[April-13-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This report provides a comprehensive analysis of a massive surge in cybercriminal activity, data breaches, and website defacements recorded primarily on April 13 and April 14, 2026. Based strictly on the provided incident logs, the threat landscape is currently dominated by a high volume of credential stuffing lists, large-scale mass website defacements, industrial control system (ICS) compromises, and high-profile corporate data extortion.

The data reveals a highly active cybercrime ecosystem operating across both the open web (forums like CrackingX, BreachForums, DemonForums, and PwnForums) and encrypted Telegram channels. The most significant threat actor identified during this period is the “ShinyHunters” group, which is currently executing a massive extortion campaign against major global corporations, including Rockstar Games, Salesforce, and Santander Bank. Simultaneously, a distinct wave of mass website defacements was carried out by an actor known as “maw3six,” targeting dozens of international domains. Furthermore, the underground economy is heavily saturated with the free distribution and sale of “combolists” (email and password combinations), signaling a robust infrastructure supporting credential stuffing and account takeover attacks.

2. Threat Actor Profiles and Major Campaigns

2.1. ShinyHunters: Corporate Extortion and Data Breaches

The threat group known as ShinyHunters is the most prominent actor in the documented incidents, executing a sophisticated extortion and data leak campaign across multiple sectors. The group operates using a “pay or leak” ransomware model, although their recent attacks appear focused on data exfiltration and extortion rather than traditional file encryption. ShinyHunters utilizes Telegram channels (handles including @shinyc0rpsss) to communicate, advertise stolen data, and issue threats, while using Tox, Session, and PGP keys to verify their identity and ward off impersonators (such as “Mattys Savoie & James”) who allegedly misused their PGP keys for independent ransom demands.

Targeted Organizations and Extortion Details:

Rockstar Games: ShinyHunters claims to have compromised Rockstar Games through a third-party analytics vendor, Anodot. The threat actor allegedly exfiltrated over 78.6 million records from Snowflake instances.
The Rockstar Ransom: The group demanded a $200,000 USD ransom, which Rockstar reportedly refused to pay, stating the stolen data contained anonymized financial and sales records rather than customer personally identifiable information (PII).
The Rockstar Leak: Following the refusal, ShinyHunters published the data, which included a decade of internal sales transactions (2014-2024), total earnings exceeding $5 billion, regional sales figures, and in-game currency (Shark Card) purchase data. The group also posted threatening messages directed at the company following the dispute.
Salesforce: The group claims to possess full access to the complete Salesforce ecosystem, including Sales Cloud, Service Cloud, Marketing Cloud, AI automation systems, VPNs, and backend source code.
Salesforce Offerings: They are offering this complete access for $25 million. Additionally, they are selling tiered data packages, including a “Files Cloud” with 9.1 million Salesforce files (2024-2026) for $10,000, and a ransom database of 1 million files for $5,000.
Santander Bank: ShinyHunters is offering a dataset allegedly affecting Santander Bank customers in Spain, Chile, and Uruguay for $1 million USD. The data purportedly contains 30 million customer records, 28 million credit card numbers, and 6 million account numbers with balances.
Live Nation / Ticketmaster: The group is selling a 1.3TB dataset on BreachForums containing information on 560 million Live Nation/Ticketmaster users, including credit card details. They previously valued this data at $75,000 USD.
Government Credentials: The group offered for sale approximately 73,000 government email login credentials from Brazil and Zambia, affecting police, military, and prison administration sectors, claiming an 80% validity rate.
Other Corporate Targets: ShinyHunters claims to possess data from AT&T (valued at $100,000), Kemper Corporation (13 million Salesforce records containing PII), ZenBusiness (802GB of Snowflake/Mixpanel data), Hallmark Cards (7.9 million records), Neiman Marcus, Cisco (3 million source code files), Microsoft, Google, Victoria’s Secret, CrowdStrike, and NATO’s Jira instance.

2.2. The ‘maw3six’ Mass Defacement Campaign

A threat actor utilizing the handle “maw3six” executed a widespread and indiscriminate mass website defacement campaign primarily on April 13 and April 14, 2026. The attacks predominantly targeted websites hosted on Linux and Cloud infrastructure. The defacements generally involved altering specific pages (often naming the file maw.html) rather than the main homepages, and the campaign affected organizations across multiple continents without a clear ideological or sector-specific focus.

Notable ‘maw3six’ Defacement Targets:

Nepal: Extensive targeting of Nepalese infrastructure, including Nepal Brokers (financial services), Sawari Sewa (transportation), educational examination systems, Wonjala E-mart, and various .com.np domains.
Indonesia: Compromise of Batavia (business) and Pandu Warta (news media).
Africa: Defacement of Senegalese government infrastructure (ggis.sn) and SnapTech, a South African technology company.
Europe & Americas: Defacements affecting UK environmental firm EECO Solutions, Argentine e-commerce site Glow Store, Ecuadorian financial services firm Factoring Ecuador, and French site fournisseurs-astucieux.fr.
Other Sectors: Aviation (Prestige Air Parts), Defense (Vigor Defense), and Creative Services (Upturn Studio in Australia).

2.3. Z-Pentest Alliance and DDoSia Project: ICS/OT Attacks

The landscape features highly critical claims of Industrial Control Systems (ICS) and Operational Technology (OT) compromises by politically motivated hacktivist groups.

Z-Pentest Alliance: This pro-Russian hacktivist group claimed full takeover of the ICS and Building Management Systems (BMS) of the Albert Most Velebudická hypermarket in the Czech Republic.
Attack Vector and Impact: They claimed the intrusion exploited weak network segmentation and unprotected management interfaces to control boiler rooms, Trane industrial chillers, VZT ventilation, and cold storage rooms. The group threatened to disable refrigeration systems to destroy thousands of tons of food as retaliation for European support for Ukraine.
DDoSia Project: Affiliated with the pro-Russian group NoName057(16), this actor claimed to have breached the ICS/SCADA systems of Nova-Tech Poultry in South Korea. The group claimed control over modules managing infrared chicken beak processing, injection rates, and production lines as part of an anti-South Korean campaign named #OpSouthKorea.

2.4. Handala Hack (حنظله): Middle Eastern Infrastructure Threats

The Iranian cyber group Handala (or Hanzala) claimed responsibility for large-scale cyber operations targeting the Persian Gulf steel industry.

Targets: The group claims to have completely compromised and taken offline Fulat in Bahrain and SULB in Saudi Arabia. These companies reportedly possess an annual revenue exceeding $5 billion.
Motivation: Handala framed the attacks as revenge for fallen hackers during the “Ramadan War” and in retaliation for actions against the “Axis of Resistance” and southern Lebanon. The group also issued broad threats against Saudi Arabian leadership and industrial infrastructure.

2.5. Additional Defacement Actors (T-XpLoiT, DimasHxR, Zod, CYKOMNEPAL)

Alongside maw3six, several other actors executed defacement campaigns:

T-XpLoiT: Targeted government and educational institutions, defacing the Tanzania ICT Commission events portal, the internal intranet of Guatemala’s National Institute of Public Administration (INAP), and multiple Indonesian Islamic schools (MTs Nurussyafa’ah, STKIP PGRI Sidoarjo).
DimasHxR: Conducted single-page defacements across varied international targets, including a Chinese acrylic sheet manufacturer, an Iranian website, a Ukrainian domain, and a Japanese site.
CYKOMNEPAL: Defaced the Wonjala E-mart in Nepal and a specific product page of Brazilian IT company Informatica CPU.
Zod: Executed mass defacements targeting vendorinfra.com and the aviation company Wonder Air.
CyberOprationCulture / Nullsec Philippines: CyberOprationCulture defaced a Dreams Marketplace subdomain, while Nullsec Philippines claimed politically motivated defacements of the Uruguayan Ministry of Environment and Electronic Sworn Statement System.

3. Detailed Threat Landscape Analysis by Category

3.1. Data Breaches and Corporate Data Leaks

Beyond the ShinyHunters extortion campaigns, numerous independent data breaches were advertised or leaked on underground forums.

VUMI Group: Threat actor “bytetobreach” leaked an insurance database containing PII, social security numbers, passport documents, and W-9 forms for approximately 300,000 insured individuals and 25,000 staff members. The data was allegedly exfiltrated over six days and distributed via cloud storage.
Talabat Saudi Arabia: Threat actor “Jeffrey Epstein” offered a database containing between 536,000 and 563,000 user records from the food delivery platform, including names, emails, phone numbers, and addresses.
National Credit Information Center of Vietnam (CIC): Actor “Dedale Office” claimed to sell a database of over 160 million records containing full names, national ID numbers, loan data, and tax IDs.
Emaar Properties: Actor “ksa901” offered a database of 400,000 records of property owners and renters in the UAE, including high-profile Burj Khalifa residents, for $10,000.
Government Data Leaks: Breaches targeted the Bila Tserkva City Council in Ukraine (by “Perun Svaroga”), the Municipality of São Mateus in Brazil, the Ukrainian Information Resource Center (600,000 educational/family records), and Iraq’s 2025-2026 census data (47.7 million records for $1200). Furthermore, an actor named “Tendi” leaked passport documents for 200 Moscow citizens and a database containing details of 70,000 alleged Russian military casualties.
Other Notable Leaks: Breaches affected American Express (200,000 card records by INNG), NurtureLife (27.5k customer records including children’s birthdates), Farmacias del Ahorro in Mexico (18,530 records), FoodPapa.pk in Pakistan (239,109 records), OfferteCartucce in Italy (229,000 records), and an alleged database of FBI agents containing bcrypt-hashed passwords and vehicle plates. Furthermore, technical data from SEKISUI Aerospace Corporation, including export-controlled Boeing part information, was listed for $200,000.

3.2. Combo Lists, Credential Stuffing, and Log Distribution

The cybercriminal open web forums (such as CrackingX and DemonForums) are experiencing a massive influx of “combolists” (lists of compromised email and password combinations) and stealer logs. These lists are primarily used for automated credential stuffing attacks.

High-Volume Distributors: Actors like “CODER” are distributing massive datasets for free via Telegram, including an 11 million record mixed combo list, a 7 million record corporate SMTP list, and an 8 million record list targeting diverse social media platforms (Myspace, Bebo, Netlog). Another actor, “StarLinkClub,” posted a 21.4 million URL:login:password combolist.
Targeted Platform Combolists: Specific platforms are heavily targeted. “HQcomboSpace” leaked 1.69 million Yahoo credentials. Multiple actors (including “UniqueCombo,” “alphaxdd,” and “D4rkNetHub”) flooded forums with highly specific Hotmail credential lists ranging from a few hundred to over 500,000 verified hits. Streaming and gaming services were also targeted, with actor “Ra-Zi” distributing 120,000 credentials for Netflix, Minecraft, Steam, and Hulu.
Geo-Targeted Data: Distributors like “thejackal101” (under the “Elite_Cloud1” brand) and “CobraEgy” released massive country-specific combolists. These included datasets targeting France (1.4 million), Germany (1.15 million), India (246k), Indonesia (246k), Hungary (135k), Greece (63k), Finland (12k), Colombia (183k), Ecuador (183k), Denmark (47k), Croatia (23k), and the Czech Republic (272k).
Stealer Logs and Cookies: Actors are selling fresh infostealer logs containing credentials and session cookies. Actor “BBB” offered logs for Amazon, eBay, Booking.com, and Uber across multiple global regions. Another actor, “tuzelity,” sold combos and cookies for Facebook, PayPal, Airbnb, Roblox, and dating sites. Authentication cookies for eBay and Google Pay were also shared by actor “bluestarcrack” for potential session hijacking.

3.3. Initial Access Brokering and Cybercrime Services

The underground economy heavily features the sale of initial access to compromised systems and the provision of malicious services to facilitate further attacks.

Mail Account Access: Actor “D4RCK MAGICIAN” advertised the sale of direct mail account access across ten countries (including France, UK, US, and Japan), accompanied by scripts and credential hits. Actor “mu” sold fresh, keyword-searchable credential databases and access to valid webmails on private cloud infrastructure.
Infrastructure Access: The “Infrastructure Destruction Squad” advertised access to compromised servers and systems. Another actor sold access to verified FTX exchange accounts via the Kroll portal, claiming account balances up to $9.5 million, for an asking price of $50,000.
Spam and Phishing Infrastructure: Threat actor “Skybat” offered premium SMTP inbox services capable of sending 25,000 emails per day from dedicated IPs, alongside worldwide SMS sender packages. Actor “NullPointerPanic” advertised a “Sendgrid.com Phishing Suite” for advanced email service theft.
Domain Abuse Services: An actor named “clean_search” advertised comprehensive cybercrime services, including anti-phishing evasion, domain abuse operations, and DMCA manipulation, claiming to process 15,000 abuse cases daily for cryptocurrency payments ranging from $100 to $1000.

3.4. Malware Tooling and Vulnerability Exploitation

The proliferation of offensive tooling and zero-day exploits remains a persistent threat vector.

Offensive Tool Suites: Threat actor “Yoshi Data” actively advertised a comprehensive suite of offensive security and cybercrime tools. These included credential stuffing tools like SilverBullet and OpenBullet, Python automation scripts, CC+ tools, and custom executable development focused on stealth and precision for Kali Linux and Windows environments. Tools specific to validating stolen credentials, such as the “Discord Nitro Checker” and “Weeber Crunchyroll Checker,” were also widely distributed for high-speed automated workflows.
Zero-Day Exploits: Actor “phanes” (or “phanesthegreat”) attempted to sell two critical zero-day exploits. The first was a Windows RDP Denial-of-Service (DoS) exploit priced at $850, allegedly utilizing an integer overflow to crash Windows Server 2012/2016 and Windows 8.1/10 systems, claiming to affect over 1 million devices. The second was a FreeBSD FTP Remote Code Execution (RCE) exploit priced at $900, allegedly affecting over 11,000 devices. Furthermore, actor “SysInvaders” sold reflected XSS vulnerabilities affecting corporate entities in Sweden, Norway, and Poland.
Software Piracy and Cracking: The actor “GoRainCC” actively distributed cracked versions of commercial and professional software, including FlyPaper Sherlock investigation software, Site Modeller Pro, Domain Hunter Gatherer Pro, and various Digi-Ants CAD tools.
Automated Scanning Activity: The “Rakyat Digital Crew” shared automated vulnerability scan results indicating active exploitation attempts against Indonesian government portals (Ministry of Education, Ministry of Finance) and commercial sites using Open Redirect, Directory Traversal, RFI, and Command Injection techniques.

3.5. Specialized Cyber Threats and Alerts

AI Model Security Risks: US senior officials reportedly held an emergency meeting with banking executives and the Treasury Department regarding cybersecurity risks posed by a new Anthropic AI model known as “Glasswing” (Project Mythos). The technology is perceived as a threat to the US banking system due to potential cyber intrusion capabilities.
State-Sponsored Spyware: Reports surfaced alleging that the CIA utilized NSO Group’s Pegasus spyware in a deception operation targeting Iranian officials. The spyware was reportedly used to send spoofed messages to IRGC members to falsely claim a downed American pilot had been recovered, demonstrating the use of commercial spyware in complex geopolitical intelligence operations.
Financial Fraud: The sale of stolen payment card data remains active, with actors like “petac” and “Coleman” advertising fresh CC/CVV information, high balances, and financial transfer services via Cash App and PayPal on Telegram carding marketplaces. In addition, 40,000 Belgian IBANs were offered for sale via cryptocurrency by actor “jza1337”.

4. Comprehensive Incident Log (Selected Detailed Events)

To provide a granular view of the incident data, the following highlights specific tactical events executed over the reporting period.

Incident 151-153: Tanzanian and Indonesian Government/Education Defacements. Threat actor T-XpLoiT compromised the Tanzania ICT Commission (events.ictc.go.tz) on a government subdomain. Concurrently, the actor executed mass defacements against the online examination systems (admujian.mtsnurussyafaah.sch.id and rdm.mtsnurussyafaah.sch.id) of MTs Nurussyafa’ah, an Indonesian Islamic school, indicating automated exploitation of shared vulnerabilities across varied geographic regions.
Incident 161: City of Anthony, New Mexico Incident. The local government reported a cybersecurity incident involving inaccessible systems and missing public records. The anomalies, which included erased police devices, coincided with a mayoral transition. While an external hack is not confirmed, state authorities are investigating data integrity and access controls.
Incident 162: Straumann Legacy System Exposure. Swiss dental company Straumann reported a cyberattack targeting a legacy internal control system used between 2021 and 2024, resulting in exposed internal documents. The company isolated the incident with cybersecurity experts and confirmed that core business operations and client systems were unaffected.
Incident 261: Healthdaq Cyber Security Incident. Healthcare recruitment company Healthdaq suffered a cyber incident that was subsequently reported to regulatory authorities and the Garda National Cyber Crime Bureau in Ireland. Due to the ongoing criminal investigation, specifics regarding the attack vector were withheld.
Incident 263: Spring Lake Park Schools Ransomware Suspicions. The Spring Lake Park school district in Minnesota preemptively closed all facilities following a suspected ransomware attack. Local authorities and cybersecurity experts initiated an investigation to secure networks and assess the potential compromise of IT systems.
Incident 296: WRG College SQL Injection. A threat actor named Mr.SonicX, part of the TEGAL CYBER TEAM, reported performing a targeted SQL injection attack against an Indian educational institution (wrgcollege.edu.in) by exploiting an injectable id parameter on the gallery_img.php endpoint.
Incident 336: #OpsShadowStrike Defacement. A coalition of hacktivist groups (including TengkorakCyberCrew, MalaysiaHacktivist, and EagleCyberCrew) defaced the Indian website myseba.in. The attack utilized the #AllMuslimHackers banner and carried pro-Palestine and anti-Israel political messaging.

5. Conclusion

The cybersecurity landscape analyzed in this dataset indicates a highly volatile period characterized by massive data extortion, automated exploitation, and the weaponization of compromised credentials.

The activities of ShinyHunters represent the most severe financial and reputational threat. By compromising third-party vendors (like Anodot) and critical cloud infrastructure (like Snowflake and Salesforce), they have successfully exfiltrated millions of sensitive records from top-tier global corporations. Their aggressive “pay or leak” strategy and multi-million dollar ransom demands highlight the critical risk posed by supply chain vulnerabilities and improperly secured cloud environments.

Concurrently, the underground economy is thriving on the mass distribution of combolists and stealer logs. The sheer volume of credentials being distributed for free or sold cheaply—numbering in the tens of millions—provides low-skill threat actors with the necessary ammunition to conduct endless credential stuffing and account takeover attacks against platforms ranging from Hotmail and Yahoo to highly sensitive corporate VPNs and financial services.

Politically motivated hacktivism also poses a severe physical and operational threat. The claims by groups like the Z-Pentest Alliance and Handala regarding the full takeover of Industrial Control Systems (ICS) in European hypermarkets and Middle Eastern steel manufacturing facilities demonstrate a dangerous escalation from digital defacement to physical disruption. Threatening to destroy physical inventory by manipulating refrigeration controls or halting steel production emphasizes the urgent need for robust network segmentation and the securing of OT environments against external intrusion.

Finally, the relentless mass defacement campaigns executed by actors like maw3six and T-XpLoiT across vulnerable Linux servers and WordPress installations highlight the continuous, automated scanning and exploitation of unpatched web infrastructure globally.

In summary, organizations must urgently prioritize the securing of third-party SaaS integrations, implement robust multi-factor authentication to combat credential stuffing, and rigidly segment industrial control systems to defend against an increasingly bold and diversified threat actor ecosystem.

