[April-1-2026] Daily Cybersecurity Threat Report

Comprehensive Threat Intelligence Report: Analysis of Global Cybersecurity Incidents (April 1-2, 2026)

1. Executive Summary This comprehensive threat intelligence report provides an in-depth analysis of a concentrated wave of global cybersecurity incidents recorded primarily between April 1 and April 2, 2026. Based on the provided dataset of hundreds of distinct cyber events, this report identifies, categorizes, and evaluates the tactics, techniques, and procedures (TTPs) employed by various threat actors across the globe. The threat landscape during this period was characterized by a massive volume of website defacements, the widespread free distribution of multi-million-record credential combo lists, severe data breaches targeting both government infrastructure and major corporations, and the active trading of initial access to compromised networks.

The data reveals a highly active cybercriminal ecosystem where low-tier attacks (such as defacements) operate concurrently with highly sophisticated data exfiltration campaigns and the mass distribution of compromised identities. A significant portion of the recorded incidents can be attributed to specific, highly prolific threat actors and groups, most notably the “Ratman” team (specifically an actor named “Rici144”), “scattered LAPSUS$ hunters part 9”, “Grubder”, “xorcat”, and “CODER”. The targeting spans across all major industries, including retail, government, education, healthcare, and critical manufacturing, indicating that no sector is immune to the current wave of cyber threats. This report serves to dissect these incidents, profile the key adversaries, assess the potential impact on affected organizations, and provide actionable strategic recommendations to mitigate these persistent risks.

2. Introduction and Methodology The digital ecosystem is under constant siege from a myriad of threat actors ranging from script kiddies and hacktivists to organized cybercriminal syndicates and financially motivated data brokers. This report analyzes a specific snapshot of threat intelligence data comprising nearly 300 documented incidents. The purpose of this analysis is to distill raw incident data into actionable intelligence, providing organizations with a clear understanding of the immediate threat landscape.

The methodology involves parsing the raw data to extract key indicators: the category of the attack, the threat actor involved, the victim’s industry and geographical location, and the nature of the compromised data or system. By aggregating these data points, we can identify macro-level trends, such as which geographic regions are being targeted by specific hacking groups, what types of data are currently most valuable in the underground economy, and the prevalent attack vectors being utilized to compromise perimeters. The report is structured to provide a macroscopic overview followed by microscopic deep dives into specific threat categories and actor profiles, concluding with defensive strategies.

3. Threat Landscape Overview An analysis of the dataset reveals a multi-faceted threat landscape dominated by four primary categories of malicious activity:

Website Defacements: Representing the highest volume of individual incidents, website defacements were rampant during this period. While often considered a low-level threat or a form of digital graffiti, the sheer scale of these attacks indicates widespread vulnerabilities in web applications, Content Management Systems (CMS), and server configurations.
Data Breaches and Leaks: High-impact data breaches were prevalent, with threat actors exfiltrating massive databases containing Personally Identifiable Information (PII), corporate communications, and proprietary data. These breaches target organizations of all sizes, from local municipalities to global conglomerates.
Credential Combo Lists: The distribution of “combo lists” (combinations of usernames/emails and passwords) has reached an industrial scale. Threat actors are sharing lists containing millions of records, fueling secondary attacks such as credential stuffing and account takeovers across multiple platforms.
Initial Access and Malware Sales: The underground economy is thriving with Initial Access Brokers (IABs) selling direct access (RDP, VPN, Shell) to compromised corporate networks. Concurrently, advanced malware, including ring-0 kernel-level implants, is actively traded, providing attackers with the tools needed to establish deep persistence.

Geographically, the attacks are indiscriminately global. However, specific campaigns show regional focus; for example, a massive defacement campaign heavily targeted European nations, while data breaches hit a diverse array of countries including the USA, Brazil, India, and various European states.

4. Detailed Analysis of Attack Vectors

4.1 Website Defacement Campaigns: The “Ratman” Phenomenon The most striking statistical anomaly in the dataset is the overwhelming number of website defacements orchestrated by a threat actor using the moniker “Rici144”, who is affiliated with the “Ratman” team. This single actor/group is responsible for over a hundred documented defacements within a 48-hour window.

Target Profile: The Ratman team’s targets are primarily Small and Medium-sized Enterprises (SMEs) located in Western and Northern Europe. Countries hit particularly hard include Italy, Germany, the United Kingdom, Sweden, Switzerland, Belgium, and France. The industries vary widely, encompassing retail, e-commerce, manufacturing, publishing, and specialized local services (e.g., swimming pool services, local restaurants).
Modus Operandi: A critical pattern observed in the Ratman team’s activity is the high frequency of “redefacements.” Numerous incidents are flagged as repeat compromises of the same target domain (e.g., Munditalia, Naturhouse, Palline da Golf USA TE, ColorMax). Furthermore, the defacements rarely target the main root directory or homepage. Instead, the attackers consistently target specific subdirectories, frequently noted as “media directories,” “customer upload directories,” or specific file paths.
Technical Implications: The pattern of redefacing media subdirectories strongly suggests that the Ratman team is exploiting a specific, widespread vulnerability. This could be an unpatched flaw in a common CMS plugin (such as a vulnerable file upload module in WordPress or Joomla), weak directory permissions, or exposed administrative interfaces. The fact that sites are repeatedly defaced indicates a profound failure in the victims’ incident response capabilities; organizations are likely removing the defacement file without patching the underlying vulnerability or securing the compromised vector, leaving the door wide open for the attacker to simply re-execute their script.
Other Defacement Actors: While Ratman dominated Europe, other actors conducted similar campaigns elsewhere. The “Alpha wolf” team (actor “XYZ”) targeted domains in China and the Czech Republic. Indonesian threat actors like “maw3six” and the “DEFACER INDONESIAN TEAM” conducted mass defacement campaigns targeting Asian and global sites. “OpsShadowStrike” focused on Indian and US targets.

4.2 Data Exfiltration and Database Leaks While defacements are highly visible, data breaches represent a significantly higher risk to corporate integrity and user privacy. The dataset highlights several distinct threat actors operating in this space, each with specific target profiles.

The LAPSUS$ Legacy: A group identifying as “scattered LAPSUS$ hunters part 9” conducted a highly aggressive campaign targeting government and public sector infrastructure globally. Their victims included the Secretariat of Administration of the State of Bahia (Brazil), ePortugal, the Department of Information and Communication Technology (Bangladesh), Kogi State IRS (Nigeria), Ghana Standards Authority, and the Government of Madhesh Province (Nepal). This suggests a concerted effort to compromise poorly secured municipal and national government databases, likely exploiting legacy systems or weak access controls to exfiltrate citizen data and administrative records.
Grubder’s Corporate Harvesting: The threat actor “Grubder” focused on exfiltrating and selling massive databases from commercial entities, primarily in Europe and South America. Notable breaches attributed to Grubder include Verkkokauppa.com Oyj (Finland, 427K records), the Citizen Portal (Czech Republic, 437K records), Mediatel CZ (487K records), Sauto.cz (476K records), Kabum (Brazil, 724K records), and the Regional Council of Veterinary Medicine in São Paulo (452K records). These databases typically contain high-value PII, including contact details, physical addresses, order histories, and authentication logs, making them prime material for phishing campaigns, identity theft, and corporate espionage.
xorcat and the Targeting of User Communities: The actor “xorcat” demonstrated a capability to breach platforms with massive user bases, focusing on gaming, social, and utility applications. Their victims included Animoto (5M records), Warframe (3M records), HauteLook (6.5M records), Eyeem (3.8M records), Lookbook (1.2M records), DuelingNetwork (2.5M records), and Job&Talent (2.6M records). These databases often include bcrypt-hashed passwords, full names, locations, and behavioral data. The sheer volume of compromised accounts (tens of millions in total) drastically increases the global risk of credential reuse attacks.
ShinyHunters and Enterprise Compromise: The notorious group “ShinyHunters” was linked to highly sophisticated breaches of major corporations, including Cisco Systems and Hallmark Cards. These breaches are particularly alarming because they involve the compromise of complex enterprise environments such as Salesforce platforms, AWS storage buckets (S3), and internal GitHub repositories. The exfiltration of internal development data and cloud infrastructure configurations indicates a high level of technical sophistication and poses severe risks regarding supply chain compromises and intellectual property theft.

4.3 The Credential Economy: Combo Lists and Telegram Distribution A pervasive and highly dangerous trend identified in the report is the industrial-scale distribution of “Combo Lists.” These are massive text files containing paired usernames (or email addresses) and passwords. They are the primary fuel for credential stuffing attacks, where bots automatically test these stolen credentials against thousands of other websites, betting on the fact that users reuse passwords across multiple platforms.

The Reign of CODER: The threat actor “CODER” is the most prominent distributor of these lists in the provided data. CODER regularly releases databases containing millions of records. Examples include a 15 million record list targeting social media and streaming (Facebook, Spotify, Apple Music), a 5 million list targeting e-commerce (Amazon, eBay, Walmart), a 5 million list targeting educational and developer tools (Wikipedia, GitHub, Stack Overflow), and lists of 11 million and 9.3 million records containing mixed international data.
Distribution Channels: A significant shift in the cybercriminal underground is the method of distribution. While traditional dark web forums (like CrackingX, which is frequently cited ) remain popular, actors like CODER and others are heavily utilizing Telegram channels for distribution. Telegram offers anonymity, massive file hosting capabilities, and the ability to build large, instant communities of lower-tier cybercriminals who consume these free lists to launch automated attacks.
The Focus on Email Providers: There is a persistent, high-volume market specifically for valid email credentials. Actors like “MailAccesss,” “TeraCloud1,” “UniqueCombo,” and “HQcomboSpace” constantly upload thousands of verified credentials for services like Hotmail, Gmail, Outlook, and Yahoo. Compromising an email account is often the “holy grail” for an attacker, as it allows them to intercept password reset links for banking, cryptocurrency, and social media accounts, effectively granting them control over the victim’s entire digital life.

4.4 Initial Access Brokering and Malware Sales Before a ransomware deployment or a massive data exfiltration can occur, an attacker must first gain a foothold in the network. The data reveals an active market for “Initial Access Brokers” (IABs) who specialize in compromising networks and selling that access to the highest bidder.

Corporate Access: We observe threat actors selling highly privileged access to corporate environments. For example, the actor “boat” advertised Domain Admin privileges and VPN access (via FortiClient) to a US-based manufacturing company, even noting the presence of specific security solutions (Trend Micro) and cloud backups (Datto). Another actor, “someone0717,” sold Domain Admin access via RDP to two Czech companies (Food Production and IT services). This commoditization of access significantly lowers the barrier to entry for advanced attacks like ransomware.
E-commerce Shells: Actors are also selling unauthorized backend access to online stores. “Malwareboy” sold access to an active Magento store processing payments, while “kobenotnow” sold shell access to a French PrestaShop store. These access points are typically used to inject digital skimmers (Magecart attacks) to steal customer credit card data during checkout.
Advanced Malware: The sale of sophisticated malware continues to thrive. The actor “coree” was observed selling a “Windows Ring-0 Kernel-Level Micro-Implant”. Malware operating at the kernel level (Ring-0) is exceptionally dangerous because it runs with the highest privileges on the operating system, allowing it to subvert antivirus software, hide its processes, and establish nearly undetectable persistence.

4.5 High-Profile Corporate and Government Incidents Several incidents stand out due to the profile of the victim or the nature of the breach.

Hasbro, Inc. Cyber Attack: The toy and gaming giant Hasbro suffered a significant network compromise. Detected on March 28 and disclosed via an SEC filing on April 1, the incident required the activation of incident response protocols, the isolation of systems, and the engagement of third-party experts. While business continuity plans were invoked, the company warned of operational delays. This highlights the severe business disruption caused by enterprise-level breaches.
Anthropic’s Claude Code Leak: A unique incident involved the AI company Anthropic. A packaging error in an npm release accidentally exposed a large portion of the source code for their “Claude Code” assistant. While the company confirmed this was a human error rather than a malicious breach, and no customer data was compromised, the incident underscores the severe risks associated with software supply chain management and DevOps misconfigurations.
Government Target Infrastructure: Beyond the LAPSUS$ group, other critical infrastructure was targeted. An actor named “wh6ami” offered databases from the National Weather Forecasting Centre and National Agromet Centre of Pakistan, as well as the Construction Industry Development Authority of Sri Lanka. Another actor, “Z-PENTEST ALLIANCE,” claimed to have unrestricted administrative control over unidentified critical operating technology (HMI and PLC) in South Korea, demonstrating a severe threat to physical infrastructure.

5. Threat Actor Profiling Based on the intelligence gathered, we can profile several key archetypes operating in this ecosystem:

The Mass Defacer (e.g., Rici144 / Ratman): Highly automated, opportunistic, and relentless. They utilize scanning tools to find specific vulnerabilities (likely in CMS plugins) across vast ranges of IP addresses. Their goal is volume and visibility rather than financial theft. They rely on the poor patching cadence of SMEs to maintain their statistics.
The Database Hunter (e.g., Grubder, xorcat): Financially motivated and technically proficient in SQL injection (SQLi) or exploiting misconfigured APIs. They target web applications with large user bases. They monetize their efforts by selling the databases on dark web forums or using them for targeted extortion.
The State-Targeting Hacktivist/Opportunist (e.g., scattered LAPSUS$ hunters part 9): This group exhibits a specific interest in government portals (.gov domains). While their motivations may mix hacktivism with financial gain, their methodology involves finding the weakest links in municipal and state IT infrastructure, often resulting in the exposure of sensitive citizen registries.
The Credential Wholesaler (e.g., CODER): These actors sit at the center of the cybercriminal supply chain. They aggregate data from various breaches, parse it, and distribute it. By providing massive combo lists for free on Telegram, they build a following and likely monetize premium, unreleased lists or associated cracking tools in private channels.
The Initial Access Broker (e.g., boat): Highly skilled penetration testers who operate solely to breach perimeters. They understand corporate networks (Active Directory, VPNs, EDR solutions) and focus on silent intrusion and privilege escalation. They are the enablers of the modern ransomware-as-a-service (RaaS) ecosystem.

6. Industry and Geographic Impact Analysis

Industry Impact:

Retail and E-commerce: Disproportionately targeted for both defacements (by Ratman) and backend shell access (for card skimming). The high volume of online transactions makes them a perpetual target.
Government and Public Sector: Frequently compromised for database leaks. Municipal and regional governments often lack the budget for robust cybersecurity, making their databases—rich in citizen PII—easy prey.
Technology and Software: Targeted for source code (Anthropic), cloud infrastructure (Cisco), and as vectors for credential harvesting.
Education: Universities and institutes are regularly targeted (e.g., Cairo University, Taipei Computer Association) due to vast, decentralized networks and large repositories of student and staff data.
Healthcare: Facilities and professional registries (e.g., São Paulo Veterinary Council, Sportsmed Mexico) are targeted, exposing highly sensitive personal and medical data.

Geographic Impact: The data demonstrates a truly borderless threat landscape.

Europe (Particularly Italy, Germany, UK, Sweden): Experienced an intense bombardment of website defacements and significant corporate database leaks.
United States: Bore the brunt of high-profile, sophisticated enterprise breaches involving major corporations (Hasbro, Cisco, Hallmark) and complex cloud environments.
Asia-Pacific (India, China, Southeast Asia): Saw a mix of mass defacement campaigns, educational sector breaches, and targeting by regional hacking groups.
South America (Brazil, Argentina): Frequently targeted for large-scale database leaks affecting both commercial retail (Kabum) and government/legal institutions (Judicial Branch of Mendoza).

7. Strategic Recommendations and Mitigation The diverse nature of the threats outlined in this report requires a multi-layered, defense-in-depth approach to cybersecurity. Organizations must implement strategic mitigations across their entire infrastructure.

Mitigating Website Defacements and Web App Attacks:

Aggressive Patch Management: The high rate of redefacements indicates that organizations are not patching. Implementing automated patching for CMS platforms (WordPress, Joomla, Magento) and all associated plugins is non-negotiable.
Directory Permissions and File Upload Security: The Ratman team’s success relies on exploiting media and upload directories. Organizations must enforce strict principle-of-least-privilege on all web directories. Upload folders must not allow the execution of scripts (e.g., disabling PHP execution in /wp-content/uploads/).
Web Application Firewalls (WAF): Deploying a robust WAF can heuristically detect and block common web exploits like SQL injection, Cross-Site Scripting (XSS), and malicious file uploads before they reach the server.

Defending Against Data Breaches and Exfiltration:

Database Encryption and Masking: Sensitive PII must be encrypted at rest. In the event of a database compromise (as seen with Grubder and xorcat), encrypted data significantly reduces the impact of the breach.
Zero Trust Architecture and Access Controls: The breaches at Cisco and Hallmark highlight the danger of compromised cloud environments. Implement strict Zero Trust policies. No user or service should have access to AWS S3 buckets, GitHub repos, or Salesforce data without continuous verification and strict least-privilege scoping.
API Security: Many modern data breaches occur through unsecured or undocumented APIs. Regular API auditing and rate-limiting are essential to prevent mass data scraping.

Combating the Credential Combo List Threat:

Mandatory Multi-Factor Authentication (MFA): With tens of millions of valid credentials circulating freely on Telegram, passwords alone are obsolete. MFA must be enforced across all corporate accounts, VPNs, and cloud services.
Proactive Credential Monitoring: Organizations should utilize threat intelligence services to monitor underground forums and Telegram channels for corporate email addresses appearing in newly released combo lists, forcing proactive password resets.
Bot Management and Rate Limiting: To prevent credential stuffing attacks utilizing these lists, public-facing login portals must implement bot detection, CAPTCHAs, and strict rate limiting to thwart automated login attempts.

Protecting Against Initial Access Brokers and Advanced Malware:

Secure Remote Access: VPNs and RDP gateways are prime targets for IABs. RDP should never be exposed directly to the internet. Remote access must be secured behind VPNs requiring MFA and device posture checks.
Endpoint Detection and Response (EDR): To detect kernel-level implants and stealthy lateral movement, organizations must deploy advanced EDR solutions capable of behavioral analysis and memory scanning, moving beyond signature-based antivirus.
Network Segmentation: If an IAB compromises a single workstation, robust network segmentation prevents them from moving laterally to Domain Controllers or critical data servers.

8. Conclusion The cybersecurity events spanning April 1-2, 2026, paint a stark picture of a relentless and multifaceted threat environment. The sheer volume of compromised data—ranging from millions of plaintext credentials distributed on Telegram to deeply sensitive corporate and government databases sold on dark web forums—highlights a systemic vulnerability in global digital infrastructure.

Threat actors are operating with increasing specialization. While some groups blanket the internet with automated defacement scripts exploiting basic web hygiene failures, others operate as sophisticated syndicates, breaking into complex cloud environments or brokering initial access to the highest bidder. The recurring theme across these incidents is the exploitation of foundational security gaps: unpatched software, reused passwords, lack of multi-factor authentication, and over-permissive network architectures.

For organizations to survive in this landscape, cybersecurity can no longer be viewed as an IT checklist. It requires a proactive, intelligence-driven approach that anticipates attacks, assumes a state of constant threat, and builds resilience into the core of business operations. Implementing robust access controls, aggressive vulnerability management, and comprehensive monitoring are imperative steps in defending against the diverse array of actors detailed in this report.

