[June-06-2026] Daily Cybersecurity Threat Report

Executive Summary

This report provides an exhaustive analysis of 261 cyber incidents detected across June 5 and June 6, 2026. The intelligence gathered spans multiple threat categories, including massive mega-breaches, targeted government data leaks, sophisticated initial access brokering, widespread website defacements, and a thriving underground economy for stolen financial and identity data. The data indicates a highly active cybercriminal ecosystem leveraging both open web and dark web forums to extort, sell, and freely distribute compromised assets.

1. Mega-Breaches and High-Profile Extortion Campaigns

The reporting period was dominated by colossal data breaches orchestrated by high-profile threat actor groups, utilizing extortion tactics and exposing hundreds of millions of records.

The ShinyHunters and The Silent Com Operations

The threat actor group ShinyHunters, operating independently and in tandem with “The Silent Com,” orchestrated several of the most severe incidents during this period.

AT&T Data Breach: ShinyHunters offered a dataset of approximately 200 million verified AT&T user records for $1.7M USD, allegedly obtained from a new breach. The dataset includes extensive Personally Identifiable Information (PII) such as full names, Social Security Numbers (SSNs), dates of birth, addresses, and highly sensitive financial data including credit/debit card numbers, CVVs, and bank account details. The actor issued an extortion threat to publish the data if AT&T refused to pay. In a separate but related incident, an actor named MDGhost666 claimed to leak 1.2 billion AT&T records, including phone numbers, billing accounts, and installment plan data.
Ticketmaster Breach: ShinyHunters and The Silent Com claimed to have stolen approximately 700 million records from Ticketmaster. The actors publicly offered to negotiate, representing a classic ransom demand before threatening to release the data on breach forums. The Silent Com also published official contact information via the Session encrypted messaging app and Telegram for breach negotiations.
Vercel Supply Chain Threat: ShinyHunters advertised verified access to the cloud platform Vercel for $100,000 USD, claiming possession of access keys, NPM tokens, GitHub tokens, source code, database dumps, and employee accounts with internal deployment access. The actor explicitly highlighted the potential for a massive supply chain attack via Next.js package updates, which could affect millions of developers.
Multi-Organization Mega-Breach: ShinyHunters claimed to offer access to data from over 60 major organizations, including Microsoft, Rockstar Games, Pornhub, SoundCloud, Santander, Qantas, and TransUnion.
Woflow & Aman Hotels: ShinyHunters also took responsibility for a 2TB data leak from the AI-driven merchant platform Woflow, exposing 447,600 accounts. Furthermore, the group published over 215,000 records from the ultra-luxury Aman Hotels, extracted via their Salesforce CRM, including VIP status codes and passport details.
Vimeo / Anodot: The group published data from Anodot, a third-party analytics vendor for Vimeo, exposing 119,200 unique email addresses and CRM metadata.

Unverified Billion-Record Datasets

An actor known as KrolikHacking attempted to sell a massive collection of leaked databases reportedly containing over 435 billion records for 10 Monero (XMR). The dataset allegedly includes SSNs, passport numbers, bank accounts, and geolocation data.

2. Government, Military, and National Security Breaches

Threat actors aggressively targeted government portals, ministries, and state-sponsored infrastructure, compromising citizen data on a national scale.

Latin America

Peru (RENIEC): A threat actor named LauraAllen leaked a 10GB database belonging to Peru’s national civil registry (RENIEC), containing personal records of approximately 31 million citizens. The data, distributed freely via Mega.nz, includes names, document numbers, marital status, and parental information.
Mexico: The Mexican government faced multiple breaches. The SoulHemTeam alias distributed a database dump from the government institute IMIPAS (gob.mx), exposing fiscal receipts, employee tax IDs (RFCs), budget items, and user credentials. Another actor sold Mexican passport application records sourced from BLS International visa processing systems, including passport scans and financial documents. Furthermore, data from the State of Coahuila containing 2 million citizen records (including national IDs) was leaked , alongside 95,178 records from the Comision Nacional de Seguros y Fianzas (CNSF) , and family development records from DIF Colima.

Asia-Pacific and Middle East

Indonesia: A massive amount of Indonesian citizen data was compromised. A threat actor shared 5.5 million patient records from BPJS Kesehatan (National Health Insurance), including national identity numbers and medical details. The Sulawesi Hacktivist Indonesia group leaked identity numbers and family card details of Indonesian citizens. Additionally, breaches hit the Tangerang Selatan City Government , the Pemdesbutuh village portal , 2.6 million resident records from Bulelang village , and wealth disclosure reports (LHKPN) for Jakarta Regional House of Representatives members.
Egypt: The “Digital Egypt” government service was allegedly breached, resulting in the exposure of 13.1 million citizen records containing national IDs, military status, religion, and physical addresses.
Iraq: A database from the Iraqi National Intelligence Service was offered, allegedly containing personal information, work details, and ration card numbers of Baghdad residents.
Lebanon (Hezbollah): A highly sensitive database purportedly containing personal records, governorate details, and occupations of 67,000 Hezbollah fighters was offered for sale for $3,000.
Palestine (UN WFP): The UN World Food Programme confirmed a cyberattack exposing personal information, including location data, of approximately 600,000 households in Gaza.

Military and Classified Document Leaks

A threat actor operating as “mosad” claimed to sell 2026 People’s Liberation Army (PLA) military test reports from China.
The same actor offered documents allegedly classified as NATO COSMIC TOP SECRET and documents classified as SECRET//NOFORN from an unnamed US government agency.

Global Government Targets

France: An actor named KnoxTeam freely distributed an aggregated collection of databases from French government entities, including CAF, France Travail, and ANTS.
Madagascar: The official website of Madagascar’s Ministry of Communication was defaced by the S4uD1Pwnz team.
Japan: The Japan Foundation (jpf.go.jp) suffered a leak of 746,000 records containing contact details and event registrations.
Malaysia: The My Kospra government cooperative member database was leaked, exposing data of senior Malaysian Anti-Corruption Commission officials.
Morocco: The Moroccan Ministry of Education’s internal examination platform was allegedly breached, resulting in the leak of the 2026 Mathematics Baccalaureate examination structural analysis.

3. Telecommunications and Infrastructure

Telecommunications providers remain high-value targets for threat actors seeking subscriber data, SMS routing capabilities, and infrastructure access.

Europe: A threat actor offered 437,000 customer records from KPN, a major Dutch provider, including subscription details and physical addresses for $1,400. In Belgium, 479,000 records from Proximus were sold, detailing customer contact and service orders. In Spain, an extortion-driven actor leaked 300,000 customer records from the energy company Iberdrola after contact attempts were ignored, threatening further escalation against Endesa.
Middle East & Africa: The Moroccan telecom provider Maroc Telecom (IAM) suffered an initial access breach, with actors selling remote and VPN access alongside compromised corporate webmail endpoints. In Iraq, databases from both Asiacell Telecommunications and Zain Iraq were offered for sale. Copaco, Paraguay’s state telecom provider, had 412,000 records exposed.
Ukraine: AlphaSMS, a bulk messaging platform, was completely compromised, resulting in the exfiltration of its full 50.3 GB infrastructure database affecting all customers.

4. Financial Services, Cryptocurrency, and Corporate Data

Financial institutions, cryptocurrency exchanges, and fintech platforms faced severe threats from both direct breaches and specialized initial access brokers.

Cryptocurrency Platforms

Kraken Exchange: A threat actor claimed direct backend access to Kraken, selling 1.45 million records extracted in June 2026. The data reportedly includes full KYC details, wallet addresses, estimated balances, and 2FA methods, priced up to $11,500.
Trezor Hardware Wallet: Customer data, including names and phone numbers, allegedly belonging to Trezor hardware wallet users was distributed via a Mega.nz link.
Chinese Crypto Traders: Approximately 1 million records of Chinese crypto traders sourced from Huobi, OKEx, ZB, and Bitget were sold, including account balances and verification statuses.
DeFi Infrastructure: Live web access to a server hosting a blockchain/DeFi graph database containing 7.7 million nodes across networks like ETH, Solana, and Avalanche was listed for $15,000.
Mass Crypto Databases: A vast collection of databases from over 80 crypto platforms, including Coinbase (11.74M records) and CoinMarketCap (3.12M), was offered for trade or sale.
Insider Recruitment: A threat actor aggressively recruited corporate insiders at Brazilian cryptocurrency and fintech companies, offering Monero payments in exchange for active VPN, API, or server access.

Traditional Banking and Finance

India (CVL KRA): A staggering 153 million Indian investor KYC records were allegedly stolen from CDSL Ventures Limited. The dataset includes Aadhaar numbers and scanned document images. The actor demanded $100,000 to wipe the data.
Brazil (Banco Original): A database of 473,000 Brazilian customer records, including CPF, credit scores, and income ranges, was sold on a breach forum.
United States (Nasdaq): An alleged database associated with Nasdaq containing 21,806 records, including masked dates of birth, credit scores, and market experience details, was offered for sale.
Banking Access: Threat actors operating as OGTNBULK sold full account access (FA) to major US financial institutions including Bank of America, Capital One, Wells Fargo, and Chase.

5. Retail, E-Commerce, Hospitality, and Services

A massive volume of consumer data was traded, stemming from breaches across global retail and service platforms.

Retail and E-Commerce

China: A threat actor distributed 25 million user credentials allegedly from Taobao via a Telegram bot. Another dataset containing 7.5 million Chinese consumer shopping orders, including home addresses and product categories, was offered for sale , alongside 5.4 million records from the marketplace 4KK.CN containing national ID numbers.
Europe: Massive European retail breaches included Maquillalia (Spain, 742K records) , Wehkamp (Netherlands, 482K records) , Mathon (France, 483K records) , and Bazar.bg (Bulgaria, 384K records). The French optical retailer Krys suffered a massive 66.6 GB leak comprising 153,675 medical prescriptions and financial documents , alongside a secondary database of 201,202 individuals.
Australia & Asia: QBD Books in Australia had 427,000 user records compromised.

Real Estate and Property

UAE: The Dubai real estate sector was heavily targeted. Threat actors leaked approximately 1 million investor leads from Dubai sources , an Emaar Properties dataset , 1.4 million contact records from Propertyfinder.ae , and an Abu Dhabi property owners database spanning multiple developments.
Brazil: Zap Imóveis suffered a breach exposing 742,000 user records, including property inquiries and password hashes.

Hospitality, Travel, and Entertainment

Booking.com: An alleged dataset of over 400,000 user profiles was sold for cryptocurrency.
Airlines & Transit: Delta Airlines Portugal had 11,633 records leaked freely on a forum. Mobiland, an Andorran vehicle rental company, saw 137,000 booking records breached.
Entertainment: Data from the Melbourne International Film Festival (340,000 customers) and Philippine entertainment conglomerate Viva Communications Inc. (10GB of internal files) was exposed.

6. Education, Healthcare, and Social Services

Public sector and institutional data remains highly vulnerable, with multiple breaches affecting students and patients globally.

Education Platforms

China: Chaoxin Xuexitong (Superstar Learning) suffered a massive leak of 139.4 million records, including student names and phone numbers from a 2022 breach.
United States: A threat actor compromised Infinite Campus, Inc., exposing Salesforce CRM data related to school districts and contract financials. Instituto de Negocios experienced a 290MB SQL dump of its student portal.
Global Universities & Platforms: Breaches affected the University of Latvia (238K records) , Al-Quds Open University in Palestine , smeducamos.com in Spain (428K records) , skola2030.lv in Latvia (413K records) , IMT Maroc , and the Bogotá Education Secretariat in Colombia (461,084 students).

Healthcare

Russia: SM-Clinic had 528,000 patient records exposed, including appointment bookings and insurance information.
China: The Shaanxi Health Code system suffered a massive breach exposing 14.8 million records, including national ID numbers.

7. Widespread Website Defacement Campaigns

A massive wave of website defacements was executed by highly organized hacktivist and threat actor collectives, primarily targeting Linux-based web servers.

0xteam (Alias: chinafans)

The actor “chinafans,” affiliated with 0xteam, was the most prolific defacer during the reporting period, successfully targeting over 20 global domains. Their operations typically involved targeted, single-site defacements by uploading a file to the /0x.txt path. Victims spanned multiple sectors:

Technology & Digital Services: pgidigitales.com , cloudpulseit.net , smartfact.io , hereyougosolutions.com , dbs.net.pk (Pakistan).
Retail & E-Commerce: buyforce.shop , officeworks.cy (Cyprus) , safetywaysales.com.
Other Sectors: 1stplace.com.br (Brazil) , sharonback.com , marrefi.com.br (Brazil) , bike-auto-reifen-service.de (Germany) , emtageelectric.com , vajrh.in (India) , easy-eaters.com , translationlinker.com , lifereadinessuniversity.com , themagmoment.com , diamondqualitycontractors.com , autoshotmarketing.com , pharma221.sn (Senegal) , clasicarock.com , sfbs.ie (Ireland) , starlightfarmllc.com , valodesign.co.uk , hepaction.org , and themaharajafarms.co.in (India).

LegioN_LeakeR (Alias: EbRaHiM-VaKeR)

This actor conducted a highly focused mass defacement campaign targeting the infrastructure of MTs Maarif NU Cimanggu, an Islamic junior high school in Indonesia. The attacks compromised the main site, the financial portal, the student payment portal, and various subdomains.

NeuraSelf Cyber Team (Alias: StarsX)

StarsX focused heavily on Indian targets, executing single-site homepage and file-level defacements. Victims included the Darwin Motion blog , Shree Krishna Institute , IT Advance Education , Anand Gold , and hcsm.co.in.

Mr.PIMZZZXploit

This actor executed a mass defacement campaign against 17 subdomains of mycompanyportfolio.com, targeting admin panels, APIs, and user-facing apps. They also defaced automobilegmbhspllc.com and photoshop-tutorials.nl.

Phantom Sec Team (Alias: Claudexxx)

Claudexxx targeted retail and trading sites with homepage defacements, striking Oblatio Jewel , AAA Gro Trading , and Ainebtrade.

8. Malware, Phishing, and Initial Access Brokerage

The underground market for offensive cyber capabilities, malware, and compromised access was highly active, providing tools for both novice and advanced cybercriminals.

Initial Access Brokering

Corporate Email Access: The shop OGTNBULK advertised cheap, restocked Comcast email access alongside full account access (FA) for major retailers (Walmart, Amazon, Netflix) and banks.
RAT Panels: A threat actor sold panel login credentials granting full remote access to 60 active infected machines via a Remote Access Trojan (RAT), offering remote desktop control, keylogging, crypto wallet extraction, and pre-configured cryptominers for $200.
Corporate Systems: The DDoSia Project claimed full administrative access to the Business Automation Software for Retail system of Rodynna Kovbaska, a Ukrainian meat company.

Malware Distribution

The forums saw wide distribution of both legacy and modern malware, often framed under the guise of “educational” or “security” tools:

Remote Access Trojans (RATs): Actors distributed BTMOB V4 (an Android RAT) , Predator 1.6 , ProRat v1.9 , SubSeven 2.2 , and DRX-RAT X (supporting Windows, Android, iOS with sandbox evasion).
Information Stealers: The SStealer malware was advertised for silent data extraction. Multiple actors sold cryptocurrency wallet stealers (v1.1) capable of targeting browser activity and disabling antivirus software.
Phishing Infrastructure: A threat actor offered “phishing-as-a-service” panels targeting European banks (Sparkasse, Volksbank, Deutsche Bank, Revolut) for €1,200/month, featuring 1:1 replicas of bank sites and antibot protections. Mass email spam services supporting 100,000+ emails per day for banking fraud were sold starting at €1,750. The FUDSender Pro desktop email tool was also marketed for bypassing spam filters via PDF/ZIP obfuscation.

9. Carding, Fraud, and the Identity Theft Ecosystem

A robust economy for stolen financial instruments, forged physical documents, and carding methodologies thrived across specialized dark web and clear web forums.

Identity Document Forgery (Fullz)

Counterfeit Physical IDs: Actors like “cocosasha” offered high-quality forged physical documents, including driver’s licenses, SSNs, and birth certificates, marketed as scannable with UV and raised text.
Fraud Kits (Fullz): Comprehensive identity theft kits, known as “fullz”, were traded aggressively. A Brazilian kit included CPF, RG, banking details, family documents, and selfies intended specifically to bypass biometric fintech verification (deepfake use). Buyers actively sought fullz with pre-opened bank accounts to facilitate check cashing.

Stolen Payment Cards (CCs) and Tools

Carding Marketplaces: The “Valeria CARD MARKET” advertised stolen payment cards starting at $0.50, utilizing a “4check” verification system and offering a refund guarantee for invalid cards.
Free CC Distribution: To drive forum engagement, actors like “NickNix” and “SyntaxSin” frequently posted batches of stolen credit cards (e.g., “37 Swift credit cards”, “40 Vane credit cards”) gated behind “reply-and-react” forum requirements.
Specialized BINs and Tools: Actors shared Bank Identification Number (BIN) information, such as a VISA Credit Business card from ProCredit Bank Bulgaria. Card cloning tools for ATMs and point-of-sale systems were actively distributed.

Carding Methodologies and Tutorials

A significant portion of forum activity was dedicated to sharing exploitation methods for specific retailers. Actor “SyntaxSin” published tutorials on how to successfully execute carding fraud against Wish , Nike , Cash App , Ding recharge services , StockX , and various hotels.

Conclusion

The data from June 5–6, 2026, highlights an aggressive, highly commoditized cyber threat landscape. High-tier actors like ShinyHunters are executing massive extortion campaigns against Fortune 500 companies and critical software supply chains. Simultaneously, hacktivist groups are conducting high-volume website defacements utilizing automated methodologies against poorly secured infrastructure. The prevalence of initial access brokers, comprehensive “fullz” identity kits, and phishing-as-a-service platforms demonstrates that sophisticated cybercrime capabilities are easily accessible to a broad range of malicious actors, continuously fueling downstream fraud and data theft operations globally.

Detected Incidents Draft Data – 2026-06-06 (run date)