Detected Incidents Draft Data

Alleged offering of premium SMTP services for bulk email delivery
Category: Initial Access
Content: Threat actor allegedly offers premium SMTP inbox services capable of sending 25,000 emails per day across all domains with dedicated IP and instant setup, likely for spam or phishing campaigns.
Date: 2026-04-13T23:56:51Z
Network: openweb
Published URL: https://breached.st/threads/high-voltage-premium-smtp-inbox-25k-day-all-domains-dedicated-ip-instant-setup.85989/unread
Screenshots:
None
Threat Actors: Skybat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged offering of email and SMS sending services
Category: Initial Access
Content: Threat actor Skybat advertises email sender services for all domains and worldwide SMS sender package through Telegram contact. The offering suggests potential spam/phishing infrastructure services.
Date: 2026-04-13T23:56:18Z
Network: openweb
Published URL: https://breached.st/threads/high-voltage-email-sender-inbox-all-domains-sms-sender-worldwide-package.85990/unread
Screenshots:
None
Threat Actors: Skybat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of credential stuffing tools and custom offensive security tooling by Yoshi Data
Category: Malware
Content: A threat actor operating under the handle Yoshi Data is advertising a suite of offensive tools and services including SilverBullet, OpenBullet, Python scripts, WPower, CC+, executable files, and various config formats (.ice, .opk, .svb, .spk). The offering also includes custom software development, automation scripts, advanced security testing, API integration, and cloud infrastructure services. The emphasis on stealth, precision, performance and the breadth of credential stuffing tools suggests this is a cybercriminal marketplace offering.
Date: 2026-04-13T23:53:05Z
Network: telegram
Published URL: https://t.me/c/2613583520/62111
Screenshots:
None
Threat Actors: Yoshi Data
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Tshirtmakers.it customer database
Category: Data Leak
Content: A database dump allegedly containing 13,000 customer records from tshirtmakers.it was shared on a cybercrime forum. The leaked data includes customer IDs, VAT numbers, client codes, email addresses, names, company information, and registration dates.
Date: 2026-04-13T23:51:46Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-tshirtmakers-it-13k–188208
Screenshots:
None
Threat Actors: nest0r
Victim Country: Italy
Victim Industry: E-commerce
Victim Organization: Tshirtmakers
Victim Site: tshirtmakers.it
Alleged data breach of Building Detroit organization
Category: Data Breach
Content: A threat actor named nest0r has made available a database dump from buildingdetroit.org containing 185,000 records of USA-based users. The leaked data includes email addresses, registration dates, birth dates, names, genders, hashed passwords, and usernames.
Date: 2026-04-13T23:51:26Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-buildingdetroit-org-185k-usa
Screenshots:
None
Threat Actors: nest0r
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Building Detroit
Victim Site: buildingdetroit.org
Alleged sale of credential stuffing tools and hacking services by Yoshi Data
Category: Malware
Content: A threat actor operating as Yoshi Data is advertising a suite of offensive security and cybercrime tools including SilverBullet, OpenBullet, Python scripts, WPower, and other credential stuffing/automation tools. The actor also offers custom software development, advanced security testing, TLS/SSL systems, and cloud infrastructure services, likely as cover for illicit operations.
Date: 2026-04-13T23:31:45Z
Network: telegram
Published URL: https://t.me/c/2613583520/62085
Screenshots:
None
Threat Actors: Yoshi Data
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mail account access and credential combos across multiple countries by D4RCK MAGICIAN
Category: Initial Access
Content: A threat actor operating under the handle @D4RCKMAGICIAN is advertising mail account access for sale across 10 countries including France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, and Japan. The offering includes configs/scripts, tools, credential hits/combos, and accepts custom requests. This appears to be an ongoing credential access and initial access brokering operation.
Date: 2026-04-13T23:30:34Z
Network: telegram
Published URL: https://t.me/c/2613583520/62081
Screenshots:
None
Threat Actors: D4RCK MAGICIAN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Académie dAix-Marseille database
Category: Data Leak
Content: Threat actor ChimeraZ leaked a database containing 4,593 records from the French educational institution Académie dAix-Marseille. The leaked data includes employee information with email addresses, phone numbers, and office locations in JSONL format distributed via multiple file-sharing platforms.
Date: 2026-04-13T23:26:38Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-4-5K-Ac-aix-marseille-fr
Screenshots:
None
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Education
Victim Organization: Académie dAix-Marseille
Victim Site: ac-aix-marseille.fr
Website defacement of Wonjala E-mart by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL defaced the Wonjala E-mart e-commerce website on April 14, 2026. The attack targeted a Nepalese retail companys online platform.
Date: 2026-04-13T23:20:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832569
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Nepal
Victim Industry: Retail/E-commerce
Victim Organization: Wonjala E-mart
Victim Site: wonjalaemart.com.np
Alleged sale of payment card data and financial transfer services
Category: Data Breach
Content: Threat actor claims to sell fresh payment card data including CC/CVV information and offers various financial transfer services through Cash App, PayPal, crypto, and Apple Pay with replacement guarantees for non-working cards.
Date: 2026-04-13T23:06:57Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9C%85Hello-y%E2%80%99all-I-sell-fresh-cardsworking-100-Valid-working-on-any-Websites-or-Apps–200352
Screenshots:
None
Threat Actors: petac
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German credential combolist
Category: Combo List
Content: A threat actor shared a credential combolist containing 952,361 email and password combinations allegedly targeting German users with .de domain addresses. The data is being distributed for free via a file sharing service.
Date: 2026-04-13T23:06:53Z
Network: openweb
Published URL: https://crackingx.com/threads/72011/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of cybercrime tools and credential stuffing services by Yoshi Data
Category: Malware
Content: A threat actor operating as Yoshi Data is advertising a suite of offensive cybercrime tools and services including SilverBullet, OpenBullet, Python scripts, WPower, CC+ tools, and custom executable development. Services include automation scripts, advanced security testing, and stealth-focused tooling for Kali Linux and Windows environments. Contact is via @Yoshi_Data on Telegram.
Date: 2026-04-13T22:47:59Z
Network: telegram
Published URL: https://t.me/c/2613583520/62053
Screenshots:
None
Threat Actors: Yoshi Data
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of Discord Nitro checking tool for credential validation
Category: Initial Access
Content: A threat actor shared a multi-threaded tool called Discord Nitro Checker by ManiacX0 designed for processing large code lists to validate Discord Nitro gift codes. The tool features real-time logging and high-speed bulk processing capabilities for automated validation workflows.
Date: 2026-04-13T22:44:56Z
Network: openweb
Published URL: https://demonforums.net/Thread-Discord-Nitro-Checker-by-ManiacX0–200347
Screenshots:
None
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Gaming/Communication
Victim Organization: Discord
Victim Site: discord.com
Alleged distribution of Crunchyroll credential checking tool
Category: Initial Access
Content: A threat actor distributed a console-based tool called Weeber Crunchyroll Checker designed to process credential lists against Crunchyroll accounts. The tool features real-time output and is designed for fast processing of combo-style credential datasets to potentially gain unauthorized access to streaming accounts.
Date: 2026-04-13T22:44:40Z
Network: openweb
Published URL: https://demonforums.net/Thread-Weeber-Crunchyroll-Checker-by-Soud–200348
Screenshots:
None
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Entertainment
Victim Organization: Crunchyroll
Victim Site: crunchyroll.com
Alleged leak of mixed email provider credentials
Category: Combo List
Content: A threat actor shared a combolist containing 120,000 email and password combinations from various providers including AOL, Yahoo, Hotmail, and Outlook across multiple countries. The actor also advertises selling additional credential lists via Telegram.
Date: 2026-04-13T22:44:31Z
Network: openweb
Published URL: https://crackingx.com/threads/72008/
Screenshots:
None
Threat Actors: steeve75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credentials combolist containing 5,502 records
Category: Combo List
Content: Threat actor NEW_DAISYCLOUD shared a password-protected archive containing 5,502 credential logs via file sharing service. The data is described as fresh logs dated April 13th and made available for free download on a cracking forum.
Date: 2026-04-13T22:44:16Z
Network: openweb
Published URL: https://crackingx.com/threads/72009/
Screenshots:
None
Threat Actors: NEW_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of cracked Sherlock investigation software
Category: Data Leak
Content: Forum post advertising free download of cracked FlyPaper Sherlock 3.5.0 investigation software with detailed feature descriptions and capabilities.
Date: 2026-04-13T22:43:59Z
Network: openweb
Published URL: https://crackingx.com/threads/72007/
Screenshots:
None
Threat Actors: GoRainCC
Victim Country: Unknown
Victim Industry: Software/Technology
Victim Organization: FlyPaper
Victim Site: Unknown
Alleged leak of stealer logs containing credentials
Category: Logs
Content: Threat actor UP_DAISYCLOUD distributed 5,502 fresh stealer logs dated April 13th via file sharing platform, advertising daily uploads of stolen credentials through Telegram channel.
Date: 2026-04-13T22:43:50Z
Network: openweb
Published URL: https://darkforums.su/Thread-%F0%9F%9A%80-5502-LOGS-CLOUD-%E2%98%81-13-APRIL-%E2%9D%A4%EF%B8%8F-FRESH-LOGS%E2%9D%97%EF%B8%8F
Screenshots:
None
Threat Actors: UP_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach and Extortion of RockStar Games by ShinyHunters via Third-Party Vendor Anodot
Category: Data Breach
Content: The ShinyHunters extortion group reportedly compromised RockStar Games through a third-party analytics vendor, Anodot, stealing business metrics and financial records. ShinyHunters demanded $200,000 or threatened to leak the data. RockStar Games declined to pay, as the stolen data was anonymized financial/sales records (no customer PII). The leaked data includes regional sales figures, pricing models, support ticket metrics, and in-game purchase data — all anonymized. The leak was subsequently published after RockStar refused to pay the ransom.
Date: 2026-04-13T22:25:28Z
Network: telegram
Published URL: https://t.me/vxunderground/8708
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Gaming
Victim Organization: RockStar Games
Victim Site: Unknown
Alleged sale of Binance credentials and government email access
Category: Data Breach
Content: Threat actor is selling 23 Binance account credentials (email and password) for $8, claiming each account contains minimum $11 in cryptocurrency. Also offering Google Voice accounts for $3 and government email access for $5-100.
Date: 2026-04-13T22:23:06Z
Network: openweb
Published URL: https://breached.st/threads/selling-binance-data-google-voice-cheap.85988/unread
Screenshots:
None
Threat Actors: superduper1
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Binance
Victim Site: binance.com
Alleged distribution of credential combolist targeting multiple streaming and gaming platforms
Category: Combo List
Content: Threat actor Ra-Zi distributed a combolist containing 120,000 email-password combinations allegedly targeting Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify accounts. The actor also advertises selling additional credential lists through Telegram contact.
Date: 2026-04-13T22:21:50Z
Network: openweb
Published URL: https://demonforums.net/Thread-120k-Fresh-HQ-Combolist-Email-Pass-Netflix-Minecraft-Uplay-Steam-Hulu-spotify–200345
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Entertainment
Victim Organization: Multiple platforms
Victim Site: Unknown
Alleged distribution of cracked Site Modeller Pro 2026 software
Category: Initial Access
Content: Forum post distributing cracked version of Site Modeller Pro 2026, a professional terrain design software developed by Digi-Ants for civil engineers and site designers.
Date: 2026-04-13T22:21:25Z
Network: openweb
Published URL: https://crackingx.com/threads/72002/
Screenshots:
None
Threat Actors: GoRainCC
Victim Country: Unknown
Victim Industry: Software
Victim Organization: Digi-Ants
Victim Site: Unknown
Alleged leak of Hotmail and Outlook credentials
Category: Combo List
Content: Forum user distributed a combolist containing 1,428 Hotmail and Outlook email credentials as a free download.
Date: 2026-04-13T22:21:19Z
Network: openweb
Published URL: https://crackingx.com/threads/72004/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of Domain Hunter Gatherer Pro cracking software
Category: Initial Access
Content: Forum post distributing cracked version of Domain Hunter Gatherer Pro 3.5, a commercial domain research and SEO software tool. The software is being made available for free download on a cracking forum.
Date: 2026-04-13T22:21:08Z
Network: openweb
Published URL: https://crackingx.com/threads/72003/
Screenshots:
None
Threat Actors: GoRainCC
Victim Country: Unknown
Victim Industry: Software
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of 7373 Government Email Credentials from Brazil and Zambia (Police, Military, Prison Admin)
Category: Initial Access
Content: ShinyHunters is offering for sale 7,373 alleged government email login credentials from Brazil and Zambia, claiming 80% validity. The affected sectors include Police, Military, and Prison Administration. The seller states the price is negotiable via DM and accepts escrow. Contact handle: @wattacalller.
Date: 2026-04-13T22:14:58Z
Network: telegram
Published URL: https://t.me/c/3737716184/1158
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Brazil
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of 73K Government Email Credentials from Brazil and Zambia by ShinyHunters
Category: Initial Access
Content: ShinyHunters is offering for sale a set of approximately 73,000 government email credentials claimed to be 80% valid logins. The data allegedly covers government entities in Brazil and Zambia, including police, military, and prison administration. The seller states the price is negotiable and accepts escrow. Contact via Telegram handle @wattacalller.
Date: 2026-04-13T22:11:07Z
Network: telegram
Published URL: https://t.me/c/3737716184/1157
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Brazil, Zambia
Victim Industry: Government
Victim Organization: Government Entities (Police, Military, Prison Administration)
Victim Site: Unknown
Alleged distribution of cracked CAD software tools
Category: Data Leak
Content: Forum post distributing cracked versions of Digi-Ants Block Attribute Editor and PDF Publisher CAD software tools for free download.
Date: 2026-04-13T21:58:05Z
Network: openweb
Published URL: https://crackingx.com/threads/72000/
Screenshots:
None
Threat Actors: GoRainCC
Victim Country: Unknown
Victim Industry: Software
Victim Organization: Digi-Ants
Victim Site: Unknown
Alleged distribution of cracked Sheet Set Revision Manager 2.3.0 CAD software
Category: Data Leak
Content: Forum post offering free download of cracked Sheet Set Revision Manager 2.3.0 CAD management software with detailed feature descriptions and usage instructions.
Date: 2026-04-13T21:57:46Z
Network: openweb
Published URL: https://crackingx.com/threads/72001/
Screenshots:
None
Threat Actors: GoRainCC
Victim Country: Unknown
Victim Industry: Software
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Zmuth.com
Category: Data Breach
Content: Zmuth.com, a digital marketing and online business services website, allegedly suffered a data breach in April 2026. The leaked data reportedly includes emails, phone numbers, physical addresses, WhatsApp IDs, and WhatsApp message logs totaling approximately 40,000 records.
Date: 2026-04-13T21:56:51Z
Network: openweb
Published URL: https://pwnforums.st/Thread-ro-%C2%A0-Zmuth-com
Screenshots:
None
Threat Actors: Tanaka
Victim Country: Unknown
Victim Industry: Digital Marketing
Victim Organization: Zmuth
Victim Site: zmuth.com
Alleged leak of Hotmail credentials combolist
Category: Logs
Content: A threat actor shared a combolist containing 30,000 allegedly fresh Hotmail email and password combinations on an underground forum.
Date: 2026-04-13T21:48:49Z
Network: openweb
Published URL: https://xforums.st/threads/30-000-hotmail-fresh-combolist.606885/
Screenshots:
None
Threat Actors: VegaMoon
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a list containing 6,623 Hotmail email and password combinations on a cybercrime forum. The credentials are described as fresh, suggesting they may be recently obtained or validated.
Date: 2026-04-13T21:35:36Z
Network: openweb
Published URL: https://crackingx.com/threads/71999/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of 247falcon.ro Romanian database
Category: Data Breach
Content: Threat actor fent888 is allegedly selling a Romanian database from 247falcon.ro containing 23,782 records with personal information including names, phone numbers, addresses, and postal codes for $100.
Date: 2026-04-13T21:34:20Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-247falcon-ro-23-7k
Screenshots:
None
Threat Actors: fent888
Victim Country: Romania
Victim Industry: Unknown
Victim Organization: 247falcon.ro
Victim Site: 247falcon.ro
Alleged leak of French credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 1.4 million email and password combinations allegedly from French sources, dated April 13, 2026. The credentials are being distributed through a hidden content section and promoted via Telegram channel.
Date: 2026-04-13T21:15:00Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-1-482-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-France-%E2%9C%AA-13-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of stolen credit cards via Telegram
Category: Cyber Attack
Content: User Coleman is advertising what appears to be stolen or fraudulent credit cards (CC), claiming 24/7 availability, 100% validity, and high balances. The seller is directing buyers to the Telegram channel t.me/genhaosan123.
Date: 2026-04-13T21:13:50Z
Network: telegram
Published URL: https://t.me/c/2613583520/62002
Screenshots:
None
Threat Actors: Coleman
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: t.me/genhaosan123
Alleged leak of German credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing approximately 547,000 credential pairs allegedly from German sources. The credentials are branded as Elite_Cloud1 and dated April 13, 2026.
Date: 2026-04-13T21:13:39Z
Network: openweb
Published URL: https://demonforums.net/Thread-NUM-PASS-%E2%9C%AA-547-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Germany-%E2%9C%AA-13-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Indian credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 246,000 email and password combinations allegedly from Indian sources. The credentials are claimed to be fresh and high quality, distributed through a hidden content section requiring forum registration.
Date: 2026-04-13T21:12:24Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-246-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-India-%E2%9C%AA-13-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Indonesian credential combolist
Category: Combo List
Content: Threat actor shared a credential combolist containing over 246,000 email and password combinations allegedly from Indonesian sources. The data is described as fresh and high quality, with additional resources available through a Telegram channel.
Date: 2026-04-13T21:11:24Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-246-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Indonesia-%E2%9C%AA-13-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mail access, combolists, and cracking tools across multiple countries
Category: Initial Access
Content: A threat actor operating as D4RCK MAGICIAN is advertising mail access for sale across multiple countries including France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, and Japan. The offering includes configs/scripts, tools, credential hits/combos, and custom requests. Contact is via Telegram handle @D4RCKMAGICIAN.
Date: 2026-04-13T21:10:37Z
Network: telegram
Published URL: https://t.me/c/2613583520/62025
Screenshots:
None
Threat Actors: D4RCK MAGICIAN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hungarian credentials combolist
Category: Combo List
Content: Threat actor shared a credential list containing over 135,000 email and password combinations allegedly from Hungary. The combolist is described as fresh and high quality.
Date: 2026-04-13T21:10:33Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-135-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Hungary-%E2%9C%AA-13-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Hungary
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Greek credentials combolist
Category: Combo List
Content: Threat actor shared a combolist containing over 63,000 email:password combinations allegedly from Greek users. The credential list is described as fresh and high quality, with access provided through hidden content requiring forum registration.
Date: 2026-04-13T21:10:01Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-63-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Greece-%E2%9C%AA-13-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Greece
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Finnish credentials combolist
Category: Combo List
Content: A threat actor shared a credential list containing over 12,000 email and password combinations allegedly from Finland. The combolist is described as fresh and high quality and was made available for free download.
Date: 2026-04-13T21:09:34Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-12-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Finland-%E2%9C%AA-13-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Finland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of compromised email accounts and web hosting access
Category: Initial Access
Content: Threat actor advertises various compromised email accounts including Office 365, webmail services, and hacked web hosting access including cPanel shells and SMTP servers through Telegram channel.
Date: 2026-04-13T21:08:46Z
Network: openweb
Published URL: https://crackingx.com/threads/71998/
Screenshots:
None
Threat Actors: asfshe224
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Adobe database
Category: Data Leak
Content: A threat actor shared a 2.93 GB Adobe database file for free download, claiming it is a repost from old breach forums. The file is being distributed through AnonFiles without any specified cost.
Date: 2026-04-13T20:47:40Z
Network: openweb
Published URL: https://breached.st/threads/database-adobe-2025.85985/unread
Screenshots:
None
Threat Actors: Niwa62
Victim Country: United States
Victim Industry: Technology
Victim Organization: Adobe
Victim Site: adobe.com
Alleged sale of mail access, combolists, and cracking tools across multiple countries
Category: Initial Access
Content: A threat actor operating as D4RCK (@D4RCKMAGICIAN) is advertising mail access for accounts across France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, and Japan. The offering includes configs/scripts, cracking tools, credential hits/combos, with custom requests available. Contact is via Telegram handle @D4RCKMAGICIAN.
Date: 2026-04-13T20:46:04Z
Network: telegram
Published URL: https://t.me/c/2613583520/62005
Screenshots:
None
Threat Actors: D4RCK
Victim Country: Unknown
Victim Industry: Multiple / Email Providers
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 1.15 million credential pairs targeting German users through a file sharing platform.
Date: 2026-04-13T20:45:59Z
Network: openweb
Published URL: https://crackingx.com/threads/71997/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach claims by ShinyHunters threat actor targeting multiple major corporations
Category: Data Breach
Content: The threat actor known as ShinyHunters posted contact verification details including a new PGP key, Telegram handle (@shinyc0rpsss), email, Tox ID, and Session ID. They claim to possess data from numerous high-profile organizations including Salesforce, Cisco, AT&T, Ticketmaster, Microsoft, Google, Victorias Secret, CrowdStrike, and Santander. The actor also warns against impersonators (Mattys Savoie & James) who allegedly misused their PGP key for ransom purposes.