Detected Incidents Draft Data

Website defacement of Neem Holidays by NUCLIER-Y-C-C-M
Category: Defacement
Content: The threat actor NUCLIER-Y-C-C-M successfully defaced the admin upload directory of Neem Holidays website on April 2, 2026. The attack targeted the travel companys administrative interface, compromising their web presence.
Date: 2026-04-01T23:31:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824406
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Unknown
Victim Industry: Travel and Tourism
Victim Organization: Neem Holidays
Victim Site: neemholidays.com
Alleged leak of 190,000 credential combinations targeting multiple platforms
Category: Combo List
Content: A threat actor shared a combolist containing 190,000 URL:username:password combinations targeting multiple platforms. The credentials are being distributed for free to registered forum users.
Date: 2026-04-01T23:28:36Z
Network: openweb
Published URL: https://crackingx.com/threads/70749/
Screenshots:
None
Threat Actors: Seaborg
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
OpsShadowStrike targets the website of Oakstreet Events
Category: Defacement
Content: The group claims to have defaced the website of Oakstreet Events.
Date: 2026-04-01T23:21:29Z
Network: telegram
Published URL: https://t.me/OpsShadowStrike/225
Screenshots:
None
Threat Actors: OpsShadowStrike
Victim Country: India
Victim Industry: Events Services
Victim Organization: oakstreet events
Victim Site: oakstreetevents.com/index.html
Alleged leak of mixed email-password combolist
Category: Combo List
Content: A threat actor shared a combolist containing 180,000 email and password combinations described as fresh high quality credentials. The post offers both free download and paid high-quality combo services.
Date: 2026-04-01T23:16:42Z
Network: openweb
Published URL: https://crackingx.com/threads/70748/
Screenshots:
None
Threat Actors: steeve75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Thanboon.com by NUCLIER-Y-C-C-M
Category: Defacement
Content: The threat actor NUCLIER-Y-C-C-M successfully defaced a subdirectory on thanboon.com on April 2, 2026. This appears to be an isolated single-target defacement rather than part of a mass campaign.
Date: 2026-04-01T23:14:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824405
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Thailand
Victim Industry: Unknown
Victim Organization: Thanboon
Victim Site: thanboon.com
HASBRO, INC. Cybersecurity Incident Details – Board Cybersecurity
Category: Cyber Attack
Content: Hasbro, Inc. disclosed on April 1, 2026 that it detected unauthorized access to its network on March 28, 2026. The company activated its incident response protocols, isolated certain systems and initiated an investigation with the assistance of cybersecurity experts. While business operations are being maintained through continuity plans, delays are possible during resolution of the situation.
Date: 2026-04-01T22:53:52Z
Network: openweb
Published URL: https://www.board-cybersecurity.com/incidents/tracker/hasbro-cybersecurity-incident-c3438674#8-k-filed-on-2026-04-01
Screenshots:
None
Threat Actors:
Victim Country: United States
Victim Industry: Unknown
Victim Organization: HASBRO, INC.
Victim Site: hasbro.com
Alleged data leak of Secretariat of Administration of the State of Bahia
Category: Data Breach
Content: Group claims to have leaked the database from Secretariat of Administration of the State of Bahia.
Date: 2026-04-01T22:40:33Z
Network: telegram
Published URL: https://t.me/c/3816027580/5230
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: Brazil
Victim Industry: Government Administration
Victim Organization: secretariat of administration of the state of bahia.
Victim Site: ba.gov.br
Alleged leak of multi-platform credential combolist
Category: Combo List
Content: Threat actor distributing a 15 million record credential combolist containing login credentials for multiple social media and music streaming platforms including Facebook, Instagram, TikTok, Twitter, Snapchat, LinkedIn, Pinterest, Spotify, SoundCloud, Apple Music, and Deezer. The credentials are being shared freely through Telegram channels.
Date: 2026-04-01T22:26:42Z
Network: openweb
Published URL: https://crackingx.com/threads/70745/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple platforms
Victim Site: facebook.com, instagram.com, tiktok.com, twitter.com, snapchat.com, linkedin.com, pinterest.com, spotify.com, soundcloud.com, music.apple.com, deezer.com
Alleged leak of Hotmail and Outlook credentials
Category: Combo List
Content: A threat actor shared a combolist containing 2,160 Hotmail and Outlook email credentials for free download on a cybercriminal forum.
Date: 2026-04-01T22:26:23Z
Network: openweb
Published URL: https://crackingx.com/threads/70746/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data leak of ePortugal
Category: Data Breach
Content: Group claims to have leaked data from ePortugal.
Date: 2026-04-01T22:16:16Z
Network: telegram
Published URL: https://t.me/c/3816027580/5221
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: Portugal
Victim Industry: Government & Public Sector
Victim Organization: eportugal
Victim Site: eportugal.gov.pt
Alleged leak of Department of Information and Communication Technology of Bangladesh
Category: Data Breach
Content: Group claims to have leaked data from Department of Information and Communication Technology of Bangladesh.
Date: 2026-04-01T22:15:16Z
Network: telegram
Published URL: https://t.me/c/3816027580/5221
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: Bangladesh
Victim Industry: Government Administration
Victim Organization: department of information and communication technology
Victim Site: ictd.gov.bd
Alleged data leak of Department of Information and Communication Technology Bangladesh
Category: Data Breach
Content: Group claims to have leaked data from Department of Information and Communication Technology Bangladesh.
Date: 2026-04-01T22:14:40Z
Network: telegram
Published URL: https://t.me/c/3816027580/5221
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: Bangladesh
Victim Industry: Government Administration
Victim Organization: department of information and communication technology bangladesh
Victim Site: ictd.gov.bd
Alleged data breach of the National Agency for the Administration and Destination of Assets Seized and Confiscated from Organized Crime
Category: Data Breach
Content: The threat actor claims to have breached data from the the National Agency for the Administration and Destination of Assets Seized and Confiscated from Organized Crime(ANBSC), allegedly including anti-mafia case files from 2013–2026.
Date: 2026-04-01T22:13:45Z
Network: openweb
Published URL: https://breached.st/threads/anbsc-agenzia-nazionale-per-lamministrazione-e-la-destinazione-dei-beni-sequestrati-e-confiscati-alla-criminalita-organizzata.85789/
Screenshots:
None
Threat Actors: cozypandas
Victim Country: Italy
Victim Industry: Government Administration
Victim Organization: national agency for the administration and destination of assets seized and confiscated from organized crime
Victim Site: benisequestraticonfiscati.it
Alleged sale of government datas
Category: Data Leak
Content: The threat actor claims to selling unauthorized access to law enforcement emails, EDR services, and forged legal documents to obtain sensitive user data, including IP addresses, device information, emails, and phone numbers from major platforms.
Date: 2026-04-01T22:06:09Z
Network: openweb
Published URL: https://breached.st/threads/selling-hq-govmails-police-emails-edr-services-domain-seizure-forged-court-orders-law-enforcement-portals-edr-guide.85764/
Screenshots:
None
Threat Actors: convince
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Actor NUllSHop0X shared a free download link containing 5,000 allegedly valid Hotmail email credentials described as fresh hits.
Date: 2026-04-01T21:58:37Z
Network: openweb
Published URL: https://crackingx.com/threads/70743/
Screenshots:
None
Threat Actors: NUllSHop0X
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Gmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 410,000 Gmail email and password combinations from mixed countries via a file sharing service.
Date: 2026-04-01T21:58:18Z
Network: openweb
Published URL: https://crackingx.com/threads/70744/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged data leak of Doxbin
Category: Data Leak
Content: The threat actor claims to have leaked the data from Doxbin, the exposure could reveal backend logic, application structure, configuration elements, and platform internals, potentially creating security and operational risks.NB: The authenticity of the claim is yet to be verified. This organization has been breached multiple times.
Date: 2026-04-01T21:58:05Z
Network: openweb
Published URL: https://spear.cx/Thread-Free-Doxbin-Source-Code
Screenshots:
None
Threat Actors: punk
Victim Country: Unknown
Victim Industry: Social Media & Online Social Networking
Victim Organization: doxbin
Victim Site: doxbin.org
Alleged data leak ofsouthgloss.gov.uk
Category: Data Breach
Content: Group claims to have leaked data from beta southgloss.gov.uk.
Date: 2026-04-01T21:56:36Z
Network: telegram
Published URL: https://t.me/c/3816027580/5234
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: southgloss.gov.uk
Alleged Sale of Compromised Magento Store Orders
Category: Initial Access
Content: The threat actor claims to be selling unauthorized access to a Magento-based online store with active order activity and payment processing capabilities.
Date: 2026-04-01T21:55:02Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279697/
Screenshots:
None
Threat Actors: Malwareboy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Motofix by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team defaced the Motofix automotive services website on April 2, 2026. The defacement targeted a specific page within the customer media directory of the Greek motorcycle/automotive service providers website.
Date: 2026-04-01T21:50:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824374
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Greece
Victim Industry: Automotive Services
Victim Organization: Motofix
Victim Site: www.motofix.gr
Website defacement of Munditalia by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144, associated with the Ratman team, conducted a redefacement of the Munditalia website on April 2, 2026. This represents a repeat compromise of the same target rather than an initial attack.
Date: 2026-04-01T21:49:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824375
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Munditalia
Victim Site: www.munditalia.it
Website defacement of Naturhouse by Rici144 (Ratman team)
Category: Defacement
Content: The attacker Rici144, associated with the Ratman team, defaced a media subdirectory of the Naturhouse Italy website on April 2, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-01T21:48:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824376
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Healthcare/Wellness
Victim Organization: Naturhouse
Victim Site: www.naturhouse.it
Website defacement of Net Integratori by Rici144 (Ratman team)
Category: Defacement
Content: Italian technology company Net Integratori suffered a website defacement attack by threat actor Rici144, associated with the Ratman team. This incident represents a redefacement of the target system.
Date: 2026-04-01T21:48:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824378
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Technology
Victim Organization: Net Integratori
Victim Site: www.netintegratori.it
Website defacement of Palline da Golf USA TE by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144 from the Ratman team conducted a redefacement of an Italian golf equipment website on April 2nd, 2026. This represents a repeat attack against the same target domain.
Date: 2026-04-01T21:47:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824380
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Sports/Recreation
Victim Organization: Palline da Golf USA TE
Victim Site: www.pallinedagolfusate.it
Website defacement of Pharmasole by Rici144/Ratman team
Category: Defacement
Content: Pharmaceutical company Pharmasoles website was defaced by attacker Rici144 from the Ratman team on April 2, 2026. This incident represents a redefacement of the target site.
Date: 2026-04-01T21:47:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824381
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Pharmaceutical
Victim Organization: Pharmasole
Victim Site: www.pharmasole.it
Website defacement of r-shop.gr by Rici144/Ratman team
Category: Defacement
Content: Greek e-commerce website r-shop.gr was defaced by attacker Rici144 affiliated with the Ratman team on April 2, 2026. The attack targeted a specific media directory rather than the homepage.
Date: 2026-04-01T21:46:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824383
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Greece
Victim Industry: E-commerce
Victim Organization: R-Shop
Victim Site: r-shop.gr
Website defacement of RedRock by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144, associated with the Ratman team, successfully defaced a subdirectory of the RedRock website on April 2, 2026. This appears to be a targeted single-site defacement rather than part of a mass attack campaign.
Date: 2026-04-01T21:45:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824384
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: RedRock
Victim Site: www.redrock.it
Website defacement of Norwegian Red Cross shop by Rici144/Ratman team
Category: Defacement
Content: The Norwegian Red Cross online shop was defaced by attacker Rici144 from the Ratman team on April 2, 2026. This incident appears to be a redefacement of a previously compromised site.
Date: 2026-04-01T21:45:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824385
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Norway
Victim Industry: Non-profit/Humanitarian
Victim Organization: Norwegian Red Cross
Victim Site: www.rodekorsbutikken.no
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,600 allegedly valid Hotmail email credentials with full access capabilities.
Date: 2026-04-01T21:44:56Z
Network: openweb
Published URL: https://crackingx.com/threads/70742/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of Sportsile by Rici144/Ratman team
Category: Defacement
Content: The Ratman team, specifically attacker Rici144, successfully defaced the Italian sports website Sportsile on April 2, 2026. This was a targeted single-site defacement rather than a mass attack.
Date: 2026-04-01T21:44:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824389
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Sports/Media
Victim Organization: Sportsile
Victim Site: www.sportsile.it
Website defacement of Store4You by Rici144/Ratman team
Category: Defacement
Content: The e-commerce website store4you.gr was defaced by attacker Rici144 affiliated with the Ratman team on April 2, 2026. This represents a redefacement of the target, indicating the site had been previously compromised.
Date: 2026-04-01T21:44:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824392
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Greece
Victim Industry: E-commerce
Victim Organization: Store4You
Victim Site: www.store4you.gr
Alleged data leak of Kogi State IRS
Category: Data Breach
Content: Group claims to have leaked data from Kogi State IRS.
Date: 2026-04-01T21:43:53Z
Network: telegram
Published URL: https://t.me/c/3816027580/5234
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: Nigeria
Victim Industry: Government Administration
Victim Organization: kogi state irs
Victim Site: irs.kg.gov.ng
Website defacement of Tomar.it by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team defaced a subdirectory of the Italian website tomar.it on April 2, 2026. The defacement targeted a specific media/customer section rather than the main homepage.
Date: 2026-04-01T21:43:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824394
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Tomar
Victim Site: tomar.it
Website defacement of Tonelli Online by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144 from the Ratman team conducted a redefacement of the Italian website tonellionline.it on April 2, 2026. This appears to be a targeted attack against a specific subdirectory of the victims website rather than a mass defacement campaign.
Date: 2026-04-01T21:42:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824396
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Tonelli Online
Victim Site: www.tonellionline.it
Website defacement of TouchShop by Rici144 (Ratman team)
Category: Defacement
Content: Attacker Rici144, affiliated with the Ratman team, successfully defaced the TouchShop e-commerce website on April 2, 2026. The defacement targeted a specific media directory path rather than the main homepage.
Date: 2026-04-01T21:42:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824397
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: E-commerce
Victim Organization: TouchShop
Victim Site: www.touchshop.it
Website defacement of Veng.no by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 affiliated with Ratman team defaced a subdirectory of the Norwegian website veng.no on April 2, 2026. The defacement targeted a specific customer addition page within the media section of the site.
Date: 2026-04-01T21:41:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824398
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Norway
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: veng.no
Website defacement of Vinotop by Rici144 (Ratman team)
Category: Defacement
Content: Attacker Rici144 from the Ratman team defaced the Italian wine retailer Vinotops website on April 2, 2026. This appears to be a redefacement of a previously compromised site.
Date: 2026-04-01T21:41:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824400
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Food and Beverage
Victim Organization: Vinotop
Victim Site: www.vinotop.it
Website defacement of Vivaraise by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team successfully defaced a subdirectory of the vivaraise.it website on April 2, 2026. The defacement targeted a specific media/custom path rather than the main homepage.
Date: 2026-04-01T21:40:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824403
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Vivaraise
Victim Site: vivaraise.it
Website defacement of ZE Parts by Rici144 (Ratman team)
Category: Defacement
Content: Attacker Rici144 from the Ratman team conducted a redefacement attack against Greek automotive parts retailer ZE Parts on April 2, 2026. The attack targeted a customer-related subdirectory of the companys website.
Date: 2026-04-01T21:40:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824404
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Greece
Victim Industry: Automotive/Parts Retail
Victim Organization: ZE Parts
Victim Site: www.zeparts.gr
Alleged data leak of Ghana Standards Authority
Category: Data Breach
Content: Group claims to have leaked data from Ghana Standards Authority.
Date: 2026-04-01T21:39:32Z
Network: telegram
Published URL: https://t.me/c/3816027580/5224
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: Ghana
Victim Industry: Government Administration
Victim Organization: ghana standards authority
Victim Site: gsa.gov.gh
Alleged leak of Speedex Tools
Category: Data Breach
Content: Group claims to have leaked data from Speedex Tools.
Date: 2026-04-01T21:34:45Z
Network: telegram
Published URL: https://t.me/c/3816027580/5330
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: UAE
Victim Industry: Retail Industry
Victim Organization: speedex tools
Victim Site: speedextools.com
Website defacement of Brondi by Rici144/Ratman team
Category: Defacement
Content: Italian electronics company Brondi suffered a website defacement attack by threat actor Rici144 from the Ratman team on April 2, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-01T21:33:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824329
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Technology/Electronics
Victim Organization: Brondi
Victim Site: www.brondi.it
Website defacement of carrelli.it by Rici144/Ratman team
Category: Defacement
Content: The website carrelli.it was defaced by attacker Rici144 associated with the Ratman team on April 2, 2026. This incident represents a redefacement of a previously compromised target.
Date: 2026-04-01T21:33:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824330
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: carrelli.it
Website defacement of Casa della Gomma by Rici144 (Ratman team)
Category: Defacement
Content: The attacker Rici144, affiliated with the Ratman team, successfully defaced the Casa della Gomma website on April 2, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-01T21:32:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824331
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Manufacturing
Victim Organization: Casa della Gomma
Victim Site: www.casadellagomma.it
Alleged leak of email credentials combolist
Category: Combo List
Content: Threat actor shared a combolist containing 3,200 valid email credentials described as mixed sources from April 1st. The credentials are being distributed for free to registered forum users.
Date: 2026-04-01T21:32:34Z
Network: openweb
Published URL: https://crackingx.com/threads/70740/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Collect World by Rici144 (Ratman team)
Category: Defacement
Content: The website www.collect-world.it was defaced by attacker Rici144, associated with the Ratman team, on April 2, 2026. This appears to be a targeted single-site defacement incident.
Date: 2026-04-01T21:32:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824332
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Collect World
Victim Site: www.collect-world.it
Alleged distribution of credential combolists targeting multiple e-commerce platforms
Category: Combo List
Content: Threat actor distributes a 5 million credential combolist containing email and password combinations for testing against major e-commerce platforms including Amazon, eBay, AliExpress, Walmart, Etsy, Shopify, BestBuy, Target, and Flipkart. The credentials are being shared through Telegram channels and appear to be offered for free.
Date: 2026-04-01T21:31:50Z
Network: openweb
Published URL: https://crackingx.com/threads/70741/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Multiple
Victim Site: Unknown
Website defacement of Collini Atomi by Rici144 (Ratman team)
Category: Defacement
Content: The threat actor Rici144, affiliated with the Ratman team, successfully defaced a subdirectory of the Collini Atomi website on April 2, 2026. The attack targeted a media directory within the organizations web infrastructure.
Date: 2026-04-01T21:31:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824333
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Collini Atomi
Victim Site: colliniatomi.it
Website defacement of ColorMax by Rici144/Ratman team
Category: Defacement
Content: The Ratman team member Rici144 conducted a redefacement attack against ColorMaxs website on April 2, 2026. This represents a repeat compromise of the Italian organizations web presence.
Date: 2026-04-01T21:31:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824334
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: ColorMax
Victim Site: www.colormax.it
Website defacement of Costway Italy by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144 from the Ratman team defaced a customer media section of Costway Italys e-commerce website on April 2, 2026. This was identified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-01T21:30:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824335
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: E-commerce
Victim Organization: Costway
Victim Site: www.costway.it
Website defacement of DIAS by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144, associated with the Ratman team, successfully defaced a customer portal page on the DIAS website on April 2, 2026. The defacement targeted a specific media/customer directory rather than the main homepage.
Date: 2026-04-01T21:29:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824336
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: DIAS
Victim Site: www.dias.it
Website defacement of domenicomaggio.it by Rici144/Ratman team
Category: Defacement
Content: The website domenicomaggio.it was defaced by attacker Rici144 from the Ratman team on April 2, 2026. The attack targeted a media subdirectory of the Italian website.
Date: 2026-04-01T21:29:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824337
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Domenico Maggio
Victim Site: domenicomaggio.it
Website defacement of Ediorso by Rici144/Ratman team
Category: Defacement
Content: Threat actor Rici144 from the Ratman team successfully defaced the Ediorso website on April 2, 2026. This incident represents a redefacement of the target site.
Date: 2026-04-01T21:28:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824339
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Ediorso
Victim Site: www.ediorso.it
Website defacement of Edizioni BD by Rici144 (Ratman team)
Category: Defacement
Content: Rici144 from the Ratman team conducted a redefacement attack against Italian publisher Edizioni BDs website on April 2, 2026. This marks a repeat compromise of the same target.
Date: 2026-04-01T21:28:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824340
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Publishing
Victim Organization: Edizioni BD
Victim Site: www.edizionibd.it
Website defacement of Norwegian electrical equipment company by Rici144/Ratman team
Category: Defacement
Content: Norwegian electrical equipment company website was defaced by attacker Rici144 from the Ratman team on April 2, 2026. The defacement targeted a media subdirectory of the companys website.
Date: 2026-04-01T21:27:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824341
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Norway
Victim Industry: Electrical Equipment/Manufacturing
Victim Organization: Elutstyrbedrift
Victim Site: elutstyrbedrift.no
Website defacement of Equipara Farmacie by Rici144 (Ratman team)
Category: Defacement
Content: Attacker Rici144 from team Ratman defaced the Italian pharmaceutical company Equipara Farmacies website on April 2, 2026. This incident represents a redefacement of a previously compromised target.
Date: 2026-04-01T21:27:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824343
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Healthcare/Pharmaceutical
Victim Organization: Equipara Farmacie
Victim Site: www.equiparafarmacie.it
Website defacement of eweki.it by Rici144/Ratman team
Category: Defacement
Content: On April 2, 2026, attacker Rici144 from the Ratman team defaced a specific page on eweki.it targeting the media/customer section. This was an isolated defacement incident rather than a mass or repeat attack.
Date: 2026-04-01T21:26:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824346
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: eweki.it
Website redefacement of Excelsa by Ratman team member Rici144
Category: Defacement
Content: The Ratman team member Rici144 conducted a redefacement attack against the Italian website excelsa.it on April 2, 2026. This represents a repeat defacement of the same target rather than an initial compromise.
Date: 2026-04-01T21:26:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824347
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Excelsa
Victim Site: www.excelsa.it
Website defacement of Fadelux by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team conducted a redefacement of the Fadelux website on April 2, 2026. This incident represents a repeat attack on the same target rather than an initial compromise.
Date: 2026-04-01T21:25:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824348
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Fadelux
Victim Site: fadelux.it
Website defacement of firofichi.it by Rici144/Ratman team
Category: Defacement
Content: The website firofichi.it was defaced by attacker Rici144 associated with the Ratman team on April 2, 2026. This incident represents a redefacement of a previously compromised target.
Date: 2026-04-01T21:24:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824350
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: firofichi.it
Website defacement of Geelist.gr by Rici144/Ratman team
Category: Defacement
Content: Website defacement targeting Greek site geelist.gr performed by attacker Rici144 from the Ratman team on April 2, 2026. This incident represents a redefacement of a previously compromised target.
Date: 2026-04-01T21:24:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824351
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Greece
Victim Industry: Unknown
Victim Organization: Geelist
Victim Site: geelist.gr
Website defacement of Giappichelli publisher by Rici144/Ratman team
Category: Defacement
Content: Italian publisher Giappichelli Editores website was defaced by attacker Rici144 associated with the Ratman team. This represents a redefacement of a previously targeted site, occurring in April 2026.
Date: 2026-04-01T21:23:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824352
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Publishing
Victim Organization: Giappichelli Editore
Victim Site: giappichelli.it
Website defacement of GLD Forniture by Rici144/Ratman team
Category: Defacement
Content: Italian furniture company GLD Forniture suffered a website defacement attack by threat actor Rici144 associated with the Ratman team. This incident represents a redefacement of a previously compromised target.
Date: 2026-04-01T21:23:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824354
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Furniture/Manufacturing
Victim Organization: GLD Forniture
Victim Site: gldforniture.it
Website defacement of Glowell by Rici144 (Ratman team)
Category: Defacement
Content: The attacker Rici144, associated with the Ratman team, successfully defaced the Glowell website on April 2, 2026. The attack targeted a specific media customer section of the Italian companys website.
Date: 2026-04-01T21:22:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824355
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Glowell
Victim Site: www.glowell.it
Website defacement of Grafiche Dalla Valle by Rici144/Ratman team
Category: Defacement
Content: Rici144 from the Ratman team conducted a redefacement attack against Italian graphics company Grafiche Dalla Valles website on April 2, 2026. This represents a repeat targeting of the same victim organization.
Date: 2026-04-01T21:22:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824356
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Printing/Graphics Services
Victim Organization: Grafiche Dalla Valle
Victim Site: www.grafichedallavalle.it
Alleged Sale of Unauthorized Multiple Access to a PrestaShop Case Store in France
Category: Initial Access
Content: The threat actor claims to be selling unauthorized access (shell access) to a France-based PrestaShop online store.
Date: 2026-04-01T21:16:08Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279691/
Screenshots:
None
Threat Actors: kobenotnow
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of SpoofCity tool
Category: Alert
Content: The threat actor claims to be selling a service called SpoofCity, allegedly offering caller ID spoofing capabilities, mass calling at scale, global coverage, AI voice generation, call monitoring and recordings, as well as features such as IVR routing, outbound campaigns, and OTP bot functionality.
Date: 2026-04-01T21:07:12Z
Network: openweb
Published URL: https://breached.st/threads/welcome-to-spoofcity-powerful-calling-spoofing-made-simple.85788/
Screenshots:
None
Threat Actors: spoofcity.io
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Government of Madhesh Province
Category: Data Breach
Content: Group claims to have leaked data from Government of Madhesh Province.
Date: 2026-04-01T21:05:37Z
Network: telegram
Published URL: https://t.me/c/3816027580/5224
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: Nepal
Victim Industry: Government Administration
Victim Organization: government of madhesh province
Victim Site: madhesh.gov.np
Alleged leak of Wikipedia, Coursera, Khan Academy, GitHub, and Stack Overflow credential lists
Category: Combo List
Content: Threat actor CODER is distributing free credential lists (combolists) allegedly containing 5 million SMTP credentials from Wikipedia, Coursera, Khan Academy, GitHub, and Stack Overflow through Telegram channels.
Date: 2026-04-01T21:05:14Z
Network: openweb
Published URL: https://crackingx.com/threads/70737/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple (Wikipedia, Coursera, Khan Academy, GitHub, Stack Overflow)
Victim Site: Multiple
Alleged leak of Saudi arabia government data
Category: Data Leak