Alleged data breach of AT&T with 200 million user records offered for sale
Category: Data Breach
Content: The threat actor group ShinyHunters claims to be selling a dataset of approximately 200 million verified AT&T user records for $1.7M USD, allegedly obtained through a new breach of AT&T systems. The purported dataset includes extensive PII (full name, SSN, DOB, address), financial data (credit/debit card numbers, CVV, bank account numbers), credentials, communication metadata, and internal documents. The actor references prior AT&T incidents and threatens to publish the data if AT&T does not pay…
Date: 2026-06-06T05:19:08Z
Network: openweb
Published URL: https://breachforum.ws/Thread-SELLING-200M-AT-T-2026-06-06
Screenshots:
2 screenshot(s) available
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Telecommunications
Victim Organization: AT&T
Victim Site: att.com
Alleged data leak of Mexican government institute IMIPAS (gob.mx)
Category: Data Leak
Content: A threat actor operating under the SoulHemTeam alias has freely distributed an alleged database dump from IMIPAS, a Mexican government entity. The leaked data reportedly includes fiscal receipts, payroll records, employee tax IDs (RFCs), fiscal folios (UUIDs), bank account details, budget line items, research project records, and system user credentials with access roles and activity logs. The data was shared via a public file-hosting link and promoted through a Telegram channel.
Date: 2026-06-06T05:13:37Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-www-gob-mx-imipas
Screenshots:
1 screenshot(s) available
Threat Actors: l1ghtSoulHem
Victim Country: Mexico
Victim Industry: Government
Victim Organization: IMIPAS
Victim Site: gob.mx/imipas
Alleged data breach of Trezor Crypto Hardware Wallet
Category: Data Breach
Content: A threat actor is distributing what is claimed to be customer data from Trezor, a cryptocurrency hardware wallet provider. The dataset includes fields for gender, full name, email address, phone number, and date of birth. A sample of 24 records is provided alongside a Mega.nz download link, with the full dataset size unspecified.
Date: 2026-06-06T05:13:29Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79142
Screenshots:
1 screenshot(s) available
Threat Actors: LauraAllen
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Trezor
Victim Site: trezor.io
Alleged data breach of UN World Food Programme (WFP) exposing 600,000 Gaza households
Category: Data Breach
Content: The United Nations World Food Programme (WFP) confirmed a cyberattack resulting in unauthorized access to personal information of approximately 600,000 households in Gaza. Exposed data includes names, identification numbers, mobile phone numbers, and location data from the food and cash assistance registration system.
Date: 2026-06-06T05:03:42Z
Network: telegram
Published URL: https://t.me/c/1283513914/22075
Screenshots:
2 screenshot(s) available
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Palestine
Victim Industry: International Organization / Humanitarian Aid
Victim Organization: World Food Programme (WFP)
Victim Site: wfp.org
Alleged data leak of RENIEC — 31 million Peruvian citizens personal data
Category: Data Leak
Content: A threat actor has leaked an alleged 10GB database attributed to RENIEC, Perus national civil registry, containing personal records of approximately 31 million citizens. The sample data includes full names, document numbers, dates of birth, marital status, location details, phone numbers, and parental information. The dataset is being distributed freely via a Mega.nz link.
Date: 2026-06-06T04:22:31Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-RENIEC-10GB-Leaked-31-Million-Peru-citizens-Data–79136
Screenshots:
1 screenshot(s) available
Threat Actors: LauraAllen
Victim Country: Peru
Victim Industry: Government
Victim Organization: RENIEC (Registro Nacional de Identificación y Estado Civil)
Victim Site: reniec.gob.pe
Alleged data leak of Indonesian citizens personal records by Sulawesi Hacktivist Indonesia
Category: Data Leak
Content: A threat actor affiliated with Sulawesi Hacktivist Indonesia (CY8ER N4TI0N) has publicly leaked personal records of Indonesian citizens on a breach forum. The exposed data includes national identity numbers (NIK), family card numbers (NKK), full names, dates and places of birth, gender, parent names, and home addresses. The source of the data has not been specified.
Date: 2026-06-06T03:59:53Z
Network: openweb
Published URL: https://breached.su/threads/nama-data-data-warga-negara-indonesia.88032/unread
Screenshots:
5 screenshot(s) available
Threat Actors: CY8ER N4TI0N
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Minecraft (2026)
Category: Data Breach
Content: A threat actor affiliated with Sulawesi Hacktivist Indonesia claims to have conducted an attack targeting Minecraft. The post contains no specific data details, record counts, or evidence of a breach.
Date: 2026-06-06T03:59:20Z
Network: openweb
Published URL: https://breached.su/threads/data-data-minecraft-2026.88033/unread
Screenshots:
1 screenshot(s) available
Threat Actors: CY8ER N4TI0N
Victim Country: United States
Victim Industry: Technology
Victim Organization: Minecraft
Victim Site: minecraft.net
Sale of alleged Burkinabe passport documents with MRZ data
Category: Carding
Content: A threat actor is offering 2,400 Burkinabe passport scans with visible Machine Readable Zone (MRZ) lines for sale. The seller claims the documents are unique and not publicly available, providing file-sharing links and a SimpleX contact channel. The intended use case appears to be identity fraud or document forgery.
Date: 2026-06-06T03:41:00Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79089
Screenshots:
1 screenshot(s) available
Threat Actors: smiro662
Victim Country: Burkina Faso
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Instituto de Negocios student portal
Category: Data Breach
Content: A threat actor is sharing an alleged SQL and CSV database dump from Alumnos.InstitutoDeNegocios.com, the student portal of Instituto de Negocios, a U.S.-based Spanish-language online education platform. The sample data includes user IDs, login emails, hashed passwords, display names, and registration timestamps. The dump is reported to be 290MB in size.
Date: 2026-06-06T03:40:24Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79101
Screenshots:
1 screenshot(s) available
Threat Actors: DarkMafiaX
Victim Country: United States
Victim Industry: Education
Victim Organization: Instituto de Negocios
Victim Site: alumnos.institutodenegocios.com
Alleged data breach of CamLive.ovh
Category: Data Breach
Content: A threat actor is sharing an alleged SQL and CSV database dump attributed to CamLive.ovh, a social networking and content-sharing platform. The sample reveals extensive user profile fields including usernames, email addresses, hashed passwords, IP addresses, phone numbers, financial data (balance, PayPal email, credits), and device identifiers. The dataset is reported to be 390MB in size.
Date: 2026-06-06T03:39:48Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79104
Screenshots:
1 screenshot(s) available
Threat Actors: DarkMafiaX
Victim Country: United States
Victim Industry: Media
Victim Organization: CamLive
Victim Site: camlive.ovh
Sale of live access to blockchain/DeFi graph database server
Category: Initial Access
Content: A threat actor is offering for sale live web access to a server hosting a graph database used for blockchain/DeFi transactions, reportedly containing approximately 7.7 million nodes and 7.6 million relationships across more than 40 GB of data. The database supports multiple blockchain networks including ETH, Solana, Avalanche, EOS, Optimism, and Astar. The seller is asking $15,000 and can be contacted via Telegram or Session.
Date: 2026-06-06T03:38:47Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79086
Screenshots:
1 screenshot(s) available
Threat Actors: alon3Hunt
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of AlphaSMS Ukrainian SMS gateway
Category: Data Breach
Content: A threat actor claims to have compromised alphasms.com.ua, a Ukrainian bulk SMS, OTP, and messaging platform, exfiltrating the full infrastructure database totaling 50.3 GB. The post advertises the full database including session tokens and customer data, with samples available on request. The breach allegedly affects all customers of the platform.
Date: 2026-06-06T03:38:09Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79111
Screenshots:
1 screenshot(s) available
Threat Actors: gang
Victim Country: Ukraine
Victim Industry: Telecommunications
Victim Organization: AlphaSMS
Victim Site: alphasms.com.ua
Alleged data breach of MeridianBet gambling platform exposing 3.7 million records
Category: Data Breach
Content: A threat actor operating under the name INF GRUPA claims to be selling an exclusive database allegedly dumped from MeridianBets internal employee tools, containing 3.7 million records spanning 2019 to 2026. The dataset purportedly includes full names, phone numbers, dates of birth, email addresses, home addresses, government-issued ID documents, and sensitive internal notes such as gambling addiction flags for users across 12 countries. The actor states the data has not been previously leaked a
Date: 2026-06-06T03:37:23Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79129
Screenshots:
1 screenshot(s) available
Threat Actors: vvvv
Victim Country: Serbia
Victim Industry: Gambling
Victim Organization: MeridianBet
Victim Site: meridianbet.rs
Sale of Russia B2B Business Dataset with 2.4M+ Records
Category: Data Breach
Content: A threat actor is offering for sale a B2B business dataset purportedly containing over 2.4 million Russian business records in Excel, CSV, and JSON formats. The dataset includes company names, business titles, phone numbers, and email addresses of company directors. The seller is directing interested buyers to a Telegram contact for purchase.
Date: 2026-06-06T03:36:01Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79108
Screenshots:
1 screenshot(s) available
Threat Actors: Edric
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Europe CEO Database with 65,000+ Business Executive Records
Category: Data Breach
Content: A threat actor is offering for sale a database of 65,000+ European CEO and executive records spanning multiple countries including France, Germany, Poland, Belgium, the Netherlands, and Austria. The dataset includes full names, job titles, company details, business email addresses, phone numbers, employee counts, revenue ranges, and industry classifications in Excel, CSV, and JSON formats. The origin of the data and the method of collection are not disclosed.
Date: 2026-06-06T03:35:24Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79110
Screenshots:
1 screenshot(s) available
Threat Actors: Edric
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Secretaría de Educación de Bogotá with DDoS attack claim
Category: Data Leak
Content: A threat actor identifying as DozerMx claims to have exfiltrated and leaked the full database of the Secretaría de Educación de Bogotá, comprising records for 461,084 students and 15,793 teachers across 286 educational institutions. The leaked data allegedly includes national identity documents, full names, dates of birth, home addresses, contact details, health insurance information, disability records, and institutional emails. The actor also claims to have taken down the frontend and backend
Date: 2026-06-06T03:34:40Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79112
Screenshots:
2 screenshot(s) available
Threat Actors: DozerMx
Victim Country: Colombia
Victim Industry: Government
Victim Organization: Secretaría de Educación de Bogotá
Victim Site: educacionbogota.edu.co
Sale of Germany Google Maps business dataset with 1.9M+ records
Category: Data Leak
Content: A threat actor is offering a dataset of 1.9 million+ German business listings scraped from Google Maps, available in Excel, CSV, and JSON formats. The dataset includes company names, full addresses, geolocation coordinates, phone numbers, email addresses, and websites. The seller is directing buyers to a Telegram channel for purchase.
Date: 2026-06-06T03:33:55Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79116
Screenshots:
1 screenshot(s) available
Threat Actors: Edric
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Kawaii Animes anime streaming platform
Category: Data Leak
Content: A threat actor has freely shared an alleged database dump from Kawaii Animes, an anime streaming platform, dated April 27, 2026. The dump purportedly contains 1.21 million records including usernames, email addresses, and bcrypt-hashed passwords. Sample records were provided to support the claim.
Date: 2026-06-06T03:33:17Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79118
Screenshots:
1 screenshot(s) available
Threat Actors: JustJK
Victim Country: Unknown
Victim Industry: Entertainment
Victim Organization: Kawaii Animes
Victim Site: Unknown
Sale of global database collection spanning multiple industries and countries
Category: Data Breach
Content: A threat actor is offering for sale a large collection of databases spanning dozens of industries and over 35 countries. The collection reportedly includes databases from government, military, financial, healthcare, and technology sectors, among others. Recognized organizations named include Discord, Telegram, WhatsApp, KFC, Binance, Bumble, Facebook, and Instagram.
Date: 2026-06-06T03:32:38Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79134
Screenshots:
1 screenshot(s) available
Threat Actors: Osito
Victim Country: Unknown
Victim Industry: Multiple
Victim Organization: Multiple
Victim Site: Unknown
Website Defacement of We4U India by INDOHAXSEC Member ./RAZOR
Category: Defacement
Content: On June 6, 2026, a threat actor using the handle ./RAZOR, affiliated with the Indonesian hacktivist group INDOHAXSEC, defaced a document directory on we4uindia.com, an Indian technology and CRM services provider. The attack was a targeted single-page defacement, not affecting the home page nor conducted as part of a mass defacement campaign. The incident is documented via a mirror on zone-xsec.com.
Date: 2026-06-06T02:35:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931415
Screenshots:
1 screenshot(s) available
Threat Actors: ./RAZOR, INDOHAXSEC
Victim Country: India
Victim Industry: Technology / CRM Services
Victim Organization: We4U India
Victim Site: we4uindia.com
Sale of fullz, dumps with PIN, and identity documents across multiple countries
Category: Carding
Content: A threat actor on CrackingX is offering for sale a wide range of fraudulent and stolen materials including fullz (SSN, DOB, DL), identity documents with selfies, dumps with PIN (Track 101/202), tax forms, Medicare leads, and KYC-bypass documents. Offerings span multiple countries and include specialized datasets such as kids fullz, high credit score profiles, and corporate documents. Contact is facilitated via Telegram and Session messaging.
Date: 2026-06-06T02:23:35Z
Network: openweb
Published URL: https://crackingx.com/threads/78187/
Screenshots:
1 screenshot(s) available
Threat Actors: silasclark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Crypto.com account balance checker tool
Category: Carding
Content: A threat actor is selling a balance checker tool targeting Crypto.com accounts, capable of retrieving account holder names, phone numbers, balances, and full cryptocurrency asset lists. The tool is offered on weekly, monthly, and lifetime plans, with source code available. Output samples suggest the tool performs account takeover or credential-stuffing checks against live Crypto.com accounts.
Date: 2026-06-06T02:11:56Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-Crypto-com-Balance-Checker
Screenshots:
1 screenshot(s) available
Threat Actors: Seacoat
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: crypto.com
Alleged data breach of Iberdrola with 300,000 customer records leaked
Category: Data Leak
Content: A threat actor claiming individual operation has released a sample and 300,000 customer records allegedly stolen from Spanish energy company Iberdrola, stating the company ignored multiple contact attempts. The actor claims the full database is available for sale to the highest bidder and threatens further escalation, including data from Endesa, if ignored. The post references prior activity against other Spanish energy providers.
Date: 2026-06-06T01:04:50Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-ES-IBERDROLA-300K-CUSTOMERS
Screenshots:
1 screenshot(s) available
Threat Actors: spain
Victim Country: Spain
Victim Industry: Energy
Victim Organization: Iberdrola
Victim Site: iberdrola.es
Alleged data breach of Iberdrola with 300,000 customer records leaked
Category: Data Leak
Content: A threat actor claiming individual operation alleges a data breach of Spanish energy company Iberdrola, releasing a sample of 300,000 customer records and offering the complete database for sale to the highest bidder. The actor states the release follows ignored contact attempts and frames it as an extortion-driven leak. The same actor also claims a prior breach of Endesa and threatens further escalation against Spanish energy companies.
Date: 2026-06-06T01:04:39Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79122
Screenshots:
1 screenshot(s) available
Threat Actors: gang
Victim Country: Spain
Victim Industry: Energy
Victim Organization: Iberdrola
Victim Site: iberdrola.es
Alleged data breach of Pemdesbutuh.id
Category: Data Breach
Content: A threat actor is offering a database allegedly sourced from pemdesbutuh.id, an Indonesian village government website, containing 24,777 records. The dataset includes sensitive personal fields such as national ID numbers, family card numbers, date of birth, religion, gender, marital status, and occupation. The actor is soliciting direct messages for access to the full database.
Date: 2026-06-06T01:04:24Z
Network: openweb
Published URL: https://breached.su/threads/database-pemdesbutuh-id.88031/unread
Screenshots:
2 screenshot(s) available
Threat Actors: 0xulnar
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Pemdesbutuh
Victim Site: pemdesbutuh.id
Alleged ShinyHunters mega-breach affecting 800+ million records across multiple organizations
Category: Data Breach
Content: ShinyHunters threat actor group claims to have breached and is offering access to data from 60+ major organizations including Microsoft, AT&T, Ticketmaster, Rockstar Games, Pornhub, SoundCloud, and numerous financial/retail companies. Post includes session tokens for The Silent Com and Shinycorp operations, with threat actor handles @node6240 (UNC6040) and @shsupportsh (Shinycorp) referenced.
Date: 2026-06-06T00:30:10Z
Network: telegram
Published URL: https://t.me/c/3500620464/9270
Screenshots:
1 screenshot(s) available
Threat Actors: ShinyHunters
Victim Country: Multiple (United States, Australia, India, Indonesia, Brazil, Canada, Germany, United Kingdom)
Victim Industry: Multiple (Technology, Finance, Retail, Entertainment, Insurance, Travel, Food Service)
Victim Organization: Multiple (Microsoft, AT&T, Ticketmaster, Rockstar Games, Pornhub, SoundCloud, Santander, Qantas, TransUnion, Charter Communications, and 50+ others)
Victim Site: Unknown
Alleged data leak of IMT Maroc (Institut Marocain de Technologie)
Category: Data Leak
Content: A threat actor is distributing an alleged full database dump of IMT Maroc, a private higher education institution based in Casablanca, Morocco. The content is hidden behind a reply gate on the forum. No record count or data field details are specified in the visible post.
Date: 2026-06-06T00:22:31Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79117
Screenshots:
1 screenshot(s) available
Threat Actors: anisanas2
Victim Country: Morocco
Victim Industry: Education
Victim Organization: Institut Marocain de Technologie
Victim Site: Unknown
Alleged data leak of Mines dAouli internal financial documents
Category: Data Leak
Content: A threat actor claims to have leaked internal financial documents belonging to Mines dAouli, a Moroccan state-owned mining company under BRPM. The post alleges financial irregularities including an unexplained government advance, unrecovered debts, and frozen provisions, framing the release as a public interest disclosure. The documents are offered as hidden content accessible upon reply or account upgrade.
Date: 2026-06-06T00:21:51Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79119
Screenshots:
1 screenshot(s) available
Threat Actors: anisanas2
Victim Country: Morocco
Victim Industry: Mining
Victim Organization: Mines dAouli
Victim Site: Unknown
Alleged data breach of Delta Airlines Portugal
Category: Data Leak
Content: A threat actor has leaked a database allegedly belonging to Delta Airlines Portugal, containing 11,633 records across 8 fields including full name, birthday, gender, address, email, phone number, salutation, and region. Sample records include Portuguese customer PII with local phone numbers and email addresses. The data was shared freely on a known breach forum.
Date: 2026-06-06T00:21:44Z
Network: openweb
Published URL: https://breached.su/threads/portugal-delta-airlines.88030/unread
Screenshots:
2 screenshot(s) available
Threat Actors: 0xulnar
Victim Country: Portugal
Victim Industry: Transportation
Victim Organization: Delta Airlines Portugal
Victim Site: Unknown
Alleged defacement of automobilegmbhspllc.com by Mr.PIMZZZXploit
Category: Defacement
Content: Website defacement claimed by threat actor Mr.PIMZZZXploit. Defaced site URL and mirror link provided. Posted in BABAYO EROR SYSTEM channel.
Date: 2026-06-06T00:19:52Z
Network: telegram
Published URL: https://t.me/c/3865526389/1178
Screenshots:
3 screenshot(s) available
Threat Actors: Mr.PIMZZZXploit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Automobile GMBH SP LLC
Victim Site: automobilegmbhspllc.com.massgloballogistics.com

Detected Incidents Draft Data – 2026-06-05 (day before)