Date: 2026-04-13T20:39:49Z
Network: telegram
Published URL: https://t.me/c/3500620464/6773
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Multiple – Technology, Telecommunications, Retail, Financial Services, Cybersecurity
Victim Organization: Salesforce, Cisco, AT&T, Ticketmaster, Microsoft, Google, Victorias Secret, CrowdStrike, Santander
Victim Site: Unknown
Alleged data breach of Rockstar Games exposing internal sales transaction records
Category: Data Breach
Content: Threat actor ShinyHunters has posted what appears to be internal Rockstar Games sales transaction data, including first and last documented sales records, total earnings of over $5 billion across a decade (2014-2024), platform details (Xbox One, Xbox Series X), regional breakdowns (Asia, EMEA, North America), and individual purchase amounts including a single transaction of over $1 million. The data appears to reference GTA V / GTA Online in-game currency (Shark Card) purchases such as Megalodon packages.
Date: 2026-04-13T20:39:34Z
Network: telegram
Published URL: https://t.me/c/3737716184/1151
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Gaming
Victim Organization: Rockstar Games
Victim Site: Unknown
Alleged leak of German email credentials
Category: Logs
Content: A threat actor allegedly leaked 54,000 German email credentials with full access. The credentials are described as valid and specifically target German users.
Date: 2026-04-13T20:36:42Z
Network: openweb
Published URL: https://xforums.st/threads/54k-germany-full-valid-mail-access-13-04.606880/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of US email credentials
Category: Logs
Content: A threat actor shared a combolist containing 2,600 allegedly valid US email credentials on an underground forum. The credentials are claimed to be of top quality and dated April 13th.
Date: 2026-04-13T20:36:06Z
Network: openweb
Published URL: https://xforums.st/threads/2-6k-usa-full-valid-mail-access-top-quality-13-04.606881/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged mass data breach claims by ShinyHunters targeting multiple major corporations
Category: Data Breach
Content: The ShinyHunters threat actor group is claiming to possess data from numerous high-profile organizations including Salesforce, Cisco, AT&T, Ticketmaster, Microsoft, Google, Victorias Secret, CrowdStrike, and Santander. No specific details, samples, or pricing were provided. The post includes a photo attachment and a humorous disclaimer distancing the group from government affiliation.
Date: 2026-04-13T20:31:57Z
Network: telegram
Published URL: https://t.me/c/3737716184/1145
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Technology, Telecommunications, Financial Services, Retail
Victim Organization: Salesforce, Cisco, AT&T, Ticketmaster, Microsoft, Google, Victorias Secret, CrowdStrike, Santander
Victim Site: Unknown
Alleged Sale of Salesforce Complete Ecosystem Access and Stolen Data by ShinyHunters
Category: Data Breach
Content: ShinyHunters is advertising multiple tiers of stolen data and system access for sale. Offerings include: a Files Cloud with 9.1M files from Salesforce databases (2024-2026) priced at $10,000 lifetime; a ransom database with 1M files at $5,000 lifetime; a Whale Private collection of 3.39 billion files from CDN/RF/BF sources at $3,000 lifetime; and a claimed full Salesforce ecosystem access including VPN, server, backend, and source code priced at $25M. The actor also claims possession of 3M+ Cisco source code files. The post includes a PGP key for verification, onion DLS link, and contact details via Telegram, email, Tox, and Session. The actor warns against impersonators misusing their PGP key.
Date: 2026-04-13T20:23:32Z
Network: telegram
Published URL: https://t.me/c/3737716184/1137
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Technology / Cloud Services
Victim Organization: Salesforce
Victim Site: salesforce.com
Alleged Sale of Full Access to Salesforce Complete Ecosystem by ShinyHunters
Category: Initial Access
Content: Threat actor ShinyHunters is claiming to have full access to the entire Salesforce ecosystem, including all major cloud products (Sales Cloud, Service Cloud, Marketing Cloud, Commerce Cloud, etc.), platform tools, AI/automation systems, integrations, and source code. The actor claims VPN/server access, backend access, and source code, offering everything for $25 million. Contact is provided via Session, Telegram (@shinyc0rpsss), email ([email protected]), and Tox. A PGP key is referenced via Pastebin for identity verification.
Date: 2026-04-13T20:23:14Z
Network: telegram
Published URL: https://t.me/c/3500620464/6783
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Technology / SaaS / CRM
Victim Organization: Salesforce
Victim Site: salesforce.com
Alleged Sale of Stolen Data Collections by ShinyHunters Including Salesforce Databases and Ransom Files
Category: Data Breach
Content: The threat actor ShinyHunters is advertising multiple data collections for sale via Telegram: (1) ShinyHunters Files Cloud containing 9,133,199 files described as Salesforce databases from 2024-2026 for $10,000 lifetime access; (2) a Pay or leaks ransom database with 1,029,903 files for $5,000 lifetime access; (3) a Whale private collection of 3,390,419,199 files from various CDN/RF/BF sources for $3,000 lifetime access. The post also references a scattered LAPSUS$ hunters part 9 channel containing 3M+ Cisco source code. The actor provides a PGP key, Telegram handle (@shinyc0rpsss), email, Tox ID, Session ID, and a dark web DLS onion link.
Date: 2026-04-13T20:07:43Z
Network: telegram
Published URL: https://t.me/c/3500620464/6776
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Technology, Multiple Sectors
Victim Organization: Salesforce, Cisco (among others)
Victim Site: Unknown
Alleged Sale of Stolen Data Collections by ShinyHunters Including Salesforce Databases and Cisco Source Code
Category: Data Breach
Content: The ShinyHunters threat actor is advertising multiple paid Telegram-based data repositories: (1) ShinyHunters Files Cloud containing 9.1M+ files of Salesforce databases from 2024-2026 for $10,000 lifetime access; (2) Pay or leaks ransom database with 1M+ files for $5,000 lifetime access; (3) Whale private collection of 3.39 billion files from various countries and companies (CDN/RF/BF) for $3,000 lifetime access. Additionally references a scattered LAPSUS$ hunters part 9 channel containing 3M+ Cisco source code files. An onion DLS link is also provided.
Date: 2026-04-13T20:04:30Z
Network: telegram
Published URL: https://t.me/c/3737716184/1130
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Salesforce, Cisco
Victim Site: Unknown
Alleged data breach of OfferteCartucce
Category: Data Breach
Content: Italian e-commerce company OfferteCartucce allegedly suffered a data breach in January 2026 exposing 229,000 users personal information including billing details, names, phone numbers, and email addresses. The breach was allegedly conducted by threat actor @888.
Date: 2026-04-13T20:03:41Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-offertecartucce-com
Screenshots:
None
Threat Actors: [Mod] Tanaka
Victim Country: Italy
Victim Industry: E-commerce
Victim Organization: OfferteCartucce
Victim Site: offertecartucce.com
Alleged leak of mixed email credential data
Category: Combo List
Content: A threat actor shared a combolist containing 81,000 mixed email credentials through a free download link on a cybercrime forum.
Date: 2026-04-13T19:59:38Z
Network: openweb
Published URL: https://crackingx.com/threads/71991/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 81,000 mixed email credentials via a file sharing service. The credentials appear to be from various sources and are being distributed for free download.
Date: 2026-04-13T19:59:19Z
Network: openweb
Published URL: https://crackingx.com/threads/71992/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credential combolists via PandaCloud service
Category: Combo List
Content: Threat actor Kokos2846q is distributing free email credential combolists through a Telegram channel called PandaCloud, claiming to add fresh databases daily with only relevant and latest data.
Date: 2026-04-13T19:59:02Z
Network: openweb
Published URL: https://crackingx.com/threads/71993/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged ShinyHunters Threat Actor Contact and PGP Key Verification Post
Category: Cyber Attack
Content: The threat actor known as ShinyHunters has posted their official contact details including a new PGP key (hosted on Pastebin), Telegram handle (@shinyc0rpsss), email ([email protected]), Tox ID, and Session ID. The post warns followers not to be deceived by individuals named Mattys Savoie & James who allegedly misused their PGP key for ransom purposes. This appears to be an identity verification and continuity post amid concerns of account/channel blocking.
Date: 2026-04-13T19:58:29Z
Network: telegram
Published URL: https://t.me/c/3737716184/1129
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Minecraft game databases
Category: Data Leak
Content: Threat actor australia shared 1,000 Minecraft-related database dumps for free download on cybercrime forum. The databases appear to contain game-related data from various Minecraft servers or services.
Date: 2026-04-13T19:57:40Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-1k-Minecraft-dbs
Screenshots:
None
Threat Actors: australia
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Unknown
Victim Site: Unknown
Alleged Ransomware Extortion and Data Leak of Rockstar Games by ShinyHunters
Category: Data Leak
Content: The ShinyHunters threat group claims to have compromised Rockstar Games Snowflake instances via SaaS integrator Anodot.com, exfiltrating 78.6M+ records. The group issued a final warning demanding $200,000 USD by April 14, 2026. After Rockstar allegedly refused to pay, ShinyHunters published the stolen data via a direct download link (http://91.215.85.22/pay_or_leak/shouldve_paid_the_ransom_rockstar_shinyhunters.7z). The group also claims to hold data from AT&T ($100k), TicketMaster ($75k), and multiple Salesforce datasets valued at $500k–$1M. The attack has been confirmed by Rockstar Games per Heise reporting. ShinyHunters provided PGP key, Telegram, email, Tox, and Session IDs for contact.
Date: 2026-04-13T19:51:39Z
Network: telegram
Published URL: https://t.me/c/3500620464/6766
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Gaming
Victim Organization: Rockstar Games
Victim Site: rockstargames.com
Alleged Data Breach and Leak of Rockstar Games Snowflake Data by ShinyHunters
Category: Data Breach
Content: Threat actor ShinyHunters claims to have compromised Rockstar Games Snowflake instances, allegedly obtaining 78.6M+ total records. The actor issued a pay or leak ultimatum with a deadline of April 14, 2026. Following apparent non-payment, ShinyHunters published a download link (http://91.215.85.22/pay_or_leak/shouldve_paid_the_ransom_rockstar_shinyhunters.7z) containing the alleged stolen data. The actor references Anodot.com as the SaaS integrator breach vector and expresses anger at Rockstar Games for dismissing the datas significance.
Date: 2026-04-13T19:51:31Z
Network: telegram
Published URL: https://t.me/c/3737716184/1123
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Gaming
Victim Organization: Rockstar Games
Victim Site: Unknown
Alleged data breach of Bila Tserkva City Council (Ukraine)
Category: Data Breach
Content: A threat actor operating under the handle Перун Сварога (Perun Svaroga) claims to have obtained a database from the Bila Tserkva City Council of Kyiv Oblast, Ukraine (bc-rada.gov.ua). The post describes it as a small database with data current as of April 2026. The content is being shared/distributed via the Telegram channel.
Date: 2026-04-13T19:47:26Z
Network: telegram
Published URL: https://t.me/c/2453363811/1336
Screenshots:
None
Threat Actors: Перун Сварога
Victim Country: Ukraine
Victim Industry: Government
Victim Organization: Bila Tserkva City Council
Victim Site: bc-rada.gov.ua
Alleged sale of multi-platform combolists, cookies, and logs
Category: Logs
Content: A threat actor is offering to sell (WTS) a wide range of credential combos, cookies, and stealer logs covering email providers (Hotmail, Comcast, Gmail, Yahoo, AOL), social media (Facebook, Instagram, Badoo, LinkedIn, TikTok), streaming services (Netflix, Disney), e-commerce platforms (Amazon, eBay, Shein, Vinted, Poshmark), financial services (PayPal), gaming (PSN, Xbox, Steam, Roblox), and travel/booking platforms (Airbnb, Booking, Aircanada, Marriott).
Date: 2026-04-13T19:35:37Z
Network: telegram
Published URL: https://t.me/c/2613583520/61974
Screenshots:
None
Threat Actors: tuzelity
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a file containing 12.4k Hotmail email credentials through a free download link on a cybercrime forum.
Date: 2026-04-13T19:33:42Z
Network: openweb
Published URL: https://crackingx.com/threads/71990/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sharing of credential databases and remote access collaboration
Category: Initial Access
Content: Threat actor offers access to desktop containing databases with over 90GB of email and password credentials through remote access software, seeking collaboration for profit sharing rather than direct sale.
Date: 2026-04-13T19:33:32Z
Network: openweb
Published URL: https://crackingx.com/threads/71989/
Screenshots:
None
Threat Actors: Kotowka
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 117,000 email credentials
Category: Logs
Content: A threat actor shared a credential list containing 117,000 email access credentials on an underground forum. The post was made in a section dedicated to mail access and combolists, indicating the leaked data consists of email login credentials.
Date: 2026-04-13T19:23:16Z
Network: openweb
Published URL: https://xforums.st/threads/117k-mail-access-good-list.606872/
Screenshots:
None
Threat Actors: Cir4Dk
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Multiple High-Profile Data Breaches by ShinyHunters (Rockstar, AT&T, TicketMaster, Salesforce)
Category: Data Breach
Content: The threat actor group ShinyHunters is advertising the sale of multiple stolen datasets including Rockstar Games data ($200,000 USD), AT&T data ($100,000 USD), TicketMaster data ($75,000 USD), and multiple Salesforce datasets priced between $500,000–$1,000,000 USD. The actor claims the data has not been previously posted on any channel or dark web blog. Contact details including a PGP key, Telegram handle (@shinyc0rpsss), email ([email protected]), Tox ID, and Session ID are provided. The post also warns against impersonators Mattys Savoie & James who allegedly misused their PGP key.
Date: 2026-04-13T19:21:15Z
Network: telegram
Published URL: https://t.me/shinyhuntersoff/67
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Entertainment, Telecommunications, Ticketing, Technology
Victim Organization: Rockstar Games, AT&T, TicketMaster, Salesforce
Victim Site: Unknown
Alleged Cyber Threat Against Rockstar Games by ShinyHunters
Category: Cyber Attack
Content: Threat actor ShinyHunters posted a threatening message directed at Rockstar Games, stating GOODBYEE ROCKSTAR SHITT, implying a retaliatory cyber attack or data leak is imminent following an apparent dispute.
Date: 2026-04-13T19:20:50Z
Network: telegram
Published URL: https://t.me/shinyhuntersoff/68
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Gaming
Victim Organization: Rockstar Games
Victim Site: Unknown
Alleged leak of email credential combolist
Category: Combo List
Content: A threat actor leaked a combolist containing 117,000 email and password combinations on a cybercriminal forum. The credentials are described as a good list for mail access.
Date: 2026-04-13T19:07:55Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-117k-Mail-Access-Good-List
Screenshots:
None
Threat Actors: Razly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
117k Mail Access Good List
Category: Combo List
Content: New thread posted by Cir4d: 117k Mail Access Good List
Date: 2026-04-13T19:06:26Z
Network: openweb
Published URL: https://crackingx.com/threads/71988/
Screenshots:
None
Threat Actors: Cir4d
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement campaign targeting Glow Store Argentina by maw3six
Category: Defacement
Content: Threat actor maw3six conducted a mass defacement campaign targeting the Glow Store e-commerce website in Argentina. The attack was part of a broader mass defacement operation rather than a targeted single-site attack.
Date: 2026-04-13T18:57:18Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248467
Screenshots:
None
Threat Actors: maw3six
Victim Country: Argentina
Victim Industry: Retail/E-commerce
Victim Organization: Glow Store
Victim Site: glow-store.com.ar
Website defacement of thinglo.com by maw3six
Category: Defacement
Content: Individual attacker maw3six defaced the website thinglo.com on April 13, 2026. The incident was archived as a single-page defacement with no identified team affiliation.
Date: 2026-04-13T18:57:14Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248468
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: thinglo.com
Mass defacement campaign against panduwarta.com by Irene (XmrAnonye.id team)
Category: Defacement
Content: Indonesian news website panduwarta.com was defaced by attacker Irene from the XmrAnonye.id team as part of a mass defacement campaign. This incident represents a redefacement of a previously compromised target running on Linux infrastructure.
Date: 2026-04-13T18:57:08Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248469
Screenshots:
None
Threat Actors: Irene, XmrAnonye.id
Victim Country: Indonesia
Victim Industry: Media/News
Victim Organization: Pandu Warta
Victim Site: panduwarta.com
Mass defacement campaign by maw3six targeting batavia.biz.id
Category: Defacement
Content: Indonesian business website batavia.biz.id was defaced by attacker maw3six as part of a mass defacement campaign on April 13, 2026. The attack targeted a specific page rather than the homepage and appears to be part of a broader coordinated defacement operation.
Date: 2026-04-13T18:57:02Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248470
Screenshots:
None
Threat Actors: maw3six
Victim Country: Indonesia
Victim Industry: Business/Commercial
Victim Organization: Batavia
Victim Site: batavia.biz.id
Mass defacement campaign by maw3six targeting Senegalese government infrastructure
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting the ggis.sn domain on April 13, 2026. The incident was part of a broader mass defacement operation rather than a targeted attack on a single website.
Date: 2026-04-13T18:56:55Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248471
Screenshots:
None
Threat Actors: maw3six
Victim Country: Senegal
Victim Industry: Government
Victim Organization: Unknown
Victim Site: ggis.sn
Mass website defacement campaign by maw3six targeting South African technology company
Category: Defacement
Content: Threat actor maw3six conducted a mass defacement attack against SnapTech, a South African technology company, on April 14, 2026. The attack was part of a broader mass defacement campaign rather than a targeted single-site attack.
Date: 2026-04-13T18:56:51Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248473
Screenshots:
None
Threat Actors: maw3six
Victim Country: South Africa
Victim Industry: Technology
Victim Organization: SnapTech
Victim Site: snaptech.co.za
Website defacement of Upturn Studio by maw3six
Category: Defacement
Content: The attacker maw3six defaced a specific page on the Upturn Studio website on April 13, 2026. The defacement targeted a single page rather than the homepage and was hosted on cloud infrastructure.
Date: 2026-04-13T18:56:43Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248472
Screenshots:
None
Threat Actors: maw3six
Victim Country: Australia
Victim Industry: Creative Services
Victim Organization: Upturn Studio
Victim Site: upturnstudio.com.au
Website defacement of mywidecareers.com by maw3six
Category: Defacement
Content: The career services website mywidecareers.com was defaced by the attacker maw3six on April 14, 2026. The defacement targeted a specific page (maw.html) on the Linux-hosted website.
Date: 2026-04-13T18:56:37Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248474
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Career Services
Victim Organization: My Wide Careers
Victim Site: mywidecareers.com
Mass website defacement by maw3six targeting nepalbrokers.com
Category: Defacement
Content: Threat actor maw3six conducted a mass defacement campaign targeting nepalbrokers.com on April 14, 2026. The attack was part of a broader mass defacement operation affecting multiple websites running on Linux systems.
Date: 2026-04-13T18:56:34Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248482
Screenshots:
None
Threat Actors: maw3six
Victim Country: Nepal
Victim Industry: Financial Services
Victim Organization: Nepal Brokers
Victim Site: nepalbrokers.com
Mass defacement targeting educational institutions by maw3six
Category: Defacement
Content: Mass defacement attack conducted by threat actor maw3six targeting educational examination systems. The attack compromised multiple sites rather than a single target, indicating a broader campaign against educational infrastructure.
Date: 2026-04-13T18:56:30Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248477
Screenshots:
None
Threat Actors: maw3six
Victim Country: Nepal
Victim Industry: Education
Victim Organization: Unknown
Victim Site: ubtexam.nepalaza.com
Mass website defacement by maw3six targeting Nepalese domain
Category: Defacement
Content: Mass defacement attack conducted by threat actor maw3six targeting the Nepalese website ankhwari.com.np on April 14, 2026. The attack was part of a broader mass defacement campaign rather than targeting a single site.
Date: 2026-04-13T18:56:21Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248486
Screenshots:
None
Threat Actors: maw3six
Victim Country: Nepal
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ankhwari.com.np
Mass website defacement by maw3six targeting windowshopping.nepalaza.com
Category: Defacement
Content: Mass defacement attack conducted by threat actor maw3six targeting the windowshopping.nepalaza.com e-commerce platform. The incident occurred on April 14, 2026 and was part of a broader mass defacement campaign rather than a targeted attack.
Date: 2026-04-13T18:56:15Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248476
Screenshots:
None
Threat Actors: maw3six
Victim Country: Nepal
Victim Industry: E-commerce
Victim Organization: Nepalaza
Victim Site: windowshopping.nepalaza.com
Mass website defacement by maw3six targeting shabdas.com.np
Category: Defacement
Content: The attacker maw3six conducted a mass defacement campaign targeting the website shabdas.com.np on April 14, 2026. This was part of a broader mass defacement operation rather than targeting the specific organization.
Date: 2026-04-13T18:56:09Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248478
Screenshots:
None
Threat Actors: maw3six
Victim Country: Nepal
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: shabdas.com.np
Mass website defacement campaign by maw3six targeting Nepalese transportation service
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting the Sawari Sewa transportation service website in Nepal. The defacement was part of a broader mass defacement operation rather than a targeted individual attack.
Date: 2026-04-13T18:56:04Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248479
Screenshots:
None
Threat Actors: maw3six
Victim Country: Nepal
Victim Industry: Transportation
Victim Organization: Sawari Sewa
Victim Site: sawarisewa.nepalaza.com
Mass website defacement by maw3six targeting financial services
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting the prototype website of Nepal Brokers, a financial services organization. The incident was part of a broader mass defacement operation rather than a targeted attack on the specific organization.
Date: 2026-04-13T18:55:59Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248480
Screenshots:
None
Threat Actors: maw3six
Victim Country: Nepal
Victim Industry: Financial Services
Victim Organization: Nepal Brokers
Victim Site: prototype.nepalbrokers.com
Mass defacement campaign by maw3six targeting sports organizations
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting the IndSports organization website on April 14, 2026. This was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-04-13T18:55:53Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248484
Screenshots:
None
Threat Actors: maw3six
Victim Country: India
Victim Industry: Sports
Victim Organization: IndSports
Victim Site: indisports.org
Mass website defacement by maw3six targeting eecosolutions.co.uk
Category: Defacement
Content: Threat actor maw3six conducted a mass defacement campaign targeting eecosolutions.co.uk on April 14, 2026. The attack was part of a broader mass defacement operation rather than a targeted assault on the environmental solutions company.
Date: 2026-04-13T18:55:49Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248489
Screenshots:
None
Threat Actors: maw3six
