[April-14-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This report provides a comprehensive analysis of a massive surge in cybercriminal activity, data breaches, and website defacements recorded primarily on April 13 and April 14, 2026. Based strictly on the provided incident logs, the threat landscape is currently dominated by a high volume of credential stuffing lists, large-scale mass website defacements, industrial control system (ICS) compromises, and high-profile corporate data extortion.

The data reveals a highly active cybercrime ecosystem operating across both the open web (forums like CrackingX, BreachForums, DemonForums, and PwnForums) and encrypted Telegram channels. The most significant threat actor identified during this period is the “ShinyHunters” group, which is currently executing a massive extortion campaign against major global corporations, including Rockstar Games, Salesforce, and Santander Bank. Simultaneously, a distinct wave of mass website defacements was carried out by an actor known as “maw3six,” targeting dozens of international domains. Furthermore, the underground economy is heavily saturated with the free distribution and sale of “combolists” (email and password combinations), signaling a robust infrastructure supporting credential stuffing and account takeover attacks.

2. Threat Actor Profiles and Major Campaigns

2.1. ShinyHunters: Corporate Extortion and Data Breaches

The threat group known as ShinyHunters is the most prominent actor in the documented incidents, executing a sophisticated extortion and data leak campaign across multiple sectors. The group operates using a “pay or leak” ransomware model, although their recent attacks appear focused on data exfiltration and extortion rather than traditional file encryption. ShinyHunters utilizes Telegram channels (handles including @shinyc0rpsss) to communicate, advertise stolen data, and issue threats, while using Tox, Session, and PGP keys to verify their identity and ward off impersonators (such as “Mattys Savoie & James”) who allegedly misused their PGP keys for independent ransom demands.

Targeted Organizations and Extortion Details:

Rockstar Games: ShinyHunters claims to have compromised Rockstar Games through a third-party analytics vendor, Anodot. The threat actor allegedly exfiltrated over 78.6 million records from Snowflake instances.
The Rockstar Ransom: The group demanded a $200,000 USD ransom, which Rockstar reportedly refused to pay, stating the stolen data contained anonymized financial and sales records rather than customer personally identifiable information (PII).
The Rockstar Leak: Following the refusal, ShinyHunters published the data, which included a decade of internal sales transactions (2014-2024), total earnings exceeding $5 billion, regional sales figures, and in-game currency (Shark Card) purchase data. The group also posted threatening messages directed at the company following the dispute.
Salesforce: The group claims to possess full access to the complete Salesforce ecosystem, including Sales Cloud, Service Cloud, Marketing Cloud, AI automation systems, VPNs, and backend source code.
Salesforce Offerings: They are offering this complete access for $25 million. Additionally, they are selling tiered data packages, including a “Files Cloud” with 9.1 million Salesforce files (2024-2026) for $10,000, and a ransom database of 1 million files for $5,000.
Santander Bank: ShinyHunters is offering a dataset allegedly affecting Santander Bank customers in Spain, Chile, and Uruguay for $1 million USD. The data purportedly contains 30 million customer records, 28 million credit card numbers, and 6 million account numbers with balances.
Live Nation / Ticketmaster: The group is selling a 1.3TB dataset on BreachForums containing information on 560 million Live Nation/Ticketmaster users, including credit card details. They previously valued this data at $75,000 USD.
Government Credentials: The group offered for sale approximately 73,000 government email login credentials from Brazil and Zambia, affecting police, military, and prison administration sectors, claiming an 80% validity rate.
Other Corporate Targets: ShinyHunters claims to possess data from AT&T (valued at $100,000), Kemper Corporation (13 million Salesforce records containing PII), ZenBusiness (802GB of Snowflake/Mixpanel data), Hallmark Cards (7.9 million records), Neiman Marcus, Cisco (3 million source code files), Microsoft, Google, Victoria’s Secret, CrowdStrike, and NATO’s Jira instance.

2.2. The ‘maw3six’ Mass Defacement Campaign

A threat actor utilizing the handle “maw3six” executed a widespread and indiscriminate mass website defacement campaign primarily on April 13 and April 14, 2026. The attacks predominantly targeted websites hosted on Linux and Cloud infrastructure. The defacements generally involved altering specific pages (often naming the file maw.html) rather than the main homepages, and the campaign affected organizations across multiple continents without a clear ideological or sector-specific focus.

Notable ‘maw3six’ Defacement Targets:

Nepal: Extensive targeting of Nepalese infrastructure, including Nepal Brokers (financial services), Sawari Sewa (transportation), educational examination systems, Wonjala E-mart, and various .com.np domains.
Indonesia: Compromise of Batavia (business) and Pandu Warta (news media).
Africa: Defacement of Senegalese government infrastructure (ggis.sn) and SnapTech, a South African technology company.
Europe & Americas: Defacements affecting UK environmental firm EECO Solutions, Argentine e-commerce site Glow Store, Ecuadorian financial services firm Factoring Ecuador, and French site fournisseurs-astucieux.fr.
Other Sectors: Aviation (Prestige Air Parts), Defense (Vigor Defense), and Creative Services (Upturn Studio in Australia).

2.3. Z-Pentest Alliance and DDoSia Project: ICS/OT Attacks

The landscape features highly critical claims of Industrial Control Systems (ICS) and Operational Technology (OT) compromises by politically motivated hacktivist groups.

Z-Pentest Alliance: This pro-Russian hacktivist group claimed full takeover of the ICS and Building Management Systems (BMS) of the Albert Most Velebudická hypermarket in the Czech Republic.
Attack Vector and Impact: They claimed the intrusion exploited weak network segmentation and unprotected management interfaces to control boiler rooms, Trane industrial chillers, VZT ventilation, and cold storage rooms. The group threatened to disable refrigeration systems to destroy thousands of tons of food as retaliation for European support for Ukraine.
DDoSia Project: Affiliated with the pro-Russian group NoName057(16), this actor claimed to have breached the ICS/SCADA systems of Nova-Tech Poultry in South Korea. The group claimed control over modules managing infrared chicken beak processing, injection rates, and production lines as part of an anti-South Korean campaign named #OpSouthKorea.

2.4. Handala Hack (حنظله): Middle Eastern Infrastructure Threats

The Iranian cyber group Handala (or Hanzala) claimed responsibility for large-scale cyber operations targeting the Persian Gulf steel industry.

Targets: The group claims to have completely compromised and taken offline Fulat in Bahrain and SULB in Saudi Arabia. These companies reportedly possess an annual revenue exceeding $5 billion.
Motivation: Handala framed the attacks as revenge for fallen hackers during the “Ramadan War” and in retaliation for actions against the “Axis of Resistance” and southern Lebanon. The group also issued broad threats against Saudi Arabian leadership and industrial infrastructure.

2.5. Additional Defacement Actors (T-XpLoiT, DimasHxR, Zod, CYKOMNEPAL)

Alongside maw3six, several other actors executed defacement campaigns:

T-XpLoiT: Targeted government and educational institutions, defacing the Tanzania ICT Commission events portal, the internal intranet of Guatemala’s National Institute of Public Administration (INAP), and multiple Indonesian Islamic schools (MTs Nurussyafa’ah, STKIP PGRI Sidoarjo).
DimasHxR: Conducted single-page defacements across varied international targets, including a Chinese acrylic sheet manufacturer, an Iranian website, a Ukrainian domain, and a Japanese site.
CYKOMNEPAL: Defaced the Wonjala E-mart in Nepal and a specific product page of Brazilian IT company Informatica CPU.
Zod: Executed mass defacements targeting vendorinfra.com and the aviation company Wonder Air.
CyberOprationCulture / Nullsec Philippines: CyberOprationCulture defaced a Dreams Marketplace subdomain, while Nullsec Philippines claimed politically motivated defacements of the Uruguayan Ministry of Environment and Electronic Sworn Statement System.

3. Detailed Threat Landscape Analysis by Category

3.1. Data Breaches and Corporate Data Leaks

Beyond the ShinyHunters extortion campaigns, numerous independent data breaches were advertised or leaked on underground forums.

VUMI Group: Threat actor “bytetobreach” leaked an insurance database containing PII, social security numbers, passport documents, and W-9 forms for approximately 300,000 insured individuals and 25,000 staff members. The data was allegedly exfiltrated over six days and distributed via cloud storage.
Talabat Saudi Arabia: Threat actor “Jeffrey Epstein” offered a database containing between 536,000 and 563,000 user records from the food delivery platform, including names, emails, phone numbers, and addresses.
National Credit Information Center of Vietnam (CIC): Actor “Dedale Office” claimed to sell a database of over 160 million records containing full names, national ID numbers, loan data, and tax IDs.
Emaar Properties: Actor “ksa901” offered a database of 400,000 records of property owners and renters in the UAE, including high-profile Burj Khalifa residents, for $10,000.
Government Data Leaks: Breaches targeted the Bila Tserkva City Council in Ukraine (by “Perun Svaroga”), the Municipality of São Mateus in Brazil, the Ukrainian Information Resource Center (600,000 educational/family records), and Iraq’s 2025-2026 census data (47.7 million records for $1200). Furthermore, an actor named “Tendi” leaked passport documents for 200 Moscow citizens and a database containing details of 70,000 alleged Russian military casualties.
Other Notable Leaks: Breaches affected American Express (200,000 card records by INNG), NurtureLife (27.5k customer records including children’s birthdates), Farmacias del Ahorro in Mexico (18,530 records), FoodPapa.pk in Pakistan (239,109 records), OfferteCartucce in Italy (229,000 records), and an alleged database of FBI agents containing bcrypt-hashed passwords and vehicle plates. Furthermore, technical data from SEKISUI Aerospace Corporation, including export-controlled Boeing part information, was listed for $200,000.

3.2. Combo Lists, Credential Stuffing, and Log Distribution

The cybercriminal open web forums (such as CrackingX and DemonForums) are experiencing a massive influx of “combolists” (lists of compromised email and password combinations) and stealer logs. These lists are primarily used for automated credential stuffing attacks.

High-Volume Distributors: Actors like “CODER” are distributing massive datasets for free via Telegram, including an 11 million record mixed combo list, a 7 million record corporate SMTP list, and an 8 million record list targeting diverse social media platforms (Myspace, Bebo, Netlog). Another actor, “StarLinkClub,” posted a 21.4 million URL:login:password combolist.
Targeted Platform Combolists: Specific platforms are heavily targeted. “HQcomboSpace” leaked 1.69 million Yahoo credentials. Multiple actors (including “UniqueCombo,” “alphaxdd,” and “D4rkNetHub”) flooded forums with highly specific Hotmail credential lists ranging from a few hundred to over 500,000 verified hits. Streaming and gaming services were also targeted, with actor “Ra-Zi” distributing 120,000 credentials for Netflix, Minecraft, Steam, and Hulu.
Geo-Targeted Data: Distributors like “thejackal101” (under the “Elite_Cloud1” brand) and “CobraEgy” released massive country-specific combolists. These included datasets targeting France (1.4 million), Germany (1.15 million), India (246k), Indonesia (246k), Hungary (135k), Greece (63k), Finland (12k), Colombia (183k), Ecuador (183k), Denmark (47k), Croatia (23k), and the Czech Republic (272k).
Stealer Logs and Cookies: Actors are selling fresh infostealer logs containing credentials and session cookies. Actor “BBB” offered logs for Amazon, eBay, Booking.com, and Uber across multiple global regions. Another actor, “tuzelity,” sold combos and cookies for Facebook, PayPal, Airbnb, Roblox, and dating sites. Authentication cookies for eBay and Google Pay were also shared by actor “bluestarcrack” for potential session hijacking.

3.3. Initial Access Brokering and Cybercrime Services

The underground economy heavily features the sale of initial access to compromised systems and the provision of malicious services to facilitate further attacks.

Mail Account Access: Actor “D4RCK MAGICIAN” advertised the sale of direct mail account access across ten countries (including France, UK, US, and Japan), accompanied by scripts and credential hits. Actor “mu” sold fresh, keyword-searchable credential databases and access to valid webmails on private cloud infrastructure.
Infrastructure Access: The “Infrastructure Destruction Squad” advertised access to compromised servers and systems. Another actor sold access to verified FTX exchange accounts via the Kroll portal, claiming account balances up to $9.5 million, for an asking price of $50,000.
Spam and Phishing Infrastructure: Threat actor “Skybat” offered premium SMTP inbox services capable of sending 25,000 emails per day from dedicated IPs, alongside worldwide SMS sender packages. Actor “NullPointerPanic” advertised a “Sendgrid.com Phishing Suite” for advanced email service theft.
Domain Abuse Services: An actor named “clean_search” advertised comprehensive cybercrime services, including anti-phishing evasion, domain abuse operations, and DMCA manipulation, claiming to process 15,000 abuse cases daily for cryptocurrency payments ranging from $100 to $1000.

3.4. Malware Tooling and Vulnerability Exploitation

The proliferation of offensive tooling and zero-day exploits remains a persistent threat vector.

Offensive Tool Suites: Threat actor “Yoshi Data” actively advertised a comprehensive suite of offensive security and cybercrime tools. These included credential stuffing tools like SilverBullet and OpenBullet, Python automation scripts, CC+ tools, and custom executable development focused on stealth and precision for Kali Linux and Windows environments. Tools specific to validating stolen credentials, such as the “Discord Nitro Checker” and “Weeber Crunchyroll Checker,” were also widely distributed for high-speed automated workflows.
Zero-Day Exploits: Actor “phanes” (or “phanesthegreat”) attempted to sell two critical zero-day exploits. The first was a Windows RDP Denial-of-Service (DoS) exploit priced at $850, allegedly utilizing an integer overflow to crash Windows Server 2012/2016 and Windows 8.1/10 systems, claiming to affect over 1 million devices. The second was a FreeBSD FTP Remote Code Execution (RCE) exploit priced at $900, allegedly affecting over 11,000 devices. Furthermore, actor “SysInvaders” sold reflected XSS vulnerabilities affecting corporate entities in Sweden, Norway, and Poland.
Software Piracy and Cracking: The actor “GoRainCC” actively distributed cracked versions of commercial and professional software, including FlyPaper Sherlock investigation software, Site Modeller Pro, Domain Hunter Gatherer Pro, and various Digi-Ants CAD tools.
Automated Scanning Activity: The “Rakyat Digital Crew” shared automated vulnerability scan results indicating active exploitation attempts against Indonesian government portals (Ministry of Education, Ministry of Finance) and commercial sites using Open Redirect, Directory Traversal, RFI, and Command Injection techniques.

3.5. Specialized Cyber Threats and Alerts

AI Model Security Risks: US senior officials reportedly held an emergency meeting with banking executives and the Treasury Department regarding cybersecurity risks posed by a new Anthropic AI model known as “Glasswing” (Project Mythos). The technology is perceived as a threat to the US banking system due to potential cyber intrusion capabilities.
State-Sponsored Spyware: Reports surfaced alleging that the CIA utilized NSO Group’s Pegasus spyware in a deception operation targeting Iranian officials. The spyware was reportedly used to send spoofed messages to IRGC members to falsely claim a downed American pilot had been recovered, demonstrating the use of commercial spyware in complex geopolitical intelligence operations.
Financial Fraud: The sale of stolen payment card data remains active, with actors like “petac” and “Coleman” advertising fresh CC/CVV information, high balances, and financial transfer services via Cash App and PayPal on Telegram carding marketplaces. In addition, 40,000 Belgian IBANs were offered for sale via cryptocurrency by actor “jza1337”.

4. Comprehensive Incident Log (Selected Detailed Events)

To provide a granular view of the incident data, the following highlights specific tactical events executed over the reporting period.

