Detected Incidents Draft Data – 2026-06-09 (run date)
- Sale of alleged Google Edge Firewall 0-day bypass and Wickr/Eero infrastructure data
Category: Vulnerability
Content: A threat actor is offering for sale an alleged zero-day bypass of Google Edge Firewall (GEF) and Cloud Armor, priced at 3 BTC, claiming it delivers raw payloads directly to backend infrastructure. Additionally, the actor is selling purported Wickr Enterprise master mnemonic seed keys and internal public keys — claimed to enable E2EE decryption and identity takeover — alongside an active Shopify Storefront Access Token linked to Eero infrastructure, priced at 1.2 BTC. The claims are unverified an…
Date: 2026-06-09T05:08:03Z
Network: openweb
Published URL: https://breached.su/threads/google-edge-firewall-gef-0-day-bypass-wickr-eero-infrastructure-data.88108/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Orcinus orca
Victim Country: United States
Victim Industry: Technology
Victim Organization: Google
Victim Site: google.com - Website Defacement of Baligrosir by Raxor404 (SANTIAGO404)
Category: Defacement
Content: On June 9, 2026, threat actor Raxor404, operating under the team SANTIAGO404, defaced the login page of www.baligrosir.com, an Indonesian wholesale e-commerce platform. The attack targeted a specific login endpoint rather than the homepage, suggesting a targeted intrusion. The incident was recorded and mirrored by zone-xsec.com with mirror ID 931952.
Date: 2026-06-09T04:50:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931952
Screenshots:
1 screenshot(s) available
Threat Actors: Raxor404, SANTIAGO404
Victim Country: Indonesia
Victim Industry: E-Commerce / Wholesale Retail
Victim Organization: Bali Grosir
Victim Site: www.baligrosir.com - Website Defacement of Cronus by Raxor404 of SANTIAGO404
Category: Defacement
Content: On June 9, 2026, the website cronus.com.my was defaced by threat actor Raxor404, operating under the group SANTIAGO404. The attack targeted a specific page path (/master) and was neither a mass defacement nor a redefacement, suggesting a targeted intrusion against this Malaysian organization.
Date: 2026-06-09T04:27:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931951
Screenshots:
1 screenshot(s) available
Threat Actors: Raxor404, SANTIAGO404
Victim Country: Malaysia
Victim Industry: Unknown
Victim Organization: Cronus
Victim Site: cronus.com.my - Website Redefacement of Handicrafts Zone by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: The website handicraftszone.com was defaced by threat actor azraelzer0d4y, a member of the group b1ohaz4rd, on June 9, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised by the same or a different attacker. The defacement targeted a subdirectory of the media folder rather than the homepage, and a mirror of the defaced page has been archived at zone-xsec.com.
Date: 2026-06-09T04:21:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931943
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Retail / Handicrafts & Arts
Victim Organization: Handicrafts Zone
Victim Site: www.handicraftszone.com - Website defacement of Pivotel by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On June 9, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a page on the Australian telecommunications company Pivotels website. The attack targeted a sub-path within the public media directory and was not classified as a mass or home page defacement. A mirror of the defacement was archived via zone-xsec.com.
Date: 2026-06-09T04:19:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931946
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Australia
Victim Industry: Telecommunications
Victim Organization: Pivotel
Victim Site: www.pivotel.com.au - Website Defacement of cpct-copycat.com by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On June 9, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a subdirectory of www.cpct-copycat.com. The attack targeted a specific media path rather than the homepage, suggesting a targeted subdirectory defacement. No specific motive or additional technical details were disclosed.
Date: 2026-06-09T04:18:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931940
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: CPCT Copycat
Victim Site: www.cpct-copycat.com - Website Defacement of Ainmane by Threat Actor azraelzer0d4y (b1ohaz4rd Team)
Category: Defacement
Content: Threat actor azraelzer0d4y, operating under the team b1ohaz4rd, defaced a subdirectory of the website ainmane.com on June 9, 2026. The defacement targeted a specific media path within the site rather than the homepage, indicating a targeted intrusion into the web servers public media directory. The incident was recorded and mirrored by zone-xsec.com under mirror ID 931950.
Date: 2026-06-09T04:17:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931950
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: E-Commerce
Victim Organization: Ainmane
Victim Site: www.ainmane.com - Website Redefacement of Classic Motorcycle Spares by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On June 9, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, carried out a redefacement of the Classic Motorcycle Spares website. This incident marks at least a second defacement of the same target, indicating persistent targeting by the attacker. No specific motive or technical details were disclosed in the available intelligence.
Date: 2026-06-09T04:16:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931942
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Retail – Automotive Parts
Victim Organization: Classic Motorcycle Spares
Victim Site: www.classicmotorcyclespares.co - Website Redefacement of OMS Electric by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: The website omselectric.com.sg, belonging to OMS Electric in Singapore, was defaced by threat actor azraelzer0d4y operating under the team b1ohaz4rd on June 9, 2026. This incident is recorded as a redefacement, indicating the site had been previously compromised by the same or another attacker. The attack targeted a subdirectory path rather than the homepage, suggesting exploitation of a vulnerable web application component.
Date: 2026-06-09T04:15:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931938
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Singapore
Victim Industry: Electrical Services / Energy
Victim Organization: OMS Electric
Victim Site: www.omselectric.com.sg - Alleged data breach of Cyprus Airways
Category: Data Breach
Content: A threat actor is offering what they claim to be the full dataset of Cyprus Airways for sale, requiring a middleman for the transaction. The data was previously listed for sale by another actor identified as rip_real_world, suggesting the dataset may have changed hands or is being resold.
Date: 2026-06-09T04:08:55Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79461
Screenshots:
1 screenshot(s) available
Threat Actors: nazmaster
Victim Country: Cyprus
Victim Industry: Transportation
Victim Organization: Cyprus Airways
Victim Site: Unknown - Website Defacement of melhorescolha.net by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On June 9, 2026, a threat actor known as azraelzer0d4y, operating under the team b1ohaz4rd, defaced a subdirectory of melhorescolha.net. The attack was a targeted single-page defacement, not classified as a mass or home page defacement. No specific motivation or server details were disclosed in connection with the incident.
Date: 2026-06-09T04:03:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931929
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Melhorescolha
Victim Site: melhorescolha.net - Website Defacement of Sophie Collection by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On June 9, 2026, the Australian retail website sophiecollection.com.au was defaced by threat actor azraelzer0d4y, operating under the team b1ohaz4rd. The attack was a targeted single-page defacement, with no indication of mass or repeated defacement activity. The incident was archived via zone-xsec.com mirror.
Date: 2026-06-09T04:02:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931935
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Australia
Victim Industry: Retail / E-Commerce
Victim Organization: Sophie Collection
Victim Site: www.sophiecollection.com.au - Website Defacement of BS Computers by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On June 9, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a subdirectory of bscomputers.com.au, an Australian computer services company. The attack was a targeted single-site defacement, not classified as mass or home page defacement. No specific motive or server details were disclosed.
Date: 2026-06-09T04:01:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931937
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Australia
Victim Industry: Technology / Computer Services
Victim Organization: BS Computers
Victim Site: www.bscomputers.com.au - Website Redefacement of Conecticplus by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: The website conecticplus.com was redefaced by threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, on June 9, 2026. This incident is marked as a redefacement, indicating the site had been previously compromised by the same or a related actor. The attack targeted a subdirectory within the sites media path, suggesting exploitation of a publicly accessible web directory.
Date: 2026-06-09T04:00:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931933
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Technology/Connectivity Services
Victim Organization: Conecticplus
Victim Site: www.conecticplus.com - Website defacement of DBS by azraelzer0d4y of b1ohaz4rd
Category: Defacement
Content: On June 9, 2026, threat actor azraelzer0d4y, operating under the team b1ohaz4rd, defaced a page on the Norwegian domain www.dbs.no, targeting a media or customer address directory path. The incident was a single targeted defacement, not classified as mass or home page defacement. No additional technical details such as server software or IP address were disclosed.
Date: 2026-06-09T03:58:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931936
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Norway
Victim Industry: Financial Services
Victim Organization: DBS
Victim Site: www.dbs.no - Website Redefacement of Wahlmans Klader by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: The Swedish clothing retailer Wahlmans Klader had a subdirectory of its website defaced by threat actor azraelzer0d4y, operating under the team b1ohaz4rd, on June 9, 2026. This incident is recorded as a redefacement, indicating the site had been previously compromised by the same or another actor. The defacement targeted a non-homepage path and was not part of a mass defacement campaign.
Date: 2026-06-09T03:57:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931934
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Sweden
Victim Industry: Retail / Fashion
Victim Organization: Wahlmans Klader
Victim Site: www.wahlmansklader.se - Website Redefacement of Gaddis New York by azraelzer0d4y of b1ohaz4rd
Category: Defacement
Content: The website gaddisny.com was redefaced by threat actor azraelzer0d4y, a member of the group b1ohaz4rd, on June 9, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised and defaced by the same or another actor. The attack targeted a subdirectory within the sites media path, suggesting possible exploitation of a content management system vulnerability.
Date: 2026-06-09T03:56:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931932
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: United States
Victim Industry: Retail / E-commerce
Victim Organization: Gaddis New York
Victim Site: www.gaddisny.com - Website Redefacement of Aeras Medical by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: The threat actor azraelzer0d4y, operating under the team b1ohaz4rd, conducted a redefacement of the Aeras Medical website on June 9, 2026, targeting a subdirectory path within the media section of the site. This is a confirmed redefacement, indicating the attacker had previously compromised the same target. The incident was archived via zone-xsec mirror ID 931931.
Date: 2026-06-09T03:54:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931931
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Healthcare / Medical
Victim Organization: Aeras Medical
Victim Site: www.aerasmedical.com - Website Defacement of Aaralia Technologies by Raxor404 (SANTIAGO404)
Category: Defacement
Content: On June 9, 2026, threat actor Raxor404, operating under the team SANTIAGO404, successfully defaced the homepage of Aaralia Technologies at www.aaraliastechnologies.com. The attack was a targeted single-site homepage defacement and does not appear to be part of a mass defacement campaign. No specific motive or proof-of-concept details were disclosed, and server infrastructure details remain unknown.
Date: 2026-06-09T03:36:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931928
Screenshots:
1 screenshot(s) available
Threat Actors: Raxor404, SANTIAGO404
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Aaralia Technologies
Victim Site: www.aaraliastechnologies.com - Sale of stolen payment cards and financial transfer services
Category: Carding
Content: A forum user is advertising the sale of stolen payment card data including credit/debit cards, dumps with PINs, EBT cards with PINs, and track 1&2 data. The seller also offers fraudulent financial transfers via Cashapp, Apple Pay, PayPal, and bank transfers for US and UK targets. Contact is solicited via Telegram and Discord.
Date: 2026-06-09T03:14:51Z
Network: openweb
Published URL: https://crackingx.com/threads/78551/
Screenshots:
1 screenshot(s) available
Threat Actors: MICKYNUTMOUSEI
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement of Proteus Sensor by azraelzer0d4y (b1ohaz4rd team)
Category: Defacement
Content: On June 9, 2026, the website proteussensor.com was defaced by threat actor azraelzer0d4y, operating under the team b1ohaz4rd. The defacement targeted a subdirectory of the site rather than the homepage, indicating a targeted partial defacement. No specific motive or exploited vulnerability details were disclosed.
Date: 2026-06-09T02:51:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931922
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Technology / Sensor Manufacturing
Victim Organization: Proteus Sensor
Victim Site: proteussensor.com - Website Defacement of Maqna.de by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On June 9, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a sub-path of the German website maqna.de, targeting a media/custom directory likely associated with a web store or CMS platform. The defacement was a targeted single-site attack with no indication of mass or repeated defacement activity. A mirror of the defacement was archived via zone-xsec.com.
Date: 2026-06-09T02:50:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931923
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Germany
Victim Industry: E-commerce / Retail
Victim Organization: Maqna
Victim Site: www.maqna.de - Website Redefacement of Bioline by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: Threat actor azraelzer0d4y, operating under the team b1ohaz4rd, conducted a redefacement of a media/customer directory on the Bioline website on June 9, 2026. This incident marks at least a second defacement of the targeted URL, indicating persistent targeting of the victim. The defaced page was archived and mirrored via zone-xsec.com.
Date: 2026-06-09T02:48:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931924
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Life Sciences / Biotechnology
Victim Organization: Bioline
Victim Site: www.bioline.com - Website Redefacement of Catwalk Kratzbaeume by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: The website catwalk-kratzbaeume.de, a German pet supplies retailer specializing in cat scratching trees, was defaced by threat actor azraelzer0d4y operating under the team b1ohaz4rd on June 9, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised and targeted again. The attack affected a subdirectory path rather than the homepage, suggesting targeted exploitation of a specific web application component.
Date: 2026-06-09T02:46:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931921
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Germany
Victim Industry: Retail / Pet Supplies
Victim Organization: Catwalk Kratzbaeume
Victim Site: www.catwalk-kratzbaeume.de - Website Defacement of shop1one.com by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On June 9, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a media directory path on the e-commerce website shop1one.com. The attack targeted a subdirectory likely associated with a Magento or similar CMS platforms public media folder. The incident was a targeted single-site defacement, with the mirror archived via zone-xsec.com.
Date: 2026-06-09T02:23:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931917
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: E-commerce / Retail
Victim Organization: Shop1One
Victim Site: www.shop1one.com - Alleged data leak of Nandos UK employee records
Category: Data Leak
Content: A threat actor is sharing alleged Nandos UK employee records totalling approximately 126,000 entries across three datasets, including current and historical staff. The data includes worker names, IDs, positions, supervisory organizations, phone numbers, emails, and locations. The content is gated behind a forum reply requirement and distributed at no apparent cost.
Date: 2026-06-09T02:22:19Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-UK-126K-Nandos-Employee
Screenshots:
1 screenshot(s) available
Threat Actors: itachigene
Victim Country: United Kingdom
Victim Industry: Retail
Victim Organization: Nandos
Victim Site: nandos.co.uk - Website Defacement of Sewing-Online.com by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On June 9, 2026, the website sewing-online.com was defaced by threat actor azraelzer0d4y, operating under the team b1ohaz4rd. The attack targeted a subdirectory of the site and was a singular, non-mass defacement incident. The defacement was archived and mirrored via zone-xsec.com.
Date: 2026-06-09T02:22:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931919
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Retail / E-Commerce (Sewing & Crafts)
Victim Organization: Sewing Online
Victim Site: sewing-online.com - Alleged sale of access to private archive containing stolen databases from 65+ countries
Category: Data Breach
Content: Threat actor operating DarkForums Private Archive selling subscription access to stolen databases including military documents, company databases, personal consumer information, SSN/SIN records, credentials (email:password, username:password), phone lists, and dehashed data. Claims to have data from Europe, Asia, Africa, America, and Australia. Offering monthly ($300), quarterly ($600), and lifetime ($1500) subscription plans with 24/7 support.
Date: 2026-06-09T02:21:36Z
Network: telegram
Published URL: https://t.me/c/3881241221/32
Screenshots:
1 screenshot(s) available
Threat Actors: DarkForums
Victim Country: Multiple countries
Victim Industry: Multiple sectors
Victim Organization: Unknown
Victim Site: Unknown - Website defacement of Suzy Seeds by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On June 9, 2026, threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced a media or customer-related subdirectory on suzyseeds.com, a seed and gardening retail website. The attack was a targeted single-page defacement rather than a mass or home page defacement. The incident has been archived via zone-xsec.com mirror for reference.
Date: 2026-06-09T02:20:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931918
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Retail / Agriculture & Gardening
Victim Organization: Suzy Seeds
Victim Site: suzyseeds.com - Alleged data breach of Robinhood
Category: Data Breach
Content: A threat actor is offering an alleged database from Robinhood containing 21,222 records with fields including full name, address, phone number, date of birth, credit score, investment details, asset values, and email addresses. The actor is advertising the full database via direct message. The sample data suggests the records pertain to Robinhood customers with investment and financial profile information.
Date: 2026-06-09T01:51:38Z
Network: openweb
Published URL: https://breached.su/threads/database-robinhood-com.88107/unread
Screenshots:
1 screenshot(s) available
Threat Actors: 0xulnar
Victim Country: United States
Victim Industry: Finance
Victim Organization: Robinhood
Victim Site: robinhood.com - Alleged data breach of Robinhood.com database
Category: Data Breach
Content: A Breachforums user (0xulnarr) has posted about a database breach involving robinhood.com. The threat actor has created a public thread on Breachforums disclosing the stolen database, indicating potential data exfiltration from the financial trading platform.
Date: 2026-06-09T01:39:12Z
Network: telegram
Published URL: https://t.me/lunar0xx/21
Screenshots:
2 screenshot(s) available
Threat Actors: 0xulnarr
Victim Country: United States
Victim Industry: Financial Services/Trading
Victim Organization: Robinhood
Victim Site: robinhood.com - Alleged data leak of Tea dating app identity verification documents
Category: Data Leak
Content: A threat actor has leaked extracted text data from 2,325 identity verification photos allegedly obtained from a breach of the Tea dating app. The exposed documents include drivers licenses, passports, and gun permits. The data is offered as hidden content on a breach forum.