Alleged data breach of Tlog.ma — Moroccan logistics company
Category: Data Breach
Content: A threat actor claims to have extracted over 700,000 records from Tlog.ma, a Moroccan express delivery and logistics company, covering data from 2019 to 2026. The actor is offering the full database for $500 USD and has released a sample of 1,000 records. A ransom demand has been issued, with the threat to leak portions of the data if payment is not received within 48 hours.
Date: 2026-06-05T23:48:32Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79115
Screenshots:
1 screenshot(s) available
Threat Actors: anisanas2
Victim Country: Morocco
Victim Industry: Logistics
Victim Organization: Tlog.ma
Victim Site: tlog.ma
Alleged sale of compromised Comcast email access and multi-country mail accounts
Category: Initial Access
Content: OGTNBULK shop advertising restocked compromised email access for Comcast with the cheapest prices, along with full account access (FA) for major retailers and financial institutions including Walmart, Amazon, Target, Bank of America, Chase, Wells Fargo, and others. Separately, DataxLogs advertising mail access availability for multiple countries (FR, BE, AU, CA, UK, US, NL, PL, DE, JP) with configs, scripts, tools, and combo lists available for purchase.
Date: 2026-06-05T22:56:52Z
Network: telegram
Published URL: https://t.me/c/2613583520/97481
Screenshots:
1 screenshot(s) available
Threat Actors: OGTNBULK
Victim Country: Unknown
Victim Industry: Multiple (retail, financial services, technology)
Victim Organization: Unknown
Victim Site: Unknown
Sale of multiple crypto and financial sector database dumps
Category: Data Breach
Content: A threat actor is selling or trading a large collection of databases purportedly from dozens of cryptocurrency exchanges, financial services, and related platforms including Coinbase (11.74M records), CoinMarketCap (3.12M), Carnival (8.79M), Authy (33.4M phone numbers), and many others. The post lists over 80 distinct organizations with individual record counts spanning hundreds to tens of millions. Interested buyers are directed to contact the seller via Telegram.
Date: 2026-06-05T22:35:32Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Crypto-Financial-DBs
Screenshots:
4 screenshot(s) available
Threat Actors: vothan
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Sale of Mexican passport application records allegedly sourced from BLS International visa processing systems
Category: Data Breach
Content: A threat actor is offering for sale Mexican passport application records allegedly sourced from BLS International visa processing systems. Each record purportedly includes passport scans, CVs, proof of enrollment, financial documents, health insurance proof, and fee receipts. Samples are claimed to be available upon request.
Date: 2026-06-05T22:34:53Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-FRESH-MEXICANS-PASSPORTS
Screenshots:
1 screenshot(s) available
Threat Actors: scatt3r
Victim Country: Mexico
Victim Industry: Government
Victim Organization: BLS International
Victim Site: blsinternational.com
Sale of RAT panel access with 60 infected machines
Category: Initial Access
Content: A threat actor is offering for sale panel login credentials granting full remote access to 60 reportedly active infected machines via a RAT. Capabilities include remote desktop control, keylogging, credential and cookie harvesting, crypto wallet extraction, webcam/microphone access, and persistence. A cryptominer is described as pre-configured and running on the compromised machines. The asking price is $200.
Date: 2026-06-05T22:14:54Z
Network: openweb
Published URL: https://cracked.st/Thread-PANEL-RAT-ACCESS-%E2%80%94-60-INFECTED-MACHINES
Screenshots:
1 screenshot(s) available
Threat Actors: primedata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of FUD email sender tool (FUDSender Pro)
Category: Phishing
Content: A threat actor is offering FUDSender Pro, a license-based desktop email sender tool supporting SMTP and multiple APIs (Mailgun, Brevo), HTML/image-based emails, and attachment obfuscation via ZIP and PDF generation. The tool is marketed for bulk email campaigns with evasion features consistent with phishing or spam operations. Contact and pricing are provided via Telegram.
Date: 2026-06-05T21:18:41Z
Network: openweb
Published URL: https://crackingx.com/threads/78174/
Screenshots:
1 screenshot(s) available
Threat Actors: office_365shop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Melbourne International Film Festival (MIFF)
Category: Data Leak
Content: A threat actor has leaked data allegedly belonging to Melbourne International Film Festival (MIFF), Australias largest film festival. The dataset, comprising four tables, contains customer and membership records including names, email addresses, phone numbers, physical addresses, booking totals, membership details, and event ticketing information. The post claims 340,000+ affected customers, though a sample figure of 27,000 is also referenced.
Date: 2026-06-05T21:12:33Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Melbourne-Interational-Film-Festival-MIFF-Australia-340K-Customers
Screenshots:
1 screenshot(s) available
Threat Actors: 2019
Victim Country: Australia
Victim Industry: Entertainment
Victim Organization: Melbourne International Film Festival
Victim Site: miff.com.au
Alleged data breach of Alist Dubai influencer marketing platform
Category: Data Breach
Content: A threat actor is sharing an alleged database dump from Alist Dubai, a UAE-based influencer marketing platform. The dataset reportedly contains over 63,700 customer records including names, email addresses, mobile numbers, dates of birth, gender, nationality, country, and social media profile URLs. Sample records indicate the data spans users from the UAE, Saudi Arabia, and other regional countries.
Date: 2026-06-05T21:11:34Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Alist-Dubai-63-7K-Customers
Screenshots:
1 screenshot(s) available
Threat Actors: 2019
Victim Country: United Arab Emirates
Victim Industry: Marketing
Victim Organization: Alist Dubai
Victim Site: Unknown
Alleged data breach of Zeco Energy Australia
Category: Data Breach
Content: A threat actor is offering a database dump allegedly obtained from Zeco Energy, an Australian renewable energy company. The leaked data includes customer personal information (names, addresses, phone numbers, emails), solar system installation details (serial numbers, PV capacity, battery serials, GPS coordinates), and installer company records. Three separate datasets are offered via an external file-sharing link.
Date: 2026-06-05T21:10:40Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Zeco-Energy-Australia-5-5K–190660
Screenshots:
1 screenshot(s) available
Threat Actors: 2019
Victim Country: Australia
Victim Industry: Energy
Victim Organization: Zeco Energy
Victim Site: Unknown
Alleged data breach of CVL KRA (cvlkra.com) exposing 153 million Indian investor KYC records
Category: Data Breach
Content: A threat actor claims to be selling a database allegedly obtained from cvlkra.com, the KYC Registration Agency portal managed by CDSL Ventures Limited. The purported dataset includes over 153 million records containing names, father names, dates of birth, addresses, Aadhaar numbers, and scanned Aadhaar document images in CSV format. The actor is offering the data for $5,000, with a separate $100,000 demand directed at the company or government to wipe the data, accepting only cryptocurrency.
Date: 2026-06-05T20:43:48Z
Network: openweb
Published URL: https://breached.su/threads/cvlkra-com-153millions-records-india.88025/unread
Screenshots:
1 screenshot(s) available
Threat Actors: johnwick422
Victim Country: India
Victim Industry: Finance
Victim Organization: CDSL Ventures Limited (CVL KRA)
Victim Site: cvlkra.com
Alleged data breach of Woflow AI-driven merchant data platform by ShinyHunters
Category: Data Leak
Content: In March 2026, the ShinyHunters data extortion group claimed responsibility for breaching Woflow, an AI-driven merchant data platform, and subsequently published over 2TB of data comprising tens of thousands of files. The leaked dataset, added to HaveIBeenPwned on 7 May 2026, contains approximately 447,600 affected accounts including email addresses, names, phone numbers, physical addresses, hashed passwords, and internal tokens. The data reportedly relates to Woflow customers and, transitively,…
Date: 2026-06-05T20:18:06Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79087
Screenshots:
1 screenshot(s) available
Threat Actors: Blastoize
Victim Country: United States
Victim Industry: Technology
Victim Organization: Woflow
Victim Site: woflow.com
Sale of KYC bypass tools and identity documents across multiple countries
Category: Carding
Content: A threat actor is advertising a range of identity fraud and KYC bypass services, including drivers licenses, passports, SSNs, SINs, EINs, and LLC documentation for multiple countries. The offering also includes consumer databases, phone lists, email lists, and citizen identity records. The seller directs buyers to contact via Telegram.
Date: 2026-06-05T20:03:37Z
Network: openweb
Published URL: https://xforums.st/threads/all-countries-driver-license-available-pass-ssn-sin-ein-llc-kyc-bypass-tool.620642/
Screenshots:
None
Threat Actors: jannat123
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of 364 hacking and programming forum databases
Category: Data Leak
Content: A threat actor has freely distributed alleged database dumps from 364 programming, hacking, leak, cheat forums, and stresser services. Named platforms include Nulled, Cracked, RaidForums, and Darkforums. The data is available via two download links with a shared password.
Date: 2026-06-05T19:49:13Z
Network: openweb
Published URL: https://breached.su/threads/all-hacking-forums-leaks-databases-nulled-cracked-raidforums-darkforums.88024/unread
Screenshots:
1 screenshot(s) available
Threat Actors: johnwick422
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple hacking/programming forums including Nulled, Cracked, RaidForums, Darkforums
Victim Site: Unknown
Alleged sale of 31 compromised Telegram accounts
Category: Initial Access
Content: Threat actor offering 31 tested Telegram accounts for sale via Telegram bot. Accounts packaged in zip file (129.6MB) from various countries. Buyer directed to @ThreatMarketBot for purchase.
Date: 2026-06-05T19:46:12Z
Network: telegram
Published URL: https://t.me/c/3881618514/131
Screenshots:
2 screenshot(s) available
Threat Actors: Threat Market
Victim Country: Unknown
Victim Industry: Communications/Social Media
Victim Organization: Telegram users
Victim Site: telegram.org
Sale of Cryptocurrency Wallet Stealer Malware (V1.1)
Category: Malware
Content: A threat actor is offering a cryptocurrency wallet stealer tool (V1.1) for sale via Telegram. The malware reportedly targets browser activity, cryptocurrency wallets, and antivirus software. Download links and a VirusTotal report are provided in the post.
Date: 2026-06-05T19:20:18Z
Network: openweb
Published URL: https://spear.cx/Thread-Source-Code-Crypto-Currencies-V1-1-Wallet-Stealer
Screenshots:
1 screenshot(s) available
Threat Actors: zerodark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Crypto Balance Checker Tool with Suspected Malicious Payload
Category: Malware
Content: A forum user is distributing a tool advertised as a cryptocurrency balance checker supporting Bitcoin, Ethereum, Litecoin, and altcoins. The download link references a VirusTotal submission, suggesting the file may have been flagged as malicious. The tool is offered for free on the forum.
Date: 2026-06-05T19:19:36Z
Network: openweb
Published URL: https://spear.cx/Thread-Free-Crypto-Balance-Checker-Track-Bitcoin-Ethereum-Litecoin-and-altcoins
Screenshots:
1 screenshot(s) available
Threat Actors: zerodark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Platinum Cineplex database
Category: Data Leak
Content: A threat actor is distributing a database allegedly belonging to Platinum Cineplex for free on a hacking forum. The post includes a sample of the data. No record count or additional details are provided.
Date: 2026-06-05T19:16:23Z
Network: openweb
Published URL: https://breached.su/threads/database-platinum-cineplex.88023/unread
Screenshots:
2 screenshot(s) available
Threat Actors: Mr. Hanz Xploit
Victim Country: Unknown
Victim Industry: Entertainment
Victim Organization: Platinum Cineplex
Victim Site: Unknown
Sale of ATM Card Cloning Tools
Category: Carding
Content: A threat actor is advertising ATM card cloning tools on a cracking forum, directing interested buyers to contact via Telegram. The post includes download links and a VirusTotal report, suggesting the tools are being distributed for fraudulent card duplication activities targeting debit cards, credit cards, and point-of-sale systems.
Date: 2026-06-05T19:01:02Z
Network: openweb
Published URL: https://altenens.is/threads/atm-card-cloning-tools-cracked.2951888/unread
Screenshots:
2 screenshot(s) available
Threat Actors: sinisafl
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of personal data of Chinese overseas residents in the United States
Category: Data Breach
Content: A threat actor is offering for sale a dataset of approximately 1 million records purportedly containing personal information of Chinese overseas residents in the United States, with data dated May–June 2026. The dataset includes full names, mailing addresses, phone numbers, and email addresses in a format consistent with a CRM or Salesforce export. The source organization has not been identified.
Date: 2026-06-05T18:46:33Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-1-million-chinese-overseas-usa-May-june-2026-data
Screenshots:
1 screenshot(s) available
Threat Actors: Kim1000P
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of compromised full account access to financial institutions and e-commerce platforms
Category: Initial Access
Content: OGTNBULK shop advertising stolen full account (FA) access to major US financial institutions (Bank of America, Capital One, Wells Fargo, Chase, Blockchain) and e-commerce platforms (Walmart, Amazon, Target, eBay, Uber, Netflix, etc.). Vendor claims cheapest prices and offers live proof/testing. Also includes separate vendor (Engineering) offering mail access, configs, scripts, tools, and combo lists across multiple countries (US, UK, FR, DE, JP, etc.).
Date: 2026-06-05T18:46:25Z
Network: telegram
Published URL: https://t.me/c/2613583520/97466
Screenshots:
1 screenshot(s) available
Threat Actors: OGTNBULK
Victim Country: United States
Victim Industry: Financial Services, E-commerce, Technology
Victim Organization: Unknown
Victim Site: Unknown
Sale of CVV, Fullz, Dumps, and Payment Card Data Across Multiple Countries
Category: Carding
Content: A threat actor is selling stolen payment card data including CVVs, fullz, and dumps across multiple countries including the US, UK, EU, Australia, Japan, and others at listed per-card prices. The post includes sample card records with cardholder names, billing addresses, card numbers, expiry dates, and CVV codes. Additional services including SMTP mailers and software tools are also advertised.
Date: 2026-06-05T18:45:43Z
Network: openweb
Published URL: https://darkforums.su/Thread-SELLING-BEST-CVV-SHIP-FULLZ-DUMPS-PAYPAL-BANK-LOGIN-TRACK-WESTERN-UNIOn-Available–79082
Screenshots:
5 screenshot(s) available
Threat Actors: CharlieKaufman
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of King Jouet via API vulnerability by LunarisSec
Category: Data Breach
Content: Threat actors operating under the group name LunarisSec claim to have discovered an API vulnerability on king-jouet.com that allowed them to retrieve an API key and extract sensitive data tables related to tickets and transactions. The exposed data reportedly includes archive ticket records, product references, and EAN article data in JSON format. The actors, identified as Pwn2dd, Morphyne, and Unknown, are offering contact via Telegram.
Date: 2026-06-05T18:43:42Z
Network: openweb
Published URL: https://breached.su/threads/https-www-king-jouet-com-api-vulnerability-lunarissec.88022/unread
Screenshots:
5 screenshot(s) available
Threat Actors: pwn2dd
Victim Country: France
Victim Industry: Retail
Victim Organization: King Jouet
Victim Site: king-jouet.com
Website defacement of Darwin Motion by StarsX of NeuraSelf Cyber Team
Category: Defacement
Content: On June 6, 2026, the blog section of Darwin Motions website was defaced by a threat actor identified as StarsX, operating under the NeuraSelf Cyber Team. The attack targeted the subdirectory www.darwinmotion.com/blogs/ and was a singular, targeted defacement rather than a mass or repeated incident. No motive or technical details regarding the server environment were disclosed.
Date: 2026-06-05T18:20:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931414
Screenshots:
1 screenshot(s) available
Threat Actors: StarsX, NeuraSelf Cyber Team
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Darwin Motion
Victim Site: www.darwinmotion.com
Website Defacement of Shree Krishna Institute by StarsX (NeuraSelf Cyber Team)
Category: Defacement
Content: On June 6, 2026, a threat actor identified as StarsX, operating under the NeuraSelf Cyber Team, defaced the homepage of Shree Krishna Institute, an educational institution based in India. The attack was a targeted homepage defacement and has been mirrored at zone-xsec.com. No specific motivation or technical server details were disclosed in association with this incident.
Date: 2026-06-05T18:19:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931411
Screenshots:
1 screenshot(s) available
Threat Actors: StarsX, NeuraSelf Cyber Team
Victim Country: India
Victim Industry: Education
Victim Organization: Shree Krishna Institute
Victim Site: shreekrishnainstitute.in
Website Defacement of IT Advance Education by StarsX of NeuraSelf Cyber Team
Category: Defacement
Content: On June 6, 2026, a threat actor identified as StarsX, operating under the NeuraSelf Cyber Team, defaced the homepage of itadvanceeducation.in, an Indian educational institutions website. The attack was a targeted home page defacement and is not classified as a mass or redefacement incident. The motive behind the attack was not disclosed, and technical details such as server information and proof of concept were not provided.
Date: 2026-06-05T18:18:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931413
Screenshots:
1 screenshot(s) available
Threat Actors: StarsX, NeuraSelf Cyber Team
Victim Country: India
Victim Industry: Education
Victim Organization: IT Advance Education
Victim Site: itadvanceeducation.in
Website Defacement of Anand Gold by StarsX of NeuraSelf Cyber Team
Category: Defacement
Content: On June 6, 2026, a threat actor identified as StarsX, operating under the NeuraSelf Cyber Team, defaced the website of Anand Gold, an Indian jewelry business. The defacement targeted a specific PHP file (laravel.php) rather than the homepage, suggesting a targeted file-level intrusion. The incident was recorded and mirrored by zone-xsec.com.
Date: 2026-06-05T18:17:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931409
Screenshots:
1 screenshot(s) available
Threat Actors: StarsX, NeuraSelf Cyber Team
Victim Country: India
Victim Industry: Retail / Jewelry
Victim Organization: Anand Gold
Victim Site: anandgold.co.in
Website Defacement of hcsm.co.in by StarsX of NeuraSelf Cyber Team
Category: Defacement
Content: On June 6, 2026, a threat actor known as StarsX, operating under the NeuraSelf Cyber Team, defaced a specific page on the Indian website hcsm.co.in. The incident was a targeted single-page defacement rather than a mass or home page compromise. The attack was archived and mirrored via zone-xsec.com, a known defacement tracking platform.
Date: 2026-06-05T18:16:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931412
Screenshots:
1 screenshot(s) available
Threat Actors: StarsX, NeuraSelf Cyber Team
Victim Country: India
Victim Industry: Unknown
Victim Organization: HCSM
Victim Site: hcsm.co.in
Sale of alleged 2026 PLA military test reports
Category: Data Breach
Content: A threat actor is offering for sale alleged 2026 Peoples Liberation Army (PLA) military test reports. The seller provides multiple contact channels including Telegram, Session, Tox, Matrix, and Jabber for inquiries and purchase. No further details on the volume or specific nature of the documents were disclosed in the post.
Date: 2026-06-05T17:58:43Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-CN-2026-PLA-military-test-reports-for-sale
Screenshots:
1 screenshot(s) available
Threat Actors: mosad
Victim Country: China
Victim Industry: Government
Victim Organization: Peoples Liberation Army
Victim Site: Unknown
Alleged data breach of Quick restaurant employee dashboard
Category: Data Breach
Content: A threat actor claims to have retrieved an employee dashboard from Quick, a fast-food restaurant chain. The post shares the contents of the dashboard, though specific data fields and record counts are not detailed in the post.
Date: 2026-06-05T17:57:55Z
Network: openweb
Published URL: https://breached.su/threads/quick-employee-dashboard.88020/unread
Screenshots:
1 screenshot(s) available
Threat Actors: nearlevrai
Victim Country: Unknown
Victim Industry: Food & Beverage
Victim Organization: Quick
Victim Site: Unknown
Alleged data breach of Tangerang Selatan City Government Database
Category: Data Breach
Content: Indonesian threat actor group Rakyat Digital Crew posted evidence of a data breach affecting TangerangSelatankota.go.id (Tangerang Selatan City Government). The breach includes leaked personally identifiable information (PII) including NIK (National ID numbers), NIP (employee IDs), addresses, phone numbers, and email addresses. Evidence posted on Breachforums.
Date: 2026-06-05T17:44:58Z
Network: telegram
Published URL: https://t.me/c/3755871403/719
Screenshots:
2 screenshot(s) available
Threat Actors: Rakyat Digital Crew
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Tangerang Selatan City Government
Victim Site: tangerangselatankota.go.id
Website Defacement of Vanphong Pham Quang Chinh by Threat Actor Zod
Category: Defacement
Content: On June 6, 2026, a threat actor operating under the alias Zod defaced the Vietnamese stationery and office supplies website vanphongphamquangchinh.com, targeting the page /zod.html. The attack was a single-target defacement conducted on a Linux-based server. No specific motivation or additional technical indicators were disclosed.
Date: 2026-06-05T17:19:12Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249809
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Vietnam
Victim Industry: Retail / Stationery & Office Supplies
Victim Organization: Văn Phòng Phẩm Quang Chính
Victim Site: vanphongphamquangchinh.com
Mass Defacement of Brazilian Religious Organization by Threat Actor Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement campaign targeting santuarioconceicaorj.org.br, a Brazilian religious sanctuary website, on June 6, 2026. The attack was not limited to the homepage and was part of a broader mass defacement operation carried out by the Zod team. The defaced page was archived at haxor.id and the server was running on a Linux-based environment.
Date: 2026-06-05T17:17:26Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249811
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Brazil
Victim Industry: Religious Organization
Victim Organization: Santuário Nossa Senhora da Conceição RJ
Victim Site: santuarioconceicaorj.org.br
Website Defacement of Black Panther Cup by Threat Actor Zod
Category: Defacement
Content: On June 6, 2026, a threat actor operating under the alias Zod defaced the website blackpanthercup.tw, a sports-related organization based in Taiwan. The attacker replaced the content of the targeted page (zod.html) on a Linux-hosted server. The incident was recorded as a single, non-mass, non-home page defacement.
Date: 2026-06-05T17:16:07Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249810
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Taiwan
Victim Industry: Sports / Recreation
Victim Organization: Black Panther Cup
Victim Site: blackpanthercup.tw
Alleged data breach of TangerangSelatankota government portal
Category: Data Breach
Content: A threat actor posted what appears to be a database allegedly sourced from the Tangerang Selatan city government portal (tangerangselatankota.go.id). No additional details regarding record count or data types are available from the post content.
Date: 2026-06-05T17:14:48Z
Network: openweb
Published URL: https://breached.su/threads/data-base-tangerangselatankota-go-id.88019/unread
Screenshots:
3 screenshot(s) available
Threat Actors: MatxCysec
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Tangerang Selatan City Government
Victim Site: tangerangselatankota.go.id
Sale or leak of identity documents including IDs, drivers licenses, and passports
Category: Carding
Content: A forum post advertises hidden content purportedly containing identity documents including IDs, drivers licenses, and passports. The actual content is gated behind registration or login, limiting visibility into the scope or origin of the documents.
Date: 2026-06-05T17:02:16Z
Network: openweb
Published URL: https://leakforum.io/Thread-ID-DL-and-Passports
Screenshots:
1 screenshot(s) available
Threat Actors: DeSnaka
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of skola2030.lv — Latvian educational contacts and school staff records
Category: Data Breach
Content: A threat actor is selling a dataset allegedly originating from skola2030.lv, a Latvian educational platform, for $1,300. The dataset reportedly contains approximately 413,000 records across three sections: Contacts (including names, phone numbers, emails, job titles, and addresses of school managers), Educational Programs, and School Engagements. The seller provides a sample via an external file-sharing link.
Date: 2026-06-05T16:57:04Z
Network: openweb
Published URL: https://breached.su/threads/413k-latvia-https-skola2030-lv-educational-contacts-and-school-staff-records-dataset.88007/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Latvia
Victim Industry: Education
Victim Organization: skola2030.lv
Victim Site: skola2030.lv
Alleged data breach of KPN (kpn.com) exposing 437K Netherlands customer records
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from KPN, a major Dutch telecommunications provider, containing approximately 437,000 records. The dataset is structured across three sections — Contacts, Service Requests, and Subscription Orders — and includes personal identifiers such as names, email addresses, phone numbers, physical addresses, birth dates, and financial subscription details. The data is priced at $1,400 and offered via Telegram or forum PM.
Date: 2026-06-05T16:56:31Z
Network: openweb
Published URL: https://breached.su/threads/437k-netherlands-www-kpn-com-user-contact-info-including-emails-names-signup-and-activity-dates.88009/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Netherlands
Victim Industry: Telecommunications
Victim Organization: KPN
Victim Site: kpn.com
Alleged data breach of Wehkamp (wehkamp.nl) exposing ~482K Netherlands customer records
Category: Data Breach
Content: A threat actor is selling an alleged dataset of approximately 482,000 customer records sourced from Dutch e-commerce retailer Wehkamp (wehkamp.nl). The dataset is reported to include contact details (name, email, phone, address, birthdate, language preference, contact status), order records, and customer support case data. The seller is offering the data for $1,200 via Telegram.
Date: 2026-06-05T16:55:57Z
Network: openweb
Published URL: https://breached.su/threads/482k-netherlands-https-www-wehkamp-nl-customer-records-including-email-names-dates-and-contact-status.88010/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Netherlands
Victim Industry: Retail
Victim Organization: Wehkamp
Victim Site: wehkamp.nl
Alleged data breach of Naijapals (naijapals.com)
Category: Data Breach
Content: A threat actor is selling an alleged dataset from naijapals.com comprising approximately 427,000 records across three structured sections: Contacts (full name, email, phone, mailing address), Support Tickets, and User Engagements including activity logs. The dataset is offered for $1,300 via Telegram contact, with forum escrow accepted.
Date: 2026-06-05T16:55:24Z
Network: openweb
Published URL: https://breached.su/threads/427k-nigeria-www-naijapals-com-user-contact-and-profile-data-including-emails-and-activity-logs.88011/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Nigeria
Victim Industry: Social Media
Victim Organization: Naijapals
Victim Site: naijapals.com
Alleged sale of personal data of 1 million Chinese crypto traders
Category: Data Breach
Content: A threat actor is selling approximately 1 million records of Chinese cryptocurrency traders sourced from multiple trading platforms including Huobi, OKEx, ZB, and Bitget. The dataset reportedly includes full names, phone numbers, mobile operators, account balances, account IDs, and verification status. Sample data provided in the post appears to contain real personal and financial details of Chinese nationals.
Date: 2026-06-05T16:55:06Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79051
Screenshots:
1 screenshot(s) available
Threat Actors: MDGhost666
Victim Country: China
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Copaco (Paraguay telecommunications provider)
Category: Data Breach
Content: A threat actor is selling an alleged dataset from Copaco, Paraguays state telecommunications provider, priced at $1,200. The dataset purportedly contains 412,000 records spanning three sections: customer contacts (including Tax IDs, emails, phone numbers, and addresses), order details for bandwidth and hosting services, and support tickets. The data is described as fresh and organized, with sample files provided via Gofile links.
Date: 2026-06-05T16:54:50Z
Network: openweb
Published URL: https://breached.su/threads/412k-paraguay-https-www-copaco-com-py-active-email-and-contact-records-for-commerce-sector.88012/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Paraguay