Incident 151-153: Tanzanian and Indonesian Government/Education Defacements. Threat actor T-XpLoiT compromised the Tanzania ICT Commission (events.ictc.go.tz) on a government subdomain. Concurrently, the actor executed mass defacements against the online examination systems (admujian.mtsnurussyafaah.sch.id and rdm.mtsnurussyafaah.sch.id) of MTs Nurussyafa’ah, an Indonesian Islamic school, indicating automated exploitation of shared vulnerabilities across varied geographic regions.
Incident 161: City of Anthony, New Mexico Incident. The local government reported a cybersecurity incident involving inaccessible systems and missing public records. The anomalies, which included erased police devices, coincided with a mayoral transition. While an external hack is not confirmed, state authorities are investigating data integrity and access controls.
Incident 162: Straumann Legacy System Exposure. Swiss dental company Straumann reported a cyberattack targeting a legacy internal control system used between 2021 and 2024, resulting in exposed internal documents. The company isolated the incident with cybersecurity experts and confirmed that core business operations and client systems were unaffected.
Incident 261: Healthdaq Cyber Security Incident. Healthcare recruitment company Healthdaq suffered a cyber incident that was subsequently reported to regulatory authorities and the Garda National Cyber Crime Bureau in Ireland. Due to the ongoing criminal investigation, specifics regarding the attack vector were withheld.
Incident 263: Spring Lake Park Schools Ransomware Suspicions. The Spring Lake Park school district in Minnesota preemptively closed all facilities following a suspected ransomware attack. Local authorities and cybersecurity experts initiated an investigation to secure networks and assess the potential compromise of IT systems.
Incident 296: WRG College SQL Injection. A threat actor named Mr.SonicX, part of the TEGAL CYBER TEAM, reported performing a targeted SQL injection attack against an Indian educational institution (wrgcollege.edu.in) by exploiting an injectable id parameter on the gallery_img.php endpoint.
Incident 336: #OpsShadowStrike Defacement. A coalition of hacktivist groups (including TengkorakCyberCrew, MalaysiaHacktivist, and EagleCyberCrew) defaced the Indian website myseba.in. The attack utilized the #AllMuslimHackers banner and carried pro-Palestine and anti-Israel political messaging.

5. Conclusion

The cybersecurity landscape analyzed in this dataset indicates a highly volatile period characterized by massive data extortion, automated exploitation, and the weaponization of compromised credentials.

The activities of ShinyHunters represent the most severe financial and reputational threat. By compromising third-party vendors (like Anodot) and critical cloud infrastructure (like Snowflake and Salesforce), they have successfully exfiltrated millions of sensitive records from top-tier global corporations. Their aggressive “pay or leak” strategy and multi-million dollar ransom demands highlight the critical risk posed by supply chain vulnerabilities and improperly secured cloud environments.

Concurrently, the underground economy is thriving on the mass distribution of combolists and stealer logs. The sheer volume of credentials being distributed for free or sold cheaply—numbering in the tens of millions—provides low-skill threat actors with the necessary ammunition to conduct endless credential stuffing and account takeover attacks against platforms ranging from Hotmail and Yahoo to highly sensitive corporate VPNs and financial services.

Politically motivated hacktivism also poses a severe physical and operational threat. The claims by groups like the Z-Pentest Alliance and Handala regarding the full takeover of Industrial Control Systems (ICS) in European hypermarkets and Middle Eastern steel manufacturing facilities demonstrate a dangerous escalation from digital defacement to physical disruption. Threatening to destroy physical inventory by manipulating refrigeration controls or halting steel production emphasizes the urgent need for robust network segmentation and the securing of OT environments against external intrusion.

Finally, the relentless mass defacement campaigns executed by actors like maw3six and T-XpLoiT across vulnerable Linux servers and WordPress installations highlight the continuous, automated scanning and exploitation of unpatched web infrastructure globally.

In summary, organizations must urgently prioritize the securing of third-party SaaS integrations, implement robust multi-factor authentication to combat credential stuffing, and rigidly segment industrial control systems to defend against an increasingly bold and diversified threat actor ecosystem.