Date: 2026-06-09T01:35:05Z
Network: openweb
Published URL: https://breachforum.ws/Thread-Tea-Drivers-License-Database
Screenshots:
1 screenshot(s) available
Threat Actors: Whattho
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Tea
Victim Site: Unknown - Sale of Cursor AI credit bypass exploit plugin
Category: Vulnerability
Content: A threat actor is selling a 7-day license for a plugin claiming to bypass Cursor AIs credit/usage limits for $25. The offering includes a bypass plugin, tutorial, and license key with auto-delivery, and purports to allow unlimited AI credit generation. The seller claims to provide updated bypass methods if the platform patches the exploit.
Date: 2026-06-09T01:30:37Z
Network: openweb
Published URL: https://cracked.st/Thread-Unlimited-Usage-Exploit-Cursor-1-Week–2106599
Screenshots:
1 screenshot(s) available
Threat Actors: Audacity
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Cursor
Victim Site: cursor.com - Alleged data breach of Ochre Health Australia exposing patient medical records
Category: Data Breach
Content: A threat actor is selling an alleged database dump from Ochre Health, an Australian general practice and allied health network. The dataset reportedly includes 25,000+ patients and 700,000+ records containing appointment details, patient names, dates of birth, mobile numbers, email addresses, Medicare numbers, payment amounts, and DVA numbers. Sample records with personally identifiable and Medicare-linked health information were posted as proof.
Date: 2026-06-09T01:25:50Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-Ochre-Health-Australia-25K-Patients-700K-Records
Screenshots:
1 screenshot(s) available
Threat Actors: 2019
Victim Country: Australia
Victim Industry: Healthcare
Victim Organization: Ochre Health
Victim Site: ochrehealth.com.au - Alleged data leak of Rajabhat Maha Sarakham University affecting 220K students
Category: Data Breach
Content: A threat actor claims to have leaked a database from Rajabhat Maha Sarakham University (rmu.ac.th) allegedly breached in September 2025. The dataset purportedly contains records of approximately 220,000 student users and is being distributed free of charge on the forum.
Date: 2026-06-09T01:22:55Z
Network: openweb
Published URL: https://darknetarmy.io/threads/database-rmu-ac-th-220k-students-leaked-download.137018/
Screenshots:
1 screenshot(s) available
Threat Actors: DBHunter
Victim Country: Thailand
Victim Industry: Education
Victim Organization: Rajabhat Maha Sarakham University
Victim Site: rmu.ac.th - Alleged data leak of Banc Certified Merchant Services (banccertified.com)
Category: Data Breach
Content: A threat actor operating under the alias DBHunter claims to have leaked a database belonging to Banc Certified Merchant Services (banccertified.com) and made it available for free download on a darknet forum. The post includes a sample and requires user interaction to access the full download link. The specific data types and record count have not been disclosed.
Date: 2026-06-09T01:22:32Z
Network: openweb
Published URL: https://darknetarmy.io/threads/database-bcms-banccertified-com-data-breach-leaked-download.136611/
Screenshots:
2 screenshot(s) available
Threat Actors: DBHunter
Victim Country: United States
Victim Industry: Finance
Victim Organization: Banc Certified Merchant Services
Victim Site: banccertified.com - Alleged data leak of student records from SMPN 8 Bekasi
Category: Data Breach
Content: A threat actor using the handle DBHunter claims to have leaked personal data of female students (siswi) from SMPN 8, a public junior high school in Bekasi, Indonesia. The data is gated behind a reply-and-react requirement on a dark web forum. The post does not specify the number of records or data fields included.
Date: 2026-06-09T01:22:11Z
Network: openweb
Published URL: https://darknetarmy.io/threads/databse-siswi-kls-8f.136995/
Screenshots:
1 screenshot(s) available
Threat Actors: DBHunter
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMPN 8 Bekasi
Victim Site: Unknown - Alleged data breach of Zeemart Singapore
Category: Data Breach
Content: A threat actor is distributing an alleged database dump from Zeemart, a Singapore-based B2B procurement and supply-chain platform serving the food and beverage industry. The leaked data reportedly includes user profiles (names, emails, phone numbers, company and outlet details, roles), company records, outlet information including addresses and subscription plans, and order records including financial totals and delivery details. Sample records containing personally identifiable information of r…
Date: 2026-06-09T01:20:19Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Zeemart-Singapore-510K
Screenshots:
1 screenshot(s) available
Threat Actors: 2019
Victim Country: Singapore
Victim Industry: Technology
Victim Organization: Zeemart
Victim Site: zeemart.com - Alleged data breach of Napoleon Perdis Australia
Category: Data Breach
Content: A threat actor is sharing an alleged database dump of Napoleon Perdis Australia containing over 339,100 customer records. The exposed data includes customer names, addresses, phone numbers, email addresses, loyalty program details, and transaction history. The dataset is gated behind a reply requirement on a darknet forum.
Date: 2026-06-09T01:19:19Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Napoleon-Perdis-Australia-339-1K-Customers
Screenshots:
1 screenshot(s) available
Threat Actors: 2019
Victim Country: Australia
Victim Industry: Retail
Victim Organization: Napoleon Perdis
Victim Site: napoleonperdis.com - Alleged Iron Atlas Personal Data Lookup Service – Argentine DNI Queries
Category: Data Leak
Content: Iron Atlas New Generation threat actor advertising a new function enabling DNI (Argentine national ID) lookups with personal information including full names, addresses, age, and birth dates. The service operates on a credit-based payment model. Example query shown for DNI 28065855 returning full PII of an Argentine citizen (Blanca Aida Giappone, age 46, with residential address).
Date: 2026-06-09T01:02:26Z
Network: telegram
Published URL: https://t.me/c/3518294966/176
Screenshots:
2 screenshot(s) available
Threat Actors: Iron Atlas New Generation
Victim Country: Argentina
Victim Industry: Government/Public Records
Victim Organization: Unknown
Victim Site: Unknown - Sale of 30 visiting credit cards
Category: Carding
Content: A forum user is offering 30 credit cards, gated behind a reply-and-react engagement requirement. No additional details about card origin, BINs, or country are provided in the visible post.
Date: 2026-06-09T00:58:40Z
Network: openweb
Published URL: https://darknetarmy.io/threads/visiting-credit-cards-x30.137097/
Screenshots:
1 screenshot(s) available
Threat Actors: SharkBank
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of phishing/spamming course including tools and infrastructure for credential and financial data theft
Category: Phishing
Content: A threat actor is selling a spamming course priced at $200 that includes phishing infrastructure components such as spampages, letter templates, SMTP senders, hosts, and leads. The package targets victim credentials including credit cards, billing info, bank account details, and account credentials for services such as Netflix and Spotify. The seller also offers AnyDesk and chat support for setup assistance.
Date: 2026-06-09T00:52:32Z
Network: openweb
Published URL: https://patched.to/Thread-royal-%E2%AD%90%EF%B8%8F-spamming-course-2026-learn-how-to-get-logs-and-ccs
Screenshots:
1 screenshot(s) available
Threat Actors: SYCOSUNNY
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of credential stuffing configs and captcha bypass tools by DataxLogs
Category: Malware
Content: Threat actor DataxLogs is advertising the sale of credential stuffing configurations including Silverbullet and Openbullet 2, along with APIs for Web, Android, iOS, and Windows platforms. The service includes captcha bypass capabilities for Hcaptcha, Cloudflare, Captcha V2/V3, and other protection mechanisms. This is a credential attack infrastructure service.
Date: 2026-06-09T00:46:43Z
Network: telegram
Published URL: https://t.me/c/2613583520/98279
Screenshots:
1 screenshot(s) available
Threat Actors: DataxLogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Vocus (vocus.cc)
Category: Data Breach
Content: A threat actor is allegedly selling a database belonging to Vocus (vocus.cc), a Taiwanese content creation and community monetization platform. The post claims the dataset contains over 200,000 records. No further details are available from the post content.
Date: 2026-06-09T00:29:05Z
Network: openweb
Published URL: https://breachforum.ws/Thread-DATABASE-vocus-cc-%E6%96%B9%E6%A0%BC%E5%AD%90-%E5%8F%B0%E7%81%A3%E9%AB%98%E5%93%81%E8%B3%AA%E5%85%A7%E5%AE%B9%E5%89%B5%E4%BD%9C%E8%88%87%E7%A4%BE%E7%BE%A4%E8%AE%8A%E7%8F%BE%E5%B9%B3%E5%8F%B0-database-200K
Screenshots:
1 screenshot(s) available
Threat Actors: sdjlkfjekje345345
Victim Country: Taiwan
Victim Industry: Media
Victim Organization: Vocus
Victim Site: vocus.cc - Mass Defacement of Indonesian School Website by XmrAnonye.id (Irene)
Category: Defacement
Content: A threat actor identified as Irene of the group XmrAnonye.id conducted a mass defacement targeting the laboratory subdomain of SMAN 2 Metro, an Indonesian secondary school. The incident is classified as both a mass defacement and a redefacement, indicating the attacker has previously compromised this or related targets. The attack was carried out on a Linux-based server on June 9, 2026, with a mirror archived at haxor.id.
Date: 2026-06-09T00:25:27Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249843
Screenshots:
1 screenshot(s) available
Threat Actors: Irene, XmrAnonye.id
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMAN 2 Metro
Victim Site: laboratorium.sman2metro.sch.id - Alleged data leak of unknown origin
Category: Data Leak
Content: A forum post titled 1.5gb private leak was shared on a cracking forum by user theboxjon, with no additional content available. The nature, origin, and contents of the alleged leak cannot be determined from the available information.
Date: 2026-06-09T00:11:50Z
Network: openweb
Published URL: https://cracked.st/Thread-1-5gb-private-leak
Screenshots:
1 screenshot(s) available
Threat Actors: theboxjon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free sharing of 30 credit cards on carding forum
Category: Carding
Content: A forum user is sharing 30 credit cards behind a reply-gate on a carding forum. The content is gated and full details are not visible. The post is categorized as a carding resource based on the forum section and thread title.
Date: 2026-06-09T00:10:16Z
Network: openweb
Published URL: https://darknetarmy.io/threads/initially-credit-cards-x30.136972/
Screenshots:
1 screenshot(s) available
Threat Actors: linuxDaddy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Chilean government municipal website exposing personal and medical records
Category: Data Breach
Content: A threat actor is selling two datasets allegedly sourced from a Chilean government municipal website. The first dataset contains 15,267 records with personal information including full names, RUT national ID numbers, emails, phone numbers, and personal messages submitted to municipal offices. The second dataset contains 1,925 records of residents who applied for subsidized medications, including home addresses, dates of birth, medical diagnoses, medications and dosages, and URLs to uploaded pres…
Date: 2026-06-09T00:09:56Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Personal-and-Medical-Data-of-Chileans-source-a-goverment-website
Screenshots:
1 screenshot(s) available
Threat Actors: Kurd
Victim Country: Chile
Victim Industry: Government
Victim Organization: Chilean Municipal Government
Victim Site: Unknown - Sale of 20 white credit cards
Category: Carding
Content: A forum user is offering 20 white credit cards, gated behind a reaction requirement. No further details on card origin, BINs, or geographic scope are provided in the visible post content.
Date: 2026-06-09T00:09:49Z
Network: openweb
Published URL: https://darknetarmy.io/threads/x20-white-credit-cards.136993/
Screenshots:
1 screenshot(s) available
Threat Actors: linuxDaddy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 20 credit cards on carding forum
Category: Carding
Content: A forum user shared 20 credit cards on a carding forum, gated behind a reply-and-react requirement. The post does not disclose the card origin, country, or associated financial institutions.
Date: 2026-06-09T00:09:25Z
Network: openweb
Published URL: https://darknetarmy.io/threads/x20-chuddy-credit-cards.136997/
Screenshots:
1 screenshot(s) available
Threat Actors: linuxDaddy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Detected Incidents Draft Data – 2026-06-08 (day before)
- AVD Crypto Stealer Malware Shared on Cracking Forum
Category: Malware
Content: A forum post on CX Forum shares a download link for AVD Crypto Stealer, an information-stealing malware targeting cryptocurrency users. The malware is described as capable of extracting wallet credentials, browser-stored data, and authentication tokens while operating stealthily on infected systems. The post includes a download link, indicating the malware is being freely distributed.
Date: 2026-06-08T23:33:19Z
Network: openweb
Published URL: https://crackingx.com/threads/78498/
Screenshots:
2 screenshot(s) available
Threat Actors: hosseingpg219
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of stolen credit cards for X30 Energy
Category: Carding
Content: A forum post on a carding-focused forum advertises stolen credit cards associated with X30 Energy, gated behind a reply-and-react requirement. No further details about the card count or origin are provided.
Date: 2026-06-08T23:08:41Z
Network: openweb
Published URL: https://darknetarmy.io/threads/x30-energy-cc.136926/
Screenshots:
1 screenshot(s) available
Threat Actors: linuxDaddy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: X30 Energy
Victim Site: Unknown - Sale or sharing of X22 BLE credit cards on carding forum
Category: Carding
Content: A forum member on a carding-focused forum posted content related to X22 BLE credit cards, gated behind a reaction requirement. The full content is not visible, but the post is categorized within a carding tutorials and tools forum. No specific victim organization or record count is disclosed.
Date: 2026-06-08T23:08:21Z
Network: openweb
Published URL: https://darknetarmy.io/threads/x22-ble-credit-cards.136937/
Screenshots:
1 screenshot(s) available
Threat Actors: linuxDaddy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 21 stolen credit cards (Ochi)
Category: Carding
Content: A forum member is sharing 21 credit cards, referenced as Ochi, behind a reaction gate on a carding forum. Full content is hidden and requires user interaction to access. No additional details about card origin, BINs, or geography are provided.
Date: 2026-06-08T23:08:00Z
Network: openweb
Published URL: https://darknetarmy.io/threads/x21-ochi-credit-cards.136945/
Screenshots:
1 screenshot(s) available
Threat Actors: linuxDaddy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 20 Poko credit cards
Category: Carding
Content: A forum user is offering 20 Poko credit cards on a carding forum. No additional details are available regarding card origin, validity, or associated data.
Date: 2026-06-08T23:07:40Z
Network: openweb
Published URL: https://darknetarmy.io/threads/x20-poko-credit-cards.136960/
Screenshots:
1 screenshot(s) available
Threat Actors: linuxDaddy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of forte.jor.br Brazilian website database
Category: Data Leak
Content: A threat actor is distributing an alleged SQL database dump from forte.jor.br, a Brazilian website, with a reported size of approximately 1GB. The content is gated behind a reply or account upgrade requirement on the forum. No further details about the data fields or record count were disclosed in the post.
Date: 2026-06-08T22:56:28Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79449
Screenshots:
1 screenshot(s) available
Threat Actors: Vandal
Victim Country: Brazil
Victim Industry: Media
Victim Organization: Forte Jornal
Victim Site: forte.jor.br - Alleged Credit Card Checking Service – Cococheck Platform
Category: Phishing
Content: Cococheck advertises a credit card verification service offering card validation checks starting at $0.01 per check. The service claims three years of stable operation and offers bulk checking capabilities, daily free keys, and large client discounts. Operates via website cococheck.co with Telegram channel and group for customer support.
Date: 2026-06-08T22:41:43Z
Network: telegram
Published URL: https://t.me/COCOchanelb/3
Screenshots:
1 screenshot(s) available
Threat Actors: Cococheck
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Buyer seeking U-Admin phishing panel source with NL phishlits
Category: Phishing
Content: A forum user is seeking to purchase the U-Admin phishing panel source code along with Netherlands-targeted phishlits, offering to pay in cryptocurrency. U-Admin is a known phishing panel used for credential harvesting. The buyer requests proof before any contact.
Date: 2026-06-08T22:28:29Z
Network: openweb
Published URL: https://spear.cx/Thread-Buying-U-Admin-Panel
Screenshots:
1 screenshot(s) available
Threat Actors: 3cxkingboy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of Ethereum smart contract exploit
Category: Vulnerability
Content: A threat actor is selling an exploit targeting an Ethereum smart contract allegedly containing approximately $8,000 (5 ETH). The exploit is offered for $200 with escrow/middleman support.
Date: 2026-06-08T22:26:22Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Ethereum-Contract-Exploit-2
Screenshots:
1 screenshot(s) available
Threat Actors: SillyContract
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of CIC Vietnam (National Credit Registry)
Category: Data Breach
Content: A threat actor is selling an alleged database dump attributed to CIC Vietnam, the national credit registry, containing over 160 million records. The dataset purportedly includes full names, dates of birth, national ID numbers, passport data, loan details, balances, debt information, tax IDs, company information, audit logs, and addresses in SQL/CSV format. The seller provides sample data and external breach-alert coverage as supporting evidence.
Date: 2026-06-08T22:25:18Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-VN-CIC-VIETNAM-160M-2025
Screenshots:
1 screenshot(s) available
Threat Actors: max
Victim Country: Vietnam
Victim Industry: Finance
Victim Organization: CIC Vietnam
Victim Site: cic.gov.vn - Sale of carding tools or resources on darknet forum
Category: Carding
Content: A forum post on a carding-focused darknet forum is gating content behind a reaction requirement. The post references carding-related tools or resources, but no specific details are visible due to the hidden content paywall.