Victim Industry: Telecommunications
Victim Organization: Copaco
Victim Site: copaco.com.py
Alleged data breach of Chinese e-commerce platform exposing shopping orders
Category: Data Breach
Content: A threat actor is selling a dataset allegedly containing 7.5 million Chinese consumer shopping order records. The data includes customer names, phone numbers, full residential addresses, order reference IDs, product categories, and transaction details. The seller is offering the dataset via Telegram for an undisclosed price.
Date: 2026-06-05T16:54:23Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79054
Screenshots:
1 screenshot(s) available
Threat Actors: Edric
Victim Country: China
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of SM-Clinic (sm-clinic.ru) exposing patient contact and booking records
Category: Data Breach
Content: A threat actor is selling an alleged dataset of approximately 528,000 records originating from sm-clinic.ru, a Russian medical clinic. The dataset is claimed to include patient contact details, appointment booking records, billing and insurance information, and website lead tracking data organized across three interconnected tables. The seller is offering the data for $1,200.
Date: 2026-06-05T16:54:16Z
Network: openweb
Published URL: https://breached.su/threads/528k-russia-https-sm-clinic-ru-patient-contact-records-with-emails-inquiry-subjects-and-communication-preferences.88013/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Russia
Victim Industry: Healthcare
Victim Organization: SM-Clinic
Victim Site: sm-clinic.ru
Alleged data breach of GulfTalent professional recruitment platform
Category: Data Breach
Content: A threat actor is selling an alleged dataset from GulfTalent, a professional recruitment platform, containing approximately 482,000 records. The data is organized into three sections: Contacts (personal and demographic details including email, phone, date of birth, and LinkedIn URLs), Candidate Profiles (professional information including passport numbers, expiry dates, and personal health details), and Job Applications (recruitment pipeline records). The seller is asking $900 and accepts forum
Date: 2026-06-05T16:53:49Z
Network: openweb
Published URL: https://breached.su/threads/482k-saudi-arabia-https-www-gulftalent-com-professional-profiles-with-contact-and-career-data.88014/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Saudi Arabia
Victim Industry: Recruitment
Victim Organization: GulfTalent
Victim Site: gulftalent.com
Alleged data breach of Shaanxi Health Code system exposing 14.8 million records
Category: Data Breach
Content: A threat actor is selling an alleged dataset of 14.8 million records from the Shaanxi Health Code system in China. The dataset reportedly includes full names, national ID numbers, phone numbers, and district/location data. Sample records were provided as proof, and the seller is directing buyers to a Telegram contact.
Date: 2026-06-05T16:53:42Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79056
Screenshots:
1 screenshot(s) available
Threat Actors: Edric
Victim Country: China
Victim Industry: Healthcare
Victim Organization: Shaanxi Health Code
Victim Site: Unknown
Alleged data breach of MyCarForum (Singapore)
Category: Data Breach
Content: A threat actor is selling an alleged dataset from MyCarForum, a Singapore-based automotive forum, comprising approximately 487,000 user records. The dataset reportedly includes personally identifiable information such as full names, email addresses, password hashes, login IPs, registration dates, phone numbers, and contact verification data, organized across three sections: Contacts, Forum Posts, and File Attachments. The seller is asking $1,400 and accepting forum escrow for the transaction.
Date: 2026-06-05T16:53:06Z
Network: openweb
Published URL: https://breached.su/threads/487k-singapore-www-mycarforum-com-user-accounts-with-login-ips-registration-dates-and-contact-verification-data.88015/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Singapore
Victim Industry: Automotive
Victim Organization: MyCarForum
Victim Site: mycarforum.com
Alleged data breach of Al-Quds Open University
Category: Data Breach
Content: A threat actor claims to have accessed student data from Al-Quds Open University in Palestine, exposing fields including student name, student number, faculty, phone number, and email address. A sample of records and a session token were shared in the post. The actor framed the disclosure as a responsible security warning after allegedly failing to reach the institution through official channels.
Date: 2026-06-05T16:52:53Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Palestine-Al-Quds-Open-University-Student-Data–79061
Screenshots:
1 screenshot(s) available
Threat Actors: Kan3anY
Victim Country: Palestine
Victim Industry: Education
Victim Organization: Al-Quds Open University
Victim Site: Unknown
Alleged data breach of smeducamos.com exposing student contact, enrollment, and authentication data
Category: Data Breach
Content: A threat actor is selling an alleged dataset from smeducamos.com, a Spanish education platform, containing approximately 428,000 records across three sections: contact information (names, addresses, phone numbers, birthdates), student enrollment details (course data, grades, payment and scholarship status), and user authentication data (encrypted passwords, password reset tokens, MFA status, and session metadata). The dataset is priced at $1,000 and being offered via Telegram and forum escrow.
Date: 2026-06-05T16:52:36Z
Network: openweb
Published URL: https://breached.su/threads/428k-spain-https-www-smeducamos-com-student-contact-and-account-data-with-timestamps-and-status-details.88016/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Spain
Victim Industry: Education
Victim Organization: SM Educamos
Victim Site: smeducamos.com
Alleged data leak of VKontakte user profiles
Category: Data Leak
Content: A threat actor is freely distributing a dataset of 7,796 VKontakte user profiles containing phone numbers, full names, dates of birth, origin locations, and profile URLs. The actor claims the data was self-parsed. The dataset is offered as a free download on the forum.
Date: 2026-06-05T16:52:15Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79065
Screenshots:
1 screenshot(s) available
Threat Actors: dmimin
Victim Country: Russia
Victim Industry: Technology
Victim Organization: VKontakte
Victim Site: vk.com
Alleged data breach of Maquillalia exposing customer and order records
Category: Data Breach
Content: A threat actor is selling an alleged dataset from Maquillalia, a Spanish cosmetics retailer, comprising approximately 742,000 records. The dataset is structured across three sections — Contacts, Product Reviews, and Orders — containing personal information such as full names, emails, phone numbers, mailing addresses, birthdates, order details, payment methods, and IP addresses. The data is offered for $1,100 via Telegram contact.
Date: 2026-06-05T16:51:58Z
Network: openweb
Published URL: https://breached.su/threads/742k-spain-https-www-maquillalia-com-customer-support-and-user-account-data-records-exposed.88017/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Spain
Victim Industry: Retail
Victim Organization: Maquillalia
Victim Site: maquillalia.com
Alleged data leak of scraped public data from eblo.id
Category: Data Leak
Content: A threat actor has freely shared a scraped dataset from eblo.id, a Twitch-related media platform. The dump contains 508 posts in JSON format including Twitch IDs, user handles, view/like/comment counts, and media URLs. The actor claims the data was scraped from publicly accessible endpoints and that no intrusion occurred.
Date: 2026-06-05T16:51:38Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79066
Screenshots:
1 screenshot(s) available
Threat Actors: ijustbik
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: eblo.id
Victim Site: eblo.id
Alleged source code leak of animocrea.com by LunarisSec
Category: Data Leak
Content: Threat actor group LunarisSec claims to have obtained a full WordPress source code backup of animocrea.com, comprising 68,397 files. The group published a partial file listing as proof of access and is distributing the data via Telegram. The post is attributed to authors Pwn2dd and Morphyne.
Date: 2026-06-05T16:50:58Z
Network: openweb
Published URL: https://breached.su/threads/https-animocrea-com-lunarissec.88008/unread
Screenshots:
4 screenshot(s) available
Threat Actors: pwn2dd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Animocrea
Victim Site: animocrea.com
Alleged data breach of Original (original.com.br) exposing ~473K Brazilian customer records
Category: Data Breach
Content: A threat actor is offering a database allegedly sourced from original.com.br containing approximately 473,000 records. The dataset includes personal identifiers (CPF, RG, full name, birthdate), contact details, order history, financial data (annual income range, credit score, payment records), and support ticket data organized across three interconnected tables. The data is being sold on the Breached forum.
Date: 2026-06-05T16:22:24Z
Network: openweb
Published URL: https://breached.su/threads/473k-brazil-https-www-original-com-br-emails-personal-ids-birthdates-and-income-data-database.87998/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Brazil
Victim Industry: Retail
Victim Organization: Banco Original
Victim Site: original.com.br
Alleged data breach of Bazar.bg exposing user contact profiles, orders, and support tickets
Category: Data Breach
Content: A threat actor is selling an alleged dataset from Bazar.bg, a Bulgarian online marketplace, containing approximately 384,000 records. The dataset is structured across three sections — Contacts, Orders, and Support Tickets — and includes personally identifiable information such as names, email addresses, phone numbers, dates of birth, and shipping addresses, as well as order history and payment metadata. The seller is asking $1,400 and can be contacted via Telegram.
Date: 2026-06-05T16:21:49Z
Network: openweb
Published URL: https://breached.su/threads/384k-bulgaria-https-www-bazar-bg-user-contact-profiles-with-verified-emails-and-basic-demographic-data.87999/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Bulgaria
Victim Industry: Retail
Victim Organization: Bazar.bg
Victim Site: bazar.bg
Alleged data breach of International Institute for Sustainable Development (IISD)
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from iisd.org, claimed to contain approximately 732,000 records across three sections: Contacts, Research Projects, and Memberships. The data purportedly includes personal contact details (email, phone, address, gender, marital status), professional information (job titles, LinkedIn profiles, university affiliations), research project details including funding sources and grant references, and membership billing and payment data. The datas…
Date: 2026-06-05T16:21:15Z
Network: openweb
Published URL: https://breached.su/threads/732k-canada-https-www-iisd-org-environmental-professionals-contact-data-including-emails-job-titles-locations.88000/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Canada
Victim Industry: Research
Victim Organization: International Institute for Sustainable Development
Victim Site: iisd.org
Alleged data breach of Mathon France
Category: Data Breach
Content: A threat actor is offering for sale an alleged dataset from mathon.fr, a French retailer, comprising approximately 483,000 records. The data is structured across three sections: Contacts (including personal details, marketing consent, and loyalty data), Order History (including payment metadata, credit limits, and delivery status), and Customer Support Tickets (including risk levels, security tokens, and resolution notes). The dataset contains verified email addresses, demographic information, a…
Date: 2026-06-05T16:20:43Z
Network: openweb
Published URL: https://breached.su/threads/483k-france-https-www-mathon-fr-verified-user-emails-and-purchase-data-with-demographics-and-account-status.88001/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: France
Victim Industry: Retail
Victim Organization: Mathon
Victim Site: mathon.fr
Alleged data breach of xe.gr (Greece)
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from xe.gr, a Greek automotive classifieds platform, containing approximately 438,000 records. The dataset reportedly includes contact records with PII (name, email, phone, address), vehicle listing inquiries, and user login activity data. The seller is asking $1,000 and claims the data is fresh and organized across three CRM-structured sections.
Date: 2026-06-05T16:20:05Z
Network: openweb
Published URL: https://breached.su/threads/438k-greece-www-xe-gr-active-verified-emails-and-contact-records-for-business-outreach.88002/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Greece
Victim Industry: Automotive
Victim Organization: xe.gr
Victim Site: xe.gr
Alleged data breach of hoxa.hu with 237K Hungarian user records
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from hoxa.hu, a Hungarian website, containing approximately 237,000 records. The dataset is structured across three sections: Contacts (including full names, email addresses, IPs, phone numbers, and mailing addresses), Support Tickets, and Order History (including payment method, shipping/billing addresses, and order details). The seller is asking $1,000 and has provided sample download links.
Date: 2026-06-05T16:19:26Z
Network: openweb
Published URL: https://breached.su/threads/237k-hungary-https-www-hoxa-hu-user-contact-info-including-emails-ips-timestamps-status.88003/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Hungary
Victim Industry: Retail
Victim Organization: Hoxa
Victim Site: hoxa.hu
Alleged data breach of mredy.com exposing Iraqi contact and subscriber data
Category: Data Breach
Content: A threat actor is selling an alleged dataset from mredy.com comprising approximately 472,000 records across three sections: contacts, newsletter subscribers, and marketing campaign analytics. The data reportedly includes names (in Arabic, English, and French), email addresses, phone numbers, mailing addresses, and CRM metadata. The seller is asking $1,200 and accepts forum escrow for the transaction.
Date: 2026-06-05T16:18:51Z
Network: openweb
Published URL: https://breached.su/threads/472k-iraq-https-www-mredy-com-active-contacts-with-emails-names-roles-and-communication-details.88004/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Iraq
Victim Industry: Unknown
Victim Organization: Mredy
Victim Site: mredy.com
Alleged data breach of Japan Foundation (jpf.go.jp)
Category: Data Breach
Content: A threat actor is offering for sale an alleged dataset from jpf.go.jp, the Japan Foundation, containing approximately 746,000 records. The dataset is structured across three sections — Contacts, Support Tickets, and Event Registrations — and includes personal identifiers, email addresses, IP addresses, social media profiles, payment status, and account metadata. Sample files were shared via Gofile links as proof of the data.
Date: 2026-06-05T16:18:17Z
Network: openweb
Published URL: https://breached.su/threads/746k-japan-https-www-jpf-go-jp-contact-records-including-emails-ips-and-account-status-data.88005/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Japan
Victim Industry: Government
Victim Organization: Japan Foundation
Victim Site: jpf.go.jp
Alleged data breach of University of Latvia
Category: Data Breach
Content: A threat actor is selling an alleged dataset from the University of Latvia (lu.lv) containing approximately 238,000 records across three categories: student contacts, student enrollments, and alumni engagements. The data reportedly includes personally identifiable information such as names, emails, phone numbers, mailing addresses, birthdates, and academic details. The seller is asking $1,300 for the full dataset.
Date: 2026-06-05T16:17:42Z
Network: openweb
Published URL: https://breached.su/threads/238k-latvia-https-www-lu-lv-active-student-contacts-with-emails-status-and-academic-details.88006/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Latvia
Victim Industry: Education
Victim Organization: University of Latvia
Victim Site: lu.lv
Alleged data breach of Mobiland (mobiland.ad) exposing customer contact and rental booking records
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from mobiland.ad, an Andorran vehicle rental organization, priced at $1,100. The dataset reportedly contains approximately 137,000 records spanning three sections: customer contact details (including names, emails, phone numbers, addresses, and birthdates), rental booking form data, and customer feedback/support ticket records. The seller claims the data is fresh and organized for practical use.
Date: 2026-06-05T15:49:58Z
Network: openweb
Published URL: https://breached.su/threads/137k-andorra-https-www-mobiland-ad-contact-form-submissions-with-email-and-region-data.87991/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Andorra
Victim Industry: Retail
Victim Organization: Mobiland
Victim Site: mobiland.ad
Alleged data breach of QBD Books (qbd.com.au) with 427K Australian user records for sale
Category: Data Breach
Content: A threat actor is selling an alleged dataset from QBD Books (qbd.com.au) containing approximately 427,000 records for $900. The dataset is structured across three sections — Contacts (including names, emails, hashed passwords, birthdates, and social media IDs), Support Tickets (including email and secret fields), and Order History. The data is claimed to be fresh and organized for practical use.
Date: 2026-06-05T15:49:17Z
Network: openweb
Published URL: https://breached.su/threads/427k-australia-https-www-qbd-com-au-user-profiles-and-account-details-data-breach-discussion.87992/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Australia
Victim Industry: Retail
Victim Organization: QBD Books
Victim Site: qbd.com.au
Alleged data breach of bergfex.at — 421K Austrian tourism contact and booking records for sale
Category: Data Breach
Content: A threat actor is selling an alleged dataset from bergfex.at, an Austrian tourism platform, priced at $900. The dataset purportedly contains 421,000 records across three sections — Contacts (full name, email, postal address, job title, LinkedIn, phone, birthdate), Booking History (payment method, total price, booking details), and Support Tickets (issue descriptions, resolution notes, customer satisfaction scores). Sample files were shared via Gofile links.
Date: 2026-06-05T15:48:45Z
Network: openweb
Published URL: https://breached.su/threads/421k-austria-www-bergfex-at-tourism-managers-contact-data-including-emails-and-job-titles.87993/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Austria
Victim Industry: Tourism
Victim Organization: Bergfex
Victim Site: bergfex.at
Alleged data breach of Teamleader
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from Teamleader, a Belgium-based CRM/business software provider, for $1,100. The dataset reportedly contains 137,000 records across three sections — Contacts, Subscription Plans, and Support Tickets — including names, email addresses, job titles, company details, billing information, and support ticket data. Sample files are provided via Gofile links.
Date: 2026-06-05T15:48:09Z
Network: openweb
Published URL: https://breached.su/threads/137k-belgium-https-www-teamleader-eu-contact-data-including-email-names-job-titles-company-info.87994/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Belgium
Victim Industry: Technology
Victim Organization: Teamleader
Victim Site: teamleader.eu
Alleged data breach of Proximus (Belgium telecom) with customer contact and subscription data
Category: Data Breach
Content: A threat actor is selling an alleged dataset of approximately 479,000 records originating from Proximus, Belgiums major telecommunications provider. The dataset purportedly includes customer contact details (full name, email, address, phone, birthdate, gender), service order records, and support ticket data. The seller is asking $1,200 and accepts forum escrow for the transaction.
Date: 2026-06-05T15:47:36Z
Network: openweb
Published URL: https://breached.su/threads/479k-belgium-https-www-proximus-be-customer-contact-and-subscription-data-including-personal-info-and-status.87995/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Belgium
Victim Industry: Telecommunications
Victim Organization: Proximus
Victim Site: proximus.be
Alleged data breach of Royal Antwerp FC
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from royalantwerpfc.be containing approximately 237,000 records across three sections: contact details, newsletter sent records, and season ticket holder information. The dataset includes personal identifiers such as full names, email addresses, phone numbers, mailing addresses, birth dates, and payment details. The seller is asking $1,300 and can be contacted via Telegram.
Date: 2026-06-05T15:47:03Z
Network: openweb
Published URL: https://breached.su/threads/237k-belgium-https-www-royalantwerpfc-be-verified-email-contacts-and-user-engagement-data-from-football-club-site.87996/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Belgium
Victim Industry: Sports & Entertainment
Victim Organization: Royal Antwerp FC
Victim Site: royalantwerpfc.be
Alleged data breach of Zap Imóveis (zapimoveis.com.br) exposing 742K Brazilian real estate user records
Category: Data Breach
Content: A threat actor is selling an alleged dataset from zapimoveis.com.br, a Brazilian real estate platform, containing approximately 742,000 records. The dataset is structured across three sections: Contact (personal details including name, email, phone, date of birth, and mailing address), Property Inquiry (including tax ID numbers and agent assignment data), and User Login Security (including password hashes, security question/answer hashes, login IPs, and 2FA status). Sample files were shared via
Date: 2026-06-05T15:46:31Z
Network: openweb
Published URL: https://breached.su/threads/742k-brazil-www-zapimoveis-com-br-real-estate-leads-with-contact-and-subscription-details.87997/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Dumpdump
Victim Country: Brazil
Victim Industry: Real Estate
Victim Organization: Zap Imóveis
Victim Site: zapimoveis.com.br
Website Defacement of Oblatio Jewel by Claudexxx (Phantom Sec Team)
Category: Defacement
Content: On June 5, 2026, the jewelry retail website oblatiojewel.com was defaced by threat actor Claudexxx, operating under the group Phantom Sec Team. The attack targeted the homepage and is classified as a single-site defacement. No specific motivation or technical details were disclosed.
Date: 2026-06-05T15:29:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931407
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx, Phantom Sec Team
Victim Country: Unknown
Victim Industry: Retail / Jewelry
Victim Organization: Oblatio Jewel
Victim Site: oblatiojewel.com
Sale of Amazon Ledger hardware wallet buyer leads
Category: Carding
Content: A threat actor is selling leads consisting of personal data belonging to individuals who purchased Ledger hardware wallets via Amazon, derived from Amazon email:password credential lines checked manually. Data covers multiple countries including the US, Australia, UK, and several European nations, with orders dated 2025-2026.
Date: 2026-06-05T15:28:35Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-Amazon-ledger-leads–190485
Screenshots:
1 screenshot(s) available
Threat Actors: pymmesb
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: amazon.com
Purchase request for South African bank account access
Category: Carding
Content: A forum user is seeking to purchase a ready-to-use South African bank account, indicating intent to acquire fraudulent or compromised financial account access. The buyer specifies use of forum middleman escrow services for the transaction.
Date: 2026-06-05T15:23:55Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-BUYING-SOUTH-AFRICAN-BANK-ACCOUNT
Screenshots:
1 screenshot(s) available
Threat Actors: KristinaHo
Victim Country: South Africa
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Pakistan gambling organization
Category: Data Breach
Content: A forum user is seeking to purchase a Pakistan gambling database or related hacking services, with a stated budget of $1,000–$20,000. The buyer requests transactions be conducted through forum escrow. No specific organization or dataset has been identified.
Date: 2026-06-05T15:23:15Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-BUYING-Pakistan-gambling
Screenshots:
1 screenshot(s) available
Threat Actors: rothmansneck
Victim Country: Pakistan
Victim Industry: Gambling
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of French government and operator database collection
Category: Data Leak
Content: A threat actor is freely sharing a collection of databases on a dark web forum, claimed to contain French government (gouv.fr), telecom operators, ANTS (Agence Nationale des Titres Sécurisés), and other French entities. The actor states the data was aggregated from Telegram and other forums and may contain duplicates. No samples are provided.
Date: 2026-06-05T15:20:05Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-COLLECTION-FR-FREE-Sharing-My-Database-Collection
Screenshots:
1 screenshot(s) available
Threat Actors: KnoxTeam
Victim Country: France
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Asiacell Telecommunications
Category: Data Breach
Content: A threat actor is offering an alleged database from Asiacell Telecommunications containing subscriber personal information including names, phone numbers, dates of subscription, state, dates of birth, and ID numbers. The post requires forum points to access the content. Record count was not specified.
Date: 2026-06-05T15:16:50Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-ASIACELL-DATABASE
Screenshots:
1 screenshot(s) available
Threat Actors: moxa
Victim Country: Iraq
Victim Industry: Telecommunications
Victim Organization: Asiacell Telecommunications
Victim Site: asiacell.com
Alleged data leak of QI financial services company database
Category: Data Leak
Content: A threat actor shared what is claimed to be a database from QI, a financial services company, containing registered customer names, department of registration, dates, and mothers full names. The data is being distributed via an external file-sharing link. No record count was specified.
Date: 2026-06-05T15:16:10Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-QI-COMPANY-DATABASE
Screenshots:
1 screenshot(s) available
Threat Actors: moxa
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: QI
Victim Site: Unknown
Alleged data breach of Zain Iraq
Category: Data Breach
Content: A threat actor is offering an alleged database dump attributed to Zain Iraq, a telecommunications provider. The post claims the dataset includes user names, phone numbers, and addresses. Access to the full content requires forum points, and an external file-sharing link is provided.
Date: 2026-06-05T15:15:26Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Zain-IRAQ-DATABASE
Screenshots:
1 screenshot(s) available
Threat Actors: moxa
Victim Country: Iraq
Victim Industry: Telecommunications
Victim Organization: Zain Iraq
Victim Site: Unknown
Alleged data leak of Iraqi National Intelligence Service database
Category: Data Leak
Content: A threat actor is sharing what they claim is a database from the Iraqi National Intelligence Service, allegedly containing personal information on Baghdad residents including full names, family members, birth dates, addresses, places of work, and national ration card numbers. The post includes links to sample images and requires forum points to access the full content. The authenticity of the data has not been verified.
Date: 2026-06-05T15:14:27Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-IRAQI-NATIONAL-INTELLIGENCE-SERVICE-DATABASE
Screenshots:
1 screenshot(s) available
Threat Actors: moxa
Victim Country: Iraq
Victim Industry: Government
Victim Organization: Iraqi National Intelligence Service
Victim Site: Unknown
Alleged data breach of Tradeify.com via exposed Klaviyo API key
Category: Data Breach
Content: A threat actor claims to have exfiltrated the full customer CRM of Tradeify.com by exploiting a Klaviyo private API key hardcoded in client-side JavaScript. The alleged dump contains 240,174 customer profiles including full names, email addresses, phone numbers, physical addresses, and purchase history. The actor claims the API key remains active and has shared it publicly alongside sample records.
Date: 2026-06-05T15:13:38Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Tradeify-com-full-customer-database-%E2%80%93-240k-PII
Screenshots:
1 screenshot(s) available
Threat Actors: macaroni
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Tradeify
Victim Site: tradeify.com
Alleged data leak from Emaar Properties in Dubai
Category: Data Leak
Content: A threat actor has made available a dataset allegedly sourced from Emaar Properties in Dubai, containing 12,932 rows in XLSX format. The data is accessible via a hidden download link gated behind forum points. The post credits Anonymous2090 for the data.
Date: 2026-06-05T15:12:47Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Table-of-Data-from-Emaar-Properties-in-Dubai
Screenshots:
1 screenshot(s) available
Threat Actors: Tanaka
Victim Country: United Arab Emirates
Victim Industry: Real Estate
Victim Organization: Emaar Properties
Victim Site: emaar.com
Alleged data leak of multiple French organizations
Category: Data Leak
Content: A threat actor operating under the name KnoxTeam has freely distributed a collection of databases allegedly sourced from multiple French organizations, including government entities (CAF, France Travail, Sante.Gouv, ANTS, justice), telecommunications providers (Free, SFR), healthcare platforms (ameli.fr), and various retail and services companies. The actor claims the data has not previously appeared on the forum and acknowledges the content has not been verified. The post is part of a series, w…
Date: 2026-06-05T15:11:53Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-FR-FREE-my-database-2