Content: The threat actor claims to have leaked internal data from the government of Saudi Arabia, allegedly containing documents, Excel files, and database access, along with Hikvision camera access, employer data including ID numbers, phone numbers, and names, as well as NAS admin credentials and remote database server access.
Date: 2026-04-01T21:02:57Z
Network: openweb
Published URL: https://breached.st/threads/gov-saudi-arabia-saudi-arabia-documents-databases-access.85783/
Screenshots:
None
Threat Actors: w00l_ysh1
Victim Country: Saudi Arabia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of National Weather Forecasting Centre of Pakistan
Category: Data Breach
Content: The threat actor claims to be selling a dataset allegedly associated with the National Weather Forecasting Center (NWFC), a core operational unit of the Pakistan Meteorological Department. The dataset reportedly contains user-related and operational data linked to weather forecasting services.
Date: 2026-04-01T20:57:01Z
Network: openweb
Published URL: https://breached.st/threads/government-of-sri-lanka-access-construction-industry-development-authority-cida-of-sri-lanka.85778/
Screenshots:
None
Threat Actors: wh6ami
Victim Country: Pakistan
Victim Industry: Government Administration
Victim Organization: national weather forecasting centre
Victim Site: nwfc.pmd.gov.pk
Alleged sale of Construction Indusstry Development Authority
Category: Data Breach
Content: The threat actor claims to be selling database of Construction Indusstry Development Authority.
Date: 2026-04-01T20:51:53Z
Network: openweb
Published URL: https://breached.st/threads/government-of-sri-lanka-access-construction-industry-development-authority-cida-of-sri-lanka.85778/
Screenshots:
None
Threat Actors: wh6ami
Victim Country: Sri Lanka
Victim Industry: Government & Public Sector
Victim Organization: construction indusstry development authority
Victim Site: cida.gov.lk
Alleged sale of National Agromet Centre of Pakistan
Category: Data Breach
Content: The threat actor claims to be selling database of National Agromet Centre of Pakistan. The dataset reportedly contains user and subscription information tied to agro-meteorological services.
Date: 2026-04-01T20:51:43Z
Network: openweb
Published URL: https://breached.st/threads/government-of-pakistan-national-agro-meteorological-center-namc.85774/
Screenshots:
None
Threat Actors: wh6ami
Victim Country: Pakistan
Victim Industry: Government Administration
Victim Organization: national agromet centre
Victim Site: namc.pmd.gov.pk
Alleged leak of Trilhas da Arte
Category: Data Breach
Content: Group claims to have leaked data from Trilhas da Arte.
Date: 2026-04-01T20:49:52Z
Network: telegram
Published URL: https://t.me/c/3816027580/5324
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: Brazil
Victim Industry: Arts & Crafts
Victim Organization: trilhas da arte
Victim Site: trilhasdaarte.com.br
Alleged data leak of Greenpicks – Eco & Upcycling Market
Category: Data Leak
Content: The group claims to have leaked data from Greenpicks – Eco & Upcycling Market.
Date: 2026-04-01T20:46:40Z
Network: telegram
Published URL: https://t.me/c/3816027580/5314
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: Germany
Victim Industry: Retail Industry
Victim Organization: greenpicks – eco & upcycling market
Victim Site: greenpicks.de
Alleged leak of Gourmet Wholesale Limited
Category: Data Breach
Content: Group claims to have leaked data from Gourmet Wholesale Limited.
Date: 2026-04-01T20:40:40Z
Network: telegram
Published URL: https://t.me/c/3816027580/5324
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: Cyprus
Victim Industry: Food & Beverages
Victim Organization: gourmet wholesale limited
Victim Site: limassol.gourmetcy.com
Alleged distribution of credential combinations targeting multiple streaming and e-commerce platforms
Category: Combo List
Content: Threat actor distributes 7 million credential combinations for various streaming and gaming platforms through Telegram channels. The combolist targets multiple popular services including Netflix, Twitch, Amazon, and gaming platforms.
Date: 2026-04-01T20:39:09Z
Network: openweb
Published URL: https://crackingx.com/threads/70736/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple (Netflix, Twitch, Amazon, eBay, AliExpress, Steam, Epic Games, Miniclip)
Victim Site: Multiple platforms
Alleged data breach of Restaurant Guru
Category: Data Breach
Content: The threat actor claims to have breached data from Restaurant Guru.
Date: 2026-04-01T20:32:14Z
Network: openweb
Published URL: https://breached.st/threads/restaurantguru.85780/
Screenshots:
None
Threat Actors: s1ethx7z
Victim Country: British Virgin Islands
Victim Industry: Food & Beverages
Victim Organization: restaurant guru
Victim Site: restaurantguru.com
Alleged data leak of exam.id
Category: Data Leak
Content: The group claims to have leaked data from exam.id.
Date: 2026-04-01T20:31:59Z
Network: telegram
Published URL: https://t.me/c/3816027580/5314
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: exam.id
Alleged leak of Compare The Coin
Category: Data Breach
Content: Group claims to have leaked data from Compare The Coin.
Date: 2026-04-01T20:30:54Z
Network: telegram
Published URL: https://t.me/c/3816027580/5324
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: Australia
Victim Industry: Financial Services
Victim Organization: compare the coin
Victim Site: comparethecoin.com.au
Alleged data leak of Delhi NCR doctor list
Category: Data Leak
Content: The group claims to have leaked data of Delhi NCR doctor list.
Date: 2026-04-01T20:30:27Z
Network: telegram
Published URL: https://t.me/c/3816027580/5314
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of multi-country credential combolist
Category: Combo List
Content: Threat actor CODER is distributing a 9.3 million record credential combolist containing data from multiple countries including Bosnia and Herzegovina, Bangladesh, Belgium, and others through Telegram channels. The combolist appears to be freely distributed rather than sold.
Date: 2026-04-01T20:26:10Z
Network: openweb
Published URL: https://crackingx.com/threads/70735/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
French Hackers Squad targets the website of Matrix Motor Kontrol
Category: Defacement
Content: The group claims to have defaced the website of Matrix Motor Kontrol.
Date: 2026-04-01T20:16:38Z
Network: telegram
Published URL: https://t.me/FrenchsAnons/371
Screenshots:
None
Threat Actors: French Hackers Squad
Victim Country: India
Victim Industry: Manufacturing
Victim Organization: matrix motor kontrol
Victim Site: matrix-motor.com
Alleged data leak of seat-leon.serverdesarrollo.com
Category: Data Leak
Content: The group claims to have leaked data from seat-leon.serverdesarrollo.com.
Date: 2026-04-01T20:16:34Z
Network: telegram
Published URL: https://t.me/c/3816027580/5314
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: seat-leon.serverdesarrollo.com
Alleged leak of Zora Supermarkt
Category: Data Breach
Content: Group claims to have leaked data from Zora Supermarkt.
Date: 2026-04-01T20:14:59Z
Network: telegram
Published URL: https://t.me/c/3816027580/5332
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: Germany
Victim Industry: Retail Industry
Victim Organization: zora supermarkt
Victim Site: zorastore.de
Alleged data leak of Zhmerynka City Council
Category: Data Breach
Content: The group claims to have leaked the database from Zhmerynka City Council.
Date: 2026-04-01T20:04:20Z
Network: telegram
Published URL: https://t.me/perunswaroga/1323
Screenshots:
None
Threat Actors: Перун Сварога
Victim Country: Ukraine
Victim Industry: Government Administration
Victim Organization: zhmerynka city council
Victim Site: zhmerinka-adm.gov.ua
Alleged leak of Taleb Tyres & Wheels
Category: Data Breach
Content: Group claims to have leaked data from Taleb Tyres & Wheels
Date: 2026-04-01T20:04:16Z
Network: telegram
Published URL: https://t.me/c/3816027580/5314
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: Australia
Victim Industry: Automotive
Victim Organization: taleb tyres & wheels
Victim Site: talebtyres.com.au
Alleged data leak of lpgunjab.gov.in
Category: Data Leak
Content: The threat actor claims to have leaked the data from vlpgunjab.gov.in.
Date: 2026-04-01T19:58:17Z
Network: telegram
Published URL: https://t.me/c/3816027580/5314
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: lpgunjab.gov.in
Alleged leak of European credential combolist
Category: Combo List
Content: Threat actor shared a credential combolist containing 4,590 lines of mixed European access credentials for free download on an underground forum.
Date: 2026-04-01T19:48:15Z
Network: openweb
Published URL: https://crackingx.com/threads/70733/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German shopping credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 583,267 credential pairs allegedly targeting German shopping websites. The data is being distributed for free via file sharing platform.
Date: 2026-04-01T19:47:55Z
Network: openweb
Published URL: https://crackingx.com/threads/70734/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of multiple identity document databases and personal information
Category: Data Breach
Content: Threat actor jannatmirza11 advertises various databases containing identity documents (drivers licenses, passports), SSNs, consumer information, phone numbers, and email lists via Telegram contact. The post offers comprehensive personal information databases including company records and citizen data.
Date: 2026-04-01T19:47:34Z
Network: openweb
Published URL: https://crackingx.com/threads/70732/
Screenshots:
None
Threat Actors: jannatmirza11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential combolists from multiple countries
Category: Combo List
Content: Threat actor CODER is distributing a 9 million record credential combolist containing data from multiple countries including Venezuela, British Virgin Islands, United States Virgin Islands, Vietnam, and others. The actor is promoting free combo distribution through Telegram channels.
Date: 2026-04-01T19:35:00Z
Network: openweb
Published URL: https://crackingx.com/threads/70731/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized admin access to Rumahweb Indonesia
Category: Initial Access
Content: Group claims to have gained unauthorized admin access to Rumahweb Indonesia.
Date: 2026-04-01T19:34:21Z
Network: telegram
Published URL: https://t.me/Rakyat_DigitalCrew/185
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: Indonesia
Victim Industry: Information Technology (IT) Services
Victim Organization: rumahweb indonesia
Victim Site: kapuas.iixcp.rumahweb.net
Alleged leak of Crypto Leads Databases From Various Countries
Category: Data Leak
Content: Threat actor has leaked the 14 million record crypto-related lead databases from multiple countries, including the USA, UK, Canada, and Germany. the dataset includes personal IDs, contact info, financial activity, and deposit/withdrawal profiling, posing risks of privacy breaches, fraud, and targeted phishing.
Date: 2026-04-01T19:33:52Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-14-Million-Crypto-Leads-USA-UK-Canada-Germany-and-More
Screenshots:
None
Threat Actors: datasellerx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized admin access to cPanel
Category: Initial Access
Content: Group claims to have gained unauthorized admin access to cPanel.
Date: 2026-04-01T19:31:06Z
Network: telegram
Published URL: https://t.me/Rakyat_DigitalCrew/185
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: USA
Victim Industry: Software Development
Victim Organization: cpanel
Victim Site: demo.cpanel.net
Alleged unauthorized admin access to omlinux.info
Category: Initial Access
Content: Group claims to have gained unauthorized admin access to
Date: 2026-04-01T19:27:48Z
Network: telegram
Published URL: https://t.me/Rakyat_DigitalCrew/185
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: omlinux.info
Alleged data breach of Paidwork
Category: Data Breach
Content: The threat actor claims to have breached data of 22 million users from Paidwork, allegedly containing names, full names, email addresses, hashed passwords, and banking information.
Date: 2026-04-01T19:27:25Z
Network: openweb
Published URL: https://darkforums.su/Thread-PaidWork-com-breach-22M-users–71911
Screenshots:
None
Threat Actors: hackformetome
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: paidwork
Victim Site: paidwork.com
Alleged data breach of Verkkokauppa.com Oyj
Category: Data Breach
Content: The threat actor claims to have breached 427K records from Verkkokauppa.com Oyj, allegedly containing contacts, orders, and payment methods.
Date: 2026-04-01T19:19:53Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-427k-Finland-https-www-verkkokauppa-com-Retail-customer-records-with-contact-a
Screenshots:
None
Threat Actors: Grubder
Victim Country: Finland
Victim Industry: Retail Industry
Victim Organization: verkkokauppa.com oyj
Victim Site: verkkokauppa.com
Alleged Sale of Windows Ring-0 Kernel-Level Micro-Implant Malware
Category: Malware
Content: The threat actor claims to be selling a Windows-based kernel-level (Ring-0) micro-implant designed for stealthy execution and persistence in memory. The malware reportedly supports multiple Windows versions, enables remote command execution, and includes capabilities such as encrypted communication, process injection, and evasion of security controls.
Date: 2026-04-01T19:16:07Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279683/
Screenshots:
None
Threat Actors: coree
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized admin access to Terracasa Incorporadora
Category: Initial Access
Content: Group claims to have gained unauthorized admin access to Terracasa Incorporadora.
Date: 2026-04-01T19:15:00Z
Network: telegram
Published URL: https://t.me/Rakyat_DigitalCrew/185
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: terracasa incorporadora
Victim Site: terracasa.com.br
Alleged distribution of mixed credential combolist from multiple countries
Category: Combo List
Content: Threat actor CODER is distributing a free combolist containing 11 million email and password combinations from multiple countries including Ascension Island, Andorra, United Arab Emirates, Afghanistan, and others through Telegram channels.
Date: 2026-04-01T19:03:57Z
Network: openweb
Published URL: https://crackingx.com/threads/70730/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of business corporate domain credential combos targeting multiple countries
Category: Combo List
Content: Threat actor CODER is distributing free credential combinations (combos) targeting business corporate domains from multiple countries including Iran, Jordan, Israel, Ireland, Latvia, Laos, Kuwait, and Kenya through Telegram channels.
Date: 2026-04-01T18:34:51Z
Network: openweb
Published URL: https://crackingx.com/threads/70728/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of e-baby.hr by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144, associated with the Ratman team, defaced the Croatian e-commerce website e-baby.hr on April 2, 2026. The attack targeted a specific media/customer directory rather than the main homepage.
Date: 2026-04-01T18:34:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824246
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Croatia
Victim Industry: Retail/E-commerce
Victim Organization: E-Baby
Victim Site: e-baby.hr
Cyber Attack Hits Hasbro
Category: Cyber Attack
Content: Hasbro, Inc. disclosed a cybersecurity incident in an SEC filing on April 1, 2026, after identifying unauthorized access to its network on March 28, 2026. The company activated incident response protocols, took certain systems offline to contain the breach, and engaged third-party cybersecurity experts to investigate. The full scope and impact of the incident remain under investigation, and temporary operational disruptions, including potential delays, are expected.
Date: 2026-04-01T18:33:54Z
Network: openweb
Published URL: https://www.board-cybersecurity.com/incidents/tracker/hasbro-cybersecurity-incident-c3438674#8-k-filed-on-2026-04-01
Screenshots:
None
Threat Actors:
Victim Country: USA
Victim Industry: Gaming
Victim Organization: hasbro
Victim Site: shop.hasbro.com
Website defacement of fromalfred.ch by Rici144 (Ratman team)
Category: Defacement
Content: Attacker Rici144 from the Ratman team defaced a subdirectory of fromalfred.ch on April 2, 2026. The incident was documented with a mirror hosted on zone-xsec.com for threat intelligence purposes.
Date: 2026-04-01T18:33:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824247
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Switzerland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: fromalfred.ch
Website defacement of ggifts.es by Rici144 (Ratman team)
Category: Defacement
Content: The Spanish e-commerce website ggifts.es was defaced by attacker Rici144, associated with the Ratman team, on April 2, 2026. The defacement targeted a specific page within the media/customer directory rather than the homepage.
Date: 2026-04-01T18:32:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824248
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Spain
Victim Industry: E-commerce
Victim Organization: GGifts
Victim Site: ggifts.es
Website defacement of HEXIS by Ratman team member Rici144
Category: Defacement
Content: The Ratman team member Rici144 conducted a redefacement attack against Swiss company HEXISs website on April 2nd, 2026. This represents a repeat defacement of the same target rather than an initial compromise.
Date: 2026-04-01T18:31:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824250
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Switzerland
Victim Industry: Manufacturing
Victim Organization: HEXIS
Victim Site: www.hexis-swiss.ch
Website defacement of Holity by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team defaced the Holity website on April 2, 2026. The incident targeted a Spanish domain and was documented with mirror evidence.
Date: 2026-04-01T18:31:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824251
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Holity
Victim Site: www.holity.es
Website defacement of Jamieson Vitamins by Rici144/Ratman team
Category: Defacement
Content: The Croatian Jamieson Vitamins website was defaced by attacker Rici144 from the Ratman team on April 2, 2026. This appears to be a redefacement incident targeting the pharmaceutical companys media directory.
Date: 2026-04-01T18:30:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824252
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Croatia
Victim Industry: Healthcare/Pharmaceuticals
Victim Organization: Jamieson Vitamins
Victim Site: www.jamiesonvitamins.hr
Website defacement of Koala.ch by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144, associated with the Ratman team, defaced a subdirectory of the Swiss website koala.ch on April 2, 2026. The defacement targeted a specific media/customer directory rather than the main homepage.
Date: 2026-04-01T18:30:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824254
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Switzerland
Victim Industry: Unknown
Victim Organization: Koala
Victim Site: koala.ch
Website defacement of laufshirt-bedrucken.ch by Rici144 (Ratman team)
Category: Defacement
Content: Swiss custom running shirt printing company website was defaced by attacker Rici144 affiliated with Ratman team on April 2, 2026. This incident represents a redefacement of a previously compromised website.
Date: 2026-04-01T18:29:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824255
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Switzerland
Victim Industry: Retail/E-commerce
Victim Organization: Laufshirt Bedrucken
Victim Site: laufshirt-bedrucken.ch
Website defacement of Metagenics España by Rici144/Ratman team
Category: Defacement
Content: Cybercriminal Rici144 from the Ratman team successfully defaced the Spanish website of Metagenics, a healthcare and nutrition company, on April 2, 2026. The attack targeted a specific media subdirectory rather than the main homepage.
Date: 2026-04-01T18:28:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824256
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Spain
Victim Industry: Healthcare/Nutrition
Victim Organization: Metagenics España
Victim Site: metagenics.es
Website defacement of Modax by Rici144/Ratman team
Category: Defacement
Content: On April 2, 2026, the website www.modax.com.ar was defaced by attacker Rici144, who is associated with the Ratman team. The defacement targeted a specific page within the media/custom directory of the Argentine companys website.
Date: 2026-04-01T18:28:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824257
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Argentina
Victim Industry: Unknown
Victim Organization: Modax
Victim Site: www.modax.com.ar
Website defacement of Motcom by Rici144 from Ratman team
Category: Defacement
Content: Rici144 from the Ratman team conducted a redefacement attack against Motcoms website on April 2, 2026. This appears to be a repeat attack on the same target rather than an initial compromise.
Date: 2026-04-01T18:27:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824258
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Switzerland
Victim Industry: Unknown
Victim Organization: Motcom
Victim Site: www.motcom.ch
Website defacement of nuk.es by Rici144 (Ratman team)
Category: Defacement
Content: Attacker Rici144 from the Ratman team defaced the nuk.es website on April 2, 2026, targeting a specific media/customer address page.
Date: 2026-04-01T18:27:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824262
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: nuk.es
Website defacement of oanailsystem.ch by Rici144 (Ratman team)
Category: Defacement
Content: Website defacement attack conducted by attacker Rici144 affiliated with Ratman team against oanailsystem.ch on April 2, 2026. The attack targeted a Swiss domain with unknown organizational affiliation and technical details.
Date: 2026-04-01T18:26:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824264
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Switzerland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: oanailsystem.ch
Website defacement of PNI by Rici144 (Ratman team)
Category: Defacement
Content: Attacker Rici144 from team Ratman defaced the PNI website on April 2, 2026, targeting a customer address page on the Croatian domain.
Date: 2026-04-01T18:26:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824265
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Croatia
Victim Industry: Unknown
Victim Organization: PNI
Victim Site: www.pni.hr
Website defacement of PNI by Rici144 (Ratman team)
Category: Defacement
Content: Attacker Rici144 from the Ratman team defaced a subdirectory of the PNI website on April 2, 2026. The defacement targeted a media customer address page on the Spanish domain.
Date: 2026-04-01T18:25:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824266
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: PNI
Victim Site: www.pni.es
Website defacement of Pro Beauty Institute by Rici144 (Ratman team)
Category: Defacement
Content: The website of Pro Beauty Institute, a Swiss beauty education institution, was defaced by attacker Rici144 from the Ratman team on April 2, 2026. This was a single-target defacement rather than part of a mass campaign.
Date: 2026-04-01T18:25:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824267
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Switzerland
Victim Industry: Beauty/Cosmetics Education
Victim Organization: Pro Beauty Institute
Victim Site: www.probeauticinstitut.ch
Website defacement of Raab Verlag by Rici144/Ratman team
Category: Defacement
Content: Swiss publishing company Raab Verlag suffered a website defacement attack by attacker Rici144 from the Ratman team on April 2, 2026. The defacement targeted a specific subdirectory rather than the main homepage.
Date: 2026-04-01T18:24:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824268
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Switzerland
Victim Industry: Publishing
Victim Organization: Raab Verlag
Victim Site: www.raabverlag.ch
Website defacement of Sodeal by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144, associated with the Ratman team, successfully defaced the Sodeal website on April 2, 2026. The incident targeted a media subdirectory of the Swiss companys domain.
Date: 2026-04-01T18:23:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824269
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Switzerland
Victim Industry: Unknown
Victim Organization: Sodeal
Victim Site: www.sodeal.ch
Website defacement of StayHealthy platform by Rici144/Ratman team
Category: Defacement
Content: The healthcare website stayhealthy.ch was defaced by attacker Rici144 affiliated with the Ratman team on April 2, 2026. This incident represents a redefacement targeting the Swiss healthcare platforms media section.
Date: 2026-04-01T18:23:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824271
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Switzerland
Victim Industry: Healthcare
Victim Organization: StayHealthy
Victim Site: stayhealthy.ch
Website defacement of Strunz company by Ratman team member Rici144
Category: Defacement
Content: The Ratman team, specifically member Rici144, successfully defaced a customer media page on the Swiss company Strunzs website on April 2, 2026. The attack targeted a specific customer area rather than the main homepage.
Date: 2026-04-01T18:22:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824272
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Switzerland
Victim Industry: Unknown
Victim Organization: Strunz
Victim Site: www.strunz.ch
Website defacement of The Body Shop Croatia by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team conducted a redefacement of The Body Shop Croatias website on April 2, 2026. This was a targeted single-site defacement rather than a mass campaign.
Date: 2026-04-01T18:22:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824273
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Croatia
Victim Industry: Retail/Cosmetics
Victim Organization: The Body Shop Croatia
Victim Site: www.thebodyshop.hr
Website defacement of TrendingPC by Rici144 (Ratman team)
Category: Defacement
Content: Attacker Rici144 from the Ratman team defaced the TrendingPC website, a Spanish technology/computing platform, on April 2, 2026.
Date: 2026-04-01T18:21:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824274
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Spain
Victim Industry: Technology/Computing
Victim Organization: TrendingPC
Victim Site: www.trendingpc.es
Website defacement of Vivaraise by Rici144/Ratman team
Category: Defacement
Content: The website www.vivaraise.es was defaced by attacker Rici144 from the Ratman team on April 2, 2026. The attack targeted a specific media/custom directory path on the Spanish domain.
Date: 2026-04-01T18:21:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824275
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Vivaraise
Victim Site: www.vivaraise.es
Alleged Sale of U.S. Driver’s License/ID Images
Category: Data Leak
Content: The threat actor claims to be selling images of U.S. driver’s licenses or identification documents.
Date: 2026-04-01T18:17:36Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279675/
Screenshots:
None
Threat Actors: My_World
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed domain credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 10,115 credential pairs targeting mixed domains via a file sharing service.
Date: 2026-04-01T17:56:24Z
Network: openweb
Published URL: https://crackingx.com/threads/70723/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential combolists from multiple countries
Category: Combo List
Content: Threat actor CODER distributes credential combolists containing approximately 8 million records from multiple countries including Czech Republic, Israel, Greece, and Finland through Telegram channels. The actor operates free distribution channels for both credential lists and related tools.
Date: 2026-04-01T17:56:05Z
Network: openweb
Published URL: https://crackingx.com/threads/70724/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of USA credential combolist
Category: Combo List
Content: A threat actor leaked a combolist containing 3,310 USA-based credentials on a cybercriminal forum. The content is hidden and requires forum registration to access.
Date: 2026-04-01T17:55:48Z
Network: openweb
Published URL: https://crackingx.com/threads/70725/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Deutsche Bahn database
Category: Data Breach
Content: The threat actor claims to be selling Deutsche Bahn database. The compromised data contains over 27 million records and includes personal and travel-related information such as full names, dates of birth, email addresses, phone numbers, physical addresses, ticket types, travel class, and booking status.
Date: 2026-04-01T17:53:04Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Germany-tickets-reservations-18-millions-int-bahn-de
Screenshots:
None
Threat Actors: hackboy
Victim Country: Germany
Victim Industry: Transportation & Logistics
Victim Organization: deutsche bahn
Victim Site: int.bahn.de
Alleged Sale of US-Based Network Access with Domain Admin Privileges
Category: Data Leak
Content: The threat actor claims to be offering access to a US-based organization involved in manufacturing custom orthotics and prosthetics. The listing allegedly includes domain administrator access, VPN connectivity via FortiClient, and infrastructure spanning approximately 20 hosts. The actor further claims the presence of security solutions from Trend Micro with administrative credentials, along with cloud services such as Datto and OneDrive.
Date: 2026-04-01T17:52:38Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279673/
Screenshots:
None
Threat Actors: boat
Victim Country: USA
Victim Industry: Manufacturing
Victim Organization: Unknown
Victim Site: Unknown
DEFACER INDONESIAN TEAM targets the website of Jedlian Holdings Inc.
Category: Defacement
Content: The group claims to have defaced the website of Jedlian Holdings Inc.
Date: 2026-04-01T17:52:34Z
Network: telegram
Published URL: https://t.me/c/2433981896/1402
Screenshots:
None
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: Philippines
Victim Industry: Network & Telecommunications
Victim Organization: jedlian holdings inc.
Victim Site: mail.jedlian.net/uploads/lucu.sql
Alleged data breach of The Citizen Portal
Category: Data Breach
Content: The threat actor claims to be offering a database allegedly sourced from the Citizen Portal, a Czech Republic-based government platform. The dataset reportedly includes citizen contact details, service request records, and authentication logs, potentially exposing sensitive personal and access-related information.
Date: 2026-04-01T17:49:14Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-437k-Czech-Republic-https-obcan-portal-gov-cz-Personal-ID-contacts-addresses
Screenshots:
None
Threat Actors: Grubder
Victim Country: Czech Republic
Victim Industry: Government Administration
Victim Organization: the citizen portal
Victim Site: obcan.portal.gov.cz
Alleged leak of educational institution credentials
Category: Combo List
Content: Threat actor shared a combolist containing 187,921 credential pairs targeting educational domain institutions. The data is being distributed for free via a file sharing service.
Date: 2026-04-01T17:44:41Z
Network: openweb
Published URL: https://crackingx.com/threads/70722/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Mediatel CZ, s.r.o.
Category: Data Breach
Content: The threat actor claims to be offering a database allegedly sourced from Mediatel CZ, s.r.o. The dataset reportedly contains contact details, booking history, and customer account information, potentially exposing sensitive business and user-related data.
Date: 2026-04-01T17:41:14Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-487k-Czech-Republic-https-www-zlatestranky-cz-Verified-business-contacts-and-em
Screenshots:
None
Threat Actors: Grubder
Victim Country: Czech Republic
Victim Industry: Marketing, Advertising & Sales
Victim Organization: mediatel cz, s.r.o.
Victim Site: zlatestranky.cz
Alleged leak of mixed email provider credentials
Category: Combo List
Content: A threat actor is distributing a combolist containing 4,706 premium mixed email credentials including Hotmail accounts. The credentials are being offered as a free download through Telegram contact.
Date: 2026-04-01T17:32:34Z
Network: openweb
Published URL: https://crackingx.com/threads/70721/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of suzhouyou.com
Category: Data Breach
Content: The threat actor claims to have breached data from suzhouyou.com, allegedly containing contacts, support tickets, and emails.
Date: 2026-04-01T17:24:47Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-472k-China-https-www-suzhouyou-com-Contact-info-including-emails-phone-numbers
Screenshots:
None
Threat Actors: Grubder
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: suzhouyou.com
Alleged data breach of sauto.cz
Category: Data Breach