Detected Incidents Draft Data

Alleged Data Breach of criminallaw.com Legal Directory
Category: Data Breach
Content: A threat actor operating under the alias Angel Tsvetkov has claimed responsibility for breaching criminallaw.com, a criminal law attorney directory. The actor has made available a CSV database dump containing 35,149 records with user details including emails, full names, law firms, cities, states, phone numbers, photos, bios, social links, and internal account statuses. The post includes sample records of attorneys and a proof-of-defacement link, suggesting the site may have also been defaced
Date: 2026-04-14T23:35:45Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-criminallaw-com-Angel-Tsvetkov-TRIBUTE
Screenshots:
None
Threat Actors: Erich
Victim Country: United States
Victim Industry: Legal Services
Victim Organization: criminallaw.com
Victim Site: criminallaw.com
Alleged Data Breach of onona.ru Sex Shop Database
Category: Data Breach
Content: A threat actor known as Tendi has allegedly made available a database dump associated with onona.ru, a Russian online sex shop. The dataset purportedly contains approximately 257,000 records. No further details regarding the specific data fields or method of acquisition are available from the post content.
Date: 2026-04-14T23:34:01Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-onona-ru-sex-shop-257k
Screenshots:
None
Threat Actors: Tendi
Victim Country: Russia
Victim Industry: Retail
Victim Organization: Onona
Victim Site: onona.ru
Alleged Data Breach of Morocco Royal Palace Staff Database
Category: Data Breach
Content: A threat actor operating under the alias Rihana has allegedly posted a staff database belonging to the Morocco Royal Palace on a cybercrime forum. The post claims to contain personal data of Royal Palace staff members. No further details regarding record count, data fields, or pricing are available as post content was not accessible.
Date: 2026-04-14T23:33:14Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-MOROCCO-Royal-Palace-Staff-Database
Screenshots:
None
Threat Actors: Rihana
Victim Country: Morocco
Victim Industry: Government
Victim Organization: Morocco Royal Palace
Victim Site: Unknown
Alleged forum advertising and intermediary services for cybercriminal transactions
Category: Initial Access
Content: User vlesskey offers intermediary services for posting advertisements on various forums and facilitating transactions between buyers and sellers using escrow services. The actor explicitly excludes Ukrainian clients and requests payment in cryptocurrency (USDT/TRX) with commission rates of 10-20% depending on transaction amount.
Date: 2026-04-14T23:11:23Z
Network: openweb
Published URL: https://crackingx.com/threads/72114/
Screenshots:
None
Threat Actors: vlesskey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged graphic design intermediary service on cybercriminal forum
Category: Initial Access
Content: A threat actor on CrackingX forum offers graphic design services as an intermediary, accepting cryptocurrency payments through guarantor services. The actor provides multiple secure communication channels and operates with detailed transaction protocols to maintain anonymity.
Date: 2026-04-14T23:11:04Z
Network: openweb
Published URL: https://crackingx.com/threads/72115/
Screenshots:
None
Threat Actors: vlesskey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credential combolist
Category: Combo List
Content: A threat actor named TeraCloud1 shared a combolist containing 33,000 valid email credentials on a cybercrime forum. The credentials are being distributed for free with additional private cloud access offered via Telegram.
Date: 2026-04-14T22:44:43Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-33K-VALID-MAIL-ACCESS–200455
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of social media and e-commerce credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 309,339 credential pairs allegedly targeting social media and shopping platforms for 2026. The data was made available for free download via file sharing service.
Date: 2026-04-14T22:43:13Z
Network: openweb
Published URL: https://crackingx.com/threads/72113/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of MRW Venezuela shipping records
Category: Data Leak
Content: Threat actor claims to have leaked confidential shipping and customer data from MRW Venezuela, including personal information, addresses, phone numbers, and transaction details of customers and recipients.
Date: 2026-04-14T22:42:36Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-MRW-VENEZUELA-7-6-MILLIONS-CONFIDENTIAL-DATA-14-04-2026
Screenshots:
None
Threat Actors: malconguerra2
Victim Country: Venezuela
Victim Industry: Logistics and Shipping
Victim Organization: MRW Venezuela
Victim Site: mrwve.com
Alleged distribution of multi-platform credential combolist targeting Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify
Category: Combo List
Content: Threat actor Ra-Zi distributed a combolist containing 140,000 email and password combinations targeting multiple platforms including Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify. The actor also advertised selling additional credential lists and email databases through Telegram.
Date: 2026-04-14T22:22:42Z
Network: openweb
Published URL: https://demonforums.net/Thread-140k-Fresh-HQ-Combolist-Email-Pass-Netflix-Minecraft-Uplay-Steam-Hulu-spotify–200453
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 4,606 valid email and password combinations from mixed sources with mail access capability.
Date: 2026-04-14T22:20:52Z
Network: openweb
Published URL: https://crackingx.com/threads/72109/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 22.52 million records
Category: Combo List
Content: A threat actor named Daxus has made available a credential combolist in URL:LOG:PASS format containing 22.52 million records through their website and Telegram channel.
Date: 2026-04-14T22:20:33Z
Network: openweb
Published URL: https://crackingx.com/threads/72110/
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email and password credentials
Category: Combo List
Content: A threat actor shared a combolist containing 140,000 email and password combinations from various providers including AOL, Yahoo, Hotmail, and Outlook across multiple countries. The actor also advertises selling additional credential lists and mailing lists through Telegram.
Date: 2026-04-14T22:20:18Z
Network: openweb
Published URL: https://crackingx.com/threads/72111/
Screenshots:
None
Threat Actors: steeve75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Oakwood Lodges by H4CKTHOR
Category: Defacement
Content: The attacker H4CKTHOR successfully defaced the homepage of Oakwood Lodges, a UK-based hospitality company, on April 15, 2026. This was a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-14T21:58:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832980
Screenshots:
None
Threat Actors: H4CKTHOR
Victim Country: United Kingdom
Victim Industry: Hospitality
Victim Organization: Oakwood Lodges
Victim Site: oakwoodlodges.co.uk
Alleged data breach of Rockstar Games by ShinyHunters
Category: Data Leak
Content: ShinyHunters allegedly breached Rockstar Games with leaked data made available for free download, reportedly disclosed on April 14th 2026.
Date: 2026-04-14T21:54:48Z
Network: openweb
Published URL: https://darkforums.su/Thread-Rockstar-Breach-from-ShinyHunters
Screenshots:
None
Threat Actors: Liquid
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Rockstar Games
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 770,000 Hotmail email and password combinations on a cybercrime forum. The credentials are allegedly valid hits from credential stuffing attacks.
Date: 2026-04-14T21:34:08Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-770X-%C2%A0-Hotmail-HITS-14-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed email credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 84,000 mixed email and password combinations on a cybercrime forum. The credentials appear to be from various email providers and sources.
Date: 2026-04-14T21:33:24Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-84K-Mail-Access-Mix
Screenshots:
None
Threat Actors: StrawHatBase
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 770,000 Hotmail credentials via file sharing platform. The credentials are described as HITS suggesting they are verified working credentials.
Date: 2026-04-14T21:31:37Z
Network: openweb
Published URL: https://crackingx.com/threads/72108/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of Ukrainian military equipment retailer
Category: Data Breach
Content: Threat actor is selling a database containing 50,000 customer records and 100,000 order records from a Ukrainian military equipment retailer. The data includes full names, email addresses, phone numbers, IP addresses, physical addresses, purchase information, birthdates, and payment methods.
Date: 2026-04-14T21:13:12Z
Network: openweb
Published URL: https://breached.st/threads/military-shop-ukraine-50k-customers-data-100k-orders-data.86000/unread
Screenshots:
None
Threat Actors: wh6ami
Victim Country: Ukraine
Victim Industry: Military/Defense Equipment Retail
Victim Organization: Unknown
Victim Site: specprom-kr.com.ua
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor snowstormxd shared what appears to be a fresh Hotmail credential list through free download links on Pasteview and Telegram. The post offers free access to the combolist without any payment required.
Date: 2026-04-14T21:11:28Z
Network: openweb
Published URL: https://crackingx.com/threads/72107/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Gmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing approximately 1.8 million Gmail email and password combinations through a file sharing service. The credentials are described as high quality leaks from various sources.
Date: 2026-04-14T20:48:44Z
Network: openweb
Published URL: https://crackingx.com/threads/72104/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged leak of mixed domain credential list
Category: Combo List
Content: A threat actor shared a combolist containing 27,000 email and password combinations from various domains via a paste sharing service. The credentials appear to cover multiple organizations and domains.
Date: 2026-04-14T20:48:41Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-27-000-Mixed-Good-Domains-List
Screenshots:
None
Threat Actors: VegaM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 51,000 valid email and password combinations on a cybercrime forum. The credentials are being made available for free download with registration required.
Date: 2026-04-14T20:48:13Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-51K-VALID-MAIL-ACCESS–200421
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sharing of credential combolist on CrackingX forum
Category: Combo List
Content: Forum user webvvork allegedly shared a combolist containing 3,000 valid credentials on CrackingX forum, with contact information provided via Telegram handle @pikachu_perehodnik.
Date: 2026-04-14T20:48:09Z
Network: openweb
Published URL: https://crackingx.com/threads/72105/
Screenshots:
None
Threat Actors: webvvork
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed domain credential list
Category: Combo List
Content: A credential list containing 46,000 mixed domain entries was allegedly shared on a cybercrime forum. The post includes a Telegram contact for further communication.
Date: 2026-04-14T20:47:53Z
Network: openweb
Published URL: https://crackingx.com/threads/72106/
Screenshots:
None
Threat Actors: webvvork
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of US personal information database
Category: Data Leak
Content: A threat actor leaked a database containing 85,000 US personal records from 2021 including names, addresses, birthdates, emails, and mobile numbers across multiple states. The data was validated as active and processed to remove invalid entries before being made available for free download.
Date: 2026-04-14T20:47:04Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-USA-Personal-info-DB-85K
Screenshots:
None
Threat Actors: Immanuel_Kant
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 210K credential combinations
Category: Data Leak
Content: A threat actor allegedly shared a credential list containing 210,000 URL:username:password combinations described as high quality and fresh. No specific victim or pricing information was provided in the available content.
Date: 2026-04-14T20:39:14Z
Network: openweb
Published URL: https://xforums.st/threads/210k-high-quality-and-fresh-url-log-pass.608311/
Screenshots:
None
Threat Actors: Seaborg_p
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement campaign by QATAR911 team member MR~TNT targeting hospie.site
Category: Defacement
Content: The QATAR911 team conducted a mass defacement campaign on April 15, 2026, with attacker MR~TNT compromising hospie.site among other targets. The attack was part of a broader mass defacement operation rather than targeting a specific organization.
Date: 2026-04-14T20:39:11Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248550
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: hospie.site
Mass website defacement by QATAR911 team targeting shoeworth.store
Category: Defacement
Content: The QATAR911 team, with member MR~TNT, conducted a mass defacement campaign targeting the Shoeworth online shoe retailer on April 15, 2026. The attack was part of a broader mass defacement operation affecting multiple websites.
Date: 2026-04-14T20:37:54Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248549
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Retail/E-commerce
Victim Organization: Shoeworth
Victim Site: shoeworth.store
Mass defacement targeting himony.store by MR~TNT/QATAR911 group
Category: Defacement
Content: The QATAR911 group, through attacker MR~TNT, conducted a mass defacement campaign targeting the Himony Store e-commerce website on April 15, 2026. This appears to be part of a broader mass defacement operation rather than a targeted attack on this specific organization.
Date: 2026-04-14T20:36:54Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248551
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Himony Store
Victim Site: himony.store
Website defacement of amandeepsinghchawla.com by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL group successfully defaced the amandeepsinghchawla.com website on April 15, 2026. The attack targeted a specific subdirectory rather than the main homepage, indicating a targeted defacement rather than a mass campaign.
Date: 2026-04-14T20:35:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832976
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: amandeepsinghchawla.com
Mass website defacement by QATAR911 team member MR~TNT targeting zulery.shop
Category: Defacement
Content: The QATAR911 team member MR~TNT conducted a mass defacement attack targeting the e-commerce site zulery.shop on April 15, 2026. The attack was part of a broader mass defacement campaign affecting multiple websites simultaneously.
Date: 2026-04-14T20:34:27Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248548
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Zulery
Victim Site: zulery.shop
Alleged leak of credential combolist containing 210,000 records
Category: Combo List
Content: A threat actor shared a credential combolist containing 210,000 URL:username:password combinations on a cybercrime forum. The data is being distributed for free to registered forum members.
Date: 2026-04-14T20:22:44Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-210K-HIGH-QUALITY-AND-FRESH-URL-LOG-PASS
Screenshots:
None
Threat Actors: Seaborg
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged rental service for Intelligence X database access
Category: Combo List
Content: Threat actor offers rental access to Intelligence X account for $15 per search, providing screen sharing during searches and delivering results as zip files.
Date: 2026-04-14T20:22:01Z
Network: openweb
Published URL: https://crackingx.com/threads/72100/
Screenshots:
None
Threat Actors: Chamane99
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 210,000 records
Category: Combo List
Content: A threat actor shared a combolist containing 210,000 URL:username:password combinations on a cybercrime forum. The credentials are described as high quality and fresh, though no specific victim organizations are identified.
Date: 2026-04-14T20:21:46Z
Network: openweb
Published URL: https://crackingx.com/threads/72102/
Screenshots:
None
Threat Actors: Seaborg
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged rental service for IntelX intelligence platform access
Category: Initial Access
Content: Threat actor offering rental access to IntelX intelligence platform for $15 per search, providing screen sharing sessions and delivering search results as zip files.
Date: 2026-04-14T20:21:35Z
Network: openweb
Published URL: https://crackingx.com/threads/72101/
Screenshots:
None
Threat Actors: Chamane99
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Fashium store by MR~TNT (QATAR911 team)
Category: Defacement
Content: The retail website fashium.store was defaced by attacker MR~TNT, affiliated with the QATAR911 team, on April 15, 2026. The target appears to be an online fashion store running on a Linux server.
Date: 2026-04-14T20:17:35Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248547
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Retail/E-commerce
Victim Organization: Fashium
Victim Site: www.fashium.store
Alleged leak of email credential combolist containing 43,000 records
Category: Combo List
Content: A threat actor shared a combolist containing 43,000 valid email and password combinations through a free download link on a cybercriminal forum.
Date: 2026-04-14T19:59:46Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-43K-VALID-MAIL
Screenshots:
None
Threat Actors: wingoooW
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 11,000 Hotmail email and password combinations through a free download link on a cybercriminal forum.
Date: 2026-04-14T19:59:11Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-11K-HQ-HOTMAIL
Screenshots:
None
Threat Actors: COYTO
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of credential combolist containing 675,000 records
Category: Combo List
Content: A threat actor shared a credential combolist containing approximately 675,000 records in URL:login:password format, claiming the data is fresh and high quality.
Date: 2026-04-14T19:58:41Z
Network: openweb
Published URL: https://crackingx.com/threads/72098/
Screenshots:
None
Threat Actors: Foosa22
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 393,000 records
Category: Combo List
Content: A threat actor shared a credential combolist containing approximately 393,000 records in URL:login:password format, described as fresh and high quality. The data is being distributed for free download on a cybercriminal forum.
Date: 2026-04-14T19:58:24Z
Network: openweb
Published URL: https://crackingx.com/threads/72099/
Screenshots:
None
Threat Actors: herewahyu2k
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 583,000 records
Category: Combo List
Content: A threat actor shared a combolist containing approximately 583,000 credential pairs in URL:login:password format, described as fresh and high quality. The data is being distributed for free download on a cybercriminal forum.
Date: 2026-04-14T19:36:05Z
Network: openweb
Published URL: https://crackingx.com/threads/72096/
Screenshots:
None
Threat Actors: Foosa22
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass website defacement campaign by QATAR911 team member MR~TNT targeting quantumbot.cloud
Category: Defacement
Content: The QATAR911 team member MR~TNT conducted a mass defacement campaign targeting quantumbot.cloud on April 15, 2026. This attack was part of a broader mass defacement operation rather than a targeted single-site attack.
Date: 2026-04-14T19:05:23Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248546
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: QuantumBot
Victim Site: quantumbot.cloud
Mass defacement campaign by QATAR911 team targeting encomendix.online
Category: Defacement
Content: QATAR911 threat group conducted a mass defacement campaign targeting multiple websites including encomendix.online. The attack was carried out by an individual using the handle MR~TNT on April 15, 2026.
Date: 2026-04-14T18:48:23Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248525
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: encomendix.online
Mass defacement campaign by QATAR911 team targeting gaming websites
Category: Defacement
Content: The QATAR911 team conducted a mass defacement campaign on April 15, 2026, with attacker MR~TNT targeting multiple websites including the gaming site gamesforplay.xyz. The attack was part of a broader mass defacement operation rather than targeting a specific organization.
Date: 2026-04-14T18:47:54Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248528
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Unknown
Victim Site: gamesforplay.xyz
Mass defacement campaign by QATAR911 team targeting trusted-peptides.store
Category: Defacement
Content: The QATAR911 team conducted a mass defacement campaign targeting multiple websites including trusted-peptides.store, with attacker MR~TNT claiming responsibility. The incident occurred on April 15, 2026, affecting a peptide/pharmaceutical retail website hosted on a Linux server.
Date: 2026-04-14T18:47:24Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248545
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Healthcare/Pharmaceuticals
Victim Organization: Trusted Peptides
Victim Site: trusted-peptides.store
Mass website defacement by QATAR911 team member MR~TNT targeting digitalfunhub.xyz
Category: Defacement
Content: The QATAR911 team conducted a mass defacement campaign targeting multiple websites including digitalfunhub.xyz. The attack was carried out by team member MR~TNT on April 15, 2026, affecting an entertainment-focused website as part of a broader coordinated defacement operation.
Date: 2026-04-14T18:46:57Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248524
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Entertainment
Victim Organization: Digital Fun Hub
Victim Site: digitalfunhub.xyz
Mass website defacement by QATAR911 team targeting deliciousfoodrecipe.site
Category: Defacement
Content: QATAR911 team member MR~TNT conducted a mass defacement attack targeting deliciousfoodrecipe.site on April 15, 2026. The attack was part of a broader mass defacement campaign rather than targeting the specific site.
Date: 2026-04-14T18:46:29Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248523
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Food and Recipe Services
Victim Organization: Unknown
Victim Site: deliciousfoodrecipe.site
Mass website defacement campaign by QATAR911 team member MR~TNT targeting quantumbot.online
Category: Defacement
Content: MR~TNT from the QATAR911 team conducted a mass defacement campaign targeting quantumbot.online on April 15, 2026. The attack was part of a broader mass defacement operation rather than targeting a single website.