Victim Country: United Kingdom
Victim Industry: Environmental Services
Victim Organization: EECO Solutions
Victim Site: eecosolutions.co.uk
Mass website defacement by maw3six targeting telarcove.com
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting telarcove.com on April 14, 2026. The incident was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-04-13T18:55:45Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248488
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: telarcove.com
Website defacement of telarapi.telarcove.com by maw3six
Category: Defacement
Content: Threat actor maw3six defaced the telarapi.telarcove.com website on April 14, 2026. The attack targeted a Linux-based server and was documented with a mirror archive for preservation.
Date: 2026-04-13T18:55:39Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248487
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Telarcove
Victim Site: telarapi.telarcove.com
Mass defacement campaign by maw3six targeting multiple websites
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting multiple websites including jccr.sccdr.org on April 14, 2026. The attack affected a Linux-based server and was part of a broader mass defacement operation rather than a targeted attack on a specific organization.
Date: 2026-04-13T18:55:33Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248493
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: jccr.sccdr.org
Mass website defacement campaign by maw3six targeting chimeemmanuel.com
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting chimeemmanuel.com on April 14, 2026. The incident was part of a broader mass defacement operation rather than a targeted attack on a specific page.
Date: 2026-04-13T18:55:26Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248491
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: chimeemmanuel.com
173.380 Lines ➡️ Shopping Target HQ Germany De Combolist
Category: Combo List
Content: New thread posted by HQcomboSpace: 173.380 Lines ➡️ Shopping Target HQ Germany De Combolist
Date: 2026-04-13T18:47:15Z
Network: openweb
Published URL: https://crackingx.com/threads/71984/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
6K GOOD MIX COMBO MAIL ACCESS USA&POLAND
Category: Combo List
Content: New thread posted by karaokecloud: 6K GOOD MIX COMBO MAIL ACCESS USA&POLAND
Date: 2026-04-13T18:46:58Z
Network: openweb
Published URL: https://crackingx.com/threads/71987/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
PROXIESFOOD | UNLIMITED RESIDENTIAL PROXIES | 20$/DAY
Category: Alert
Content: New thread posted by ProxiesFood: PROXIESFOOD | UNLIMITED RESIDENTIAL PROXIES | 20$/DAY
Date: 2026-04-13T18:46:34Z
Network: openweb
Published URL: https://crackingx.com/threads/71985/
Screenshots:
None
Threat Actors: ProxiesFood
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
SELLING VIDAECOR.COM.BR FULL SOURCE & DATABASE
Category: Alert
Content: New thread posted by shootinghouse: SELLING VIDAECOR.COM.BR FULL SOURCE & DATABASE
Date: 2026-04-13T18:27:59Z
Network: openweb
Published URL: https://breached.st/threads/selling-vidaecor-com-br-full-source-database.85984/unread
Screenshots:
None
Threat Actors: shootinghouse
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass website defacement by CyberOprationCulture targeting dreamsmarketplace.com subdomain
Category: Defacement
Content: The threat actor CAC./Ohang from the CyberOprationCulture team conducted a mass defacement attack targeting a WordPress subdomain of Dreams Marketplace. This appears to be part of a broader mass defacement campaign rather than a targeted attack on a specific organization.
Date: 2026-04-13T18:21:42Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248494
Screenshots:
None
Threat Actors: CAC./Ohang, CyberOprationCulture
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Dreams Marketplace
Victim Site: listee-wp.dreamsmarketplace.com
CAC./Ohang defaced listee-wp.dreamsmarketplace.com
Category: Defacement
Content: Target: https://listee-wp.dreamsmarketplace.com/Attacker: CAC./OhangTeam: CyberOprationCultureDate: 2026-04-14 01:10:46OS: CloudFlags: Mass Defacement (IP: 188.114.96.3)
Date: 2026-04-13T18:16:05Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248494
Screenshots:
None
Threat Actors: CAC./Ohang, CyberOprationCulture
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: listee-wp.dreamsmarketplace.com
[x2563] HOTMAIL PRIVATE
Category: Combo List
Content: New thread posted by FlashCloud2: [x2563] HOTMAIL PRIVATE
Date: 2026-04-13T18:05:33Z
Network: openweb
Published URL: https://crackingx.com/threads/71982/
Screenshots:
None
Threat Actors: FlashCloud2
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
⭐️URL:LOG:PASS | 23.16 M | ✅ ULP.DAXUS.PRO | UHQ+⭐️
Category: Logs
Content: New thread posted by Daxus: ⭐️URL:LOG:PASS | 23.16 M | ✅ ULP.DAXUS.PRO | UHQ+⭐️
Date: 2026-04-13T18:03:43Z
Network: openweb
Published URL: https://pwnforums.st/Thread-URL-LOGIN-PASS-%E2%AD%90%EF%B8%8FURL-LOG-PASS-23-16-M-%E2%9C%85-ULP-DAXUS-PRO-UHQ-%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of stolen credit cards via Telegram
Category: Initial Access
Content: A threat actor operating as Coleman is advertising stolen or fraudulent credit cards described as 100% alive with high balances, available 24/7. The seller is directing buyers to the Telegram channel t.me/genhaosan123.
Date: 2026-04-13T17:50:18Z
Network: telegram
Published URL: https://t.me/c/2613583520/61899
Screenshots:
None
Threat Actors: Coleman
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Ginlong (Solis)
Category: Alert
Content: New thread posted by s1ethx7z: Ginlong (Solis)
Date: 2026-04-13T17:47:52Z
Network: openweb
Published URL: https://breached.st/threads/ginlong-solis.85982/unread
Screenshots:
None
Threat Actors: s1ethx7z
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
496 Mix valid
Category: Combo List
Content: New thread posted by satoshik1337: 496 Mix valid
Date: 2026-04-13T17:46:39Z
Network: openweb
Published URL: https://crackingx.com/threads/71979/
Screenshots:
None
Threat Actors: satoshik1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
496 Mix valid
Category: Combo List
Content: New thread posted by satoshik1337: 496 Mix valid
Date: 2026-04-13T17:46:06Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-496-Mix-valid
Screenshots:
None
Threat Actors: satoshik1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
⚡⚡ 4719x PREMIUM MIX MAIL HITS⚡⚡
Category: Combo List
Content: New thread posted by alphaxdd: ⚡⚡ 4719x PREMIUM MIX MAIL HITS⚡⚡
Date: 2026-04-13T17:45:51Z
Network: openweb
Published URL: https://crackingx.com/threads/71980/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
⚡⚡ 4719x PREMIUM MIX MAIL HITS⚡⚡
Category: Combo List
Content: New thread posted by alphaxdd: ⚡⚡ 4719x PREMIUM MIX MAIL HITS⚡⚡
Date: 2026-04-13T17:45:40Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9A%A1%E2%9A%A1-4719x-PREMIUM-MIX-MAIL-HITS%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
maw3six defaced chimeemmanuel.com
Category: Defacement
Content: Target: https://chimeemmanuel.com/maw.htmlAttacker: maw3sixDate: 2026-04-14 00:32:27OS: LinuxFlags: Mass Defacement (IP: 198.187.31.225)
Date: 2026-04-13T17:42:30Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248491
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: chimeemmanuel.com
maw3six defaced jccr.sccdr.org
Category: Defacement
Content: Target: https://jccr.sccdr.org/maw.htmlAttacker: maw3sixDate: 2026-04-14 00:32:30OS: LinuxFlags: Mass Defacement (IP: 198.187.31.225)
Date: 2026-04-13T17:41:37Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248493
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: jccr.sccdr.org
Mass defacement of ecrschools.com by maw3six
Category: Defacement
Content: On April 14, 2026, threat actor maw3six conducted a mass defacement attack targeting ecrschools.com, an educational organizations website. The attack was not a home page defacement but affected multiple pages across the site.
Date: 2026-04-13T17:40:40Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248490
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Education
Victim Organization: ECR Schools
Victim Site: ecrschools.com
maw3six defaced telarapi.telarcove.com
Category: Defacement
Content: Target: https://telarapi.telarcove.com/maw.htmlAttacker: maw3sixDate: 2026-04-14 00:32:16OS: Linux
Date: 2026-04-13T17:39:52Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248487
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: telarapi.telarcove.com
maw3six defaced telarcove.com
Category: Defacement
Content: Target: https://telarcove.com/maw.htmlAttacker: maw3sixDate: 2026-04-14 00:32:21OS: LinuxFlags: Mass Defacement (IP: 198.187.31.225)
Date: 2026-04-13T17:38:45Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248488
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: telarcove.com
Mass website defacement by maw3six targeting sccdr.org
Category: Defacement
Content: Threat actor maw3six conducted a mass defacement campaign targeting sccdr.org on April 14, 2026. The attack was part of a broader mass defacement operation rather than a targeted single-site compromise.
Date: 2026-04-13T17:38:04Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248492
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: sccdr.org
maw3six defaced eecosolutions.co.uk
Category: Defacement
Content: Target: https://eecosolutions.co.uk/maw.htmlAttacker: maw3sixDate: 2026-04-14 00:32:24OS: LinuxFlags: Mass Defacement (IP: 198.187.31.225)
Date: 2026-04-13T17:36:59Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248489
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: eecosolutions.co.uk
maw3six defaced indisports.org
Category: Defacement
Content: Target: https://indisports.org/maw.htmlAttacker: maw3sixDate: 2026-04-14 00:20:12OS: LinuxFlags: Mass Defacement (IP: 190.92.174.24)
Date: 2026-04-13T17:31:05Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248484
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: indisports.org
maw3six defaced prototype.nepalbrokers.com
Category: Defacement
Content: Target: https://prototype.nepalbrokers.com/maw.htmlAttacker: maw3sixDate: 2026-04-14 00:20:06OS: LinuxFlags: Mass Defacement (IP: 188.114.96.3)
Date: 2026-04-13T17:30:20Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248480
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: prototype.nepalbrokers.com
maw3six defaced sawarisewa.nepalaza.com
Category: Defacement
Content: Target: https://sawarisewa.nepalaza.com/maw.htmlAttacker: maw3sixDate: 2026-04-14 00:20:04OS: LinuxFlags: Mass Defacement (IP: 190.92.174.24)
Date: 2026-04-13T17:29:24Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248479
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: sawarisewa.nepalaza.com
maw3six defaced shabdas.com.np
Category: Defacement
Content: Target: https://shabdas.com.np/maw.htmlAttacker: maw3sixDate: 2026-04-14 00:20:03OS: LinuxFlags: Mass Defacement (IP: 190.92.174.24)
Date: 2026-04-13T17:28:33Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248478
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: shabdas.com.np
maw3six defaced windowshopping.nepalaza.com
Category: Defacement
Content: Target: https://windowshopping.nepalaza.com/maw.htmlAttacker: maw3sixDate: 2026-04-14 00:19:59OS: LinuxFlags: Mass Defacement (IP: 190.92.174.24)
Date: 2026-04-13T17:27:44Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248476
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: windowshopping.nepalaza.com
maw3six defaced ankhwari.com.np
Category: Defacement
Content: Target: https://ankhwari.com.np/maw.htmlAttacker: maw3sixDate: 2026-04-14 00:20:15OS: LinuxFlags: Mass Defacement (IP: 190.92.174.24)
Date: 2026-04-13T17:26:45Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248486
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ankhwari.com.np
maw3six defaced ubtexam.nepalaza.com
Category: Defacement
Content: Target: https://ubtexam.nepalaza.com/maw.htmlAttacker: maw3sixDate: 2026-04-14 00:20:02OS: LinuxFlags: Mass Defacement (IP: 190.92.174.24)
Date: 2026-04-13T17:25:52Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248477
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ubtexam.nepalaza.com
[705x] ⭐⭐ FRESH HQ HOTMAIL ⭐⭐
Category: Combo List
Content: New thread posted by KiwiShio: [705x] ⭐⭐ FRESH HQ HOTMAIL ⭐⭐
Date: 2026-04-13T17:25:44Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-705x-%E2%AD%90%E2%AD%90-FRESH-HQ-HOTMAIL-%E2%AD%90%E2%AD%90
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
maw3six defaced nepalbrokers.com
Category: Defacement
Content: Target: https://nepalbrokers.com/maw.htmlAttacker: maw3sixDate: 2026-04-14 00:20:09OS: LinuxFlags: Mass Defacement (IP: 188.114.97.3)
Date: 2026-04-13T17:25:14Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248482
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: nepalbrokers.com
Fresh Hotmail Only Full Valid PandaCloud
Category: Combo List
Content: New thread posted by Kokos2846q: Fresh Hotmail Only Full Valid PandaCloud
Date: 2026-04-13T17:20:39Z
Network: openweb
Published URL: https://crackingx.com/threads/71977/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement targeting Nepalese vehicle service website by maw3six
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting a Nepalese vehicle service companys website. The incident was part of a broader mass defacement operation rather than a targeted attack on this specific organization.
Date: 2026-04-13T17:19:27Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248475
Screenshots:
None
Threat Actors: maw3six
Victim Country: Nepal
Victim Industry: Automotive Services
Victim Organization: Raktakali Kavi Vehicle Service
Victim Site: raktakalikavehicleservice.com.np
maw3six defaced raktakalikavehicleservice.com.np
Category: Defacement
Content: Target: http://raktakalikavehicleservice.com.np/maw.htmlAttacker: maw3sixDate: 2026-04-14 00:06:35OS: LinuxFlags: Mass Defacement (IP: 190.92.174.24)
Date: 2026-04-13T17:13:49Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248475
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: raktakalikavehicleservice.com.np
maw3six defaced mywidecareers.com
Category: Defacement
Content: Target: http://mywidecareers.com/maw.htmlAttacker: maw3sixDate: 2026-04-14 00:02:05OS: Linux
Date: 2026-04-13T17:11:47Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248474
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: mywidecareers.com
135K HOTMAIL TARGETED COMBOLIST
Category: Combo List
Content: New thread posted by steeve75: 135K HOTMAIL TARGETED COMBOLIST
Date: 2026-04-13T17:07:51Z
Network: openweb
Published URL: https://crackingx.com/threads/71975/
Screenshots:
None
Threat Actors: steeve75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
maw3six defaced upturnstudio.com.au
Category: Defacement
Content: Target: https://upturnstudio.com.au/maw.htmlAttacker: maw3sixDate: 2026-04-13 23:56:12OS: Cloud
Date: 2026-04-13T17:04:53Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248472
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: upturnstudio.com.au
maw3six defaced snaptech.co.za
Category: Defacement
Content: Target: https://snaptech.co.za/maw.htmlAttacker: maw3sixDate: 2026-04-14 00:00:09OS: CloudFlags: Mass Defacement (IP: 104.21.53.194)
Date: 2026-04-13T17:02:24Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248473
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: snaptech.co.za
maw3six defaced ggis.sn
Category: Defacement
Content: Target: http://ggis.sn/maw.htmlAttacker: maw3sixDate: 2026-04-13 23:54:46Flags: Mass Defacement (IP: 54.36.31.145)
Date: 2026-04-13T16:56:32Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248471
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ggis.sn
Alleged sale of fresh infostealer logs with credentials and cookies across multiple countries
Category: Logs
Content: A threat actor identified as BBB is selling fresh infostealer logs containing email:password combinations and cookies for accounts across multiple countries including UK, DE, JP, NL, BR, PL, ES, US, and IT. The logs include access to major platforms such as Amazon, eBay, OfferUp, PSN, Booking.com, Uber, Poshmark, Alibaba, Walmart, Mercari, Neosurf, and Kleinanzeigen. The seller claims to operate a private cloud with valid webmails and offers inbox keyword searching.
Date: 2026-04-13T16:51:06Z
Network: telegram
Published URL: https://t.me/c/2613583520/61877
Screenshots:
None
Threat Actors: BBB
Victim Country: Unknown
Victim Industry: E-Commerce / Consumer Services
Victim Organization: Unknown
Victim Site: Unknown
maw3six defaced batavia.biz.id
Category: Defacement
Content: Target: https://batavia.biz.id/maw.htmlAttacker: maw3sixDate: 2026-04-13 23:39:36Flags: Mass Defacement (IP: 178.83.188.200)
Date: 2026-04-13T16:45:08Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248470
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: batavia.biz.id
❄️❄️ 1433x PREMIUM HOTMAIL HITS ❄️❄️
Category: Combo List
Content: New thread posted by alphaxdd: ❄️❄️ 1433x PREMIUM HOTMAIL HITS ❄️❄️
Date: 2026-04-13T16:42:45Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1433x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail Unique Combo_4_6000
Category: Combo List
Content: New thread posted by UniqueCombo: Hotmail Unique Combo_4_6000
Date: 2026-04-13T16:41:46Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-Hotmail-Unique-Combo-4-6000–200314
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
1.132.304 Lines ➡️ DE Germany Mixed Target Combolist
Category: Combo List
Content: New thread posted by HQcomboSpace: 1.132.304 Lines ➡️ DE Germany Mixed Target Combolist
Date: 2026-04-13T16:40:36Z
Network: openweb
Published URL: https://crackingx.com/threads/71964/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
3997 FULL VALID MIX MAIL ACCESS 13.04
Category: Combo List
Content: New thread posted by bigdatacombos: 3997 FULL VALID MIX MAIL ACCESS 13.04
Date: 2026-04-13T16:40:11Z
Network: openweb
Published URL: https://crackingx.com/threads/71966/
Screenshots:
None
Threat Actors: bigdatacombos
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
❄️❄️ 1433x PREMIUM HOTMAIL HITS ❄️❄️
Category: Combo List
Content: New thread posted by alphaxdd: ❄️❄️ 1433x PREMIUM HOTMAIL HITS ❄️❄️
Date: 2026-04-13T16:39:32Z
Network: openweb
Published URL: https://crackingx.com/threads/71972/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Eon Checker BETA – Multithreaded Mail Checker | IMAP + Outlook + GMX
Category: Alert
Content: New thread posted by satoshik1337: Eon Checker BETA – Multithreaded Mail Checker | IMAP + Outlook + GMX
Date: 2026-04-13T16:39:10Z
Network: openweb
Published URL: https://crackingx.com/threads/71969/
Screenshots:
None
Threat Actors: satoshik1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Irene defaced panduwarta.com
Category: Defacement
Content: Target: http://panduwarta.com/ireneAttacker: IreneTeam: XmrAnonye.idDate: 2026-04-13 23:35:43OS: LinuxFlags: Mass Defacement (IP: 202.10.43.78), Redefacement
Date: 2026-04-13T16:39:06Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248469
Screenshots:
None
Threat Actors: Irene, XmrAnonye.id
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: panduwarta.com
maw3six defaced thinglo.com
Category: Defacement
Content: Target: https://thinglo.com/maw.htmlAttacker: maw3sixDate: 2026-04-13 23:35:22
Date: 2026-04-13T16:37:17Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248468
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: thinglo.com
[FR] – Lesburgersdepapa.fr
Category: Alert
Content: New thread posted by Lure2810: [FR] – Lesburgersdepapa.fr
Date: 2026-04-13T16:37:09Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-FR-Lesburgersdepapa-fr
Screenshots:
None
Threat Actors: Lure2810
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged ShinyHunters Threat Actor Group Official Channel and Infrastructure Disclosure
Category: Data Breach
Content: ShinyHunters threat actor group has posted a channel introduction revealing their official web URL (shinyhunte.rs), a Tor onion blog address, and a new PGP key via Pastebin. The post includes a warning about impersonators (Mattys Savoie & James) who allegedly misused their PGP key for ransom. Contact handle listed as @shinyc0rpsss. The group operates under a pay or leak model indicating ransomware/data extortion activity.
Date: 2026-04-13T16:33:51Z
Network: telegram
Published URL: https://t.me/shinyhuntersoff/4
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
maw3six defaced glow-store.com.ar
Category: Defacement
Content: Target: https://glow-store.com.ar/maw.htmlAttacker: maw3sixDate: 2026-04-13 23:29:49OS: CloudFlags: Mass Defacement (IP: 172.67.222.26)
Date: 2026-04-13T16:31:14Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248467
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: glow-store.com.ar
Selling google voice and government emails for cheap.
Category: Alert
Content: New thread posted by superduper1: Selling google voice and government emails for cheap.
Date: 2026-04-13T16:19:25Z
Network: openweb
Published URL: https://breached.st/threads/selling-google-voice-and-government-emails-for-cheap.85980/unread
Screenshots:
None
Threat Actors: superduper1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of informaticacpu.com.br by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL threat actor defaced the Brazilian IT company Informatica CPUs website on April 13, 2026. The attack targeted a specific product page rather than the main homepage.
Date: 2026-04-13T15:57:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832566
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Brazil
Victim Industry: Information Technology
Victim Organization: Informatica CPU
Victim Site: informaticacpu.com.br
CYKOMNEPAL defaced informaticacpu.com.br/produto….
Category: Defacement
Content: Target: informaticacpu.com.br/produto….Attacker: CYKOMNEPALTeam: CYKOMNEPALDate: 2026-04-13 22:55:05
Date: 2026-04-13T15:56:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832566
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: informaticacpu.com.br/produto….
Alleged leak of Hotmail credentials and mixed account data
Category: Combo List
Content: Threat actor noir is distributing what they claim to be valid Hotmail credentials and mixed account data through their Telegram channel. The post advertises high-quality credential lists but does not specify pricing, suggesting free distribution.
Date: 2026-04-13T15:54:26Z
Network: openweb
Published URL: https://crackingx.com/threads/71962/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
⚡⚡ X2936 Valid UHQ Mix ⚡⚡
Category: Combo List
Content: New thread posted by Roronoa044: ⚡⚡ X2936 Valid UHQ Mix ⚡⚡
Date: 2026-04-13T15:54:22Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X2936-Valid-UHQ-Mix-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
[ ⚡⚡ 980x SAMPLE HOTMAIL ⚡⚡ ]
Category: Combo List
Content: New thread posted by HollowKnight07: [ ⚡⚡ 980x SAMPLE HOTMAIL ⚡⚡ ]
Date: 2026-04-13T15:53:50Z
Network: openweb
Published URL: https://crackingx.com/threads/71963/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Cyber Threat Against Saudi Arabian Infrastructure by Handala Hack
Category: Cyber Attack
Content: Handala Hack issued a warning to Saudi Arabian leadership, threatening to devastate Saudi infrastructure if they make a wrong move. The message is framed as revenge for political/religious grievances and serves as a renewed warning. This constitutes a credible threat against critical infrastructure from a known hacktivist threat actor.
Date: 2026-04-13T15:45:50Z
Network: telegram
Published URL: https://t.me/c/3548035165/297
Screenshots:
None
Threat Actors: HANDALA HACK
Victim Country: Saudi Arabia
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Tanzania ICT Commission events portal by T-XpLoiT
Category: Defacement
Content: Threat actor T-XpLoiT successfully defaced the events portal of Tanzanias ICT Commission on April 13, 2026. The attack targeted a government subdomain responsible for hosting event-related information and services.
Date: 2026-04-13T15:38:28Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248464
Screenshots:
None
Threat Actors: T-XpLoiT
Victim Country: Tanzania
Victim Industry: Government
Victim Organization: Tanzania Information and Communication Technologies Commission
Victim Site: events.ictc.go.tz
Mass defacement targeting Indonesian educational institution by T-XpLoiT
Category: Defacement
Content: T-XpLoiT conducted a mass defacement attack against an Indonesian Islamic schools examination portal. The attack targeted MTs Nurussyafaahs online examination system on April 13, 2026.
Date: 2026-04-13T15:38:21Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248465
Screenshots:
None
Threat Actors: T-XpLoiT
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTs Nurussyafaah
Victim Site: admujian.mtsnurussyafaah.sch.id
Mass defacement targeting Indonesian educational institutions by T-XpLoiT
Category: Defacement
Content: T-XpLoiT conducted a mass defacement campaign targeting Indonesian educational websites, including MTs Nurussyafaah Islamic School. The attack occurred on April 13, 2026, affecting the schools RDM subdomain as part of a broader campaign against multiple sites.
Date: 2026-04-13T15:38:15Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248466
Screenshots:
None
Threat Actors: T-XpLoiT