Content: The threat actor claims to be offering a database allegedly sourced from sauto.cz, a Czech Republic-based automotive platform. The dataset contains approximately 476,000 records, including customer contact details, vehicle inquiries, and reservation information. The data is structured across multiple sections such as contacts, vehicle inquiries, and bookings, potentially exposing sensitive personal and transactional information.
Date: 2026-04-01T17:23:33Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-476k-Czech-Republic-https-www-sauto-cz-Contact-records-with-emails-phone-IPs-an
Screenshots:
None
Threat Actors: Grubder
Victim Country: Czech Republic
Victim Industry: Automotive
Victim Organization: sauto.cz
Victim Site: sauto.cz
Alleged leak of email credentials combolist
Category: Combo List
Content: Threat actor TeraCloud1 shared a combolist containing 34,000 valid email credentials on a cybercrime forum. Additional private cloud services are advertised through Telegram contact.
Date: 2026-04-01T17:21:23Z
Network: openweb
Published URL: https://crackingx.com/threads/70720/
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
DEFACER INDONESIAN TEAM targets the website of Christ’s Forgiveness Bible Studies
Category: Defacement
Content: The group claims to have defaced the website of Christ’s Forgiveness Bible Studies.
Date: 2026-04-01T17:19:37Z
Network: telegram
Published URL: https://t.me/c/2433981896/1401
Screenshots:
None
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: USA
Victim Industry: Religious Institutions
Victim Organization: christ’s forgiveness bible studies
Victim Site: cfmbiblestudy.com
Alleged distribution of multi-domain credential combolist
Category: Combo List
Content: Actor distributes an 11.2 million record credential combolist containing various domain extensions including business, commercial, and country-specific domains through Telegram channels.
Date: 2026-04-01T17:09:44Z
Network: openweb
Published URL: https://crackingx.com/threads/70719/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credentials combolist
Category: Combo List
Content: TeraCloud1 made available a combolist containing 42,000 valid email credentials on CrackingX forum with additional private cloud access offered through Telegram.
Date: 2026-04-01T16:58:58Z
Network: openweb
Published URL: https://crackingx.com/threads/70718/
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of CAPIC
Category: Data Leak
Content: The threat actor claims to have leaked 376,000 records of data from CAPIC. The compromised data reportedly includes member contact details, accreditation records, and support ticket information, posing risks such as identity exposure, targeted phishing, and privacy violations.
Date: 2026-04-01T16:52:48Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-376k-Canada-https-www-capic-ca-contact-emails-phone-numbers-personal-details
Screenshots:
None
Threat Actors: Grubder
Victim Country: Canada
Victim Industry: Other Industry
Victim Organization: capic
Victim Site: capic.ca
Alleged leak of Hotmail credentials on cybercrime forum
Category: Combo List
Content: A threat actor shared a combolist containing 42,000 Hotmail email credentials on a cybercrime forum. The credentials are claimed to be valid and related to forum accounts.
Date: 2026-04-01T16:48:58Z
Network: openweb
Published URL: https://crackingx.com/threads/70717/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged unauthorized admin access to Politeknik Elektronika Negeri Surabaya (PENS)
Category: Initial Access
Content: Group claims to have gained unauthorized admin access to Politeknik Elektronika Negeri Surabaya (PENS).
Date: 2026-04-01T16:41:14Z
Network: telegram
Published URL: https://t.me/Rakyat_DigitalCrew/184
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: Indonesia
Victim Industry: Higher Education/Acadamia
Victim Organization: politeknik elektronika negeri surabaya
Victim Site: andhikasyawalludin.it.student.pens.ac.id
Alleged Data breach of Telecommunications and Digital Government Regulatory Authority
Category: Data Breach
Content: The group claims to have breached data from Telecommunications and Digital Government Regulatory Authority.
Date: 2026-04-01T16:40:13Z
Network: telegram
Published URL: https://t.me/c/3816027580/5331
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: UAE
Victim Industry: Network & Telecommunications
Victim Organization: telecommunications and digital government regulatory authority
Victim Site: tra.gov.ae
Alleged data leak of Kabum
Category: Data Leak
Content: The threat actor claims to have leaked 724,000 records of data from Kabum. The compromised data reportedly includes customer contact details, order information, and delivery/logistics records, which could expose users to targeted phishing, fraud, identity misuse, and privacy risks.
Date: 2026-04-01T16:40:06Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-724k-Brazil-https-www-kabum-com-br-User-contact-records-with-emails-phones-l
Screenshots:
None
Threat Actors: Grubder
Victim Country: Brazil
Victim Industry: E-commerce & Online Stores
Victim Organization: kabum
Victim Site: kabum.com.br
Website defacement of medantainment.com by maw3six
Category: Defacement
Content: Threat actor maw3six successfully defaced the medantainment.com website on April 1, 2026. The attack targeted an entertainment industry website running on a Linux server.
Date: 2026-04-01T16:39:18Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248202
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Entertainment
Victim Organization: Medantainment
Victim Site: medantainment.com
Mass defacement campaign by maw3six targeting halopahawang.com
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting halopahawang.com on April 1, 2026. The incident was part of a broader mass defacement operation rather than a targeted attack on a single site.
Date: 2026-04-01T16:39:00Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248203
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: halopahawang.com
Mass website defacement by maw3six targeting travel website
Category: Defacement
Content: Threat actor maw3six conducted a mass defacement campaign targeting the Sujud Travel website. The attack was part of a broader mass defacement operation rather than targeting this specific organization.
Date: 2026-04-01T16:38:41Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248204
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Travel/Tourism
Victim Organization: Sujud Travel
Victim Site: sujud.travel
Alleged data breach of IRISbox
Category: Data Breach
Content: The threat actor claims to have breached data from IRISbox, allegedly containing contact, box subscription, and identity verification information.
Date: 2026-04-01T16:28:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-467k-Belgium-https-irisbox-brussels-Personal-records-including-IDs-phone-numbe
Screenshots:
None
Threat Actors: Grubder
Victim Country: Belgium
Victim Industry: Government & Public Sector
Victim Organization: irisbox
Victim Site: irisbox.irisnet.be
Alleged distribution of mixed credential combolists from multiple platforms
Category: Combo List
Content: Threat actor distributing a 16 million record mixed credential combolist containing data from multiple platforms including Replit, Creator Center, Reactiflux, DevOps Chat, Kubernetes Slack, Habr, and BlackHatWorld across various country domains. The credentials are being shared through Telegram channels.
Date: 2026-04-01T16:25:35Z
Network: openweb
Published URL: https://crackingx.com/threads/70715/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple platforms
Victim Site: Multiple domains
Alleged leak of login credentials to The BSS School
Category: Initial Access
Content: The Group claims to have leaked login credentials to The BSS School. The shared details reportedly include hashed password data, directory paths, storage quota information, and references to a mail or administrative account.
Date: 2026-04-01T16:25:08Z
Network: telegram
Published URL: https://t.me/Rakyat_DigitalCrew/182
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: India
Victim Industry: Education
Victim Organization: the bss school
Victim Site: thebssschool.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 545 Hotmail email and password combinations on a cybercrime forum.
Date: 2026-04-01T16:25:05Z
Network: openweb
Published URL: https://crackingx.com/threads/70716/
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged unauthorized access to the website of Shri Shikshayatan College.
Category: Initial Access
Content: The group claims to have gained Unauthorized Access to the website of Shri Shikshayatan College.
Date: 2026-04-01T16:19:39Z
Network: telegram
Published URL: https://t.me/Rakyat_DigitalCrew/181
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: India
Victim Industry: Education
Victim Organization: shri shikshayatan college
Victim Site: shrishikshayatancollege.org
Alleged data breach of Cairo University
Category: Data Breach
Content: The threat actor claims to have breached data from Cairo University, allegedly containing contacts, student enrollments, and support tickets.
Date: 2026-04-01T16:18:39Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-284k-Egypt-https-cu-edu-eg-Educational-records-including-personal-IDs-emails-a
Screenshots:
None
Threat Actors: Grubder
Victim Country: Egypt
Victim Industry: Education
Victim Organization: cairo university
Victim Site: cu.edu.eg
Alleged data leak of Taipei Computer Association
Category: Data Breach
Content: The group claims to have leaked the database of Taipei Computer Association.
Date: 2026-04-01T16:12:55Z
Network: telegram
Published URL: https://t.me/Noheartz1337/58
Screenshots:
None
Threat Actors: NoHeartz
Victim Country: Taiwan
Victim Industry: Information Technology (IT) Services
Victim Organization: taipei computer association
Victim Site: smartcityonline.org.tw
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor UniqueCombo allegedly shared a combolist containing 18,000 unique Hotmail email and password combinations on a cybercriminal forum.
Date: 2026-04-01T16:12:05Z
Network: openweb
Published URL: https://crackingx.com/threads/70714/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Unauthorized Access to Unidentified critical operating technology in South Korea
Category: Initial Access
Content: The group claims to have gained Unauthorized Access to Unidentified critical operating technology in South Korea. They can control unrestricted administrative control over the HMI and PLC, allowing them to monitor, modify, and override all system operations, parameters, programs, and data.
Date: 2026-04-01T16:00:49Z
Network: telegram
Published URL: https://t.me/Z_Pentest_Alliance_ru/916
Screenshots:
None
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: South Korea
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist containing 51,591 entries
Category: Combo List
Content: A threat actor shared a fresh mixed combolist containing 51,591 credential entries on a cybercrime forum. The actor also promoted their Telegram channel for additional content distribution.
Date: 2026-04-01T16:00:42Z
Network: openweb
Published URL: https://crackingx.com/threads/70713/
Screenshots:
None
Threat Actors: Browzchel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credentials combolist
Category: Combo List
Content: Forum user TeraCloud1 shared a combolist containing 33,000 valid email credentials on CrackingX forum. The threat actor also advertises additional private cloud services available through Telegram contact.
Date: 2026-04-01T15:49:23Z
Network: openweb
Published URL: https://crackingx.com/threads/70711/
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 253,000 records
Category: Combo List
Content: Threat actor shared a fresh credential combolist containing 253,000 records on an underground forum. The post advertises the data as high quality and recently obtained.
Date: 2026-04-01T15:48:43Z
Network: openweb
Published URL: https://crackingx.com/threads/70712/
Screenshots:
None
Threat Actors: Blackcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 26,000 email credentials
Category: Combo List
Content: A threat actor claims to have leaked 26,000 fresh valid email access credentials in a mixed collection. The credentials are being distributed through a cybercrime forum.
Date: 2026-04-01T15:38:14Z
Network: openweb
Published URL: https://crackingx.com/threads/70707/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials including Hotmail accounts
Category: Combo List
Content: Actor noir is distributing a collection of valid email credentials described as UHQ Mix including Hotmail accounts and private cloud credentials through Telegram channel @NoirAccesss.
Date: 2026-04-01T15:37:51Z
Network: openweb
Published URL: https://crackingx.com/threads/70708/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Hoist and Winch Co UK by Rici144/Ratman team
Category: Defacement
Content: On April 1, 2026, the UK-based industrial equipment company Hoist and Winch Co had their website defaced by attacker Rici144, associated with the Ratman team. The defacement targeted a specific media directory on the companys website.
Date: 2026-04-01T15:37:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824157
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Manufacturing
Victim Organization: Hoist and Winch Co UK
Victim Site: hoistandwinch.co.uk
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 2.16 million Hotmail email and password combinations through a file sharing service. The credentials are described as high quality and made available for free download.
Date: 2026-04-01T15:37:14Z
Network: openweb
Published URL: https://crackingx.com/threads/70709/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of Hometex by Rici144 (Ratman team)
Category: Defacement
Content: Threat actor Rici144 from the Ratman team defaced the Hometex company website on April 1, 2026. The attack targeted a UK-based textile or home goods manufacturers media directory.
Date: 2026-04-01T15:37:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824158
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Textiles/Manufacturing
Victim Organization: Hometex
Victim Site: hometex.co.uk
Alleged data leak of Regional Council of Veterinary Medicine of the State of São Paulo
Category: Data Leak
Content: The threat actor claims to have leaked 452,000 records of data from Regional Council of Veterinary Medicine of the State of São Paulo. the compromised data includes vet contact info, registration details, compliance records, and appointment bookings, posing risks of privacy exposure, profiling, and targeted phishing.
Date: 2026-04-01T15:37:03Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-452k-Brazil-https-www-crmvsp-gov-br-Veterinary-professional-registry-data-incl
Screenshots:
None
Threat Actors: Grubder
Victim Country: Brazil
Victim Industry: Government Administration
Victim Organization: regional council of veterinary medicine of the state of são paulo
Victim Site: crmvsp.gov.br
Alleged leak of multi-platform credential combolist including Stack Overflow, Dev.to, and email providers
Category: Combo List
Content: Threat actor distributes a 13 million record credential combolist containing data allegedly from Stack Overflow, Dev.to, Hashnode, and various email providers including Hotmail, AOL, GMX, and others. The credentials are being freely distributed through Telegram channels.
Date: 2026-04-01T15:36:46Z
Network: openweb
Published URL: https://crackingx.com/threads/70710/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple
Victim Site: stackoverflow.com
Website defacement of Industrial Lifting Bags by Rici144/Ratman team
Category: Defacement
Content: The Ratman team, specifically attacker Rici144, conducted a redefacement of Industrial Lifting Bags website on April 1, 2026. This incident represents a repeat compromise of the industrial equipment companys web presence.
Date: 2026-04-01T15:36:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824159
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Industrial Equipment
Victim Organization: Industrial Lifting Bags
Victim Site: www.industrialliftingbags.co.uk
Website defacement of Jacksons Garden Supplies by Rici144/Ratman team
Category: Defacement
Content: The website of Jacksons Garden Supplies was defaced by attacker Rici144 affiliated with the Ratman team on April 1, 2026. This incident represents a redefacement of the target site rather than an initial compromise.
Date: 2026-04-01T15:35:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824160
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Retail/Garden Supplies
Victim Organization: Jacksons Garden Supplies
Victim Site: www.jacksonsgardensupplies.co….
Alleged data leak of Dr. Ambedkar Institute of Management Studies & Research
Category: Data Breach
Content: The group claims to have leaked the database of Dr. Ambedkar Institute of Management Studies & Research.
Date: 2026-04-01T15:35:51Z
Network: telegram
Published URL: https://t.me/Noheartz1337/58
Screenshots:
None
Threat Actors: NoHeartz
Victim Country: India
Victim Industry: Education
Victim Organization: dr. ambedkar institute of management studies & research
Victim Site: daimsr.edu.in
Website defacement of JeanScene by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144, associated with the Ratman team, defaced the JeanScene UK retail website on April 1, 2026. This appears to be a targeted defacement of a single commercial fashion retailers media directory.
Date: 2026-04-01T15:35:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824161
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Retail/Fashion
Victim Organization: JeanScene
Victim Site: jeanscene.co.uk
Website defacement of JetEase by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144, associated with team Ratman, successfully defaced a subdirectory of the JetEase aviation company website on April 1st, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-01T15:34:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824162
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Aviation/Travel
Victim Organization: JetEase
Victim Site: jetease.co.uk
Website defacement of joalexander.co.uk by Rici144/Ratman team
Category: Defacement
Content: The website joalexander.co.uk was defaced by attacker Rici144 associated with the Ratman team on April 1, 2026. The defacement targeted a specific media subdirectory rather than the homepage.
Date: 2026-04-01T15:33:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824163
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: joalexander.co.uk
Website defacement of jimsbits.co.uk by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team successfully defaced the jimsbits.co.uk website on April 1, 2026. The defacement targeted a specific media subdirectory of the UK-based website.
Date: 2026-04-01T15:33:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824164
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Jims Bits
Victim Site: jimsbits.co.uk
Website defacement of JustItems by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team conducted a redefacement of the UK-based e-commerce website JustItems on April 1, 2026. This appears to be a repeat attack targeting the same victim site.
Date: 2026-04-01T15:32:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824165
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: E-commerce
Victim Organization: JustItems
Victim Site: justitems.co.uk
Website defacement of K-Sport UK by Rici144 (Ratman team)
Category: Defacement
Content: Attacker Rici144, affiliated with team Ratman, defaced the K-Sport UK website on April 1, 2026. The defacement targeted a media subdirectory of the sports organizations website.
Date: 2026-04-01T15:32:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824166
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Sports/Recreation
Victim Organization: K-Sport UK
Victim Site: www.k-sport-uk.co.uk
Website defacement of Kuul by Rici144 (Ratman team)
Category: Defacement
Content: On April 1, 2026, attacker Rici144 from team Ratman defaced the UK-based website www.kuul.co.uk. The attack targeted a specific page within the sites media/customer directory.
Date: 2026-04-01T15:31:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824167
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Kuul
Victim Site: www.kuul.co.uk
Website defacement of Love Espresso by Rici144/Ratman team
Category: Defacement
Content: The Ratman team member Rici144 defaced the Love Espresso coffee company website on April 1, 2026. The attack targeted a specific media directory rather than the main homepage.
Date: 2026-04-01T15:30:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824168
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Food and Beverage
Victim Organization: Love Espresso
Victim Site: love-espresso.co.uk
Website defacement of Mainland Aggregates by Rici144/Ratman team
Category: Defacement
Content: The threat actor Rici144, associated with the Ratman team, defaced the website of Mainland Aggregates, a UK-based construction materials company, on April 1, 2026.
Date: 2026-04-01T15:30:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824169
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Construction/Mining
Victim Organization: Mainland Aggregates
Victim Site: www.mainlandaggregates.co.uk
Website defacement of Mayfair Stationers by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team successfully defaced the Mayfair Stationers website on April 1, 2026. This represents a redefacement of a previously compromised target.
Date: 2026-04-01T15:29:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824171
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Retail/Office Supplies
Victim Organization: Mayfair Stationers
Victim Site: www.mayfairstationers.co.uk
Website defacement of Merlin Workwear by Rici144/Ratman team
Category: Defacement
Content: The Ratman team member Rici144 successfully defaced the Merlin Workwear website on April 1st, 2026. This appears to be a targeted single-site defacement of a UK-based workwear retailers media directory.
Date: 2026-04-01T15:28:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824172
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Retail/Apparel
Victim Organization: Merlin Workwear
Victim Site: www.merlinworkwear.co.uk
Website defacement of MyPNI by Rici144 (Ratman team)
Category: Defacement
Content: The attacker Rici144, affiliated with the Ratman team, successfully defaced a customer media page on the MyPNI website on April 1, 2026. This appears to be a targeted single-site defacement rather than a mass or repeat attack.
Date: 2026-04-01T15:28:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824173
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: MyPNI
Victim Site: www.mypni.co.uk
Website defacement of Novo Shoes by Rici144 (Ratman team)
Category: Defacement
Content: The attacker Rici144, associated with the Ratman team, successfully defaced the Novo Shoes UK website on April 1st, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-01T15:27:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824174
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Retail/Fashion
Victim Organization: Novo Shoes
Victim Site: www.novoshoes.co.uk
Website defacement of Paco Perfumerias by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144, associated with the Ratman team, successfully defaced the Paco Perfumerias UK website on April 1, 2026. This appears to be a single-site defacement targeting the cosmetics retailers online presence.
Date: 2026-04-01T15:26:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824176
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Retail/Cosmetics
Victim Organization: Paco Perfumerias
Victim Site: www.pacoperfumerias.co.uk
Website defacement of Pawfect Foods by Rici144 (Ratman team)
Category: Defacement
Content: On April 1, 2026, attacker Rici144 from the Ratman team successfully defaced the Pawfect Foods website. The defacement targeted a specific page within the media directory rather than the main homepage.
Date: 2026-04-01T15:26:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824177
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Food and Beverage
Victim Organization: Pawfect Foods
Victim Site: www.pawfectfoods.co.uk
Website defacement of Pongees by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team defaced the Pongees website on April 1, 2026. The defacement targeted a specific media directory rather than the homepage.
Date: 2026-04-01T15:25:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824178
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Pongees
Victim Site: www.pongees.co.uk
Website defacement of Rattan Furniture Fairy by Rici144/Ratman team
Category: Defacement
Content: The UK-based furniture retailer Rattan Furniture Fairys website was defaced by attacker Rici144, associated with the Ratman team, on April 1, 2026. The incident represents a single-target defacement of an e-commerce furniture business.
Date: 2026-04-01T15:25:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824179
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Retail/E-commerce
Victim Organization: Rattan Furniture Fairy
Victim Site: www.rattanfurniturefairy.co.uk
Website defacement of Shower Seals Direct by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team defaced the Shower Seals Direct website on April 1, 2026. The incident targeted a UK-based retail company specializing in shower sealing products.
Date: 2026-04-01T15:24:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824180
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Retail/E-commerce
Victim Organization: Shower Seals Direct
Victim Site: showersealsdirect.co.uk
Alleged leak of German shopping credentials combolist
Category: Combo List
Content: A threat actor leaked a combolist containing 545,433 credential pairs allegedly targeting German shopping websites. The data was made available for free download via a file sharing service.
Date: 2026-04-01T15:23:55Z
Network: openweb
Published URL: https://crackingx.com/threads/70706/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of SourceMedia by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team conducted a redefacement of SourceMedias UK website on April 1, 2026. This appears to be a targeted attack against the media companys web presence.
Date: 2026-04-01T15:23:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824181
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Media/Publishing
Victim Organization: SourceMedia
Victim Site: www.sourcemedia.co.uk
Website defacement of Sure24 by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144, associated with the Ratman team, successfully defaced a media subdirectory on the Sure24 website on April 1, 2026.
Date: 2026-04-01T15:23:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824182
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Sure24
Victim Site: sure24.co.uk
Website defacement of Tiling Logistics by Rici144/Ratman team
Category: Defacement
Content: Cyber attacker Rici144 from the Ratman team conducted a redefacement of the UK-based Tiling Logistics company website on April 1, 2026. This represents a secondary attack on a previously compromised logistics company website.
Date: 2026-04-01T15:22:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824183
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Logistics
Victim Organization: Tiling Logistics
Victim Site: www.tilinglogistics.co.uk
Website defacement of Uther Peptide by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team successfully defaced the Uther Peptide website on April 1, 2026. This appears to be a redefacement of a previously compromised site rather than an initial attack.
Date: 2026-04-01T15:21:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824185
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Biotechnology/Pharmaceuticals
Victim Organization: Uther Peptide
Victim Site: utherpeptide.co.uk
Website defacement of ZFS Solution by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144, associated with the Ratman team, successfully defaced a subdirectory of ZFS Solutions website on April 1, 2026. The defacement targeted a custom media directory rather than the main homepage.
Date: 2026-04-01T15:21:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824186
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Kingdom
Victim Industry: Technology/IT Services
Victim Organization: ZFS Solution
Victim Site: zfssolution.co.uk
Alleged data leak of BulgarianProperties
Category: Data Leak
Content: The threat actor claims to have leaked 147,000 records of data from BulgarianProperties. The compromised data includes customer contacts, inquiry records, property viewings, and transaction info, posing risks of phishing, fraud, and profiling.
Date: 2026-04-01T15:20:50Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-147k-Bulgaria-https-www-bulgarianproperties-com-Active-real-estate-contacts-wit
Screenshots:
None
Threat Actors: Grubder
Victim Country: Bulgaria
Victim Industry: Real Estate
Victim Organization: bulgarianproperties
Victim Site: bulgarianproperties.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Forum user alphaxdd shared a collection of 1,264 allegedly valid Hotmail credentials described as premium hits with mixed email addresses.
Date: 2026-04-01T15:13:44Z
Network: openweb
Published URL: https://crackingx.com/threads/70705/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of Reddit and Replit credential combolist
Category: Combo List
Content: Threat actor CODER is distributing a 5 million credential combolist allegedly containing Reddit and Replit accounts through Telegram channels. The credentials are being shared for free through dedicated Telegram groups.
Date: 2026-04-01T15:03:13Z
Network: openweb
Published URL: https://crackingx.com/threads/70704/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Reddit, Replit
Victim Site: reddit.com, replit.com
Website defacement of Atlas Ice by Rici144/Ratman team
Category: Defacement
Content: Atlas Ices Malaysian website was defaced by attacker Rici144 affiliated with the Ratman team on April 1, 2026. This incident represents a redefacement of the target site.
Date: 2026-04-01T14:52:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824063
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Malaysia
Victim Industry: Food and Beverage
Victim Organization: Atlas Ice
Victim Site: www.atlasice.com.my
Website defacement of Byggfabriken by Rici144 (Ratman team)
Category: Defacement
Content: Website defacement attack against Swedish construction company Byggfabriken carried out by attacker Rici144 from the Ratman team on April 1, 2026.
Date: 2026-04-01T14:51:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824064
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Sweden
Victim Industry: Construction/Manufacturing
Victim Organization: Byggfabriken
Victim Site: www.byggfabriken.se
Alleged leak of mixed credential data via D4RKNETHUB
Category: Combo List
Content: Threat actor D4rkNetHub shared a collection of 19,024 mixed credential records on a cybercriminal forum, with content hosted on image sharing platform and requiring registration to access.
Date: 2026-04-01T14:51:21Z
Network: openweb
Published URL: https://crackingx.com/threads/70703/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Dekker Nordic by Rici144/Ratman team
Category: Defacement
Content: Threat actor Rici144 from the Ratman team conducted a redefacement attack against Dekker Nordics website on April 1, 2026. This incident represents a secondary compromise of the target organizations web infrastructure.
Date: 2026-04-01T14:50:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824066
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Sweden
Victim Industry: Unknown
Victim Organization: Dekker Nordic
Victim Site: dekkernordic.se
Website defacement of Depo Bangunan by Rici144/Ratman team
Category: Defacement
Content: Indonesian construction company Depo Bangunans website was defaced by attacker Rici144 from the Ratman team on April 1, 2026. This incident represents a redefacement of the target website.
Date: 2026-04-01T14:49:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824067
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Indonesia
Victim Industry: Construction/Building Supplies
Victim Organization: Depo Bangunan
Victim Site: www.depobangunan.co.id
Website defacement of ENSI by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144 from the Ratman team conducted a redefacement of the Swedish ENSI website on April 1, 2026. This marks a repeat attack on the same target domain.
Date: 2026-04-01T14:49:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824068
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Sweden
Victim Industry: Unknown
Victim Organization: ENSI
Victim Site: www.ensi.se
Website defacement of Fiskejournalen by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144, associated with the Ratman team, defaced a page on the Swedish fishing publication website Fiskejournalen on April 1, 2026. The incident targeted a specific media subdirectory rather than the main homepage.
Date: 2026-04-01T14:48:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824069
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Sweden
Victim Industry: Media/Publishing
Victim Organization: Fiskejournalen
Victim Site: www.fiskejournalen.se
Website defacement of Fitness Concept by Rici144/Ratman team
Category: Defacement
