[April-3-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This report provides an exhaustive analysis of a series of cybersecurity incidents documented on April 3 and April 4, 2026. The threat landscape detailed in these events is characterized by highly active and organized threat actors, widespread data breaches, mass website defacements, the sale of initial access to critical infrastructure, and the distribution of massive credential combo lists. Major threat groups such as ShinyHunters have resumed operations with devastating effect, targeting global enterprise networks, while initial access brokers like ‘miyako’ are actively selling root access to government and corporate firewalls worldwide. Hacktivist activity remains high, with politically motivated defacements and SCADA system attacks affecting nations like Israel, Turkey, and South Korea. This report categorizes these incidents by threat actor, attack vector, and affected industries to provide a comprehensive overview of the current cyber threat environment.

2. Apex Threat Actors: The Return of ShinyHunters

The threat group ShinyHunters represents one of the most critical threats in this reporting period, demonstrating a resurgence in activity with new infrastructure and devastating breaches. They have deprecated previous PGP keys, issued a new public key for future communications, and established new contact channels via Telegram and Session, alongside an onion-based Data Leak Site (DLS). This operational security reset has been accompanied by a series of high-profile attacks.

2.1 Corporate and Enterprise Breaches

Cisco and Salesforce: ShinyHunters claims to have breached Cisco through a Trivy supply chain compromise. As a result, they allegedly obtained over 3 million Salesforce records containing personally identifiable information (PII), GitHub repositories, AWS storage, and internal corporate data. Furthermore, the group claims possession of source code for multiple Cisco AI products, including AI Assistants, AI Defense, AI Canvas, and AI Cisco Cloud Control. The threat group teased this release by publishing a GitHub Personal Access Token alongside an internal Cisco IT Splunk query targeting a ds-github index, demonstrating their internal access. The data was offered for sale on BreachForums for $2 million USD. The group also issued an extortion-style ultimatum to Cisco, threatening their partner relationships if demands were not met.
Santander Bank: The group claimed a massive data breach affecting Santander Bank customers in Spain, Chile, and Uruguay. The stolen data allegedly includes 30 million customer records, 6 million account numbers with balances, HR employee lists, and 28 million full credit card numbers including CVVs and expiration dates. The data was offered for $25,000, with an invitation for Santander to purchase it directly.
InterSystems TrakCare: A ShinyHunters affiliate named “extasehunters” claimed unauthorized access to TrakCare, a unified Electronic Health Record (EHR) system managing over 400 million patient records across 500+ hospitals globally.
IN Groupe (Imprimerie Nationale): ShinyHunters claimed a breach of IN Groupe, a 100% French government-owned entity responsible for manufacturing secure identity documents like biometric passports and national ID cards. This breach poses significant national security risks for France.
Mercer Advisors: An actor associated with ShinyHunters claimed to have exfiltrated over 5 million Salesforce records from Mercer Advisors, including over 1.3 million records containing PII.

2.2 Extortion and Taunting Tactics

ShinyHunters has employed aggressive extortion tactics, issuing “Pay or Leak” ultimatums against undisclosed victims. In a highly personalized attack, the group publicly taunted an executive named Jason Lish, claiming he is part of a private Signal group of approximately 300 Chief Information Security Officers (CISOs). ShinyHunters accused Lish of lying to the CISO community regarding a recent breach, using this as an intimidation tactic.

3. The Initial Access Broker Ecosystem

Initial Access Brokers (IABs) play a crucial role in the cybercrime supply chain. The actor known as “miyako” has been exceptionally prolific, selling root-level remote code execution (RCE) and shell access to Linux-based firewalls globally.

3.1 Global Firewall Compromises by “miyako”

United States Targets: Miyako offered access to a US manufacturing company with $5 billion in revenue for $400 ; a US brokerage and wealth management firm with $600 million in revenue for $400 ; a US government contractor working with the DoD, DoT, DoC, and DHS for $400 ; and a US-based Managed Services Provider offering private cloud hosting for $400.
Government Targets: Access was sold for the Palestine Government Foreign Aid Portal for $300; Thailand’s government visa program infrastructure for $300 ; an African government transaction engine for $300 ; the Iraq Higher Education Platform for $200 ; and two Saudi Government Ministry entities for $300.
Asian and European Corporate Targets: Miyako sold access to a leading UK marketing agency for $200 ; an Asian energy and power distribution company for $200; Chinese firewall infrastructure for $400 ; a Chinese jewelry company with $1 billion in revenue for $200 ; and an Asian point-of-sale systems provider for $300.

3.2 Other Initial Access Activity

An actor named “AckLine” shared admin panel credentials for easyshul.com and advertised RDWEB access to a Netherlands-based software solutions company.
The group “Islamic Hacker Army” offered admin login credentials for 5 million IP cameras globally.
The group “BABAYO EROR SYSTEM” advertised shell access to a subdomain featuring high Domain Authority and Google Search Console access.

4. Widespread Data Leaks and Brokers

A multitude of independent threat actors and data brokers successfully exfiltrated and leaked massive datasets spanning multiple industries.

4.1 Education Sector Leaks by “MagoSpeak”

The threat actor “MagoSpeak” systematically leaked highly sensitive student and applicant data from numerous Mexican educational institutions. The leaked datasets consistently included full names, landline and mobile phone numbers, dates of birth, Gmail addresses, CURP (Mexican national ID) numbers, school IDs, SIGED school keys, indigenous language status, disability status, and financial aid information.

Victim Institutions: Centenaria y Benemérita Escuela Normal para Profesores , Centenaria y Benemérita Escuela Normal del Estado de Querétaro Andrés , Centenaria Escuela Normal del Estado Ignacio Manuel Altamirano , Benemérita y Centenaria Escuela Normal Oficial de Guanajuato , Benemérito Instituto Normal del Estado General Juan Crisóstomo Bonilla , Benemérita y Centenaria Escuela Normal del Estado de San Luis Potosí , Benemérita y Centenaria Escuela Normal del Estado de Durango , Benemérita y Centenaria Escuela Normal de Jalisco , and Benemérita Universidad Autónoma de Puebla (BUAP).

4.2 Corporate and Tech Breaches by “xorcat”

The actor “xorcat” specialized in leaking data from technology platforms, AI services, and government databases:

Government: Vietnam Government Police Warnings System (21,018 records including police admin accounts); US Government Publishing Office (1,500 records including internal government emails).
AI and Tech Platforms: HumanizerPro.AI (65,000 records including API keys); Pares.AI (96,000 records); Remote3.co (46,000 crypto freelancer profiles); Cuties.AI (153,000 NSFW AI platform records).
Media and E-commerce: Success.com (207,000 records); TLDR.Tech newsletter (1.2 million LinkedIn-enriched subscriber records); 8tracks (18.6 million records with SHA-1 hashes); Powerlab.fr (15,000 gaming PC customer records); SongTrivia2.io (291,000 user records); Traedex.com (66,000 crypto traders’ data) ; and Calai.app (3 million users’ dietary and health data).

4.3 Data Sales by “undertaker” and “Grubder”

undertaker: Sold 53+ million professional leads from Mawsool.tech; 546,519 customer records from Australian scuba retailer Adreno; 4.7 million order records from Thailand’s Central.co.th; 1.6 million records from Vietnam’s CareerViet ; and 24.5 million records from Argentina’s national social security administration (ANSES).
Grubder: Targeted business directories and e-commerce, selling 527,000 records from Páginas Amarillas Venezuela; 423,000 records from the Venezuelan Ministry of Culture; 485,000 records from Replica Guns & Swords; 563,000 records from EcommerceTemplates.com; 312,000 records from Páginas Amarillas Uruguay ; and 537,000 records from the DealerTrack automotive platform.

4.4 Other Notable Data Breaches

Financial and Corporate: Kotowka sold 105,000 Ledger customer records breached via the Global-e gateway and 50,000 Coinbase customer records. Moneyistime sold a 10GB database dump from Vitag Retail Technologies and 160GB of infrastructure data from China’s Xiamen Tungsten Co., Ltd.. A database of 1.9 million Hong Leong Bank clients was sold by DDying.
Government and Law Enforcement: Actor “iym” offered an 8.3 million record database from USA/Canada police tiplines (P3Global/CrimeStoppers), including anonymous tips and SSNs. A leak of 17 million vehicle registration records from Ecuador’s National Traffic Agency was offered by GordonFreeman. A 10 million record database from Chile’s Civil Registry was also leaked. Hacktivists “Sadboy Cyber Team” breached Vietnamese telecommunications, obtaining 80 million phone records. The European Commission’s cloud infrastructure was breached by TeamPCP using a stolen API key, with data subsequently leaked by ShinyHunters.

5. Hacktivism, SCADA Attacks, and Political Cyber Warfare

A significant portion of the recorded events were driven by geopolitical motivations, targeting critical infrastructure and government entities.

5.1 Critical Infrastructure and SCADA Systems

South Korea Manufacturing: The “Z-Pentest Alliance” gained full HMI/PLC control over a South Korean automated manufacturing facility’s industrial control system under #OpSouthKorea. The actors obtained real-time access to conveyor controls, elevators, ventilation, and active sensors.
Turkish Water SCADA: The “Armenian code” group claimed to have disrupted the SCADA control system of a Turkish industrial pumping station. This was framed as retaliation against Turkey for its partnership with Azerbaijan.

5.2 Nation-State and Politically Motivated Actors

IRGC Navy Cyber Attack: The Islamic Revolutionary Guard Corps (IRGC) Navy Command claimed a cyber attack against an Oracle datacenter in Dubai and an Amazon datacenter in Bahrain. This was framed as retaliation for the killing of Iranians.
Hanzaleh (Hanthalah): This Iranian group claimed to have hacked the personal account of the FBI Director and leaked his information. The group also doxxed 20 staff members of the independent Persian-language news outlet IranWire, publishing their photos and personal details.
Anti-Israel Campaigns: The “Cyber Islamic Resistance” defaced Israeli educational site nativhaor.co.il and business site bniyat-atarim.co.il as part of their “Holy Response” operations regarding the Al-Aqsa Mosque. The group “#OpsShadowStrike” defaced royalinstitute.co.in collaborating with Malaysian and Indonesian hacktivists under pro-Palestine banners. “BD Anonymous” declared #OpProsecuteZionist, threatening Israeli government ministry servers.
Other Hacktivist Operations: “Morningstar” announced #OpFrance, targeting France due to political grievances against President Macron. The group “THE GARUDA EYE” issued ongoing threats against the Indonesian government. “Threat Market”, an Iranian actor, claimed to deploy a “Dead Mans Switch” against the FBI following intrusion attempts against their Onion domain.

6. Mass Defacement Campaigns

Website defacement remained a highly popular tactic, with specific threat actors and teams executing mass campaigns across thousands of global domains.

6.1 The “DimasHxR” Defacement Campaign

The threat actor “DimasHxR” executed an extraordinarily prolific, largely indiscriminate defacement campaign. They frequently targeted specific subdirectories, media folders, or customer address pages rather than root homepages. Their targets spanned across Europe, Australia, and Asia:

Germany & Netherlands: Eckwerk Shop , Kerashop , Kleintierladen , Cavallaro.
Scandinavia & UK: batlivetsdag.pgm.nu (Sweden) , kolborstar-gomes.se (Sweden) , damphuen.dk (Denmark) , UK Flooring Sale , bossu.co.uk.
Eastern Europe: Spawarki Magnum (Poland) , azan.com.pl (Poland) , karmybrit.pl (Poland) , infshop.hu (Hungary) , olvass.ro (Romania) , Leaderfins (Russia).
Asia & Middle East: VietAsia Foods (Vietnam) , shondo.vn (Vietnam) , thegioinano.com (Vietnam) , Apni Sabji Mandi (India) , The Lounge Kuwait.
Global/Unspecified: Security Warehouse , Casa Cuesta , David Hampton , KM Coating , TroutMagnet , TAG Motorsports , Product Components , ml.rocks , livephthings.com , FlashDrive Australia , FlexDev , Elms Marketing , Cavallaro Napoli , Gomes Carbon Brushes , British Live Steam , himla.com , lagarza.eu , Measurement Solutions Inc , meushot.com.br , pessere.com , brander.technology , Stack Systems , xero.online , elektropepi.eu , DVS Wines , rebelleftc.com.

6.2 The “Alpha wolf” (XYZ) Campaign

The “Alpha wolf” team, primarily operating under the alias “XYZ”, focused heavily on mass defacement campaigns, with a particular emphasis on Australian service businesses and Ukrainian platforms. Many of their attacks were classified as “redefacements,” indicating persistent access or poor victim remediation.

Australian Targets: 7 Days Garden Services , ASAP Landscape Concrete , E-Loyalty , Fix My Oven , Lockyer Valley Colonics , Mactek Telecom , MCSS , Mobile Repair Central , Multi Community Support Solutions , Pest Control First , Property Shine Cleaning , Top End Chill , Trinity Point Wellbeing Clinic , Triple S Cleaning Services.
Ukrainian Targets: bunchuk.com.ua , Regio Dialogue.
Global Targets: DP International Moving , EDI Digital (Colombia) , EDI Editing , Jyotshna Enterprises (India) , Bolivian Government Portal (Quipus) , [suspicious link removed] intranet , adulteducation.voloka.org , destin-project.info , tvoryty.com.

6.3 Other Defacement Groups

CYKOMNEPAL: Successfully targeted VN Storage (Vietnam) , Shuoletex (Bangladesh) , TrendyToys (Vietnam) , SD Fashions , Lucky Meow Home Pet , Nexa Logistics (Vietnam) , ZonaTech RD (Dominican Republic) , Vinh Barber Shop (Vietnam) , Vinal NK , and Extintores Campo Largo (Brazil).
Aptisme / Leviathan Perfect Hunter: Defaced gambling site 7789bet.io , avenbd.com (Bangladesh) , Luxtone Global , and Minh Khang Interior Design (Vietnam).
maw3six: Conducted mass defacements targeting Latvian sites including meraka.lv , strelnieku42.com , premier.estate , and estater.lv.
Babayo Eror System Affiliates: “Mr.XycanKing” defaced the Indonesian government open data portal opendata.kedirikab.go.id. “Mr.PIMZZZXploit” defaced misso.vn and trinityconstructionsolutions.com.

7. Combo Lists and Credential Harvesting

The distribution of “combo lists” (combinations of stolen email addresses/usernames and passwords) was rampant, facilitated through cybercrime forums and Telegram channels. These lists fuel credential stuffing attacks.

7.1 Massive Volume Distributors

CODER: This threat actor distributed an unparalleled volume of credentials for free via Telegram channels. Their releases included: a 12 million record IMAP/SMTP/Office list ; a 16 million record digital marketing list ; a 14 million record corporate credential list ; a 12 million mixed list ; a 14 million record social media/streaming list ; a 16 million business credential list ; an 11 million gaming platform list (Steam, PSN, Xbox, Epic Games) ; a crypto platform list ; banking/wallet combos ; a 9 million payment service list (PayPal, Stripe) ; a 7.8 million multi-provider list ; a 7.4 million email list ; and a 9.3 million mixed sector list.
HQcomboSpace: Specialized in geographic and domain-specific lists, including over 1 million German credential pairs; 404,722 Yahoo credentials; 735,987 German domain pairs; 1.88 million Yahoo crypto-user credentials; 187,175 educational credentials; 894,358 German credentials; 1.1 million Hotmail credentials; 591,792 German credentials ; and 617,266 German shopping credentials.
Leak Realm: Claimed massive but unverified leaks, including 8 million records , 175 million records , 33 million records , 22 million records , and an 8GB combolist.
BestCombo: Distributed millions of records, including 7,177 mixed credentials , 1.4 million mixed country credentials , 140,742 mail access credentials , 12,808 Outlook.com credentials , 14,151 SBCGlobal credentials , 6,536 Hotmail credentials , 5.375 million mixed domain credentials , 4.8 million gaming credentials , and 38,479 T-Online credentials.

7.2 The Focus on Microsoft Hotmail

Hotmail accounts were heavily targeted by multiple actors, indicating high demand for Microsoft ecosystem access.

UniqueCombo repeatedly posted lists of 11,000 Hotmail credentials.
ValidMail posted lists of 42,000 Hotmail credentials multiple times.
Jelooos leaked lists of 2,300 , 1,500 , 3,500 , and 2,200 Hotmail credentials.
alphaxdd shared lists of 2,938 , 1,227 , and 2,364 Hotmail credentials.
Other actors leaking Hotmail data included Akari21 (1,276 records) , MailAccesss (1,300 records) , WINGO (3,000 and 2,000 records) , MrCOMBOROBOA (290,000 records) , KiwiShio (625 records) , NotSellerxd (10,675 records) , HollowKnight07 (735 and 1,055 records) , Cl0ud0wner (1,300 and 1,900 records) , D4rkNetHub (959 records) , klyne05 , redcloud (2,500 records) , and erwinn91 (2,087 records).

7.3 Specific Targeting and Log Sales

Dataxlogs: This actor consistently advertised mail access, config files, and combolists specifically targeting users in France, Belgium, Australia, Canada, the UK, the US, Netherlands, Poland, Germany, and Japan.
Douglas: An actor identified as “Douglas” actively solicited the bulk purchase of credential combolists targeting Japan, Taiwan, Singapore, South Korea, the US, and the UK, with a daily budget of 5,000-10,000 USDT.
Stealer Logs: Actors like UP_DAISYCLOUD distributed 5,775 and 5,610 fresh stealer logs via cloud storage. “uhqboyz” leaked “cloud T6” stealer logs , and Matthiasxd17 distributed 140,000 U.L.P stealer logs. KazeFreak distributed 2,500 Vidar Stealer logs.

8. Malware, Phishing, and Infrastructure Abuse

Threat actors actively developed and traded tools to bypass security and conduct fraud.

Malware & Toolkits: The group Nullsec Philippines distributed a new bypass webshell (leisec-webshell). Actor “jinkusu” advertised the “NFC RIPPER” toolkit for conducting NFC relay attacks on ATMs and the “STARKILLER” Phishing-as-a-Service platform featuring 2FA bypass and session hijacking. “Starip” advertised automation suites and an “Insta User Checker”. ShinyHunters advertised tools named TIAMAT/GIR2. The “Incogniton” anti-detect browser was promoted for multi-account fraud.
Fake Claude Code Campaign: A sophisticated malware campaign was detected abusing the “Claude Code” brand. Actors created fake GitHub repositories that, when executed, installed the Vidar information-stealing malware.
Phishing & Smishing: Actor “Alice_sms6” advertised a bulk SMS smishing service specifically targeting Portugal and 200+ countries, offering spoofing routes for financial institutions like CGD, Santander, Binance, Netflix, and Microsoft.
DDoS & Carding: “XEON_x64” advertised a DDoS-for-hire service claiming to bypass Cloudflare and vShield. South African government portals experienced outages due to coordinated DDoS attacks. Carding forums were highly active, with actors like “CocoCheck” advertising bulk card validation , and users like “Coleman” and “vcxdcvx” spamming stolen high-balance credit card storefronts.

9. Conclusion

The cyber incidents documented in April 2026 illustrate a highly fragmented yet exceptionally dangerous threat landscape. The resurgence of ShinyHunters represents a severe threat to global enterprise, particularly given their successful supply-chain compromises (Trivy) and aggressive extortion tactics targeting CISOs directly. Simultaneously, the proliferation of Initial Access Brokers like “miyako” lowers the barrier to entry for ransomware gangs, effectively turning root-level access to government and corporate firewalls into a commoditized good.

The sheer volume of credential combo lists distributed freely by actors like “CODER” and “HQcomboSpace” ensures that credential stuffing attacks will remain a persistent threat against major platforms, particularly Microsoft’s Hotmail ecosystem. Furthermore, the activity of hacktivists gaining control over physical SCADA systems in South Korea and Turkey demonstrates that kinetic impact via cyber means is an active reality. Organizations must prioritize robust identity management, supply chain auditing, and stringent firewall access controls to defend against this multi-faceted barrage of attacks.

Detected Incidents Draft Data

Alleged Dead Mans Switch Deployment and Warning to FBI by Iranian Threat Market Group
Category: Cyber Attack
Content: An Iranian threat actor operating under Threat Market has announced the implementation of a Dead Mans Switch that will automatically activate if the FBI attempts to seize or disrupt their domain again. The group claims to have repelled multiple intrusion attempts over the past week, including 0day exploitation attempts and DDoS attacks against their Onion domain. They issued a final warning to US law enforcement, drawing comparisons to the LockBit takedown and asserting their infrastructure cannot be identified or seized.
Date: 2026-04-03T23:53:04Z
Network: telegram
Published URL: https://t.me/c/3575098403/86
Screenshots:
None
Threat Actors: Threat Market
Victim Country: United States
Victim Industry: Government
Victim Organization: FBI / US Law Enforcement
Victim Site: Unknown
Alleged initial access or data sale offer by ShinyHunters via Session messenger
Category: Initial Access
Content: ShinyHunters threat actor is soliciting contact via the Session encrypted messaging app, sharing their Session ID (05108377c665c8b923d81fb3413658ea9fa893fa57ad185da91a0ceb5e4f5eeb58). This is consistent with threat actors advertising access, data, or services through encrypted channels to avoid detection.
Date: 2026-04-03T23:44:06Z
Network: telegram
Published URL: https://t.me/c/3737716184/735
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mail access, combolists, and hacking tools via Dataxlogs
Category: Logs
Content: A threat actor operating as @Dataxlogs is advertising mail access and related cybercrime tools including configs, scripts, tools, hits, and combolists targeting users across France, Belgium, Australia, Canada, UK, USA, Netherlands, Poland, Germany, and Japan. Custom requests are accepted.
Date: 2026-04-03T23:42:32Z
Network: telegram
Published URL: https://t.me/c/2613583520/59108
Screenshots:
None
Threat Actors: Dataxlogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,276 fresh Hotmail credentials via a file sharing service.
Date: 2026-04-03T23:32:58Z
Network: openweb
Published URL: https://demonforums.net/Thread-1276X-FRESH-HOTMAIL-Vyrixcl-txt
Screenshots:
None
Threat Actors: Akari21
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data leak or dump shared via perfexsaasmodule.com
Category: Data Leak
Content: A threat actor operating under the handle BABAYO EROR SYSTEM shared a link to a text file hosted on perfexsaasmodule.com. The file path suggests it may contain leaked or dumped data. The nature of the content is unverified.
Date: 2026-04-03T23:32:40Z
Network: telegram
Published URL: https://t.me/c/3865526389/438
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: perfexsaasmodule.com
Victim Site: perfexsaasmodule.com
Alleged leak of mixed domain credentials
Category: Combo List
Content: A combolist containing 7,177 credential entries from mixed domains has been made available for free download via a file sharing service.
Date: 2026-04-03T23:31:45Z
Network: openweb
Published URL: https://crackingx.com/threads/70996/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of ONCF employee credentials
Category: Data Breach
Content: Threat actor claims to be selling personal data of ONCF railway organization employees obtained through phishing operation targeting top hierarchy employees. Data allegedly includes emails, passwords, phone numbers, and home addresses for $200.
Date: 2026-04-03T23:31:35Z
Network: openweb
Published URL: https://crackingx.com/threads/70997/
Screenshots:
None
Threat Actors: MahaZoldik998
Victim Country: Morocco
Victim Industry: Transportation
Victim Organization: ONCF
Victim Site: Unknown
Alleged extortion threat by ShinyHunters with pay-or-leak demand
Category: Data Leak
Content: The ShinyHunters threat actor posted an extortion message stating Pay or leaks, linking to a restricted private Telegram channel. This suggests an active extortion campaign where victims are threatened with data leaks unless payment is made. The channel appears to be invite-only for select individuals.
Date: 2026-04-03T23:20:58Z
Network: telegram
Published URL: https://t.me/c/3737716184/717
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged threat activity related to unknown documents
Category: Combo List
Content: A forum post titled Document was made in a combolists and dumps section, but no content is available to determine the nature or scope of the alleged threat activity.
Date: 2026-04-03T23:11:06Z
Network: openweb
Published URL: https://crackingx.com/threads/70988/
Screenshots:
None
Threat Actors: john3938
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged doxxing of Italian individual
Category: Combo List
Content: Forum post containing personal identifying information of an Italian individual including full name, birth date, location, tax code, and social media profiles along with defamatory statements.
Date: 2026-04-03T23:10:47Z
Network: openweb
Published URL: https://crackingx.com/threads/70990/
Screenshots:
None
Threat Actors: john3938
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of stolen credential logs via cloud storage
Category: Logs
Content: Threat actor UP_DAISYCLOUD made available 5,775 fresh stealer logs from April 3rd via cloud storage platform Pixeldrain. The actor operates a Telegram channel for daily log distributions.
Date: 2026-04-03T23:10:25Z
Network: openweb
Published URL: https://darkforums.su/Thread-%F0%9F%9A%80-5775-LOGS-CLOUD-%E2%98%81-03-APRIL-%E2%9D%A4%EF%B8%8F-FRESH-LOGS%E2%9D%97%EF%B8%8F
Screenshots:
None
Threat Actors: UP_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of opendata.kedirikab.go.id by Mr.XycanKing
Category: Defacement
Content: A threat actor using the handle Mr.XycanKing, affiliated with the group Babayo Error System, claims to have defaced the Indonesian government open data portal opendata.kedirikab.go.id. A proof file is linked on the target domain. Greetings are extended to all members and alliances of Babayo Error System.
Date: 2026-04-03T23:09:27Z
Network: telegram
Published URL: https://t.me/c/3865526389/437
Screenshots:
None
Threat Actors: Mr.XycanKing
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Kediri Regency Government (Kedirikab)
Victim Site: opendata.kedirikab.go.id
Alleged data breach of Imprimerie Nationale Group (France) by ShinyHunters
Category: Data Breach
Content: ShinyHunters has posted a link to a BreachForums thread referencing Imprimerie Nationale Group, a French state-owned company responsible for producing official documents and secure printing services. The post suggests a data breach or data leak claim has been published on BreachForums.
Date: 2026-04-03T22:50:32Z
Network: telegram
Published URL: https://t.me/c/3737716184/709
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: France
Victim Industry: Government / Secure Printing
Victim Organization: Imprimerie Nationale Group
Victim Site: Unknown
Alleged Data Breach of IN Groupe (Imprimerie Nationale) by ShinyHunters
Category: Data Breach
Content: Threat actor breach3d (alias extasehunters), operating under the ShinyHunters group, claims to have breached IN Groupe (Imprimerie Nationale), a 100% French government-owned entity specializing in high-security identity documents including biometric passports and national ID cards. The post includes proof screenshots and is dedicated to the ShinyHunters collective. The breach of such an organization poses significant national security risks given its role in producing sovereign identity documents.
Date: 2026-04-03T22:50:18Z
Network: telegram
Published URL: https://t.me/c/3737716184/708
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: France
Victim Industry: Government / Secure Identity & Document Manufacturing
Victim Organization: IN Groupe (Imprimerie Nationale)
Victim Site: ingroupe.com
Website defacement of vnstorage.com by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL successfully defaced a page on vnstorage.com on April 4, 2026. The attack targeted a specific page rather than the main site and was documented with a mirror URL for evidence preservation.
Date: 2026-04-03T22:44:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828628
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Vietnam
Victim Industry: Technology
Victim Organization: VN Storage
Victim Site: vnstorage.com
Alleged data breach of Besox financial services database
Category: Data Breach
Content: Threat actor claims to be selling a database from Besox.be, a Belgian financial services company that handles finances for approximately 2,000 businesses. The database allegedly contains 250,000 records and is being offered for 5,000 USD or admin panel access for 10,000 USD.
Date: 2026-04-03T22:42:31Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-EU-BANK-DATABASE-FRESHLY-DUMPED
Screenshots:
None
Threat Actors: catboyBF
Victim Country: Belgium
Victim Industry: Financial Services
Victim Organization: Besox
Victim Site: besox.be
Threat: ShinyHunters
Category: Cyber Attack
Content: Messages contain media only with no text content to analyze for threat intelligence value.
Date: 2026-04-03T22:39:12Z
Network: telegram
Published URL: https://t.me/c/3737716184/703
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of shuoletexbd.com by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL defaced the news section of Shuoletexbd.com on April 4, 2026. The attack targeted a specific page rather than the homepage and appears to be an isolated incident against the Bangladesh-based textile company.
Date: 2026-04-03T22:32:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828627
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Bangladesh
Victim Industry: Textile/Manufacturing
Victim Organization: Shuoletex
Victim Site: shuoletexbd.com
Alleged leak of German mixed domain credentials
Category: Combo List
Content: A threat actor shared a combolist containing over 1 million credential pairs allegedly from various German domains. The data is being distributed for free via a file sharing service.
Date: 2026-04-03T22:29:41Z
Network: openweb
Published URL: https://crackingx.com/threads/70984/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of high value credential combolist
Category: Combo List
Content: A threat actor shared a credential combolist containing 140,000 URL:LOG:PASS combinations described as high value targets. The data is being distributed for free to registered forum members.
Date: 2026-04-03T22:29:20Z
Network: openweb
Published URL: https://crackingx.com/threads/70985/
Screenshots:
None
Threat Actors: Seaborg
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of IMAP/SMTP/Office credential combolist
Category: Combo List
Content: Threat actor CODER is distributing a 12 million record combolist containing IMAP, SMTP, and Office credentials through Telegram channels. The credentials are being shared for free rather than sold.
Date: 2026-04-03T22:28:59Z
Network: openweb
Published URL: https://crackingx.com/threads/70986/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Venezuelan raffle platform containing 26 million records
Category: Data Leak
Content: Actor malconguerra2 leaked confidential data from Venezuelan raffle platforms supported by CONAL, containing personal information including names, phone numbers, email addresses, payment details, and transaction records. The data appears to be from various raffle and prize drawing platforms operating in Venezuela.
Date: 2026-04-03T22:28:16Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-RAFFLES-VENEZUELA-26-MILLIONS-CONFIDENTIAL-DATA-03-04-2026
Screenshots:
None
Threat Actors: malconguerra2
Victim Country: Venezuela
Victim Industry: Gaming and Gambling
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of AOL email credentials
Category: Combo List
Content: A threat actor named Kinglukeman allegedly shared freshly extracted AOL email and password combinations on a cybercriminal forum. The credential list appears to be made available for free download to registered forum users.
Date: 2026-04-03T22:16:19Z
Network: openweb
Published URL: https://crackingx.com/threads/70983/
Screenshots:
None
Threat Actors: Kinglukeman
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: AOL
Victim Site: aol.com
Alleged distribution of credential combolist targeting digital marketing sector
Category: Combo List
Content: Threat actor CODER distributes a 16 million record credential combolist focused on digital marketing, social media, and email marketing sectors through Telegram channels. The combolist appears to be offered for free through designated Telegram groups.
Date: 2026-04-03T22:05:26Z
Network: openweb
Published URL: https://crackingx.com/threads/70981/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Digital Marketing
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Yahoo credentials
Category: Combo List
Content: Threat actor claims to have leaked Yahoo email credentials in email:password format, allegedly suitable for SMTP, webmail, and mail access. The content appears to be shared freely on a cybercriminal forum.
Date: 2026-04-03T22:05:08Z
Network: openweb
Published URL: https://crackingx.com/threads/70982/
Screenshots:
None
Threat Actors: Kinglukeman
Victim Country: United States
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com
Alleged leak of cloud T6 credentials
Category: Logs
Content: Threat actor uhqboyz shared a link to what appears to be credential data labeled cloud T6 on a stealer logs forum, making the data freely available for download.
Date: 2026-04-03T22:04:58Z
Network: openweb
Published URL: https://darkforums.su/Thread-cloud-T6
Screenshots:
None
Threat Actors: uhqboyz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential combolist containing 144,000 records
Category: Logs
Content: Threat actor distributes a free credential combolist containing 144,000 URL:LOGIN:PASS combinations described as fresh data from Cloudberry ULP stealer logs.
Date: 2026-04-03T22:04:45Z
Network: openweb
Published URL: https://darkforums.su/Thread-URL-LOGIN-PASS-03-04-26-Daily-Free-Lines-144-000-Fresh-Cloudberry-ULP
Screenshots:
None
Threat Actors: 6666666666666666
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged advertisement of NFC relay attack toolkit for payment fraud
Category: Initial Access
Content: Threat actor advertising NFC RIPPER, an Android toolkit for conducting NFC relay attacks against payment terminals and ATMs. The tool enables PIN bypass through multiple methods and allows remote card emulation for fraudulent transactions.
Date: 2026-04-03T22:04:36Z
Network: openweb
Published URL: https://darkforums.su/Thread-NFCRIPPER
Screenshots:
None
Threat Actors: jinkusu
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of stealer logs containing 140,000 records
Category: Logs
Content: Threat actor Matthiasxd17 allegedly distributed stealer logs containing 140,000 records dated April 4, 2026. The logs likely contain stolen credentials and personal information harvested by information-stealing malware.
Date: 2026-04-03T22:04:24Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-U-L-P-STEALER-LOGS-04-04-2026-140k
Screenshots:
None
Threat Actors: Matthiasxd17
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged phishing-as-a-service platform offering credential theft capabilities
Category: Initial Access
Content: Threat actor advertises STARKILLER phishing platform with real-time browser rendering, 2FA bypass, credential capture, and session hijacking capabilities. The service targets multiple platforms including banks, social media, and crypto wallets.
Date: 2026-04-03T22:04:00Z
Network: openweb
Published URL: https://darkforums.su/Thread-STARKILLER-GOD-MODE
Screenshots:
None
Threat Actors: jinkusu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Mawsool.tech with sale of professional leads database
Category: Data Breach
Content: Threat actor undertaker is selling a database containing 53+ million professional leads from Mawsool.tech for $1,500. The data includes comprehensive professional information such as names, job titles, company details, education, skills, and experience data from this year.
Date: 2026-04-03T22:03:54Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Mawsool-tech-Leads-53M
Screenshots:
None
Threat Actors: undertaker
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Mawsool.tech
Victim Site: mawsool.tech
Alleged data breach of Nakamura Co database
Category: Data Breach
Content: Threat actor claims to be selling a 63GB+ database from Nakamura Co containing 1.8 million user, affiliate, partnership, and employee records. Sample data includes personal information such as names, emails, addresses, phone numbers, and business details of potential franchise partners.
Date: 2026-04-03T22:03:33Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-SELL-63GB-DATABASE-NAKAMURA-CO-ID
Screenshots:
None
Threat Actors: Kyy
Victim Country: Indonesia
Victim Industry: Retail
Victim Organization: Nakamura Co
Victim Site: nakamura.co.id
Alleged data leak of TotalEnergies customer database
Category: Data Leak
Content: A threat actor claims to have leaked a TotalEnergies database containing French customer information including names, addresses, phone numbers, and energy service details. The data appears to include residential customer records with detailed billing and service information.
Date: 2026-04-03T22:03:09Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Data-France-gas-and-electricity-in-France
Screenshots:
None
Threat Actors: icikevin_officiel
Victim Country: France
Victim Industry: Energy
Victim Organization: TotalEnergies
Victim Site: totalenergies.com
Alleged sale of Hong Leong Bank customer database
Category: Data Breach
Content: Threat actor claims to be selling a database containing 1.9 million Hong Leong Bank stock investment client records from Malaysia. The data allegedly includes names, mobile numbers, gender, dates of birth, payment methods, and email addresses.
Date: 2026-04-03T22:02:58Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Hong-Leong-Bank-s-stock-investment-clients-in-Malaysia-1900000–72222
Screenshots:
None
Threat Actors: DDying
Victim Country: Malaysia
Victim Industry: Financial Services
Victim Organization: Hong Leong Bank
Victim Site: Unknown
Alleged data leak of University of Georgia contact database
Category: Data Leak
Content: Threat actor XZeeoneOfc allegedly leaked a contact database from the University of Georgias Family and Consumer Sciences department containing team names, participation years, personal names, titles, affiliations, phone numbers, and email addresses.
Date: 2026-04-03T22:02:48Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Contact-Database-Database-Kontak-Internal
Screenshots:
None
Threat Actors: XZeeoneOfc
Victim Country: United States
Victim Industry: Education
Victim Organization: University of Georgia
Victim Site: fcs.uga.edu
Alleged sale of Malaysian Chinese personal database
Category: Data Breach
Content: Threat actor DDying is allegedly selling a database containing 3.5 million records of Malaysian Chinese individuals including mobile phone numbers, names, gender, city, origin, marital status, and occupation information. Contact is being solicited via Telegram for pricing details.
Date: 2026-04-03T22:02:40Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Malaysian-Chinese-3500K
Screenshots:
None
Threat Actors: DDying
Victim Country: Malaysia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of ECI Indonesia electronics retailer
Category: Data Breach
Content: Threat actor claims to have compromised an Indonesian electronics retailers backend system on March 10, 2026, obtaining a database of 618,000+ customer records including personal information, contact details, addresses, and order history. The actor has shared 54,000 records for free and is offering the full database through private contact.
Date: 2026-04-03T22:02:28Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-eci-id-Indonesia-electronic-city-website-customer-breach-database
Screenshots:
None
Threat Actors: alwaysdata
Victim Country: Indonesia
Victim Industry: Electronics Retail
Victim Organization: ECI
Victim Site: eci.id
Alleged sale of initial access to USA manufacturing company firewall
Category: Initial Access
Content: Threat actor miyako is selling root-level remote code execution access to a Linux firewall belonging to a US manufacturing company with $5 billion revenue for $400.
Date: 2026-04-03T21:55:45Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-USA-5Billion-Revenue-Manufacturing
Screenshots:
None
Threat Actors: miyako
Victim Country: United States
Victim Industry: Manufacturing
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of initial access to USA brokerage and wealth management firm
Category: Initial Access
Content: Threat actor miyako is selling root-level remote code execution access to a Linux firewall system at a USA-based brokerage and wealth management company with reported revenue of 600 million for $400.
Date: 2026-04-03T21:55:03Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-USA-600kkk-Bokerage-Wealth-Management
Screenshots:
None
Threat Actors: miyako
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of initial access to Palestine Government Foreign Aid Portal
Category: Initial Access
Content: Threat actor is allegedly selling root-level remote code execution access to a Palestine Government Foreign Aid Portal system running on Linux with firewall device access for $300.
Date: 2026-04-03T21:54:22Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Palestine-Government-Foreign-Aid-Portal
Screenshots:
None
Threat Actors: miyako
Victim Country: Palestine
Victim Industry: Government
Victim Organization: Palestine Government
Victim Site: Unknown
Alleged sale of initial access to leading UK marketing agency
Category: Initial Access
Content: Threat actor miyako is selling root-level remote code execution access to a Linux firewall belonging to a leading UK marketing agency for $200.
Date: 2026-04-03T21:53:41Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Leading-UK-Marketing-Agency
Screenshots:
None
Threat Actors: miyako
Victim Country: United Kingdom
Victim Industry: Marketing
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of TrendyToys by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL defaced the Vietnamese toy retailer TrendyToys website on April 4, 2026, targeting a specific terms of service page rather than the homepage.
Date: 2026-04-03T21:53:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828623
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Vietnam
Victim Industry: Retail/E-commerce
Victim Organization: TrendyToys
Victim Site: trendytoys.com.vn
Alleged sale of initial access to Asian energy company firewall
Category: Initial Access
Content: Threat actor miyako is selling root-level remote code execution access to a Linux firewall belonging to an Asian energy and power distribution company for $200.
Date: 2026-04-03T21:52:58Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Asian-Energy-Power-Distribution
Screenshots:
None
Threat Actors: miyako
Victim Country: Unknown
Victim Industry: Energy
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of initial access to Thailand government visa system
Category: Initial Access
Content: Threat actor miyako is allegedly selling root-level remote code execution access to a Linux firewall system within Thailands government visa program infrastructure for $300.
Date: 2026-04-03T21:52:17Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Thailand-Government-Visa-Program
Screenshots:
None
Threat Actors: miyako
Victim Country: Thailand
Victim Industry: Government
Victim Organization: Thailand Government
Victim Site: Unknown
Alleged sale of access to TrakCare InterSystems medical system
Category: Initial Access
Content: Threat actor ShinyHunters shared a link to a BreachForums thread titled MEDICAL TrakCare InterSystems Access, suggesting the sale or leak of access credentials or data related to InterSystems TrakCare, a widely used healthcare information system. The post includes a photo, likely as proof of access or data.
Date: 2026-04-03T21:49:51Z
Network: telegram
Published URL: https://t.me/c/3737716184/699
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: InterSystems TrakCare
Victim Site: Unknown
Alleged data leak of EditGPT application
Category: Data Leak
Content: A threat actor claims to have leaked personal data from the EditGPT application and is offering it for free download on an underground forum.
Date: 2026-04-03T21:49:11Z
Network: openweb
Published URL: https://spear.cx/Thread-Com-Boss-PII-Data-editgpt-app-Leak-leaked-download
Screenshots:
None
Threat Actors: Splashed
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: EditGPT
Victim Site: editgpt.app
Alleged Sale of Unauthorized Access to TrakCare/InterSystems EHR System Affecting 400M+ Patient Records
Category: Initial Access
Content: A threat actor operating under the ShinyHunters channel alias extasehunters is claiming to have unauthorized access to TrakCare, a unified Electronic Health Record (EHR) system by InterSystems. The actor claims TrakCare manages over 400 million patient records across 500+ hospitals worldwide and states they can retrieve medical records from virtually any country. The actor is soliciting private offers and offering technical proof of access via an image link. This represents a critical threat to global healthcare data privacy.
Date: 2026-04-03T21:48:58Z
Network: telegram
Published URL: https://t.me/c/3737716184/698
Screenshots:
None
Threat Actors: extasehunters
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: InterSystems TrakCare
Victim Site: Unknown
Alleged sale of initial access to Chinese firewall infrastructure
Category: Initial Access
Content: Threat actor offering root-level remote code execution access to Chinese firewall infrastructure for $400, providing shell access to Linux-based firewall devices.
Date: 2026-04-03T21:35:57Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Chinese-Agentic-AI-Communications-B2B
Screenshots:
None
Threat Actors: miyako
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of initial access to Chinese jewelry company
Category: Initial Access
Content: Threat actor offering root-level remote code execution access to a Chinese jewelry companys Linux firewall system for $200. The victim organization reportedly has $1 billion in revenue.
Date: 2026-04-03T21:35:17Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-200-Chinese-1Billion-Revenue-Jeweler
Screenshots:
None
Threat Actors: miyako
Victim Country: China
Victim Industry: Jewelry/Retail
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of initial access to African government transaction engine
Category: Initial Access
Content: Threat actor miyako is selling root access to a Linux firewall system described as an African government transaction engine for $300. The access includes root remote code execution, shell access, and network admin panel privileges.
Date: 2026-04-03T21:34:36Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-African-Government-Transaction-Engine
Screenshots:
None
Threat Actors: miyako
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of initial access to Iraq Higher Education Platform
Category: Initial Access
Content: Threat actor miyako is allegedly selling root-level remote code execution access to an Iraq government education platform firewall system for $200. The access reportedly includes shell capabilities on a Linux-based firewall device.
Date: 2026-04-03T21:33:55Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-200-Iraq-Higher-Education-Platform-gov-iq
Screenshots:
None
Threat Actors: miyako
Victim Country: Iraq
Victim Industry: Education
Victim Organization: Iraq Higher Education Platform
Victim Site: *.gov.iq
Alleged sale of initial access to Asian point-of-sale systems provider
Category: Initial Access
Content: Threat actor offering root-level remote code execution access to a Linux firewall system belonging to an Asian point-of-sale systems provider for $300. The access includes shell capabilities on the compromised firewall device.
Date: 2026-04-03T21:33:09Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Asia-Leading-Point-of-Sale-Systems-Provider
Screenshots:
None
Threat Actors: miyako
Victim Country: Unknown
Victim Industry: Payment Processing
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of initial access to Saudi Government Ministry
Category: Initial Access
Content: Threat actor miyako is allegedly selling root-level remote code execution access to firewall infrastructure belonging to two Saudi Government Ministry entities for $300. The access includes shell capabilities on Linux-based firewall devices.
Date: 2026-04-03T21:32:26Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Saudi-Government-Ministry-x2
Screenshots:
None
Threat Actors: miyako
Victim Country: Saudi Arabia
Victim Industry: Government
Victim Organization: Saudi Government Ministry
Victim Site: Unknown
Alleged sale of passport images and contact information from multiple countries
Category: Data Breach
Content: A threat actor is selling passport images with associated contact information including phone numbers and emails from multiple countries including China, Japan, USA, UK, Canada, Russia, Italy, France, Australia, Spain, Mexico, Kuwait, and Qatar. The actor claims the data is fresh and not previously sold or made public.
Date: 2026-04-03T21:30:51Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Passports-Pics-Contact-Info-Asian-Europ-UK-US
Screenshots:
None
Threat Actors: sexybroker
Victim Country: Multiple
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of business corporate credential combolist
Category: Combo List
Content: Threat actor CODER is distributing a 14 million record combolist containing business corporate email and password combinations through Telegram channels. The credentials are being shared for free through designated Telegram groups.
Date: 2026-04-03T21:28:35Z
Network: openweb
Published URL: https://crackingx.com/threads/70975/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email-password credential list
Category: Combo List
Content: A threat actor shared a combolist containing 190,000 email and password combinations described as fresh high quality credentials. The data is being made available for free download to registered forum users.
Date: 2026-04-03T21:28:17Z
Network: openweb
Published URL: https://crackingx.com/threads/70976/
Screenshots:
None
Threat Actors: steeve75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,300 valid Hotmail email credentials on an underground forum. The credentials are described as full valid hits suggesting they are tested and functional.
Date: 2026-04-03T21:27:59Z
Network: openweb
Published URL: https://crackingx.com/threads/70977/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of initial access to US government contractor firewall
Category: Initial Access
Content: Threat actor is selling root-level remote code execution access to a Linux firewall belonging to a US government contractor working with DoD, DoT, DoC, and DHS for $400.
Date: 2026-04-03T21:20:31Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-USA-DoD-DoT-DoC-DHS-Contractor-in-Industrial-Manufacturing
Screenshots:
None
Threat Actors: miyako
Victim Country: United States
Victim Industry: Industrial Manufacturing
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of initial access to USA Managed Services Provider
Category: Initial Access
Content: Threat actor miyako is selling root-level remote code execution access to a USA-based managed services providers firewall system for $400. The compromised organization provides private cloud hosting and network engineering services.
Date: 2026-04-03T21:19:49Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-USA-Managed-Services-Provider-Private-Cloud-Hosting-Network-Engineering
Screenshots:
None
Threat Actors: miyako
Victim Country: United States
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Ledger via Global-e payment gateway
Category: Data Breach
Content: Threat actor claims to be selling a database containing 105,000+ Ledger customer records allegedly obtained through a breach of the Global-e payment gateway on January 5, 2026. The data includes customer names, addresses, phone numbers, email addresses, and order information from late 2025 to early 2026.
Date: 2026-04-03T21:18:07Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-EXCLUSIVE-Ledger-Global-e-CRM-Order-Database
Screenshots:
None
Threat Actors: Kotowka
Victim Country: Unknown
Victim Industry: Cryptocurrency/Hardware Wallets
Victim Organization: Ledger
Victim Site: Unknown
Alleged sale of Coinbase customer data
Category: Data Breach
Content: Threat actor Kotowka is allegedly selling a dataset containing 50,000 Coinbase customer records including names, email addresses, phone numbers, account balances, banking information, and birth dates for $8,000. The data appears to include sensitive financial and personal information of cryptocurrency exchange users.
Date: 2026-04-03T21:17:25Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Coinbase-inside-50k-data
Screenshots:
None
Threat Actors: Kotowka
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Coinbase
Victim Site: coinbase.com
Alleged sale of Coinbase customer database
Category: Data Breach
Content: Threat actor claims to be selling a Coinbase customer database containing 50,000 records with personal information, account balances, cryptocurrency holdings, and other sensitive financial data for $600.
Date: 2026-04-03T21:16:42Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Coinbase-data-50k-rows
Screenshots:
None
Threat Actors: Kotowka
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Coinbase
Victim Site: coinbase.com
Alleged sale of Hotmail credential lists
Category: Data Breach
Content: Threat actor Kotowka is allegedly selling Hotmail email and password credential lists containing 1 million records for $300. The actor provides contact via Telegram and offers samples through a Telegram channel.
Date: 2026-04-03T21:16:00Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-%E2%AD%90%EF%B8%8FSelling-hotmail-Mail-Pass-bases-%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: Kotowka
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of multi-platform credential combolist targeting streaming and gaming services
Category: Combo List
Content: Threat actor Ra-Zi shared a combolist containing 190,000 email:password combinations allegedly targeting Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify accounts. The actor also advertises selling additional credential lists through Telegram contact.
Date: 2026-04-03T21:13:58Z
Network: openweb
Published URL: https://demonforums.net/Thread-190k-Fresh-HQ-Combolist-Email-Pass-Netflix-Minecraft-Uplay-Steam-Hulu-spotify–199159
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged bot traffic discussion
Category: Initial Access
Content: Forum thread discussing traffic to a bot with no additional content available for analysis.
Date: 2026-04-03T21:12:09Z
Network: openweb
Published URL: https://darkforums.su/Thread-traffic-to-the-bot
Screenshots:
None
Threat Actors: Ayron
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of SD Fashions by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL successfully defaced the homepage of SD Fashions website on April 4, 2026. This was a targeted single-site attack rather than part of a mass defacement campaign.
Date: 2026-04-03T21:02:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828621
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Unknown
Victim Industry: Fashion/Retail
Victim Organization: SD Fashions
Victim Site: www.sd-fashions.com
Alleged data leak of 8 million records
Category: Combo List
Content: A threat actor claiming to have leaked 8 million records, though specific details about the data type and victim organization are not visible due to access restrictions.
Date: 2026-04-03T21:01:33Z
Network: openweb
Published URL: https://crackingx.com/threads/70972/
Screenshots:
None
Threat Actors: Leak Realm
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of USA credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 20,000 USA-based credentials on a cybercrime forum. The data appears to be made available for free download to registered forum users.
Date: 2026-04-03T21:01:09Z
Network: openweb
Published URL: https://crackingx.com/threads/70974/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Chiles Civil Registry and Identification Service
Category: Data Breach
Content: Threat actor claims to be selling a database containing 10 million records from Chiles Civil Registry and Identification Service. The data allegedly includes full names, dates of birth, RUT numbers, and ID card numbers, with records current as of 2026.
Date: 2026-04-03T21:00:25Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-10M-Records-Leaked-From-Chile-s-Civil-Registry-and-Identification-Service-2026
Screenshots:
None
Threat Actors: GordonFreeman
Victim Country: Chile
Victim Industry: Government
Victim Organization: Civil Registry and Identification Service of Chile
Victim Site: Unknown
Alleged Return of ShinyHunters Threat Actor with New PGP Key and Infrastructure
Category: Cyber Attack
Content: The threat actor known as ShinyHunters has announced their return to active operations. They have deprecated previous PGP keys and issued a new public key for future communications. The post includes new contact channels (Telegram, Session), references to associated groups (LAPSUS$), and an onion-based Data Leak Site (DLS). This appears to be an operational security reset and rebranding announcement.
Date: 2026-04-03T20:45:14Z
Network: telegram
Published URL: https://t.me/c/3737716184/693
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 25,000 allegedly valid German email and password combinations through a free download link on a cybercrime forum.
Date: 2026-04-03T20:41:06Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-25K-GERMANY-VALID
Screenshots:
None
Threat Actors: COYTO
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Lucky Meow Home Pet by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL conducted a website defacement attack against Lucky Meow Home Pets website on April 4, 2026. The attack targeted a specific page on the pet services website rather than the homepage.
Date: 2026-04-03T20:39:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828620
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Unknown
Victim Industry: Pet Services
Victim Organization: Lucky Meow Home Pet
Victim Site: luckymeowhomepet.com
Website defacement of Nexa Logistics by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL defaced the Vietnamese logistics company Nexa Logistics website on April 4, 2026. The attack targeted a specific page on the nexalogistics.vn domain rather than the homepage.
Date: 2026-04-03T20:33:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828619
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Vietnam
Victim Industry: Logistics
Victim Organization: Nexa Logistics
Victim Site: nexalogistics.vn
Alleged leak of credential combolist containing 5 million entries
Category: Combo List
Content: A threat actor shared a combolist containing 5 million URL:LOG:PASS credential combinations on a cybercriminal forum. The post requires registration to view the full content.
Date: 2026-04-03T20:28:59Z
Network: openweb
Published URL: https://crackingx.com/threads/70969/
Screenshots:
None
Threat Actors: Leak Realm
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Success.Events database
Category: Data Leak
Content: Threat actor claims to have leaked a Success.Events database containing over 53,000 user records including email addresses, IP addresses, user agents, and email campaign metadata. The actor states this is a sister website of Success.com which they have previously breached twice.
Date: 2026-04-03T20:19:35Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Success-Events-Database-Leaked-Download
Screenshots:
None
Threat Actors: [Manager]punk
Victim Country: Unknown
Victim Industry: Personal Development
Victim Organization: Success.Events
Victim Site: success.events
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 3,000 Hotmail email and password combinations through a free download link on a cybercriminal forum.
Date: 2026-04-03T20:18:33Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3K-HQ-HOTMAIL–199154
Screenshots:
None
Threat Actors: WINGO
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Yahoo credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 404,722 Yahoo email and password combinations from mixed countries via a file sharing service.
Date: 2026-04-03T20:16:39Z
Network: openweb
Published URL: https://crackingx.com/threads/70968/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com
Alleged sale of Ecuador National Traffic Agency vehicle registration database
Category: Data Breach
Content: A threat actor is allegedly selling a complete database dump from Ecuadors National Traffic Agency containing 17 million vehicle and motorcycle registration records. The database includes license plates, owner information, vehicle details, addresses, phone numbers, and email addresses spanning 2018-2026.
Date: 2026-04-03T20:15:57Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-ANT-2026-National-Traffic-Agency-Ecuador-17M-Vehicle-and-Motorcycle-Registration
Screenshots:
None
Threat Actors: GordonFreeman
Victim Country: Ecuador
Victim Industry: Government
Victim Organization: Agencia Nacional de Tránsito (ANT)
Victim Site: Unknown
Alleged sale of USA mixed credentials combolist
Category: Combo List
Content: Threat actor MrCOMBOROBOA is selling a combolist containing 339,000 USA mixed email:password credentials. The actor offers various pricing tiers including access to private combo groups and bulk credential purchases ranging from 100k to 10 million records.
Date: 2026-04-03T20:06:37Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-339K-USA-MIX-VALID-COMBOLIST
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Hotmail credential combolist
Category: Combo List
Content: Threat actor MrCOMBOROBOA is selling a combolist containing 290,000 unique Hotmail email and password combinations. The actor offers various pricing tiers for access to credential lists and operates through Telegram channels for distribution.
Date: 2026-04-03T20:05:30Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-290K-HOTMAIL-MIX-UNIQUE-COMBOLIST
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed email and password credentials
Category: Combo List
Content: Threat actor CODER is distributing a collection of 12 million mixed email and password credentials through Telegram channels. The actor provides free access to combolists and related programs through dedicated Telegram groups.
Date: 2026-04-03T20:02:49Z
Network: openweb
Published URL: https://crackingx.com/threads/70965/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 8GB of data
Category: Combo List
Content: An 8GB credential combolist in URL:LOGIN:PASS format was allegedly shared on a cracking forum. The specific source and number of credentials is not specified in the available content.
Date: 2026-04-03T20:02:31Z
Network: openweb
Published URL: https://crackingx.com/threads/70966/
Screenshots:
None
Threat Actors: Leak Realm
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Vinh Barber Shop by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL defaced the introduction page of Vinh Barber Shops website on April 4, 2026. This was an isolated defacement incident targeting a Vietnamese barbershop business website.
Date: 2026-04-03T19:48:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828617
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Vietnam
Victim Industry: Personal Services
Victim Organization: Vinh Barber Shop
Victim Site: vinhbarbershop.com
Alleged leak of mixed credential combolist
Category: Combo List
Content: Actor NUllSHop0X shared a free download containing 5,000 high-quality mixed access credentials described as fresh and valid. The post provides a direct download link for the credential list on a cracking forum.
Date: 2026-04-03T19:32:42Z
Network: openweb
Published URL: https://crackingx.com/threads/70958/
Screenshots:
None
Threat Actors: NUllSHop0X
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: A threat actor shared a combolist containing 42,000 Hotmail credentials on the CrackingX cybercrime forum. The post indicates these are valid credentials specifically for forum accounts.
Date: 2026-04-03T19:32:24Z
Network: openweb
Published URL: https://crackingx.com/threads/70959/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed country credential combolist
Category: Combo List
Content: A threat actor shared a credential combolist containing over 1.4 million email and password combinations from mixed countries via a file sharing platform.
Date: 2026-04-03T19:32:04Z
Network: openweb
Published URL: https://crackingx.com/threads/70960/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Vinal NK laptop sales page by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL defaced a laptop sales page on the Vinal NK e-commerce website on April 4, 2026. The attack targeted a specific product page rather than the main website homepage.
Date: 2026-04-03T19:30:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828616
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Unknown
Victim Industry: E-commerce/Retail
Victim Organization: Vinal NK
Victim Site: vinalnk.com
Alleged leak of credential combolist containing 175 million records
Category: Combo List
Content: A threat actor posted a credential combolist containing 175 million URL:LOGIN:PASS combinations on a cybercriminal forum. The post content is restricted to registered users only.
Date: 2026-04-03T19:08:54Z
Network: openweb
Published URL: https://crackingx.com/threads/70954/
Screenshots:
None
Threat Actors: Leak Realm
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials
Category: Combo List
Content: A threat actor shared a collection of 1,200 allegedly valid email credentials from mixed sources. The credentials are being distributed as a combolist for registered forum users.
Date: 2026-04-03T19:08:36Z
Network: openweb
Published URL: https://crackingx.com/threads/70955/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Credit Card Checker Service Advertisement for CocoCheck
Category: Malware
Content: CocoCheck (cococheck.co) is advertised as a credit card validity checking service, offering bulk card checking at $0.01 per check, bulk card acquisition, and free daily key benefits. The platform claims over three years of operation and targets carders looking to validate stolen payment card data before uploading to carding stores.
Date: 2026-04-03T19:08:14Z
Network: telegram
Published URL: https://t.me/COCOTransit/3
Screenshots:
None
Threat Actors: CocoCheck
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: cococheck.co
Alleged sale of mail access hits and combo lists across multiple countries
Category: Logs
Content: A threat actor operating as @Dataxlogs is advertising mail access hits, configs, scripts, tools, and combo lists targeting users in France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, and Japan. Custom requests are also available.
Date: 2026-04-03T19:07:26Z
Network: telegram
Published URL: https://t.me/c/2613583520/59081
Screenshots:
None
Threat Actors: Dataxlogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials on underground forum
Category: Combo List
Content: Threat actor claims to have leaked 2,300 Hotmail email credentials from all countries, describing them as private access and high quality.
Date: 2026-04-03T18:58:14Z
Network: openweb
Published URL: https://crackingx.com/threads/70949/
Screenshots:
None
Threat Actors: Jelooos
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Forum post claims to offer 1,500 valid Hotmail credentials. The actual content requires forum registration to view, making verification of the claims impossible.
Date: 2026-04-03T18:57:56Z
Network: openweb
Published URL: https://crackingx.com/threads/70950/
Screenshots:
None
Threat Actors: Jelooos
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Spotify credentials
Category: Combo List
Content: Threat actor CODER claims to be distributing a 10 million Spotify credential combolist for free through Telegram channels. The actor is offering the credentials to users who contact them directly or join their Telegram groups.
Date: 2026-04-03T18:57:35Z
Network: openweb
Published URL: https://crackingx.com/threads/70951/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Entertainment
Victim Organization: Spotify
Victim Site: spotify.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Forum post claims to offer 3,500 Hotmail email credentials described as Mail Access Full Private & Fresh. The actual content requires forum registration to view.
Date: 2026-04-03T18:57:15Z
Network: openweb
Published URL: https://crackingx.com/threads/70953/
Screenshots:
None
Threat Actors: Jelooos
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of ZonaTech RD by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL successfully defaced the about page of ZonaTech RD, a Dominican Republic-based technology company, on April 4, 2026. The attack targeted a specific subpage rather than the main homepage.
Date: 2026-04-03T18:50:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828614
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Dominican Republic
Victim Industry: Technology
Victim Organization: ZonaTech RD
Victim Site: zonatechrd.com
Alleged promotional content for HackForums registration
Category: Alert
Content: Forum post appears to be promotional content encouraging user registration on HackForums rather than actual threat activity or cybercriminal offering.
Date: 2026-04-03T18:50:09Z
Network: openweb
Published URL: https://hackforums.net/showthread.php?tid=6323270
Screenshots:
None
Threat Actors: mayaaaaaaaaaaaa
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Cyber Operation #OpProsecuteZionist Declared by BD Anonymous Against Israeli Government Infrastructure
Category: Cyber Attack
Content: Hacktivist group BD Anonymous has issued an official statement declaring the activation of cyber operation #OpProsecuteZionist. The group explicitly threatens to target databases, ministry servers, and propaganda outlets associated with the Israeli government and its collaborators. The statement references attacks on digital infrastructure framed as retaliation for Israeli policies against Palestinians.
Date: 2026-04-03T18:50:05Z
Network: telegram
Published URL: https://t.me/c/3728511806/290
Screenshots:
None
Threat Actors: BD Anonymous
Victim Country: Israel
Victim Industry: Government
Victim Organization: Israeli Government / Ministry Servers
Victim Site: Unknown
Alleged leak of credential combolist containing 33 million records
Category: Combo List
Content: A threat actor shared a credential combolist containing 33 million URL:LOGIN:PASS combinations on a cybercriminal forum. The post appears to offer free access to registered forum members.
Date: 2026-04-03T18:45:01Z
Network: openweb
Published URL: https://crackingx.com/threads/70946/
Screenshots:
None
Threat Actors: Leak Realm
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor allegedly shared a fresh combolist containing 2,200 Hotmail email credentials on a cybercrime forum.
Date: 2026-04-03T18:44:41Z
Network: openweb
Published URL: https://crackingx.com/threads/70947/
Screenshots:
None
Threat Actors: Jelooos
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of credential combolist containing 22 million records
Category: Combo List
Content: A threat actor shared a credential combolist containing 22 million URL:LOGIN:PASS combinations on a cybercriminal forum. The post appears to offer free access to the credential data after registration.
Date: 2026-04-03T18:35:05Z
Network: openweb
Published URL: https://crackingx.com/threads/70945/
Screenshots:
None
Threat Actors: Leak Realm
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of automation tools and bots
Category: Initial Access
Content: Forum post advertising an automation suite containing bots, traffic generation tools, and data collection tools. No specific content details are available for analysis.
Date: 2026-04-03T18:13:02Z
Network: openweb
Published URL: https://demonforums.net/Thread-Automation-Suite-Vol-1-%E2%80%93-Bots-Traffic-Data-Tools
Screenshots:
None
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Cyber Attack Disrupting Multiple South African Government Services
Category: Cyber Attack
Content: Multiple South African government platforms are reportedly experiencing outages, including the Official Government Portal, Parliament of South Africa, Home Affairs (ID & Passport Services), and eHomeAffairs online services. The disruptions were reported via Dark Web Intelligence channels, suggesting a coordinated cyber attack or DDoS campaign targeting South African government infrastructure.
Date: 2026-04-03T18:11:07Z
Network: telegram
Published URL: https://t.me/dailydarkweb/8841
Screenshots:
None
Threat Actors: Dark Web Intelligence
Victim Country: South Africa
Victim Industry: Government
Victim Organization: South African Government
Victim Site: Unknown
Alleged leak of German domain credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 735,987 credential pairs specifically targeting German (.de) domains through a file sharing service.
Date: 2026-04-03T18:10:44Z
Network: openweb
Published URL: https://crackingx.com/threads/70943/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of insurance customer personal data
Category: Data Breach
Content: Threat actor sexybroker is selling insurance leads containing full names, addresses, emails, phone numbers, birthdates, SSNs, and marital status for $3 each. The actor claims the data is fresh and sourced from a law firm, targeting older married individuals.
Date: 2026-04-03T18:02:44Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Insurance-Leads-Contact-Info-SSN-Gender-Relationship
Screenshots:
None
Threat Actors: sexybroker
Victim Country: United States
Victim Industry: Legal Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 58,000 valid email credentials from mixed sources. The data is being distributed through a private Telegram channel.
Date: 2026-04-03T18:00:31Z
Network: openweb
Published URL: https://crackingx.com/threads/70942/
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of live high-balance credit cards via Telegram
Category: Logs
Content: A user named Coleman is repeatedly advertising credit cards (CC) described as 100% alive with high balances, directing buyers to a Telegram channel (t.me/fsdf12452). This is consistent with carding marketplace activity involving stolen financial credentials.
Date: 2026-04-03T17:55:08Z
Network: telegram
Published URL: https://t.me/c/2613583520/59044
Screenshots:
None
Threat Actors: Coleman
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of stolen credit cards via Telegram carding store
Category: Cyber Attack
Content: Multiple users in a marketplace channel are repeatedly advertising a Telegram-based carding store (@vcxdcvx) claiming to sell stolen credit cards. The store is promoted as the best CC store with repeated spam across the channel.
Date: 2026-04-03T17:52:37Z
Network: telegram
Published URL: https://t.me/c/2613583520/59043
Screenshots:
None
Threat Actors: vcxdcvx
Victim Country: Unknown
Victim Industry: Financial
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor alphaxdd shared a combolist containing 2,938 allegedly valid Hotmail email credentials described as premium mix mail hits. The credentials are being distributed for free download via Telegram contact.
Date: 2026-04-03T17:49:44Z
Network: openweb
Published URL: https://crackingx.com/threads/70940/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of mail access logs, configs, and combolists via Telegram
Category: Logs
Content: A threat actor operating via @Dataxlogs is advertising mail access for sale across multiple countries including France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, and Japan. The offering includes configs, scripts, tools, hits, and combo lists, with custom requests available.
Date: 2026-04-03T17:45:38Z
Network: telegram
Published URL: https://t.me/c/2613583520/59049
Screenshots:
None
Threat Actors: .py
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of flight booking system exposing passport data
Category: Data Breach
Content: Threat actor claims to have breached a flight booking system and is selling passport images with contact information including phone numbers and emails from multiple countries. The actor provides sample images as proof and claims the data is fresh and not previously public.
Date: 2026-04-03T17:37:30Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Passports-Pics-Contact-Info-Fresh-100-From-Flight-Booking-System
Screenshots:
None
Threat Actors: sexybroker
Victim Country: Unknown
Victim Industry: Aviation
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of Instagram username checking tool
Category: Initial Access
Content: A threat actor shared a console-based tool called Insta User Checker designed to process username datasets against Instagram accounts with fast checking capabilities. The tool is distributed as a lightweight console application that can handle large username lists for account validation purposes.
Date: 2026-04-03T17:35:47Z
Network: openweb
Published URL: https://demonforums.net/Thread-Insta-User-Checker
Screenshots:
None
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Social Media
Victim Organization: Instagram
Victim Site: instagram.com
Alleged data breach of ClickIT Solutions Italy
Category: Data Breach
Content: Threat actor gtaviispeak is selling a database containing 243k records from Italian IT company ClickIT Solutions, including customer contacts, support tickets, and sales orders with personal and business information. The data is being offered through encrypted messaging channels with escrow services.
Date: 2026-04-03T17:33:08Z
Network: openweb
Published URL: https://darkforums.su/Thread-243k-Italy-https-www-clickitsolutions-it-User-contact-and-business-lead-record
Screenshots:
None
Threat Actors: gtaviispeak
Victim Country: Italy
Victim Industry: Information Technology
Victim Organization: ClickIT Solutions
Victim Site: clickitsolutions.it
Alleged leak of Gmail credential combolist
Category: Combo List
Content: A threat actor shared a credential combolist containing 4,987 lines targeting Gmail accounts via a file hosting service. The data appears to be made available as a free download rather than being sold.
Date: 2026-04-03T17:23:57Z
Network: openweb
Published URL: https://crackingx.com/threads/70937/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged leak of 14 million credentials from multiple social media and streaming platforms
Category: Combo List
Content: Threat actor CODER is distributing a combolist containing 14 million credentials allegedly from various social networks, messaging apps, video streaming, and content platforms through Telegram channels.
Date: 2026-04-03T17:23:14Z
Network: openweb
Published URL: https://crackingx.com/threads/70938/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Santander Bank Affecting Spain, Chile, and Uruguay
Category: Data Breach
Content: Threat actor ShinyHunters is claiming to sell a large dataset allegedly stolen from Santander Bank. The data purportedly includes 30 million customer records, 6 million account numbers with balances, HR employee lists, consumer citizenship information, and 28 million full credit card numbers including CVV, AVS verification details, and expiration dates. The affected countries are Spain, Chile, and Uruguay. The actor is offering the data for $25,000 and has also invited Santander to purchase the data directly.
Date: 2026-04-03T17:19:46Z
Network: telegram
Published URL: https://t.me/c/3737716184/683
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Spain
Victim Industry: Banking & Financial Services
Victim Organization: Santander Bank
Victim Site: Unknown
C2K: School IT system targeted in a cyber attack ahead of exam season
Category: Cyber Attack
Content: Un système informatique utilisé par les écoles dIrlande du Nord a été ciblé par une cyberattaque, obligeant lAutorité de lÉducation (EA) à effectuer une réinitialisation des mots de passe pour tous les utilisateurs. Cette mesure de sécurité a entraîné la déconnexion de tous les établissements et élèves, privant ainsi les étudiants daccès aux ressources pédagogiques essentielles en pleine période de révision avant les examens. Bien que lEA ait engagé une enquête et présenté ses excuses, elle na pas encore confirmé si des données personnelles ont été compromises.
Date: 2026-04-03T17:16:34Z
Network: openweb
Published URL: https://www.bbc.com/news/articles/cnv8mn91drlo
Screenshots:
None
Threat Actors:
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Education Authority
Victim Site: eani.org.uk
Website defacement of asocialmediaagency.in by ALP/Alperen_216
Category: Defacement
Content: ALP threat actor operating under team Alperen_216 successfully defaced the homepage of A Social Media Agencys website on April 4, 2026. This appears to be a targeted single-site attack rather than part of a mass defacement campaign.
Date: 2026-04-03T17:14:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828612
Screenshots:
None
Threat Actors: ALP, Alperen_216
Victim Country: India
Victim Industry: Digital Marketing
Victim Organization: A Social Media Agency
Victim Site: asocialmediaagency.in
Alleged Cyber Attack Campaign Against France by Morningstar (#OpFrance)
Category: Cyber Attack
Content: Threat actor group Morningstar announced a cyber attack campaign targeting France (#OpFrance), motivated by political grievances against French President Macrons formation of a coalition opposing the US and China. The post uses highly offensive language and implies attacks across multiple French targets, indicated by bomb/explosion emojis and the phrase decided to mess around a bit across their shitty country.
Date: 2026-04-03T17:14:28Z
Network: telegram
Published URL: https://t.me/c/3584758467/662
Screenshots:
None
Threat Actors: Morningstar
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of SalesForce and Cisco Source Code by ShinyHunters
Category: Data Breach
Content: Threat actor ShinyHunters is advertising the sale of source code allegedly belonging to SalesForce and Cisco on BreachForums. The post claims 3 million lines/records of source code are available for purchase.
Date: 2026-04-03T17:07:43Z
Network: telegram
Published URL: https://t.me/c/3737716184/682
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Salesforce, Cisco
Victim Site: salesforce.com, cisco.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 625 Hotmail email and password combinations on a cybercriminal forum. The credentials are described as fresh and high quality.
Date: 2026-04-03T17:01:01Z
Network: openweb
Published URL: https://crackingx.com/threads/70936/
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of business credentials combolist
Category: Combo List
Content: Threat actor CODER distributes a 16 million record business credentials combolist through Telegram channels, offering free access to credential combinations targeting corporate entities.
Date: 2026-04-03T16:50:39Z
Network: openweb
Published URL: https://crackingx.com/threads/70934/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 1 million login credentials
Category: Combo List
Content: A threat actor shared a link to download a combolist containing 1 million URL:login:password credentials via a file sharing service. The credentials appear to be distributed for free without any payment required.
Date: 2026-04-03T16:50:22Z
Network: openweb
Published URL: https://crackingx.com/threads/70935/
Screenshots:
None
Threat Actors: WashingtonDC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Extintores Campo Largo by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL threat actor conducted a website defacement attack against Extintores Campo Largo, a Brazilian fire extinguisher company, on April 3, 2026. The attack targeted the companys primary website and was mirrored on zone-xsec.com.
Date: 2026-04-03T16:45:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828611
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Brazil
Victim Industry: Fire Safety Equipment
Victim Organization: Extintores Campo Largo
Victim Site: www.extintorescampolargo.com.br
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor alphaxdd shared a combolist containing 1,227 allegedly valid Hotmail email credentials on a cybercrime forum. The credentials are described as premium hits with an expiration date of April 3, 2026.
Date: 2026-04-03T16:39:38Z
Network: openweb
Published URL: https://crackingx.com/threads/70933/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged defacement of misso.vn by Mr.PIMZZZXploit
Category: Defacement
Content: A threat actor identified as Mr.PIMZZZXploit, affiliated with the group Babayo Eror System, claims to have defaced the Vietnamese website misso.vn. A defacement page was uploaded to the sites WordPress uploads directory at the specified URL.
Date: 2026-04-03T16:37:09Z
Network: telegram
Published URL: https://t.me/c/3865526389/433
Screenshots:
None
Threat Actors: Mr.PIMZZZXploit
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Misso
Victim Site: misso.vn
Alleged defacement of Trinity Construction Solutions website
Category: Defacement
Content: A threat actor using the handle Mr.PIMZZZXploit claims to have defaced the website trinityconstructionsolutions.com, posting a photo as proof. The defacement message is associated with the Babayo Eror System group.
Date: 2026-04-03T16:32:24Z
Network: telegram
Published URL: https://t.me/c/3865526389/432
Screenshots:
None
Threat Actors: Mr.PIMZZZXploit
Victim Country: Unknown
Victim Industry: Construction
Victim Organization: Trinity Construction Solutions
Victim Site: trinityconstructionsolutions.com
Alleged sale of Hotmail email database access across multiple countries
Category: Initial Access
Content: A threat actor is selling access to Hotmail email databases spanning multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT) with inbox searching capabilities. The seller claims to own a private cloud and offers keyword-based filtering for major platforms including eBay, OfferUp, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Amazon, Mercari, Kleinanzeigen, and Neosurf. Also advertises valid ntlworld webmails. Contact via DM for custom requests.
Date: 2026-04-03T16:23:01Z
Network: telegram
Published URL: https://t.me/c/2613583520/59054
Screenshots:
None
Threat Actors: Admu
Victim Country: Unknown
Victim Industry: Technology / Email Services
Victim Organization: Hotmail/Microsoft
Victim Site: hotmail.com
Alleged sale of multi-service credential combolist
Category: Combo List
Content: Threat actor Ra-Zi is allegedly selling a 119,000 record combolist containing email:password and username:password combinations targeting multiple email providers including AOL, Yahoo, Hotmail, and Outlook across various countries. The actor claims the credentials are live and high quality with guarantee.
Date: 2026-04-03T16:17:34Z
Network: openweb
Published URL: https://demonforums.net/Thread-119K-LIVE-TARGETED-COMBOLIST
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged DDoS-for-hire service advertisement with protection bypass capabilities
Category: DDoS
Content: Threat actor XEON_x64 advertises DDoS-for-hire services claiming to bypass multiple protection systems including Cloudflare, vShield, and others. The service offers Layer 7 attacks and explicitly mentions ability to disable competitors websites.
Date: 2026-04-03T16:16:28Z
Network: openweb
Published URL: https://crackingx.com/threads/70929/
Screenshots:
None
Threat Actors: XEON_x64
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials on cybercrime forum
Category: Combo List
Content: A threat actor posted on a cybercrime forum offering fresh Hotmail credentials through a Telegram channel. The exact number of credentials and method of acquisition are not specified in the post.
Date: 2026-04-03T16:06:28Z
Network: openweb
Published URL: https://crackingx.com/threads/70927/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of gaming platform credential combolist
Category: Combo List
Content: Threat actor distributes an 11 million record credential combolist targeting gaming platforms including Steam, PlayStation Network, Xbox Live, Epic Games Store, Nintendo eShop, Battle.net, and other gaming services through Telegram channels.
Date: 2026-04-03T16:05:50Z
Network: openweb
Published URL: https://crackingx.com/threads/70928/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Multiple gaming platforms
Victim Site: Unknown
Website defacement of eckwerk-shop by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Eckwerk Shop e-commerce website on April 3, 2026. The defacement targeted a specific media directory rather than the main homepage.
Date: 2026-04-03T15:55:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828499
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: E-commerce
Victim Organization: Eckwerk Shop
Victim Site: eckwerk-shop.ngd.de
Alleged distribution of credential combolist targeting USA and Europe
Category: Combo List
Content: Threat actor gsmfix distributed an exclusive credential combolist containing email and password combinations targeting users from the United States and Europe on a cybercriminal forum.
Date: 2026-04-03T15:54:41Z
Network: openweb
Published URL: https://crackingx.com/threads/70923/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of batlivetsdag.pgm.nu by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Swedish website batlivetsdag.pgm.nu on April 3, 2026. This was a single-site defacement with no apparent redefacement or mass campaign involvement.
Date: 2026-04-03T15:54:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828507
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Sweden
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: batlivetsdag.pgm.nu
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: Forum user klyne05 distributed a mixed email credentials combolist described as private, fresh, and verified. The post offers the credential list as a free download without specifying the number of records or source organizations.
Date: 2026-04-03T15:54:13Z
Network: openweb
Published URL: https://crackingx.com/threads/70925/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of damphuen.dk by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR conducted a redefacement attack against the Danish website damphuen.dk on April 3, 2026. This appears to be a targeted defacement rather than part of a mass campaign.
Date: 2026-04-03T15:54:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828515
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Denmark
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: damphuen.dk
Alleged leak of Yahoo credential combolist targeting cryptocurrency users
Category: Combo List
Content: A threat actor shared a combolist containing 1.88 million Yahoo credentials allegedly targeting cryptocurrency users through a file sharing platform.
Date: 2026-04-03T15:53:48Z
Network: openweb
Published URL: https://crackingx.com/threads/70926/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com
Website defacement of security-warehouse.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the security-warehouse.com website on April 3, 2026. The incident targeted a cybersecurity companys website, representing a single-site defacement attack.
Date: 2026-04-03T15:53:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828599
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Cybersecurity
Victim Organization: Security Warehouse
Victim Site: security-warehouse.com
Website defacement of VietAsia Foods by DimasHxR
Category: Defacement
Content: DimasHxR conducted a redefacement attack against VietAsia Foods company website on April 3, 2026. This represents a second defacement of the same target by the attacker.
Date: 2026-04-03T15:52:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828600
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Vietnam
Victim Industry: Food and Beverage
Victim Organization: VietAsia Foods
Victim Site: www.vietasiafoods.com
Website defacement of Casa Cuesta by DimasHxR
Category: Defacement
Content: DimasHxR conducted a redefacement attack against casacuesta.com on April 3, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-03T15:52:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828609
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Casa Cuesta
Victim Site: casacuesta.com
Alleged Luxembourg B2B data incident
Category: Data Breach
Content: Thread referencing Luxembourg B2B data with no additional content available for analysis.
Date: 2026-04-03T15:46:17Z
Network: openweb
Published URL: https://xforums.st/threads/0k_luxembour_b2b.604808/
Screenshots:
None
Threat Actors: ziousss
Victim Country: Luxembourg
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of davidhampton.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR conducted a redefacement attack against davidhampton.com on April 3, 2026. This represents a repeat compromise of the same target website.
Date: 2026-04-03T15:46:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828132
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: David Hampton
Victim Site: davidhampton.com
Alleged threat activity related to equipmentsellercanada.com
Category: Alert
Content: Forum thread referencing equipmentsellercanada.com domain with no available content details.
Date: 2026-04-03T15:44:50Z
Network: openweb
Published URL: https://xforums.st/threads/equipmentsellercanada-com.604809/
Screenshots:
None
Threat Actors: ziousss
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: equipmentsellercanada.com
Alleged threat activity related to Teespring Canada
Category: Alert
Content: Forum thread titled teespring_CANADA posted by user ziousss with no visible content available for analysis.
Date: 2026-04-03T15:43:23Z
Network: openweb
Published URL: https://xforums.st/threads/teespring_canada.604810/
Screenshots:
None
Threat Actors: ziousss
Victim Country: Canada
Victim Industry: E-commerce
Victim Organization: Teespring
Victim Site: teespring.com
Alleged leak of mixed credential combolist
Category: Combo List
Content: A threat actor shared a credential combolist containing 2,059 allegedly valid high-quality mixed email and password combinations on a cybercriminal forum.
Date: 2026-04-03T15:40:10Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X2059-Valid-UHQ-Mix-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 10,675 Hotmail email credentials for free download on a cybercrime forum.
Date: 2026-04-03T15:27:30Z
Network: openweb
Published URL: https://crackingx.com/threads/70921/
Screenshots:
None
Threat Actors: NotSellerxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of fresh credential combolist
Category: Combo List
Content: A threat actor leaked a fresh mixed combolist containing 62,750 credential lines and promoted their Telegram channel for additional content.
Date: 2026-04-03T15:27:12Z
Network: openweb
Published URL: https://crackingx.com/threads/70922/
Screenshots:
None
Threat Actors: Browzchel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged bulk purchase solicitation for credential combolists targeting Asia-Pacific and Western countries
Category: Combo List
Content: A threat actor identified as Douglas is actively seeking to purchase credential combolists in email:password or phone:password format. Target countries include Japan, Taiwan, Singapore, South Korea, United States, and United Kingdom. The actor requests 10,000–50,000 test records and claims a daily purchase budget of 5,000–10,000 USDT, indicating a high-volume, financially motivated operation. Contact provided via Telegram @DouglasBrian.
Date: 2026-04-03T15:21:39Z
Network: telegram
Published URL: https://t.me/c/2613583520/59051
Screenshots:
None
Threat Actors: DouglasBrian
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of cryptocurrency platform credential lists
Category: Combo List
Content: Threat actor distributing credential lists (combos) targeting cryptocurrency platforms including Bitcoin, Ethereum, Binance Smart Chain, and various DeFi platforms through Telegram channels. The actor offers free access to credential lists and programs through dedicated Telegram groups.
Date: 2026-04-03T15:18:23Z
Network: openweb
Published URL: https://crackingx.com/threads/70919/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Cryptocurrency
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a sample of 735 Hotmail credentials on a cybercrime forum as a free download. This appears to be a credential list or combolist containing email and password combinations.
Date: 2026-04-03T15:18:04Z
Network: openweb
Published URL: https://crackingx.com/threads/70920/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of email credentials combolist
Category: Combo List
Content: A threat actor distributed a combolist containing 30,000 valid email credentials on a cybercriminal forum. The credentials are being made available for free to registered users with additional private cloud access offered via Telegram.
Date: 2026-04-03T15:07:24Z
Network: openweb
Published URL: https://crackingx.com/threads/70918/
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of spotseedev.wpengine.com by Zod
Category: Defacement
Content: The threat actor known as Zod successfully defaced the development website of Spotsee hosted on WPEngine on April 3, 2026. The attack targeted a Linux-based server and resulted in the creation of a defacement page at the /zod.html endpoint.
Date: 2026-04-03T15:00:52Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248237
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Spotsee
Victim Site: spotseedev.wpengine.com
Alleged Hack of FBI Directors Personal Account by Hanzala Group
Category: Cyber Attack
Content: Iranian cybersecurity news outlet Cyberban reports that the Hanzala (Hanthalah) group allegedly hacked the personal account of the FBI Director and leaked his information. The post, written by Mohammad Amin Aghamiri (head of Irans National Cyberspace Center), references the incident while addressing the US Secretary of Defense, suggesting awareness of the operation at an official Iranian government level.
Date: 2026-04-03T14:58:41Z
Network: telegram
Published URL: https://t.me/c/1283513914/20942
Screenshots:
None
Threat Actors: حنظله
Victim Country: United States
Victim Industry: Government
Victim Organization: Federal Bureau of Investigation (FBI)
Victim Site: Unknown
Alleged leak of email credential combolist targeting mail access
Category: Combo List
Content: A threat actor shared a combolist containing 140,742 email credentials specifically targeting mail access. The data is being distributed for free via a file sharing platform.
Date: 2026-04-03T14:57:20Z
Network: openweb
Published URL: https://crackingx.com/threads/70917/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Vietnam Government Police Database
Category: Data Leak
Content: A threat actor leaked a database containing 21,018 records from the Vietnam Government Police Warnings System, including police admin accounts, government usernames, and role assignments. The breach allegedly occurred in January 2026 and contains sensitive government personnel data including contact information and system access details.
Date: 2026-04-03T14:48:02Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Vietnam-Gov-Police-Database-21K-Government-Warnings-System-Jan-2026
Screenshots:
None
Threat Actors: xorcat
Victim Country: Vietnam
Victim Industry: Government
Victim Organization: Vietnam Government Police
Victim Site: Unknown
Alleged data breach of Lit.it crypto video platform
Category: Data Leak
Content: User claims to have leaked a database from Lit.it crypto video platform containing over 300,000 user records with email addresses, usernames, and full names, allegedly breached in February 2026. The data is being distributed for free via Telegram channels.
Date: 2026-04-03T14:47:42Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Lit-it-300K-Records-Crypto-Video-Platform-Full-Names-Emails-Feb-2026
Screenshots:
None
Threat Actors: xorcat
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Lit.it
Victim Site: lit.it
Alleged data breach of Saudi Chamber of Commerce
Category: Data Breach
Content: Alleged breach affecting the Saudi Chamber of Commerce website, involving approximately 478,000 active business contacts described as verified.
Date: 2026-04-03T14:47:22Z
Network: openweb
Published URL: https://darkforums.su/Thread-478k-Saudi-Arabia-https-www-chamber-sa-Active-business-contacts-with-verified
Screenshots:
None
Threat Actors: gtaviispeak
Victim Country: Saudi Arabia
Victim Industry: Business Services
Victim Organization: Saudi Chamber of Commerce
Victim Site: chamber.sa
Alleged cyber attack or defacement of gbrionline.org by Pharaohs Team
Category: Defacement
Content: Pharaohs Team has posted what appears to be a defacement or attack claim against https://www.gbrionline.org, sharing domain metrics (DA 64, PA 47). The post includes a photo likely showing proof of defacement or compromise.
Date: 2026-04-03T14:47:16Z
Network: telegram
Published URL: https://t.me/c/3205199875/452
Screenshots:
None
Threat Actors: Pharaohs Team
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: GBR Online
Victim Site: gbrionline.org
Alleged leak of mixed credential combolist
Category: Combo List
Content: Forum user shared a credential combolist titled X1522 HQ Mix containing mixed email and password combinations. The content is hidden behind registration requirements on the forum.
Date: 2026-04-03T14:39:07Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9A%A1%E2%9A%A1-X1522-HQ-Mix-%E2%9A%A1%E2%9A%A1-BY-Steveee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 3,565 mixed email credentials for free download on an underground forum.
Date: 2026-04-03T14:36:24Z
Network: openweb
Published URL: https://crackingx.com/threads/70915/
Screenshots:
None
Threat Actors: NotSellerxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed credential combolist
Category: Combo List
Content: A threat actor distributed a combolist containing 29,840 mixed credentials on a cybercrime forum. The data is hosted on a cloud platform and appears to be offered as a free download to forum members.
Date: 2026-04-03T14:36:07Z
Network: openweb
Published URL: https://crackingx.com/threads/70916/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of HumanizerPro.AI – 65K user records leaked
Category: Data Leak
Content: A threat actor leaked a database dump containing over 65,000 user records from HumanizerPro.AI, an AI text humanization platform. The leaked data includes user accounts, API keys, subscription information, and billing details from a breach allegedly occurring in March 2026.
Date: 2026-04-03T14:35:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-HumanizerPro-AI-65K-Records-AI-Text-Humanization-Platform-API-Keys-Mar-2026
Screenshots:
None
Threat Actors: xorcat
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: HumanizerPro.AI
Victim Site: HumanizerPro.AI
Alleged data breach of Pares.AI real estate platform
Category: Data Leak
Content: Threat actor xorcat leaked a database containing 96,000+ records from Pares.AI, an AI-powered real estate platform. The compromised data includes contact information, company details, phone numbers, addresses, and email data allegedly breached in February 2026.
Date: 2026-04-03T14:35:34Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Pares-AI-96K-Records-AI-Real-Estate-Platform-Company-Contacts-Addres-Feb-2026
Screenshots:
None
Threat Actors: xorcat
Victim Country: Unknown
Victim Industry: Real Estate
Victim Organization: Pares.AI
Victim Site: pares.ai
Alleged data breach of Remote3.co crypto freelancer platform
Category: Data Breach
Content: Threat actor xorcat claims to have leaked a database from Remote3.co containing over 46,000 user records including developer profiles, emails, social links, and work information from March 2026. The data includes usernames, contact details, skills, and professional information of crypto and Web3 freelancers.
Date: 2026-04-03T14:35:15Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Remote3-co-46K-Records-Crypto-Web3-Freelancer-Platform-Dev-Emails-March-2026
Screenshots:
None
Threat Actors: xorcat
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Remote3
Victim Site: remote3.co
Alleged sale of mail access and credential tools across multiple countries
Category: Initial Access
Content: A threat actor operating as @Dataxlogs is advertising mail access for sale across multiple countries including France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, and Japan. The offering includes configs, scripts, tools, hits, combos, and custom requests.
Date: 2026-04-03T14:35:11Z
Network: telegram
Published URL: https://t.me/c/2613583520/59027
Screenshots:
None
Threat Actors: Dataxlogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of KM Coating by DimasHxR
Category: Defacement
Content: DimasHxR conducted a redefacement attack against KM Coatings website on April 3, 2026. The attack targeted a media subdirectory of the coating companys website.
Date: 2026-04-03T14:32:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828028
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Manufacturing
Victim Organization: KM Coating
Victim Site: kmcoating.com
Alleged data breach of Cuties.AI platform
Category: Data Breach
Content: Threat actor claims to have obtained 153K records from Cuties.AI, an NSFW AI generation platform, allegedly containing subscription data from March 2026.
Date: 2026-04-03T14:23:07Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Cuties-AI-153K-Records-NSFW-AI-Generation-Platform-Subscription-Data-Mar-2026
Screenshots:
None
Threat Actors: xorcat
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Cuties.AI
Victim Site: Unknown
Alleged data breach of US Government Publishing Office
Category: Data Breach
Content: A threat actor claims to have compromised the US Government Publishing Office database containing over 1,500 records including 518 government email addresses and internal email communications. The alleged breach occurred in February 2026 and includes sensitive government data such as email logs, message content, and communication metadata.
Date: 2026-04-03T14:22:48Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-GPO-Gov-1-5K-Records-US-Government-Publishing-Office-518-Gov-Emails-Feb-2026
Screenshots:
None
Threat Actors: xorcat
Victim Country: United States
Victim Industry: Government
Victim Organization: US Government Publishing Office
Victim Site: gpo.gov
Alleged distribution of banking credential combos targeting financial institutions
Category: Combo List
Content: Threat actor CODER distributing free email:password combination lists targeting core banking systems, online banking, mobile banking, digital wallets, and payment gateways through Telegram channels. The actor promotes free combos and programs related to financial fraud detection and risk management systems bypass.
Date: 2026-04-03T14:14:10Z
Network: openweb
Published URL: https://crackingx.com/threads/70914/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Success.com database
Category: Data Breach
Content: Threat actor xorcat claims to have obtained a database from Success.com containing 207,000 user records including newsletter subscribers and store orders with billing and shipping data. The alleged breach reportedly occurred in March 2026 and includes 60,000 fresh email addresses.
Date: 2026-04-03T14:13:39Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Success-com-207K-Records-60K-NEW-Fresh-Emails-Newsletter-Store-Order-Mar-2026
Screenshots:
None
Threat Actors: xorcat
Victim Country: Unknown
Victim Industry: Media and Publishing
Victim Organization: Success.com
Victim Site: success.com
Alleged data breach of Calai.app diet platform
Category: Data Leak
Content: Threat actor shared a database dump from Calai.app containing personal health data of 3 million users including weight history, dietary information, and payment details from a Firebase backend breach in April 2026.
Date: 2026-04-03T14:13:19Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Calai-app-3M-Users-Diet-Platform-Breach-Weight-History-Purchases-Apr-2026
Screenshots:
None
Threat Actors: xorcat
Victim Country: Unknown
Victim Industry: Health and Fitness
Victim Organization: Calai.app
Victim Site: calai.app
Alleged distribution of bypass webshell by Nullsec Philippines
Category: Malware
Content: The threat actor group Nullsec Philippines is sharing a new bypass shell, likely a webshell designed to circumvent security controls. This tool could be used for unauthorized access to web servers.
Date: 2026-04-03T14:11:34Z
Network: telegram
Published URL: https://t.me/c/2590737229/891
Screenshots:
None
Threat Actors: Nullsec Philippines
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged webshell tool shared by Nullsec Philippines
Category: Malware
Content: A GitHub repository named leisec-webshell was shared in the Nullsec Philippines channel, referencing a webshell tool. Webshells are malicious scripts used to maintain persistent unauthorized access to compromised web servers and execute remote commands.
Date: 2026-04-03T14:11:23Z
Network: telegram
Published URL: https://t.me/c/2590737229/890
Screenshots:
None
Threat Actors: Nullsec Philippines
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: github.com/lei-sudo/leisec-webshell
Alleged sale of multi-platform combolists, cookies, and logs including Hotmail, Gmail, Netflix, PayPal and more
Category: Logs
Content: A threat actor is offering for sale a wide range of credential combolists, cookies, and logs covering major platforms including Hotmail, Comcast, Gmail, Yahoo, AOL, Facebook, Instagram, Netflix, PayPal, Amazon, Steam, iCloud, LinkedIn, and many others. The offer includes account cookies and logs for social media, dating, gaming, streaming, and e-commerce services.
Date: 2026-04-03T14:06:13Z
Network: telegram
Published URL: https://t.me/c/2613583520/59036
Screenshots:
None
Threat Actors: tuzelity
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of subdomain shell access with high DA and Google Search Console
Category: Initial Access
Content: Threat actor is selling access to a subdomain featuring shell access, high Domain Authority (DA), active Google Search Console (GSC), and Google indexing enabled. Contact via @yatimluajg with escrow (rekber) payment method. Post is in Indonesian.
Date: 2026-04-03T14:04:58Z
Network: telegram
Published URL: https://t.me/c/3865526389/431
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of admin credentials for 5 million cameras worldwide
Category: Initial Access
Content: A threat actor operating under the Islamic Hacker Army handle is offering for sale admin login credentials for 5 million cameras across all countries. Contact is provided via Telegram handle @ALkNsOle_SY. The scale and global scope suggests a large-scale credential harvesting operation targeting IP cameras or surveillance systems.
Date: 2026-04-03T14:02:32Z
Network: telegram
Published URL: https://t.me/c/2848792934/51
Screenshots:
None
Threat Actors: Islamic Hacker Army
Victim Country: Unknown
Victim Industry: Multiple / Global Surveillance Infrastructure
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Traedex crypto trading platform
Category: Data Leak
Content: Forum user claims to have leaked a database from Traedex.com crypto trading platform containing 66,000+ user records allegedly breached in March 2026. The data reportedly includes trading information and Vertex API access details.
Date: 2026-04-03T14:01:43Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Traedex-com-66K-Crypto-Traders-Vertex-API-Access-Trading-Data-Mar-2026
Screenshots:
None
Threat Actors: xorcat
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Traedex
Victim Site: traedex.com
Alleged leak of email credential combolist
Category: Combo List
Content: A threat actor shared a collection of 13,000 allegedly valid email credentials described as top quality mixed email access accounts. The content is made available to registered forum users without apparent cost.
Date: 2026-04-03T13:51:43Z
Network: openweb
Published URL: https://crackingx.com/threads/70913/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of educational institution credential combolist
Category: Combo List
Content: A threat actor shared a credential combolist containing 187,175 email and password combinations targeting educational institutions. The data is being distributed for free via a file sharing service.
Date: 2026-04-03T13:41:52Z
Network: openweb
Published URL: https://crackingx.com/threads/70912/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Adreno customer database
Category: Data Breach
Content: Threat actor claims to be selling an Australian retail database containing 546,519 customer records from Adreno, a scuba diving gear retailer. The database allegedly includes comprehensive customer information including personal details, contact information, billing and delivery addresses, and loyalty program data for $1000.
Date: 2026-04-03T13:41:22Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Adreno-com-au-550K
Screenshots:
None
Threat Actors: undertaker
Victim Country: Australia
Victim Industry: Retail
Victim Organization: Adreno
Victim Site: adreno.com.au
Alleged leak of stealer logs by U.L.P
Category: Logs
Content: Threat actor Matthiasxd17 shared stealer logs from U.L.P dated March 4, 2026 on a cybercriminal forum. The content is hidden behind registration requirements, making specific details unavailable.
Date: 2026-04-03T13:41:12Z
Network: openweb
Published URL: https://darkforums.su/Thread-U-L-P-STEALER-LOGS-03-04-2026
Screenshots:
None
Threat Actors: Matthiasxd17
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Central.co.th order database
Category: Data Breach
Content: Threat actor undertaker is selling 4.7 million order records from Central.co.th containing 1.64 million unique emails and personal information including names, addresses, phone numbers, and order details for $1000.
Date: 2026-04-03T13:40:50Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Central-co-th-4-8m
Screenshots:
None
Threat Actors: undertaker
Victim Country: Thailand
Victim Industry: Retail
Victim Organization: Central
Victim Site: central.co.th
Alleged sale of CareerViet job portal database
Category: Data Breach
Content: Threat actor undertaker is allegedly selling a database from Vietnams job portal CareerViet containing 1,665,138 records with comprehensive personal information including names, emails, phone numbers, addresses, education details, and resume data for $800.
Date: 2026-04-03T13:40:30Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Careerviet-vn
Screenshots:
None
Threat Actors: undertaker
Victim Country: Vietnam
Victim Industry: Employment Services
Victim Organization: CareerViet
Victim Site: careerviet.vn
Alleged data leak of IMSS Tlaxcala medical records
Category: Data Leak
Content: A threat actor claiming to be Brazilian has leaked medical records from IMSS Tlaxcala containing personal information including full names, blood types, phone numbers, family members, and email addresses. The actor indicates plans for future attacks on banking institutions and additional IMSS facilities.
Date: 2026-04-03T13:40:22Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-DATA-LEAK-IMMS-TLAXCALA
Screenshots:
None
Threat Actors: gersonfdp
Victim Country: Mexico
Victim Industry: Healthcare
Victim Organization: IMSS Tlaxcala
Victim Site: Unknown
Alleged compromise of easyshul.com admin panel credentials
Category: Initial Access
Content: A threat actor shared admin panel credentials for easyshul.com, providing administrative access to the website. The leaked credentials include a username and password for the admin interface at admin.easyshul.com.
Date: 2026-04-03T13:32:38Z
Network: openweb
Published URL: https://spear.cx/Thread-ADMIN-easyshul-com
Screenshots:
None
Threat Actors: AckLine
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Easyshul
Victim Site: easyshul.com
Alleged data leak of GladSounds customer database
Category: Data Leak
Content: User AckLine leaked a customer database from gladsounds.com.my containing 3,000 customer records in XLSX format. The file is 707KB in size and was made available for free download on a cybercrime forum.
Date: 2026-04-03T13:31:55Z
Network: openweb
Published URL: https://spear.cx/Thread-gladsounds-com-my
Screenshots:
None
Threat Actors: AckLine
Victim Country: Malaysia
Victim Industry: Unknown
Victim Organization: GladSounds
Victim Site: gladsounds.com.my
Alleged leak of mixed credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 28,000 mixed email and password combinations through a free download link on a cybercrime forum.
Date: 2026-04-03T13:30:17Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-28K-MIXED-ACCESS
Screenshots:
None
Threat Actors: COYTO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged promotion of anti-detect browser tool for multi-account fraud
Category: Initial Access
Content: Cybercriminal promoting Incogniton anti-detect browser software designed to bypass platform security measures and enable fraudulent multi-account operations across Facebook, Google, TikTok, Amazon and other platforms. The tool provides fingerprint spoofing and profile isolation to avoid detection while conducting potentially fraudulent activities.
Date: 2026-04-03T13:28:16Z
Network: openweb
Published URL: https://crackingx.com/threads/70911/
Screenshots:
None
Threat Actors: Incogniton
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Powerlab.fr French gaming PC retailer
Category: Data Breach
Content: Threat actor xorcat claims to have obtained and shared a database from Powerlab.fr, a French custom PC and gaming hardware retailer, containing 15,000 customer account records allegedly breached in February 2026.
Date: 2026-04-03T13:27:34Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Powerlab-fr-15K-Records-French-Gaming-PC-Retailer-Customer-Database-Feb-2026
Screenshots:
None
Threat Actors: xorcat
Victim Country: France
Victim Industry: Technology/Retail
Victim Organization: Powerlab
Victim Site: powerlab.fr
Alleged data breach of SongTrivia2.io music trivia platform
Category: Data Leak
Content: Threat actor xorcat has leaked a database from SongTrivia2.io music quiz platform containing over 291,000 user records including user accounts, API keys, authentication tokens, and quiz data from an alleged April 2026 breach.
Date: 2026-04-03T13:27:13Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-SongTrivia2-io-291K-Database-Music-Trivia-Site-Fresh-April-2026-Breach
Screenshots:
None
Threat Actors: xorcat
Victim Country: Unknown
Victim Industry: Entertainment/Gaming
Victim Organization: SongTrivia2.io
Victim Site: SongTrivia2.io
Alleged extortion ultimatum issued by ShinyHunters threat actor
Category: Data Breach
Content: The ShinyHunters threat actor has posted a Pay or Leak ultimatum, suggesting they are holding stolen data and threatening to publicly leak it unless the victim organization pays a ransom. The victim has not yet responded or negotiated, prompting the public warning.
Date: 2026-04-03T13:23:40Z
Network: telegram
Published URL: https://t.me/c/3737716184/678
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Extortion Threat Against Cisco by ShinyHunters
Category: Cyber Attack
Content: Threat actor ShinyHunters (alias speedboat67) is publicly claiming they had prior access or knowledge of a Cisco security incident before communications were deleted. They are issuing an extortion-style ultimatum to Cisco, demanding negotiation to solve their problems before the situation escalates further, implying threats to Ciscos partner relationships if demands are not met.
Date: 2026-04-03T13:22:12Z
Network: telegram
Published URL: https://t.me/c/3737716184/677
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Technology / Networking
Victim Organization: Cisco
Victim Site: cisco.com
Alleged source code theft of AI products by ShinyHunters
Category: Data Breach
Content: Threat actor ShinyHunters claims to have obtained source code for multiple AI products including AI Assistants, AI Defense, AI Canvas, and AI Cisco Cloud Control, allegedly exposed via public repositories by an individual named Jinzhao Feng. The group is threatening to publicly release all source code.
Date: 2026-04-03T13:18:17Z
Network: telegram
Published URL: https://t.me/c/3737716184/676
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Cisco (AI Cisco Cloud Control referenced)
Victim Site: Unknown
Alleged malware/hacking tools TIAMAT/GIR2 shared by ShinyHunters
Category: Malware
Content: Threat actor ShinyHunters posted about tools identified as TIAMAT/GIR2, described as the simplest tools, accompanied by a media file. This likely refers to hacking, exploitation, or malware tools being shared or advertised by the group.
Date: 2026-04-03T13:17:10Z
Network: telegram
Published URL: https://t.me/c/3737716184/674
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor has allegedly made available a combolist containing 11,000 Hotmail email and password combinations on a cybercriminal forum.
Date: 2026-04-03T13:16:33Z
Network: openweb
Published URL: https://crackingx.com/threads/70909/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of payment service credential lists
Category: Combo List
Content: Threat actor distributes a 9 million record combolist containing email and password combinations allegedly targeting multiple payment services including PayPal, Stripe, and various credit card providers. The credentials are being shared through Telegram channels offering free access to combos and related programs.
Date: 2026-04-03T13:16:15Z
Network: openweb
Published URL: https://crackingx.com/threads/70910/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of TLDR.Tech newsletter database
Category: Data Leak
Content: A threat actor leaked a database allegedly containing 1.2 million user records from TLDR.Tech, a popular technology newsletter. The data was reportedly obtained through Apollo enrichment API endpoint and includes LinkedIn-enriched subscriber information.
Date: 2026-04-03T13:15:43Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-TLDR-Tech-1-2M-Records-Full-LinkedIn-Apollo-Enrichment-DB-Fresh-March-2026
Screenshots:
None
Threat Actors: xorcat
Victim Country: Unknown
Victim Industry: Media and Publishing
Victim Organization: TLDR.Tech
Victim Site: Unknown
Alleged data leak of 8tracks music streaming database
Category: Data Leak
Content: Threat actor shared a database dump from defunct music streaming service 8tracks containing 18.6 million records with usernames, emails, and salted SHA-1 password hashes. The breach allegedly occurred in June 2017 through compromise of an employees GitHub account lacking two-factor authentication.
Date: 2026-04-03T13:15:22Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-8tracks-com-18-6M-Records-Music-Streaming-Database-Salted-SHA-1-Passwords
Screenshots:
None
Threat Actors: xorcat
Victim Country: Unknown
Victim Industry: Entertainment/Media
Victim Organization: 8tracks
Victim Site: 8tracks.com
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: Threat actor WINGO shared a free download link to a mixed email credentials combolist via pasteview.com on DemonForums. The post provides access to email and password combinations without requiring payment.
Date: 2026-04-03T13:06:13Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-MIX-MAIL-ACCESS
Screenshots:
None
Threat Actors: WINGO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Full HMI/PLC Control Acquired Over South Korean Industrial Control System by Z-Pentest Alliance
Category: Cyber Attack
Content: The threat actor group Z-Pentest Alliance claims to have gained full control over a South Korean automated manufacturing facilitys industrial control system. The compromised system includes conveyor and lift controls, fans, pumps, LED indicators, and sensors across floors 1F–4F. The actors claim real-time access to HMI panels and PLC logic, with the ability to start/stop processes, change conveyor directions (CW/CCW), control elevator movements, toggle ventilation and pumps, clear operation logs, and reset alarms. Active sensors (X20–X5F) and cycle counters are reportedly accessible. The intrusion date is recorded as 2026-04-03. The post is tagged with #OpSouthKorea, suggesting a politically motivated campaign.
Date: 2026-04-03T13:02:42Z
Network: telegram
Published URL: https://t.me/c/2729466495/919
Screenshots:
None
Threat Actors: Z-Pentest Alliance
Victim Country: South Korea
Victim Industry: Manufacturing
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Outlook.com credentials
Category: Combo List
Content: A threat actor shared a combolist containing 12,808 credential entries targeting Outlook.com email accounts through a file-sharing platform.
Date: 2026-04-03T12:44:10Z
Network: openweb
Published URL: https://crackingx.com/threads/70908/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: outlook.com
Alleged data leak of Guidely.in user database
Category: Data Leak
Content: A database dump from guidely.in containing 1,435,645 user records was leaked, including names, email addresses, hashed passwords, phone numbers, and personal details of students and staff members. The data appears to be from 2017 based on registration timestamps in the sample records provided.
Date: 2026-04-03T12:33:23Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-guidely-in
Screenshots:
None
Threat Actors: [Mod] Tanaka
Victim Country: India
Victim Industry: Education
Victim Organization: Guidely
Victim Site: guidely.in
Alleged leak of Asia-based email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 6,700 email and password combinations targeting Asian users on a cybercrime forum.
Date: 2026-04-03T12:32:03Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-6-7K-Full-Valid-ASIA-Fresh-Mail-Acccess-03-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Asian email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 6.7K valid email credentials allegedly from Asian users, dated March 4th.
Date: 2026-04-03T12:31:27Z
Network: openweb
Published URL: https://crackingx.com/threads/70905/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of multi-provider email credentials combolist
Category: Combo List
Content: Threat actor distributes a 7.8 million credential combolist containing email and password combinations from multiple providers including PayPal, Hotmail, AOL, GMX and others through Telegram channels.
Date: 2026-04-03T12:31:08Z
Network: openweb
Published URL: https://crackingx.com/threads/70906/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple email providers
Victim Site: Unknown
Alleged leak of credential combolist in URL:LOGIN:PASS format
Category: Combo List
Content: A threat actor shared a credential combolist in URL:LOGIN:PASS format, marketed as high quality and private. The post contains minimal details about the source or scope of the compromised credentials.
Date: 2026-04-03T12:30:27Z
Network: openweb
Published URL: https://crackingx.com/threads/70907/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Cisco/Salesforce by ShinyHunters via Trivy Supply Chain Compromise
Category: Data Breach
Content: Threat actor ShinyHunters claims to have breached Cisco through a Trivy supply chain compromise, allegedly obtaining 3 million Salesforce records. The claim is referenced via a news article from Technadu covering the incident.
Date: 2026-04-03T12:26:40Z
Network: telegram
Published URL: https://t.me/c/3737716184/671
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Technology
Victim Organization: Cisco / Salesforce
Victim Site: cisco.com
Alleged leak of Hotmail credentials on underground forum
Category: Combo List
Content: A threat actor named ValidMail allegedly shared a combolist containing 42,000 Hotmail credentials on an underground forum. The post indicates these are valid credentials from forums.
Date: 2026-04-03T12:19:34Z
Network: openweb
Published URL: https://crackingx.com/threads/70904/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged defacement of royalinstitute.co.in by #OpsShadowStrike
Category: Defacement
Content: Hacktivist group #OpsShadowStrike claimed responsibility for defacing royalinstitute.co.in, an Indian website. The defacement includes collaboration credits from multiple hacktivist groups including TengkorakCyberCrew, MalaysiaHacktivist, EagleCyberCrew, and others. The operation appears politically motivated, referencing pro-Palestine and anti-Israel sentiments under the #AllMuslimHackers banner.
Date: 2026-04-03T12:13:12Z
Network: telegram
Published URL: https://t.me/c/3844432135/233
Screenshots:
None
Threat Actors: #OpsShadowStrike
Victim Country: India
Victim Industry: Education
Victim Organization: Royal Institute
Victim Site: royalinstitute.co.in
Alleged ShinyHunters Taunt Targeting Executive Jason Lish Over Breach Disclosure
Category: Cyber Attack
Content: The ShinyHunters threat actor group posted a public taunt directed at an individual named Jason Lish, claiming he is a member of a private Signal group containing approximately 300 CISOs. ShinyHunters alleges Lish has been vocal about a recent breach in this group and accuses him of lying to the CISO community. The post uses hashtags #shinyaegis, #shinycorp, and #hunters, suggesting this may relate to an ongoing breach campaign or victim. This appears to be an intimidation or pressure tactic commonly used by ransomware/extortion groups to coerce victims or discredit security personnel.
Date: 2026-04-03T12:03:15Z
Network: telegram
Published URL: https://t.me/c/3737716184/668
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged ShinyHunters Taunt of CISO Jason Lish Over Undisclosed Breach
Category: Data Breach
Content: ShinyHunters posted a message taunting Jason Lish, a CISO, accusing him of lying to approximately 300 CISOs in a private Signal group about a recent breach. The post implies ShinyHunters has knowledge of or access to communications within this private group, and that the breach details are being misrepresented internally. The hashtag #shinyaegis may reference a specific operation or target.
Date: 2026-04-03T12:02:20Z
Network: telegram
Published URL: https://t.me/c/3737716184/667
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Cisco by ShinyHunters – GitHub Token and Internal Splunk Query Leaked
Category: Data Breach
Content: The ShinyHunters threat group is teasing an upcoming Cisco data release. They have shared what appears to be a GitHub Personal Access Token (ghp_798fnSquvZ4IrZUiTPoin61nsbDL0x2cxpJ1) along with its base64-hashed equivalent and an internal Cisco IT Splunk query targeting a ds-github index, filtering for non-US actor locations across GitHub repositories. This strongly suggests ShinyHunters has obtained access to Ciscos internal GitHub environment and is preparing to release stolen data. The tag #SH#speedboat67 appears to be an internal operation identifier.
Date: 2026-04-03T11:53:26Z