Date: 2026-06-08T22:08:08Z
Network: openweb
Published URL: https://darknetarmy.io/threads/x30-maco-search-c.136898/
Screenshots:
1 screenshot(s) available
Threat Actors: linuxDaddy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Saudi Arabia Ministry of Defense secret documents
Category: Data Leak
Content: A threat actor has freely distributed a 3.6GB archive allegedly containing secret documents from the Saudi Arabia Ministry of Interior and Defence, including records of private meetings, official notices, document photographs, and WhatsApp chat logs. The content is being made available via Telegram and a forum hidden-content link. The post does not specify how the documents were obtained.
Date: 2026-06-08T21:54:34Z
Network: openweb
Published URL: https://spear.cx/Thread-Free-Saudi-Arabia-Ministry-of-Defense-Secret-Documents-DUMPED
Screenshots:
1 screenshot(s) available
Threat Actors: mosad
Victim Country: Saudi Arabia
Victim Industry: Government
Victim Organization: Saudi Arabia Ministry of Defense
Victim Site: mod.gov.sa - Alleged data breach of SIPD Palembang Government Portal
Category: Data Breach
Content: A threat actor posted a thread on a cybercrime forum claiming to possess a database dump from sipd.palembang.go.id, a government portal for Palembang, Indonesia. The post includes a code block that appears to contain a sample of the alleged data. No record count or price was specified in the available post content.
Date: 2026-06-08T21:54:02Z
Network: openweb
Published URL: https://breached.su/threads/data-base-sipd-palembang-go-id.88105/unread
Screenshots:
4 screenshot(s) available
Threat Actors: MatxCysec
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: SIPD Palembang
Victim Site: sipd.palembang.go.id - Alleged data breach of SIPD Palembang government database
Category: Data Breach
Content: A thread on Breachforums claims a database breach of SIPD.PALEMBANG.GO.ID (Palembang city government system). Sample data shows personal information including names, NIK (Indonesian national ID numbers), place of birth, and dates of birth. Posted by Rakyat Digital Crew threat actor group.
Date: 2026-06-08T21:52:54Z
Network: telegram
Published URL: https://t.me/c/3755871403/743
Screenshots:
2 screenshot(s) available
Threat Actors: Rakyat_Digital_Crew
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: SIPD Palembang
Victim Site: sipd.palembang.go.id - Sale of Credit Union Payment Card Data
Category: Carding
Content: A forum user is sharing 30 credit union payment cards (CCs) behind a reply-gate on a carding forum. The post requires a reaction to unlock the hidden content. No specific issuing institution or country is identified.
Date: 2026-06-08T21:36:37Z
Network: openweb
Published URL: https://darknetarmy.io/threads/x30-credit-union-cc.136861/
Screenshots:
1 screenshot(s) available
Threat Actors: linuxDaddy
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of BisectHosting with threatened publication
Category: Data Breach
Content: Threat actor claims to have hacked BisectHosting website databases and threatens to publish them soon. Post includes inflammatory language and fire/skull emojis suggesting imminent data release.
Date: 2026-06-08T21:35:30Z
Network: telegram
Published URL: https://t.me/c/2918762327/116
Screenshots:
4 screenshot(s) available
Threat Actors: MR-X10-SY
Victim Country: Netherlands
Victim Industry: Web Hosting
Victim Organization: BisectHosting
Victim Site: bisecthosting.com - Alleged data leak related to the President of the Republic of Indonesia
Category: Data Leak
Content: A threat actor posted content on a dark web forum claiming to leak documents or data related to the President of the Republic of Indonesia. The post is labeled FRESH suggesting recently obtained material. Minimal details are provided regarding the nature or scope of the leaked content.
Date: 2026-06-08T21:24:47Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79420
Screenshots:
1 screenshot(s) available
Threat Actors: Anonpis
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Office of the President of the Republic of Indonesia
Victim Site: Unknown - Alleged data breach of OkCupid with 20 million user records
Category: Data Breach
Content: A threat actor claims to have obtained privileged access to the OkCupid API, enabling them to scrape registration information from approximately 20 million users. The dataset is being offered for sale, with a sample provided via an external paste link. The post includes a session token and references an escrow service for transaction facilitation.
Date: 2026-06-08T20:57:57Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-okcupid-com-20m
Screenshots:
1 screenshot(s) available
Threat Actors: nolan
Victim Country: United States
Victim Industry: Technology
Victim Organization: OkCupid
Victim Site: okcupid.com - Alleged data breach of Farmanorte Online (Colombia pharmacy CRM records)
Category: Data Breach
Content: A threat actor is selling an alleged CRM database from Colombian pharmacy chain Farmanorte, containing approximately 32.5 million transaction records totalling 23 GB in CSV format. The dataset reportedly includes customer DNI numbers, full names, phone numbers, purchase history, product names, pharmacy branch details, and partial addresses. The actor is asking $1,500 and has provided sample records as proof.
Date: 2026-06-08T20:56:30Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Colombia-32-000-000-principal-farmanorteonline-com
Screenshots:
2 screenshot(s) available
Threat Actors: Sorb
Victim Country: Colombia
Victim Industry: Healthcare
Victim Organization: Farmanorte
Victim Site: farmanorteonline.com - Alleged data leak of SFR customer database
Category: Data Leak
Content: A threat actor is freely sharing an alleged database attributed to French telecommunications provider SFR, containing approximately 7.95 million records. The original source of the data is unknown according to the poster. The dataset is gated behind a reply requirement on the forum.
Date: 2026-06-08T20:54:42Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-FR-REPOST-SFR-7M
Screenshots:
1 screenshot(s) available
Threat Actors: Niwa62
Victim Country: France
Victim Industry: Telecommunications
Victim Organization: SFR
Victim Site: sfr.fr - Alleged leak of restricted South Africa Army document related to combatting protests
Category: Data Leak
Content: A threat actor has freely distributed a document reportedly marked as restricted, attributed to the South African Army and related to combatting protests. The document is being shared via a Telegram channel and a hidden download link on the forum.
Date: 2026-06-08T20:54:35Z
Network: openweb
Published URL: https://spear.cx/Thread-Free-SA-Restricted-South-Africa-Army-Document-Related-to-Combatting-Protest
Screenshots:
1 screenshot(s) available
Threat Actors: mosad
Victim Country: South Africa
Victim Industry: Government
Victim Organization: South Africa Army
Victim Site: Unknown - Alleged data breach of Telegram
Category: Data Breach
Content: A forum post on a database-focused forum references Telegram with no additional context or supporting evidence. No data, record count, or breach details are provided.
Date: 2026-06-08T20:22:47Z
Network: openweb
Published URL: https://breached.su/threads/telegram.88103/unread
Screenshots:
1 screenshot(s) available
Threat Actors: nikoandstar
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Telegram
Victim Site: telegram.org - Alleged data leak of Iranian government database containing US law enforcement consultant records
Category: Data Leak
Content: A threat actor shared what they claim is a government database obtained via Iranian Telegram sources, containing personal and professional records of US-based law enforcement psychologists and consultants, including names, addresses, phone numbers, and email addresses. The data appears to include individuals associated with law enforcement psychological services across multiple US states. The post titles the dataset as GOVERNMENT DATABASES but does not specify the breached organization.
Date: 2026-06-08T20:21:56Z
Network: openweb
Published URL: https://breached.su/threads/shitty-iranian-telegram-data.88104/unread
Screenshots:
25 screenshot(s) available
Threat Actors: nikoandstar
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Nantes Metropole municipal agent directory
Category: Data Leak
Content: A threat actor has shared what is claimed to be a directory of 5,274 municipal agents of the city of Nantes, France. The dataset includes fields such as name, job title, organization, department, email, phone numbers, manager, and address. The data is available for download behind a point-gate on a darknet forum.
Date: 2026-06-08T19:55:33Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-FR-Agents-of-Nantes-5-274
Screenshots:
1 screenshot(s) available
Threat Actors: misere
Victim Country: France
Victim Industry: Government
Victim Organization: Nantes Metropole
Victim Site: metropole.nantes.fr - Alleged data breach of Kaidongyuan Logistics (kaidongyuan.com) with 3M+ records for sale
Category: Data Breach
Content: A threat actor is selling an alleged full database dump from Kaidongyuan Logistics, a Chinese third-party logistics provider, claiming over 3 million records. The seller is also offering a webshell for the target environment at an additional cost. The database reportedly originates from the companys integrated WMS/TMS/OMS/BMS platform serving major Chinese e-commerce clients.
Date: 2026-06-08T19:39:25Z
Network: openweb
Published URL: https://breachforum.ws/Thread-DATABASE-kaidongyuan-com-%E5%87%AF%E4%B8%9C%E6%BA%90%E7%AC%AC%E4%B8%89%E6%96%B9%E7%89%A9%E6%B5%81-third-party-logistics-provider-database-3M
Screenshots:
1 screenshot(s) available
Threat Actors: sdjlkfjekje345345
Victim Country: China
Victim Industry: Logistics
Victim Organization: Kaidongyuan Logistics
Victim Site: kaidongyuan.com - Alleged data breach exposing 40 million Indian female records
Category: Data Breach
Content: A threat actor is offering for sale a database purportedly containing 40 million records of Indian female individuals. The dataset allegedly includes name, mobile number, email, address, city, state, category, and gender fields. The seller is asking $200 for the full dataset.
Date: 2026-06-08T19:34:52Z
Network: openweb
Published URL: https://darkpro.net/threads/40-million-indian-female-database.23403/
Screenshots:
1 screenshot(s) available
Threat Actors: CC-GuRu
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged RDP Access Rental Service Offering Azure, AWS, and DigitalOcean Infrastructure
Category: Initial Access
Content: Threat actor PORTAL is advertising rental of Remote Desktop Protocol (RDP) access on a daily/monthly basis for $200. The service includes fresh RDP with good IP reputation, domain email accounts (Gmail, Yahoo), domain access, and GitHub Student accounts. Escrow payment method offered. Multiple repostings indicate active marketing campaign.
Date: 2026-06-08T18:53:33Z
Network: telegram
Published URL: https://t.me/c/2613583520/98238
Screenshots:
1 screenshot(s) available
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged critical vulnerability in Gogs allowing unauthorized server access and code manipulation
Category: Vulnerability
Content: Gogs developers disclosed a critical security vulnerability that could allow attackers to gain server access and view or modify stored code. The vulnerability could be exploited by users with normal account access, and in some cases allowed access to private repositories. System administrators using Gogs are advised to update immediately to prevent intrusion and data theft.
Date: 2026-06-08T18:47:08Z
Network: telegram
Published URL: https://t.me/c/1283513914/22142
Screenshots:
2 screenshot(s) available
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Unknown
Victim Industry: Software Development
Victim Organization: Gogs
Victim Site: Unknown - Alleged data leak of Syrian and foreign refugee records registered in Turkey
Category: Data Leak
Content: A threat actor shared an alleged database of approximately 6 million foreign nationals and refugees registered in Turkey, dated September 2022. The dataset includes national ID numbers, full names, dates of birth, nationality, and residential addresses. The data appears to originate from a Turkish government immigration or civil registration system.
Date: 2026-06-08T18:35:35Z
Network: openweb
Published URL: https://breachforum.ws/Thread-COLLECTION-Syrian-immigrants-living-in-Turkey
Screenshots:
1 screenshot(s) available
Threat Actors: shinyflakes
Victim Country: Turkey
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown - Sale of fresh stolen payment card data
Category: Carding
Content: A forum user is offering fresh stolen credit card data gated behind a reply-and-react engagement requirement. No details about card count, origin, or BIN range are visible without interaction. The post is hosted on a carding-focused forum.
Date: 2026-06-08T18:32:07Z
Network: openweb
Published URL: https://darknetarmy.io/threads/cc-fresh.136780/
Screenshots:
1 screenshot(s) available
Threat Actors: CarderX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Plan.com by DragonForce
Category: Data Breach
Content: A forum user is requesting data allegedly stolen from Plan.com in a breach attributed to the DragonForce ransomware/threat group. No dataset has been shared in the post; the user is seeking to obtain the data from other members.
Date: 2026-06-08T18:26:24Z
Network: openweb
Published URL: https://breached.su/threads/plan-com.88101/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Kez6539
Victim Country: Unknown
Victim Industry: Telecommunications
Victim Organization: Plan.com
Victim Site: plan.com - Alleged data leak of PT BPR Bahtera Masyarakat (Bank Bahtera)
Category: Data Leak
Content: A threat actor has freely distributed files described as fresh database dumps from PT BPR Bahtera Masyarakat (Bank Bahtera), a licensed rural bank in Indonesia. The data was made available via multiple Mega.nz links. No record count was specified in the post.
Date: 2026-06-08T17:50:42Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79415
Screenshots:
1 screenshot(s) available
Threat Actors: Moneyistime
Victim Country: Indonesia
Victim Industry: Finance
Victim Organization: PT BPR Bahtera Masyarakat
Victim Site: Unknown - Website Defacement of Botswana Laws by Sudo-7 (Team Athena)
Category: Defacement
Content: On June 9, 2026, the website botswanalaws.com was defaced by threat actor Sudo-7, operating under Team Athena. The attacker uploaded a defacement file (amoy.txt) to the target domain. The incident was a single targeted defacement, not part of a mass defacement campaign.
Date: 2026-06-08T17:37:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931915
Screenshots:
1 screenshot(s) available
Threat Actors: Sudo-7, Athena
Victim Country: Botswana
Victim Industry: Legal / Government Information
Victim Organization: Botswana Laws
Victim Site: botswanalaws.com - HyperVenom: Ring -1 Hypervisor Injection Framework Leveraging Microsoft Hyper-V and VBS
Category: Malware
Content: A threat actor published a detailed technical article describing HyperVenom, a framework that injects into and attaches to the Microsoft Hyper-V hypervisor to achieve Ring -1 code execution via a UEFI bootkit and EPT-hooking engine. The framework targets Windows 11 systems with Virtualization-Based Security (VBS) enabled, intercepting VM-exits within the hypervisor to perform memory introspection while evading Ring 0 visibility and hardware telemetry. The post includes full architectural and imp…
Date: 2026-06-08T17:05:24Z
Network: openweb
Published URL: https://tier1.life/thread/289
Screenshots:
6 screenshot(s) available
Threat Actors: RedQueen
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free sharing of 34 possible credit cards on carding forum
Category: Carding
Content: A forum member on a carding community is sharing 34 possible credit cards behind a reply-gate requiring engagement reactions to unlock. The content appears to be payment card data distributed at no monetary cost.
Date: 2026-06-08T16:57:58Z
Network: openweb
Published URL: https://darknetarmy.io/threads/possible-credit-cards-x34.136675/
Screenshots:
1 screenshot(s) available
Threat Actors: CarderX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Nandos UK and Ireland employee database
Category: Data Leak
Content: A threat actor claims to have leaked an 87,000-record employee database belonging to Nandos UK and Ireland after ransom negotiations failed. The data has been made available via an external file-sharing link. This appears to be a ransomware-adjacent extortion case where the victim declined to pay.
Date: 2026-06-08T16:49:55Z
Network: openweb
Published URL: https://breached.su/threads/87k-nandos-uk-and-ie-employee-database.88099/unread
Screenshots:
1 screenshot(s) available
Threat Actors: failing2
Victim Country: United Kingdom
Victim Industry: Retail
Victim Organization: Nandos
Victim Site: nandos.co.uk - Free US BIN sharing post on carding forum
Category: Carding
Content: A forum user on a carding forum is sharing free US BINs (Bank Identification Numbers) gated behind a reply-and-react requirement. No specific card details or victim organization are visible in the post.
Date: 2026-06-08T16:06:32Z
Network: openweb
Published URL: https://darknetarmy.io/threads/usa-free-bin.136617/
Screenshots:
1 screenshot(s) available
Threat Actors: CarderX
Victim Country: United States
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Anthropic Claude API key with 465K tokens
Category: Data Leak
Content: A threat actor claims to have leaked an API key for Anthropics Claude models (referenced as Opus 4.8 with UltraCode capability) with 465K tokens of usage available. The key is being freely distributed on a cracking forum. Additional offers are linked to an external site.
Date: 2026-06-08T15:43:10Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1%EF%B8%8FOPUS-4-8-%E2%9A%A1%EF%B8%8F-API-KEY-%E2%9A%A1%EF%B8%8F-CLAUDE-MODELS-%E2%9A%A1%EF%B8%8F-ULTRACODE-%E2%9A%A1%EF%B8%8F-465K-TOKENS-%E2%9A%A1%EF%B8%8F-LEAK-%E2%9A%A1%EF%B8%8F
Screenshots:
1 screenshot(s) available
Threat Actors: JVZU
Victim Country: United States
Victim Industry: Technology
Victim Organization: Anthropic
Victim Site: anthropic.com - Sale of manager account access to aviation authority airport survey system
Category: Initial Access
Content: A threat actor is selling a manager-level account to an unnamed small countrys aviation authority airport survey system. The account reportedly allows adding, viewing, and deleting users, viewing survey statistics, and uploading files. The seller is asking 0.7 XMR and prefers escrow, withholding screenshots to avoid exposing the targeted government agency.