Content: Malaysian fitness company website was defaced by attacker Rici144 from the Ratman team on April 1, 2026. This was identified as a redefacement attack targeting the organizations web presence.
Date: 2026-04-01T14:47:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824070
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Malaysia
Victim Industry: Health and Fitness
Victim Organization: Fitness Concept
Victim Site: www.fitnessconcept.com.my
Website defacement of GIS One by Rici144 (Ratman team)
Category: Defacement
Content: Cybercriminal Rici144 from the Ratman team successfully defaced the GIS One website on April 1, 2026. The attack targeted a specific media/customer section of the AI-focused companys website.
Date: 2026-04-01T14:47:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824071
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: GIS One
Victim Site: gisone.ai
Website defacement of Gymbutiken by Rici144/Ratman team
Category: Defacement
Content: Swedish fitness equipment retailer Gymbutiken was defaced by attacker Rici144 associated with the Ratman team. This represents a redefacement of a previously compromised target rather than an initial attack.
Date: 2026-04-01T14:46:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824072
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Sweden
Victim Industry: Retail/Fitness
Victim Organization: Gymbutiken
Victim Site: gymbutiken.se
Website defacement of Glamira Bolivia by Rici144/Ratman team
Category: Defacement
Content: The Bolivian website of jewelry retailer Glamira was defaced by attacker Rici144 affiliated with the Ratman team on April 1, 2026. The defacement targeted a specific media/customer page rather than the main homepage.
Date: 2026-04-01T14:46:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824073
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Bolivia
Victim Industry: Retail/Jewelry
Victim Organization: Glamira
Victim Site: www.glamira.com.bo
Website defacement of Kitchen Arena by Rici144/Ratman team
Category: Defacement
Content: Malaysian kitchen retail website kitchen-arena.com.my was defaced by attacker Rici144 affiliated with the Ratman team on April 1, 2026. The defacement targeted a specific media directory on the site.
Date: 2026-04-01T14:45:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824076
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Malaysia
Victim Industry: Retail/E-commerce
Victim Organization: Kitchen Arena
Victim Site: kitchen-arena.com.my
Website defacement of KTSPS by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team defaced a Malaysian website belonging to KTSPS organization on April 1, 2026. The defacement targeted a specific media/customer advertising section of the website.
Date: 2026-04-01T14:44:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824077
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Malaysia
Victim Industry: Unknown
Victim Organization: KTSPS
Victim Site: www.ktsps.my
Website defacement of Louis XIII Cognac by Rici144/Ratman team
Category: Defacement
Content: The Chinese website of luxury cognac brand Louis XIII was defaced by attacker Rici144 from the Ratman team on April 1, 2026. This appears to be a targeted single-site defacement of the premium spirits companys regional website.
Date: 2026-04-01T14:44:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824078
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: China
Victim Industry: Food and Beverage
Victim Organization: Louis XIII Cognac
Victim Site: www.louisxiii-cognac-cn.com
Website defacement of Mad Wizard Games by Rici144/Ratman team
Category: Defacement
Content: Gaming company Mad Wizard Games suffered a website defacement attack by threat actor Rici144 associated with the Ratman team on April 1, 2026. The attack targeted a specific page within the companys media directory rather than the main homepage.
Date: 2026-04-01T14:43:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824079
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Sweden
Victim Industry: Gaming/Entertainment
Victim Organization: Mad Wizard Games
Victim Site: www.madwizardgames.se
Alleged data breach of Animoto
Category: Data Breach
Content: The threat actor claims to be leaked data from Animoto. The compromised data reportedly contains 5M records including User ID, Email Address, First name, Last Name, Password, IP Address, Registration Date, Subscription Type, Payment Status, Video Count, Storage Usage, Last Login.
Date: 2026-04-01T14:43:18Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-ANIMOTO-COM-Video-Creation-5M-Users
Screenshots:
None
Threat Actors: xorcat
Victim Country: USA
Victim Industry: Software Development
Victim Organization: animoto
Victim Site: animoto.com
Website defacement of MVM by Rici144/Ratman team
Category: Defacement
Content: Website defacement incident targeting MVMs Mexican domain by attacker Rici144 affiliated with Ratman team on April 1, 2026. The attack compromised the organizations media/customer section.
Date: 2026-04-01T14:43:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824081
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Mexico
Victim Industry: Unknown
Victim Organization: MVM
Victim Site: www.mvm.com.mx
Website defacement of Nexperia Store by Rici144/Ratman team
Category: Defacement
Content: The Nexperia Store website was defaced by attacker Rici144 from the Ratman team on April 1, 2026. The attack targeted a media subdirectory of the Chinese semiconductor companys e-commerce platform.
Date: 2026-04-01T14:42:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824082
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: China
Victim Industry: Electronics/Semiconductor
Victim Organization: Nexperia
Victim Site: www.nexperiastore.cn
Website defacement of Outdoor Retail Mexico by Rici144 (Ratman team)
Category: Defacement
Content: The attacker Rici144, affiliated with the Ratman team, conducted a redefacement of the Mexican outdoor retail companys website on April 1, 2026. This appears to be a targeted attack against a specific retail organization rather than part of a mass defacement campaign.
Date: 2026-04-01T14:41:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824083
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Mexico
Victim Industry: Retail
Victim Organization: Outdoor Retail
Victim Site: www.outdoorretail.mx
Website defacement of Pinturas FMC by Rici144 (Ratman team)
Category: Defacement
Content: Attacker Rici144 from the Ratman team successfully defaced the website of Pinturas FMC, a Mexican paint manufacturing company, on April 1, 2026.
Date: 2026-04-01T14:41:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824084
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Mexico
Victim Industry: Manufacturing
Victim Organization: Pinturas FMC
Victim Site: www.pinturasfmc.com.mx
Website defacement of Ronnmans by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from team Ratman conducted a redefacement attack against the Swedish website www.ronnmans.se on April 1, 2026. This appears to be a repeat attack on the same target rather than an initial compromise.
Date: 2026-04-01T14:40:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824085
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Sweden
Victim Industry: Unknown
Victim Organization: Ronnmans
Victim Site: www.ronnmans.se
Alleged leak of credential combolist containing 21,000 records
Category: Combo List
Content: A threat actor shared a link to what appears to be a credential combolist containing 21,000 records on a cybercriminal forum. The post provides minimal details about the source or nature of the credentials.
Date: 2026-04-01T14:40:00Z
Network: openweb
Published URL: https://crackingx.com/threads/70700/
Screenshots:
None
Threat Actors: Cir4d
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of se-branded.com by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team conducted a redefacement of se-branded.com on April 1, 2026. This was identified as a redefacement rather than an initial compromise of the target website.
Date: 2026-04-01T14:39:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824086
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Sweden
Victim Industry: Unknown
Victim Organization: SE Branded
Victim Site: se-branded.com
Alleged leak of Russian credential data
Category: Combo List
Content: A threat actor shared a collection of 6,000 fresh Russian credentials that were reportedly verified. The data is being distributed through a cybercriminal forum focused on credential lists and financial data.
Date: 2026-04-01T14:39:40Z
Network: openweb
Published URL: https://crackingx.com/threads/70701/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 7,000 mixed email credentials described as fresh and high quality. The credentials are being distributed for free to registered forum users.
Date: 2026-04-01T14:39:19Z
Network: openweb
Published URL: https://crackingx.com/threads/70702/
Screenshots:
None
Threat Actors: Lexser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Sikkerthjem by Rici144/Ratman team
Category: Defacement
Content: Swedish website sikkerthjem.se was defaced by attacker Rici144, associated with the Ratman team, on April 1st, 2026. The defacement targeted a specific media directory on the site.
Date: 2026-04-01T14:39:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824087
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Sweden
Victim Industry: Unknown
Victim Organization: Sikkerthjem
Victim Site: sikkerthjem.se
Website defacement of sexpuppe.ai by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team conducted a redefacement of the sexpuppe.ai website on April 1, 2026. This appears to be a subsequent attack on a previously compromised target in the adult entertainment sector.
Date: 2026-04-01T14:38:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824088
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Adult Entertainment
Victim Organization: Unknown
Victim Site: sexpuppe.ai
Website defacement of Sportsmed by Rici144/Ratman team
Category: Defacement
Content: Threat actor Rici144 from the Ratman team conducted a redefacement attack against Mexican sports medicine organization Sportsmed on April 1, 2026. This represents a repeat compromise of the targets web infrastructure.
Date: 2026-04-01T14:37:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824089
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Mexico
Victim Industry: Healthcare
Victim Organization: Sportsmed
Victim Site: sportsmed.com.mx
Website defacement of Steren Shop by Rici144 (Ratman team)
Category: Defacement
Content: Attacker Rici144 from the Ratman team conducted a redefacement attack against Mexican electronics retailer Steren Shops website on April 1, 2026. This represents a repeat compromise of the target system.
Date: 2026-04-01T14:37:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824090
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Mexico
Victim Industry: Retail/E-commerce
Victim Organization: Steren Shop
Victim Site: www.sterenshop.com.mx
Website defacement of Textilgallerian by Rici144/Ratman team
Category: Defacement
Content: Swedish textile retailer Textilgallerian was defaced by attacker Rici144 from the Ratman team on April 1, 2026. The defacement targeted a media subdirectory of the companys website.
Date: 2026-04-01T14:36:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824091
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Sweden
Victim Industry: Retail/Textile
Victim Organization: Textilgallerian
Victim Site: textilgallerian.se
Website defacement of TUV Academy by Rici144/Ratman team
Category: Defacement
Content: The TUV Academy website was defaced by attacker Rici144 associated with the Ratman team on April 1st, 2026. The defacement targeted a specific media/custom page rather than the homepage.
Date: 2026-04-01T14:35:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824092
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: China
Victim Industry: Education/Training
Victim Organization: TUV Academy
Victim Site: www.tuv-academy.cn
Website defacement of Swedish beauty club by Rici144/Ratman team
Category: Defacement
Content: On April 1, 2026, attacker Rici144 from team Ratman defaced the website of a Swedish beauty club. The incident was a single-target defacement with no indication of mass compromise or redefacement.
Date: 2026-04-01T14:35:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824093
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Sweden
Victim Industry: Recreation/Beauty Services
Victim Organization: Skönhetsklubben
Victim Site: www.xn--sknhetsklubben-wpb.se
Alleged leak of LinkedIn, ChatGPT, Pinterest, Twitter, and Bluesky credentials
Category: Combo List
Content: Threat actor CODER is distributing a 12 million credential combolist containing email:password combinations allegedly from LinkedIn, ChatGPT, Pinterest, Twitter (X), Threads, and Bluesky through Telegram channels. The credentials are being shared for free through dedicated Telegram groups.
Date: 2026-04-01T14:15:07Z
Network: openweb
Published URL: https://crackingx.com/threads/70696/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to unidentified multiple companies
Category: Initial Access
Content: Threat actor claims to be selling domain admin (DA) access to two Czech-based companies, one in food production and another in software/IT services. The access reportedly includes RDP connectivity with administrative privileges, with pricing open to offers.
Date: 2026-04-01T14:11:35Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279650/
Screenshots:
None
Threat Actors: someone0717
Victim Country: Czech Republic
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A forum post claims to contain a combolist of 18,000 unique Hotmail email and password combinations. The actual content requires forum registration to view, making verification of the claims impossible.
Date: 2026-04-01T14:04:25Z
Network: openweb
Published URL: https://crackingx.com/threads/70695/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of email credentials from multiple regions
Category: Combo List
Content: A threat actor shared a collection of 7,600 allegedly valid email credentials from users across the United States, Europe, and Asia. The combolist appears to contain fresh email access credentials dated April 1st.
Date: 2026-04-01T13:55:27Z
Network: openweb
Published URL: https://crackingx.com/threads/70693/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Warframe
Category: Data Leak
Content: The threat actor claims to be leaked data from Warframe. The compromised data reportedly contains 3M records including User ID, Email Address, Username, Password, Display Name, Account level, Platinum Balance, Registration Date, Last login, Play time, Clan name, Country, IP address.NB: This organization was previously breached on November 24 2014
Date: 2026-04-01T13:45:37Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-WARFRAME-COM-Online-Game-3M-Users
Screenshots:
None
Threat Actors: xorcat
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: digital extremes ltd.
Victim Site: warframe.com
Alleged distribution of credential lists targeting multiple social media platforms
Category: Combo List
Content: Threat actor CODER is distributing a 15 million record credential list (combolist) targeting multiple social media platforms including Facebook, Instagram, YouTube, TikTok, WeChat, Telegram, and Snapchat. The credentials are being shared through Telegram channels for free distribution.
Date: 2026-04-01T13:45:33Z
Network: openweb
Published URL: https://crackingx.com/threads/70691/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Social Media
Victim Organization: Multiple (Facebook, Instagram, YouTube, TikTok, WeChat, Telegram, Snapchat)
Victim Site: Unknown
OpsShadowStrike targets the website of Oakstreet Events
Category: Defacement
Content: The group claims to have defaced the website of Oakstreet Events
Date: 2026-04-01T13:41:15Z
Network: telegram
Published URL: https://t.me/OpsShadowStrike/219
Screenshots:
None
Threat Actors: OpsShadowStrike
Victim Country: USA
Victim Industry: Events Services
Victim Organization: oakstreet events
Victim Site: oakstreetcalendar.com
Alleged Data breach Of Ambu Personalservice
Category: Data Breach
Content: The threat actor claims to have breached data from Ambau Team and intends to publish it within 1-2 days.
Date: 2026-04-01T13:35:14Z
Network: tor
Published URL: https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/2617010624/overview
Screenshots:
None
Threat Actors: Worldleaks
Victim Country: Germany
Victim Industry: Software Development
Victim Organization: ambau personalservice
Victim Site: ambau-team.de
Website defacement of pellets-brandhout.be by Rici144/Ratman team
Category: Defacement
Content: The website of Belgian pellets and firewood retailer pellets-brandhout.be was defaced by attacker Rici144 from the Ratman team on April 1, 2026. The defacement targeted a media subdirectory of the companys website.
Date: 2026-04-01T13:33:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823976
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Belgium
Victim Industry: Retail/Energy
Victim Organization: Pellets Brandhout
Victim Site: pellets-brandhout.be
Website defacement of pekaneurohinnat.fi by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team conducted a redefacement attack against the Finnish website pekaneurohinnat.fi on April 1, 2026. This represents a repeat defacement of the same target by the threat actor.
Date: 2026-04-01T13:32:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823977
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Finland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: pekaneurohinnat.fi
Website defacement of Plastex by Rici144/Ratman team
Category: Defacement
Content: Finnish manufacturing company Plastex suffered a website defacement attack by attacker Rici144 from the Ratman team on April 1, 2026. This appears to be a redefacement of a previously compromised site.
Date: 2026-04-01T13:32:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823978
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Finland
Victim Industry: Manufacturing
Victim Organization: Plastex
Victim Site: www.plastex.fi
Website defacement of Polar India by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144 from the Ratman team conducted a redefacement of the Polar India website on April 1, 2026. This appears to be a repeat attack on the same target rather than an initial compromise.
Date: 2026-04-01T13:31:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823979
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: India
Victim Industry: Unknown
Victim Organization: Polar India
Victim Site: www.polarindia.co.in
Website defacement of ProAtWork by Rici144 (Ratman team)
Category: Defacement
Content: ProAtWork website was defaced by attacker Rici144 affiliated with the Ratman team on April 1st, 2026. The defacement targeted a specific media directory path on the Belgian professional services website.
Date: 2026-04-01T13:30:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823980
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Belgium
Victim Industry: Professional Services
Victim Organization: ProAtWork
Victim Site: www.proatwork.be
Website defacement of Prylstaden.fi by Rici144 (Ratman team)
Category: Defacement
Content: Attacker Rici144 from the Ratman team successfully defaced a page on the prylstaden.fi website on April 1, 2026. The incident appears to be a single page defacement rather than a mass or home page attack.
Date: 2026-04-01T13:30:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823981
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Finland
Victim Industry: Unknown
Victim Organization: Prylstaden
Victim Site: prylstaden.fi
Website defacement of Raceline by Rici144 (Ratman team)
Category: Defacement
Content: Threat actor Rici144 from the Ratman team successfully defaced the Belgian racing company Racelines website on April 1, 2026. The attack targeted a specific media/customer directory on the site.
Date: 2026-04-01T13:29:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823983
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Belgium
Victim Industry: Automotive/Racing
Victim Organization: Raceline
Victim Site: www.raceline.be
OpsShadowStrike targets the website of myfuturejob.in
Category: Defacement
Content: The group actor claims to have defaced the website of myfuturejob.in.
Date: 2026-04-01T13:29:43Z
Network: telegram
Published URL: https://t.me/OpsShadowStrike/220
Screenshots:
None
Threat Actors: OpsShadowStrike
Victim Country: India
Victim Industry: Human Resources
Victim Organization: myfuturejob.in
Victim Site: myfuturejob.in
Website defacement of Quick Heal Technologies by Rici144/Ratman team
Category: Defacement
Content: The cybersecurity company Quick Heal Technologies had their website defaced by attacker Rici144 from the Ratman team on April 1, 2026. The defacement targeted a specific media/customer section of the companys Indian domain.
Date: 2026-04-01T13:29:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823984
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: India
Victim Industry: Cybersecurity/Technology
Victim Organization: Quick Heal Technologies
Victim Site: www.quickheal.co.in
Website defacement of Shopping4Camping by Rici144/Ratman team
Category: Defacement
Content: The Belgian camping equipment retailer Shopping4Camping was defaced by attacker Rici144 associated with the Ratman team on April 1, 2026. The defacement targeted a media subdirectory of the e-commerce website.
Date: 2026-04-01T13:28:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823986
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Belgium
Victim Industry: Retail/E-commerce
Victim Organization: Shopping4Camping
Victim Site: www.shopping4camping.be
Alleged data breach of HauteLook
Category: Data Breach
Content: The threat actor claims to be leaked data from HauteLook. The compromised data reportedly contains 6.5 million records including User Id, Full names, user names, passwords and moreNote: This organization was previously breached on March 18 2022
Date: 2026-04-01T13:28:32Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-HAUTELOOK-COM-Fashion-Retail-6-5M-Users
Screenshots:
None
Threat Actors: xorcat
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: hautelook
Victim Site: hautelook.com
Website defacement of Stretch Group by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144 from team Ratman conducted a redefacement attack against Stretch Groups website on April 1, 2026. This appears to be a repeat attack on the Belgian organizations web presence.
Date: 2026-04-01T13:28:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823987
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Belgium
Victim Industry: Unknown
Victim Organization: Stretch Group
Victim Site: www.stretchgroup.be
Website defacement of Tires247 by Rici144 (Ratman team)
Category: Defacement
Content: The attacker Rici144, associated with the Ratman team, defaced a page on the Tires247 automotive retail website on April 1, 2026. The defacement targeted a specific customer media directory rather than the main homepage.
Date: 2026-04-01T13:27:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823988
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Arab Emirates
Victim Industry: Automotive/Retail
Victim Organization: Tires247
Victim Site: www.tires247.ae
Website defacement of uittokalusto.fi by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144 from the Ratman team defaced the Finnish website www.uittokalusto.fi on April 1, 2026. The defacement targeted a media subdirectory of the site.
Date: 2026-04-01T13:26:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823990
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Finland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: www.uittokalusto.fi
Website defacement of TyresCart by Rici144 (Ratman team)
Category: Defacement
Content: Attacker Rici144, associated with the Ratman team, successfully defaced the TyresCart automotive retail website on April 1, 2026. The defacement targeted a specific media directory path on the UAE-based tire retailers website.
Date: 2026-04-01T13:26:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823991
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United Arab Emirates
Victim Industry: Automotive/Retail
Victim Organization: TyresCart
Victim Site: www.tyrescart.ae
Website defacement of Verberckmoes by Rici144/Ratman team
Category: Defacement
Content: Cybercriminal Rici144 from the Ratman team conducted a redefacement attack against the Belgian website www.verberckmoes.be on April 1, 2026. This marks a repeat compromise of the same target by the threat actor.
Date: 2026-04-01T13:25:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823993
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Belgium
Victim Industry: Unknown
Victim Organization: Verberckmoes
Victim Site: www.verberckmoes.be
Website defacement of Vipra by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from team Ratman conducted a redefacement of the Finnish website www.vipra.fi on April 1, 2026. This incident represents a repeated compromise of the same target by the threat actor.
Date: 2026-04-01T13:25:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823995
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Finland
Victim Industry: Unknown
Victim Organization: Vipra
Victim Site: www.vipra.fi
Alleged data breach of Eyeem
Category: Data Breach
Content: The threat actor claims to be leaked data from EyeEm. The compromised data reportedly contains 3,800,000 records including User ID, Email Address, Username, Password, Display Name, Full Name, Location, Registration Date, Followers Count, Photo Count, Camera Equipment, Website/Portfolio.NB: This organization was previously breached on February 28 2018
Date: 2026-04-01T13:24:57Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-EYEEM-COM-Photography-Platform-3-8M-Users
Screenshots:
None
Threat Actors: xorcat
Victim Country: Germany
Victim Industry: Photography
Victim Organization: eyeem
Victim Site: eyeem.com
Website defacement of Vital Agriculture by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team defaced the Vital Agriculture website on April 1st, 2026. The defacement targeted a Belgian agricultural companys media subdirectory.
Date: 2026-04-01T13:24:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823996
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Belgium
Victim Industry: Agriculture
Victim Organization: Vital Agriculture
Victim Site: www.vital-agriculture.be
Website defacement of Yacht Supplier by Rici144/Ratman team
Category: Defacement
Content: The yacht supplier website www.yachtsupplier.be was defaced by attacker Rici144, associated with the Ratman team, on April 1, 2026. The defacement targeted a specific media subdirectory rather than the main homepage.
Date: 2026-04-01T13:24:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823998
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Belgium
Victim Industry: Marine/Yachting Services
Victim Organization: Yacht Supplier
Victim Site: www.yachtsupplier.be
Website defacement of Worbis by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team conducted a redefacement attack against the Finnish website www.worbis.fi on April 1, 2026. This represents a subsequent attack on a previously compromised target.
Date: 2026-04-01T13:23:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823999
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Finland
Victim Industry: Unknown
Victim Organization: Worbis
Victim Site: www.worbis.fi
Website defacement of FN Verlag by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team successfully defaced the FN Verlag website on April 1, 2026. The defacement targeted a German publishing companys media customer portal section.
Date: 2026-04-01T13:23:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824002
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Publishing
Victim Organization: FN Verlag
Victim Site: www.fnverlag.de
Website defacement of paulmarius.de by Rici144/Ratman team
Category: Defacement
Content: The website paulmarius.de was defaced by attacker Rici144 from the Ratman team on April 1, 2026. This appears to be a redefacement of a previously compromised site.
Date: 2026-04-01T13:22:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/824004
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: paulmarius.de
Alleged distribution of multi-company credential combolist targeting major corporations
Category: Combo List
Content: Threat actor distributes credential combolist containing 11 million entries allegedly targeting multiple major corporations across various industries including pharmaceutical, financial, technology, and energy sectors. The credentials are being distributed through Telegram channels.
Date: 2026-04-01T13:14:14Z
Network: openweb
Published URL: https://crackingx.com/threads/70687/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Multiple
Victim Organization: Lam Research, AstraZeneca, LVMH, RTX, Philip Morris, Shell, Wells Fargo, IBM, GE Vernova
Victim Site: Unknown
Alleged leak of German shopping site credentials
Category: Combo List
Content: A threat actor shared a combolist containing 335,917 credential pairs allegedly from German shopping websites. The data is being distributed for free via a cloud storage link.
Date: 2026-04-01T13:13:55Z
Network: openweb
Published URL: https://crackingx.com/threads/70688/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Lookbook
Category: Data Breach
Content: The threat actor claims to be leaked data from Lookbook. The compromised data reportedly contains 1.2M Users records including User Id, Usernames, Password, Email Address and moreNote: This Organization was previously breached on April 17 2023
Date: 2026-04-01T13:07:44Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-LOOKBOOK-NU-Fashion-Social-1-2M-Users
Screenshots:
None
Threat Actors: xorcat
Victim Country: USA
Victim Industry: Social Media & Online Social Networking
Victim Organization: lookbook
Victim Site: lookbook.com
Website defacement of Paradies Pool by Rici144/Ratman team
Category: Defacement
Content: The German swimming pool services website paradies-pool.de was defaced by attacker Rici144 associated with the Ratman team on April 1, 2026. This incident represents a redefacement of a previously compromised target.
Date: 2026-04-01T13:05:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823850
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Recreation/Swimming Pool Services
Victim Organization: Paradies Pool
Victim Site: paradies-pool.de
Alleged leak of Polish credential list
Category: Combo List
Content: A threat actor shared a credential list containing 5,688 lines of access credentials allegedly targeting Polish entities. The data is being distributed for free download on an underground forum.
Date: 2026-04-01T13:04:46Z
Network: openweb
Published URL: https://crackingx.com/threads/70686/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Merkle-Shop by Rici144/Ratman team
Category: Defacement
Content: German e-commerce website Merkle-Shop was defaced by attacker Rici144 affiliated with the Ratman team on April 1, 2026. This incident represents a redefacement of the target site rather than an initial compromise.
Date: 2026-04-01T13:04:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823852
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: E-commerce/Retail
Victim Organization: Merkle Shop
Victim Site: merkle-shop.de
Website defacement of pop.de by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144 from the Ratman team conducted a redefacement of the German domain pop.de, specifically targeting a customer address section of the website on April 1, 2026.
Date: 2026-04-01T13:04:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823853
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: pop.de
Website defacement of project-camper.de by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team conducted a redefacement of the project-camper.de website on April 1, 2026. This appears to be a targeted attack against a German domain, with the incident documented on zone-xsec.com mirror.
Date: 2026-04-01T13:03:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823854
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: www.project-camper.de
Website defacement of Raab Verlag by Rici144/Ratman team
Category: Defacement
Content: German publishing company Raab Verlag was defaced by attacker Rici144 associated with the Ratman team on April 1, 2026. The defacement targeted a specific media/customer page rather than the main homepage.
Date: 2026-04-01T13:02:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823855
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Publishing
Victim Organization: Raab Verlag
Victim Site: www.raab-verlag.de
Website defacement of Reisebank by Rici144/Ratman team
Category: Defacement
Content: Redefacement attack targeting German financial services company Reisebanks website conducted by attacker Rici144 affiliated with Ratman team on April 1, 2026.
Date: 2026-04-01T13:02:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823856
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Financial Services
Victim Organization: Reisebank
Victim Site: www.reisebank.de
Website defacement of Reiss Laboratory Supplies by Rici144/Ratman team
