[April-2-2026] Daily Cybersecurity Threat Report

Chapter 1: Executive Summary

This report provides a comprehensive, in-depth analysis of a massive wave of cybersecurity incidents observed and documented between April 1 and April 3, 2026. Based on the drafted threat intelligence data encompassing 685 distinct cyber events, this document categorizes, analyzes, and contextualizes the tactics, techniques, and procedures (TTPs) of various threat actors operating across the global digital landscape.

The reporting period witnessed an unprecedented convergence of state-sponsored espionage, high-stakes financially motivated extortion, destructive hacktivism, and opportunistic credential harvesting. Key highlights from the analyzed data include:

• High-Profile Extortion and Source Code Theft: The notorious threat group ShinyHunters claimed a massive breach involving Salesforce and Cisco, exfiltrating over 3 million personally identifiable information (PII) records and highly sensitive AI source code, demonstrating the growing risk to enterprise technology supply chains.
• State-Sponsored Cyber Espionage: An Iranian Advanced Persistent Threat (APT) group claimed responsibility for infiltrating Lockheed Martin, allegedly exfiltrating 375 terabytes of highly classified defense and aerospace data, marking a severe potential compromise of global military intelligence.
• Destructive Hacktivism: The pro-Palestinian threat group Handala Hack executed a widespread data-wiping campaign targeting Israeli organizations, permanently deleting 22 terabytes of data across multiple sectors in a coordinated operation dubbed #OpIsrael.
• Mass Defacement Campaigns: Several synchronized defacement teams, most notably chinafans (0xteam), xNight (JBR team), L4663R666H05T (Umbra Community), and Rici144 (Ratman), compromised hundreds of global websites, highlighting systemic vulnerabilities in web hosting and content management systems.
• Underground Credential Economy: Billions of compromised credentials and PII records were circulated on dark web forums and Telegram channels, including a massive 14.5 billion order database from PinDuoDuo and a 840-million record “Mega Credential Compilation 2025”.

Chapter 2: Introduction and Methodology

The digital threat landscape is evolving at a breakneck pace, with threat actors utilizing increasingly sophisticated methods to bypass enterprise security perimeters. The data analyzed in this report reflects a snapshot of this volatile environment, captured through monitoring of open web platforms, dark web forums (e.g., BreachForums, Exploit.in, DarkForums), and illicit Telegram channels.

The primary objective of this report is to provide security stakeholders, network defenders, and threat intelligence analysts with actionable insights derived from raw incident data. The events span a wide array of categories, including Data Breaches, Website Defacements, Distributed Denial of Service (DDoS) attacks, Initial Access brokering, and Malware distribution. By dissecting these incidents, we can profile the threat actors, understand their motivations (financial, ideological, or geopolitical), and formulate robust mitigation strategies.

Chapter 3: The Threat Actor Ecosystem

The incidents documented in April 2026 reveal a diverse ecosystem of threat actors, each with distinct operational methodologies and objectives.

1. ShinyHunters (Financially Motivated / Extortion) ShinyHunters remains one of the most prominent and aggressive data extortion groups. During this period, they engaged in a highly publicized campaign against Cisco and Salesforce. Their tactics involved not only data exfiltration but psychological pressure, publicly taunting specific security personnel (e.g., Jinzhao Feng) and repeatedly teasing the release of the data on Telegram before listing it on BreachForums. The group also demonstrated their chaotic nature by allegedly leaking the user database of BreachForums itself upon their departure from the platform, turning on their own cybercriminal community.

2. APT IRAN (State-Sponsored Espionage) Operating primarily through Telegram channel announcements, this Iranian Advanced Persistent Threat group claimed a historic infiltration of Lockheed Martin. State-sponsored actors prioritize the theft of intellectual property, military secrets, and strategic intelligence over financial gain. By explicitly denying assistance from Russia or China, the group sought to project independent cyber-warfare superiority on the global stage.

3. Handala Hack and Anonymous For Justice (Ideological Hacktivism) Motivated by the geopolitical conflict in the Middle East, Handala Hack and Anonymous For Justice engaged in purely destructive operations against Israeli infrastructure. Unlike ransomware operators who encrypt data for financial leverage, these groups deployed wiper malware to permanently delete infrastructure, deleting 22 TB of data from companies like Yarok Microbio, Polipach, and To-Mix.

4. Defacement Collectives (0xteam, JBR, Umbra Community, Ratman, NUCLIER-Y-C-C-M)

These groups prioritize notoriety, operational volume, and demonstrating the insecurity of the internet.

• chinafans (0xteam): Executed a highly automated campaign placing “0x.txt” files on dozens of global targets, ranging from Colombian urban planners to UK emissions claims sites.
• xNight (JBR team): Displayed a laser focus on the online gaming and casino industry, systematically defacing UK, Japanese, and Australian gambling sites (e.g., Rizk Casino, Zoome Casino), potentially indicating competitor sabotage or targeted extortion.
• L4663R666H05T (Umbra Community): Targeted European retail, fashion, and industrial organizations, frequently compromising media and customer address subdirectories.

Chapter 4: Major Data Breaches and Extortion Campaigns

Data breaches remain the most severe threat to corporate reputation and financial stability. The scale of data exfiltrated in early April 2026 is staggering.

The Cisco and Salesforce Compromise ShinyHunters executed a sophisticated supply-chain or interconnected-cloud attack, compromising Salesforce instances to steal over 3 million PII records while simultaneously breaching Cisco’s proprietary repositories. The theft of Cisco’s AI source code—including AI Assistants, AI Defense, AI Canvas, and AI Cisco Cloud Control—represents a critical intellectual property loss. The threat actors actively monitored Cisco’s internal security case updates in real-time, demonstrating deep persistence within the network. The asking price for the data fluctuated violently, dropping from $2M to $660,000, and finally to $200,000, suggesting a desperate attempt to monetize the theft quickly or a failure in private ransom negotiations.

The Lockheed Martin Exfiltration The claim by “APT IRAN” of stealing 375 terabytes of data from Lockheed Martin is, if fully verified, one of the most catastrophic defense breaches in history. The threat actor claimed to have bypassed multi-layered, highly secure perimeters without triggering anomalous alerts, suggesting the use of advanced zero-day vulnerabilities or high-level insider compromise. While the actor noted the absence of B-2 bomber or “UFO” documents, the theft of fighter jet telemetry and design data drastically alters the balance of military aerospace engineering.

Mega-Breaches in the APAC Region The Asian e-commerce and government sectors suffered catastrophic data losses. A threat actor offered 14.5 billion shopping orders from PinDuoDuo (690 million unique individuals) for a mere $10,000. Simultaneously, 8.15 billion records from Taobao were listed. In the public sector, the Zhejiang Education Department suffered a breach of 11 million records containing Chinese National IDs, parent names, and residential addresses, sold for $2,160 by actor SolonixBF. These breaches effectively strip anonymity from hundreds of millions of citizens, facilitating future social engineering and identity theft on a national scale.

Insider Trading and Financial Compliance Exposures Threat actor FulcrumSec leaked 165GB of data from MyComplianceOffice (MCO), a U.S.-based compliance software provider. This breach is uniquely devastating because it exposed Bloomberg/Reuters chat logs, Skype messages, SMS data, and insider trading/sanctions violation records. The exposure of production credentials (MongoDB, Kafka, PKI) and machine learning models indicates a total architectural compromise.

Chapter 5: Destructive Hacktivism and Wiper Attacks

The weaponization of cyber capabilities for geopolitical warfare was highly active in April 2026.

The Israel-Palestine Cyber Front Under the banner of #OpIsrael and #FreePalestine, Handala Hack engaged in a scorched-earth campaign against the Israeli private sector. The group successfully wiped 22 TB of data from 14+ companies. Victims spanned biotechnology (Yarok Microbio), manufacturing (Polipach, Opal Plastic), architecture (Toledano Architects), and retail (Fuse Stereo). Furthermore, the group “We are Cardinal” claimed to have compromised an Israeli missile defense command-and-control system, exfiltrating 1.27 GB of missile trajectory and intercept data. If true, this represents a severe kinetic threat originating from a cyber intrusion.

The Russo-Ukrainian Cyber Front (#OpUkraine & #OpDenmark) Pro-Russian hacktivist group NoName057(16) leveraged Distributed Denial of Service (DDoS) attacks as a tool of economic and infrastructural disruption. They targeted Ukrainian aviation, metallurgy (Dneprospetsstal), and IT support. Furthermore, under #OpDenmark, the group attacked Danish renewable energy and electrical installation companies (e.g., Brabrand EL, VS Automatic), punishing Denmark for its geopolitical alignments.

Chapter 6: The Epidemic of Mass Defacements

Website defacement, while often considered a low-level nuisance compared to data breaches, serves as a loud indicator of systemic vulnerabilities. The data shows hundreds of defacements occurring in a 48-hour window.

• Vulnerability Exploitation: The vast majority of these defacements targeted specific subdirectories (e.g., /media/customer/, /wow.txt, /0x.txt) rather than root homepages. This highly specific targeting suggests the attackers utilized automated exploitation scripts targeting a specific, unpatched vulnerability in a widespread Content Management System (CMS) or an e-commerce plugin (e.g., Magento, WordPress, or PrestaShop).
• Industry Agnosticism: The defacements were largely indiscriminate. Targets included Nepalese legal groups (Kaicho Group) , German wine retailers (Wein Wolff) , Philippine promo stores , and Indian construction firms (SPM BuildCon).
• The Casino Targeting Anomaly: The JBR team (actor xNight) deviated from the indiscriminate model, deliberately hunting online casinos (Roobet Casino Japan, Katana Casino UK, Yukon Gold Casino UK). The online gambling industry is highly lucrative; this targeted defacement campaign could be a precursor to DDoS extortion or an attempt to redirect affiliate traffic.

Chapter 7: Credential Harvesting, Initial Access, and the Underground Economy

The cybercriminal underground relies heavily on the free flow of compromised credentials and initial access vectors.

The Combolist Market April 2026 saw the distribution of billions of credential pairs. The “Mega Credential Compilation 2025,” a 45GB archive, provided 840 million email-password combinations sourced from over 5,000 breaches and stealer logs. Threat actor ‘CODER’ was particularly prolific, flooding Telegram channels with lists of 11M, 13M, 15M, and 16M credentials, specifically categorized by industry (hospitality, gaming, automotive, education) to facilitate highly targeted credential stuffing attacks.

Initial Access Brokers (IABs) Actors like @Dataxlogs advertised mail access, VPN configs, and stealer logs spanning France, the UK, the US, and Japan. Actor ‘Mater’ sold unauthorized administrator access to active U.S.-based X-Cart e-commerce stores, directly enabling downstream actors to intercept payment processing data (Magecart attacks).

Malware-as-a-Service and Botnets

• CrystalRAT: Emerging as a new Malware-as-a-Service, CrystalRAT features remote access, ChaCha20 encryption, keylogging, and data theft specifically targeting Discord, Telegram, and Steam, alongside “digital prank” features used to harass victims.
• Pegasus-Like Spyware: A highly concerning listing offered a “zero-click RAT” for iOS and Android for $30,000. Operating without APK/IPA installation via zero-day exploits, it allegedly provides full device control, live camera access, and banking module interception, democratizing military-grade spyware for financially motivated actors.
• Herios Botnet 2026: Advertised as a DDoS-for-hire service boasting 1T-2.5T raw capacity with custom Cloudflare bypass methods, illustrating the easy accessibility of devastating network disruption tools for merely $150/month.

Chapter 8: Sector-by-Sector Impact Analysis

1. Technology and Telecommunications Technology companies are prime targets due to the cascading effect of their compromise. Cisco’s AI source code theft endangers its entire customer base. Similarly, telecom providers like O2 Czech Republic (482k records), Magyar Telekom Nyrt (427k records), and Eolo in Italy (587k records) suffered massive customer data leaks, exposing highly sensitive communication infrastructure and user locations.

2. Government and Defense Beyond Lockheed Martin, government entities globally were compromised. The Government of Amapá State (Brazil) , the Tanzania Police Force (MD5 password hashes of police personnel) , and various local administrations like the Town of Pepperell (communications disruption) and Jamalpur Upazila Administration in Bangladesh (National IDs) highlight the severe underfunding and vulnerability of civic IT infrastructure.

3. Healthcare and Pharmaceuticals Healthcare data commands a high premium due to its immutable nature (medical histories cannot be changed like passwords). SberHealth in Russia suffered a breach of 582,000 records containing sensitive medical data and PII. BIOMED BV in the Netherlands leaked patient records and order histories.

4. Retail and E-Commerce Retailers possess vast databases of payment information and consumer behavior. Fatales Boutiques (Tunisia) , Takealot Online (South Africa, 587k records) , and Conrad Electronic (Germany, 437k records) experienced significant breaches. The presence of carding shops like “AllCards” (producing 100k+ stolen cards daily) and “PepeCard” underscores the financial pipeline fed by these e-commerce compromises.

5. Education Educational institutions hold vast amounts of data on minors and young adults. Breaches at Ain Shams University (563k records) , SMAN 1 Ciamis (Indonesia) , and Entab (India, 763k records) exposed student names, addresses, ID numbers, and academic records, leaving students vulnerable to identity theft early in their lives. Additionally, North Attleborough Public Schools suffered a suspected cyberattack resulting in a district-wide internet outage, disrupting classes.

Chapter 9: Geopolitical and Strategic Implications

The incidents detailed in this dataset emphasize the obliteration of the boundary between cybercrime and cyber warfare. The involvement of APT IRAN against U.S. defense contractors , combined with the targeting of Israeli infrastructure by hacktivists, demonstrates that cyber operations are now the primary vanguard of international conflict. Furthermore, the massive exposure of Chinese citizen data (PinDuoDuo, Taobao, Zhejiang Education) reveals that even heavily monitored internet ecosystems are highly susceptible to catastrophic insider threats or database misconfigurations.

The democratization of zero-day exploits (e.g., the $30k iOS/Android zero-click RAT) means that non-state actors now possess capabilities previously reserved for intelligence agencies. This dramatically lowers the barrier to entry for highly sophisticated espionage and financial theft.

Chapter 10: Comprehensive Mitigation and Remediation Strategies

Given the extreme volume and variety of attacks observed, organizations must adopt a hardened, multi-layered security posture:

1. Identity and Access Management (IAM): The sheer volume of credential combolists (over 1 billion credentials circulated in two days) renders password-only authentication obsolete. Organizations must enforce Phishing-Resistant Multi-Factor Authentication (MFA) across all external and internal access points. SMS-based OTPs are insufficient, as evidenced by services like RatelSMS designed explicitly to bypass them.

2. Supply Chain and Source Code Security: The ShinyHunters breach of Cisco highlights the danger of exposed public repositories. Organizations must implement strict Secrets Scanning in CI/CD pipelines to prevent API keys and credentials from being hardcoded into GitHub or AWS storage.

3. Web Application and CMS Hardening: The mass defacements executed by 0xteam and Umbra Community were likely automated. Organizations must employ robust Web Application Firewalls (WAF), strictly limit file upload capabilities, and aggressively patch CMS plugins. Directories like /media/ should not have execution permissions.

4. Defense Against Wiper Malware: To defend against destructive operations like Handala Hack’s 22TB wipe, organizations must implement immutable, offline backups. Network segmentation is critical; an intrusion in the corporate IT network must not be allowed to laterally move into operational technology (OT) or core database clusters without severe friction.

5. DDoS Mitigation: With services like Herios Botnet offering terabit-level capacity , reliant organizations (like the targeted Danish energy sector) must leverage distributed, cloud-based DDoS scrubbing services and ensure infrastructure redundancy.

Chapter 11: Conclusion

The cyber threat landscape documented in early April 2026 is characterized by extreme volatility, unprecedented scale, and aggressive tactics. From ShinyHunters’ extortion of tech giants and APT IRAN’s alleged theft of defense secrets to the destructive geopolitical wiping campaigns in the Middle East and the indiscriminate mass defacements of global infrastructure, the data paints a picture of an asymmetric battlefield.

Threat actors are successfully blending automated exploitation (for defacements and credential stuffing) with highly sophisticated, targeted intrusion techniques. The proliferation of underground initial access markets, Malware-as-a-Service, and multi-million record combolists guarantees that attacks will continue to scale. To survive in this environment, global organizations must shift from reactive perimeter defense to proactive threat hunting, zero-trust architecture, and resilient continuity planning. The incidents of April 2026 serve as a stark warning: the cost of inadequate cybersecurity is no longer just financial—it is existential.