Date: 2026-04-14T18:45:55Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248540
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: QuantumBot
Victim Site: quantumbot.online
Mass defacement campaign by QATAR911 team member MR~TNT targeting logistics websites
Category: Defacement
Content: The QATAR911 team conducted a mass defacement campaign targeting multiple websites including logistificando.online, with attacks carried out by member MR~TNT on April 15, 2026. The campaign targeted logistics sector websites hosted on Linux servers.
Date: 2026-04-14T18:45:24Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248531
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Logistics
Victim Organization: Unknown
Victim Site: logistificando.online
Mass defacement campaign by QATAR911 team targeting gaming websites
Category: Defacement
Content: The QATAR911 team, specifically attacker MR~TNT, conducted a mass defacement campaign targeting gaming-related websites including playforgames.xyz on April 15, 2026. The attack was part of a broader mass defacement operation rather than targeting a specific organization.
Date: 2026-04-14T18:44:50Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248536
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Unknown
Victim Site: playforgames.xyz
Mass website defacement by QATAR911 team member MR~TNT targeting alphalabs-wellness.online
Category: Defacement
Content: The attacker MR~TNT from the QATAR911 team conducted a mass defacement campaign targeting multiple websites including alphalabs-wellness.online on April 15, 2026. The attack compromised a wellness industry website running on a Linux server.
Date: 2026-04-14T18:44:17Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248521
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Healthcare/Wellness
Victim Organization: Alpha Labs Wellness
Victim Site: alphalabs-wellness.online
Alleged solicitation for Brazilian access and infrastructure
Category: Initial Access
Content: Threat actor ekko2k is actively purchasing Brazilian digital assets and infrastructure access including shells, cPanel accounts, and employee credentials, with particular interest in e-commerce and payment systems. Offers range from $500 to $10,000 USD with transactions conducted through forum escrow.
Date: 2026-04-14T18:43:49Z
Network: openweb
Published URL: https://tier1.life/thread/144
Screenshots:
None
Threat Actors: ekko2k
Victim Country: Brazil
Victim Industry: E-commerce
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement campaign by QATAR911 team member MR~TNT targeting therheuco.online
Category: Defacement
Content: QATAR911 team member MR~TNT conducted a mass defacement campaign targeting therheuco.online on April 15, 2026. The attack was part of a broader mass defacement operation rather than a targeted single-site compromise.
Date: 2026-04-14T18:43:45Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248544
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: therheuco.online
Mass website defacement campaign by QATAR911 team member MR~TNT targeting printer security services
Category: Defacement
Content: QATAR911 team member MR~TNT conducted a mass defacement campaign targeting multiple websites including PrinterGuard, a printer security service provider. The attack occurred on April 15, 2026 and targeted Linux-based web servers.
Date: 2026-04-14T18:43:19Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248539
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: PrinterGuard
Victim Site: printerguard.online
Website defacement of ABMarketing Blog by MR~TNT (QATAR911 team)
Category: Defacement
Content: The marketing blog website abmarketingblog.online was defaced by attacker MR~TNT affiliated with the QATAR911 team on April 15, 2026. The incident targeted a Linux-based server hosting the marketing website.
Date: 2026-04-14T18:42:43Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248520
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Marketing
Victim Organization: AB Marketing Blog
Victim Site: abmarketingblog.online
Mass defacement campaign by QATAR911 team member MR~TNT targeting quantumbot.space
Category: Defacement
Content: QATAR911 team member MR~TNT conducted a mass defacement campaign targeting quantumbot.space on April 15, 2026. The attack was part of a broader mass defacement operation rather than targeting a single organization.
Date: 2026-04-14T18:42:17Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248541
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: quantumbot.space
Mass defacement campaign by QATAR911 team targeting gaming website
Category: Defacement
Content: The QATAR911 team conducted a mass defacement campaign targeting multiple websites including playstationforgames.biz, with the attack carried out by member MR~TNT on April 15, 2026. The targeted site appears to be a gaming-related platform running on a Linux server.
Date: 2026-04-14T18:41:51Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248537
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: PlayStation For Games
Victim Site: playstationforgames.biz
Mass website defacement campaign by QATAR911 team member MR~TNT targeting Brazilian laboratory
Category: Defacement
Content: The QATAR911 team conducted a mass defacement campaign targeting multiple websites including a Brazilian laboratory services website. The attack was carried out by team member MR~TNT on April 15, 2026, affecting the Envia Labs Brazil online platform.
Date: 2026-04-14T18:41:28Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248527
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Brazil
Victim Industry: Healthcare/Laboratory Services
Victim Organization: Envia Labs
Victim Site: envialabsbra.online
Mass website defacement by QATAR911 team member MR~TNT targeting sigma-aminos.space
Category: Defacement
Content: QATAR911 team member MR~TNT conducted a mass defacement attack targeting sigma-aminos.space on April 15, 2026. The attack was part of a larger mass defacement campaign rather than targeting a single organization.
Date: 2026-04-14T18:40:57Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248543
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: sigma-aminos.space
Mass defacement campaign by QATAR911 team targeting peptidezone.online
Category: Defacement
Content: The QATAR911 team conducted a mass defacement campaign on April 15, 2026, targeting peptidezone.online among other sites. The attack was executed by MR~TNT on a Linux-based server hosting what appears to be a peptide-related pharmaceutical or research website.
Date: 2026-04-14T18:40:29Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248535
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Healthcare/Pharmaceuticals
Victim Organization: Unknown
Victim Site: peptidezone.online
Mass defacement targeting marketing websites by QATAR911 team member MR~TNT
Category: Defacement
Content: QATAR911 team member MR~TNT conducted a mass defacement attack targeting multiple websites including alphamarketing.blog on April 15, 2026. The attack was part of a broader mass defacement campaign rather than targeting a specific organization.
Date: 2026-04-14T18:40:03Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248522
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Marketing
Victim Organization: Alpha Marketing
Victim Site: alphamarketing.blog
Mass defacement targeting research peptide website by QATAR911 team
Category: Defacement
Content: On April 15, 2026, attacker MR~TNT from the QATAR911 team conducted a mass defacement operation targeting researchpeptide.online, a website in the pharmaceutical research sector. This was part of a broader mass defacement campaign rather than a targeted attack on a single site.
Date: 2026-04-14T18:39:36Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248542
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Pharmaceutical/Research
Victim Organization: Unknown
Victim Site: researchpeptide.online
Mass defacement campaign by QATAR911 team targeting newsforflash.online
Category: Defacement
Content: Mass defacement attack conducted by attacker MR~TNT from the QATAR911 team targeting newsforflash.online on April 15, 2026. The incident was part of a larger mass defacement campaign rather than a targeted attack on a single website.
Date: 2026-04-14T18:39:09Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248533
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Media/News
Victim Organization: News for Flash
Victim Site: newsforflash.online
Mass website defacement by QATAR911 team targeting heartandflowers.store
Category: Defacement
Content: The QATAR911 team conducted a mass defacement campaign targeting multiple websites including heartandflowers.store on April 15, 2026. The attack was carried out by an individual using the handle MR~TNT against what appears to be an online retail business.
Date: 2026-04-14T18:38:37Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248529
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Retail/E-commerce
Victim Organization: Heart and Flowers
Victim Site: heartandflowers.store
Mass defacement campaign by QATAR911 team member MR~TNT targeting labvial.online
Category: Defacement
Content: The attacker MR~TNT from the QATAR911 team conducted a mass defacement campaign targeting labvial.online on April 15, 2026. This was part of a broader mass defacement operation rather than a targeted attack on a specific organization.
Date: 2026-04-14T18:38:02Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248530
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: labvial.online
Mass website defacement campaign by QATAR911 team member MR~TNT targeting mailassist.online
Category: Defacement
Content: The QATAR911 team member MR~TNT conducted a mass defacement campaign targeting multiple websites including mailassist.online, an email services provider. The attack occurred on April 15, 2026, compromising a Linux-based web server.
Date: 2026-04-14T18:37:27Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248532
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Technology/Email Services
Victim Organization: Mail Assist
Victim Site: mailassist.online
Mass defacement campaign by QATAR911 team member MR~TNT targeting peptidecore.site
Category: Defacement
Content: The QATAR911 team conducted a mass defacement campaign on April 15, 2026, with member MR~TNT successfully compromising peptidecore.site. This attack was part of a broader mass defacement operation targeting multiple websites simultaneously.
Date: 2026-04-14T18:37:02Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248534
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Biotechnology
Victim Organization: Peptide Core
Victim Site: peptidecore.site
Mass website defacement campaign by QATAR911 team member MR~TNT
Category: Defacement
Content: QATAR911 team member MR~TNT conducted a mass defacement attack targeting multiple websites including entregopedia.online. The attack occurred on April 15, 2026 and affected Linux-based web servers.
Date: 2026-04-14T18:36:24Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248526
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: entregopedia.online
Mass defacement campaign by QATAR911 team member MR~TNT targeting premiosrapidos.co
Category: Defacement
Content: Website defacement attack conducted by MR~TNT from the QATAR911 team against premiosrapidos.co on April 15, 2026. This was part of a mass defacement campaign targeting multiple websites rather than an isolated attack.
Date: 2026-04-14T18:35:58Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248538
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Colombia
Victim Industry: Entertainment/Gaming
Victim Organization: Premios Rapidos
Victim Site: premiosrapidos.co
Alleged leak of email credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 29,000 email and password combinations with full valid mail access on a cybercrime forum. The credentials appear to be from mixed sources and were made available as a free download to registered forum members.
Date: 2026-04-14T18:33:00Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-29K-Full-Valid-Mail-Access-MIX-14-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 1.1 million records
Category: Combo List
Content: A combolist containing 1.1 million URL-LOGIN-PASS combinations dated April 15, 2026 was allegedly leaked on a cybercrime forum. The credentials appear to be made available for free download to registered forum users.
Date: 2026-04-14T18:32:18Z
Network: openweb
Published URL: https://crackingx.com/threads/72092/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 29,000 email credentials described as Full Valid Mail Access MIX on an underground forum. The post appears to offer the credentials as a free download to registered forum users.
Date: 2026-04-14T18:32:02Z
Network: openweb
Published URL: https://crackingx.com/threads/72093/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of business corporate email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 104,618 business corporate email credentials with SMTP access via a file sharing platform.
Date: 2026-04-14T18:31:42Z
Network: openweb
Published URL: https://crackingx.com/threads/72094/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Forum post claims to share 313 Hotmail credential hits. The actual content is hidden and only available to registered users of the forum.
Date: 2026-04-14T18:31:28Z
Network: openweb
Published URL: https://crackingx.com/threads/72095/
Screenshots:
None
Threat Actors: lpbPrivate
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of stealer logs and credential data
Category: Logs
Content: Threat actor watercloud distributed stealer logs and credential data via file sharing platform with password protection. The actor promotes a Telegram channel for accessing fresh logs daily.
Date: 2026-04-14T18:06:17Z
Network: openweb
Published URL: https://darkforums.su/Thread-%E2%AD%90%E2%AD%90%E2%AD%90-STEALER-LOGS-AND-U-L-P-14-04-2026
Screenshots:
None
Threat Actors: watercloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 4,401 mixed email credentials including Hotmail accounts, distributed through a private cloud service.
Date: 2026-04-14T17:43:33Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9A%A1%E2%9A%A1-4401x-PREMIUM-MIX-MAIL-HITS%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor has allegedly made available a combolist containing 5,984 valid Hotmail email credentials on a cybercrime forum.
Date: 2026-04-14T17:43:06Z
Network: openweb
Published URL: https://crackingx.com/threads/72089/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of premium email credential combolist
Category: Combo List
Content: A threat actor is distributing a combolist containing 4,401 premium mixed email credentials including Hotmail accounts. The credentials are being shared for free download via Telegram contact.
Date: 2026-04-14T17:42:50Z
Network: openweb
Published URL: https://crackingx.com/threads/72090/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed credential combolist containing 20,000 records
Category: Combo List
Content: A threat actor distributed a mixed credential combolist containing 20,000 email and password combinations. No specific victim organization or breach source was identified.
Date: 2026-04-14T17:24:33Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-MIX-Unique-Combo-6-20000
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of French email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,500 fresh French email credentials on a cybercriminal forum. The credentials appear to be recently obtained as indicated by the date reference in the post title.
Date: 2026-04-14T17:21:12Z
Network: openweb
Published URL: https://demonforums.net/Thread-1-5K-Frace-Fresh-Mail-Access-14-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 20,000 records
Category: Combo List
Content: A threat actor shared a credential combolist containing 20,000 username and password combinations on a cybercriminal forum in the combolists and dumps section.
Date: 2026-04-14T17:16:54Z
Network: openweb
Published URL: https://crackingx.com/threads/72086/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail and email credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 4,942 email and password combinations for Hotmail and other email services. The credentials are being distributed for free download on cybercriminal forums.
Date: 2026-04-14T17:16:36Z
Network: openweb
Published URL: https://crackingx.com/threads/72087/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of French email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,500 French email credentials dated April 14th on an underground forum.
Date: 2026-04-14T17:16:21Z
Network: openweb
Published URL: https://crackingx.com/threads/72088/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of iOS exploitation tool targeting financial and cryptocurrency data
Category: Initial Access
Content: Threat actor OnarDev is selling IExploit Lab v1.0, an iOS exploitation tool that allegedly targets devices running iOS 13 through iOS 17.2.1. The tool claims to exploit vulnerabilities to steal cryptocurrency and banking information from compromised devices through malicious links.
Date: 2026-04-14T17:15:45Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-IExploit-Lab-v1-0-C2-Integrated-Panel
Screenshots:
None
Threat Actors: OnarDev
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Russian email credentials
Category: Logs
Content: A threat actor allegedly leaked 4,200 Russian email credentials described as fresh hits from April 14th. The credentials appear to be distributed through a forum specializing in mail access and combolists.
Date: 2026-04-14T17:05:29Z
Network: openweb
Published URL: https://xforums.st/threads/4-2k-russian-mail-access-fresh-hits-14-04.608292/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor alphaxdd shared a combolist containing 2,029 Hotmail email credentials on DemonForums. The credentials are described as valid hits from premium accounts and are being distributed through Telegram.
Date: 2026-04-14T16:49:31Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-2029x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor is distributing a combolist containing 2,029 allegedly valid Hotmail email credentials for free download. The actor claims these are premium hits from a private cloud and mix mail sources.
Date: 2026-04-14T16:48:35Z
Network: openweb
Published URL: https://crackingx.com/threads/72081/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of 9 million credential combolist targeting multiple countries
Category: Combo List
Content: Threat actor CODER is distributing a 9 million record credential combolist containing data from multiple countries including Bangladesh, Belarus, Belgium, Brazil and others. The combolist is being shared through Telegram channels for free distribution.
Date: 2026-04-14T16:48:18Z
Network: openweb
Published URL: https://crackingx.com/threads/72082/
Screenshots:
None
Threat Actors: CODER
Victim Country: Multiple
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Russian email credentials
Category: Combo List
Content: A threat actor shared access to approximately 4,200 Russian email credentials described as fresh hits from April 14th. The credentials appear to be distributed as a combolist on an underground forum.
Date: 2026-04-14T16:48:02Z
Network: openweb
Published URL: https://crackingx.com/threads/72083/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credential lists
Category: Combo List
Content: User klyne05 shared mixed email credential lists described as private, fresh, and checked on the CrackingX forum. The post offers free download access to the combolists without specifying record counts or victim sources.
Date: 2026-04-14T16:47:46Z
Network: openweb
Published URL: https://crackingx.com/threads/72084/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged kernel address leak vulnerability in Windows EventLog RPC
Category: Data Leak
Content: Security researcher documents an information disclosure vulnerability in Windows Event Log service that enables extraction of kernel pool pointers from Windows machines locally and remotely via RPC. The leak occurs in the Microsoft-Windows-Storage-Storport/Operational channel within EventID 524 generated by the stornvme driver during NVMe device errors.
Date: 2026-04-14T16:38:59Z
Network: openweb
Published URL: https://tier1.life/thread/143
Screenshots:
None
Threat Actors: Elijah
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Microsoft
Victim Site: Unknown
Alleged leak of Japanese email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 3,300 Japanese email and password combinations through a file sharing service. The credentials are claimed to be validated and high quality.
Date: 2026-04-14T16:24:41Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3-3K-Japan-Full-Valid-Mail-Just-Top-Quality-14-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of educational institution credential list
Category: Combo List
Content: A threat actor shared a credential list containing 109,000 email and password combinations specifically targeting educational institutions. The actor also advertises selling additional credential lists for various email providers and countries through Telegram.
Date: 2026-04-14T16:23:46Z
Network: openweb
Published URL: https://demonforums.net/Thread-109K-EDU-TARGETED-COMBOLIST
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Chinese email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,900 Chinese email credentials through a file sharing platform. The credentials are claimed to be fresh and dated April 14th.
Date: 2026-04-14T16:22:51Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1-9-K-China-Fresh-Mail-Access-14-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of educational institution credential lists
Category: Combo List
Content: Threat actor CODER is distributing credential lists targeting educational institutions through Telegram channels, offering free access to combolists and related programs.
Date: 2026-04-14T16:21:50Z
Network: openweb
Published URL: https://crackingx.com/threads/72076/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Japanese email credentials
Category: Combo List
Content: A threat actor shared a list containing 3,300 allegedly valid Japanese email credentials on an underground forum. The actor claims the credentials are of top quality and dated April 14th.
Date: 2026-04-14T16:21:27Z
Network: openweb
Published URL: https://crackingx.com/threads/72077/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 1.1 million Hotmail email and password combinations on a cybercrime forum. The credentials are claimed to be from fresh leaks and are being distributed for free.
Date: 2026-04-14T16:21:02Z
Network: openweb
Published URL: https://crackingx.com/threads/72078/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Chinese email credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 1,900 Chinese email credentials dated April 14th. The credentials appear to be fresh mail access data targeting Chinese users.