Category: Defacement
Content: The German laboratory equipment supplier Reiss Laboratory Supplies was defaced by attacker Rici144 from the Ratman team on April 1, 2026. The defacement targeted a media subdirectory of the companys website.
Date: 2026-04-01T13:01:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823857
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Laboratory Equipment/Scientific Supplies
Victim Organization: Reiss Laboratory Supplies
Victim Site: www.reiss-laborbedarf.de
Website defacement of Rhein-Neckar-Markt by Rici144 (Ratman team)
Category: Defacement
Content: The German regional publication Rhein-Neckar-Markt website was defaced by attacker Rici144 from the Ratman team on April 1, 2026. This incident represents a redefacement, indicating the site may have been previously compromised.
Date: 2026-04-01T13:01:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823858
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Media/Publishing
Victim Organization: Rhein-Neckar-Markt
Victim Site: www.rhein-neckar-markt.de
Website defacement of Rettungspfoten animal rescue by Rici144/Ratman team
Category: Defacement
Content: The Rettungspfoten animal rescue organization website was defaced by attacker Rici144 from the Ratman team on April 1, 2026. This appears to be a redefacement of a previously compromised site rather than an initial attack.
Date: 2026-04-01T13:00:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823859
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Non-profit/Animal Welfare
Victim Organization: Rettungspfoten
Victim Site: www.rettungspfoten.de
Website defacement of sogood.de by Rici144/Ratman team
Category: Defacement
Content: The website sogood.de was defaced by attacker Rici144 affiliated with the Ratman team on April 1, 2026. This incident represents a redefacement of a previously compromised site.
Date: 2026-04-01T13:00:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823861
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: sogood.de
Website defacement of Stein-Mosaik by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144 from the Ratman team conducted a redefacement of the German mosaic/stone company Stein-Mosaiks website on April 1st, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-01T12:59:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823862
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Construction/Building Materials
Victim Organization: Stein-Mosaik
Victim Site: www.stein-mosaik.de
Website defacement of Stegplatten-Shop by Rici144/Ratman team
Category: Defacement
Content: The German e-commerce website Stegplatten-Shop was defaced by attacker Rici144 from the Ratman team on April 1, 2026. The defacement targeted the media directory of the online retailers website.
Date: 2026-04-01T12:58:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823863
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Retail/E-commerce
Victim Organization: Stegplatten-Shop
Victim Site: www.stegplatten-shop.de
Website defacement of Swarco Dambach by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144 from team Ratman conducted a redefacement of the Swarco Dambach shop website on April 1, 2026. This was identified as a repeat attack on the same target rather than an initial compromise.
Date: 2026-04-01T12:58:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823865
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Technology/Industrial
Victim Organization: Swarco Dambach
Victim Site: www.swarco-dambach-shop.de
Website defacement of Swimea by Rici144/Ratman team
Category: Defacement
Content: The website swimea.de was defaced by attacker Rici144 associated with the Ratman team on April 1, 2026. This incident appears to be a redefacement of a previously compromised target.
Date: 2026-04-01T12:57:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823866
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Swimea
Victim Site: swimea.de
Website defacement of Taschen-bedrucken.de by Rici144/Ratman team
Category: Defacement
Content: Website defacement incident targeting German bag printing company taschen-bedrucken.de by attacker Rici144 associated with Ratman team on April 1, 2026. This was identified as a redefacement incident, indicating the site had been previously compromised.
Date: 2026-04-01T12:57:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823868
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Retail/E-commerce
Victim Organization: Taschen-bedrucken
Victim Site: taschen-bedrucken.de
Website defacement of tassenfuzzi.de by Rici144 (Ratman team)
Category: Defacement
Content: On April 1, 2026, attacker Rici144 from the Ratman team defaced a subdirectory of the German website tassenfuzzi.de. The defacement targeted a specific media/custom path rather than the main homepage.
Date: 2026-04-01T12:56:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823869
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Tassenfuzzi
Victim Site: tassenfuzzi.de
Website defacement of Uhren Versand Herne by Rici144/Ratman team
Category: Defacement
Content: German watch retailer Uhren Versand Herne was defaced by attacker Rici144 from the Ratman team on April 1, 2026. This appears to be a redefacement of a previously compromised site.
Date: 2026-04-01T12:56:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823871
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Retail/E-commerce
Victim Organization: Uhren Versand Herne
Victim Site: www.uhren-versand-herne.de
Website defacement of Toscana Mainz restaurant by Rici144/Ratman team
Category: Defacement
Content: The website of Toscana Mainz, a restaurant in Germany, was defaced by attacker Rici144 affiliated with the Ratman team on April 1, 2026. The defacement targeted a specific media directory rather than the homepage.
Date: 2026-04-01T12:55:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823872
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Food Service
Victim Organization: Toscana Mainz
Victim Site: www.toscana-mainz.de
Website defacement of Tutorial Experts by Rici144/Ratman team
Category: Defacement
Content: The German educational website tutorial-experts.de was defaced by attacker Rici144 affiliated with the Ratman team on April 1, 2026. The defacement targeted the media subdirectory of the site.
Date: 2026-04-01T12:54:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823873
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Education/Training
Victim Organization: Tutorial Experts
Victim Site: tutorial-experts.de
Website defacement of Wein Weuste by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144 from the Ratman team successfully defaced a subdirectory of the German wine company Wein Weustes website on April 1st, 2026. The defacement targeted a specific media/custom directory rather than the main homepage.
Date: 2026-04-01T12:54:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823874
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Food and Beverage
Victim Organization: Wein Weuste
Victim Site: www.wein-weuste.de
Website defacement of xylit-echt-billig.de by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team defaced the German e-commerce website xylit-echt-billig.de on April 1, 2026. The defacement targeted the media directory of the xylitol product retailers website.
Date: 2026-04-01T12:53:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823877
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: E-commerce
Victim Organization: Xylit Echt Billig
Victim Site: xylit-echt-billig.de
Website defacement of WSS Berlin by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144, affiliated with team Ratman, conducted a redefacement attack against WSS Berlins website on April 1, 2026. This marks a repeat targeting of the same victim organization.
Date: 2026-04-01T12:53:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823878
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: WSS Berlin
Victim Site: wss-berlin.de
Website defacement of Equipol by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from team Ratman defaced the Equipol website on April 1, 2026. This was identified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-01T12:47:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823735
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Unknown
Victim Organization: Equipol
Victim Site: www.equipol.fr
Website defacement of Ferme Avicole Declerck by Rici144/Ratman team
Category: Defacement
Content: The Ratman team, specifically attacker Rici144, defaced the website of French poultry farm Ferme Avicole Declerck. This appears to be a redefacement of a previously compromised site.
Date: 2026-04-01T12:46:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823736
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Agriculture
Victim Organization: Ferme Avicole Declerck
Victim Site: www.fermeavicoledeclerck.fr
Website defacement of HelpCard organization by Rici144/Ratman team
Category: Defacement
Content: The HelpCard organization website was defaced by attacker Rici144 affiliated with the Ratman team on April 1, 2026. The defacement targeted a specific media directory on the helpcard.org domain.
Date: 2026-04-01T12:46:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823737
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Non-profit/Charity
Victim Organization: HelpCard
Victim Site: helpcard.org
Website defacement of HM Renov26 by Rici144/Ratman team
Category: Defacement
Content: French renovation company HM Renov26s website was defaced by attacker Rici144 associated with the Ratman team on April 1, 2026. The defacement targeted a specific media directory path on the companys website.
Date: 2026-04-01T12:45:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823738
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Construction/Renovation
Victim Organization: HM Renov26
Victim Site: hmrenov26.fr
Website defacement of joute-et-jeux.fr by Rici144/Ratman team
Category: Defacement
Content: Threat actor Rici144 from the Ratman team conducted a redefacement attack against the French entertainment website joute-et-jeux.fr on April 1, 2026. This appears to be a targeted single-site defacement rather than a mass attack.
Date: 2026-04-01T12:44:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823739
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Entertainment
Victim Organization: Joute et Jeux
Victim Site: joute-et-jeux.fr
Website defacement of Kabelis by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team successfully defaced the Kabelis website on April 1st, 2026. The defacement targeted a specific media/customer section of the French domain.
Date: 2026-04-01T12:44:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823740
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Unknown
Victim Organization: Kabelis
Victim Site: www.kabelis.fr
Website defacement of Le Roi De La Fenetre by Rici144/Ratman team
Category: Defacement
Content: Threat actor Rici144 from the Ratman team defaced the French window/construction company Le Roi De La Fenetres website on April 1, 2026. This appears to be a redefacement of a previously compromised site.
Date: 2026-04-01T12:43:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823741
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Retail/Construction
Victim Organization: Le Roi De La Fenetre
Victim Site: www.leroidelafenetre.fr
Website defacement of Meuble-Promo by Rici144/Ratman team
Category: Defacement
Content: The French furniture retailer Meuble-Promo website was defaced by attacker Rici144 from the Ratman team on April 1, 2026. The attack targeted a specific media directory within the site rather than the homepage.
Date: 2026-04-01T12:43:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823742
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Retail/Furniture
Victim Organization: Meuble-Promo
Victim Site: www.meuble-promo.fr
Website defacement of Menzzo by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144 from the Ratman team defaced the French furniture retailer Menzzos website on April 1, 2026. The defacement targeted a specific media/customer directory rather than the homepage.
Date: 2026-04-01T12:42:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823743
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Retail/E-commerce
Victim Organization: Menzzo
Victim Site: www.menzzo.fr
Website defacement of Motonice by Rici144 (Ratman team)
Category: Defacement
Content: The attacker Rici144, affiliated with the Ratman team, defaced the Motonice website on April 1st, 2026. The incident targeted a French motorcycle retailers media directory.
Date: 2026-04-01T12:42:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823744
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Retail/Automotive
Victim Organization: Motonice
Victim Site: motonice.fr
Alleged data leak of Claude
Category: Data Leak
Content: ANTHROPIC has confirmed an accidental source code leak affecting its AI coding assistant, Claude Code, caused by a packaging error in an npm release. The issue exposed a large portion of the codebase through a source map file, making it publicly accessible before the affected version was removed. According to the company, the incident was due to human error rather than a security breach, and there is no impact on customer data or credentials. The exposed code has since circulated online, revealing internal features and architecture details of the tool. Anthropic stated it is implementing safeguards to prevent similar incidents and is continuing to monitor the situation.
Date: 2026-04-01T12:41:51Z
Network: openweb
Published URL: https://thehackernews.com/2026/04/claude-code-tleaked-via-npm-packaging.html
Screenshots:
None
Threat Actors:
Victim Country: USA
Victim Industry: Software
Victim Organization: claude
Victim Site: claude.ai
Website defacement of NUK by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144 from the Ratman team defaced a customer address page on the NUK website on April 1, 2026. The incident targeted a specific subdirectory rather than the main site homepage.
Date: 2026-04-01T12:41:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823745
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Unknown
Victim Organization: NUK
Victim Site: www.nuk.fr
Website defacement of paulmarius.fr by Rici144/Ratman team
Category: Defacement
Content: The website paulmarius.fr was defaced by attacker Rici144 associated with the Ratman team on April 1, 2026. This incident represents a redefacement of the target site.
Date: 2026-04-01T12:41:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823747
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: paulmarius.fr
Website defacement of PhotoWeb by Rici144 (Ratman team)
Category: Defacement
Content: Rici144 from the Ratman team conducted a redefacement attack against PhotoWeb, a French photography and printing service website. The incident occurred on April 1, 2026, targeting the media/customer section of the site.
Date: 2026-04-01T12:40:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823748
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Photography/E-commerce
Victim Organization: PhotoWeb
Victim Site: www.photoweb.fr
Website defacement of playthis.org by Rici144/Ratman team
Category: Defacement
Content: The gaming/entertainment website playthis.org was defaced by attacker Rici144, operating as part of the Ratman team. The defacement occurred on April 1, 2026, targeting the media section of the website.
Date: 2026-04-01T12:39:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823749
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Gaming/Entertainment
Victim Organization: PlayThis
Victim Site: playthis.org
Website defacement of PNI by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team defaced the PNI website on April 1, 2026, targeting the customer address section of their media portal.
Date: 2026-04-01T12:39:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823751
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Unknown
Victim Organization: PNI
Victim Site: www.pni.fr
Website defacement of Pro-Living by Rici144 (Ratman team)
Category: Defacement
Content: The attacker Rici144, associated with the Ratman team, successfully defaced the Pro-Living website on April 1st, 2026. This appears to be a single-target defacement incident affecting the French organizations media directory.
Date: 2026-04-01T12:38:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823752
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Unknown
Victim Organization: Pro-Living
Victim Site: www.pro-living.fr
Website defacement of Ressorts Sodemann by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144 from team Ratman conducted a redefacement of the French spring manufacturing company Ressorts Sodemanns website on April 1, 2026. This represents a targeted attack against a single organization rather than a mass defacement campaign.
Date: 2026-04-01T12:38:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823753
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Manufacturing
Victim Organization: Ressorts Sodemann
Victim Site: www.ressorts-sodemann.fr
Website defacement of Reverdy by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team successfully defaced a subdirectory of the Reverdy website on April 1, 2026. The defacement targeted a customer media section of the French organizations website.
Date: 2026-04-01T12:37:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823754
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Unknown
Victim Organization: Reverdy
Victim Site: www.reverdy.fr
Website defacement of Secretbox by Rici144 (Ratman team)
Category: Defacement
Content: The attacker Rici144, affiliated with the Ratman team, defaced the French website www.secretbox.fr on April 1, 2026. This incident was identified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-01T12:37:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823755
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Unknown
Victim Organization: Secretbox
Victim Site: www.secretbox.fr
Website defacement of Tecnosell by Ratman team member Rici144
Category: Defacement
Content: French technology company Tecnosell suffered a website defacement attack on April 1, 2026, carried out by attacker Rici144 who is affiliated with the Ratman team. The attack targeted a specific media directory on the companys website rather than the main homepage.
Date: 2026-04-01T12:36:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823756
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Technology/E-commerce
Victim Organization: Tecnosell
Victim Site: www.tecnosell.fr
Website defacement of Topper by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team successfully defaced the Topper.fr website on April 1, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-01T12:35:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823758
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Unknown
Victim Organization: Topper
Victim Site: www.topper.fr
Website defacement of TotalSport by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144, associated with the Ratman team, defaced a page on the TotalSport French sports website on April 1st, 2026. This appears to be a targeted single-page defacement rather than a mass attack.
Date: 2026-04-01T12:35:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823759
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Sports/Recreation
Victim Organization: TotalSport
Victim Site: www.totalsport.fr
Website defacement of Vital Agriculture by Rici144/Ratman team
Category: Defacement
Content: The French agriculture company Vital Agriculture had their website defaced by attacker Rici144, operating as part of the Ratman team, on April 1, 2026.
Date: 2026-04-01T12:34:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823761
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Agriculture
Victim Organization: Vital Agriculture
Victim Site: www.vital-agriculture.fr
Website defacement of Voilerie Rochard by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team conducted a redefacement attack against French sail manufacturer Voilerie Rochards website on April 1, 2026. This appears to be a repeat attack against the same target.
Date: 2026-04-01T12:34:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823762
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Manufacturing
Victim Organization: Voilerie Rochard
Victim Site: voilerie-rochard.fr
Alleged distribution of credential combolists targeting major corporations
Category: Combo List
Content: Threat actor CODER is distributing a 14 million credential combolist allegedly containing data from major corporations including Home Depot, Coca-Cola, Toyota Motor, and Cisco Systems through Telegram channels.
Date: 2026-04-01T12:34:17Z
Network: openweb
Published URL: https://crackingx.com/threads/70683/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Multiple
Victim Organization: Home Depot, Coca-Cola, Toyota Motor, Cisco Systems
Victim Site: Unknown
Website defacement of webstore-securite.fr by Rici144 (Ratman team)
Category: Defacement
Content: The attacker Rici144, associated with the Ratman team, successfully defaced a French security-related webstore on April 1, 2026. The attack targeted the media section of the website, though specific technical details and motivations remain unknown.
Date: 2026-04-01T12:33:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823763
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Technology/Security
Victim Organization: Webstore Securite
Victim Site: webstore-securite.fr
Website defacement of Zacatrus by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144, affiliated with the Ratman team, successfully defaced the French gaming retailer Zacatrus website on April 1, 2026. The defacement targeted a customer-related page on the zacatrus.fr domain.
Date: 2026-04-01T12:33:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823765
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Retail/Gaming
Victim Organization: Zacatrus
Victim Site: zacatrus.fr
Website defacement of yogitri.fr by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144, associated with the Ratman team, defaced the French website yogitri.fr on April 1st, 2026. The attack targeted a specific media/customer subdirectory of the site.
Date: 2026-04-01T12:32:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823766
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: France
Victim Industry: Unknown
Victim Organization: Yogitri
Victim Site: yogitri.fr
Alleged sale of Asociación de Institutos de Enseñanza Privada de Argentina database
Category: Data Breach
Content: The threat actor claims to be selling the dataset allegedly originating from AIEPA, an Argentine association representing private educational institutions. The dataset contains across multiple sections, including contacts, event registrations, and billing/account data.
Date: 2026-04-01T12:24:14Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-423k-Argentina-www-aiepba-org-ar-Personal-contact-and-professional-details-datas
Screenshots:
None
Threat Actors: Grubder
Victim Country: Argentina
Victim Industry: Education
Victim Organization: asociación de institutos de enseñanza privada de argentina (aiepa)
Victim Site: aiepba.org.ar
Alleged data leak of Stalker.so
Category: Data Leak
Content: The threat actor claims to be leaked data from Stalker.so. The compromised data reportedly contains 500K records including User ID, Email Address, Username, Password, Full Name, Phone Number, City, Registration Date, Last Login, Friends Count, Photos Count.
Date: 2026-04-01T12:21:28Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-STALKER-SO-Russian-Social-Network-500K-User
Screenshots:
None
Threat Actors: xorcat
Victim Country: Russia
Victim Industry: Gaming
Victim Organization: Unknown
Victim Site: stalker.so
Alleged data breach of St. Joseph County
Category: Data Breach
Content: The threat actor claims to have breached over 2 TB of sensitive data from St. Joseph County, including records from the prosecutor’s office, health centers, and police, along with releasing thousands of confidential documents.
Date: 2026-04-01T12:17:58Z
Network: openweb
Published URL: https://handala-hack.tw/st-joseph-county-hacked/
Screenshots:
None
Threat Actors: Handala Hack
Victim Country: USA
Victim Industry: Government Administration
Victim Organization: st. joseph county
Victim Site: sjcindiana.gov
Alleged leak of mixed stealer logs containing credentials
Category: Combo List
Content: Threat actor fatetraffic shared a collection of 1,401 mixed stealer logs dated April 1, 2026, made available for free download via file hosting service.
Date: 2026-04-01T12:13:00Z
Network: openweb
Published URL: https://crackingx.com/threads/70680/
Screenshots:
None
Threat Actors: fatetraffic
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credential combolist via Telegram channel
Category: Combo List
Content: Threat actor universal_mail is distributing a credential combolist containing valid email access combinations through a private Telegram channel. The post promotes a mail checker tool and provides access to validated credential hits.
Date: 2026-04-01T12:12:38Z
Network: openweb
Published URL: https://crackingx.com/threads/70681/
Screenshots:
None
Threat Actors: universal_mail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of DuelingNetwork
Category: Data Leak
Content: The threat actor claims to be leaked data from DuelingNetwork. The compromised data reportedly contains 2.5 million records including user id, Email address, Usernames, Password, Display names, Country and more Note: This organization was previously breached on March 29 2017
Date: 2026-04-01T12:05:17Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-DUELINGNETWORK-COM-Yu-Gi-Oh-Platform-2-5M-Users
Screenshots:
None
Threat Actors: xorcat
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: duelingnetwork
Victim Site: duelingnetwork.com
Website defacement of lcd-rgb.com by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team defaced the LCD RGB website on April 1, 2026. The defacement targeted a customer-related subdirectory of the electronics companys website.
Date: 2026-04-01T12:04:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823630
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Technology/Electronics
Victim Organization: LCD RGB
Victim Site: lcd-rgb.com
Website defacement of Mage Expo by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team defaced the Mage Expo website on April 1, 2026. The incident targeted a subdirectory of the events/exhibitions companys website.
Date: 2026-04-01T12:03:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823632
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Events/Exhibitions
Victim Organization: Mage Expo
Victim Site: mage-expo.com
Website defacement of MageWorx by Rici144/Ratman team
Category: Defacement
Content: MageWorx website was defaced by attacker Rici144 associated with the Ratman team on April 1, 2026. This incident represents a redefacement of a previously compromised target.
Date: 2026-04-01T12:02:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823633
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: MageWorx
Victim Site: mageworx.com
Website defacement of Nassau Magnet by Rici144 (Ratman team)
Category: Defacement
Content: Attacker Rici144 from the Ratman team defaced the Nassau Magnet company website on April 1, 2026. The incident targeted a specific media directory rather than the homepage and was not part of a mass defacement campaign.
Date: 2026-04-01T12:02:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823636
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Manufacturing
Victim Organization: Nassau Magnet
Victim Site: www.nassmagnet.com
Website defacement of North Bay Trading by Rici144 (Ratman team)
Category: Defacement
Content: Attacker Rici144 from the Ratman team defaced the North Bay Trading website on April 1, 2026. This appears to be a redefacement of a previously compromised site.
Date: 2026-04-01T12:01:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823637
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Trading/Commerce
Victim Organization: North Bay Trading
Victim Site: northbaytrading.com
Website defacement of NYIF Global by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144, affiliated with the Ratman team, defaced a media subdirectory of the NYIF Global website on April 1st, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-01T12:01:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823639
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: NYIF Global
Victim Site: www.nyif-global.com
Website defacement of OlaKrutrim by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144 from the Ratman team successfully defaced a media section of the OlaKrutrim website on April 1, 2026. This appears to be a targeted single-site defacement rather than a mass attack or redefacement.
Date: 2026-04-01T12:00:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823641
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: India
Victim Industry: Technology
Victim Organization: OlaKrutrim
Victim Site: olakrutrim.com
Website defacement of peter-polo.com by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team conducted a redefacement of peter-polo.com on April 1, 2026. This appears to be a targeted attack against a specific subdirectory rather than the main homepage.
Date: 2026-04-01T11:59:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823642
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Peter Polo
Victim Site: peter-polo.com
Website defacement of Rayher by Rici144/Ratman team
Category: Defacement
Content: Rayher arts and crafts retailer website was defaced by attacker Rici144 from the Ratman team on April 1st, 2026. This appears to be a redefacement of a previously compromised site.
Date: 2026-04-01T11:59:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823643
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Germany
Victim Industry: Retail/Arts and Crafts
Victim Organization: Rayher
Victim Site: rayher.com
Website defacement of RTC Cuba by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144, associated with the Ratman team, successfully defaced the RTC Cuba website on April 1, 2026. The defacement targeted a specific media/customer page rather than the homepage.
Date: 2026-04-01T11:58:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823644
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Cuba
Victim Industry: Unknown
Victim Organization: RTC Cuba
Victim Site: www.rtccuba.com
Website defacement of Sacer Shop by Rici144/Ratman team
Category: Defacement
Content: The Ratman team member Rici144 conducted a redefacement attack against Sacer Shops e-commerce website on April 1, 2026. This appears to be a targeted defacement of a commercial retail site rather than a mass defacement campaign.
Date: 2026-04-01T11:57:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823645
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Sacer Shop
Victim Site: sacer-shop.com
Website defacement of Sacer by Rici144 (Ratman team)
Category: Defacement
Content: The attacker Rici144, affiliated with the Ratman team, successfully defaced the Chinese website www.sacer.com.cn on April 1, 2026. This was an isolated defacement incident targeting a specific page within the media section of the site.
Date: 2026-04-01T11:57:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823646
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: China
Victim Industry: Unknown
Victim Organization: Sacer
Victim Site: www.sacer.com.cn
Website defacement of Scooters Coffee by Rici144/Ratman team
Category: Defacement
Content: The Ratman team, specifically attacker Rici144, conducted a redefacement attack against Scooters Coffees website on April 1, 2026. This appears to be a repeat attack on the same target rather than an initial compromise.
Date: 2026-04-01T11:56:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823647
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United States
Victim Industry: Food and Beverage
Victim Organization: Scooters Coffee
Victim Site: www.scooterscoffee.com
Website defacement of Strunz.com by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team successfully defaced the Strunz.com website on April 1, 2026. The defacement targeted a specific media/customer section of the site rather than the homepage.
Date: 2026-04-01T11:56:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823648
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Strunz
Victim Site: www.strunz.com
Website defacement of Taurus Legend by Rici144/Ratman team
Category: Defacement
Content: Australian website tauruslegend.com.au was defaced by attacker Rici144 associated with the Ratman team on April 1, 2026. The defacement targeted a media subdirectory of the site.
Date: 2026-04-01T11:55:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823650
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Taurus Legend
Victim Site: tauruslegend.com.au
Website defacement of thebasketbd.com by Rici144/Ratman team
Category: Defacement
Content: Website defacement attack conducted by attacker Rici144 affiliated with Ratman team against Bangladeshi sports website thebasketbd.com on April 1, 2026. The attack targeted a specific media directory rather than the homepage.