Screenshots:
1 screenshot(s) available
Threat Actors: KnoxTeam
Victim Country: France
Victim Industry: Multiple
Victim Organization: Multiple French organizations including CAF, France Travail, Sante.Gouv, ameli.fr, Free, SFR, and others
Victim Site: Unknown
Alleged data leak of Flave.ai
Category: Data Leak
Content: A threat actor leaked an alleged database from Flave.ai, an AI platform, containing approximately 10,000 user records. The dataset includes email addresses, full names, usernames, roles, payment status, and profile picture links. The data was shared freely in text format and is dated May 20, 2026.
Date: 2026-06-05T15:11:07Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Flave-ai-leak
Screenshots:
1 screenshot(s) available
Threat Actors: Tanaka
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Flave.ai
Victim Site: flave.ai
Alleged data leak of Flave.AI
Category: Data Leak
Content: A threat actor has freely shared an alleged database dump from Flave.AI containing approximately 10,000 user records. The dataset includes email addresses, full names, usernames, roles, profile picture links, payment status, and account metadata. The data is dated May 20, 2026 and was distributed in JSON format.
Date: 2026-06-05T15:10:46Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79062
Screenshots:
1 screenshot(s) available
Threat Actors: Tanaka
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Flave.AI
Victim Site: flave.ai
Alleged data breach of Nasdaq
Category: Data Breach
Content: A threat actor is offering for sale an alleged database associated with Nasdaq containing 21,806 records. The dataset includes personally identifiable information such as full name, address, phone number, gender, date of birth (partially masked), credit score, account opening balance, and market experience details. The post includes sample records with apparent US-based individuals.
Date: 2026-06-05T15:10:31Z
Network: openweb
Published URL: https://breached.su/threads/database-nasdaq-long.87990/unread
Screenshots:
1 screenshot(s) available
Threat Actors: 0xulnar
Victim Country: United States
Victim Industry: Finance
Victim Organization: Nasdaq
Victim Site: nasdaq.com
Alleged data leak of Aman Hotels Salesforce CRM data by ShinyHunters
Category: Data Leak
Content: In April 2026, ShinyHunters allegedly exfiltrated data from the ultra-luxury hotel brand Aman via their Salesforce CRM as part of a pay-or-leak extortion campaign. The data was subsequently leaked publicly and contains over 215,000 records including names, email addresses, physical addresses, phone numbers, dates of birth, nationalities, genders, spouse names, and VIP status codes. The breach has been indexed by HaveIBeenPwned.
Date: 2026-06-05T14:56:46Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79059
Screenshots:
1 screenshot(s) available
Threat Actors: Blastoize
Victim Country: Switzerland
Victim Industry: Hospitality
Victim Organization: Aman
Victim Site: aman.com
Alleged data leak of Flave.ai
Category: Data Leak
Content: A threat actor has leaked an alleged database dump from Flave.ai, an AI platform, containing approximately 10,000 user records. The dataset includes email addresses, full names, usernames, roles, profile picture links, payment status, and account metadata. The data was shared freely on a dark web forum and is dated May 20, 2026.
Date: 2026-06-05T14:56:06Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79062
Screenshots:
1 screenshot(s) available
Threat Actors: Tanaka
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Flave.ai
Victim Site: flave.ai
Alleged data breach of LegionProxy
Category: Data Breach
Content: A threat actor claims to have obtained a full database dump from LegionProxy, a commercial residential and ISP proxy network, following an alleged breach in April 2026. The exposed data reportedly includes email addresses, bcrypt password hashes, names, and purchase records affecting approximately 10,100 accounts. The post references the breach listing on HaveIBeenPwned and includes a data sample with structured user records.
Date: 2026-06-05T14:55:28Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79063
Screenshots:
1 screenshot(s) available
Threat Actors: Blastoize
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: LegionProxy
Victim Site: legionproxy.io
Mass Defacement of Indonesian Islamic School Website by EbRaHiM-VaKeR (LegioN_LeakeR)
Category: Defacement
Content: On June 5, 2026, threat actor EbRaHiM-VaKeR, affiliated with the Telegram group LegioN_LeakeR, defaced a subdomain of MTs Maarif NU Cimanggu, an Islamic junior high school in Indonesia. The incident was identified as part of a mass defacement campaign targeting multiple websites hosted on a Linux server. The defacement was archived and documented via haxor.id.
Date: 2026-06-05T14:48:56Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249805
Screenshots:
1 screenshot(s) available
Threat Actors: EbRaHiM-VaKeR, T.me/LegioN_LeakeR
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTs Maarif NU Cimanggu
Victim Site: rdm2.mtsmaarifnucimanggu.sch.id
Mass Defacement of Indonesian Islamic School Website by EbRaHiM-VaKeR (LegioN_LeakeR)
Category: Defacement
Content: Threat actor EbRaHiM-VaKeR, affiliated with the Telegram group LegioN_LeakeR, conducted a mass defacement campaign targeting the website of MTs Maarif NU Cimanggu, an Islamic junior high school in Indonesia. The defacement was deployed on a Linux-based server and is part of a broader mass defacement operation. A mirror of the defaced page has been archived at haxor.id.
Date: 2026-06-05T14:47:42Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249808
Screenshots:
1 screenshot(s) available
Threat Actors: EbRaHiM-VaKeR, T.me/LegioN_LeakeR
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTs Maarif NU Cimanggu
Victim Site: am.mtsmaarifnucimanggu.sch.id
Mass Defacement of Indonesian Islamic School Financial Portal by EbRaHiM-VaKeR (LegioN_LeakeR)
Category: Defacement
Content: Threat actor EbRaHiM-VaKeR, affiliated with the Telegram group LegioN_LeakeR, conducted a mass defacement attack targeting the financial subdomain of MTs Maarif NU Cimanggu, an Islamic junior high school in Indonesia. The attack occurred on June 5, 2026, on a Linux-based server, and was confirmed as part of a broader mass defacement campaign. The defaced content was archived and mirrored on haxor.id.
Date: 2026-06-05T14:46:13Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249807
Screenshots:
1 screenshot(s) available
Threat Actors: EbRaHiM-VaKeR, T.me/LegioN_LeakeR
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTs Maarif NU Cimanggu
Victim Site: keuangan.mtsmaarifnucimanggu.sch.id
Mass Defacement of Indonesian Islamic School Website by EbRaHiM-VaKeR (LegioN_LeakeR)
Category: Defacement
Content: Threat actor EbRaHiM-VaKeR, affiliated with the Telegram group LegioN_LeakeR, conducted a mass defacement campaign targeting the website of MTs Maarif NU Cimanggu, an Indonesian Islamic junior high school. The defacement was identified on June 5, 2026, with the attacker leaving a text-based payload on the Linux-hosted web server. This incident is part of a broader mass defacement operation attributed to the same actor.
Date: 2026-06-05T14:44:56Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249804
Screenshots:
1 screenshot(s) available
Threat Actors: EbRaHiM-VaKeR, T.me/LegioN_LeakeR
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTs Maarif NU Cimanggu
Victim Site: mtsmaarifnucimanggu.sch.id
Mass Defacement of Indonesian Islamic School by EbRaHiM-VaKeR (LegioN_LeakeR)
Category: Defacement
Content: Threat actor EbRaHiM-VaKeR, affiliated with the Telegram group LegioN_LeakeR, conducted a mass defacement campaign targeting the student payment portal of MTS Maarif NU Cimanggu, an Islamic junior high school in Indonesia. The defacement was hosted on a Linux-based server and archived via haxor.id. This incident is part of a broader mass defacement operation attributed to the same actor.
Date: 2026-06-05T14:43:50Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249806
Screenshots:
1 screenshot(s) available
Threat Actors: EbRaHiM-VaKeR, T.me/LegioN_LeakeR
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTS Maarif NU Cimanggu
Victim Site: spp.mtsmaarifnucimanggu.sch.id
Alleged defacement of multiple mycompanyportfolio.com subdomains by Mr.PIMZZZXploit
Category: Defacement
Content: Threat actor claiming responsibility for defacing 17 subdomains across mycompanyportfolio.com infrastructure, including admin panels, APIs, and user-facing applications. Mirror link provided at hack-db.org.
Date: 2026-06-05T14:42:25Z
Network: telegram
Published URL: https://t.me/c/3865526389/1177
Screenshots:
2 screenshot(s) available
Threat Actors: Mr.PIMZZZXploit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: mycompanyportfolio.com
Victim Site: mycompanyportfolio.com
Alleged defacement of photoshop-tutorials.nl by Mr.PIMZZZXploit
Category: Defacement
Content: Website defacement claimed by threat actor Mr.PIMZZZXploit. The defaced page at https://www.photoshop-tutorials.nl/author/michael/ has been mirrored at https://hack-db.org/mirror/138309. Post includes hashtags referencing Babayo Eror System and allaliance.
Date: 2026-06-05T14:38:47Z
Network: telegram
Published URL: https://t.me/c/3865526389/1176
Screenshots:
2 screenshot(s) available
Threat Actors: Mr.PIMZZZXploit
Victim Country: Netherlands
Victim Industry: Unknown
Victim Organization: photoshop-tutorials.nl
Victim Site: photoshop-tutorials.nl
Alleged defacement of photoshop-tutorials.nl by Mr.PIMZZZXploit
Category: Defacement
Content: Website defacement of photoshop-tutorials.nl claimed by threat actor Mr.PIMZZZXploit. A mirror of the hacked content is provided at hack-db.org/mirror/138309.
Date: 2026-06-05T14:36:57Z
Network: telegram
Published URL: https://t.me/c/3865526389/1175
Screenshots:
2 screenshot(s) available
Threat Actors: Mr.PIMZZZXploit
Victim Country: Netherlands
Victim Industry: Unknown
Victim Organization: photoshop-tutorials.nl
Victim Site: photoshop-tutorials.nl
Mass defacement of 365dias.mx by E.H.9 affiliated with XmrAnonye.id
Category: Defacement
Content: On June 5, 2026, the website 365dias.mx was defaced as part of a mass defacement campaign carried out by threat actor E.H.9, operating under the team XmrAnonye.id. The attack was confirmed as a mass defacement operation, suggesting multiple sites were targeted simultaneously. A mirror of the defaced page was archived at haxor.id.
Date: 2026-06-05T14:26:32Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249803
Screenshots:
1 screenshot(s) available
Threat Actors: E.H.9, XmrAnonye.id
Victim Country: Mexico
Victim Industry: Unknown
Victim Organization: 365 Dias
Victim Site: 365dias.mx
Alleged data breach of Jewsely.com
Category: Data Breach
Content: A threat actor is offering for sale a database allegedly obtained from Jewsely.com containing 10,444 records. The dataset includes personal information such as full names, addresses, cities, phone numbers, and email addresses. Sample data indicates victims are located in Israel.
Date: 2026-06-05T14:22:54Z
Network: openweb
Published URL: https://breached.su/threads/jewsely-com.87989/unread
Screenshots:
1 screenshot(s) available
Threat Actors: 0xulnar
Victim Country: Israel
Victim Industry: Retail
Victim Organization: Jewsely
Victim Site: jewsely.com
Sale of KYC bypass service for SumUp payment gateway
Category: Carding
Content: A forum user is seeking or offering a KYC bypass service targeting the SumUp payment gateway, specifically for selfie-based identity verification (Enfido). The post references a Telegram contact, suggesting a commercial service for circumventing identity checks on the platform.
Date: 2026-06-05T14:14:12Z
Network: openweb
Published URL: https://darknetarmy.io/threads/need-bypass-kyc-selfie-sumup-gateway-enfido-telegram-galoxy20.136130/
Screenshots:
1 screenshot(s) available
Threat Actors: wa200101
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: SumUp
Victim Site: sumup.com
Alleged data breach of vines-indonesia.com
Category: Data Breach
Content: A threat actor has shared what appears to be a SQL database dump from vines-indonesia.com, dated May 2023. The dataset includes fields such as full name, email, date of birth, address, hashed password, phone number, and geolocation coordinates. The content is gated behind forum registration or login.
Date: 2026-06-05T13:55:22Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-vines-indonesia-com
Screenshots:
1 screenshot(s) available
Threat Actors: [Mod] Tanaka
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Vines Indonesia
Victim Site: vines-indonesia.com
Alleged data breach of BPJS Kesehatan (Indonesian National Health Insurance)
Category: Data Breach
Content: A threat actor is sharing an alleged SQL database dump from BPJS Kesehatan, Indonesias national health insurance administrator, containing approximately 5.5 million patient records. The leaked data includes patient names, dates of birth, gender, marital status, addresses, phone numbers, religion, BPJS membership numbers, and national identity numbers. The data is dated 2023 and is being freely distributed on the forum.
Date: 2026-06-05T13:54:43Z
Network: openweb
Published URL: https://spear.cx/Thread-bpjs-kesehatan-go-id
Screenshots:
1 screenshot(s) available
Threat Actors: [Mod] Tanaka
Victim Country: Indonesia
Victim Industry: Healthcare
Victim Organization: BPJS Kesehatan
Victim Site: bpjs-kesehatan.go.id
Alleged data breach of Vimeo via third-party analytics vendor Anodot
Category: Data Breach
Content: The ShinyHunters extortion group reportedly published data attributed to a breach of Anodot, a third-party analytics vendor used by Vimeo, as part of a pay-or-leak campaign in April 2026. The exposed data includes approximately 119,200 unique email addresses, names, and CRM-style metadata including deal amounts, account IDs, and contact details. Vimeo stated the incident does not include video content, valid login credentials, or payment card information.
Date: 2026-06-05T13:54:36Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79055
Screenshots:
1 screenshot(s) available
Threat Actors: Blastoize
Victim Country: United States
Victim Industry: Technology
Victim Organization: Vimeo
Victim Site: vimeo.com
Alleged data leak of Dubai real estate investor leads
Category: Data Leak
Content: A threat actor has shared what is claimed to be a dataset of approximately 1 million investor leads from Dubai real estate sources. The sample data includes mobile numbers, WhatsApp numbers, and email addresses. The content is hidden behind a login/registration wall, suggesting it is being distributed to registered forum members.
Date: 2026-06-05T13:26:50Z
Network: openweb
Published URL: https://breachforum.su/Thread-Dubai-Real-Estates-1-million-investors-Leads
Screenshots:
1 screenshot(s) available
Threat Actors: Dubizzle
Victim Country: United Arab Emirates
Victim Industry: Real Estate
Victim Organization: Unknown
Victim Site: Unknown
Sale of Ebenezer credit cards x32
Category: Carding
Content: A forum user is sharing 32 credit cards attributed to Ebenezer, gated behind a reply-and-react requirement. No additional details about card origin or geographic region are provided.
Date: 2026-06-05T13:26:44Z
Network: openweb
Published URL: https://darknetarmy.io/threads/ebenezer-credit-cards-x32.136112/
Screenshots:
1 screenshot(s) available
Threat Actors: NickNix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged Mannie credit card data (x20)
Category: Carding
Content: A forum user is offering 20 alleged credit card records gated behind a reply-and-react requirement. No additional details about card origin, BINs, or geographic scope are visible in the post.
Date: 2026-06-05T13:26:19Z
Network: openweb
Published URL: https://darknetarmy.io/threads/x20-mannie-credit-card.136113/
Screenshots:
1 screenshot(s) available
Threat Actors: NickNix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free sharing of fresh stolen payment card data
Category: Carding
Content: A forum user on a carding-focused forum is offering free stolen payment card data (CCs) gated behind a reply-and-react requirement. No details about card count, country of origin, or issuing bank are visible without interaction.
Date: 2026-06-05T13:25:59Z
Network: openweb
Published URL: https://darknetarmy.io/threads/cc-freesh.136114/
Screenshots:
1 screenshot(s) available
Threat Actors: NickNix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Dobbin credit card data (x40 records)
Category: Carding
Content: A forum user is offering 40 Dobbin credit card records behind a reaction-gate on a carding forum. The actual card data is hidden and requires user engagement to access. No further details about the card origin or country are provided.
Date: 2026-06-05T13:25:25Z
Network: openweb
Published URL: https://darknetarmy.io/threads/x40-dobbin-credit-card.136115/
Screenshots:
1 screenshot(s) available
Threat Actors: NickNix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of charged Discover credit card details
Category: Carding
Content: A forum post on a carding-focused forum offers details of a charged Discover credit card, gated behind a reply-and-react requirement. No further details about the card count, BIN, or origin are visible without interaction.
Date: 2026-06-05T13:25:00Z
Network: openweb
Published URL: https://darknetarmy.io/threads/charged-discover-cc.136116/
Screenshots:
1 screenshot(s) available
Threat Actors: NickNix
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen payment card data (CCs)
Category: Carding
Content: A forum member is sharing payment card data (CCs) gated behind a reply-and-react requirement on a carding forum. No details about card count, origin, or geographic scope are provided in the visible post content.
Date: 2026-06-05T13:24:34Z
Network: openweb
Published URL: https://darknetarmy.io/threads/ccs.136120/
Screenshots:
1 screenshot(s) available
Threat Actors: NickNix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of AAA Gro Trading by Claudexxx (Phantom Sec Team)
Category: Defacement
Content: On June 5, 2026, the website aaagrotrading.com was defaced by threat actor Claudexxx, operating under the group Phantom Sec Team. The attack targeted the homepage of the site in a single, targeted defacement operation. No specific motive or server details were disclosed.
Date: 2026-06-05T13:24:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931374
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx, Phantom Sec Team
Victim Country: Unknown
Victim Industry: Agriculture / Trading
Victim Organization: AAA Gro Trading
Victim Site: aaagrotrading.com
Alleged data leak of AT&T — 1.2 billion records
Category: Data Leak
Content: A threat actor known as MDGhost666 is distributing what is claimed to be a large database allegedly stolen from AT&T, containing approximately 1.2 billion records. The leaked fields include phone numbers, billing account numbers, email addresses, customer names, ZIP codes, device details, installment plan data, payment amounts, and upgrade eligibility indicators. A 5 million record sample is offered for download alongside a full dataset.
Date: 2026-06-05T13:12:22Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79047
Screenshots:
1 screenshot(s) available
Threat Actors: MDGhost666
Victim Country: United States
Victim Industry: Telecommunications
Victim Organization: AT&T
Victim Site: att.com
Sale of Italian and European business contact database with 5.5 million emails
Category: Data Breach
Content: A threat actor is offering a database of Italian and European business contacts, including over 300,000 business leads without emails, 167,000 with emails, and 5.5 million verified business email addresses. Each record reportedly contains company name, address, city, country, phone number, and email. The origin and method of acquisition of the data are not disclosed.
Date: 2026-06-05T13:11:45Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79049
Screenshots:
1 screenshot(s) available
Threat Actors: MDGhost666
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of forum-lifedomus.com
Category: Data Leak
Content: A threat actor has freely shared what is alleged to be a database dump from the Lifedomus forum, containing user records including usernames, hashed passwords, email addresses, IP addresses, and other profile metadata. The data appears to originate from a vBulletin-based forum platform. The full record count is not specified in the post.
Date: 2026-06-05T13:10:55Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79050
Screenshots:
1 screenshot(s) available
Threat Actors: AshleyWood2022
Victim Country: France
Victim Industry: Technology
Victim Organization: Lifedomus
Victim Site: forum-lifedomus.com
Alleged data leak of Dubai property investor database
Category: Data Leak
Content: A threat actor has shared sample records and claims to possess approximately 1 million records pertaining to property investors in Dubai. The leaked data includes full names, email addresses, and phone numbers. The actor states additional records are available on request.
Date: 2026-06-05T13:01:02Z
Network: openweb
Published URL: https://breachforum.su/Thread-Dubai-Latest-Leaked-database
Screenshots:
5 screenshot(s) available
Threat Actors: Dubizzle
Victim Country: United Arab Emirates
Victim Industry: Real Estate
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Kraken Cryptocurrency Exchange
Category: Data Breach
Content: A threat actor is selling an alleged database dump of Kraken cryptocurrency exchange, claiming direct backend access to user and trading platform data extracted June 1–4, 2026. The dataset purportedly includes 1.45 million records with full KYC data, wallet addresses, estimated account balances, hashed passwords, 2FA methods, and recent transaction snippets. Pricing tiers range from $550 for a test pack to $11,500 for the full database, with specialized high-balance and KYC-verified segments off…
Date: 2026-06-05T12:54:50Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79007
Screenshots:
2 screenshot(s) available
Threat Actors: Lordracks
Victim Country: United States
Victim Industry: Finance
Victim Organization: Kraken
Victim Site: kraken.com
Alleged data breach of Propertyfinder.ae
Category: Data Breach
Content: A threat actor is selling an alleged database dump from Propertyfinder.ae, a UAE-based real estate platform, containing approximately 1.4 million contact records. The sample data includes full names, phone numbers, email addresses, lead details, property preferences, and nationality information. The seller is offering the data via Telegram.
Date: 2026-06-05T12:53:44Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78944
Screenshots:
1 screenshot(s) available
Threat Actors: Solana0011
Victim Country: United Arab Emirates
Victim Industry: Real Estate
Victim Organization: Propertyfinder
Victim Site: propertyfinder.ae
Alleged sale of Abu Dhabi property owners database
Category: Data Breach
Content: A threat actor is offering for sale a database purportedly containing Abu Dhabi property owner records spanning multiple residential and villa developments. The sample data includes owner names, unit numbers, project names, developers, property size, and contact phone numbers. The dataset covers numerous projects across Abu Dhabi, Yas Island, and Masdar City developments.
Date: 2026-06-05T12:53:06Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78949
Screenshots:
2 screenshot(s) available
Threat Actors: Solana0011
Victim Country: United Arab Emirates
Victim Industry: Real Estate
Victim Organization: Unknown
Victim Site: Unknown
Sale of banking phishing panels targeting German and European financial institutions
Category: Phishing
Content: A threat actor is offering phishing-as-a-service panels targeting multiple European banks including Sparkasse, Volksbank, Deutsche Bank, N26, and Revolut for €1,200/month. The service includes login, credit card, and data phishing modules, an admin panel for managing phishing domains and harvested logs, antibot protections, and 1:1 replicas of legitimate banking sites. Panels are advertised as ready within 24 hours with continuous updates to match live bank site changes.
Date: 2026-06-05T12:52:26Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78961
Screenshots:
1 screenshot(s) available
Threat Actors: rode1312
Victim Country: Germany
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Mass email spam service offering phishing and online banking fraud campaigns
Category: Phishing
Content: A threat actor is advertising a full-service mass email spam operation capable of sending 50,000 to 100,000+ emails per day, with pricing starting at €1,750 for 50,000 emails. The service includes HTML template creation, lead list provisioning, and explicit support for online banking spam campaigns. The actor claims to offer a log guarantee, indicating credential harvesting as an expected outcome.
Date: 2026-06-05T12:51:54Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78962
Screenshots:
1 screenshot(s) available
Threat Actors: rode1312
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of KRYS.COM with medical and financial documents
Category: Data Breach
Content: A threat actor is selling 66.6 GB of data allegedly exfiltrated from Krys, a French optical retail and healthcare company. The dataset consists of 153,675 PDF files including medical prescriptions, health insurance cards, banking documents, and quotes. Sample files are provided via multiple file-sharing links.
Date: 2026-06-05T12:51:11Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78980
Screenshots:
1 screenshot(s) available
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Healthcare
Victim Organization: Krys
Victim Site: krys.com
Alleged data breach of Chinese marketplace platform (4KK.CN) exposing user personal data
Category: Data Breach
Content: A threat actor is offering for sale a dataset purportedly sourced from 4KK.CN, a Chinese marketplace platform, containing 5.4 million records. Despite being marketed as a business intelligence dataset, the included sample data reveals Chinese national ID numbers, phone numbers, and full names — personal data inconsistent with public business information. The seller is directing buyers to a Telegram channel and requesting direct messages for purchase.
Date: 2026-06-05T12:49:16Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78923
Screenshots:
1 screenshot(s) available
Threat Actors: Edric
Victim Country: China
Victim Industry: Retail
Victim Organization: 4KK.CN
Victim Site: 4kk.cn
Alleged data breach of shoppin.app
Category: Data Leak
Content: A threat actor known as Voidpulse has leaked JSON files allegedly obtained from a breach of shoppin.app, purportedly affecting 50,000 users. The post claims this is the first stage of a staged release, with full data including favorited items to follow. No breach notification is reported to have been issued to affected users in the five months since the alleged compromise.
Date: 2026-06-05T12:48:41Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78927
Screenshots:
1 screenshot(s) available
Threat Actors: Voidpulse
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: shoppin.app
Victim Site: shoppin.app
Alleged initial access and data breach of Maroc Telecom (IAM)
Category: Initial Access
Content: A threat actor is offering remote access and VPN access to Maroc Telecom (IAM) infrastructure for sale or trade, with a 6-hour time limit. The post includes a compromised OWA webmail endpoint (webmail.menara.ma), an internal IP address, and a list of over 60 corporate email addresses with associated employee full names, claiming the intrusion was conducted using the tool TH3MP404.
Date: 2026-06-05T12:47:53Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78981
Screenshots:
3 screenshot(s) available
Threat Actors: F0xY_T7nsia
Victim Country: Morocco
Victim Industry: Telecommunications
Victim Organization: Maroc Telecom
Victim Site: iam.ma
Alleged data leak of Tinder
Category: Data Leak
Content: A threat actor claims to have leaked a dataset allegedly belonging to Tinder, the dating application, containing over 64 million user records in JSON format. The data is being distributed via a Telegram channel. The nature and authenticity of the alleged breach have not been verified.
Date: 2026-06-05T12:47:14Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78988
Screenshots:
1 screenshot(s) available
Threat Actors: CrazyGirlFroggy
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Tinder
Victim Site: tinder.com
Alleged sale of China B2B business leads database
Category: Data Breach
Content: A threat actor is offering a dataset of 800,000+ records purportedly containing Chinese B2B business leads in Excel/CSV format. The data includes company names, industry, business websites, company size, location, public contact information, and internal fields such as email addresses, user tokens, and organizational metadata. The sample schema suggests the data may originate from a Chinese enterprise collaboration or CRM platform.
Date: 2026-06-05T12:46:38Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79040
Screenshots:
1 screenshot(s) available
Threat Actors: Edric
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of KomikoAI AI-Anime Generator Platform
Category: Data Leak
Content: A threat actor has leaked a full database dump from KomikoAI, an AI-powered comic generation platform, following a breach that allegedly occurred in February 2026. The exposed data includes 1.1 million unique email addresses, names, forum posts, and AI-generated content prompts. The dataset was added to HaveIBeenPwned on March 2, 2026, and is being distributed via a hidden download link on the forum.
Date: 2026-06-05T12:45:49Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79041
Screenshots:
1 screenshot(s) available
Threat Actors: Blastoize
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: KomikoAI
Victim Site: komiko.app
Alleged data breach of gtptabs.com
Category: Data Breach
Content: A threat actor has leaked an alleged database dump from gtptabs.com containing approximately 310,000 records. The sample includes user IDs, usernames, and hashed passwords with account status fields. The data is being distributed as hidden content requiring forum engagement or account upgrade to access.