Date: 2026-04-14T16:20:45Z
Network: openweb
Published URL: https://crackingx.com/threads/72079/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of stolen credentials via Raccoon Stealer logs from Netherlands
Category: Logs
Content: Threat actor KazeFreak advertises 1,000 credential logs stolen via Raccoon Stealer v2 malware from Netherlands-based Windows Server 2019 systems running Edge browser. The logs contain credentials, cookies, and autofill data but exclude crypto wallets.
Date: 2026-04-14T16:19:47Z
Network: openweb
Published URL: https://darkforums.su/Thread-URL-LOGIN-PASS-Raccoon-Stealer-1000-logs-NL
Screenshots:
None
Threat Actors: KazeFreak
Victim Country: Netherlands
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of UAE business owners database
Category: Data Breach
Content: Threat actor claims to be selling a database containing personal information of UAE business owners including names, phone numbers, and business classifications across major Emirates cities including Dubai, Abu Dhabi, and Sharjah.
Date: 2026-04-14T16:19:44Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Business-Owners-United-Arab-Emirates-417k-contacts
Screenshots:
None
Threat Actors: Solana0011
Victim Country: United Arab Emirates
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Italian identity document database
Category: Data Breach
Content: Threat actor MirrorHub is allegedly selling a database containing identity documents and selfies for 2,500 Italian citizens for $120. The data includes passports, drivers licenses, ID cards, and selfie photos with documents.
Date: 2026-04-14T16:19:29Z
Network: openweb
Published URL: https://darkforums.su/Thread-For-Sale-Database-of-Documents-ITALY-2-5%D0%BA-Kits-GEO-ITALY-DL-ID-Pass-Selfie
Screenshots:
None
Threat Actors: MirrorHub
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Municipality of Miracatu government database
Category: Data Breach
Content: Threat actor is selling access to the Municipality of Miracatu government database for $100. The compromised data includes financial records, credentials, and procurement information from the Brazilian municipal government website.
Date: 2026-04-14T15:58:37Z
Network: openweb
Published URL: https://breached.st/threads/municipality-of-miracatu-government-of-brazil.85998/unread
Screenshots:
None
Threat Actors: wh6ami
Victim Country: Brazil
Victim Industry: Government
Victim Organization: Municipality of Miracatu
Victim Site: miracatu.sp.gov.br
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: Actor shared a combolist containing 2,877 validated email and password combinations described as UHQ (Ultra High Quality) mix including Hotmail and private cloud credentials.
Date: 2026-04-14T15:57:23Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X2877-Valid-UHQ-Mix-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of US email credentials combolist
Category: Combo List
Content: A threat actor leaked a combolist containing 1,400 allegedly valid US email credentials on an underground forum. The credentials are described as having full mail access and are dated April 14th.
Date: 2026-04-14T15:56:24Z
Network: openweb
Published URL: https://demonforums.net/Thread-1-4K-Usa-Full-Valid-MaIL-Access-14-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials and mixed email combolist
Category: Combo List
Content: Threat actor noir shared a combolist containing Hotmail credentials and mixed email accounts through Telegram. The post advertises valid high-quality credentials but requires forum registration to view details.
Date: 2026-04-14T15:56:20Z
Network: openweb
Published URL: https://crackingx.com/threads/72073/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Hotmail
Victim Site: hotmail.com
Alleged leak of USA email credentials
Category: Combo List
Content: A threat actor leaked approximately 1,400 valid email credentials from USA-based accounts on a cybercriminal forum. The credentials appear to be current as of April 14th and are being distributed for free to registered forum members.
Date: 2026-04-14T15:56:00Z
Network: openweb
Published URL: https://crackingx.com/threads/72074/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Gmail credentials
Category: Combo List
Content: Threat actor D4rkNetHub shared a combolist containing 1 million Gmail credentials on a cybercriminal forum. The post content is restricted to registered forum members.
Date: 2026-04-14T15:55:33Z
Network: openweb
Published URL: https://crackingx.com/threads/72075/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Website defacement of webuikits.com by QATAR911
Category: Defacement
Content: QATAR911 threat actor defaced webuikits.com on April 14, 2026. The attack targeted a web UI development platform, compromising content in the WordPress uploads directory.
Date: 2026-04-14T15:48:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832972
Screenshots:
None
Threat Actors: QATAR911, QATAR911
Victim Country: Unknown
Victim Industry: Technology/Web Services
Victim Organization: WebUIKits
Victim Site: webuikits.com
Alleged leak of German email credentials
Category: Logs
Content: A threat actor shared a combolist containing 43,000 German email credentials with full mail access on a cybercrime forum.
Date: 2026-04-14T15:44:35Z
Network: openweb
Published URL: https://xforums.st/threads/43k-germany-full-mail-access-top-quality-14-04.608279/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German email credentials
Category: Combo List
Content: A threat actor allegedly made available a combolist containing 43,000 German email credentials with full mail access. The post was shared on a cybercriminal forum specializing in credential lists.
Date: 2026-04-14T15:30:50Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-43K-Germany-Full-Mail-Access-Top-Quality-14-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed stealer logs containing credentials
Category: Combo List
Content: Threat actor fatetraffic distributed a collection of 1,385 mixed stealer logs through a file sharing platform. The logs appear to contain stolen credentials and related data harvested by information stealing malware.
Date: 2026-04-14T15:29:10Z
Network: openweb
Published URL: https://crackingx.com/threads/72070/
Screenshots:
None
Threat Actors: fatetraffic
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German email credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 43,000 German email credentials with full mail access, posted on a cybercrime forum on April 14th.
Date: 2026-04-14T15:28:54Z
Network: openweb
Published URL: https://crackingx.com/threads/72071/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed corporate credential combolist
Category: Combo List
Content: Threat actor CODER is distributing an 11 million record credential combolist containing mixed corporate credentials through Telegram channels. The actor operates free Telegram groups for sharing credential lists and related tools.
Date: 2026-04-14T15:28:30Z
Network: openweb
Published URL: https://crackingx.com/threads/72072/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed stealer logs by FateTraffic
Category: Logs
Content: Threat actor fatetraffic distributed a collection of 1,385 mixed stealer logs via file sharing platform, containing stolen credentials and browser data from information stealing malware.
Date: 2026-04-14T15:27:57Z
Network: openweb
Published URL: https://darkforums.su/Thread-%F0%9F%93%97-FATETRAFFIC-1385-MIX-14-04-2026-STEALER-LOGS
Screenshots:
None
Threat Actors: fatetraffic
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of French ANTS government agency database for sale
Category: Data Breach
Content: Threat actor EvilDump claims to be selling a database containing 18 million records from the French ANTS government agency. The data allegedly includes full names, contact details, birth information, addresses, and account metadata with government-verified identities.
Date: 2026-04-14T15:26:51Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-FR-ANTS-Database-18M
Screenshots:
None
Threat Actors: EvilDump
Victim Country: France
Victim Industry: Government
Victim Organization: ANTS (Agence Nationale des Titres Sécurisés)
Victim Site: Unknown
⎝ 2500 ⎠ MIXMAIL FRESH UHQ✨GOODTIMES CLOUD
Category: Combo List
Content: New thread posted by Lexser: ⎝ 2500 ⎠ MIXMAIL FRESH UHQ✨GOODTIMES CLOUD
Date: 2026-04-14T15:06:58Z
Network: openweb
Published URL: https://crackingx.com/threads/72064/
Screenshots:
None
Threat Actors: Lexser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a sample containing 680 Hotmail credentials on a cybercriminal forum. The credentials appear to be offered as a free download sample, likely to demonstrate the quality of a larger dataset.
Date: 2026-04-14T15:06:28Z
Network: openweb
Published URL: https://crackingx.com/threads/72066/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
MIX Unique Combo_5_20000
Category: Combo List
Content: New thread posted by UniqueCombo: MIX Unique Combo_5_20000
Date: 2026-04-14T15:06:08Z
Network: openweb
Published URL: https://crackingx.com/threads/72067/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
[700x] ⭐⭐ FRESH HQ HOTMAIL ⭐⭐
Category: Combo List
Content: New thread posted by KiwiShio: [700x] ⭐⭐ FRESH HQ HOTMAIL ⭐⭐
Date: 2026-04-14T15:05:53Z
Network: openweb
Published URL: https://crackingx.com/threads/72068/
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credentials combolist
Category: Combo List
Content: Actor NightFall shared a combolist containing 8,700 mixed email and password combinations via an external paste service. The credentials are described as fresh and high quality.
Date: 2026-04-14T15:05:38Z
Network: openweb
Published URL: https://crackingx.com/threads/72069/
Screenshots:
None
Threat Actors: NightFall
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
École Supérieure de Génie Biomédical et des Techniques de Santé MOROCCO DB
Category: Alert
Content: New thread posted by xNov: École Supérieure de Génie Biomédical et des Techniques de Santé MOROCCO DB
Date: 2026-04-14T15:04:38Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-%C3%89cole-Sup%C3%A9rieure-de-G%C3%A9nie-Biom%C3%A9dical-et-des-Techniques-de-Sant%C3%A9-MOROCCO-DB
Screenshots:
None
Threat Actors: xNov
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 14,516 allegedly valid email and password combinations on a cybercrime forum. The credentials are described as high quality mail access.
Date: 2026-04-14T14:44:47Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-14-516-HQ-Mail-Access-Valid-txt
Screenshots:
None
Threat Actors: VegaM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of HQ Mix credential combolist
Category: Combo List
Content: A threat actor shared a credential combolist titled X1842 HQ Mix on a cybercriminal forum. The post requires registration to view the hidden content containing the credential list.
Date: 2026-04-14T14:43:58Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9A%A1%E2%9A%A1-X1842-HQ-Mix-%E2%9A%A1%E2%9A%A1-BY-Steveee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed countries email credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 7,129 email credentials from mixed countries, making it available as a free download on a cybercriminal forum.
Date: 2026-04-14T14:42:43Z
Network: openweb
Published URL: https://crackingx.com/threads/72063/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Bobco Metal by DimasHxR
Category: Defacement
Content: DimasHxR successfully defaced the Bobco Metal company website on April 14, 2026. The attack targeted a specific subdirectory of the companys media content rather than the homepage.
Date: 2026-04-14T14:35:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832968
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Manufacturing/Metal Industry
Victim Organization: Bobco Metal
Victim Site: www.bobcometal.com
Alleged leak of Hotmail credentials
Category: Logs
Content: A threat actor allegedly leaked a combolist containing 46,000 Hotmail email credentials described as fresh access.
Date: 2026-04-14T14:33:16Z
Network: openweb
Published URL: https://xforums.st/threads/46k-hotmail-fresh-access.607098/
Screenshots:
None
Threat Actors: Vekkoo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed credential combolist containing 50,956 records
Category: Combo List
Content: Threat actor stormtrooper shared a fresh mixed combolist containing 50,956 email and password combinations on DemonForums. The credentials appear to be from various sources and are being distributed for free.
Date: 2026-04-14T14:23:11Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-50-956-Lines-Fresh-Mix-Combolist
Screenshots:
None
Threat Actors: stormtrooper
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Yahoo gaming and shopping credentials
Category: Combo List
Content: Threat actor shared a combolist containing approximately 1.9 million credential pairs targeting Yahoo users involved in gaming and shopping activities. The data was made available for free download via cloud storage.
Date: 2026-04-14T14:22:00Z
Network: openweb
Published URL: https://crackingx.com/threads/72061/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com
Alleged leak of mixed credential combolist
Category: Combo List
Content: A threat actor shared a fresh mixed combolist containing 50,956 credential pairs on a cybercrime forum. The actor promoted their Telegram channel for additional content distribution.
Date: 2026-04-14T14:21:46Z
Network: openweb
Published URL: https://crackingx.com/threads/72062/
Screenshots:
None
Threat Actors: Browzchel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of proxy scraping tool X0 Proxy Scraper V2
Category: Initial Access
Content: A cybercriminal shared X0 Proxy Scraper V2, a tool designed for scraping and filtering proxy lists across multiple protocols including HTTP/S, SOCKS4, and SOCKS5. The tool is promoted as useful for automation and feeding other tools that require fresh proxy lists for potentially malicious activities.
Date: 2026-04-14T13:54:41Z
Network: openweb
Published URL: https://demonforums.net/Thread-X0-Proxy-Scraper-V2-by-ManiacX0
Screenshots:
None
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of Matrix AIO credential checking tool
Category: Initial Access
Content: Threat actor shares Matrix AIO Checker, a multi-platform credential validation tool with 100+ modules targeting Steam, Disney, Yahoo, Call of Duty and other major platforms. The tool processes large credential datasets and provides real-time validation statistics for automated credential stuffing operations.
Date: 2026-04-14T13:54:09Z
Network: openweb
Published URL: https://demonforums.net/Thread-Matrix-AIO-Checker
Screenshots:
None
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Multiple
Victim Organization: Multiple platforms including Steam, Disney, Yahoo, Call of Duty
Victim Site: Unknown
Alleged distribution of PayPal credential combolist
Category: Combo List
Content: Threat actor distributing a PayPal credential combolist containing 11 million entries through Telegram channels, offering free access to the compromised credentials.
Date: 2026-04-14T13:53:09Z
Network: openweb
Published URL: https://crackingx.com/threads/72060/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: PayPal
Victim Site: paypal.com
Alleged data breach of ANDE Paraguay government database
Category: Data Breach
Content: Threat actor claims to possess a database from Paraguays ANDE government website containing 50,000 records with personal information including names, emails, phone numbers, addresses, and customer service messages. The data is offered in CSV-SQL format with sample records showing customer complaints and service requests.
Date: 2026-04-14T13:52:38Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-www-ande-gov-py-Database-Paraguay-50K
Screenshots:
None
Threat Actors: camillaDF
Victim Country: Paraguay
Victim Industry: Government
Victim Organization: ANDE
Victim Site: ande.gov.py
Alleged sale of initial access to multiple financial services organizations
Category: Initial Access
Content: Threat actor KazeFreak advertised 500 new listings including initial access to financial services organizations across Czech Republic, Sweden, Portugal, Brazil, and United States. Access methods include RDP, RMM, SSH, webshells, and VPN with varying privilege levels and revenue ranges from unknown to $1 billion.
Date: 2026-04-14T13:52:24Z
Network: openweb
Published URL: https://darkforums.su/Thread-Financial-Services-Access
Screenshots:
None
Threat Actors: KazeFreak
Victim Country: Multiple
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Zadig & Voltaire customer database
Category: Data Breach
Content: Threat actor jza1337 claims to possess a Zadig & Voltaire customer database containing over 500,000 records with first name, last name, email, and gender information. The data is being made available for download on a dark web forum.
Date: 2026-04-14T13:51:59Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-FR-ZADIG-VOLTAIRE-500K
Screenshots:
None
Threat Actors: jza1337
Victim Country: France
Victim Industry: Retail/Fashion
Victim Organization: Zadig & Voltaire
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a list containing 3,782 Hotmail email credentials on a cybercrime forum. The credentials appear to be distributed as a free download to registered forum users.
Date: 2026-04-14T13:32:26Z
Network: openweb
Published URL: https://crackingx.com/threads/72055/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of VIP ULP 4 combolist by threat actor zod
Category: Combo List
Content: Threat actor zod shared a credential list labeled VIP ULP 4 on CrackingX forum in the combolists section. Access details are provided through a Telegram channel.
Date: 2026-04-14T13:32:12Z
Network: openweb
Published URL: https://crackingx.com/threads/72056/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement campaign by Zod targeting apreal.in
Category: Defacement
Content: The threat actor Zod conducted a mass defacement campaign targeting apreal.in on April 14, 2026. The attack was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-04-14T13:28:51Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248507
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: apreal.in
Mass website defacement campaign by Zod threat actor
Category: Defacement
Content: The threat actor known as Zod conducted a mass defacement campaign targeting multiple websites including dtekarnic.org on April 14, 2026. The attack targeted a Linux-based server and was part of a broader mass defacement operation rather than a targeted attack.
Date: 2026-04-14T13:28:23Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248511
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: dtekarnic.org
Mass website defacement campaign by Zod targeting farmgreenvalley.com
Category: Defacement
Content: The threat actor known as Zod conducted a mass defacement campaign targeting multiple websites including farmgreenvalley.com on April 14, 2026. The attack affected a Linux-hosted agricultural website as part of a broader defacement operation.
Date: 2026-04-14T13:27:58Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248512
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Agriculture
Victim Organization: Farm Green Valley
Victim Site: farmgreenvalley.com
Website defacement of Outreach Recruitment by Zod
Category: Defacement
Content: The attacker known as Zod successfully defaced the Outreach Recruitment website on April 14, 2026. The defacement targeted a recruitment companys online presence, compromising their web infrastructure hosted on cloud services.
Date: 2026-04-14T13:27:23Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248505
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Human Resources/Recruitment
Victim Organization: Outreach Recruitment
Victim Site: outreachrecruitment.net
Mass defacement campaign by Zod targeting ucesap.in
Category: Defacement
Content: The threat actor known as Zod conducted a mass defacement campaign targeting ucesap.in on April 14, 2026. The attack was part of a broader mass defacement operation rather than a targeted single-site compromise.
Date: 2026-04-14T13:26:52Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248518
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ucesap.in
Mass website defacement campaign by Zod targeting cbseonline.co.in
Category: Defacement
Content: The attacker Zod conducted a mass defacement campaign targeting cbseonline.co.in, an Indian educational website related to the Central Board of Secondary Education. The attack occurred on April 14, 2026 and was part of a broader mass defacement operation rather than a targeted single-site attack.
Date: 2026-04-14T13:26:27Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248510
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: India
Victim Industry: Education
Victim Organization: CBSE Online
Victim Site: cbseonline.co.in
Mass defacement targeting eckmart.in by Zod
Category: Defacement
Content: The attacker Zod conducted a mass defacement campaign targeting the Indian e-commerce website eckmart.in on April 14, 2026. This was part of a broader mass defacement operation rather than a targeted attack on a single site.
Date: 2026-04-14T13:25:49Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248519
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: India
Victim Industry: E-commerce
Victim Organization: Eckmart
Victim Site: eckmart.in
Mass website defacement campaign by Zod threat actor
Category: Defacement
Content: The threat actor known as Zod conducted a mass defacement campaign targeting multiple websites including svspdc.in. The attack occurred on April 14, 2026 and affected Linux-based servers as part of a broader defacement operation.
Date: 2026-04-14T13:25:20Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248516
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: svspdc.in
Website defacement of 123po.vn by Zod
Category: Defacement
Content: The threat actor Zod successfully defaced the website 123po.vn on April 14, 2026. The attack targeted a Linux-based server and resulted in the compromise of a specific page on the Vietnamese domain.
Date: 2026-04-14T13:24:42Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248504
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 123po.vn
Website defacement of Brand Education by Zod
Category: Defacement
Content: The attacker known as Zod successfully defaced the Brand Education website on April 14, 2026. The compromised site was running on a Linux server and the defacement was archived for documentation purposes.
Date: 2026-04-14T13:24:08Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248506
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: India
Victim Industry: Education
Victim Organization: Brand Education
Victim Site: brandeducation.in
Mass defacement campaign by Zod threat actor targeting tejahomes.com
Category: Defacement
Content: The threat actor Zod conducted a mass defacement campaign targeting tejahomes.com on April 14, 2026. The attack was part of a broader mass defacement operation rather than a targeted single-site attack.
Date: 2026-04-14T13:23:30Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248517