Date: 2026-06-08T15:43:04Z
Network: openweb
Published URL: https://breachforum.ws/Thread-SELLING-Manager-Account-for-small-countires-aviation-authority-survey-system
Screenshots:
1 screenshot(s) available
Threat Actors: Luhn
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Agoda.com with 82 million customer records
Category: Data Breach
Content: A threat actor is offering for sale an alleged database dump of Agoda.com containing 82 million customer records. The dataset purportedly includes full names, email addresses, phone numbers, national ID numbers, and physical addresses in JSON format. The seller accepts middleman/escrow arrangements and directs interested parties to contact via Telegram for pricing and samples.
Date: 2026-06-08T15:42:10Z
Network: openweb
Published URL: https://breachforum.ws/Thread-SELLING-Malaysia-agoda-com-82-million-records
Screenshots:
1 screenshot(s) available
Threat Actors: giorggios
Victim Country: Malaysia
Victim Industry: Travel
Victim Organization: Agoda
Victim Site: agoda.com - Alleged data breach of Kbank Vietnam exposing 10 million credit records
Category: Data Breach
Content: A threat actor is selling a dataset allegedly sourced from Kbank Vietnam containing over 10 million credit customer records. Exposed fields include full name, national ID, date of birth, phone number, home address, employer details, salary, CIC credit score, and risk classification. The data purportedly covers accepted and pending loan customers with an extraction date of February 2026.
Date: 2026-06-08T15:41:36Z
Network: openweb
Published URL: https://breachforum.ws/Thread-SELLING-VIETNAM-Kbank-credit-info-10-MM-registrations
Screenshots:
1 screenshot(s) available
Threat Actors: giorggios
Victim Country: Vietnam
Victim Industry: Finance
Victim Organization: Kbank Vietnam
Victim Site: Unknown - Alleged data breach of Synergy electricity corporation, Australia
Category: Data Breach
Content: A threat actor is offering for sale an alleged database from Synergy, an Australian electricity company, containing approximately 900,002 customer records. The dataset reportedly includes personally identifiable information such as name, date of birth, phone, email, address, account balance, payment references, and energy meter identifiers (NMI). The seller is accepting escrow and can be contacted via Telegram for pricing and samples.
Date: 2026-06-08T15:41:01Z
Network: openweb
Published URL: https://breachforum.ws/Thread-SELLING-AUSTRALIA-Synergy-electricity-corporation-900-K-registrations
Screenshots:
1 screenshot(s) available
Threat Actors: giorggios
Victim Country: Australia
Victim Industry: Energy
Victim Organization: Synergy
Victim Site: synergy.net.au - Alleged data breach of Deutsche Bahn (int.bahn.de) — 27 million ticket reservation records
Category: Data Breach
Content: A threat actor is offering for sale an alleged database of 27,439,111 ticket reservation records sourced from Deutsche Bahns international booking platform (int.bahn.de). The dataset purportedly contains full names, dates of birth, email addresses, phone numbers, physical addresses, ticket types, travel class, and booking status. The seller accepts middleman/escrow arrangements and directs interested parties to contact via Telegram.
Date: 2026-06-08T15:40:14Z
Network: openweb
Published URL: https://breachforum.ws/Thread-SELLING-Germany-tickets-reservations-18-millions-int-bahn-de
Screenshots:
1 screenshot(s) available
Threat Actors: giorggios
Victim Country: Germany
Victim Industry: Transportation
Victim Organization: Deutsche Bahn
Victim Site: int.bahn.de - Alleged data breach of Evolve Your English
Category: Data Breach
Content: A threat actor is selling an alleged database dump from evolveyourenglish.com, claimed to contain approximately 700,000 records. Sample data includes full names, phone numbers, email addresses, cities, and CRM-related fields. The records appear to primarily relate to Spanish-speaking customers, including individuals from Colombia.
Date: 2026-06-08T15:39:41Z
Network: openweb
Published URL: https://breachforum.ws/Thread-SELLING-evolveyourenglish-com-Database-Spain-700K
Screenshots:
1 screenshot(s) available
Threat Actors: Sensitive2025
Victim Country: Spain
Victim Industry: Education
Victim Organization: Evolve Your English
Victim Site: evolveyourenglish.com - Alleged data breach of tlntrip.com travel agency with 690,000 records
Category: Data Breach
Content: A threat actor is selling an alleged database dump from tlntrip.com, a travel agency website, containing approximately 690,000 records in CSV/SQL format. The exposed data includes full names, email addresses, dates of birth, phone numbers, physical addresses, passport numbers, passport expiry dates, issuing countries, and gender. The actor claims the database was last updated less than three weeks prior to the post.
Date: 2026-06-08T15:38:55Z
Network: openweb
Published URL: https://breachforum.ws/Thread-SELLING-Travel-agency-website-database-tlntrip-com-690K
Screenshots:
1 screenshot(s) available
Threat Actors: Sensitive2025
Victim Country: Unknown
Victim Industry: Travel
Victim Organization: TLN Trip
Victim Site: tlntrip.com - Alleged data leak of PVC FC customer data
Category: Data Leak
Content: A threat actor leaked what appears to be customer data from pvcfc.com.vn, a Vietnamese company. The dataset includes personally identifiable information such as customer names, ID card numbers, dates of birth, phone numbers, email addresses, tax codes, bank account numbers, and business details. The data was made available via a hidden download link on a breach forum.
Date: 2026-06-08T15:36:52Z
Network: openweb
Published URL: https://breachforum.ws/Thread-LEAK-pvcfc-com-vn-CUSTOMER-DATA
Screenshots:
1 screenshot(s) available
Threat Actors: xneonn8386
Victim Country: Vietnam
Victim Industry: Retail
Victim Organization: PVC FC
Victim Site: pvcfc.com.vn - Alleged data breach of chassezdiscount.com
Category: Data Breach
Content: A threat actor is offering for sale a SQL+CSV database dump (6GB) allegedly sourced from the French shopping website chassezdiscount.com. The dataset contains approximately 2 million records including customer names, email addresses, birthdates, hashed passwords, and IP addresses. Sample data provided appears to be structured customer account records from a PrestaShop-based platform dated early 2026.
Date: 2026-06-08T15:25:09Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-Shopping-website-%E2%AD%90-chassezdiscount-com-%E2%AD%90-2M-lines-France
Screenshots:
2 screenshot(s) available
Threat Actors: Sensitive2025
Victim Country: France
Victim Industry: Retail
Victim Organization: Chassez Discount
Victim Site: chassezdiscount.com - Alleged data breach of HungryPanda Australia
Category: Data Breach
Content: A threat actor is selling an alleged database of 441,000 HungryPanda Australia customers. The dataset reportedly includes full names, email addresses, phone numbers, dates of birth, delivery addresses, device IDs, payment preferences, order history, and loyalty status. A sample has been posted to a paste site for verification.
Date: 2026-06-08T15:20:40Z
Network: openweb
Published URL: https://breached.su/threads/441k-australian-https-www-hungrypanda-co-personal-data.88098/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Jack Hudson
Victim Country: Australia
Victim Industry: Food Delivery
Victim Organization: HungryPanda
Victim Site: hungrypanda.co - Sale of Bitcoin Fake Transaction Tool
Category: Malware
Content: A forum user is distributing a tool advertised as capable of generating fake Bitcoin transactions. The tool is made available via Mediafire and Mega file-sharing links. No further technical details or target information are provided.
Date: 2026-06-08T14:08:52Z
Network: openweb
Published URL: https://crackingx.com/threads/78455/
Screenshots:
1 screenshot(s) available
Threat Actors: Zxhuwu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of 30 smart credit cards on carding forum
Category: Carding
Content: A forum user on a carding-focused forum is offering 30 smart credit cards, gated behind a reply-and-react engagement requirement. No additional details about card origin, BINs, or geographic region are provided in the visible post content.
Date: 2026-06-08T14:00:40Z
Network: openweb
Published URL: https://darknetarmy.io/threads/smart-credit-cards-x30.136597/
Screenshots:
1 screenshot(s) available
Threat Actors: CarderX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of 12.7 million email addresses from undisclosed breach
Category: Data Leak
Content: A threat actor on Cracked.st has freely shared a dataset of approximately 12.8 million email addresses, claimed to originate from a single breach conducted the previous day. No victim organization or sector is identified in the post.
Date: 2026-06-08T13:57:19Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%AD%9012-796-786%E2%AD%90-EMAIL-ONLY-%E2%AD%90-ALL-SAME-BREACH-DONE-YESTERDAY-%E2%AD%90
Screenshots:
1 screenshot(s) available
Threat Actors: calkins559
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of spmb-batam.id exposing personal records of over 100,000 individuals
Category: Data Leak
Content: A threat actor posted an alleged data leak affecting spmb-batam.id, claiming exposure of more than 100,000 Indonesian Family Cards (Kartu Keluarga) along with NIK numbers, birth certificates, addresses, and WhatsApp numbers. The post is framed as a responsible disclosure notification to the sites administrators rather than a distribution attempt. Proof of the leak was linked via an external file-sharing service.
Date: 2026-06-08T13:51:48Z
Network: openweb
Published URL: https://breached.su/threads/information-only-data-leak-at-spmb-batam-id.88097/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Poloss
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: SPMB Batam
Victim Site: spmb-batam.id - Alleged Intrusion into Italian Gaming Hall CCTV Systems by NoName057(16)
Category: Initial Access
Content: Threat actor NoName057(16) claims to have gained full access to CCTV systems at an Italian gaming facility with hundreds of slot machines. The actor claims real-time control of multiple cameras (2, 3, 4, 7, 8, 9, 12, 18 and others) and states they can monitor visitors, staff, movements, and transactions. The post attributes the compromise to vulnerable IP cameras (Hikvision/Dahua), weak network segmentation, and default credentials. The actor claims this is part of systematic operations targetin…
Date: 2026-06-08T13:29:08Z
Network: telegram
Published URL: https://t.me/c/3087552512/2162
Screenshots:
1 screenshot(s) available
Threat Actors: NoName057(16)
Victim Country: Italy
Victim Industry: Gaming/Entertainment
Victim Organization: Italian gaming hall (unnamed)
Victim Site: Unknown - Alleged sale of Instagram user data extraction tool and source code
Category: Initial Access
Content: Threat monitoring sources identified a tool being offered as a Telegram bot that claims to extract contact information associated with Instagram accounts through username search. The threat actor is advertising both the service and the sale of the related database and source code. If verified, this could enable targeted phishing attacks, cyber fraud, and privacy violations against Instagram users.
Date: 2026-06-08T13:16:49Z
Network: telegram
Published URL: https://t.me/c/1283513914/22137
Screenshots:
2 screenshot(s) available
Threat Actors: Unknown
Victim Country: Global
Victim Industry: Social Media
Victim Organization: Instagram
Victim Site: instagram.com - Alleged data leak of Direction Générale des Petites et Moyennes Entreprises (Congo)
Category: Data Leak
Content: A threat actor leaked a database attributed to the Direction Générale des Petites et Moyennes Entreprises (DGPME) of the Republic of the Congo, totaling approximately 47.3 MB. The dataset includes fields such as full name, email, phone numbers, nationality, business sector, legal form, and address, suggesting it contains records of registered small and medium enterprises. The data was made available via two external file-sharing links.
Date: 2026-06-08T12:49:49Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-CG-dgpme-cg
Screenshots:
1 screenshot(s) available
Threat Actors: NightLeVrai
Victim Country: Republic of the Congo
Victim Industry: Government
Victim Organization: Direction Générale des Petites et Moyennes Entreprises
Victim Site: dgpme.cg - Mass Defacement of Indonesian Educational Institution by W.P.E.F (Poloss)
Category: Defacement
Content: On June 8, 2026, a threat actor known as Poloss, operating under the team W.P.E.F, conducted a mass defacement attack targeting the computer-based testing (CBT) subdomain of MTS Bungbulang, an Indonesian Islamic junior high school. The attack was carried out on a Linux-based server and is categorized as part of a mass defacement campaign. A mirror of the defacement was archived at haxor.id.
Date: 2026-06-08T12:48:32Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249830
Screenshots:
1 screenshot(s) available
Threat Actors: Poloss, W.P.E.F
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTS Bungbulang
Victim Site: cbt.mtsbungbulang.sch.id - Website Defacement of Masalihsan School by Poloss (W.P.E.F)
Category: Defacement
Content: On June 8, 2026, a threat actor known as Poloss, affiliated with the group W.P.E.F, defaced the computer-based testing (CBT) subdomain of Masalihsan School, an Indonesian educational institution. The targeted server was running on a Linux operating system. The incident was a single-target defacement and does not appear to be part of a mass or repeated defacement campaign.
Date: 2026-06-08T12:47:16Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249829
Screenshots:
1 screenshot(s) available
Threat Actors: Poloss, W.P.E.F
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Masalihsan School
Victim Site: cbt.masalihsan.sch.id - Mass Defacement of Indonesian Educational Site by Poloss (W.P.E.F)
Category: Defacement
Content: On June 8, 2026, a threat actor identified as Poloss, affiliated with the group W.P.E.F, conducted a mass defacement attack targeting the Indonesian educational website maalazhar.cbtkm.my.id. The attack was carried out on a Linux-based server and is classified as a mass defacement campaign, suggesting multiple sites were targeted simultaneously. A mirror of the defacement was archived at haxor.id.
Date: 2026-06-08T12:46:09Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249832
Screenshots:
1 screenshot(s) available
Threat Actors: Poloss, W.P.E.F
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Maal Azhar CBTKM
Victim Site: maalazhar.cbtkm.my.id - Mass Website Defacement of MTSSA CBT Platform by Poloss (W.P.E.F)
Category: Defacement
Content: On June 8, 2026, a threat actor identified as Poloss, affiliated with the group W.P.E.F, conducted a mass defacement attack targeting the computer-based testing (CBT) platform associated with MTSSA, hosted on an Indonesian domain. The attack targeted a Linux-based server and was classified as a mass defacement, indicating multiple sites may have been compromised as part of the same campaign. The defacement was archived and mirrored via haxor.id.
Date: 2026-06-08T12:45:01Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249831
Screenshots:
1 screenshot(s) available
Threat Actors: Poloss, W.P.E.F
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTSSA (Computer-Based Testing Platform)
Victim Site: cbt.mtssa.my.id - Mass Website Defacement by Poloss (W.P.E.F) Targeting Islamic Education Site in Indonesia
Category: Defacement
Content: On June 8, 2026, a threat actor identified as Poloss, operating under the group W.P.E.F, conducted a mass defacement campaign targeting the website malughotulislamiyah.cbtkm.my.id, an Islamic educational institution hosted on an Indonesian domain. The attack was carried out on a Linux-based server and was part of a broader mass defacement operation. A mirror of the defacement was archived on haxor.id.
Date: 2026-06-08T12:44:24Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249834
Screenshots:
1 screenshot(s) available
Threat Actors: Poloss, W.P.E.F
Victim Country: Indonesia
Victim Industry: Education / Religious
Victim Organization: Malughotu Lislamiyah
Victim Site: malughotulislamiyah.cbtkm.my.id - Mass Defacement of Indonesian Madrasah Educational Site by W.P.E.F (Poloss)
Category: Defacement
Content: On June 8, 2026, a threat actor known as Poloss, affiliated with the group W.P.E.F, conducted a mass defacement campaign targeting the website of Madrasah Assanadiyah, an Indonesian Islamic educational institution. The attack targeted a Linux-based server and was confirmed as part of a broader mass defacement operation. A mirror of the defacement was archived on haxor.id.
Date: 2026-06-08T12:43:09Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249833
Screenshots:
1 screenshot(s) available
Threat Actors: Poloss, W.P.E.F
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Madrasah Assanadiyah
Victim Site: madrasahassanadiyah.cbtkm.my.id - Alleged data breach of Oxford University recruitment system with user credentials exposed
Category: Data Breach
Content: Oxford University disclosed a security breach of its recruitment platform (job portal system) resulting in unauthorized access to user information. Compromised data includes names, surnames, email addresses, and encrypted passwords of platform users. The university confirmed no evidence of access to financial information or academic records. University officials warned users of potential phishing and fraud attempts in coming days.
Date: 2026-06-08T12:37:20Z
Network: telegram
Published URL: https://t.me/c/1283513914/22136
Screenshots:
2 screenshot(s) available
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: United Kingdom
Victim Industry: Education
Victim Organization: Oxford University
Victim Site: ox.ac.uk - Alleged Advanced Persistent Threat by Chinese-Attributed Hackers Against Unnamed Company
Category: Cyber Attack
Content: Security researchers report that a hacking group attributed to China successfully infiltrated and remained undetected in a companys systems for over 18 months. The attackers compromised equipment and servers to gain access to internal data and services, and expanded their reach through IT contractor companies. Experts classify this as advanced cyber espionage involving prolonged concealment and custom malware deployment.
Date: 2026-06-08T11:55:57Z
Network: telegram
Published URL: https://t.me/c/1283513914/22135
Screenshots:
2 screenshot(s) available
Threat Actors: Chinese-attributed threat group
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Leboncoin Immobilier and associated French real estate platforms
Category: Data Leak
Content: A threat actor is freely distributing an alleged database dump containing approximately 4 million records from Leboncoin Immobilier and several other French real estate platforms including pap.fr, paruvendu.fr, and seloger.com. The leaked data, totaling 4.38 GB in JSON format, includes property listing details, postal codes, mobile phone numbers (over 1.1 million), and user-generated content. The actor states the source of the compromise will be disclosed at a later date.