Date: 2026-06-05T12:45:06Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79044
Screenshots:
1 screenshot(s) available
Threat Actors: AshleyWood2022
Victim Country: Unknown
Victim Industry: Entertainment
Victim Organization: GTPTabs
Victim Site: gtptabs.com
Alleged data leak of forum.diakov.net
Category: Data Leak
Content: A threat actor has freely shared what is alleged to be a database dump from forum.diakov.net. The leaked data includes user IDs, usernames, email addresses, secret keys, group memberships, and account metadata. The dataset appears to be a structured XenForo-format user table with administrator credentials included.
Date: 2026-06-05T12:44:25Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79045
Screenshots:
1 screenshot(s) available
Threat Actors: AshleyWood2022
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Diakov
Victim Site: forum.diakov.net
Alleged data breach of Baydöner restaurant chain
Category: Data Breach
Content: In March 2026, Turkish restaurant chain Baydöner allegedly suffered a data breach exposing over 1.3 million customer records. Compromised data includes names, email addresses, phone numbers, plaintext passwords, dates of birth, genders, geographic locations, purchase history, and a subset of Turkish national ID numbers. The breached dataset was subsequently published to a public hacking forum; Baydöner stated that payment and financial data was not affected.
Date: 2026-06-05T12:43:40Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79046
Screenshots:
1 screenshot(s) available
Threat Actors: Blastoize
Victim Country: Turkey
Victim Industry: Retail
Victim Organization: Baydöner
Victim Site: baydoner.com
Sale of Alleged SECRET//NOFORN US Agency Intelligence Reports
Category: Data Leak
Content: A threat actor is offering for sale documents purportedly classified as SECRET//NOFORN originating from an unnamed US government agency. The seller provides contact details across multiple platforms and claims to offer samples upon request. The authenticity and origin of the alleged classified materials cannot be independently verified.
Date: 2026-06-05T12:08:00Z
Network: openweb
Published URL: https://crackingx.com/threads/78062/
Screenshots:
1 screenshot(s) available
Threat Actors: mosad
Victim Country: United States
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged NATO Cosmic Top Secret documents
Category: Data Leak
Content: A threat actor operating under the handle mosad is claiming to sell documents allegedly classified at the NATO COSMIC TOP SECRET level. The seller provides multiple contact channels including Telegram, Session, Tox, Matrix, and Jabber, and offers samples or a full document list upon contact. The authenticity and origin of the claimed documents have not been verified.
Date: 2026-06-05T12:07:41Z
Network: openweb
Published URL: https://crackingx.com/threads/78063/
Screenshots:
1 screenshot(s) available
Threat Actors: mosad
Victim Country: Unknown
Victim Industry: Government
Victim Organization: NATO
Victim Site: nato.int
Carding shop offering stolen payment cards with refund guarantee
Category: Carding
Content: A threat actor operating as Valeria CARD MARKET is advertising a carding storefront selling stolen payment cards starting at $0.50 per card. The shop claims daily-refreshed inventory, a refund policy for invalid cards, and uses a verification system called 4check. The operation maintains both a clearnet site and a Tor mirror.
Date: 2026-06-05T12:07:33Z
Network: openweb
Published URL: https://ascarding.net/threads/17955/
Screenshots:
2 screenshot(s) available
Threat Actors: Valeriacvv
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: valeriacards.info
Free sharing of 20 Kane credit cards on carding forum
Category: Carding
Content: A forum member on a carding-focused forum is sharing 20 credit cards, gated behind a reply-and-react engagement requirement. The content is not visible without user interaction, so card details and origin cannot be verified.
Date: 2026-06-05T11:58:09Z
Network: openweb
Published URL: https://darknetarmy.io/threads/x20-kane-credit-card.136109/
Screenshots:
1 screenshot(s) available
Threat Actors: NickNix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free distribution of Unlock Tool Pro device servicing software
Category: Malware
Content: A forum user is distributing a free copy of Unlock Tool Pro, a utility advertising Android device servicing functions including FRP bypass, bootloader unlock, screen lock removal, and IMEI repair. A VirusTotal link is included, suggesting the file may be flagged as malicious. The tool supports a wide range of Android manufacturers including Samsung, Xiaomi, Huawei, and others.
Date: 2026-06-05T11:57:46Z
Network: openweb
Published URL: https://spear.cx/Thread-Free-Unlock-Tool-Pro
Screenshots:
2 screenshot(s) available
Threat Actors: zerodark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Brutus Password Cracker Tool
Category: Malware
Content: A threat actor is offering the Brutus password cracker tool for sale, with a download link hosted on MediaFire. The post advertises the tool as capable of identifying weak passwords and demonstrating brute-force vulnerabilities. A VirusTotal report is referenced, suggesting the file has been scanned.
Date: 2026-06-05T11:57:07Z
Network: openweb
Published URL: https://spear.cx/Thread-Source-Code-Brutus-Password-Cracker-Tool–1297
Screenshots:
1 screenshot(s) available
Threat Actors: zerodark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of BTMOB V4 Android RAT
Category: Malware
Content: A threat actor is distributing BTMOB V4, an Android remote access trojan (RAT), via download links on a cracking forum. The post advertises lightweight performance, fast response, and enhanced security controls, with additional tools available for purchase via Telegram. A VirusTotal report is referenced alongside the download links.
Date: 2026-06-05T11:56:31Z
Network: openweb
Published URL: https://spear.cx/Thread-Free-BTMOB-V4%C2%A0-Android-RAT
Screenshots:
1 screenshot(s) available
Threat Actors: zerodark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Bitcoin Wallet Cracking and Address Generation Tool
Category: Malware
Content: A threat actor is distributing a tool advertised as a Bitcoin wallet cracker and address generator, capable of generating wallet addresses, public/private keys, and checking balances without an API key. The tool relies on Python packages including blockcypher and moneywagon. This type of tool is typically used to brute-force or scan for Bitcoin wallets with existing balances.
Date: 2026-06-05T11:38:23Z
Network: openweb
Published URL: https://crackingx.com/threads/78074/
Screenshots:
1 screenshot(s) available
Threat Actors: ketrin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Predator 1.6 Malware
Category: Malware
Content: A forum post on CX-Forum is distributing what is described as Predator 1.6, a remote surveillance-style malware. The post includes a VirusTotal link referencing a file hash associated with the malware. The content is framed as prevention best practices but provides download links consistent with malware distribution.
Date: 2026-06-05T11:38:03Z
Network: openweb
Published URL: https://crackingx.com/threads/78099/
Screenshots:
2 screenshot(s) available
Threat Actors: hosseingpg219
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale or distribution of ProRat v1.9 remote access trojan
Category: Malware
Content: A forum post is distributing ProRat v1.9, a known remote access trojan (RAT), via download links. The post includes a VirusTotal hash reference and frames the malware under security terminology. No specific victim organization or targeted campaign is identified.
Date: 2026-06-05T11:37:40Z
Network: openweb
Published URL: https://crackingx.com/threads/78101/
Screenshots:
2 screenshot(s) available
Threat Actors: hosseingpg219
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of offensive cyber tools marketed as security framework
Category: Malware
Content: A forum user is advertising a modular offensive cyber tool suite described as a Universal Framework for sale. The post references multi-stage execution patterns, attack chain simulation, and malware structure analysis, framed under the guise of ethical hacking and threat intelligence research. The post includes a VirusTotal report reference and download links, suggesting active distribution of potentially malicious tooling.
Date: 2026-06-05T11:37:22Z
Network: openweb
Published URL: https://crackingx.com/threads/78102/
Screenshots:
1 screenshot(s) available
Threat Actors: hosseingpg219
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale or Distribution of SubSeven 2.2 RAT
Category: Malware
Content: A forum post is distributing SubSeven 2.2, a historic Remote Access Trojan (RAT), framed as a tool for historical malware study. A VirusTotal link is provided referencing the file hash. Despite the educational framing, the post provides a download link to functional malware.
Date: 2026-06-05T11:37:05Z
Network: openweb
Published URL: https://crackingx.com/threads/78104/
Screenshots:
2 screenshot(s) available
Threat Actors: hosseingpg219
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale or Distribution of SStealer Information-Stealing Malware
Category: Malware
Content: A forum post on CX Forum advertises SStealer, described as a generic information-stealing malware capable of silent data extraction and long-term compromise. The post includes a download link and references a VirusTotal submission for the malware sample. Defense recommendations and a table of contents are included, suggesting the post is structured as a distribution or promotional writeup.
Date: 2026-06-05T11:36:43Z
Network: openweb
Published URL: https://crackingx.com/threads/78106/
Screenshots:
2 screenshot(s) available
Threat Actors: hosseingpg219
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Digital Egypt exposing 13 million citizens PII and documents
Category: Data Breach
Content: A threat actor claims to have compromised a Digital Egypt government service, obtaining over 70GB of documents and 5GB of PII. The alleged dataset includes a CSV of 13,117,317 citizen records containing national IDs, passport IDs, full names, addresses, dates of birth, religion, sex, military status, mobile numbers, and other sensitive personal fields. Sample records were posted as purported proof of access.
Date: 2026-06-05T11:32:35Z
Network: openweb
Published URL: https://breachforum.su/Thread-SELLING-13M-Egyptian-Citizens-PII-Documents-70GB
Screenshots:
1 screenshot(s) available
Threat Actors: R3D3MPTI0N
Victim Country: Egypt
Victim Industry: Government
Victim Organization: Digital Egypt
Victim Site: digital.gov.eg
Sale of alleged multi-source database collection with 435 billion records
Category: Data Breach
Content: A threat actor identified as KrolikHacking is offering an alleged collection of multiple leaked databases containing over 435 billion user records for 10 XMR (approximately $3,868). The dataset reportedly includes emails, plaintext and hashed passwords, Social Security numbers, passport numbers, bank account information, salary data, geolocation, and other highly sensitive personal and employment records. No samples are provided and the price is listed as non-negotiable, raising questions about
Date: 2026-06-05T11:31:57Z
Network: openweb
Published URL: https://breachforum.su/Thread-SELLING-435B-MULTIPLE-DATABASE-RECORDS
Screenshots:
1 screenshot(s) available
Threat Actors: KrolikHacking
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cryptocurrency drainer malware via crypdrainer.com
Category: Malware
Content: A threat actor is advertising a cryptocurrency drainer malware service via cryptdrainer.com, offering purchasable packages that enable buyers to steal cryptocurrency from victims wallets. The malware operates by tricking users into approving malicious transactions, bypassing the need for private keys or seed phrases. Distribution methods cited include phishing websites, malicious browser extensions, compromised smart contracts, and social engineering.
Date: 2026-06-05T11:31:25Z
Network: openweb
Published URL: https://breachforum.su/Thread-crypdrainer-com-EARN-THOUSANDS-OF-DOLLARS-GUARANTEED
Screenshots:
2 screenshot(s) available
Threat Actors: Darkode1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: cryptdrainer.com
Alleged data leak of Taobao user credentials (25 million records)
Category: Data Leak
Content: A threat actor is distributing what they claim to be account credentials (usernames and passwords) from Taobao, a major Chinese e-commerce platform, allegedly comprising 25 million records. The data is being shared via a Telegram bot. The post is in Chinese and references account and password data.
Date: 2026-06-05T11:29:52Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-2026-china-taobao-com-data-25-million
Screenshots:
1 screenshot(s) available
Threat Actors: saina88
Victim Country: China
Victim Industry: Retail
Victim Organization: Taobao
Victim Site: taobao.com
Sale of multi-chain cryptocurrency wallet checker tool supporting 78+ blockchain networks
Category: Carding
Content: A threat actor is distributing a cryptocurrency wallet-checking tool capable of scanning balances across 78+ blockchain networks using seed phrases or private keys. The tool supports batch processing, ERC-20 token detection, proxy usage, and multi-threading, and is designed to identify and log wallets with funds. This tool is consistent with crypto asset theft operations targeting holders of compromised seed phrases or private keys.
Date: 2026-06-05T11:27:02Z
Network: openweb
Published URL: https://altenens.is/threads/ultima-multi-chain-wallet-checker-78-blockchain-networks.2951388/unread
Screenshots:
2 screenshot(s) available
Threat Actors: ananalbzoor
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free sharing of Miranda credit cards x37
Category: Carding
Content: A forum member is sharing 37 credit cards on a carding-focused forum, gated behind a reply-and-react requirement. The cards are attributed to Miranda though no further context is provided about the source or card origin.
Date: 2026-06-05T11:24:40Z
Network: openweb
Published URL: https://darknetarmy.io/threads/miranda-credit-cards-x37.136101/
Screenshots:
1 screenshot(s) available
Threat Actors: NickNix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free sharing of 39 credit cards on carding forum
Category: Carding
Content: A forum user on a carding-focused forum is sharing 39 credit cards behind a reply-to-unlock gate. The content is hidden and accessible only after user interaction. No additional details about card origin or geography are provided.
Date: 2026-06-05T11:24:17Z
Network: openweb
Published URL: https://darknetarmy.io/threads/surprised-credit-cards-x39.136105/
Screenshots:
1 screenshot(s) available
Threat Actors: NickNix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free sharing of 37 Swift credit cards
Category: Carding
Content: A forum user is sharing 37 Swift credit cards behind a reaction-gate on a carding forum. The content is accessible upon user engagement (like, love, etc.) and appears to contain stolen payment card data.
Date: 2026-06-05T11:23:53Z
Network: openweb
Published URL: https://darknetarmy.io/threads/swift-credit-cards-x37.136106/
Screenshots:
1 screenshot(s) available
Threat Actors: NickNix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Emaar Properties
Category: Data Leak
Content: A forum post claims to offer a free data leak attributed to Emaar Properties, a major real estate developer based in Dubai, UAE. No further details about the dataset contents or record count are available due to absent post content.
Date: 2026-06-05T11:18:57Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78996
Screenshots:
1 screenshot(s) available
Threat Actors: Anonymous2090
Victim Country: United Arab Emirates
Victim Industry: Real Estate
Victim Organization: Emaar Properties
Victim Site: emaar.com
Alleged defacement of darwinmotion.com by Neura-Sec Team
Category: Defacement
Content: Neura-Sec Team claims to have defaced an Indian website (darwinmotion.com/blogs/). The post includes a URL to the allegedly defaced page and references to affiliated groups including KoncoErrorSystem, BrotherhoodCapungIndonesia, DewataBlackhat, CyberDarkEcho, and PhiserXMan. Contact information provided via Telegram.
Date: 2026-06-05T10:45:53Z
Network: telegram
Published URL: https://t.me/NeuraSCTA/58
Screenshots:
2 screenshot(s) available
Threat Actors: Neura-Sec Team
Victim Country: India
Victim Industry: Unknown
Victim Organization: Darwin Motion
Victim Site: darwinmotion.com
Sale of Vane credit card data (x40)
Category: Carding
Content: A forum member is sharing 40 Vane credit card records behind a reaction-gate on a carding forum. Access requires users to react to the post. No further details about card origin or geographic region are provided.
Date: 2026-06-05T10:42:45Z
Network: openweb
Published URL: https://darknetarmy.io/threads/x40-vane-credit-card.136093/
Screenshots:
1 screenshot(s) available
Threat Actors: NickNix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free sharing of 36 credit cards on carding forum
Category: Carding
Content: A forum user is sharing 36 credit cards on a carding-focused forum, gated behind a reply-and-react engagement requirement. The post does not disclose the card origin, country, or BIN details in the visible portion.
Date: 2026-06-05T10:42:23Z
Network: openweb
Published URL: https://darknetarmy.io/threads/mighty-credit-cards-x36.136095/
Screenshots:
1 screenshot(s) available
Threat Actors: NickNix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of 37 mattress store credit cards
Category: Carding
Content: A forum user is sharing 37 credit cards associated with mattress store purchases, gated behind a reply-and-react requirement. The post is hosted on a carding-focused forum section. No additional details about card origin or geographic region are provided.
Date: 2026-06-05T10:41:55Z
Network: openweb
Published URL: https://darknetarmy.io/threads/mattress-credit-cards-x37.136098/
Screenshots:
1 screenshot(s) available
Threat Actors: NickNix
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Sale of Arabian-Attacker v1.2.2 automated attack tool
Category: Malware
Content: A forum post advertises Arabian-Attacker v1.2.2, an automated attack tool attributed to the blackwolf handle, available for download via MediaFire and for purchase via Telegram. The tool is described as an automated attack simulation utility, suggesting offensive capability. A VirusTotal report is referenced alongside the download link.
Date: 2026-06-05T10:26:56Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78958
Screenshots:
1 screenshot(s) available
Threat Actors: mariogutierre
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cryptocurrency wallet stealer malware
Category: Malware
Content: A threat actor is advertising a cryptocurrency wallet stealer tool (v1.1) on a cracking forum, offering download links and directing buyers to Telegram for additional tools. The malware is described as capable of exfiltrating wallet funds, capturing browser activity, and disabling antivirus software.
Date: 2026-06-05T10:26:18Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78959
Screenshots:
1 screenshot(s) available
Threat Actors: mariogutierre
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of e27.co user database
Category: Data Leak
Content: A threat actor known as Caosho allegedly leaked the full user database of e27.co, an Asia-focused tech media and startup ecosystem platform. The dump reportedly contains 268,000 registered account records fetched from the backend. The data was made available for free download via an external file-sharing link.
Date: 2026-06-05T10:20:22Z
Network: openweb
Published URL: https://breached.su/threads/e27-com-full-user-database-by-caosho.87988/unread
Screenshots:
1 screenshot(s) available
Threat Actors: centralscheme
Victim Country: Singapore
Victim Industry: Media
Victim Organization: e27
Victim Site: e27.co
Belimed ist Opfer eines Cyberangriffs
Category: Cyber Attack
Content: Medical technology conglomerate Belimed has fallen victim to a cyberattack. A criminal hacking group successfully penetrated specific areas of Belimed Infection Controls IT systems and copied corporate data. However, client business operations were not affected and no encryption took place.
Date: 2026-06-05T10:17:14Z
Network: openweb
Published URL: https://www.inside-it.ch/belimed-ist-opfer-eines-cyberangriffs-20260603
Screenshots:
None
Threat Actors: Incransom
Victim Country: Switzerland
Victim Industry: Unknown
Victim Organization: Belimed
Victim Site: belimed.com
Karl Auto Group cyberattack disrupts Iowa dealerships
Category: Cyber Attack
Content: Karl Auto Group, a major automotive retailer in Iowa, fell victim to a cyberattack in April that disrupted its phones and computers. The incident, during which unauthorized access to its systems occurred before March 27, may have exposed sensitive customer and employee data, including Social Security numbers, financial information, and passport numbers. Although the company did not characterize the incident as ransomware, a group named RansomHouse claimed that Karl Chevrolets systems had been en…
Date: 2026-06-05T10:17:01Z
Network: openweb
Published URL: https://dysruptionhub.com/karl-auto-group-iowa-cyberattack/
Screenshots:
None
Threat Actors: Ransomhouse
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Karl Auto Group
Victim Site: karlchevrolet.com
Alleged recruitment of insiders for initial access to Brazilian Crypto-Card Fintech companies
Category: Initial Access
Content: Threat actor group recruiting insiders from Brazilian cryptocurrency and fintech companies. Seeking individuals with internal network access (web, workstation, VPN, server, email, API level) and current privileges. Requires proof of possession before engagement. Offering cryptocurrency rewards with preference for Monero (XMR) payments. Contact via @unknown82396.
Date: 2026-06-05T10:00:21Z
Network: telegram
Published URL: https://t.me/c/3468046329/1580
Screenshots:
1 screenshot(s) available
Threat Actors: unknown82396
Victim Country: Brazil
Victim Industry: Financial Technology, Cryptocurrency
Victim Organization: Unknown
Victim Site: Unknown
Carding content shared requiring user interaction to unlock
Category: Carding
Content: A forum post on a carding-focused board requires users to react before viewing hidden content. The actual content is not visible; no specific victim, card data, or operational details are disclosed in the post.
Date: 2026-06-05T09:45:50Z
Network: openweb
Published URL: https://darknetarmy.io/threads/more-deeds.136087/
Screenshots:
1 screenshot(s) available
Threat Actors: NickNix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale or distribution of 40 Olivia credit cards
Category: Carding
Content: A forum post on a carding forum advertises 40 credit cards under the label Olivia. No further details about the source, region, or pricing are available from the post content.
Date: 2026-06-05T09:45:29Z
Network: openweb
Published URL: https://darknetarmy.io/threads/olivia-credit-cards-x40.136088/
Screenshots:
1 screenshot(s) available
Threat Actors: NickNix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free credit card details shared on carding forum
Category: Carding
Content: A forum user on a carding-focused forum is offering 20 Lane credit card details gated behind a reply/react requirement. The post is consistent with free CC sharing activity common on carding forums.
Date: 2026-06-05T09:42:40Z
Network: openweb
Published URL: https://darknetarmy.io/threads/x20-lane-credit-card.136091/
Screenshots:
1 screenshot(s) available
Threat Actors: NickNix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of multiple mycompanyportfolio.com subdomains by Mr.PIMZZZXploit
Category: Defacement
Content: Threat actor claiming to have defaced multiple websites under mycompanyportfolio.com domain, including admin panels and API endpoints across various subdomains (metavehicleapplication, tehuti, herbgreeen, sadiq, sharecircle, sarealtv, nathan, uhs, deluxe, 3sfrmaework, churchms, furniture, ilogix, rentforless, industree, afrikanbbq, lmia, chorusmax, flexrental). A mirror link is provided at hack-db.org.
Date: 2026-06-05T09:36:29Z
Network: telegram
Published URL: https://t.me/c/3865526389/1160
Screenshots:
1 screenshot(s) available
Threat Actors: Mr.PIMZZZXploit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: mycompanyportfolio.com
Victim Site: mycompanyportfolio.com
Alleged defacement of multiple mycompanyportfolio.com subdomains by Mr.PIMZZZXploit
Category: Defacement
Content: Threat actor claiming to have hacked multiple subdomains under mycompanyportfolio.com including admin panels, API endpoints, and application sites. Post includes list of 26 compromised URLs and references a mirror link at hack-db.org. Defacement claim attributed to Mr.PIMZZZXploit.
Date: 2026-06-05T09:35:49Z
Network: telegram
Published URL: https://t.me/c/3865526389/1159
Screenshots:
1 screenshot(s) available
Threat Actors: Mr.PIMZZZXploit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: mycompanyportfolio.com
Victim Site: mycompanyportfolio.com
Alleged free share of Bolivian credit cards x30
Category: Carding
Content: A forum user is sharing 30 Bolivian credit cards behind a reply-gate on a carding forum. The content is hidden and requires user engagement to access. No additional details about the card source or validity are provided.
Date: 2026-06-05T08:55:20Z
Network: openweb
Published URL: https://darknetarmy.io/threads/bolivia-credit-cards-x30.136085/
Screenshots:
1 screenshot(s) available
Threat Actors: NickNix
Victim Country: Bolivia
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Alleged website defacement by MatxCysec
Category: Defacement
Content: MatxCysec claimed responsibility for defacing srv583948.hstgr.cloud. Defacement proof provided via defacer.id mirror (ID: 361731). Post includes hashtags referencing Rakyat Digital Crew and Indonesian context.
Date: 2026-06-05T08:51:22Z
Network: telegram
Published URL: https://t.me/c/3755871403/715
Screenshots:
2 screenshot(s) available
Threat Actors: MatxCysec
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: srv583948.hstgr.cloud
Alleged Initial Access to Rodynna Kovbaska Business Automation System by DDoSia Project
Category: Initial Access
Content: DDoSia Project claims to have obtained full administrative access to the Business Automation Software for Retail (BAS/BAF edition 2.2) system of Rodynna Kovbaska, a Lviv-based Ukrainian meat company. The threat actor claims access to orders, inventory, product lists, supplier information, and backend systems. This appears to be part of a broader campaign targeting Ukrainian retail businesses.
Date: 2026-06-05T08:30:28Z
Network: telegram
Published URL: https://t.me/c/3087552512/2144
Screenshots:
1 screenshot(s) available
Threat Actors: DDoSia Project
Victim Country: Ukraine
Victim Industry: Food & Beverage / Retail
Victim Organization: Rodynna Kovbaska
Victim Site: Unknown
Sale of Brazilian fullz identity fraud kit including personal, financial, and biometric data
Category: Carding
Content: A threat actor is selling a fullz kit for an identified Brazilian individual, including full personal data (CPF, RG, CNH), financial account details (Santander), family member documents, selfies for deepfake use, signatures, and possible passwords. The kit is explicitly marketed for identity fraud, fintech account opening, and online purchases. Files are distributed via external links organized by data category.
Date: 2026-06-05T08:20:47Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79011
Screenshots:
3 screenshot(s) available
Threat Actors: ValeBRFullz
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Hezbollah fighter personnel database
Category: Data Breach
Content: A threat actor is offering for sale an alleged database containing personal records of 67,000 Hezbollah fighters in Lebanon. The dataset purportedly includes full names, mothers name, date of birth, governorate, region, and occupation, and is claimed to have been extracted from Hezbollah devices on April 3, 2026. The seller is asking $3,000 with a negotiable price for serious buyers.
Date: 2026-06-05T08:17:32Z
Network: openweb
Published URL: https://breached.su/threads/hezbollah-by-0cx00iq.87985/unread
Screenshots:
2 screenshot(s) available
Threat Actors: 0cx00iq
Victim Country: Lebanon
Victim Industry: Government
Victim Organization: Hezbollah
Victim Site: Unknown
Alleged Data Leak of MBG Nutritious Food Kitchen Project Documents
Category: Data Leak
Content: A threat actor has freely distributed approximately 2.51 GB of documents allegedly belonging to the MBG Nutritious Food Kitchen project. The leaked data reportedly includes architectural, structural, MEP, IPAL, BOQ, RKS, 3D plans, and technical drawings for all prototypes. The data was made available via an external file-sharing link.
Date: 2026-06-05T08:17:21Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79004
Screenshots:
1 screenshot(s) available
Threat Actors: civillain02
Victim Country: Unknown
Victim Industry: Government
Victim Organization: MBG Nutritious Food Kitchen
Victim Site: Unknown
Carding forum discussion on bank log and CC supplier legitimacy
Category: Carding
Content: A forum member posted a discussion thread questioning the legitimacy of bank log and stolen credit card suppliers advertising high weekly earnings on carding forums. The post raises skepticism about trust, escrow use, and whether genuine suppliers exist. No specific victim, dataset, or actionable threat content is present.
Date: 2026-06-05T07:50:50Z
Network: openweb
Published URL: https://darknetarmy.io/threads/50k-100k-per-week-bank-log-cc-suppliers.136080/
Screenshots:
1 screenshot(s) available
Threat Actors: killer71
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Booking.com
Category: Data Breach
Content: A threat actor is selling an alleged dataset of 400,000+ Booking.com user profiles. The data reportedly includes name, surname, phone number, email address, gender, and date of birth. The seller is accepting cryptocurrency payments and requests contact via Telegram or Session.