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Real Estate
Victim Organization: Teja Homes
Victim Site: tejahomes.com
Mass website defacement campaign by Zod targeting inbhu.in
Category: Defacement
Content: The attacker Zod conducted a mass defacement campaign targeting the Banaras Hindu University website. The attack occurred on April 14, 2026, affecting a Linux-based server hosting the educational institutions web presence.
Date: 2026-04-14T13:22:59Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248513
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: India
Victim Industry: Education
Victim Organization: Banaras Hindu University
Victim Site: inbhu.in
Mass website defacement by Zod targeting bnkfarmfoods.com
Category: Defacement
Content: The threat actor Zod conducted a mass defacement campaign targeting multiple websites including bnkfarmfoods.com on April 14, 2026. The attack compromised a Linux-based server and was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-04-14T13:22:20Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248509
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Food & Agriculture
Victim Organization: BNK Farm Foods
Victim Site: bnkfarmfoods.com
Mass defacement campaign by Zod targeting construction company website
Category: Defacement
Content: The threat actor Zod conducted a mass defacement campaign targeting the Prime Builders construction company website. This was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-04-14T13:21:53Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248515
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: India
Victim Industry: Construction
Victim Organization: Prime Builders
Victim Site: primebuilders.apreal.in
Mass defacement campaign targeting educational institutions by Zod
Category: Defacement
Content: The threat actor Zod conducted a mass defacement campaign targeting multiple websites including the Bangalore University Online portal. This incident was part of a broader defacement operation rather than a targeted attack on a single organization.
Date: 2026-04-14T13:21:18Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248508
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: India
Victim Industry: Education
Victim Organization: Bangalore University Online
Victim Site: bangaloreuniversityonline.com
Mass website defacement campaign by Zod threat actor
Category: Defacement
Content: The threat actor Zod conducted a mass defacement campaign targeting multiple websites including PNR Organics. The attack occurred on April 14, 2026, affecting a Linux-based web server hosting the organic products companys website.
Date: 2026-04-14T13:20:41Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248514
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Agriculture/Organic Products
Victim Organization: PNR Organics
Victim Site: pnrorganics.com
Alleged sale of forged identity documents and personal data services
Category: Data Breach
Content: Threat actor offers forged identity documents including passports, driver licenses, and ID cards for USA and EU, along with personal information services including SSN, addresses, phone numbers, and associated data. Services appear to target identity verification systems.
Date: 2026-04-14T13:06:44Z
Network: openweb
Published URL: https://demonforums.net/Thread-Offering-ID-DOCUMENTS-4-VERIFICATIONS
Screenshots:
None
Threat Actors: Koolpp
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a sample combolist containing 780 Hotmail email and password combinations on a cybercrime forum.
Date: 2026-04-14T13:05:19Z
Network: openweb
Published URL: https://crackingx.com/threads/72054/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of Nigeria Corporate Affairs Commission
Category: Data Breach
Content: Threat actor claims to have downloaded 25 million documents from Nigerias Corporate Affairs Commission infrastructure. 750GB of data is offered for free download while remaining data is sold separately.
Date: 2026-04-14T13:04:36Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-NIGERIA-GOV-Corporate-Affairs-Commission
Screenshots:
None
Threat Actors: ByteToBreach
Victim Country: Nigeria
Victim Industry: Government
Victim Organization: Corporate Affairs Commission
Victim Site: Unknown
Alleged sale of gift certificates for multiple e-commerce platforms
Category: Initial Access
Content: Threat actor EastEow is allegedly selling electronic gift certificates for major retailers including ASOS, Adidas, eBay, Amazon, Walmart, Target, and Steam. The actor claims to offer certificates at prices much lower than other suppliers and is seeking long-term cooperation with regular buyers.
Date: 2026-04-14T12:45:16Z
Network: openweb
Published URL: https://demonforums.net/Thread-ASOS-Ozon-Adidas-Eldorado-Ebay-Amazon-Walmart-Target-Steam–200388
Screenshots:
None
Threat Actors: EastEow
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Multiple retailers
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 7,900 mixed email and password combinations on a cybercrime forum as hidden content requiring registration to access.
Date: 2026-04-14T12:44:54Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-7900x-MIX-MAIL
Screenshots:
None
Threat Actors: NotSellerXd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credential combolist
Category: Combo List
Content: User NotSellerxd shared a mixed email combolist containing approximately 7.9 million credentials for free download on CrackingX forum.
Date: 2026-04-14T12:43:05Z
Network: openweb
Published URL: https://crackingx.com/threads/72050/
Screenshots:
None
Threat Actors: NotSellerxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential combolist containing 20,000 records
Category: Combo List
Content: A threat actor allegedly shared a unique credential combolist containing 20,000 records on a cybercriminal forum specializing in stolen credentials and financial data.
Date: 2026-04-14T12:42:48Z
Network: openweb
Published URL: https://crackingx.com/threads/72051/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing URL-login-password combinations
Category: Combo List
Content: A credential combolist containing 1 million URL-login-password combinations was allegedly made available for free download on a cybercriminal forum. The data appears to be from April 2026 based on the filename timestamp.
Date: 2026-04-14T12:42:30Z
Network: openweb
Published URL: https://crackingx.com/threads/72052/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Spanish Wind Energy Association (AEE)
Category: Data Leak
Content: User s1ethx7z shared alleged data from the Spanish Wind Energy Association containing user profiles, messages, calendar data, private files, reports, preferences, and courses. The data is being distributed for free via file sharing and Telegram channels.
Date: 2026-04-14T11:55:28Z
Network: openweb
Published URL: https://breached.st/threads/aee-aeeolica.85996/unread
Screenshots:
None
Threat Actors: s1ethx7z
Victim Country: Spain
Victim Industry: Energy
Victim Organization: Spanish Wind Energy Association (AEE)
Victim Site: Unknown
Alleged distribution of mixed credential combolist
Category: Combo List
Content: A threat actor shared a mixed combolist containing 35,965 credential pairs on a cybercrime forum. The data is protected with a password available through a Telegram channel.
Date: 2026-04-14T11:53:46Z
Network: openweb
Published URL: https://crackingx.com/threads/72048/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of corporate email credentials targeting business organizations
Category: Combo List
Content: A combolist containing 193,768 email and password combinations allegedly targeting corporate business accounts has been made available for download. The credentials are described as suitable for SMTP spam operations against business entities.
Date: 2026-04-14T11:53:31Z
Network: openweb
Published URL: https://crackingx.com/threads/72049/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Spanish Wind Energy Association (AEE)
Category: Data Leak
Content: Actor leaked database contents from the Spanish Wind Energy Association containing user profiles, messages, calendar data, private files, reports, preferences, and course information. The data is being distributed for free download on cybercrime forums.
Date: 2026-04-14T11:26:17Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DOCUMENTS-AEE-aeeolica-org
Screenshots:
None
Threat Actors: s1ethx7z
Victim Country: Spain
Victim Industry: Energy
Victim Organization: Spanish Wind Energy Association (AEE)
Victim Site: aeeolica.org
Alleged leak of Russian government officials data
Category: Data Leak
Content: Personal information of Russian government officials and executives including names, titles, companies, phone numbers and email addresses was leaked on a cybercrime forum. The data appears to contain contact details for individuals in various Russian organizations including energy companies and government-related entities.
Date: 2026-04-14T11:08:27Z
Network: openweb
Published URL: https://breached.st/threads/russian-ministry-governments-data.85994/unread
Screenshots:
None
Threat Actors: spider321
Victim Country: Russia
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of French Ministry government database
Category: Data Leak
Content: User spider321 shared samples from an alleged French Ministry government database containing structured data about government commissioners, nominations, and administrative council information including personal details and organizational assignments.
Date: 2026-04-14T11:07:54Z
Network: openweb
Published URL: https://breached.st/threads/french-ministry-government-db.85995/unread
Screenshots:
None
Threat Actors: spider321
Victim Country: France
Victim Industry: Government
Victim Organization: French Ministry
Victim Site: Unknown
Alleged data leak of Russian government officials and corporate executives
Category: Data Leak
Content: Forum user spider321 leaked personal information of Russian government officials and corporate executives including names, titles, companies, phone numbers, and email addresses. The data appears to contain contact details for individuals associated with Russian ministries and various Russian companies including energy sector organizations.
Date: 2026-04-14T11:07:03Z
Network: openweb
Published URL: https://breached.st/threads/russian-ministry-governments-data.85992/unread
Screenshots:
None
Threat Actors: spider321
Victim Country: Russia
Victim Industry: Government
Victim Organization: Russian Ministry
Victim Site: Unknown
Alleged leak of French Ministry government database
Category: Data Leak
Content: Actor shared samples from an alleged French Ministry government database containing structured data on government commissioners and administrative council appointments. The data includes personal information, organizational appointments, and official government references from JORF (Official Journal of the French Republic).
Date: 2026-04-14T11:06:31Z
Network: openweb
Published URL: https://breached.st/threads/french-ministry-government-db.85993/unread
Screenshots:
None
Threat Actors: spider321
Victim Country: France
Victim Industry: Government
Victim Organization: French Ministry
Victim Site: Unknown
Alleged distribution of Hunter Mix Mail Inboxer cracking tool
Category: Initial Access
Content: A forum user is distributing a reversed and cleaned version of the Hunter Mix Mail Inboxer tool through multiple download mirrors. The tool appears to be designed for email account access or credential harvesting purposes.
Date: 2026-04-14T11:05:34Z
Network: openweb
Published URL: https://demonforums.net/Thread-Hunter-Mix-Mail-Inboxer-Reversed-and-Cleaned-By-XMRjr
Screenshots:
None
Threat Actors: makitabosch
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,600 allegedly valid Hotmail email and password combinations on a cybercriminal forum.
Date: 2026-04-14T11:04:58Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1600x-HQ-Valid-Hotmails
Screenshots:
None
Threat Actors: Sellerxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Mass website defacement by BABAYO EROR SYSTEM targeting Vietnamese sites
Category: Defacement
Content: The threat group BABAYO EROR SYSTEM conducted a mass defacement campaign targeting multiple websites including caitaonhahanoi.com.vn. The attack was carried out by an individual identified as Mr.XycanKing on April 14, 2026.
Date: 2026-04-14T11:02:15Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248503
Screenshots:
None
Threat Actors: Mr.XycanKing, BABAYO EROR SYSTEM
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: caitaonhahanoi.com.vn
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 43,000 email credentials described as good mail access mixed on a cybercrime forum.
Date: 2026-04-14T10:35:48Z
Network: openweb
Published URL: https://crackingx.com/threads/72045/
Screenshots:
None
Threat Actors: Cir4d
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 20,000 records
Category: Combo List
Content: A threat actor allegedly shared a credential combolist containing 20,000 unique records on an underground forum. The post content is hidden behind authentication requirements.
Date: 2026-04-14T10:35:29Z
Network: openweb
Published URL: https://crackingx.com/threads/72046/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Doxbin source code
Category: Data Leak
Content: User claims to have leaked the source code of Doxbin, though notes that critical files are missing and the code is non-functional. The source code is being distributed for free on the forum.
Date: 2026-04-14T10:09:29Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SOURCE-CODE-DOXBIN-LEAKED-SOURCE
Screenshots:
None
Threat Actors: 503
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Doxbin
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Logs
Content: Threat actor D4rkNetHub shared a collection of 194 Hotmail credentials on a cybercrime forum. The credentials are described as good suggesting they are valid and functional.
Date: 2026-04-14T10:01:08Z
Network: openweb
Published URL: https://xforums.st/threads/194-good-hotmail-goods-d4rknethub-cloud-14-04-26.606936/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor D4rkNetHub shared a combolist containing 194 Hotmail email and password combinations on cybercriminal forum. The actor also promotes their premium cloud service for accessing additional credential data.
Date: 2026-04-14T09:49:22Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-194-Good-HOTMAIL-GOODS-D4RKNETHUB-CLOUD-14-04-26
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: Forum user D4rkNetHub shared 194 Hotmail credentials on CrackingX forum. The data appears to be distributed as a free leak rather than sold.
Date: 2026-04-14T09:48:49Z
Network: openweb
Published URL: https://crackingx.com/threads/72040/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: User klyne05 shared Hotmail credentials on CrackingX forum, claiming they are private, fresh, and checked. The post appears to offer free download of the credential list.
Date: 2026-04-14T09:48:20Z
Network: openweb
Published URL: https://crackingx.com/threads/72041/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of German social media and e-commerce credentials
Category: Combo List
Content: Threat actor shared a combolist containing over 822,000 credentials allegedly targeting German social media and shopping platforms. The data was made available as a free download via file sharing service.
Date: 2026-04-14T09:47:54Z
Network: openweb
Published URL: https://crackingx.com/threads/72044/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,000 Hotmail email and password combinations through a free download link on a cybercrime forum.
Date: 2026-04-14T09:25:17Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1K-HQ-HOTMAIL–200377
Screenshots:
None
Threat Actors: COYTO
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of email credentials combolist
Category: Combo List
Content: Threat actor snowstormxd shared a free download link to a FRESH MIX MAIL credential list on a cybercriminal forum. The combolist is being distributed for free via Pasteview and Telegram channels.
Date: 2026-04-14T09:23:53Z
Network: openweb
Published URL: https://crackingx.com/threads/72038/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credentials from multiple platforms including PSN, PayPal, Amazon, Twitter, Facebook, and Bitcoin services
Category: Combo List
Content: Threat actor distributing credential lists allegedly containing login data from PSN, PayPal, Amazon, Twitter, Facebook, and Bitcoin services through Telegram channels. The combolist contains approximately 11 million credential pairs and is being distributed for free through dedicated Telegram groups.
Date: 2026-04-14T09:23:35Z
Network: openweb
Published URL: https://crackingx.com/threads/72039/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of access to US prepaid mobile carrier with 3 million customer records
Category: Data Breach
Content: Threat actor claims to be selling administrative access to a US prepaid mobile phone carrier system along with a database containing 3 million customer records including personal information, account details, and device data for $75,000 in Monero cryptocurrency.
Date: 2026-04-14T09:22:24Z
Network: openweb
Published URL: https://pwnforums.st/Thread-USA-Prepaid-Mobile-Phone-Carrier
Screenshots:
None
Threat Actors: TheAuditors
Victim Country: United States
Victim Industry: Telecommunications
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 38,000 valid email credentials on a cybercrime forum. The credentials are being distributed for free download through a paste sharing service.
Date: 2026-04-14T08:57:03Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-38K-VALID-MAIL-ACCESS–200373
Screenshots:
None
Threat Actors: wingoooW
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 3.8K mixed email credentials via file sharing service. The credentials appear to be from various sources and are being distributed for free download.
Date: 2026-04-14T08:56:06Z
Network: openweb
Published URL: https://crackingx.com/threads/72036/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged request for log files on Swedish cybercriminal forum
Category: Combo List
Content: Forum user posted in Swedish requesting tips on where to find new log files, likely referring to stealer logs containing credentials and sensitive data.
Date: 2026-04-14T08:55:52Z
Network: openweb
Published URL: https://crackingx.com/threads/72037/
Screenshots:
None
Threat Actors: Zxhuwu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
MIX Unique Combo_2_20000
Category: Logs
Content: New thread posted by UniqueCombo: MIX Unique Combo_2_20000
Date: 2026-04-14T08:46:53Z
Network: openweb
Published URL: https://xforums.st/threads/mix-unique-combo_2_20000.606929/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
❄️❄️ 1567x PREMIUM HOTMAIL HITS ❄️❄️
Category: Combo List
Content: New thread posted by alphaxdd: ❄️❄️ 1567x PREMIUM HOTMAIL HITS ❄️❄️
Date: 2026-04-14T08:34:23Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1567x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor is distributing a collection of 1,567 allegedly valid Hotmail credentials through a free download. The credentials are described as premium hits from a private cloud source.
Date: 2026-04-14T08:32:52Z
Network: openweb
Published URL: https://crackingx.com/threads/72034/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
MIX Unique Combo_2_20000
Category: Combo List
Content: New thread posted by UniqueCombo: MIX Unique Combo_2_20000
Date: 2026-04-14T08:32:36Z
Network: openweb
Published URL: https://crackingx.com/threads/72035/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Viewcaller 6.8 M Russia
Category: Alert
Content: New thread posted by Tendi: Viewcaller 6.8 M Russia
Date: 2026-04-14T08:30:43Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Viewcaller-6-8-M-Russia
Screenshots:
None
Threat Actors: Tendi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass website defacement campaign by PredixorX/XSQDD PHILIPPINE targeting soundforce.co.in
Category: Defacement
Content: The threat actor PredixorX from the XSQDD PHILIPPINE team conducted a mass defacement campaign targeting SoundForces website on April 14, 2026. The attack compromised a Windows Server 2016 system as part of a broader mass defacement operation rather than a targeted single-site attack.
Date: 2026-04-14T07:53:36Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248502
Screenshots:
None
Threat Actors: PredixorX, XSQDD PHILIPPINE
Victim Country: India
Victim Industry: Technology/Audio Equipment
Victim Organization: SoundForce
Victim Site: www.soundforce.co.in
Alleged leak of German credential combolist
Category: Combo List
Content: A credential combolist containing 429,608 lines targeting German users has been made available for free download. The combolist appears to contain mixed credentials from various sources.
Date: 2026-04-14T07:46:30Z
Network: openweb
Published URL: https://crackingx.com/threads/72032/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of office-related credential combos via Telegram
Category: Combo List
Content: Threat actor CODER is distributing a 3 million record office-related credential combolist through Telegram channels. The actor operates multiple Telegram groups offering free credential lists and programs.
Date: 2026-04-14T07:46:14Z
Network: openweb
Published URL: https://crackingx.com/threads/72033/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement campaign by XSQDD PHILIPPINE targeting environmental organizations
Category: Defacement
Content: XSQDD PHILIPPINE conducted a mass defacement campaign targeting environmental websites including growgreencampaign.com on April 14, 2026. The attack was carried out by threat actor PredixorX as part of a coordinated campaign affecting multiple sites.
Date: 2026-04-14T07:36:37Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248501
Screenshots:
None
Threat Actors: PredixorX, XSQDD PHILIPPINE
Victim Country: Unknown
Victim Industry: Environmental/Non-profit
Victim Organization: Grow Green Campaign
Victim Site: growgreencampaign.com
Website defacement of Green Campaign organization by PredixorX/XSQDD PHILIPPINE
Category: Defacement
Content: PredixorX, associated with XSQDD PHILIPPINE team, conducted a home page defacement of the Grow Green Campaign website on April 14, 2026. This was an isolated defacement targeting an environmental organizations web presence.
Date: 2026-04-14T07:34:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832944
Screenshots:
None
Threat Actors: PredixorX, XSQDD PHILIPPINE
Victim Country: Unknown
Victim Industry: Environmental/Non-profit
Victim Organization: Grow Green Campaign
Victim Site: growgreencampaign.com
Alleged leak of Ukraine customs database
Category: Data Leak
Content: A threat actor shared a Ukraine customs database from March 2026 containing 930,000 records with detailed customs declaration information including company data, trade details, and financial information.
Date: 2026-04-14T07:18:33Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-UIkraine-customs-03-2026-930k
Screenshots:
None
Threat Actors: Tendi
Victim Country: Ukraine