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTs Nurussyafaah Islamic School
Victim Site: rdm.mtsnurussyafaah.sch.id
Sendgrid.com Phishing Suite – Advanced Email Service Theft Solution
Category: Phishing
Content: New thread posted by NullPointerPanic: Sendgrid.com Phishing Suite – Advanced Email Service Theft Solution
Date: 2026-04-13T15:30:08Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-Sendgrid-com-Phishing-Suite-Advanced-Email-Service-Theft-Solution
Screenshots:
None
Threat Actors: NullPointerPanic
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
T-XpLoiT defaced rdm.mtsnurussyafaah.sch.id
Category: Defacement
Content: Target: https://rdm.mtsnurussyafaah.sch.id/Attacker: T-XpLoiTDate: 2026-04-13 22:21:04OS: LinuxFlags: Mass Defacement (IP: 103.102.153.36)
Date: 2026-04-13T15:26:58Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248466
Screenshots:
None
Threat Actors: T-XpLoiT
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: rdm.mtsnurussyafaah.sch.id
Alleged Cyber Attack on Two Major Gulf Steel Companies by Hanzala Group
Category: Cyber Attack
Content: The Iranian cyber group Hanzala (حنظله) claims to have conducted a large-scale cyber operation targeting two major steel industry companies in the Persian Gulf region: Fulat and SULB, based in Bahrain and Saudi Arabia respectively. The group claims both companies were fully compromised and taken offline. The targeted companies reportedly have a combined annual revenue exceeding $5 billion, annual steel production capacity of 2 million tons, and over 2,000 employees. Hanzala framed the attack as retaliation for actions against the Axis of Resistance and as revenge for fallen Hanzala hackers during the Ramadan War, as well as recent operations against people in southern Lebanon. The group issued further threats against regional leaders, warning this is only the beginning of a wave of retaliatory operations.
Date: 2026-04-13T15:21:13Z
Network: telegram
Published URL: https://t.me/c/1283513914/21187
Screenshots:
None
Threat Actors: حنظله
Victim Country: Bahrain, Saudi Arabia
Victim Industry: Steel / Manufacturing
Victim Organization: Fulat and SULB
Victim Site: Unknown
T-XpLoiT defaced admujian.mtsnurussyafaah.sch.id
Category: Defacement
Content: Target: https://admujian.mtsnurussyafaah.sch.id/Attacker: T-XpLoiTDate: 2026-04-13 22:19:04OS: LinuxFlags: Mass Defacement (IP: 103.102.153.36)
Date: 2026-04-13T15:20:58Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248465
Screenshots:
None
Threat Actors: T-XpLoiT
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: admujian.mtsnurussyafaah.sch.id
T-XpLoiT defaced events.ictc.go.tz
Category: Defacement
Content: Target: https://events.ictc.go.tz/deface.htmlAttacker: T-XpLoiTDate: 2026-04-13 22:13:44
Date: 2026-04-13T15:15:12Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248464
Screenshots:
None
Threat Actors: T-XpLoiT
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: events.ictc.go.tz
APPEL COMBO Mixed
Category: Combo List
Content: New thread posted by CODER: APPEL COMBO Mixed
Date: 2026-04-13T15:10:26Z
Network: openweb
Published URL: https://crackingx.com/threads/71961/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
EMPIREGPT
Category: Services
Content: New thread posted by JINKUSU: EMPIREGPT
Date: 2026-04-13T15:09:07Z
Network: openweb
Published URL: https://pwnforums.st/Thread-EMPIREGPT
Screenshots:
None
Threat Actors: JINKUSU
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Anthony, New Mexico, investigates cybersecurity incident
Category: Cyber Attack
Content: La ville dAnthony, au Nouveau-Mexique, mène une enquête suite à un incident de cybersécurité impliquant des dossiers publics manquants et des systèmes inaccessibles. Ces anomalies sont apparues lors de la transition vers la nouvelle administration du maire Gabriel Holguin, incluant leffacement de dispositifs de la police et des irrégularités dans les communications. Bien quun piratage externe ne soit pas confirmé, les autorités étatiques examinent actuellement la gestion de lintégrité des données et le contrôle des accès.
Date: 2026-04-13T15:06:18Z
Network: openweb
Published URL: https://dysruptionhub.com/anthony-nm-cybersecurity-incident/
Screenshots:
None
Threat Actors:
Victim Country: United States
Victim Industry: Unknown
Victim Organization: City of Anthony
Victim Site: cityofanthonynm.gov
Straumann meldet Cyberangriff auf Altsystem – Geschäftsbetrieb nicht betroffen
Category: Cyber Attack
Content: Lentreprise Straumann a déclaré quun ancien système utilisé pour des processus de contrôle interne entre 2021 et 2024 a subi une exposition de documents internes. Des experts en cybersécurité ont été mobilisés pour isoler lincident et les autorités compétentes ont été informées de la situation. Lorganisation précise que ses activités commerciales ainsi que les systèmes clients nont subi aucun impact.
Date: 2026-04-13T15:06:15Z
Network: openweb
Published URL: https://www.cash.ch/news/top-news/straumann-meldet-cyberangriff-auf-altsystem-geschaftsbetrieb-nicht-betroffen-927241
Screenshots:
None
Threat Actors:
Victim Country: Switzerland
Victim Industry: Unknown
Victim Organization: Straumann
Victim Site: straumann.com
Hotmail Unique Combo_3_6000
Category: Logs
Content: New thread posted by UniqueCombo: Hotmail Unique Combo_3_6000
Date: 2026-04-13T15:02:02Z
Network: openweb
Published URL: https://xforums.st/threads/hotmail-unique-combo_3_6000.606851/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
✦✦ [ 183 K++ ]✦{ Colombia }✦Email:Pass✦FRESH✦Maxi_Leaks✦[ 13-4-2026 ]✦✦
Category: Combo List
Content: New thread posted by CobraEgy: ✦✦ [ 183 K++ ]✦{ Colombia }✦Email:Pass✦FRESH✦Maxi_Leaks✦[ 13-4-2026 ]✦✦
Date: 2026-04-13T14:54:17Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-183-K-%E2%9C%A6-Colombia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-13-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
✦✦ [ 183 K++ ]✦{ Ecuador }✦Email:Pass✦FRESH✦Maxi_Leaks✦[ 13-4-2026 ]✦✦
Category: Combo List
Content: New thread posted by CobraEgy: ✦✦ [ 183 K++ ]✦{ Ecuador }✦Email:Pass✦FRESH✦Maxi_Leaks✦[ 13-4-2026 ]✦✦
Date: 2026-04-13T14:53:27Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-183-K-%E2%9C%A6-Ecuador-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-13-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Hotmail Unique Combo_3_6000
Category: Combo List
Content: New thread posted by UniqueCombo: Hotmail Unique Combo_3_6000
Date: 2026-04-13T14:52:32Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-Hotmail-Unique-Combo-3-6000–200289
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
✦✦ [ 47 K++ ]✦{ Denmark }✦Email:Pass✦FRESH✦Maxi_Leaks✦[ 13-4-2026 ]✦✦
Category: Combo List
Content: New thread posted by CobraEgy: ✦✦ [ 47 K++ ]✦{ Denmark }✦Email:Pass✦FRESH✦Maxi_Leaks✦[ 13-4-2026 ]✦✦
Date: 2026-04-13T14:51:36Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-47-K-%E2%9C%A6-Denmark-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-13-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
✦✦ [ 23 K++ ]✦{ Croatia }✦Email:Pass✦FRESH✦Maxi_Leaks✦[ 13-4-2026 ]✦✦
Category: Combo List
Content: New thread posted by CobraEgy: ✦✦ [ 23 K++ ]✦{ Croatia }✦Email:Pass✦FRESH✦Maxi_Leaks✦[ 13-4-2026 ]✦✦
Date: 2026-04-13T14:50:40Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-23-K-%E2%9C%A6-Croatia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-13-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Cuban credentials combolist
Category: Combo List
Content: Threat actor CobraEgy shared a credential combolist containing over 23,000 email and password combinations allegedly targeting Cuban users. The data is described as fresh and high quality, distributed through the Maxi_Leaks channel.
Date: 2026-04-13T14:49:43Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-19-K-%E2%9C%A6-Cuba-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-13-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Cuba
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Estonian credentials combolist
Category: Combo List
Content: Threat actor CobraEgy shared a combolist containing over 13,000 email and password combinations allegedly from Estonia. The credentials are described as fresh and high quality, distributed through the Maxi_Leaks channel.
Date: 2026-04-13T14:48:41Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-13-K-%E2%9C%A6-Estonia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-13-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Estonia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist
Category: Combo List
Content: A threat actor shared a mixed credential combolist containing login credentials from various sources. The content is hidden behind registration requirements on the forum.
Date: 2026-04-13T14:47:41Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9A%A1%E2%9A%A1-X1951-HQ-Mix-%E2%9A%A1%E2%9A%A1-BY-Steveee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor leaked a combolist containing 3.7 million mixed email credentials through a paste sharing service. The credentials are described as fresh and high quality mixed email combinations.
Date: 2026-04-13T14:45:50Z
Network: openweb
Published URL: https://crackingx.com/threads/71959/
Screenshots:
None
Threat Actors: NightFall
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged vulnerability exploitation attempts against Indonesian government and commercial websites
Category: Vulnerability
Content: A threat actor associated with Rakyat Digital Crew has shared what appears to be automated vulnerability scan results targeting multiple Indonesian organizations including the Ministry of Education (kemdikbud.go.id), Ministry of Finance (kemenkeu.go.id), BUMN recruitment portal (fhcibumn.id), Shopee Indonesia, and others. The post lists multiple vulnerability types including Open Redirect, Directory Traversal, Remote File Inclusion (RFI), and Command Injection, along with associated credentials (email/password pairs) for several government portals.
Date: 2026-04-13T14:45:39Z
Network: telegram
Published URL: https://t.me/c/3755871403/223
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: Indonesia
Victim Industry: Government, E-Commerce, Education
Victim Organization: Kementerian Pendidikan dan Kebudayaan, Kementerian Keuangan, FHCI BUMN, Shopee Indonesia, Universitas Nusa Cendana
Victim Site: kemdikbud.go.id, kemenkeu.go.id, fhcibumn.id, shopee.co.id, undana.ac.id, instagram.com
Hotmail Unique Combo_3_6000
Category: Combo List
Content: New thread posted by UniqueCombo: Hotmail Unique Combo_3_6000
Date: 2026-04-13T14:45:30Z
Network: openweb
Published URL: https://crackingx.com/threads/71960/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of INAP Guatemala government intranet by T-XpLoiT
Category: Defacement
Content: The attacker T-XpLoiT successfully defaced the internal intranet portal of Guatemalas National Institute of Public Administration (INAP) on April 13, 2026. The compromised system was running on a Linux operating system.
Date: 2026-04-13T14:39:55Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248463
Screenshots:
None
Threat Actors: T-XpLoiT
Victim Country: Guatemala
Victim Industry: Government
Victim Organization: Instituto Nacional de Administración Pública (INAP)
Victim Site: intranet.inap.gob.gt
Mass website defacement targeting Indonesian educational institution by T-XpLoiT
Category: Defacement
Content: T-XpLoiT conducted a mass defacement attack targeting the Indonesian teacher training college STKIP PGRI Sidoarjo on April 13, 2026. The attack was part of a broader mass defacement campaign rather than a targeted assault on the specific institution.
Date: 2026-04-13T14:28:21Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248462
Screenshots:
None
Threat Actors: T-XpLoiT
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: STKIP PGRI Sidoarjo
Victim Site: www.stkippgri-sidoarjo.ac.id
Alleged leak of Czech Republic credential list
Category: Combo List
Content: A threat actor shared a credential list containing over 272,000 email and password combinations targeting Czech Republic users. The combolist is described as fresh and high quality.
Date: 2026-04-13T14:25:05Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-272-K-%E2%9C%A6-Czech-Republic-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-13-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Czech Republic
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
?? 2965x MIX MAIL ??
Category: Combo List
Content: New thread posted by NotSellerXd: ?? 2965x MIX MAIL ??
Date: 2026-04-13T14:24:14Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-2965x-MIX-MAIL
Screenshots:
None
Threat Actors: NotSellerXd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of dating application credentials
Category: Combo List
Content: Threat actor distributes a 9 million credential combolist targeting multiple dating applications including Badoo, MeetMe, and others through Telegram channels. The credentials are being shared for free through dedicated Telegram groups.
Date: 2026-04-13T14:22:58Z
Network: openweb
Published URL: https://crackingx.com/threads/71955/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Dating/Social Media
Victim Organization: Multiple dating platforms
Victim Site: Unknown
Alleged leak of corporate email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 61,397 SMTP credentials allegedly sourced from corporate email password leaks. The credentials are distributed as a free download via file sharing service.
Date: 2026-04-13T14:22:31Z
Network: openweb
Published URL: https://crackingx.com/threads/71956/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 2,965 mixed email credentials for free download on a cybercriminal forum.
Date: 2026-04-13T14:22:01Z
Network: openweb
Published URL: https://crackingx.com/threads/71958/
Screenshots:
None
Threat Actors: NotSellerxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement campaign by Zod targeting vendorinfra.com
Category: Defacement
Content: Zod conducted a mass defacement campaign targeting vendorinfra.com on April 13, 2026. The attack was part of a broader mass defacement operation rather than a targeted attack on a single page.
Date: 2026-04-13T14:05:52Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248460
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Vendor Infrastructure
Victim Site: vendorinfra.com
Website defacement of Wonder Air by Zod
Category: Defacement
Content: The attacker Zod defaced the wonder-air.com website on April 13, 2026. The defacement targeted a specific page (zod.html) on the aviation companys domain.
Date: 2026-04-13T14:05:44Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248459
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Aviation
Victim Organization: Wonder Air
Victim Site: wonder-air.com
Government of Brazil | Public Prosecutors Office of the State of Pará
Category: Alert
Content: New thread posted by wh6ami: Government of Brazil | Public Prosecutors Office of the State of Pará
Date: 2026-04-13T14:03:28Z
Network: openweb
Published URL: https://breached.st/threads/government-of-brazil-public-prosecutors-office-of-the-state-of-para.85979/unread
Screenshots:
None
Threat Actors: wh6ami
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged cyber attack on NATO Jira by ShinyHunters
Category: Cyber Attack
Content: Threat actor identifying as ShinyHunters (@shinyc0rpsss) claims to have compromised NATOs Jira instance, sharing a photo as proof of access. The actor appears to be responding to skepticism from another user.
Date: 2026-04-13T14:03:04Z
Network: telegram
Published URL: https://t.me/c/3737716184/1113
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Government / Defense
Victim Organization: NATO
Victim Site: Unknown
Zod defaced vendorinfra.com
Category: Defacement
Content: Target: https://vendorinfra.com/zod.htmlAttacker: ZodTeam: ZodDate: 2026-04-13 20:59:16Flags: Mass Defacement (IP: 193.58.105.248)
Date: 2026-04-13T14:02:29Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248460
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: vendorinfra.com
Alleged ICS/OT Compromise of Albert Most Velebudická Hypermarket by Z-Pentest Alliance
Category: Cyber Attack
Content: The Z-Pentest Alliance, a pro-Russian hacktivist group, claims to have gained full control over the industrial control systems (ICS/OT) of the Albert Most Velebudická hypermarket in the Czech Republic. The group states they have access to and control over the boiler room, central heating, Trane industrial chillers, VZT ventilation systems, building-wide lighting, cold storage rooms, the Sahara specialized warehouse, climate control zones (including produce and server room), and entrance air curtains. They threaten to destroy thousands of tons of food by disabling refrigeration systems, citing weak network segmentation, outdated protocols, and unprotected management interfaces as attack vectors. The group frames the attack as retaliation against European support for Ukraine and threatens further attacks on European food supply chain infrastructure.
Date: 2026-04-13T14:01:44Z
Network: telegram
Published URL: https://t.me/z_pentest_fucknato/864
Screenshots:
None
Threat Actors: Z-Pentest Alliance
Victim Country: Czech Republic
Victim Industry: Retail / Food Supply Chain
Victim Organization: Albert Most Velebudická
Victim Site: albert.cz
11ML CC Mixed CoMBO
Category: Combo List
Content: New thread posted by CODER: 11ML CC Mixed CoMBO
Date: 2026-04-13T14:01:19Z
Network: openweb
Published URL: https://crackingx.com/threads/71953/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
WordPress by @hello_zod_bot
Category: Combo List
Content: New thread posted by zod: WordPress by @hello_zod_bot
Date: 2026-04-13T14:00:58Z
Network: openweb
Published URL: https://crackingx.com/threads/71954/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Cyberattack on Bahraini and Saudi Steel Giants Foulath and SULB by Handala
Category: Cyber Attack
Content: The hacktivist group Handala claims to have conducted a wide-scale cyber operation targeting Foulath (Bahrain) and SULB (Saudi Arabia), two major steel manufacturers with a combined annual turnover exceeding $5 billion and production capacity of 2 million tons. Handala claims both companies were completely compromised and forced out of operational status. The attack is framed as retaliation for alleged attacks on Resistance Axis steel factories and the deaths of Handala-affiliated hackers during the Ramadan War, as well as actions against South Lebanon. The group warns of further retaliatory operations against regional leaders.
Date: 2026-04-13T13:33:30Z
Network: telegram
Published URL: https://t.me/c/3548035165/277
Screenshots:
None
Threat Actors: Handala
Victim Country: Bahrain, Saudi Arabia
Victim Industry: Manufacturing / Steel Production
Victim Organization: Foulath, SULB
Victim Site: Unknown
Alleged data breach of VUMI Group insurance database
Category: Data Breach
Content: Threat actor claims to have exfiltrated a VUMI Group insurance database containing complete PII including social security numbers, passport documents, and W-9 forms for approximately 300,000 insured individuals and 25,000 staff/partners/agents. The actor provides screenshots of the alleged vulnerability exploitation and data exfiltration process, along with download links to the stolen data.
Date: 2026-04-13T13:20:22Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-USA-VUMI-Group-Insurance-Database
Screenshots:
None
Threat Actors: bytetobreach
Victim Country: United States
Victim Industry: Insurance
Victim Organization: VUMI Group
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 72,000 mixed email and password credentials on a cybercrime forum. The credentials appear to be from various email providers and are being distributed for free to registered forum members.
Date: 2026-04-13T13:15:49Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-72K-Mix-Mail-Access-Combo
Screenshots:
None
Threat Actors: MarkVesto
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credential combolist
Category: Combo List
Content: Threat actor MarkVesto shared a combolist containing 72,000 mixed email credentials on CrackingX forum. The actor also promoted their Telegram channel for additional content distribution.
Date: 2026-04-13T13:14:21Z
Network: openweb
Published URL: https://crackingx.com/threads/71952/
Screenshots:
None
Threat Actors: MarkVesto
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of VUMI Group insurance database
Category: Data Leak
Content: Threat actor ByteToBreach leaked a VUMI Group insurance database containing complete PII including social security numbers, passport documents, and W-9 forms for approximately 300,000 insured individuals and 25,000 staff members. The actor claims to have exfiltrated the data over 6 days and is distributing it for free through multiple cloud storage platforms.
Date: 2026-04-13T13:13:36Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-USA-VUMI-Group-Insurance-Database
Screenshots:
None
Threat Actors: ByteToBreach
Victim Country: United States
Victim Industry: Insurance
Victim Organization: VUMI Group
Victim Site: Unknown
Alleged data breach of VUMI Group Insurance
Category: Data Leak
Content: Threat actor claims to have leaked a database containing complete PII including social security numbers, passport documents, and W-9 forms of approximately 300,000 insured individuals and 25,000 staff/partners/agents from VUMI Group insurance company. The data is being distributed through multiple cloud storage platforms.
Date: 2026-04-13T13:12:51Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-NG-USA-VUMI-Group-Insurance-Database
Screenshots:
None
Threat Actors: bytetobreach
Victim Country: United States
Victim Industry: Insurance
Victim Organization: VUMI Group
Victim Site: Unknown
Alleged contact advertising for cybercriminal services
Category: Initial Access
Content: Forum post containing multiple contact methods including Telegram, Discord, Gmail, and WhatsApp for alleged cybercriminal services. No specific content details are available to determine the exact nature of services offered.
Date: 2026-04-13T13:07:14Z
Network: openweb
Published URL: https://xforums.st/threads/tele-terrellwhitte-discord-activealphagod24hrs-gmail-sosaboy959-gmail-com-whatsapp-1-425-531-1773.606837/
Screenshots:
None
Threat Actors: nansnsmna
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Municipality of São Mateus government portal
Category: Data Leak
Content: A threat actor allegedly leaked data from the official government portal of the Municipality of São Mateus in Espírito Santo, Brazil, providing a download link to the compromised information.
Date: 2026-04-13T12:53:16Z
Network: openweb
Published URL: https://breached.st/threads/government-of-brazil-municipality-of-sao-mateus.85978/unread
Screenshots:
None
Threat Actors: wh6ami
Victim Country: Brazil
Victim Industry: Government
Victim Organization: Municipality of São Mateus
Victim Site: saomateus.es.gov.br
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 6,000 Hotmail email and password combinations on a cybercrime forum. The actor also advertises a shop for country-specific credential combinations.
Date: 2026-04-13T12:51:51Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-Hotmail-Unique-Combo-2-6000–200280
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged request for bulk SMS gateway services on cybercriminal forum
Category: Combo List
Content: Forum user seeks reliable bulk SMS gateway services, citing difficulties with SMTP and SIM card procurement for potential malicious messaging campaigns.
Date: 2026-04-13T12:51:00Z
Network: openweb
Published URL: https://crackingx.com/threads/71946/
Screenshots:
None
Threat Actors: Bowen980
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of user credentials via ULP by zod
Category: Combo List
Content: User zod shared a ULP credential list on CrackingX forum with password-protected content and Telegram contact for further details.
Date: 2026-04-13T12:50:37Z
Network: openweb
Published URL: https://crackingx.com/threads/71948/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 35,242 mixed valid email credentials on a cybercrime forum. The credentials are reportedly valid through April 2026.
Date: 2026-04-13T12:50:18Z
Network: openweb
Published URL: https://crackingx.com/threads/71949/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed corporate credential lists
Category: Combo List
Content: Threat actor CODER is distributing a 5 million mixed corporate credential combolist for free via Telegram channels. The actor also operates channels for free programs and appears to be building a distribution network for credential lists.
Date: 2026-04-13T12:50:03Z
Network: openweb
Published URL: https://crackingx.com/threads/71950/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of FTX exchange account access with KYC data
Category: Initial Access
Content: Threat actor is selling access to verified FTX exchange accounts through the Kroll portal, claiming total balances over $13 million with individual accounts worth up to $9.5 million. The offering includes email credentials, session cookies, and access to account owners emails for $50,000.
Date: 2026-04-13T12:49:47Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-High-Value-FTX-Claims-Accounts-Balances-up-to-9-5M-Verified-KYC-FULL-ACCESS
Screenshots:
None
Threat Actors: Yakohomot