Date: 2026-06-05T07:39:32Z
Network: openweb
Published URL: https://breached.su/threads/exclusive-booking-com-breach-data-400k-lines.87984/unread
Screenshots:
1 screenshot(s) available
Threat Actors: realdb4U
Victim Country: Unknown
Victim Industry: Travel
Victim Organization: Booking.com
Victim Site: booking.com
Alleged data leak of Chaoxin Xuexitong (Superstar Learning) — 140 million records
Category: Data Leak
Content: A threat actor has freely shared an alleged dataset from a 2022 breach of Chaoxin Xuexitong, a Chinese e-learning platform widely used by college students. The dataset contains approximately 139.4 million records including names, usernames, institutional affiliations, mobile phone numbers, and unique identifiers. Sample data indicates the records are associated with Chinese educational institutions.
Date: 2026-06-05T07:39:25Z
Network: openweb
Published URL: https://spear.cx/Thread-Chaoxin-Xuexitong-2022-140M-Leak
Screenshots:
1 screenshot(s) available
Threat Actors: freeing
Victim Country: China
Victim Industry: Education
Victim Organization: Chaoxin Xuexitong (Superstar Learning)
Victim Site: chaoxing.com
Sale of counterfeit identity documents and fraudulent financial accounts including drivers licenses, SSNs, and credit reports
Category: Carding
Content: A threat actor is offering counterfeit physical identity documents including drivers licenses, SSNs, birth certificates, and credit reports, marketed as scannable with UV and raised text features. The seller also claims to provide business fullz including EIN, owner SSN, and credit reports, as well as fraudulent verified payment accounts (CashApp, Zelle, PayPal) with physical documents shipped domestically and internationally. An additional cryptocurrency mixing service converting BTC to Monero
Date: 2026-06-05T07:16:16Z
Network: openweb
Published URL: https://darknetarmy.io/threads/high-level-physical-dl-ssn-birth-certificates-credit-reports-etc.136078/
Screenshots:
1 screenshot(s) available
Threat Actors: cocosasha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Ainebtrade by Claudexxx of Phantom Sec Team
Category: Defacement
Content: On June 5, 2026, the trading-related website ainebtrade.com was defaced by threat actor Claudexxx, operating under the group Phantom Sec Team. The attack targeted the homepage of the site in a singular, non-mass defacement operation. No specific motivation or technical details regarding the exploitation method were disclosed.
Date: 2026-06-05T07:00:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931353
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx, Phantom Sec Team
Victim Country: Unknown
Victim Industry: Finance / Trading
Victim Organization: Ainebtrade
Victim Site: ainebtrade.com
Alleged data leak of arpinet.am — Armenian property and cadastral platform
Category: Data Leak
Content: A threat actor operating under the name CronosCommunity claims to have leaked a database from arpinet.am, an Armenian online platform providing property analysis, cadastral, and legal information services. The post states the database contains customer personal data totaling 17,150 rows and has been made available via a public file-sharing link. The actor claims the breach was conducted by Base and includes a message referencing Azerbaijan-Armenia tensions.
Date: 2026-06-05T06:56:53Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79019
Screenshots:
1 screenshot(s) available
Threat Actors: CronosCommunity
Victim Country: Armenia
Victim Industry: Finance
Victim Organization: Arpinet
Victim Site: arpinet.am
Alleged cyber attack on UAE aerospace organization by Gladiators of God hacking group
Category: Cyber Attack
Content: The hacking group Gladiators of God (گلادیاتورهای خدا) claimed responsibility for a cyber attack against the website of Advanced Sustainable Aviation Mobility institute in the UAE. The group claims to have gained full access to the organizations database and management systems, and threatens to publish extracted information. The statement also includes a warning to the UAE government regarding continued cooperation with Israel.
Date: 2026-06-05T06:43:45Z
Network: telegram
Published URL: https://t.me/c/1283513914/22067
Screenshots:
2 screenshot(s) available
Threat Actors: Gladiators of God
Victim Country: United Arab Emirates
Victim Industry: Aerospace/Aviation
Victim Organization: Advanced Sustainable Aviation Mobility Institute
Victim Site: Unknown
Alleged sale of stolen email access and full account credentials across multiple platforms
Category: Initial Access
Content: Threat actors operating under the handle OGTNBULK are advertising and selling stolen full account access (FA) credentials for major platforms including Walmart, Target, Amazon, Best Buy, Doordash, Ebay, Booking, Airbnb, Netflix, Uber, Instagram, Venmo, Cashapp, Etsy, Ticketmaster, Snapchat, Robinhood, Steam, Bank of America, Capital One, Wells Fargo, Chase, and Blockchain. They claim to have restocked 24 Comcast email access targets and advertise the cheapest prices in the com. Access is provide…
Date: 2026-06-05T05:38:01Z
Network: telegram
Published URL: https://t.me/OGTNSHOPBULK/88
Screenshots:
1 screenshot(s) available
Threat Actors: OGTNBULK
Victim Country: United States
Victim Industry: Multiple (Financial Services, E-commerce, Social Media, Streaming, Banking)
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Coahuila government database with 2 million records
Category: Data Leak
Content: A threat actor identified as V01, affiliated with the group EXILIADOS, has freely distributed an alleged database attributed to the Mexican state of Coahuila. The dataset reportedly contains approximately 2 million records including national ID numbers (CVE/CURP), full names, dates of birth, gender, and addresses. The data is being made available via an external file-sharing link.
Date: 2026-06-05T04:15:31Z
Network: openweb
Published URL: https://breached.su/threads/choahuila-database-2-millon-records.87982/unread
Screenshots:
1 screenshot(s) available
Threat Actors: V01
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Coahuila State Government
Victim Site: Unknown
Sale of 40GB Identity Document Database Including Passports, IDs, and Driving Licences
Category: Carding
Content: A threat actor is offering for sale a 40GB+ collection of identity documents including passports, national IDs, and driving licences from multiple countries. The dataset reportedly includes front and back scans, selfies, and other verification images, compressed in 7Z/ZIP/RAR format. The seller is asking $400 and directing interested buyers to a Telegram handle.
Date: 2026-06-05T03:45:24Z
Network: openweb
Published URL: https://breached.su/threads/40gb-composed-passport-ids-driving-licences-passport-controlidentification-card.87981/unread
Screenshots:
1 screenshot(s) available
Threat Actors: gravenet
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Ticketmaster data breach – 700M records claimed by The Silent Com & ShinyHunters
Category: Data Breach
Content: Threat actors claiming to have breached Ticketmaster and stolen approximately 700 million records. The actors (The Silent Com and ShinyHunters) are offering to negotiate before releasing the data publicly on BF (likely referring to a breach forum). This represents a classic extortion/ransom demand.
Date: 2026-06-05T03:29:58Z
Network: telegram
Published URL: https://t.me/c/3500620464/9239
Screenshots:
1 screenshot(s) available
Threat Actors: The Silent Com
Victim Country: United States
Victim Industry: Entertainment/Ticketing
Victim Organization: Ticketmaster
Victim Site: ticketmaster.com
Website Defacement of DM Coaching by Threat Actor maw3six
Category: Defacement
Content: Threat actor maw3six defaced the website of DM Coaching, a professional coaching service operating under the .eu domain, on June 5, 2026. The defacement targeted a non-home page of the site and was not part of a mass or redefacement campaign. The compromised server was running on a Linux-based environment.
Date: 2026-06-05T03:29:27Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249802
Screenshots:
1 screenshot(s) available
Threat Actors: maw3six
Victim Country: European Union
Victim Industry: Coaching / Professional Services
Victim Organization: DM Coaching
Victim Site: dmcoaching.eu
Website Defacement of PGI Digitales by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website pgidigitales.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement was a targeted single-site incident, with a mirror of the defaced page archived at zone-xsec.com. No specific motive or vulnerability information was disclosed in connection with the attack.
Date: 2026-06-05T03:28:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931333
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Digital Services / Technology
Victim Organization: PGI Digitales
Victim Site: pgidigitales.com
Website Defacement of The Kings Country by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website thekingscountry.com was defaced by a threat actor using the handle chinafans, operating under the group 0xteam. The defacement was a targeted, single-site incident with a text file (0x.txt) placed on the server as proof of compromise. No additional technical details regarding the server infrastructure or motivation were disclosed.
Date: 2026-06-05T03:27:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931344
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: The Kings Country
Victim Site: thekingscountry.com
Alleged distribution of phishing kit and credential harvesting materials
Category: Phishing
Content: Threat actor distributing phishing materials with social engineering lure text designed to trick users into entering credentials. Associated Telegram repository (BF REPO V 3) referenced for file distribution.
Date: 2026-06-05T03:26:50Z
Network: telegram
Published URL: https://t.me/c/3500620464/9235
Screenshots:
1 screenshot(s) available
Threat Actors: Breach
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of 1stplace.com.br by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the Brazilian website 1stplace.com.br. The incident was a targeted, single-site defacement with a mirror archived at zone-xsec.com. No specific motive or server details were disclosed in connection with the attack.
Date: 2026-06-05T03:26:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931346
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: 1st Place
Victim Site: 1stplace.com.br
Website defacement of best-meeting.cn by chinafans (0xteam)
Category: Defacement
Content: The website best-meeting.cn was defaced by threat actor chinafans, operating under the group 0xteam, on June 5, 2026. The defacement was a targeted single-site attack, with a mirror of the defaced page archived at zone-xsec.com. No specific motivation or server details were disclosed in connection with this incident.
Date: 2026-06-05T03:25:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931331
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: China
Victim Industry: Unknown
Victim Organization: Best Meeting
Victim Site: best-meeting.cn
Alleged Threat Actor Contact Information – The Silent Com
Category: Cyber Attack
Content: Threat actor group The Silent Com (also referenced as The Com) has published official contact information for breach negotiations. Contact methods include Session encrypted messaging application (Account ID: 05ad43fbd1cfde283214281275c69f7f72abdfa8ff69200793f90eb76589889e20) and Telegram handle @node6240.
Date: 2026-06-05T03:25:03Z
Network: telegram
Published URL: https://t.me/c/3500620464/9206
Screenshots:
1 screenshot(s) available
Threat Actors: The Silent Com
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of buyforce.shop by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor operating under the alias chinafans, affiliated with 0xteam, defaced the website buyforce.shop by altering the file located at the path /0x.txt. The incident was a targeted, single-site defacement with no indication of mass or repeated defacement activity. Technical details such as the server environment and IP address were not disclosed in the available reporting.
Date: 2026-06-05T03:24:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931328
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: E-commerce / Retail
Victim Organization: BuyForce
Victim Site: buyforce.shop
Website Defacement of wirhelfen.shop by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On June 5, 2026, threat actor azraelzer0d4y, operating under the team b1ohaz4rd, defaced the website wirhelfen.shop, a German e-commerce platform. The attack targeted a media directory path and was a singular, targeted defacement rather than a mass or repeated incident. The defacement was documented and mirrored by zone-xsec.com.
Date: 2026-06-05T03:23:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931352
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Germany
Victim Industry: E-Commerce / Retail
Victim Organization: Wirhelfen Shop
Victim Site: wirhelfen.shop
Website Defacement of sharonback.com by chinafans (0xteam)
Category: Defacement
Content: The website sharonback.com was defaced by threat actor chinafans operating under the group 0xteam on June 5, 2026. The defacement targeted a specific file path (/0x.txt) rather than the homepage, suggesting a targeted file-level intrusion. The incident was recorded and mirrored by zone-xsec.com under mirror ID 931327.
Date: 2026-06-05T03:22:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931327
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Sharon Back
Victim Site: sharonback.com
Website Defacement of marrefi.com.br by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the Brazilian website marrefi.com.br was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement was a targeted single-site incident, with a mirror of the defaced content archived at zone-xsec.com. No specific motivation or server details were disclosed in connection with the attack.
Date: 2026-06-05T03:21:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931329
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Marrefi
Victim Site: marrefi.com.br
Website Defacement of CloudPulseIT by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website cloudpulseit.net was defaced by threat actor chinafans operating under the group 0xteam. The defacement targeted a specific file path (/0x.txt) rather than the homepage, indicating a targeted file-level intrusion. The incident was recorded and mirrored by zone-xsec.com as reference ID 931340.
Date: 2026-06-05T03:20:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931340
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Information Technology
Victim Organization: CloudPulse IT
Victim Site: cloudpulseit.net
Request to purchase stolen payment cards and fullz
Category: Carding
Content: A forum user is seeking sellers of stolen credit cards (Visa, Mastercard, Amex), fullz, and non-VBV cards, with escrow accepted. The post includes contact details via Telegram and Jabber. No specific victim or dataset is referenced.
Date: 2026-06-05T03:15:41Z
Network: openweb
Published URL: https://darkforums.su/Thread-Buying-looking-for-seller-cc-fullz%C2%A0-visa-master-amex–78974
Screenshots:
1 screenshot(s) available
Threat Actors: durand
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Bike-Auto-Reifen-Service by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor identified as chinafans, operating under the team 0xteam, defaced the German automotive and tire service website bike-auto-reifen-service.de. The incident was a targeted single-site defacement, not classified as a mass or home page defacement. The attack details are documented via a mirror archived on zone-xsec.com.
Date: 2026-06-05T03:14:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931323
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Germany
Victim Industry: Automotive Services / Retail
Victim Organization: Bike Auto Reifen Service
Victim Site: bike-auto-reifen-service.de
Website Defacement of Emtage Electric by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website emtageelectric.com was defaced by threat actor chinafans operating under the group 0xteam. The defacement targeted a specific file path (/0x.txt) rather than the sites homepage, indicating a targeted file-level intrusion. The incident was catalogued and mirrored by zone-xsec, a known defacement tracking platform.
Date: 2026-06-05T03:13:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931273
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Energy & Utilities
Victim Organization: Emtage Electric
Victim Site: emtageelectric.com
Website Defacement of vajrh.in by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the Indian website vajrh.in. The defacement was a targeted single-site attack, with the defaced content accessible at the path /0x.txt. A mirror of the defacement was archived via zone-xsec.com.
Date: 2026-06-05T03:12:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931288
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: vajrh.in
Website Defacement of shortlisted.work by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website shortlisted.work by uploading a defacement file at the path /0x.txt. The incident was a targeted, single-site defacement with no mass or re-defacement indicators. The attackers motivation and server details remain unknown.
Date: 2026-06-05T03:12:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931321
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Shortlisted
Victim Site: shortlisted.work
Website Defacement by chinafans of 0xteam
Category: Defacement
Content: On June 5, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced a website hosted on the domain xn--12c1baev3c1c3jnaw1b.com, which appears to be a Punycode-encoded Thai internationalized domain name. The incident was a targeted single-site defacement and has been archived via zone-xsec. No specific motive, server details, or organizational victim information were disclosed.
Date: 2026-06-05T03:11:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931315
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Thailand
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: xn--12c1baev3c1c3jnaw1b.com
Alleged Data Leak of Viva Communications Inc. (viva.com.ph)
Category: Data Leak
Content: A threat actor claiming affiliation with DeathNoteHackersPH has freely released approximately 10GB of data allegedly exfiltrated from Viva Communications Inc., a major Philippine entertainment conglomerate. The dump reportedly includes project permits, internal memos, and employee and associate email data. The actor claims this is a repeat intrusion following a prior breach in 2024, asserting the organization failed to remediate security weaknesses.
Date: 2026-06-05T03:11:23Z
Network: openweb
Published URL: https://breached.su/threads/viva-com-ph-data-leak-have-fun.87979/unread
Screenshots:
2 screenshot(s) available
Threat Actors: DNH
Victim Country: Philippines
Victim Industry: Entertainment
Victim Organization: Viva Communications Inc.
Victim Site: viva.com.ph
Alleged data leak of Krys.com partial customer database
Category: Data Leak
Content: A threat actor has leaked a partial database allegedly belonging to Krys.com, a French optical retail chain with over 1,000 stores. The dump contains approximately 294,206 lines covering 201,202 individuals in JSON format, including order records with names, addresses, dates of birth, French social security numbers (NSS), and financial totals. The actor also announced an upcoming sale of 153,675 additional customer-related files.
Date: 2026-06-05T03:11:16Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78979
Screenshots:
1 screenshot(s) available
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Retail
Victim Organization: Krys
Victim Site: krys.com
Website Defacement of Officeworks Cyprus by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor identified as chinafans, operating under the group 0xteam, defaced a page on the officeworks.cy domain, targeting what appears to be a Cypriot office supplies or retail organization. The defacement was a targeted single-site incident, with a mirror of the defaced content archived at zone-xsec.com. No additional technical details such as server software or exploitation method were disclosed.
Date: 2026-06-05T03:10:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931316
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Cyprus
Victim Industry: Retail
Victim Organization: Officeworks Cyprus
Victim Site: officeworks.cy
Website Defacement of Easy Eaters by chinafans (0xteam)
Category: Defacement
Content: The website easy-eaters.com was defaced by threat actor chinafans, operating under the group 0xteam, on June 5, 2026. The defacement was recorded as a single targeted incident, not classified as a mass or redefacement event. A mirror of the defaced page has been archived at zone-xsec.com.
Date: 2026-06-05T03:09:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931274
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Food & Beverage
Victim Organization: Easy Eaters
Victim Site: easy-eaters.com
Website Defacement of starte-die.cloud by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor known as chinafans, operating under the team 0xteam, defaced the website starte-die.cloud, leaving a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no additional technical indicators such as server software or IP address recorded. The attack was documented and mirrored by zone-xsec.com.
Date: 2026-06-05T03:09:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931304
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: starte-die.cloud
Website Defacement of Translation Linker by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website translationlinker.com was defaced by threat actor chinafans operating under the group 0xteam. The defacement targeted a language and translation services platform, with a mirror of the defaced page archived at zone-xsec.com. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity.
Date: 2026-06-05T03:08:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931325
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Language Services / Translation
Victim Organization: Translation Linker
Victim Site: translationlinker.com
Website Defacement of Life Readiness University by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website lifereadinessuniversity.com was defaced by threat actor chinafans operating under the group 0xteam. The attack was a targeted single-site defacement, replacing the sites content with the attackers messaging. No specific motive or server details were disclosed in the available intelligence.
Date: 2026-06-05T03:07:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931287
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Life Readiness University
Victim Site: lifereadinessuniversity.com
Website Defacement of DBS.net.pk by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced a page on the Pakistani web domain dbs.net.pk, leaving a file at the path /0x.txt. The incident was a targeted, single-site defacement with no indication of mass or repeated defacement activity. The attack was mirrored and recorded by zone-xsec.com under mirror ID 931281.
Date: 2026-06-05T03:07:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931281
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Pakistan
Victim Industry: Technology / Internet Services
Victim Organization: DBS Network Pakistan
Victim Site: dbs.net.pk
Alleged sale of Vercel access keys, source code, and database by ShinyHunters
Category: Initial Access
Content: ShinyHunters threat actor is selling verified access to Vercel Company including access keys, source code, database dumps, and multiple employee accounts with internal deployment access. The sale includes API keys (NPM tokens, GitHub tokens), and internal user directory data (1.7TB total). Threat actor explicitly describes potential for largest supply chain attack via Next.js package updates affecting millions of developers globally. Price: $100k USD. Contact via XMPP, Telegram, and email provid…
Date: 2026-06-05T03:07:05Z
Network: telegram
Published URL: https://t.me/c/3500620464/9195
Screenshots:
1 screenshot(s) available
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Cloud Computing / Web Development Platform
Victim Organization: Vercel
Victim Site: vercel.com
Website Defacement of ThemagMoment by chinafans (0xteam)
Category: Defacement
Content: The website themagmoment.com was defaced by threat actor chinafans operating under the group 0xteam on June 5, 2026. The defacement was a targeted, single-site attack rather than a mass or home page defacement. A mirror of the defaced content was archived at zone-xsec.com.
Date: 2026-06-05T03:06:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931309
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: The Mag Moment
Victim Site: themagmoment.com
Website defacement of Smartfact by chinafans of 0xteam
Category: Defacement
Content: On June 5, 2026, the website smartfact.io was defaced by threat actor chinafans operating under the group 0xteam. The defacement targeted a specific file path (0x.txt) rather than the homepage, suggesting a targeted file-level intrusion. The incident was neither a mass defacement nor a redefacement, indicating a singular targeted attack against the Smartfact platform.
Date: 2026-06-05T03:05:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931295
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Smartfact
Victim Site: smartfact.io
Website Defacement of Diamond Quality Contractors by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website of Diamond Quality Contractors was defaced by a threat actor operating under the handle chinafans, affiliated with the group 0xteam. The attack targeted a construction services company and resulted in a single-page defacement of a non-homepage URL. No specific motivation or vulnerability details were disclosed in the available intelligence.
Date: 2026-06-05T03:05:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931326
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Construction
Victim Organization: Diamond Quality Contractors
Victim Site: diamondqualitycontractors.com
Website Defacement of HereYouGoSolutions by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website hereyougosolutions.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement targeted a specific file path (/0x.txt) rather than the homepage, indicating a targeted file placement or partial defacement. No mass or repeated defacement patterns were observed in this incident.
Date: 2026-06-05T03:04:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931290
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology / IT Services
Victim Organization: Here You Go Solutions
Victim Site: hereyougosolutions.com
Website Defacement of AutoShot Marketing by chinafans (0xTeam)
Category: Defacement
Content: The website autoshotmarketing.com was defaced by threat actor chinafans, operating under the group 0xTeam, on June 5, 2026. The defacement targeted a specific file path (0x.txt) on the marketing companys web server. The incident was a single targeted defacement rather than a mass or redefacement campaign.
Date: 2026-06-05T03:03:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931293
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Marketing
Victim Organization: AutoShot Marketing
Victim Site: autoshotmarketing.com
Website Defacement of pharma221.sn by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website pharma221.sn, a pharmaceutical-related entity based in Senegal. The defacement targeted a specific text file (0x.txt) on the server, a common technique used to demonstrate unauthorized access. The incident was recorded as a single, non-mass defacement event.
Date: 2026-06-05T03:03:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931297
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Senegal
Victim Industry: Pharmaceuticals / Healthcare
Victim Organization: Pharma221
Victim Site: pharma221.sn
Website Defacement of ClasicarRock by chinafans (0xTeam)
Category: Defacement
Content: On June 5, 2026, the website clasicarock.com was defaced by threat actor chinafans operating under the group 0xTeam. The attacker uploaded a defacement file at clasicarock.com/0x.txt. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity.
Date: 2026-06-05T03:02:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931272
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Entertainment/Music
Victim Organization: Clasica Rock
Victim Site: clasicarock.com
Website defacement of SFBS by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the attacker known as chinafans, operating under the team 0xteam, defaced a page on sfbs.ie, an Irish domain likely associated with financial or business services. The defacement was a targeted, non-mass incident affecting a single page rather than the sites homepage. A mirror of the defacement was archived on zone-xsec.com.
Date: 2026-06-05T03:01:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931291
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Ireland
Victim Industry: Financial Services
Victim Organization: SFBS (South Fingal Business Services)
Victim Site: sfbs.ie
Website Defacement of Wasl Al-Khair by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website wasl-alkhair.com. The defacement was a targeted single-page attack rather than a mass or home page defacement. The incident was archived and mirrored via zone-xsec.com for documentation purposes.
Date: 2026-06-05T03:00:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931289
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Wasl Al-Khair
Victim Site: wasl-alkhair.com
Website Defacement of Starlight Farm LLC by chinafans (0xteam)
Category: Defacement
Content: The website of Starlight Farm LLC, an agricultural business, was defaced by threat actor chinafans operating under the group 0xteam on June 5, 2026. The attacker uploaded a defacement file (0x.txt) to the target web server. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity.
Date: 2026-06-05T03:00:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931318
