Republic
Victim Industry: Unknown
Victim Organization: edb.cz
Victim Site: edb.cz
Alleged data breach of libimseti.cz exposing user contact, medical, and booking records
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from libimseti.cz, a Czech web platform, for $1,300. The dataset purportedly contains 438,000 records spanning three sections: contact details (emails, phone numbers, demographics), patient medical records (diagnoses, treatment plans, insurance, medications), and booking history (appointments, payment status, feedback). The inclusion of detailed medical and personal identity fields elevates the sensitivity and potential impact of this alle…
Date: 2026-06-04T04:25:35Z
Network: openweb
Published URL: https://breached.su/threads/438k-czech-republic-https-www-libimseti-cz-web-user-contact-data-including-emails-phone-numbers-and-demographics.87892/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Czech Republic
Victim Industry: Healthcare
Victim Organization: libimseti.cz
Victim Site: libimseti.cz
Alleged data breach of Egypt Knowledge Bank (ekb.eg) exposing 467K records
Category: Data Breach
Content: A threat actor is selling an alleged dataset from ekb.eg, Egypts national knowledge platform, comprising approximately 467,000 records across three sections: Contacts (personal and government ID details), Student Enrollments (academic records), and Authentication Records (identity verification logs including fraud flags and risk scores). The dataset is offered for $900 via Telegram and includes sensitive fields such as government ID numbers, biometric verification data, and device information.
Date: 2026-06-04T04:25:01Z
Network: openweb
Published URL: https://breached.su/threads/467k-egypt-https-ekb-eg-comprehensive-personal-and-contact-info-dataset.87893/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Egypt
Victim Industry: Education
Victim Organization: Egypt Knowledge Bank
Victim Site: ekb.eg