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: FTX
Victim Site: Unknown
Alleged sale of Windows RDP DoS exploit
Category: DDoS
Content: Threat actor phanes is selling a Windows RDP DoS exploit for $850 that allegedly uses integer overflow to crash Windows Server 2012 R2, Server 2016, Windows 8.1, and Windows 10 systems via RDP port. The actor claims the exploit affects over 1 million devices.
Date: 2026-04-13T12:49:31Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Windows-RDP-DoS-Exploit
Screenshots:
None
Threat Actors: phanes
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of FBI agent credentials and personal data
Category: Data Breach
Content: Threat actor clara283 claims to be selling a database containing FBI agent details including account credentials, phone numbers, emails, and vehicle plate numbers. The actor provides sample data showing bcrypt-hashed passwords and contact information for FBI personnel.
Date: 2026-04-13T12:49:16Z
Network: openweb
Published URL: https://darkforums.su/Thread-FBI-DB
Screenshots:
None
Threat Actors: clara283
Victim Country: United States
Victim Industry: Government
Victim Organization: Federal Bureau of Investigation
Victim Site: fbi.gov
Alleged cybercrime service offering domain abuse and phishing protection services
Category: Initial Access
Content: Threat actor advertising comprehensive cybercrime services including domain abuse operations, DMCA manipulation, anti-phishing evasion, and registrar exploitation with claims of processing 15,000+ abuse cases daily. Services range from $100-1000 with payment in cryptocurrency.
Date: 2026-04-13T12:48:51Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-BAN-HOLD-DELEGATION-OF-DOMAINS-DMCA-Phishing-combine-15-000-abuses-per-day
Screenshots:
None
Threat Actors: clean_search
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Belgium banking credentials
Category: Data Breach
Content: Threat actor jza1337 is allegedly selling over 40,000 Belgian IBANs (International Bank Account Numbers) for $1.75 per 1,000 records or $70.19 for the complete dataset. Payment is accepted in cryptocurrency including LTC and Solana.
Date: 2026-04-13T12:48:37Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-BE-IBANS-40K–73259
Screenshots:
None
Threat Actors: jza1337
Victim Country: Belgium
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Talabat Saudi Arabia database
Category: Data Breach
Content: Threat actor is selling a dataset containing 536,000 records from Talabat Saudi Arabia, including personal information such as usernames, emails, phone numbers, addresses, and other user account details. Contact information provided for interested buyers with escrow options mentioned.
Date: 2026-04-13T12:48:34Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-536k-Saudi-Arabia-https-www-talabat-com-DataSet
Screenshots:
None
Threat Actors: Jeffery_Epstein
Victim Country: Saudi Arabia
Victim Industry: Food Delivery
Victim Organization: Talabat
Victim Site: talabat.com
Alleged leak of mixed domain credentials
Category: Logs
Content: A threat actor shared a combolist containing 203,000 mixed domain email and password combinations claimed to be valid as of April 26, 2013.
Date: 2026-04-13T12:41:11Z
Network: openweb
Published URL: https://xforums.st/threads/203k-mix-domain-with-valid-13-04-26.606827/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of NurtureLife
Category: Data Leak
Content: A forum post claims to involve leaked data from nurturelife.com, though no specific details about the nature or scope of the alleged leak are available.
Date: 2026-04-13T12:29:45Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-nurturelife-com-leak
Screenshots:
None
Threat Actors: [Mod] Tanaka
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: NurtureLife
Victim Site: nurturelife.com
Alleged data breach of Talabat Saudi Arabia user database
Category: Data Breach
Content: Threat actor claims to be selling a dataset containing 563,000 user records from Talabat Saudi Arabia, including personal information such as names, emails, phone numbers, addresses, and account details. The actor is offering the data for sale via Telegram or Session with escrow options accepted.
Date: 2026-04-13T12:22:20Z
Network: openweb
Published URL: https://breached.st/threads/https-www-talabat-com-563k-saudi-arabia-dataset.85977/unread
Screenshots:
None
Threat Actors: Jeffrey Epstein
Victim Country: Saudi Arabia
Victim Industry: Food Delivery
Victim Organization: Talabat
Victim Site: talabat.com
Alleged leak of IPTV service credentials
Category: Combo List
Content: Forum post shares a link to what appears to be fresh IPTV credential combinations. The post provides access to credential lists for IPTV services through an external paste service.
Date: 2026-04-13T12:20:11Z
Network: openweb
Published URL: https://crackingx.com/threads/71944/
Screenshots:
None
Threat Actors: alvianparker10
Victim Country: Unknown
Victim Industry: Media and Entertainment
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German mixed domain credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 949,824 credential pairs allegedly from various German domains. The data is being distributed for free via a cloud storage link.
Date: 2026-04-13T12:19:56Z
Network: openweb
Published URL: https://crackingx.com/threads/71945/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of NurtureLife customer database
Category: Data Leak
Content: A user on a cybercrime forum leaked a JSON database dump from NurtureLife containing 27.5k user records from 2022. The leaked data includes personal information such as names, email addresses, account status, subscription details, and childrens information including names and birthdates.
Date: 2026-04-13T12:18:29Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-nurturelife-com-leak
Screenshots:
None
Threat Actors: Tanaka
Victim Country: Unknown
Victim Industry: Food Services
Victim Organization: NurtureLife
Victim Site: nurturelife.com
Alleged leak of 3,000 credential combinations
Category: Combo List
Content: A threat actor shared a combolist containing 3,000 valid email and password combinations through a free download link on a cybercrime forum.
Date: 2026-04-13T11:59:10Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3K-VALID-GOODS
Screenshots:
None
Threat Actors: wingoooW
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,000 alleged valid Hotmail email credentials on a cybercrime forum.
Date: 2026-04-13T11:58:29Z
Network: openweb
Published URL: https://demonforums.net/Thread-1k-Hotmail-Valid-Mail-Access-13-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 5,000 verified Hotmail email and password combinations on a cybercrime forum. The credentials are described as checked and fresh, indicating they have been validated and are recently obtained.
Date: 2026-04-13T11:57:51Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-5K-CHECKED-HOTMAIL-FRESH
Screenshots:
None
Threat Actors: COYTO
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed email credential combolist
Category: Combo List
Content: A threat actor claims to have leaked a combolist containing 67,000 fresh valid email credentials from mixed sources. No post content was available for further analysis.
Date: 2026-04-13T11:57:06Z
Network: openweb
Published URL: https://demonforums.net/Thread-67K-Fresh-Valid-Mail-Access-Mix-13-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of educational institution credentials
Category: Combo List
Content: A threat actor shared a credential list containing 75,536 educational email and password combinations. The data is distributed through a Telegram channel and appears to target educational institutions.
Date: 2026-04-13T11:55:51Z
Network: openweb
Published URL: https://crackingx.com/threads/71938/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,000 valid Hotmail email credentials dated April 13th. The credentials are made available for registered users of the forum.
Date: 2026-04-13T11:55:33Z
Network: openweb
Published URL: https://crackingx.com/threads/71939/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of AOV gaming platform credentials
Category: Combo List
Content: Threat actor shared credentials allegedly obtained from Arena of Valor (AOV) gaming platform through a Pasteview link. The post appears to offer free access to credential combinations rather than selling them.
Date: 2026-04-13T11:55:18Z
Network: openweb
Published URL: https://crackingx.com/threads/71940/
Screenshots:
None
Threat Actors: alvianparker10
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Arena of Valor
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a link to what appears to be Hotmail credentials on a cybercrime forum. The post contains minimal details and links to an external paste service for the alleged credential list.
Date: 2026-04-13T11:55:02Z
Network: openweb
Published URL: https://crackingx.com/threads/71941/
Screenshots:
None
Threat Actors: alvianparker10
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of credential combos targeting multiple social media platforms
Category: Combo List
Content: Threat actor CODER is distributing a 7 million record combolist containing email and password combinations allegedly from multiple social media platforms including Myspace, Friendster, Orkut, Google+, Vine, Bebo, Netlog, Hi5, Tagged, Skyrock, LunarStorm, Bolt, and Faceparty. The credentials are being shared through Telegram channels for free access.
Date: 2026-04-13T11:54:46Z
Network: openweb
Published URL: https://crackingx.com/threads/71942/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Social Media
Victim Organization: Multiple platforms
Victim Site: myspace.com, friendster.com, orkut.com, plus.google.com, vine.co, bebo.com, netlog.com, hi5.com, tagged.com, skyrock.com, lunarstorm.se, bolt.com, faceparty.com
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 67,000 fresh valid email access credentials from mixed sources dated April 13th. The credentials are being distributed as hidden content to registered forum users.
Date: 2026-04-13T11:54:30Z
Network: openweb
Published URL: https://crackingx.com/threads/71943/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged cyber attack on minhhanhh1234.id.vn by Pharaohs Team
Category: Defacement
Content: Pharaohs Team is claiming an attack or defacement against the Vietnamese domain minhhanhh1234.id.vn, sharing domain metrics (DA68, PA32) as proof. Contact provided via Telegram handle @phteam_s.
Date: 2026-04-13T11:47:02Z
Network: telegram
Published URL: https://t.me/c/3205199875/483
Screenshots:
None
Threat Actors: Pharaohs Team
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: minhhanhh1234.id.vn
Alleged leak of Hotmail credentials
Category: Logs
Content: A threat actor shared a combolist containing 64,000 Hotmail domain credentials allegedly validated on April 26, 2013.
Date: 2026-04-13T11:46:03Z
Network: openweb
Published URL: https://xforums.st/threads/64k-hotmail-domain-with-valid-13-04-26.606823/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of initial access to systems and servers by Infrastructure Destruction Squad
Category: Initial Access
Content: A threat actor operating under the Infrastructure Destruction Squad handle is advertising the sale of access to compromised systems, data, and servers. No specific targets, pricing, or technical details are provided. Contact is directed via @Destructionsqua.
Date: 2026-04-13T11:43:58Z
Network: telegram
Published URL: https://t.me/c/2735908986/3985
Screenshots:
None
Threat Actors: Infrastructure Destruction Squad
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed domain email credentials
Category: Combo List
Content: Threat actor leaked a combolist containing 7,337 email credentials from mixed domains with alleged mail access capability.
Date: 2026-04-13T11:32:36Z
Network: openweb
Published URL: https://crackingx.com/threads/71936/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor claims to have leaked 64,000 Hotmail domain credentials dated April 26, 2013. The credentials are being shared on a cybercrime forum specializing in combolists and data dumps.
Date: 2026-04-13T11:32:19Z
Network: openweb
Published URL: https://crackingx.com/threads/71937/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of Emaar Properties database for sale
Category: Data Breach
Content: Threat actor claims to be selling Emaar Properties database containing over 400,000 records of property owners and renters, including personal information, vehicle details, addresses, phone numbers, and emails, allegedly breached one week prior. The dataset is being offered for $10,000 and reportedly includes information on high-profile individuals residing in Burj Khalifa.
Date: 2026-04-13T11:29:49Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-Emaar-Properties-owners-rentals-information
Screenshots:
None
Threat Actors: ksa901
Victim Country: United Arab Emirates
Victim Industry: Real Estate
Victim Organization: Emaar Properties
Victim Site: Unknown
Mass website defacement by maw3six targeting vigordefense.com
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting vigordefense.com on April 13, 2026. The incident was part of a broader mass defacement operation affecting multiple websites simultaneously.
Date: 2026-04-13T11:27:05Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248458
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Defense/Security
Victim Organization: Vigor Defense
Victim Site: vigordefense.com
Mass website defacement by maw3six targeting inair-int.com
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting inair-int.com on April 13, 2026. The incident was part of a broader mass defacement operation affecting multiple websites.
Date: 2026-04-13T11:26:00Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248453
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: inair-int.com
Mass defacement targeting sentinelspares.com by maw3six
Category: Defacement
Content: Mass defacement attack conducted by threat actor maw3six targeting the Sentinel Spares website. The attack occurred on April 13, 2026 and affected multiple pages rather than just the homepage.
Date: 2026-04-13T11:25:00Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248456
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Automotive/Spare Parts
Victim Organization: Sentinel Spares
Victim Site: sentinelspares.com
Mass website defacement by maw3six targeting prestigeairparts.com
Category: Defacement
Content: Actor maw3six conducted a mass defacement campaign targeting prestigeairparts.com on April 13, 2026. The attack affected a Linux-based server hosting the aviation parts companys website as part of a broader mass defacement operation.
Date: 2026-04-13T11:23:41Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248455
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Aerospace/Aviation
Victim Organization: Prestige Air Parts
Victim Site: prestigeairparts.com
Mass website defacement by maw3six targeting sunshineandpromises.com
Category: Defacement
Content: Mass defacement attack conducted by threat actor maw3six targeting sunshineandpromises.com on April 13, 2026. The attack was part of a broader mass defacement campaign rather than targeting the specific victim organization.
Date: 2026-04-13T11:22:36Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248457
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: sunshineandpromises.com
Mass website defacement by maw3six targeting klupklub.com
Category: Defacement
Content: Mass defacement attack conducted by threat actor maw3six targeting klupklub.com on April 13, 2026. The attack was part of a broader mass defacement campaign rather than a targeted single-site attack.
Date: 2026-04-13T11:21:41Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248454
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: klupklub.com
Website defacement of fournisseurs-astucieux.fr by maw3six
Category: Defacement
Content: Attacker maw3six defaced the French website fournisseurs-astucieux.fr on April 13, 2026. The incident appears to be a single-site defacement targeting a specific page rather than a mass attack.
Date: 2026-04-13T11:15:53Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248451
Screenshots:
None
Threat Actors: maw3six
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: fournisseurs-astucieux.fr
Website defacement of daily2kart.com by maw3six
Category: Defacement
Content: The attacker maw3six successfully defaced the daily2kart.com e-commerce website on April 13, 2026. The incident targeted a specific page rather than the homepage and was not part of a mass defacement campaign.
Date: 2026-04-13T11:15:16Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248446
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Daily2Kart
Victim Site: daily2kart.com
Website defacement of checkengine.website by maw3six
Category: Defacement
Content: Individual attacker maw3six successfully defaced checkengine.website on April 13, 2026. The incident targeted a Linux-hosted website and appears to be an isolated defacement rather than part of a mass campaign.
Date: 2026-04-13T11:14:34Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248450
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: checkengine.website
Website defacement of Factoring Ecuador by maw3six
Category: Defacement
Content: The attacker maw3six successfully defaced the Factoring Ecuador website on April 13, 2026. This appears to be a single-target defacement incident targeting a financial services company in Ecuador.
Date: 2026-04-13T11:13:38Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248448
Screenshots:
None
Threat Actors: maw3six
Victim Country: Ecuador
Victim Industry: Financial Services
Victim Organization: Factoring Ecuador
Victim Site: factoringecuador.ec
Website defacement of epinto.co.uk by maw3six
Category: Defacement
Content: The attacker maw3six successfully defaced the epinto.co.uk website on April 13, 2026. The compromised site was running on a Linux operating system and the defacement was archived for reference.
Date: 2026-04-13T11:12:54Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248449
Screenshots:
None
Threat Actors: maw3six
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: epinto.co.uk
Website defacement of qpay.my.id by maw3six
Category: Defacement
Content: Individual attacker maw3six defaced the QPay payment service website qpay.my.id on April 13, 2026. The defacement targeted a single page on the Indonesian financial services platform.
Date: 2026-04-13T11:12:10Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248452
Screenshots:
None
Threat Actors: maw3six
Victim Country: Indonesia
Victim Industry: Financial Services
Victim Organization: QPay
Victim Site: qpay.my.id
Website defacement of merdc.org by maw3six
Category: Defacement
Content: Individual attacker maw3six successfully defaced the merdc.org website on April 13, 2026. The incident targeted a specific page rather than constituting a mass defacement campaign.
Date: 2026-04-13T11:11:32Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248447
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: merdc.org
Alleged sale of combolists, cookies, and logs for multiple major platforms
Category: Logs
Content: A threat actor operating as tuzelity is selling credential combolists, cookies, and stealer logs for numerous platforms including Hotmail, Gmail, Yahoo, AOL, Comcast, Windstream, Spectrum, AT&T, Facebook, Instagram, LinkedIn, Google Ads, Netflix, Disney, Airbnb, Booking, Steam, TikTok, iCloud, PayPal, Amazon, eBay, Roblox, PSN, Xbox, and various dating and e-commerce sites.
Date: 2026-04-13T11:09:47Z
Network: telegram
Published URL: https://t.me/c/2613583520/61753
Screenshots:
None
Threat Actors: tuzelity
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of sporting industry website by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced a sports industry-related website on April 13, 2026. The attack targeted a specific subdirectory rather than the homepage and was not part of a mass defacement campaign.
Date: 2026-04-13T11:05:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832483
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Sports/Recreation
Victim Organization: Unknown
Victim Site: sportindustries.store
Website defacement of Alden Interactive by maw3six
Category: Defacement
Content: The attacker maw3six successfully defaced a page on the Alden Interactive website on April 13, 2026. This appears to be an isolated defacement incident targeting the companys web presence.
Date: 2026-04-13T11:05:30Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248444
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Alden Interactive
Victim Site: aldeninteractive.com
DimasHxR defaced sportindustries.store/pub/medi…
Category: Defacement
Content: Target: sportindustries.store/pub/medi…Attacker: DimasHxRDate: 2026-04-13 17:58:46
Date: 2026-04-13T11:03:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832483
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: sportindustries.store/pub/medi…
Website defacement of renderify.io by maw3six
Category: Defacement
Content: Threat actor maw3six defaced the renderify.io website on April 13, 2026. The attack targeted a cloud-hosted technology service platform.
Date: 2026-04-13T11:02:13Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248445
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Renderify
Victim Site: renderify.io
Alleged leak of Hotmail credentials on underground forum
Category: Combo List
Content: A threat actor named ValidMail allegedly shared a combolist containing 43,000 Hotmail credentials described as valid forum accounts on an underground forum. The actual post content is restricted behind user registration.
Date: 2026-04-13T11:01:57Z
Network: openweb
Published URL: https://crackingx.com/threads/71934/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
[PRIVATE RESEARCH] today Exploit on FF.IO
Category: Alert
Content: New thread posted by pidoras: [PRIVATE RESEARCH] today Exploit on FF.IO
Date: 2026-04-13T11:00:19Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SOURCE-CODE-PRIVATE-RESEARCH-today-Exploit-on-FF-IO
Screenshots:
None
Threat Actors: pidoras
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of access or domain to thinkanddoafrica.org by Pharaohs Team
Category: Initial Access
Content: Pharaohs Team market is advertising thinkanddoafrica.org with DA 17 and PA 28 metrics, directing interested parties to a private Telegram handle. This is consistent with the sale of compromised website access, spam link insertion, or domain resale for malicious purposes.
Date: 2026-04-13T10:54:49Z
Network: telegram
Published URL: https://t.me/c/3205199875/482
Screenshots:
None
Threat Actors: Pharaohs Team
Victim Country: Africa (region unspecified)
Victim Industry: Non-profit / NGO
Victim Organization: Think and Do Africa
Victim Site: thinkanddoafrica.org
Alleged leak of Hotmail credential combolist containing 1,808 accounts
Category: Combo List
Content: Threat actor D4rkNetHub shared a combolist containing 1,808 Hotmail email and password combinations on underground forum. The actor also advertises premium cloud access services through their Telegram channel and website.
Date: 2026-04-13T10:41:51Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1-808-Good-HOTMAIL-GOODS-D4RKNETHUB-CLOUD-13-04-26
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 6,000 Hotmail email and password combinations on a cybercrime forum. The actor also promotes a shop offering credential lists from various countries.
Date: 2026-04-13T10:40:57Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-Hotmail-Unique-Combo-1-6000–200265
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 1,808 Hotmail email and password combinations on a cybercriminal forum.
Date: 2026-04-13T10:40:04Z
Network: openweb
Published URL: https://crackingx.com/threads/71932/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 6,000 Hotmail email and password combinations on a cybercrime forum. The post content is hidden behind a registration wall, suggesting free distribution to forum members.
Date: 2026-04-13T10:39:26Z
Network: openweb
Published URL: https://crackingx.com/threads/71933/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of American Express customer data
Category: Data Leak
Content: Indonesian Neo Nazi Group (INNG) allegedly leaked 200,000 records containing credit card data from multiple networks including American Express, Visa, Mastercard, and others. The leaked data includes card numbers, CVV codes, PINs, balances, expiration dates, and customer personal information in JSON and PDF formats totaling 258.42 MB.
Date: 2026-04-13T10:36:21Z
Network: openweb
Published URL: https://pwnforums.st/Thread-COLLECTION-200-thousand-American-Express-user-data-breached
Screenshots:
None
Threat Actors: INNG
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: American Express
Victim Site: Unknown
Alleged sharing of cookies from eBay and Google Pay
Category: Data Leak
Content: A threat actor allegedly shared authentication cookies from eBay and Google Pay services via a file hosting platform. The cookies could potentially be used for session hijacking and unauthorized account access.
Date: 2026-04-13T10:20:29Z
Network: openweb
Published URL: https://breached.st/threads/cookies-ebay-googlepay-more.85975/unread
Screenshots:
None