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Agriculture
Victim Organization: Starlight Farm LLC
Victim Site: starlightfarmllc.com
Website Defacement of derkanun.ch by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the Swiss website derkanun.ch by altering a text file (0x.txt). The incident was a targeted defacement, not classified as mass or home page defacement. The attack was mirrored and documented by zone-xsec.com.
Date: 2026-06-05T02:59:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931292
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Switzerland
Victim Industry: Unknown
Victim Organization: Der Kanun
Victim Site: derkanun.ch
Website Defacement of SafetywayS ales by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website safetywaysales.com was defaced by threat actor chinafans operating under the group 0xteam. The defacement was a targeted, single-site incident with the defaced content hosted at the path /0x.txt. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-06-05T02:58:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931275
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Retail / Safety Equipment Sales
Victim Organization: Safetywaysales
Victim Site: safetywaysales.com
Website Defacement of Oak Range Online by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website oakrangeonline.co.uk was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement was a targeted single-site incident, with the defaced content mirrored at zone-xsec.com. No specific motive or server details were disclosed in connection with this attack.
Date: 2026-06-05T02:58:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931277
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Oak Range Online
Victim Site: oakrangeonline.co.uk
Website Defacement of Valo Design by chinafans (0xteam)
Category: Defacement
Content: The website valodesign.co.uk, belonging to UK-based design firm Valo Design, was defaced by threat actor chinafans operating under the group 0xteam on June 5, 2026. The defacement was recorded as a single targeted incident, not part of a mass or repeated defacement campaign. A mirror of the defaced page was archived at zone-xsec.com.
Date: 2026-06-05T02:57:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931282
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United Kingdom
Victim Industry: Design / Creative Services
Victim Organization: Valo Design
Victim Site: valodesign.co.uk
Website Defacement of HepAction by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website hepaction.org was defaced by threat actor chinafans operating under the group 0xteam. The attacker targeted a specific file path (0x.txt) on the domain, likely associated with a hepatitis awareness or advocacy organization. The incident was recorded as a single targeted defacement rather than a mass or redefacement event.
Date: 2026-06-05T02:56:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931320
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Healthcare/Non-Profit
Victim Organization: HepAction
Victim Site: hepaction.org
Website Defacement of flow-mat.com by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, the website flow-mat.com was defaced by a threat actor operating under the handle chinafans, affiliated with the hacking group 0xteam. The attacker targeted the domain and planted a defacement file at flow-mat.com/0x.txt. The incident was a single-target, non-mass defacement with no specific motive publicly disclosed.
Date: 2026-06-05T02:55:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931269
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Flow Mat
Victim Site: flow-mat.com
Website Defacement of pardesia.com by chinafans (0xteam)
Category: Defacement
Content: The website pardesia.com was defaced by a threat actor known as chinafans, operating under the group 0xteam, on June 5, 2026. The defacement targeted a specific file path (0x.txt) rather than the homepage, suggesting a targeted file-level compromise. The incident was neither a mass defacement nor a redefacement, and technical details such as server software and IP address were not disclosed.
Date: 2026-06-05T02:55:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931284
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Pardesia
Victim Site: pardesia.com
Website Defacement of Maharaja Farms by chinafans (0xteam)
Category: Defacement
Content: The website themaharajafarms.co.in, belonging to Maharaja Farms in India, was defaced by threat actor chinafans operating under the group 0xteam on June 5, 2026. The defacement was a targeted, non-mass attack against a single agricultural sector domain. A mirror of the defaced page has been archived at zone-xsec.com.
Date: 2026-06-05T02:54:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931279
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: India
Victim Industry: Agriculture
Victim Organization: Maharaja Farms
Victim Site: themaharajafarms.co.in
Website Defacement of thehustlehustle.com by chinafans (0xteam)
Category: Defacement
Content: On June 5, 2026, a threat actor known as chinafans, affiliated with 0xteam, defaced the website thehustlehustle.com, leaving a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no indication of mass or repeated compromise. Server and infrastructure details were not disclosed.
Date: 2026-06-05T02:53:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931312
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: The Hustle Hustle
Victim Site: thehustlehustle.com
Sale of DRX-RAT remote access trojan supporting Windows, Android, and iOS
Category: Malware
Content: A threat actor is offering a private edition RAT called DRX-RAT X for $299 with claimed support for Windows, Android, and iOS platforms. The malware is advertised with features including FUD crypted payloads, kernel-level persistence, sandbox evasion, and a cloud-based C2 infrastructure. The seller claims limited availability of three copies before removing the listing.
Date: 2026-06-05T02:44:47Z
Network: openweb
Published URL: https://darknetarmy.io/threads/drx-rat-x-the-ultimate-remote-access-trojan-tool-framework-limited-access.136023/
Screenshots:
1 screenshot(s) available
Threat Actors: cyberhexa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of BIN information for ProCredit Bank Bulgaria VISA Credit Business card
Category: Carding
Content: A forum post on a carding community shares BIN information (416379) associated with a VISA Credit Business card issued by ProCredit Bank (Bulgaria) AD. The content is gated behind a reaction requirement, suggesting it is used to drive forum engagement. The post provides BIN-level card details usable for carding or fraud activity.
Date: 2026-06-05T02:43:59Z
Network: openweb
Published URL: https://darknetarmy.io/threads/%F0%9D%97%95%F0%9D%97%B6%F0%9D%97%BB-%F0%9D%97%9C%F0%9D%97%BB%F0%9D%97%B3%F0%9D%97%BC-%E2%9E%AA-416379-%F0%9F%82%A1-%F0%9D%97%9C%F0%9D%97%BB%F0%9D%97%B3%F0%9D%97%BC-%E2%9E%AA-visa-credit-business-%F0%9F%82%A1-%F0%9D%97%95%F0%9D%97%AE%F0%9D%97%BB%F0%9D%97%B8-%E2%9E%AA-procredit-bank-bulgaria-ad-%F0%9F%82%A1-%F0%9D%97%96%F0%9D%97%BC%F0%9D%98%82%F0%9D%97%BB%F0%9D%98%81%F0%9D%97%BF%F0%9D%98%BA-%E2%9E%AA-bulgaria-%F0%9F%87%A7%F0%9F%87%AC.136047/
Screenshots:
1 screenshot(s) available
Threat Actors: NickNix
Victim Country: Bulgaria
Victim Industry: Finance
Victim Organization: ProCredit Bank (Bulgaria) AD
Victim Site: Unknown
Alleged data leak of allegromusique.fr
Category: Data Leak
Content: A threat actor known as DBHunter has freely distributed a database allegedly belonging to allegromusique.fr, a French music retailer. The leaked data includes customer names, phone numbers, email addresses, birth dates, and account status fields. The post includes a sample of structured JSON records with IDs reaching into the millions, suggesting a potentially large dataset.
Date: 2026-06-05T02:43:16Z
Network: openweb
Published URL: https://darknetarmy.io/threads/database-fr-allegromusique-fr-leaked-download.129234/
Screenshots:
2 screenshot(s) available
Threat Actors: DBHunter
Victim Country: France
Victim Industry: Retail
Victim Organization: Allegro Musique
Victim Site: allegromusique.fr
Alleged data leak of Instituto Tecnológico del Istmo, Mexico
Category: Data Leak
Content: A threat actor is distributing an alleged database dump from Instituto Tecnológico del Istmo, Mexico. The dataset reportedly includes full names, phone numbers, personal email addresses, dates of birth, home addresses, CURP (national ID), academic program, disability status, indigenous language data, household information, and income details. The data is made available via a gated download link requiring forum engagement.
Date: 2026-06-05T02:42:38Z
Network: openweb
Published URL: https://darknetarmy.io/threads/database-m%C3%89xico-instituto-tecnol%C3%93gico-del-istmo.129229/
Screenshots:
1 screenshot(s) available
Threat Actors: DBHunter
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Instituto Tecnológico del Istmo
Victim Site: Unknown
Alleged data breach of cock.li email service
Category: Data Breach
Content: A threat actor has leaked what appears to be a database dump from cock.li, an anonymous email provider. The shared data includes email addresses, plaintext passwords, and IP addresses stored in an accounts table with records dating from 2018 to 2025. The post contains SQL schema and sample INSERT statements but the total record count is not specified.
Date: 2026-06-05T02:42:17Z
Network: openweb
Published URL: https://darknetarmy.io/threads/database-cock-li-database.87432/
Screenshots:
1 screenshot(s) available
Threat Actors: DBHunter
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: cock.li
Victim Site: cock.li
Alleged data breach of studentqr.com
Category: Data Breach
Content: A threat actor known as DBHunter claims to be leaking or selling the full database of studentqr.com, a Malaysian website. The post advertises full database access, suggesting a complete compromise of the platforms data. No further details are available from the post content.
Date: 2026-06-05T02:41:49Z
Network: openweb
Published URL: https://darknetarmy.io/threads/database-studentqr-com-malaysian-website-full-database-full-access.73723/
Screenshots:
1 screenshot(s) available
Threat Actors: DBHunter
Victim Country: Malaysia
Victim Industry: Education
Victim Organization: StudentQR
Victim Site: studentqr.com
Alleged data leak of My Kospra Malaysia member database
Category: Data Leak
Content: A threat actor has freely shared what appears to be a member database from My Kospra, a Malaysian government cooperative. The leaked data includes national ID numbers, full names, government email addresses, office and mobile phone numbers, member numbers, payroll numbers, membership dates, and membership status. Exposed individuals include senior Malaysian Anti-Corruption Commission (SPRM) officials based on the email domain sprm.gov.my.
Date: 2026-06-05T02:40:29Z
Network: openweb
Published URL: https://darknetarmy.io/threads/source-code-data-anggota-my-kospra-malaysia.74069/
Screenshots:
1 screenshot(s) available
Threat Actors: DBHunter
Victim Country: Malaysia
Victim Industry: Government
Victim Organization: My Kospra (Koperasi Perkhidmatan Awam Malaysia)
Victim Site: mykospra.com.my
Alleged data leak of Bulelang village resident data, Indonesia
Category: Data Leak
Content: A threat actor known as DBHunter has freely shared an alleged dataset containing approximately 2.606 million village resident records from Bulelang, Indonesia. The leaked data includes national identity numbers (NIK), family card numbers (KK), full names, dates of birth, and addresses at the village and sub-district level. The breach is claimed to have occurred in 2025.
Date: 2026-06-05T02:40:04Z
Network: openweb
Published URL: https://darknetarmy.io/threads/source-code-village-resident-data-sentsit-bulelang-2606-thousand.71200/
Screenshots:
2 screenshot(s) available
Threat Actors: DBHunter
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Sentsit Bulelang Village Administration
Victim Site: Unknown
Alleged data breach of Indiana Athletics
Category: Data Breach
Content: A threat actor known as DBHunter has shared what appears to be a SQL database dump from indianathletics.in, dated February 2023. The leaked data includes sensitive personal information such as full names, dates of birth, gender, nationality, email addresses, plaintext passwords, mobile numbers, Aadhaar numbers, and physical addresses of registered athletes. The data also contains references to identity documents including passport and photograph files.
Date: 2026-06-05T02:39:20Z
Network: openweb
Published URL: https://darknetarmy.io/threads/sql-indianathletics-in.97418/
Screenshots:
2 screenshot(s) available
Threat Actors: DBHunter
Victim Country: India
Victim Industry: Sports
Victim Organization: Indiana Athletics
Victim Site: indianathletics.in
Alleged data breach of NHCollegeLive Patcharkuchi
Category: Data Breach
Content: A threat actor known as DBHunter has leaked what appears to be a database dump from nhcollegelive.co.in, an Indian educational institutions online platform. The exposed data includes student names, addresses, email addresses, phone numbers, passwords, and enrollment details. The post was shared on a darknet forum under a hacked database leaks section.
Date: 2026-06-05T02:38:26Z
Network: openweb
Published URL: https://darknetarmy.io/threads/source-code-nhcollegelive-patcharkuchi-nhcollegelive-co-in.68728/
Screenshots:
1 screenshot(s) available
Threat Actors: DBHunter
Victim Country: India
Victim Industry: Education
Victim Organization: NHCollegeLive Patcharkuchi
Victim Site: nhcollegelive.co.in
Alleged data leak of Khidmah.com employee records (UAE and KSA)
Category: Data Leak
Content: A threat actor known as DBHunter has leaked a CSV database purportedly containing employee records from Khidmah.com, a services company operating in the UAE and KSA. The dataset contains approximately 3,000 lines and is being made available for free on a dark web forum in exchange for user reactions. The specific data fields included have not been disclosed in the post.
Date: 2026-06-05T02:37:49Z
Network: openweb
Published URL: https://darknetarmy.io/threads/khidmah-com-employees-uae-and-ksa-database-leak.68953/
Screenshots:
1 screenshot(s) available
Threat Actors: DBHunter
Victim Country: Unknown
Victim Industry: Services
Victim Organization: Khidmah
Victim Site: khidmah.com
Alleged source code database leak targeting Israel
Category: Data Leak
Content: A forum post on Darknet Army claims to share a source code database associated with an Israeli target. The content is gated behind a reply-and-react requirement, limiting visibility of specifics. No organization name, record count, or further details are disclosed in the post.
Date: 2026-06-05T02:37:25Z
Network: openweb
Published URL: https://darknetarmy.io/threads/source-code-database-israel.68039/
Screenshots:
1 screenshot(s) available
Threat Actors: DBHunter
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Casino/Gambling Database Records from Multiple Countries
Category: Data Breach
Content: A threat actor is offering gambling/casino database records from multiple countries including Germany, Netherlands, Vietnam, Indonesia, and Canada, advertised as 2026 data. The seller claims millions of records are available, priced at $500 per 100,000 lines, with payment accepted in fiat and cryptocurrency. No specific victim organizations are named.
Date: 2026-06-05T02:29:25Z
Network: openweb
Published URL: https://breachforum.su/Thread-SELLING-Casino-Databases-2026-Germany-Netharlands-Vietnam-Indonesia-Canada
Screenshots:
1 screenshot(s) available
Threat Actors: Business2025
Victim Country: Unknown
Victim Industry: Gambling
Victim Organization: Unknown
Victim Site: Unknown
Request for fake ID vendors and fullz with bank accounts
Category: Carding
Content: A forum user is soliciting recommendations for vendors who can produce fake IDs using fullz (full personal identity records) to facilitate fraudulent bank account opening or check cashing. The user is also seeking to purchase fullz that already have associated bank accounts.
Date: 2026-06-05T01:53:59Z
Network: openweb
Published URL: https://altenens.is/threads/help-with-ids-and-being-able-to-open-bank-account-cash-check.2950936/unread
Screenshots:
None
Threat Actors: mccjohnson69
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fraudulent identity documents, fullz, and financial accounts
Category: Carding
Content: A threat actor is offering fraudulent physical identity documents including drivers licenses, SSNs, and birth certificates, advertised as scannable with UV and raised text features. The seller also claims to provide business fullz (EIN, owner SSN, credit reports), verified payment accounts (CashApp, Zelle, PayPal), and a cryptocurrency mixing service routing BTC through Monero. Shipment is offered domestically and internationally.
Date: 2026-06-05T01:43:18Z
Network: openweb
Published URL: https://darknetarmy.io/threads/scannable-uv-and-raised-text-if-walk-in.136012/
Screenshots:
1 screenshot(s) available
Threat Actors: cocosasha
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Wish Carding Tutorial Posted on Dark Net Army Forum
Category: Carding
Content: A forum member posted a carding tutorial targeting Wish, gated behind a Reply & React engagement requirement. The actual tutorial content is hidden and not visible in the post. No specific card data or victim organization is disclosed.
Date: 2026-06-05T01:42:30Z
Network: openweb
Published URL: https://darknetarmy.io/threads/%F0%9F%94%B0wish-carding-tutorial%F0%9F%94%B0.116476/
Screenshots:
1 screenshot(s) available
Threat Actors: SyntaxSin
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: wish.com
Free credit cards shared on carding forum
Category: Carding
Content: A forum member on a carding-focused forum is offering free credit card data gated behind a reply-and-react engagement mechanism. The actual card data is hidden and only accessible after user interaction. No further details about the card count, origin, or victim are available.
Date: 2026-06-05T01:42:08Z
Network: openweb
Published URL: https://darknetarmy.io/threads/free-credit-cards-enjoy.116470/
Screenshots:
1 screenshot(s) available
Threat Actors: SyntaxSin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Nike carding method and BIN shared on forum
Category: Carding
Content: A forum member has shared a carding method and associated BIN targeting Nike, gated behind a reply-and-react engagement requirement. The post is part of a carding tutorials and tools forum section. No further technical details are visible without user interaction.
Date: 2026-06-05T01:41:47Z
Network: openweb
Published URL: https://darknetarmy.io/threads/nike-carding-method-with-bin.116467/
Screenshots:
1 screenshot(s) available
Threat Actors: SyntaxSin
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Nike
Victim Site: nike.com
Carding tutorial shared on darknet forum
Category: Carding
Content: A forum post on Darknet Army advertises a carding tutorial titled How to Become a Professional Carder. The content is gated behind a reaction requirement and the actual tutorial material is not visible. No specific victim, card data, or operational details are disclosed in the visible portion of the post.
Date: 2026-06-05T01:41:21Z
Network: openweb
Published URL: https://darknetarmy.io/threads/%F0%9F%94%B0how-to-become-a-professional-carder%F0%9F%94%B0.116461/
Screenshots:
1 screenshot(s) available
Threat Actors: SyntaxSin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Credit card response codes tutorial shared on carding forum
Category: Carding
Content: A forum post on a carding-focused forum offers content related to credit card response codes, gated behind a reply-and-react requirement. The actual content is hidden and not visible in the post.
Date: 2026-06-05T01:41:01Z
Network: openweb
Published URL: https://darknetarmy.io/threads/credit-card-response-codes.116447/
Screenshots:
1 screenshot(s) available
Threat Actors: SyntaxSin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Cash App Carding Method Tutorial Shared on Forum
Category: Carding
Content: A forum user shared a carding tutorial targeting Cash App, gated behind a reply-and-react requirement. The post advertises a working guide for beginners on carding Cash App accounts or transactions. No specific victim data or credentials are included in the visible post content.
Date: 2026-06-05T01:40:31Z
Network: openweb
Published URL: https://darknetarmy.io/threads/cash-app-carding-method-%E2%80%93-working-guide-for-beginners.116450/
Screenshots:
1 screenshot(s) available
Threat Actors: SyntaxSin
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: cash.app
Carding method shared for Ding recharge service using BIN
Category: Carding
Content: A forum member is sharing a carding method targeting the Ding international recharge service, gated behind a reply-and-react requirement. The post references a specific BIN for use in the carding technique.
Date: 2026-06-05T01:40:08Z
Network: openweb
Published URL: https://darknetarmy.io/threads/ding-recharge-method-with-bin.116443/
Screenshots:
1 screenshot(s) available
Threat Actors: SyntaxSin
Victim Country: Unknown
Victim Industry: Telecommunications
Victim Organization: Ding
Victim Site: ding.com
Carding tutorial: How to card hotels
Category: Carding
Content: A forum member posted a tutorial on carding hotels, gated behind engagement requirements. No specific victim organization or payment card data is disclosed in the visible portion of the post.
Date: 2026-06-05T01:39:50Z
Network: openweb
Published URL: https://darknetarmy.io/threads/how-to-card-hotels.116436/
Screenshots:
1 screenshot(s) available
Threat Actors: SyntaxSin
Victim Country: Unknown
Victim Industry: Hospitality
Victim Organization: Unknown
Victim Site: Unknown
StockX carding method shared on forum
Category: Carding
Content: A forum member is sharing a carding method targeting StockX, gated behind engagement reactions. The full content of the method is not visible without user interaction.
Date: 2026-06-05T01:39:28Z
Network: openweb
Published URL: https://darknetarmy.io/threads/stockx-carding-method.115314/
Screenshots:
1 screenshot(s) available
Threat Actors: SyntaxSin
Victim Country: United States
Victim Industry: Retail
Victim Organization: StockX
Victim Site: stockx.com
Alleged data breach of Infinite Campus, Inc.
Category: Data Breach
Content: A threat actor known as DBHunter claims to have compromised Salesforce records belonging to Infinite Campus, Inc., an education software provider. The leaked data allegedly includes contract records containing PII and internal corporate data such as account names, billing information, contract financials, and account owner details. A sample of the data referencing multiple school districts across the United States was shared on the forum, gated behind a reaction requirement.
Date: 2026-06-05T01:38:35Z
Network: openweb
Published URL: https://darknetarmy.io/threads/infinite-campus-inc.129252/
Screenshots:
2 screenshot(s) available
Threat Actors: DBHunter
Victim Country: United States
Victim Industry: Education
Victim Organization: Infinite Campus, Inc.
Victim Site: infinitecampus.com
Alleged data leak of Comision Nacional de Seguros y Fianzas (CNSF), Mexico
Category: Data Leak
Content: A threat actor known as DBHunter claims to have leaked data from Mexicos Comision Nacional de Seguros y Fianzas (CNSF), allegedly exposing 95,178 individuals. The leaked records, in PDF format, purportedly contain personal identifiers including full name, CURP, RFC, cedula number, validity period, occupation, and a photo. The actor states the leak was performed on January 30, 2026, and that only a filtered subset has been shared.
Date: 2026-06-05T01:38:01Z
Network: openweb
Published URL: https://darknetarmy.io/threads/data-leak-of-comision-nacional-de-seguros-y-fianzas-mx.129249/
Screenshots:
1 screenshot(s) available
Threat Actors: DBHunter
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Comision Nacional de Seguros y Fianzas
Victim Site: cnsf.gob.mx
Alleged data leak of LHKPN wealth reports for PSI DPRD DKI Jakarta members (2024-2029)
Category: Data Leak
Content: A threat actor operating under the alias SHENIRA6CORE has allegedly leaked official wealth disclosure reports (LHKPN) for 8 PSI fraction members of the Jakarta Regional House of Representatives covering the 2024-2029 cycle. The exposed data includes full names, national ID numbers (NIK), official positions, residential addresses, and detailed asset and liability information including real estate, vehicles, securities, and bank balances. The data is being distributed freely via a gated reply-to
Date: 2026-06-05T01:37:35Z
Network: openweb
Published URL: https://darknetarmy.io/threads/database-data-exposure-by-shenira6core-lhkpn-psi-dprd-dki-jakarta-2024-2029.129244/
Screenshots:
2 screenshot(s) available
Threat Actors: DBHunter
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: PSI Fraction – Jakarta Regional House of Representatives (DPRD DKI Jakarta)
Victim Site: Unknown
Alleged leak of Indian identity documents including ID and drivers license
Category: Data Leak
Content: A threat actor has freely shared what are claimed to be Indian identity documents, including national IDs and drivers licenses, via a file-sharing link. The post provides no further details on the source, volume, or origin of the documents.
Date: 2026-06-05T01:33:39Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78997
Screenshots:
1 screenshot(s) available
Threat Actors: Arnoldsudney
Victim Country: India
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of DIF Colima – Mexican Family Development Agency
Category: Data Leak
Content: Threat actors SoulHemTeam and Sqx claim to have leaked data from DIF Colima, a Mexican government family development agency. The leaked data allegedly includes full names, national IDs (DNIs), RUTs, CVs, government program records, and photos in XLSX, PDF, and TXT formats. The data was made available via a public file-sharing link, with actors citing poor security as the enabler.
Date: 2026-06-05T01:33:30Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Sistema-Integral-Para-El-Desarrollo-De-La-Familia
Screenshots:
1 screenshot(s) available
Threat Actors: sqx
Victim Country: Mexico
Victim Industry: Government
Victim Organization: DIF Colima (Sistema Integral para el Desarrollo de la Familia)
Victim Site: Unknown
Website Defacement of Madagascar Ministry by S4uD1Pwnz Team Member omgsmok
Category: Defacement
Content: On June 5, 2026, the official website of Madagascars Ministry of Communication (mincc.gov.mg) was defaced by threat actor omgsmok, operating under the team S4uD1Pwnz. The attack targeted a Linux-based government web server and resulted in a single-page defacement. No specific political motive or technical vulnerability was disclosed in the available incident data.
Date: 2026-06-05T01:22:36Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249801
Screenshots:
1 screenshot(s) available
Threat Actors: omgsmok, S4uD1Pwnz
Victim Country: Madagascar
Victim Industry: Government
Victim Organization: Ministry of Communication (Madagascar)
Victim Site: mincc.gov.mg
Alleged data breach of Moroccan Ministry of Education internal examination platform
Category: Data Leak
Content: A threat actor claiming to be Jabaroot alleges unauthorized access to systems associated with the Moroccan Ministry of Educations internal examination platform. The actor claims to have extracted internal reports, audit logs, and validation records prior to an incident-response purge, and has leaked documents purportedly including structural analysis of the 2026 Mathematics Baccalaureate examination. Supporting files and screenshots have been made available via external hosting links.
Date: 2026-06-05T00:50:00Z
Network: openweb
Published URL: https://breachforum.su/Thread-DOCUMENTS-LEAK-Moroccan-Ministry-of-Education-%E2%80%93-Internal-Examination-Platform
Screenshots:
1 screenshot(s) available
Threat Actors: jabaroot0
Victim Country: Morocco
Victim Industry: Government
Victim Organization: Moroccan Ministry of Education
Victim Site: Unknown
Alleged data leak of Root-Me.org challenge files
Category: Data Leak
Content: A threat actor is freely distributing a scraped archive of all challenges from Root Me, a French cybersecurity training platform, comprising 15,200 files across 660 folders. The data has been made available via two external download links. The post does not indicate a database breach but rather a bulk scrape or unauthorized collection of platform content.
Date: 2026-06-05T00:46:24Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78995
Screenshots:
1 screenshot(s) available
Threat Actors: Kiria
Victim Country: France
Victim Industry: Education
Victim Organization: Root Me
Victim Site: root-me.org
Alleged data breach of 2026Russia Online Legal Consultation platform
Category: Data Breach
Content: A threat actor has allegedly published or is offering data from a Russian online legal consultation platform, reportedly affecting 1 million users. No additional details are available from the post content. The breach appears to target a legal services provider based in Russia.
Date: 2026-06-05T00:42:02Z
Network: openweb
Published URL: https://breachforum.su/Thread-2026Russia-Online-Legal-Consultation-1M-Users
Screenshots:
1 screenshot(s) available
Threat Actors: FGHY9980
Victim Country: Russia
Victim Industry: Legal Services
Victim Organization: 2026Russia Online Legal Consultation
Victim Site: Unknown
Alleged data leak of Root-Me challenge files
Category: Data Leak
Content: A threat actor known as Kiria is freely sharing what they claim to be a scrape of all challenge-related files from the cybersecurity training platform Root-Me, comprising 15,200 files across 660 folders. The content is made available via two external file-sharing links. No credentials or personal data are explicitly mentioned; the leak appears to target the platforms challenge content.
Date: 2026-06-05T00:30:33Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78995
Screenshots:
1 screenshot(s) available
Threat Actors: Kiria
Victim Country: France
Victim Industry: Education
Victim Organization: Root Me
Victim Site: root-me.org