Victim Industry: Government
Victim Organization: Ukraine Customs Service
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,356 Hotmail email and password combinations on a cybercrime forum. The credentials are described as high quality and appear to be distributed for free.
Date: 2026-04-14T06:59:04Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9A%A1%E2%9A%A1-X1356-HQ-Hotmail-%E2%9A%A1%E2%9A%A1-BY-Steveee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of email credential combos from multiple providers
Category: Combo List
Content: Threat actor distributing free credential combos containing 5 million email:password combinations from Hotmail, Gmail and other providers across multiple countries including France, Germany, Italy, UK, and Israel through Telegram channels.
Date: 2026-04-14T06:57:46Z
Network: openweb
Published URL: https://crackingx.com/threads/72030/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple Email Providers
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing Hotmail email and password credentials on a cybercrime forum. The post appears to offer free download of the credential list without any payment required.
Date: 2026-04-14T06:57:31Z
Network: openweb
Published URL: https://crackingx.com/threads/72031/
Screenshots:
None
Threat Actors: stevee36
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Telmex credentials
Category: Data Leak
Content: Forum user Z3r00 and MagoSpeak leaked a credential dump allegedly from Telmex MX containing 214,418 records with URLs, usernames, and passwords. The actors claim to target the Mexican government and plan to release more Mexican government data.
Date: 2026-04-14T06:56:34Z
Network: openweb
Published URL: https://pwnforums.st/Thread-COLLECTION-CREDENTIAL-DUMP-TELMEX-MX-214-418
Screenshots:
None
Threat Actors: Z3r00
Victim Country: Mexico
Victim Industry: Telecommunications
Victim Organization: Telmex
Victim Site: Unknown
Alleged leak of mixed credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 58,000 mixed email and password combinations through a free download link on a cybercrime forum.
Date: 2026-04-14T06:34:48Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-58K-MIXED-ACCESS
Screenshots:
None
Threat Actors: wingoooW
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: Threat actor COYTO shared a combolist containing 63,000 valid mixed email and password combinations through a free download link on cybercriminal forums.
Date: 2026-04-14T06:34:17Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-63K-VALID-MIX-MAIL
Screenshots:
None
Threat Actors: COYTO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of LogisHotels France loyalty program
Category: Data Breach
Content: Threat actor HexDex claims to be selling personal data of 598,154 LogisHotels loyalty program members covering bookings from 2012 to 2026. The data allegedly includes client identity information, contact details, addresses, loyalty program data, payment transactions, and authentication credentials.
Date: 2026-04-14T06:33:02Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-FR-600K-Logis-H%C3%B4tels-France
Screenshots:
None
Threat Actors: HexDex
Victim Country: France
Victim Industry: Hospitality
Victim Organization: LogisHotels
Victim Site: logishotels.com
Alleged leak of mixed credential combolist
Category: Logs
Content: A threat actor shared a mixed credential combolist containing 20,000 unique email and password combinations on an underground forum.
Date: 2026-04-14T06:23:43Z
Network: openweb
Published URL: https://xforums.st/threads/mix-unique-combo_1_20000.606922/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential combolist containing 20,000 records
Category: Combo List
Content: Forum user UniqueCombo shared a credential combolist containing 20,000 unique email and password combinations on the CrackingX forum.
Date: 2026-04-14T06:13:17Z
Network: openweb
Published URL: https://crackingx.com/threads/72029/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Blackline
Category: Data Breach
Content: Threat actor TheAuditors is allegedly selling 354.4GB of data containing approximately 1,532,718 documents processed by Blackline for their high-profile clients. The documents reportedly include bills, licenses, certificates and other client materials.
Date: 2026-04-14T05:49:04Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-354GB-Blackline-com-Breach-2026
Screenshots:
None
Threat Actors: TheAuditors
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Blackline
Victim Site: blackline.com
Alleged data breach of Xtium involving 485.8TB of client data
Category: Data Breach
Content: Threat actor TheAuditors claims to have breached Xtium (formerly ATSG), a managed service provider, obtaining 485.8TB of data including 480TB of client virtual machine backups from Veeam and 5.8TB of TeamShares data. The actor is selling the data after failed ransom negotiations.
Date: 2026-04-14T05:48:48Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-485-8TB-Xtium-com-Breach-2026
Screenshots:
None
Threat Actors: TheAuditors
Victim Country: Unknown
Victim Industry: Information Technology
Victim Organization: Xtium
Victim Site: Xtium.com
Alleged data breach of Goldapple.ru database
Category: Data Breach
Content: Actor claims to have obtained a database from Goldapple.ru containing 4 million records with personal and shipping information including names, addresses, phone numbers, emails, and order details. The data includes many duplicate addresses and phone numbers.
Date: 2026-04-14T05:48:39Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Goldapple-ru-4-M
Screenshots:
None
Threat Actors: Tendi
Victim Country: Russia
Victim Industry: Retail/E-commerce
Victim Organization: Goldapple
Victim Site: goldapple.ru
Alleged leak of corporate email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 113,101 email and password combinations allegedly from corporate mail accounts with SMTP hits available for free download.
Date: 2026-04-14T05:27:32Z
Network: openweb
Published URL: https://crackingx.com/threads/72028/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of SMK Smart Al-Muhsin school by Irene/XmrAnonye.id team
Category: Defacement
Content: The XmrAnonye.id team, represented by attacker Irene, successfully defaced the website of SMK Smart Al-Muhsin, an Indonesian educational institution. The defacement occurred on April 14, 2026, targeting the schools subdomain.
Date: 2026-04-14T05:17:52Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248500
Screenshots:
None
Threat Actors: Irene, XmrAnonye.id
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: SMK Smart Al-Muhsin
Victim Site: www.indocentris.smksmart-almuhsin.sch.id
Alleged leak of Farmacias del Ahorro credentials
Category: Data Leak
Content: Threat actors Z3r00 and MagoSpeak leaked a credential list containing 18,530 email and password combinations associated with Mexican pharmacy chain Farmacias del Ahorro. The leak includes URLs for system access and was distributed for free via file sharing service.
Date: 2026-04-14T05:00:03Z
Network: openweb
Published URL: https://pwnforums.st/Thread-COLLECTION-FARMACIAS-DEL-AHORRO-MX-18-530
Screenshots:
None
Threat Actors: Z3r00
Victim Country: Mexico
Victim Industry: Healthcare
Victim Organization: Farmacias del Ahorro
Victim Site: Unknown
Alleged compromise of Venezuelan national electric system CORPOELEC
Category: Data Breach
Content: Threat actors claim to have compromised Venezuelas national electric system, gaining SCADA control over critical infrastructure including the Guri Hydroelectric Plant and Yaracuy Substation. The actors allege they have exfiltrated critical operational data including black-start recovery sequences and protection layer logic.
Date: 2026-04-14T04:37:44Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-National-Electric-System-SEN-CORPOELEC-Venezuela-2026
Screenshots:
None
Threat Actors: GordonFreeman
Victim Country: Venezuela
Victim Industry: Energy/Utilities
Victim Organization: CORPOELEC
Victim Site: Unknown
Alleged leak of Hotmail credential combolists
Category: Combo List
Content: Threat actor CODER is distributing Hotmail credential combolists through Telegram channels, offering free access to compromised email credentials and related cracking tools.
Date: 2026-04-14T04:13:20Z
Network: openweb
Published URL: https://crackingx.com/threads/72027/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Mass website defacement by T-XpLoiT targeting Indonesian educational institution
Category: Defacement
Content: Threat actor T-XpLoiT conducted a mass defacement attack against Indonesian educational websites, targeting the student admission portal of MTS Darul Hikmah Islamic school. The attack was part of a broader mass defacement campaign affecting multiple sites simultaneously.
Date: 2026-04-14T04:11:15Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248498
Screenshots:
None
Threat Actors: T-XpLoiT
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTS Darul Hikmah
Victim Site: ppdb.mtsdarulhikmah.sch.id
Mass defacement campaign by T-XpLoiT targeting Indonesian educational institutions
Category: Defacement
Content: Threat actor T-XpLoiT conducted a mass defacement campaign targeting educational websites, compromising the training center portal of MTS Darul Hikmah Islamic School in Indonesia. The attack was part of a broader mass defacement operation rather than a targeted single-site attack.
Date: 2026-04-14T04:11:11Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248499
Screenshots:
None
Threat Actors: T-XpLoiT
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTS Darul Hikmah Islamic School
Victim Site: pusdik.mtsdarulhikmah.sch.id
T-XpLoiT defaced ppdb.mtsdarulhikmah.sch.id
Category: Defacement
Content: Target: https://ppdb.mtsdarulhikmah.sch.id/deface.htmlAttacker: T-XpLoiTDate: 2026-04-14 10:47:45OS: LinuxFlags: Mass Defacement (IP: 103.79.244.217)
Date: 2026-04-14T04:08:49Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248498
Screenshots:
None
Threat Actors: T-XpLoiT
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ppdb.mtsdarulhikmah.sch.id
Website defacement of Nihon Mart by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Nihon Mart e-commerce website on April 14, 2026. The incident targeted a single subdirectory rather than the main homepage.
Date: 2026-04-14T04:02:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832731
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Indonesia
Victim Industry: E-commerce
Victim Organization: Nihon Mart
Victim Site: nihonmart.id
Website defacement of The Lubricant Store by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced a commercial retail website on April 14, 2026. The incident targeted a specific page rather than the main site and was not part of a mass defacement campaign.
Date: 2026-04-14T04:02:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832883
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail/Commerce
Victim Organization: The Lubricant Store
Victim Site: www.thelubricantstore.com
Website defacement of MobileCiti by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Australian mobile phone retailer MobileCitis website on April 14, 2026. The defacement targeted a specific subdirectory of the companys e-commerce platform.
Date: 2026-04-14T04:01:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832767
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Australia
Victim Industry: Technology/Retail
Victim Organization: MobileCiti
Victim Site: www.mobileciti.com.au
Website defacement of tehnoturg.ee by DimasHxR
Category: Defacement
Content: On April 14, 2026, attacker DimasHxR defaced a subdirectory of tehnoturg.ee, an Estonian website. The defacement targeted a specific media directory rather than the main homepage.
Date: 2026-04-14T04:00:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832757
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Estonia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: tehnoturg.ee
Website defacement of York Armoury by DimasHxR
Category: Defacement
Content: Attacker DimasHxR defaced the York Armoury website on April 14, 2026. The attack targeted what appears to be a military surplus or firearms retailer based on the domain name.
Date: 2026-04-14T03:59:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832769
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail/Military Surplus
Victim Organization: York Armoury
Victim Site: yorkarmoury.com
Website defacement of Hindleys by DimasHxR
Category: Defacement
Content: The attacker DimasHxR successfully defaced a specific media page on the Hindleys website on April 14, 2026. This was an isolated defacement incident targeting a single page rather than a mass defacement campaign.
Date: 2026-04-14T03:59:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832712
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Hindleys
Victim Site: hindleys.com
Website defacement of Würth Group by DimasHxR
Category: Defacement
Content: The Spanish website of Würth Group, a multinational manufacturing company specializing in fasteners and assembly materials, was defaced by threat actor DimasHxR on April 14, 2026. The attack targeted a customer address page on the companys Spanish domain.
Date: 2026-04-14T03:58:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832882
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Spain
Victim Industry: Manufacturing
Victim Organization: Würth Group
Victim Site: wurth.es
Mass website defacement by T-XpLoiT targeting Indonesian educational institution
Category: Defacement
Content: Attacker T-XpLoiT conducted a mass defacement operation targeting the blog website of MTs Darul Hikmah, an Indonesian Islamic school. The defacement occurred on April 14, 2026, affecting a Linux-hosted educational website as part of a broader mass defacement campaign.
Date: 2026-04-14T03:57:23Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248495
Screenshots:
None
Threat Actors: T-XpLoiT
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTs Darul Hikmah
Victim Site: blog.mtsdarulhikmah.sch.id
Website defacement of The Varsity Store by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced The Varsity Store website, an Australian retail company. The defacement occurred on April 14, 2026 and was archived on zone-xsec.com mirror.
Date: 2026-04-14T03:56:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832758
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Australia
Victim Industry: Retail
Victim Organization: The Varsity Store
Victim Site: thevarsitystore.com.au
Website defacement of Plumbline by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced the Plumbline company website on April 14, 2026. This was an isolated defacement targeting a New Zealand-based plumbing services company.
Date: 2026-04-14T03:56:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832736
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: New Zealand
Victim Industry: Construction/Plumbing Services
Victim Organization: Plumbline
Victim Site: plumbline.co.nz
Mass defacement targeting Indonesian educational institution by T-XpLoiT
Category: Defacement
Content: Attacker T-XpLoiT conducted a mass defacement campaign targeting an Indonesian Islamic secondary schools infrastructure reporting system. The defacement was part of a broader mass attack rather than a targeted assault on the specific institution.
Date: 2026-04-14T03:55:22Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248497
Screenshots:
None
Threat Actors: T-XpLoiT
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTs Darul Hikmah
Victim Site: laporsarpras.mtsdarulhikmah.sch.id
Website defacement of tiendaempleado.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the tiendaempleado.com retail website on April 14, 2026. The defacement targeted a specific subdirectory rather than the homepage.
Date: 2026-04-14T03:54:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832884
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail/E-commerce
Victim Organization: Tienda Empleado
Victim Site: tiendaempleado.com
Website defacement of sloantika.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR successfully defaced sloantika.com on April 14, 2026. The attack targeted a specific subdirectory rather than the main homepage.
Date: 2026-04-14T03:54:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832744
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Sloantika
Victim Site: sloantika.com
Alleged leak of Iranian IRGC surveillance system and police database
Category: Data Leak
Content: Threat actor claims to have leaked sensitive data from Irans IRGC surveillance apparatus and police database, allegedly containing user account details, social connections, personal information, sentiment analysis, and emotion analysis data. The data is being distributed for free download via file hosting services.
Date: 2026-04-14T03:53:16Z
Network: openweb
Published URL: https://breached.st/threads/iran-irgc-surveillance-system-police-database-leaked-download.85961/unread
Screenshots:
None
Threat Actors: IamNotaFBIWorker
Victim Country: Iran
Victim Industry: Government
Victim Organization: Islamic Revolutionary Guard Corps (IRGC)
Victim Site: Unknown
Website defacement of VON Energy by DimasHxR
Category: Defacement
Content: DimasHxR defaced the VON Energy website on April 14, 2026, targeting the media section of the Indian energy companys domain. The incident was documented as a single defacement rather than part of a mass campaign.
Date: 2026-04-14T03:53:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832880
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: India
Victim Industry: Energy
Victim Organization: VON Energy
Victim Site: vonenergy.in
Website defacement of Mercury Marine dealer portal by DimasHxR
Category: Defacement
Content: Attacker DimasHxR defaced a Mercury Marine dealer labels portal on April 14, 2026. The incident targeted what appears to be a dealer management system for the marine engine manufacturer.
Date: 2026-04-14T03:52:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832843
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Marine/Automotive
Victim Organization: Mercury Marine
Victim Site: mercurymarineb10dealerlabels.c…
Website defacement of Miniland Group by DimasHxR
Category: Defacement
Content: DimasHxR conducted a website defacement attack against minilandgroup.com on April 14, 2026. The attacker operated independently without team affiliation and targeted a media subdirectory of the organizations website.
Date: 2026-04-14T03:51:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832729
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Miniland Group
Victim Site: minilandgroup.com
Website defacement of missy-x.de by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the German website missy-x.de on April 14, 2026. The defacement targeted a specific subdirectory rather than the main homepage.
Date: 2026-04-14T03:50:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832730
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: missy-x.de
Website defacement of Larasa by DimasHxR
Category: Defacement
Content: DimasHxR defaced the larasa.com.ar website on April 14, 2026. The attack targeted a specific directory path on the Argentine website without being part of a mass or re-defacement campaign.
Date: 2026-04-14T03:50:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832716
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Argentina
Victim Industry: Unknown
Victim Organization: Larasa
Victim Site: larasa.com.ar
Mass defacement campaign by T-XpLoiT targeting Indonesian educational institution
Category: Defacement
Content: Threat actor T-XpLoiT conducted a mass defacement campaign targeting the database subdomain of MTS Darul Hikmah, an Indonesian Islamic school. The attack occurred on April 14, 2026, affecting the institutions database server running on Linux infrastructure.
Date: 2026-04-14T03:49:21Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248496
Screenshots:
None
Threat Actors: T-XpLoiT
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MTS Darul Hikmah
Victim Site: database.mtsdarulhikmah.sch.id
Website defacement of nobleplace.lv by DimasHxR
Category: Defacement
Content: Attacker DimasHxR defaced the nobleplace.lv website on April 14, 2026. The defacement targeted a specific media/customer section of the site rather than the homepage.
Date: 2026-04-14T03:48:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832732
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Latvia
Victim Industry: Unknown
Victim Organization: Noble Place
Victim Site: nobleplace.lv
Website defacement of jangrotest1.piranha.digital by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced a subdomain belonging to Piranha Digital on April 14, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-14T03:48:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832832
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Technology/Digital Services
Victim Organization: Piranha Digital
Victim Site: jangrotest1.piranha.digital
Website defacement of BM Emploi by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR defaced the Swiss employment services website bm-emploi.ch on April 14, 2026. The attack targeted a subdirectory of the site rather than the homepage.
Date: 2026-04-14T03:41:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832687
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Switzerland
Victim Industry: Employment Services
Victim Organization: BM Emploi
Victim Site: bm-emploi.ch
Website defacement of Beauty Buffet by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced a media subdirectory of Beauty Buffets Thai e-commerce website on April 14, 2026. The attack targeted a specific page rather than the homepage of the cosmetics retailers online platform.
Date: 2026-04-14T03:41:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832682
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Thailand
Victim Industry: Retail/Cosmetics
Victim Organization: Beauty Buffet
Victim Site: beautybuffet.co.th
Website defacement of 1mg Store by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the 1mg Store website, targeting the Indian online pharmacy platforms media directory on April 14, 2026.
Date: 2026-04-14T03:40:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832667
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: India
Victim Industry: Healthcare/Pharmaceuticals
Victim Organization: 1mg
Victim Site: 1mgstore.com
Website defacement of bricolaj-mag.ro by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR successfully defaced the Romanian magazine website bricolaj-mag.ro on April 14, 2026. The attack targeted a specific subdirectory of the media publications website rather than the main homepage.
Date: 2026-04-14T03:39:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832689
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Romania
Victim Industry: Media/Publishing
Victim Organization: Bricolaj Magazine
Victim Site: bricolaj-mag.ro
Website defacement of bhcinefoto.com.br by DimasHxR
Category: Defacement
Content: Brazilian photography/media services website bhcinefoto.com.br was defaced by attacker DimasHxR on April 14, 2026. The defacement targeted a specific subdirectory rather than the main homepage.
Date: 2026-04-14T03:38:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832683
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Photography/Media Services
Victim Organization: BH Cine Foto
Victim Site: bhcinefoto.com.br
Website defacement of duka254.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Kenyan e-commerce website duka254.com on April 14, 2026. The defacement targeted a specific page within the customer media directory rather than the homepage.
Date: 2026-04-14T03:38:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832704
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Kenya
Victim Industry: E-commerce
Victim Organization: Duka254
Victim Site: duka254.com
Website defacement of codestore.ua by DimasHxR
Category: Defacement
Content: Ukrainian software/technology website codestore.ua was defaced by threat actor DimasHxR on April 14, 2026. The attack targeted a specific media/customer directory rather than the main homepage.
Date: 2026-04-14T03:37:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832693
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Ukraine
Victim Industry: Technology/Software
Victim Organization: CodeStore
Victim Site: codestore.ua
Website defacement of Drogaria Cristal by DimasHxR
Category: Defacement
Content: Brazilian pharmacy website Drogaria Cristal was defaced by attacker DimasHxR on April 14, 2026. The defacement targeted a specific media directory rather than the main homepage.
Date: 2026-04-14T03:36:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832702
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Healthcare/Pharmacy
Victim Organization: Drogaria Cristal
Victim Site: drogariacristal.com
Website defacement of Blueprint3D by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Blueprint3D website on April 14, 2026. The incident targeted a specific page rather than the main homepage and was not part of a mass defacement campaign.
Date: 2026-04-14T03:35:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832685
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Design/Architecture
Victim Organization: Blueprint3D
Victim Site: blueprint3d.co.uk
Website defacement of bagger-monkey.de by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the German website bagger-monkey.de on April 14, 2026. The incident was a targeted single-site defacement with no apparent team affiliation.
Date: 2026-04-14T03:34:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832680
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: bagger-monkey.de
Website defacement of diustou.com by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced a specific page on diustou.com on April 14, 2026. This appears to be a single-target defacement affecting the customer add functionality of the website.
Date: 2026-04-14T03:34:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832701
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: diustou.com
Website defacement of constructii-mag.ro by DimasHxR
Category: Defacement
Content: DimasHxR successfully defaced the Romanian construction magazine website constructii-mag.ro on April 14, 2026. The attack targeted the media directory of the construction industry publications website.
Date: 2026-04-14T03:33:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832694
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Romania
Victim Industry: Construction/Publishing
Victim Organization: Constructii Magazine
Victim Site: constructii-mag.ro
Website defacement of Continental Art Center by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR defaced the Continental Art Center website on April 14, 2026. This was an isolated single-site defacement targeting the organizations web presence.
Date: 2026-04-14T03:32:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832695
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Arts and Culture
Victim Organization: Continental Art Center
Victim Site: continentalartcenter.com
Website defacement of All Fasteners by DimasHxR
Category: Defacement
Content: DimasHxR defaced the All Fasteners website on April 14, 2026. The attack targeted a specific media directory path rather than the main homepage of the Australian industrial fasteners supplier.
Date: 2026-04-14T03:31:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832673
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Australia
Victim Industry: Manufacturing/Industrial Supplies
Victim Organization: All Fasteners
Victim Site: allfasteners.com.au
Website defacement of buyldnonline.com by DimasHxR
Category: Defacement
Content: Solo attacker DimasHxR successfully defaced the buyldnonline.com website on April 14, 2026. The incident was a single-target defacement rather than part of a mass campaign.
Date: 2026-04-14T03:30:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832690
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: buyldnonline.com
Website defacement of aweda.com.br by DimasHxR
Category: Defacement
Content: Brazilian website aweda.com.br was defaced by attacker DimasHxR on April 14, 2026. The defacement targeted a specific subdirectory rather than the main homepage.
Date: 2026-04-14T03:30:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832677
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Aweda
Victim Site: aweda.com.br
Alleged leak of Gmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 724,368 Gmail credentials via file sharing platform. The credential list specifically targets Gmail domain accounts.
Date: 2026-04-14T03:26:11Z
Network: openweb
Published URL: https://crackingx.com/threads/72024/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged leak of phone number and password credentials
Category: Combo List
Content: A threat actor shared what appears to be a credential list containing phone numbers paired with passwords, claiming the data is high quality and private.
Date: 2026-04-14T03:25:52Z
Network: openweb
Published URL: https://crackingx.com/threads/72025/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of mechanicallugs.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the mechanicallugs.com website on April 14, 2026. The attack targeted a specific page rather than the homepage and was not part of a mass defacement campaign.
Date: 2026-04-14T03:23:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832623
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Manufacturing
Victim Organization: Mechanical Lugs
Victim Site: mechanicallugs.com
Website defacement of ziajashop.uz by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR successfully defaced the Uzbekistani e-commerce website ziajashop.uz on April 14, 2026. The attack targeted a specific media directory rather than the main homepage.
Date: 2026-04-14T03:23:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832666
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Uzbekistan
Victim Industry: E-commerce
Victim Organization: ZiajaShop
Victim Site: ziajashop.uz
Website defacement of qmanual.com by DimasHxR
Category: Defacement
Content: The website qmanual.com was defaced by threat actor DimasHxR on April 14, 2026. The attack specifically targeted the customer_add page within the media directory of the site.
Date: 2026-04-14T03:22:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832631
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: qmanual.com
Website defacement of tarnava.ro by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced a subdirectory of tarnava.ro on April 14, 2026. The defacement targeted a specific media/customer address page rather than the main homepage.
Date: 2026-04-14T03:21:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832656
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Romania
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: tarnava.ro
Website defacement of erliner.eu by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR successfully defaced the erliner.eu website on April 14, 2026. The attack targeted a specific subdirectory within the sites customer media section.
Date: 2026-04-14T03:20:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832592
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: erliner.eu
Website defacement of Essential Oil Bulk by DimasHxR
Category: Defacement
Content: The attacker DimasHxR successfully defaced the essentialoilbulk.com website on April 14, 2026. This was an individual defacement incident targeting a retail e-commerce site specializing in essential oil products.
Date: 2026-04-14T03:20:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832593
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail/E-commerce
Victim Organization: Essential Oil Bulk
Victim Site: essentialoilbulk.com
Website defacement of SRS Tactical by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the SRS Tactical website on April 14, 2026, targeting a tactical equipment companys media customer section.
Date: 2026-04-14T03:19:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832647
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Defense/Military Equipment
Victim Organization: SRS Tactical
Victim Site: srstactical.com
Website defacement of martinomidali.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR successfully defaced martinomidali.com on April 14, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-14T03:18:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832617
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: martinomidali.com
Website defacement of her-him.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the her-him.com website on April 14, 2026. The defacement targeted a specific page within the media/customer section of the site.
Date: 2026-04-14T03:18:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832600
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: her-him.com
Website defacement of lukeyu.cc by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR conducted a website defacement attack against lukeyu.cc on April 14, 2026. The attack targeted a customer address page within the media directory of the website.
Date: 2026-04-14T03:17:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832607
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: lukeyu.cc
Website defacement of gripzakjes.net by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced the gripzakjes.net website on April 14, 2026. This appears to be an isolated defacement incident targeting a Dutch e-commerce site specializing in grip bags or packaging materials.
Date: 2026-04-14T03:16:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832597
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Netherlands
Victim Industry: E-commerce
Victim Organization: Gripzakjes
Victim Site: gripzakjes.net
Website defacement of Phillip McCallene Bikes by DimasHxR
Category: Defacement
Content: DimasHxR successfully defaced a subdirectory of the Phillip McCallene Bikes website on April 14, 2026. The attack targeted a specific path rather than the main homepage of the bicycle retailers website.
Date: 2026-04-14T03:15:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832627
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail/Bicycle Sales
Victim Organization: Phillip McCallene Bikes
Victim Site: phillipmccallenebikes.com
Website defacement of Medideal by DimasHxR
Category: Defacement
Content: DimasHxR defaced the Medideal healthcare website on April 14, 2026. The attack targeted a subdirectory of the UK-based medical services companys website.
Date: 2026-04-14T03:15:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832624
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Healthcare
Victim Organization: Medideal
Victim Site: medideal.co.uk
Website defacement of justynachrabelska.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR successfully defaced justynachrabelska.com on April 14, 2026. The incident appears to be a targeted single-site defacement with no apparent political motivation disclosed.
Date: 2026-04-14T03:14:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832604
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: justynachrabelska.com
Website defacement of CortEvents by DimasHxR
Category: Defacement
Content: DimasHxR defaced the CortEvents website on April 14, 2026. This was an individual attack rather than part of a mass defacement campaign.
Date: 2026-04-14T03:13:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832665
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Events/Entertainment
Victim Organization: CortEvents
Victim Site: www.cortevents.com
Website defacement of vlaggenactie.nl by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the vlaggenactie.nl website on April 14, 2026. The attack targeted a specific subdirectory rather than the homepage and was not part of a mass defacement campaign.
Date: 2026-04-14T03:13:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832661
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Netherlands
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: vlaggenactie.nl
Website defacement of gtmotoparts.shop by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the GT Moto Parts e-commerce website on April 14, 2026. The defacement targeted a specific subdirectory rather than the main homepage of the automotive parts retailer.
Date: 2026-04-14T03:12:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832598
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Automotive/E-commerce
Victim Organization: GT Moto Parts
Victim Site: gtmotoparts.shop
Website defacement of Knitters Pride by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Knitters Pride website on April 14, 2026. The defacement targeted a specific media/custom subdirectory rather than the main homepage.
Date: 2026-04-14T03:11:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832605
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail/Manufacturing
Victim Organization: Knitters Pride
Victim Site: knitterspride.com
Website defacement of craftwoodle.eu by DimasHxR
Category: Defacement
Content: The attacker DimasHxR successfully defaced the craftwoodle.eu website on April 14, 2026, targeting a specific customer media directory path.
Date: 2026-04-14T03:10:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832587
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Craftwoodle
Victim Site: craftwoodle.eu
Website defacement of Halsteds by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced a customer media section of the Halsteds website on April 14, 2026. This was an individual defacement incident targeting the Zimbabwean organizations web presence.
Date: 2026-04-14T03:10:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832599
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Zimbabwe
Victim Industry: Unknown
Victim Organization: Halsteds
Victim Site: halsteds.co.zw
Website defacement of terrederandonnee.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the French hiking/outdoor recreation website terrederandonnee.com on April 14, 2026. The incident targeted a specific media directory rather than the homepage.
Date: 2026-04-14T03:09:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832657
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: France
Victim Industry: Tourism/Recreation
Victim Organization: Terre de Randonnee
Victim Site: terrederandonnee.com
Website defacement of willjaya.net by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced willjaya.net on April 14, 2026. This was an isolated defacement incident targeting a single website without apparent team affiliation.
Date: 2026-04-14T03:08:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832663
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: willjaya.net
Alleged distribution of credential combolist targeting USA and Europe
Category: Combo List
Content: Threat actor gsmfix is allegedly distributing a credential combolist containing email:password combinations targeting users from USA and Europe regions. The post advertises the list as exclusive and hits mix suggesting the credentials may be verified or high-quality.
Date: 2026-04-14T03:03:36Z
Network: openweb
Published URL: https://crackingx.com/threads/72021/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of 7 million credential combolist for SMTP targeting
Category: Combo List
Content: Threat actor CODER is distributing a 7 million credential combolist specifically targeted for SMTP usage through Telegram channels. The actor operates multiple Telegram groups offering free combos and programs for credential stuffing attacks.
Date: 2026-04-14T03:03:10Z
Network: openweb
Published URL: https://crackingx.com/threads/72022/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of European and US credential combolists
Category: Combo List
Content: Threat actor claiming to distribute high quality credential combolists targeting users from Europe and USA regions. The post emphasizes full validity of the credential data being shared.
Date: 2026-04-14T03:02:46Z
Network: openweb
Published URL: https://crackingx.com/threads/72023/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 690 allegedly valid Hotmail email and password combinations on a cybercrime forum. The credentials are described as high quality and privately sourced.
Date: 2026-04-14T02:38:47Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X690-Valid-UHQ-Hotmail-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Actor RedCloud shared a combolist containing 3.7K Hotmail email credentials claimed to be valid and private, distributed for free download on cybercrime forum.
Date: 2026-04-14T02:38:11Z
Network: openweb
Published URL: https://demonforums.net/Thread-3-7K-%E2%9A%A1Hotmail%E2%9A%A1Valid-Mail-Access-14-04
Screenshots:
None
Threat Actors: RedCloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor noir allegedly shared valid Hotmail credential lists on underground forum. The actor claims the credentials are high quality and valid, distributed through private cloud storage and Telegram contact.
Date: 2026-04-14T02:37:02Z
Network: openweb
Published URL: https://crackingx.com/threads/72017/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor redcloud shared a combolist containing 3.7K Hotmail email credentials via MediaFire download link. The actor claims the credentials are valid and high quality, dated April 14, 2026.
Date: 2026-04-14T02:36:43Z
Network: openweb
Published URL: https://crackingx.com/threads/72019/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of private logs data
Category: Data Leak
Content: Actor shared a 500MB collection of private logs via file sharing service with password protection for free download.
Date: 2026-04-14T01:32:13Z
Network: openweb
Published URL: https://demonforums.net/Thread-500mb-prv-logs
Screenshots:
None
Threat Actors: niven938644
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of private logs (~500MB)
Category: Combo List
Content: Actor maicolpg19 shared a link to approximately 500MB of private logs via file sharing service, with password distributed through Telegram channel.
Date: 2026-04-14T01:31:37Z
Network: openweb
Published URL: https://crackingx.com/threads/72016/
Screenshots:
None
Threat Actors: maicolpg19
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist targeting cryptocurrency users
Category: Combo List
Content: A threat actor shared a combolist containing approximately 1.8 million Hotmail credentials specifically targeting cryptocurrency users. The data was made available as a free download via a file sharing platform.
Date: 2026-04-14T01:08:54Z
Network: openweb
Published URL: https://crackingx.com/threads/72015/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of a3h.com.br by Aptisme (Leviathan Perfect Hunter team)
Category: Defacement
Content: The website a3h.com.br was defaced by attacker Aptisme, associated with the Leviathan Perfect Hunter team, on April 14, 2026. This was a targeted single-site defacement rather than a mass attack.
Date: 2026-04-14T00:49:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832570
Screenshots:
None
Threat Actors: Aptisme, Leviathan Perfect Hunter
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: a3h.com.br
Alleged leak of Facebook and Instagram credentials
Category: Combo List
Content: A threat actor shared what appears to be a combolist containing Facebook and Instagram email and password combinations with access logs dated April 13, 2026. The content is hidden and available only to registered forum users.
Date: 2026-04-14T00:45:05Z
Network: openweb
Published URL: https://crackingx.com/threads/72014/
Screenshots:
None
Threat Actors: Kinglukeman
Victim Country: Unknown
Victim Industry: Social Media
Victim Organization: Facebook/Instagram
Victim Site: facebook.com
Alleged leak of credentials via private cloud logs
Category: Combo List
Content: Threat actor vultapower is distributing a fresh credential dump in URL:LOG:PASS format, allegedly obtained from private cloud logs via their Telegram channel vultanetworks.
Date: 2026-04-14T00:21:19Z
Network: openweb
Published URL: https://crackingx.com/threads/72012/
Screenshots:
None
Threat Actors: vultapower
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential combolist containing 9 million email:password combinations
Category: Combo List
Content: A threat actor is distributing a credential combolist containing 9 million email and password combinations from various countries including USA, Italy, France, Germany, and Poland through Telegram channels.
Date: 2026-04-14T00:20:47Z
Network: openweb
Published URL: https://crackingx.com/threads/72013/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Planned Cyber Attack Against South Carolina Attorney General by ShinyHunters
Category: Cyber Attack
Content: Threat actor ShinyHunters posted a threat indicating they plan to target the South Carolina Attorney Generals official website (scag.gov) following their alleged attack on Rockstar, citing corruption in North Carolina as justification. The post includes a direct link to the target domain.
Date: 2026-04-14T00:14:53Z
Network: telegram
Published URL: https://t.me/c/3737716184/1161
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Government
Victim Organization: South Carolina Attorney General
Victim Site: scag.gov
Alleged defacement of multiple Israeli websites by Cyber Islamic Resistance
Category: Defacement
Content: The Cyber Islamic Resistance group claims to have defaced four Israeli websites in support of Lebanese resistance. Targeted sites include a leadership training center (tao-center.co.il), a construction/renovation company (reuvenyoffe.co.il), an industrial refrigeration/climate control company (drycor.co.il), and a fourth site (vilatoptouch.co.il). A Zone-H mirror proof is provided (ID: 41689266).
Date: 2026-04-14T00:05:12Z
Network: telegram
Published URL: https://t.me/c/1651470668/1878
Screenshots:
None
Threat Actors: Cyber Islamic Resistance
Victim Country: Israel
Victim Industry: Multiple (Training/Consulting, Construction, Industrial/HVAC, Unknown)
Victim Organization: Multiple Israeli organizations (TAO Center, Reuven Yoffe Construction, Drycor, Vila Top Touch)
Victim Site: tao-center.co.il, reuvenyoffe.co.il, drycor.co.il, vilatoptouch.co.il