Threat Actors: bluestarcrack
Victim Country: Unknown
Victim Industry: E-commerce and Financial Services
Victim Organization: eBay and Google Pay
Victim Site: ebay.com and pay.google.com
Alleged sale of fresh multi-country credential combolists targeting major e-commerce and service platforms
Category: Combo List
Content: A threat actor operating as mu is selling fresh credential databases/combolists covering multiple countries including UK, Germany, Japan, Netherlands, Brazil, Poland, Spain, US, and Italy. The actor claims to offer keyword-searchable credentials for major platforms including eBay, OfferUp, PSN, Booking.com, Uber, Poshmark, Alibaba, Walmart, Amazon, Mercari, Kleinanzeigen, and Neosurf. The actor also claims access to valid ntlworld webmails hosted on a private cloud infrastructure, available on request via DM.
Date: 2026-04-13T10:18:33Z
Network: telegram
Published URL: https://t.me/c/2613583520/61735
Screenshots:
None
Threat Actors: mu
Victim Country: Unknown
Victim Industry: E-Commerce, Gaming, Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Windows RDP DoS exploit and FreeBSD FTP RCE exploit
Category: Initial Access
Content: Threat actor is selling two zero-day exploits: a Windows RDP denial-of-service exploit for $850 affecting 1M+ devices, and a FreeBSD FTP remote code execution exploit for $900 affecting 11,689 devices. Both exploits claim to work against multiple versions of their respective target systems.
Date: 2026-04-13T10:18:16Z
Network: openweb
Published URL: https://breached.st/threads/0day-exploit-selling.85974/unread
Screenshots:
None
Threat Actors: phanesthegreat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Moscow citizens passport documents and identification data
Category: Data Leak
Content: Forum user shared a 500MB collection containing 200 Moscow citizens passport documents, including all passport pages, SNILS (Russian social security numbers), and INN (taxpayer identification numbers).
Date: 2026-04-13T10:13:51Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DOCUMENTS-Photos-docs-Moscow-citizens-of-all-passport-pages-including-SNILS-INN
Screenshots:
None
Threat Actors: Tendi
Victim Country: Russia
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Healthcare recruitment company says gardai probing ‘cyber security incident’ | ITV News
Category: Cyber Attack
Content: La société de recrutement dans le secteur de la santé Healthdaq a déclaré avoir été victime dun incident de cybersécurité. Lentreprise a signalé lévénement aux autorités réglementaires ainsi quau bureau national de lutte contre la cybercriminalité de la Garda. En raison de lenquête criminelle en cours, la société na pas pu fournir de détails supplémentaires sur la nature de lincident.
Date: 2026-04-13T09:55:47Z
Network: openweb
Published URL: https://www.itv.com/news/utv/2026-04-11/healthcare-recruitment-company-says-gardai-probing-cyber-security-incident
Screenshots:
None
Threat Actors:
Victim Country: IR
Victim Industry: Unknown
Victim Organization: Healthdaq
Victim Site: healthdaq.com
GTA 6 Developer Rockstar Reportedly Hacked, Data Being Ransomed
Category: Cyber Attack
Content: Le groupe de hackers ShinyHunters a revendiqué avoir compromis les serveurs cloud de Rockstar Games via une faille chez le prestataire Anodot. Lentreprise a confirmé quune quantité limitée dinformations non matérielles a été accédée, tout en affirmant que cet incident nimpacte ni ses joueurs ni son organisation. Les pirates exigent le paiement dune rançon numérique avant le 14 avril 2026 sous peine de divulguer des données dentreprise sensibles.
Date: 2026-04-13T09:55:43Z
Network: openweb
Published URL: https://kotaku.com/rockstar-games-reportedly-hacked-massive-data-leak-ransom-gta-6-shinyhunters-2000686858
Screenshots:
None
Threat Actors:
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Rockstar Games
Victim Site: rockstargames.com
Spring Lake Park Schools Closed After Suspected Ransomware Attack – Spring Lake Park Today
Category: Cyber Attack
Content: Le district scolaire de Spring Lake Park, dans le Minnesota, a dû fermer lensemble de ses établissements ce lundi en raison dune suspicion dattaque par rançongiciel. Les autorités locales et des experts en cybersécurité enquêtent actuellement sur lincident pour déterminer létendue de la compromission des systèmes informatiques. Cette mesure préventive vise à protéger les données et à sécuriser les réseaux du district pendant que les efforts de restauration sont en cours.
Date: 2026-04-13T09:55:40Z
Network: openweb
Published URL: https://nationaltoday.com/us/mn/spring-lake-park/news/2026/04/13/spring-lake-park-schools-closed-after-suspected-ransomware-attack-1/
Screenshots:
None
Threat Actors:
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Spring Lake Park Schools
Victim Site: springlakeparkschools.org
Alleged sale of multi-country identity documents and personal databases
Category: Combo List
Content: Threat actor claims to offer various databases containing driver licenses, passports, SSNs, consumer information, phone numbers, and email lists from multiple countries. The actor provides Telegram contact for interested parties.
Date: 2026-04-13T09:53:59Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-ALL-COUNTRIES-DRIVER-LICENSE-AVAILABLE-PASS-SSN-SIN-EIN-LLC-KYC-BYPASS-TOOL
Screenshots:
None
Threat Actors: Jannatkhan
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: User HollowKnight07 shared a sample of 695 Hotmail credentials as a free download on the CrackingX forum.
Date: 2026-04-13T09:53:00Z
Network: openweb
Published URL: https://crackingx.com/threads/71928/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed social media platform credentials
Category: Combo List
Content: Threat actor is distributing a 9 million record combolist containing credentials from multiple social media platforms including Myspace, Friendster, Orkut, Google+, Vine, and Bebo through Telegram channels.
Date: 2026-04-13T09:52:41Z
Network: openweb
Published URL: https://crackingx.com/threads/71929/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Social Media
Victim Organization: Multiple social media platforms
Victim Site: Unknown
Alleged leak of Yahoo credentials
Category: Combo List
Content: A threat actor shared a combolist containing approximately 1.69 million Yahoo credentials through a file sharing platform. The credentials appear to be distributed as a free download on a cybercriminal forum.
Date: 2026-04-13T09:52:15Z
Network: openweb
Published URL: https://crackingx.com/threads/71930/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: United States
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com
Alleged sale of multiple personal data databases including SSN and identity documents
Category: Data Breach
Content: Threat actor jannatmirza11 is allegedly selling various databases containing personal information including full company databases, scanned identity documents, consumer information, phone lists, email lists, credentials, SSN/SIN numbers, and data from large websites via Telegram.
Date: 2026-04-13T09:51:46Z
Network: openweb
Published URL: https://crackingx.com/threads/71927/
Screenshots:
None
Threat Actors: jannatmirza11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged ICS/BMS Takeover of Albert Most Velebudická Hypermarket by Z-Pentest Alliance
Category: Cyber Attack
Content: The pro-Russian hacktivist group Z-Pentest Alliance claims to have gained full control over the building management and industrial control systems of the Albert Most Velebudická hypermarket in the Czech Republic. The group states they control the boiler room, central heating, Trane industrial chillers, VZT ventilation, building-wide lighting, cold storage rooms including the Sahara specialized warehouse, climate control zones (produce department and server room), and entrance air curtains. They claim the intrusion was facilitated by weak network segmentation, outdated protocols, and unprotected management interfaces. The group threatens to destroy thousands of tons of food by disabling refrigeration systems, causing millions in economic damage. The attack is framed as retaliation against European entities supporting anti-Russian policies and aid to Ukraine. The group signals intent to continue targeting European critical food supply chain infrastructure.
Date: 2026-04-13T09:32:07Z
Network: telegram
Published URL: https://t.me/c/2729466495/936
Screenshots:
None
Threat Actors: Z-Pentest Alliance
Victim Country: Czech Republic
Victim Industry: Retail / Food Supply Chain
Victim Organization: Albert Most Velebudická
Victim Site: albert.cz
Mass website defacement of lutimchange.com by Irene (XmrAnonye.id team)
Category: Defacement
Content: The website lutimchange.com was defaced by attacker Irene affiliated with the XmrAnonye.id team on April 13, 2026. This appears to be part of a mass defacement campaign and represents a redefacement of the target site.
Date: 2026-04-13T09:27:24Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248443
Screenshots:
None
Threat Actors: Irene, XmrAnonye.id
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: lutimchange.com
Alleged leak of credential combolist containing 21.4 million records
Category: Logs
Content: A threat actor shared a credential combolist containing 21.4 million URL:login:password combinations totaling 1.2GB in size on a cybercrime forum.
Date: 2026-04-13T09:24:59Z
Network: openweb
Published URL: https://pwnforums.st/Thread-URL-LOGIN-PASS-Url-Log-Pass-21-400-621-M%C4%B1ll%C4%B1on-L%C4%B1nes-1-2gb
Screenshots:
None
Threat Actors: StarLinkClub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of nihonnichi.site by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the nihonnichi.site website on April 13, 2026. The defacement targeted a specific page (b.html) rather than the main homepage.
Date: 2026-04-13T09:21:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832474
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: nihonnichi.site
Website defacement of China Acrylic Sheet company by DimasHxR
Category: Defacement
Content: The website of China Acrylic Sheet, a manufacturing company, was defaced by attacker DimasHxR on April 13, 2026. The defacement targeted a specific page (b.html) rather than the homepage and was not part of a mass defacement campaign.
Date: 2026-04-13T09:18:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832477
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: China
Victim Industry: Manufacturing
Victim Organization: China Acrylic Sheet
Victim Site: chinaacrylicsheet.com
Website defacement of jingolmangol.ir by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced the Iranian website jingolmangol.ir on April 13, 2026. This was an individual defacement targeting a specific page rather than a mass or home page attack.
Date: 2026-04-13T09:11:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832473
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Iran
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: jingolmangol.ir
❄️❄️ 1370x PREMIUM HOTMAIL HITS ❄️❄️
Category: Combo List
Content: New thread posted by alphaxdd: ❄️❄️ 1370x PREMIUM HOTMAIL HITS ❄️❄️
Date: 2026-04-13T09:01:17Z
Network: openweb
Published URL: https://crackingx.com/threads/71926/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Cyber Attack on Nova-Tech Poultry ICS/SCADA Systems by DDoSia Project
Category: Cyber Attack
Content: The DDoSia Project (affiliated with NoName057(16)) claims to have breached and taken full control of industrial control systems at Nova-Tech Poultry (nteglobal.com/poultry/) in South Korea. The group alleges control over four modules (501, 502, 503, 504) responsible for infrared processing of chicken beaks, including injection rates, pump runtimes, motor cycles, and production lines. The attack is framed as part of #OpSouthKorea, a pro-Russian hacktivist campaign targeting South Korean infrastructure.
Date: 2026-04-13T09:01:05Z
Network: telegram
Published URL: https://t.me/c/3087552512/1738
Screenshots:
None
Threat Actors: DDoSia Project
Victim Country: South Korea
Victim Industry: Agriculture / Agro-Industrial
Victim Organization: Nova-Tech Poultry
Victim Site: nteglobal.com
Alleged Netflix phishing link with encoded token parameter
Category: Phishing
Content: A suspicious Netflix URL was shared containing a heavily encoded nftoken parameter. The URL mimics a legitimate Netflix account page (netflix.com/account) but includes a base64-encoded token string that is characteristic of phishing kits, credential harvesting pages, or session hijacking attempts targeting Netflix users.
Date: 2026-04-13T08:56:15Z
Network: telegram
Published URL: https://t.me/c/3896868760/323
Screenshots:
None
Threat Actors: Brona Blanco
Victim Country: Unknown
Victim Industry: Entertainment / Streaming
Victim Organization: Netflix
Victim Site: netflix.com
Alleged sale of fresh Telegram accounts for bulk use
Category: Cyber Attack
Content: A threat actor is selling fresh Telegram accounts from various countries, advertised as high durability and not frozen, suitable for mass-collected account operations. Sales are conducted via @ThreatMarketBot.
Date: 2026-04-13T08:48:10Z
Network: telegram
Published URL: https://t.me/c/3881618514/53
Screenshots:
None
Threat Actors: Threat Market
Victim Country: Unknown
Victim Industry: Social Media
Victim Organization: Unknown
Victim Site: telegram.org
Alleged Cyberattack by Handala on Saudi Arabias Industrial Infrastructure
Category: Cyber Attack
Content: Threat actor group Handala has announced heavy cyberattacks currently underway against Saudi Arabias industrial infrastructure, describing the operation as a preemptive and warning action. The group states further details will be released in coming hours. No specific targets or technical indicators have been disclosed yet.
Date: 2026-04-13T08:42:39Z
Network: telegram
Published URL: https://t.me/c/3548035165/276
Screenshots:
None
Threat Actors: Handala
Victim Country: Saudi Arabia
Victim Industry: Industrial / Critical Infrastructure
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed stealer logs containing credentials
Category: Combo List
Content: Threat actor fatetraffic shared a collection of 1,900 mixed stealer logs dated April 13, 2026, made available as a free download via file sharing service.
Date: 2026-04-13T08:40:56Z
Network: openweb
Published URL: https://crackingx.com/threads/71924/
Screenshots:
None
Threat Actors: fatetraffic
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of USA drivers licenses
Category: Data Leak
Content: Threat actor claims to have leaked 16 USA drivers licenses (front only) and provides a Telegram contact for purchases, suggesting additional data may be available for sale.
Date: 2026-04-13T08:38:45Z
Network: openweb
Published URL: https://pwnforums.st/Thread-16-USA-DL-FRONT-ONLY
Screenshots:
None
Threat Actors: Dumbledorre
Victim Country: United States
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Neiman Marcus by ShinyHunters
Category: Data Breach
Content: Threat actor ShinyHunters claims to have leaked an improved/updated Neiman Marcus database, sharing a link to a BreachForums thread where the data is available for download. No price mentioned, suggesting the data is being freely distributed.
Date: 2026-04-13T08:35:58Z
Network: telegram
Published URL: https://t.me/c/3737716184/1107
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Retail
Victim Organization: Neiman Marcus
Victim Site: neimanmarcus.com
Website defacement of just-on.com.ua by DimasHxR
Category: Defacement
Content: Ukrainian website just-on.com.ua was defaced by threat actor DimasHxR on April 13, 2026. The attack targeted a specific file (d.txt) rather than the main homepage.
Date: 2026-04-13T08:32:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832460
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Ukraine
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: just-on.com.ua
Alleged leak of mixed credential combolist
Category: Combo List
Content: A threat actor shared a free download link to a high-quality mixed credential combolist containing 2,000 email and password combinations on a cybercriminal forum.
Date: 2026-04-13T08:17:58Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-2K-HQ-MIX
Screenshots:
None
Threat Actors: COYTO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Hallmark Cards, Inc. & Hallmark Plus by ShinyHunters
Category: Data Breach
Content: The threat actor group ShinyHunters claims to have compromised over 7.9 million records containing personally identifiable information (PII) belonging to Hallmark Cards, Inc. and Hallmark Plus. The group states that Hallmark failed to reach a ransom agreement despite multiple offers, and has subsequently made the data available for free download via a direct link to a .7z archive. The data is described as updated as of April 11, 2026.
Date: 2026-04-13T08:17:49Z
Network: telegram
Published URL: https://t.me/c/3737716184/1103
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Consumer Goods / Retail
Victim Organization: Hallmark Cards, Inc. & Hallmark Plus
Victim Site: Unknown
Alleged leak of mixed email credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 4.7K mixed email credentials via file hosting service. The credentials appear to be from various sources and are being distributed for free download.
Date: 2026-04-13T08:16:25Z
Network: openweb
Published URL: https://crackingx.com/threads/71923/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Ransomware/Extortion Attack on Kemper Corporation by ShinyHunters
Category: Data Breach
Content: Threat actor ShinyHunters claims to have compromised over 13 million Salesforce records containing PII and internal corporate data belonging to Kemper Corporation. The group is demanding payment by April 14, 2026, threatening to publicly leak the data and cause additional digital problems if the ransom is not paid. A proof/listing is available on their .onion site. This appears to be a data extortion campaign without traditional ransomware encryption.
Date: 2026-04-13T08:16:12Z
Network: telegram
Published URL: https://t.me/c/3737716184/1100
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Insurance / Financial Services
Victim Organization: Kemper Corporation
Victim Site: Unknown
Alleged leak of Russian military casualty database
Category: Data Leak
Content: A forum user shared a database containing personal information of approximately 70,000 alleged Russian military casualties from the ongoing war. The data includes names, birth dates, death dates, locations, ages, military units, branches, and ranks of deceased personnel.
Date: 2026-04-13T08:15:19Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Russian-death-in-the-war-70k
Screenshots:
None
Threat Actors: Tendi
Victim Country: Russia
Victim Industry: Government
Victim Organization: Russian Armed Forces
Victim Site: Unknown
Alleged Data Breach and Leak of ZenBusiness, Inc. by ShinyHunters
Category: Data Breach
Content: The ShinyHunters threat group claims to have compromised several terabytes of data from ZenBusiness, Inc., sourced from Snowflake, Mixpanel, Salesforce, and other systems containing sensitive PII, financial/KYC data, and business data. After the company allegedly failed to reach a ransom agreement, 802GB+ (compressed) of data has been made available for free download via a direct link. The archive filename explicitly references ShinyHunters and a ransom demand. Data was last updated April 5, 2026.
Date: 2026-04-13T08:14:13Z
Network: telegram
Published URL: https://t.me/c/3737716184/1097
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Business Services / Financial Services
Victim Organization: ZenBusiness, Inc.
Victim Site: Unknown
Alleged cyber attack or defacement of karamastarfurniture.com
Category: Defacement
Content: Pharaohs Team market posted a link to karamastarfurniture.com marked as #sold, suggesting the compromise, defacement, or sale of access to this furniture company website has been completed.
Date: 2026-04-13T08:01:44Z
Network: telegram
Published URL: https://t.me/c/3205199875/480
Screenshots:
None
Threat Actors: Pharaohs Team
Victim Country: Unknown
Victim Industry: Retail/Furniture
Victim Organization: Karama Star Furniture
Victim Site: karamastarfurniture.com
Alleged leak of Yahoo.com credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 1.5 million Yahoo.com email and password combinations from mixed countries. The credentials are being distributed for free via a file hosting service.
Date: 2026-04-13T07:53:38Z
Network: openweb
Published URL: https://crackingx.com/threads/71922/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com
Alleged defacement of oncologyclub.org by Cyber Darknay
Category: Defacement
Content: A threat actor identified as CYBER DARKNAY claims to have defaced oncologyclub.org, uploading a deface page at the specified URL. The post credits multiple Indonesian hacking groups including DEFACER INDONESIAN TEAM, HMEI7, Z_JAWA, Z_BLACK_HAT, and others as collaborators or supporters.
Date: 2026-04-13T07:51:11Z
Network: telegram
Published URL: https://t.me/c/3755871403/222
Screenshots:
None
Threat Actors: CYBER DARKNAY
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Oncology Club
Victim Site: oncologyclub.org
Alleged US Official Warning on Anthropic AI Model Glasswing Cyber Threat to Banking Sector
Category: Cyber Attack
Content: US senior officials have reportedly warned about cybersecurity risks posed by a new Anthropic AI model named Glasswing (Project Mythos), describing it as a threat to the US banking system and cybersecurity. An emergency meeting was held with executives from major US banks, Treasury Department, and Federal Reserve officials to discuss the technologys potential cyber intrusion capabilities and security risks. The US government is reportedly reviewing and strengthening protective measures against AI-driven threats.
Date: 2026-04-13T07:42:21Z
Network: telegram
Published URL: https://t.me/c/1283513914/21180
Screenshots:
None
Threat Actors: Glasswing (Project Mythos)
Victim Country: United States
Victim Industry: Banking & Finance
Victim Organization: US Banking Sector / Federal Reserve
Victim Site: Unknown
Website defacement of rafiul.website by DimasHxR
Category: Defacement
Content: The attacker DimasHxR successfully defaced rafiul.website/b.html on April 13, 2026. This appears to be a single-target defacement with no apparent team affiliation or stated motivation.
Date: 2026-04-13T07:41:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832408
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: rafiul.website
Alleged Cyber Threat Against Italian Infrastructure by Infrastructure Destruction Squad
Category: Cyber Attack
Content: A threat actor group calling themselves Infrastructure Destruction Squad has issued a threat against Italy, claiming they will launch attacks against Italian infrastructure, factories, and facilities.
Date: 2026-04-13T07:37:58Z
Network: telegram
Published URL: https://t.me/c/2735908986/3984
Screenshots:
None
Threat Actors: Infrastructure Destruction Squad
Victim Country: Italy
Victim Industry: Critical Infrastructure
Victim Organization: Unknown
Victim Site: Unknown
Alleged SQL Injection Attack on WRG College (wrgcollege.edu.in)
Category: Cyber Attack
Content: A threat actor using the handle Mr.SonicX, affiliated with TEGAL CYBER TEAM, claims to have performed a SQL injection attack against WRG Colleges website at wrgcollege.edu.in, targeting the gallery_img.php endpoint with an injectable id parameter.
Date: 2026-04-13T07:36:04Z
Network: telegram
Published URL: https://t.me/c/3528849141/288
Screenshots:
None
Threat Actors: Mr.SonicX
Victim Country: India
Victim Industry: Education
Victim Organization: WRG College
Victim Site: wrgcollege.edu.in
Alleged leak of mixed domain combolist containing 46,000 credentials
Category: Combo List
Content: User WINGO shared a free download link to a combolist containing 46,000 email and password combinations from mixed domains on DemonForums.
Date: 2026-04-13T07:32:06Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-46K-MIXED-DOMAINS
Screenshots:
None
Threat Actors: WINGO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Live Nation / Ticketmaster by ShinyHunters – 560M Users and Card Details
Category: Data Breach
Content: Threat actor ShinyHunters is allegedly selling a 1.3TB dataset containing data from 560 million Live Nation/Ticketmaster users, including card details. The offer is listed on BreachForums with supporting media attachments.
Date: 2026-04-13T07:32:00Z
Network: telegram
Published URL: https://t.me/c/3737716184/1092
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Entertainment / Ticketing
Victim Organization: Live Nation / Ticketmaster
Victim Site: Unknown
Alleged distribution of corporate SMTP credential combolist
Category: Combo List
Content: Threat actor distributes a 7 million record credential combolist targeting corporate SMTP accounts through Telegram channels. The actor offers free access to the combolist and provides links to Telegram groups for obtaining the data.
Date: 2026-04-13T07:30:30Z
Network: openweb
Published URL: https://crackingx.com/threads/71921/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of FoodPapa.pk Pakistani food delivery platform
Category: Data Leak