Detected Incidents Draft Data

1. Alleged Upcoming Cisco Data Breach Announcement by ShinyHunters
   Category: Data Breach
   Content: The threat actor group ShinyHunters is announcing an imminent release related to Cisco, repeatedly emphasizing COMING suggesting an impending data leak or breach disclosure targeting Cisco systems or data.
   Date: 2026-04-02T23:59:23Z
   Network: telegram
   Published URL: https://t.me/c/3737716184/638
   Screenshots:
   None
   Threat Actors: ShinyHunters
   Victim Country: United States
   Victim Industry: Technology / Networking
   Victim Organization: Cisco
   Victim Site: cisco.com
2. Website defacement of atithyahms.com by NUCLIER-Y-C-C-M
   Category: Defacement
   Content: The threat actor NUCLIER-Y-C-C-M successfully defaced atithyahms.com on April 3, 2026. The defacement targeted a specific file (wow.txt) rather than the main homepage.
   Date: 2026-04-02T23:57:52Z
   Network: openweb
   Published URL: https://zone-xsec.com/mirror/id/827522
   Screenshots:
   None
   Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
   Victim Country: Unknown
   Victim Industry: Unknown
   Victim Organization: Unknown
   Victim Site: atithyahms.com
3. Website defacement of flair90s.com by NUCLIER-Y-C-C-M
   Category: Defacement
   Content: The threat actor NUCLIER-Y-C-C-M successfully defaced the flair90s.com website on April 3, 2026. The attack targeted a specific file path (wow.txt) rather than the main homepage.
   Date: 2026-04-02T23:57:20Z
   Network: openweb
   Published URL: https://zone-xsec.com/mirror/id/827523
   Screenshots:
   None
   Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
   Victim Country: Unknown
   Victim Industry: Unknown
   Victim Organization: Unknown
   Victim Site: flair90s.com
4. Website defacement of Fusion Bar Inc by NUCLIER-Y-C-C-M
   Category: Defacement
   Content: NUCLIER-Y-C-C-M defaced fusionbarinc.com on April 3, 2026, targeting a legal services organization. The attack affected a specific file (wow.txt) rather than the main homepage.
   Date: 2026-04-02T23:56:47Z
   Network: openweb
   Published URL: https://zone-xsec.com/mirror/id/827524
   Screenshots:
   None
   Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
   Victim Country: Unknown
   Victim Industry: Legal Services
   Victim Organization: Fusion Bar Inc
   Victim Site: fusionbarinc.com
5. Website defacement of Kaicho Group by NUCLIER-Y-C-C-M
   Category: Defacement
   Content: The NUCLIER-Y-C-C-M group defaced the Kaicho Group website on April 3, 2026. The attack targeted a Nepalese organizations web presence, compromising a file named wow.txt on their domain.
   Date: 2026-04-02T23:56:15Z
   Network: openweb
   Published URL: https://zone-xsec.com/mirror/id/827525
   Screenshots:
   None
   Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
   Victim Country: Nepal
   Victim Industry: Unknown
   Victim Organization: Kaicho Group
   Victim Site: kaichogroup.com.np
6. Alleged Imminent Data Breach Release of Cisco by ShinyHunters
   Category: Data Breach
   Content: The threat actor group ShinyHunters is announcing an imminent release or action targeting Cisco, repeatedly stating COMING alongside CISCO in an apparent teaser post. A preceding message references receiving money and purchasing a boat, suggesting an active extortion or ransom negotiation. This indicates a likely upcoming data leak or breach disclosure involving Cisco.
   Date: 2026-04-02T23:56:03Z
   Network: telegram
   Published URL: https://t.me/c/3737716184/636
   Screenshots:
   None
   Threat Actors: ShinyHunters
   Victim Country: United States
   Victim Industry: Technology / Networking
   Victim Organization: Cisco
   Victim Site: cisco.com
7. Website defacement of rahulthapa.com.np by NUCLIER-Y-C-C-M
   Category: Defacement
   Content: The threat actor NUCLIER-Y-C-C-M successfully defaced the website rahulthapa.com.np on April 3, 2026. The defacement targeted a specific file (wow.txt) on the Nepalese domain.
   Date: 2026-04-02T23:55:41Z
   Network: openweb
   Published URL: https://zone-xsec.com/mirror/id/827526
   Screenshots:
   None
   Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
   Victim Country: Nepal
   Victim Industry: Unknown
   Victim Organization: Unknown
   Victim Site: rahulthapa.com.np
8. Website defacement of theeldoradoavenue.com by NUCLIER-Y-C-C-M
   Category: Defacement
   Content: The website theeldoradoavenue.com was defaced by the threat actor NUCLIER-Y-C-C-M on April 3, 2026. This appears to be an isolated defacement incident targeting a single website.
   Date: 2026-04-02T23:55:08Z
   Network: openweb
   Published URL: https://zone-xsec.com/mirror/id/827527
   Screenshots:
   None
   Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
   Victim Country: Unknown
   Victim Industry: Unknown
   Victim Organization: Unknown
   Victim Site: theeldoradoavenue.com
9. Alleged Data Breach and Source Code Theft of Salesforce and Cisco by ShinyHunters
   Category: Data Breach
   Content: The ShinyHunters threat group claims to have compromised Salesforce and Cisco systems, exfiltrating over 3 million Salesforce records containing PII, GitHub repositories, AWS storage, and internal corporate data. They additionally claim possession of Cisco AI source code for multiple products including AI Assistants, AI Defense, AI Canvas, and AI Cisco Cloud Control. The group taunts Cisco security staff by name (Jinzhao Feng), referencing public repository exposure. The data is being sold for $2M USD via BreachForums. Contact provided via Tox and Session IDs.
   Date: 2026-04-02T23:52:55Z
   Network: telegram
   Published URL: https://t.me/c/3737716184/629
   Screenshots:
   None
   Threat Actors: ShinyHunters
   Victim Country: United States
   Victim Industry: Technology / Enterprise Software
   Victim Organization: Salesforce, Cisco
   Victim Site: salesforce.com, cisco.com
10. Alleged Destructive Cyber Attack on Israeli Packaging Company Allpack by Anonymous For Justice
    Category: Cyber Attack
    Content: The threat group Anonymous For Justice claims to have deleted 2 terabytes of data from Allpack (Allpack מוצרי נייר / Olfpack), an Israeli importer and marketer of packaging and paper products. The claim is accompanied by hacktivist hashtags including #OpIsrael and #FreePalestine, suggesting politically motivated targeting.
    Date: 2026-04-02T23:52:10Z
    Network: telegram
    Published URL: https://t.me/c/2029743630/86
    Screenshots:
    None
    Threat Actors: Anonymous For Justice
    Victim Country: Israel
    Victim Industry: Manufacturing & Packaging
    Victim Organization: Allpack (Olfpack)
    Victim Site: Unknown
11. Alleged leak of mixed email-password combolist
    Category: Combo List
    Content: A threat actor shared a combolist containing 200,000 email and password combinations for free download on a cybercrime forum. The actor also advertises selling high quality combos with guarantee.
    Date: 2026-04-02T23:46:51Z
    Network: openweb
    Published URL: https://crackingx.com/threads/70863/
    Screenshots:
    None
    Threat Actors: steeve75
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
12. Alleged Data Breach and Source Code Sale of Cisco and Salesforce by ShinyHunters
    Category: Data Breach
    Content: Threat actor group ShinyHunters claims to have compromised Cisco systems, obtaining over 3 million Salesforce records containing PII, GitHub repositories, AWS storage, and internal corporate data. They allege possession of source code for Cisco AI Assistants, AI Defense, AI Canvas, and AI Cisco Cloud Control. The post taunts Cisco security staff by name (Jinzhao Feng) and references monitoring Ciscos internal security case updates in real time. The data is listed for sale at $2M USD on BreachForums. Contact via Tox and Session IDs provided.
    Date: 2026-04-02T23:46:27Z
    Network: telegram
    Published URL: https://t.me/c/3737716184/619
    Screenshots:
    None
    Threat Actors: ShinyHunters
    Victim Country: United States
    Victim Industry: Technology
    Victim Organization: Cisco / Salesforce
    Victim Site: Unknown
13. Website defacement of Realms Group by ARJUN-X001 from KEJE ARMY
    Category: Defacement
    Content: ARJUN-X001 from the KEJE ARMY group successfully defaced the homepage of realms-group.com on April 3, 2026. This was a targeted single-site defacement rather than part of a mass campaign.
    Date: 2026-04-02T23:43:25Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827486
    Screenshots:
    None
    Threat Actors: ARJUN-X001, KEJE ARMY
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Realms Group
    Victim Site: realms-group.com
14. Alleged sale of mail access and credential tools across multiple countries
    Category: Initial Access
    Content: A threat actor operating under @Dataxlogs is advertising mail access availability across France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, and Japan. The offering includes configs, scripts, tools, hits, combo lists, and custom requests. This represents a multi-country initial access and credential marketplace operation.
    Date: 2026-04-02T23:42:51Z
    Network: telegram
    Published URL: https://t.me/c/2613583520/58927
    Screenshots:
    None
    Threat Actors: Dataxlogs
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
15. Website defacement of syan.ae by ARJUN-X001/KEJE ARMY
    Category: Defacement
    Content: ARJUN-X001 from KEJE ARMY conducted a home page defacement of syan.ae on April 3, 2026. The attack targeted a UAE-based website, though the organization type and specific victim details remain unknown.
    Date: 2026-04-02T23:42:37Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827490
    Screenshots:
    None
    Threat Actors: ARJUN-X001, KEJE ARMY
    Victim Country: United Arab Emirates
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: syan.ae
16. Website defacement of walkxpress.com by ARJUN-X001/KEJE ARMY
    Category: Defacement
    Content: The website walkxpress.com was defaced by attacker ARJUN-X001 from the KEJE ARMY group on April 3, 2026. This was a targeted home page defacement rather than a mass attack.
    Date: 2026-04-02T23:41:47Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827492
    Screenshots:
    None
    Threat Actors: ARJUN-X001, KEJE ARMY
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Walk Express
    Victim Site: walkxpress.com
17. Website defacement of bytinaline.com by ARJUN-X001 (KEJE ARMY)
    Category: Defacement
    Content: The website bytinaline.com was defaced by attacker ARJUN-X001, associated with the KEJE ARMY team, on April 3, 2026. This was a single-target home page defacement rather than a mass attack.
    Date: 2026-04-02T23:40:59Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827500
    Screenshots:
    None
    Threat Actors: ARJUN-X001, KEJE ARMY
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: bytinaline.com
18. Website defacement of nailahaj.com by ARJUN-X001/KEJE ARMY
    Category: Defacement
    Content: ARJUN-X001 from the KEJE ARMY group successfully defaced the nailahaj.com website on April 3, 2026. This was a targeted home page defacement rather than a mass attack campaign.
    Date: 2026-04-02T23:40:09Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827510
    Screenshots:
    None
    Threat Actors: ARJUN-X001, KEJE ARMY
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: nailahaj.com
19. Alleged sale of stolen credit cards via AllCards carding service
    Category: Cyber Attack
    Content: A carding service called AllCards is advertising the sale of stolen credit/debit cards. They claim to produce and update 100k+ cards globally per day. Pricing is listed as $1.2–$2 per valid card for US, and $2.5–$3 per valid card for other countries. They operate via a clearnet site (allcards.vlweh.com) and a Tor hidden service, with associated Telegram channels for buyers.
    Date: 2026-04-02T23:39:25Z
    Network: telegram
    Published URL: https://t.me/allCardCkuent/3
    Screenshots:
    None
    Threat Actors: AllCards
    Victim Country: Unknown
    Victim Industry: Financial Services
    Victim Organization: Unknown
    Victim Site: Unknown
20. Website defacement of Niven Fitness by ARJUN-X001/KEJE ARMY
    Category: Defacement
    Content: ARJUN-X001 from KEJE ARMY defaced the Niven Fitness website on April 3, 2026. This was a single-target home page defacement of a fitness company website.
    Date: 2026-04-02T23:39:20Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827511
    Screenshots:
    None
    Threat Actors: ARJUN-X001, KEJE ARMY
    Victim Country: Unknown
    Victim Industry: Fitness/Health
    Victim Organization: Niven Fitness
    Victim Site: nivenfitness.com
21. Website defacement of yazedstyle.com by ARJUN-X001 (KEJE ARMY)
    Category: Defacement
    Content: ARJUN-X001 from the KEJE ARMY group successfully defaced the yazedstyle.com website on April 3, 2026. This was a single-target home page defacement rather than a mass attack.
    Date: 2026-04-02T23:38:30Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827520
    Screenshots:
    None
    Threat Actors: ARJUN-X001, KEJE ARMY
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: yazedstyle.com
22. Alleged leak of credential combolist targeting multiple streaming and gaming services
    Category: Combo List
    Content: Threat actor Ra-Zi shared a combolist containing 200,000 email and password combinations allegedly targeting Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify accounts. The actor also advertises selling additional credential lists for various email providers and geographic regions.
    Date: 2026-04-02T23:38:20Z
    Network: openweb
    Published URL: https://demonforums.net/Thread-200k-Fresh-HQ-Combolist-Email-Pass-Netflix-Minecraft-Uplay-Steam-Hulu-spotify–199041
    Screenshots:
    None
    Threat Actors: Ra-Zi
    Victim Country: Unknown
    Victim Industry: Entertainment and Gaming
    Victim Organization: Multiple (Netflix, Minecraft, Uplay, Steam, Hulu, Spotify)
    Victim Site: Unknown
23. Website defacement of Abu Maher Express by ARJUN-X001 (KEJE ARMY)
    Category: Defacement
    Content: The KEJE ARMY group, through member ARJUN-X001, successfully defaced the Abu Maher Express website on April 3, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
    Date: 2026-04-02T23:37:41Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827521
    Screenshots:
    None
    Threat Actors: ARJUN-X001, KEJE ARMY
    Victim Country: Unknown
    Victim Industry: Transportation/Logistics
    Victim Organization: Abu Maher Express
    Victim Site: abumaherexpress.com
24. Alleged sale of credit card data and CVV information
    Category: Combo List
    Content: Threat actor flower12 is allegedly selling stolen credit card numbers with CVV codes, claiming to have fresh items from 90% of countries worldwide and seeking long-term customers via Telegram.
    Date: 2026-04-02T23:37:33Z
    Network: openweb
    Published URL: https://demonforums.net/Thread-1-Sell-CC-LINKABLES-CVV-VBV-NON-VBV-Bin-Clone-cards
    Screenshots:
    None
    Threat Actors: flower12
    Victim Country: Unknown
    Victim Industry: Financial Services
    Victim Organization: Unknown
    Victim Site: Unknown
25. Alleged sale of CVV and credit card data on cybercriminal forum
    Category: Data Breach
    Content: Cybercriminal actor flower12 advertising the sale of CVV and credit card data from multiple countries on DemonForums, promoting long-term business relationships and claiming to have fresh inventory daily. Contact facilitated through Telegram channel.
    Date: 2026-04-02T23:37:26Z
    Network: openweb
    Published URL: https://demonforums.net/Thread-Hello-Everyone-we-are-looking-for-a-good-customers-to-buy-cvv-cc–199049
    Screenshots:
    None
    Threat Actors: flower12
    Victim Country: Unknown
    Victim Industry: Financial Services
    Victim Organization: Unknown
    Victim Site: Unknown
26. Alleged Data Breach and Source Code Sale of Cisco by ShinyHunters
    Category: Data Breach
    Content: Threat actor ShinyHunters claims to have compromised Cisco systems, obtaining over 3 million Salesforce records containing PII, GitHub repositories, AWS storage, and other internal corporate data. The group also claims possession of Cisco source code for AI Assistants, AI Defense, AI Canvas, and AI Cisco Cloud Control. The actor taunts Cisco security teams, references an employee named Jinzhao Feng allegedly storing secrets in public repositories, and threatens to release all data. The package is listed for sale at $500,000 USD on BreachForums.
    Date: 2026-04-02T23:36:32Z
    Network: telegram
    Published URL: https://t.me/c/3737716184/618
    Screenshots:
    None
    Threat Actors: ShinyHunters
    Victim Country: United States
    Victim Industry: Technology
    Victim Organization: Cisco
    Victim Site: cisco.com
27. Alleged leak of email credential combolist containing 15 million accounts
    Category: Combo List
    Content: Threat actor CODER is distributing a combolist containing 15 million email and password combinations through Telegram channels. The credentials are being shared for free through dedicated Telegram groups.
    Date: 2026-04-02T23:05:46Z
    Network: openweb
    Published URL: https://crackingx.com/threads/70862/
    Screenshots:
    None
    Threat Actors: CODER
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
28. Alleged leak of mixed country credential combolist
    Category: Combo List
    Content: A threat actor shared a combolist containing over 1.3 million credentials from mixed countries through a file sharing service. The credentials are described as high quality and from various geographic locations.
    Date: 2026-04-02T22:55:34Z
    Network: openweb
    Published URL: https://crackingx.com/threads/70861/
    Screenshots:
    None
    Threat Actors: BestCombo
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
29. Alleged SMS OTP bypass service advertisement by RatelSMS
    Category: Initial Access
    Content: Threat actor RatelSMS advertises an SMS receiving service for OTP bypass across 200+ countries and 5000+ services. The service appears to facilitate bypassing SMS-based two-factor authentication mechanisms.
    Date: 2026-04-02T22:55:26Z
    Network: openweb
    Published URL: https://crackingx.com/threads/70860/
    Screenshots:
    None
    Threat Actors: RatelSMS
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
30. Alleged leak of mixed credential combolist
    Category: Combo List
    Content: A threat actor shared a combolist containing 2,734 mixed email and password combinations for free download, advertising them as high-quality hits with inbox access targets.
    Date: 2026-04-02T22:46:03Z
    Network: openweb
    Published URL: https://demonforums.net/Thread-Email-Pass-2734x-HQ-MIXED-HITS-INBOXES-TARGETS
    Screenshots:
    None
    Threat Actors: He_Cloud
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
31. Alleged distribution of credential combolist containing 2,200 accounts
    Category: Combo List
    Content: A threat actor shared a combolist containing 2,200 recently verified credential pairs described as fresh and top quality mixed accounts. The credentials are being distributed for free to registered forum users.
    Date: 2026-04-02T22:35:28Z
    Network: openweb
    Published URL: https://crackingx.com/threads/70859/
    Screenshots:
    None
    Threat Actors: MailAccesss
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
32. Alleged Data Breach of COTSSAZA
    Category: Data Breach
    Content: The threat actor claims to be leaked data from COTSSAZA. The dataset reportedly includes contact details, course enrollment records, and company account information, potentially exposing sensitive personal and organizational data.
    Date: 2026-04-02T22:27:19Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-487k-Spain-https-www-cotssaza-org-Professional-and-contact-data-including-lice
    Screenshots:
    None
    Threat Actors: Grubder
    Victim Country: Spain
    Victim Industry: Professional Services
    Victim Organization: cotssaza
    Victim Site: cotssaza.org
33. Alleged sale of Fatales Boutiques database
    Category: Data Breach
    Content: The threat actor claims to be selling database of Fatales Boutiques. The dataset contains approximately 431,000 records and is structured across contacts, booking history, and loyalty program data. The data reportedly includes personal and contact information such as names, email addresses, phone numbers, physical addresses, birth dates, and demographic details, along with appointment records, payment and service information, and customer loyalty program activity including points, tier levels, and transaction history.
    Date: 2026-04-02T22:19:35Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-431k-Tunisia-https-www-fatales-tn-Active-user-contacts-with-personal-and-ecomme
    Screenshots:
    None
    Threat Actors: Grubder
    Victim Country: Tunisia
    Victim Industry: Retail Industry
    Victim Organization: fatales boutiques
    Victim Site: fatales.tn
34. Alleged leak of mixed premium credential lists with keyword targets
    Category: Combo List
    Content: Threat actor shared a collection of 2,738 premium validated credential combinations along with 79+ keyword-targeted accounts for free download on underground forum.
    Date: 2026-04-02T22:14:30Z
    Network: openweb
    Published URL: https://crackingx.com/threads/70856/
    Screenshots:
    None
    Threat Actors: Hotmail Cloud
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
35. Alleged leak of Target Germany credentials combolist
    Category: Combo List
    Content: A threat actor shared a combolist containing 560,620 credential pairs allegedly from Target Germany operations. The data was made available as a free download via file sharing service.
    Date: 2026-04-02T22:14:11Z
    Network: openweb
    Published URL: https://crackingx.com/threads/70858/
    Screenshots:
    None
    Threat Actors: HQcomboSpace
    Victim Country: Germany
    Victim Industry: Retail
    Victim Organization: Target
    Victim Site: Unknown
36. Alleged Data Breach of Conectia Tecnología y Comunicaciones SL
    Category: Data Breach
    Content: The threat actor claims to be leaked data from Conectia Tecnología y Comunicaciones SL . The dataset reportedly includes contact details, purchase history, and customer support ticket data, potentially exposing sensitive personal and transactional information.
    Date: 2026-04-02T22:09:10Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-475k-Spain-https-www-conectia-es-Contact-records-including-emails-phones-add
    Screenshots:
    None
    Threat Actors: Grubder
    Victim Country: Spain
    Victim Industry: Information Technology (IT) Services
    Victim Organization: conectia tecnología y comunicaciones sl
    Victim Site: conectia.es
37. Alleged sale of Jamalpur Upazila Administration, Thakurgaon District
    Category: Data Breach
    Content: The threat actor claims to be selling a database belonging to Jamalpur Upazila Administration, Thakurgaon District. The dataset reportedly contains citizen records including National ID numbers, birth registration numbers, full names, and government beneficiary information, potentially exposing sensitive personal data of thousands of citizens.
    Date: 2026-04-02T22:07:45Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-BANGLADESH-GOV-LEAK-jamalpurup-thakurgaon-gov-bd-50-000-Citizen-NID-Database
    Screenshots:
    None
    Threat Actors: xorcat
    Victim Country: Bangladesh
    Victim Industry: Government Administration
    Victim Organization: jamalpur upazila administration, thakurgaon district
    Victim Site: jamalpurup.thakurgaon.gov.bd
38. Alleged leak of cloud service credentials combolist
    Category: Combo List
    Content: Threat actor Seaborg shared a combolist containing 72,000 cloud service credentials in URL:LOG:PASS format on cybercriminal forum. The credentials appear to target various cloud services and are being distributed for free to registered forum members.
    Date: 2026-04-02T22:04:19Z
    Network: openweb
    Published URL: https://demonforums.net/Thread-72K-CLOUD-DATA-URL-LOG-PASS-FORMAT
    Screenshots:
    None
    Threat Actors: Seaborg
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
39. Alleged leak of cloud service credentials
    Category: Combo List
    Content: A threat actor shared a combolist containing 72,000 credentials in URL:LOG:PASS format, allegedly sourced from cloud services. The data is being distributed for free to registered forum users.
    Date: 2026-04-02T22:03:52Z
    Network: openweb
    Published URL: https://crackingx.com/threads/70855/
    Screenshots:
    None
    Threat Actors: Seaborg
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
40. Alleged Data Breach of books.com.tw
    Category: Data Breach
    Content: The threat actor claims to be leaked data from books.com.tw. The dataset reportedly includes direct contact details, project descriptions, and funding amounts and more.
    Date: 2026-04-02T22:03:25Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-374k-Taiwan-https-www-books-com-tw-User-profiles-with-contact-info-and-purchas
    Screenshots:
    None
    Threat Actors: Grubder
    Victim Country: Taiwan
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: books.com.tw
41. Alleged distribution of 11.3 million credential combolist targeting food and hospitality sectors
    Category: Combo List
    Content: Threat actor CODER is distributing a combolist containing 11.3 million email and password combinations allegedly targeting food service, hospitality, fashion, real estate, and automotive sectors through Telegram channels.
    Date: 2026-04-02T22:01:53Z
    Network: openweb
    Published URL: https://crackingx.com/threads/70853/
    Screenshots:
    None
    Threat Actors: CODER
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
42. Alleged leak of Outlook and Hotmail credentials
    Category: Combo List
    Content: A threat actor leaked 1,173 credential lines targeting Outlook and Hotmail accounts on a cybercrime forum as a free download.
    Date: 2026-04-02T22:01:16Z
    Network: openweb
    Published URL: https://crackingx.com/threads/70854/
    Screenshots:
    None
    Threat Actors: karaokecloud
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft
    Victim Site: outlook.com
43. Alleged Sale of Cisco Source Code and 3M+ Salesforce Records by ShinyHunters
    Category: Data Breach
    Content: The ShinyHunters threat group is claiming to sell over 3 million Salesforce records containing PII, along with Cisco source code, GitHub repositories, AWS storage, and other internal corporate data. The data is listed for sale at $200,000 USD (reduced from $660,000 USD) on BreachForums. The breach is dated 2026/04/03. Multiple cybersecurity news outlets have covered the incident. Contact is provided via Tox and Session IDs, and a dark web DLS site is referenced.
    Date: 2026-04-02T21:59:18Z
    Network: telegram
    Published URL: https://t.me/c/3737716184/611
    Screenshots:
    None
    Threat Actors: ShinyHunters
    Victim Country: United States
    Victim Industry: Technology
    Victim Organization: Cisco, Salesforce
    Victim Site: Unknown
44. Alleged Data Breach of Pantipmarket
    Category: Data Breach
    Content: The threat actor claims to be leaked data from Pantipmarket. The dataset reportedly includes organizations operations, including Contacts, Purchase Orders, Support Tickets.
    Date: 2026-04-02T21:55:45Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-284k-Thailand-www-pantipmarket-com-User-profiles-with-emails-passwords-contacts
    Screenshots:
    None
    Threat Actors: Grubder
    Victim Country: Thailand
    Victim Industry: E-commerce & Online Stores
    Victim Organization: pantipmarket
    Victim Site: pantipmarket.com
45. Alleged Data Breach of NSS Tunis
    Category: Data Breach
    Content: The threat actor claims to be leaked data from NSS Tunis. The dataset reportedly includes organizations operations, including Contact, Product Interest Profile, Family Info.
    Date: 2026-04-02T21:50:34Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-312k-Tunisia-https-www-nsstunis-com-Personal-contact-data-including-emails-pho
    Screenshots:
    None
    Threat Actors: Grubder
    Victim Country: Tunisia
    Victim Industry: Information Technology (IT) Services
    Victim Organization: nss tunis
    Victim Site: nsstunis.com
46. Alleged leak of Hotmail credentials on cybercriminal forum
    Category: Combo List
    Content: A threat actor allegedly shared a combolist containing 42,000 Hotmail credentials on a cybercriminal forum specializing in credential lists and data dumps.
    Date: 2026-04-02T21:50:17Z
    Network: openweb
    Published URL: https://crackingx.com/threads/70852/
    Screenshots:
    None
    Threat Actors: ValidMail
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft
    Victim Site: hotmail.com
47. Alleged Data Breach of Pcone Shopping
    Category: Data Breach
    Content: The threat actor claims to be leaked data from Pcone Shopping. The dataset reportedly includes direct contact details, project descriptions, and funding amounts.
    Date: 2026-04-02T21:47:04Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-437k-Taiwan-www-pcone-com-tw-Contact-database-including-emails-phone-numbers-c
    Screenshots:
    None
    Threat Actors: Grubder
    Victim Country: Taiwan
    Victim Industry: E-commerce & Online Stores
    Victim Organization: pcone shopping
    Victim Site: pcone.com.tw
48. Alleged sale of Takealot Online (Pty) Ltd database
    Category: Data Breach
    Content: The threat actor claims to be selling database of Takealot Online (Pty) Ltd. The dataset contains approximately 587,000 records and is structured across contacts, support tickets, and order delivery logs. The data reportedly includes personal and contact information such as full names, email addresses, phone numbers, and physical addresses, along with customer support interactions and detailed delivery records including shipment tracking, delivery attempts, and associated metadata.
    Date: 2026-04-02T21:33:53Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-587k-South-Africa-https-www-takealot-com-Customer-contacts-email-phone-address
    Screenshots:
    None
    Threat Actors: Grubder
    Victim Country: South Africa
    Victim Industry: Retail Industry
    Victim Organization: takealot online (pty) ltd
    Victim Site: takealot.com
49. Alleged sale of passport images and contact data
    Category: Data Leak
    Content: The threat actor claims to be selling a dataset allegedly obtained from a flight booking system, containing passport images and associated contact information. The data reportedly includes passport scans alongside phone numbers and email addresses of individuals from multiple countries, including China, Japan, United States, and Russia.
    Date: 2026-04-02T21:12:20Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-Selling-China-Japan-USA-Russia-Passports-Pics-With-Contact-Info-Fresh-100-From-Flight
    Screenshots:
    None
    Threat Actors: sexybroker
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
50. Alleged data breach of NR Medical Academy
    Category: Data Breach
    Content: The threat actor claims to have breached data from NR Medical Academy. The database contains approximately 4,600 records. The compromised data includes name, IC number, sex, street addresses (1, 2, and 3), city, postcode, phone number, and email address.
    Date: 2026-04-02T21:08:53Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-NRMEDICAL4U-COM-MY-LEAKED–72032
    Screenshots:
    None
    Threat Actors: Mangtx1337
    Victim Country: Malaysia
    Victim Industry: Professional Training
    Victim Organization: nr medical academy
    Victim Site: nrmedical4u.com.my
51. Alleged Cyber Espionage and Data Breach of Lockheed Martin by Iranian APT Group
    Category: Data Breach
    Content: An Iranian APT group is claiming responsibility for infiltrating Lockheed Martins systems and exfiltrating 375 terabytes of sensitive defense-related data. The group denies receiving assistance from Russia or China. They claim to have bypassed Lockheed Martins multi-layered security systems without triggering any alerts or suspicion. The stolen data reportedly relates to fighter jet information but does not include B2 bomber documents or UFO-related materials. The group frames this as the most significant US intelligence/security failure in recent history.
    Date: 2026-04-02T21:00:18Z
    Network: telegram
    Published URL: https://t.me/c/3575098403/80
    Screenshots:
    None
    Threat Actors: APT IRAN
    Victim Country: United States
    Victim Industry: Defense & Aerospace
    Victim Organization: Lockheed Martin
    Victim Site: lockheedmartin.com
52. Alleged Data sale of Yell.ru
    Category: Data Breach
    Content: The threat actor claims to be selling a database belonging to Yell.ru. The dataset reportedly contains contact profiles, business listings, and inquiry records, including names, phone numbers, email addresses, and business-related information, potentially exposing personal and corporate contact data.
    Date: 2026-04-02T21:00:12Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-670k-Russia-https-www-yell-ru-Real-contact-profiles-with-emails-phones-locati
    Screenshots:
    None
    Threat Actors: Grubder
    Victim Country: Russia
    Victim Industry: E-commerce & Online Stores
    Victim Organization: yell.ru
    Victim Site: yell.ru
53. Alleged Cyber Espionage and Data Breach of Lockheed Martin by Iranian Threat Actor Claiming 375TB Exfiltration
    Category: Data Breach
    Content: An Iranian threat actor (channel: APT IRAN) claims to have successfully infiltrated Lockheed Martin, allegedly exfiltrating 375 terabytes of data without triggering any security alerts. The actor denies receiving assistance from Russia or China, asserting the operation was conducted independently. The post claims access to the most secure systems at Lockheed Martin, describing it as Americas greatest security failure. The actor states the stolen data does not include B2 bomber documents or UFO-related materials. The claim also includes vague references to influencing US domestic politics. The veracity of these claims is unverified.
    Date: 2026-04-02T20:59:24Z
    Network: telegram
    Published URL: https://t.me/c/3575098403/79
    Screenshots:
    None
    Threat Actors: APT IRAN
    Victim Country: United States
    Victim Industry: Defense & Aerospace
    Victim Organization: Lockheed Martin
    Victim Site: lockheedmartin.com
54. Alleged distribution of email credential combolist containing 16 million records
    Category: Combo List
    Content: Threat actor CODER is distributing a combolist containing 16 million email and password combinations through Telegram channels. The credentials are being made available for free through associated Telegram groups.
    Date: 2026-04-02T20:58:51Z
    Network: openweb
    Published URL: https://crackingx.com/threads/70851/
    Screenshots:
    None
    Threat Actors: CODER
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
55. Alleged sale of Upwave database
    Category: Data Breach
    Content: The threat actor claims to have breached the database from Upwave, the compromised dataset reportedly includes the company’s source code.
    Date: 2026-04-02T20:55:08Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-Source-Code-Upwave-com-Data-Breach-Leaked-Download
    Screenshots:
    None
    Threat Actors: 888
    Victim Country: USA
    Victim Industry: Marketing, Advertising & Sales
    Victim Organization: upwave
    Victim Site: upwave.com
56. Alleged data breach of Citilink
    Category: Data Breach
    Content: The threat actor claims to have breached a database from Citilink. The dataset reportedly contains customer personal information, contact details, order records, and customer support tickets. The exposed data may include personally identifiable information (PII), which could pose privacy and fraud risks if misused.
    Date: 2026-04-02T20:53:12Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-324k-Russia-https-www-citilink-ru-Customer-database-including-emails-phone-num
    Screenshots:
    None
    Threat Actors: Grubder
    Victim Country: Russia
    Victim Industry: E-commerce & Online Stores
    Victim Organization: citilink
    Victim Site: citilink.ru
57. Alleged sale of myschool database
    Category: Data Breach
    Content: The threat actor claims to have breached 437,000 records of data from MySchool, the dataset exposed information may include student personal details, enrollment history, payment-related records, and support interactions, creating a potential risk to student privacy and institutional trust.
    Date: 2026-04-02T20:52:54Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-437k-South-Africa-https-www-myschool-co-za-Student-contact-and-enrollment-recor
    Screenshots:
    None
    Threat Actors: Grubder
    Victim Country: South Africa
    Victim Industry: Education
    Victim Organization: myschool
    Victim Site: myschool.co.za
58. Alleged Data Breach of Precision Instruments Development Center
    Category: Data Breach
    Content: The threat actor claims to be leaked data from Precision Instruments Development Center. The dataset reportedly includes organizations operations, including Contacts, Shops, Id Verifications.
    Date: 2026-04-02T20:45:33Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-462k-Taiwan-www-pidc-gov-tw-Active-web-users-contact-and-tech-analyst-data-recor
    Screenshots:
    None
    Threat Actors: Grubder
    Victim Country: Taiwan
    Victim Industry: Government Administration
    Victim Organization: precision instruments development center
    Victim Site: pidc.gov.tw
59. Alleged data leak of AirExplore
    Category: Data Breach
    Content: Group claims to have leaked data from AirExplore.
    Date: 2026-04-02T20:42:42Z
    Network: telegram
    Published URL: https://t.me/c/3816027580/6021
    Screenshots:
    None
    Threat Actors: scattered LAPSUS$ hunters part 9
    Victim Country: Slovakia
    Victim Industry: Airlines & Aviation
    Victim Organization: airexplore
    Victim Site: airexplore.aero
60. Cyber Attack Hits Town of Pepperell
    Category: Cyber Attack
    Content: A cyberattack targeted the Patriot Regional Emergency Communications Center in Pepperell, Massachusetts, impacting computer systems and disrupting non-emergency communication lines across multiple towns. Police, fire, and EMS departments experienced service interruptions; however, emergency 911 services remained operational. Authorities engaged cybersecurity experts and law enforcement to investigate the incident, contain the impact, and restore affected systems, with no evidence so far of compromised private data.
    Date: 2026-04-02T20:41:47Z
    Network: openweb
    Published URL: https://www.sentinelandenterprise.com/2026/04/01/patriot-regional-emergency-communications-center-in-pepperell-hit-by-cyberattack-affecting-multiple-towns/
    Screenshots:
    None
    Threat Actors:
    Victim Country: USA
    Victim Industry: Government Administration
    Victim Organization: town of pepperell
    Victim Site: pepperell.ma.us
61. Alleged leak of Hotmail credentials
    Category: Combo List
    Content: A threat actor shared a combolist containing 2,000 Hotmail email and password combinations on a cybercrime forum.
    Date: 2026-04-02T20:38:56Z
    Network: openweb
    Published URL: https://crackingx.com/threads/70848/
    Screenshots:
    None
    Threat Actors: v5june
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft
    Victim Site: hotmail.com
62. Alleged distribution of credential combolist containing 14 million records
    Category: Combo List
    Content: Threat actor CODER is distributing a combolist containing 14 million credentials through Telegram channels, offering free access to credential lists and related programs.
    Date: 2026-04-02T20:38:35Z
    Network: openweb
    Published URL: https://crackingx.com/threads/70849/
    Screenshots:
    None
    Threat Actors: CODER
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
63. Alleged Data Breach of elnforma
    Category: Data Breach
    Content: The threat actor claims to be leaked data from elnforma. The dataset reportedly includes contact details, project descriptions, and funding amounts.
    Date: 2026-04-02T20:38:28Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-452k-Portugal-https-www-einforma-pt-Corporate-and-personal-contact-database-wi
    Screenshots:
    None
    Threat Actors: Grubder
    Victim Country: Portugal
    Victim Industry: Information Services
    Victim Organization: elnforma
    Victim Site: einforma.pt
64. Alleged leak of web.de email credentials
    Category: Combo List
    Content: A threat actor shared a combolist containing 28,003 credentials specifically targeting web.de email accounts. The data was made available for free download via a file sharing service.
    Date: 2026-04-02T20:38:15Z
    Network: openweb
    Published URL: https://crackingx.com/threads/70850/
    Screenshots:
    None
    Threat Actors: BestCombo
    Victim Country: Germany
    Victim Industry: Technology
    Victim Organization: 1&1 Mail & Media
    Victim Site: web.de
65. Alleged sale of SberHealth database
    Category: Data Breach
    Content: The threat actor claims to have breached the database from SberHealth, the dataset expose highly sensitive healthcare-related information, including personally identifiable information (PII) and potentially medical data, which significantly increases privacy and compliance risks.
    Date: 2026-04-02T20:32:40Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-582k-Russia-www-sberhealth-ru-Healthcare-contacts-with-personal-data-including-em
    Screenshots:
    None
    Threat Actors: Grubder
    Victim Country: Russia
    Victim Industry: Hospital & Health Care
    Victim Organization: sberhealth
    Victim Site: sberhealth.ru
66. Alleged Data Breach of Fnac Portugal
    Category: Data Breach
    Content: The threat actor claims to be leaked data from Fnac Portugal. The dataset reportedly includes contact details, project descriptions, and funding amounts.
    Date: 2026-04-02T20:31:51Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-437k-Portugal-https-www-fnac-pt-Customer-contacts-emails-phone-numbers-purc
    Screenshots:
    None
    Threat Actors: Grubder
    Victim Country: Portugal
    Victim Industry: Retail Industry
    Victim Organization: fnac darty
    Victim Site: fnac.pt
67. Alleged sale of CONAHCYT
    Category: Data Breach
    Content: The threat actor claims to have breached the database from CONAHCYT, the exposed data may affect researchers, reviewers, committee members, and platform users, potentially exposing both personally identifiable information (PII) and account security-related data.
    Date: 2026-04-02T20:30:13Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-612k-Mexico-https-www-conahcyt-mx-Personal-info-and-contact-details-database
    Screenshots:
    None
    Threat Actors: Grubder
    Victim Country: Mexico
    Victim Industry: Government Administration
    Victim Organization: conahcyt
    Victim Site: conahcyt.mx
68. Alleged data leak of Government of Amapá State
    Category: Data Breach
    Content: Group claims to have leaked data from Government of Amapá State.
    Date: 2026-04-02T20:28:06Z
    Network: telegram
    Published URL: https://t.me/c/3816027580/6009
    Screenshots:
    None
    Threat Actors: scattered LAPSUS$ hunters part 9
    Victim Country: Brazil
    Victim Industry: Government Administration
    Victim Organization: government of amapá state
    Victim Site: amapa.gov.br
69. Cyber Attack Hits North Attleborough Public Schools
    Category: Cyber Attack
    Content: North Attleborough Public Schools in Massachusetts reported a suspected cyberattack involving unauthorized activity on its network, which led to a district-wide internet outage and disruption of communication systems. School officials shut down network access as a precaution and engaged cybersecurity experts and authorities to investigate and secure systems. Classes continued with limited technology, and the full scope of the incident, including any potential data exposure, remains under investigation.
    Date: 2026-04-02T20:21:51Z
    Network: openweb
    Published URL: https://www.thesunchronicle.com/news/local_news/north-attleboro-schools-hit-by-suspected-cyberattack/article_be4c41b0-57ef-4516-9234-b03a45b08d29.html
    Screenshots:
    None
    Threat Actors:
    Victim Country: USA
    Victim Industry: Education
    Victim Organization: north attleborough public schools
    Victim Site: naschools.net
70. Alleged sale of Mihnati.com database
    Category: Data Breach
    Content: The threat actor claims to be selling database of Mihnati.com. The database is structured across contacts, candidate profiles, and candidate experience data. The data reportedly includes personal information such as names, email addresses, phone numbers, dates of birth, addresses, nationality, and marital status, along with detailed profile data including CV references, passport information, skills, and health-related attributes. It also includes work experience details such as regional and international experience.
    Date: 2026-04-02T20:21:39Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-627k-Saudi-Arabia-https-www-mihnati-com-Email-Name-DOB-Contact-Data-Collect
    Screenshots:
    None
    Threat Actors: Grubder
    Victim Country: Saudi Arabia
    Victim Industry: Information Technology (IT) Services
    Victim Organization: mihnati.com
    Victim Site: mihnati.com
71. Cyber Attack GEM TERMINAL IND.CO., LTD.
    Category: Cyber Attack
    Content: Gem Terminal Industry Co., Ltd. reported a cybersecurity incident on April 1, 2026, after its information systems and those of key subsidiaries were affected by a cyberattack. The company activated incident response measures, engaged external cybersecurity experts, and is in the process of restoring affected systems. Based on initial assessments, the incident is not expected to have a material impact on operations, and investigations are ongoing.
    Date: 2026-04-02T20:19:07Z
    Network: openweb
    Published URL: https://emops.twse.com.tw/server-java/t05sr01_1_e?&isNew=Y&seq_no=1&spoke_time=165538&spoke_date=20260401&co_id=2460
    Screenshots:
    None
    Threat Actors:
    Victim Country: Taiwan
    Victim Industry: Manufacturing
    Victim Organization: gem terminal ind.co., ltd.
    Victim Site: gem.com.tw
72. Alleged leak of Hotmail credentials combolist
    Category: Combo List
    Content: A threat actor has made available a combolist containing 326,987 Hotmail credentials through a file sharing service. The credentials appear to be targeted for social engineering purposes.
    Date: 2026-04-02T20:13:34Z
    Network: openweb
    Published URL: https://crackingx.com/threads/70847/
    Screenshots:
    None
    Threat Actors: HQcomboSpace
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft
    Victim Site: hotmail.com
73. Alleged Data Breach of Jobstreet Philippines
    Category: Data Breach
    Content: The threat actor claims to be leaked data from Jobstreet Philippines. The dataset reportedly includes contact details, job application records, and company account information, potentially exposing sensitive personal and employment-related data.
    Date: 2026-04-02T20:08:10Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-642k-Philippines-https-www-jobstreet-com-ph-Verified-job-seeker-contacts-with-e
    Screenshots:
    None
    Threat Actors: Grubder
    Victim Country: Philippines
    Victim Industry: Information Technology (IT) Services
    Victim Organization: jobstreet philippines
    Victim Site: ph.jobstreet.com
74. Website defacement of Fortune Garage Doors by PWNLOLZ team member Sparked
    Category: Defacement
    Content: The PWNLOLZ team, specifically member Sparked, successfully defaced the Fortune Garage Doors company website on April 3, 2026. This was a targeted single-site attack rather than a mass defacement campaign.
    Date: 2026-04-02T20:03:26Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827481
    Screenshots:
    None
    Threat Actors: Sparked, PWNLOLZ
    Victim Country: Unknown
    Victim Industry: Construction/Home Services
    Victim Organization: Fortune Garage Doors
    Victim Site: fortunegaragedoors.com
75. Website defacement of asbillora.com by Sparked/PWNLOLZ team
    Category: Defacement
    Content: The threat actor Sparked affiliated with team PWNLOLZ successfully defaced the homepage of asbillora.com on April 3, 2026. This was identified as a home page defacement targeting a single website rather than a mass defacement campaign.
    Date: 2026-04-02T20:02:54Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827482
    Screenshots:
    None
    Threat Actors: Sparked, PWNLOLZ
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: asbillora.com
76. Alleged Data Breach of BIOMED BV
    Category: Data Breach
    Content: The threat actor claims to be leaked data from BIOMED BV. The dataset reportedly includes contact details, patient records, and order history, potentially exposing sensitive personal, medical, and transactional information.
    Date: 2026-04-02T20:02:51Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-423k-Netherlands-https-www-biomedonline-nl-Professional-biomedical-contact-dat
    Screenshots:
    None
    Threat Actors: Grubder
    Victim Country: Netherlands
    Victim Industry: Healthcare & Pharmaceuticals
    Victim Organization: biomed bv
    Victim Site: biomedonline.nl
77. Website defacement of New Politics for Youth by PWNLOLZ team member Sparked
    Category: Defacement
    Content: The PWNLOLZ team, specifically member Sparked, successfully defaced the New Politics for Youth website on April 3, 2026. This was a targeted home page defacement of a political organizations website.
    Date: 2026-04-02T20:02:18Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827483
    Screenshots:
    None
    Threat Actors: Sparked, PWNLOLZ
    Victim Country: Unknown
    Victim Industry: Political/NGO
    Victim Organization: New Politics for Youth
    Victim Site: newpoliticsforyouth.eu
78. Alleged Data breach Of National Aerospace Fasteners Corporation
    Category: Data Breach
    Content: The threat actor claims to have breached data from National Aerospace Fasteners Corporation.
    Date: 2026-04-02T19:57:56Z
    Network: tor
    Published URL: https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/5731562994/overview
    Screenshots:
    None
    Threat Actors: Worldleaks
    Victim Country: Taiwan
    Victim Industry: Manufacturing
    Victim Organization: national aerospace fasteners corporation
    Victim Site: nafco.com.tw
79. Alleged sale of Vodacom Lesotho
    Category: Data Breach
    Content: The threat actor claims to have breached a database from Vodacom Lesotho, the dataset contains user contact information, which may include personally identifiable information (PII) of customers.
    Date: 2026-04-02T19:57:40Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-484k-Lesotho-https-www-vodacom-co-ls-User-contact-records-including-emails-pho
    Screenshots:
    None
    Threat Actors: Grubder
    Victim Country: Lesotho
    Victim Industry: Network & Telecommunications
    Victim Organization: vodacom lesotho
    Victim Site: vodacom.co.ls
80. Website defacement of cheezainonline.store by Sparked/PWNLOLZ team
    Category: Defacement
    Content: The attacker Sparked from team PWNLOLZ conducted a redefacement of the e-commerce website cheezainonline.store on April 3, 2026. This was a targeted home page defacement rather than a mass defacement campaign.
    Date: 2026-04-02T19:56:11Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827460
    Screenshots:
    None
    Threat Actors: Sparked, PWNLOLZ
    Victim Country: Unknown
    Victim Industry: E-commerce
    Victim Organization: Cheezai Online
    Victim Site: cheezainonline.store
81. Website defacement of imranmajeed.com by Sparked/PWNLOLZ team
    Category: Defacement
    Content: The PWNLOLZ team, specifically attacker Sparked, successfully defaced the imranmajeed.com website on April 3, 2026. This was a targeted home page defacement rather than a mass attack campaign.
    Date: 2026-04-02T19:55:36Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827463
    Screenshots:
    None
    Threat Actors: Sparked, PWNLOLZ
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: imranmajeed.com
82. Website defacement of himanshu-vaayuwellyindia.in by Sparked/PWNLOLZ team
    Category: Defacement
    Content: The attacker Sparked from team PWNLOLZ successfully defaced the website himanshu-vaayuwellyindia.in on April 3, 2026. This appears to be a redefacement of the same target, indicating either persistent vulnerabilities or repeated targeting by the same threat actor.
    Date: 2026-04-02T19:55:02Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827464
    Screenshots:
    None
    Threat Actors: Sparked, PWNLOLZ
    Victim Country: India
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: himanshu-vaayuwellyindia.in
83. Alleged leak of Hotmail credentials
    Category: Combo List
    Content: A threat actor shared a combolist containing 2,100 allegedly valid Hotmail email account credentials on an underground forum.
    Date: 2026-04-02T19:54:31Z
    Network: openweb
    Published URL: https://crackingx.com/threads/70845/
    Screenshots:
    None
    Threat Actors: MailAccesss
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft
    Victim Site: hotmail.com
84. Website defacement of SPM BuildCon by Sparked/PWNLOLZ team
    Category: Defacement
    Content: The construction company SPM BuildCons website was defaced by attacker Sparked from the PWNLOLZ team on April 3rd, 2026. This was identified as a redefacement of the homepage, indicating the site may have been previously compromised.
    Date: 2026-04-02T19:54:27Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827465
    Screenshots:
    None
    Threat Actors: Sparked, PWNLOLZ
    Victim Country: Unknown
    Victim Industry: Construction
    Victim Organization: SPM BuildCon
    Victim Site: spmbuildcon.com
85. Alleged distribution of email credential combolist containing 15 million records
    Category: Combo List
    Content: Threat actor distributing a credential combolist containing 15 million email and password combinations through Telegram channels. The actor provides free access to the combolist and associated cracking tools via dedicated Telegram groups.
    Date: 2026-04-02T19:54:09Z
    Network: openweb
    Published URL: https://crackingx.com/threads/70846/
    Screenshots:
    None
    Threat Actors: CODER
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
86. Website defacement of Vaayu Welly India by Sparked (PWNLOLZ team)
    Category: Defacement
    Content: The attacker Sparked from team PWNLOLZ defaced the homepage of vaayuwellyindia.in on April 3, 2026. This appears to be a redefacement of the target website.
    Date: 2026-04-02T19:53:53Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827466
    Screenshots:
    None
    Threat Actors: Sparked, PWNLOLZ
    Victim Country: India
    Victim Industry: Unknown
    Victim Organization: Vaayu Welly India
    Victim Site: vaayuwellyindia.in
87. Website defacement of Xtream Fiber by Sparked/PWNLOLZ team
    Category: Defacement
    Content: The attacker Sparked from the PWNLOLZ team conducted a redefacement of the Indian telecommunications provider Xtream Fibers website on April 3, 2026. This was a targeted home page defacement rather than a mass attack.
    Date: 2026-04-02T19:53:19Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827467
    Screenshots:
    None
    Threat Actors: Sparked, PWNLOLZ
    Victim Country: India
    Victim Industry: Telecommunications
    Victim Organization: Xtream Fiber
    Victim Site: xtreamfiber.in
88. Website defacement of AFX Trade by Sparked/PWNLOLZ team
    Category: Defacement
    Content: The trading platform AFX Trade was defaced by attacker Sparked affiliated with the PWNLOLZ team on April 3, 2026. The attack targeted the main index page of the UK-based financial services website.
    Date: 2026-04-02T19:52:44Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827468
    Screenshots:
    None
    Threat Actors: Sparked, PWNLOLZ
    Victim Country: United Kingdom
    Victim Industry: Financial Services
    Victim Organization: AFX Trade
    Victim Site: afxtrade.uk
89. Website defacement of aifptrade.live by Sparked/PWNLOLZ team
    Category: Defacement
    Content: The attacker known as Sparked from the PWNLOLZ team successfully defaced the homepage of aifptrade.live, a financial trading platform, on April 3rd, 2026. This was identified as a home page defacement rather than a mass defacement campaign.
    Date: 2026-04-02T19:52:11Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827469
    Screenshots:
    None
    Threat Actors: Sparked, PWNLOLZ
    Victim Country: Unknown
    Victim Industry: Financial Services
    Victim Organization: AIF P Trade
    Victim Site: aifptrade.live
90. Website defacement of dollarvision.world by PWNLOLZ team member Sparked
    Category: Defacement
    Content: The PWNLOLZ team member Sparked successfully defaced the dollarvision.world website on April 3rd, 2026. This was a targeted home page defacement rather than a mass attack.
    Date: 2026-04-02T19:51:36Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827470
    Screenshots:
    None
    Threat Actors: Sparked, PWNLOLZ
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Dollar Vision
    Victim Site: dollarvision.world
91. Website defacement of evolutionweb.co.in by Sparked/PWNLOLZ team
    Category: Defacement
    Content: The attacker Sparked from team PWNLOLZ successfully defaced the homepage of evolutionweb.co.in on April 3, 2026. This was a single home page defacement rather than a mass attack targeting the Indian web services company.
    Date: 2026-04-02T19:51:03Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827471
    Screenshots:
    None
    Threat Actors: Sparked, PWNLOLZ
    Victim Country: India
    Victim Industry: Technology/Web Services
    Victim Organization: Evolution Web
    Victim Site: evolutionweb.co.in
92. Website defacement of GLI by Sparked (PWNLOLZ team)
    Category: Defacement
    Content: The website gli.org.in was defaced by attacker Sparked from the PWNLOLZ team on April 3, 2026. This was a single home page defacement targeting an Indian organization.
    Date: 2026-04-02T19:50:26Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827472
    Screenshots:
    None
    Threat Actors: Sparked, PWNLOLZ
    Victim Country: India
    Victim Industry: Unknown
    Victim Organization: GLI
    Victim Site: gli.org.in
93. Website defacement of myknc.com by Sparked/PWNLOLZ team
    Category: Defacement
    Content: PWNLOLZ team member Sparked successfully defaced the homepage of myknc.com on April 3, 2026. This was a targeted home page defacement rather than a mass attack.
    Date: 2026-04-02T19:49:53Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827473
    Screenshots:
    None
    Threat Actors: Sparked, PWNLOLZ
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: myknc.com
94. Website defacement of raindollar.live by Sparked (PWNLOLZ team)
    Category: Defacement
    Content: The website raindollar.live was defaced by attacker Sparked associated with the PWNLOLZ team on April 3, 2026. This was a targeted home page defacement rather than a mass defacement campaign.
    Date: 2026-04-02T19:49:20Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827475
    Screenshots:
    None
    Threat Actors: Sparked, PWNLOLZ
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: raindollar.live
95. Website defacement of smartmoney99.com by Sparked/PWNLOLZ team
    Category: Defacement
    Content: The attacker Sparked from team PWNLOLZ successfully defaced the homepage of smartmoney99.com on April 3, 2026. This was a targeted single-site defacement rather than a mass attack.
    Date: 2026-04-02T19:48:46Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827476
    Screenshots:
    None
    Threat Actors: Sparked, PWNLOLZ
    Victim Country: Unknown
    Victim Industry: Financial Services
    Victim Organization: SmartMoney99
    Victim Site: smartmoney99.com
96. Website defacement of theglobaltrade.online by Sparked (PWNLOLZ team)
    Category: Defacement
    Content: The attacker Sparked from team PWNLOLZ successfully defaced the homepage of theglobaltrade.online on April 3, 2026. This was a single home page defacement targeting what appears to be a global trade-related website.
    Date: 2026-04-02T19:48:11Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827477
    Screenshots:
    None
    Threat Actors: Sparked, PWNLOLZ
    Victim Country: Unknown
    Victim Industry: Trade/Commerce
    Victim Organization: The Global Trade
    Victim Site: theglobaltrade.online
97. Alleged Data Breach of CSite
    Category: Data Breach
    Content: The threat actor claims to be leaked data from CSite . The dataset reportedly includes contact details, project descriptions, and funding amounts.
    Date: 2026-04-02T19:48:04Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-712k-Mexico-https-www-csite-com-mx-User-contact-data-including-emails-phone-nu
    Screenshots:
    None
    Threat Actors: Grubder
    Victim Country: Mexico
    Victim Industry: Information Services
    Victim Organization: csite
    Victim Site: csite.com.mx
98. Website defacement of Titan Trade Global by PWNLOLZ team member Sparked
    Category: Defacement
    Content: The PWNLOLZ team member Sparked successfully defaced the homepage of Titan Trade Globals website on April 3rd, 2026. This was a single-target home page defacement rather than a mass attack or redefacement.
    Date: 2026-04-02T19:47:37Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827478
    Screenshots:
    None
    Threat Actors: Sparked, PWNLOLZ
    Victim Country: Unknown
    Victim Industry: Financial Services
    Victim Organization: Titan Trade Global
    Victim Site: titantradeglobal.com
99. Website defacement of Hrithik Infotech by Sparked (PWNLOLZ team)
    Category: Defacement
    Content: The website of Hrithik Infotech was defaced by an attacker identified as Sparked from the PWNLOLZ team on April 3, 2026. This was a single home page defacement targeting the Indian IT companys main website.
    Date: 2026-04-02T19:47:03Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/827479
    Screenshots:
    None
    Threat Actors: Sparked, PWNLOLZ
    Victim Country: India
    Victim Industry: Information Technology
    Victim Organization: Hrithik Infotech
    Victim Site: hrithikinfotech.in
100. Alleged Sale of Pegasus-Like Zero-Click RAT Spyware for Android & iOS
     Category: Malware
     Content: A threat actor is selling an alleged zero-click RAT spyware tool claiming Pegasus-like capabilities for both Android and iOS platforms. The tool purportedly does not require APK or IPA installation and leverages zero-day vulnerabilities. The asking price is $30,000 USD/BTC/XMR. Contact handles provided are @SolonixBF and @whalesgleitsman.
     Date: 2026-04-02T19:44:12Z
     Network: telegram
     Published URL: https://t.me/c/3500620464/6250
     Screenshots:
     None
     Threat Actors: SolonixBF
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
101. Alleged Data Breach of National Institute of Open Schooling
     Category: Data Breach
     Content: The threat actor claims to be leaked data from National Institute of Open Schooling. The compromised data reportedly contains direct contact details, project descriptions, and funding amounts and more
     Date: 2026-04-02T19:36:34Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-682k-India-www-nios-ac-in-Student-records-including-names-contact-details-and-e
     Screenshots:
     None
     Threat Actors: Grubder
     Victim Country: India
     Victim Industry: Education
     Victim Organization: national institute of open schooling
     Victim Site: nios.ac.in
102. Alleged data breach of Tanzania Police Force (TPF)
     Category: Data Breach
     Content: The threat actor claims to have breached data from Tanzania Police Force (TPF). The compromised data contains email addresses and MD5 password hashes associated with police personnel accounts.
     Date: 2026-04-02T19:35:11Z
     Network: openweb
     Published URL: https://breached.st/threads/macaiba-rn-macaiba-rn-gov-br-tanzanian-police-force-rofl-mail-tpf-go-tz.85806/
     Screenshots:
     None
     Threat Actors: cozypandas
     Victim Country: Tanzania
     Victim Industry: Law Enforcement
     Victim Organization: tanzania police force
     Victim Site: mail.tpf.go.tz
103. Alleged data leak of NBS Trading
     Category: Data Breach
     Content: Group claims to have leaked data from NBS Trading.
     Date: 2026-04-02T19:25:27Z
     Network: telegram
     Published URL: https://t.me/c/3398932380/2277
     Screenshots:
     None
     Threat Actors: Escanors Official
     Victim Country: Qatar
     Victim Industry: Retail Industry
     Victim Organization: nbs trading
     Victim Site: nbs-doha.qa
104. Alleged data leak of Hampton Jitney Inc.
     Category: Data Breach
     Content: Group claims to have leaked data from Hampton Jitney Inc.
     Date: 2026-04-02T19:25:09Z
     Network: telegram
     Published URL: https://t.me/c/3398932380/2102
     Screenshots:
     None
     Threat Actors: Escanors Official
     Victim Country: USA
     Victim Industry: Transportation & Logistics
     Victim Organization: hampton jitney inc.
     Victim Site: reservations.hamptonjitney.com
105. Alleged leak of Hotmail credentials on cybercrime forum
     Category: Combo List
     Content: Threat actor NUllSHop0X allegedly made available 30,000 Hotmail credentials for free download on the CrackingX cybercrime forum. The post claims the credentials are fresh and valid.
     Date: 2026-04-02T19:24:00Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70844/
     Screenshots:
     None
     Threat Actors: NUllSHop0X
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
106. Alleged data leak of Flywell Bowling
     Category: Data Breach
     Content: Group claims to have leaked data from Flywell Bowling.
     Date: 2026-04-02T19:23:23Z
     Network: telegram
     Published URL: https://t.me/c/3398932380/2276
     Screenshots:
     None
     Threat Actors: Escanors Official
     Victim Country: Pakistan
     Victim Industry: Sporting Goods
     Victim Organization: flywell bowling
     Victim Site: flywellbowling.com.pk
107. Alleged data leak of screenblaze.com
     Category: Data Breach
     Content: Group claims to have leaked data from screenblaze.com
     Date: 2026-04-02T19:16:35Z
     Network: telegram
     Published URL: https://t.me/c/3375541458/4970
     Screenshots:
     None
     Threat Actors: Escanors Official
     Victim Country: UK
     Victim Industry: Information Technology (IT) Services
     Victim Organization: screenblaze.com
     Victim Site: screenblaze.com
108. Alleged Data Breach of Hospital Authority
     Category: Data Breach
     Content: The threat actor claims to be leaked data from Hospital Authority.The compromised data reportedly contains HKID,Full Name,Gender, DoB,HN.
     Date: 2026-04-02T19:10:05Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-Hong-Kong-www-ha-org-hk-Leaked-Download
     Screenshots:
     None
     Threat Actors: Demetrius
     Victim Country: China
     Victim Industry: Hospital & Health Care
     Victim Organization: hospital authority
     Victim Site: ha.org.hk
109. Alleged data breach of Prefeitura Municipal de Macaíba
     Category: Data Breach
     Content: The threat actor claims to have breached data from Prefeitura Municipal de Macaíba. The database reportedly contains over 2,500 records including personal identifiable information such as names, gender, and birth details.
     Date: 2026-04-02T19:08:06Z
     Network: openweb
     Published URL: https://breached.st/threads/macaiba-rn-macaiba-rn-gov-br-tanzanian-police-force-rofl-mail-tpf-go-tz.85806/
     Screenshots:
     None
     Threat Actors: cozypandas
     Victim Country: Brazil
     Victim Industry: Government Administration
     Victim Organization: prefeitura municipal de macaíba
     Victim Site: macaiba.rn.gov.br
110. Alleged data leak of Reid Park Best Ball
     Category: Data Breach
     Content: Group claims to have leaked data from Reid Park Best Ball.
     Date: 2026-04-02T19:04:02Z
     Network: telegram
     Published URL: https://t.me/c/3398932380/2102
     Screenshots:
     None
     Threat Actors: Escanors Official
     Victim Country: USA
     Victim Industry: Sports
     Victim Organization: reid park best ball
     Victim Site: reidparkbb.com
111. Alleged sale of Ingatlan.com database
     Category: Data Breach
     Content: The threat actor claims to be selling database of ingatlan.com. The database contains approximately 254,000 records and is structured across contacts, property inquiries, and property offers. The data reportedly includes personal and contact information such as email addresses, phone numbers, and lead details, along with property-related interactions including inquiries, budgets, preferences, and offer negotiations.
     Date: 2026-04-02T19:03:58Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-254k-Hungary-www-ingatlan-com-Real-estate-leads-including-contacts-emails-phones
     Screenshots:
     None
     Threat Actors: Grubder
     Victim Country: Hungary
     Victim Industry: Real Estate
     Victim Organization: ingatlan.com
     Victim Site: ingatlan.com
112. Alleged distribution of 13 million email credential combolist
     Category: Combo List
     Content: Threat actor CODER is distributing a combolist containing 13 million email and password combinations through Telegram channels. The credentials are being shared for free via dedicated Telegram groups.
     Date: 2026-04-02T19:02:07Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70843/
     Screenshots:
     None
     Threat Actors: CODER
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
113. Alleged Sale of High Balance Credit Cards
     Category: Combo List
     Content: A threat actor is offering credit cards (CCs) with high balances for sale in a marketplace channel. No specific price, country, or card details were provided in the post.
     Date: 2026-04-02T18:55:29Z
     Network: telegram
     Published URL: https://t.me/c/2613583520/58902
     Screenshots:
     None
     Threat Actors: Xrmz
     Victim Country: Unknown
     Victim Industry: Financial Services
     Victim Organization: Unknown
     Victim Site: Unknown
114. Alleged Data Breach of IT Power SRL
     Category: Data Breach
     Content: The threat actor claims to have breached data from IT Power SRL.The compromised data includes B2B client records, company details, contact information, invoices, and other business-related data.
     Date: 2026-04-02T18:53:08Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-itpower-ro-Romanian-IT-Company-Database-with-B2B-Client-Data
     Screenshots:
     None
     Threat Actors: xorcat
     Victim Country: Romania
     Victim Industry: Information Services
     Victim Organization: it power srl
     Victim Site: itpower.ro
115. Alleged data breach of BreachForums by ShinyHunters upon departure
     Category: Data Breach
     Content: ShinyHunters reportedly leaked the BreachForums user database as a farewell action upon leaving the platform. The link references an SC World article covering the incident where the threat actor marked their departure by exposing the sites own user data.
     Date: 2026-04-02T18:51:35Z
     Network: telegram
     Published URL: https://t.me/c/3737716184/604
     Screenshots:
     None
     Threat Actors: ShinyHunters
     Victim Country: Unknown
     Victim Industry: Cybercrime Forum
     Victim Organization: BreachForums
     Victim Site: breachforums.com
116. Alleged data breach sale by ShinyHunters involving 13 million support tickets and employee records
     Category: Data Breach
     Content: Threat actor ShinyHunters is allegedly selling a dataset containing 13 million support tickets with personal data and 15,000 employee records, priced at $10,000. Contact handle listed as @shinyc0rpsss.
     Date: 2026-04-02T18:51:26Z
     Network: telegram
     Published URL: https://t.me/c/3500620464/6241
     Screenshots:
     None
     Threat Actors: ShinyHunters
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
117. Alleged sale of stolen CVV payment card data via PepeCard carding store
     Category: Logs
     Content: A carding store called PepeCard is advertising stolen CVV payment card data for sale. The store claims to have been operating for over three years, offering renewals for 100,000+ cards daily covering US, Canada, UK, and global cards. US CVV cards start at $1, international cards at $1.50. The store claims 75-95% card validity and only charges for valid cards. The service is accessible via clearnet (pepecard.mobi) and Tor (.onion). Free top-up codes are distributed daily via their Telegram channels.
     Date: 2026-04-02T18:50:37Z
     Network: telegram
     Published URL: https://t.me/pepeCardk/3
     Screenshots:
     None
     Threat Actors: PepeCard
     Victim Country: Unknown
     Victim Industry: Financial Services
     Victim Organization: Unknown
     Victim Site: Unknown
118. Alleged Data Breach of BreachForums User Database by ShinyHunters
     Category: Data Breach
     Content: Threat actor ShinyHunters reportedly leaked the BreachForums user database upon their departure from the platform. The leak includes user data from the cybercrime forum BreachForums. Supporting media and a news article reference from SC World corroborate the claim.
     Date: 2026-04-02T18:50:28Z
     Network: telegram
     Published URL: https://t.me/c/3737716184/602
     Screenshots:
     None
     Threat Actors: ShinyHunters
     Victim Country: Unknown
     Victim Industry: Cybercrime Forum
     Victim Organization: BreachForums
     Victim Site: Unknown
119. Alleged data leak of MiSalud Health
     Category: Data Breach
     Content: Group claims to have leaked data from MiSalud Health.
     Date: 2026-04-02T18:48:30Z
     Network: telegram
     Published URL: https://t.me/c/3398932380/2159
     Screenshots:
     None
     Threat Actors: Escanors Files
     Victim Country: USA
     Victim Industry: Health & Fitness
     Victim Organization: misalud health
     Victim Site: misaludhealth.com
120. Alleged Sale of Japan User Database
     Category: Initial Access
     Content: The threat actor claims to be selling a database containing personal information of Japanese users, including names, contact details, and other identifying data.
     Date: 2026-04-02T18:48:14Z
     Network: openweb
     Published URL: https://forum.exploit.in/topic/279743/
     Screenshots:
     None
     Threat Actors: Datavortex
     Victim Country: Japan
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
121. Alleged sale of Pegasus-like zero-click RAT spyware
     Category: Malware
     Content: The threat actor claims to be selling a surveillance malware described as a “zero-click” remote access trojan (RAT) allegedly capable of targeting both Android and iOS devices without requiring user-installed applications. According to the listing, the tool reportedly enables extensive monitoring capabilities including device information collection, real-time location tracking, call logs, messages, contacts, notifications, and social media account access. Additional features allegedly include keylogging, file management, remote device control, live camera and microphone access, and modules targeting banking and cryptocurrency data. The malware is also described as supporting botnet functionality and operating across recent mobile OS versions.
     Date: 2026-04-02T18:43:16Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-Selling-Pegasus-Like-Zero-Click-RAT-Spyware-%F0%9F%98%B1-Android-iOS-Hack-Without-APK-IPA-ZeroDay
     Screenshots:
     None
     Threat Actors: xone9to1
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
122. Alleged sale of Hotmail UHQ and multi-country combolists including major e-commerce platforms
     Category: Combo List
     Content: Threat actor Wěilóng is selling private cloud Hotmail Ultra High Quality (UHQ) credentials and combolists covering multiple countries (DE, FR, IT, BR, UK, US, JP, PL, RU, ES, NL, MX, CA, SP, SG and others). The offering includes service-specific combolists for platforms such as Kleinanzeigen, eBay, Reddit, Poshmark, Depop, Walmart, and Amazon. Seller claims to accommodate keyword checks for serious buyers.
     Date: 2026-04-02T18:39:48Z
     Network: telegram
     Published URL: https://t.me/c/2613583520/58899
     Screenshots:
     None
     Threat Actors: Wěilóng
     Victim Country: Unknown
     Victim Industry: E-commerce, Technology, Social Media
     Victim Organization: Hotmail, eBay, Amazon, Walmart, Reddit, Poshmark, Depop, Kleinanzeigen
     Victim Site: Unknown
123. Alleged leak of Hotmail credentials
     Category: Combo List
     Content: Threat actor NUllSHop0X shared a combolist containing 32,000 Hotmail email credentials claimed to be fresh and valid for free download on a cybercriminal forum.
     Date: 2026-04-02T18:38:58Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70841/
     Screenshots:
     None
     Threat Actors: NUllSHop0X
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
124. Alleged distribution of credential combolist containing 12 million email-password pairs
     Category: Combo List
     Content: Threat actor distributing a combolist containing 12 million email-password combinations for free via Telegram channels. The actor promotes multiple Telegram groups for accessing free credential lists and programs.
     Date: 2026-04-02T18:38:26Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70842/
     Screenshots:
     None
     Threat Actors: CODER
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
125. Alleged leak of Cisco source code by ShinyHunters
     Category: Data Breach
     Content: Threat actor ShinyHunters is claiming to have obtained and is sharing over 3 million lines of Cisco source code. The post includes photo evidence and is accompanied by a reference to their official Tor mirror site at jwpk4xnimsi3xw42cznpfuzuyigu2lveqli5klcpozu6vq52iic7k6id.onion, which appears to be a data leak/auction platform with gambling/credits features.
     Date: 2026-04-02T18:32:06Z
     Network: telegram
     Published URL: https://t.me/c/3500620464/6229
     Screenshots:
     None
     Threat Actors: ShinyHunters
     Victim Country: United States
     Victim Industry: Technology
     Victim Organization: Cisco
     Victim Site: cisco.com
126. Alleged sale of Jófogás database
     Category: Data Breach
     Content: The threat actor claims to be selling database of Jófogás. The database contains approximately 276,000 records and is structured across contacts, listings management, and user activity logs. The data reportedly includes personal information such as email addresses, usernames, phone numbers, full names, registration details, account status, and login activity, along with user permissions, security settings, and platform interaction logs including IP addresses and device information.
     Date: 2026-04-02T18:29:24Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-276k-Hungary-https-www-jofogas-hu-User-data-including-emails-usernames-registr
     Screenshots:
     None
     Threat Actors: Grubder
     Victim Country: Hungary
     Victim Industry: E-commerce & Online Stores
     Victim Organization: jófogás
     Victim Site: jofogas.hu
127. Alleged Data Breach of Zhejiang Education Department (zjedu.gov.cn) – 11M Records for Sale
     Category: Data Breach
     Content: A threat actor operating under the handle @SolonixBF is allegedly selling a database obtained from the Zhejiang Education Department (zjedu.gov.cn), a Chinese government education authority. The dataset purportedly contains 11 million records in CSV format, including full names, Chinese national IDs, parent names, phone numbers, addresses, regions, class information, and school names. The data is dated April 1, 2026, and is being offered for 2,160 USD.
     Date: 2026-04-02T18:27:16Z
     Network: telegram
     Published URL: https://t.me/SolonikChannels/299
     Screenshots:
     None
     Threat Actors: SolonixBF
     Victim Country: China
     Victim Industry: Government / Education
     Victim Organization: Zhejiang Education Department
     Victim Site: zjedu.gov.cn
128. Alleged leak of SMAN 1 Ciamis database
     Category: Data Breach
     Content: The threat actor claims to have leaked database of SMAN 1 Ciamis, containing over 50,000 records related to students, teachers, and academic data. According to the listing, the dataset is provided in SQL format with a size of approximately 1.07 GB and includes personal and academic information such as student names, NISN numbers, dates of birth, addresses, parent or guardian details, phone numbers, class and grade information, exam scores, graduation status, and enrollment records. The dataset also reportedly includes teacher information such as names, NIP identifiers, subject assignments, and schedules.
     Date: 2026-04-02T18:26:24Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-sman1ciamis-net-Indonesian-High-School-Complete-Database
     Screenshots:
     None
     Threat Actors: xorcat
     Victim Country: Indonesia
     Victim Industry: Education
     Victim Organization: sman 1 ciamis
     Victim Site: sman1ciamis.net
129. Alleged leak of mixed domain credential combolist
     Category: Combo List
     Content: A threat actor shared a combolist containing 8,816 credential entries targeting mixed domains through a file sharing service.
     Date: 2026-04-02T18:25:41Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70839/
     Screenshots:
     None
     Threat Actors: BestCombo
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
130. Alleged sale of multiple personal data databases including SSN, passports, and driver licenses
     Category: Data Breach
     Content: A threat actor is allegedly offering various personal data databases including driver licenses, SSNs, passports, consumer information, phone lists, email lists, and company databases through Telegram contact.
     Date: 2026-04-02T18:25:31Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70840/
     Screenshots:
     None
     Threat Actors: jannatmirza11
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
131. Alleged data leak of mandarin.br
     Category: Data Leak
     Content: Group claims to have leaked data from mandarin.br. The compromised data includes SAE, sent emails, personal documents, mandabem, FTP transfers and archives, hotlines and business data, APIs and clients such as Mercado Livre, Motorola, VIVO, SAMSUNG, Redbull Vick, Kia, Novo Nordisk, WHIRLPOOL, Unilever, and many more stolen information
     Date: 2026-04-02T18:18:47Z
     Network: telegram
     Published URL: https://t.me/c/3398932380/2121
     Screenshots:
     None
     Threat Actors: Escanors Files
     Victim Country: Brazil
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: mandarin.br
132. Alleged sale of Bottega Verde
     Category: Data Breach
     Content: The threat actor claims to have breached the database from bottegaverde, the compromised dataset includes personal information, purchasing details, marketing preferences, and customer support interactions, creating significant privacy and fraud-related risks.
     Date: 2026-04-02T18:16:14Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-478k-Italy-https-www-bottegaverde-it-Customer-contacts-addresses-phones-privac
     Screenshots:
     None
     Threat Actors: Grubder
     Victim Country: Italy
     Victim Industry: Cosmetics
     Victim Organization: bottega verde
     Victim Site: bottegaverde.it
133. Alleged Sale of Unauthorized Admin Access to a U.S.-Based X-Cart Online Store
     Category: Initial Access
     Content: The threat actor claims to be selling unauthorized administrator access to a U.S.-based X-Cart e-commerce store with active order volume and integrated payment processing methods.
     Date: 2026-04-02T18:15:49Z
     Network: openweb
     Published URL: https://forum.exploit.in/topic/279732/
     Screenshots:
     None
     Threat Actors: Mater
     Victim Country: USA
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
134. Alleged sale of exclusive access by WeLeakLabs
     Category: Initial Access
     Content: WeLeakLabs is advertising a Good Friday Sale offering exclusive access at a discounted price of $100 (reduced from $150) using coupon code GOODFRIDAY. The product is listed on their storefront at weleaklabs.mysellauth.com. The nature of the exclusive access is unspecified but is consistent with initial access, logs, or data product sales typical of this type of threat actor channel.
     Date: 2026-04-02T18:06:53Z
     Network: telegram
     Published URL: https://t.me/c/3255852681/46
     Screenshots:
     None
     Threat Actors: WeLeakLabs
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
135. Alleged sale of Entab
     Category: Data Breach
     Content: The threat actor claims to have breached the database from entab, the dataset contains students, guardians, and institutional users by revealing sensitive educational, personal, and account-related details.
     Date: 2026-04-02T18:05:46Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-763k-India-https-www-entab-in-Detailed-personal-and-contact-records-database
     Screenshots:
     None
     Threat Actors: Grubder
     Victim Country: India
     Victim Industry: Education
     Victim Organization: entab
     Victim Site: entab.in
136. Alleged emergence of CrystalRAT malware with remote access and data theft capabilities
     Category: Malware
     Content: A new malware named CrystalRAT has been identified operating as a Malware-as-a-Service (MaaS). It features remote access, data theft, keylogging, and clipboard content replacement. The malware uses ChaCha20 encryption and automated tools to protect its malicious files, and is designed similarly to WebRAT. Notable features include digital prank capabilities such as screen rotation, system shutdown, disabling inputs, and displaying fake notifications. It also steals data from browsers and popular applications including Telegram, Discord, and Steam.
     Date: 2026-04-02T18:03:16Z
     Network: telegram
     Published URL: https://t.me/c/1283513914/20918
     Screenshots:
     None
     Threat Actors: خبرگزاری سایبربان| Cyberban News
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
137. Alleged distribution of 13 million credential combolist targeting travel and hospitality sectors
     Category: Combo List
     Content: Threat actor CODER is distributing a combolist containing 13 million email and password combinations through Telegram channels, targeting travel, hospitality, food service, and automotive sectors. The credentials are being shared for free through dedicated Telegram groups.
     Date: 2026-04-02T17:54:08Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70836/
     Screenshots:
     None
     Threat Actors: CODER
     Victim Country: Unknown
     Victim Industry: Travel and Hospitality
     Victim Organization: Unknown
     Victim Site: Unknown
138. Alleged leak of 1.4TB credential database
     Category: Combo List
     Content: User strelok639 leaked a 1.4TB private database containing URL-LOG-PASS credential data, described as 1300GB of history files in TXT format.
     Date: 2026-04-02T17:53:31Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70837/
     Screenshots:
     None
     Threat Actors: strelok639
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
139. Alleged leak of Yahoo credentials combolist
     Category: Combo List
     Content: A threat actor has made available a combolist containing approximately 1.56 million credential pairs targeting Yahoo domain users. The data is distributed via a file-sharing service as a free download.
     Date: 2026-04-02T17:52:50Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70838/
     Screenshots:
     None
     Threat Actors: HQcomboSpace
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Yahoo
     Victim Site: yahoo.com
140. Alleged sale of Magyar Telekom Nyrt database
     Category: Data Breach
     Content: The threat actor claims to be selling a dataset allegedly associated with Magyar Telekom (magyartelekom.hu). According to the listing, the dataset contains approximately 427,000 records and is structured across customer contact data, service request tickets, and audit logs. The data reportedly includes personal information such as names, email addresses, phone numbers, physical addresses, dates of birth, and account details, along with customer support interactions and internal change approval records.
     Date: 2026-04-02T17:47:17Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-427k-Hungary-https-www-magyartelekom-hu-Individual-account-data-with-contact-a
     Screenshots:
     None
     Threat Actors: Grubder
     Victim Country: Hungary
     Victim Industry: Network & Telecommunications
     Victim Organization: magyar telekom nyrt
     Victim Site: magyartelekom.hu
141. Alleged leak of mixed email credentials combolist
     Category: Combo List
     Content: A threat actor shared a combolist containing 21,000 fresh email credentials from mixed sources on an underground forum.
     Date: 2026-04-02T17:42:15Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70833/
     Screenshots:
     None
     Threat Actors: MailAccesss
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
142. Alleged leak of healthcare and educational institution credentials
     Category: Combo List
     Content: Threat actor CODER is distributing a 13 million credential combolist targeting healthcare clinics, dental practices, schools, universities, colleges, institutes and academies through Telegram channels. The credentials are being offered for free distribution rather than sale.
     Date: 2026-04-02T17:41:33Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70834/
     Screenshots:
     None
     Threat Actors: CODER
     Victim Country: Unknown
     Victim Industry: Healthcare and Education
     Victim Organization: Unknown
     Victim Site: Unknown
143. Alleged leak of Hotmail credential combolist
     Category: Combo List
     Content: Threat actor alphaxdd distributed a combolist containing 4,638 Hotmail email credentials described as premium mix mail hits on underground forum.
     Date: 2026-04-02T17:40:34Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70835/
     Screenshots:
     None
     Threat Actors: alphaxdd
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
144. Alleged leak of multi-tenant hosting server database
     Category: Data Leak
     Content: The threat actor claims to have leaked a database allegedly associated with a Southeast Asia-based hosting server hosting over 500 websites. The database contains more than 500,000 user records in SQL format with a total size of approximately 2.75 GB, spanning multiple platforms including e-commerce sites, blogs, forums, and business applications across regions such as Indonesia, Malaysia, and Singapore. The compromised data reportedly includes WordPress user accounts, e-commerce customer data, forum member records, usernames, email addresses, password hashes, IP addresses, registration details, user roles, and associated profile and content metadata.
     Date: 2026-04-02T17:36:34Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-103-59-180-155-SE-Asia-Multi-Tenant-Server-Database-500-Sites-HUGE-BREACH
     Screenshots:
     None
     Threat Actors: xorcat
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
145. Alleged leak of European credential combolist
     Category: Combo List
     Content: A threat actor shared a credential combolist containing 2,900 lines of mixed European domain credentials for free download on a cybercrime forum.
     Date: 2026-04-02T17:16:23Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70832/
     Screenshots:
     None
     Threat Actors: karaokecloud
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
146. Alleged Sale of Cisco Source Code and 3M+ Salesforce Records by ShinyHunters
     Category: Data Breach
     Content: The ShinyHunters threat group is claiming to sell over 3 million Salesforce records containing PII, along with Cisco source code, GitHub repositories, AWS storage data, and other internal corporate data. The breach is dated 2026/04/03. The asking price has been reduced from $660,000 USD to $200,000 USD. The listing is posted on BreachForums and contact is provided via Tox and Session IDs. Multiple news outlets have covered the incident including CyberNews, SOCRadar, and Cryptika.
     Date: 2026-04-02T17:16:07Z
     Network: telegram
     Published URL:
     Screenshots:
     None
     Threat Actors:
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
147. Alleged data breach and sale of Salesforce PII records and Cisco source code by ShinyHunters
     Category: Data Breach
     Content: Threat actor ShinyHunters is selling over 3 million Salesforce records containing PII, along with Cisco source code, GitHub repositories, and AWS storage data. The asking price is $200,000 USD (reduced from $660,000 USD). The sale is listed on BreachForums and has been covered by multiple cybersecurity news outlets including SOCRadar and CyberNews.
     Date: 2026-04-02T17:14:53Z
     Network: telegram
     Published URL:
     Screenshots:
     None
     Threat Actors:
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
148. Alleged leak of unauthorized access to Israel’s missile defense data
     Category: Initial Access
     Content: The group claims to have gained unauthorized access to an Israeli missile defense command-and-control system. According to the post, they allegedly obtained around 1.27 GB of sensitive data, including missile trajectories and intercept information.NB :- The authenticity of the claim is yet to be verified.
     Date: 2026-04-02T17:11:11Z
     Network: telegram
     Published URL: https://t.me/c/2869875394/427#
     Screenshots:
     None
     Threat Actors: We are Cardinal
     Victim Country: Israel
     Victim Industry: Defense & Space
     Victim Organization: Unknown
     Victim Site: Unknown
149. Alleged leak of push notification server database
     Category: Data Leak
     Content: The threat actor claims to have leaked a database allegedly associated with a U.S.-based push notification server. The database contains over 400,000 records in SQL format with a total size of approximately 3.36 GB, reportedly sourced from push notification logs. The compromised data is described as including phone numbers, complaint IDs, push notification strings, delivery results, timestamps, and user interaction indicators such as open and click status.
     Date: 2026-04-02T17:08:36Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-US-SERVER-LEAK-49-50-64-64-Push-Notification-Server-with-Phone-Numbers-DUMPED
     Screenshots:
     None
     Threat Actors: xorcat
     Victim Country: USA
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
150. Alleged leak of entertainment industry credential list targeting streaming and gaming platforms
     Category: Combo List
     Content: Actor CODER is distributing an 11.1 million record credential list targeting art, music, video, games, film and TV platforms through Telegram channels. The combolist appears to focus on entertainment industry services and is being shared for free through dedicated Telegram groups.
     Date: 2026-04-02T16:55:51Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70830/
     Screenshots:
     None
     Threat Actors: CODER
     Victim Country: Unknown
     Victim Industry: Entertainment
     Victim Organization: Unknown
     Victim Site: Unknown
151. Alleged leak of USA credential combolist
     Category: Combo List
     Content: A threat actor shared a combolist containing 10,000 USA-based credentials on a cybercriminal forum. The credentials appear to be made available as a free download for registered forum users.
     Date: 2026-04-02T16:55:21Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70831/
     Screenshots:
     None
     Threat Actors: RandomUpload
     Victim Country: United States
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
152. Alleged sale of mail access, combolists, and stealer logs targeting multiple countries
     Category: Logs
     Content: A threat actor is advertising mail access, configs, scripts, tools, hits, and combolists for multiple countries including France, Belgium, Australia, Canada, United Kingdom, United States, Netherlands, Poland, Germany, and Japan. Custom requests are available via @Dataxlogs.
     Date: 2026-04-02T16:53:29Z
     Network: telegram
     Published URL:
     Screenshots:
     None
     Threat Actors:
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
153. Alleged WhatsApp Spyware Campaign via Fake App Targeting iPhone Users in Italy
     Category: Malware
     Content: WhatsApp has warned that approximately 200 users were tricked into installing a fake version of the app on their iPhones, which contained spyware capable of stealing their data. Attackers used deceptive links and messages to distribute the malicious app. Most victims were located in Italy. WhatsApp revoked access for affected users, advised removal of the fake app, and took legal action against an Italian company allegedly responsible for the campaign.
     Date: 2026-04-02T16:47:14Z
     Network: telegram
     Published URL:
     Screenshots:
     None
     Threat Actors:
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
154. Alleged sale of Rakuten Group, Inc
     Category: Data Breach
     Content: The threat actor claims to be selling database of Rakuten Group, Inc. According to the listing, the dataset contains approximately 842,000 records and includes customer contact information, order history, and support ticket data. The data reportedly contains personal details such as names, email addresses, phone numbers, physical addresses, and account-related information including password hashes, login timestamps, and purchase activity.
     Date: 2026-04-02T16:31:12Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-842k-Japan-https-www-rakuten-co-jp-User-accounts-with-contact-purchase-and-v
     Screenshots:
     None
     Threat Actors: Grubder
     Victim Country: Japan
     Victim Industry: E-commerce & Online Stores
     Victim Organization: rakuten group, inc
     Victim Site: rakuten.co.jp
155. Alleged data breach of Mandarin Brazil (mandarin.br)
     Category: Data Breach
     Content: A threat actor operating under @shinyc0rpsss claims to have stolen confidential data from Mandarin, a Brazilian multimedia and graphic design company headquartered in São Paulo. Stolen data allegedly includes SAE files, sent emails, personal documents, FTP transfers, hotline records, business data, APIs, and client data from major companies including Mercado Livre, Motorola, VIVO, Samsung, Red Bull, Kia, Novo Nordisk, Whirlpool, and Unilever.
     Date: 2026-04-02T16:27:04Z
     Network: telegram
     Published URL:
     Screenshots:
     None
     Threat Actors:
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
156. Alleged data breach of PinDuoDuo with 14.5 Billion Shopping Orders
     Category: Data Breach
     Content: A threat actor is selling an alleged dataset of 14.5 billion shopping orders from PinDuoDuo (pinduoduo.com), containing approximately 690 million unique individuals data including names, phone numbers, addresses, order IDs, goods names, prices, and timestamps. The compressed archive is reported to be 892GB in size. The asking price is $10,000.
     Date: 2026-04-02T16:26:47Z
     Network: telegram
     Published URL:
     Screenshots:
     None
     Threat Actors:
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
157. Alleged Sale of 8.15 Billion Taobao Shopping History Records
     Category: Data Breach
     Content: A threat actor operating under @shinyc0rpsss is allegedly selling 8.15 billion pieces of Chinese e-commerce shopping history data sourced from Taobao (taobao.com). The dataset reportedly contains approximately 600 million individuals records including platform, user ID, phone number, name, address, shopping details, price, and date. The compressed archive (tar.gz) is approximately 600GB and the CSV format is approximately 1.8TB. No price was explicitly mentioned for this dataset.
     Date: 2026-04-02T16:26:13Z
     Network: telegram
     Published URL:
     Screenshots:
     None
     Threat Actors:
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
158. Alleged Mega Credential Compilation of 840M Email:Password Combos (2025)
     Category: Combo List
     Content: A 45GB credential compilation labeled Mega Credential Compilation 2025 has been made available for free download. The archive claims to contain approximately 840 million unique email:password combos and url:login:pass entries sourced from 5,000+ breaches, combolists, and RAT/stealer logs. Coverage includes major providers such as Gmail, Yahoo, and Hotmail as well as corporate and regional domains globally. Distributed as a single deduped TXT file via fex.net.
     Date: 2026-04-02T16:25:58Z
     Network: telegram
     Published URL:
     Screenshots:
     None
     Threat Actors:
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
159. Alleged data breach of multiple international websites by threat actor Payload
     Category: Data Breach
     Content: A threat actor operating under the name payload claims to have breached databases from 11 websites across multiple countries between March 18–21, 2026. The compromised sites include domains from Mexico, Italy, Argentina, Puerto Rico, Egypt, Thailand, and the United States. Stolen databases are being made available for download via a Tor onion link.
     Date: 2026-04-02T16:23:53Z
     Network: telegram
     Published URL:
     Screenshots:
     None
     Threat Actors:
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
160. Alleged sale of I.C. Co., Ltd database
     Category: Data Breach
     Content: The threat actor claims to be selling database of I.C. Co., Ltd. According to the listing, the dataset contains approximately 437,000 records and is structured across contacts, order history, and support ticket data. The information reportedly includes personal details such as names, email addresses, phone numbers, physical addresses, and demographic attributes, along with purchase records, billing and shipping information, and customer support interactions.
     Date: 2026-04-02T16:21:06Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-437k-Japan-https-ic-ad-co-jp-User-contacts-emails-phone-numbers-addresses-j
     Screenshots:
     None
     Threat Actors: Grubder
     Victim Country: Japan
     Victim Industry: Information Technology (IT) Services
     Victim Organization: i.c. co., ltd
     Victim Site: ic-ad.co.jp
161. Website defacement of The Pets Yard by PWNLOLZ team member Sparked
     Category: Defacement
     Content: The PWNLOLZ team, specifically attacker Sparked, defaced the homepage of The Pets Yard website on April 2, 2026. This appears to be a redefacement of a previously compromised site targeting a pet services business in India.
     Date: 2026-04-02T16:20:24Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827368
     Screenshots:
     None
     Threat Actors: Sparked, PWNLOLZ
     Victim Country: India
     Victim Industry: Pet services/E-commerce
     Victim Organization: The Pets Yard
     Victim Site: thepetsyard.in
162. Alleged data breach of eolo
     Category: Data Breach
     Content: The threat actor claims to have breached a database from eolo. The compromised dataset includes customer contacts, service contracts, and customer device records.
     Date: 2026-04-02T16:17:41Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-587k-Italy-www-eolo-it-Customer-records-with-personal-info-contacts-subscripti
     Screenshots:
     None
     Threat Actors: Grubder
     Victim Country: Italy
     Victim Industry: Network & Telecommunications
     Victim Organization: eolo
     Victim Site: eolo.it
163. Website defacement of Combinal by DimasHxR
     Category: Defacement
     Content: The attacker DimasHxR successfully defaced a customer portal page on the Combinal website on April 2, 2026. This appears to be an isolated defacement targeting the Swedish technology companys media/customer section.
     Date: 2026-04-02T16:14:18Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827348
     Screenshots:
     None
     Threat Actors: DimasHxR
     Victim Country: Sweden
     Victim Industry: Technology
     Victim Organization: Combinal
     Victim Site: combinal.se
164. Website defacement of Romanian toys/modeling website by DimasHxR
     Category: Defacement
     Content: Threat actor DimasHxR defaced a Romanian website focused on modeling and toys (modelismjucarii.ro) on April 2, 2026. The attack targeted a specific subdirectory rather than the main homepage.
     Date: 2026-04-02T16:13:44Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827363
     Screenshots:
     None
     Threat Actors: DimasHxR
     Victim Country: Romania
     Victim Industry: Retail/E-commerce
     Victim Organization: Unknown
     Victim Site: modelismjucarii.ro
165. Website defacement of Medix Biochemica by DimasHxR
     Category: Defacement
     Content: Individual attacker DimasHxR successfully defaced a media subdirectory of Medix Biochemicas website on April 2, 2026. This was a targeted single-site defacement rather than part of a mass campaign.
     Date: 2026-04-02T16:13:11Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827364
     Screenshots:
     None
     Threat Actors: DimasHxR
     Victim Country: Finland
     Victim Industry: Healthcare/Biotechnology
     Victim Organization: Medix Biochemica
     Victim Site: medixbiochemica.com
166. Website defacement of Wein Wolff by DimasHxR
     Category: Defacement
     Content: German wine retailer Wein Wolff suffered a website defacement attack on April 2, 2026 by threat actor DimasHxR. The attack targeted a specific media/customer directory rather than the main homepage.
     Date: 2026-04-02T16:12:37Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827365
     Screenshots:
     None
     Threat Actors: DimasHxR
     Victim Country: Germany
     Victim Industry: Wine/Alcohol Retail
     Victim Organization: Wein Wolff
     Victim Site: wein-wolff.de
167. Website defacement of alinacernatescu.com by DimasHxR
     Category: Defacement
     Content: Individual attacker DimasHxR defaced the alinacernatescu.com website on April 2, 2026. The incident appears to be a targeted defacement rather than part of a mass campaign.
     Date: 2026-04-02T16:12:04Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827366
     Screenshots:
     None
     Threat Actors: DimasHxR
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: alinacernatescu.com
168. Alleged leak of Hotmail.fr credentials
     Category: Combo List
     Content: A threat actor shared a credential list containing 20,145 lines targeting hotmail.fr domain users via a free download link on a cybercrime forum.
     Date: 2026-04-02T16:09:14Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70825/
     Screenshots:
     None
     Threat Actors: BestCombo
     Victim Country: France
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.fr
169. Alleged leak of mixed email credentials
     Category: Combo List
     Content: A threat actor shared a mixed email combolist for free download through a Telegram channel. The post appears on a forum dedicated to credential lists and compromised data.
     Date: 2026-04-02T16:08:54Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70826/
     Screenshots:
     None
     Threat Actors: snowstormxd
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
170. Alleged distribution of mixed email credential combolist
     Category: Combo List
     Content: Threat actor distributing a 12 million record combolist containing mixed email and password credentials through Telegram channels. The credentials appear to be from various sources and are being shared for free.
     Date: 2026-04-02T16:08:34Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70827/
     Screenshots:
     None
     Threat Actors: CODER
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
171. Website defacement of einkaufsring.com by DimasHxR
     Category: Defacement
     Content: DimasHxR defaced the einkaufsring.com website on April 2, 2026, targeting what appears to be a German retail organizations media directory.
     Date: 2026-04-02T16:06:03Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827264
     Screenshots:
     None
     Threat Actors: DimasHxR
     Victim Country: Germany
     Victim Industry: Retail
     Victim Organization: Einkaufsring
     Victim Site: einkaufsring.com
172. Alleged sale of SmartHR, Inc database
     Category: Data Breach
     Content: The threat actor claims to be selling a dataset allegedly associated with SmartHR, Inc. According to the listing, the dataset contains approximately 672,000 records and includes detailed employee-related information across multiple categories such as contacts, payroll records, and work appointment data. The data reportedly includes personal details (names, birthdates, contact information, addresses), employment records, salary and tax information, and organizational roles within government-related entities.
     Date: 2026-04-02T16:05:33Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-672k-Japan-https-smarthr-jp-Employee-personal-data-including-contacts-emails
     Screenshots:
     None
     Threat Actors: Grubder
     Victim Country: Japan
     Victim Industry: Human Resources
     Victim Organization: smarthr, inc
     Victim Site: smarthr.jp
173. Website defacement of mmskaufen.com by DimasHxR
     Category: Defacement
     Content: DimasHxR conducted a website defacement attack against mmskaufen.com on April 2, 2026. The attack targeted a specific subdirectory rather than the main homepage of the German e-commerce site.
     Date: 2026-04-02T16:05:29Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827265
     Screenshots:
     None
     Threat Actors: DimasHxR
     Victim Country: Germany
     Victim Industry: E-commerce
     Victim Organization: Unknown
     Victim Site: mmskaufen.com
174. Website defacement of coverscenter.com by DimasHxR
     Category: Defacement
     Content: DimasHxR successfully defaced the coverscenter.com website on April 2, 2026. The incident appears to be an isolated single-target defacement rather than part of a mass campaign.
     Date: 2026-04-02T16:04:56Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827276
     Screenshots:
     None
     Threat Actors: DimasHxR
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Covers Center
     Victim Site: coverscenter.com
175. NightSpire_Breach Leaks Data for Beltran & Garcia Financial Investment SLU and HLF Heizung-Sanitär GmbH
     Category: Data Leak
     Content: Threat actor NightSpire_Breach has published free data download links for two victims: Beltran & Garcia Financial Investment SLU (Spanish financial firm) and HLF Heizung-Sanitär GmbH (German HVAC/plumbing company). Both links are hosted on a Tor onion site, consistent with ransomware group leak site infrastructure. Data appears to be freely shared, suggesting ransom negotiations failed or this is a public pressure tactic.
     Date: 2026-04-02T16:02:18Z
     Network: telegram
     Published URL:
     Screenshots:
     None
     Threat Actors:
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
176. Herios Botnet 2026 – DDoS-for-Hire Service with 1T–2.5T Raw Capacity
     Category: Malware
     Content: Threat actor m4lware is advertising Herios Botnet 2026, a DDoS-as-a-service platform with significant claimed capabilities: 1T–2.5T raw network capacity, 26M+ PPS spoofed servers (2 dedicated servers at 13M PPS each), Layer4 delivering 20G & 1.5M PPS per concurrent, Layer7 running on 3 dedicated servers (88 threads x3), and bypass methods coded in C targeting Cloudflare Path, Dataforest, GCORE protections. Flood types include udpboom, udpspazz, fivem, tcpbypass, udpbypass, amplification attacks. Pricing: $150/month for CNC, $350 for API, UDPPLAIN add-on $150/month. 220 total slots (90 L7, 130 L4). Payments via PayPal, gift cards, and crypto. Support via @herios_supportbot.
     Date: 2026-04-02T15:58:57Z
     Network: telegram
     Published URL:
     Screenshots:
     None
     Threat Actors:
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
177. Website defacement of lepvmbj.org by NUCLIER-Y-C-C-M
     Category: Defacement
     Content: NUCLIER-Y-C-C-M successfully defaced lepvmbj.org on April 2, 2026. This was a targeted single-site attack rather than part of a mass defacement campaign.
     Date: 2026-04-02T15:58:49Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827255
     Screenshots:
     None
     Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: lepvmbj.org
178. Alleged leak of mixed email credential lists
     Category: Combo List
     Content: User klyne05 shared mixed email credential lists described as private, fresh, and checked on CrackingX forum. The post offers free download of combolists without specifying record counts or victim sources.
     Date: 2026-04-02T15:58:01Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70824/
     Screenshots:
     None
     Threat Actors: klyne05
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
179. Alleged data leak of ideepourpro.com
     Category: Data Leak
     Content: The threat actor claims to have leaked 200,000 records of data from ideepourpro.com. the compromised dataset includes names, business emails, phone numbers, job roles, company details, business addresses, and lead tracking information.
     Date: 2026-04-02T15:51:07Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-ideepourpro-com-French-Business-CRM-Database-with-200K-Contacts-Leads
     Screenshots:
     None
     Threat Actors: xorcat
     Victim Country: France
     Victim Industry: Other Industry
     Victim Organization: Unknown
     Victim Site: ideepourpro.com
180. Alleged leak of Hotmail credentials
     Category: Combo List
     Content: A threat actor is distributing a combolist containing 614 Hotmail email credentials, organized by country. The credentials are being shared as a free download on an underground forum.
     Date: 2026-04-02T15:47:05Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70823/
     Screenshots:
     None
     Threat Actors: Hotmail Cloud
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
181. Threat: Squad Chat Marketplace
     Category: Cyber Attack
     Content: No actionable threat intelligence. Message is just an advertisement/referral to a Telegram handle for a checker service with no technical details, targets, or specific threat content.
     Date: 2026-04-02T15:46:58Z
     Network: telegram
     Published URL:
     Screenshots:
     None
     Threat Actors:
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
182. Alleged leak of Hotmail credentials targeting shopping platforms
     Category: Combo List
     Content: A threat actor distributed a combolist containing 377,639 Hotmail credentials allegedly targeting shopping platforms. The credential list was made available through a file hosting service.
     Date: 2026-04-02T15:36:17Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70821/
     Screenshots:
     None
     Threat Actors: HQcomboSpace
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Hotmail
     Victim Site: hotmail.com
183. Alleged leak of Hotmail credential combolist
     Category: Combo List
     Content: A threat actor is allegedly distributing a credential combolist containing valid Hotmail accounts along with other mixed credentials through Telegram. The actor claims the data is high quality and valid.
     Date: 2026-04-02T15:35:57Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70822/
     Screenshots:
     None
     Threat Actors: noir
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
184. Threat: LulzSec Black🇵🇸
     Category: other
     Content: Message is historical/political commentary about the October 1973 war and Muslim unity – no actionable threat intelligence, IOCs, or cybersecurity relevance.
     Date: 2026-04-02T15:31:04Z
     Network: telegram_channel
     Published URL:
     Screenshots:
     None
     Threat Actors:
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
185. NoName057(16) DDoS Campaign Against Multiple Ukrainian Organizations
     Category: ddos
     Content: Pro-Russian hacktivist group NoName057(16) conducted DDoS attacks against six Ukrainian organizations: Ukrainian Research Institute of Aviation Technologies, Octava Capital (investment/asset management), Artemovsk Non-Ferrous Metals Processing Plant (metallurgy), LAN Systems (corporate IT support), Amstor Retail Group (commercial real estate), and Dneprospetsstal (stainless steel manufacturer). Attacks conducted under #OpUkraine campaign with hashtags #FuckEastwood and #TimeOfRetribution.
     Date: 2026-04-02T15:27:07Z
     Network: telegram_channel
     Published URL:
     Screenshots:
     None
     Threat Actors:
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
186. Alleged leak of Hotmail credentials
     Category: Combo List
     Content: Threat actor KiwiShio shared a combolist containing 775 Hotmail email credentials for free download on a cybercriminal forum.
     Date: 2026-04-02T15:26:42Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70817/
     Screenshots:
     None
     Threat Actors: KiwiShio
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
187. OpsShadowStrike targets the website of The Creator
     Category: Defacement
     Content: The group claims to have defaced the website of The Creator.
     Date: 2026-04-02T15:26:32Z
     Network: telegram
     Published URL: https://t.me/OpsShadowStrike/230
     Screenshots:
     None
     Threat Actors: OpsShadowStrike
     Victim Country: India
     Victim Industry: Education
     Victim Organization: the creator
     Victim Site: thecreator.org.in
188. Alleged distribution of email credential combolist containing 11.3 million records
     Category: Combo List
     Content: Threat actor CODER is distributing a combolist containing 11.3 million email and password combinations through Telegram channels. The credentials are being shared for free with SMTP configuration capabilities.
     Date: 2026-04-02T15:26:23Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70818/
     Screenshots:
     None
     Threat Actors: CODER
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
189. Alleged leak of Hotmail credentials
     Category: Combo List
     Content: A threat actor shared a combolist containing 5,770 allegedly valid Hotmail email and password combinations via a file sharing service.
     Date: 2026-04-02T15:26:03Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70819/
     Screenshots:
     None
     Threat Actors: Kommander0
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
190. Alleged leak of Hotmail credentials
     Category: Combo List
     Content: User HollowKnight07 shared a sample of 430 Hotmail credentials as a free download on CrackingX forum. This appears to be a credential list or combolist containing email and password combinations.
     Date: 2026-04-02T15:25:42Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70820/
     Screenshots:
     None
     Threat Actors: HollowKnight07
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
191. NoName057(16) DDoS Campaign Against Danish Electrical/Energy Sector (#OpDenmark)
     Category: ddos
     Content: NoName057(16) claims DDoS attacks against six Danish companies in the electrical installation and renewable energy sector: Brabrand EL, Egå El, Kron-El, ELCON, VS Automatic, and Raaby & Rosendal. Multiple check-host.net reports provided as proof. Tagged with #FuckEastwood #TimeOfRetribution #OpDenmark, indicating politically motivated hacktivist campaign targeting Denmark.
     Date: 2026-04-02T15:24:26Z
     Network: telegram_channel
     Published URL:
     Screenshots:
     None
     Threat Actors:
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
192. NightSpire_Breach Claims Data Breach of Beltran & Garcia Financial Investment SLU (Spain)
     Category: breach
     Content: Threat actor NightSpire_Breach is claiming responsibility for a data breach targeting Beltran & Garcia Financial Investment SLU, a Spanish financial investment company based in Alcantarilla. The actor claims to possess 10GB of internal data including client records, and is offering the data for free. The company is valued at less than 5 million EUR according to the referenced Northdata profile.
     Date: 2026-04-02T15:22:43Z
     Network: telegram_channel
     Published URL:
     Screenshots:
     None
     Threat Actors:
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
193. North Attleboro schools hit by suspected cyberattack
     Category: Cyber Attack
     Content: Selon le superintendant John Antonucci, les écoles de North Attleboro sont confrontées à un incident de cybersécurité impliquant des activités non autorisées sur le réseau. Leur nature na pas été précisée.
     Date: 2026-04-02T15:15:19Z
     Network: openweb
     Published URL: https://www.thesunchronicle.com/news/local_news/north-attleboro-schools-hit-by-suspected-cyberattack/article_be4c41b0-57ef-4516-9234-b03a45b08d29.html
     Screenshots:
     None
     Threat Actors:
     Victim Country: United States
     Victim Industry: Unknown
     Victim Organization: North Attleboro schools
     Victim Site: naschools.net
194. Patriot Regional Emergency Communications Center in Pepperell hit by cyberattack, affecting multiple towns
     Category: Cyber Attack
     Content: Un cyberattaque survenue le 31 mars 2026 a perturbé les lignes téléphoniques non prioritaires et commerciales du centre de communication régional Patriot (PRECC) et des services de sécurité publique de plusieurs municipalités du Massachusetts. Bien que le système durgence 911 soit resté opérationnel et quaucune fuite de données personnelles nait été confirmée, les autorités ont engagé des experts en cybersécurité et des partenaires fédéraux pour contenir lincident et rétablir les services. Les villes de Pepperell, Dunstable, Townsend et Groton ont demandé aux citoyens dutiliser un numéro de téléphone alternatif pour les lignes non prioritaires en attendant la résolution de la crise.
     Date: 2026-04-02T15:15:17Z
     Network: openweb
     Published URL: https://www.sentinelandenterprise.com/2026/04/01/patriot-regional-emergency-communications-center-in-pepperell-hit-by-cyberattack-affecting-multiple-towns/
     Screenshots:
     None
     Threat Actors:
     Victim Country: United States
     Victim Industry: Unknown
     Victim Organization: Patriot Regional Emergency Communications Center
     Victim Site: pepperell.ma.us
195. Alleged Data Breach of Rufeng Educational Platform
     Category: Data Breach
     Content: The threat actor claims to be leaked data from Rufeng Educational Platform. The compromised data reportedly contains 60,609 complete examination question bank across 60 subjects including questions and answers, along with full backend API code, frontend source code, and platform logic enabling full reconstruction of the system.
     Date: 2026-04-02T15:01:56Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-ry-rufengjsfw-com-Database-60K-Chinese-Vocational-Exam-Questions-Full-Sourcecode
     Screenshots:
     None
     Threat Actors: xorcat
     Victim Country: China
     Victim Industry: Education
     Victim Organization: rufeng educational platform
     Victim Site: ry.rufengjsfw.com
196. Mass defacement targeting Brazilian government administration site by maw3six
     Category: Defacement
     Content: Threat actor maw3six conducted a mass defacement attack against the Brazilian government administration domain appd.adm.br on April 2, 2026. This was part of a broader mass defacement campaign rather than a targeted attack on a single organization.
     Date: 2026-04-02T14:56:44Z
     Network: openweb
     Published URL: https://haxor.id/archive/mirror/248207
     Screenshots:
     None
     Threat Actors: maw3six
     Victim Country: Brazil
     Victim Industry: Government
     Victim Organization: Brazilian Administration Department
     Victim Site: appd.adm.br
197. Alleged distribution of mixed corporate credential combolist
     Category: Combo List
     Content: Threat actor CODER is distributing a 5.7 million record credential combolist containing mixed corporate email and password combinations through Telegram channels. The combolist is being offered for free through associated Telegram groups.
     Date: 2026-04-02T14:50:39Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70815/
     Screenshots:
     None
     Threat Actors: CODER
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
198. Alleged leak of email credentials from USA and Poland
     Category: Combo List
     Content: A threat actor shared a combolist containing 3,155 email credentials allegedly from users in the USA and Poland for free download.
     Date: 2026-04-02T14:50:19Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70816/
     Screenshots:
     None
     Threat Actors: karaokecloud
     Victim Country: United States
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
199. Alleged leak of corporate credential combolist
     Category: Combo List
     Content: A threat actor shared a combolist containing 174,000 corporate credentials on a cybercriminal forum. The actor is also advertising the sale of high-quality credential combinations with guarantee.
     Date: 2026-04-02T14:36:56Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70812/
     Screenshots:
     None
     Threat Actors: steeve75
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
200. Alleged leak of Hotmail credentials on CrackingX forum
     Category: Combo List
     Content: A threat actor named ValidMail allegedly made available a combolist containing 42,000 Hotmail credentials on the CrackingX forum. The post indicates these are valid credentials obtained from forums.
     Date: 2026-04-02T14:36:30Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70813/
     Screenshots:
     None
     Threat Actors: ValidMail
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
201. Alleged data breach of Yarok
     Category: Data Breach
     Content: The threat actor claims to have deleted 22 TB data from Yarok Microbio
     Date: 2026-04-02T14:33:47Z
     Network: openweb
     Published URL: https://handala-hack.tw/passover-wiped-clean-22tb-of-data-gone-from-14-zionist-companies/
     Screenshots:
     None
     Threat Actors: Handala Hack
     Victim Country: Israel
     Victim Industry: Biotechnology
     Victim Organization: yarok microbio
     Victim Site: yaroktt.com
202. Alleged leak of email credential combolist
     Category: Combo List
     Content: Threat actor TeraCloud1 made available a combolist containing 45,000 valid email credentials on a cybercriminal forum. The actor also advertised additional private cloud services via Telegram contact.
     Date: 2026-04-02T14:25:57Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70811/
     Screenshots:
     None
     Threat Actors: TeraCloud1
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
203. Alleged data breach of Universidad del Cauca
     Category: Data Breach
     Content: The threat actor claims to be leaked data from Universidad del Cauca. The compromised data reportedly contains 3,754 records including student, alumni, faculty, and administrative records, identity details (names and national ID numbers), demographic data, contact information (emails, phone numbers, and addresses), academic records (programs, enrollment, and graduation data), sensitive social attributes, and official examination results.
     Date: 2026-04-02T14:18:03Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-Colombian-University-DataBase-UNICAUCA
     Screenshots:
     None
     Threat Actors: d3spair
     Victim Country: Colombia
     Victim Industry: Education
     Victim Organization: universidad del cauca
     Victim Site: unicauca.edu.co
204. Alleged data breach of Vlachakis Systems
     Category: Data Breach
     Content: The threat actor claims to be selling data from Vlachakis Systems. The compromised data reportedly contains 137,000 records, including customer contact information (full names, emails, phone numbers, and addresses), support ticket data, and product catalog details, along with additional metadata such as account activity, communication preferences, and lead management information.
     Date: 2026-04-02T14:14:59Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-137k-Greece-https-www-vlachakis-systems-com-Email-and-personal-data-records-lea
     Screenshots:
     None
     Threat Actors: Grubder
     Victim Country: Greece
     Victim Industry: Information Technology (IT) Services
     Victim Organization: vlachakis systems
     Victim Site: vlachakis-systems.com
205. Alleged data breach of Mouth or Foot Painting Artists Ltd.
     Category: Data Breach
     Content: Threat actor claims to have deleted 22 TB data from Mouth or Foot Painting Artists Ltd.
     Date: 2026-04-02T14:06:59Z
     Network: openweb
     Published URL: https://handala-hack.tw/passover-wiped-clean-22tb-of-data-gone-from-14-zionist-companies/
     Screenshots:
     None
     Threat Actors: Handala Hack
     Victim Country: Israel
     Victim Industry: Arts & Crafts
     Victim Organization: mouth or foot painting artists ltd.
     Victim Site: Unknown
206. Alleged data breach of Rim Ishak Hagi
     Category: Data Breach
     Content: Threat actor claims to have deleted 22 TB data from Rim Ishak Hagi.
     Date: 2026-04-02T14:04:33Z
     Network: openweb
     Published URL: https://handala-hack.tw/passover-wiped-clean-22tb-of-data-gone-from-14-zionist-companies/?
     Screenshots:
     None
     Threat Actors: Handala Hack
     Victim Country: Israel
     Victim Industry: Unknown
     Victim Organization: rim ishak hagi
     Victim Site: Unknown
207. Alleged data breach of Migvan 2002
     Category: Data Breach
     Content: Threat actor claims to have deleted 22 TB data from Migvan 2002.
     Date: 2026-04-02T14:02:06Z
     Network: openweb
     Published URL: https://handala-hack.tw/passover-wiped-clean-22tb-of-data-gone-from-14-zionist-companies/
     Screenshots:
     None
     Threat Actors: Handala Hack
     Victim Country: Israel
     Victim Industry: Education
     Victim Organization: migvan 2002
     Victim Site: Unknown
208. Alleged data breach of To-Mix
     Category: Data Breach
     Content: The threat actor claims to have deleted 22 TB data from To-Mix
     Date: 2026-04-02T13:59:59Z
     Network: openweb
     Published URL: https://handala-hack.tw/passover-wiped-clean-22tb-of-data-gone-from-14-zionist-companies/
     Screenshots:
     None
     Threat Actors: Handala Hack
     Victim Country: Israel
     Victim Industry: Unknown
     Victim Organization: to-mix
     Victim Site: Unknown
209. Polipach
     Category: Data Breach
     Content: Threat actor claims to have deleted 22 TB data from Polipach.
     Date: 2026-04-02T13:59:07Z
     Network: openweb
     Published URL: https://handala-hack.tw/passover-wiped-clean-22tb-of-data-gone-from-14-zionist-companies/
     Screenshots:
     None
     Threat Actors: Handala Hack
     Victim Country: Israel
     Victim Industry: Manufacturing & Industrial Products
     Victim Organization: polipach
     Victim Site: polipach.co.il
210. Alleged data breach of Toledano Architects & Design Ltd
     Category: Data Breach
     Content: The threat actor claims to have deleted 22 TB data from Toledano Architects & Design Ltd.
     Date: 2026-04-02T13:57:30Z
     Network: openweb
     Published URL: https://handala-hack.tw/passover-wiped-clean-22tb-of-data-gone-from-14-zionist-companies/
     Screenshots:
     None
     Threat Actors: Handala Hack
     Victim Country: Israel
     Victim Industry: Architecture & Planning
     Victim Organization: toledano architects & design ltd
     Victim Site: toledano-arch.co.il
211. Alleged leak of mixed country credential combolist
     Category: Combo List
     Content: A threat actor shared a combolist containing over 1.8 million credentials from mixed countries via a cloud storage link. The credentials are described as high quality and from various geographic regions.
     Date: 2026-04-02T13:56:02Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70809/
     Screenshots:
     None
     Threat Actors: BestCombo
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
212. Alleged distribution of 9 million credential combolist
     Category: Combo List
     Content: Threat actor CODER is distributing a 9 million email:password credential combolist through Telegram channels. The actor provides free access to the combolist and related programs through dedicated Telegram groups.
     Date: 2026-04-02T13:55:28Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70810/
     Screenshots:
     None
     Threat Actors: CODER
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
213. Alleged data breach of DanielBengioCPA
     Category: Data Breach
     Content: Threat actor claims to have deleted 22 TB data from DanielBengioCPA.
     Date: 2026-04-02T13:52:19Z
     Network: openweb
     Published URL: https://handala-hack.tw/passover-wiped-clean-22tb-of-data-gone-from-14-zionist-companies/
     Screenshots:
     None
     Threat Actors: Handala Hack
     Victim Country: Israel
     Victim Industry: Unknown
     Victim Organization: danielbengiocpa
     Victim Site: Unknown
214. Alleged Sale of Admin Access to shop in USA
     Category: Initial Access
     Content: Threat actor claims to be selling admin access to an unidentified shop in USA.
     Date: 2026-04-02T13:51:11Z
     Network: openweb
     Published URL: https://forum.exploit.in/topic/279732/
     Screenshots:
     None
     Threat Actors: Mater
     Victim Country: USA
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
215. Opal Plastic Ltd.
     Category: Data Breach
     Content: Threat actor claims to have deleted 22 TB data from Opal Plastic Ltd.
     Date: 2026-04-02T13:46:08Z
     Network: openweb
     Published URL: https://handala-hack.tw/passover-wiped-clean-22tb-of-data-gone-from-14-zionist-companies/
     Screenshots:
     None
     Threat Actors: Handala Hack
     Victim Country: Israel
     Victim Industry: Manufacturing
     Victim Organization: opal plastic ltd.
     Victim Site: opal-plastic.co.il
216. Website defacement of CPCM by Rici144/Ratman team
     Category: Defacement
     Content: Attacker Rici144 from the Ratman team defaced www.cpcm.com.sg on April 2, 2026. The defacement targeted a specific media/customer page rather than the main homepage.
     Date: 2026-04-02T13:32:04Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827053
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Singapore
     Victim Industry: Unknown
     Victim Organization: CPCM
     Victim Site: www.cpcm.com.sg
217. Alleged data breach of Kalus
     Category: Data Breach
     Content: Threat actor claims to have deleted 22 TB data from Kalus.
     Date: 2026-04-02T13:31:46Z
     Network: openweb
     Published URL: https://handala-hack.tw/passover-wiped-clean-22tb-of-data-gone-from-14-zionist-companies/
     Screenshots:
     None
     Threat Actors: Handala Hack
     Victim Country: Israel
     Victim Industry: Unknown
     Victim Organization: kalus
     Victim Site: Unknown
218. Website defacement of DirectWholesale by Rici144/Ratman team
     Category: Defacement
     Content: Attacker Rici144 from team Ratman conducted a redefacement attack against DirectWholesales Singapore website on April 2, 2026. This appears to be a repeat attack on the same target rather than an initial compromise.
     Date: 2026-04-02T13:31:31Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827055
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Singapore
     Victim Industry: Wholesale/Retail
     Victim Organization: DirectWholesale
     Victim Site: www.directwholesale.com.sg
219. Website defacement of Dynamic Gift by Rici144/Ratman team
     Category: Defacement
     Content: The attacker Rici144 from the Ratman team conducted a redefacement attack against Dynamic Gifts website on April 2, 2026. This appears to be a repeat targeting of the New Zealand-based companys web presence.
     Date: 2026-04-02T13:30:57Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827057
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: New Zealand
     Victim Industry: Retail/E-commerce
     Victim Organization: Dynamic Gift
     Victim Site: www.dynamicgift.co.nz
220. Website defacement of HardwareHQ by Rici144/Ratman team
     Category: Defacement
     Content: On April 2, 2026, attacker Rici144 affiliated with the Ratman team successfully defaced the South African hardware retailer HardwareHQs website. The incident was a targeted single-site defacement rather than a mass attack.
     Date: 2026-04-02T13:30:24Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827058
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: South Africa
     Victim Industry: Hardware/Technology Retail
     Victim Organization: HardwareHQ
     Victim Site: hardwarehq.co.za
221. Website defacement of HiFi Outlet by Rici144 (Ratman team)
     Category: Defacement
     Content: Attacker Rici144, affiliated with the Ratman team, successfully defaced the HiFi Outlet website on April 2, 2026. The attack targeted a Czech electronics retailers media subdirectory.
     Date: 2026-04-02T13:29:50Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827059
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Czech Republic
     Victim Industry: Electronics Retail
     Victim Organization: HiFi Outlet
     Victim Site: hifioutlet.cz
222. Website defacement of investicevusa.cz by Rici144/Ratman team
     Category: Defacement
     Content: Cybercriminal Rici144 from the Ratman team successfully defaced the Czech investment company Investice v USAs website on April 2, 2026. The attack targeted a media subdirectory of the financial services website.
     Date: 2026-04-02T13:29:18Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827061
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Czech Republic
     Victim Industry: Investment/Financial Services
     Victim Organization: Investice v USA
     Victim Site: investicevusa.cz
223. Website defacement of IT Distribution by Rici144/Ratman team
     Category: Defacement
     Content: Bulgarian IT distribution company website was defaced by attacker Rici144 from the Ratman team on April 2, 2026. This represents a redefacement of a previously compromised target.
     Date: 2026-04-02T13:28:44Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827062
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Bulgaria
     Victim Industry: Information Technology
     Victim Organization: IT Distribution
     Victim Site: www.itdistribution.bg
224. Gavriel Weiss C.P.A
     Category: Data Breach
     Content: Threat actor claims to have deleted 22 TB data from Gavriel Weiss C.P.A.
     Date: 2026-04-02T13:28:15Z
     Network: openweb
     Published URL: https://handala-hack.tw/passover-wiped-clean-22tb-of-data-gone-from-14-zionist-companies/
     Screenshots:
     None
     Threat Actors: Handala Hack
     Victim Country: Israel
     Victim Industry: Unknown
     Victim Organization: gavriel weiss c.p.a
     Victim Site: Unknown
225. Website defacement of Kanas by Rici144/Ratman team
     Category: Defacement
     Content: Pakistani website www.kanas.pk was defaced by attacker Rici144 affiliated with the Ratman team on April 2, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
     Date: 2026-04-02T13:28:11Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827063
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Pakistan
     Victim Industry: Unknown
     Victim Organization: Kanas
     Victim Site: www.kanas.pk
226. Alleged leak of German shopping site credentials
     Category: Combo List
     Content: A threat actor shared a combolist containing 617,419 credential pairs allegedly targeting German shopping sites. The data is being distributed for free via file sharing platform.
     Date: 2026-04-02T13:27:42Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70808/
     Screenshots:
     None
     Threat Actors: HQcomboSpace
     Victim Country: Germany
     Victim Industry: Retail
     Victim Organization: Unknown
     Victim Site: Unknown
227. Website redefacement of moto-zahrada.cz by Rici144/Ratman team
     Category: Defacement
     Content: Threat actor Rici144 from the Ratman team conducted a redefacement attack against Czech automotive/garden equipment retailer moto-zahrada.cz on April 2, 2026. This represents a repeat compromise of the same target website.
     Date: 2026-04-02T13:27:38Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827065
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Czech Republic
     Victim Industry: Retail/Automotive
     Victim Organization: Moto Zahrada
     Victim Site: moto-zahrada.cz
228. Website defacement of mypni.cz by Rici144/Ratman team
     Category: Defacement
     Content: Attacker Rici144 from the Ratman team defaced the www.mypni.cz website on April 2, 2026. The defacement targeted a specific media/customer directory on the Czech domain.
     Date: 2026-04-02T13:27:04Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827066
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Czech Republic
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: www.mypni.cz
229. Website defacement of Nivito by Rici144/Ratman team
     Category: Defacement
     Content: The attacker Rici144 from the Ratman team defaced the Nivito website on April 2, 2026. The defacement targeted a media subdirectory of the Turkish companys website.
     Date: 2026-04-02T13:26:33Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827068
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Turkey
     Victim Industry: Unknown
     Victim Organization: Nivito
     Victim Site: www.nivito.com.tr
230. Website defacement of Novo Shoes by Rici144/Ratman team
     Category: Defacement
     Content: The Ratman team member Rici144 conducted a redefacement attack against New Zealand footwear retailer Novo Shoes on April 2, 2026. This appears to be a targeted attack against a specific subdirectory of the companys website rather than a mass defacement campaign.
     Date: 2026-04-02T13:26:00Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827069
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: New Zealand
     Victim Industry: Retail/Footwear
     Victim Organization: Novo Shoes
     Victim Site: www.novoshoes.co.nz
231. Website defacement of olimpiskais.lv by Rici144/Ratman team
     Category: Defacement
     Content: Attacker Rici144 from team Ratman conducted a redefacement of the Latvian website olimpiskais.lv on April 2, 2026. This appears to be a targeted individual website defacement rather than part of a mass campaign.
     Date: 2026-04-02T13:25:31Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827070
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Latvia
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: olimpiskais.lv
232. Alleged data breach of Fuse Stereo
     Category: Data Breach
     Content: Threat actor claims to have deleted 22 TB data from Fuse Stereo.
     Date: 2026-04-02T13:25:26Z
     Network: openweb
     Published URL: https://handala-hack.tw/passover-wiped-clean-22tb-of-data-gone-from-14-zionist-companies/
     Screenshots:
     None
     Threat Actors: Handala Hack
     Victim Country: Israel
     Victim Industry: Retail Industry
     Victim Organization: fuse stereo
     Victim Site: fuse.co.il
233. Website defacement of Petit Bateau Tunisia by Rici144/Ratman team
     Category: Defacement
     Content: Attacker Rici144 from the Ratman team conducted a redefacement of the Petit Bateau Tunisia website on April 2, 2026. This appears to be a repeat attack targeting the French childrens clothing retailers Tunisian operations.
     Date: 2026-04-02T13:24:54Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827071
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Tunisia
     Victim Industry: Retail/Fashion
     Victim Organization: Petit Bateau
     Victim Site: www.petit-bateau.tn
234. Website defacement of PNI by Rici144/Ratman team
     Category: Defacement
     Content: Attacker Rici144 from the Ratman team defaced a subdirectory of the PNI website on April 2, 2026. The attack targeted the customer address section of the Moldovan organizations website.
     Date: 2026-04-02T13:24:21Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827073
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Moldova
     Victim Industry: Unknown
     Victim Organization: PNI
     Victim Site: www.pni.md
235. Website defacement of PromoSuperstore by Rici144/Ratman team
     Category: Defacement
     Content: Threat actor Rici144 from the Ratman team conducted a redefacement attack against Philippine retail website PromoSuperstore on April 2, 2026. This appears to be a targeted attack against a single media subdirectory rather than a mass defacement campaign.
     Date: 2026-04-02T13:23:47Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827074
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Philippines
     Victim Industry: Retail/E-commerce
     Victim Organization: PromoSuperstore
     Victim Site: promosuperstore.ph
236. Website defacement of sbunpartneri.lv by Rici144 (Ratman team)
     Category: Defacement
     Content: Attacker Rici144 from the Ratman team successfully defaced a subdirectory of sbunpartneri.lv on April 2, 2026. The incident targeted a specific media directory rather than the main homepage.
     Date: 2026-04-02T13:23:14Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827075
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Latvia
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: sbunpartneri.lv
237. Website defacement of Scanpan by Rici144/Ratman team
     Category: Defacement
     Content: The Ratman team member Rici144 conducted a redefacement attack against Scanpans South African website on April 2, 2026. This appears to be a repeat attack targeting the cookware manufacturers media directory.
     Date: 2026-04-02T13:22:40Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827076
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: South Africa
     Victim Industry: Manufacturing
     Victim Organization: Scanpan
     Victim Site: scanpan.co.za
238. Website defacement of Shoe Clinic by Rici144/Ratman team
     Category: Defacement
     Content: The attacker Rici144, associated with team Ratman, conducted a redefacement of the Shoe Clinic website on April 2, 2026. This appears to be a targeted attack against the New Zealand-based footwear retail business.
     Date: 2026-04-02T13:22:07Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827077
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: New Zealand
     Victim Industry: Retail/Footwear
     Victim Organization: Shoe Clinic
     Victim Site: shoeclinic.co.nz
239. Website defacement of Tala Health by Rici144 (Ratman team)
     Category: Defacement
     Content: Healthcare website talahealth.co.za was defaced by attacker Rici144 affiliated with the Ratman team on April 2, 2026. The defacement targeted a media subdirectory of the South African healthcare organizations website.
     Date: 2026-04-02T13:21:34Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827078
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: South Africa
     Victim Industry: Healthcare
     Victim Organization: Tala Health
     Victim Site: www.talahealth.co.za
240. Website defacement of Unamourdetapis by Rici144/Ratman team
     Category: Defacement
     Content: The attacker Rici144, associated with the Ratman team, defaced the Moroccan carpet retailer Unamourdetapis website on April 2, 2026. The defacement targeted a specific media subdirectory rather than the homepage.
     Date: 2026-04-02T13:21:01Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827079
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Morocco
     Victim Industry: Retail/E-commerce
     Victim Organization: Unamourdetapis
     Victim Site: unamourdetapis.ma
241. Website defacement of Veikatex by Rici144/Ratman team
     Category: Defacement
     Content: The attacker Rici144 from the Ratman team conducted a redefacement of the Veikatex website on April 2, 2026. This appears to be a targeted attack against the Latvian companys web presence.
     Date: 2026-04-02T13:20:27Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827080
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Latvia
     Victim Industry: Unknown
     Victim Organization: Veikatex
     Victim Site: www.veikatex.lv
242. Alleged data breach of Hagai Namir
     Category: Data Breach
     Content: Threat actor claims to have deleted 22 TB data from Hagai Namir.
     Date: 2026-04-02T13:20:16Z
     Network: openweb
     Published URL: https://handala-hack.tw/passover-wiped-clean-22tb-of-data-gone-from-14-zionist-companies/
     Screenshots:
     None
     Threat Actors: Handala Hack
     Victim Country: Israel
     Victim Industry: Unknown
     Victim Organization: hagai namir
     Victim Site: Unknown
243. Website defacement of Yardz.ng by Rici144 (Ratman team)
     Category: Defacement
     Content: The website yardz.ng was defaced by attacker Rici144, affiliated with the Ratman team, on April 2, 2026. The defacement targeted a specific customer address page on the site.
     Date: 2026-04-02T13:19:56Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827083
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Nigeria
     Victim Industry: Unknown
     Victim Organization: Yardz
     Victim Site: yardz.ng
244. Alleged sale of unidentified personal records from Russia
     Category: Data Leak
     Content: The group claims to have be selling data from unidentified personal records from Russia. The data includes 100 Million of records and Phone Numbers, Full Name, DOB information.
     Date: 2026-04-02T13:14:46Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-Selling-100-Million-Russian-Phone-Numbers-database-Phone-Numbers-Full-Name-DOB
     Screenshots:
     None
     Threat Actors: IntelHead
     Victim Country: Russia
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
245. Alleged Sale of Forex User And Transaction Data
     Category: Data Breach
     Content: The threat actor claims to be selling Forex User And Transaction Data. The compromised data reportedly contains 438,000 user records, 185,000 transaction records including first and last names, email addresses, phone numbers, country details, deposit amounts, deposit dates, broker account information, broker names, and transaction related data.
     Date: 2026-04-02T13:08:29Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-Selling-623k-Lines-Forex-User-Transaction-Data
     Screenshots:
     None
     Threat Actors: dbcollector23
     Victim Country: USA
     Victim Industry: Financial Services
     Victim Organization: forex
     Victim Site: forex.com
246. Alleged leak of multi-service credential combolist targeting streaming and e-commerce platforms
     Category: Combo List
     Content: Threat actor distributes a 7 million credential combolist through Telegram channels, targeting multiple services including Netflix, Twitch, Disney+, Hulu, Amazon, eBay and other platforms. The credentials are being distributed for free through dedicated Telegram groups.
     Date: 2026-04-02T13:07:50Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70807/
     Screenshots:
     None
     Threat Actors: CODER
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
247. Alleged Sale Of Forex High Quality Depositor Leads
     Category: Data Leak
     Content: The threat actor claims to be selling data from Forex High Quality Depositor Leads. The compromised data reportedly contains FirstName, Last Name, Email, Phone, Country Name, Deposit Amount, Deposit Date, Broker Account Name, White Label Name, Broker Name, Lead Request Offer Name.
     Date: 2026-04-02T13:04:33Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-Selling-Forex-High-Quality-Depositor-Leads–71970
     Screenshots:
     None
     Threat Actors: jerin040
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
248. Website defacement of KYM Tourism by chinafans (0xteam)
     Category: Defacement
     Content: The tourism website kymtourism.com was defaced by attacker chinafans affiliated with 0xteam on April 2, 2026. This incident was identified as a redefacement, indicating the site had been previously compromised.
     Date: 2026-04-02T12:57:25Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826974
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Tourism
     Victim Organization: KYM Tourism
     Victim Site: kymtourism.com
249. Website defacement of srindustry.in by chinafans/0xteam
     Category: Defacement
     Content: Website defacement attack conducted by attacker chinafans affiliated with 0xteam against Indian industrial company SR Industry on April 2, 2026. The attack targeted the companys main website and resulted in placement of defacement content.
     Date: 2026-04-02T12:56:48Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826976
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: India
     Victim Industry: Industrial/Manufacturing
     Victim Organization: SR Industry
     Victim Site: srindustry.in
250. Alleged Data Breach of Xtium
     Category: Data Breach
     Content: The threat actor claims to be breached data 485.8TB from Xtium. The compromised data reportedly contains large scale client backup data, including virtual machine images, internal corporate files, shared storage data, and infrastructure-related information associated with Xtium and its clients.
     Date: 2026-04-02T12:56:31Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-Selling-485-8TB-Xtium-com-Breach-2026
     Screenshots:
     None
     Threat Actors: The_Auditors
     Victim Country: USA
     Victim Industry: Information Technology (IT) Services
     Victim Organization: xtium
     Victim Site: xtium.com
251. Website defacement of Elahi Cotton by chinafans/0xteam
     Category: Defacement
     Content: The attacker chinafans from 0xteam defaced the Elahi Cotton company website on April 2, 2026. This appears to be a targeted single-site defacement against a textile/cotton manufacturing business.
     Date: 2026-04-02T12:56:11Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826977
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Textile/Manufacturing
     Victim Organization: Elahi Cotton
     Victim Site: elahicotton.com
252. Alleged distribution of credential combolist containing 22,000 records
     Category: Combo List
     Content: Threat actor UniqueCombo allegedly distributed a combolist containing 22,000 unique credential combinations on a cracking forum. The post content is restricted to registered users only.
     Date: 2026-04-02T12:55:58Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70806/
     Screenshots:
     None
     Threat Actors: UniqueCombo
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
253. Website defacement of 152.42.200.176 by chinafans/0xteam
     Category: Defacement
     Content: Website defacement attack conducted by attacker chinafans affiliated with 0xteam against IP address 152.42.200.176 on April 2, 2026. The incident involved defacing a file named 0x.txt on the target server.
     Date: 2026-04-02T12:55:35Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826979
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: 152.42.200.176
254. Website defacement of spray8.com by chinafans (0xteam)
     Category: Defacement
     Content: The domain spray8.com was defaced by attacker chinafans affiliated with 0xteam on April 2, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
     Date: 2026-04-02T12:54:58Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826980
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: spray8.com
255. Website defacement of sergap-news.site by chinafans (0xteam)
     Category: Defacement
     Content: The attacker chinafans from the 0xteam group successfully defaced the news website sergap-news.site on April 2, 2026. The defacement targeted a single website rather than being part of a mass attack campaign.
     Date: 2026-04-02T12:54:22Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826981
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Media/News
     Victim Organization: Sergap News
     Victim Site: sergap-news.site
256. Website defacement of laynch.com by chinafans/0xteam
     Category: Defacement
     Content: The attacker chinafans from 0xteam successfully defaced laynch.com on April 2, 2026. This was a targeted single-site defacement with no apparent political motivation stated.
     Date: 2026-04-02T12:53:45Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826982
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: laynch.com
257. Website defacement of Happy Hour Vacation Rentals by chinafans/0xteam
     Category: Defacement
     Content: The vacation rental company Happy Hour Vacation Rentals had their website defaced by the attacker chinafans affiliated with 0xteam on April 2nd, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
     Date: 2026-04-02T12:53:08Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826984
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Travel and Tourism
     Victim Organization: Happy Hour Vacation Rentals
     Victim Site: happyhourvacationrentals.com
258. Website defacement of solucionesurbanas.co by chinafans/0xteam
     Category: Defacement
     Content: The website solucionesurbanas.co was defaced by attacker chinafans associated with 0xteam on April 2, 2026. The defacement targeted a Colombian urban solutions company and was archived on zone-xsec.com mirror.
     Date: 2026-04-02T12:52:31Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826985
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Colombia
     Victim Industry: Urban Solutions/Consulting
     Victim Organization: Soluciones Urbanas
     Victim Site: solucionesurbanas.co
259. Website defacement of mymendip.uk by chinafans (0xteam)
     Category: Defacement
     Content: The website mymendip.uk was defaced by attacker chinafans associated with 0xteam on April 2, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
     Date: 2026-04-02T12:51:52Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826986
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: United Kingdom
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: mymendip.uk
260. Website defacement of sto-re.net by chinafans/0xteam
     Category: Defacement
     Content: The website sto-re.net was defaced by attacker chinafans affiliated with 0xteam on April 2, 2026. The defacement targeted a single website rather than multiple sites in a mass attack.
     Date: 2026-04-02T12:51:16Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826987
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: sto-re.net
261. Website defacement of Skilled Artisans Kenya by chinafans (0xteam)
     Category: Defacement
     Content: The chinafans attacker, associated with 0xteam, defaced the Skilled Artisans Kenya website on April 2, 2026. This appears to be a targeted single-site defacement of a Kenyan professional services organization.
     Date: 2026-04-02T12:50:40Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826988
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Kenya
     Victim Industry: Professional Services
     Victim Organization: Skilled Artisans Kenya
     Victim Site: skilledartisanskenya.org
262. Website defacement of groover.ca by chinafans/0xteam
     Category: Defacement
     Content: The website groover.ca was defaced by attacker chinafans affiliated with 0xteam on April 2, 2026. This was an individual defacement incident targeting a Canadian domain.
     Date: 2026-04-02T12:50:04Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826990
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Canada
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: groover.ca
263. Website defacement of Vauxhall emissions claims site by chinafans/0xteam
     Category: Defacement
     Content: The chinafans attacker from 0xteam conducted a redefacement attack against the Vauxhall emissions claims website on April 2, 2026. This appears to be a targeted attack against a UK-based automotive legal services site related to emissions claims.
     Date: 2026-04-02T12:49:29Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826991
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: United Kingdom
     Victim Industry: Automotive/Legal Services
     Victim Organization: Vauxhall Emissions Claims
     Victim Site: vauxhallemissionsclaims.co.uk
264. Website defacement of Donnas IT Solutions by chinafans (0xteam)
     Category: Defacement
     Content: The website of Donnas IT Solutions, an Australian IT company, was defaced by the attacker chinafans associated with the 0xteam group on April 2, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
     Date: 2026-04-02T12:48:53Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826992
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Australia
     Victim Industry: Information Technology
     Victim Organization: Donnas IT Solutions
     Victim Site: donnasitsolutions.com.au
265. Website defacement of envioscordoba24hs.com by chinafans (0xteam)
     Category: Defacement
     Content: The attacker chinafans from 0xteam defaced the Envios Cordoba 24hs logistics company website on April 2, 2026. This incident represents a redefacement of the target site rather than an initial compromise.
     Date: 2026-04-02T12:48:18Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826997
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Argentina
     Victim Industry: Logistics/Shipping
     Victim Organization: Envios Cordoba 24hs
     Victim Site: envioscordoba24hs.com
266. Website defacement of sangomoc.com by chinafans/0xteam
     Category: Defacement
     Content: The website sangomoc.com was defaced by attacker chinafans affiliated with 0xteam on April 2, 2026. This was identified as a redefacement incident targeting the same site previously.
     Date: 2026-04-02T12:47:40Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826998
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Mozambique
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: sangomoc.com
267. Website defacement of cantez.com.tr by chinafans/0xteam
     Category: Defacement
     Content: The website cantez.com.tr was defaced by attacker chinafans associated with team 0xteam on April 2, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
     Date: 2026-04-02T12:47:04Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826999
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Turkey
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: cantez.com.tr
268. Website defacement of poojness.com by chinafans (0xteam)
     Category: Defacement
     Content: The attacker chinafans from 0xteam successfully defaced poojness.com on April 2, 2026. The defacement targeted a specific page (/0x.txt) rather than the main homepage.
     Date: 2026-04-02T12:46:28Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827000
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: poojness.com
269. Website defacement of sunyang.online by chinafans (0xteam)
     Category: Defacement
     Content: The website sunyang.online was defaced by attacker chinafans associated with the 0xteam group on April 2, 2026. The defacement targeted a specific file (0x.txt) on the domain.
     Date: 2026-04-02T12:45:52Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827001
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: sunyang.online
270. Website defacement of JC Foundation by chinafans/0xteam
     Category: Defacement
     Content: The JC Foundation website was defaced by attacker chinafans associated with 0xteam on April 2, 2026. The defacement targeted a non-profit organization based in Ireland.
     Date: 2026-04-02T12:45:18Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827002
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Ireland
     Victim Industry: Non-profit
     Victim Organization: JC Foundation
     Victim Site: jcfoundation.ie
271. Alleged Sale Of Citizens Data From UK
     Category: Data Leak
     Content: The threat actor claims to be selling citizens data from United Kingdom. The compromised data reportedly contains 352K records including User Email, User First name, User Last name, User Phone, User Address1, User Address2, User City, User Province, User Country, User Zip, User Phone, User Name.
     Date: 2026-04-02T12:45:13Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-Selling-United-Kingdom-Citizens-Database-352k
     Screenshots:
     None
     Threat Actors: fent888
     Victim Country: UK
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
272. Website defacement of dawidlubas.pl by chinafans (0xteam)
     Category: Defacement
     Content: The attacker chinafans from the 0xteam group defaced the Polish website dawidlubas.pl on April 2, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
     Date: 2026-04-02T12:44:40Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827004
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Poland
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: dawidlubas.pl
273. Website defacement of Kiara Rice Mills by chinafans (0xteam)
     Category: Defacement
     Content: The chinafans attacker from 0xteam defaced the Kiara Rice Mills website on April 2, 2026. This appears to be a single-target defacement against a rice milling company.
     Date: 2026-04-02T12:44:04Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827005
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Agriculture/Food Processing
     Victim Organization: Kiara Rice Mills
     Victim Site: kiararicemills.com
274. Website defacement of Mowelfund by chinafans/0xteam
     Category: Defacement
     Content: The chinafans attacker from 0xteam conducted a redefacement attack against Mowelfunds website on April 2, 2026. This represents a repeat compromise of the Philippine financial services organizations web infrastructure.
     Date: 2026-04-02T12:43:24Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827006
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Philippines
     Victim Industry: Financial Services
     Victim Organization: Mowelfund
     Victim Site: mowelfund.com
275. Website defacement of villaovidiu.ro by chinafans/0xteam
     Category: Defacement
     Content: Website defacement targeting villaovidiu.ro conducted by attacker chinafans associated with 0xteam on April 2, 2026. This incident represents a redefacement of the target domain.
     Date: 2026-04-02T12:42:47Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/827008
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Romania
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: villaovidiu.ro
276. Website defacement of Rania Centro Estética Integral by chinafans (0xteam)
     Category: Defacement
     Content: The website of Rania Centro Estética Integral, a Spanish beauty and wellness center, was defaced by the attacker chinafans affiliated with 0xteam on April 2, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
     Date: 2026-04-02T12:36:32Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826871
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Spain
     Victim Industry: Beauty and Wellness
     Victim Organization: Rania Centro Estética Integral
     Victim Site: raniacentroesteticaintegral.es
277. Alleged leak of email credentials from multiple regions
     Category: Combo List
     Content: A threat actor leaked a combolist containing 9,000 email credentials from users across the United States, Europe, Asia, and Russia. The credentials are described as valid email access and were made available for free download via a file sharing service.
     Date: 2026-04-02T12:36:06Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70805/
     Screenshots:
     None
     Threat Actors: MailAccesss
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
278. Website defacement of betoo.net by chinafans (0xteam)
     Category: Defacement
     Content: The attacker chinafans, associated with 0xteam, successfully defaced the website betoo.net on April 2, 2026. This appears to be a targeted single-site defacement incident.
     Date: 2026-04-02T12:35:55Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826872
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: betoo.net
279. Website defacement of leadlooksbd.com by chinafans/0xteam
     Category: Defacement
     Content: The website leadlooksbd.com was defaced by attacker chinafans from the 0xteam group on April 2, 2026. This incident represents a redefacement of the target site rather than an initial compromise.
     Date: 2026-04-02T12:35:18Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826873
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Bangladesh
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: leadlooksbd.com
280. Website defacement of Roberto Lecaros Music by chinafans (0xteam)
     Category: Defacement
     Content: The attacker chinafans from 0xteam defaced the Roberto Lecaros Music website on April 2, 2026. The defacement targeted a music-related website, with the compromised content archived at zone-xsec.com mirror.
     Date: 2026-04-02T12:34:41Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826875
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Entertainment
     Victim Organization: Roberto Lecaros Music
     Victim Site: robertolecarosmusic.com
281. Website defacement of correctbiz.com by chinafans (0xteam)
     Category: Defacement
     Content: The attacker chinafans from 0xteam successfully defaced correctbiz.com on April 2, 2026. This appears to be a redefacement incident targeting the same website previously compromised.
     Date: 2026-04-02T12:34:04Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826876
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: correctbiz.com
282. Website defacement of bestpaypornsites.review by chinafans (0xteam)
     Category: Defacement
     Content: The attacker chinafans from the 0xteam group defaced bestpaypornsites.review on April 2, 2026. This was identified as a redefacement incident targeting an adult entertainment review website.
     Date: 2026-04-02T12:33:28Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826877
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Adult Entertainment
     Victim Organization: Unknown
     Victim Site: bestpaypornsites.review
283. Website defacement of Autoride by chinafans (0xteam)
     Category: Defacement
     Content: The attacker chinafans from the group 0xteam defaced the South African automotive website autoride.co.za on April 2, 2026. The defacement targeted a specific file (0x.txt) on the victims website.
     Date: 2026-04-02T12:32:51Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826881
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: South Africa
     Victim Industry: Automotive
     Victim Organization: Autoride
     Victim Site: autoride.co.za
284. Website defacement of IUAA by chinafans (0xteam)
     Category: Defacement
     Content: The attacker chinafans from 0xteam successfully defaced the IUAA website on April 2nd, 2026. This was a targeted single-site defacement rather than a mass attack.
     Date: 2026-04-02T12:32:15Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826885
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Venezuela
     Victim Industry: Unknown
     Victim Organization: IUAA
     Victim Site: iuaa.com.ve
285. Website defacement of myconcept.co.uk by chinafans/0xteam
     Category: Defacement
     Content: Website defacement targeting myconcept.co.uk carried out by attacker chinafans associated with 0xteam on April 2, 2026. The defacement affected a specific file (0x.txt) on the target domain.
     Date: 2026-04-02T12:31:40Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826886
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: United Kingdom
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: myconcept.co.uk
286. Website defacement of DMEIB Electric by chinafans/0xteam
     Category: Defacement
     Content: The attacker chinafans from 0xteam successfully defaced the DMEIB Electric company website. This incident was classified as a redefacement, indicating the site had been previously compromised.
     Date: 2026-04-02T12:31:03Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826888
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Electrical Services
     Victim Organization: DMEIB Electric
     Victim Site: dmeibelectric.com
287. Website defacement of evoludesk.com by chinafans (0xteam)
     Category: Defacement
     Content: The threat actor chinafans, affiliated with 0xteam, successfully defaced the evoludesk.com website on April 2, 2026. This appears to be a targeted single-site defacement rather than a mass or repeat attack.
     Date: 2026-04-02T12:30:27Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826889
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Evoludesk
     Victim Site: evoludesk.com
288. Website defacement of autochatgpt.vn by chinafans (0xteam)
     Category: Defacement
     Content: The attacker chinafans from 0xteam successfully defaced the AutoChatGPT website on April 2, 2026. This was identified as a redefacement incident targeting the Vietnamese AI/chatbot service platform.
     Date: 2026-04-02T12:29:50Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826891
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Vietnam
     Victim Industry: Technology
     Victim Organization: AutoChatGPT
     Victim Site: autochatgpt.vn
289. Website defacement of INA Solutions by chinafans (0xteam)
     Category: Defacement
     Content: The threat actor chinafans from 0xteam conducted a redefacement attack against INA Solutions website on April 2, 2026. This represents a repeated compromise of the same target site.
     Date: 2026-04-02T12:29:15Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826892
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Technology/Solutions
     Victim Organization: INA Solutions
     Victim Site: ina-solutions.com
290. Website defacement of viettape.com by chinafans/0xteam
     Category: Defacement
     Content: The website viettape.com was defaced by attacker chinafans affiliated with 0xteam on April 2, 2026. This incident was identified as a redefacement, indicating the site had been previously compromised.
     Date: 2026-04-02T12:28:39Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826895
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Vietnam
     Victim Industry: Manufacturing
     Victim Organization: Viet Tape
     Victim Site: viettape.com
291. Website defacement of Green Canada Volunteer by chinafans/0xteam
     Category: Defacement
     Content: The environmental volunteer organization Green Canada Volunteers website was defaced by the attacker chinafans associated with 0xteam on April 2, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
     Date: 2026-04-02T12:28:03Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826898
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Canada
     Victim Industry: Non-profit/Environmental
     Victim Organization: Green Canada Volunteer
     Victim Site: greencanadavolunteer.org
292. Website defacement of MySpace Engineering by chinafans/0xteam
     Category: Defacement
     Content: The attacker chinafans from 0xteam successfully defaced myspaceengineering.com on April 2, 2026. This was an isolated defacement incident targeting a single engineering company website.
     Date: 2026-04-02T12:27:32Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826899
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Engineering
     Victim Organization: MySpace Engineering
     Victim Site: myspaceengineering.com
293. Website defacement of crriicbet99.com by chinafans/0xteam
     Category: Defacement
     Content: The gambling website crriicbet99.com was defaced by attacker chinafans associated with 0xteam on April 2, 2026. The defacement targeted the /0x.txt path on the domain.
     Date: 2026-04-02T12:26:51Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826900
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Gambling/Gaming
     Victim Organization: Unknown
     Victim Site: crriicbet99.com
294. Website defacement of klean.cl by chinafans/0xteam
     Category: Defacement
     Content: The website klean.cl was defaced by attacker chinafans associated with 0xteam on April 2, 2026. This appears to be a targeted single-site defacement incident.
     Date: 2026-04-02T12:26:16Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826902
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Chile
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: klean.cl
295. Website defacement of amesyn.com by chinafans (0xteam)
     Category: Defacement
     Content: The attacker chinafans from 0xteam conducted a redefacement attack against amesyn.com on April 2, 2026. This incident represents a subsequent defacement of a previously compromised target.
     Date: 2026-04-02T12:25:36Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826905
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: amesyn.com
296. Website defacement of Jay Nguyen IELTS by chinafans/0xteam
     Category: Defacement
     Content: The educational website jaynguyenielts.com was defaced by attacker chinafans from the 0xteam group on April 2, 2026. The defacement targeted an IELTS preparation service website.
     Date: 2026-04-02T12:25:01Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826906
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Education
     Victim Organization: Jay Nguyen IELTS
     Victim Site: jaynguyenielts.com
297. Website defacement of catkivu.com by chinafans/0xteam
     Category: Defacement
     Content: The threat actor chinafans from the 0xteam group conducted a redefacement attack against catkivu.com on April 2, 2026. This appears to be a repeat attack on the same target rather than an initial compromise.
     Date: 2026-04-02T12:24:24Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826909
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: catkivu.com
298. Website defacement of conectasocio.com.br by chinafans/0xteam
     Category: Defacement
     Content: The threat actor chinafans, associated with 0xteam, conducted a redefacement attack against the Brazilian website conectasocio.com.br on April 2, 2026. This represents a repeated compromise of the same target by the attacker group.
     Date: 2026-04-02T12:23:48Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826911
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Brazil
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: conectasocio.com.br
299. Website defacement of fiyr.io by chinafans/0xteam
     Category: Defacement
     Content: The attacker chinafans from 0xteam successfully defaced fiyr.io on April 2, 2026. This appears to be a redefacement of a previously compromised target.
     Date: 2026-04-02T12:23:12Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826913
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: fiyr.io
300. Website defacement of vblinkonline.com by chinafans/0xteam
     Category: Defacement
     Content: The website vblinkonline.com was defaced by attacker chinafans associated with the 0xteam group on April 2, 2026. The defacement targeted a specific file path (/0x.txt) on the domain.
     Date: 2026-04-02T12:22:36Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826914
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: vblinkonline.com
301. Website defacement of elmes.cl by chinafans (0xteam)
     Category: Defacement
     Content: The website elmes.cl was defaced by attacker chinafans from the 0xteam group on April 2, 2026. The defacement targeted a Chilean domain with limited technical details available about the compromise method.
     Date: 2026-04-02T12:21:59Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826915
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Chile
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: elmes.cl
302. Website defacement of Ed LaVance Adams Attorney by chinafans/0xteam
     Category: Defacement
     Content: The website of Ed LaVance Adams Attorney was defaced by the attacker chinafans associated with 0xteam on April 2, 2026. The incident targeted a legal services website and was documented in the Zone-Xsec mirror database.
     Date: 2026-04-02T12:15:52Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826776
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: United States
     Victim Industry: Legal Services
     Victim Organization: Ed LaVance Adams Attorney
     Victim Site: edlavanceadamsattorney.com
303. Website defacement of eyelashkingmaker.com by chinafans (0xteam)
     Category: Defacement
     Content: Website defacement attack against eyelashkingmaker.com conducted by attacker chinafans from the 0xteam group on April 2, 2026. This appears to be a redefacement of a previously compromised beauty/cosmetics website.
     Date: 2026-04-02T12:15:16Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826778
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Beauty/Cosmetics
     Victim Organization: Eyelash King Maker
     Victim Site: eyelashkingmaker.com
304. Website defacement of recolorfine.com by chinafans (0xteam)
     Category: Defacement
     Content: The website recolorfine.com was defaced by the attacker chinafans associated with the 0xteam group on April 2, 2026. The defacement targeted a specific file path (0x.txt) on the domain.
     Date: 2026-04-02T12:14:40Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826779
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: recolorfine.com
305. Website defacement of zeestudy.com by chinafans (0xteam)
     Category: Defacement
     Content: The education website zeestudy.com was defaced by attacker chinafans affiliated with 0xteam on April 2, 2026. The defacement targeted a specific page (/0x.txt) on the educational platform.
     Date: 2026-04-02T12:14:03Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826781
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Education
     Victim Organization: ZeeStudy
     Victim Site: zeestudy.com
306. Website defacement of Infomaniak preview site by chinafans/0xteam
     Category: Defacement
     Content: The threat actor chinafans from team 0xteam successfully defaced an Infomaniak preview website on April 2, 2026. This incident was marked as a redefacement, indicating the site had been previously compromised.
     Date: 2026-04-02T12:13:27Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826783
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Switzerland
     Victim Industry: Technology/Hosting
     Victim Organization: Infomaniak
     Victim Site: vf6b0atzxa.preview.infomaniak.com
307. Website defacement of Occupational Therapy Edinburgh by chinafans (0xteam)
     Category: Defacement
     Content: The attacker chinafans from team 0xteam successfully defaced the Occupational Therapy Edinburgh website on April 2, 2026. This incident was marked as a redefacement, indicating the site had been previously compromised.
     Date: 2026-04-02T12:12:45Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826786
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: United Kingdom
     Victim Industry: Healthcare
     Victim Organization: Occupational Therapy Edinburgh
     Victim Site: occupationaltherapyedinburgh.com
308. Website defacement of starenow.com by chinafans/0xteam
     Category: Defacement
     Content: The website starenow.com was defaced by the attacker chinafans associated with the 0xteam group on April 2, 2026. The incident involved unauthorized modification of the website content.
     Date: 2026-04-02T12:12:03Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826787
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: starenow.com
309. Website defacement of Boutique Belle Aura by chinafans/0xteam
     Category: Defacement
     Content: The attacker chinafans from team 0xteam successfully defaced the Boutique Belle Aura website on April 2, 2026. The defacement targeted a fashion retail boutiques website and was archived on zone-xsec.com mirror.
     Date: 2026-04-02T12:11:28Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826790
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Retail/Fashion
     Victim Organization: Boutique Belle Aura
     Victim Site: boutiquebelleaura.com
310. Website defacement of Newsom Law by 0xteam/chinafans
     Category: Defacement
     Content: The website of Newsom Law was defaced by attacker chinafans from the 0xteam group on April 2, 2026. This was identified as a redefacement incident targeting the law firms domain.
     Date: 2026-04-02T12:10:50Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826792
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: United States
     Victim Industry: Legal Services
     Victim Organization: Newsom Law
     Victim Site: gnewsomlaw.com
311. Alleged leak of Islamic Revolutionary Guard Corps (IRGC) Rocket Launcher Site Locations
     Category: Data Leak
     Content: The threat actor claims to be leaked Islamic Revolutionary Guard Corps (IRGC) Rocket Launcher Site Locations. The compromised data reportedly contains sensitive military location data, including names and coordinates of rocket launcher bases
     Date: 2026-04-02T12:10:34Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-Selling-IRGC-Rocket-Launcher-Sites-Location
     Screenshots:
     None
     Threat Actors: Mipor
     Victim Country: Iran
     Victim Industry: Military Industry
     Victim Organization: islamic revolutionary guard corps
     Victim Site: Unknown
312. Website defacement of vind.ro by chinafans (0xteam)
     Category: Defacement
     Content: The attacker chinafans from the 0xteam group successfully defaced the Romanian website vind.ro on April 2, 2026. This appears to be a targeted single-site defacement rather than a mass attack.
     Date: 2026-04-02T12:10:14Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826793
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Romania
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: vind.ro
313. Website defacement of alepriem.ru by Rici144/Ratman team
     Category: Defacement
     Content: The attacker Rici144, associated with the Ratman team, successfully defaced the alepriem.ru website on April 2, 2026. The incident targeted a specific page within the media/customer section of the Russian domain.
     Date: 2026-04-02T12:09:38Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826794
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Russia
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: alepriem.ru
314. Website defacement of comfort.com.ru by Rici144/Ratman team
     Category: Defacement
     Content: The Russian website comfort.com.ru was defaced by attacker Rici144 from the Ratman team on April 2, 2026. This was a targeted single-site defacement affecting the media/customer section of the website.
     Date: 2026-04-02T12:09:01Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826799
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Russia
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: comfort.com.ru
315. Website defacement of giadungdunggia.vn by Rici144/Ratman team
     Category: Defacement
     Content: Vietnamese e-commerce website giadungdunggia.vn was defaced by attacker Rici144 from the Ratman team on April 2, 2026. The incident targeted the media/custom directory of the site.
     Date: 2026-04-02T12:08:23Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826803
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Vietnam
     Victim Industry: E-commerce
     Victim Organization: Gia Dung Dung Gia
     Victim Site: giadungdunggia.vn
316. Website defacement of Gravesen Art by Rici144 (Ratman team)
     Category: Defacement
     Content: The website gravesenart.dk was defaced by attacker Rici144, affiliated with the Ratman team, on April 2, 2026. The defacement targeted what appears to be an art-related business or portfolio website.
     Date: 2026-04-02T12:07:48Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826804
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Denmark
     Victim Industry: Arts/Creative Services
     Victim Organization: Gravesen Art
     Victim Site: gravesenart.dk
317. Website defacement of kodeks.dbk.dk by Rici144/Ratman team
     Category: Defacement
     Content: On April 2, 2026, attacker Rici144 from the Ratman team successfully defaced a subdirectory of the kodeks.dbk.dk website. The incident targeted a specific customer media section rather than the main homepage.
     Date: 2026-04-02T12:07:12Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826805
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Denmark
     Victim Industry: Unknown
     Victim Organization: DBK
     Victim Site: kodeks.dbk.dk
318. Alleged leak of German email credentials
     Category: Combo List
     Content: A threat actor shared a combolist containing 44,000 German email credentials, claiming the data is fresh and valid as of April 2nd.
     Date: 2026-04-02T12:06:57Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70803/
     Screenshots:
     None
     Threat Actors: MailAccesss
     Victim Country: Germany
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
319. Alleged leak of 8.4 million credential combinations targeting multiple social media platforms
     Category: Combo List
     Content: A threat actor is distributing a combolist containing 8.4 million email and password combinations through Telegram channels, targeting multiple social media platforms including Facebook, Instagram, TikTok, Twitter, Snapchat, LinkedIn, Pinterest, and Reddit.
     Date: 2026-04-02T12:06:39Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70804/
     Screenshots:
     None
     Threat Actors: CODER
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
320. Website defacement of masterbaza.ru by Rici144/Ratman team
     Category: Defacement
     Content: Russian website masterbaza.ru was defaced by attacker Rici144 affiliated with the Ratman team on April 2, 2026. The defacement targeted a specific media/customer directory on the domain.
     Date: 2026-04-02T12:06:36Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826807
     Screenshots:
     None
     Threat Actors: Rici144, Ratman
     Victim Country: Russia
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: masterbaza.ru
321. Alleged Data Leak of Dongyu Company Financial Statements
     Category: Data Leak
     Content: The threat actor claims to be leaked Dongyu Company Financial Statements. The compromised data reportedly contains Social security Balance sheet Profit statement Provident Fund & Social Security Balance Sheet Income Statement.
     Date: 2026-04-02T12:05:50Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-Chinese-data-%E4%B8%AD%E5%9B%BD%E6%95%B0%E6%8D%AE-SnowSoul-ID-1270-30g-bak-mdf
     Screenshots:
     None
     Threat Actors: SnowSoul
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
322. Website defacement of Ryan Aisles Group by chinafans/0xteam
     Category: Defacement
     Content: The attacker chinafans from team 0xteam successfully defaced the Ryan Aisles Group database website on April 2, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
     Date: 2026-04-02T12:00:24Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826760
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Kenya
     Victim Industry: Unknown
     Victim Organization: Ryan Aisles Group
     Victim Site: ryanaislesgroup-db.co.ke
323. Website defacement of rahilhesan.com by chinafans/0xteam
     Category: Defacement
     Content: The website rahilhesan.com was defaced by attacker chinafans affiliated with 0xteam on April 2, 2026. This represents a redefacement of a previously compromised target rather than an initial attack.
     Date: 2026-04-02T11:59:48Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826764
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: rahilhesan.com
324. Website defacement of nalicje.com by chinafans/0xteam
     Category: Defacement
     Content: Website defacement incident targeting nalicje.com conducted by attacker chinafans associated with 0xteam on April 2, 2026. The attack targeted a specific file (0x.txt) rather than the main homepage.
     Date: 2026-04-02T11:59:12Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826765
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: nalicje.com
325. Website defacement of Slowers Shoes by chinafans (0xteam)
     Category: Defacement
     Content: The attacker chinafans from 0xteam conducted a redefacement of the Slowers Shoes e-commerce website on April 2, 2026. This appears to be a targeted attack against the retail companys online presence.
     Date: 2026-04-02T11:58:35Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826770
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Retail/E-commerce
     Victim Organization: Slowers Shoes
     Victim Site: slowers-shoes.com
326. Website defacement of stockpesa.com by chinafans (0xteam)
     Category: Defacement
     Content: The financial services website stockpesa.com was defaced by the attacker chinafans affiliated with 0xteam on April 2, 2026. This incident represents a redefacement of the target site.
     Date: 2026-04-02T11:58:00Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826771
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Financial Services
     Victim Organization: StockPesa
     Victim Site: stockpesa.com
327. Website defacement of ecpskol.in by chinafans/0xteam
     Category: Defacement
     Content: The attacker chinafans from 0xteam defaced the ecpskol.in website on April 2, 2026. This appears to be a single-site defacement targeting what appears to be an educational institution in India based on the domain extension.
     Date: 2026-04-02T11:57:22Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826772
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: India
     Victim Industry: Education
     Victim Organization: Unknown
     Victim Site: ecpskol.in
328. Alleged leak of Hotmail credential lists
     Category: Combo List
     Content: Threat actor claims to provide fresh Hotmail credential lists containing 395,000 records through a Telegram channel and file sharing service. The actor advertises daily updates of email credential databases.
     Date: 2026-04-02T11:56:39Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70801/
     Screenshots:
     None
     Threat Actors: Kokos2846q
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
329. Alleged leak of Sri Lanka Air Force Database
     Category: Data Breach
     Content: The threat actor claims to be leaked Sri Lanka Air Force Database. The compromised data reportedly contains confidential defense documents, including procurement project details, agreements related to aircraft components, international collaboration records, and internal communications associated with military operations and programs.
     Date: 2026-04-02T11:55:19Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-Selling-Sri-Lanka-Air-Force-Database
     Screenshots:
     None
     Threat Actors: ModernStealer
     Victim Country: Sri Lanka
     Victim Industry: Military Industry
     Victim Organization: sri lanka air force
     Victim Site: airforce.lk
330. Website defacement of fsckh.com by chinafans/0xteam
     Category: Defacement
     Content: Website defacement attack carried out by attacker chinafans associated with 0xteam against fsckh.com on April 2, 2026. The incident involved defacement of a single target rather than mass or repeated attacks.
     Date: 2026-04-02T11:51:20Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826744
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: fsckh.com
331. Website defacement of jasaaspalhotmixbali.com by 0xteam/chinafans
     Category: Defacement
     Content: Website defacement targeting Indonesian asphalt/road construction service company by attacker chinafans associated with 0xteam group on April 2, 2026.
     Date: 2026-04-02T11:50:43Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826746
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Indonesia
     Victim Industry: Construction/Infrastructure
     Victim Organization: Jasa Aspal Hotmix Bali
     Victim Site: jasaaspalhotmixbali.com
332. Website defacement of Srinivas Packers and Movers by chinafans/0xteam
     Category: Defacement
     Content: The chinafans attacker from 0xteam successfully defaced the website of Srinivas Packers and Movers, a transportation and logistics company. This incident was classified as a redefacement, indicating the site had been previously compromised.
     Date: 2026-04-02T11:50:08Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826747
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: India
     Victim Industry: Transportation and Logistics
     Victim Organization: Srinivas Packers and Movers
     Victim Site: srinivaspackersandmovers.com
333. Website defacement of happyocean.dk by chinafans/0xteam
     Category: Defacement
     Content: The website happyocean.dk was defaced by attacker chinafans associated with 0xteam on April 2, 2026. The defacement targeted a specific file (0x.txt) on the Danish domain.
     Date: 2026-04-02T11:49:32Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826750
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Denmark
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: happyocean.dk
334. Website defacement of giacongmyphamhcm.com by chinafans (0xteam)
     Category: Defacement
     Content: The website giacongmyphamhcm.com was defaced by the attacker chinafans associated with 0xteam on April 2, 2026. The target appears to be a Vietnamese cosmetics processing company based in Ho Chi Minh City.
     Date: 2026-04-02T11:48:55Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826753
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Vietnam
     Victim Industry: Cosmetics/Beauty
     Victim Organization: Gia Cong My Pham HCM
     Victim Site: giacongmyphamhcm.com
335. Website defacement of t2firm.com by chinafans/0xteam
     Category: Defacement
     Content: The website t2firm.com was defaced by attacker chinafans associated with the 0xteam group on April 2, 2026. The defacement targeted a specific file (0x.txt) on the victims domain.
     Date: 2026-04-02T11:48:20Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826754
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: T2 Firm
     Victim Site: t2firm.com
336. Website defacement of All Safe Alarms by chinafans (0xteam)
     Category: Defacement
     Content: The attacker chinafans from 0xteam defaced the All Safe Alarms website on April 2, 2026. The incident targeted a French security services companys website.
     Date: 2026-04-02T11:47:44Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826755
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: France
     Victim Industry: Security Services
     Victim Organization: All Safe Alarms
     Victim Site: allsafealarms.fr
337. Website defacement of jr-collections.com by chinafans/0xteam
     Category: Defacement
     Content: The website jr-collections.com was defaced by attacker chinafans from the 0xteam group on April 2, 2026. The defacement targeted a specific file (0x.txt) on the collections companys website.
     Date: 2026-04-02T11:41:29Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826708
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Retail/Collections
     Victim Organization: JR Collections
     Victim Site: jr-collections.com
338. Website defacement of ForeverDigitizing by chinafans/0xteam
     Category: Defacement
     Content: Website defacement attack against Forever Digitizing conducted by attacker chinafans associated with 0xteam. This appears to be a redefacement of a previously compromised target.
     Date: 2026-04-02T11:40:52Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826710
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Digital Services
     Victim Organization: Forever Digitizing
     Victim Site: foreverdigitizing.com
339. Website defacement of dichvuvesinhmyhome.com by chinafans (0xteam)
     Category: Defacement
     Content: The home cleaning services website dichvuvesinhmyhome.com was defaced by attacker chinafans affiliated with 0xteam on April 2, 2026. This appears to be a redefacement of a previously compromised Vietnamese cleaning service provider.
     Date: 2026-04-02T11:40:14Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826711
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Vietnam
     Victim Industry: Home Services
     Victim Organization: Dich Vu Ve Sinh My Home
     Victim Site: dichvuvesinhmyhome.com
340. Website defacement of asianetonlinebd.com by chinafans/0xteam
     Category: Defacement
     Content: The website asianetonlinebd.com was defaced by attacker chinafans associated with 0xteam on April 2, 2026. This appears to be a targeted single-site defacement rather than a mass attack.
     Date: 2026-04-02T11:39:38Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826712
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Bangladesh
     Victim Industry: Unknown
     Victim Organization: Asian Eton Online BD
     Victim Site: asianetonlinebd.com
341. Website defacement of tw.ribbon.website by chinafans (0xteam)
     Category: Defacement
     Content: The attacker chinafans from 0xteam successfully defaced tw.ribbon.website on April 2, 2026. This appears to be a targeted single-site defacement rather than a mass attack.
     Date: 2026-04-02T11:39:00Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826713
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Taiwan
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: tw.ribbon.website
342. Website defacement of dangky3g4gmobi.click by chinafans/0xteam
     Category: Defacement
     Content: The website dangky3g4gmobi.click was defaced by attacker chinafans associated with 0xteam on April 2, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
     Date: 2026-04-02T11:38:25Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826714
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: dangky3g4gmobi.click
343. Website defacement of lepalmelavinio.it by chinafans (0xteam)
     Category: Defacement
     Content: The website lepalmelavinio.it was defaced by the attacker chinafans, associated with the 0xteam group, on April 2, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
     Date: 2026-04-02T11:37:48Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826715
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Italy
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: lepalmelavinio.it
344. Website defacement of iclanzan.ro by chinafans/0xteam
     Category: Defacement
     Content: The website iclanzan.ro was defaced by attacker chinafans associated with 0xteam on April 2, 2026. This appears to be a targeted single-site defacement rather than a mass attack.
     Date: 2026-04-02T11:37:12Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826716
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Romania
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: iclanzan.ro
345. Alleged data breach of Zhejiang Education Department (zjedu.gov.cn)
     Category: Data Breach
     Content: The threat actor claims to be leaked data from Zhejiang Education Department. The compromised data reportedly contains 11M records including Full names, Chinese National ID Numbers, Parent/Guardian Names, Mobile Phone Numbers, Full Residential Addresses, School Names, Class Assignments, District/County Information.
     Date: 2026-04-02T11:36:41Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-Zhejiang-Education-Department-zjedu-gov-cn-Database-DUMPED-11M-Students-Full-PII
     Screenshots:
     None
     Threat Actors: xorcat
     Victim Country: China
     Victim Industry: Education
     Victim Organization: zhejiang education department
     Victim Site: zjedu.gov.cn
346. Website defacement of alghalyacar.com by chinafans/0xteam
     Category: Defacement
     Content: The automotive website alghalyacar.com was defaced by attacker chinafans affiliated with 0xteam on April 2, 2026. The defacement targeted a specific file (0x.txt) rather than the main homepage.
     Date: 2026-04-02T11:36:38Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826719
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Automotive
     Victim Organization: Al Ghalya Car
     Victim Site: alghalyacar.com
347. Alleged unauthorized access to surveillance system of an industrial plant in South Korea
     Category: Initial Access
     Content: The group claims to have gained unauthorized access to surveillance system of an industrial plant in South Korea
     Date: 2026-04-02T11:36:11Z
     Network: telegram
     Published URL: https://t.me/Z_Pentest_Alliance_ru/917
     Screenshots:
     None
     Threat Actors: Z-PENTEST ALLIANCE
     Victim Country: South Korea
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
348. Website defacement of s-glb.de by chinafans (0xteam)
     Category: Defacement
     Content: The website s-glb.de was defaced by the attacker chinafans associated with the 0xteam group on April 2, 2026. The defacement targeted a German domain with unknown organizational affiliation and industry sector.
     Date: 2026-04-02T11:36:01Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826720
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Germany
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: s-glb.de
349. Website defacement of optimuseo.com by chinafans/0xteam
     Category: Defacement
     Content: The website optimuseo.com was defaced by the attacker chinafans associated with 0xteam on April 2, 2026. This appears to be a targeted single-site defacement against a digital marketing/SEO service provider.
     Date: 2026-04-02T11:35:26Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826723
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Digital Marketing/SEO
     Victim Organization: Optimus SEO
     Victim Site: optimuseo.com
350. Website defacement of Global University Support by chinafans/0xteam
     Category: Defacement
     Content: The website global-university-support.de was defaced by the attacker chinafans affiliated with 0xteam on April 2, 2026. The incident targeted an educational support organization based in Germany.
     Date: 2026-04-02T11:34:51Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826724
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Germany
     Victim Industry: Education
     Victim Organization: Global University Support
     Victim Site: global-university-support.de
351. Alleged leak of mixed domain credential list
     Category: Combo List
     Content: A credential list containing 16,180 entries targeting mixed domains has been made available for free download on a cybercrime forum.
     Date: 2026-04-02T11:34:47Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70800/
     Screenshots:
     None
     Threat Actors: BestCombo
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
352. Website defacement of Motor Finland by DimasHxR
     Category: Defacement
     Content: Threat actor DimasHxR defaced the Motor Finland website on April 2, 2026. The attack targeted a specific media/customer subdirectory rather than the main homepage.
     Date: 2026-04-02T11:34:15Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826725
     Screenshots:
     None
     Threat Actors: DimasHxR
     Victim Country: Finland
     Victim Industry: Automotive
     Victim Organization: Motor Finland
     Victim Site: motorfineland.fi
353. Website defacement of mainawairimu.co.ke by chinafans/0xteam
     Category: Defacement
     Content: The website mainawairimu.co.ke was defaced by attacker chinafans affiliated with 0xteam on April 2, 2026. This appears to be a single-target defacement incident rather than a mass or redefacement attack.
     Date: 2026-04-02T11:33:40Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826735
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Kenya
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: mainawairimu.co.ke
354. Website defacement of aristokrata.net by chinafans/0xteam
     Category: Defacement
     Content: The website aristokrata.net was defaced by attacker chinafans associated with 0xteam on April 2, 2026. This incident represents a redefacement of the target site.
     Date: 2026-04-02T11:33:03Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826736
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: aristokrata.net
355. Website defacement of celiaxmoni.cz by chinafans (0xteam)
     Category: Defacement
     Content: The attacker chinafans from the 0xteam group defaced the Czech website celiaxmoni.cz on April 2, 2026. The defacement targeted a specific file (0x.txt) on the domain.
     Date: 2026-04-02T11:32:27Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826737
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Czech Republic
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: celiaxmoni.cz
356. Website defacement of 4drummer.com by chinafans/0xteam
     Category: Defacement
     Content: The website 4drummer.com was defaced by attacker chinafans from team 0xteam on April 2, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
     Date: 2026-04-02T11:31:52Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826738
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: 4drummer.com
357. Website defacement of Hochzeitsfotografen-Saar by chinafans/0xteam
     Category: Defacement
     Content: The German wedding photography website hochzeitsfotografen-saar.de was defaced by the attacker chinafans associated with 0xteam on April 2, 2026. This appears to be an isolated defacement incident targeting a small business website.
     Date: 2026-04-02T11:31:17Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826739
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Germany
     Victim Industry: Photography/Wedding Services
     Victim Organization: Hochzeitsfotografen Saar
     Victim Site: hochzeitsfotografen-saar.de
358. Website defacement of marsearthservices.com by chinafans (0xteam)
     Category: Defacement
     Content: The website marsearthservices.com was defaced by attacker chinafans affiliated with the 0xteam group on April 2, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
     Date: 2026-04-02T11:30:39Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826740
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Mars Earth Services
     Victim Site: marsearthservices.com
359. Website defacement of villageworks.biz by chinafans (0xteam)
     Category: Defacement
     Content: The website villageworks.biz was defaced by the attacker chinafans associated with the 0xteam group on April 2, 2026. This appears to be an isolated defacement incident targeting a single organizations website.
     Date: 2026-04-02T11:30:03Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826742
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Village Works
     Victim Site: villageworks.biz
360. Website defacement of zrshine.com by chinafans (0xteam)
     Category: Defacement
     Content: The website zrshine.com was defaced by attacker chinafans associated with the 0xteam group on April 2, 2026. The defacement targeted a specific file path (/0x.txt) on the victims domain.
     Date: 2026-04-02T11:29:26Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826743
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: zrshine.com
361. Cyber Attack hits Drift
     Category: Cyber Attack
     Content: Drift has been impacted by a Cyber attack, with attackers stealing approximately $285 million in digital assets. The stolen funds were subsequently converted into Ethereum (ETH) and distributed across multiple wallets, complicating recovery efforts.The exploit targeted liquidity pools on the platform, and investigators have been tracking the movement of funds across blockchains. The incident highlights ongoing security vulnerabilities in DeFi ecosystems, particularly around smart contracts and asset bridging.
     Date: 2026-04-02T11:26:57Z
     Network: openweb
     Published URL: https://www.mexc.co/en-IN/news/999235
     Screenshots:
     None
     Threat Actors:
     Victim Country: Australia
     Victim Industry: Financial Services
     Victim Organization: drift
     Victim Site: drift.trade
362. Alleged leak of multiple platform credentials combolist
     Category: Combo List
     Content: Threat actor CODER is distributing a 12 million record credential combolist containing data allegedly from multiple entertainment and media platforms including Jango, Mixcloud, ReverbNation, Crunchyroll, and Funimation through Telegram channels.
     Date: 2026-04-02T11:23:18Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70799/
     Screenshots:
     None
     Threat Actors: CODER
     Victim Country: Unknown
     Victim Industry: Entertainment and Media
     Victim Organization: Multiple (Jango, Mixcloud, ReverbNation, Crunchyroll, Funimation)
     Victim Site: Unknown
363. Website defacement of FAM Investment by chinafans/0xteam
     Category: Defacement
     Content: The website of FAM Investment, a UAE-based financial services company, was defaced by the attacker chinafans associated with 0xteam on April 2, 2026. The defacement targeted a specific file (0x.txt) on the companys domain.
     Date: 2026-04-02T11:23:10Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826681
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: United Arab Emirates
     Victim Industry: Financial Services
     Victim Organization: FAM Investment
     Victim Site: faminvestment.ae
364. Website defacement of Webasto Hradec Králové by 0xteam/chinafans
     Category: Defacement
     Content: The website of Webasto Hradec Králové, an automotive parts company in the Czech Republic, was defaced by the attacker chinafans from the 0xteam group on April 2, 2026. The defacement was documented and archived on zone-xsec.com.
     Date: 2026-04-02T11:22:37Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826682
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Czech Republic
     Victim Industry: Automotive
     Victim Organization: Webasto Hradec Králové
     Victim Site: webasto-hradec-kralove.cz
365. Website defacement of suchlove.org by chinafans/0xteam
     Category: Defacement
     Content: The website suchlove.org was defaced by attacker chinafans associated with 0xteam on April 2, 2026. The defacement targeted a specific file (0x.txt) on the domain.
     Date: 2026-04-02T11:22:03Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826684
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: suchlove.org
366. Website defacement of herbotix.com by chinafans/0xteam
     Category: Defacement
     Content: The website herbotix.com was defaced by attacker chinafans associated with 0xteam on April 2, 2026. The defacement targeted a specific file (0x.txt) on the victims domain.
     Date: 2026-04-02T11:21:31Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826685
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Herbotix
     Victim Site: herbotix.com
367. Website defacement of khabidangatya.co.za by chinafans/0xteam
     Category: Defacement
     Content: The attacker chinafans from 0xteam conducted a redefacement of the South African website khabidangatya.co.za on April 2, 2026. This appears to be a targeted individual site defacement rather than a mass attack.
     Date: 2026-04-02T11:21:00Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826686
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: South Africa
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: khabidangatya.co.za
368. Website defacement of UNAFISCO-MG by chinafans/0xteam
     Category: Defacement
     Content: The chinafans attacker from 0xteam successfully defaced the UNAFISCO-MG labor union website on April 2, 2026. The incident targeted a Brazilian fiscal auditors union organization.
     Date: 2026-04-02T11:20:25Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826687
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Brazil
     Victim Industry: Labor Union
     Victim Organization: UNAFISCO-MG
     Victim Site: unafiscomg.org.br
369. Website defacement of quantumpulsepk.com by chinafans (0xteam)
     Category: Defacement
     Content: Website defacement incident targeting quantumpulsepk.com executed by attacker chinafans associated with 0xteam group on April 2, 2026. The attack involved defacing a specific page (0x.txt) on the Pakistani website.
     Date: 2026-04-02T11:19:18Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826689
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Pakistan
     Victim Industry: Unknown
     Victim Organization: Quantum Pulse PK
     Victim Site: quantumpulsepk.com
370. Website defacement of thitgatay.com by chinafans/0xteam
     Category: Defacement
     Content: The website thitgatay.com was defaced by attacker chinafans associated with 0xteam on April 2, 2026. This incident represents a redefacement of a previously compromised target.
     Date: 2026-04-02T11:18:46Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826691
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: thitgatay.com
371. Website defacement of SRNL Construction by chinafans/0xteam
     Category: Defacement
     Content: The construction company SRNL Constructions website was defaced by the attacker chinafans associated with 0xteam on April 2, 2026. The defacement involved placing content at the path /0x.txt on the companys domain.
     Date: 2026-04-02T11:17:38Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826692
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Unknown
     Victim Industry: Construction
     Victim Organization: SRNL Construction
     Victim Site: srnlconstruction.com
372. Alleged Data Breach Of PSK WIND Technologies
     Category: Data Breach
     Content: The threat actor claims to be leaked data from PSK WIND Technologies. The compromised data reportedly contains sensitive military and operational information, including command and control system data, communication infrastructure details, and classified internal documents.
     Date: 2026-04-02T11:16:38Z
     Network: openweb
     Published URL: https://handala-hack.tw/psk-winds-defense-networks-fall-to-handala-hack/
     Screenshots:
     None
     Threat Actors: Handala Hack
     Victim Country: Israel
     Victim Industry: Information Technology (IT) Services
     Victim Organization: psk wind technologies
     Victim Site: psk-wind.com
373. Website defacement of Deka Foods by chinafans (0xteam)
     Category: Defacement
     Content: The attacker chinafans, affiliated with 0xteam, successfully defaced the Deka Foods website on April 2, 2026. The defacement targeted a Greek food companys web presence, with evidence archived on zone-xsec mirror service.
     Date: 2026-04-02T11:15:32Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826693
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: Greece
     Victim Industry: Food & Beverage
     Victim Organization: Deka Foods
     Victim Site: dekafoods.gr
374. Website defacement of MyPractice by chinafans/0xteam
     Category: Defacement
     Content: The healthcare platform MyPractice was defaced by attacker chinafans affiliated with 0xteam on April 2, 2026. The defacement targeted a New Zealand-based medical practice management service.
     Date: 2026-04-02T11:14:59Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826695
     Screenshots:
     None
     Threat Actors: chinafans, 0xteam
     Victim Country: New Zealand
     Victim Industry: Healthcare
     Victim Organization: MyPractice
     Victim Site: mypractice.co.nz
375. Alleged leak of mixed email credential combolist
     Category: Combo List
     Content: A threat actor shared a combolist containing 2,100 mixed email credentials via file sharing platform. The credentials appear to be from various sources and are being distributed for free download.
     Date: 2026-04-02T11:10:56Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70797/
     Screenshots:
     None
     Threat Actors: Kommander0
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
376. Alleged leak of educational domain credentials
     Category: Combo List
     Content: A threat actor shared a combolist containing 131,488 credential pairs targeting educational domain users. The data is being distributed for free via file sharing platform.
     Date: 2026-04-02T11:10:37Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70798/
     Screenshots:
     None
     Threat Actors: HQcomboSpace
     Victim Country: Unknown
     Victim Industry: Education
     Victim Organization: Unknown
     Victim Site: Unknown
377. Website defacement of winmate88login.com by xNight (JBR team)
     Category: Defacement
     Content: JBR team member xNight defaced the login page of Winmate88, an online gaming/gambling platform, on April 2, 2026. This was a targeted single-site defacement rather than part of a mass campaign.
     Date: 2026-04-02T11:08:30Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826651
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Unknown
     Victim Industry: Online Gaming/Gambling
     Victim Organization: Winmate88
     Victim Site: winmate88login.com
378. Website defacement of Winner Casino UK by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from the JBR team successfully defaced the Winner Casino UK website on April 2, 2026. This was a single home page defacement of the online gambling platform.
     Date: 2026-04-02T11:07:58Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826654
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: Winner Casino UK
     Victim Site: winnercasinouk-uk.com
379. Website defacement of Wino Casino by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight, associated with the JBR team, successfully defaced the homepage of Wino Casinos Swedish website on April 2, 2026. This was a targeted single-site defacement of an online gambling platform.
     Date: 2026-04-02T11:07:24Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826655
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Sweden
     Victim Industry: Gaming/Gambling
     Victim Organization: Wino Casino
     Victim Site: wino-casino.com.se
380. Website defacement of Wino Casino by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the homepage of Wino Casinos UK website on April 2, 2026. This was a targeted home page defacement rather than a mass defacement campaign.
     Date: 2026-04-02T11:06:52Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826656
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: Wino Casino
     Victim Site: winocasino-unitedkingdom.com
381. Website defacement of winomaniaapp-uk.com by xNight (JBR team)
     Category: Defacement
     Content: The UK gaming application website winomaniaapp-uk.com was defaced by threat actor xNight from the JBR team on April 2, 2026. This was a targeted home page defacement rather than a mass defacement campaign.
     Date: 2026-04-02T11:06:19Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826657
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Entertainment
     Victim Organization: Winomania App UK
     Victim Site: winomaniaapp-uk.com
382. Website defacement of Winzter Casino by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from the JBR team successfully defaced the homepage of Winzter Casino UK on April 2, 2026. This was a targeted single-site home page defacement of a UK-based online gambling platform.
     Date: 2026-04-02T11:05:46Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826659
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: Winzter Casino
     Victim Site: winztercasino-uk.com
383. Website defacement of wizz-spin.se by xNight (JBR team)
     Category: Defacement
     Content: The website wizz-spin.se was defaced on April 2, 2026 by attacker xNight associated with the JBR team. This was a single home page defacement rather than a mass attack.
     Date: 2026-04-02T11:05:13Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826661
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Sweden
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: wizz-spin.se
384. Website defacement of Woah99 Casino by xNight (JBR team)
     Category: Defacement
     Content: The Australian online casino Woah99 Casino was defaced by attacker xNight from the JBR team on April 2, 2026. This was a single home page defacement targeting the gambling platforms main website.
     Date: 2026-04-02T11:04:30Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826662
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Australia
     Victim Industry: Gaming/Gambling
     Victim Organization: Woah99 Casino
     Victim Site: woah99casinoau.com
385. Website defacement of Worcestershire Works Well by xNight/JBR team
     Category: Defacement
     Content: The attacker xNight from team JBR conducted a home page defacement of the Worcestershire Works Well employment services website on April 2, 2026. This was a targeted single-site defacement rather than part of a mass campaign.
     Date: 2026-04-02T11:04:05Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826664
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Employment/Workforce Development
     Victim Organization: Worcestershire Works Well
     Victim Site: worcestershireworkswell.co.uk
386. Website defacement of xPokies Casino by xNight (JBR team)
     Category: Defacement
     Content: The xPokies Casino Australia website was defaced by attacker xNight from the JBR team on April 2, 2026. This was a single-target home page defacement of the gambling platforms main site.
     Date: 2026-04-02T11:03:33Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826667
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Australia
     Victim Industry: Gaming/Gambling
     Victim Organization: xPokies Casino
     Victim Site: xpokies-casino-au.com
387. Website defacement of youthcasino.jp by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the homepage of youthcasino.jp on April 2, 2026. This was a targeted single-site defacement of a Japanese gaming/casino website.
     Date: 2026-04-02T11:02:59Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826670
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Japan
     Victim Industry: Gaming/Gambling
     Victim Organization: Youth Casino
     Victim Site: youthcasino.jp
388. Website defacement of Yukon Gold Casino UK by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the homepage of Yukon Gold Casino UKs website on April 2, 2026. This was a single-target home page defacement of the gambling operators UK domain.
     Date: 2026-04-02T11:01:57Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826671
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: Yukon Gold Casino UK
     Victim Site: yukongoldcasino-uk.com
389. Website defacement of yummy-wins1.co.uk by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the yummy-wins1.co.uk website on April 2, 2026. This was a targeted home page defacement of what appears to be a gaming or gambling-related website.
     Date: 2026-04-02T11:00:48Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826672
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: Unknown
     Victim Site: yummy-wins1.co.uk
390. Alleged leak of Gmail credentials
     Category: Combo List
     Content: Threat actor D4rkNetHub allegedly made available a combolist containing approximately 309,900 Gmail credentials on a cybercrime forum. The post is located in a section dedicated to credential lists and database dumps.
     Date: 2026-04-02T11:00:34Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70796/
     Screenshots:
     None
     Threat Actors: D4rkNetHub
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Google
     Victim Site: gmail.com
391. Website defacement of zazivasen.sk by xNight (JBR team)
     Category: Defacement
     Content: The website zazivasen.sk was defaced by attacker xNight affiliated with the JBR team on April 2, 2026. This was a single-site home page defacement rather than a mass attack.
     Date: 2026-04-02T11:00:15Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826673
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Slovakia
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: zazivasen.sk
392. Website defacement of Zoome Casino by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from the JBR team successfully defaced the home page of Zoome Casinos website on April 2, 2026. This was a targeted single-site defacement rather than a mass attack campaign.
     Date: 2026-04-02T10:59:43Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826678
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Unknown
     Victim Industry: Gaming/Casino
     Victim Organization: Zoome Casino
     Victim Site: zoomecasino7.com
393. Website defacement of zp.com.pe by xNight (JBR team)
     Category: Defacement
     Content: The website zp.com.pe was defaced by attacker xNight from the JBR team on April 2, 2026. This was a home page defacement targeting a single Peruvian website.
     Date: 2026-04-02T10:59:10Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826679
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Peru
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: zp.com.pe
394. Website defacement of Rizk Casino by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the home page of Rizk Casinos New Zealand website on April 2, 2026. This was a targeted single-site attack rather than part of a mass defacement campaign.
     Date: 2026-04-02T10:53:01Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826280
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: New Zealand
     Victim Industry: Gaming/Gambling
     Victim Organization: Rizk Casino
     Victim Site: rizk-casino.nz
395. Website defacement of rocketcrashgame.in by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the home page of rocketcrashgame.in, an Indian gaming website, on April 2, 2026. This was a single-target home page defacement with no mass defacement or redefacement characteristics.
     Date: 2026-04-02T10:52:28Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826284
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: India
     Victim Industry: Gaming/Entertainment
     Victim Organization: Rocket Crash Game
     Victim Site: rocketcrashgame.in
396. Website defacement of roguecasino-uk.com by xNight (JBR team)
     Category: Defacement
     Content: The gambling website roguecasino-uk.com was defaced by threat actor xNight, affiliated with the JBR team, on April 2, 2026. This was a targeted home page defacement of the UK-based casino platform.
     Date: 2026-04-02T10:51:56Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826285
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: Rogue Casino UK
     Victim Site: roguecasino-uk.com
397. Website defacement of rolletto9.uk by xNight (JBR team)
     Category: Defacement
     Content: The JBR team member xNight successfully defaced the home page of rolletto9.uk, an online gambling platform, on April 2nd, 2026. This was a targeted single-site defacement rather than part of a mass campaign.
     Date: 2026-04-02T10:51:23Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826286
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: Rolletto
     Victim Site: rolletto9.uk
398. Website defacement of rollettobonus-uk.com by xNight (JBR team)
     Category: Defacement
     Content: The JBR team member xNight successfully defaced the UK-based online gambling bonus site rollettobonus-uk.com on April 2, 2026. This was a targeted home page defacement affecting the main index page of the gambling-related website.
     Date: 2026-04-02T10:50:46Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826287
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Online Gaming/Gambling
     Victim Organization: Rolletto Bonus UK
     Victim Site: rollettobonus-uk.com
399. Website defacement of rollxoaustralia1.com by xNight (JBR team)
     Category: Defacement
     Content: The website rollxoaustralia1.com was defaced by attacker xNight from the JBR team on April 2nd, 2026. This was a single home page defacement targeting an Australian domain.
     Date: 2026-04-02T10:50:13Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826290
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Australia
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: rollxoaustralia1.com
400. Alleged leak of Hotmail credentials
     Category: Combo List
     Content: Threat actor HollowKnight07 shared a sample of 565 Hotmail credentials as a free download on CrackingX forum.
     Date: 2026-04-02T10:49:42Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70794/
     Screenshots:
     None
     Threat Actors: HollowKnight07
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
401. Website defacement of Roo Casino by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from JBR team defaced the homepage of Roo Casino Australia on April 2, 2026. This was a single-target home page defacement of the Australian online casino website.
     Date: 2026-04-02T10:49:38Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826292
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Australia
     Victim Industry: Gaming/Gambling
     Victim Organization: Roo Casino
     Victim Site: roo-casinoau.com
402. Alleged leak of Hotmail credentials
     Category: Combo List
     Content: A threat actor shared a combolist containing 459 Hotmail credentials described as premium hits on a cybercrime forum.
     Date: 2026-04-02T10:49:21Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70793/
     Screenshots:
     None
     Threat Actors: Hotmail Cloud
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
403. Website defacement of Roobet Casino by xNight (JBR team)
     Category: Defacement
     Content: The gambling website roobet-casino.jp was defaced by attacker xNight affiliated with the JBR team on April 2, 2026. This was a single-target home page defacement rather than a mass attack.
     Date: 2026-04-02T10:49:06Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826293
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Japan
     Victim Industry: Gaming/Gambling
     Victim Organization: Roobet Casino
     Victim Site: roobet-casino.jp
404. Alleged leak of credential combolist containing 22,000 records
     Category: Combo List
     Content: A threat actor shared a credential combolist containing 22,000 records on a cybercriminal forum. The specific source and composition of the credentials are unknown as the content requires registration to view.
     Date: 2026-04-02T10:49:03Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70795/
     Screenshots:
     None
     Threat Actors: UniqueCombo
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
405. Website defacement of rooliau.com by xNight (JBR team)
     Category: Defacement
     Content: The threat actor xNight, affiliated with the JBR team, successfully defaced the home page of rooliau.com on April 2, 2026. This was a targeted single-site attack rather than part of a mass defacement campaign.
     Date: 2026-04-02T10:48:33Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826299
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: rooliau.com
406. Website defacement of Roospin Australia by xNight (JBR team)
     Category: Defacement
     Content: On April 2, 2026, the attacker xNight from the JBR team successfully defaced the homepage of roospin-australia.com. This was a targeted single-site defacement rather than part of a mass campaign.
     Date: 2026-04-02T10:47:29Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826300
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Australia
     Victim Industry: Unknown
     Victim Organization: Roospin Australia
     Victim Site: roospin-australia.com
407. Alleged Sale of Zepto SMTP Access
     Category: Initial Access
     Content: Threat actor claims to be selling access to a Zepto SMTP service with a dashboard interface. The offering includes SMTP access, dashboard control, custom domain support, and a base sending capacity of 10,000 emails. The service is advertised for email campaigns with scalable sending limits and is priced at USD 150.
     Date: 2026-04-02T10:47:24Z
     Network: openweb
     Published URL: https://forum.exploit.in/topic/279715/
     Screenshots:
     None
     Threat Actors: Without Warning
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
408. Website defacement of roospinau.com by xNight (JBR team)
     Category: Defacement
     Content: The website roospinau.com was defaced by attacker xNight from the JBR team on April 2, 2026. This was a single-target home page defacement rather than a mass attack.
     Date: 2026-04-02T10:46:54Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826301
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Australia
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: roospinau.com
409. Website defacement of roospins-au.com by xNight (JBR team)
     Category: Defacement
     Content: The xNight attacker from the JBR team successfully defaced the homepage of roospins-au.com, an Australian online gaming platform, on April 2, 2026.
     Date: 2026-04-02T10:46:20Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826303
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Australia
     Victim Industry: Online Gaming
     Victim Organization: Roospins
     Victim Site: roospins-au.com
410. Website defacement of Rose Casino UK by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the homepage of Rose Casino UKs website on April 2, 2026. This was a targeted single-site defacement affecting the main index page of the online casino platform.
     Date: 2026-04-02T10:45:45Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826305
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: Rose Casino UK
     Victim Site: rose-casino-uk.com
411. Website defacement of royal-fortune3.uk by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the royal-fortune3.uk website on April 2, 2026. This was a single home page defacement targeting the main index page of the domain.
     Date: 2026-04-02T10:45:11Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826306
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: royal-fortune3.uk
412. Website defacement of royal-reels-7au.com by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the homepage of royal-reels-7au.com, an Australian gambling website, on April 2, 2026. This was a targeted single-site home page defacement with no indication of mass defacement activity.
     Date: 2026-04-02T10:44:37Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/826309
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Australia
     Victim Industry: Gaming/Gambling
     Victim Organization: Royal Reels
     Victim Site: royal-reels-7au.com
413. Alleged data breach of Trilateral Cooperation Secretariat
     Category: Data Breach
     Content: The threat actor claims to be selling data from Trilateral Cooperation Secretariat. The compromised data reportedly contains 467K records including Primary customer and contact information from website interactions containing Contact ID, Full Name, Email Address, Website URL, Customer support ticket records capturing inquiries and responses and more
     Date: 2026-04-02T10:42:11Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-468k-Japan-https-jp-tcs-asia-org-Sensitive-admin-account-data-with-encrypted-p
     Screenshots:
     None
     Threat Actors: gtaviispeak
     Victim Country: South Korea
     Victim Industry: International Affairs
     Victim Organization: trilateral cooperation secretariat
     Victim Site: jp.tcs-asia.org
414. Website defacement of Jokaroom Australia by xNight (JBR team)
     Category: Defacement
     Content: The Australian online casino website Jokaroom Australia was defaced by attacker xNight from the JBR team on April 2, 2026. This was a targeted home page defacement rather than a mass attack.
     Date: 2026-04-02T10:38:26Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825883
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Australia
     Victim Industry: Online Gaming/Gambling
     Victim Organization: Jokaroom Australia
     Victim Site: jokaroom-australia.com
415. Website defacement of iWild Casino UK by xNight (JBR team)
     Category: Defacement
     Content: On April 2, 2026, attacker xNight from the JBR team successfully defaced the homepage of iWild Casino UKs website. This was a targeted single-site attack rather than part of a mass defacement campaign.
     Date: 2026-04-02T10:37:54Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825884
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: iWild Casino UK
     Victim Site: iwildcasinouk-uk.com
416. Website defacement of jaakcasinobonus-uk.com by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the UK-based casino bonus website jaakcasinobonus-uk.com on April 2, 2026. This was a single home page defacement rather than a mass attack.
     Date: 2026-04-02T10:37:21Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825886
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: Jaak Casino Bonus UK
     Victim Site: jaakcasinobonus-uk.com
417. Website defacement of Jaak Casino UK by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the homepage of Jaak Casino UK on April 2, 2026. This was a targeted single-site attack affecting the main index page of the online casino website.
     Date: 2026-04-02T10:36:47Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825887
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: Jaak Casino UK
     Victim Site: jaakcasinouk-uk.com
418. Alleged Cyberattack threat targeting to PSK WIND Technologies
     Category: Cyber Attack
     Content: A recent post by the group claims that they are targeting PSK WIND Technologies
     Date: 2026-04-02T10:36:18Z
     Network: telegram
     Published URL: https://t.me/cyberbannews_ir/20906
     Screenshots:
     None
     Threat Actors:
     Victim Country: Israel
     Victim Industry: Defense & Space
     Victim Organization: Unknown
     Victim Site: Unknown
419. Website defacement of jackandthebeanstalki.com by xNight/JBR team
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the homepage of jackandthebeanstalki.com on April 2, 2026. This was a single-target home page defacement rather than a mass attack.
     Date: 2026-04-02T10:36:14Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825888
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: jackandthebeanstalki.com
420. Website defacement of jackbitpromocode-uk.com by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from the JBR team successfully defaced the Jackbit promotional website targeting UK users on April 2, 2026. This appears to be a single-target home page defacement rather than a mass attack.
     Date: 2026-04-02T10:35:41Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825889
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: Jackbit Promo Code UK
     Victim Site: jackbitpromocode-uk.com
421. Website defacement of JooCasino UK by xNight/JBR team
     Category: Defacement
     Content: The UK-based online casino website JooCasino UK was defaced by attacker xNight from the JBR team on April 2nd, 2026. This was a targeted home page defacement affecting the main index page of the gambling platform.
     Date: 2026-04-02T10:35:08Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825892
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Online Casino
     Victim Organization: JooCasino UK
     Victim Site: joocasino-uk.com
422. Website defacement of Joo Casino by xNight (JBR team)
     Category: Defacement
     Content: The online gambling platform Joo Casino was defaced by threat actor xNight, affiliated with the JBR team, on April 2, 2026. This was a targeted home page defacement rather than a mass attack.
     Date: 2026-04-02T10:34:30Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825893
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Unknown
     Victim Industry: Online gambling
     Victim Organization: Joo Casino
     Victim Site: joocasino7.com
423. Website defacement of JoyCasino Japan by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the homepage of JoyCasino Japans website on April 2, 2026. This was a targeted single-site defacement affecting the Japanese gambling platforms main index page.
     Date: 2026-04-02T10:33:56Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825894
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Japan
     Victim Industry: Gaming/Gambling
     Victim Organization: JoyCasino Japan
     Victim Site: joycasino-japan.com
424. Website defacement of just-casinode.com by xNight (JBR team)
     Category: Defacement
     Content: The gambling website just-casinode.com was defaced by attacker xNight from the JBR team on April 2, 2026. This was a targeted home page defacement rather than a mass attack.
     Date: 2026-04-02T10:33:23Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825898
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Unknown
     Victim Industry: Gaming/Gambling
     Victim Organization: Unknown
     Victim Site: just-casinode.com
425. Website defacement of JustCasino UK by xNight (JBR team)
     Category: Defacement
     Content: The JustCasino UK gambling website was defaced by attacker xNight from the JBR team on April 2, 2026. This was a targeted home page defacement of the online casino platform.
     Date: 2026-04-02T10:32:49Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825899
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: JustCasino UK
     Victim Site: justcasino-uk.com
426. Website defacement of kaasino-uk.net by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the homepage of kaasino-uk.net, a UK-based casino website, on April 2, 2026. This was identified as a home defacement targeting a single site rather than a mass defacement campaign.
     Date: 2026-04-02T10:32:16Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825901
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Casino
     Victim Organization: Unknown
     Victim Site: kaasino-uk.net
427. Website defacement of Kahuna Casino by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the homepage of Kahuna Casino Australia on April 2, 2026. This was a targeted single-site defacement of the online gambling platforms main website.
     Date: 2026-04-02T10:31:44Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825904
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Australia
     Victim Industry: Gaming/Gambling
     Victim Organization: Kahuna Casino
     Victim Site: kahuna-casino-au.com
428. Website defacement of karambapromocode-uk.com by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from the JBR team successfully defaced the home page of karambapromocode-uk.com, a UK-based gambling promotional website, on April 2nd, 2026.
     Date: 2026-04-02T10:31:10Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825907
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: Karamba Promo Code UK
     Victim Site: karambapromocode-uk.com
429. Website defacement of Katana Casino UK by xNight (JBR team)
     Category: Defacement
     Content: The JBR team member xNight successfully defaced the homepage of Katana Casino UK on April 2, 2026. This was a single-target defacement of the online gambling platforms main page.
     Date: 2026-04-02T10:30:37Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825908
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: Katana Casino UK
     Victim Site: katana-casino-uk.com
430. Website defacement of Katana Casino UK by xNight (JBR team)
     Category: Defacement
     Content: The homepage of Katana Casino UK was defaced by attacker xNight, associated with the JBR team, on April 2nd, 2026. This represents a targeted attack against a UK-based online gambling platform.
     Date: 2026-04-02T10:30:04Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825909
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gambling/Gaming
     Victim Organization: Katana Casino UK
     Victim Site: katanacasino-uk.com
431. Alleged leak of credential combolist containing 27.7 million records
     Category: Combo List
     Content: A threat actor shared a credential combolist containing 27.7 million lines of data in a 1.6GB file on a cybercrime forum. The post appears to offer free access to registered users rather than selling the data.
     Date: 2026-04-02T10:26:24Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70792/
     Screenshots:
     None
     Threat Actors: VitVit
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
432. Website defacement of casiniafr.com by xNight (JBR team)
     Category: Defacement
     Content: The website casiniafr.com was defaced by attacker xNight affiliated with the JBR team on April 2, 2026. This was a single home page defacement targeting the main index page of the site.
     Date: 2026-04-02T10:24:05Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825379
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: France
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: casiniafr.com
433. Website defacement of casino-classic-uk.com by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the homepage of casino-classic-uk.com on April 2, 2026. This was a single-target home page defacement of a UK-based online casino website.
     Date: 2026-04-02T10:23:30Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825380
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: Casino Classic UK
     Victim Site: casino-classic-uk.com
434. Website defacement of Casino Jax by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the homepage of casino-jax-au.com on April 2, 2026. This was a targeted home page defacement of an Australian online casino website.
     Date: 2026-04-02T10:22:53Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825381
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Australia
     Victim Industry: Gaming/Gambling
     Victim Organization: Casino Jax
     Victim Site: casino-jax-au.com
435. Website defacement of casino-jaxau.com by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight, affiliated with the JBR team, successfully defaced the homepage of casino-jaxau.com on April 2, 2026. This was a targeted home page defacement of a gambling website rather than a mass defacement campaign.
     Date: 2026-04-02T10:22:16Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825382
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Unknown
     Victim Industry: Gaming/Gambling
     Victim Organization: Casino Jaxau
     Victim Site: casino-jaxau.com
436. Website defacement of Casino Joy UK by xNight (JBR team)
     Category: Defacement
     Content: On April 2, 2026, the Casino Joy UK gambling website was defaced by attacker xNight from the JBR team. This was a targeted home page defacement rather than a mass attack.
     Date: 2026-04-02T10:21:41Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825383
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: Casino Joy UK
     Victim Site: casino-joy-uk.com
437. Website defacement of casino-leo.jp by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from the JBR team defaced the main page of Japanese gambling website casino-leo.jp on April 2, 2026. This was a single-site home page defacement targeting the gaming industry.
     Date: 2026-04-02T10:21:02Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825384
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Japan
     Victim Industry: Gaming/Gambling
     Victim Organization: Casino Leo
     Victim Site: casino-leo.jp
438. Website defacement of Casino Lucki by xNight/JBR team
     Category: Defacement
     Content: The home page of Casino Lucki UKs website was defaced by attacker xNight from the JBR team on April 2, 2026. This was a single-target defacement affecting the main index page of the online casino platform.
     Date: 2026-04-02T10:20:26Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825385
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: Casino Lucki
     Victim Site: casino-lucki-uk.com
439. Website defacement of casino-wino-uk.com by xNight (JBR team)
     Category: Defacement
     Content: The UK-based gambling website casino-wino-uk.com was defaced by attacker xNight, affiliated with the JBR team, on April 2, 2026. This was a targeted home page defacement rather than a mass attack.
     Date: 2026-04-02T10:19:41Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825387
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: Casino Wino UK
     Victim Site: casino-wino-uk.com
440. Website defacement of Casino Fantastico UK by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the homepage of Casino Fantastico UKs website on April 2nd, 2026. This was a targeted single-site defacement rather than a mass attack campaign.
     Date: 2026-04-02T10:19:05Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825389
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Entertainment
     Victim Organization: Casino Fantastico UK
     Victim Site: casinofantastico-uk.com
441. Website defacement of casinoflappy.com.se by xNight/JBR team
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the homepage of casinoflappy.com.se, a Swedish gaming/casino website, on April 2, 2026. This was a targeted home page defacement rather than a mass attack.
     Date: 2026-04-02T10:18:29Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825390
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Sweden
     Victim Industry: Gaming/Gambling
     Victim Organization: Casino Flappy
     Victim Site: casinoflappy.com.se
442. Website defacement of Casino Friday by xNight (JBR team)
     Category: Defacement
     Content: The gambling website Casino Friday was defaced by attacker xNight from the JBR team on April 2, 2026. This was a targeted home page defacement of the Swedish online casino platform.
     Date: 2026-04-02T10:17:54Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825391
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Sweden
     Victim Industry: Gaming/Gambling
     Victim Organization: Casino Friday
     Victim Site: casinofriday.se
443. Website defacement of Casino Kingdom by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR defaced the homepage of Casino Kingdom, a New Zealand gambling website, on April 2, 2026. This was a targeted single-site defacement rather than part of a mass campaign.
     Date: 2026-04-02T10:17:17Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825393
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: New Zealand
     Victim Industry: Gaming/Gambling
     Victim Organization: Casino Kingdom
     Victim Site: casinokingdom1.nz
444. Website defacement of Casino Kingdom Online by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the home page of Casino Kingdom Online, a New Zealand-based online gambling website, on April 2, 2026.
     Date: 2026-04-02T10:16:42Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825395
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: New Zealand
     Victim Industry: Gaming/Gambling
     Victim Organization: Casino Kingdom Online
     Victim Site: casinokingdomonline.nz
445. Website defacement of CasinoLab9 by xNight (JBR team)
     Category: Defacement
     Content: On April 2, 2026, threat actor xNight from the JBR team successfully defaced the homepage of CasinoLab9, a UK-based gambling website. This was a targeted home page defacement rather than a mass attack campaign.
     Date: 2026-04-02T10:16:06Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825396
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: CasinoLab9
     Victim Site: casinolab9.co.uk
446. Website defacement of CasinoMate online casino by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the homepage of CasinoMate, an Australian online casino website, on April 2, 2026. This was a targeted single-site home page defacement rather than a mass attack.
     Date: 2026-04-02T10:15:29Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825400
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Australia
     Victim Industry: Gaming/Gambling
     Victim Organization: CasinoMate
     Victim Site: casinomateonlineau.com
447. Website defacement of Casino Planet UK by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the homepage of Casino Planet UKs website on April 2, 2026. This was a targeted single-site defacement rather than part of a mass attack campaign.
     Date: 2026-04-02T10:14:54Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825404
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: Casino Planet UK
     Victim Site: casinoplanetuk-uk.com
448. Website defacement of casinoprank.se by xNight (JBR team)
     Category: Defacement
     Content: The Swedish gaming website casinoprank.se was defaced by attacker xNight from the JBR team on April 2, 2026. This was a single-target home page defacement rather than a mass attack.
     Date: 2026-04-02T10:14:19Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825405
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Sweden
     Victim Industry: Gaming/Entertainment
     Victim Organization: Unknown
     Victim Site: casinoprank.se
449. Website defacement of casinopurplelogin-uk.com by xNight (JBR team)
     Category: Defacement
     Content: The JBR team member xNight successfully defaced the UK-based Casino Purple login website on April 2, 2026. This was a targeted home page defacement of a gambling platform serving UK users.
     Date: 2026-04-02T10:13:41Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825406
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: Casino Purple
     Victim Site: casinopurplelogin-uk.com
450. Website defacement of Casino Tiki Taka by xNight (JBR team)
     Category: Defacement
     Content: The homepage of Czech casino website Casino Tiki Taka was defaced by attacker xNight from the JBR team on April 2, 2026. This was a targeted single-site defacement rather than part of a mass campaign.
     Date: 2026-04-02T10:13:05Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825407
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Czech Republic
     Victim Industry: Gaming/Casino
     Victim Organization: Casino Tiki Taka
     Victim Site: casinotikitaka.cz
451. Website defacement of 123 Casino UK by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the homepage of 123 Casino UK on April 2, 2026. This was a single-target home page defacement of the UK-based gambling website.
     Date: 2026-04-02T10:06:59Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825072
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: 123 Casino UK
     Victim Site: 123-casino-uk.com
452. Website defacement of 123casino-uk.com by xNight (JBR team)
     Category: Defacement
     Content: On April 2, 2026, the attacker xNight from team JBR successfully defaced the homepage of 123casino-uk.com, a UK-based online casino website. This was a targeted home page defacement rather than a mass attack.
     Date: 2026-04-02T10:06:26Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825073
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: 123 Casino UK
     Victim Site: 123casino-uk.com
453. Website defacement of 15dragonpearls.com by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the homepage of 15dragonpearls.com on April 2, 2026. This was a single-target home page defacement with no indication of mass compromise or previous attacks on the same site.
     Date: 2026-04-02T10:05:50Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825075
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: 15dragonpearls.com
454. Website defacement of 1Red Casino UK by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the homepage of 1Red Casino UKs website on April 2, 2026. This was a targeted single-site defacement rather than a mass attack.
     Date: 2026-04-02T10:05:15Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825076
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gambling/Casino
     Victim Organization: 1Red Casino
     Victim Site: 1redcasinoapp-uk.com
455. Website defacement of 1Red Casino by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the login page of 1Red Casinos UK website on April 2, 2026. This was a targeted home page defacement rather than a mass defacement campaign.
     Date: 2026-04-02T10:04:42Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825077
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: 1Red Casino
     Victim Site: 1redcasinologin-uk.com
456. Website defacement of 1redcasinopromocode-uk.com by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the UK-based casino promotional website 1redcasinopromocode-uk.com on April 2, 2026. This was a targeted home page defacement rather than a mass attack.
     Date: 2026-04-02T10:04:07Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825078
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: 1Red Casino
     Victim Site: 1redcasinopromocode-uk.com
457. Website defacement of 1redcasinouk-uk.com by xNight/JBR team
     Category: Defacement
     Content: On April 2, 2026, the attacker xNight from team JBR successfully defaced the homepage of 1Red Casino UKs website. This was a targeted single-site defacement of the UK-based online casino platform.
     Date: 2026-04-02T10:03:34Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825079
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gaming/Gambling
     Victim Organization: 1Red Casino UK
     Victim Site: 1redcasinouk-uk.com
458. Website defacement of 1win-bonus.de by xNight (JBR team)
     Category: Defacement
     Content: The German online gaming website 1win-bonus.de was defaced by threat actor xNight from the JBR team on April 2, 2026. This was a targeted single-site defacement affecting the main index page of the gambling platform.
     Date: 2026-04-02T10:03:00Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825080
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: Germany
     Victim Industry: Online Gaming/Gambling
     Victim Organization: 1Win Bonus
     Victim Site: 1win-bonus.de
459. Website defacement of 1win-casinofr.com by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from team JBR successfully defaced the homepage of 1win-casinofr.com, an online casino website targeting French users, on April 2, 2026.
     Date: 2026-04-02T10:02:27Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825082
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: France
     Victim Industry: Gambling/Online Casino
     Victim Organization: 1Win Casino
     Victim Site: 1win-casinofr.com
460. Website defacement of 1winapp-uk.com by xNight (JBR team)
     Category: Defacement
     Content: The JBR team member xNight successfully defaced the UK version of 1Win gambling platforms website on April 2, 2026. This was a targeted home page defacement rather than a mass attack.
     Date: 2026-04-02T10:01:53Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825083
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Online Gaming/Gambling
     Victim Organization: 1Win
     Victim Site: 1winapp-uk.com
461. Website defacement of 1winbetting-uk.com by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight from the JBR team successfully defaced the homepage of 1winbetting-uk.com, a UK-based online betting platform, on April 2, 2026. This was a single-target home page defacement rather than a mass attack.
     Date: 2026-04-02T10:01:20Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825084
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Gambling/Betting
     Victim Organization: 1Win Betting
     Victim Site: 1winbetting-uk.com
462. Website defacement of 1winbonus-uk.com by xNight (JBR team)
     Category: Defacement
     Content: The JBR team member xNight successfully defaced the homepage of 1winbonus-uk.com, a UK-based online gambling bonus website. This was a single-target home page defacement occurring on April 2, 2026.
     Date: 2026-04-02T10:00:45Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825085
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Online gambling/betting
     Victim Organization: 1Win Bonus UK
     Victim Site: 1winbonus-uk.com
463. Website defacement of 1windeposit-uk.com by xNight (JBR team)
     Category: Defacement
     Content: The attacker xNight, affiliated with team JBR, successfully defaced the homepage of 1windeposit-uk.com, an online gambling platform targeting UK users. This was a targeted single-site attack rather than part of a mass defacement campaign.
     Date: 2026-04-02T10:00:12Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825086
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Online Gambling
     Victim Organization: 1Win
     Victim Site: 1windeposit-uk.com
464. Website defacement of 1winpromocode-uk.com by xNight (JBR team)
     Category: Defacement
     Content: The gambling promotional website 1winpromocode-uk.com was defaced by attacker xNight from the JBR team on April 2, 2026. This was a single home page defacement targeting the UK promotional site for 1Win gambling services.
     Date: 2026-04-02T09:59:39Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825088
     Screenshots:
     None
     Threat Actors: xNight, JBR
     Victim Country: United Kingdom
     Victim Industry: Online Gambling/Gaming
     Victim Organization: 1Win
     Victim Site: 1winpromocode-uk.com
465. Alleged leak of Hotmail credentials
     Category: Combo List
     Content: Actor snowstormxd shared what appears to be Hotmail credentials through a Telegram channel, advertising the content as UHQ HOTMAIL combolist available for free download.
     Date: 2026-04-02T09:48:49Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70791/
     Screenshots:
     None
     Threat Actors: snowstormxd
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
466. Website defacement of used office furniture marketplace by DimasHxR
     Category: Defacement
     Content: Individual attacker DimasHxR conducted a redefacement attack against a used office furniture marketplace website. This represents a repeated compromise of the same target, indicating persistent vulnerabilities or inadequate security remediation.
     Date: 2026-04-02T09:42:36Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825035
     Screenshots:
     None
     Threat Actors: DimasHxR
     Victim Country: Unknown
     Victim Industry: Retail/E-commerce
     Victim Organization: Unknown
     Victim Site: www.usedofficefurnituremarket….
467. Website defacement of HorusRC by DimasHxR
     Category: Defacement
     Content: Threat actor DimasHxR conducted a redefacement attack against horusrc.com on April 2, 2026. The attack targeted a specific media/customer section of the website rather than the homepage.
     Date: 2026-04-02T09:41:59Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825047
     Screenshots:
     None
     Threat Actors: DimasHxR
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: HorusRC
     Victim Site: horusrc.com
468. Alleged data breach of Conrad Electronic
     Category: Data Breach
     Content: The threat actor claims to be selling data from Conrad Electronic. The compromised data reportedly contains 437,000 customer records, including personal contact information, order and transaction details, and customer support ticket data.
     Date: 2026-04-02T09:38:53Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-437k-Germany-https-www-conrad-de-Customer-contact-data-with-emails-phone-numb
     Screenshots:
     None
     Threat Actors: Grubder
     Victim Country: Germany
     Victim Industry: E-commerce & Online Stores
     Victim Organization: conrad electronic
     Victim Site: conrad.de
469. Alleged data breach of Broil King
     Category: Data Breach
     Content: The threat actor claims to be selling data from Broil King. The compromised data reportedly contains approximately 368,000 customer records, including personal contact information, product registration details, and customer feedback data.Note: This organization was previously breached on Jan 04 2026
     Date: 2026-04-02T09:35:40Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-368k-Canada-www-broilkingbbq-com-Customer-contacts-including-emails-phone-numbe
     Screenshots:
     None
     Threat Actors: Grubder
     Victim Country: Canada
     Victim Industry: Consumer Goods
     Victim Organization: broil king
     Victim Site: broilkingbbq.com
470. Alleged data breach of Napoleon
     Category: Data Breach
     Content: The threat actor claims to be selling data from Napoleon. The compromised data reportedly contains 463,000 customer records, including personal contact information, order and transaction details, and customer support ticket data.
     Date: 2026-04-02T09:24:09Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-463k-Canada-www-napoleon-com-Customer-records-with-contact-account-sales-and
     Screenshots:
     None
     Threat Actors: Grubder
     Victim Country: Canada
     Victim Industry: Manufacturing
     Victim Organization: napoleon
     Victim Site: napoleon.com
471. Alleged data breach of O2 Czech Republic
     Category: Data Breach
     Content: The threat actor claims to be selling data from O2 Czech Republic. The compromised data reportedly contains approximately 482,000 customer records, including personal contact information, telecom service order history, and customer support ticket data.
     Date: 2026-04-02T09:14:47Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-482k-Czech-Republic-https-www-o2-cz-Telecom-contacts-dataset-including-emails
     Screenshots:
     None
     Threat Actors: Grubder
     Victim Country: Czech Republic
     Victim Industry: Network & Telecommunications
     Victim Organization: o2 czech republic
     Victim Site: o2.cz
472. Alleged data breach of Ain Shams University
     Category: Data Breach
     Content: The threat actor claims to be selling data from Ain Shams University. The compromised data reportedly contains approximately 563,000 student records, including personal and contact information, academic enrollment details, and authentication and verification data such as identity records and login related information.
     Date: 2026-04-02T09:07:23Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-563k-Egypt-https-ums-asu-edu-eg-Student-enrollment-and-verification-records-da
     Screenshots:
     None
     Threat Actors: Grubder
     Victim Country: Egypt
     Victim Industry: Education
     Victim Organization: ain shams university
     Victim Site: ums.asu.edu.eg
473. Alleged data leak of animesutra
     Category: Data Leak
     Content: The threat actor claims to be selling data from animesutra. The compromised data reportedly including email addresses, usernames, hashed passwords, user IDs, and additional profile related information.
     Date: 2026-04-02T09:05:21Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-animesultra-com-Free-Database
     Screenshots:
     None
     Threat Actors: wizard
     Victim Country: Unknown
     Victim Industry: Entertainment & Movie Production
     Victim Organization: animesutra
     Victim Site: animesutra.com
474. Alleged leak of Hotmail credentials targeting cryptocurrency users
     Category: Combo List
     Content: A threat actor shared a combolist containing approximately 1.96 million Hotmail credentials specifically targeting cryptocurrency users. The credentials were made available as a free download via a file sharing service.
     Date: 2026-04-02T09:05:18Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70789/
     Screenshots:
     None
     Threat Actors: HQcomboSpace
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
475. Alleged leak of credential combolist containing 22,000 records
     Category: Combo List
     Content: A threat actor shared a credential combolist containing 22,000 unique email and password combinations on a cybercrime forum.
     Date: 2026-04-02T09:04:59Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70790/
     Screenshots:
     None
     Threat Actors: UniqueCombo
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
476. Alleged sale of data from
     Category: Data Breach
     Content: The threat actor claims to be selling data from Verkkokauppa. The compromised data reportedly contains approximately 482,000 customer records, including personal contact information, order and transaction details, and payment-related data such as masked credit card information and billing records.
     Date: 2026-04-02T08:57:46Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-482k-Finland-https-www-verkkokauppa-com-customer-contacts-including-emails-pho
     Screenshots:
     None
     Threat Actors: Grubder
     Victim Country: Finland
     Victim Industry: E-commerce & Online Stores
     Victim Organization: verkkokauppa
     Victim Site: verkkokauppa.com
477. Alleged leak of Hotmail credentials
     Category: Combo List
     Content: Threat actor D4rkNetHub allegedly made available a list of 180,000 Hotmail credentials on a cybercrime forum. The post appears to offer access to credential data but requires forum registration to view the full content.
     Date: 2026-04-02T08:54:02Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70788/
     Screenshots:
     None
     Threat Actors: D4rkNetHub
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
478. Website defacement of srflyer.pt by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: L4663R666H05T from Umbra Community defaced srflyer.pt on April 2, 2026, targeting a specific media/customer address page rather than the main homepage.
     Date: 2026-04-02T08:51:03Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825014
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Portugal
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: srflyer.pt
479. Alleged sale of data from Nicolas
     Category: Data Breach
     Content: The threat actor claims to be selling data from Nicolas. The compromised data reportedly contains 273,000 customer records, including personal contact information, order and transaction details, and delivery and shipping data.
     Date: 2026-04-02T08:50:34Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-273k-France-https-www-nicolas-com-Contact-records-with-personal-and-company-de
     Screenshots:
     None
     Threat Actors: Grubder
     Victim Country: France
     Victim Industry: E-commerce & Online Stores
     Victim Organization: nicolas
     Victim Site: nicolas.com
480. Website defacement of dinebox.fr by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The threat actor L4663R666H05T, associated with Umbra Community, successfully defaced the dinebox.fr website on April 2, 2026. The attack targeted a specific media directory path on the French domain.
     Date: 2026-04-02T08:50:27Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825016
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: France
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: dinebox.fr
481. Website defacement of autolinklookup.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T affiliated with Umbra Community successfully defaced autolinklookup.com on April 2, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
     Date: 2026-04-02T08:44:17Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/825011
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: AutoLink Lookup
     Victim Site: autolinklookup.com
482. Website defacement of cjnew.fra1-de.cloudjiffy.net by fidzxploit (INDOHAXSEC)
     Category: Defacement
     Content: The threat actor fidzxploit from the INDOHAXSEC team successfully defaced the website cjnew.fra1-de.cloudjiffy.net on April 2, 2026. The attack targeted a Linux-based server hosted on the Cloudjiffy platform in Frankfurt, Germany.
     Date: 2026-04-02T08:32:12Z
     Network: openweb
     Published URL: https://haxor.id/archive/mirror/248206
     Screenshots:
     None
     Threat Actors: fidzxploit, INDOHAXSEC
     Victim Country: Germany
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: cjnew.fra1-de.cloudjiffy.net
483. Alleged leak of mixed email credentials
     Category: Combo List
     Content: A threat actor leaked a combolist containing 74,400 mixed email credentials on a cybercriminal forum.
     Date: 2026-04-02T08:31:13Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70787/
     Screenshots:
     None
     Threat Actors: Cl0ud0wner
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
484. Alleged sale of data from La Banque Postale
     Category: Data Breach
     Content: The threat actor claims to be selling data from La Banque Postale. The compromised data reportedly contains approximately 468,000 customer records, including customer personal information (full names, email addresses, and phone numbers), financial and loan application data, and security log information such as IP addresses and login activity.
     Date: 2026-04-02T08:26:06Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-468k-France-https-www-labanquepostale-fr-Customer-records-with-personal-and-co
     Screenshots:
     None
     Threat Actors: Grubder
     Victim Country: France
     Victim Industry: Financial Services
     Victim Organization: la banque postale
     Victim Site: labanquepostale.fr
485. Alleged leak of Hotmail credentials
     Category: Combo List
     Content: A threat actor shared access to 1,300 Hotmail email credentials on a cybercriminal forum. The credentials appear to be offered as part of a private collection.
     Date: 2026-04-02T08:22:35Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70782/
     Screenshots:
     None
     Threat Actors: Cl0ud0wner
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
486. Alleged leak of Hotmail credentials
     Category: Combo List
     Content: A threat actor shared a combolist containing 4,800 Hotmail email credentials on a cybercriminal forum. The post indicates this is private cloud content being made available to forum members.
     Date: 2026-04-02T08:22:18Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70784/
     Screenshots:
     None
     Threat Actors: Cl0ud0wner
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
487. Alleged leak of mixed email credentials combolist
     Category: Combo List
     Content: A threat actor leaked a combolist containing 46.6k mixed email credentials with access information. The credentials appear to be from various sources and are being distributed for free.
     Date: 2026-04-02T08:22:00Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70785/
     Screenshots:
     None
     Threat Actors: Cl0ud0wner
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
488. Alleged leak of Hotmail credentials
     Category: Combo List
     Content: A threat actor shared a combolist containing 5,000 Hotmail email credentials on an underground forum. The post indicates this is private cloud content being made available to forum members.
     Date: 2026-04-02T08:21:43Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70786/
     Screenshots:
     None
     Threat Actors: Cl0ud0wner
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
489. Alleged Data breach of Alcaldía de Cartagena de Indias
     Category: Data Breach
     Content: The threat actor claims to have leaked data from Alcaldía de Cartagena de Indias. The compromised data reportedly contains User ID, Name, Pension, Date, Time, Email and much more information.
     Date: 2026-04-02T08:18:38Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-CO-CARTAGENA-GOV-CO-FREE-LEAK
     Screenshots:
     None
     Threat Actors: NyxarGroup
     Victim Country: Colombia
     Victim Industry: Government & Public Sector
     Victim Organization: alcaldía de cartagena de indias
     Victim Site: cartagena.gov.co
490. Alleged sale of data from Cdiscount
     Category: Data Breach
     Content: The threat actor claims to be selling data from Cdiscount. The compromised data reportedly contains approximately 674,000 user records, including personal profile information, purchase history, order and billing details, and customer preference and account related data.
     Date: 2026-04-02T08:15:43Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-674k-France-https-www-cdiscount-com-User-profiles-with-purchase-history-and-con
     Screenshots:
     None
     Threat Actors: Grubder
     Victim Country: France
     Victim Industry: E-commerce & Online Stores
     Victim Organization: cdiscount
     Victim Site: cdiscount.com
491. Threat actor claims to be selling data from Timber Mart
     Category: Data Breach
     Content: The threat actor claims to be selling data from Timber Mart. The compromised data reportedly includes Customer contact and profile information containing ContactId, FullName, PhoneNumber, PrimaryEmail, Customer order and transaction records and more
     Date: 2026-04-02T08:08:25Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-485k-Canada-www-timbermart-ca-Customer-contacts-including-emails-phone-numbers
     Screenshots:
     None
     Threat Actors: Grubder
     Victim Country: Canada
     Victim Industry: Building and construction
     Victim Organization: timber mart
     Victim Site: timbermart.ca
492. Alleged sale of unauthorized access to unidentified shop in Australia
     Category: Initial Access
     Content: Threat actor claims to be selling admin panel and shell access to an unidentified shop in Australia.
     Date: 2026-04-02T08:05:04Z
     Network: openweb
     Published URL: https://forum.exploit.in/topic/279714/
     Screenshots:
     None
     Threat Actors: YongPo
     Victim Country: Australia
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
493. Alleged Data leak of Dphish
     Category: Data Leak
     Content: The group claims to have leaked data from Dphish. The compromised data reportedly contains records for high-profile clients in Saudi Arabia (KSA) and Egypt, specifically within the Banking, Fintech, and Government sectors information.
     Date: 2026-04-02T07:53:34Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-Document-Major-governmental-leaks
     Screenshots:
     None
     Threat Actors: bandofidiots
     Victim Country: Unknown
     Victim Industry: Government Administration
     Victim Organization: dphish
     Victim Site: Unknown
494. Alleged sale of data from Otto GmbH & Co KG
     Category: Data Breach
     Content: The threat actor claims to be selling data from Otto GmbH & Co KG. The compromised dataset reportedly contains approximately 623,000 customer records, including full names, email addresses, company information, order identifiers with timestamps, and detailed shipping addresses.
     Date: 2026-04-02T07:46:11Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-623k-Germany-https-www-otto-de-Customer-contact-and-purchase-data-including-em
     Screenshots:
     None
     Threat Actors: Grubder
     Victim Country: Germany
     Victim Industry: E-commerce & Online Stores
     Victim Organization: otto gmbh & co kg
     Victim Site: otto.de
495. Alleged leak of mixed email credential combolist
     Category: Combo List
     Content: A threat actor shared a combolist containing 23,000 mixed email and password combinations on a cybercriminal forum. The credentials appear to be from various sources and are being distributed for free to registered forum users.
     Date: 2026-04-02T07:44:27Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70779/
     Screenshots:
     None
     Threat Actors: RandomUpload
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
496. Alleged leak of Hotmail credential list
     Category: Combo List
     Content: A threat actor shared a credential list containing 1,455 allegedly valid Hotmail email and password combinations on a cybercriminal forum. The data is being distributed as a free download.
     Date: 2026-04-02T07:33:56Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70777/
     Screenshots:
     None
     Threat Actors: alphaxdd
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
497. Alleged NFC malware VIPER for payment card theft
     Category: Initial Access
     Content: Threat actor ViperSoftwares advertises VIPER NFC malware capable of emulating payment terminals to steal credit card data with one-tap execution. The malware features card cloning capabilities, remote data transmission, stealth mode operation, and persistence across device restarts.
     Date: 2026-04-02T07:33:46Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70778/
     Screenshots:
     None
     Threat Actors: ViperSoftwares
     Victim Country: Unknown
     Victim Industry: Financial Services
     Victim Organization: Unknown
     Victim Site: Unknown
498. Alleged leak of Hotmail credentials on cybercrime forum
     Category: Combo List
     Content: A threat actor shared a combolist containing 42,000 Hotmail credentials on a cybercrime forum, allegedly validated for forum access.
     Date: 2026-04-02T07:13:26Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70776/
     Screenshots:
     None
     Threat Actors: ValidMail
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
499. Website defacement of yanaya.ga by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T from Umbra Community successfully defaced yanaya.ga on April 2, 2026. The defacement targeted a specific media/customer directory path on the Gabonese domain.
     Date: 2026-04-02T07:09:30Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824985
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Gabon
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: yanaya.ga
500. Website defacement of yetox.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: Attacker L4663R666H05T from Umbra Community defaced the yetox.com website on April 2, 2026. The defacement targeted a specific customer address page on the domain.
     Date: 2026-04-02T07:08:56Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824988
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Yetox
     Victim Site: yetox.com
501. Website defacement of youreventcard.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: L4663R666H05T from Umbra Community defaced youreventcard.com on April 2, 2026. The attack targeted an event management platforms media directory.
     Date: 2026-04-02T07:08:23Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824989
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Event Management
     Victim Organization: Your Event Card
     Victim Site: youreventcard.com
502. Website defacement of Your Pet Paintings by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T from the Umbra Community defaced the yourpetpaintings.com website on April 2, 2026. The defacement targeted a pet portrait service companys media directory.
     Date: 2026-04-02T07:07:50Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824990
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Pet Services
     Victim Organization: Your Pet Paintings
     Victim Site: yourpetpaintings.com
503. Website defacement of yush.nl by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: L4663R666H05T from Umbra Community defaced the yush.nl website on April 2, 2026, targeting a customer address page on the Netherlands-based domain.
     Date: 2026-04-02T07:07:16Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824991
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Netherlands
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: yush.nl
504. Website defacement of YSL Factory Outlet by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: Cybercriminal L4663R666H05T affiliated with Umbra Community defaced the YSL Factory Outlet website on April 2, 2026. The attack targeted a specific media subdirectory rather than the main homepage.
     Date: 2026-04-02T07:06:43Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824992
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Retail/Fashion
     Victim Organization: YSL Factory Outlet
     Victim Site: yslfactoryoutlet.com
505. Website defacement of zelte.de by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The website zelte.de was defaced by attacker L4663R666H05T affiliated with Umbra Community on April 2, 2026. The attack specifically targeted customer address data pages on the site.
     Date: 2026-04-02T07:06:09Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824993
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Germany
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: zelte.de
506. Website defacement of zatopeldom.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: On April 2, 2026, the attacker L4663R666H05T affiliated with Umbra Community successfully defaced zatopeldom.com. The defacement targeted a specific subdirectory rather than the main homepage.
     Date: 2026-04-02T07:05:35Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824994
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: zatopeldom.com
507. Website defacement of zoominimarketonline.it by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The Umbra Community threat group, through member L4663R666H05T, successfully defaced the Italian e-commerce website zoominimarketonline.it on April 2, 2026. The defacement targeted a specific media directory path rather than the main homepage.
     Date: 2026-04-02T07:05:02Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824995
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Italy
     Victim Industry: E-commerce
     Victim Organization: Zoom Mini Market Online
     Victim Site: zoominimarketonline.it
508. Alleged leak of mixed credential combolist containing 22,000 records
     Category: Combo List
     Content: A threat actor shared a mixed unique credential combolist containing 22,000 records on a cybercriminal forum. The post requires registration to view the full content.
     Date: 2026-04-02T07:02:50Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70775/
     Screenshots:
     None
     Threat Actors: UniqueCombo
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
509. Website defacement of German hunting/weapons retailer by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: German hunting and weapons retail website was defaced by attacker L4663R666H05T associated with Umbra Community on April 2, 2026. The defacement targeted the media section of the e-commerce site.
     Date: 2026-04-02T06:58:49Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824952
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Germany
     Victim Industry: Retail
     Victim Organization: Waffen Jagd Shop
     Victim Site: waffen-jagd-shop.de
510. Website defacement of Wahlmans Kläder by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: Attacker L4663R666H05T from the Umbra Community group defaced the Swedish clothing retailer Wahlmans Kläders website on April 2, 2026. The defacement targeted a specific media subdirectory rather than the main homepage.
     Date: 2026-04-02T06:58:16Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824953
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Sweden
     Victim Industry: Retail/Clothing
     Victim Organization: Wahlmans Kläder
     Victim Site: wahlmansklader.se
511. Website defacement of Waltham Pharmacy by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: Cybercriminal L4663R666H05T from the Umbra Community defaced the Waltham Pharmacy website on April 2, 2026. The attack targeted a specific media directory rather than the homepage.
     Date: 2026-04-02T06:57:43Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824954
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Healthcare
     Victim Organization: Waltham Pharmacy
     Victim Site: walthampharmacy.com
512. Website defacement of walkicity.com by L4663R666H05T from Umbra Community
     Category: Defacement
     Content: The website walkicity.com was defaced by attacker L4663R666H05T, associated with the Umbra Community group, on April 2, 2026. The defacement targeted a specific media/customer subdirectory rather than the main homepage.
     Date: 2026-04-02T06:57:10Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824955
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Walkicity
     Victim Site: walkicity.com
513. Website defacement of watchga.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The website watchga.com was defaced by attacker L4663R666H05T affiliated with Umbra Community on April 2, 2026. The defacement targeted a specific page within the media/customer section of the site.
     Date: 2026-04-02T06:56:37Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824956
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: watchga.com
514. Website defacement of Waymore by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T from Umbra Community defaced the Australian website waymore.com.au on April 2, 2026. The defacement targeted a specific media/customer section of the website.
     Date: 2026-04-02T06:56:03Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824957
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Australia
     Victim Industry: Unknown
     Victim Organization: Waymore
     Victim Site: waymore.com.au
515. Website defacement of Wearmysport by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The sports retail website wearmysport.com was defaced by attacker L4663R666H05T, affiliated with the Umbra Community group, on April 2, 2026. The defacement targeted a specific media/customer section of the website rather than the main homepage.
     Date: 2026-04-02T06:55:30Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824958
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Sports/Retail
     Victim Organization: Wearmysport
     Victim Site: wearmysport.com
516. Website defacement of webmull.cloud by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The Umbra Community threat group, through attacker L4663R666H05T, successfully defaced the webmull.cloud website on April 2, 2026. The defacement targeted a specific customer media directory within the cloud service providers infrastructure.
     Date: 2026-04-02T06:54:56Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824960
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: WebMull
     Victim Site: webmull.cloud
517. Website defacement of webservicestore.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The Umbra Community group, through member L4663R666H05T, successfully defaced webservicestore.com on April 2, 2026. This appears to be a single-target defacement rather than part of a mass campaign.
     Date: 2026-04-02T06:54:22Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824961
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Technology/Web Services
     Victim Organization: Web Service Store
     Victim Site: webservicestore.com
518. Website defacement of webshop.ee by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: L4663R666H05T from Umbra Community defaced webshop.ee, an Estonian e-commerce website, on April 2, 2026. The attack targeted customer address data and appears to be an isolated defacement incident.
     Date: 2026-04-02T06:53:49Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824963
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Estonia
     Victim Industry: E-commerce
     Victim Organization: Unknown
     Victim Site: webshop.ee
519. Website defacement of Wereldboeken by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T from Umbra Community defaced the Dutch book retailer Wereldboekens website on April 2, 2026. The defacement targeted a customer media subdirectory of the site.
     Date: 2026-04-02T06:53:16Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824965
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Netherlands
     Victim Industry: Publishing/Books
     Victim Organization: Wereldboeken
     Victim Site: wereldboeken.nl
520. Website defacement of whirlpooltubparts.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T from Umbra Community defaced a subdirectory of whirlpooltubparts.com on April 2, 2026. The defacement targeted a retail website specializing in hot tub and spa parts.
     Date: 2026-04-02T06:52:44Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824966
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Retail/E-commerce
     Victim Organization: Whirlpool Tub Parts
     Victim Site: whirlpooltubparts.com
521. Website defacement of whitediamond.nl by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: L4663R666H05T, affiliated with Umbra Community, defaced a subdirectory of whitediamond.nl on April 2, 2026. The attack targeted the media/customer section of the website rather than the homepage.
     Date: 2026-04-02T06:52:10Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824967
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Netherlands
     Victim Industry: Unknown
     Victim Organization: White Diamond
     Victim Site: whitediamond.nl
522. Handala Hack Threatens Imminent Breach of Air Defense Command Systems
     Category: Vulnerability
     Content: The group has issued a warning of an imminent cyber operation targeting integrated air defense command and control systems, claiming the attack will impact core defense infrastructure and be followed by the release of sensitive documents and images intended to demonstrate alleged vulnerabilities within highly secured networks.
     Date: 2026-04-02T06:51:55Z
     Network: telegram
     Published URL: https://t.me/HANDALA_INTEL/39
     Screenshots:
     None
     Threat Actors: Handala Hack
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
523. Website defacement of Willatech by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The Umbra Community group member L4663R666H05T successfully defaced the Willatech technology company website on April 2, 2026. The attack targeted a specific media/customer page rather than the main homepage.
     Date: 2026-04-02T06:51:37Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824969
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Italy
     Victim Industry: Technology
     Victim Organization: Willatech
     Victim Site: willatech.it
524. Website defacement of Wire Rope Shop by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T, affiliated with Umbra Community, defaced the Wire Rope Shop website on April 2, 2026. The defacement targeted a subdirectory of the UK-based industrial equipment retailers website.
     Date: 2026-04-02T06:51:04Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824970
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: United Kingdom
     Victim Industry: Industrial Equipment/Manufacturing
     Victim Organization: Wire Rope Shop
     Victim Site: wireropeshop.co.uk
525. Alleged leak of educational domain credentials
     Category: Combo List
     Content: A threat actor shared a combolist containing 149,436 credential pairs allegedly targeting educational domains. The data was made available as a free download via file sharing platform.
     Date: 2026-04-02T06:50:48Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70773/
     Screenshots:
     None
     Threat Actors: HQcomboSpace
     Victim Country: Unknown
     Victim Industry: Education
     Victim Organization: Unknown
     Victim Site: Unknown
526. Website defacement of woodflowercottage.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: L4663R666H05T from Umbra Community defaced the Wood Flower Cottage website on April 2, 2026. The attack targeted what appears to be a hospitality business website, compromising the /media/cu… directory.
     Date: 2026-04-02T06:50:29Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824972
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Hospitality
     Victim Organization: Wood Flower Cottage
     Victim Site: woodflowercottage.com
527. Website defacement of wootitights.it by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T, affiliated with Umbra Community, defaced the Italian fashion retailer Wootitights website on April 2, 2026. The defacement targeted a specific media directory on the site.
     Date: 2026-04-02T06:49:58Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824973
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Italy
     Victim Industry: Retail/Fashion
     Victim Organization: Wootitights
     Victim Site: wootitights.it
528. Website defacement of Baltik Elektro by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T from Umbra Community successfully defaced the Baltik Elektro website on April 2, 2026. This was a targeted single-site defacement of a Latvian electrical services company.
     Date: 2026-04-02T06:49:22Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824976
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Latvia
     Victim Industry: Energy/Electrical Services
     Victim Organization: Baltik Elektro
     Victim Site: baltikelektro.lv
529. Website defacement of Fine and Fabulous by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T from Umbra Community defaced the Fine and Fabulous website on April 2, 2026. This appears to be a targeted single-site defacement of a South African beauty/fashion business.
     Date: 2026-04-02T06:48:49Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824977
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: South Africa
     Victim Industry: Beauty/Fashion
     Victim Organization: Fine and Fabulous
     Victim Site: fineandfabulous.co.za
530. Website defacement of smitacn.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T, affiliated with Umbra Community, defaced the smitacn.com website on April 2, 2026. The defacement targeted a specific customer management page on the domain.
     Date: 2026-04-02T06:48:17Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824979
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: China
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: smitacn.com
531. Website defacement of SmallRig by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The photography equipment company SmallRigs website was defaced by attacker L4663R666H05T from the Umbra Community group on April 2, 2026. The defacement targeted a specific media/customer advertising section of the site rather than the homepage.
     Date: 2026-04-02T06:47:43Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824980
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Photography/Videography Equipment
     Victim Organization: SmallRig
     Victim Site: smallrig.net
532. Website defacement of Traffic Signs by L4663R666H05T from Umbra Community
     Category: Defacement
     Content: The attacker L4663R666H05T from Umbra Community defaced the trafficsigns.co.nz website on April 2, 2026. This was a single-target defacement against a New Zealand traffic signage company.
     Date: 2026-04-02T06:47:10Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824981
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: New Zealand
     Victim Industry: Transportation/Manufacturing
     Victim Organization: Traffic Signs
     Victim Site: trafficsigns.co.nz
533. Website defacement of xacus.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: Threat actor L4663R666H05T from Umbra Community defaced a customer address page on xacus.com on April 2, 2026. The incident was a targeted single-site defacement rather than a mass attack.
     Date: 2026-04-02T06:46:37Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824983
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Xacus
     Victim Site: xacus.com
534. Website defacement of yaalini.in by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The Umbra Community group, specifically attacker L4663R666H05T, defaced a subdirectory of yaalini.in on April 2, 2026. The defacement targeted a customer address media directory on the Indian domain.
     Date: 2026-04-02T06:46:02Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824984
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: India
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: yaalini.in
535. Alleged leak of T-Online credentials
     Category: Combo List
     Content: A combolist containing 10,552 credential entries targeting the German t-online.de domain has been made available for free download on a cybercriminal forum.
     Date: 2026-04-02T06:40:22Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70772/
     Screenshots:
     None
     Threat Actors: BestCombo
     Victim Country: Germany
     Victim Industry: Telecommunications
     Victim Organization: T-Online
     Victim Site: t-online.de
536. Website defacement of peediapp.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: L4663R666H05T from Umbra Community successfully defaced peediapp.com on April 2, 2026. The attack targeted a specific media/customer advertising section of the application platform.
     Date: 2026-04-02T06:39:54Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824815
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: PeediApp
     Victim Site: peediapp.com
537. Website defacement of Perfect Hair Factory by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The hair and beauty company Perfect Hair Factorys website was defaced by attacker L4663R666H05T, affiliated with the Umbra Community group, on April 2, 2026.
     Date: 2026-04-02T06:39:18Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824816
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Beauty/Cosmetics
     Victim Organization: Perfect Hair Factory
     Victim Site: perfecthairfactory.com
538. Website defacement of Pharmessence by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: L4663R666H05T from Umbra Community defaced the Swiss pharmaceutical company Pharmessences website on April 2, 2026. The attack targeted a specific subdirectory of the companys media customer portal.
     Date: 2026-04-02T06:38:42Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824817
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Switzerland
     Victim Industry: Pharmaceutical
     Victim Organization: Pharmessence
     Victim Site: pharmessence.ch
539. Website defacement of Piggy Bank Deluxe by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The Umbra Community threat actor L4663R666H05T successfully defaced a media subdirectory of the Piggy Bank Deluxe financial services website on April 2nd, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
     Date: 2026-04-02T06:38:06Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824818
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Financial Services
     Victim Organization: Piggy Bank Deluxe
     Victim Site: piggybankdeluxe.com
540. Website defacement of Platstore by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T, affiliated with Umbra Community, successfully defaced the Dutch e-commerce website platstore.nl on April 2, 2026. The defacement targeted a specific page within the sites media directory rather than the homepage.
     Date: 2026-04-02T06:37:30Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824820
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Netherlands
     Victim Industry: E-commerce
     Victim Organization: Platstore
     Victim Site: platstore.nl
541. Website defacement of PlayBoomtown gaming platform by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The PlayBoomtown gaming platform was defaced by attacker L4663R666H05T affiliated with Umbra Community on April 2, 2026. The defacement targeted a specific media/custom page rather than the main homepage.
     Date: 2026-04-02T06:36:55Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824821
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Gaming/Entertainment
     Victim Organization: PlayBoomtown
     Victim Site: playboomtown.com
542. Website defacement of Pleasure Toys by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The adult entertainment retailer Pleasure Toys was defaced by attacker L4663R666H05T, affiliated with the Umbra Community group, on April 2, 2026. The defacement targeted a specific media/customer directory rather than the homepage.
     Date: 2026-04-02T06:36:17Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824822
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Netherlands
     Victim Industry: Adult Entertainment/Retail
     Victim Organization: Pleasure Toys
     Victim Site: pleasuretoys.nl
543. Website defacement of plancha-eno.us by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The website plancha-eno.us was defaced by threat actor L4663R666H05T affiliated with Umbra Community on April 2, 2026. This was a single-site defacement targeting a specific page within the media/customer directory.
     Date: 2026-04-02T06:35:42Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824823
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: United States
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: plancha-eno.us
544. Website defacement of portoxofficial.com by L4663R666H05T/Umbra Community
     Category: Defacement
     Content: The Umbra Community threat group, specifically attacker L4663R666H05T, successfully defaced the portoxofficial.com website on April 2, 2026. This appears to be a single-target defacement rather than part of a mass campaign.
     Date: 2026-04-02T06:35:05Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824824
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Portox Official
     Victim Site: portoxofficial.com
545. Website defacement of Premium Ecológica by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The website premiumecologica.com.br was defaced by attacker L4663R666H05T from the Umbra Community group on April 2, 2026. The defacement targeted a Brazilian environmental services companys media directory.
     Date: 2026-04-02T06:34:29Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824826
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Brazil
     Victim Industry: Environmental Services
     Victim Organization: Premium Ecológica
     Victim Site: premiumecologica.com.br
546. Website defacement of prezenciq.pl by L4663R666H05T from Umbra Community
     Category: Defacement
     Content: The attacker L4663R666H05T, affiliated with Umbra Community, defaced a subdirectory of prezenciq.pl on April 2nd, 2026. The incident targeted the media/customer section of the Polish website.
     Date: 2026-04-02T06:33:49Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824827
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Poland
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: prezenciq.pl
547. Website defacement of prodas.be by L4663R666H05T from Umbra Community
     Category: Defacement
     Content: The website prodas.be was defaced by attacker L4663R666H05T, affiliated with the Umbra Community team, on April 2, 2026. The defacement targeted a customer address section of the website.
     Date: 2026-04-02T06:33:13Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824830
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Belgium
     Victim Industry: Unknown
     Victim Organization: Prodas
     Victim Site: prodas.be
548. Alleged data breach of MyComplianceOffice (MCO)
     Category: Data Breach
     Content: A threat actor claims to have breached 165GB of MyComplianceOffice (MCO) data. The leaked data reportedly includes MongoDB database dumps containing communication records, audit logs, and plaintext passwords, along with large volumes of emails, Bloomberg/Reuters chat logs, Skype and Teams messages, meeting recordings, SMS data, and ICE chat archives. The breach also exposes source code of the compliance platform, production credentials (MongoDB, MySQL, Kafka, Redis, JWT, PKI), ETL data, and machine learning models.
     Date: 2026-04-02T06:10:43Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-FULL-LEAK-MyComplianceOffice-INSIDER-TRADING-SANCTIONS-VIOLATIONS-AND-MORE
     Screenshots:
     None
     Threat Actors: FulcrumSec
     Victim Country: USA
     Victim Industry: Computer Software/Engineering
     Victim Organization: mycomplianceoffice (mco)
     Victim Site: mco.mycomplianceoffice.com
549. VandaTheGod targets the website of Israel Nature and Parks Authority
     Category: Defacement
     Content: The group claims to have defaced the website of Israel Nature and Parks Authority.
     Date: 2026-04-02T06:03:54Z
     Network: openweb
     Published URL: https://www.zone-h.org/mirror/id/41658534
     Screenshots:
     None
     Threat Actors: VandaTheGod
     Victim Country: Israel
     Victim Industry: Environmental Services
     Victim Organization: israel nature and parks authority
     Victim Site: parks.org.il
550. Alleged leak of Wishmaker WordPress database
     Category: Data Leak
     Content: The threat actor claims to have leaked a WordPress database, which reportedly contains user-related data from a website associated with Wishmaker. The exposed dataset appears to include typical WordPress table structures such as user IDs, usernames, email addresses, hashed passwords, registration details, and account metadata.
     Date: 2026-04-02T06:03:16Z
     Network: openweb
     Published URL: https://darkforums.su/Thread-DATABASE-WordPress-Database%C2%A0wishmaker-sql
     Screenshots:
     None
     Threat Actors: wizard
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
551. Empório Tambo
     Category: Data Leak
     Content: The threat actor claims to have leaked a organization data.
     Date: 2026-04-02T06:02:48Z
     Network: telegram
     Published URL: https://t.me/c/3816027580/5408
     Screenshots:
     None
     Threat Actors: scattered LAPSUS$ hunters part 9
     Victim Country: Brazil
     Victim Industry: Furniture
     Victim Organization: empório tambo
     Victim Site: emporiotambo.com.br
552. Alleged distribution of mixed credential combolist
     Category: Combo List
     Content: A threat actor allegedly shared a mixed combolist containing 4,000 credentials on a cybercriminal forum. The post content is restricted to registered users only, limiting further analysis of the datas origin and composition.
     Date: 2026-04-02T06:02:01Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70771/
     Screenshots:
     None
     Threat Actors: blacksatan666
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
553. magelang6etar targets the website of Saynet Leket Ltd
     Category: Defacement
     Content: The group claims to have defaced the website of Saynet Leket Ltd.
     Date: 2026-04-02T06:01:57Z
     Network: openweb
     Published URL: https://www.zone-h.org/mirror/id/41658531
     Screenshots:
     None
     Threat Actors: magelang6etar
     Victim Country: Israel
     Victim Industry: Wholesale
     Victim Organization: saynet leket ltd
     Victim Site: saynet.co.il
554. VandaTheGod targets the website of Erco
     Category: Defacement
     Content: The group claims to have defaced the website of Erco.
     Date: 2026-04-02T06:00:10Z
     Network: openweb
     Published URL: https://www.zone-h.org/mirror/id/41658636
     Screenshots:
     None
     Threat Actors: VandaTheGod
     Victim Country: Israel
     Victim Industry: Electrical & Electronic Manufacturing
     Victim Organization: erco
     Victim Site: mcstaging.erco.co.il
555. VandaTheGod targets the website of Mei Eden
     Category: Defacement
     Content: The group claims to have defaced the website of Mei Eden.
     Date: 2026-04-02T05:58:22Z
     Network: openweb
     Published URL: https://www.zone-h.org/mirror/id/41658638
     Screenshots:
     None
     Threat Actors: VandaTheGod
     Victim Country: Israel
     Victim Industry: Food & Beverages
     Victim Organization: mei eden
     Victim Site: mcstaging.meyeden.co.il
556. Alleged data leak of Fidalga Perfumaria
     Category: Data Leak
     Content: The group claims to have leaked the data from Fidalga Perfumaria.
     Date: 2026-04-02T05:47:40Z
     Network: telegram
     Published URL: https://t.me/c/3816027580/5411
     Screenshots:
     None
     Threat Actors: scattered LAPSUS$ hunters part 9
     Victim Country: Angola
     Victim Industry: Cosmetics
     Victim Organization: fidalga perfumaria
     Victim Site: fidalgaperfumaria.com
557. Alleged Data Breach of Nurture Life, Inc.
     Category: Data Breach
     Content: Threat Actor claims to have breached the database of Nurture Life, Inc. in USA.
     Date: 2026-04-02T05:39:21Z
     Network: openweb
     Published URL: https://forum.exploit.biz/topic/279709/
     Screenshots:
     None
     Threat Actors: HighRisk
     Victim Country: USA
     Victim Industry: Food & Beverages
     Victim Organization: nurture life, inc.
     Victim Site: nurturelife.com
558. Alleged leak of gaming platform credentials from BlueStacks, GameFAQs, IGN, and GameSpot
     Category: Combo List
     Content: Threat actor CODER is distributing free credential lists allegedly containing 11.2 million email and password combinations from gaming platforms BlueStacks, GameFAQs, IGN, and GameSpot through Telegram channels.
     Date: 2026-04-02T05:32:05Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70770/
     Screenshots:
     None
     Threat Actors: CODER
     Victim Country: Unknown
     Victim Industry: Gaming
     Victim Organization: BlueStacks, GameFAQs, IGN, GameSpot
     Victim Site: Unknown
559. Alleged data breach of Benemérita Escuela Normal Veracruzana
     Category: Data Breach
     Content: The group claims to have breached data from Benemérita Escuela Normal Veracruzana.
     Date: 2026-04-02T05:23:12Z
     Network: telegram
     Published URL: https://t.me/speakteamm/72
     Screenshots:
     None
     Threat Actors: SpeakTeam
     Victim Country: Mexico
     Victim Industry: Education
     Victim Organization: benemérita escuela normal veracruzana
     Victim Site: benv.edu.mx
560. Alleged sale of Telegram account with US virtual number
     Category: Initial Access
     Content: Threat actor offering a portable Telegram account registered with a US virtual number for 41.3 TRX cryptocurrency. The account includes the portable program and tdata folder for account access.
     Date: 2026-04-02T05:21:07Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70769/
     Screenshots:
     None
     Threat Actors: vlesskey
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
561. Website defacement of goodlook.be by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The website goodlook.be was defaced by attacker L4663R666H05T associated with Umbra Community on April 2, 2026. The defacement targeted a specific subdirectory path on the Belgian domain.
     Date: 2026-04-02T05:09:20Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824788
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Belgium
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: goodlook.be
562. Alleged data leak of Tonership
     Category: Data Leak
     Content: The group claims to have leaked the data from Tonership
     Date: 2026-04-02T05:05:44Z
     Network: telegram
     Published URL: https://t.me/c/3816027580/5409
     Screenshots:
     None
     Threat Actors: scattered LAPSUS$ hunters part 9
     Victim Country: USA
     Victim Industry: Information Technology (IT) Services
     Victim Organization: tonership
     Victim Site: tonership.com
563. Rici144 targets the website of Nature.ae
     Category: Defacement
     Content: The group claims to have defaced the website of Nature.ae
     Date: 2026-04-02T05:05:09Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/823973
     Screenshots:
     None
     Threat Actors: Rici144
     Victim Country: UAE
     Victim Industry: E-commerce & Online Stores
     Victim Organization: nature.ae
     Victim Site: nature.ae
564. Website defacement of epharma.world by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T from Umbra Community defaced the pharmaceutical website epharma.world on April 2, 2026. The defacement targeted a specific media customer page rather than the main site.
     Date: 2026-04-02T05:02:50Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824710
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Healthcare/Pharmaceutical
     Victim Organization: ePharma
     Victim Site: epharma.world
565. Website defacement of emoflowers.com by L4663R666H05T from Umbra Community
     Category: Defacement
     Content: The Umbra Community member L4663R666H05T defaced the emoflowers.com website on April 2, 2026. The attack targeted a customer media section of the floral retail website.
     Date: 2026-04-02T05:02:14Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824712
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Retail/E-commerce
     Victim Organization: Emo Flowers
     Victim Site: emoflowers.com
566. Website defacement of eneove.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The website eneove.com was defaced by attacker L4663R666H05T, associated with the Umbra Community group, on April 2, 2026. The defacement targeted a customer address section of the website.
     Date: 2026-04-02T05:01:35Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824713
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: eneove.com
567. Alleged Data Leak of Nea Braziliana
     Category: Data Leak
     Content: The group claims to have leaked the data from Nea Braziliana
     Date: 2026-04-02T05:01:18Z
     Network: telegram
     Published URL: https://t.me/c/3816027580/5409
     Screenshots:
     None
     Threat Actors: scattered LAPSUS$ hunters part 9
     Victim Country: Greece
     Victim Industry: Food & Beverages
     Victim Organization: nea braziliana
     Victim Site: neabraziliana.gr
568. Alleged Data Leak of Digital Dubai
     Category: Data Leak
     Content: The group claims to have leaked the data of Digital Dubai.
     Date: 2026-04-02T05:00:56Z
     Network: telegram
     Published URL: https://t.me/c/3816027580/5463
     Screenshots:
     None
     Threat Actors: scattered LAPSUS$ hunters part 9
     Victim Country: UAE
     Victim Industry: Government Administration
     Victim Organization: digital dubai
     Victim Site: dubaipulse.gov.ae
569. Website defacement of Envaseonline by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The Umbra Community group, through member L4663R666H05T, successfully defaced the envaseonline.com website on April 2, 2026. The attack targeted a specific media directory path on the victims website.
     Date: 2026-04-02T05:00:37Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824714
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Envaseonline
     Victim Site: envaseonline.com
570. Website defacement of enfasisvisual.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T from Umbra Community defaced a subdirectory of enfasisvisual.com on April 2, 2026. This appears to be a targeted single-site defacement rather than a mass attack.
     Date: 2026-04-02T04:59:53Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824715
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Enfasis Visual
     Victim Site: enfasisvisual.com
571. Website defacement of esprit-canam.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: Website defacement attack conducted by L4663R666H05T, affiliated with Umbra Community, targeting esprit-canam.com on April 2, 2026. The attack specifically targeted a media subdirectory of the website.
     Date: 2026-04-02T04:59:17Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824718
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: esprit-canam.com
572. Website defacement of esprit-ducat.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T from Umbra Community defaced a specific path on esprit-ducat.com on April 2, 2026. This was an isolated defacement incident targeting a single page rather than a mass or homepage defacement.
     Date: 2026-04-02T04:58:40Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824719
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: esprit-ducat.com
573. Website defacement of fallenluxury.com by L4663R666H05T/Umbra Community
     Category: Defacement
     Content: The website fallenluxury.com was defaced by attacker L4663R666H05T affiliated with Umbra Community on April 2, 2026. The defacement targeted a specific media/customer page rather than the main homepage.
     Date: 2026-04-02T04:58:04Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824720
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Retail/Luxury Goods
     Victim Organization: Fallen Luxury
     Victim Site: fallenluxury.com
574. Website defacement of F&F Wholesale by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T from Umbra Community defaced a media subdirectory of F&F Wholesales website on April 2, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
     Date: 2026-04-02T04:57:27Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824721
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Wholesale/Retail
     Victim Organization: F&F Wholesale
     Victim Site: fandfwholesale.com
575. Website defacement of fastinghalsband.se by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The Swedish website fastinghalsband.se was defaced by attacker L4663R666H05T, affiliated with the Umbra Community group, on April 2, 2026.
     Date: 2026-04-02T04:56:49Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824722
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Sweden
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: fastinghalsband.se
576. Website defacement of Fine Maker USA by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: L4663R666H05T from the Umbra Community group defaced the Fine Maker USA website on April 2, 2026. The attack targeted a specific media directory on the companys domain rather than the main homepage.
     Date: 2026-04-02T04:56:14Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824725
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: United States
     Victim Industry: Manufacturing
     Victim Organization: Fine Maker USA
     Victim Site: finemakerusa.com
577. Website defacement of Ferwood by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: L4663R666H05T from Umbra Community defaced the Ferwood Magento e-commerce platform on April 2, 2026. The attack targeted the production environment of the online retail site.
     Date: 2026-04-02T04:55:37Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824727
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: E-commerce
     Victim Organization: Ferwood
     Victim Site: ferwood-magento-prod.net
578. Website defacement of New Caledonian flower shop by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The Umbra Community threat group, through attacker L4663R666H05T, successfully defaced a New Caledonian flower shop website on April 2, 2026. The incident targeted a commercial retail site in the .nc domain space.
     Date: 2026-04-02T04:55:01Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824728
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: New Caledonia
     Victim Industry: Retail/E-commerce
     Victim Organization: Unknown
     Victim Site: flowershop.nc
579. Website defacement of exampleecommercesite.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: Cyber threat actor L4663R666H05T affiliated with Umbra Community successfully defaced an e-commerce website on April 2, 2026. The defacement targeted the public mobile section of the site but was not part of a mass defacement campaign.
     Date: 2026-04-02T04:54:18Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824729
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: E-commerce
     Victim Organization: Unknown
     Victim Site: exampleecommercesite.com
580. Website defacement of ForestWolf Shop by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The Umbra Community threat group, specifically actor L4663R666H05T, successfully defaced the ForestWolf Shop e-commerce website on April 2, 2026. The attack targeted the Dutch retail companys media directory, compromising their web presence.
     Date: 2026-04-02T04:53:41Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824731
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Netherlands
     Victim Industry: Retail/E-commerce
     Victim Organization: ForestWolf Shop
     Victim Site: forestwolfshop.nl
581. Website defacement of MGO Media Factory by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: L4663R666H05T from Umbra Community defaced the MGO Media Factory website on April 2, 2026. The attack targeted a German media companys web presence.
     Date: 2026-04-02T04:53:06Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824742
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Germany
     Victim Industry: Media/Entertainment
     Victim Organization: MGO Media Factory
     Victim Site: mgo-mediafactory.de
582. Website defacement of abnahme.nuk.fr by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: L4663R666H05T, affiliated with Umbra Community, defaced the French website abnahme.nuk.fr on April 2, 2026. The attack targeted a specific subdirectory rather than the main site homepage.
     Date: 2026-04-02T04:52:29Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824773
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: France
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: abnahme.nuk.fr
583. Alleged data leak of Sisbags
     Category: Data Leak
     Content: The group claims to have leaked data belonging to Sisbags.
     Date: 2026-04-02T04:52:09Z
     Network: telegram
     Published URL: https://t.me/c/3816027580/5408
     Screenshots:
     None
     Threat Actors: scattered LAPSUS$ hunters part 9
     Victim Country: Greece
     Victim Industry: Fashion & Apparel
     Victim Organization: sisbags
     Victim Site: sisbags.gr
584. Website defacement of abnahme.nuk.it by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The threat actor L4663R666H05T, affiliated with Umbra Community, successfully defaced the website abnahme.nuk.it on April 2, 2026. This appears to be a targeted single-site defacement attack against an Italian domain.
     Date: 2026-04-02T04:51:54Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824774
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Italy
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: abnahme.nuk.it
585. Alleged distribution of mixed credential combolist containing 2000 records
     Category: Combo List
     Content: A threat actor allegedly made available a mixed credential combolist containing 2,000 records on a cybercriminal forum specializing in credential lists and data dumps.
     Date: 2026-04-02T04:51:36Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70767/
     Screenshots:
     None
     Threat Actors: blacksatan666
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
586. Alleged advertisement of private data tool with daily updates
     Category: Combo List
     Content: Threat actor NUllSHop0X advertises a private tool with fresh data and daily updates via Telegram channel. The post appears on a forum section dedicated to combolists and data dumps, suggesting credential-based data operations.
     Date: 2026-04-02T04:51:20Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70768/
     Screenshots:
     None
     Threat Actors: NUllSHop0X
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
587. Website defacement of NUK by L4663R666H05T from Umbra Community
     Category: Defacement
     Content: On April 2, 2026, attacker L4663R666H05T from the Umbra Community defaced the Brazilian website nuk.com.br, specifically targeting a customer media directory path. This was an isolated defacement incident affecting a single target.
     Date: 2026-04-02T04:51:16Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824781
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Brazil
     Victim Industry: Unknown
     Victim Organization: NUK
     Victim Site: nuk.com.br
588. Alleged Data Leak of Online Wireless Mall
     Category: Data Leak
     Content: Threat Actor claims to have leaked the database of Online Wireless Mall in USA.
     Date: 2026-04-02T04:49:33Z
     Network: telegram
     Published URL: https://t.me/c/3816027580/5399
     Screenshots:
     None
     Threat Actors: scattered LAPSUS$ hunters part 9
     Victim Country: USA
     Victim Industry: Network & Telecommunications
     Victim Organization: online wireless mall
     Victim Site: onlinewirelessmall.com
589. Website defacement of bgadget.co.uk by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The UK-based electronics retailer BGadget suffered a website defacement attack on April 2, 2026, carried out by attacker L4663R666H05T affiliated with the Umbra Community group. The attack targeted the companys media/customer section of their website.
     Date: 2026-04-02T04:45:01Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824623
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: United Kingdom
     Victim Industry: Technology/Electronics Retail
     Victim Organization: BGadget
     Victim Site: bgadget.co.uk
590. Website defacement of bhpowy.pl by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The website bhpowy.pl was defaced by attacker L4663R666H05T, affiliated with the Umbra Community group, on April 2, 2026. The defacement targeted a specific media/customer address page rather than the main site.
     Date: 2026-04-02T04:44:27Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824624
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Poland
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: bhpowy.pl
591. Website defacement of bestfor-lb.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The website bestfor-lb.com was defaced by attacker L4663R666H05T affiliated with Umbra Community on April 2, 2026. The defacement targeted a specific media directory path rather than the main homepage.
     Date: 2026-04-02T04:43:54Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824625
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Lebanon
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: bestfor-lb.com
592. Website defacement of benzolithiumbattery.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T from Umbra Community defaced benzolithiumbattery.com on April 2, 2026. This was a single-site defacement targeting a lithium battery manufacturing company.
     Date: 2026-04-02T04:43:20Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824626
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Manufacturing
     Victim Organization: Benzo Lithium Battery
     Victim Site: benzolithiumbattery.com
593. Rici144 targets the website of Herome UAE
     Category: Defacement
     Content: The group claims to have defaced the website of Herome UAE.
     Date: 2026-04-02T04:43:17Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/823965
     Screenshots:
     None
     Threat Actors: Rici144
     Victim Country: UAE
     Victim Industry: Cosmetics
     Victim Organization: herome
     Victim Site: herome.ae
594. Website defacement of bibliorfeo.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: L4663R666H05T, affiliated with Umbra Community, defaced the bibliorfeo.com website on April 2, 2026. The attack targeted a specific directory path within the sites media customer section.
     Date: 2026-04-02T04:42:46Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824627
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Bibliorfeo
     Victim Site: bibliorfeo.com
595. OpsShadowStrike targets the website of Modern Institute of Technology & Management (MITM)
     Category: Defacement
     Content: The group claims to have defaced the website of Modern Institute of Technology & Management (MITM).
     Date: 2026-04-02T04:42:39Z
     Network: telegram
     Published URL: https://t.me/OpsShadowStrike/228
     Screenshots:
     None
     Threat Actors: OpsShadowStrike
     Victim Country: India
     Victim Industry: Higher Education/Acadamia
     Victim Organization: modern institute of technology & management (mitm)
     Victim Site: mitm.edu.in
596. Website defacement of bilo-tech.de by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The website bilo-tech.de was defaced by attacker L4663R666H05T affiliated with Umbra Community on April 2, 2026. The defacement targeted the pub/media/custome directory of the technology companys website.
     Date: 2026-04-02T04:42:12Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824628
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Germany
     Victim Industry: Technology
     Victim Organization: Bilo-Tech
     Victim Site: bilo-tech.de
597. Website defacement of Bladenkiosk by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T, associated with Umbra Community, successfully defaced the Bladenkiosk website on April 2, 2026. This appears to be a targeted single-site defacement of a Dutch media/publishing platform.
     Date: 2026-04-02T04:41:39Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824629
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Netherlands
     Victim Industry: Media/Publishing
     Victim Organization: Bladenkiosk
     Victim Site: bladenkiosk.nl
598. Alleged leak of German mixed domain credentials
     Category: Combo List
     Content: A threat actor shared a combolist containing 681,959 credential entries allegedly from various German domains. The data is being distributed for free via a file sharing platform.
     Date: 2026-04-02T04:41:34Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70766/
     Screenshots:
     None
     Threat Actors: HQcomboSpace
     Victim Country: Germany
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
599. Website defacement of bordecor.com by L4663R666H05T from Umbra Community
     Category: Defacement
     Content: The attacker L4663R666H05T, associated with Umbra Community, successfully defaced a section of bordecor.com on April 2, 2026. The defacement targeted a specific media customer advertisement page rather than the main site homepage.
     Date: 2026-04-02T04:41:05Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824630
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Bordecor
     Victim Site: bordecor.com
600. Website defacement of Bottega Idraulica by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: L4663R666H05T from Umbra Community defaced the Italian plumbing company Bottega Idraulicas website on April 2, 2026. The attack targeted a specific subdirectory rather than the homepage.
     Date: 2026-04-02T04:40:32Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824631
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Italy
     Victim Industry: Plumbing/Hardware
     Victim Organization: Bottega Idraulica
     Victim Site: bottegaidraulica.com
601. Website defacement of BP Carpets by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The Umbra Community threat group, through actor L4663R666H05T, successfully defaced the BP Carpets website on April 2, 2026. The defacement targeted a specific media directory path rather than the main homepage.
     Date: 2026-04-02T04:39:59Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824632
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Retail/Manufacturing
     Victim Organization: BP Carpets
     Victim Site: bpcarpets.com
602. Website defacement of brprop.dev by L4663R666H05T/Umbra Community
     Category: Defacement
     Content: L4663R666H05T from Umbra Community defaced brprop.dev on April 2, 2026, targeting what appears to be a customer address page or section of the website.
     Date: 2026-04-02T04:39:24Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824634
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: brprop.dev
603. Website defacement of Cabinet Design and Outlet by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: On April 2, 2026, the Cabinet Design and Outlet website was defaced by attacker L4663R666H05T, who is associated with the Umbra Community group. The defacement targeted a commercial website in the home improvement and cabinet retail industry.
     Date: 2026-04-02T04:38:51Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824636
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Home Improvement/Retail
     Victim Organization: Cabinet Design and Outlet
     Victim Site: cabinetdesignandoutlet.com
604. Alleged leak of Kuwait data
     Category: Data Leak
     Content: The group claims to have leaked data belonging to Kuwait.
     Date: 2026-04-02T04:38:34Z
     Network: telegram
     Published URL: https://t.me/c/3816027580/5390
     Screenshots:
     None
     Threat Actors: scattered LAPSUS$ hunters part 9
     Victim Country: Kuwait
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
605. Website defacement of cachemirecenter.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: L4663R666H05T, affiliated with Umbra Community, successfully defaced cachemirecenter.com on April 2, 2026. The defacement targeted a specific subdirectory rather than the homepage.
     Date: 2026-04-02T04:38:16Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824637
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Cache Mire Center
     Victim Site: cachemirecenter.com
606. Website defacement of bswigs.com by L4663R666H05T from Umbra Community
     Category: Defacement
     Content: The attacker L4663R666H05T affiliated with Umbra Community defaced the BS Wigs website on April 2, 2026, targeting what appears to be a customer address section of the site.
     Date: 2026-04-02T04:37:42Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824640
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Retail/E-commerce
     Victim Organization: BS Wigs
     Victim Site: bswigs.com
607. Website defacement of Carboland by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The website carboland.hu was defaced by attacker L4663R666H05T, affiliated with the Umbra Community group, on April 2, 2026. The defacement targeted a specific media/customer section of the site rather than the homepage.
     Date: 2026-04-02T04:37:09Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824641
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Hungary
     Victim Industry: Unknown
     Victim Organization: Carboland
     Victim Site: carboland.hu
608. Website defacement of casparin.ch by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: Website defacement attack conducted by L4663R666H05T, affiliated with Umbra Community, targeting the casparin.ch domain on April 2, 2026.
     Date: 2026-04-02T04:36:36Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824645
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Switzerland
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: casparin.ch
609. Website defacement of cecforjadores.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The website cecforjadores.com was defaced by attacker L4663R666H05T, affiliated with the Umbra Community group, on April 2, 2026. The defacement targeted a specific media subdirectory rather than the main homepage.
     Date: 2026-04-02T04:36:03Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824649
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: cecforjadores.com
610. Website defacement of Celsus by L4663R666H05T from Umbra Community
     Category: Defacement
     Content: L4663R666H05T from Umbra Community successfully defaced the Celsus website on April 2, 2026. The attack targeted a specific customer media page on the Colombian domain.
     Date: 2026-04-02T04:35:29Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824650
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Colombia
     Victim Industry: Unknown
     Victim Organization: Celsus
     Victim Site: celsus.com.co
611. Alleged Data Leak of Blue Eden
     Category: Data Leak
     Content: The group claims to have leaked the data from Blue Eden.
     Date: 2026-04-02T04:35:23Z
     Network: telegram
     Published URL: https://t.me/c/3816027580/5371
     Screenshots:
     None
     Threat Actors: scattered LAPSUS$ hunters part 9
     Victim Country: UK
     Victim Industry: Real Estate
     Victim Organization: blue eden
     Victim Site: bulgarianpropertyuk.com
612. Website defacement of Cellini by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: Attacker L4663R666H05T from Umbra Community defaced the Cellini website on April 2, 2026. The defacement targeted a media/customer section of the UK-based organizations website.
     Date: 2026-04-02T04:34:56Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824651
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: United Kingdom
     Victim Industry: Unknown
     Victim Organization: Cellini
     Victim Site: cellini.co.uk
613. Website defacement of cgr.gold by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: L4663R666H05T from Umbra Community defaced a subdirectory on cgr.gold on April 2, 2026. The attack targeted a specific media customer directory rather than the main homepage.
     Date: 2026-04-02T04:34:22Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824652
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: cgr.gold
614. Website defacement of CentraMed by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T from Umbra Community defaced the CentraMed healthcare website on April 2, 2026. The defacement targeted a specific path within the sites media directory structure.
     Date: 2026-04-02T04:33:48Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824653
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Healthcare
     Victim Organization: CentraMed
     Victim Site: centramed.eu
615. Website defacement of Cellular Screens by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T from Umbra Community successfully defaced a media directory on cellularscreens.com on April 2, 2026. The incident appears to be a targeted single-site defacement rather than part of a mass campaign.
     Date: 2026-04-02T04:33:15Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824656
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Technology/Electronics
     Victim Organization: Cellular Screens
     Victim Site: cellularscreens.com
616. Website defacement of chillbase.shop by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The e-commerce website chillbase.shop was defaced by attacker L4663R666H05T, affiliated with the Umbra Community group, on April 2, 2026. The defacement targeted the media/customer section of the site.
     Date: 2026-04-02T04:32:41Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824657
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: E-commerce
     Victim Organization: Chillbase
     Victim Site: chillbase.shop
617. Alleged data leak of New Startups in Dubai
     Category: Data Leak
     Content: The group claims to have leaked data belonging to New Startups in Dubai.
     Date: 2026-04-02T04:31:45Z
     Network: telegram
     Published URL: https://t.me/c/3816027580/5352
     Screenshots:
     None
     Threat Actors: scattered LAPSUS$ hunters part 9
     Victim Country: UAE
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
618. Alleged leak of mixed domain credential list
     Category: Combo List
     Content: A threat actor shared a credential list containing 28,000 email and password combinations from various domains. The credentials are described as fresh and high quality, targeting mixed domain providers.
     Date: 2026-04-02T04:31:10Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70765/
     Screenshots:
     None
     Threat Actors: Cir4d
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
619. Rici144 targets the website of Nature
     Category: Defacement
     Content: The group claims to have defaced the website of Nature
     Date: 2026-04-02T04:27:59Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/823916
     Screenshots:
     None
     Threat Actors: Rici144
     Victim Country: UAE
     Victim Industry: E-commerce & Online Stores
     Victim Organization: nature
     Victim Site: nature.ae
620. Rici144 targets the website of Glowy
     Category: Defacement
     Content: The group claims to have defaced the website of Glowy.
     Date: 2026-04-02T04:27:26Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/823960
     Screenshots:
     None
     Threat Actors: Rici144
     Victim Country: UAE
     Victim Industry: E-commerce & Online Stores
     Victim Organization: glowy
     Victim Site: glowy.ae
621. Alleged Data Leak of CodesOrbit
     Category: Data Leak
     Content: The group claims to have leaked the data from CodesOrbit.
     Date: 2026-04-02T04:24:55Z
     Network: telegram
     Published URL: https://t.me/c/3816027580/5354
     Screenshots:
     None
     Threat Actors: scattered LAPSUS$ hunters part 9
     Victim Country: Pakistan
     Victim Industry: Software Development
     Victim Organization: codesorbit
     Victim Site: codesorbit.net
622. Alleged data breach of Xiamen Tungsten Infrastructure
     Category: Data Breach
     Content: A threat actor claims to have compromised the infrastructure of Xiamen Tungsten Co., Ltd. (XTC), exposing over 160GB of SQL backups.
     Date: 2026-04-02T04:24:36Z
     Network: openweb
     Published URL: https://forum.exploit.biz/topic/279707/
     Screenshots:
     None
     Threat Actors: 69.pdf
     Victim Country: China
     Victim Industry: Mining/Metals
     Victim Organization: xiamen tungsten co., ltd.
     Victim Site: cxtc.com
623. Alleged data leak of nxcli.net
     Category: Data Leak
     Content: The group claims to have leaked the data belonging to nxcli.net.
     Date: 2026-04-02T04:22:16Z
     Network: telegram
     Published URL: https://t.me/c/3816027580/5405
     Screenshots:
     None
     Threat Actors: scattered LAPSUS$ hunters part 9
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: nxcli.net
     Victim Site: nxcli.net
624. Alleged distribution of credential lists from multiple e-commerce platforms
     Category: Combo List
     Content: Threat actor distributing free credential lists (combolists) from multiple e-commerce platforms including DHgate, LightInTheBox, YesStyle, Ozon, Wildberries, and Otto through Telegram channels. The actor claims to have 10 million credentials available for distribution.
     Date: 2026-04-02T04:21:17Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70763/
     Screenshots:
     None
     Threat Actors: CODER
     Victim Country: Unknown
     Victim Industry: E-commerce
     Victim Organization: Multiple (DHgate, LightInTheBox, YesStyle, Ozon, Wildberries, Otto)
     Victim Site: Unknown
625. Website defacement of Meilland Richardier by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The French rose breeding company Meilland Richardiers website was defaced by attacker L4663R666H05T, affiliated with the Umbra Community group, on April 2, 2026.
     Date: 2026-04-02T04:21:06Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824535
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: France
     Victim Industry: Horticulture
     Victim Organization: Meilland Richardier
     Victim Site: meillandrichardier.com
626. Website defacement of Mekonomen by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: Umbra Community member L4663R666H05T successfully defaced a media section of Swedish automotive retailer Mekonomens website on April 2, 2026. The attack targeted a customer advertisement page rather than the main homepage.
     Date: 2026-04-02T04:20:33Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824536
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Sweden
     Victim Industry: Automotive Retail
     Victim Organization: Mekonomen
     Victim Site: mekonomen.se
627. Website defacement of Omega Watches by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T from Umbra Community successfully defaced a subdirectory of the Omega Watches China website on April 2, 2026. The defacement targeted the media/customer section of the luxury watch retailers Chinese domain.
     Date: 2026-04-02T04:19:59Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824543
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: China
     Victim Industry: Luxury Goods/Retail
     Victim Organization: Omega Watches
     Victim Site: omegawatches.cn
628. Alleged Data Leak of Parawanik
     Category: Data Leak
     Content: A threat actor claims to have leaked data allegedly مرتبط with Parawanik, an e-commerce platform selling decorative and functional room dividers
     Date: 2026-04-02T04:19:45Z
     Network: telegram
     Published URL: https://t.me/c/3816027580/5401
     Screenshots:
     None
     Threat Actors: scattered LAPSUS$ hunters part 9
     Victim Country: Poland
     Victim Industry: E-commerce & Online Stores
     Victim Organization: parawanik
     Victim Site: parawanik.com
629. Website defacement of p.ua by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: On April 2, 2026, the threat actor L4663R666H05T affiliated with Umbra Community defaced the Ukrainian website p.ua. The attack targeted the media/customer_address directory of the site.
     Date: 2026-04-02T04:19:26Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824544
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Ukraine
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: p.ua
630. Website defacement of porcporc.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The threat actor L4663R666H05T, associated with Umbra Community, successfully defaced the porcporc.com website on April 2, 2026. The attack targeted a specific media/customer advertisement section of the site.
     Date: 2026-04-02T04:18:53Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824545
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: porcporc.com
631. Website defacement of Red Wolf Airsoft by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The airsoft retailer Red Wolf Airsofts website was defaced by threat actor L4663R666H05T, associated with the Umbra Community group, on April 2, 2026.
     Date: 2026-04-02T04:18:21Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824549
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Retail/Gaming
     Victim Organization: Red Wolf Airsoft
     Victim Site: redwolfairsoft.com
632. Website defacement of Rikorda by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: Cybercriminal L4663R666H05T affiliated with Umbra Community successfully defaced the Italian website rikorda.it on April 2, 2026. The attack targeted a customer address page within the sites media directory.
     Date: 2026-04-02T04:17:42Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824551
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Italy
     Victim Industry: Unknown
     Victim Organization: Rikorda
     Victim Site: rikorda.it
633. Alleged Data Leak of Barry & Clark
     Category: Data Leak
     Content: A threat actor claims to be selling or leaking data allegedly مرتبط with Barry & Clark, an online apparel brand.
     Date: 2026-04-02T04:17:37Z
     Network: telegram
     Published URL: https://t.me/c/3816027580/5401
     Screenshots:
     None
     Threat Actors: scattered LAPSUS$ hunters part 9
     Victim Country: India
     Victim Industry: E-commerce & Online Stores
     Victim Organization: barry & clark
     Victim Site: barryandclark.com
634. Website defacement of Santa Keramika by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: Russian ceramics manufacturer Santa Keramika was defaced by attacker L4663R666H05T from the Umbra Community group on April 2, 2026. The defacement targeted a specific media subdirectory rather than the main homepage.
     Date: 2026-04-02T04:17:08Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824553
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Russia
     Victim Industry: Manufacturing
     Victim Organization: Santa Keramika
     Victim Site: santa-keramika.ru
635. Website defacement of schermionline.it by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The website schermionline.it was defaced by attacker L4663R666H05T, who is affiliated with the Umbra Community team. The defacement occurred on April 2, 2026 and targeted a specific subdirectory rather than the main homepage.
     Date: 2026-04-02T04:16:35Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824554
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Italy
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: schermionline.it
636. Website defacement of Selectra Hengelo by L4663R666H05T from Umbra Community
     Category: Defacement
     Content: The website selectrahengelo.nl was defaced by attacker L4663R666H05T, affiliated with the Umbra Community group, on April 2, 2026. The defacement targeted what appears to be an energy comparison or utility service website in the Netherlands.
     Date: 2026-04-02T04:16:01Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824556
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Netherlands
     Victim Industry: Energy/Utilities
     Victim Organization: Selectra Hengelo
     Victim Site: selectrahengelo.nl
637. Rici144 targets the website of Al Rama Films
     Category: Defacement
     Content: The group claims to have defaced the website of Al Rama Films.
     Date: 2026-04-02T04:15:48Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/823947
     Screenshots:
     None
     Threat Actors: Rici144
     Victim Country: UAE
     Victim Industry: Architecture & Planning
     Victim Organization: al rama films
     Victim Site: alramafilms.ae
638. Website defacement of The French Cake Company by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The French Cake Company website was defaced by attacker L4663R666H05T, associated with the Umbra Community group, on April 2, 2026. The incident targeted the media section of the companys website.
     Date: 2026-04-02T04:15:28Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824569
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Food & Beverage
     Victim Organization: The French Cake Company
     Victim Site: thefrenchcakecompany.com
639. Alleged Data Leak of Tiva LLC
     Category: Data Leak
     Content: Threat Actor claims to have leaked the database of Tiva LLC in Armenia.
     Date: 2026-04-02T04:15:05Z
     Network: telegram
     Published URL: https://t.me/c/3816027580/5395
     Screenshots:
     None
     Threat Actors: scattered LAPSUS$ hunters part 9
     Victim Country: Armenia
     Victim Industry: Retail Industry
     Victim Organization: tiva llc
     Victim Site: tiva.am
640. Website defacement of The Great Courses Plus by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: Umbra Community member L4663R666H05T defaced The Great Courses Plus educational platform on April 2, 2026. The attack targeted the media section of the online learning website.
     Date: 2026-04-02T04:14:56Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824570
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Education
     Victim Organization: The Great Courses Plus
     Victim Site: thegreatcoursesplus.com
641. Website defacement of The Workplace Depot by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The Workplace Depots website was defaced by attacker L4663R666H05T, affiliated with the Umbra Community group, on April 2, 2026. The defacement targeted the UK-based office furniture and supplies retailers media directory.
     Date: 2026-04-02T04:14:23Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824572
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: United Kingdom
     Victim Industry: Retail/Office Supplies
     Victim Organization: The Workplace Depot
     Victim Site: theworkplacedepot.co.uk
642. Website defacement of totogroup.ru by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: Attacker L4663R666H05T from Umbra Community defaced the Russian website totogroup.ru on April 2, 2026. The defacement targeted a specific media subdirectory rather than the main homepage.
     Date: 2026-04-02T04:13:50Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824578
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Russia
     Victim Industry: Unknown
     Victim Organization: Toto Group
     Victim Site: totogroup.ru
643. Alleged data leak of Orsk.ru
     Category: Data Leak
     Content: The group claims to have leaked data from Orsk.ru.
     Date: 2026-04-02T04:09:36Z
     Network: telegram
     Published URL: https://t.me/c/3816027580/5358
     Screenshots:
     None
     Threat Actors: scattered LAPSUS$ hunters part 9
     Victim Country: Russia
     Victim Industry: Government & Public Sector
     Victim Organization: orsk.ru
     Victim Site: board.orsk.ru
644. Website defacement of butterfliesandbikinis.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T, affiliated with Umbra Community, successfully defaced the butterfliesandbikinis.com website on April 2, 2026. This appears to be an isolated defacement incident targeting a retail fashion website.
     Date: 2026-04-02T04:07:45Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824448
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Retail/Fashion
     Victim Organization: Butterflies and Bikinis
     Victim Site: butterfliesandbikinis.com
645. SpeakTeam targets the website of Benemérita Escuela Normal Urbana
     Category: Defacement
     Content: The group claims to have defaced the website of Benemérita Escuela Normal Urbana.
     Date: 2026-04-02T04:07:20Z
     Network: telegram
     Published URL: https://t.me/speakteamm/70
     Screenshots:
     None
     Threat Actors: SpeakTeam
     Victim Country: Mexico
     Victim Industry: Education
     Victim Organization: benemérita escuela normal urbana
     Victim Site: benu.edu.mx
646. Website defacement of bvibe.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T from Umbra Community defaced the bvibe.com website on April 2, 2026, targeting what appears to be customer address data on the adult entertainment retailers media directory.
     Date: 2026-04-02T04:07:07Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824449
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Adult Entertainment
     Victim Organization: B-Vibe
     Victim Site: bvibe.com
647. Website defacement of canevas.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The website canevas.com was defaced by attacker L4663R666H05T, affiliated with the Umbra Community team, on April 2, 2026. The defacement targeted a customer management section of the website.
     Date: 2026-04-02T04:06:31Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824450
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Canevas
     Victim Site: canevas.com
648. Rici144 targets the website of Grandiose Supermarket
     Category: Defacement
     Content: The group claims to have defaced the website of Grandiose Supermarket.
     Date: 2026-04-02T04:06:23Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/823962
     Screenshots:
     None
     Threat Actors: Rici144
     Victim Country: UAE
     Victim Industry: Food & Beverages
     Victim Organization: grandiose supermarket
     Victim Site: grandiose.ae
649. Website defacement of chassemarket.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: Umbra Community member L4663R666H05T defaced the chassemarket.com e-commerce website on April 2, 2026. The attack targeted a specific media directory rather than the main homepage.
     Date: 2026-04-02T04:05:54Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824452
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: E-commerce
     Victim Organization: Chasse Market
     Victim Site: chassemarket.com
650. Website defacement of coutinho.nl by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T from Umbra Community defaced a specific page on coutinho.nl on April 2, 2026. This appears to be a targeted single-site defacement rather than a mass attack.
     Date: 2026-04-02T04:05:17Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824453
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Netherlands
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: coutinho.nl
651. Website defacement of Danielsson Fly Reels by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: Website defacement of Swedish fly fishing reel manufacturer Danielsson Fly Reels conducted by attacker L4663R666H05T affiliated with Umbra Community on April 2, 2026.
     Date: 2026-04-02T04:04:40Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824454
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Sweden
     Victim Industry: Manufacturing
     Victim Organization: Danielsson Fly Reels
     Victim Site: danielsson-flyreels.se
652. Website defacement of DentalSpeed by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The dental services website dentalspeed.com was defaced by attacker L4663R666H05T affiliated with the Umbra Community group on April 2, 2026. The defacement targeted a specific subdirectory rather than the main homepage.
     Date: 2026-04-02T04:04:03Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824455
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Healthcare
     Victim Organization: DentalSpeed
     Victim Site: dentalspeed.com
653. Website defacement of dplantes.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T, affiliated with Umbra Community, successfully defaced the dplantes.com website on April 2, 2026. This appears to be an isolated defacement incident targeting a single website.
     Date: 2026-04-02T04:03:25Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824464
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: dplantes.com
654. Website defacement of Elite Fitness by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The fitness website elitefitness.co.nz was defaced by attacker L4663R666H05T associated with the Umbra Community group on April 2, 2026. The defacement targeted a specific media/custom page rather than the main homepage.
     Date: 2026-04-02T04:02:49Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824465
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: New Zealand
     Victim Industry: Fitness/Health
     Victim Organization: Elite Fitness
     Victim Site: elitefitness.co.nz
655. Website defacement of garotas.com.uy by L4663R666H05T from Umbra Community
     Category: Defacement
     Content: L4663R666H05T from the Umbra Community defaced garotas.com.uy on April 2, 2026. The attack targeted a specific page within the media/customer directory of the Uruguayan website.
     Date: 2026-04-02T04:02:11Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824472
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Uruguay
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: garotas.com.uy
656. Website defacement of Goyard by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The luxury goods company Goyards website was defaced by attacker L4663R666H05T from the Umbra Community group on April 2, 2026. The defacement targeted a customer address page on the companys main domain.
     Date: 2026-04-02T04:01:35Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824474
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: France
     Victim Industry: Luxury Goods
     Victim Organization: Goyard
     Victim Site: goyard.com
657. Website defacement of grandway.ua by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T, affiliated with Umbra Community, defaced the grandway.ua website on April 2, 2026. The defacement targeted a specific media/customer section of the Ukrainian website.
     Date: 2026-04-02T04:00:59Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824475
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Ukraine
     Victim Industry: Unknown
     Victim Organization: Grandway
     Victim Site: grandway.ua
658. Website defacement of Hiliq by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The attacker L4663R666H05T, associated with Umbra Community, successfully defaced the Hiliq e-commerce website on April 2, 2026. The defacement targeted a customer address page on the hiliq.com domain.
     Date: 2026-04-02T04:00:22Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824476
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: E-commerce
     Victim Organization: Hiliq
     Victim Site: hiliq.com
659. Website defacement of inercia.com by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: The website inercia.com was defaced by attacker L4663R666H05T, associated with the Umbra Community group, on April 2, 2026. The defacement targeted a specific customer management page on the domain.
     Date: 2026-04-02T03:59:46Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824478
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Inercia
     Victim Site: inercia.com
660. Website defacement of Italtile by L4663R666H05T (Umbra Community)
     Category: Defacement
     Content: On April 2, 2026, the South African tile retailer Italtiles website was defaced by attacker L4663R666H05T, affiliated with the Umbra Community group. The defacement targeted a specific media/customer section of the companys website.
     Date: 2026-04-02T03:59:09Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824479
     Screenshots:
     None
     Threat Actors: L4663R666H05T, Umbra Community
     Victim Country: South Africa
     Victim Industry: Retail/Construction Materials
     Victim Organization: Italtile
     Victim Site: italtile.co.za
661. Rici144 targets the website of Tires247
     Category: Defacement
     Content: The group claims to have defaced the website of Tires247.
     Date: 2026-04-02T03:54:33Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/823988
     Screenshots:
     None
     Threat Actors: Rici144
     Victim Country: UAE
     Victim Industry: E-commerce & Online Stores
     Victim Organization: tires247
     Victim Site: tires247.ae
662. Rici144 targets the website of Hard Disk Direct
     Category: Defacement
     Content: The group claims to have defaced the website of Hard Disk Direct.
     Date: 2026-04-02T03:53:18Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/823964
     Screenshots:
     None
     Threat Actors: Rici144
     Victim Country: UAE
     Victim Industry: Computer Hardware
     Victim Organization: hard disk direct
     Victim Site: harddiskdirect.ae
663. Rici144 targets the website of Foula Store UAE
     Category: Defacement
     Content: The group claims to have defaced the website of Foula Store UAE.
     Date: 2026-04-02T03:51:47Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/823898
     Screenshots:
     None
     Threat Actors: Rici144
     Victim Country: UAE
     Victim Industry: Cosmetics
     Victim Organization: foula store uae
     Victim Site: foula-store.ae
664. Rici144 targets the website of TyresCart
     Category: Defacement
     Content: The group claims to have defaced the website of TyresCart.
     Date: 2026-04-02T03:50:21Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/823991
     Screenshots:
     None
     Threat Actors: Rici144
     Victim Country: UAE
     Victim Industry: E-commerce & Online Stores
     Victim Organization: tyrescart
     Victim Site: tyrescart.ae
665. Rici144 targets the website of Educraft
     Category: Defacement
     Content: The group claims to have defaced the website of Educraft.
     Date: 2026-04-02T03:50:18Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/823936
     Screenshots:
     None
     Threat Actors: Rici144
     Victim Country: UAE
     Victim Industry: Education
     Victim Organization: educraft
     Victim Site: test.educraft.ae
666. OpsShadowStrike targets the website of Mata Amritanandamayi Math (MAM)
     Category: Defacement
     Content: The group claims to have defaced the website of Mata Amritanandamayi Math (MAM).
     Date: 2026-04-02T03:33:07Z
     Network: telegram
     Published URL: https://t.me/OpsShadowStrike/229
     Screenshots:
     None
     Threat Actors: OpsShadowStrike
     Victim Country: India
     Victim Industry: Non-profit & Social Organizations
     Victim Organization: mata amritanandamayi math (mam)
     Victim Site: amrita.in
667. Website defacement of prikazna-patechka.com by Leviathan Perfect Hunter team
     Category: Defacement
     Content: The Leviathan Perfect Hunter team, with member aexdy, successfully defaced the prikazna-patechka.com website on April 2, 2026. The attack targeted a specific storage directory on the site rather than the main homepage.
     Date: 2026-04-02T03:30:48Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824418
     Screenshots:
     None
     Threat Actors: aexdy, Leviathan Perfect Hunter
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: prikazna-patechka.com
668. Alleged leak of Arab investor database
     Category: Data Leak
     Content: The group claims to have leaked Arab investor database.
     Date: 2026-04-02T03:03:38Z
     Network: telegram
     Published URL: https://t.me/c/3816027580/5351
     Screenshots:
     None
     Threat Actors: scattered LAPSUS$ hunters part 9
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
669. Website defacement of limite60.com by Aptisme (Leviathan Perfect Hunter team)
     Category: Defacement
     Content: The website limite60.com was defaced by attacker Aptisme, associated with the Leviathan Perfect Hunter team, on April 2, 2026. The attack specifically targeted the art.html page of the site.
     Date: 2026-04-02T02:50:55Z
     Network: openweb
     Published URL: https://zone-xsec.com/mirror/id/824417
     Screenshots:
     None
     Threat Actors: Aptisme, Leviathan Perfect Hunter
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: limite60.com
670. Alleged Data Leak of BENEMERITA ESCUELA NORMAL URBANA FEDERAL FRONTERIZA (Benuff)
     Category: Data Leak
     Content: The group claims to have leaked the data from BENEMERITA ESCUELA NORMAL URBANA FEDERAL FRONTERIZA (BENUFF).
     Date: 2026-04-02T02:46:54Z
     Network: telegram
     Published URL: https://t.me/speakteamm/68
     Screenshots:
     None
     Threat Actors: SpeakTeam
     Victim Country: Mexico
     Victim Industry: Education
     Victim Organization: benemerita escuela normal urbana federal fronteriza
     Victim Site: benuff.com
671. Alleged leak of Hotmail credential combolist
     Category: Combo List
     Content: User redcloud shared a combolist containing 2.8K allegedly valid Hotmail email credentials via MediaFire download link. The actor also provided a Telegram contact for communication.
     Date: 2026-04-02T02:45:09Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70762/
     Screenshots:
     None
     Threat Actors: redcloud
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
672. Alleged distribution of shopping platform credential lists
     Category: Combo List
     Content: Threat actor CODER is distributing an 11 million record credential list (combolist) targeting multiple shopping platforms including ASOS, Shein, Zalando, Rakuten, MercadoLibre, JD.com, and Taobao through Telegram channels. The credentials appear to be offered for free distribution rather than sale.
     Date: 2026-04-02T02:32:29Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70757/
     Screenshots:
     None
     Threat Actors: CODER
     Victim Country: Unknown
     Victim Industry: E-commerce
     Victim Organization: Multiple
     Victim Site: Unknown
673. Alleged distribution of credential combolists targeting Europe and USA
     Category: Combo List
     Content: Threat actor gsmfix claims to be distributing high quality credential combolists targeting users in Europe and USA regions. The post advertises the credentials as 100% FULL VALID but lacks specific details about source, volume, or pricing.
     Date: 2026-04-02T02:32:12Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70758/
     Screenshots:
     None
     Threat Actors: gsmfix
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
674. Alleged leak of German retail credentials targeting shoppers
     Category: Combo List
     Content: A threat actor shared a combolist containing 458,534 credential pairs allegedly targeting German shopping platforms. The data was made available as a free download on a cybercrime forum.
     Date: 2026-04-02T02:31:53Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70759/
     Screenshots:
     None
     Threat Actors: HQcomboSpace
     Victim Country: Germany
     Victim Industry: Retail
     Victim Organization: Unknown
     Victim Site: Unknown
675. Alleged leak of Hotmail credentials
     Category: Combo List
     Content: Threat actor noir claims to have valid Hotmail credential lists available through their Telegram channel. The post advertises UHQ (Ultra High Quality) Hotmail credentials as part of what appears to be a combolist distribution operation.
     Date: 2026-04-02T02:17:51Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70754/
     Screenshots:
     None
     Threat Actors: noir
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
676. Alleged Data Leak of Bedford Borough Council
     Category: Data Leak
     Content: The group claims to have leaked the data from Bedford Borough Council.
     Date: 2026-04-02T02:15:48Z
     Network: telegram
     Published URL: https://t.me/c/3816027580/5234
     Screenshots:
     None
     Threat Actors: scattered LAPSUS$ hunters part 9
     Victim Country: UK
     Victim Industry: Government Administration
     Victim Organization: bedford borough council
     Victim Site: bedford.gov.uk
677. Alleged data leak of Meritorious State Normal School “Prof. Jesús Prado Luna”
     Category: Data Leak
     Content: The group claims to have breached data from Meritorious State Normal School “Prof. Jesús Prado Luna”.
     Date: 2026-04-02T02:12:18Z
     Network: telegram
     Published URL: https://t.me/speakteamm/66
     Screenshots:
     None
     Threat Actors: SpeakTeam
     Victim Country: Mexico
     Victim Industry: Education
     Victim Organization: meritorious state normal school “prof. jesús prado luna”
     Victim Site: benejpl.edu.mx
678. Alleged leak of Hotmail credential combolist
     Category: Combo List
     Content: A threat actor shared a combolist containing 1,973 Hotmail email credentials on a cybercriminal forum. The post appears to offer free access to the credential list through an image hosting service.
     Date: 2026-04-02T02:01:33Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70753/
     Screenshots:
     None
     Threat Actors: D4rkNetHub
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
679. Alleged Data Leak of Benemérita Escuela Normal Federalizada de Tamaulipas (BENFT)
     Category: Data Leak
     Content: The group claims to have leaked the data from Benemérita Escuela Normal Federalizada de Tamaulipas (BENFT).
     Date: 2026-04-02T02:00:11Z
     Network: telegram
     Published URL: https://t.me/speakteamm/64
     Screenshots:
     None
     Threat Actors: SpeakTeam
     Victim Country: Mexico
     Victim Industry: Education
     Victim Organization: benemérita escuela normal federalizada de tamaulipas (benft)
     Victim Site: benft.edu.mx
680. Alleged vulnerability leak of Paramekkavu Vidya Mandir
     Category: Vulnerability
     Content: The group claims to have leaked a vulnerability in Paramekkavu Vidya Mandir.
     Date: 2026-04-02T01:52:05Z
     Network: telegram
     Published URL: https://t.me/c/3713998822/22
     Screenshots:
     None
     Threat Actors: Channel BadakSecTeam
     Victim Country: India
     Victim Industry: Education
     Victim Organization: paramekkavu vidya mandir
     Victim Site: paramekkavuvidyamandir.edu.in
681. Alleged data leak of Colombias Internal Public Lighting Information System
     Category: Data Leak
     Content: Group claims to have leaked data from TColombias Internal Public Lighting Information System.
     Date: 2026-04-02T01:38:45Z
     Network: telegram
     Published URL: https://t.me/c/3816027580/5241
     Screenshots:
     None
     Threat Actors: scattered LAPSUS$ hunters part 9
     Victim Country: Colombia
     Victim Industry: Government & Public Sector
     Victim Organization: colombias internal public lighting information system
     Victim Site: ipsap.uaesp.gov.co
682. Alleged leak of mixed credential logs via file sharing platform
     Category: Combo List
     Content: A threat actor shared a 2.5GB+ collection of mixed credential logs through a file sharing platform. The logs are distributed for free via Mega file hosting service with password access provided through a Telegram channel.
     Date: 2026-04-02T01:12:31Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70752/
     Screenshots:
     None
     Threat Actors: maicolpg19
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
683. Alleged leak of education sector credentials
     Category: Combo List
     Content: A threat actor shared a credential list containing 161,223 lines targeting social media, shopping, and educational platforms. The data is being distributed for free via a file-sharing platform.
     Date: 2026-04-02T00:19:49Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70751/
     Screenshots:
     None
     Threat Actors: HQcomboSpace
     Victim Country: Unknown
     Victim Industry: Education
     Victim Organization: Unknown
     Victim Site: Unknown
684. Alleged leak of Hotmail credential combolist
     Category: Combo List
     Content: Forum post claims to contain 42,000 Hotmail credentials described as valid and related to forums. The post requires registration to view the actual content.
     Date: 2026-04-02T00:07:05Z
     Network: openweb
     Published URL: https://crackingx.com/threads/70750/
     Screenshots:
     None
     Threat Actors: ValidMail
     Victim Country: Unknown
     Victim Industry: Technology
     Victim Organization: Microsoft
     Victim Site: hotmail.com
685. Alleged data leak of Crofting Commission
     Category: Data Breach
     Content: Group claims to have leaked data from Crofting Commission.
     Date: 2026-04-02T00:03:27Z
     Network: telegram
     Published URL: https://t.me/c/3816027580/5238
     Screenshots:
     None
     Threat Actors: scattered LAPSUS$ hunters part 9
     Victim Country: UK
     Victim Industry: Government Administration
     Victim Organization: crofting commission
     Victim Site: crofting.scotland.gov.uk