Date: 2026-06-08T11:51:01Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-FR-4M-Leboncoin-Immobilier
Screenshots:
1 screenshot(s) available
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Real Estate
Victim Organization: Leboncoin Immobilier
Victim Site: leboncoin.fr - Alleged leak of Indian university student enrollment and academic registry data by NeuraSec Team
Category: Data Leak
Content: NeuraSec Team claimed responsibility for leaking sensitive data belonging to multiple Indian students and university candidates. The leaked data includes university student enrollment records and academic registry information in .xlsx format, made available for download via anonfilesnew.com. The leak was announced in the Dewata Blackhat channel with attribution to NeuraSec Team and acknowledgment of related groups.
Date: 2026-06-08T11:40:06Z
Network: telegram
Published URL: https://t.me/NeuraSCTA/85
Screenshots:
1 screenshot(s) available
Threat Actors: NeuraSec Team
Victim Country: India
Victim Industry: Education
Victim Organization: Indian Universities/Educational Institutions
Victim Site: Unknown - Alleged leak of 9080+ Indian Financial Corporations and RBI Compliance Officers data by NeuraSec Team
Category: Data Leak
Content: NeuraSec Team claims to have leaked sensitive data from 9080+ Reserve Bank of India (RBI) registered financial institutions and compliance officers. The leaked data is reportedly in .xls format and includes information from Indian financial corporations. Download link and Telegram contact provided for access.
Date: 2026-06-08T11:39:40Z
Network: telegram
Published URL: https://t.me/NeuraSCTA/86
Screenshots:
2 screenshot(s) available
Threat Actors: NeuraSec Team
Victim Country: India
Victim Industry: Financial Services
Victim Organization: Reserve Bank of India (RBI) Registered Financial Institutions
Victim Site: Unknown - Alleged sale of intelligence data on alleged Iranian operatives in Gulf countries
Category: Data Breach
Content: A threat actor is selling data purportedly identifying 26,300 individuals allegedly recruited as operatives for Iranian intelligence services and the Islamic Revolutionary Guard Corps across Qatar, Bahrain, Saudi Arabia, Kuwait, UAE, Oman, and Iraq. The dataset allegedly includes full names, mothers name, phone numbers, organizational affiliation, physical location, mission purpose, date and place of birth, and place of residence. The seller is asking $11,000 (negotiable) and claims the data or
Date: 2026-06-08T11:00:10Z
Network: openweb
Published URL: https://breached.su/threads/iranian-spies-in-the-arab-gulf-countries.88095/unread
Screenshots:
2 screenshot(s) available
Threat Actors: 0cx00iq
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of tianjialuntan.com by Raxor404 (SANTIAGO404)
Category: Defacement
Content: On June 8, 2026, the website tianjialuntan.com was defaced by threat actor Raxor404, operating under the team SANTIAGO404. The attack targeted a subdirectory of the sites WordPress content folder, suggesting exploitation of a WordPress vulnerability. The defacement was a single targeted incident and not part of a mass or repeated defacement campaign.
Date: 2026-06-08T10:57:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931896
Screenshots:
1 screenshot(s) available
Threat Actors: Raxor404, SANTIAGO404
Victim Country: China
Victim Industry: Unknown
Victim Organization: Tianjia Luntan
Victim Site: tianjialuntan.com - Website Defacement of 37su.com by H3K4L
Category: Defacement
Content: On June 8, 2026, a threat actor operating under the handle H3K4L defaced the homepage of www.37su.com, a Chinese-registered website. The attack was a targeted single-site defacement with no team affiliation claimed. Technical details regarding the server environment and exploitation method were not disclosed.
Date: 2026-06-08T10:55:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931892
Screenshots:
1 screenshot(s) available
Threat Actors: H3K4L, NO TEAM
Victim Country: China
Victim Industry: Unknown
Victim Organization: 37su
Victim Site: www.37su.com - Website Defacement of dami.pub by H3K4L
Category: Defacement
Content: On June 8, 2026, threat actor H3K4L successfully defaced the homepage of dami.pub, operating without affiliation to any known group or team. The attack targeted the root domain and was not part of a mass defacement campaign. No specific motivation or technical details regarding the server infrastructure were disclosed.
Date: 2026-06-08T10:54:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931891
Screenshots:
1 screenshot(s) available
Threat Actors: H3K4L, NO TEAM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: dami.pub - Website defacement of unknown organization at 101.35.246.242 by H3K4L
Category: Defacement
Content: On June 8, 2026, a threat actor identified as H3K4L defaced the website hosted at IP address 101.35.246.242, which is associated with Chinese IP space. The attacker performed a homepage defacement, replacing the sites content with their own message. No team affiliation, specific motive, or technical details regarding the server environment were disclosed.
Date: 2026-06-08T10:53:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931890
Screenshots:
1 screenshot(s) available
Threat Actors: H3K4L, NO TEAM
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 101.35.246.242 - Website Defacement of IP-hosted Server by H3K4L
Category: Defacement
Content: A threat actor identified as H3K4L defaced the homepage of a server hosted at IP address 150.158.122.156, which resolves to a Chinese IP range. This incident is noted as a redefacement, indicating the target had been previously compromised. No team affiliation, specific motivation, or server technology details were disclosed.
Date: 2026-06-08T10:51:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931889
Screenshots:
1 screenshot(s) available
Threat Actors: H3K4L, NO TEAM
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 150.158.122.156 - Website Defacement of idcquery.com by Raxor404 (SANTIAGO404)
Category: Defacement
Content: On June 8, 2026, threat actor Raxor404, affiliated with the group SANTIAGO404, defaced a page hosted on www.idcquery.com, targeting a subdirectory within the WordPress content uploads path. The defacement was a targeted single-site attack rather than a mass or home page defacement. No specific motive or server details were disclosed in connection with this incident.
Date: 2026-06-08T10:45:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931883
Screenshots:
1 screenshot(s) available
Threat Actors: Raxor404, SANTIAGO404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: IDC Query
Victim Site: www.idcquery.com - Website Defacement of xueba365.com by Raxor404 of SANTIAGO404
Category: Defacement
Content: On June 8, 2026, the website xueba365.com was defaced by threat actor Raxor404, operating under the team SANTIAGO404. The attack targeted a subdirectory of the WordPress-based site, suggesting exploitation of a vulnerable file upload mechanism. The defacement was a single targeted incident and not part of a mass or repeated campaign.
Date: 2026-06-08T10:44:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931879
Screenshots:
1 screenshot(s) available
Threat Actors: Raxor404, SANTIAGO404
Victim Country: China
Victim Industry: Education
Victim Organization: Xueba365
Victim Site: xueba365.com - Website Defacement of Satoriax by Raxor404 of SANTIAGO404
Category: Defacement
Content: On June 8, 2026, threat actor Raxor404, operating under the team SANTIAGO404, defaced a web page hosted on satoriax.com by replacing content within the WordPress uploads directory. The attack was a targeted single-page defacement rather than a mass or home page defacement. No specific motive or server details were disclosed in the available incident data.
Date: 2026-06-08T10:43:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931863
Screenshots:
1 screenshot(s) available
Threat Actors: Raxor404, SANTIAGO404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Satoriax
Victim Site: satoriax.com - Website Defacement of guojiwuliu.top by Raxor404 (SANTIAGO404)
Category: Defacement
Content: On June 8, 2026, threat actor Raxor404, affiliated with team SANTIAGO404, defaced a WordPress-based website hosted at guojiwuliu.top, a domain associated with an international logistics service likely operating in China. The defacement targeted a media upload directory and was a single, non-mass incident. No specific motive or server details were disclosed.
Date: 2026-06-08T10:42:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931864
Screenshots:
1 screenshot(s) available
Threat Actors: Raxor404, SANTIAGO404
Victim Country: China
Victim Industry: Logistics / Freight
Victim Organization: Guoji Wuliu (International Logistics)
Victim Site: guojiwuliu.top - Website Defacement of ybfl.net by Raxor404 (SANTIAGO404)
Category: Defacement
Content: On June 8, 2026, threat actor Raxor404, operating under the team SANTIAGO404, defaced a page on ybfl.net, targeting a subdirectory within the WordPress uploads folder. The defacement was a targeted single-page incident, not a mass or home page defacement. No specific motive or technical server details were disclosed in the available intelligence.
Date: 2026-06-08T10:41:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931868
Screenshots:
1 screenshot(s) available
Threat Actors: Raxor404, SANTIAGO404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ybfl.net - Website Defacement of dwg123.com by Raxor404 (SANTIAGO404)
Category: Defacement
Content: On June 8, 2026, threat actor Raxor404, operating under the team SANTIAGO404, defaced the website dwg123.com by altering content within the WordPress uploads directory. The attack was a targeted single-site defacement with no mass or redefacement indicators. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-06-08T10:40:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931865
Screenshots:
1 screenshot(s) available
Threat Actors: Raxor404, SANTIAGO404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: dwg123.com - Website Defacement of 59888888.xyz by Raxor404 (SANTIAGO404)
Category: Defacement
Content: On June 8, 2026, threat actor Raxor404, operating under the team SANTIAGO404, defaced the website hosted at 59888888.xyz by uploading malicious content to the WordPress uploads directory. The attack targeted a WordPress-based site and does not appear to be part of a mass or coordinated defacement campaign. No specific motive or victim organization details were disclosed in the available intelligence.
Date: 2026-06-08T10:40:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931885
Screenshots:
1 screenshot(s) available
Threat Actors: Raxor404, SANTIAGO404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 59888888.xyz - Website Defacement of Switch321 by Raxor404 (SANTIAGO404)
Category: Defacement
Content: On June 8, 2026, threat actor Raxor404, operating under the team SANTIAGO404, defaced the website switch321.com by compromising a WordPress content directory. The attack was a targeted single-site defacement with no indication of mass or repeat defacement activity. Server and infrastructure details were not disclosed in the available threat data.
Date: 2026-06-08T10:39:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931882
Screenshots:
1 screenshot(s) available
Threat Actors: Raxor404, SANTIAGO404
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Switch321
Victim Site: www.switch321.com - Website Defacement by Raxor404 of SANTIAGO404 Targeting IP-Based Host
Category: Defacement
Content: On June 8, 2026, threat actor Raxor404, affiliated with team SANTIAGO404, defaced a website hosted at IP address 101.201.35.202 on port 82. The targeted URL path suggests a WordPress installation was compromised. The defacement was a singular, targeted attack rather than a mass or home page defacement.
Date: 2026-06-08T10:38:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931870
Screenshots:
1 screenshot(s) available
Threat Actors: Raxor404, SANTIAGO404
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 101.201.35.202:82 - Cybersecurity Incident – Evanston Township High School District 202
Category: Cyber Attack
Content: Evanston Township High School District 202 fell victim to a ransomware attack on June 7, 2026, disrupting district systems, internet services, and IT infrastructure. As a result, the school is closed on June 8 and 9, 2026, and all scheduled on-campus activities have been cancelled. The district has activated its incident response procedures, engaged cybersecurity and legal experts, and is cooperating with the FBI to determine the extent of the compromised data and restore its systems.
Date: 2026-06-08T10:38:10Z
Network: openweb
Published URL: https://www.eths202.org/about/cybersecurity-incident
Screenshots:
None
Threat Actors:
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Evanston Township High School District 202
Victim Site: eths202.org - Website Defacement by Raxor404 (SANTIAGO404) Targeting IP-Based Host
Category: Defacement
Content: On June 8, 2026, threat actor Raxor404, operating under the team SANTIAGO404, defaced a WordPress-based website hosted at IP address 213.152.183.94 on port 8081. The target was accessed via a wp-content path, indicating a WordPress installation was exploited. No additional details regarding the victim organization, motive, or attack vector were disclosed.
Date: 2026-06-08T10:37:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931858
Screenshots:
1 screenshot(s) available
Threat Actors: Raxor404, SANTIAGO404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 213.152.183.94:8081 - Website Defacement by Raxor404 of SANTIAGO404 targeting IP-based host
Category: Defacement
Content: On June 8, 2026, a threat actor identified as Raxor404, affiliated with the group SANTIAGO404, defaced a WordPress-based website hosted at IP address 110.92.64.102 on port 3014. The targeted host appears to be located in Pakistan based on the IP geolocation range. The defacement was a singular, targeted incident and not classified as a mass or home page defacement.
Date: 2026-06-08T10:36:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931880
Screenshots:
1 screenshot(s) available
Threat Actors: Raxor404, SANTIAGO404
Victim Country: Pakistan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 110.92.64.102:3014 - Website Defacement of XBBPlus by Raxor404 (SANTIAGO404)
Category: Defacement
Content: On June 8, 2026, threat actor Raxor404, operating under the team SANTIAGO404, defaced a page on the website xbbplus.com. The defacement targeted a file within the WordPress uploads directory, suggesting exploitation of a WordPress vulnerability or misconfiguration. The incident was a single targeted defacement, not part of a mass defacement campaign.
Date: 2026-06-08T10:35:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931866
Screenshots:
1 screenshot(s) available
Threat Actors: Raxor404, SANTIAGO404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: XBBPlus
Victim Site: www.xbbplus.com - Website Defacement of zitiziyuan.com by Raxor404 (SANTIAGO404)
Category: Defacement
Content: On June 8, 2026, threat actor Raxor404, operating under the team SANTIAGO404, defaced the website www.zitiziyuan.com by compromising a directory within the WordPress content path. The attack targeted a Chinese-language domain, with the defacement mirrored and recorded on zone-xsec.com. No specific motive, server details, or proof-of-concept were disclosed in the available data.
Date: 2026-06-08T10:34:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931856
Screenshots:
1 screenshot(s) available
Threat Actors: Raxor404, SANTIAGO404
Victim Country: China
Victim Industry: Unknown
Victim Organization: Ziti Ziyuan
Victim Site: www.zitiziyuan.com - Alleged cyber attack on Kfar Yona Municipality by Hanzala group
Category: Cyber Attack
Content: Hanzala hacking group claimed responsibility for a cyber attack against Kfar Yona Municipality in Israel. The group reported disruption to administrative, communication, and service systems, with portions of the citys digital infrastructure taken offline. The group indicated additional details would be released.
Date: 2026-06-08T10:15:27Z
Network: telegram
Published URL: https://t.me/c/1283513914/22126
Screenshots:
5 screenshot(s) available
Threat Actors: Hanzala
Victim Country: Israel
Victim Industry: Government/Municipal Services
Victim Organization: Kfar Yona Municipality
Victim Site: Unknown - Free BIN shared for Spain Servired payment network
Category: Carding
Content: A forum user is sharing a free BIN associated with Spains Servired payment network, gated behind a reply-and-react engagement requirement. The post is categorized under carding tutorials, tools, and free CCs/BINs.
Date: 2026-06-08T10:07:23Z
Network: openweb
Published URL: https://darknetarmy.io/threads/spain-servired-free-bin.136579/
Screenshots:
1 screenshot(s) available
Threat Actors: CCWizard
Victim Country: Spain
Victim Industry: Finance
Victim Organization: Servired
Victim Site: Unknown - Free BIN list for ASB Bank (New Zealand)
Category: Carding
Content: A forum member is sharing a free BIN list associated with ASB Bank in New Zealand on a carding-focused forum. Access to the content requires user engagement reactions. No further details about record count or specific card data are visible.
Date: 2026-06-08T10:07:01Z
Network: openweb
Published URL: https://darknetarmy.io/threads/new-zealand-free-bin-bank-asb-bank.136581/
Screenshots:
1 screenshot(s) available
Threat Actors: CCWizard
Victim Country: New Zealand
Victim Industry: Finance
Victim Organization: ASB Bank
Victim Site: asbbank.co.nz - Sale of BIN information for Santander UK
Category: Carding
Content: A forum post on a carding-focused forum offers BIN information allegedly associated with Santander UK, gated behind a reply-and-react engagement requirement. The specific BIN details are hidden and accessible only to users who interact with the post.
Date: 2026-06-08T10:06:39Z
Network: openweb
Published URL: https://darknetarmy.io/threads/bin-bank-santander-uk.136582/
Screenshots:
1 screenshot(s) available
Threat Actors: CCWizard
Victim Country: United Kingdom
Victim Industry: Finance
Victim Organization: Santander
Victim Site: santander.co.uk - Sale of Findlay credit cards x4
Category: Carding
Content: A forum post on a carding-focused forum offers four Findlay credit cards, gated behind a reply-and-react engagement requirement. No additional details about card origin, BINs, or CVVs are visible in the post.
Date: 2026-06-08T10:06:15Z
Network: openweb
Published URL: https://darknetarmy.io/threads/findlay-credit-cards-x4%C2%B1.136585/
Screenshots:
1 screenshot(s) available
Threat Actors: CCWizard
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged ransomware data leak from Guangzhou Tianyue International Freight Forwarding Co., Ltd.
Category: Data Leak
Content: A threat actor operating under the name SnowSoul claims to have encrypted the victims data using ransomware with a .qinglong extension and is leaking 1,442 PDF files (~3 GB) after the company allegedly refused to pay a $2,000 ransom. The leaked documents appear to include business contracts, tax filings, identity documents (passports, national ID cards), bank account information, and correspondence involving multiple logistics firms across China.
Date: 2026-06-08T10:03:38Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79375
Screenshots:
1 screenshot(s) available
Threat Actors: SnowSoul
Victim Country: China
Victim Industry: Logistics
Victim Organization: Guangzhou Tianyue International Freight Forwarding Co., Ltd.
Victim Site: Unknown - Sale of initial access to undisclosed Israeli law firm Outlook business email
Category: Initial Access
Content: A threat actor is offering for sale access to a business Outlook email account belonging to an undisclosed law firm in Israel, priced between $2,000 and $3,000. The seller is soliciting private messages from serious buyers only. No additional details about the firm or the nature of the access have been disclosed.
Date: 2026-06-08T09:44:56Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-RDP-Outlook-Business-Law-Firm-Israel-Email-for-SALE
Screenshots:
1 screenshot(s) available
Threat Actors: blacknet00
Victim Country: Israel
Victim Industry: Legal
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Budget Saudi Arabia (budgetsaudi.com)
Category: Data Breach
Content: A threat actor is selling an alleged dataset from budgetsaudi.com containing approximately 70,000 user records. The data includes personally identifiable information such as mobile numbers, email addresses, names in Arabic, date of birth, nationality, religion, gender, and loyalty points. The actor is soliciting contact for pricing via a Proton Mail address.
Date: 2026-06-08T09:42:32Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-Saudi-Arabia-budgetsaudi-com-70k-users-record
Screenshots:
1 screenshot(s) available
Threat Actors: oaaaoxxz
Victim Country: Saudi Arabia
Victim Industry: Retail
Victim Organization: Budget Saudi Arabia
Victim Site: budgetsaudi.com - Alleged data breach of Fokko Juweliers (fokkojuweliers.nl)
Category: Data Breach
Content: A threat actor is selling a 1.5GB SQL and CSV database allegedly exfiltrated from Fokko Juweliers, a Dutch online gold and jewelry retailer. The sample data includes customer records with full names, email addresses, hashed passwords (bcrypt), IP addresses, newsletter preferences, and account metadata from the PrestaShop ps_customer table. The seller is advertising the dataset via Telegram.
Date: 2026-06-08T09:41:27Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-Online-Gold-And-Jewelry-Store-Database-%E2%80%93-Fokkojuweliers-nl-Netherlands
Screenshots:
2 screenshot(s) available
Threat Actors: DarkMafiaX
Victim Country: Netherlands
Victim Industry: Retail
Victim Organization: Fokko Juweliers
Victim Site: fokkojuweliers.nl - Alleged data breach of CamLive.ovh
Category: Data Breach
Content: A threat actor is offering for sale an alleged SQL and CSV database dump from CamLive.ovh, a social networking and content-sharing platform. The sample data includes extensive user profile fields such as usernames, email addresses, hashed passwords, IP addresses, phone numbers, payment details, and location data. The database is reported to be 390MB in size.
Date: 2026-06-08T09:40:12Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-Social-Networking-Digital-Content-Platform-%E2%80%93-CamLive-ovh-USA
Screenshots:
1 screenshot(s) available
Threat Actors: DarkMafiaX
Victim Country: United States
Victim Industry: Media and Entertainment
Victim Organization: CamLive
Victim Site: camlive.ovh - Alleged data breach of Instituto de Negocios student portal
Category: Data Breach
Content: A threat actor is selling an alleged SQL and CSV database dump from Alumnos.InstitutoDeNegocios.com, the student portal of Instituto de Negocios, a U.S.-based Spanish-language online business education platform. The sample data includes user IDs, login emails, hashed passwords, display names, and registration timestamps. The dump is reported to be 290MB in size.
Date: 2026-06-08T09:39:09Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-Online-Business-Education-Student-Portal-%E2%80%93-Alumnos-InstitutoDeNegocios-com-USA
Screenshots:
1 screenshot(s) available
Threat Actors: DarkMafiaX
Victim Country: United States
Victim Industry: Education
Victim Organization: Instituto de Negocios
Victim Site: alumnos.institutodengocios.com - Sale of initial access to Tehran Traffic Police Smart Traffic Control Command Center
Category: Initial Access
Content: A threat actor is offering access to the Smart Traffic Control Command Center of the Tehran Traffic Police for 1 BTC. The seller claims to have video proof of access and specifies no swaps. The post was listed on a dark web access market.
Date: 2026-06-08T09:38:38Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79363
Screenshots:
1 screenshot(s) available
Threat Actors: BigBrother
Victim Country: Iran
Victim Industry: Government
Victim Organization: Tehran Traffic Police
Victim Site: Unknown - Alleged data breach of Cohabitas.com
Category: Data Breach
Content: A threat actor known as DarkMafiaX is claiming to leak a 1.8GB SQL and CSV database allegedly belonging to Cohabitas.com, a UK-based house-sharing and co-living platform. The sample data includes WordPress user table fields such as usernames, hashed passwords, email addresses, and registration dates. No explicit record count was provided, but the dataset size and sample suggest a significant number of user records.
Date: 2026-06-08T09:37:33Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79367
Screenshots:
1 screenshot(s) available
Threat Actors: DarkMafiaX
Victim Country: United Kingdom
Victim Industry: Real Estate
Victim Organization: Cohabitas
Victim Site: cohabitas.com - Alleged data breach of scalextric.es
Category: Data Breach
Content: A threat actor is selling an alleged database dump of scalextric.es containing 100,000 records in CSV format. The dataset includes customer names, email addresses, bcrypt-hashed passwords, and reportedly DNI (Spanish national identity numbers). Escrow and middleman payment options are accepted.
Date: 2026-06-08T09:36:54Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-100K-Database-%C2%A0-scalextric-es-Spain-DNI-Available–79371
Screenshots:
1 screenshot(s) available
Threat Actors: wizard
Victim Country: Spain
Victim Industry: Retail
Victim Organization: Scalextric Spain
Victim Site: scalextric.es - Alleged data breach of magliecalciopocoprezzo.com
Category: Data Breach
Content: A threat actor is selling an alleged database dump from Italian sports apparel retailer magliecalciopocoprezzo.com containing approximately 100,000 records. The sample data includes customer names, email addresses, phone numbers, gender, and salted MD5 password hashes. The seller is accepting escrow and is contactable via Telegram.
Date: 2026-06-08T09:36:18Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79373
Screenshots:
1 screenshot(s) available
Threat Actors: wizard
Victim Country: Italy
Victim Industry: Retail
Victim Organization: magliecalciopocoprezzo.com
Victim Site: magliecalciopocoprezzo.com - Alleged data breach of T-Mobile
Category: Data Breach
Content: A threat actor is offering a dataset allegedly sourced from T-Mobile containing approximately 393,824 customer records. The data includes customer names, phone numbers, service IDs, dealer information, SIM/IMEI data, billing plans, and activation dates. Sample records suggest the data originates from prepaid service activations circa 2020.
Date: 2026-06-08T09:34:06Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79353
Screenshots:
2 screenshot(s) available
Threat Actors: Osito
Victim Country: United States
Victim Industry: Telecommunications
Victim Organization: T-Mobile
Victim Site: t-mobile.com - Sale of card dump databases and skimming tools
Category: Carding
Content: A forum user is advertising database dumps linked to checking accounts, along with software tools including EMV chip software, skimmers, and DLH tools. The post solicits long-term business partnerships for card dump acquisition and cashout operations, with contact via Telegram.
Date: 2026-06-08T09:33:29Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79362
Screenshots:
1 screenshot(s) available
Threat Actors: Mrip0012
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Pramuka Gugus Depan Karanganyar District database
Category: Data Leak
Content: A threat actor leaked a database allegedly belonging to Pramuka Gugus Depan of Karanganyar District, Indonesia. The post includes a sample of the data. No record count or additional details were provided in the post.
Date: 2026-06-08T09:33:16Z
Network: openweb
Published URL: https://breached.su/threads/leak-pramuka-database-gugus-depan-of-karanganyar-district.88094/unread
Screenshots:
2 screenshot(s) available
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Pramuka Gugus Depan Karanganyar District
Victim Site: Unknown - Alleged data breach of Pramuka Gugus Depan Karanganyar District database
Category: Data Breach
Content: A user named JAX7 on Breachforums has posted a thread claiming to have leaked a database from Pramuka (Indonesian Scout organization) Gugus Depan of Karanganyar District. The breach includes organizational data and member information.
Date: 2026-06-08T09:28:23Z
Network: telegram
Published URL: https://t.me/Jax702/80
Screenshots:
2 screenshot(s) available
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Non-profit/Youth Organization
Victim Organization: Pramuka Gugus Depan Karanganyar District
Victim Site: Unknown - Alleged data leak of Canadian crypto and forex opt-in records
Category: Data Leak
Content: A threat actor has made available a dataset of Canadian crypto and forex opt-in records, including full names, phone numbers, email addresses, and associated broker names. The data appears to originate from multiple forex and binary options brokers. The dataset is being freely distributed via a Mega.nz download link.
Date: 2026-06-08T08:58:55Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79372
Screenshots:
1 screenshot(s) available
Threat Actors: LauraAllen
Victim Country: Canada
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown - Sale of 35 credit cards on carding forum
Category: Carding
Content: A forum user posted 35 credit cards on a carding forum. No additional details are available from the post content.
Date: 2026-06-08T08:48:20Z
Network: openweb
Published URL: https://darknetarmy.io/threads/oluoluolu-credit-cards-x35.136572/
Screenshots:
None
Threat Actors: CCWizard
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of payment card data associated with Slovenia bank via Sumup Payments Limited
Category: Carding
Content: A forum post on a carding-focused board references payment card data associated with a Slovenia bank and Sumup Payments Limited. No further details are available as the post content is empty. The thread is categorized under carding tutorials, tools, and free credit card data.
Date: 2026-06-08T08:47:53Z
Network: openweb
Published URL: https://darknetarmy.io/threads/slovenia-bank-sumup-payments-limited.136573/
Screenshots:
None
Threat Actors: CCWizard
Victim Country: Slovenia
Victim Industry: Finance
Victim Organization: Sumup Payments Limited
Victim Site: sumup.com - Free sharing of 34 credit cards
Category: Carding
Content: A forum user shared a post titled Kekesa credit cards x34 in a carding forum, suggesting the free distribution of 34 credit cards. No additional content was available to confirm details of the cards or their origin.
Date: 2026-06-08T08:47:25Z
Network: openweb
Published URL: https://darknetarmy.io/threads/kekesa-credit-cards-x34.136575/
Screenshots:
None
Threat Actors: CCWizard
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Free BIN sharing for Bancolombia S.A. / Nequi (Colombia)
Category: Carding
Content: A forum post on a carding forum offers free BIN data associated with Bancolombia S.A. and its Nequi service in Colombia. Access to the content is gated behind a social engagement requirement. No record count or additional details are disclosed.
Date: 2026-06-08T08:45:59Z
Network: openweb
Published URL: https://darknetarmy.io/threads/colombia-free-bin-bank-bancolombia-s-a-nequi.136577/
Screenshots:
1 screenshot(s) available
Threat Actors: CCWizard
Victim Country: Colombia
Victim Industry: Finance
Victim Organization: Bancolombia S.A.
Victim Site: bancolombia.com - Alleged data breach of lookiero.com personal shopping platform
Category: Data Breach
Content: A threat actor is selling an alleged database dump containing 4.9 million customer records from Lookiero, a personal shopping platform. The sample data includes usernames, email addresses, full names, physical addresses, postal codes, phone numbers, country codes, and account creation dates spanning 2017 to 2023. Customers from multiple countries including Spain, France, the United Kingdom, Italy, Portugal, and the Netherlands appear to be affected.
Date: 2026-06-08T08:31:45Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79366
Screenshots:
1 screenshot(s) available
Threat Actors: LauraAllen
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Lookiero
Victim Site: lookiero.com - Free BIN for Germany bank shared on carding forum
Category: Carding
Content: A forum user is sharing a free BIN associated with a German bank on a carding forum, gated behind a reply-and-react engagement requirement. No specific bank or record count is disclosed.
Date: 2026-06-08T08:17:02Z
Network: openweb
Published URL: https://darknetarmy.io/threads/germany-bank-free-bin.136566/
Screenshots:
1 screenshot(s) available
Threat Actors: CCWizard
Victim Country: Germany
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown - Free BIN sharing for Credit Agricole Societe Anonyme (France)
Category: Carding
Content: A forum user is sharing BIN data associated with Credit Agricole Societe Anonyme, a French bank, on a carding-focused forum. Access to the content is gated behind engagement reactions. The post is consistent with carding activity targeting French payment cards.
Date: 2026-06-08T08:16:44Z
Network: openweb
Published URL: https://darknetarmy.io/threads/france-free-bin-bank-credit-agricole-societe-anonyme.136567/
Screenshots:
1 screenshot(s) available
Threat Actors: CCWizard
Victim Country: France
Victim Industry: Finance
Victim Organization: Credit Agricole Societe Anonyme
Victim Site: credit-agricole.fr - Free BIN sharing for Swedbank AB (Sweden)
Category: Carding
Content: A forum post on a carding community offers free BIN data associated with Swedbank AB in Sweden, gated behind social engagement requirements. The post is categorized under carding tutorials, tools, and free CCs/BINs.
Date: 2026-06-08T08:16:21Z
Network: openweb
Published URL: https://darknetarmy.io/threads/sweden-free-bin-bank-swedbank-ab.136570/
Screenshots:
1 screenshot(s) available
Threat Actors: CCWizard
Victim Country: Sweden
Victim Industry: Finance
Victim Organization: Swedbank AB
Victim Site: swedbank.se - Alleged data breach of DentaQuest affecting 2.6 million individuals
Category: Data Breach
Content: DentaQuest, a major dental insurance provider in the United States, suffered a cyberattack resulting in the exposure of approximately 2.6 million individuals personal information. Threat actor ShinyHunters claimed responsibility for stealing over 234 GB of data from the company. Exposed data includes names, email addresses, phone numbers, dates of birth, health insurance information, and identity verification details.
Date: 2026-06-08T08:03:23Z
Network: telegram
Published URL: https://t.me/c/1283513914/22122
Screenshots:
2 screenshot(s) available
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Insurance/Healthcare
Victim Organization: DentaQuest
Victim Site: Unknown - Website Defacement of Pendopo.id by ./Gh05T_1llu510N
Category: Defacement
Content: On June 8, 2026, the Indonesian website pendopo.id was defaced by the threat actor known as ./Gh05T_1llu510N. The attack targeted the homepage of the site and was conducted as a singular, non-mass defacement. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-06-08T07:41:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931855
Screenshots:
1 screenshot(s) available
Threat Actors: ./Gh05T_1llu510N
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Pendopo
Victim Site: pendopo.id - Free sharing of 30 stolen credit cards
Category: Carding
Content: A forum member is offering 30 stolen credit cards as hidden content, accessible upon reacting to the post. The cards are shared on a carding-focused forum section dedicated to free CCs and BINs.
Date: 2026-06-08T07:39:20Z
Network: openweb
Published URL: https://darknetarmy.io/threads/sunday-credit-cards-x30.136563/
Screenshots:
1 screenshot(s) available
Threat Actors: NovaScorp
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of BIN information for Spanish bank Mastercajas S.A.
Category: Carding
Content: A forum post on a carding-focused forum offers BIN bank information allegedly associated with the Spanish financial institution Mastercajas S.A. The content is gated behind a reply-and-react requirement. No further details regarding record count or card data fields are visible.
Date: 2026-06-08T07:38:59Z
Network: openweb
Published URL: https://darknetarmy.io/threads/spain-bin-bank-mastercajas-s-a.136564/
Screenshots:
1 screenshot(s) available
Threat Actors: NovaScorp
Victim Country: Spain
Victim Industry: Finance
Victim Organization: Mastercajas S.A.
Victim Site: Unknown - Website Defacement of Candirejo Village Administration Site by ./Gh05T_1llu510N
Category: Defacement
Content: On June 8, 2026, the threat actor known as ./Gh05T_1llu510N defaced the homepage of sidesacandirejo.com, a village administration information system (SIDESA) for Candirejo in Indonesia. The attack was a targeted single-site homepage defacement with no team affiliation reported. No specific motive or server details were disclosed in association with the incident.
Date: 2026-06-08T07:35:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931850
Screenshots:
1 screenshot(s) available
Threat Actors: ./Gh05T_1llu510N
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Candirejo Village Administration (SIDESA Candirejo)
Victim Site: sidesacandirejo.com - Website Defacement of sibumdes-wunut.com by Gh05T_1llu510N
Category: Defacement
Content: The website sibumdes-wunut.com, associated with Sibumdes Wunut, a likely Indonesian village information system or local government service, was defaced by the threat actor known as Gh05T_1llu510N on June 8, 2026. The attack targeted the homepage directly and was carried out as a single targeted defacement rather than a mass campaign. No specific motive or exploitation method was disclosed.
Date: 2026-06-08T07:31:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931851
Screenshots:
1 screenshot(s) available
Threat Actors: ./Gh05T_1llu510N
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Sibumdes Wunut
Victim Site: sibumdes-wunut.com - Website Defacement of ueesrg.id by Gh05T_1llu510N
Category: Defacement
Content: On June 8, 2026, the Indonesian website ueesrg.id was defaced by a threat actor operating under the handle Gh05T_1llu510N. The attack targeted the homepage of the site as a standalone defacement, not part of a mass campaign. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-06-08T07:25:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931681
Screenshots:
1 screenshot(s) available
Threat Actors: ./Gh05T_1llu510N
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: UEESRG
Victim Site: ueesrg.id - Alleged intrusion into University of Tennessee systems by Gladiators of God group
Category: Data Breach
Content: The threat actor group Gladiators of God (گلادیاتورهای خدا) claims to have breached systems at University of Tennessee in the United States and obtained data related to smart grid development, cybersecurity, energy systems, and advanced electronic technologies. The group alleges the projects are supported by US government agencies and involve collaboration with major industrial and research institutions. The group claims some university laboratories and researchers have connections to US defense…
Date: 2026-06-08T07:24:54Z
Network: telegram
Published URL: https://t.me/c/1283513914/22113
Screenshots:
2 screenshot(s) available
Threat Actors: Gladiators of God
Victim Country: United States
Victim Industry: Education/Research
Victim Organization: University of Tennessee
Victim Site: Unknown - Alleged sale of internal database from Taiwans Psychological Warfare Unit including PLA, JSDF, ROC, and US military data
Category: Data Breach
Content: A threat actor is selling what they claim to be the internal database of Taiwans Psychological Warfare Unit, described as a surveillance network covering China, the United States, Japan, and Taiwan. The offering purportedly includes SQL and CSV exports of databases related to the PLA, Japan Self-Defense Forces, ROC Armed Forces, and US military forces in the Western Pacific. The seller is asking 2.1 BTC for the complete dataset and is accepting contact via private message.
Date: 2026-06-08T07:18:40Z
Network: openweb
Published URL: https://xforums.st/threads/__-internal-database-of-taiwans-psychological-warfare-unit-a-massive-surveillance-network.620697/
Screenshots:
None
Threat Actors: simo_colvin
Victim Country: Taiwan
Victim Industry: Government
Victim Organization: Taiwan Psychological Warfare Unit
Victim Site: Unknown - Sale of BIN information for Scribd
Category: Carding
Content: A forum user is sharing BIN information purportedly usable for carding Scribd, gated behind a reply-and-react engagement requirement. No specific card details or record counts are visible in the post.
Date: 2026-06-08T07:07:06Z
Network: openweb
Published URL: https://darknetarmy.io/threads/scribd-bin.136561/
Screenshots:
1 screenshot(s) available
Threat Actors: NovaScorp
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged defacement of Sentra Properti website by Mr.PIMZZZXploit
Category: Defacement
Content: Website defacement claimed by threat actor Mr.PIMZZZXploit. The compromised site is https://v2.sentraproperti.id/.well-known/index.php with a mirror archive provided at https://haxor.id/archive/mirror/249828. Post includes defacement proof image.
Date: 2026-06-08T06:40:27Z
Network: telegram
Published URL: https://t.me/c/3865526389/1203
Screenshots:
2 screenshot(s) available
Threat Actors: Mr.PIMZZZXploit
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Sentra Properti
Victim Site: sentraproperti.id - Website Defacement of PMII Rayon MP by Claudexxx of Phantom Sec Team
Category: Defacement
Content: On June 8, 2026, the website of PMII Rayon MP, an Indonesian Islamic student movement organization, was defaced by a threat actor identified as Claudexxx operating under the group Phantom Sec Team. The attack targeted the homepage of the site and was not part of a mass defacement campaign. A mirror of the defacement was archived on zone-xsec.com.
Date: 2026-06-08T06:40:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931590
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx, Phantom Sec Team
Victim Country: Indonesia
Victim Industry: Non-Profit / Student Organization
Victim Organization: PMII Rayon MP (Pergerakan Mahasiswa Islam Indonesia)
Victim Site: pmiirayonmp.id - Mass Website Defacement of Sentra Properti by Mr.PIMZZZXploit / BABAYO EROR SYSTEM
Category: Defacement
Content: On June 8, 2026, the Indonesian real estate platform Sentra Properti had its website defaced by threat actor Mr.PIMZZZXploit operating under the group BABAYO EROR SYSTEM. The incident was classified as a mass defacement, targeting a Linux-based server. The defaced mirror was archived at haxor.id, indicating a deliberate and documented attack campaign.
Date: 2026-06-08T06:38:19Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249828
Screenshots:
1 screenshot(s) available
Threat Actors: Mr.PIMZZZXploit, BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Real Estate
Victim Organization: Sentra Properti
Victim Site: v2.sentraproperti.id - Alleged data breach of Coinbase
Category: Data Breach
Content: A threat actor is distributing an alleged Coinbase user database containing 14 million records via a Mega.nz link. The sample data includes full names, email addresses, phone numbers, and cryptocurrency payment pair information attributed to Coinbase. The post includes a Telegram contact for the seller.
Date: 2026-06-08T06:36:27Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79358
Screenshots:
1 screenshot(s) available
Threat Actors: LauraAllen
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Coinbase
Victim Site: coinbase.com - Alleged data leak of multiple Chinese databases spanning telecom, education, banking, and logistics sectors
Category: Data Leak
Content: A threat actor is distributing a collection of approximately 972 GB of Chinese databases allegedly sourced from multiple organizations including Chaoxing Xuetong, China Telecom, WeChat, China Yuantong, China Bank, and others. The collection spans telecom, education, banking, housing, logistics, and social platform sectors with claimed record counts totaling over 2.4 billion entries. The content is gated behind a reply wall on the forum.
Date: 2026-06-08T06:36:18Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-CHINESE-DATA-COLLECTION-EDUCATION-TELECOM-BANKING-LOGISTICS-DATABASES
Screenshots:
1 screenshot(s) available
Threat Actors: bloodriot4700
Victim Country: China
Victim Industry: Multiple
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Edmunds.com
Category: Data Breach
Content: A threat actor is distributing an alleged database dump from Edmunds.com, an automotive research platform, containing approximately 30 million records. The sample data includes usernames, hashed passwords, email addresses, city, profession, and forum activity metadata. The data is being made available via a Mega.nz download link.
Date: 2026-06-08T06:35:39Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79359
Screenshots:
1 screenshot(s) available
Threat Actors: LauraAllen
Victim Country: United States
Victim Industry: Automotive
Victim Organization: Edmunds
Victim Site: edmunds.com - Alleged data leak of gonyawiji.wonogirikab.go.id
Category: Data Leak
Content: A threat actor known as MatxCysec claims to have leaked a database associated with gonyawiji.wonogirikab.go.id, an Indonesian local government website under Wonogiri Regency. No post content was available to confirm details regarding the scope or nature of the data.
Date: 2026-06-08T06:35:23Z
Network: openweb
Published URL: https://breached.su/threads/leaked-data-base-gonyawiji-wonogirikab-go-id.88093/unread
Screenshots:
1 screenshot(s) available
Threat Actors: MatxCysec
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Gonyawiji Wonogiri Regency Government
Victim Site: gonyawiji.wonogirikab.go.id - Threat: خبرگزاری سایبربان| Cyberban News
Category: Cyber Attack
Content: Legitimate cybersecurity news report about a confirmed security vulnerability affecting Instagram accounts. This is a news article from a cybersecurity news channel reporting on a vulnerability disclosure by Meta, not a threat actor posting attack details or selling stolen data.
Date: 2026-06-08T06:28:02Z
Network: telegram
Published URL: https://t.me/c/1283513914/22111
Screenshots:
2 screenshot(s) available
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Predator Sparrow Group Persistence and Re-exploitation Analysis
Category: Cyber Attack
Content: Iranian threat research center provides analysis of Predator Sparrow groups tactics, indicating the group likely re-established initial access within minutes of system remediation through advanced monitoring capabilities. The analysis highlights the groups proficiency in backdoor deployment, staged vulnerability exploitation, and maintaining persistent access to compromised systems.
Date: 2026-06-08T06:25:43Z
Network: telegram
Published URL: https://t.me/c/3575098403/237
Screenshots:
1 screenshot(s) available
Threat Actors: Predator Sparrow
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of financial fullz including SSN, routing, and bank account data
Category: Carding
Content: A forum user is offering fullz packages containing personally identifiable and financial data including SSN, routing numbers, bank account details, and profile information. Access to the content is gated behind engagement reactions on the post. No specific victim organization or record count is disclosed.
Date: 2026-06-08T06:15:24Z
Network: openweb
Published URL: https://darknetarmy.io/threads/fullz-info-routing-bankaccount-ssn-profile.136554/
Screenshots:
1 screenshot(s) available
Threat Actors: SharkBank
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of gonyawiji.wonogirikab.go.id
Category: Data Breach
Content: A database breach affecting gonyawiji.wonogirikab.go.id (Wonogiri Regency government domain, Indonesia) has been posted on Breachforums. The breach was shared by Rakyat Digital Crew threat actor group.
Date: 2026-06-08T06:12:55Z
Network: telegram
Published URL: https://t.me/c/3755871403/738
Screenshots:
2 screenshot(s) available
Threat Actors: Rakyat_Digital_Crew
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Wonogiri Regency Government
Victim Site: gonyawiji.wonogirikab.go.id - Alleged data breach of Nissan Motor Co Ltd.
Category: Data Breach
Content: A threat actor is distributing an alleged database dump attributed to Nissan Motor Co Ltd., containing records for approximately 2.35 million customers. The sample data includes customer IDs, full names, addresses, business and personal email addresses, phone numbers, company names, dealer numbers, and customer eligibility status. The dataset appears to reflect activity as of January 2026 and is being shared via a Mega.nz download link.
Date: 2026-06-08T05:44:05Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79355
Screenshots:
1 screenshot(s) available
Threat Actors: LauraAllen
Victim Country: Japan
Victim Industry: Automotive
Victim Organization: Nissan Motor Co Ltd.
Victim Site: nissan.co.jp - Alleged data breach of elexbet.com Turkish betting platform
Category: Data Leak
Content: A threat actor has leaked what is alleged to be a database from elexbet.com, a Turkish online betting platform. The sample contains personal data including full names, usernames, email addresses, Turkish national ID numbers (TC No), phone numbers, account balances, and dates of birth. The data has been made available via a Mega.nz download link.
Date: 2026-06-08T05:43:22Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79356
Screenshots:
1 screenshot(s) available
Threat Actors: LauraAllen
Victim Country: Turkey
Victim Industry: Gambling
Victim Organization: Elexbet
Victim Site: elexbet.com - Alleged data breach of Nobitex with employee information exposure
Category: Data Breach
Content: APT IRAN claims to have leaked data from Nobitex (Iranian cryptocurrency exchange platform) including employee information. The post references a data leak status update over the past week and mentions employee data exposure. The threat actor criticizes security practices and references zero trust security concepts.
Date: 2026-06-08T05:40:43Z
Network: telegram
Published URL: https://t.me/c/3575098403/234
Screenshots:
2 screenshot(s) available
Threat Actors: APT IRAN
Victim Country: Iran
Victim Industry: Cryptocurrency Exchange
Victim Organization: Nobitex
Victim Site: nobitex.ir - Free BIN shared for New Zealand
Category: Carding
Content: A forum member is sharing a free BIN for New Zealand on a carding-focused forum. The content is gated behind a reply-and-react requirement. No additional details about the card issuer or volume are available.
Date: 2026-06-08T05:29:02Z
Network: openweb
Published URL: https://darknetarmy.io/threads/free-bin-new-zealand.136548/
Screenshots:
1 screenshot(s) available
Threat Actors: SharkBank
Victim Country: New Zealand
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown - Alleged launch of Nemesis Infernal data leak search service targeting compromised organizational data
Category: Data Leak
Content: The Nemesis Infernal threat actor channel announced the launch of a new data leak search service on February 5, 2025. The service aggregates stolen information from the dark web with focus on recent data rather than archived datasets. The post claims to have purchased access to the service and specifically mentions Nobitex as being severely compromised, warning of potential re-compromise.
Date: 2026-06-08T05:27:57Z
Network: telegram
Published URL: https://t.me/c/3575098403/233
Screenshots:
2 screenshot(s) available
Threat Actors: Nemesis Infernal
Victim Country: Iran
Victim Industry: cryptocurrency_exchange
Victim Organization: Nobitex
Victim Site: nobitex.ir - Alleged data breach of Linear App with 200K+ user records for sale
Category: Data Breach
Content: A threat actor is selling an alleged database from Linear App containing 200,000+ user records, including emails, usernames, hashed passwords, and organization details. Additional data including Linear issues and extended user information is offered separately. The seller is requesting 2 XMR for the base dataset and 7 XMR for the full package.
Date: 2026-06-08T05:18:25Z
Network: openweb
Published URL: https://breachforum.ws/Thread-DATABASE-SELLING-LINEAR-APP-FULL-USER-RECORDS-200K
Screenshots:
1 screenshot(s) available
Threat Actors: breadwind
Victim Country: United States
Victim Industry: Technology
Victim Organization: Linear
Victim Site: linear.app - Alleged doxing/information broker service offering personal data lookup
Category: Data Leak
Content: Spanish-language advertisement for a Telegram bot (@dox_col_free_bot) claiming to provide personal information lookup services using document numbers. The service advertises free access to identity verification and personal data collection, positioning itself as a tool to discover if someone is trying to scam you or to obtain information about others. Indicates constant data updates suggesting access to compiled personal databases.
Date: 2026-06-08T05:13:34Z
Network: telegram
Published URL: https://t.me/c/3518294966/157
Screenshots:
2 screenshot(s) available
Threat Actors: dox_col_free_bot
Victim Country: Colombia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of hotel booking and Microsoft phishing panel with administration interface
Category: Phishing
Content: A threat actor is developing and offering a phishing package targeting hotel reservation workflows and Microsoft access pages. The package includes fake reservation verification, hotel payment confirmation, and guest login simulation pages, along with an administration panel for monitoring collected data. The product is described as promotional and open for community feedback.
Date: 2026-06-08T04:03:49Z
Network: openweb
Published URL: https://breached.su/threads/booking-hotel-panel-phishing.88092/unread
Screenshots:
1 screenshot(s) available
Threat Actors: FluxOperator
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of Hussey College UK Alumni Site by Root Phantom (Phantom Sec Team)
Category: Defacement
Content: On June 8, 2026, the website husseycollegeukalumni.com, associated with the alumni network of Hussey College UK, was defaced by a threat actor identified as Root Phantom, operating under the Phantom Sec Team. The attack targeted the homepage of the site in a singular, targeted defacement operation. No specific motive or proof of concept was disclosed alongside the incident.
Date: 2026-06-08T04:01:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931588
Screenshots:
1 screenshot(s) available
Threat Actors: Root Phantom, Phantom Sec Team
Victim Country: United Kingdom
Victim Industry: Education
Victim Organization: Hussey College UK Alumni
Victim Site: husseycollegeukalumni.com - Alleged data leak of residents of Balikpapan, Indonesia
Category: Data Leak
Content: A threat actor leaked personally identifiable information of 42 residents of Balikpapan, Indonesia. The data includes national ID numbers (NIK), full names, gender, date of birth, phone numbers, and full addresses. The source of the breach is not specified.
Date: 2026-06-08T04:01:07Z
Network: openweb
Published URL: https://breached.su/threads/database-42-data-residents-of-balikpapan.88091/unread
Screenshots:
10 screenshot(s) available
Threat Actors: KNOK666X
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown - Alleged source code leak of Spain government website psoe.es
Category: Data Leak
Content: A threat actor claims to have dumped the source code of psoe.es, the official website of Spains ruling socialist party (PSOE), which runs on WordPress. The source code has been made available for free download via LimeWire and MediaFire links.
Date: 2026-06-08T03:50:28Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79325
Screenshots:
1 screenshot(s) available
Threat Actors: Keishell
Victim Country: Spain
Victim Industry: Government
Victim Organization: PSOE
Victim Site: psoe.es - Alleged data breach of dealerweb.kr
Category: Data Breach
Content: A threat actor is offering for sale an alleged database dump from dealerweb.kr, a South Korean dealer/retail platform, claiming 150,000 records. The sample contains structured fields related to telecom plans, pricing, and device information. The seller is directing interested parties to contact them via Telegram.
Date: 2026-06-08T03:47:49Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79255
Screenshots:
2 screenshot(s) available
Threat Actors: AshleyWood2022
Victim Country: South Korea
Victim Industry: Retail
Victim Organization: Dealerweb
Victim Site: dealerweb.kr - Alleged data breach of CEDA Academy
Category: Data Breach
Content: A threat actor is selling an alleged database dump from cedaacademy.co.kr, a South Korean educational institution. The sample includes member records with names, hashed passwords, email addresses, phone numbers, physical addresses, school names, and login metadata. Approximately 150,000 records are claimed.
Date: 2026-06-08T03:47:11Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79256
Screenshots:
1 screenshot(s) available
Threat Actors: AshleyWood2022
Victim Country: South Korea
Victim Industry: Education
Victim Organization: CEDA Academy
Victim Site: cedaacademy.co.kr - Alleged data breach of Zwjate.com
Category: Data Breach
Content: A threat actor on a dark web forum is offering an alleged database dump from Zwjate.com, an Arabic-language online marriage and matchmaking platform. The dataset, reportedly containing 720,000 user records in SQL and CSV format, includes usernames, hashed passwords, email addresses, phone numbers, nationalities, and IP addresses. A sample was shared to support the claim.
Date: 2026-06-08T03:46:35Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79284
Screenshots:
1 screenshot(s) available
Threat Actors: DarkMafiaX
Victim Country: Saudi Arabia
Victim Industry: Technology
Victim Organization: Zwjate
Victim Site: zwjate.com - Alleged data breach of ElegantVapeStore.com
Category: Data Breach
Content: A threat actor is selling a 3GB SQL and CSV database allegedly stolen from ElegantVapeStore.com, an Egyptian e-commerce vape retailer. The sample data includes WordPress user table fields such as user login names, hashed passwords, email addresses, and registration dates. No total record count was specified in the post.
Date: 2026-06-08T03:45:57Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Online-Vape-Electronic-Cigarette-Store-Database%E2%80%93-ElegantVapeStore-com-Egypt–79286
Screenshots:
1 screenshot(s) available
Threat Actors: DarkMafiaX
Victim Country: Egypt
Victim Industry: Retail
Victim Organization: ElegantVapeStore
Victim Site: elegantvapestore.com - Alleged data breach of Bilkent University (cayfer.bilkent.edu.tr)
Category: Data Breach
Content: A threat actor is distributing an alleged database dump from cayfer.bilkent.edu.tr, a subdomain of Bilkent University in Turkey, containing approximately 72,000 records. The dataset includes student personal information such as names, surnames, gender, birth dates, addresses, phone numbers, department details, scholarship status, and counselor notes, available in both CSV and SQL formats. The actor claims the site became unavailable following the attack and database extraction.
Date: 2026-06-08T03:45:24Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79297
Screenshots:
1 screenshot(s) available
Threat Actors: camillaDF
Victim Country: Turkey
Victim Industry: Education
Victim Organization: Bilkent University
Victim Site: cayfer.bilkent.edu.tr - Alleged data breach of OkCupid
Category: Data Breach
Content: A threat actor claims to have gained privileged access to OkCupids internal API and scraped personal registration data from approximately 35 million users. The alleged dataset includes full names, email addresses, password hashes, phone numbers, dates of birth, location data, sexual orientation, relationship preferences, device information, and IP addresses. A sample of three records was provided as proof.
Date: 2026-06-08T03:44:42Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79298
Screenshots:
1 screenshot(s) available
Threat Actors: authentic
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: OkCupid
Victim Site: okcupid.com - Sale of WordPress Plugin 0day Vulnerability Package
Category: Vulnerability
Content: A threat actor is offering a package of claimed 0day vulnerabilities affecting multiple WordPress plugins with 6,000 to 30,000+ active installs. The package includes unauthenticated PII dumps, 2FA bypass leading to full account takeover, reCAPTCHA bypass, blind SSRF, and broken access control bugs, all claimed to affect the latest plugin versions. The seller is soliciting buyers and partners via Telegram and forum PM, with escrow offered for transactions.
Date: 2026-06-08T03:40:40Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79326
Screenshots:
1 screenshot(s) available
Threat Actors: OilBurnerSec
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sale of critical vulnerabilities in War and Order mobile gaming application
Category: Vulnerability
Content: A threat actor is offering multiple alleged vulnerabilities in the mobile game War and Order for $1,200, targeting an application with approximately 40 million downloads. Claimed vulnerabilities include a client-side RCE via on-path attack during hot updates, full backend disclosure, account takeover, and the ability to broadcast arbitrary text to all active users. The seller states POCs are available and that additional undisclosed findings exist beyond what is listed.
Date: 2026-06-08T03:39:47Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79329
Screenshots:
1 screenshot(s) available
Threat Actors: OilBurnerSec
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: War and Order
Victim Site: Unknown - Alleged data leak of OKX with 900K user records from info stealer
Category: Data Leak
Content: A threat actor is freely distributing an alleged dataset of 900,000 OKX users, claimed to have been obtained via info stealer malware. The data is being shared via a Telegram channel link.
Date: 2026-06-08T03:37:27Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79278
Screenshots:
1 screenshot(s) available
Threat Actors: magnoliaGoddess
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: OKX
Victim Site: okx.com - Alleged data leak of PropStream (propstream.com)
Category: Data Leak
Content: A threat actor claims to have leaked the full database of PropStream, a real estate data platform. The dataset allegedly contains 102 million listed property records with owner contact information, made available via a Telegram link.
Date: 2026-06-08T03:36:45Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79282
Screenshots:
1 screenshot(s) available
Threat Actors: BrazilianaChica
Victim Country: United States
Victim Industry: Real Estate
Victim Organization: PropStream
Victim Site: propstream.com - Alleged data leak of Saudi Arabia citizens government database
Category: Data Leak
Content: A threat actor claims to have leaked a massive Saudi Arabian government database allegedly containing national identity records of all Saudi citizens. The data is being freely distributed via a Telegram channel. No specific source organization or record count has been provided.
Date: 2026-06-08T03:36:03Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79285
Screenshots:
1 screenshot(s) available
Threat Actors: laboboToy
Victim Country: Saudi Arabia
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Grupo Jumex
Category: Data Breach
Content: A threat actor claims to be selling data belonging to Grupo Jumex (Jugos de México), including records related to employees, suppliers, and partners. A sample file has been shared via an external transfer link. The exact record count and data fields have not been disclosed.
Date: 2026-06-08T03:35:17Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-JUMEX-MEXICO–79288
Screenshots:
1 screenshot(s) available
Threat Actors: salvatore
Victim Country: Mexico
Victim Industry: Food & Beverage
Victim Organization: Grupo Jumex
Victim Site: jumex.com - Alleged data leak of Kraken cryptocurrency exchange user data
Category: Data Leak
Content: A threat actor is distributing alleged infostealer-derived data associated with 612,000 Kraken cryptocurrency exchange users via a Telegram channel. The post labels the data as crypto leads sourced from infostealers, suggesting the records were harvested from compromised user devices rather than a direct breach of Krakens infrastructure.
Date: 2026-06-08T03:34:34Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79289
Screenshots:
1 screenshot(s) available
Threat Actors: cryptoleadssupplyer
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Kraken
Victim Site: kraken.com - Alleged data leak of Kuwait citizens government database
Category: Data Leak
Content: A threat actor is distributing an alleged Kuwait government citizens database, claimed to be from 2026 and made available for free download via a Telegram link. No record count or additional details about the breached entity are provided.
Date: 2026-06-08T03:33:56Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79294
Screenshots:
1 screenshot(s) available
Threat Actors: iamgroot
Victim Country: Kuwait
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of laboratoriomedicos.com — 120,000 medical records
Category: Data Leak
Content: A threat actor has freely distributed approximately 120,000 medical records allegedly sourced from laboratoriomedicos.com after the organization refused to pay an extortion demand. The leaked data, shared as a password-free ZIP containing a JSON file, includes patient identification information, lab tests performed, and test results. The actor claims the original dataset contained approximately 500,000 records but hardware issues limited recovery to 120,000.
Date: 2026-06-08T03:33:17Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79296
Screenshots:
2 screenshot(s) available
Threat Actors: Alameda_slim
Victim Country: Ecuador
Victim Industry: Healthcare
Victim Organization: Laboratorio Medicos
Victim Site: laboratoriomedicos.com - Alleged data leak of French database collection from multiple sources
Category: Data Leak
Content: A threat actor is freely distributing a collection of 137 databases allegedly sourced from France, including government leaks, site breaches, infostealer logs, and other compromised data. The collection is being shared via a Telegram channel. No specific organizations or record counts are identified.
Date: 2026-06-08T03:32:40Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79306
Screenshots:
1 screenshot(s) available
Threat Actors: nizerlandguy
Victim Country: France
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of RAMDOR (Israeli TOP Group) – Infrastructure and Engineering Sector
Category: Data Breach
Content: A threat actor operating under the name DARK 07X claims to have breached RAMDOR, described as an arm of the Israeli TOP Group operating in the infrastructure and engineering sector. The actor alleges exfiltration of 1.9 TB of data over a 72-hour operation, including over 1.2 million SQL records containing government contracts, financial data, PII, engineering documents (AutoCAD drawings), email archives, and access credentials. The stolen data is reportedly being offered for sale on darknet foru…
Date: 2026-06-08T03:32:04Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79309
Screenshots:
4 screenshot(s) available
Threat Actors: hellskeybreach
Victim Country: Israel
Victim Industry: Infrastructure and Engineering
Victim Organization: RAMDOR
Victim Site: Unknown - Alleged data breach of Tayara.tn with 2 million user records
Category: Data Breach
Content: A threat actor is selling an alleged 4GB database dump from tayara.tn, a major Tunisian classifieds platform. The dataset purportedly contains over 2 million records including full names, phone numbers, email addresses, hashed passwords, and listing data. A sample in MongoDB JSON format was provided, appearing to contain real user records with pbkdf2-sha256 hashed passwords.
Date: 2026-06-08T03:31:26Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79319
Screenshots:
1 screenshot(s) available
Threat Actors: KLINZO007
Victim Country: Tunisia
Victim Industry: Retail
Victim Organization: Tayara.tn
Victim Site: tayara.tn - Alleged Data Leak of Business Licenses from Quintana Roo Municipality, Mexico
Category: Data Leak
Content: A threat actor known as Alecc157 claims to have leaked 36,999 business license records from the Benito Juarez municipality in Quintana Roo, Mexico. The dataset, totaling 42.1GB in PDF and HTML formats, allegedly contains personal data, cadastral keys, phone numbers, addresses, emails, and business information. The data has been made available for free download via a file-sharing link.
Date: 2026-06-08T03:30:48Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79323
Screenshots:
1 screenshot(s) available
Threat Actors: alecc157
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Municipio Benito Juarez, Quintana Roo
Victim Site: Unknown - Alleged data leak of BRPDV Ltda. exposing 542,675 Brazilian fiscal invoices
Category: Data Leak
Content: A threat actor has publicly released data allegedly stolen from BRPDV Ltda., a Brazilian CRM and point-of-sale software provider. The leak includes 542,675 fiscal documents (NF-e/NFC-e) totaling approximately 19 GB uncompressed, exposing customer CPF/CNPJ tax IDs, full names, addresses, contact details, financial transaction data, and internal business information. The actor states the release followed an expired payment deadline, suggesting a prior extortion attempt.
Date: 2026-06-08T03:30:09Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=79328
Screenshots:
1 screenshot(s) available
Threat Actors: an0bixz
Victim Country: Brazil
Victim Industry: Technology
Victim Organization: BRPDV Ltda.
Victim Site: brpdv.com.br - Alleged data breach of Banco Central do Brasil (BACEN)
Category: Data Breach
Content: A threat actor is selling an alleged database dump from Brazils central bank (BACEN), comprising three tables totaling approximately 18.8 million rows and 17.1 GB of data. The tables purportedly include legal entity records, borrower data, and property-related financial data. The seller is asking $3,500 and directing buyers to a Telegram contact.
Date: 2026-06-08T02:34:02Z
Network: openweb
Published URL: https://breached.su/threads/brazil-bacen-data-2026-leak.88090/unread
Screenshots:
1 screenshot(s) available
Threat Actors: shelI
Victim Country: Brazil
Victim Industry: Finance
Victim Organization: Banco Central do Brasil
Victim Site: bcb.gov.br - Website Defacement of DonFriesen.com by Deffan of Kh1ev Cyber
Category: Defacement
Content: On June 8, 2026, the website donfriesen.com, belonging to comedian Don Friesen, was defaced by a threat actor known as Deffan operating under the group Kh1ev Cyber. The attack targeted a subdirectory of the site and was neither a mass defacement nor a redefacement, suggesting a targeted single-site intrusion. The defacement was archived and mirrored via zone-xsec.com.
Date: 2026-06-08T02:31:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931585
Screenshots:
1 screenshot(s) available
Threat Actors: Deffan, Kh1ev Cyber
Victim Country: United States
Victim Industry: Entertainment / Comedy
Victim Organization: Don Friesen
Victim Site: www.donfriesen.com - Alleged data leak of forum-lifedomus.com
Category: Data Leak
Content: A threat actor has freely shared an alleged database dump from forum-lifedomus.com via an external file-hosting link. No record count or data field details were provided in the post.
Date: 2026-06-08T02:08:06Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-lifedomus-leaks
Screenshots:
1 screenshot(s) available
Threat Actors: letsgo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Lifedomus
Victim Site: forum-lifedomus.com - Website Defacement of ThankyouCrypto by Root Phantom (Phantom Sec Team)
Category: Defacement
Content: On June 8, 2026, the cryptocurrency-related website thankyoucrypto.com was defaced by a threat actor known as Root Phantom, operating under the group Phantom Sec Team. The attack targeted the homepage of the site in a non-mass, single-target defacement operation. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-06-08T01:52:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931584
Screenshots:
1 screenshot(s) available
Threat Actors: Root Phantom, Phantom Sec Team
Victim Country: Unknown
Victim Industry: Cryptocurrency / Financial Services
Victim Organization: ThankyouCrypto
Victim Site: thankyoucrypto.com - Alleged Data Leak of Business Licenses from Municipio Benito Juarez, Quintana Roo, Mexico
Category: Data Leak
Content: A threat actor claiming affiliation with Sociedad Privada 157 has freely distributed approximately 36,999 business license records from the municipality of Benito Juarez in Quintana Roo, Mexico. The dataset, totaling 42.1 GB in PDF and HTML formats, contains personal data including names, RFC tax IDs, cadastral keys, phone numbers, addresses, email addresses, and business information. A download link and JSON sample were publicly shared on the forum.
Date: 2026-06-08T01:08:19Z
Network: openweb
Published URL: https://breached.su/threads/leak-licencias-36-9k-cancun-mexico.88089/unread
Screenshots:
1 screenshot(s) available
Threat Actors: alecc157
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Municipio Benito Juarez (Quintana Roo)
Victim Site: Unknown - Sale of Fullz, Dumps with PIN, and Fraudulent Documents on Cracking Forum
Category: Carding
Content: A forum seller is advertising a range of fraudulent goods including fullz (with SSN, DOB, DL details), dumps with PIN (Track 101 and 202), fake and stolen identity documents (passports, DLs, IDs with selfies), KYC bypass materials, and various lead databases spanning multiple countries. The offering includes materials for identity fraud, payment card fraud, and synthetic identity creation. Contact is facilitated via Telegram and Signal.
Date: 2026-06-08T00:44:34Z
Network: openweb
Published URL: https://crackingx.com/threads/78403/
Screenshots:
1 screenshot(s) available
Threat Actors: silasclark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website Defacement of isupublik.com by massive_hq (Team DSL)
Category: Defacement
Content: On June 8, 2026, the website isupublik.com was defaced by threat actor massive_hq operating under team DSL. The attack targeted the homepage of the site in a single-target defacement operation. The incident has been archived and mirrored via zone-xsec.com.
Date: 2026-06-08T00:22:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931583
Screenshots:
1 screenshot(s) available
Threat Actors: massive_hq, DSL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: ISU Publik
Victim Site: isupublik.com - Alleged data breach of Ipotekabank (Uzbekistan) – 120 GB leaked by ShinyHunters
Category: Data Breach
Content: ShinyHunters claims to have breached Ipotekabank.uz and leaked 120 GB of data including PDF contracts, card numbers with CVVs, expiration dates, personal data (names, emails, phone numbers), account information, transaction data, internal bank documents, and correspondence. The leaked data includes structured customer database with fields: id, full_name, email, phone, account_number, balance. Files available in multiple formats (PDF, JPG, TXT, CSV, PPT). Download link provided with ransom messag…
Date: 2026-06-08T00:20:29Z
Network: telegram
Published URL: https://t.me/c/3500620464/9313
Screenshots:
1 screenshot(s) available
Threat Actors: ShinyHunters
Victim Country: Uzbekistan
Victim Industry: Banking/Financial Services
Victim Organization: Ipotekabank
Victim Site: ipotekabank.uz - Website Defacement of pwimerahputih.com by massive_hq (Team DSL)
Category: Defacement
Content: On June 8, 2026, the website pwimerahputih.com was defaced by threat actor massive_hq, operating under the group Team DSL. The attack targeted the homepage of the site in a single-target defacement operation. The incident was catalogued with a mirror archived at zone-xsec.com, though specific exploitation details and motivations were not disclosed.
Date: 2026-06-08T00:18:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931582
Screenshots:
1 screenshot(s) available
Threat Actors: massive_hq, DSL
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Pwi Merah Putih
Victim Site: pwimerahputih.com - Alleged data breach of US government cloud server
Category: Data Breach
Content: Hackers claim to have obtained a database from a cloud server owned by the US government. Threat actor @node6240 is associated with this breach.
Date: 2026-06-08T00:12:06Z
Network: telegram
Published URL: https://t.me/c/3500620464/9311
Screenshots:
1 screenshot(s) available
Threat Actors: node6240
Victim Country: United States
Victim Industry: Government
Victim Organization: US Government
Victim Site: Unknown - Alleged data breach of Aditya Birla Fashion and exposure of user credentials
Category: Data Breach
Content: Aditya Birla Fashion Retail (ABFRL) suffered a data breach resulting in exposure of user and employee details including email addresses, passwords, and credit card information. The breach has been attributed to threat actor ShinyHunters.
Date: 2026-06-08T00:05:20Z
Network: telegram
Published URL: https://t.me/c/3500620464/9309
Screenshots:
1 screenshot(s) available
Threat Actors: ShinyHunters
Victim Country: India
Victim Industry: Fashion/Retail
Victim Organization: Aditya Birla Fashion Retail (ABFRL)
Victim Site: Unknown