Content: Threat actor claims to have leaked a complete database dump from Pakistani food delivery platform FoodPapa.pk containing 239,109 records including user credentials, driver information, and admin accounts with personal data such as names, phone numbers, email addresses, password hashes, and national ID numbers from a January 2026 backup.
Date: 2026-04-13T07:29:45Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-FoodPapa-pk-PWNED-239K-Records-Users-Drivers-Admin-DB-Fresh-2026-Leak
Screenshots:
None
Threat Actors: xorcat
Victim Country: Pakistan
Victim Industry: Food Delivery
Victim Organization: FoodPapa
Victim Site: foodpapa.pk
Alleged CIA Use of Pegasus Spyware in Deception Operation Targeting Iranian Officials
Category: Malware
Content: The London Times reportedly claimed that the CIA used NSO Groups Pegasus spyware during a deception operation to locate and recover a downed American pilot. According to the report, Pegasus was used to send spoofed messages appearing to originate from hacked devices to Iranian officials and IRGC members, falsely claiming the pilot had been found. Pegasus is capable of intercepting communications and covertly collecting data from mobile devices. The channels editorial note questions the credibility of the claim, noting that WhatsApp is not typically used for sensitive operational communications inside Iran.
Date: 2026-04-13T07:26:25Z
Network: telegram
Published URL: https://t.me/c/1283513914/21178
Screenshots:
None
Threat Actors: NSO Group
Victim Country: Iran
Victim Industry: Government / Military
Victim Organization: IRGC / Iranian Officials
Victim Site: Unknown
Alleged Data Breach of Santander Bank Affecting Spain, Chile, and Uruguay by ShinyHunters
Category: Data Breach
Content: Threat actor ShinyHunters is selling an alleged dataset stolen from Santander Bank affecting customers across Spain, Chile, and Uruguay. The data purportedly includes 30 million customer records, 6 million account numbers with balances, 28 million credit card numbers, HR employee lists, and consumer citizenship information. The actor is offering a one-time sale at $1 million USD and has invited Santander itself to purchase the data. The listing is posted on BreachForums.
Date: 2026-04-13T07:25:58Z
Network: telegram
Published URL: https://t.me/c/3737716184/1091
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Spain
Victim Industry: Banking & Financial Services
Victim Organization: Santander Bank
Victim Site: santander.com
Alleged data breach of Live Nation / Ticketmaster by ShinyHunters – 560M Users and Card Details
Category: Data Breach
Content: Threat actor ShinyHunters is allegedly selling a 1.3TB dataset containing data on 560 million Live Nation/Ticketmaster users, including card details. The data is being offered for sale on BreachForums.
Date: 2026-04-13T07:19:04Z
Network: telegram
Published URL: https://t.me/c/3737716184/1090
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Entertainment / Ticketing
Victim Organization: Live Nation / Ticketmaster
Victim Site: ticketmaster.com
Alleged data breach of National Credit Information Center of Vietnam (CIC) — 160M+ Records for Sale
Category: Data Breach
Content: A threat actor operating under the name Dedale Office is claiming to sell the full database of Vietnams National Credit Information Center (cic.gov.vn). The alleged dataset contains over 160 million records in CSV format, including full names, dates of birth, national ID numbers (CCCD/CMND), passport numbers, loan data, balances, debt information, tax IDs, company information, audit logs, and addresses. The data purportedly covers both individuals and companies from the national credit registry. Contact is provided via Telegram handle @DedaleSupport and channel @DedaleOfficials.
Date: 2026-04-13T07:12:15Z
Network: telegram
Published URL: https://t.me/DedaleOfficials/222
Screenshots:
None
Threat Actors: Dedale Office
Victim Country: Vietnam
Victim Industry: Government / Financial Services
Victim Organization: National Credit Information Center of Vietnam (CIC)
Victim Site: cic.gov.vn
Alleged data leak of vegehome.pl customer database
Category: Data Leak
Content: Threat actor lulzintel shared a database dump from vegehome.pl containing over 100,000 customer records including names, email addresses, and hashed passwords. The data breach allegedly occurred in April 2026 and includes personal information and account credentials of Polish customers.
Date: 2026-04-13T07:11:37Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-vegehome-pl-Leaked-Download
Screenshots:
None
Threat Actors: lulzintel
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Vegehome
Victim Site: vegehome.pl
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 705 Hotmail email and password combinations on a cybercrime forum. The credentials are described as high quality and appear to be distributed for free.
Date: 2026-04-13T06:55:55Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9A%A1%E2%9A%A1-X705-HQ-Hotmail-%E2%9A%A1%E2%9A%A1-BY-Steveee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of credential combolists targeting Europe and USA
Category: Combo List
Content: Threat actor gsmfix is allegedly distributing high-quality credential combolists containing email and password combinations targeting users in Europe and USA regions. The post emphasizes the validity and quality of the credential data being made available.
Date: 2026-04-13T06:55:33Z
Network: openweb
Published URL: https://crackingx.com/threads/71917/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of phone number and password credentials
Category: Combo List
Content: Forum post advertising phone number and password credential combinations described as high quality and private. The post lacks specific details about the source, scope, or distribution method of the credentials.
Date: 2026-04-13T06:55:16Z
Network: openweb
Published URL: https://crackingx.com/threads/71918/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of WordPress site credentials
Category: Combo List
Content: Forum post claims to offer valid WordPress site URLs with corresponding login credentials. The post appears to be sharing credential lists for WordPress installations but does not specify the number of sites affected or provide additional details about the compromised sites.
Date: 2026-04-13T06:55:00Z
Network: openweb
Published URL: https://crackingx.com/threads/71919/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist in URL:LOGIN:PASS format
Category: Combo List
Content: A threat actor shared a credential combolist containing login credentials in URL:LOGIN:PASS format, described as high quality and private. The post appears to offer free access to the credential list without mentioning any payment.
Date: 2026-04-13T06:31:04Z
Network: openweb
Published URL: https://crackingx.com/threads/71914/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 93,476 unique German email and password combinations from 2026 on a cybercriminal forum.
Date: 2026-04-13T06:30:31Z
Network: openweb
Published URL: https://crackingx.com/threads/71915/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed USA and Europe credential combolist
Category: Combo List
Content: Threat actor gsmfix shared an exclusive combolist containing mixed credentials from USA and Europe regions on a cybercriminal forum.
Date: 2026-04-13T06:30:02Z
Network: openweb
Published URL: https://crackingx.com/threads/71916/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Farmacias del Ahorro customer credentials
Category: Data Leak
Content: Threat actor Z3r00 claims to have leaked a credential list containing 18,530 records from Mexican pharmacy chain Farmacias del Ahorro, including email addresses and passwords. Sample credentials were provided as proof, with the actor offering the full dataset through Telegram contact.
Date: 2026-04-13T06:04:38Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-FARMACIAS-DEL-AHORRO-MX-18-530
Screenshots:
None
Threat Actors: Z3r00
Victim Country: Mexico
Victim Industry: Healthcare
Victim Organization: Farmacias del Ahorro
Victim Site: fahorro.com
Alleged leak of corporate email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 119,120 corporate email and password combinations through a file sharing service. The credentials are described as corporate mail password leaks from 2026.
Date: 2026-04-13T05:46:00Z
Network: openweb
Published URL: https://crackingx.com/threads/71912/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential combolists targeting corporate email accounts
Category: Combo List
Content: Threat actor distributes corporate email credential combolists through Telegram channels, offering free access to credential lists and associated cracking tools.
Date: 2026-04-13T05:45:36Z
Network: openweb
Published URL: https://crackingx.com/threads/71913/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Ukrainian Information Resource Center
Category: Data Breach
Content: Threat actor StuffedAnimals is allegedly selling a database from ircenter.gov.ua containing approximately 600,000 records of personal information including childrens educational records, birth certificates, and parent information. The data appears to be from Ukrainian educational institutions and contains sensitive personal details of families.
Date: 2026-04-13T05:00:45Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-ircenter-gov-ua-database-600k-lines-json
Screenshots:
None
Threat Actors: StuffedAnimals
Victim Country: Ukraine
Victim Industry: Government
Victim Organization: Ukrainian Information Resource Center
Victim Site: ircenter.gov.ua
Alleged sale of XSS vulnerabilities targeting multiple companies
Category: Initial Access
Content: Threat actor SysInvaders is selling reflected XSS vulnerabilities affecting four companies across Sweden, Norway, and Poland in various industries including electric equipment, home improvement, consumer electronics, and price comparison services. Payment is accepted in XMR and BTC cryptocurrencies.
Date: 2026-04-13T05:00:42Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-Reflected-XSS-Vulnerabilities
Screenshots:
None
Threat Actors: SysInvaders
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist containing 44,478 records
Category: Combo List
Content: Threat actor stormtrooper shared a fresh mixed combolist containing 44,478 email and password combinations on DemonForums. The actor also provided Telegram contact information for further communication.
Date: 2026-04-13T04:14:37Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-44-478-Lines-Fresh-Mix-Combolist
Screenshots:
None
Threat Actors: stormtrooper
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist containing 44,478 records
Category: Combo List
Content: A threat actor leaked a mixed combolist containing 44,478 credential pairs on a cybercriminal forum. The actor also promoted their Telegram channel for additional content.
Date: 2026-04-13T04:12:21Z
Network: openweb
Published URL: https://crackingx.com/threads/71911/
Screenshots:
None
Threat Actors: Browzchel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist containing 43,000 records
Category: Combo List
Content: A threat actor shared a combolist containing 43,000 Hotmail email and password combinations on a cybercrime forum. The credentials are claimed to be valid and sourced from various forums.
Date: 2026-04-13T03:32:05Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%99%8B-43k-HOTMAIL-Base-With-Valid-FORUMS-%E2%99%8B-2
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 1.1 million Hotmail credentials through a file sharing service. The actor claims these are fresh leaks targeting Hotmail streaming accounts.
Date: 2026-04-13T03:31:26Z
Network: openweb
Published URL: https://crackingx.com/threads/71908/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials on cybercrime forum
Category: Combo List
Content: A threat actor shared a combolist containing 43,000 Hotmail email credentials on a cybercrime forum. The post indicates these are valid credentials specifically targeting forum accounts.
Date: 2026-04-13T03:31:00Z
Network: openweb
Published URL: https://crackingx.com/threads/71909/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of stolen credit cards (CC/CVV) via Telegram
Category: Data Leak
Content: Multiple actors advertising stolen credit cards (CC) and CVV data in a marketplace channel. Coleman advertises worlds best CC, 24/7, 100% alive, high balance directing to t.me/genhaosan123. Hana6 promotes a CVV benefits chat group via @nzccg001. These are typical carding marketplace advertisements offering stolen payment card data.
Date: 2026-04-13T03:15:15Z
Network: telegram
Published URL: https://t.me/c/2613583520/61511
Screenshots:
None
Threat Actors: genhaosan123
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Florida Department of State database
Category: Data Leak
Content: Forum post claims involvement of Florida Department of State database leak, but no specific details about the data type, record count, or nature of the incident are provided in the available content.
Date: 2026-04-13T03:14:05Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-The-Florida-Department-of-State-Database-Leak
Screenshots:
None
Threat Actors: Rabid
Victim Country: United States
Victim Industry: Government
Victim Organization: Florida Department of State
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor is distributing a credential list containing Hotmail email and password combinations through Telegram. The actor claims the credentials are valid and from a private cloud source.
Date: 2026-04-13T02:38:55Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X666-Valid-UHQ-Hotmail-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of credential lists for multiple social media platforms
Category: Combo List
Content: Threat actor is distributing credential lists (combolists) for eight different social media platforms through Telegram channels. The actor claims to have 8 million credential combinations available for free distribution.
Date: 2026-04-13T02:37:42Z
Network: openweb
Published URL: https://crackingx.com/threads/71906/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Social Media
Victim Organization: Multiple (Bluesky, Lemon8, Kick, Spill, Artifact, Geneva, Hive Social, Post.news)
Victim Site: Unknown
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: Forum post advertising valid Hotmail credentials described as UHQ (Ultra High Quality) with contact via Telegram. The post appears to be offering access to Hotmail email credentials, though specific details about quantity and distribution method require forum registration to view.
Date: 2026-04-13T02:37:24Z
Network: openweb
Published URL: https://crackingx.com/threads/71907/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of Mihnati career platform exposing 627k Saudi Arabian PII records
Category: Data Breach
Content: Threat actor claims to have breached Mihnati career platform database containing 627k PII records including emails, names, dates of birth, phone numbers, addresses and other personal information of Saudi Arabian job seekers and candidates. The structured dataset appears to be from a CRM system with comprehensive contact and profile information.
Date: 2026-04-13T02:36:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-627k-Saudi-Arabia-https-www-mihnati-com-FULL-CRM-PII-DATASET-Email-Name-dob-pho
Screenshots:
None
Threat Actors: Databroker1
Victim Country: Saudi Arabia
Victim Industry: Human Resources
Victim Organization: Mihnati
Victim Site: mihnati.com
Alleged data breach of Chinese football gambling platform
Category: Data Breach
Content: Threat actor claims to be selling a database containing 3.2 million records from a Chinese football match gambling platform. The data includes player IDs, phone numbers, carrier information, financial data, and IP addresses.
Date: 2026-04-13T02:36:36Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Chinese-football-match-gambling-3200000
Screenshots:
None
Threat Actors: dataPenetrationA
Victim Country: China
Victim Industry: Gaming/Gambling
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of SEKISUI Aerospace Corporation technical data
Category: Data Breach
Content: Threat actor is selling alleged confidential military and aerospace technical data from SEKISUI Aerospace Corporation for $200,000. The data reportedly contains engineering drawings, technical specifications, and Boeing part information marked as export-controlled.
Date: 2026-04-13T02:36:21Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-US-JP-Confidential-Military-SEKISUI-Aerospace-Corporation-Data
Screenshots:
None
Threat Actors: nxe
Victim Country: United States
Victim Industry: Aerospace
Victim Organization: SEKISUI Aerospace Corporation
Victim Site: Unknown
Alleged data leak of IFprofs.org database
Category: Data Leak
Content: Threat actor ChimeraZ leaked a 42.8 MB database dump of IFprofs.org containing 110,276 records including user profiles, publications, comments, discussions, and webinars in JSON format. The data includes personal information such as names, countries, email addresses, and educational content.
Date: 2026-04-13T02:36:13Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-110-276-IFprofs-org
Screenshots:
None
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Education
Victim Organization: IFprofs.org
Victim Site: ifprofs.org
Alleged sale of live high-balance stolen credit cards via Telegram
Category: Cyber Attack
Content: Multiple posts in the channel advertise the sale of stolen credit cards (CC/CVV), claiming to offer 100% alive, high balance cards available 24/7. The seller directs buyers to the Telegram channel t.me/genhaosan123. Additional posts reference a CVV benefits chat group (@nzccg001), indicating an active carding marketplace operation.
Date: 2026-04-13T02:17:14Z
Network: telegram
Published URL: https://t.me/c/2613583520/61473
Screenshots:
None
Threat Actors: genhaosan123
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential logs by threat actor BradMax
Category: Data Leak
Content: Threat actor BradMax leaked 1,000 credential logs from March 2026 as free samples on a dark web forum. The actor operates a Telegram channel for distributing free logs and offers additional logs through an automated bot service.
Date: 2026-04-13T02:15:09Z
Network: openweb
Published URL: https://darkforums.su/Thread-LEAK-FREE-TEST-LOGS-1000-logs-March-2026-samples
Screenshots:
None
Threat Actors: BradMax
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Iranian IRGC and Basij personnel database
Category: Data Leak
Content: A threat actor leaked a database containing personnel information of Iranian Revolutionary Guard Corps (IRGC) and Basij members, including full names, national ID codes, addresses, ranks, and phone numbers. A sample of the data was made available for download.
Date: 2026-04-13T02:14:16Z
Network: openweb
Published URL: https://pwnforums.st/Thread-IRGC-and-BASIJ-PERSONNEL-INFORMATION-DATABASE
Screenshots:
None
Threat Actors: infinityteam
Victim Country: Iran
Victim Industry: Government
Victim Organization: IRGC and Basij
Victim Site: Unknown
Alleged sale of private cloud Hotmail combolists and geo-specific credential datasets
Category: Combo List
Content: A threat actor is offering for sale private cloud combolists described as UHQ (ultra-high quality) Hotmail credentials along with geo-specific datasets covering multiple countries (DE, FR, IT, BR, UK, US, JP, PL, RU, ES, NL, MX, CA, SP, SG) and multiple platforms including Kleinanzeigen, eBay, Reddit, Poshmark, Depop, Walmart, Amazon, and Uber. The seller claims access to a private cloud database and is targeting serious buyers only.
Date: 2026-04-13T02:02:48Z
Network: telegram
Published URL: https://t.me/c/2613583520/61481
Screenshots:
None
Threat Actors: Wěilóng
Victim Country: Unknown
Victim Industry: E-commerce, Technology, Retail
Victim Organization: Hotmail, Walmart, eBay, Amazon, Uber, Poshmark, Depop, Reddit, Kleinanzeigen
Victim Site: Unknown
Alleged defacement of Indian website myseba.in by #OpsShadowStrike
Category: Defacement
Content: The hacktivist group #OpsShadowStrike, in collaboration with multiple groups including TengkorakCyberCrew, MalaysiaHacktivist, EagleCyberCrew, CyberActivistMalaysia, AskarBadai, TheSweetNight, and Noheartz, claims to have defaced an Indian website (myseba.in). The defacement page is hosted at https://myseba.in/ops.html. The attack appears politically motivated, referencing pro-Palestine and anti-Israel sentiments under the #AllMuslimHackers banner.
Date: 2026-04-13T01:32:47Z
Network: telegram
Published URL: https://t.me/c/3844432135/309
Screenshots:
None
Threat Actors: #OpsShadowStrike
Victim Country: India
Victim Industry: Unknown
Victim Organization: myseba.in
Victim Site: myseba.in
Alleged leak of German email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 92,457 unique email and password combinations allegedly targeting German users. The credentials are described as being from 2026 and made available for download on a cybercrime forum.
Date: 2026-04-13T01:13:18Z
Network: openweb
Published URL: https://crackingx.com/threads/71904/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 523,233 credential pairs specifically targeting Hotmail email accounts. The data was made available as a free download via a file sharing service.
Date: 2026-04-13T01:13:01Z
Network: openweb
Published URL: https://crackingx.com/threads/71905/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of PDF exploit kit targeting multiple email providers
Category: Initial Access
Content: Threat actor selling a PDF-based exploit kit for $60 that claims to bypass detection and work with various RATs, worms, and botnets. The exploit reportedly supports multiple email providers and browsers across Windows systems.
Date: 2026-04-13T00:51:26Z
Network: openweb
Published URL: https://crackingx.com/threads/71903/
Screenshots:
None
Threat Actors: coreex
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of Uruguay Ministry of Environment and Electronic Sworn Statement System
Category: Defacement
Content: A threat actor claiming affiliation with Nullsec Philippines has allegedly defaced two Uruguayan government websites: the Ministry of Environment (ambiente.gub.uy) and the Electronic Sworn Statement System (jutep.gub.uy). Defacement proof files are hosted at the target URLs and confirmed via Zone-H mirrors (IDs 41686677 and 41686676). The defacement carries a #StopWAR political message.
Date: 2026-04-13T00:36:58Z
Network: telegram
Published URL: https://t.me/c/2590737229/908
Screenshots:
None
Threat Actors: Nullsec Philippines
Victim Country: Uruguay
Victim Industry: Government
Victim Organization: Ministry of Environment of Uruguay / Electronic Sworn Statement System (JUTEP)
Victim Site: ambiente.gub.uy, dje.jutep.gub.uy
Alleged data breach of Iraq census database
Category: Data Breach
Content: Threat actor claims to be selling Iraqs 2025-2026 census data containing personal information of 47,766,792 individuals for $1200. The data allegedly covers Iraqs population of 46.1 million people.
Date: 2026-04-13T00:32:33Z
Network: openweb
Published URL: https://breached.st/threads/iraqs-2025-2026-census-data-has-been-leaked-47-766-792.85972/unread
Screenshots:
None
Threat Actors: ahmadxalil
Victim Country: Iraq
Victim Industry: Government
Victim Organization: Iraq Government Census Department
Victim Site: Unknown
Alleged distribution of credential combolist containing 11 million records
Category: Combo List
Content: Threat actor CODER is distributing a credential combolist containing 11 million records through Telegram channels. The actor operates multiple Telegram groups offering free credential lists and programs to registered forum members.
Date: 2026-04-13T00:30:16Z
Network: openweb
Published URL: https://crackingx.com/threads/71902/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of stolen credit cards via Telegram carding service
Category: Cyber Attack
Content: A user advertised what appears to be a carding service claiming to offer stolen credit cards described as 100% alive with high balances, available 24/7, directing users to a Telegram channel (t.me/genhaosan123).
Date: 2026-04-13T00:12:45Z
Network: telegram
Published URL: https://t.me/c/2613583520/61425
Screenshots:
None
Threat Actors: Squad Chat Marketplace
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of proxy scraping tool for cybercriminal activities
Category: Initial Access
Content: Cybercriminal distributes GhostLine Proxy Scraper v3.1 tool capable of harvesting 50,000+ daily proxies from 400+ sources with 85% live proxy rate. Tool enables anonymization infrastructure for potential cybercriminal operations.
Date: 2026-04-13T00:10:01Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9A%A1-GHOSTLINE-PROXY-SCRAPER-v3-1-Fresh-Fast-300-Sources-%E2%9A%A1
Screenshots:
None
Threat Actors: haxerx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of California identification documents with selfie verification
Category: Data Leak
Content: Threat actor DataIntel allegedly shared California identification documents paired with selfie photos on a cybercriminal forum. The post appears to offer free access to identity verification materials.
Date: 2026-04-13T00:03:05Z
Network: openweb
Published URL: https://spear.cx/Thread-Free-USA-California-ID-Selfie
Screenshots:
None
Threat Actors: DataIntel
Victim Country: United States
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown