[April-20-2026] Daily Cybersecurity Threat Report

Posted on

Executive Summary

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data. The observed period, primarily focusing on April 19 and 20, 2026, reveals a highly active and volatile cyber threat landscape. The data encompasses a vast array of malicious activities, ranging from critical infrastructure breaches and massive credential aggregations to targeted hacktivist defacements and the sale of zero-day access. The sheer volume of compromised data—totaling billions of records across various sectors—highlights systemic vulnerabilities in global digital infrastructure.

1. Major Threat Actor Profiles and Operations

The incident data reveals several highly active threat actors and groups executing large-scale campaigns across multiple vectors.

ShinyHunters: Supply Chain and High-Value Extortion

Threat actor ShinyHunters has demonstrated a focus on high-value corporate targets and potential supply chain compromises.

  • Vercel Access Sale: ShinyHunters is actively selling alleged access to Vercel’s internal systems, which includes multiple employee accounts, internal deployment access, API keys, NPM tokens, and GitHub tokens. The actor claims this access could enable a global supply chain attack via Next.js (which has 6 million weekly downloads), Turbo.js, and the broader Vercel ecosystem, potentially impacting every developer utilizing these packages. Exposed internal user data fields include id, name, displayName, email, active status, admin/guest flags, timezone, and timestamps. Proof of access was provided via Linear internal system data. The asking price for this access is a staggering $2M USD, with a middleman required and contact facilitated via XMPP, Telegram (@shinyc0rpsss), or email.
  • Transak Data Breach: ShinyHunters claims to be selling 900GB of data allegedly stolen from Transak.com, a US-based cryptocurrency platform. The data is offered for $2,000 USD, with a sample available and communication directed to Telegram. Associated messaging suggests a ransom or extortion element involving a “pay or leak” ultimatum.
  • Binance Database: Furthermore, ShinyHunters is selling an alleged database of 1.5 million Binance user records dated 2026. The dataset includes user status, email, password, full name, phone number, country, last login, 2FA status, KYC status, and USD balance. The asking price is $50,000 USD, posted on BreachForums.

Xyph0rix: Widespread Indonesian Infrastructure Compromise

A threat actor operating under the alias Xyph0rix has engaged in a massive, focused campaign against Indonesian government and public sector infrastructure, freely leaking vast databases on the Breached forum.

  • Government & Electoral Data: Xyph0rix claims to have obtained and leaked the Indonesian General Elections Commission (KPU) database. This highly sensitive leak contains full names, national identity numbers (NIK/KTP), dates of birth, addresses, phone numbers, email addresses, employment details, and electoral registration records related to political party verification processes, sourced from the KPU’s SIPOL system.
  • Law Enforcement & Civil Service: Xyph0rix leaked a structured database dump allegedly belonging to the Indonesian National Police (Kepolisian Negara Republik Indonesia) containing officer IDs, full names, ranks, assigned police units, disciplinary case details, decision references, and hashed values. They also leaked a database from the West Java Regional Police Mobile Brigade Unit (SAT BRIMOB POLDA JABAR). Furthermore, they shared a database belonging to Satpol PP (Satuan Polisi Pamong Praja), a civil service police unit, containing employee ID numbers (NIP), full names, educational qualifications, civil service ranks, and job positions, sourced from the Bangka Tengah Regency office. A separate leak targeted satpol.pp.go.id.
  • Healthcare & Cooperatives: Xyph0rix leaked a database allegedly sourced from BPJS, Indonesia’s national social health insurance program, exposing full names, NIKs, dates and places of birth, and residential addresses. They also leaked a database from Koperasi Bintang Kejora, a cooperative in Bangka Belitung, exposing tax IDs (NPWP) and physical addresses , and distributed a “Vaccine Data” archive via MediaFire.
  • International & Forum Leaks: Broadening their scope, Xyph0rix leaked a structured dataset allegedly containing personal information of Israeli citizens linked to their Facebook accounts, including phone numbers, Facebook IDs, and relationship statuses. Additionally, they leaked an alleged database dump of BreachForums itself, containing usernames, hashed passwords, salts, login keys, IP addresses, and user activity fields.

CODER: Industrial-Scale Credential Distribution

A threat actor operating under the alias CODER is responsible for distributing tens of millions of credential pairs for free via Telegram channels and groups, acting as a massive distributor of compromised data.

  • Corporate & Education: CODER distributed a combolist containing approximately 9.3 million corporate email and password combinations, described as ultra-high quality. They also shared a mixed corporate domain combolist , a combolist of 12 million email and password combinations associated with education sector accounts from mixed countries , and a separate educational institution combolist. Another corporate combolist release allegedly contained 3 million credential pairs.
  • Social Media & Webmail: CODER distributed combolists containing approximately 8 million credentials targeting Hotmail accounts across regional domains, alongside Facebook, Instagram, Twitter, and PayPal credentials. They also released a staggering 22 million social media credentials , a 5 million mixed social media credential list , an 11 million credential list targeting Hotmail, Yahoo, and Orange FR users , and an 11 million credential pair list targeting German email providers like web.de, GMX, and T-Online.

HQcomboSpace: Targeted Combolist Aggregation

Threat actor HQcomboSpace focused heavily on specific regional and industry-targeted combolists, primarily distributed via Mega.nz links on the CrackingX forum.

  • German Targets: Shared a combolist with over 1.1 million credential pairs targeting German users , another list with 440,479 credentials associated with German (.de) domains , a list of 127,120 lines of mixed German domain credentials , and a list of 338,156 German domain credentials.
  • Gaming, Retail, & Education: Distributed a 1.4 million credential list targeting gaming and shopping platforms for Yahoo users , 436,635 Hotmail credentials curated for gaming and shopping platform abuse , 1.67 million Hotmail credentials focused on shopping services , 1.09 million Hotmail credentials targeting gaming and shopping , 185,569 shopping/corporate credentials , 13,659 mixed-country Yahoo credentials , and 120,470 credential pairs targeting the education sector.

2. Categorical Analysis: Data Breaches and Leaks

This section outlines major data exfiltration events, categorized by industry and target.

Military, Defense, and Intelligence

  • Chinese PLA & MSS: A threat actor alias ‘mosad’ is selling purported classified data from multiple divisions of the Chinese People’s Liberation Army, including its Cyberspace Force, Rocket Force, Strategic Support Force, Naval Equipment Research Institute, and intelligence directorates. The actor claims the data is fresh, targeting buyers like think tanks , and represents an organized team transitioning from private contracted work. The data reportedly covers the Cyberspace Force Technology Research Institute and the Middle East and African Affairs Analysis Division. Concurrently, actor ‘Yakohomot’ is selling a Chinese military database obtained through a loan agent intermediary for $25,000 USD in Monero via Session.
  • Hellenic Air Force: Threat actor RubiconH4ck is selling approximately 1TB of sensitive documents and data allegedly exfiltrated from the Hellenic Air Force, covering the year 2025, for $4,000.
  • Venezuelan Intelligence: Actor GordonFreeman freely leaked payroll records of approximately 25,000 Venezuelan government officials from SEBIN (Bolivarian National Intelligence Service) and CICPC (Scientific, Penal, and Criminal Investigation Service Corps). The data includes national ID numbers (Cédula), tax IDs (RIF), email addresses, phone numbers, and full names, allegedly obtained through a joint penetration testing operation.

Global Government and Citizen Data

  • Massive Chinese Dataset: Threat actor aliladz213 allegedly leaked a 50 billion record collection of Chinese data across organizations like Pinduoduo (14.5B), JD.com (10B), logistics providers (4.5B), and a 1.2 billion record Shanghai National Police (SHGA) database. The data spans shopping histories, citizen records, and law enforcement databases, totaling 8–9 TB.
  • Mexico (SEP): Threat actor Richdie leaked personal and employment records of approximately 10 million workers from Mexico’s Secretaría de Educación Pública (SEP), including full names, CURP, RFC identifiers, salaries, and budget allocations.
  • Brazil (Pernambuco): Threat actor 0x0dayToDay is selling a database of 9.19 million citizens of Pernambuco, Brazil for $200 USD, containing CPF numbers, full names, dates of birth, parent names, addresses, and RG document details.
  • Georgia & Israel: Aliladz213 shared databases containing citizenship records for 4.9 million Georgian citizens and personal data of 3.9 million Israeli citizens.
  • Tunisia & Bangladesh: Hacktivist group N3XUS SH13LD claims to have compromised the Tunisian Ministry of the Interior website, exfiltrating 132 classified files regarding Algeria. Actor ‘weykofa’ hacked the Bangladeshi government GIS portal (gis.gov.bd), leaking a database dump including user records of doctors and government officials.
  • France (Mission Locale de Marseille): Actor Cybernox is selling a database of 4,904 records from Mission Locale de Marseille, containing sensitive employment-related fields, job application statuses, and IAE pass information.
  • Morocco & Iran: Aliladz213 leaked a database belonging to the Moroccan website gemaroc.com and a database associated with Iran’s nuclear energy sector.
  • Germany: A dark web report claims unauthorized access to a German domain registration system resulted in the exfiltration of 7 million data records and source code, posing a supply-chain risk.

Corporate, Retail, and Financial

  • Solventum (3M Healthcare): Threat actor SeraphimGroup claimed a data breach of Solventum, leaking Jira tickets, a Confluence scrape of internal operations, and a Microsoft Entra directory dump.
  • Binghatti Real Estate (UAE): RubiconH4ck is selling over 350GB of data exfiltrated from Binghatti, including customer PII, passport scans, Emirates ID numbers, sales records, reservation agreements, and bank transaction files, allegedly obtained through a compromised sales manager account.
  • Timbermart Canada: Threat actor Moelester is selling a database of 485,000 records from Timbermart, including customer contacts, store locations, product inventory, and detailed transaction records with partial card data.
  • Just Wines Australia: Threat actor ‘2019’ is selling a database of over 300,000 customer records from Just Wines Australia, including names, addresses, and order details.
  • Financial Leads & CC Data: Actor Luckiest is selling customer lead databases from institutions like Bunq, Revolut, Binance, KuCoin, Coinspot, Coinbase, and DBS Bank. RubiconH4ck is selling financial data including CC/CVV, VBV, dumps, fullz, and bank logs with prices ranging from $1,000 to $30,000. Vapp09 is offering linkable credit cards for Google Pay, eBay, Cash App, PayPal, and Booking.com.
  • Galcomm (Israel): NormalLeVrai leaked the database (31,000 records) and source code (2.32 GB) of Galcomm, an Israeli domain registrar.
  • ManyFics (France): Actor camillaDF is selling a database of 40,000 records from French fan fiction platform manyfics.net, including usernames, hashed passwords, and preferences.
  • PTT Cargo (Turkey): SiberSLX scraped and leaked data from PTT Cargo’s tracking system, revealing names, Turkish national IDs (T.C. Kimlik No), and logistics data.
  • Other Targets: NormalLeVrai leaked the email inbox of Instituto Maria Schmitt (IMAS) in Brazil and scraped the webmail of Marinapark hotel. RubiconH4ck sold a database of 2.7 million Indian car owners for $1,200. NormalLeVrai sold a compromised cryptocurrency account containing 9.22998 BTC.

Educational Sector

  • Indonesia: RubiconH4ck leaked 2.3 million records from SMKN Padang Cermin, including student identification numbers (NISN) and parent data. CyphieNesia leaked Bidik Misi scholarship recipient records from Universitas Negeri Malang. MaxiZERO leaked personal data of students and lecturers from Universitas Dirgantara Marsekal Suryadarma via an API extraction and a database from BIMA Ditjen Saintek containing lecturer registration numbers (NIDN) and academic credentials.

3. Categorical Analysis: Combo Lists, Logs, and Credential Stuffing

The trading and free distribution of credential combolists (email:password or URL:login:password combinations) constitutes the vast majority of the reported incidents, fueling automated account takeover (ATO) and credential stuffing attacks.

Massive Data Aggregators

  • Mustukaral: This actor is advertising colossal credential collections on CrackingX, including a 1.3TB collection of URL-login-password (ULP) combolists spanning 2024-2026 , and another 750GB collection. Both offerings feature online search tools, auto-updates, and country-based filtering, indicating a highly sophisticated, commercialized data aggregation service.
  • WashingtonDC: Shared a combolist of approximately 2.3 million URL, username, and password combinations compiled from infostealer logs.
  • Daxus: Shared a combolist containing approximately 13.68 million URL:login:password credential pairs, described as ultra-high quality.

Major Multi-Platform and Email Combolist Distributors

Aside from the previously mentioned CODER and HQcomboSpace, numerous actors distributed significant credential caches:

  • Larry_Uchiha: Shared 800 Hotmail credentials from the US, Europe, Asia, and Russia; 1,400 hits for Hotmail, Instagram, Epic Games, Xbox, and Discord ; a mixed list for Instagram, Epic Games, Xbox, and Discord ; a mixed list for Hotmail, Outlook, AOL, GMX, Inbox, iCloud, and Live ; and a mixed list for Netflix, OnlyFans, ChatGPT, Xbox, Sony, Discord, and Facebook.
  • Megacloud: Shared German email credentials , 30,000 mixed email credentials , 2,100 Russian email credentials , and 1,300 French email credentials.
  • Ebbicloud: Shared a mixed combolist of 13,488 credential pairs and a valid mixed combolist of 16,840 entries.
  • RandomUpload: Shared lists of 27,000 credentials , 299,000 ULP credentials , 9,772 mail access credentials , and 1 million ULP credentials.
  • ValidMail: Distributed 60,000 Gmail credentials , another 60,000 Gmail list , and 40,000 Hotmail credentials validated against forums.
  • Herry_X0087 (via hqtabbb): Distributed 111 Hotmail credentials , 230 Hotmail credentials , 500 Hotmail credentials , 93 Hotmail credentials , and 800 USA domain credentials , heavily promoting the “Noir Public Cloud” Telegram channel.

Specific Target Combolists

  • Gmail: ‘steeve75’ sold 135,000 Gmail-targeted credentials. ‘D4rkNetHub’ leaked over 100,000 Gmail credentials. ‘JAX7’ distributed Gmail addresses, names, and phone numbers targeting Israelis.
  • Hotmail: Highly targeted. FlashCloud2 shared 1,300 UHQ Hotmail credentials and other private lists. Jelooos shared 1,200 Hotmail hits. MailAccesss shared 850 valid Hotmail credentials . alphaxdd shared 1,120 premium Hotmail hits and 850 premium hits. HollowKnight/HollowKnight07 shared sample lists of 705 and 725 credentials . wingoooW shared an HQ Hotmail list. Angiecrax shared 1,990 UHQ Hotmail hits. Steveee36 shared 1,205 Hotmail credentials. Sellerxd shared 600 valid Hotmail credentials . redcloud shared 10,300 UHQ Hotmail credentials. ‘noir’ shared valid Hotmail credentials.
  • Social & Entertainment: ‘bluestarcrack’ leaked session cookies for Netflix, eBay, and Fortnite. ‘tuzelity’ advertised combolists and logs for dozens of platforms including Facebook, TikTok, Disney, PSN, Steam, Amazon, Airbnb, and Badoo.
  • Other Mixed Leaks: ‘carlos080’ leaked 180,000 mixed credentials. ‘Ra-Zi’ leaked 180,000 credentials for Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify. ‘wingoooW’ shared 64,000 mixed credentials. ‘COYTO’ shared 9,000 credentials. ‘Seaborg’ shared 200,000 ULP credentials. ‘idsfgofdu213’ shared 101,000 ULP credentials. ‘Cir4Dk’ shared 99,000 and 67,000 mixed-domain credentials. ‘MrCOMBOROBOA’ sold tiers of 100k to 10 million mixed credentials. ‘Kommander0’ shared 939 and 4,600 mixed credentials. ‘StrawHatBase’ shared 18,000 and 35,000 mixed credentials. ‘alphacloud’ shared 4,952 premium credentials. ‘TeraCloud11/TeraCloud1’ shared 22,000 and 29,000 valid credentials. ‘stevee36’ shared 2,436 credentials. ‘intel500’ sold 1,200 Japan/Europe credentials. ‘zod’ shared a VIP ULP 7 combolist and 184,420 Indian credentials. ‘MailAccesss’ shared 5,700 Japanese credentials. ‘fatetraffic’ shared 1,450 mixed stealer logs. ‘redcloud’ shared 25,500 mixed valid credentials.

Infostealer Logs and Private Archives

  • Stealer Logs: ‘UP_DAISYCLOUD’ shared 5,149 stealer logs hosted on Pixeldrain. ‘watercloud’ shared stealer logs and a ULP combolist. ‘KazeFreak’ shared 500 Lumma Stealer logs targeting Indian users on Windows 10/Opera. Actor ‘chaos’ actively solicited bulk purchases of valid ULP credential logs. ‘Vekkoo’ shared 100,000 HQ mixed access logs.
  • Private Log Archives: ‘niven938644’ and ‘maicolpg19’ both distributed a 2GB pack of private logs protected by a password attributed to “CartelJohnDoe”.
  • Purchase Requests: Threat actor ‘best_’ actively sought to purchase private email credentials, Gmail cookies, and unused LinkedIn session cookies for account takeover.

4. Categorical Analysis: Hacktivism and Website Defacement

Defacement attacks were prolific, often targeting vulnerable subdirectories or conducting mass defacements against specific servers.

  • CYKOMNEPAL: This actor or group executed a high volume of targeted single-page defacements across global targets. Victims included the blog section of uroperator.com , an e-commerce product page on royalmartshop.com , the homepage of Verma Physiotherapy Center , a blog page on thondanapp.com , a content page on the Vietnamese hanahhotel.com , the homepage of Alshifa Style , the English section of United Machines , and the Turkish site belgeankara.com.
  • Ciamis Cyber Team (ZaXploit): ZaXploit focused heavily on Indonesian targets, executing both single and mass defacements. Single defacements included Lakas Bahdourika (/lol.html) and Oaza Digital’s Linux web server. Mass defacements—indicating multiple sites compromised in a single campaign on a shared server—included jasapengurusanimb.com , superbluelaundry.com , and laundrysepatusurabaya.com.
  • NUCLIER-Y-C-C-M: Targeted specific sub-directories, defacing an upload directory on tukudewe.com , an events page on the Spanish site bclever.ai , and the Toyota Lakshya online assessment platform in India.
  • #OpsShadowStrike & Affiliates: A hacktivist coalition including TengkorakCyberCrew, MalaysiaHacktivist, and EagleCyberCrew conducted politically motivated defacements under the #AllMuslimHackers banner, targeting Indian news site 24citylive.com and Australian site shadeform.com.au.
  • Umbra Community (L4663R666H05T): Defaced a media directory on the Australian staffing site surefirehire.com.au and a media path on the Polish auto parts retailer partspoint.pl.
  • Other Defacements: ‘JAX7’ defaced multiple subdomains hosted on omcdemosites.com (insurancechris, insurancekeith, joebiscaro). ‘B4GUSXPLOIT’ of Hacktivist Indonesia defaced world-memorabilia.com. ‘Zod’ defaced the Argentine radio site Mil Flores Radio. ‘DEWATA BLACKHAT’ defaced jopssed.org, ppdi.co.in, giguy.net, and jukasopestcontrol.com. ‘Irene’ of XmrAnonye.id defaced a library portal subdirectory (readme.txt) of Universitas Darma Agung.

5. Categorical Analysis: Initial Access, Vulnerabilities, and Tooling

This period saw the active trade of access to compromised infrastructure, disclosure of critical vulnerabilities, and the sale of malicious tooling.

Initial Access and Infrastructure Sales

  • Enterprise Web Server: Threat actor ‘one0one’ is selling access to a compromised enterprise-grade Linux web server hosting 73 active websites, featuring 502GB RAM and 21TB storage, including all hosted site data and databases.
  • Government Access: Actor ‘DuperKinger123’ is selling government email accounts and administrative access panels from Spain, Denmark, Angola, Bosnia, Bulgaria, and Nigeria, priced between $3 and $150. This includes an Angolan admin mail panel allowing unlimited government email creation for $20. Actor ‘gurkhasec’ is selling admin panel access (via phpMyAdmin) to cpim.org, the Communist Party of India (Marxist), for $1,000.
  • RDP Rentals: Actor ‘PORTAL’ is renting RDP access to cloud instances on Azure, AWS, and DigitalOcean for $200, marketed for inbox/spam operations with clean IPs.
  • Telegram Breaches: Threat actor DEDALE is advertising tiered subscription access (up to $1000 for lifetime) to a private breach/data Telegram channel.
  • Government File Uploads: Actor BABAYO EROR SYSTEM uploaded a file (maulgtg.txt) to the Indonesian government domain pa-gresik.go.id and claimed a similar upload to the Banjarkota District Court website (pa-banjarkota.go.id), indicating web shell placement or unauthorized access.

Vulnerabilities and Exploits

  • Appsmith (CVE-2026-22794): A critical vulnerability (CVSS 9.7) in Appsmith allows an attacker to control the HTTP Origin header in password reset links, redirecting victims to malicious domains to capture reset tokens, resulting in full account takeover.
  • FortiGate Symlink Bypass (CVE-2025-68686): A researcher disclosed a patch bypass for FortiGate SSL-VPN symlink persistence. The patch relied on a weak string check (/lang/custom), bypassed by using a double slash (/lang//custom), restoring unauthorized read-only access to the root filesystem.
  • Nginx UI Admin Panel: A critical vulnerability in versions ≤2.3.5 allows unauthenticated access to a portion of the admin panel, enabling attackers to modify server configurations and gain full control.
  • DKIM Replay Attacks: Cybercriminals are abusing legitimate invoice workflows on platforms like Apple, PayPal, DocuSign, and HelloSign to conduct DKIM replay attacks. By injecting scam instructions into editable fields, they forward cryptographically signed emails that bypass DKIM and DMARC controls for phishing.
  • Microsoft Patch Tuesday: A report detailed Microsoft’s April 2025 security update, patching 167 vulnerabilities, including 2 zero-days and 8 critical flaws across SharePoint, Defender, and Office.

Malicious Tooling and Services

  • Credential Checkers: Actor ‘makitabosch’ distributed a multi-account checker tool with high-speed multi-threading and proxy rotation to validate credential lists and extract subscription details. Actor ‘Jelooos’ shared a Hotmail credential checker tool with full capture functionality. Actor ‘fent888’ shared a SilverBullet configuration targeting Higgsfield for automated credential stuffing.
  • Malware Source Code: Actor ‘isExploit’ is selling the source code of BTMOB v4.1, a full-featured Android RAT capable of DDoS, screen capture, keylogging, XMR mining, and call/SMS interception. Actor ‘devildevilworld’ sold source code for a fully functional credit card shop.
  • Fraudulent Services: Actor ‘GetRenewed’ advertised an automated SMS rental service via a Telegram bot, offering numbers from 40+ countries to bypass SMS authentication. Actor ‘LEGAL01DOC’ advertised fraudulent identity document production services, including biometric passports and licenses for European and CIS countries.

6. Categorical Analysis: Cyber Attacks, Reconnaissance, and Doxing

  • Ransomware and Disruption: Hsinchu Logistics suffered a ransomware attack shutting down IT systems and its website. The City of Tallahassee faced a cyberattack requiring systems to be taken offline, though no data was reportedly compromised. The commune of Temse in Belgium deactivated its IT systems following an attack detection. The 313 Team announced a cyber attack concluded after the target activated security measures. The KelpDAO Protocol was hacked, resulting in the theft of $300 million in ETH.
  • Reconnaissance: Threat actor ‘whitehat’ posted that reconnaissance is currently underway against Vento Motos Colombia ahead of an exploitation phase, indicating a future intrusion attempt.
  • Doxing/Target Profiling: Actor ‘Golden Falcon’ published a highly detailed target profile of Sasha Razumenko, an IT Specialist at Nuvei and formerly at NSO Group. The profile detailed his Active Directory and Azure access, intelligence report production history, Israeli Navy service, and academic background, designed to facilitate social engineering or physical targeting.

7. Geographic and Victimology Breakdown

The data reveals a truly global footprint, with distinct regional targeting:

  • Indonesia: Heavily targeted by actors like Xyph0rix and ZaXploit. Victims spanned government (KPU, Satpol PP, BRIMOB, Postel, Banjarkota District Court, pa-gresik.go.id), healthcare (BPJS), education (SMKN Padang Cermin, Universitas Negeri Malang, Universitas Dirgantara Marsekal Suryadarma, BIMA Ditjen Saintek), and private sectors (Koperasi Bintang Kejora, numerous local businesses).
  • China: Significant targeting of the military/intelligence apparatus (PLA and MSS divisions) and massive commercial data aggregations (Pinduoduo, JD.com, Logistics providers).
  • United States: High-value corporate targets including Vercel, Transak, Solventum (3M Healthcare), and municipal targets like the City of Tallahassee.
  • Europe: Heavy targeting of German users and domains (massive combolists by HQcomboSpace and CODER, domain registry breach), France (Mission Locale de Marseille, ManyFics, Orange FR), Poland (Nowa Nadzieja party, PartsPoint), Greece (Hellenic Air Force), Spain (bclever.ai), and Belgium (Temse).
  • Middle East & Africa: Targeting of Israel (citizens’ personal data, Galcomm, Nuvei employee profiling), Iran (Nuclear Energy database), Turkey (PTT Cargo, Belge Ankara), Tunisia (Ministry of the Interior), UAE (Binghatti), and Morocco (gemaroc.com).
  • Latin America: Targeting of Brazil (Pernambuco citizens, Marinapark hotel, Instituto Maria Schmitt), Venezuela (SEBIN and CICPC personnel), Mexico (SEP workers), Colombia (Vento Motos), and Argentina (Mil Flores Radio).
  • Asia-Pacific: Targeting of India (car owners, CPIM, 24citylive.com, Toyota Lakshya, Lumma Stealer victims), Australia (Just Wines, Surefire Hire, Shadeform), Taiwan (Hsinchu Logistics), Japan (mail access lists), Vietnam (Hanah Hotel), and Bangladesh (GIS portal).

Conclusion

The cybersecurity events logged during this brief period in April 2026 paint a stark picture of an industrialized, highly segmented cybercrime ecosystem. Threat actors are specializing; groups like ShinyHunters focus on high-impact supply chain extortion (Vercel) and massive financial targets (Binance, Transak), while actors like Xyph0rix act as prolific data brokers, systemically dismantling the digital privacy of entire nations (Indonesia).

The sheer volume of credential combolists being distributed for free—amounting to hundreds of millions of lines by actors like CODER and HQcomboSpace—indicates that the “initial access” phase for many attacks has been commoditized to the point of being a zero-cost entry barrier for script kiddies and sophisticated ransomware operators alike. The widespread use of automated tools, stealer logs, and bypass services (like SMS rentals and DKIM replay techniques) further exacerbates this issue.

Defacement activity, while lower in technical sophistication, remains a persistent nuisance and a tool for geopolitical signaling, as seen with hacktivist coalitions operating under the #OpsShadowStrike banner. Furthermore, the active trading of zero-day vulnerabilities, admin panel access, and RAT source code ensures that the capability gap between advanced persistent threats (APTs) and opportunistic cybercriminals continues to narrow. Organizations must prioritize robust identity and access management, recognizing that traditional perimeter defenses are insufficient against an adversary who can simply log in using purchased, valid credentials.

Detected Incidents Draft Data

  1. Alleged leak of mixed email access credential combolist
    Category: Data Leak
    Content: A threat actor operating under the alias Ebbicloud has shared a mixed mail access combolist containing approximately 13,488 credential pairs on the AE forum. The list is described as fresh and mixed, suggesting it targets multiple email providers. The credentials were made available via a Pasteview link at no apparent cost.
    Date: 2026-04-19T23:47:15Z
    Network: openweb
    Published URL: https://altenens.is/threads/mix-mailaccess-13488-mix-high-voltage-fresh-high-voltage-ebbi_cloudhigh-voltage.2927724/unread
    Screenshots:
    None
    Threat Actors: Ebbicloud
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  2. Alleged leak of German combolist with over 1 million credentials
    Category: Combo List
    Content: A threat actor operating under the alias HQcomboSpace has shared a combolist via Mega.nz containing over 1.1 million credential pairs targeting German users. The combolist is described as mixed target, suggesting it aggregates credentials from multiple sources or services. The data was made available for free download on the cracking forum CrackingX.
    Date: 2026-04-19T23:32:03Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72628/
    Screenshots:
    None
    Threat Actors: HQcomboSpace
    Victim Country: Germany
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  3. Alleged data breach of Solventum (3M Healthcare)
    Category: Data Leak
    Content: A threat actor operating under the name SeraphimGroup has claimed a data breach of Solventum, formerly 3M Healthcare, allegedly occurring in April 2026. The leaked data purportedly includes Jira tickets, a Confluence scrape containing internal operations data, and a Microsoft Entra directory dump. The content has been made available for free download on a dark web forum to registered users.
    Date: 2026-04-19T23:24:31Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-Solventum-3M-Healthcare-Data-Breach
    Screenshots:
    None
    Threat Actors: SeraphimGroup
    Victim Country: United States
    Victim Industry: Healthcare Manufacturing
    Victim Organization: Solventum (3M Healthcare)
    Victim Site: solventum.com
  4. Alleged leak of 180,000 mixed email credentials combolist
    Category: Data Leak
    Content: A threat actor operating under the alias carlos080 has made available a combolist containing approximately 180,000 email and password credential pairs on the forum altenens.is. The combolist is described as fresh and high quality, containing mixed credentials from various email providers including AOL, Yahoo, Hotmail, and Outlook, spanning multiple countries. The post also advertises paid sales of additional combo lists via Telegram handle @KOCsupport.
    Date: 2026-04-19T23:13:51Z
    Network: openweb
    Published URL: https://altenens.is/threads/180k-fresh-hq-combolist-email-pass-mixed.2927717/unread
    Screenshots:
    None
    Threat Actors: carlos080
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  5. Alleged leak of multi-platform credential combolist targeting Netflix, Minecraft, Steam, and other services
    Category: Combo List
    Content: A threat actor operating under the alias Ra-Zi has shared a combolist of approximately 180,000 email-password credential pairs on DemonForums, claiming they are fresh and high quality. The credentials are alleged to provide access to popular platforms including Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify. The actor also advertises the sale of additional combolists via Telegram (@KOCsupport) covering multiple email providers and geographic regions.
    Date: 2026-04-19T23:00:36Z
    Network: openweb
    Published URL: https://demonforums.net/Thread-180k-Fresh-HQ-Combolist-Email-Pass-Netflix-Minecraft-Uplay-Steam-Hulu-spotify–200986
    Screenshots:
    None
    Threat Actors: Ra-Zi
    Victim Country: Unknown
    Victim Industry: Entertainment, Gaming
    Victim Organization: Netflix, Minecraft, Uplay, Steam, Hulu, Spotify
    Victim Site: Unknown
  6. Website Defacement of Surefire Hire by L4663R666H05T of Umbra Community
    Category: Defacement
    Content: On April 20, 2026, the Australian staffing and recruitment website surefirehire.com.au was defaced by threat actor L4663R666H05T, affiliated with the group Umbra Community. The attack targeted a media directory on the site and was a targeted single-site defacement. A mirror of the defacement was archived at zone-xsec.com.
    Date: 2026-04-19T22:56:46Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/911470
    Screenshots:
    None
    Threat Actors: L4663R666H05T, Umbra Community
    Victim Country: Australia
    Victim Industry: Staffing and Recruitment
    Victim Organization: Surefire Hire
    Victim Site: surefirehire.com.au
  7. Alleged leak of Hotmail credentials combolist
    Category: Combo List
    Content: A threat actor operating under the alias FlashCloud2 has made available a combolist reportedly containing approximately 1,300 Hotmail credentials on the cracking forum CX. The post is categorized as UHQ (Ultra High Quality), suggesting the credentials may be fresh or previously unverified. Full post content is restricted to registered forum members.
    Date: 2026-04-19T22:29:59Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72624/
    Screenshots:
    None
    Threat Actors: FlashCloud2
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft
    Victim Site: hotmail.com
  8. Alleged Data Breach of Bangladeshi Government GIS Portal (gis.gov.bd)
    Category: Data Leak
    Content: A threat actor known as weykofa claims to have hacked gis.gov.bd, a Bangladeshi government website, and has made a database dump publicly available. The leaked database contains a table named president_message and includes user records, some of which belong to doctors and individuals with government email addresses. No price was mentioned, indicating the data was shared freely.
    Date: 2026-04-19T22:24:09Z
    Network: openweb
    Published URL: https://breached.st/threads/gis-gov-bd-database-hacked.86117/unread
    Screenshots:
    None
    Threat Actors: weykofa
    Victim Country: Bangladesh
    Victim Industry: Government
    Victim Organization: Government of Bangladesh GIS Portal
    Victim Site: gis.gov.bd
  9. Alleged leak of 64,000 mixed email and password credentials
    Category: Combo List
    Content: A threat actor operating under the alias wingoooW has made available a combolist containing approximately 64,000 mixed email and password credential pairs via a free download link on pasteview.com. The post was shared on the DemonForums combolist section and is described as fresh access. No specific victim organization, industry, or country has been identified.
    Date: 2026-04-19T22:14:22Z
    Network: openweb
    Published URL: https://demonforums.net/Thread-Email-Pass-64K-MIXED-FRESH-ACCESS
    Screenshots:
    None
    Threat Actors: wingoooW
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  10. Alleged leak of 9,000 email credentials (combolist)
    Category: Combo List
    Content: A threat actor operating under the alias COYTO has made available a combolist containing approximately 9,000 email address and password combinations via a free download link on pasteview.com. The post was shared on the DemonForums combolist section with no price or conditions attached, suggesting this is a free leak. No specific victim organization or country has been identified.
    Date: 2026-04-19T22:14:00Z
    Network: openweb
    Published URL: https://demonforums.net/Thread-Email-Pass-9K-MAIL-ACCESS-VALID
    Screenshots:
    None
    Threat Actors: COYTO
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  11. Alleged leak of mixed credential combolist with 16,840 entries
    Category: Data Leak
    Content: A threat actor operating under the alias Ebbicloud has shared a mixed combolist containing approximately 16,840 credential pairs on the AE forum. The list is described as valid and fresh, and has been made available via Pasteview, a text-sharing platform. No specific victim organization or industry has been identified, suggesting the credentials span multiple services.
    Date: 2026-04-19T22:11:00Z
    Network: openweb
    Published URL: https://altenens.is/threads/valid-fresh-16840-mix-high-voltage-new-high-voltage-ebbi_cloudhigh-voltage.2927712/unread
    Screenshots:
    None
    Threat Actors: Ebbicloud
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  12. Alleged leak of stealer logs distributed via cloud hosting
    Category: Logs
    Content: A threat actor operating under the alias UP_DAISYCLOUD has made available a collection of 5,149 stealer logs dated April 19, posted on a dark web forum. The logs are hosted on the file-sharing platform Pixeldrain and are freely accessible with a provided password. Stealer logs typically contain harvested credentials, browser data, cookies, and other sensitive information exfiltrated from compromised systems.
    Date: 2026-04-19T22:06:58Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-%F0%9F%9A%80-5149-LOGS-CLOUD-%E2%98%81-19-APRIL-%E2%9D%A4%EF%B8%8F-FRESH-LOGS%E2%9D%97%EF%B8%8F
    Screenshots:
    None
    Threat Actors: UP_DAISYCLOUD
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  13. Alleged sale of classified Chinese PLA and MSS military intelligence data
    Category: Data Breach
    Content: A threat actor operating under the alias mosad is selling purported classified data from multiple divisions of the Chinese Peoples Liberation Army, including its Cyberspace Force, Rocket Force, Strategic Support Force, Naval Equipment Research Institute, and intelligence directorates. The actor claims the data is fresh and is targeting buyers such as think tanks and organizations with sufficient budgets. Samples are reportedly available upon request, with transactions facilitated via escrow a
    Date: 2026-04-19T21:50:25Z
    Network: openweb
    Published URL: https://breached.st/threads/china-bulk-state-secret-pla-mss-data-open-for-public-sale.86116/unread
    Screenshots:
    None
    Threat Actors: mosad
    Victim Country: China
    Victim Industry: Government & Defense
    Victim Organization: Chinese Peoples Liberation Army (PLA) / Ministry of State Security (MSS)
    Victim Site: Unknown
  14. Website Defacement of uroperator.com by CYKOMNEPAL
    Category: Defacement
    Content: On April 20, 2026, the blog section of uroperator.com was defaced by the threat actor or group known as CYKOMNEPAL. The attacker targeted the blog subdirectory of the website, replacing its content with their own messaging. No reason was provided for the attack, and it was not classified as a mass or home page defacement.
    Date: 2026-04-19T21:44:01Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/911424
    Screenshots:
    None
    Threat Actors: CYKOMNEPAL, CYKOMNEPAL
    Victim Country: Unknown
    Victim Industry: Telecommunications / Internet Services
    Victim Organization: UR Operator
    Victim Site: www.uroperator.com
  15. Alleged leak of URL:Login:Password combolist with 200,000 credentials
    Category: Combo List
    Content: A threat actor operating under the alias Seaborg has shared a combolist containing 200,000 URL:login:password credential pairs on the cracking forum CrackingX. The content is available to registered users of the forum at no apparent cost. No specific victim organization or country has been identified, suggesting the list may aggregate credentials from multiple sources.
    Date: 2026-04-19T21:39:17Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72620/
    Screenshots:
    None
    Threat Actors: Seaborg
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  16. Alleged sale of sensitive data from multiple Chinese Peoples Liberation Army divisions
    Category: Data Breach
    Content: A threat actor operating under the alias mosad is selling purported data obtained from multiple sensitive divisions of the Chinese Peoples Liberation Army, including the Cyberspace Force Technology Research Institute, the Army Rocket Forces Institute of Science and Technology Information, and the Intelligence Directorates Middle East and African Affairs Analysis Division, among others. The actor claims to represent an organized team transitioning from private contracted work and is targetin
    Date: 2026-04-19T21:39:02Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72619/
    Screenshots:
    None
    Threat Actors: mosad
    Victim Country: China
    Victim Industry: Military & Defense
    Victim Organization: Chinese Peoples Liberation Army (PLA)
    Victim Site: Unknown
  17. Alleged Data Leak of Marinapark Hotel Webmail Emails and Attachments
    Category: Data Leak
    Content: A threat actor known as nearlevrai claims to have scraped the webmail account of Marinapark, a hotel based in Brazil. A total of 4,279 emails and 375 attachments were recovered and made available for free download via an external file-sharing link. The data may contain sensitive business communications and personal information.
    Date: 2026-04-19T21:31:18Z
    Network: openweb
    Published URL: https://breached.st/threads/webmail-marinapark-scraped.86113/unread
    Screenshots:
    None
    Threat Actors: nearlevrai
    Victim Country: Brazil
    Victim Industry: Hospitality
    Victim Organization: Marinapark
    Victim Site: Unknown
  18. Alleged Data Breach of Timbermart Canada Customer and Transaction Database
    Category: Data Breach
    Content: A threat actor operating under the alias Moelester is allegedly selling a database containing approximately 485,000 records exfiltrated from Timbermart, a Canadian retail organization. The dataset is structured across six sections including customer contacts (names, emails, phone numbers, loyalty IDs), store locations, product inventory, and detailed transaction records including payment method and partial card data. The actor is offering the data for purchase via Telegram and Session messagin
    Date: 2026-04-19T21:30:36Z
    Network: openweb
    Published URL: https://breached.st/threads/485k-canada-www-timbermart-ca-customer-contacts-including-emails-phone-numbers-addresses-purchase-history.86114/unread
    Screenshots:
    None
    Threat Actors: Moelester
    Victim Country: Canada
    Victim Industry: Retail
    Victim Organization: Timbermart
    Victim Site: timbermart.ca
  19. Website Defacement of Royal Mart Shop by CYKOMNEPAL
    Category: Defacement
    Content: On April 20, 2026, the threat actor CYKOMNEPAL defaced a product page on royalmartshop.com, an e-commerce retail website. The attack was a targeted single-page defacement rather than a mass or home page defacement. The incident was archived and mirrored via zone-xsec.com under mirror ID 911423.
    Date: 2026-04-19T21:23:44Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/911423
    Screenshots:
    None
    Threat Actors: CYKOMNEPAL, CYKOMNEPAL
    Victim Country: Unknown
    Victim Industry: E-Commerce / Retail
    Victim Organization: Royal Mart Shop
    Victim Site: royalmartshop.com
  20. Alleged leak of Hotmail credentials combolist
    Category: Combo List
    Content: A threat actor operating under the alias Jelooos has shared what is claimed to be a combolist of 1,200 Hotmail credential pairs, described as full private hits, on the cracking forum CrackingX. The post is gated behind registration or sign-in, limiting public visibility of the content. The term hits suggests these credentials have been verified as valid against Hotmail authentication systems.
    Date: 2026-04-19T21:20:30Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72615/
    Screenshots:
    None
    Threat Actors: Jelooos
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft
    Victim Site: hotmail.com
  21. Alleged leak of 27,000 credential combos shared on cracking forum
    Category: Combo List
    Content: A threat actor operating under the alias RandomUpload has made available a combolist containing approximately 27,000 credential pairs on the cracking forum CrackingX. The post is restricted to registered users, limiting visibility into the specific targets or origins of the leaked credentials. No victim organization, industry, or country could be determined from the available information.
    Date: 2026-04-19T21:20:13Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72616/
    Screenshots:
    None
    Threat Actors: RandomUpload
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  22. Alleged leak of Hotmail credentials targeting gaming and shopping platforms
    Category: Combo List
    Content: A threat actor on the cracking forum CrackingX has made available a combolist containing 436,635 credential entries targeting Hotmail accounts, specifically curated for gaming and shopping platform abuse. The list was shared via a Mega.nz link as a free download. The credentials are likely intended for credential stuffing attacks against gaming and e-commerce services.
    Date: 2026-04-19T21:19:58Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72617/
    Screenshots:
    None
    Threat Actors: HQcomboSpace
    Victim Country: Unknown
    Victim Industry: Multiple (Gaming, Retail/E-commerce)
    Victim Organization: Microsoft Hotmail
    Victim Site: hotmail.com
  23. Alleged leak of 60,000 Gmail credentials on hacking forum
    Category: Combo List
    Content: A threat actor using the alias ValidMail has made available a combolist containing approximately 60,000 Gmail credentials on the cracking forum CrackingX. The post is categorized under Combolists & Dumps and appears to be a free release. The full content requires forum registration to access.
    Date: 2026-04-19T21:19:43Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72618/
    Screenshots:
    None
    Threat Actors: ValidMail
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Google
    Victim Site: gmail.com
  24. Alleged Data Leak of Israeli Domain Registrar Galcomm Database and Source Code
    Category: Data Leak
    Content: A threat actor known as NormalLeVrai has leaked the database and source code of Galcomm, an Israeli domain registrar. The database contains approximately 31,000 records, while the compressed source code totals 2.32 GB. Both the database dump and source code have been made freely available via public download links.
    Date: 2026-04-19T21:13:33Z
    Network: openweb
    Published URL: https://breached.st/threads/israeli-registrar-galcomm.86112/unread
    Screenshots:
    None
    Threat Actors: NormalLeVrai
    Victim Country: Israel
    Victim Industry: Domain Registration / Web Hosting
    Victim Organization: Galcomm
    Victim Site: galcomm.com
  25. Alleged graphic design services advertisement on cracking forum
    Category: Initial Access
    Content: A forum user operating under the alias SmuzZie is advertising graphic design services on a cracking forum, offering 3D design, logos, banners, signatures, avatars, and animations. The post provides contact details via Discord and Telegram, along with a portfolio website at smuzzie.com. No threat activity, data breach, or malicious content was identified in this post.
    Date: 2026-04-19T21:03:48Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72614/
    Screenshots:
    None
    Threat Actors: SmuzZie
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  26. Alleged Data Leak of Iranian Nuclear Energy Database
    Category: Data Leak
    Content: A threat actor operating under the alias aliladz213 on the AE – Leaked Databases forum has allegedly made available a database associated with Irans nuclear energy sector. The post, dated 2026, requires forum engagement to access the hidden content and directs users to a Telegram channel for further distribution. No specific organization, record count, or data fields have been disclosed in the visible portion of the post.
    Date: 2026-04-19T21:01:30Z
    Network: openweb
    Published URL: https://altenens.is/threads/starcheck-mark-button-iran-nuclear-energy-db-2026-check-mark-buttonstar.2927702/unread
    Screenshots:
    None
    Threat Actors: aliladz213
    Victim Country: Iran
    Victim Industry: Nuclear Energy
    Victim Organization: Unknown
    Victim Site: Unknown
  27. Alleged leak of multi-site credential combolist with 101,000 lines
    Category: Data Leak
    Content: A threat actor operating under the alias idsfgofdu213 has freely shared a combolist containing over 101,000 URL:login:password credential pairs on the forum Altenens. The post is labeled as a daily free release in ULP (URL:Login:Password) format, associated with the Cloudberry branding. The targeted organizations and victim countries are unknown, as no specific targets are identified in the post.
    Date: 2026-04-19T21:01:01Z
    Network: openweb
    Published URL: https://altenens.is/threads/url-login-pass-18-04-26-daily-free-lines-101-000-fresh-cloudberry-ulp.2927703/unread
    Screenshots:
    None
    Threat Actors: idsfgofdu213
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  28. Alleged Data Leak of SMKN Padang Cermin Indonesian Educational Institution Student Records
    Category: Data Leak
    Content: A threat actor operating under the alias RubiconH4ck has leaked a database allegedly containing approximately 2.3 million records from SMKN Padang Cermin, a vocational high school located in Pesawaran Regency, Lampung, Indonesia. The leaked data includes students full names, national identity numbers (NIK), student identification numbers (NISN), dates of birth, mothers names, gender, phone numbers, email addresses with passwords, teacher data, and other school-related records. The data was m
    Date: 2026-04-19T20:56:37Z
    Network: openweb
    Published URL: https://breached.st/threads/2-3-million-smkn-padang-cermin-indonesian.86111/unread
    Screenshots:
    None
    Threat Actors: RubiconH4ck
    Victim Country: Indonesia
    Victim Industry: Education
    Victim Organization: SMKN Padang Cermin
    Victim Site: Unknown
  29. Alleged leak of 13.68 million URL:Login:Password credentials by Daxus
    Category: Combo List
    Content: A threat actor operating under the alias Daxus has shared a combolist containing approximately 13.68 million URL:login:password credential pairs on the cracking forum CrackingX. The credentials are described as UHQ (ultra-high quality) and are made available via the actors platform at daxus.pro and associated Telegram channel. No specific victim organization or targeted service has been identified.
    Date: 2026-04-19T20:45:53Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72613/
    Screenshots:
    None
    Threat Actors: Daxus
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  30. Alleged leak of 2.3 million URL:login:password credential logs
    Category: Combo List
    Content: A threat actor operating under the alias WashingtonDC has freely shared a combolist containing approximately 2.3 million URL, username, and password combinations via a MediaFire download link. The dataset appears to be compiled from infostealer logs, aggregating credentials across multiple sites and services. No specific victim organization or country has been identified, suggesting this is a multi-source credential compilation.
    Date: 2026-04-19T20:30:45Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72612/
    Screenshots:
    None
    Threat Actors: WashingtonDC
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  31. Alleged Data Leak of Polish Political Party Nowa Nadzieja Member Database
    Category: Data Leak
    Content: A threat actor known as poisonivy3 claims to have leaked member data from Polish political party Nowa Nadzieja for the third time, making the database freely available on a dark web forum. The leaked data includes full names, email addresses, PESEL numbers (Polish national identification), home addresses, phone numbers, dates of birth, and over 60 internal documents. The actor notes that a significant portion of affected individuals appear to be minors, and attributes the breach to successful
    Date: 2026-04-19T20:21:02Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-V3-Polish-Political-Party-Nowa-Nadzieja-pesel-address-more
    Screenshots:
    None
    Threat Actors: poisonivy3
    Victim Country: Poland
    Victim Industry: Political Organization
    Victim Organization: Nowa Nadzieja
    Victim Site: Unknown
  32. Alleged Data Leak of Venezuelan Intelligence and Law Enforcement Personnel Records (SEBIN and CICPC)
    Category: Data Leak
    Content: A threat actor operating under the alias GordonFreeman has freely leaked the payroll records of approximately 25,000 Venezuelan government officials from SEBIN (3,200 records) and CICPC (22,000 records). The leaked data includes national ID numbers (Cédula), tax IDs (RIF), email addresses, phone numbers, full names, and usernames. The actor claims this was obtained through a joint penetration testing operation targeting Venezuelan government entities and states it is part of a broader campaign
    Date: 2026-04-19T20:20:30Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-Document-SEBIN-CICPC-Venezuela-25k-Email-Phone-National-ID-C%C3%A9dula-RIF
    Screenshots:
    None
    Threat Actors: GordonFreeman
    Victim Country: Venezuela
    Victim Industry: Government
    Victim Organization: SEBIN (Bolivarian National Intelligence Service) and CICPC (Scientific, Penal, and Criminal Investigation Service Corps)
    Victim Site: Unknown
  33. Alleged Data Leak of Georgia Citizenship Records Affecting 4.9 Million Individuals
    Category: Data Leak
    Content: A threat actor on the AE forum has made available an alleged database dump containing citizenship records for approximately 4.9 million Georgian citizens. The post was shared for free, requiring users to reply to access hidden download links. The actor also promotes a Telegram channel for additional leaked data.
    Date: 2026-04-19T20:10:46Z
    Network: openweb
    Published URL: https://altenens.is/threads/starcheck-mark-button-citizenship-of-georgia-4-9mcheck-mark-buttonstar.2927698/unread
    Screenshots:
    None
    Threat Actors: aliladz213
    Victim Country: Georgia
    Victim Industry: Government
    Victim Organization: Unknown
    Victim Site: Unknown
  34. Alleged Data Leak of 3.9 Million Israel Citizens Personal Data
    Category: Data Leak
    Content: A threat actor on the AE forum has made available an alleged database containing personal data of approximately 3.9 million Israeli citizens. The data is being shared for free in exchange for forum replies, with additional content promoted via a Telegram channel. The victim organization and source of the breach are not identified in the post.
    Date: 2026-04-19T20:10:15Z
    Network: openweb
    Published URL: https://altenens.is/threads/starcheck-mark-button3-9m-israel-citizens-datacheck-mark-buttonstar.2927699/unread
    Screenshots:
    None
    Threat Actors: aliladz213
    Victim Country: Israel
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  35. Alleged Data Leak of Massive Chinese Multi-Organization Dataset Totaling 50 Billion Records
    Category: Data Leak
    Content: A threat actor on the AE forum has made available an alleged collection of Chinese data totaling over 50 billion records across multiple organizations, including Pinduoduo (14.5 billion records), JD.com (10 billion records), major logistics providers (4.5 billion records), and a 1.2 billion record police database. The data spans e-commerce shopping histories, citizen records, logistics data, and government law enforcement databases, with a total compressed size of approximately 8–9 TB. Access to
    Date: 2026-04-19T20:09:47Z
    Network: openweb
    Published URL: https://altenens.is/threads/starcheck-mark-buttonmassive-chinese-data-collection-leak-50-billion-records-total-2026-check-mark-buttonstar.2927700/unread
    Screenshots:
    None
    Threat Actors: aliladz213
    Victim Country: China
    Victim Industry: Multiple (E-Commerce, Logistics, Government, Food Delivery)
    Victim Organization: Pinduoduo, JD.com, YTO Express Group, ZTO Express, S.F. Holding, Shanghai National Police (SHGA)
    Victim Site: pinduoduo.com, jd.com, yto.net.cn, zto.com, sf-express.com
  36. Alleged Sale of Financial Data Including Credit Cards, Dumps, Fullz, and Bank Logs
    Category: Data Breach
    Content: A threat actor operating under the alias RubiconH4ck is selling financial data including credit cards (CC/CVV), VBV and non-VBV cards, dumps, fullz, and bank logs on the Breached forum. The actor claims a 98% approval rate and prices ranging from $1,000 to $30,000. Contact is facilitated via Telegram at t.me/Rubiconreal.
    Date: 2026-04-19T20:06:07Z
    Network: openweb
    Published URL: https://breached.st/threads/cc-cvv-vbv-non-vbv-dumps-fullz-bank-logs-full-info-best-quality.86109/unread
    Screenshots:
    None
    Threat Actors: RubiconH4ck
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  37. Alleged Data Leak of gemaroc.com Database Affecting Moroccan Users
    Category: Data Leak
    Content: A threat actor operating under the alias aliladz213 has allegedly leaked a database belonging to gemaroc.com, a Moroccan website, on the AE forum. The data has been made available for free, gated behind a reply requirement, with additional content promoted via a Telegram channel. No further details regarding the number of records or specific data fields have been disclosed in the post.
    Date: 2026-04-19T19:53:20Z
    Network: openweb
    Published URL: https://altenens.is/threads/starcheck-mark-buttondatabase-morocco-gemaroc-com-databasecheck-mark-buttonstar.2927691/unread
    Screenshots:
    None
    Threat Actors: aliladz213
    Victim Country: Morocco
    Victim Industry: Unknown
    Victim Organization: Gemaroc
    Victim Site: gemaroc.com
  38. Website Defacement of Verma Physiotherapy Center by CYKOMNEPAL
    Category: Defacement
    Content: On April 20, 2026, the threat actor CYKOMNEPAL defaced the homepage of Verma Physiotherapy Center, a healthcare services website. The attack was a targeted single-site defacement with no indication of mass or repeated compromise. No specific motive or technical details were disclosed in the available incident data.
    Date: 2026-04-19T19:51:09Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/911273
    Screenshots:
    None
    Threat Actors: CYKOMNEPAL, CYKOMNEPAL
    Victim Country: Unknown
    Victim Industry: Healthcare
    Victim Organization: Verma Physiotherapy Center
    Victim Site: vermaphysiotherapycenter.com
  39. Alleged leak of 99,000 mixed-domain mail access credentials
    Category: Logs
    Content: A threat actor operating under the alias Cir4Dk has made available a combolist containing approximately 99,000 email access credentials spanning multiple domains. The post was shared on the XF forum under the Mail Access & Combolists section. No specific victim organization or country has been identified, as the credentials appear to span mixed domains.
    Date: 2026-04-19T19:50:36Z
    Network: openweb
    Published URL: https://xforums.st/threads/99k-mail-access-mixed-domains.608957/
    Screenshots:
    None
    Threat Actors: Cir4Dk
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  40. Alleged purchase request for email credentials and LinkedIn/Gmail session cookies
    Category: Logs
    Content: A threat actor operating as best_ is actively seeking to purchase email:password credential pairs (excluding Gmail and Microsoft domains), Gmail cookies, and LinkedIn session cookies. The actor specifies that credentials must be private/valid and LinkedIn cookies must be unused by other buyers, suggesting intent to use them for account takeover or unauthorized access to LinkedIn accounts.
    Date: 2026-04-19T19:50:20Z
    Network: telegram
    Published URL: https://t.me/c/2613583520/65829
    Screenshots:
    None
    Threat Actors: best_
    Victim Country: Unknown
    Victim Industry: Social Media / Professional Networking
    Victim Organization: LinkedIn
    Victim Site: linkedin.com
  41. Alleged Data Breach of Binghatti Real Estate Company (UAE) Including Customer PII, Passports, and Financial Records
    Category: Data Breach
    Content: A threat actor operating under the alias RubiconH4ck is selling over 350GB of data allegedly exfiltrated from Binghatti, a Dubai-based real estate company. The dataset purportedly includes customer personally identifiable information such as names, email addresses, phone numbers, passport scans, Emirates ID numbers, and nationalities, as well as sales records, reservation agreements, and bank transaction files. The actor claims access was obtained through a compromised sales manager account wi
    Date: 2026-04-19T19:48:21Z
    Network: openweb
    Published URL: https://breached.st/threads/350gb-binghatti-real-estate-company-uae-customers-ids-passports-bank-personal-info.86105/unread
    Screenshots:
    None
    Threat Actors: RubiconH4ck
    Victim Country: United Arab Emirates
    Victim Industry: Real Estate
    Victim Organization: Binghatti
    Victim Site: binghatti.com
  42. Alleged Data Breach of Indian Car Owner Database
    Category: Data Breach
    Content: A threat actor operating under the alias RubiconH4ck is selling a database allegedly containing personal information of Indian car owners. The dataset reportedly includes 2.7 million records and is priced at $1,200. The actor is offering samples upon contact via Telegram and is open to price negotiation.
    Date: 2026-04-19T19:47:50Z
    Network: openweb
    Published URL: https://breached.st/threads/indian-car-owner.86106/unread
    Screenshots:
    None
    Threat Actors: RubiconH4ck
    Victim Country: India
    Victim Industry: Automotive
    Victim Organization: Unknown
    Victim Site: Unknown
  43. Alleged sale of sensitive documents from the Hellenic Air Force
    Category: Data Breach
    Content: A threat actor operating under the alias RubiconH4ck is selling approximately 1TB of sensitive documents and data allegedly exfiltrated from the Hellenic Air Force, purportedly covering the year 2025. The data is being offered for $4,000 (negotiable) on the Breached forum. Contact is being facilitated via Telegram and Twitter/X handles associated with the actor.
    Date: 2026-04-19T19:47:18Z
    Network: openweb
    Published URL: https://breached.st/threads/1tb-hellinic-air-force.86107/unread
    Screenshots:
    None
    Threat Actors: RubiconH4ck
    Victim Country: Greece
    Victim Industry: Defense & Military
    Victim Organization: Hellenic Air Force
    Victim Site: Unknown
  44. Alleged data leak of Instituto Maria Schmitt (IMAS) email inbox
    Category: Data Leak
    Content: A threat actor known as NormalLeVrai has made available the alleged complete email inbox contents of Instituto Maria Schmitt (IMAS), a Brazilian health organization that manages public hospitals, clinics, and health centers. The data was shared freely via an external file hosting link. The leak may contain sensitive communications related to public health administration and municipal medical services.
    Date: 2026-04-19T19:46:45Z
    Network: openweb
    Published URL: https://breached.st/threads/flag-brazil-mailbox-of-the-instituto-maria-schmitt-imas.86108/unread
    Screenshots:
    None
    Threat Actors: NormalLeVrai
    Victim Country: Brazil
    Victim Industry: Healthcare
    Victim Organization: Instituto Maria Schmitt (IMAS)
    Victim Site: Unknown
  45. Alleged leak of 299K URL-login-password credential combolist
    Category: Combo List
    Content: A threat actor operating under the alias RandomUpload has shared a combolist containing approximately 299,000 URL-login-password credential pairs on the cracking forum CrackingX. The list appears to be a compilation of credentials in URL:login:password format, made available to registered forum members as a free download. No specific victim organization or industry has been identified, suggesting this may be an aggregated combolist from multiple sources.
    Date: 2026-04-19T19:35:16Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72610/
    Screenshots:
    None
    Threat Actors: RandomUpload
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  46. Alleged leak of Hotmail credential list
    Category: Combo List
    Content: A threat actor operating under the alias MailAccesss has made available a combolist of 850 allegedly valid Hotmail email account credentials on the cracking forum CrackingX. The post claims the credentials provide full mail access and are dated April 19. No price is mentioned, suggesting the list is being shared freely.
    Date: 2026-04-19T19:18:00Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72608/
    Screenshots:
    None
    Threat Actors: MailAccesss
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft
    Victim Site: hotmail.com
  47. Alleged leak of Hotmail and social media credential combolists
    Category: Combo List
    Content: A threat actor operating under the alias CODER is distributing combolists containing approximately 8 million credentials targeting Hotmail accounts across multiple regional domains (hotmail.com, hotmail.fr, hotmail.es), as well as credentials for platforms including Facebook, Instagram, Twitter, PayPal, and cryptocurrency services. The combolists are being made available for free via Telegram channels and groups. Interested parties are directed to contact the actor via Telegram handle CODER554
    Date: 2026-04-19T19:17:42Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72609/
    Screenshots:
    None
    Threat Actors: CODER
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft Hotmail, Facebook, Instagram, Twitter, PayPal
    Victim Site: hotmail.com
  48. Website Defacement of Tukudewe by NUCLIER-Y-C-C-M
    Category: Defacement
    Content: On April 20, 2026, the website tukudewe.com was defaced by the threat actor or group known as NUCLIER-Y-C-C-M. The attack targeted a specific upload directory path rather than the homepage, indicating a targeted sub-page defacement. No specific motive, server details, or proof-of-concept information were disclosed alongside the incident.
    Date: 2026-04-19T19:10:23Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/911216
    Screenshots:
    None
    Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Tukudewe
    Victim Site: tukudewe.com
  49. Website Defacement of Thondanapp by CYKOMNEPAL
    Category: Defacement
    Content: On April 20, 2026, the threat actor CYKOMNEPAL defaced a blog page on thondanapp.com, a website associated with a mobile application platform. The defacement targeted a specific blog URL rather than the homepage, indicating a targeted page-level attack. No specific motive or technical details were disclosed in the available incident data.
    Date: 2026-04-19T19:03:10Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/911215
    Screenshots:
    None
    Threat Actors: CYKOMNEPAL, CYKOMNEPAL
    Victim Country: Unknown
    Victim Industry: Technology / Mobile Applications
    Victim Organization: Thondanapp
    Victim Site: www.thondanapp.com
  50. Alleged sale of mixed email credential combolists across multiple countries and industries
    Category: Combo List
    Content: A threat actor operating under the alias MrCOMBOROBOA is selling mixed email and password combolists on DemonForums. The listings include various tiers ranging from 100,000 to 10 million credential pairs targeting multiple countries and sectors including corporate, gaming, and shopping, with prices ranging from $30 to $300. The actor also promotes a private Telegram channel offering subscription-based access to combo lists at rates between $50 per week and $500 for lifetime access.
    Date: 2026-04-19T19:01:03Z
    Network: openweb
    Published URL: https://demonforums.net/Thread-Email-Pass-7-5k-MIXED-COMBO-MAILS-ACCESS
    Screenshots:
    None
    Threat Actors: MrCOMBOROBOA
    Victim Country: Unknown
    Victim Industry: Multiple
    Victim Organization: Unknown
    Victim Site: Unknown
  51. Alleged leak of German domain combolist with 440,479 credentials
    Category: Combo List
    Content: A threat actor known as HQcomboSpace has shared a combolist containing 440,479 lines of credentials associated with German (.de) domains on the cracking forum CrackingX. The combolist is being made available for free via a Mega.nz file link. The data appears to be an aggregated credential list targeting German email or web service accounts.
    Date: 2026-04-19T19:00:07Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72607/
    Screenshots:
    None
    Threat Actors: HQcomboSpace
    Victim Country: Germany
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  52. Website Defacement of bclever.ai by NUCLIER-Y-C-C-M
    Category: Defacement
    Content: On April 20, 2026, the threat actor NUCLIER-Y-C-C-M defaced a subpage of bclever.ai, specifically targeting an events page related to Madrid. The defacement was a targeted single-page attack rather than a mass or home page defacement. No specific motive or server details were disclosed.
    Date: 2026-04-19T18:49:21Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/911214
    Screenshots:
    None
    Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
    Victim Country: Spain
    Victim Industry: Technology
    Victim Organization: bclever.ai
    Victim Site: bclever.ai
  53. Alleged Sale of Compromised Enterprise Web Server Hosting 73 Active Websites
    Category: Initial Access
    Content: A threat actor operating under the alias one0one is selling access to a compromised enterprise-grade web server hosting 73 active websites with 278 days of uptime. The server features 502GB RAM, 21TB storage (13TB used), and runs Linux, with all hosted site data, databases, and configurations included in the offering. The actor is soliciting offers via Telegram (@ona0one), indicating a financially motivated intrusion targeting a multi-tenant hosting environment.
    Date: 2026-04-19T18:37:42Z
    Network: openweb
    Published URL: https://xforums.st/threads/for-sale-enterprise-web-server-with-73-hosted-websites-278-days-uptime-serious-buyers-only.608952/
    Screenshots:
    None
    Threat Actors: one0one
    Victim Country: Unknown
    Victim Industry: Web Hosting / Technology
    Victim Organization: Unknown
    Victim Site: Unknown
  54. Website Defacement of Hanah Hotel by CYKOMNEPAL
    Category: Defacement
    Content: On April 20, 2026, the threat actor CYKOMNEPAL defaced a content page on hanahhotel.com, a Vietnamese hospitality website. The attack was a targeted single-page defacement, not affecting the homepage or conducted as part of a mass defacement campaign. The incident was archived and mirrored via zone-xsec.com.
    Date: 2026-04-19T18:22:31Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/911213
    Screenshots:
    None
    Threat Actors: CYKOMNEPAL, CYKOMNEPAL
    Victim Country: Vietnam
    Victim Industry: Hospitality
    Victim Organization: Hanah Hotel
    Victim Site: hanahhotel.com
  55. Website Defacement of Alshifa Style by CYKOMNEPAL
    Category: Defacement
    Content: The website alshifastyle.com was defaced by the threat actor CYKOMNEPAL on April 20, 2026. The attack targeted the homepage of the site in a singular, non-mass defacement operation. No specific motive or technical details regarding the server infrastructure were disclosed.
    Date: 2026-04-19T18:08:22Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/911212
    Screenshots:
    None
    Threat Actors: CYKOMNEPAL, CYKOMNEPAL
    Victim Country: Unknown
    Victim Industry: Retail/Fashion
    Victim Organization: Alshifa Style
    Victim Site: alshifastyle.com
  56. Alleged leak of mixed credential combolist by threat actor Kommander0
    Category: Combo List
    Content: A threat actor operating under the alias Kommander0 has made available a mixed combolist containing approximately 939 entries, shared freely via a Gofile download link. The post, titled 939X Mix All Valid, suggests the credentials have been validated. No specific victim organization or industry has been identified, as the combolist appears to aggregate credentials from multiple sources.
    Date: 2026-04-19T17:53:25Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72604/
    Screenshots:
    None
    Threat Actors: Kommander0
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  57. Alleged leak of 22 million social media credentials
    Category: Combo List
    Content: A threat actor operating under the alias CODER has made available a combolist allegedly containing 22 million social media credentials via Telegram channels. The actor promotes free access to combo lists and cracking tools through two Telegram groups. No specific victim organization or platform has been identified.
    Date: 2026-04-19T17:53:09Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72605/
    Screenshots:
    None
    Threat Actors: CODER
    Victim Country: Unknown
    Victim Industry: Social Media
    Victim Organization: Unknown
    Victim Site: Unknown
  58. Website Defacement of United Machines by CYKOMNEPAL
    Category: Defacement
    Content: The threat actor CYKOMNEPAL defaced the website of United Machines, an industrial or manufacturing-related organization, on April 20, 2026. The attack targeted the English-language section of the site and was a single, targeted defacement rather than a mass or repeated campaign. No specific motive or technical details regarding the server infrastructure were disclosed.
    Date: 2026-04-19T17:48:07Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/911210
    Screenshots:
    None
    Threat Actors: CYKOMNEPAL, CYKOMNEPAL
    Victim Country: Unknown
    Victim Industry: Manufacturing / Industrial Machinery
    Victim Organization: United Machines
    Victim Site: united-machines.com
  59. Alleged leak of stealer logs and credential combolist
    Category: Logs
    Content: A threat actor known as watercloud has made available stealer logs and a ULP (URL:Login:Password) combolist via Pixeldrain file hosting links. The files are password-protected and shared freely on a darknet forum. No specific victim organization or country has been identified, suggesting this is a broad credential collection aggregated from infostealer malware.
    Date: 2026-04-19T17:46:34Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-%E2%AD%90%E2%AD%90%E2%AD%90-STEALER-LOGS-AND-U-L-P-19-04-2026
    Screenshots:
    None
    Threat Actors: watercloud
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  60. Alleged sale of access to DEDALE private breach/data channel
    Category: Data Breach
    Content: A threat actor is advertising access to a private Telegram channel called DEDALE with tiered subscription pricing: $100/month, $250/3 months, $500/6 months, and $1000 for lifetime access with a Request data option. Contact is provided via @DedaleSupport with two Telegram channel links.
    Date: 2026-04-19T17:33:32Z
    Network: telegram
    Published URL: https://t.me/c/3500620464/7110
    Screenshots:
    None
    Threat Actors: DEDALE
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  61. Une commune désactive ses systèmes informatiques après une cyberattaque
    Category: Cyber Attack
    Content: Ladministration communale de Temse a désactivé préventivement ses systèmes informatiques suite à la détection dirrégularités suggérant une cyberattaque. En collaboration avec le Centre pour la cybersécurité Belgique, la commune limite ses services administratifs jusquau mercredi 22 avril. Une enquête est actuellement en cours pour déterminer lampleur et la nature exacte de cet incident informatique.
    Date: 2026-04-19T17:25:28Z
    Network: openweb
    Published URL: https://www.lesoir.be/741730/article/2026-04-19/une-commune-desactive-ses-systemes-informatiques-apres-une-cyberattaque
    Screenshots:
    None
    Threat Actors:
    Victim Country: Belgium
    Victim Industry: Unknown
    Victim Organization: Temse
    Victim Site: temse.be
  62. Alleged data leak or file upload on Indonesian government website pa-gresik.go.id
    Category: Cyber Attack
    Content: A forwarded message shares a direct URL to a .txt file hosted on pa-gresik.go.id, an Indonesian government domain (Pengadilan Agama Gresik – religious court). The file maulgtg.txt appears to have been uploaded to the images directory of the government web server, suggesting unauthorized file upload or web shell placement on a government site.
    Date: 2026-04-19T17:24:11Z
    Network: telegram
    Published URL: https://t.me/privtachive/1469
    Screenshots:
    None
    Threat Actors: BABAYO EROR SYSTEM
    Victim Country: Indonesia
    Victim Industry: Government
    Victim Organization: Pengadilan Agama Gresik
    Victim Site: pa-gresik.go.id
  63. Alleged leak of mixed email credentials combolist
    Category: Combo List
    Content: A threat actor operating under the alias StrawHatBase has made available a combolist of approximately 18,000 mixed email credentials on DemonForums. The post is gated behind registration or login, suggesting the content is shared freely to forum members. The combolist appears to contain email address and password combinations from various mail providers, though specific targets or origins have not been identified.
    Date: 2026-04-19T17:20:12Z
    Network: openweb
    Published URL: https://demonforums.net/Thread-Email-Pass-18K-GOOD-MIX-MAIL-ACCESS
    Screenshots:
    None
    Threat Actors: StrawHatBase
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  64. Alleged leak of 9.3 million corporate email credentials combolist
    Category: Combo List
    Content: A threat actor known as CODER has made available a combolist containing approximately 9.3 million corporate email and password combinations, described as ultra high quality. The credentials are being distributed for free via Telegram channels and groups operated by the actor. No specific victim organization or industry has been identified, suggesting this is an aggregated credential list from multiple sources.
    Date: 2026-04-19T17:19:36Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72603/
    Screenshots:
    None
    Threat Actors: CODER
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  65. Alleged leak of premium mixed email credentials combolist
    Category: Data Leak
    Content: A threat actor operating under the alias alphacloud has made available a combolist containing 4,952 alleged premium mixed email credentials, including Hotmail accounts. The post references a private cloud storage source and directs users to a Telegram handle for further access. The content is gated behind a reply requirement on the forum, suggesting a free distribution model.
    Date: 2026-04-19T17:15:15Z
    Network: openweb
    Published URL: https://altenens.is/threads/high-voltagehigh-voltage-4952x-premium-mix-mail-hitshigh-voltagehigh-voltage.2927673/unread
    Screenshots:
    None
    Threat Actors: alphacloud
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  66. Alleged leak of 22,000 valid email credentials combolist
    Category: Data Leak
    Content: A threat actor known as TeraCloud11 has shared a combolist containing approximately 22,000 allegedly valid email access credentials on the AE forum. The post requires users to reply before accessing the hidden content, a common tactic used on forums to distribute credential lists. No specific victim organization or targeted service has been identified.
    Date: 2026-04-19T17:14:52Z
    Network: openweb
    Published URL: https://altenens.is/threads/22k-valid-mail-access.2927674/unread
    Screenshots:
    None
    Threat Actors: TeraCloud11
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  67. Website Defacement of lakasbahdourika.com by ZaXploit of Ciamis Cyber Team
    Category: Defacement
    Content: On April 20, 2026, a threat actor known as ZaXploit, operating under the banner of Ciamis Cyber Team, defaced the website lakasbahdourika.com by altering the page at /lol.html. The attack was a targeted single-site defacement with no indication of mass or repeated compromise. The attackers motivation and server details remain unknown.
    Date: 2026-04-19T17:14:34Z
    Network: openweb
    Published URL: https://haxor.id/archive/mirror/248601
    Screenshots:
    None
    Threat Actors: ZaXploit, Ciamis Cyber Team
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Lakas Bahdourika
    Victim Site: lakasbahdourika.com
  68. Website Defacement of Belge Ankara by CYKOMNEPAL
    Category: Defacement
    Content: On April 20, 2026, the threat actor CYKOMNEPAL defaced the Turkish website belgeankara.com. The attack was a targeted single-site defacement, with the mirror of the defaced page archived at zone-xsec.com. No specific motive or server details were disclosed in connection with this incident.
    Date: 2026-04-19T17:12:18Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/911209
    Screenshots:
    None
    Threat Actors: CYKOMNEPAL, CYKOMNEPAL
    Victim Country: Turkey
    Victim Industry: Unknown
    Victim Organization: Belge Ankara
    Victim Site: www.belgeankara.com
  69. Alleged defacement/file upload to Indonesian Banjarkota District Court website
    Category: Defacement
    Content: A threat actor associated with BABAYO EROR SYSTEM and affiliated groups (pimzzxploit, cincaughast, junzxsec, mrxcyanking) claims to have uploaded a file (maulgtg.txt) to the Indonesian Banjarkota District Court website (pa-banjarkota.go.id), indicating unauthorized access or defacement activity.
    Date: 2026-04-19T17:08:57Z
    Network: telegram
    Published URL: https://t.me/privtachive/1468
    Screenshots:
    None
    Threat Actors: BABAYO EROR SYSTEM
    Victim Country: Indonesia
    Victim Industry: Government
    Victim Organization: Pengadilan Agama Banjarkota (Banjarkota District Court)
    Victim Site: pa-banjarkota.go.id
  70. Website Defacement of Oaza Digital by ZaXploit of Ciamis Cyber Team
    Category: Defacement
    Content: On April 19, 2026, the website oazadigital.com was defaced by threat actor ZaXploit, operating under the banner of Ciamis Cyber Team. The attack targeted a Linux-based web server hosting the organizations main page. The incident was a targeted single-site defacement, with a mirror of the defaced page archived at haxor.id.
    Date: 2026-04-19T17:05:24Z
    Network: openweb
    Published URL: https://haxor.id/archive/mirror/248597
    Screenshots:
    None
    Threat Actors: ZaXploit, Ciamis Cyber Team
    Victim Country: Unknown
    Victim Industry: Digital Services / Technology
    Victim Organization: Oaza Digital
    Victim Site: oazadigital.com
  71. Website Defacement of World Memorabilia by B4GUSXPLOIT of Hacktivist Indonesia
    Category: Defacement
    Content: On April 19, 2026, the website world-memorabilia.com was defaced by threat actor B4GUSXPLOIT, operating under the hacktivist group Hacktivist Indonesia. The attack targeted a memorabilia retail platform and was recorded as a single, non-mass defacement incident. The incident was archived via zone-xsec.com mirror, though no specific motivation or server details were disclosed.
    Date: 2026-04-19T17:04:17Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/911208
    Screenshots:
    None
    Threat Actors: B4GUSXPLOIT, HACKTIVIST INDONESIA
    Victim Country: Unknown
    Victim Industry: Retail / Collectibles & Memorabilia
    Victim Organization: World Memorabilia
    Victim Site: world-memorabilia.com
  72. Mass Defacement of Indonesian Business Services Site by ZaXploit (Ciamis Cyber Team)
    Category: Defacement
    Content: On April 19, 2026, a threat actor operating under the alias ZaXploit, affiliated with Ciamis Cyber Team, conducted a mass defacement attack against jasapengurusanimb.com, an Indonesian business services website likely related to building permit processing (IMB – Izin Mendirikan Bangunan). The attack targeted a Linux-based server and was classified as a mass defacement, indicating multiple sites were compromised in the same campaign. The defaced page was archived via haxor.id.
    Date: 2026-04-19T17:02:53Z
    Network: openweb
    Published URL: https://haxor.id/archive/mirror/248600
    Screenshots:
    None
    Threat Actors: ZaXploit, Ciamis Cyber Team
    Victim Country: Indonesia
    Victim Industry: Business Services
    Victim Organization: Jasa Pengurusan IMB
    Victim Site: www.jasapengurusanimb.com
  73. Mass Defacement of Laundry Service Website by ZaXploit of Ciamis Cyber Team
    Category: Defacement
    Content: On April 19, 2026, a threat actor identified as ZaXploit, affiliated with Ciamis Cyber Team, conducted a mass defacement attack targeting superbluelaundry.com, a laundry services website hosted on a Linux server. The defacement was part of a broader mass defacement campaign, with a mirror of the defaced page archived at haxor.id. No specific motive or proof of concept was publicly disclosed.
    Date: 2026-04-19T17:01:49Z
    Network: openweb
    Published URL: https://haxor.id/archive/mirror/248598
    Screenshots:
    None
    Threat Actors: ZaXploit, Ciamis Cyber Team
    Victim Country: Unknown
    Victim Industry: Consumer Services / Laundry Services
    Victim Organization: Super Blue Laundry
    Victim Site: superbluelaundry.com
  74. Mass Website Defacement of Indonesian Laundry Service by ZaXploit / Ciamis Cyber Team
    Category: Defacement
    Content: On April 19, 2026, threat actor ZaXploit, operating under the banner of Ciamis Cyber Team, conducted a mass defacement campaign that included the Indonesian shoe laundry service website laundrysepatusurabaya.com. The defacement targeted a non-home page (Lol.html) on a Linux-based server, indicating a potentially automated or scripted attack affecting multiple sites. The incident has been archived and mirrored on haxor.id.
    Date: 2026-04-19T17:00:58Z
    Network: openweb
    Published URL: https://haxor.id/archive/mirror/248599
    Screenshots:
    None
    Threat Actors: ZaXploit, Ciamis Cyber Team
    Victim Country: Indonesia
    Victim Industry: Retail / Consumer Services
    Victim Organization: Laundry Sepatu Surabaya
    Victim Site: laundrysepatusurabaya.com
  75. Alleged leak of Hotmail credentials combolist targeting shopping platforms
    Category: Combo List
    Content: A threat actor operating under the alias HQcomboSpace has made available a combolist containing approximately 1.67 million email and password credential pairs on the cracking forum CrackingX. The combolist is described as fresh and targets Hotmail accounts with a focus on shopping-related services. The file is being distributed freely via a Mega.nz link.
    Date: 2026-04-19T16:59:12Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72601/
    Screenshots:
    None
    Threat Actors: HQcomboSpace
    Victim Country: Unknown
    Victim Industry: Retail & E-Commerce
    Victim Organization: Microsoft Hotmail
    Victim Site: hotmail.com
  76. Alleged leak of Hotmail credentials combolist
    Category: Combo List
    Content: A threat actor operating under the alias KiwiShio has made available a combolist purportedly containing 985 Hotmail credentials on the cracking forum CrackingX. The post, categorized under Combolists & Dumps, offers a free download of the alleged credential list. The authenticity and freshness of the data have not been independently verified.
    Date: 2026-04-19T16:43:09Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72598/
    Screenshots:
    None
    Threat Actors: KiwiShio
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft Hotmail
    Victim Site: hotmail.com
  77. Hsinchu Logistics: Cyberangriff legt Logistikriesen lahm – BornCity
    Category: Cyber Attack
    Content: Hsinchu Logistics suffered a ransomware attack on Thursday, April 16, resulting in the shutdown of its IT systems and website. Although a partial restoration was carried out the following Friday, the organization warned its customers against potential phishing attempts. This incident is part of a broader context of critical vulnerabilities affecting software such as Microsoft Defender and Fortinet.
    Date: 2026-04-19T16:42:59Z
    Network: openweb
    Published URL: https://borncity.com/news/hsinchu-logistics-cyberangriff-legt-logistikriesen-lahm/
    Screenshots:
    None
    Threat Actors:
    Victim Country: Taiwan
    Victim Industry: Unknown
    Victim Organization: Hsinchu Logistics
    Victim Site: hct.com.tw
  78. Cyberattack targets city of Tallahassee; official says no data compromised
    Category: Cyber Attack
    Content: The city of Tallahassee was targeted by a cyberattack affecting part of its technology environment on April 17. In response, authorities took certain systems offline and shut down its website to contain the threat. According to city officials, no major operational impact has been reported and no data was compromised during the incident.
    Date: 2026-04-19T16:42:56Z
    Network: openweb
    Published URL: https://eu.tallahassee.com/story/news/local/2026/04/17/tallahassee-city-website-down-after-cyberattack/89664260007/
    Screenshots:
    None
    Threat Actors:
    Victim Country: United States
    Victim Industry: Unknown
    Victim Organization: City of Tallahassee
    Victim Site: talgov.com
  79. Alleged leak of mixed country education sector email credentials
    Category: Combo List
    Content: A threat actor known as CODER has shared a combolist containing approximately 12 million email and password combinations associated with education sector accounts from mixed countries. The credentials are being made available for free via Telegram channels and groups operated by the actor. No specific victim organization or domain has been identified.
    Date: 2026-04-19T16:42:45Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72599/
    Screenshots:
    None
    Threat Actors: CODER
    Victim Country: Unknown
    Victim Industry: Education
    Victim Organization: Unknown
    Victim Site: Unknown
  80. Alleged leak of Hotmail credentials combolist
    Category: Combo List
    Content: A threat actor on DemonForums known as alphaxdd has made available a combolist of 1,120 alleged valid Hotmail credentials, described as premium hits with mixed mail types stored in a private cloud. The content is hidden behind registration or login on the forum, and the actor can also be reached via Telegram handle alphaaxd.
    Date: 2026-04-19T16:27:13Z
    Network: openweb
    Published URL: https://demonforums.net/Thread-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1120x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
    Screenshots:
    None
    Threat Actors: alphaxdd
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft Hotmail
    Victim Site: hotmail.com
  81. Alleged leak of Hotmail credentials combolist
    Category: Combo List
    Content: A threat actor operating under the alias alphaxdd has shared a combolist of 1,120 alleged valid Hotmail credentials on a cracking forum. The post describes the credentials as premium hits with access to private cloud and mixed mail accounts. The content is made available for free download, with the actor also providing a Telegram contact.
    Date: 2026-04-19T16:27:09Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72596/
    Screenshots:
    None
    Threat Actors: alphaxdd
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft Hotmail
    Victim Site: hotmail.com
  82. Alleged leak of Hotmail, Yahoo, and Orange FR credential combolists
    Category: Combo List
    Content: A threat actor operating under the alias CODER is distributing a combolist of approximately 11 million credentials targeting Hotmail, Yahoo, and Orange FR email service users. The combolist is made available for free via Telegram channels and groups managed by the actor. The post promotes two Telegram groups offering free combolists and associated cracking tools.
    Date: 2026-04-19T16:26:30Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72597/
    Screenshots:
    None
    Threat Actors: CODER
    Victim Country: Unknown
    Victim Industry: Technology / Telecommunications
    Victim Organization: Hotmail, Yahoo, Orange
    Victim Site: hotmail.com, yahoo.com, orange.fr
  83. Alleged defacement of multiple omcdemosites.com subdomains by JAX7
    Category: Defacement
    Content: Threat actor JAX7 claims to have defaced multiple websites hosted on omcdemosites.com, including insurancechris.omcdemosites.com, insurancekeith.omcdemosites.com, and joebiscaro.omcdemosites.com. The post includes a photo as proof and was forwarded via the Sumatra Utara Cyber Team channel.
    Date: 2026-04-19T16:22:43Z
    Network: telegram
    Published URL: https://t.me/byjax7/47
    Screenshots:
    None
    Threat Actors: JAX7
    Victim Country: Unknown
    Victim Industry: Web Hosting/Insurance
    Victim Organization: OMC Demo Sites
    Victim Site: omcdemosites.com
  84. Website Defacement of Toyota Lakshya Online Assessment Platform by NUCLIER-Y-C-C-M
    Category: Defacement
    Content: On April 19, 2026, a threat actor operating under the handle NUCLIER-Y-C-C-M defaced a website associated with Toyota Lakshyas online assessment platform. The incident was a targeted single-site defacement, not part of a mass defacement campaign. The defacement was recorded and mirrored by zone-xsec.com under mirror ID 911204.
    Date: 2026-04-19T16:16:13Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/911204
    Screenshots:
    None
    Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
    Victim Country: India
    Victim Industry: Automotive / Education & Assessment
    Victim Organization: Toyota Lakshya
    Victim Site: toyota-lakshya-onlineassessmen…
  85. Website Defacement of PartsPoint by L4663R666H05T (Umbra Community)
    Category: Defacement
    Content: On April 19, 2026, the threat actor L4663R666H05T, affiliated with the group Umbra Community, defaced a subdirectory of partspoint.pl, a Polish automotive parts retailer. The attack targeted a media/custom path rather than the homepage and was an isolated, non-mass defacement. The incident was archived and mirrored via zone-xsec.com.
    Date: 2026-04-19T16:10:00Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/911203
    Screenshots:
    None
    Threat Actors: L4663R666H05T, Umbra Community
    Victim Country: Poland
    Victim Industry: Automotive Parts / E-Commerce
    Victim Organization: PartsPoint
    Victim Site: partspoint.pl
  86. Alleged data breach of JustWines Australia with 300K+ customer records
    Category: Data Breach
    Content: A threat actor is selling a database allegedly belonging to Just Wines Australia, a Sydney-based online wine retailer. The dataset reportedly contains over 300,000 customer records including names, email addresses, phone numbers, physical addresses, and order details. The seller is accepting offers for a one-time sale and can be contacted via Session or TOX messaging platforms.
    Date: 2026-04-19T16:02:00Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-Selling-JustWines-Australia-300K-Customers
    Screenshots:
    None
    Threat Actors: 2019
    Victim Country: Australia
    Victim Industry: Retail – E-commerce (Wine/Alcohol)
    Victim Organization: Just Wines Australia
    Victim Site: justwines.com.au
  87. Alleged leak of mixed email access credential list by threat actor Kommander0
    Category: Combo List
    Content: Threat actor Kommander0 has made available a mixed email access combolist containing approximately 4,600 credential pairs via a Gofile link on the CrackingX forum. The list was shared freely without any stated price. The origin, targeted services, and victim demographics are unknown.
    Date: 2026-04-19T15:53:19Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72595/
    Screenshots:
    None
    Threat Actors: Kommander0
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  88. Alleged leak of mixed credentials combolist including Hotmail accounts
    Category: Combo List
    Content: A threat actor operating under the alias noir has shared a mixed credential combolist on the cracking forum CX, described as UHQ (ultra-high quality) and valid. The post references Hotmail accounts and private cloud credentials. The actor promotes a Telegram channel (@noiraccesss) likely for further distribution or contact.
    Date: 2026-04-19T15:36:47Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72594/
    Screenshots:
    None
    Threat Actors: noir
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  89. Alleged Distribution of Multi-Account Credential Checker Tool
    Category: Initial Access
    Content: A threat actor on DemonForums is distributing a multi-account checker tool with high-speed multi-threading and proxy rotation capabilities, designed to validate credential lists and extract subscription details from hits. The tool is being made available via multiple mirrors and appears intended for credential stuffing attacks against subscription-based services. No specific target organization or victim site was identified in the post.
    Date: 2026-04-19T15:21:17Z
    Network: openweb
    Published URL: https://demonforums.net/Thread-MULTI-ACCOUNT-CHECKER
    Screenshots:
    None
    Threat Actors: makitabosch
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  90. Alleged leak of 60,000 Gmail credentials on cracking forum
    Category: Combo List
    Content: A threat actor operating under the alias ValidMail has made available a combolist of approximately 60,000 Gmail accounts on the cracking forum CrackingX. The post is categorized under Combolists & Dumps, suggesting the credentials are being shared freely. The full content requires forum registration to access.
    Date: 2026-04-19T15:20:07Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72590/
    Screenshots:
    None
    Threat Actors: ValidMail
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Google
    Victim Site: gmail.com
  91. Alleged bulk purchase request for credential logs on dark web forum
    Category: Logs
    Content: A threat actor operating under the alias chaos on a dark web forum is seeking to purchase high volumes of valid ULPs (URL:Login:Password credential logs), likely harvested by infostealer malware. The actor is soliciting bulk stealer log submissions via private message. No specific victim organization, country, or volume has been specified.
    Date: 2026-04-19T15:13:52Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-WTB-valid-logs-in-bulk
    Screenshots:
    None
    Threat Actors: chaos
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  92. Alleged leak of Lumma Stealer logs targeting Indian users
    Category: Logs
    Content: A threat actor known as KazeFreak has shared 500 Lumma Stealer logs allegedly collected from Indian victims running Windows 10 Pro (22H2) using Opera 106.x. The leaked data includes credentials and autofill data harvested via the Lumma Stealer malware. The content is made available via a Tor-based onion link on a dark web forum.
    Date: 2026-04-19T15:13:09Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-URL-LOGIN-PASS-Lumma-Stealer-500-logs-IN
    Screenshots:
    None
    Threat Actors: KazeFreak
    Victim Country: India
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  93. Alleged Sale of Chinese Military Database by Loan Agent
    Category: Data Breach
    Content: A threat actor on Darkforums is selling a database allegedly containing Chinese military data, described as being obtained through a loan agent intermediary. The listing is priced at $25,000 USD with payment accepted exclusively in Monero (XMR). Contact is facilitated via a Session messenger ID, suggesting the seller is seeking privacy-conscious buyers.
    Date: 2026-04-19T15:11:40Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-Selling-CN-military-data-loan-agent
    Screenshots:
    None
    Threat Actors: Yakohomot
    Victim Country: China
    Victim Industry: Defense & Military
    Victim Organization: Unknown
    Victim Site: Unknown
  94. Alleged Data Breach of Just Wines Australia Exposing 300K+ Customer Records
    Category: Data Breach
    Content: A threat actor on a dark web marketplace is selling a database allegedly belonging to Just Wines Australia, a Sydney-based online wine retailer. The dataset reportedly contains over 300,000 customer records including names, email addresses, phone numbers, physical addresses, and order comments. The seller is offering the data as a one-time sale and can be contacted via Session and TOX messaging platforms.
    Date: 2026-04-19T15:10:56Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-Selling-JustWine-Australia-300K-Customers
    Screenshots:
    None
    Threat Actors: 2019
    Victim Country: Australia
    Victim Industry: E-Commerce / Retail
    Victim Organization: Just Wines Australia
    Victim Site: justwines.com.au
  95. Alleged Data Breach of manyfics.net French Fan Fiction Platform Database
    Category: Data Breach
    Content: A threat actor operating under the alias camillaDF is selling a database dump allegedly sourced from manyfics.net, a French fan fiction platform. The dump contains approximately 40,000 records in CSV/SQL format, including usernames, hashed passwords, email addresses, first and last names, registration dates, messaging platform identifiers, and user preference settings. Contact is offered via Telegram and Session messaging handles.
    Date: 2026-04-19T15:10:14Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-Selling-manyfics-net-France-Database-40K
    Screenshots:
    None
    Threat Actors: camillaDF
    Victim Country: France
    Victim Industry: Entertainment / Fan Fiction
    Victim Organization: ManyFics
    Victim Site: manyfics.net
  96. Alleged data breach of Tunisian Ministry of the Interior by N3XUS SH13LD
    Category: Data Breach
    Content: Threat actor group N3XUS SH13LD claims to have compromised the Tunisian Ministry of the Interior website (interieur.gov.tn) and exfiltrated over 132 classified files, reportedly containing content related to Algeria and other sensitive topics. The group is offering the files via a Telegram bot contact handle.
    Date: 2026-04-19T15:09:21Z
    Network: telegram
    Published URL: https://t.me/c/3822812734/49
    Screenshots:
    None
    Threat Actors: N3XUS SH13LD
    Victim Country: Tunisia
    Victim Industry: Government
    Victim Organization: Tunisian Ministry of the Interior
    Victim Site: interieur.gov.tn
  97. Alleged Data Breach of Mission Locale de Marseille
    Category: Data Breach
    Content: A threat actor operating under the alias Cybernox is selling a database allegedly stolen from Mission Locale de Marseille, a French public employment and social integration organization. The dataset contains 4,904 records with sensitive personal and employment-related fields including full name, email, phone number, date of birth, city, employer details, job application status, employment dates, and IAE (Insertion par lActivité Économique) pass information. The actor is accepting contact via
    Date: 2026-04-19T15:09:07Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-Selling-FR-Mission-Locale-de-Marseille
    Screenshots:
    None
    Threat Actors: Cybernox
    Victim Country: France
    Victim Industry: Government / Public Employment Services
    Victim Organization: Mission Locale de Marseille
    Victim Site: Unknown
  98. Alleged Sale of Government Email Credentials and Access Panels Across Multiple Countries
    Category: Initial Access
    Content: A threat actor operating under the alias DuperKinger123 is selling government email accounts and administrative access panels from multiple countries including Spain, Denmark, Angola, Bosnia, Bulgaria, and Nigeria. Offerings include law enforcement, defense, justice, and medical sector email credentials, with prices ranging from $3 to $150 per account. Notably, an Angolan admin mail panel is advertised for $20, claiming to allow unlimited government email creation, and a Bulgarian admin panel
    Date: 2026-04-19T15:08:06Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-Selling-Selling-Google-Voice-And-Government-Emails-For-Cheap
    Screenshots:
    None
    Threat Actors: DuperKinger123
    Victim Country: Unknown
    Victim Industry: Government
    Victim Organization: Unknown
    Victim Site: Unknown
  99. Alleged Sale of Financial and Cryptocurrency Customer Lead Databases
    Category: Data Breach
    Content: A threat actor operating under the alias Luckiest is selling customer lead databases allegedly sourced from multiple financial institutions and cryptocurrency exchanges, including Bunq (Netherlands and Germany), Revolut, Binance, KuCoin, Coinspot (Australia), Coinbase, and DBS Bank across various countries. The datasets reportedly include phone numbers, partial and full email addresses, and other customer details. The actor is reachable via Telegram, Discord, and Session messaging platforms.
    Date: 2026-04-19T15:07:23Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-Selling-SMS-E-Mail-leads-DBs%C2%A0-on-sale
    Screenshots:
    None
    Threat Actors: Luckiest
    Victim Country: Unknown
    Victim Industry: Financial Services
    Victim Organization: Bunq, Revolut, Binance, KuCoin, Coinspot, Coinbase, DBS Bank
    Victim Site: Unknown
  100. Alleged Sale of Credit Card Shop Source Code on Dark Web Forum
    Category: Initial Access
    Content: A threat actor operating under the alias devildevilworld is selling source code for a fully functional credit card (CC) shop on a dark web forum. The shop includes features for managing card bases, searching by BIN, bank, or state, a news channel, and buyer support. The seller accepts payment via trusted Telegram escrow services only.
    Date: 2026-04-19T15:06:19Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-Selling-CC-SHOP-SOURCE-CODE
    Screenshots:
    None
    Threat Actors: devildevilworld
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  101. Alleged SMS Phone Number Rental Service Offering Anonymous Verification Bypass via Telegram Bot
    Category: Initial Access
    Content: A threat actor operating under the alias GetRenewed is advertising an automated SMS rental service via a Telegram bot, offering long-term rental of phone numbers from over 40 countries for up to 90 days. The service supports anonymous payments via cryptocurrency and allows unlimited SMS reception during the rental period, enabling users to bypass SMS-based authentication and verification systems. The operator claims to have been active since 2012 and to be a verified seller on over 20 forums.
    Date: 2026-04-19T15:05:36Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-Long-term-rental-of-phone-numbers-for-SMS-via-a-Telegram-bot
    Screenshots:
    None
    Threat Actors: GetRenewed
    Victim Country: Unknown
    Victim Industry: Telecommunications
    Victim Organization: Unknown
    Victim Site: libreservice.se
  102. Alleged Sale of Admin Panel Access to cpim.org via phpMyAdmin
    Category: Initial Access
    Content: A threat actor operating under the alias gurkhasec is selling admin authentication credentials for cpim.org, the official website of the Communist Party of India (Marxist). The admin panel is reportedly accessible via phpMyAdmin, suggesting potential access to the sites backend database. The actor is asking $1,000 with no negotiation and can be contacted via Telegram at @silentasdark.
    Date: 2026-04-19T15:04:52Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-Cpim-org
    Screenshots:
    None
    Threat Actors: gurkhasec
    Victim Country: India
    Victim Industry: Political Organization
    Victim Organization: Communist Party of India (Marxist)
    Victim Site: cpim.org
  103. Alleged Data Breach of JKN Mobile Healthcare Database Containing Indonesian PII
    Category: Data Breach
    Content: A threat actor operating under the alias Anonpis is selling an alleged database dump from JKN Mobile, the Indonesian national health insurance mobile application managed by BPJS Kesehatan. The dataset reportedly contains sensitive personally identifiable information including full names, national identity numbers (NIK), family card numbers (NOKK), addresses, gender, dates of birth, and social welfare program identifiers (PKH participant IDs). The seller is offering the data for purchase via Te
    Date: 2026-04-19T15:04:06Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-Selling-NEW-DATABASE-MOBILE-JKN-2026
    Screenshots:
    None
    Threat Actors: Anonpis
    Victim Country: Indonesia
    Victim Industry: Healthcare
    Victim Organization: JKN Mobile (BPJS Kesehatan)
    Victim Site: bpjskesehatan.go.id
  104. Alleged Data Breach of Pernambuco State Citizen Registry Affecting 9 Million Residents
    Category: Data Breach
    Content: A threat actor known as 0x0dayToDay is selling a SQLite database allegedly containing personal data of approximately 9.19 million citizens of the Brazilian state of Pernambuco for $200 USD. The database includes highly sensitive information such as CPF numbers, full names, dates of birth, mother and father names, residential addresses, phone numbers, email addresses, RG document details, and other demographic fields. The Pernambuco state government reportedly confirmed the incident and attribu
    Date: 2026-04-19T15:03:21Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-Selling-PERNAMBUCO-DB-9-MILLIONS-INHABITANTS
    Screenshots:
    None
    Threat Actors: Ox0DayToDay
    Victim Country: Brazil
    Victim Industry: Government
    Victim Organization: Pernambuco State Government
    Victim Site: Unknown
  105. Alleged Data Leak of Solventum Internal Systems and Microsoft Entra Data
    Category: Data Leak
    Content: A threat actor operating under the name SeraphimGroup has allegedly leaked data belonging to Solventum, a healthcare manufacturing company with $8.3 billion in revenue. The leaked data, purportedly obtained in April 2026, includes Jira tickets, a Confluence scrape of internal operations, and a Microsoft Entra directory dump. The content has been made available for free download on a dark web forum to registered users.
    Date: 2026-04-19T15:02:15Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-Solventum-Data-Breach
    Screenshots:
    None
    Threat Actors: SeraphimGroup
    Victim Country: United States
    Victim Industry: Healthcare Manufacturing
    Victim Organization: Solventum
    Victim Site: solventum.com
  106. Alleged Data Leak of Universitas Negeri Malang Student Scholarship Records
    Category: Data Leak
    Content: A threat actor operating under the alias CyphieNesia has made available a dataset allegedly belonging to Universitas Negeri Malang (Malang State University), containing personal information of Bidik Misi scholarship recipients from the 2012 fiscal year. The leaked data reportedly includes students fathers names, mothers names, and cell phone numbers, among other details. The data has been shared as a downloadable Excel file via an anonymous file hosting service.
    Date: 2026-04-19T15:01:07Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-Universitas-Negeri-Malang
    Screenshots:
    None
    Threat Actors: CyphieNesia
    Victim Country: Indonesia
    Victim Industry: Education
    Victim Organization: Universitas Negeri Malang
    Victim Site: um.ac.id
  107. Alleged reconnaissance activity targeting Vento Motos Colombia
    Category: Data Breach
    Content: A threat actor posted on a dark web forum indicating that reconnaissance is currently underway against Vento Motos Colombia as part of an ongoing operation ahead of an exploitation phase. No data has been leaked or sold yet, as the actor states the attack is still in its early stages. This suggests a potential future data breach or intrusion attempt targeting the organization.
    Date: 2026-04-19T15:00:24Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATABASE-DATA-USER-VENTO-MOTOS-COLOMBIA
    Screenshots:
    None
    Threat Actors: whitehat
    Victim Country: Colombia
    Victim Industry: Automotive / Motorcycle Retail
    Victim Organization: Vento Motos Colombia
    Victim Site: Unknown
  108. Alleged leak of shopping and corporate sector combolist credentials
    Category: Combo List
    Content: A threat actor operating under the alias HQcomboSpace has made available a combolist containing approximately 185,569 credential pairs via a Mega.nz file sharing link. The combolist is advertised as being effective for shopping and corporate business platforms. No specific victim organization or origin of the credentials has been identified.
    Date: 2026-04-19T14:52:27Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72585/
    Screenshots:
    None
    Threat Actors: HQcomboSpace
    Victim Country: Unknown
    Victim Industry: Retail & E-Commerce
    Victim Organization: Unknown
    Victim Site: Unknown
  109. Alleged leak of mixed credential combolist (UHQ)
    Category: Combo List
    Content: A threat actor known as FlashCloud2 posted a thread on CrackingX forum titled PRIVATE MIX UHQ, suggesting the sharing of a high-quality mixed combolist. The full content of the post is restricted to registered and signed-in users, limiting visibility into specific details such as record count or targeted organizations. Based on the forum context (Combolists & Dumps), the post likely contains credential lists made available to forum members.
    Date: 2026-04-19T14:52:10Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72586/
    Screenshots:
    None
    Threat Actors: FlashCloud2
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  110. Alleged leak of mixed credential combolist by threat actor Steveee36
    Category: Combo List
    Content: A threat actor operating under the alias Steveee36 has made available a mixed combolist containing approximately 2,436 credential pairs on the crackingx.com forum. The post is categorized under Combolists & Dumps and offers a free download of the file. No specific victim organization, industry, or country has been identified, suggesting the credentials originate from multiple sources.
    Date: 2026-04-19T14:51:54Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72587/
    Screenshots:
    None
    Threat Actors: stevee36
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  111. Alleged Sale of Japan and Europe Email Access Combolist
    Category: Combo List
    Content: A threat actor on CrackingX is offering a combolist allegedly containing 1,200 email access credentials targeting Japan and Europe. The actor is soliciting private messages for access to the list, which is also partially hidden behind a registration wall. No specific organizations or pricing details are mentioned in the post.
    Date: 2026-04-19T14:34:35Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72583/
    Screenshots:
    None
    Threat Actors: intel500
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  112. Alleged leak of Hotmail credential combolist
    Category: Combo List
    Content: A threat actor operating under the alias FlashCloud2 has made available an alleged UHQ (Ultra High Quality) combolist of Hotmail credentials on the cracking forum CX. The post is gated behind registration or login, limiting visibility into the full scope and details of the leak. The term PRIVATE suggests the list may have been previously restricted or is presented as exclusive.
    Date: 2026-04-19T14:34:10Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72584/
    Screenshots:
    None
    Threat Actors: FlashCloud2
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft
    Victim Site: hotmail.com
  113. Alleged solicitation for Eastern European databases on dark forum
    Category: Data Breach
    Content: A dark forum user identified as melbond135 is soliciting database dumps from Eastern Europe on a dark web forum. The post does not specify any particular country, industry, or organization. No further details regarding the type of data, record count, or specific targets are provided.
    Date: 2026-04-19T14:26:11Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-Someone-have-dbs-from-East-Europe
    Screenshots:
    None
    Threat Actors: melbond135
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  114. Alleged leak of mixed corporate domain combolist
    Category: Combo List
    Content: A threat actor operating under the alias CODER is distributing a mixed corporate domain combolist (9ML Mixed Corp Domain) for free via Telegram channels. The actor promotes two Telegram groups offering free combolists and tools. No specific victim organization or record count has been disclosed.
    Date: 2026-04-19T14:18:05Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72582/
    Screenshots:
    None
    Threat Actors: CODER
    Victim Country: Unknown
    Victim Industry: Multiple Sectors
    Victim Organization: Multiple Organizations
    Victim Site: Unknown
  115. Alleged Account Takeover Vulnerability Disclosure in Appsmith (CVE-2026-22794)
    Category: Initial Access
    Content: A critical vulnerability (CVE-2026-22794, CVSS 9.7) was disclosed in Appsmith versions up to 1.92, affecting the /forgotPassword and /resendEmailVerification endpoints. The server blindly uses the attacker-controlled HTTP Origin header as the base URL in password reset and email verification links, allowing an attacker to redirect victims to a malicious domain and capture their reset tokens. Successful exploitation results in full account takeover; the vulnerability was patched in version 1.93.
    Date: 2026-04-19T14:16:13Z
    Network: openweb
    Published URL: https://tier1.life/thread/161
    Screenshots:
    None
    Threat Actors: RedQueen
    Victim Country: Unknown
    Victim Industry: Software / Technology
    Victim Organization: Appsmith
    Victim Site: appsmith.com
  116. Alleged patch bypass for FortiGate symlink persistence via double-slash path traversal (CVE-2025-68686)
    Category: Initial Access
    Content: A researcher disclosed a bypass for Fortinets patch addressing a FortiGate SSL-VPN symlink persistence technique. The patch relied on a weak strstr string check for /lang/custom, which could be circumvented by substituting /lang//custom (double slash), causing the security validation to be skipped while the web server still resolved the path correctly, restoring unauthorized read-only access to the root filesystem. A proof-of-concept and automated Python scanner tool have been publicly rele
    Date: 2026-04-19T14:15:25Z
    Network: openweb
    Published URL: https://tier1.life/thread/162
    Screenshots:
    None
    Threat Actors: RedQueen
    Victim Country: Unknown
    Victim Industry: Network Security / Technology
    Victim Organization: Fortinet FortiGate
    Victim Site: fortinet.com
  117. Alleged leak of Hotmail credentials
    Category: Combo List
    Content: A threat actor operating under the alias HollowKnight has made available a sample combolist of 705 Hotmail email:password credential pairs on the Demon Forums combolist section. The content is gated behind registration or login, suggesting it is being shared as a free sample, likely to promote a larger dataset. No price or payment method was mentioned in the post.
    Date: 2026-04-19T14:00:56Z
    Network: openweb
    Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-705x-SAMPLE-HOTMAIL-%E2%9A%A1%E2%9A%A1
    Screenshots:
    None
    Threat Actors: HollowKnight
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft
    Victim Site: hotmail.com
  118. Alleged leak of Hotmail credential samples
    Category: Combo List
    Content: A threat actor operating under the alias HollowKnight07 has made available a sample combolist of 705 Hotmail credentials on a cracking forum. The post offers a free download link, suggesting this is a sample release, possibly to attract interest in a larger dataset. The credentials likely consist of email and password pairs associated with Hotmail accounts.
    Date: 2026-04-19T14:00:39Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72581/
    Screenshots:
    None
    Threat Actors: HollowKnight07
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft
    Victim Site: hotmail.com
  119. Alleged DKIM Replay Attack Campaign Abusing Apple and PayPal Legitimate Infrastructure for Phishing
    Category: Initial Access
    Content: Cybercriminals are conducting DKIM replay attacks by abusing legitimate invoice and dispute notification workflows on trusted platforms including Apple, PayPal, DocuSign, and HelloSign. Attackers inject scam instructions and phone numbers into user-editable fields when creating invoices, then forward the cryptographically signed emails to victims, bypassing DKIM and DMARC email authentication controls. Because the messages originate from legitimate vendor infrastructure and carry valid DKIM sign
    Date: 2026-04-19T13:58:44Z
    Network: openweb
    Published URL: https://tier1.life/thread/160
    Screenshots:
    None
    Threat Actors: RedQueen
    Victim Country: Unknown
    Victim Industry: Financial Services
    Victim Organization: Apple, PayPal
    Victim Site: apple.com, paypal.com
  120. Alleged leak of Hotmail credentials combolist
    Category: Combo List
    Content: A threat actor using the alias wingoooW has made available a combolist of alleged Hotmail email and password combinations via a public paste site. The post, shared on DemonForums in the combolists section, provides a free download link without specifying the number of records. The origin and validity of the credentials have not been verified.
    Date: 2026-04-19T13:29:04Z
    Network: openweb
    Published URL: https://demonforums.net/Thread-Email-Pass-HQ-HOTMAIL–200952
    Screenshots:
    None
    Threat Actors: wingoooW
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft
    Victim Site: hotmail.com
  121. Alleged sale of large-scale URL-login-password credential combolist (1.3TB, 2024-2026)
    Category: Combo List
    Content: A threat actor operating under the alias Mustukaral is advertising a 1.3TB collection of URL-login-password (ULP) credential combolists purportedly spanning 2024 to 2026 on the crackingx.com forum. The offering includes access to an online search tool to query credentials without downloading the full dataset, with auto-updates and country-based filtering. No specific victim organization or region is identified, suggesting the combolist aggregates credentials harvested from multiple sources glo
    Date: 2026-04-19T13:29:00Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72576/
    Screenshots:
    None
    Threat Actors: Mustukaral
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  122. Alleged leak of German email credentials combolist (web.de, GMX, T-Online)
    Category: Combo List
    Content: A threat actor known as CODER is distributing a combolist containing approximately 11 million credential pairs targeting German email service providers including web.de, GMX, and T-Online. The combolist is being made available for free via Telegram channels and groups operated by the actor. No price is mentioned, suggesting this is a free leak intended to build reputation or drive traffic to the actors Telegram presence.
    Date: 2026-04-19T13:28:44Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72577/
    Screenshots:
    None
    Threat Actors: CODER
    Victim Country: Germany
    Victim Industry: Telecommunications & Email Services
    Victim Organization: web.de, GMX, T-Online
    Victim Site: web.de, gmx.de, t-online.de
  123. Alleged leak of private logs archive (2GB pack)
    Category: Data Leak
    Content: A threat actor known as niven938644 has made available a 2GB pack of private logs via a Mega.nz link on DemonForums. The archive is protected with a password attributed to CartelJohnDoe and likely contains credential logs or stealer logs harvested from compromised systems. No specific victim organization or country has been identified.
    Date: 2026-04-19T13:28:26Z
    Network: openweb
    Published URL: https://demonforums.net/Thread-2gb-pack-prv-logs
    Screenshots:
    None
    Threat Actors: niven938644
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  124. Alleged leak of private credential logs combolist (2GB pack)
    Category: Combo List
    Content: A threat actor known as maicolpg19 has made available a 2GB pack of private logs via a Mega.nz file link on the CrackingX forum. The content appears to be a combolist or credential logs, with the decryption password hosted on a Telegram channel associated with CartelJohnDoe. No specific victim organization or country has been identified.
    Date: 2026-04-19T13:28:23Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72578/
    Screenshots:
    None
    Threat Actors: maicolpg19
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  125. Alleged sale of Gmail-targeted credential combolist with 135,000 records
    Category: Combo List
    Content: A threat actor known as steeve75 is selling a Gmail-targeted combolist containing approximately 135,000 email and password credential pairs. The seller also advertises additional combolists targeting multiple email providers including AOL, Yahoo, Hotmail, and Outlook, spanning multiple countries. Contact is facilitated via Telegram handle @KOCsupport.
    Date: 2026-04-19T13:28:03Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72579/
    Screenshots:
    None
    Threat Actors: steeve75
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Gmail
    Victim Site: gmail.com
  126. Alleged Doxing/Target Profile of IT Specialist Linked to Nuvei and NSO Group
    Category: Cyber Attack
    Content: A detailed personal profile has been published targeting an individual identified as Sasha Razumenko, currently employed as an IT Specialist at Nuvei (payment processing company) and formerly at NSO Group as a GSR Operator. The profile includes his current role, responsibilities (Active Directory, Azure, O365, GPO, server/network management), previous position at NSO Group involving intelligence report production and global asset security, Israeli Navy service history, academic background at Reichman University, and language proficiencies. The level of operational detail — including system access, employee onboarding responsibilities, and internal IT infrastructure knowledge — suggests this profile may be intended to facilitate social engineering, insider threat exploitation, or physical targeting.
    Date: 2026-04-19T13:27:41Z
    Network: telegram
    Published URL: https://t.me/c/2245031785/653
    Screenshots:
    None
    Threat Actors: Golden Falcon
    Victim Country: Israel
    Victim Industry: Financial Services / Payment Processing
    Victim Organization: Nuvei
    Victim Site: Unknown
  127. Alleged leak of Hotmail credential combolist targeting multiple regions
    Category: Data Leak
    Content: A threat actor known as Larry_Uchiha has shared a combolist containing approximately 800 Hotmail email:password credential pairs on the AE forum. The credentials allegedly belong to users from the United States, Europe, Asia, and Russia. The content is gated behind a reply requirement and references a Telegram channel, suggesting further distribution through that platform.
    Date: 2026-04-19T13:24:53Z
    Network: openweb
    Published URL: https://altenens.is/threads/800x-hotmail-access-combo-usa-europe-asia-russian.2927634/unread
    Screenshots:
    None
    Threat Actors: Larry_Uchiha
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft Hotmail
    Victim Site: hotmail.com
  128. Alleged leak of Hotmail and multi-platform credentials combolist
    Category: Data Leak
    Content: A threat actor operating under the alias Larry_Uchiha has made available a combolist of approximately 1,400 Hotmail credential hits with full capture data, also covering accounts for Instagram, Epic Games, Xbox, and Discord. The post was shared on the AE – Combo List forum and requires a reply to access the hidden content, likely distributed via Telegram. No price was mentioned, indicating the combolist is being freely shared.
    Date: 2026-04-19T13:24:18Z
    Network: openweb
    Published URL: https://altenens.is/threads/1-400x-hotmail-hits-full-cap-instagram-epicgames-xbox-discord.2927635/unread
    Screenshots:
    None
    Threat Actors: Larry_Uchiha
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft, Instagram, Epic Games, Xbox, Discord
    Victim Site: hotmail.com, instagram.com, epicgames.com, xbox.com, discord.com
  129. Alleged leak of multi-platform credential combolist including Instagram, Epic Games, Xbox, and Discord
    Category: Data Leak
    Content: A threat actor known as Larry_Uchiha has shared a mixed combolist containing approximately 1,400 or more credential hits across multiple platforms including Instagram, Epic Games, Xbox, and Discord. The combolist is being made available via Telegram to users who reply to the forum thread. The post does not mention a price, suggesting the credentials are being freely distributed.
    Date: 2026-04-19T13:23:42Z
    Network: openweb
    Published URL: https://altenens.is/threads/1-400x-mix-mail-hits-full-cap-instagram-epicgames-xbox-discord.2927636/unread
    Screenshots:
    None
    Threat Actors: Larry_Uchiha
    Victim Country: Unknown
    Victim Industry: Technology / Gaming / Social Media
    Victim Organization: Instagram, Epic Games, Xbox, Discord
    Victim Site: instagram.com, epicgames.com, xbox.com, discord.com
  130. Alleged leak of mixed email provider credential combolist
    Category: Data Leak
    Content: A threat actor operating under the alias Larry_Uchiha has shared a mixed email combolist on the AE forum, containing credentials for multiple email providers including Hotmail, Outlook, AOL, GMX, Inbox, iCloud, and Live. The combolist was made available for free to users who reply to the thread. The full content is hidden behind a reply gate and linked via Telegram, suggesting distribution through an external channel.
    Date: 2026-04-19T13:23:07Z
    Network: openweb
    Published URL: https://altenens.is/threads/mix-mail-combo-hotmail-outlook-aol-gmx-inbox-icloud-live-2026-4-15.2927637/unread
    Screenshots:
    None
    Threat Actors: Larry_Uchiha
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  131. Alleged leak of mixed platform credentials combolist including Netflix, OnlyFans, ChatGPT, Xbox, Sony, Discord, and Facebook
    Category: Data Leak
    Content: A threat actor operating under the alias Larry_Uchiha has shared a mixed-platform combolist on the forum Altenens, allegedly containing credentials for multiple services including Netflix, OnlyFans, ChatGPT, Xbox, Sony, Discord, and Facebook. The content is gated behind a reply requirement and distributed via Telegram. No pricing was mentioned, indicating the combolist is being made available for free.
    Date: 2026-04-19T13:22:32Z
    Network: openweb
    Published URL: https://altenens.is/threads/mix-account-combo-netflix-onlyfans-chatgpt-xbox-sony-discord-facebook-2026-4-15.2927638/unread
    Screenshots:
    None
    Threat Actors: Larry_Uchiha
    Victim Country: Unknown
    Victim Industry: Multiple
    Victim Organization: Netflix, OnlyFans, OpenAI, Xbox, Sony, Discord, Facebook
    Victim Site: Unknown
  132. Alleged leak of mixed access logs combolist (100K records)
    Category: Logs
    Content: A threat actor known as Vekkoo has made available a file titled 100K HQ MIX ACCESS LOGS.txt on the XF forum, claiming to contain 100,000 high-quality mixed access logs. The post contains a gated link requiring registration to access, suggesting the combolist is being shared within the cybercriminal community. No specific victim organization, industry, or country has been identified, indicating the credentials likely span multiple targets.
    Date: 2026-04-19T13:20:32Z
    Network: openweb
    Published URL: https://xforums.st/threads/100k-hq-mix-access-logs-txt.608932/
    Screenshots:
    None
    Threat Actors: Vekkoo
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  133. Alleged leak of mixed email credentials combolist
    Category: Combo List
    Content: A threat actor operating under the alias StrawHatBase has made available a mixed email access combolist containing approximately 35,000 email:password credential pairs on DemonForums. The content is hidden behind a registration or login wall, suggesting it is being distributed to forum members. The specific email providers or organizations affected are not identified in the post.
    Date: 2026-04-19T13:08:22Z
    Network: openweb
    Published URL: https://demonforums.net/Thread-Email-Pass-35K-GOOD-MAIL-ACCESS-MIX
    Screenshots:
    None
    Threat Actors: StrawHatBase
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  134. Alleged leak of corporate credential combolist (3 million records)
    Category: Combo List
    Content: A threat actor operating under the alias CODER has made available a corporate combolist allegedly containing 3 million credential pairs via Telegram channels. The post directs users to two free Telegram groups (t.me/Combo445544 and t.me/Coder554455) for access to the credential list and related tools. No specific victim organization or targeted sector has been identified.
    Date: 2026-04-19T13:07:36Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72575/
    Screenshots:
    None
    Threat Actors: CODER
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  135. Alleged leak of 29,000 valid email credentials combolist
    Category: Combo List
    Content: A threat actor operating under the alias TeraCloud1 has shared a combolist containing approximately 29,000 allegedly valid email address and password combinations on a cybercrime forum. The content is hidden behind a registration or login requirement, suggesting it is available to forum members at no explicit cost. No specific target organization, industry, or country has been identified.
    Date: 2026-04-19T12:50:11Z
    Network: openweb
    Published URL: https://demonforums.net/Thread-Email-Pass-29K-VALID-MAIL-ACCESS–200948
    Screenshots:
    None
    Threat Actors: TeraCloud1
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  136. Alleged leak of Hotmail credential checker tool with capture functionality
    Category: Combo List
    Content: A threat actor operating under the alias Jelooos has made available a Hotmail credential checker tool with full capture functionality on the cracking forum CrackingX. The tool appears to be shared for free and is designed to validate email credentials against Hotmail accounts. The post content is restricted to registered or signed-in forum members, limiting full visibility into the tools capabilities and any associated combolists.
    Date: 2026-04-19T12:49:36Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72574/
    Screenshots:
    None
    Threat Actors: Jelooos
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft Hotmail
    Victim Site: hotmail.com
  137. Alleged leak of mixed education sector credential combolist
    Category: Combo List
    Content: A threat actor operating under the alias HQcomboSpace has shared a combolist containing approximately 120,470 credential pairs targeting the education sector, described as a mixed-target compilation labeled for 2026. The file has been made available via a Mega.nz link at no apparent cost. The geographic origin of the affected accounts is unknown, as the combolist appears to aggregate credentials from multiple sources.
    Date: 2026-04-19T12:33:37Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72570/
    Screenshots:
    None
    Threat Actors: HQcomboSpace
    Victim Country: Unknown
    Victim Industry: Education
    Victim Organization: Unknown
    Victim Site: Unknown
  138. Alleged Production and Sale of Fraudulent Identity Documents Including Passports, IDs, and Visas
    Category: Initial Access
    Content: A threat actor operating under the handle LEGAL01DOC is advertising fraudulent document production services on a cracking forum. The actor claims to produce high-quality counterfeit identity documents including passports, drivers licenses, permanent residency cards, visas, and other documents for European and CIS countries, featuring full biometrics, digital signatures, and fingerprints. Contact is offered via Telegram (@LEGAL01DOC_NEW) and WhatsApp (+33757911771), with the actor warning buyers
    Date: 2026-04-19T12:33:24Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72571/
    Screenshots:
    None
    Threat Actors: LEGAL01DOC
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  139. Website Defacement of Mil Flores Radio by Threat Actor Zod
    Category: Defacement
    Content: A threat actor operating under the alias Zod defaced the website of Mil Flores Radio, an Argentine radio broadcaster, on April 19, 2026. The attacker targeted a specific page (zod.html) on the Linux-hosted website, leaving a defacement marker. The incident was a targeted single-site defacement rather than a mass or home page compromise.
    Date: 2026-04-19T12:33:07Z
    Network: openweb
    Published URL: https://haxor.id/archive/mirror/248596
    Screenshots:
    None
    Threat Actors: Zod, Zod
    Victim Country: Argentina
    Victim Industry: Media & Broadcasting
    Victim Organization: Mil Flores Radio
    Victim Site: milfloresradio.com.ar
  140. Alleged Sale of Compromised Cryptocurrency Account Containing 9.22998 BTC
    Category: Data Breach
    Content: A threat actor on Breached forum is selling access to a compromised cryptocurrency account containing approximately 9.22998 BTC (valued at €592,856.38). The actor claims to have obtained the account credentials by accessing a corporate email inbox during a breach of an unnamed company, where the crypto account passwords were found in an email. The seller states withdrawals have been tested and are functional, and is accepting escrow/middleman arrangements.
    Date: 2026-04-19T12:26:49Z
    Network: openweb
    Published URL: https://breached.st/threads/592-856-38-worth-of-crypto-stolen.86102/unread
    Screenshots:
    None
    Threat Actors: NormalLeVrai
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  141. Alleged leak of Israeli Gmail credentials and PII (names, phone numbers)
    Category: Data Leak
    Content: A threat actor affiliated with SUMATRA UTARA CYBER TEAM is distributing a file via MediaFire allegedly containing Gmail addresses, full names, and phone numbers of Israeli individuals. The content appears to be a PII/credential dump targeting Israel, available as a free download.
    Date: 2026-04-19T12:18:12Z
    Network: telegram
    Published URL: https://t.me/byjax7/42
    Screenshots:
    None
    Threat Actors: SUMATRA UTARA CYBER TEAM
    Victim Country: Israel
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: gmail.com
  142. Alleged leak of credential combolist (VIP ULP 7) shared via Telegram
    Category: Combo List
    Content: A threat actor operating under the alias zod has shared what is described as a VIP ULP (URL:Login:Password) combolist, identified as volume 7, on the cracking forum CrackingX. The content is gated behind forum registration and a password distributed via a Telegram channel (@zoooddddd). No specific victim organization, country, or record count has been disclosed.
    Date: 2026-04-19T12:15:03Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72569/
    Screenshots:
    None
    Threat Actors: zod
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  143. Alleged leak of Hotmail credential combolist
    Category: Data Leak
    Content: A threat actor known as Angiecrax has shared a combolist containing approximately 1,990 alleged Hotmail credentials on the AE forum. The post is gated behind a reply requirement, suggesting the content is made available for free to forum members upon interaction. The credentials are described as UHQ hits, indicating high-quality, potentially valid account logins.
    Date: 2026-04-19T12:11:11Z
    Network: openweb
    Published URL: https://altenens.is/threads/high-voltagehigh-voltage-1990x-uhq-hotmail-hits-high-voltagehigh-voltage.2927630/unread
    Screenshots:
    None
    Threat Actors: Angiecrax
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft
    Victim Site: hotmail.com
  144. Alleged data leak of Indonesian Police Unit BRIMOB POLDA JABAR and Koperasi Bintang Kejora
    Category: Data Leak
    Content: Threat actor Xyph0rix is distributing two text files via MediaFire containing alleged data from BRIMOB POLDA JABAR (West Java Regional Police Mobile Brigade unit) and KOPERASI BINTANG KEJORA (a cooperative organization). The files are being made available for free download. The actor maintains a presence on BreachForums (breached.st) with a dedicated thread for the leaked databases.
    Date: 2026-04-19T12:07:50Z
    Network: telegram
    Published URL: https://t.me/Xyph0rix_CaypbaraXploit/152
    Screenshots:
    None
    Threat Actors: Xyph0rix
    Victim Country: Indonesia
    Victim Industry: Government / Law Enforcement / Financial Cooperative
    Victim Organization: BRIMOB POLDA JABAR / Koperasi Bintang Kejora
    Victim Site: Unknown
  145. Alleged SilverBullet Configuration Leak for Higgsfield
    Category: Data Leak
    Content: A threat actor using the alias fent888 has shared a SilverBullet configuration file targeting Higgsfield on the Breached forum. SilverBullet configs are used for credential stuffing attacks, enabling automated login attempts against the target platform. The config was made available for free download via an external file-sharing service.
    Date: 2026-04-19T12:07:47Z
    Network: openweb
    Published URL: https://breached.st/threads/higgsfield-silverbullet-config.86100/unread
    Screenshots:
    None
    Threat Actors: fent888
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Higgsfield
    Victim Site: higgsfield.ai
  146. Alleged Data Leak of BreachForums User Database
    Category: Data Leak
    Content: A threat actor operating under the alias Xyph0rix has made available an alleged database dump of BreachForums, the well-known cybercrime forum. The leaked database contains extensive user account data including usernames, hashed passwords, salts, login keys, email addresses, IP addresses, registration details, and numerous user preference and activity fields. The data has been shared via a download link with no apparent price, suggesting a free public leak.
    Date: 2026-04-19T12:07:05Z
    Network: openweb
    Published URL: https://breached.st/threads/database-breachforums.86101/unread
    Screenshots:
    None
    Threat Actors: Xyph0rix
    Victim Country: Unknown
    Victim Industry: Cybercrime Forum
    Victim Organization: BreachForums
    Victim Site: breachforums.st
  147. Alleged leak of Indian credential combolist containing 184,420 records
    Category: Combo List
    Content: A threat actor operating under the alias zod has shared a combolist allegedly containing 184,420 credential pairs associated with Indian users on the cracking forum CrackingX. The content is gated behind registration or sign-in, with a password distributed via a Telegram channel linked to the actor. The origin organizations or services from which the credentials were harvested are not specified.
    Date: 2026-04-19T11:55:51Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72568/
    Screenshots:
    None
    Threat Actors: zod
    Victim Country: India
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  148. Alleged Data Leak of West Java Regional Police Mobile Brigade Unit Database
    Category: Data Leak
    Content: A threat actor known as Xyph0rix claims to have leaked a database belonging to the West Java Regional Police Mobile Brigade Unit (SAT BRIMOB POLDA JABAR) in Indonesia. The database was made available for free download on the Breached forum. The nature and volume of the data contained within the leak have not been specified in the post.
    Date: 2026-04-19T11:49:37Z
    Network: openweb
    Published URL: https://breached.st/threads/database-sat-brimob-polda-jabar.86098/unread
    Screenshots:
    None
    Threat Actors: Xyph0rix
    Victim Country: Indonesia
    Victim Industry: Government
    Victim Organization: SAT BRIMOB POLDA JABAR (West Java Regional Police Mobile Brigade Unit)
    Victim Site: Unknown
  149. Alleged Data Leak of Koperasi Bintang Kejora Database
    Category: Data Leak
    Content: A threat actor operating under the alias Xyph0rix has made available what is claimed to be a database belonging to Koperasi Bintang Kejora, an Indonesian cooperative based in Bangka Belitung province. The leaked data appears to include personal and tax identification information, including full names, NPWP (Indonesian tax identification numbers), and physical addresses. The data was shared freely via a download link on the Breached forum.
    Date: 2026-04-19T11:49:05Z
    Network: openweb
    Published URL: https://breached.st/threads/database-koperasu-bintang-kejora.86099/unread
    Screenshots:
    None
    Threat Actors: Xyph0rix
    Victim Country: Indonesia
    Victim Industry: Financial Services
    Victim Organization: Koperasi Bintang Kejora
    Victim Site: Unknown
  150. Alleged leak of Vaccine Data shared via MediaFire
    Category: Data Leak
    Content: A file archive named Data Vaksin (Vaccine Data) has been made available for free download via MediaFire by threat actor Xyph0rix. The 7z archive may contain sensitive vaccination records or related personal data. The forwarded nature of the post suggests wider distribution across channels.
    Date: 2026-04-19T11:26:31Z
    Network: telegram
    Published URL: https://t.me/Xyph0rix_CaypbaraXploit/151
    Screenshots:
    None
    Threat Actors: Xyph0rix
    Victim Country: Unknown
    Victim Industry: Healthcare
    Victim Organization: Unknown
    Victim Site: Unknown
  151. Alleged distribution of educational sector combolist
    Category: Combo List
    Content: A threat actor operating under the alias CODER is distributing a combolist targeting educational institutions via Telegram channels. The post promotes free credential lists through two Telegram groups and invites users to contact the actor directly for combo access. No specific victim organization, record count, or country has been identified.
    Date: 2026-04-19T11:03:11Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72567/
    Screenshots:
    None
    Threat Actors: CODER
    Victim Country: Unknown
    Victim Industry: Education
    Victim Organization: Unknown
    Victim Site: Unknown
  152. Alleged leak of Hotmail credentials combolist
    Category: Combo List
    Content: A threat actor known as Herry_X0087, with the post shared by hqtabbb on CrackingX, has made available a combolist of 111 Hotmail credentials. The credentials are being distributed for free via a Telegram channel and an external paste site. The post promotes a Telegram-based service called Noir Public Cloud offering daily free combolists.
    Date: 2026-04-19T10:45:28Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72564/
    Screenshots:
    None
    Threat Actors: hqtabbb
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft Hotmail
    Victim Site: hotmail.com
  153. Alleged leak of German email access credentials
    Category: Data Leak
    Content: A threat actor operating under the alias Megacloud has shared a 568.3 KB combolist containing German email account credentials on the forum AE – Combo List. The file, hosted on MEGA, is described as top quality mail access and was made available on April 19. No specific organizations or record counts have been identified.
    Date: 2026-04-19T10:41:44Z
    Network: openweb
    Published URL: https://altenens.is/threads/15-7-germany-mail-access-top-quality-19-04.2927622/unread
    Screenshots:
    None
    Threat Actors: Megacloud
    Victim Country: Germany
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  154. Alleged leak of mixed email access credentials (30,000 records)
    Category: Data Leak
    Content: A threat actor operating under the alias Megacloud has made available a combolist of 30,000 allegedly valid email access credentials on the AE forum. The list is described as a mixed provider collection with no duplicates, dated April 19. No specific target organization or country has been identified, suggesting the credentials span multiple email providers.
    Date: 2026-04-19T10:41:09Z
    Network: openweb
    Published URL: https://altenens.is/threads/30k-full-valid-mail-access-mix-no-duplicates-19-04.2927624/unread
    Screenshots:
    None
    Threat Actors: Megacloud
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  155. Alleged Data Leak of KPU Indonesia Electoral Database
    Category: Data Leak
    Content: A threat actor operating under the alias Xyph0rix claims to have obtained and leaked the Indonesian General Elections Commission (KPU) database. The leaked data contains sensitive personal information including full names, national identity numbers (NIK/KTP), dates of birth, addresses, phone numbers, email addresses, employment details, and electoral registration records related to political party verification processes. The data appears to be sourced from the KPUs SIPOL (Political Party Info
    Date: 2026-04-19T10:37:19Z
    Network: openweb
    Published URL: https://breached.st/threads/database-kpu-indonesia-go-id.86097/unread
    Screenshots:
    None
    Threat Actors: Xyph0rix
    Victim Country: Indonesia
    Victim Industry: Government
    Victim Organization: Komisi Pemilihan Umum (KPU) Indonesia
    Victim Site: kpu.go.id
  156. Alleged defacement of multiple websites by DEWATA BLACKHAT
    Category: Defacement
    Content: Threat actor DEWATA BLACKHAT claims to have defaced multiple websites including jopssed.org, ppdi.co.in, giguy.net, and jukasopestcontrol.com. The post includes a photo as proof of defacement and is tagged with #DEWATABLACKHAT and #MANGSZXPLOIT.
    Date: 2026-04-19T10:36:45Z
    Network: telegram
    Published URL: https://t.me/c/3841736872/277
    Screenshots:
    None
    Threat Actors: DEWATA BLACKHAT
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: jopssed.org
  157. Alleged data breach of German domain registration system exposing 7 million records
    Category: Data Breach
    Content: A dark web report claims unauthorized access to a domain registration system in Germany, resulting in the exfiltration of over 7 million data records and significant source code. The threat actor allegedly has the ability to redirect websites and abuse registered domains, posing a significant supply-chain and infrastructure risk.
    Date: 2026-04-19T10:35:10Z
    Network: telegram
    Published URL: https://t.me/c/1283513914/21276
    Screenshots:
    None
    Threat Actors: خبرگزاری سایبربان| Cyberban News
    Victim Country: Germany
    Victim Industry: Technology / Domain Registrar
    Victim Organization: Unknown
    Victim Site: Unknown
  158. Alleged data breach of satpol.pp.go.id (Indonesian Government)
    Category: Data Breach
    Content: Threat actor Xyph0rix has allegedly breached and leaked a database belonging to satpol.pp.go.id, an Indonesian government website associated with the Civil Service Police Unit (Satuan Polisi Pamong Praja). The data was posted on BreachForums.
    Date: 2026-04-19T10:34:10Z
    Network: telegram
    Published URL: https://t.me/Xyph0rix_CaypbaraXploit/145
    Screenshots:
    None
    Threat Actors: Xyph0rix
    Victim Country: Indonesia
    Victim Industry: Government
    Victim Organization: Satuan Polisi Pamong Praja (Satpol PP)
    Victim Site: satpol.pp.go.id
  159. Alleged Microsoft April 2025 Patch Tuesday Addresses 167 Vulnerabilities Including 2 Zero-Days
    Category: Vulnerability
    Content: Microsoft has released its April 2025 security update patching 167 vulnerabilities across its product portfolio. Among these, 2 are zero-day vulnerabilities and 8 are rated critical. The vulnerability types include privilege escalation, remote code execution, and information disclosure. Affected products include SharePoint, Microsoft Defender, and Microsoft Office. Microsoft has urged users and organizations to apply the updates immediately.
    Date: 2026-04-19T10:30:38Z
    Network: telegram
    Published URL: https://t.me/c/1283513914/21275
    Screenshots:
    None
    Threat Actors: خبرگزاری سایبربان| Cyberban News
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft
    Victim Site: microsoft.com
  160. Alleged leak of German mixed-domain credential combolist
    Category: Combo List
    Content: A threat actor operating under the alias HQcomboSpace has made available a combolist containing approximately 127,120 lines of credential data associated with mixed German domains. The data was shared freely via a Mega.nz file link on the cracking forum CrackingX. The combolist likely contains email and password combinations harvested from various German domain accounts.
    Date: 2026-04-19T10:26:01Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72560/
    Screenshots:
    None
    Threat Actors: HQcomboSpace
    Victim Country: Germany
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  161. Alleged leak of Japanese mail access credentials
    Category: Combo List
    Content: A threat actor operating under the alias MailAccesss has made available a list of approximately 5,700 Japanese email account credentials on the cracking forum CrackingX. The post, dated April 19, appears to offer mail access credentials restricted to registered forum users. No specific targeted organization or email provider has been identified.
    Date: 2026-04-19T10:25:45Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72561/
    Screenshots:
    None
    Threat Actors: MailAccesss
    Victim Country: Japan
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  162. Alleged leak of Hotmail credentials via combolist distribution
    Category: Combo List
    Content: A threat actor operating under the alias Herry_X0087 has made available a combolist containing 230 historical Hotmail account credentials. The post was shared on the CrackingX forum by user hqtabbb and promotes a Telegram channel (DarkNodeCloud) for accessing additional free combolists. The credentials are freely distributed via an external paste service.
    Date: 2026-04-19T10:25:30Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72562/
    Screenshots:
    None
    Threat Actors: hqtabbb
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft Hotmail
    Victim Site: hotmail.com
  163. Alleged leak of Russian email credentials combolist
    Category: Data Leak
    Content: A threat actor operating under the alias Megacloud has shared a combolist containing approximately 2,100 Russian email account credentials on the AE – Combo List forum. The post, dated April 19, appears to offer the credential list as a free download requiring forum engagement to access. The specific email providers or services affected are not disclosed in the post.
    Date: 2026-04-19T10:22:49Z
    Network: openweb
    Published URL: https://altenens.is/threads/2-1k-russian-mail-acess-19-04.2927619/unread
    Screenshots:
    None
    Threat Actors: Megacloud
    Victim Country: Russia
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  164. Alleged leak of 1,300 French email credentials
    Category: Data Leak
    Content: A threat actor operating under the alias Megacloud has made available a combolist containing approximately 1,300 email credentials belonging to French users, dated April 19th. The post is shared on the AE (Altenens) forum and requires users to reply to access the hidden credential data. No specific targeted organization or service has been identified.
    Date: 2026-04-19T10:22:20Z
    Network: openweb
    Published URL: https://altenens.is/threads/1-3k-france-fresh-mail-access-19-04.2927620/unread
    Screenshots:
    None
    Threat Actors: Megacloud
    Victim Country: France
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  165. Alleged Data Leak of Israeli Citizens Facebook Account Data
    Category: Data Leak
    Content: A threat actor known as Xyph0rix has leaked a structured dataset allegedly containing personal information of Israeli citizens linked to their Facebook accounts. The data includes phone numbers, Facebook IDs, full names, gender, location, relationship status, city, country, and additional profile fields. The data appears to be a scrape or breach of Facebook profile data tied to Israeli phone numbers in the 972 country code range.
    Date: 2026-04-19T10:18:55Z
    Network: openweb
    Published URL: https://breached.st/threads/israeli-citizens-facebook-accounts.86096/unread
    Screenshots:
    None
    Threat Actors: Xyph0rix
    Victim Country: Israel
    Victim Industry: Social Media
    Victim Organization: Facebook
    Victim Site: facebook.com
  166. Alleged Data Leak of Satpol PP Indonesian Government Personnel Database
    Category: Data Leak
    Content: A threat actor using the alias Xyph0rix has freely shared a database allegedly belonging to Satpol PP (Satuan Polisi Pamong Praja), an Indonesian government civil service police unit under the go.id domain. The leaked data contains structured personnel records of structural officials, including employee ID numbers (NIP), full names, educational qualifications, civil service ranks, and job positions. The data appears to be sourced from Bangka Tengah Regencys Satpol PP office.
    Date: 2026-04-19T10:18:21Z
    Network: openweb
    Published URL: https://breached.st/threads/database-satpol-pp-go-id.86095/unread
    Screenshots:
    None
    Threat Actors: Xyph0rix
    Victim Country: Indonesia
    Victim Industry: Government
    Victim Organization: Satuan Polisi Pamong Praja Kabupaten Bangka Tengah
    Victim Site: satpolpp.go.id
  167. Alleged leak of Hotmail credential samples
    Category: Combo List
    Content: A threat actor operating under the alias HollowKnight07 has made available a sample combolist of 725 Hotmail credentials on the cracking forum CrackingX. The post offers a free download link, suggesting this is a credential sample likely intended to demonstrate the validity of a larger dataset. The targeted service is Microsofts Hotmail email platform.
    Date: 2026-04-19T10:07:20Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72556/
    Screenshots:
    None
    Threat Actors: HollowKnight07
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft
    Victim Site: hotmail.com
  168. Alleged leak of 9,772 fresh mail access credentials
    Category: Combo List
    Content: A threat actor operating under the alias RandomUpload has shared a combolist containing 9,772 alleged fresh mail access credentials on the cracking forum CX. The content is available to registered users of the forum. No specific victim organization, country, or mail provider has been identified from the available post details.
    Date: 2026-04-19T09:51:45Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72555/
    Screenshots:
    None
    Threat Actors: RandomUpload
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  169. Alleged leak of 1 million URL-login-password credentials
    Category: Combo List
    Content: A threat actor operating under the alias RandomUpload has made available a combolist containing approximately 1 million URL-login-password credential pairs on the cracking forum CX. The post is dated April 26, 2019, and the content is restricted to registered forum users. No specific victim organization, industry, or country has been identified.
    Date: 2026-04-19T09:34:35Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72554/
    Screenshots:
    None
    Threat Actors: RandomUpload
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  170. Alleged sale of multi-platform combolists, cookies, and logs including Hotmail, Gmail, PayPal, and Netflix
    Category: Logs
    Content: A threat actor operating as tuzelity is advertising for sale a wide range of combolists, cookies, and stealer logs covering dozens of major platforms including email providers (Hotmail, Gmail, Yahoo, AOL, Comcast), social media (Facebook, Instagram, TikTok), streaming (Netflix, Disney), gaming (PSN, Xbox, Steam, Roblox), e-commerce (Amazon, eBay, PayPal, Shein), travel (Airbnb, Booking, Aircanada, Marriott), and dating sites (Badoo, OkCupid, Bumble, Zoosk). Contact handle provided is the sellers Telegram.
    Date: 2026-04-19T09:33:31Z
    Network: telegram
    Published URL: https://t.me/c/2613583520/65563
    Screenshots:
    None
    Threat Actors: tuzelity
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  171. Alleged leak of Hotmail credential combolist with forum validity
    Category: Combo List
    Content: A threat actor known as ValidMail has made available a combolist of approximately 40,000 Hotmail email credentials on the cracking forum CrackingX. The post is categorized under Combolists & Dumps and claims the credentials have been validated against forums. Full content requires forum registration or sign-in to access.
    Date: 2026-04-19T09:03:11Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72553/
    Screenshots:
    None
    Threat Actors: ValidMail
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft Hotmail
    Victim Site: hotmail.com
  172. Alleged hack of KelpDAO Protocol resulting in $300 million theft
    Category: Cyber Attack
    Content: Threat actors reportedly compromised KelpDAO Protocol and drained approximately 116,500 ETH (valued at ~$300 million), immediately transferring the funds to another address.
    Date: 2026-04-19T08:57:48Z
    Network: telegram
    Published URL: https://t.me/c/1397463379/11149
    Screenshots:
    None
    Threat Actors: LZT
    Victim Country: Unknown
    Victim Industry: Cryptocurrency / DeFi
    Victim Organization: KelpDAO
    Victim Site: Unknown
  173. Alleged leak of Hotmail credentials combolist
    Category: Combo List
    Content: A threat actor operating under the alias alphaxdd has made available a combolist of 850 purportedly valid Hotmail credentials on the cracking forum CrackingX. The post describes the credentials as premium hits associated with private cloud access and mixed mail types. The actor can be contacted via Telegram at alphaaxd and the content is offered as a free download.
    Date: 2026-04-19T08:46:18Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72552/
    Screenshots:
    None
    Threat Actors: alphaxdd
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft Hotmail
    Victim Site: hotmail.com
  174. Alleged defacement of 24citylive.com by OpsShadowStrike hacktivist coalition
    Category: Defacement
    Content: The hacktivist group #OpsShadowStrike, in collaboration with multiple groups including TengkorakCyberCrew, MalaysiaHacktivist, EagleCyberCrew, CyberActivistMalaysia, AskarBadai, TheSweetNight, and Noheartz, claims to have defaced the Indian news website 24citylive.com. The defacement page is hosted at https://24citylive.com/ops.html. The attack appears politically motivated, aligned with pro-Palestine and anti-Israel sentiment under the #AllMuslimHackers banner.
    Date: 2026-04-19T08:26:17Z
    Network: telegram
    Published URL: https://t.me/c/3844432135/344
    Screenshots:
    None
    Threat Actors: #OpsShadowStrike
    Victim Country: India
    Victim Industry: Media & News
    Victim Organization: 24citylive.com
    Victim Site: 24citylive.com
  175. Alleged leak of Yahoo credentials combolist
    Category: Combo List
    Content: A threat actor using the handle HQcomboSpace has shared a mixed-country combolist containing 13,659 credential entries targeting Yahoo accounts via a Mega.nz file link. The post was made on the cracking forum CrackingX in the Combolists & Dumps section. The combolist appears to include credentials from multiple countries and is being made available for free download.
    Date: 2026-04-19T08:14:44Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72549/
    Screenshots:
    None
    Threat Actors: HQcomboSpace
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Yahoo
    Victim Site: yahoo.com
  176. Alleged leak of mixed social media combolist with 5 million credentials
    Category: Combo List
    Content: A threat actor operating under the alias CODER has made available a mixed social media combolist containing approximately 5 million credential pairs via Telegram channels. The combolist is being distributed for free through two Telegram groups and a direct contact handle. The origin platforms and affected organizations are unspecified, though the content is described as mixed social media credentials.
    Date: 2026-04-19T08:14:26Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72550/
    Screenshots:
    None
    Threat Actors: CODER
    Victim Country: Unknown
    Victim Industry: Social Media
    Victim Organization: Unknown
    Victim Site: Unknown
  177. Alleged leak of Hotmail credentials via combolist distribution
    Category: Combo List
    Content: A threat actor operating under the alias Herry_X0087 has made available a combolist containing 500 Hotmail credentials, shared via a Telegram channel (Noir Public Cloud) and a paste site. The post promotes a free credential-sharing service encouraging users to join for daily combolist distributions. The content was posted on the cracking forum CrackingX by user hqtabbb.
    Date: 2026-04-19T08:14:11Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72551/
    Screenshots:
    None
    Threat Actors: hqtabbb
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft Hotmail
    Victim Site: hotmail.com
  178. Alleged leak of Gmail credential combolist
    Category: Combo List
    Content: A threat actor forwarded via SUMATRA UTARA CYBER TEAM is distributing a free combolist containing usernames, Gmail addresses, and passwords. Two MediaFire download links are provided for the credential dump.
    Date: 2026-04-19T08:07:02Z
    Network: telegram
    Published URL: https://t.me/byjax7/8
    Screenshots:
    None
    Threat Actors: JAX7
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Google Gmail
    Victim Site: gmail.com
  179. Alleged leak of Hotmail credentials via combolist distribution
    Category: Combo List
    Content: A threat actor operating under the alias Herry_X0087 has made available a combolist containing 93 Hotmail account credentials. The list was shared via external links on a cracking forum and promoted through a Telegram channel called Noir Public Cloud which distributes free combolists. The post directs users to a pasteview link for access to the credential list.
    Date: 2026-04-19T07:41:56Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72547/
    Screenshots:
    None
    Threat Actors: hqtabbb
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft Hotmail
    Victim Site: hotmail.com
  180. Alleged leak of 800 USA domain credentials
    Category: Combo List
    Content: A threat actor known as Herry_X0087 has made available a combolist containing 800 USA domain credentials, shared freely via an external paste site. The post promotes a Telegram channel called NOIR PUBLIC CLOUD (DarkNodeCloud) offering daily free combos. The credentials were distributed through pasteview.com with no payment required.
    Date: 2026-04-19T07:41:41Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72548/
    Screenshots:
    None
    Threat Actors: hqtabbb
    Victim Country: United States
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  181. Alleged Data Leak of 10 Million SEP Workers by Threat Actor Richdie
    Category: Data Leak
    Content: A threat actor known as Richdie has freely distributed a dataset allegedly containing personal and employment records of approximately 10 million workers from Mexicos Secretaría de Educación Pública (SEP). The leaked data reportedly includes full names, CURP and RFC tax identifiers, work schedules, work unit codes, federal entity, job functions, working hours, payment codes, salary information, and budget allocation details. The data was made available via a public file-sharing link.
    Date: 2026-04-19T07:33:22Z
    Network: openweb
    Published URL: https://darkforums.su/Thread-DATA-TRABAJADORES-SEP-BY-RICHDIE
    Screenshots:
    None
    Threat Actors: Richdie
    Victim Country: Mexico
    Victim Industry: Government
    Victim Organization: Secretaría de Educación Pública (SEP)
    Victim Site: sep.gob.mx
  182. Alleged sale of large-scale URL:Login:Password credential combolist collection
    Category: Combo List
    Content: A threat actor on the cracking forum CrackingX is advertising a 750GB collection of URL:Login:Password (ULP) credential combolists, described as private and frequently updated. The offering includes online search access without requiring full file downloads, historical credential data, and the ability to filter results by country. The post implies a paid subscription or access model rather than a free leak.
    Date: 2026-04-19T07:24:48Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72545/
    Screenshots:
    None
    Threat Actors: Mustukaral
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  183. Alleged defacement of shadeform.com.au by OpsShadowStrike
    Category: Defacement
    Content: Hacktivist group #OpsShadowStrike, in collaboration with multiple groups including TengkorakCyberCrew, MalaysiaHacktivist, EagleCyberCrew, and others, claims to have defaced the Australian website shadeform.com.au. The attack appears politically motivated, referencing pro-Palestine and anti-Israel sentiments. The post includes hashtags indicating DDoS and data breach activity as well.
    Date: 2026-04-19T07:22:11Z
    Network: telegram
    Published URL: https://t.me/c/3844432135/343
    Screenshots:
    None
    Threat Actors: #OpsShadowStrike
    Victim Country: Australia
    Victim Industry: Unknown
    Victim Organization: Shadeform
    Victim Site: shadeform.com.au
  184. Alleged Critical Vulnerability in Nginx UI Admin Panel (Versions ≤2.3.5)
    Category: Vulnerability
    Content: A critical security vulnerability has been discovered in Nginx UI versions 2.3.5 and earlier. A portion of the admin panel is accessible without authentication, allowing an attacker with network access to modify server configurations and potentially gain full control of the server. Users are advised to immediately upgrade to version 2.3.6 or later, restrict panel access to internal networks or VPN, enforce strong passwords, and monitor for suspicious activity.
    Date: 2026-04-19T07:16:00Z
    Network: telegram
    Published URL: https://t.me/c/1283513914/21271
    Screenshots:
    None
    Threat Actors: خبرگزاری سایبربان| Cyberban News
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Nginx UI
    Victim Site: Unknown
  185. Alleged cyber attack by 313 Team concluded after target activated security measures
    Category: Cyber Attack
    Content: The Iraqi Islamic cyber resistance group 313 Team announced the conclusion of a cyber attack, stating the attack ended after the targeted site activated security protections and neutralized the attacks impact. No specific target was named in this update post.
    Date: 2026-04-19T07:10:10Z
    Network: telegram
    Published URL: https://t.me/c/2250158203/1032
    Screenshots:
    None
    Threat Actors: 313 Team
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  186. Alleged leak of mixed credential combolist (FATETRAFFIC 1450 MIX)
    Category: Combo List
    Content: A threat actor operating under the alias fatetraffic has made available a mixed combolist containing 1,450 credential pairs, described as stealer logs dated 19-04-2026. The combolist was shared freely via a Pixeldrain file hosting link on the cracking forum CrackingX. No specific victim organization or country has been identified, suggesting the credentials are aggregated from multiple sources via infostealer malware.
    Date: 2026-04-19T07:08:38Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72544/
    Screenshots:
    None
    Threat Actors: fatetraffic
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  187. Alleged leak of Hotmail credential combolist
    Category: Combo List
    Content: A threat actor operating under the alias Steveee36 has made available a combolist purportedly containing 1,205 Hotmail credentials on the cracking forum CrackingX. The post offers a free download of the credential list, which likely contains email and password pairs. The origin and validity of the credentials have not been verified.
    Date: 2026-04-19T06:51:30Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72542/
    Screenshots:
    None
    Threat Actors: stevee36
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft Hotmail
    Victim Site: hotmail.com
  188. Alleged leak of 67,000 mixed-domain credentials combolist
    Category: Logs
    Content: A threat actor operating under the alias Cir4Dk has made available a combolist containing approximately 67,000 email and password combinations spanning multiple domains. The credentials are described as fresh and cover a mixed range of domain providers. The post requires forum registration to access the download link.
    Date: 2026-04-19T06:46:54Z
    Network: openweb
    Published URL: https://xforums.st/threads/67k-mixed-domains-fresh-combolist.608899/
    Screenshots:
    None
    Threat Actors: Cir4Dk
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  189. Alleged Data Leak of BPJS Indonesia National Health Insurance Database
    Category: Data Leak
    Content: A threat actor operating under the alias Xyph0rix has leaked a database allegedly sourced from BPJS, Indonesias national social health insurance program. The exposed data includes full names, National Identity Numbers (NIK), dates and places of birth, and residential addresses of Indonesian citizens. The data appears to be structured records from a regional BPJS database, with at least dozens of individual records publicly shared on the breach forum.
    Date: 2026-04-19T06:13:04Z
    Network: openweb
    Published URL: https://breached.st/threads/database-bpjs-indonesia.86092/unread
    Screenshots:
    None
    Threat Actors: Xyph0rix
    Victim Country: Indonesia
    Victim Industry: Healthcare / Government Insurance
    Victim Organization: BPJS (Badan Penyelenggara Jaminan Sosial)
    Victim Site: bpjs-kesehatan.go.id
  190. Alleged leak of Gaming and Shopping credentials targeting Yahoo users
    Category: Combo List
    Content: A threat actor operating under the alias HQcomboSpace has made available a combolist containing approximately 1.4 million credential pairs on a cracking forum. The list targets gaming and shopping platforms with a focus on Yahoo-associated accounts. The combolist was shared via a Mega.nz link as a free download.
    Date: 2026-04-19T06:02:34Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72541/
    Screenshots:
    None
    Threat Actors: HQcomboSpace
    Victim Country: Unknown
    Victim Industry: Gaming, Retail
    Victim Organization: Unknown
    Victim Site: yahoo.com
  191. Alleged Sale of Vercel Database Access Keys, Source Code, and Employee Credentials Enabling Supply Chain Attack
    Category: Initial Access
    Content: Threat actor ShinyHunters is selling alleged access to Vercels internal systems, including multiple employee accounts, internal deployment access, API keys, NPM tokens, and GitHub tokens. The actor claims this access could enable a global supply chain attack via Next.js, Turbo.js, and the broader Vercel ecosystem, potentially impacting every developer who installs or updates affected packages. Internal user data fields exposed include id, name, displayName, email, active status, admin/guest flags, timezone, and timestamps. Asking price is $2M USD. Middleman required. Contact via XMPP, Telegram, or email.
    Date: 2026-04-19T05:59:03Z
    Network: telegram
    Published URL: https://t.me/c/3737716184/1431
    Screenshots:
    None
    Threat Actors: ShinyHunters
    Victim Country: United States
    Victim Industry: Cloud Computing / Software Development
    Victim Organization: Vercel
    Victim Site: vercel.com
  192. Alleged Data Leak of Indonesian National Police (Kepolisian Negara Republik Indonesia) Personnel Database
    Category: Data Leak
    Content: A threat actor operating under the alias Xyph0rix has leaked a structured database dump allegedly belonging to the Indonesian National Police (Kepolisian Negara Republik Indonesia). The exposed data includes personnel records containing officer IDs, full names, ranks, assigned police units, disciplinary case details, decision references, and hashed values that may represent passwords or identifiers. The data appears to relate to internal disciplinary proceedings across multiple regional police
    Date: 2026-04-19T05:56:46Z
    Network: openweb
    Published URL: https://breached.st/threads/database-kepolisian-negara-republik-indonesia.86091/unread
    Screenshots:
    None
    Threat Actors: Xyph0rix
    Victim Country: Indonesia
    Victim Industry: Government – Law Enforcement
    Victim Organization: Kepolisian Negara Republik Indonesia (Indonesian National Police)
    Victim Site: Unknown
  193. Website defacement of Universitas Darma Agung library portal by Irene of XmrAnonye.id
    Category: Defacement
    Content: On April 19, 2026, a threat actor identified as Irene from the group XmrAnonye.id defaced the library subdomain of Universitas Darma Agung, an Indonesian university. The defacement targeted a specific subdirectory (readme.txt) and was not classified as a mass or home page defacement. A mirror of the defaced page was archived at haxor.id.
    Date: 2026-04-19T05:52:19Z
    Network: openweb
    Published URL: https://haxor.id/archive/mirror/248595
    Screenshots:
    None
    Threat Actors: Irene, XmrAnonye.id
    Victim Country: Indonesia
    Victim Industry: Education
    Victim Organization: Universitas Darma Agung
    Victim Site: libr.universitasdarmaagung.ac.id
  194. Alleged Data Leak of PTT Cargo Tracking System User Data in Turkey
    Category: Data Leak
    Content: A threat actor known as SiberSLX claims to have scraped data from PTT Cargos package tracking system and shared a sample on the Breached forum. The leaked dataset contains sensitive personal information including recipients full names, national ID numbers (T.C. Kimlik No), delivery addresses, sender details, and shipment logistics data. The exposed records include deciphered fields revealing unmasked names and Turkish national identification numbers, posing significant privacy risks to affecte
    Date: 2026-04-19T05:09:37Z
    Network: openweb
    Published URL: https://breached.st/threads/turkey-ptt-cargo-following-system-sample.86090/unread
    Screenshots:
    None
    Threat Actors: SiberSLX
    Victim Country: Turkey
    Victim Industry: Postal & Logistics Services
    Victim Organization: PTT Cargo
    Victim Site: ptt.gov.tr
  195. Alleged leak of cookies and credentials for multiple platforms including Netflix, eBay, and Fortnite
    Category: Data Leak
    Content: A threat actor operating under the alias bluestarcrack has made available session cookies and credentials for multiple platforms including Netflix, eBay, and Fortnite, among others. The files appear to be hosted on the file-sharing service Uploadery. No pricing or record count details were provided in the post.
    Date: 2026-04-19T04:53:46Z
    Network: openweb
    Published URL: https://breached.st/threads/cookies-netflix-ebay-fortnite-more.86089/unread
    Screenshots:
    None
    Threat Actors: bluestarcrack
    Victim Country: Unknown
    Victim Industry: Multiple
    Victim Organization: Netflix, eBay, Fortnite and others
    Victim Site: Unknown
  196. Alleged Sale of BTMOB v4.1 Android RAT Source Code
    Category: Initial Access
    Content: A threat actor operating under the alias isExploit is advertising the source code of BTMOB v4.1, a full-featured Android Remote Access Trojan (RAT), on a cybercrime forum. The malware includes capabilities such as DDoS attacks, live screen capture, keylogging, PIN grabbing, XMR cryptocurrency mining, SSH/Telnet remote commands, call/SMS interception, and plugin-based dropper functionality. The seller can be contacted via Telegram handle @Hackro0t.
    Date: 2026-04-19T04:52:16Z
    Network: openweb
    Published URL: https://breached.st/threads/source-code-btmob-v4-1-the-best-rat-of-2026.86088/unread
    Screenshots:
    None
    Threat Actors: isExploit
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  197. Alleged leak of Netflix session cookies
    Category: Data Leak
    Content: A threat actor operating under the alias bluestarcrack on the Breached forum has shared what are claimed to be fresh Netflix session cookies via a file hosted on Uploadery. Session cookies can be used to hijack authenticated Netflix accounts without requiring a password. No specific record count or pricing was mentioned, suggesting the content was made available for free.
    Date: 2026-04-19T04:36:40Z
    Network: openweb
    Published URL: https://breached.st/threads/cookies-netflix-fresh.86087/unread
    Screenshots:
    None
    Threat Actors: bluestarcrack
    Victim Country: Unknown
    Victim Industry: Entertainment / Streaming
    Victim Organization: Netflix
    Victim Site: netflix.com
  198. Alleged Data Breach of Transak.com by ShinyHunters
    Category: Data Breach
    Content: Threat actor ShinyHunters is claiming to sell 900GB of data allegedly stolen from Transak.com, a US-based cryptocurrency platform. The data is being offered for $2,000 USD with a sample available at qu.ax. Contact is via Telegram handle @shinyc0rpsss. Message ID 1443 suggests a ransom/extortion element with a pay or leak ultimatum.
    Date: 2026-04-19T04:27:59Z
    Network: telegram
    Published URL: https://t.me/c/3737716184/1442
    Screenshots:
    None
    Threat Actors: ShinyHunters
    Victim Country: United States
    Victim Industry: Cryptocurrency / Financial Services
    Victim Organization: Transak
    Victim Site: transak.com
  199. Alleged sale of RDP access including Azure, AWS, and DigitalOcean cloud instances
    Category: Initial Access
    Content: A threat actor is offering RDP access for rent on a daily or monthly basis. The offering includes cloud-based RDP instances on Azure, AWS, and DigitalOcean priced at $200, described as fresh with clean IPs. Additional services include domain mail, Gmail, Yahoo accounts, domain access, and GitHub Student accounts. The listing is marketed for inbox/spam operations and mentions escrow support.
    Date: 2026-04-19T04:07:01Z
    Network: telegram
    Published URL: https://t.me/c/2613583520/65435
    Screenshots:
    None
    Threat Actors: PORTAL
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  200. Alleged leak of German domain credentials combolist
    Category: Combo List
    Content: A threat actor known as HQcomboSpace has made available a combolist containing 338,156 credential pairs targeting German (.de) domains. The combolist was shared freely via a Mega.nz link on the cracking forum CrackingX. The leaked data appears to consist of email and password combinations associated with German domain accounts.
    Date: 2026-04-19T03:53:23Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72538/
    Screenshots:
    None
    Threat Actors: HQcomboSpace
    Victim Country: Germany
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  201. Alleged Sale of Linkable Credit Cards and Financial Account Credentials for Multiple Platforms
    Category: Combo List
    Content: A threat actor operating under the alias Vapp09 is offering linkable credit cards (CC) and associated cashout methods for multiple major platforms including Google Pay, eBay, Cash App, PayPal, and Booking.com. The actor is also advertising Apple ID logs and complete CC cashout method packages, with contact facilitated via Telegram. No specific record count or pricing details are disclosed in the post.
    Date: 2026-04-19T03:37:10Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72536/
    Screenshots:
    None
    Threat Actors: Vapp09
    Victim Country: Unknown
    Victim Industry: Financial Services
    Victim Organization: Unknown
    Victim Site: Unknown
  202. Alleged Sale of Vercel Access Keys, Source Code, and Database with Supply Chain Attack Potential
    Category: Initial Access
    Content: Threat actor ShinyHunters is selling alleged access to Vercels internal systems, including multiple employee accounts, API keys, NPM tokens, and GitHub tokens. The actor claims this access could enable a global supply chain attack via Next.js (6 million weekly downloads), Turbo.js, and the broader Vercel ecosystem. Proof of access includes internal Linear project management data with user fields (id, name, displayName, email, active, admin, guest, timezone). Asking price is $2M USD. Contact via XMPP, Telegram (@shinyc0rpsss), or email. Middleman required.
    Date: 2026-04-19T03:07:55Z
    Network: telegram
    Published URL: https://t.me/c/3737716184/1437
    Screenshots:
    None
    Threat Actors: ShinyHunters
    Victim Country: United States
    Victim Industry: Cloud Computing / Software Development
    Victim Organization: Vercel
    Victim Site: vercel.com
  203. Alleged leak of Hotmail credential combolist with forum-validated accounts
    Category: Combo List
    Content: A threat actor operating under the alias ValidMail has made available a combolist of approximately 40,000 Hotmail email credentials on the cracking forum CrackingX. The post claims the credentials have been validated and are specifically curated for forum account access. The content is restricted to registered or signed-in forum members.
    Date: 2026-04-19T02:49:39Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72533/
    Screenshots:
    None
    Threat Actors: ValidMail
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft Hotmail
    Victim Site: hotmail.com
  204. Alleged leak of mixed valid email access credentials (25,500 records)
    Category: Data Leak
    Content: A threat actor operating under the alias redcloud has made available a combolist of approximately 25,500 allegedly valid mixed email credentials, dated April 19, 2026. The post is shared on the AE forum and described as private and ultra-high quality (UHQ). The actor provides a Telegram handle (@tutuba5m) and offers the data as a free download requiring a forum reply to access.
    Date: 2026-04-19T02:46:56Z
    Network: openweb
    Published URL: https://altenens.is/threads/25-5k-sparkles-mix-sparkles-valid-mail-access-19-04.2927588/unread
    Screenshots:
    None
    Threat Actors: redcloud
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  205. Alleged leak of Hotmail credential combolist
    Category: Combo List
    Content: A threat actor known as noir has made available a combolist of allegedly valid Hotmail credentials, described as UHQ (ultra-high quality). The post references a private cloud storage link and directs users to a Telegram account (@noiraccesss) for access. The content is gated behind forum registration, suggesting it may be distributed to registered members.
    Date: 2026-04-19T02:33:12Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72532/
    Screenshots:
    None
    Threat Actors: noir
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft
    Victim Site: hotmail.com
  206. Alleged data breach of Binance with 1.5M user records for sale
    Category: Data Breach
    Content: Threat actor ShinyHunters is selling an alleged database of 1.5 million Binance user records dated 2026. The dataset includes status, email, password, full name, phone number, country, last login, 2FA status, KYC status, and USD balance. The asking price is $50,000 USD with a middleman required. Contact is offered via XMPP, Telegram (@shinyc0rpsss), and email ([email protected]). The listing is posted on BreachForums.
    Date: 2026-04-19T02:23:37Z
    Network: telegram
    Published URL: https://t.me/c/3737716184/1435
    Screenshots:
    None
    Threat Actors: ShinyHunters
    Victim Country: Unknown
    Victim Industry: Cryptocurrency / Financial Services
    Victim Organization: Binance
    Victim Site: binance.com
  207. Alleged leak of Hotmail credential combolist
    Category: Data Leak
    Content: A threat actor operating under the alias redcloud has made available a combolist of approximately 10,300 allegedly valid Hotmail credentials on the AE forum. The post, dated April 19, 2026, claims the credentials are private and high quality (UHQ). The content is offered as a free download requiring forum interaction, with the actor also providing a Telegram contact handle.
    Date: 2026-04-19T02:14:29Z
    Network: openweb
    Published URL: https://altenens.is/threads/10-3k-high-voltagehotmailhigh-voltagevalid-mail-access-19-04.2927584/unread
    Screenshots:
    None
    Threat Actors: redcloud
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft
    Victim Site: hotmail.com
  208. Alleged Sale of Vercel Access Keys, Source Code, and Database Enabling Potential Supply Chain Attack
    Category: Initial Access
    Content: Threat actor ShinyHunters is selling alleged access to Vercels internal systems including multiple employee accounts, API keys, NPM tokens, and GitHub tokens. The actor claims this access could enable a global supply chain attack via Next.js (6 million weekly downloads), Turbo.js, and the broader Vercel ecosystem. Internal user/member data fields are exposed (id, name, displayName, email, active, admin, guest, timezone, timestamps). Proof provided via Linear internal system data. Asking price is $2M USD. Contact via XMPP, Telegram, and email with middleman required.
    Date: 2026-04-19T02:07:36Z
    Network: telegram
    Published URL: https://t.me/c/3737716184/1432
    Screenshots:
    None
    Threat Actors: ShinyHunters
    Victim Country: United States
    Victim Industry: Cloud Computing / Software Development
    Victim Organization: Vercel
    Victim Site: vercel.com
  209. Alleged data leak of Indonesian Police Intelligence Officers Personal Data (Malang)
    Category: Data Leak
    Content: A structured dataset containing personal information of Indonesian National Police (POLRI) intelligence personnel from Polresta Malang Kota and Polsek Sukun has been leaked. The data includes fields such as NRP (police registration number), full name, phone number, unit (Intel/Intelkam), position, rank (ranging from BRIPTU to KOMPOL), and station assignment. At least 9 officers are exposed in this sample, with ranks including IPTU, IPDA, BRIPKA, AIPTU, KOMPOL, and BRIPTU.
    Date: 2026-04-19T02:00:31Z
    Network: telegram
    Published URL: https://t.me/c/3755871403/246
    Screenshots:
    None
    Threat Actors: Rakyat Digital Crew
    Victim Country: Indonesia
    Victim Industry: Government / Law Enforcement
    Victim Organization: Polresta Malang Kota
    Victim Site: Unknown
  210. Alleged leak of Gmail credentials combolist
    Category: Combo List
    Content: A threat actor operating under the alias D4rkNetHub has made available a combolist purportedly containing over 100,000 Gmail credentials on the cracking forum CrackingX. The post is gated behind registration or sign-in, limiting full visibility into the datas authenticity or origin. The leaked content appears to consist of email and password pairs associated with Gmail accounts.
    Date: 2026-04-19T01:52:55Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72530/
    Screenshots:
    None
    Threat Actors: D4rkNetHub
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Google Gmail
    Victim Site: gmail.com
  211. Alleged leak of Hotmail credentials targeting gaming and shopping sectors
    Category: Combo List
    Content: A threat actor operating under the alias HQcomboSpace has made available a combolist containing approximately 1.09 million credential pairs via a Mega.nz link. The combolist targets Hotmail email accounts associated with gaming and shopping platforms. No price or payment was mentioned, indicating this is a free distribution of the credential list.
    Date: 2026-04-19T01:34:39Z
    Network: openweb
    Published URL: https://crackingx.com/threads/72529/
    Screenshots:
    None
    Threat Actors: HQcomboSpace
    Victim Country: Unknown
    Victim Industry: Gaming, Retail
    Victim Organization: Microsoft Hotmail
    Victim Site: hotmail.com
  212. Alleged data breach of Indonesian Government Postal Training Portal (serena.postel.go.id)
    Category: Data Breach
    Content: A threat actor has allegedly leaked a database of 15,677 thousand participant records from serena.postel.go.id, a training portal belonging to Indonesias postal and telecommunications regulatory body (Postel). The data was posted on breached.st forum.
    Date: 2026-04-19T01:13:01Z
    Network: telegram
    Published URL: https://t.me/BabayoErorSyteam/495
    Screenshots:
    None
    Threat Actors: BABAYO EROR SYSTEM
    Victim Country: Indonesia
    Victim Industry: Government
    Victim Organization: Direktorat Jenderal Sumber Daya dan Perangkat Pos dan Informatika (Postel)
    Victim Site: serena.postel.go.id
  213. Alleged Data Leak of Students and Lecturers at Universitas Dirgantara Marsekal Suryadarma
    Category: Data Leak
    Content: A threat actor known as MaxiZERO leaked structured personal data belonging to students and lecturers of Universitas Dirgantara Marsekal Suryadarma, an Indonesian aviation-focused university. The leaked records include student identification numbers (NIM), full names, cities and dates of birth, academic programs, faculties, and semester information. The data appears to have been extracted from the universitys academic information system API.
    Date: 2026-04-19T01:12:04Z
    Network: openweb
    Published URL: https://breached.st/threads/data-leak-of-students-and-lecturers-at-universitas-dirgantara-marsekal-suryadarma.86084/unread
    Screenshots:
    None
    Threat Actors: MaxiZERO
    Victim Country: Indonesia
    Victim Industry: Education
    Victim Organization: Universitas Dirgantara Marsekal Suryadarma
    Victim Site: Unknown
  214. Alleged Data Leak of Indonesian BIMA Ditjen Saintek Academic Personnel Records
    Category: Data Leak
    Content: A threat actor operating under the alias MaxiZERO has freely leaked a structured database dump from BIMA Ditjen Saintek, an Indonesian Ministry of Education directorate managing higher education lecturer data. The leaked records include sensitive personal information such as full names, National Identity Numbers (NIK/KTP), NIDN lecturer registration numbers, email addresses, phone numbers, home addresses, dates of birth, academic credentials, and institutional affiliations. The exposed data pe
    Date: 2026-04-19T01:11:26Z
    Network: openweb
    Published URL: https://breached.st/threads/leak-indonesia-bima-ditjen-saintek-dosen-nik-email-fresh.86085/unread
    Screenshots:
    None
    Threat Actors: MaxiZERO
    Victim Country: Indonesia
    Victim Industry: Education
    Victim Organization: BIMA Ditjen Saintek (Direktorat Jenderal Sains dan Teknologi)
    Victim Site: Unknown
  215. Alleged leak of Hotmail credentials combolist
    Category: Combo List
    Content: A threat actor operating under the alias Sellerxd has made available a combolist of approximately 600 alleged valid Hotmail email and password combinations on a cybercrime forum. The credentials are described as HQ (high quality) and valid, suggesting they have been verified. The content is hidden behind a registration or login requirement on the forum.
    Date: 2026-04-19T00:27:37Z
    Network: openweb
    Published URL: https://demonforums.net/Thread-Email-Pass-0-6k-HQ-Valid-Hotmails
    Screenshots:
    None
    Threat Actors: Sellerxd
    Victim Country: Unknown
    Victim Industry: Technology
    Victim Organization: Microsoft
    Victim Site: hotmail.com

Related Posts