Date: 2026-04-01T11:55:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823651
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Bangladesh
Victim Industry: Sports/Recreation
Victim Organization: The Basket BD
Victim Site: thebasketbd.com
Website defacement of Goa Duty Free by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from team Ratman conducted a redefacement of the Goa Duty Free website on April 1, 2026. This appears to be a subsequent attack on a previously compromised retail website.
Date: 2026-04-01T11:54:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823653
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: India
Victim Industry: Retail
Victim Organization: Goa Duty Free
Victim Site: www.thegoadutyfree.com
Website defacement of TourSpec Golf by Rici144 (Ratman team)
Category: Defacement
Content: Rici144 from the Ratman team conducted a redefacement attack against TourSpec Golfs website on April 1, 2026. The attack targeted a specific media directory rather than the main homepage.
Date: 2026-04-01T11:53:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823654
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Sports/Recreation
Victim Organization: TourSpec Golf
Victim Site: www.tourspecgolf.com
Website defacement of Treon Store by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144 from the Ratman team conducted a redefacement attack against Treon Stores website on April 1, 2026. This was not the first compromise of this target, as indicated by the redefacement classification.
Date: 2026-04-01T11:53:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823655
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Treon Store
Victim Site: treonstore.com
Website defacement of TrustedSDK by Rici144/Ratman team
Category: Defacement
Content: Website defacement attack targeting TrustedSDKs media section conducted by attacker Rici144 associated with the Ratman team on April 1, 2026.
Date: 2026-04-01T11:52:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823656
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: TrustedSDK
Victim Site: www.trustedsdk.com
Website defacement of WaveFutura by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team conducted a redefacement of the WaveFutura website on April 1, 2026. This appears to be a repeat attack on the same target, indicating persistent threat actor interest in this organization.
Date: 2026-04-01T11:52:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823657
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: WaveFutura
Victim Site: www.wavefutura.com
Website defacement of xinbaian.com.cn by Rici144 (Ratman team)
Category: Defacement
Content: Chinese website xinbaian.com.cn was defaced by attacker Rici144 affiliated with the Ratman team on April 1, 2026. This was identified as a redefacement of the target system.
Date: 2026-04-01T11:51:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823658
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: xinbaian.com.cn
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a sample of 645 Hotmail credentials on a cybercrime forum as a free download.
Date: 2026-04-01T11:51:23Z
Network: openweb
Published URL: https://crackingx.com/threads/70678/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of zinko.com by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team successfully defaced zinko.com, specifically targeting a customer address page on the website. The defacement occurred on April 1st, 2026 and was documented with a mirror URL for evidence preservation.
Date: 2026-04-01T11:51:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823659
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Zinko
Victim Site: zinko.com
Alleged distribution of credential combolist targeting multiple e-commerce platforms
Category: Combo List
Content: Threat actor CODER is distributing a credential combolist containing 13 million username:password combinations allegedly valid for major platforms including Walmart, American Express, and Amazon. The credentials are being shared through Telegram channels for free access.
Date: 2026-04-01T11:51:05Z
Network: openweb
Published URL: https://crackingx.com/threads/70679/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Multiple (Walmart, American Express, Amazon)
Victim Site: Unknown
Alleged sale of NOS data
Category: Data Breach
Content: The threat actor claims to be selling a structured dataset originating from NOS, a major telecommunications provider in Portugal.
Date: 2026-04-01T11:49:30Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-284k-Portugal-www-nos-pt-Customer-records-with-emails-phone-numbers-addresses
Screenshots:
None
Threat Actors: Grubder
Victim Country: Portugal
Victim Industry: Network & Telecommunications
Victim Organization: nos, sgps s.a
Victim Site: nos.pt
Alleged data leak of Documents in UAE
Category: Data Leak
Content: The group claims to have leaked private documents in the UAE
Date: 2026-04-01T11:49:11Z
Network: telegram
Published URL: https://t.me/c/3816027580/5259
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters part 9
Victim Country: UAE
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of MPGH.NET
Category: Data Leak
Content: The threat actor claims to be leaked data from mpgh.net. The compromised data reportedly contains 2.85 million user records including account credentials and activity data, posing significant risks of credential compromise and user exposure.
Date: 2026-04-01T11:48:51Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-MPGH-NET-Multiplayer-Game-Hacking-2-85M-Users
Screenshots:
None
Threat Actors: xorcat
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Unknown
Victim Site: mpgh.net
Website defacement of labucovineanca.ro by aexdy (Leviathan Perfect Hunter team)
Category: Defacement
Content: The Romanian website labucovineanca.ro was defaced by attacker aexdy, associated with the Leviathan Perfect Hunter team, on April 1st, 2026. The defacement targeted a specific file (hx.txt) on the domain.
Date: 2026-04-01T11:45:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823523
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Romania
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: labucovineanca.ro
RASHTRIYA CYBER SENA targets the website of aspirants.edu.pk
Category: Defacement
Content: The group claims to have defaced the website of aspirants.edu.pk .
Date: 2026-04-01T11:44:15Z
Network: telegram
Published URL: https://t.me/teamRcs/194
Screenshots:
None
Threat Actors: RASHTRIYA CYBER SENA
Victim Country: Pakistan
Victim Industry: Education
Victim Organization: aspirants.edu.pk
Victim Site: aspirants.edu.pk
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor klyne05 shared a combolist containing Hotmail email credentials on CrackingX forum, claiming the data is private, fresh, and verified.
Date: 2026-04-01T11:41:31Z
Network: openweb
Published URL: https://crackingx.com/threads/70677/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
OpsShadowStrike targets the website of Kisor kumar NLP coach & consultant
Category: Defacement
Content: The group claims to have defaced the website of Kisor kumar NLP coach & consultant.
Date: 2026-04-01T11:40:06Z
Network: telegram
Published URL: https://t.me/OpsShadowStrike/218
Screenshots:
None
Threat Actors: OpsShadowStrike
Victim Country: India
Victim Industry: Professional Training
Victim Organization: nlp coaching academy india
Victim Site: nlpcoachindia.com
Alleged Data Leak of Avideo Sites User Credentials
Category: Data Leak
Content: The threat actor claims to be leaked 50K Avideo Sites User Credentials The compromised reportedly contains email addresses, usernames, and MD5-hashed passwords
Date: 2026-04-01T11:36:24Z
Network: openweb
Published URL: https://darkforums.su/Thread-avideo-sites-50k
Screenshots:
None
Threat Actors: polrbear
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of UE credential combolist
Category: Combo List
Content: Threat actor shared a credential combolist labeled UE COMBO on underground forum. The combolist is password protected and distributed through Telegram channel.
Date: 2026-04-01T11:32:41Z
Network: openweb
Published URL: https://crackingx.com/threads/70676/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: UE
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 18,000 unique Hotmail email and password combinations on a cybercrime forum.
Date: 2026-04-01T11:23:15Z
Network: openweb
Published URL: https://crackingx.com/threads/70675/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Data Breach of Starbucks Corporation
Category: Data Breach
Content: The threat actor claims to have breached Starbucks and exfiltrated approximately 10 GB of sensitive data, including source code and intellectual property.
Date: 2026-04-01T11:21:29Z
Network: openweb
Published URL: https://darkforums.su/Thread-ShadowByt3-Breaches-StarBucks
Screenshots:
None
Threat Actors: shadowbyt3$
Victim Country: USA
Victim Industry: Food & Beverages
Victim Organization: starbucks corporation
Victim Site: starbucks.com
Alleged distribution of credential combolists targeting multiple major organizations
Category: Combo List
Content: Threat actor CODER is distributing a 7 million record combolist containing credentials allegedly from major organizations including Tesla, Broadcom, Saudi Aramco, Amazon, Alphabet, Google, and Apple. The combolists are being shared through Telegram channels for free distribution.
Date: 2026-04-01T11:10:16Z
Network: openweb
Published URL: https://crackingx.com/threads/70674/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Tesla, Broadcom, Saudi Aramco, Amazon, Alphabet, Google, Apple
Victim Site: Unknown
Alleged Data Breach of Starbucks
Category: Data Breach
Content: The threat actor claims to be breached 10Gb data from Starbucks. The compromised data reportedly contains source code, proprietary systems, and internal operational technology information.
Date: 2026-04-01T11:07:09Z
Network: openweb
Published URL: https://darkforums.su/Thread-ShadowByt3-Breaches-StarBucks
Screenshots:
None
Threat Actors: BlackVortex1
Victim Country: USA
Victim Industry: Food & Beverages
Victim Organization: starbucks
Victim Site: tarbucks.com
Alleged leak of Japanese email credentials
Category: Combo List
Content: A threat actor shared a credential list containing 5,700 Japanese email accounts with full access credentials on an underground forum.
Date: 2026-04-01T11:01:18Z
Network: openweb
Published URL: https://crackingx.com/threads/70672/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German credential combolist
Category: Combo List
Content: A credential combolist containing 548,922 lines targeting German users has been made available for download on a cybercriminal forum.
Date: 2026-04-01T11:01:01Z
Network: openweb
Published URL: https://crackingx.com/threads/70673/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor FlashCloud2 claims to have private Hotmail valid credentials available on a cracking forum. The post content is hidden behind registration requirements, preventing verification of the scope or distribution method.
Date: 2026-04-01T10:50:03Z
Network: openweb
Published URL: https://crackingx.com/threads/70671/
Screenshots:
None
Threat Actors: FlashCloud2
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of Australian financial services data and cloned payment cards
Category: Data Breach
Content: Threat actor offering Australian non-VBV credit cards, cloned ATM cards, payment card dumps with PINs, and money transfer services via Telegram contact.
Date: 2026-04-01T10:40:27Z
Network: openweb
Published URL: https://crackingx.com/threads/70670/
Screenshots:
None
Threat Actors: crdtrox
Victim Country: Australia
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: Threat actor CODER is distributing a combolist containing 5 million Hotmail credentials across multiple domains (hotmail.com, hotmail.fr, hotmail.es) through Telegram channels. The credentials are being shared for free through dedicated Telegram groups.
Date: 2026-04-01T10:31:15Z
Network: openweb
Published URL: https://crackingx.com/threads/70668/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Iranian Cyberattack Threat Targeting Israel
Category: Cyber Attack
Content: A recent post by the group claims that Iranian-linked actors have infiltrated and hacked at least 50 security cameras and 60 Israeli companies.
Date: 2026-04-01T10:26:11Z
Network: telegram
Published URL: https://t.me/cyberbannews_ir/20885
Screenshots:
None
Threat Actors:
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of financial card data with PINs from multiple countries
Category: Combo List
Content: Threat actor is selling freshly skimmed credit card dumps with PINs from multiple countries including US, UK, Canada, Australia, and EU at prices ranging from $60-$80 per card. The actor claims the data includes both track 1 and track 2 data and is obtained firsthand.
Date: 2026-04-01T10:22:08Z
Network: openweb
Published URL: https://crackingx.com/threads/70665/
Screenshots:
None
Threat Actors: crdtrox
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 22,000 German email credentials with full mail access on a cybercrime forum.
Date: 2026-04-01T10:21:46Z
Network: openweb
Published URL: https://crackingx.com/threads/70666/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Kuwaiti Ministry of Higher Education Data
Category: Data Leak
Content: The threat actor claims to be selling a portion of data allegedly belonging to Kuwaiti citizens associated with the Ministry of Higher Education. The dataset contains sensitive personal and academic information.
Date: 2026-04-01T10:21:33Z
Network: openweb
Published URL: https://spear.cx/Thread-Kuwaiti-Ministry-of-Higher-Education-data-for-sale
Screenshots:
None
Threat Actors: null313
Victim Country: Kuwait
Victim Industry: Education
Victim Organization: ministry of higher education
Victim Site: mohe.edu.kw
Alleged leak of Gmail credentials
Category: Combo List
Content: Threat actor D4rkNetHub claims to have leaked over 100,000 Gmail credentials on a cybercrime forum. The post appears to offer access to a credential list containing Gmail accounts.
Date: 2026-04-01T10:21:28Z
Network: openweb
Published URL: https://crackingx.com/threads/70667/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Website defacement of TIA by Aptisme from Leviathan Perfect Hunter team
Category: Defacement
Content: The attacker Aptisme, affiliated with the Leviathan Perfect Hunter team, successfully defaced the TIA organizations website on April 1, 2026. The attack targeted a specific page on the Indian domain tia.org.in.
Date: 2026-04-01T10:14:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823505
Screenshots:
None
Threat Actors: Aptisme, Leviathan Perfect Hunter
Victim Country: India
Victim Industry: Unknown
Victim Organization: TIA
Victim Site: tia.org.in
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 2,596 Hotmail email and password combinations on a cybercriminal forum. The credentials are described as goods suggesting they are valid working accounts.
Date: 2026-04-01T10:11:30Z
Network: openweb
Published URL: https://crackingx.com/threads/70664/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of Global Springs by Rici144/Ratman team
Category: Defacement
Content: Portuguese manufacturing company Global Springs was defaced by attacker Rici144 from the Ratman team on April 1, 2026. This appears to be a redefacement of a previously compromised site.
Date: 2026-04-01T10:02:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823474
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Portugal
Victim Industry: Manufacturing
Victim Organization: Global Springs
Victim Site: www.global-springs.pt
Website defacement of Jomafe by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team conducted a redefacement of the Portuguese website www.jomafe.pt on April 1, 2026. This represents a repeat attack on the same target rather than an initial compromise.
Date: 2026-04-01T10:02:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823477
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Portugal
Victim Industry: Unknown
Victim Organization: Jomafe
Victim Site: www.jomafe.pt
Website defacement of Infantile Moveis by Rici144/Ratman team
Category: Defacement
Content: Brazilian furniture retailer Infantile Moveis suffered a website defacement attack by threat actor Rici144, associated with the Ratman team, on April 1, 2026.
Date: 2026-04-01T10:01:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823478
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Brazil
Victim Industry: Retail/Furniture
Victim Organization: Infantile Moveis
Victim Site: www.infantilemoveis.com.br
Website defacement of Lasso by Rici144 (Ratman team)
Category: Defacement
Content: Attacker Rici144 from the Ratman team conducted a redefacement attack against the Brazilian website www.lasso.com.br on April 1, 2026. This was identified as a redefacement incident, indicating the site had been previously compromised.
Date: 2026-04-01T10:01:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823479
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Lasso
Victim Site: www.lasso.com.br
Website defacement of Hunter Force Suplementos by Rici144 (Ratman team)
Category: Defacement
Content: Attacker Rici144 from the Ratman team conducted a redefacement attack against Hunter Force Suplementos, a supplements company website. The incident occurred on April 1, 2026 and represents a repeated targeting of the same victim.
Date: 2026-04-01T10:00:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823480
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Health and Wellness/Supplements
Victim Organization: Hunter Force Suplementos
Victim Site: www.hunterforcesuplementos.com
Website defacement of Maniaweb.com.br by Rici144/Ratman team
Category: Defacement
Content: Brazilian website www.maniaweb.com.br was defaced by attacker Rici144 from the Ratman team on April 1, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-01T09:59:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823482
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Maniaweb
Victim Site: www.maniaweb.com.br
Website defacement of Maple Bear educational platform by Rici144/Ratman team
Category: Defacement
Content: The Ratman team member Rici144 defaced a subdirectory of the Maple Bear educational store website in Brazil on April 1, 2026. This was an isolated defacement incident targeting the educational services platform.
Date: 2026-04-01T09:59:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823483
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Brazil
Victim Industry: Education
Victim Organization: Maple Bear
Victim Site: www.maplebearstore.com.br
Website defacement of Menzzo by Rici144 (Ratman team)
Category: Defacement
Content: The attacker Rici144, associated with the Ratman team, successfully defaced the Menzzo Portugal website on April 1st, 2026. The attack targeted a specific media/customer directory on the Portuguese retail companys website.
Date: 2026-04-01T09:58:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823484
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Portugal
Victim Industry: Retail/E-commerce
Victim Organization: Menzzo
Victim Site: www.menzzo.pt
Website defacement of meucabelonatural.com.br by Rici144/Ratman team
Category: Defacement
Content: Brazilian hair care website meucabelonatural.com.br was defaced by attacker Rici144 from the Ratman team on April 1, 2026. This appears to be a redefacement of a previously compromised site.
Date: 2026-04-01T09:58:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823485
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Brazil
Victim Industry: Beauty/Personal Care
Victim Organization: Meu Cabelo Natural
Victim Site: meucabelonatural.com.br
Website redefacement of petinelimais.com.br by Rici144/Ratman team
Category: Defacement
Content: The threat actor Rici144 from the Ratman team conducted a redefacement attack against the Brazilian website petinelimais.com.br on April 1st, 2026. This represents a repeat attack on the same target, indicating persistent unauthorized access to the website.
Date: 2026-04-01T09:57:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823489
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: petinelimais.com.br
Website defacement of Phebo by Rici144 (Ratman team)
Category: Defacement
Content: Brazilian cosmetics and fragrance company Phebo suffered a website defacement attack by threat actor Rici144 from the Ratman team on April 1, 2026.
Date: 2026-04-01T09:57:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823490
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Brazil
Victim Industry: Retail/Consumer Goods
Victim Organization: Phebo
Victim Site: www.phebo.com.br
Website defacement of pequenosecuriosos.com.br by Rici144 (Ratman team)
Category: Defacement
Content: The Brazilian educational website pequenosecuriosos.com.br was defaced by attacker Rici144, operating as part of the Ratman team, on April 1, 2026.
Date: 2026-04-01T09:56:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823492
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Brazil
Victim Industry: Education
Victim Organization: Pequenos Ecuriosos
Victim Site: pequenosecuriosos.com.br
Website defacement of RDO Sol by Rici144 (Ratman team)
Category: Defacement
Content: The attacker Rici144 from the Ratman team successfully defaced a specific page on the RDO Sol website on April 1, 2026. This was a targeted single-page defacement rather than a mass or home page attack.
Date: 2026-04-01T09:56:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823494
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: RDO Sol
Victim Site: www.rdosol.com.br
Website defacement of PowerRun Shop by Rici144/Ratman team
Category: Defacement
Content: Brazilian retail website PowerRun Shop was defaced by attacker Rici144 from the Ratman team on April 1, 2026. The defacement targeted a media directory on the e-commerce platform.
Date: 2026-04-01T09:55:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823495
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Brazil
Victim Industry: Retail/E-commerce
Victim Organization: PowerRun Shop
Victim Site: www.powerrunshop.com.br
Website defacement of riodejas.com.br by Rici144/Ratman team
Category: Defacement
Content: Brazilian website riodejas.com.br was defaced by attacker Rici144 affiliated with the Ratman team on April 1, 2026. This incident represents a redefacement of the target site.
Date: 2026-04-01T09:54:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823496
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: riodejas.com.br
Website defacement of Seven Auto Store by Rici144/Ratman team
Category: Defacement
Content: Brazilian automotive retailer Seven Auto Store was defaced by attacker Rici144 from the Ratman team on April 1, 2026. This incident represents a redefacement of the target website.
Date: 2026-04-01T09:54:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823498
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Brazil
Victim Industry: Automotive
Victim Organization: Seven Auto Store
Victim Site: www.sevenautostore.com.br
Website defacement of Brazilian e-commerce site by Rici144/Ratman team
Category: Defacement
Content: Brazilian e-commerce website www.umsenhorproduto.com.br was defaced by attacker Rici144 from the Ratman team on April 1, 2026. This was identified as a redefacement of a previously compromised site.
Date: 2026-04-01T09:53:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823499
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Brazil
Victim Industry: E-commerce
Victim Organization: Um Senhor Produto
Victim Site: www.umsenhorproduto.com.br
Website defacement of Viallure by Rici144 (Ratman team)
Category: Defacement
Content: Brazilian website www.viallure.com.br was defaced by attacker Rici144 from the Ratman team on April 1, 2026. This incident represents a redefacement of a previously compromised site.
Date: 2026-04-01T09:53:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823500
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Viallure
Victim Site: www.viallure.com.br
Website defacement of Vivaraise by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144, associated with the Ratman team, defaced the Portuguese website www.vivaraise.pt on April 1, 2026. The incident targeted a specific subdirectory rather than the main homepage.
Date: 2026-04-01T09:52:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823501
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Portugal
Victim Industry: Unknown
Victim Organization: Vivaraise
Victim Site: www.vivaraise.pt
Alleged leak of Yahoo, Outlook, and Docomo credentials
Category: Combo List
Content: Threat actor CODER allegedly leaked a combolist containing 6 million credentials from Yahoo, Outlook, and Docomo Japan email services. The credentials are being distributed for free through Telegram channels.
Date: 2026-04-01T09:52:09Z
Network: openweb
Published URL: https://crackingx.com/threads/70662/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Yahoo, Outlook, Docomo
Victim Site: yahoo.com, outlook.com, docomo.ne.jp
Alleged Cyberattack threat targeting Batelco
Category: Cyber Attack
Content: A recent post by the group claims that they are targeting Batelco
Date: 2026-04-01T09:44:53Z
Network: telegram
Published URL: https://t.me/cyberbannews_ir/20886
Screenshots:
None
Threat Actors:
Victim Country: Bahrain
Victim Industry: Network & Telecommunications
Victim Organization: batelco
Victim Site: Unknown
Alleged Cyberattack threat targeting Starlink Infrastructure
Category: Cyber Attack
Content: Iran Signals Intent to Target Starlink Infrastructure in the Region.
Date: 2026-04-01T09:34:45Z
Network: telegram
Published URL: https://t.me/cyberbannews_ir/20884
Screenshots:
None
Threat Actors:
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential lists
Category: Combo List
Content: Threat actor distributing fresh Hotmail credential lists containing 1,500 records via Telegram channel and file sharing platform. Claims to add new credential lists daily with latest and relevant data.
Date: 2026-04-01T08:53:58Z
Network: openweb
Published URL: https://crackingx.com/threads/70659/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of German social media and e-commerce credentials
Category: Combo List
Content: Threat actor shared a credential list containing 671,324 entries allegedly targeting German social media and shopping platforms. The data is distributed via a Mega.nz download link.
Date: 2026-04-01T08:53:20Z
Network: openweb
Published URL: https://crackingx.com/threads/70660/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
./RAZOR targets the website of Sage International Visas & Migration
Category: Defacement
Content: The group claims to have defaced the website of Sage International Visas & Migration
Date: 2026-04-01T08:44:54Z
Network: telegram
Published URL: https://t.me/IndoHaxSec3/81
Screenshots:
None
Threat Actors: ./RAZOR
Victim Country: Nepal
Victim Industry: Education
Victim Organization: sage international visas & migration
Victim Site: sage.edu.np
Alleged data breach of Cisco Systems, Inc.
Category: Data Breach
Content: The threat actor claims to have breached the Cisco Systems, Inc. database. The Compromised data includes over 3 million records from Salesforce containing PII, along with GitHub repositories, AWS storage buckets, and other internal corporate data affected across UNC6040, Salesforce Aura, and AWS account breaches.
Date: 2026-04-01T08:17:21Z
Network: tor
Published URL: http://shnyhntww34phqoa6dcgnvps2yu7dlwzmy5lkvejwjdo6z7bmgshzayd.onion/
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: USA
Victim Industry: Software Development
Victim Organization: cisco systems, inc.
Victim Site: cisco.com
Alleged Data Breach of Cisco Systems, Inc
Category: Data Breach
Content: The threat actor claims to have breached the database of Cisco Systems, the dataset contains personally identifiable information (PII), corporate data stored in AWS S3 buckets, and internal development or operational data from repositories.
Date: 2026-04-01T08:13:48Z
Network: tor
Published URL: http://shnyhntww34phqoa6dcgnvps2yu7dlwzmy5lkvejwjdo6z7bmgshzayd.onion/
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: USA
Victim Industry: Computer Networking
Victim Organization: cisco systems, inc.
Victim Site: cisco.com
Alleged Data Breach of AIRBUS
Category: Data Breach
Content: Threat actor claims to be leaking Airbus Artifactory/DevOps data, allegedly totaling 16GB (compressed) with over 1,200 directories and 6,200 files, and shared a download link for access.
Date: 2026-04-01T08:10:31Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279636/
Screenshots:
None
Threat Actors: AckLine
Victim Country: France
Victim Industry: Aviation & Aerospace
Victim Organization: airbus
Victim Site: airbus.com
Mr. BDKR28 targets the website of Anchor Consultants UAE
Category: Defacement
Content: The group claims to have defaced the website of Anchor Consultants UAE.
Date: 2026-04-01T07:57:17Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41656149
Screenshots:
None
Threat Actors: Mr. BDKR28
Victim Country: UAE
Victim Industry: Financial Services
Victim Organization: anchor consultants uae
Victim Site: anchorconsultants.ae
Mass defacement targeting Indonesian corporate websites by maw3six
Category: Defacement
Content: Threat actor maw3six conducted a mass defacement campaign targeting Indonesian websites including ascorp.co.id on April 1, 2026. The attack was part of a broader mass defacement operation rather than targeting a specific organization.
Date: 2026-04-01T07:50:29Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248201
Screenshots:
None
Threat Actors: maw3six
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ascorp.co.id
Alleged data breach of Hallmark Cards
Category: Data Breach
Content: The threat actor claims to have breached the Hallmark Cards database. The compromised data includes over 7.9 million records from Salesforce, containing personally identifiable information (PII) and internal corporate data.
Date: 2026-04-01T07:49:21Z
Network: tor
Published URL: http://shnyhntww34phqoa6dcgnvps2yu7dlwzmy5lkvejwjdo6z7bmgshzayd.onion/
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: hallmark cards
Victim Site: hallmark.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor BoogyBlue shared a free Hotmail credential combolist described as FRESH UHQ PRIVATE through Pasteview and Telegram cloud storage links.
Date: 2026-04-01T07:29:58Z
Network: openweb
Published URL: https://crackingx.com/threads/70656/
Screenshots:
None
Threat Actors: BoogyBlue
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A forum user shared a combolist containing 18,000 Hotmail email and password combinations. The post content is restricted to registered forum members only.
Date: 2026-04-01T07:29:40Z
Network: openweb
Published URL: https://crackingx.com/threads/70658/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of cryptocurrency exchange user data affecting multiple platforms
Category: Data Breach
Content: Threat actor claims to be selling user data from multiple major cryptocurrency exchanges including Robinhood, Ledger, Binance USA, Binance UK, KuCoin, Bitget, and Coinbase. The actor provides sample data links and contact information for potential buyers.
Date: 2026-04-01T07:29:31Z
Network: openweb
Published URL: https://crackingx.com/threads/70657/
Screenshots:
None
Threat Actors: Cypher_leads
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Multiple Cryptocurrency Exchanges
Victim Site: Unknown
Alleged data breach of Judicial Branch of Mendoza
Category: Data Breach
Content: The threat actor claims to have breached 478,000 of data from Judicial Branch of Mendoza. The compromised data includes contacts, judicial roles, and case interactions.
Date: 2026-04-01T06:53:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-478k-Argentina-https-www-jus-mendoza-gov-ar-National-ID-personal-details-cont
Screenshots:
None
Threat Actors: Grubder
Victim Country: Argentina
Victim Industry: Legal Services
Victim Organization: judicial branch of mendoza
Victim Site: jus.mendoza.gov.ar
Alleged data leak of Mission Local
Category: Data Leak
Content: The threat actor claims to have leaked the database of Mission locale de Paris, the compromised dataset include name, age and etc.Threat actor claims to have leaked data of mission local from France. The compromised data reportedly includes name, age, email, phone numbers and etc.
Date: 2026-04-01T06:43:20Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Mission-Local-506K-FR
Screenshots:
None
Threat Actors: suxsuxsux
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Poder Judicial de la Provincia de Mendoza
Category: Data Leak
Content: The threat actor claims to have leaked the database of Poder Judicial de la Provincia de Mendoza, the compromised dataset include organizations operations, including Contacts, Judicial Roles, Case Interactions.
Date: 2026-04-01T06:41:39Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-478k-Argentina-https-www-jus-mendoza-gov-ar-National-ID-personal-details-cont
Screenshots:
None
Threat Actors: Grubder
Victim Country: Argentina
Victim Industry: Government Administration
Victim Organization: poder judicial de la provincia de mendoza
Victim Site: jus.mendoza.gov.ar
Alleged leak of educational institution credentials
Category: Combo List
Content: A threat actor shared a credential list containing 120,777 lines targeting social media, shopping, and educational platforms. The data is being distributed for free via a file sharing service.
Date: 2026-04-01T06:36:47Z
Network: openweb
Published URL: https://crackingx.com/threads/70655/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged Android malware tool for financial fraud
Category: Combo List
Content: Threat actor promotes Android hacking tool claiming ability to remotely control victim devices and extract money. Contact information provided via Telegram and other messaging platforms.
Date: 2026-04-01T06:27:42Z
Network: openweb
Published URL: https://crackingx.com/threads/70653/
Screenshots:
None
Threat Actors: xibulipali
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
phr099 8484 targets the website of Bonyad Hami Peyman
Category: Defacement
Content: The threat actor claims to have defaced the website of Bonyad Hami Peyman.
Date: 2026-04-01T06:05:28Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41656676
Screenshots:
None
Threat Actors: phr099 8484
Victim Country: Iran
Victim Industry: Software Development
Victim Organization: bonyad hami peyman
Victim Site: bhamipeyman.ir
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 18,000 Hotmail email and password combinations on a cybercriminal forum. The credentials are described as unique combinations potentially usable for account takeover attacks.
Date: 2026-04-01T05:48:26Z
Network: openweb
Published URL: https://crackingx.com/threads/70651/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of credential combolist containing 35 million records
Category: Combo List
Content: A threat actor named Daxus has made available a combolist containing 35.05 million URL:LOG:PASS format credentials through their website and Telegram channel. The data is being distributed as a free download rather than being sold.
Date: 2026-04-01T05:28:10Z
Network: openweb
Published URL: https://crackingx.com/threads/70648/
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of phone number and password combinations
Category: Combo List
Content: A forum post advertising high-quality private credential lists containing phone numbers and passwords. The post appears to be offering access to phone number and password combinations without explicit mention of pricing or sale terms.
Date: 2026-04-01T05:27:49Z
Network: openweb
Published URL: https://crackingx.com/threads/70649/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of WordPress credential lists
Category: Combo List
Content: A threat actor shared WordPress credential lists in URL:LOGIN:PASS format on a cybercriminal forum. No post content was available to determine the scope or source of the credentials.
Date: 2026-04-01T05:27:30Z
Network: openweb
Published URL: https://crackingx.com/threads/70650/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of European and US credential combolists
Category: Combo List
Content: Threat actor gsmfix claims to distribute high quality credential combolists containing European and US user accounts. The post advertises the credentials as 100% valid but provides no specific details about victim organizations or record counts.
Date: 2026-04-01T05:15:43Z
Network: openweb
Published URL: https://crackingx.com/threads/70647/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of USA and Europe credential combolist
Category: Combo List
Content: Threat actor gsmfix is distributing an exclusive combolist containing credentials from USA and Europe regions on CrackingX forum.
Date: 2026-04-01T04:52:50Z
Network: openweb
Published URL: https://crackingx.com/threads/70646/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of quatreau.cn by Alpha wolf team member XYZ
Category: Defacement
Content: The Alpha wolf team, specifically member XYZ, successfully defaced the quatreau.cn website on April 1, 2026. This represents a redefacement of the target site, indicating the victim had previously been compromised by the same or different threat actors.
Date: 2026-04-01T04:41:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823389
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: quatreau.cn
Website defacement of Bajatrend e-commerce site by Alpha wolf team
Category: Defacement
Content: The Alpha wolf hacking team, with member XYZ, defaced the Bajatrend e-commerce website on April 1, 2026. The attack targeted a Czech Republic-based online shopping platform running on a Linux server.
Date: 2026-04-01T04:40:38Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248197
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Czech Republic
Victim Industry: E-commerce
Victim Organization: Bajatrend
Victim Site: eshop.bajatrend.cz
Website defacement of eng.dracaena.cn by Alpha wolf team
Category: Defacement
Content: The Alpha wolf team, with attacker XYZ, successfully defaced the English version of the Dracaena website on April 1st, 2026. The target server was running on a Linux operating system and the incident has been archived for reference.
Date: 2026-04-01T04:40:19Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248198
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: China
Victim Industry: Unknown
Victim Organization: Dracaena
Victim Site: eng.dracaena.cn
Website defacement of quatreau.cn by XYZ/Alpha wolf team
Category: Defacement
Content: The XYZ attacker from Alpha wolf team successfully defaced the quatreau.cn website on April 1st, 2026. The targeted site was running on a Linux operating system.
Date: 2026-04-01T04:40:01Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248199
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: quatreau.cn
Alleged leak of credential combolist in URL:LOGIN:PASS format
Category: Combo List
Content: A threat actor shared a high-quality private combolist containing credentials in URL:LOGIN:PASS format on a cybercriminal forum.
Date: 2026-04-01T04:39:58Z
Network: openweb
Published URL: https://crackingx.com/threads/70645/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement targeting media websites by Alpha wolf team
Category: Defacement
Content: The Alpha wolf team conducted a mass defacement campaign targeting multiple websites, including the Media News Online platform. This was identified as part of a broader mass defacement operation rather than a targeted single-site attack.
Date: 2026-04-01T04:39:40Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248200
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Media/News
Victim Organization: Media News Online
Victim Site: 2-dec.medianewsonline.com
Alleged leak of Yahoo credential combolist targeting crypto users
Category: Combo List
Content: A threat actor shared a combolist containing approximately 1.5 million Yahoo credentials specifically targeting cryptocurrency users. The data was made available as a free download via a cloud storage link.
Date: 2026-04-01T04:26:25Z
Network: openweb
Published URL: https://crackingx.com/threads/70644/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com
Alleged unauthorized access to Vessale
Category: Initial Access
Content: The group claims to have gained unauthorized access to Vessale.
Date: 2026-04-01T04:06:52Z
Network: telegram
Published URL: https://t.me/c/2433981896/1399
Screenshots:
None
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: vessale
Victim Site: vessale.com
OpsShadowStrike targete the website of Metaevent
Category: Defacement
Content: The group claims to have defaced the website of Metaevent.
Date: 2026-04-01T03:44:03Z
Network: telegram
Published URL: https://t.me/OpsShadowStrike/217
Screenshots:
None
Threat Actors: OpsShadowStrike
Victim Country: India
Victim Industry: Events Services
Victim Organization: metaevent
Victim Site: metaevent.in
Alleged data leak of Spanish famous people
Category: Data Leak
Content: Threat actor claims to have leaked data of famous peoples from Spain. The compromised data reportedly includes emails and phone numbers of sanchezcastejon, thegrefg, kiddkeo, 6n etc.
Date: 2026-04-01T03:30:01Z
Network: openweb
Published URL: https://spear.cx/Thread-Email-Phone-Famous-People-From-Spain-Leak
Screenshots:
None
Threat Actors: catwoman
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Bangkok Bank
Category: Data Breach
Content: Threat actor claims to have breached customer data from Bangkok Bank. The compromised dataset reportedly contains approximately 1,400,000 unique records, including name, surname, country code, mobile number, customer type, and bank card type.
Date: 2026-04-01T03:23:08Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Bangkok-Bank-customers-in-Thailand-1400000
Screenshots:
None
Threat Actors: dataPenetrationA
Victim Country: Thailand
Victim Industry: Financial Services
Victim Organization: bangkok bank
Victim Site: bangkokbank.com
DEFACER INDONESIAN TEAM targets the website of Karya Keeper
Category: Defacement
Content: The group claims to have defaced the website of Karya Keeper.
Date: 2026-04-01T03:19:10Z
Network: telegram
Published URL: https://t.me/c/2433981896/1398
Screenshots:
None
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: India
Victim Industry: Software Development
Victim Organization: karya keeper
Victim Site: dev.karyakeeper.com/hacked-by-mr-yos
Mass defacement campaign by Zod targeting premium pool table retailer
Category: Defacement
Content: The attacker Zod conducted a mass defacement campaign targeting premiumpooltableoutlet.com, a retail website selling pool tables. This incident was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-04-01T03:10:24Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248196
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Premium Pool Table Outlet
Victim Site: premiumpooltableoutlet.com
Alleged leak of FateTraffic credentials
Category: Combo List
Content: A threat actor shared a 813.28 MB credential list allegedly containing FateTraffic user data on a cybercrime forum.
Date: 2026-04-01T03:04:40Z
Network: openweb
Published URL: https://crackingx.com/threads/70643/
Screenshots:
None
Threat Actors: blacksatan666
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: FateTraffic
Victim Site: Unknown
Alleged data leak of Job&Talent
Category: Data Leak
Content: The threat actor claims to have leaked a 2,600,000 users of records from Job&Talent, compromised data includes user ID, email address, username, password (bcrypt), full name, account type (homeowner/professional), company name, phone number, address, city, state, ZIP code, country, professional category, years in business, project photos count.
Date: 2026-04-01T02:57:11Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-JOBANDTALENT-COM-Job-Platform-2-6M-Users
Screenshots:
None
Threat Actors: xorcat
Victim Country: Spain
Victim Industry: Software Development
Victim Organization: job&talent
Victim Site: jobandtalent.com
Alleged leak of Hotmail credentials on cybercriminal forum
Category: Combo List
Content: A threat actor is allegedly distributing a list of 42,000 Hotmail credentials on a cybercriminal forum. The post indicates the credentials are valid and sourced from forum breaches.
Date: 2026-04-01T02:27:56Z
Network: openweb
Published URL: https://crackingx.com/threads/70642/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data leak of Houzz
Category: Data Leak
Content: The threat actor claims to have leaked a 3,200,000 users of records from Houzz, compromised data includes user ID, email address, username, password (bcrypt), full name, account type (homeowner/professional), company name, phone number, address, city, state, ZIP code, country, professional category, years in business, project photos count.
Date: 2026-04-01T02:21:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-HOUZZ-COM-Home-Design-Platform-3-2M-Users
Screenshots:
None
Threat Actors: xorcat
Victim Country: USA
Victim Industry: Software Development
Victim Organization: houzz
Victim Site: houzz.com
Alleged data leak of Russian job seekers
Category: Data Leak
Content: Threat actor claims to have leaked data of job seekers from Russia. The compromised data reportedly includes full name, phone number, email address, region, start date, salary, job type, job title, department, birthday, activities, education (university), work location, major, occupation, language proficiency, drivers license, skills, previous work experience.
Date: 2026-04-01T02:20:10Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Selling-complete-resumes-of-Russian-job-seekers
Screenshots:
None
Threat Actors: XiaoSaoBi
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of educational institution credentials
Category: Combo List
Content: A threat actor shared a credential list containing 197,445 entries allegedly targeting social media, shopping, and educational (.edu) platforms. The data was made available as a free download via a Mega file sharing link.
Date: 2026-04-01T02:16:10Z
Network: openweb
Published URL: https://crackingx.com/threads/70640/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of topcordlesstools.com by tirz4sec (jatengblekhet team)
Category: Defacement
Content: The attacker tirz4sec from team jatengblekhet successfully defaced the WordPress content directory of topcordlesstools.com on April 1, 2026. This appears to be a single-target defacement incident affecting an e-commerce website specializing in cordless tools.
Date: 2026-04-01T02:15:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823386
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: Unknown
Victim Industry: Retail/E-commerce
Victim Organization: Top Cordless Tools
Victim Site: topcordlesstools.com
Website defacement of Nina Bijoux by Rici144/Ratman team
Category: Defacement
Content: Brazilian jewelry retailer Nina Bijoux was defaced on April 1, 2026 by attacker Rici144 from the Ratman team. The defacement targeted a specific media directory rather than the main homepage.
Date: 2026-04-01T02:03:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823345
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Brazil
Victim Industry: Jewelry/Retail
Victim Organization: Nina Bijoux
Victim Site: www.ninabijoux.com.br
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 3,200 Hotmail email credentials, claiming they are valid and private. The credentials are being distributed for free via MediaFire download link.
Date: 2026-04-01T02:03:41Z
Network: openweb
Published URL: https://crackingx.com/threads/70639/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of NUK.pt by Rici144 (Ratman team)
Category: Defacement
Content: Attacker Rici144, associated with the Ratman team, successfully defaced a page on the NUK.pt website on April 1st, 2026. The defacement targeted a specific customer address page rather than the main homepage.
Date: 2026-04-01T02:03:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823346
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Portugal
Victim Industry: Unknown
Victim Organization: NUK
Victim Site: www.nuk.pt
Website defacement of Officine Tessili by Rici144 (Ratman team)
Category: Defacement
Content: Attacker Rici144 from the Ratman team conducted a redefacement of the Italian textile company Officine Tessilis website on April 1, 2026. This represents a repeated attack on the same target rather than an initial compromise.
Date: 2026-04-01T02:02:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823348
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Italy
Victim Industry: Textile Manufacturing
Victim Organization: Officine Tessili
Victim Site: www.officinetessili.com
Website defacement of oscarbarbieri.com by Ratman team member Rici144
Category: Defacement
Content: The Ratman team, through member Rici144, successfully defaced a subdirectory of oscarbarbieri.com on April 1st, 2026. This appears to be a targeted single-site defacement rather than part of a broader campaign.
Date: 2026-04-01T02:02:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823351
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Oscar Barbieri
Victim Site: oscarbarbieri.com
Website defacement of Papadopoulos company by Rici144/Ratman team
Category: Defacement
Content: The Ratman team, specifically attacker Rici144, conducted a redefacement of the Greek Papadopoulos company website on April 1, 2026. This represents a repeat targeting of the same victim organization.
Date: 2026-04-01T02:01:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823353
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Greece
Victim Industry: Unknown
Victim Organization: Papadopoulos
Victim Site: www.papadopoulos.com.gr
Website defacement of Peças Bitts by Rici144/Ratman team
Category: Defacement
Content: Threat actor Rici144, affiliated with the Ratman team, successfully defaced the Brazilian automotive parts company Peças Bitts website on April 1, 2026. The defacement targeted a specific media directory rather than the main homepage.
Date: 2026-04-01T02:00:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823354
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Brazil
Victim Industry: Automotive/Parts
Victim Organization: Peças Bitts
Victim Site: www.pecasbitts.com.br
Website defacement of Peple Optics by Rici144/Ratman team
Category: Defacement
Content: The website pepleroptics.com was defaced by attacker Rici144 from the Ratman team on April 1, 2026. This was identified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-01T02:00:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823355
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Optics/Technology
Victim Organization: Peple Optics
Victim Site: pepleroptics.com
Website defacement of PetStoreNow by Rici144 (Ratman team)
Category: Defacement
Content: Threat actor Rici144, associated with the Ratman team, successfully defaced the PetStoreNow website on April 1, 2026. The attack targeted a media directory on the pet retail companys website.
Date: 2026-04-01T01:59:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823356
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Retail/Pet Services
Victim Organization: PetStoreNow
Victim Site: petstorenow.com
Website defacement of poly-lumber furniture company by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144, associated with the Ratman team, defaced the website of a poly lumber furniture company on April 1, 2026. The incident was archived on zone-xsec mirror platform.
Date: 2026-04-01T01:59:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823357
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Manufacturing
Victim Organization: Poly Lumber Furniture
Victim Site: www.poly-lumber-furniture.com
Website defacement of posic.com by Rici144 (Ratman team)
Category: Defacement
Content: Attacker Rici144 from the Ratman team defaced the posic.com website on April 1, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-01T01:58:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823358
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Posic
Victim Site: posic.com
Website defacement of QuickHeal by Rici144/Ratman team
Category: Defacement
Content: The cybersecurity company QuickHeals media subdirectory was defaced by attacker Rici144, affiliated with the Ratman team, on April 1st, 2026. The defacement targeted a specific custom media page rather than the main homepage.
Date: 2026-04-01T01:58:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823359
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: India
Victim Industry: Cybersecurity
Victim Organization: QuickHeal
Victim Site: www.quickheal.com
Website defacement of Reell World by Rici144 (Ratman team)
Category: Defacement
Content: The website www.reellworld.com was defaced by attacker Rici144, affiliated with the Ratman team, on April 1, 2026. This was an isolated defacement targeting a specific page on the victims media directory.
Date: 2026-04-01T01:57:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823361
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Reell World
Victim Site: www.reellworld.com
Website defacement of Rodo by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team conducted a redefacement of the Argentine website www.rodo.com.ar on April 1, 2026. This represents a repeat compromise of the same target.
Date: 2026-04-01T01:57:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823363
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Argentina
Victim Industry: Unknown
Victim Organization: Rodo
Victim Site: www.rodo.com.ar
Website defacement of Scout Lighting ATX by Rici144/Ratman team
Category: Defacement
Content: Website defacement attack conducted by attacker Rici144 from the Ratman team targeting Scout Lighting ATXs website on April 1, 2026. The attack compromised the media section of the companys website.
Date: 2026-04-01T01:56:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823364
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United States
Victim Industry: Commercial Services
Victim Organization: Scout Lighting ATX
Victim Site: scoutlightingatx.com
Website defacement of Selfoil by Rici144 (Ratman team)
Category: Defacement
Content: Attacker Rici144 from the Ratman team defaced the Selfoil company website on April 1, 2026. This incident was identified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-01T01:55:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823365
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Oil & Gas
Victim Organization: Selfoil
Victim Site: selfoil.com
Website defacement of Solar Electric Supply by Rici144/Ratman team
Category: Defacement
Content: Threat actor Rici144 from the Ratman team conducted a redefacement attack against Solar Electric Supplys website on April 1, 2026. This represents a repeat compromise of the solar energy companys web infrastructure.
Date: 2026-04-01T01:55:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823366
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: United States
Victim Industry: Energy/Solar
Victim Organization: Solar Electric Supply
Victim Site: www.solarelectricsupply.com
Website defacement of Tailoy by Rici144/Ratman team
Category: Defacement
Content: Website defacement incident targeting Tailoys Peruvian website conducted by attacker Rici144 associated with the Ratman team on April 1, 2026.
Date: 2026-04-01T01:54:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823367
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Peru
Victim Industry: Unknown
Victim Organization: Tailoy
Victim Site: www.tailoy.com.pe
Website defacement of Teamsport-ID by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144 from the Ratman team conducted a redefacement attack against the Indonesian sports website teamsport-id.com. This appears to be a repeat attack on the same target, indicating persistent targeting of the organizations web infrastructure.
Date: 2026-04-01T01:54:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823368
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Indonesia
Victim Industry: Sports/Recreation
Victim Organization: Teamsport-ID
Victim Site: www.teamsport-id.com
Website defacement of The Berkel World by Rici144/Ratman team
Category: Defacement
Content: The Berkel World website was defaced by attacker Rici144, associated with the Ratman team, on April 1, 2026. The defacement targeted a specific media page rather than the homepage.
Date: 2026-04-01T01:53:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823369
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: The Berkel World
Victim Site: theberkelworld.com
Website defacement of Thomsun Music House by Rici144/Ratman team
Category: Defacement
Content: Attacker Rici144 from the Ratman team defaced a subdirectory of Thomsun Music Houses website on April 1, 2026. The incident appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-01T01:53:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823370
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Music/Entertainment
Victim Organization: Thomsun Music House
Victim Site: www.thomsunmusichouse.com
Website defacement of threadsme.com by Rici144/Ratman team
Category: Defacement
Content: The attacker Rici144 from the Ratman team conducted a redefacement of the ThreadsMe website on April 1, 2026. This represents a subsequent attack on a previously compromised target.
Date: 2026-04-01T01:52:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823371
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: ThreadsMe
Victim Site: threadsme.com
Website defacement of uniters.com by Rici144 (Ratman team)
Category: Defacement
Content: The website uniters.com was defaced by attacker Rici144, who is affiliated with the Ratman team. The defacement occurred on April 1, 2026 and targeted a specific media/customer page rather than the homepage.
Date: 2026-04-01T01:51:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823372
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Uniters
Victim Site: uniters.com
Website defacement of yogitri.com by Rici144/Ratman team
Category: Defacement
Content: The website yogitri.com was defaced by attacker Rici144 associated with the Ratman team on April 1, 2026. The defacement targeted a specific media/customer subdirectory rather than the main homepage.
Date: 2026-04-01T01:51:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823373
Screenshots:
None
Threat Actors: Rici144, Ratman
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Yogitri
Victim Site: yogitri.com
Website defacement of asesmensmaplos.com by tirz4sec/jatengblekhet
Category: Defacement
Content: Website defacement incident targeting asesmensmaplos.com conducted by attacker tirz4sec affiliated with jatengblekhet team on April 1, 2026. The attack compromised WordPress content directory indicating potential CMS vulnerability exploitation.
Date: 2026-04-01T01:50:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823375
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: asesmensmaplos.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor is allegedly distributing a combolist containing Hotmail email credentials, described as valid and high-quality. The credentials are being shared through Telegram with registration required to view the full content.
Date: 2026-04-01T01:48:45Z
Network: openweb
Published URL: https://crackingx.com/threads/70637/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of RAT logs containing cryptocurrency wallet data
Category: Data Breach
Content: Threat actor bsanana4 is allegedly selling RAT (Remote Access Trojan) logs containing cryptocurrency wallets and other stolen data on CrackingX forum. Contact is provided via Discord and Telegram for potential buyers.
Date: 2026-04-01T01:48:28Z
Network: openweb
Published URL: https://crackingx.com/threads/70638/
Screenshots:
None
Threat Actors: bsanana4
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of FitEmpowHer by tirz4sec (jatengblekhet team)
Category: Defacement
Content: The health and fitness website FitEmpowHer was defaced by attacker tirz4sec, affiliated with the jatengblekhet team, on April 1, 2026. The defacement targeted a specific file upload directory rather than the main homepage.
Date: 2026-04-01T01:39:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823204
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: Unknown
Victim Industry: Health and Fitness
Victim Organization: FitEmpowHer
Victim Site: fitempowher.com
Website defacement of Roof Restorations Brisbane by tirz4sec (jatengblekhet team)
Category: Defacement
Content: The attacker tirz4sec, affiliated with the jatengblekhet team, defaced the website of Roof Restorations Brisbane on April 1, 2026. This appears to be a targeted single-site defacement of an Australian roofing services company.
Date: 2026-04-01T01:38:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823205
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: Australia
Victim Industry: Construction/Roofing Services
Victim Organization: Roof Restorations Brisbane
Victim Site: www.roofrestorationsbrisbane.c…
Website defacement of deregistration.de by tirz4sec (jatengblekhet team)
Category: Defacement
Content: The website deregistration.de was defaced by attacker tirz4sec, associated with the jatengblekhet team, on April 1, 2026. The defacement targeted a specific page within the WordPress content directory of the German domain.
Date: 2026-04-01T01:37:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823206
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: deregistration.de
Alleged TikTok cookies leak on cybercriminal forum
Category: Combo List
Content: A threat actor with username blacksatan666 posted about TikTok cookies on a cybercriminal forum specializing in credential lists and data dumps. The full content requires forum registration to access.
Date: 2026-04-01T01:29:17Z
Network: openweb
Published URL: https://crackingx.com/threads/70635/
Screenshots:
None
Threat Actors: blacksatan666
Victim Country: Unknown
Victim Industry: Social Media
Victim Organization: TikTok
Victim Site: tiktok.com
Alleged leak of mixed credential combolist
Category: Combo List
Content: Threat actor NUllSHop0X shared a combolist containing 9,000 mixed high-quality valid credentials on CrackingX forum. The credentials are described as fresh and valid, distributed via Pasteview link.
Date: 2026-04-01T01:28:58Z
Network: openweb
Published URL: https://crackingx.com/threads/70636/
Screenshots:
None
Threat Actors: NUllSHop0X
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Smarteez – Digital factory
Category: Data Breach
Content: The threat actor claims to have leaked a database from Smarteez – Digital factory, The Compromised data includes full name, physical address, GPS coordinates, city, sales territory, and client reference codes and etc.
Date: 2026-04-01T01:19:41Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Smarteez-eu-Moroccan-Digital-Factory-Full-Database
Screenshots:
None
Threat Actors: xNov
Victim Country: Morocco
Victim Industry: Information Technology (IT) Services
Victim Organization: smarteez – digital factory
Victim Site: smarteez.eu
Website defacement of New Life Shop by Aptisme
Category: Defacement
Content: The attacker Aptisme defaced the New Life Shop e-commerce website hosted in Kenya on April 1, 2026. This appears to be a single-target defacement rather than part of a mass attack campaign.
Date: 2026-04-01T01:15:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/823197
Screenshots:
None
Threat Actors: Aptisme
Victim Country: Kenya
Victim Industry: E-commerce
Victim Organization: New Life Shop
Victim Site: newlifeshop.co.ke
Alleged Data Leak of Meritorious National Teachers College
Category: Data Leak
Content: The group claims to have leaked the data of Meritorious National Teachers College.
Date: 2026-04-01T01:01:48Z
Network: telegram
Published URL: https://t.me/speakteamm/55
Screenshots:
None
Threat Actors: SpeakTeam
Victim Country: Mexico
Victim Industry: Education
Victim Organization: meritorious national teachers college
Victim Site: benm.mx
Alleged data leak of Unique Computing LLC / Gennet.ai / ReFocus AI exposing insurance policyholder data
Category: Data Leak
Content: Threat actor claims to have leaked data from a shared AWS environment associated with Unique Computing LLC, Gennet.ai, and ReFocus AI, allegedly exposing insurance policyholder information, cloud storage contents, and sensitive credentials.
Date: 2026-04-01T00:52:53Z
Network: openweb
Published URL: https://darkforums.su/Thread-FRESH-BREACH-Refocus-AI-Unique-Computing-Gennet-ai-Insurance-Policyholder-Data
Screenshots:
None
Threat Actors: FulcrumSec
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: unique computing llc
Victim Site: unique.computer
Alleged Data Breach of Mata UMKM Riau
Category: Data Breach
Content: The group claims to have breached the database of Mata UMKM Riau.
Date: 2026-04-01T00:50:20Z
Network: telegram
Published URL: https://t.me/BabayoErorSyteam/429
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: mata umkm riau
Victim Site: mataumkm.riau.go.id
Alleged service offering ULP extraction and credential data access
Category: Combo List
Content: Threat actor vultapower is advertising VULTA Intelligence, a service claiming to provide ULP (Username:Login:Password) extraction from databases at $0.50 per 1,000 records. The service offers real-time synchronization, high accuracy results, and instant delivery via Telegram or dashboard.
Date: 2026-04-01T00:47:00Z
Network: openweb
Published URL: https://crackingx.com/threads/70634/
Screenshots:
None
Threat Actors: vultapower
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Gmail credentials
Category: Combo List
Content: Threat actor D4rkNetHub allegedly shared a combolist containing over 100,000 Gmail credentials on a cybercriminal forum. The post appears to offer free access to the credential list.
Date: 2026-04-01T00:25:59Z
Network: openweb
Published URL: https://crackingx.com/threads/70633/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged Sale of XWorm V5.7 Chinese Malware
Category: Malware
Content: Threat actor claims to be sellling a cracked version of XWorm V5.7, a Remote Access Trojan (RAT) with capabilities including remote control, keylogging, data theft, persistence, and execution of additional malicious payloads.
Date: 2026-04-01T00:12:39Z
Network: openweb
Published URL: https://demonforums.net/Thread-Leak-XWorm-V5-7-Chinese-Edition-Cracked
Screenshots:
None
Threat Actors: rippors
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

Related Posts

[February-7-2026] Daily Cybersecurity Threat Report

[April-29-2025] Daily Cybersecurity Threat Report

[July-22-2025] Daily Cybersecurity Threat Report