Network: telegram
Published URL: https://t.me/c/3737716184/661
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Technology / Networking
Victim Organization: Cisco
Victim Site: cisco.com
Alleged sale of high-balance credit card data via Telegram
Category: Logs
Content: A user in the Squad Chat Marketplace channel is advertising credit card (CC) data claimed to be 100% alive with high balances, directing buyers to a Telegram channel (t.me/fsdf12452).
Date: 2026-04-03T11:52:48Z
Network: telegram
Published URL: https://t.me/c/2613583520/59025
Screenshots:
None
Threat Actors: Coleman
Victim Country: Unknown
Victim Industry: Financial
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach and Source Code Sale of Cisco by ShinyHunters
Category: Data Breach
Content: The ShinyHunters threat group claims to have compromised Cisco, obtaining over 3 million Salesforce records containing PII, GitHub repositories, AWS storage, and internal corporate data. The group also claims possession of source code for multiple Cisco AI products including AI Assistants, AI Defense, AI Canvas, and AI Cisco Cloud Control. The post taunts Cisco security staff and references an employee named Jinzhao Feng allegedly storing secrets in public repositories. The data is being offered for sale at $2M USD on BreachForums. Contact via Tox and Session IDs provided.
Date: 2026-04-03T11:52:25Z
Network: telegram
Published URL: https://t.me/c/3737716184/655
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Technology
Victim Organization: Cisco
Victim Site: cisco.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 11,000 Hotmail email and password combinations on a cybercrime forum.
Date: 2026-04-03T11:45:29Z
Network: openweb
Published URL: https://crackingx.com/threads/70901/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 11,000 Hotmail email and password combinations on a cybercrime forum. The actor also advertises a shop selling credential combinations from various countries.
Date: 2026-04-03T11:45:11Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-Hotmail-Unique-Combo-3-11000
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of email credential combolist containing 7.4 million records
Category: Combo List
Content: Threat actor CODER is distributing a combolist containing 7.4 million email and password combinations through Telegram channels. The actor operates multiple Telegram groups offering free credential lists and related tools.
Date: 2026-04-03T11:44:58Z
Network: openweb
Published URL: https://crackingx.com/threads/70902/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of TroutMagnet by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced a specific page on the TroutMagnet fishing equipment retailer website on April 3, 2026.
Date: 2026-04-03T11:38:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827893
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail/E-commerce
Victim Organization: TroutMagnet
Victim Site: troutmagnet.com
Website defacement of TAG Motorsports by DimasHxR
Category: Defacement
Content: DimasHxR successfully defaced a subdirectory of TAG Motorsports website on April 3, 2026. The attack targeted a specific media/custom path rather than the main homepage, indicating a targeted partial defacement of the motorsports companys web presence.
Date: 2026-04-03T11:37:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827898
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Automotive/Sports
Victim Organization: TAG Motorsports
Victim Site: tagmotorsports.com
Website defacement of Spawarki Magnum by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the website of Polish welding equipment company Spawarki Magnum on April 3, 2026. The attack targeted a specific media directory rather than the main homepage.
Date: 2026-04-03T11:37:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827913
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Poland
Victim Industry: Manufacturing
Victim Organization: Spawarki Magnum
Victim Site: spawarki-magnum.pl
Website defacement of SoFast Cart by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced the SoFast Cart e-commerce website on April 3, 2026. The defacement targeted a customer media subdirectory rather than the main homepage.
Date: 2026-04-03T11:36:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827914
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: SoFast Cart
Victim Site: sofastcart.com
Website defacement of product-components.com by DimasHxR
Category: Defacement
Content: DimasHxR successfully defaced the product-components.com website on April 3, 2026. The attack targeted a subdirectory of the manufacturing/technology companys website and was documented on the zone-xsec mirror platform.
Date: 2026-04-03T11:36:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827938
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Manufacturing/Technology
Victim Organization: Product Components
Victim Site: product-components.com
Website defacement of olvass.ro by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced a specific page on the Romanian website olvass.ro on April 3, 2026. The defacement targeted a customer address page within the media directory of the site.
Date: 2026-04-03T11:35:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827939
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Romania
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: olvass.ro
Alleged leak of German credential combolist
Category: Combo List
Content: A threat actor shared a German credential combolist containing 894,358 lines of mixed target credentials via file sharing service. The data is being distributed for free download.
Date: 2026-04-03T11:35:14Z
Network: openweb
Published URL: https://crackingx.com/threads/70899/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of ml.rocks by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR conducted a website defacement attack against ml.rocks on April 3, 2026. The attack targeted a customer address page on the domain.
Date: 2026-04-03T11:35:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827941
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ml.rocks
Alleged leak of mixed email credentials including corporate accounts
Category: Combo List
Content: A threat actor shared a collection of 22,000 valid email access credentials containing a mix of personal and corporate accounts dated April 3rd. The credentials are being distributed as hidden content requiring forum registration to access.
Date: 2026-04-03T11:34:36Z
Network: openweb
Published URL: https://crackingx.com/threads/70900/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of livephthings.com by DimasHxR
Category: Defacement
Content: Individual threat actor DimasHxR defaced a subdirectory of livephthings.com on April 3, 2026. The attack was recorded as a single defacement incident with limited technical details available.
Date: 2026-04-03T11:34:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827974
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: livephthings.com
Website defacement of FlashDrive Australia by DimasHxR
Category: Defacement
Content: DimasHxR conducted a website defacement attack against FlashDrive Australias e-commerce platform on April 3, 2026. The attack targeted a specific media directory on the companys website rather than the main homepage.
Date: 2026-04-03T11:33:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827985
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Australia
Victim Industry: Technology/Electronics
Victim Organization: FlashDrive Australia
Victim Site: flashdrive.com.au
Website defacement of FlexDev by DimasHxR
Category: Defacement
Content: On April 3, 2026, threat actor DimasHxR successfully defaced a subdirectory of the Turkish technology company FlexDevs website. The attack targeted a specific customer media section rather than the main homepage.
Date: 2026-04-03T11:33:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827986
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Turkey
Victim Industry: Technology
Victim Organization: FlexDev
Victim Site: flexdev.com.tr
Alleged distribution of Vidar Stealer logs containing credentials
Category: Logs
Content: Threat actor KazeFreak allegedly distributed 2,500 credential logs obtained via Vidar Stealer malware in URL:LOGIN:PASS format on a cybercriminal forum.
Date: 2026-04-03T11:32:51Z
Network: openweb
Published URL: https://darkforums.su/Thread-URL-LOGIN-PASS-Vidar-Stealer-2500-logs
Screenshots:
None
Threat Actors: KazeFreak
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Elms Marketing by DimasHxR
Category: Defacement
Content: On April 3, 2026, threat actor DimasHxR successfully defaced the Elms Marketing website, targeting a specific media directory on the Irish marketing companys domain. The incident was classified as a single-target defacement rather than part of a mass campaign.
Date: 2026-04-03T11:32:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827992
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Ireland
Victim Industry: Marketing/Advertising
Victim Organization: Elms Marketing
Victim Site: elmsmarketing.ie
Alleged data breach of Vitag Retail Technologies database dump
Category: Data Breach
Content: Threat actor is selling a comprehensive database dump of Vitag Retail Technologies containing financial transactions, customer records, supplier contracts, user credentials, audit logs, and system configurations for 0.3 BTC. The dump includes multiple database backups totaling over 10GB of data from their SAP environment and SQL servers.
Date: 2026-04-03T11:32:25Z
Network: openweb
Published URL: https://darkforums.su/Thread-Vitag-Retail-Technologies-NZ-vitag-nz-Full-dump-2026
Screenshots:
None
Threat Actors: Moneyistime
Victim Country: New Zealand
Victim Industry: Retail Technology
Victim Organization: Vitag Retail Technologies
Victim Site: vitag.nz
Alleged sale of ANSES Argentina government database
Category: Data Breach
Content: Threat actor undertaker is allegedly selling a database containing 24.5 million records from Argentinas national social security administration (ANSES) for $1500. The data includes personal information, social security numbers (CUILs), salary data, and contact details of Argentine citizens.
Date: 2026-04-03T11:32:22Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-anses-gob-ar-24m
Screenshots:
None
Threat Actors: undertaker
Victim Country: Argentina
Victim Industry: Government
Victim Organization: ANSES (Administración Nacional de la Seguridad Social)
Victim Site: anses.gob.ar
Website defacement of Cavallaro Napoli by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR successfully defaced the cavallaronapoli.com website on April 3, 2026. The defacement targeted a specific subdirectory rather than the main homepage.
Date: 2026-04-03T11:32:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828004
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Cavallaro Napoli
Victim Site: cavallaronapoli.com
Website defacement of carbon-brushes-gomes.com by DimasHxR
Category: Defacement
Content: DimasHxR successfully defaced the carbon-brushes-gomes.com website on April 3, 2026. The attack targeted a manufacturing companys website, appearing to be an isolated defacement rather than part of a mass campaign.
Date: 2026-04-03T11:31:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828005
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Manufacturing
Victim Organization: Gomes Carbon Brushes
Victim Site: carbon-brushes-gomes.com
Website defacement of balais-de-charbon.fr by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the French website balais-de-charbon.fr on April 3, 2026. The attack targeted a specific media directory rather than the main homepage.
Date: 2026-04-03T11:30:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828010
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: France
Victim Industry: Manufacturing
Victim Organization: Unknown
Victim Site: balais-de-charbon.fr
Website defacement of British Live Steam by DimasHxR
Category: Defacement
Content: The attacker DimasHxR successfully defaced the British Live Steam website, targeting what appears to be a steam locomotive enthusiast organization based in Australia. The incident occurred on April 3, 2026, affecting the media section of the site.
Date: 2026-04-03T11:29:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828011
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Australia
Victim Industry: Entertainment/Hobby
Victim Organization: British Live Steam
Victim Site: britishlivesteam.com.au
Website defacement of azan.com.pl by DimasHxR
Category: Defacement
Content: DimasHxR defaced azan.com.pl on April 3, 2026, targeting a specific page within the media/customer section of the website. This was an isolated defacement incident rather than part of a mass campaign.
Date: 2026-04-03T11:28:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828015
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: azan.com.pl
Website defacement of apnisabjimandi.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced a subdirectory of apnisabjimandi.com, an Indian vegetable/produce marketplace website, on April 3, 2026.
Date: 2026-04-03T11:28:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/828016
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: India
Victim Industry: Agriculture/Food
Victim Organization: Apni Sabji Mandi
Victim Site: apnisabjimandi.com
Alleged Bulk SMS Phishing Service Targeting Financial Institutions Including CGD, Binance, and Santander
Category: Phishing
Content: A threat actor operating as @Alice_sms6 is advertising a bulk SMS (smishing) service with routes specifically targeting Portugal and 200+ countries. The service explicitly offers SMS spoofing/routing for CGD (Caixa Geral de Depósitos), Binance, CMD, Santander, Netflix, and Microsoft — all high-value phishing targets. The service supports custom content delivery, indicating it is designed to facilitate smishing campaigns for credential harvesting and financial fraud. Contact is via Telegram handle @Alice_sms6 and bot @Alice_global_SMS_bot.
Date: 2026-04-03T11:18:47Z
Network: telegram
Published URL: https://t.me/global_bulksms_Alice/146
Screenshots:
None
Threat Actors: Alice_sms6
Victim Country: Portugal
Victim Industry: Financial Services / Technology
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Chilean Male Gender Database
Category: Data Leak
Content: A threat actor is claiming to possess or share a database containing records of Chilean males, suggesting a data breach or leak of personal information from Chile.
Date: 2026-04-03T11:02:43Z
Network: telegram
Published URL: https://t.me/c/1887244124/1620
Screenshots:
None
Threat Actors: Joker
Victim Country: Chile
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Japan Aerospace Exploration Agency (JAXA)
Category: Data Breach
Content: A threat actor operating under Jokers world of Database claims to have breached the Japan Aerospace Exploration Agency (JAXA), Japans national space agency. The stolen data is being made available for free download via a Mega.nz link. The breach is claimed to have occurred on 27/03/2026. JAXA is responsible for aerospace research, satellite technology, planetary exploration, and rocket development including the H3 rocket.
Date: 2026-04-03T11:00:48Z
Network: telegram
Published URL: https://t.me/c/1887244124/1619
Screenshots:
None
Threat Actors: Jokers world of Database
Victim Country: Japan
Victim Industry: Aerospace & Defense / Government
Victim Organization: Japan Aerospace Exploration Agency (JAXA)
Victim Site: jaxa.jp
Alleged data leak of schmuckladen.de customer database
Category: Data Leak
Content: A customer database from German jewelry retailer schmuckladen.de containing 47,000 records was allegedly leaked in CSV format. The database includes personal information such as names, email addresses, phone numbers, postal codes, and customer registration dates from 2024.
Date: 2026-04-03T10:51:43Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-schmuckladen-de
Screenshots:
None
Threat Actors: [Mod] Tanaka
Victim Country: Germany
Victim Industry: Retail
Victim Organization: Schmuckladen
Victim Site: schmuckladen.de
Alleged leak of 3,000 valid credentials
Category: Combo List
Content: Threat actor COYTO shared a free download link containing 3,000 allegedly fresh and valid credential combinations on DemonForums combolist section.
Date: 2026-04-03T10:50:42Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3K-FRESH-FULL-VALID-ACCESS
Screenshots:
None
Threat Actors: COYTO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a sample containing 1,055 Hotmail credentials on a cybercrime forum as a free download.
Date: 2026-04-03T10:49:18Z
Network: openweb
Published URL: https://crackingx.com/threads/70898/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Actor WINGO shared a combolist containing 2,000 Hotmail email and password combinations on cybercriminal forum. The credentials are being distributed for free download via a paste site link.
Date: 2026-04-03T10:39:39Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-2K-HQ-HOTMAIL-PRIVAT
Screenshots:
None
Threat Actors: WINGO
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Data Breach of European Commission Cloud Infrastructure by TeamPCP and ShinyHunters
Category: Data Breach
Content: A cyber attack attributed to the group TeamPCP targeted the European Commissions cloud infrastructure by exploiting a stolen API key, resulting in unauthorized access to data belonging to dozens of EU institutions. A portion of the exfiltrated data, including emails and user credentials, was subsequently published on the dark web by the group ShinyHunters. Investigations are ongoing; no website disruptions have been reported.
Date: 2026-04-03T10:33:52Z
Network: telegram
Published URL: https://t.me/c/1283513914/20940
Screenshots:
None
Threat Actors: TeamPCP
Victim Country: Belgium
Victim Industry: Government
Victim Organization: European Commission
Victim Site: ec.europa.eu
Alleged leak of SBCGlobal credentials
Category: Combo List
Content: Threat actor BestCombo shared a combolist containing 14,151 credential entries targeting the sbcglobal.net domain via a Mega.nz file sharing link on the CrackingX forum.
Date: 2026-04-03T10:28:25Z
Network: openweb
Published URL: https://crackingx.com/threads/70897/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: United States
Victim Industry: Telecommunications
Victim Organization: AT&T
Victim Site: sbcglobal.net
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 5.8k mixed email credentials through a MediaFire download link on a cybercriminal forum.
Date: 2026-04-03T10:17:35Z
Network: openweb
Published URL: https://crackingx.com/threads/70895/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Gmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 451,309 Gmail email and password combinations on a cybercrime forum. The credentials are allegedly valid through March 4, 2026.
Date: 2026-04-03T10:16:44Z
Network: openweb
Published URL: https://crackingx.com/threads/70896/
Screenshots:
None
Threat Actors: Kinglukeman
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a file containing approximately 1,300 Hotmail email credentials through a MediaFire download link on a cybercrime forum.
Date: 2026-04-03T10:05:39Z
Network: openweb
Published URL: https://crackingx.com/threads/70892/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a file containing approximately 1,900 Hotmail email account credentials on a cybercrime forum. The credentials appear to be distributed as a free download via a file-sharing service.
Date: 2026-04-03T10:04:45Z
Network: openweb
Published URL: https://crackingx.com/threads/70893/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Cyber Attack on Turkish Water Supply SCADA System by Armenian Code
Category: Cyber Attack
Content: A threat actor operating under the name Armenian code claims to have disrupted the SCADA control system of a Turkish industrial pumping station responsible for regional water supply. The attack is framed as retaliation against Turkey for its partnership with Azerbaijan and alleged geopolitical maneuvering against Armenia. The group states their intent is to inflict maximum damage on participants in what they describe as a detrimental regional process.
Date: 2026-04-03T09:44:46Z
Network: telegram
Published URL: https://t.me/c/3628793212/116
Screenshots:
None
Threat Actors: Armenian code
Victim Country: Turkey
Victim Industry: Water & Utilities
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of LARP tools, stealer logs, databases, and government IDs
Category: Data Breach
Content: Threat actor larp is selling LARP tools for CashApp/Ledger/Exodus, stealer logs, databases, and government identification documents. Contact is facilitated through Telegram channel @kashpill for previews and purchasing information.
Date: 2026-04-03T09:24:28Z
Network: openweb
Published URL: https://crackingx.com/threads/70891/
Screenshots:
None
Threat Actors: larp
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Hotmail Credential Databases and Combolists Across Multiple Countries
Category: Combo List
Content: A threat actor is selling access to Hotmail/webmail credential databases and combolists covering multiple countries including UK, DE, JP, NL, BR, PL, ES, US, IT, and others. The seller claims to operate a private cloud with UHQ (ultra-high quality) data and offers keyword-based inbox searching tied to major platforms such as eBay, Amazon, Walmart, PSN, Uber, Booking, Poshmark, Alibaba, Mercari, Kleinanzeigen, and Neosurf. Valid ntlworld webmails are also mentioned. Buyers are directed to DM for custom requests.
Date: 2026-04-03T09:21:59Z
Network: telegram
Published URL: https://t.me/c/2613583520/59006
Screenshots:
None
Threat Actors: Squad Chat Marketplace
Victim Country: Unknown
Victim Industry: Technology / Email Services
Victim Organization: Hotmail / Microsoft
Victim Site: hotmail.com
Alleged leak of German credential combolist
Category: Combo List
Content: A combolist containing 274,313 credential combinations targeting German users has been made available for download via file sharing service.
Date: 2026-04-03T09:14:13Z
Network: openweb
Published URL: https://crackingx.com/threads/70890/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of Israeli educational website nativhaor.co.il by Cyber Islamic Resistance
Category: Defacement
Content: The Cyber Islamic Resistance group claims to have defaced the Israeli website nativhaor.co.il as part of their Holy Response (الرد المقدس) operations. The targeted site appears to be an educational program called Netiv HaOr focused on electrical safety. The group framed the attack as a response to the blockade on Al-Aqsa Mosque and announced further operations to follow.
Date: 2026-04-03T09:11:20Z
Network: telegram
Published URL: https://t.me/c/1651470668/1841
Screenshots:
None
Threat Actors: Cyber Islamic Resistance
Victim Country: Israel
Victim Industry: Education
Victim Organization: Netiv HaOr
Victim Site: nativhaor.co.il
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 11,000 Hotmail email and password combinations on a cybercrime forum.
Date: 2026-04-03T09:04:17Z
Network: openweb
Published URL: https://crackingx.com/threads/70888/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of email credentials combolist
Category: Combo List
Content: Threat actor snowstormxd shared a fresh mixed email credential combolist for free download via Telegram channel on CrackingX forum.
Date: 2026-04-03T09:03:58Z
Network: openweb
Published URL: https://crackingx.com/threads/70889/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of 7789bet.io by Aptisme/Leviathan Perfect Hunter
Category: Defacement
Content: The gambling website 7789bet.io was defaced by attacker Aptisme from the Leviathan Perfect Hunter team on April 3, 2026. The attack targeted a specific page on the betting platforms domain.
Date: 2026-04-03T08:58:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827883
Screenshots:
None
Threat Actors: Aptisme, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Online Gambling
Victim Organization: 7789bet
Victim Site: 7789bet.io
Website defacement of avenbd.com by Aptisme/Leviathan Perfect Hunter
Category: Defacement
Content: The website avenbd.com was defaced by the attacker Aptisme, affiliated with the team Leviathan Perfect Hunter, on April 3, 2026. This was a home page defacement targeting a single site rather than a mass defacement campaign.
Date: 2026-04-03T08:57:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827884
Screenshots:
None
Threat Actors: Aptisme, Leviathan Perfect Hunter
Victim Country: Bangladesh
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: avenbd.com
Website defacement of Luxtone Global by Aptisme/Leviathan Perfect Hunter
Category: Defacement
Content: The Leviathan Perfect Hunter team, specifically attacker Aptisme, successfully defaced the homepage of luxtone-global.com on April 3, 2026. This was a targeted single-site attack rather than a mass defacement campaign.
Date: 2026-04-03T08:57:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827885
Screenshots:
None
Threat Actors: Aptisme, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Luxtone Global
Victim Site: luxtone-global.com
Website defacement of Vietnamese furniture company by Aptisme/Leviathan Perfect Hunter
Category: Defacement
Content: Vietnamese interior design company website defaced by attacker Aptisme affiliated with Leviathan Perfect Hunter team on April 3, 2026. This was an individual defacement targeting a single commercial website.
Date: 2026-04-03T08:56:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827886
Screenshots:
None
Threat Actors: Aptisme, Leviathan Perfect Hunter
Victim Country: Vietnam
Victim Industry: Furniture/Interior Design
Victim Organization: Minh Khang Interior Design
Victim Site: trangtrinoingoaithatminhkhang….
Alleged sale of initial access to Netherlands software company
Category: Initial Access
Content: Threat actor AckLine is allegedly selling RDWEB access to a Netherlands-based software solutions company. The actor is soliciting offers through encrypted communication channels.
Date: 2026-04-03T08:45:53Z
Network: openweb
Published URL: https://spear.cx/Thread-RDWEB-Netherlands-company
Screenshots:
None
Threat Actors: AckLine
Victim Country: Netherlands
Victim Industry: Software Solutions
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of meraka.lv by maw3six
Category: Defacement
Content: The attacker maw3six successfully defaced the website meraka.lv on April 3, 2026. This was an individual defacement targeting a single Latvian website rather than a mass or coordinated attack.
Date: 2026-04-03T08:33:33Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248233
Screenshots:
None
Threat Actors: maw3six
Victim Country: Latvia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: meraka.lv
Mass website defacement campaign by maw3six targeting strelnieku42.com
Category: Defacement
Content: Attacker maw3six conducted a mass defacement campaign targeting multiple websites including strelnieku42.com on April 3, 2026. The attack was part of a broader mass defacement operation rather than targeting a specific organization.
Date: 2026-04-03T08:33:12Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248234
Screenshots:
None
Threat Actors: maw3six
Victim Country: Latvia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: strelnieku42.com
Mass defacement targeting premier.estate by maw3six
Category: Defacement
Content: Mass defacement attack conducted by attacker maw3six against premier.estate on April 3, 2026. The attack targeted a real estate website as part of a broader mass defacement campaign.
Date: 2026-04-03T08:32:55Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248235
Screenshots:
None
Threat Actors: maw3six
Victim Country: Unknown
Victim Industry: Real Estate
Victim Organization: Premier Estate
Victim Site: premier.estate
Mass defacement targeting real estate websites by maw3six
Category: Defacement
Content: Mass defacement attack conducted by threat actor maw3six targeting multiple websites including Latvian real estate platform estater.lv. The attack was part of a broader mass defacement campaign rather than targeting a specific organization.
Date: 2026-04-03T08:32:38Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248236
Screenshots:
None
Threat Actors: maw3six
Victim Country: Latvia
Victim Industry: Real Estate
Victim Organization: Estater
Victim Site: estater.lv
Alleged data leak of IranWire News Agency staff personal information by Hanzaleh hacker group
Category: Data Leak
Content: The hacker group Hanzaleh (حنظله) has reportedly published photos and personal details of 20 members of IranWire news agency. The leaked information includes names and personal details of journalists and staff including Maryam Dehkordi, Maziar Bahari, and 18 others associated with the outlet.
Date: 2026-04-03T08:31:47Z
Network: telegram
Published URL: https://t.me/c/1283513914/20924
Screenshots:
None
Threat Actors: حنظله
Victim Country: Iran
Victim Industry: Media & Journalism
Victim Organization: IranWire
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor leaked a combolist containing 2,364 Hotmail email and password combinations, claiming the credentials are valid and from a private cloud source.
Date: 2026-04-03T08:31:07Z
Network: openweb
Published URL: https://crackingx.com/threads/70887/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged cyber threat against Indonesian Government by The Garuda Eye
Category: Cyber Attack
Content: A threat actor operating under the handle THE GARUDA EYE posted a warning message directed at the Indonesian government, stating See you Indonesia Government, Our mission is not finished yet, suggesting an ongoing or planned cyber attack campaign against Indonesian government entities.
Date: 2026-04-03T08:30:53Z
Network: telegram
Published URL: https://t.me/c/2738395378/1412
Screenshots:
None
Threat Actors: THE GARUDA EYE
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Indonesian Government
Victim Site: Unknown
Alleged data leak of IranWire News Agency staff personal information by Hanzaleh hacker group
Category: Data Leak
Content: The Hanzaleh (Hanzala) hacker group has published personal images and details of 20 members of IranWire news agency. The leaked information includes full names of journalists and staff, potentially including photos and personal details. IranWire is a Persian-language independent news outlet. This appears to be a targeted doxxing operation against media personnel.
Date: 2026-04-03T08:28:08Z
Network: telegram
Published URL: https://t.me/c/1283513914/20923
Screenshots:
None
Threat Actors: حنظله
Victim Country: Iran
Victim Industry: Media & Journalism
Victim Organization: IranWire
Victim Site: Unknown
Alleged Data Breach of Mercer Advisors Exposing 5M+ Salesforce Records
Category: Data Breach
Content: Threat actor @shinyc0rpsss, associated with ShinyHunters, claims to have compromised Mercer Advisors, exfiltrating over 5 million Salesforce records. Of these, more than 1.3 million reportedly contain personally identifiable information (PII) along with other internal corporate data.
Date: 2026-04-03T08:16:49Z
Network: telegram
Published URL: https://t.me/c/3737716184/641
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Mercer Advisors
Victim Site: Unknown
Website defacement of Kleintierladen pet store by DimasHxR
Category: Defacement
Content: German pet store website kleintierladen.de was defaced by attacker DimasHxR on April 3, 2026. The defacement targeted a specific media directory rather than the homepage.
Date: 2026-04-03T08:16:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827783
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Retail
Victim Organization: Kleintierladen
Victim Site: kleintierladen.de
Website defacement of klifora.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced a customer management page on klifora.com on April 3, 2026. The attack targeted a specific subdirectory rather than the main homepage.
Date: 2026-04-03T08:15:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827784
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Klifora
Victim Site: klifora.com
Alleged Cyber Attack on Oracle and Amazon Datacenters by IRGC Navy
Category: Cyber Attack
Content: The Islamic Revolutionary Guard Corps (IRGC) Navy Command claims to have targeted the datacenter of US company Oracle in Dubai and Amazon in Bahrain. The statement frames the attack as retaliation for the killing of Iranians, warning that their response is to disable the assassination machine. The post references Trumps actions as costly for the US military.
Date: 2026-04-03T08:15:10Z
Network: telegram
Published URL: https://t.me/c/1283513914/20922
Screenshots:
None
Threat Actors: IRGC Navy
Victim Country: United Arab Emirates, Bahrain
Victim Industry: Cloud Infrastructure / Technology
Victim Organization: Oracle, Amazon
Victim Site: Unknown
Website defacement of OFashion by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Australian fashion retailer OFashions website on April 3, 2026. The incident targeted a specific media subdirectory rather than the homepage and was not part of a mass defacement campaign.
Date: 2026-04-03T08:14:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827793
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Australia
Victim Industry: Fashion/Retail
Victim Organization: OFashion
Victim Site: www.ofashion.com.au
Alleged leak of credential combolist containing 21,000 records
Category: Combo List
Content: A threat actor shared a free download link to a combolist containing 21,000 email and password combinations on an underground forum.
Date: 2026-04-03T08:12:07Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-21K-VALID-GOODS
Screenshots:
None
Threat Actors: COYTO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed domain credential combolist
Category: Combo List
Content: A credential combolist containing 5.375 million lines targeting mixed domains has been shared for free download via a file sharing service.
Date: 2026-04-03T08:10:54Z
Network: openweb
Published URL: https://crackingx.com/threads/70884/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor D4rkNetHub shared a combolist containing 959 Hotmail credentials on a cybercrime forum. The credentials are described as good suggesting they may be valid or recently tested.
Date: 2026-04-03T08:10:33Z
Network: openweb
Published URL: https://crackingx.com/threads/70886/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: User klyne05 allegedly leaked fresh Hotmail credentials on the CrackingX forum. The post offers free download of what appears to be a combolist targeting Hotmail email accounts.
Date: 2026-04-03T08:01:53Z
Network: openweb
Published URL: https://crackingx.com/threads/70883/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged request for French government databases including Ameli and ANTS
Category: Data Breach
Content: Threat actor requests access to French government databases including Ameli (French health insurance system) and ANTS (National Agency for Secure Documents) along with other unspecified French databases.
Date: 2026-04-03T08:01:23Z
Network: openweb
Published URL: https://darkforums.su/Thread-REQUEST-Ameli-ANTS-and-others-french-DB
Screenshots:
None
Threat Actors: testhack9090
Victim Country: France
Victim Industry: Government
Victim Organization: French Government Services
Victim Site: Unknown
Alleged leak of Greek credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 38,000 email and password combinations targeting Greek users. The credentials are claimed to be fresh and dated for April 3, 2026.
Date: 2026-04-03T07:51:23Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-38-K-%E2%9C%A6-Greece-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-3-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Greece
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Israeli credential combolist
Category: Combo List
Content: Threat actor CobraEgy allegedly shared a fresh combolist containing over 17,000 Israeli email and password combinations on DemonForums. The credential list is claimed to be from Maxi_Leaks and dated for April 3, 2026.
Date: 2026-04-03T07:49:52Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-17-K-%E2%9C%A6-Israel-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-3-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials by Kommander0
Category: Combo List
Content: Threat actor Kommander0 shared a combolist containing 1,900 mixed email credentials through a file hosting service. The credentials appear to be from various sources and are being distributed for free.
Date: 2026-04-03T07:26:00Z
Network: openweb
Published URL: https://crackingx.com/threads/70882/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of Israeli home organization service website bniyat-atarim.co.il
Category: Defacement
Content: The Cyber Islamic Resistance group claims to have defaced the Israeli website bniyat-atarim.co.il, a home and business organization/arrangement services and products store. The attack is framed as part of their Holy Response (الرد المقدس) operations in response to the siege on Al-Aqsa Mosque, attributed to their Algerian-Lebanese Front unit.
Date: 2026-04-03T07:17:13Z
Network: telegram
Published URL: https://t.me/c/1651470668/1840
Screenshots:
None
Threat Actors: Cyber Islamic Resistance
Victim Country: Israel
Victim Industry: Retail/E-commerce
Victim Organization: Bniyat Atarim
Victim Site: bniyat-atarim.co.il
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 6,976 allegedly valid Hotmail email and password combinations on a cybercriminal forum.
Date: 2026-04-03T07:15:49Z
Network: openweb
Published URL: https://crackingx.com/threads/70881/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 2,087 alleged high-quality Hotmail email and password combinations on a cybercrime forum.
Date: 2026-04-03T07:06:12Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9A%A1%E2%9A%A1-X2087-HQ-Hotmail-%E2%9A%A1%E2%9A%A1-BY-Steveee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor leaked a combolist containing over 1.1 million credential pairs specifically targeting Hotmail domain accounts. The credentials were made available for free download via a file sharing service.
Date: 2026-04-03T07:03:40Z
Network: openweb
Published URL: https://crackingx.com/threads/70880/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of OPL by NUCLIER-Y-C-C-M
Category: Defacement
Content: The threat actor NUCLIER-Y-C-C-M successfully defaced the website opl.com.np on April 3rd, 2026. This appears to be an isolated defacement incident targeting a Nepali organization.
Date: 2026-04-03T07:01:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827763
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Nepal
Victim Industry: Unknown
Victim Organization: OPL
Victim Site: opl.com.np
Alleged data leak from Maxi_Leaks containing 4.1 GB of logs
Category: Data Leak
Content: Forum post advertises a 4.1 GB collection of logs from Maxi_Leaks dated March 4, 2026, though no post content is available to verify details or determine the nature of the data.
Date: 2026-04-03T06:52:09Z
Network: openweb
Published URL: https://demonforums.net/Thread-Request-%E2%9C%A6%E2%9C%A6-LOG-S-%E2%9C%A6%E2%9C%A6-Maxi-Leaks-%E2%9C%A6%E2%9C%A6-3-4-2026-%E2%9C%A6%E2%9C%A6-4-1-GB-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged social media account manipulation services offered on cybercrime forum
Category: Initial Access
Content: Threat actor offers social media manipulation services including account unbans, verification bypasses, and shadowban removals across Instagram, Facebook, WhatsApp, TikTok, and Snapchat platforms. Services appear to involve unauthorized access or manipulation of social media platform systems.
Date: 2026-04-03T06:40:11Z
Network: openweb
Published URL: https://spear.cx/Thread-%E2%AD%90Social-media-services-%E2%AD%90
Screenshots:
None
Threat Actors: Slowredd
Victim Country: Unknown
Victim Industry: Social Media
Victim Organization: Multiple social media platforms
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A forum user is sharing a combolist containing 11,000 unique Hotmail email and password combinations. The content is restricted to registered forum members only.
Date: 2026-04-03T06:38:37Z
Network: openweb
Published URL: https://crackingx.com/threads/70879/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of bintangkmedia.my.id by Boss Ranzen (D704T team)
Category: Defacement
Content: Boss Ranzen from the D704T team successfully defaced the Malaysian media website bintangkmedia.my.id on April 3rd, 2026. The attack targeted the sites 403 error page and represents a single website defacement rather than mass or redefacement activity.
Date: 2026-04-03T06:27:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827761
Screenshots:
None
Threat Actors: Boss Ranzen, D704T
Victim Country: Malaysia
Victim Industry: Media
Victim Organization: Bintang K Media
Victim Site: bintangkmedia.my.id
Alleged data breach of Páginas Amarillas Venezuela business directory
Category: Data Breach
Content: Threat actor claims to have obtained a database containing 527,000 business contacts and service records from Venezuelan business directory Páginas Amarillas.
Date: 2026-04-03T06:19:05Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-527k-Venezuela-https-www-paginasamarillas-com-ve-Business-contacts-and-service
Screenshots:
None
Threat Actors: Grubder
Victim Country: Venezuela
Victim Industry: Business Directory Services
Victim Organization: Páginas Amarillas Venezuela
Victim Site: paginasamarillas.com.ve
Alleged data breach of Venezuelan Ministry of Culture database
Category: Data Breach
Content: A threat actor is selling a database containing 423,000 records from Venezuelas Ministry of Culture website, including contact details, cultural event inquiries, and grant applications for $1400.
Date: 2026-04-03T06:18:44Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-423k-Venezuela-www-mincultura-gob-ve-Cultural-event-contacts-and-sponsorship-lead
Screenshots:
None
Threat Actors: Grubder
Victim Country: Venezuela
Victim Industry: Government
Victim Organization: Ministry of Culture
Victim Site: mincultura.gob.ve
Alleged data breach of Replica Guns & Swords website
Category: Data Breach
Content: A threat actor claims to have obtained user data from the Replica Guns & Swords website, allegedly containing approximately 485,000 records including email addresses and phone numbers.
Date: 2026-04-03T06:10:38Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-485k-United-States-www-replicaguns-swords-com-User-data-including-emails-phones
Screenshots:
None
Threat Actors: Grubder
Victim Country: United States
Victim Industry: Retail
Victim Organization: Replica Guns & Swords
Victim Site: replicaguns-swords.com
Alleged data breach of EcommerceTemplates.com customer database
Category: Data Breach
Content: Threat actor is selling a database from EcommerceTemplates.com containing 563,000 records with customer contact information, order transactions, and shipping details for $1,000. The data includes personal information, payment details, and shipping addresses organized into three main sections.
Date: 2026-04-03T06:10:07Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-563k-United-States-https-www-ecommercetemplates-com-Customer-contact-info-inclu
Screenshots:
None
Threat Actors: Grubder
Victim Country: United States
Victim Industry: Technology
Victim Organization: EcommerceTemplates.com
Victim Site: ecommercetemplates.com
Alleged data breach of Páginas Amarillas Uruguay
Category: Data Breach
Content: Threat actor claims to have obtained a database containing 312,000 business contacts from Uruguays Páginas Amarillas directory, allegedly including email addresses, phone numbers, and physical addresses.
Date: 2026-04-03T06:09:34Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-312k-Uruguay-www-paginasamarillas-com-uy-Business-contacts-with-emails-phones-add
Screenshots:
None
Threat Actors: Grubder
Victim Country: Uruguay
Victim Industry: Business Directory Services
Victim Organization: Páginas Amarillas Uruguay
Victim Site: paginasamarillas.com.uy
Alleged data breach of DealerTrack automotive platform
Category: Data Breach
Content: Threat actor is selling a database allegedly containing 537,000 records from DealerTrack automotive platform for $1,400. The data includes contacts, payment methods, and shipping addresses with detailed personal and financial information.
Date: 2026-04-03T05:59:29Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-537k-United-States-https-www-dealertrack-com-Auto-sales-contacts-including-ema
Screenshots:
None
Threat Actors: Grubder
Victim Country: United States
Victim Industry: Automotive
Victim Organization: DealerTrack
Victim Site: dealertrack.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 6,536 credentials specifically targeting Hotmail.com domain users through a file sharing platform.
Date: 2026-04-03T05:51:13Z
Network: openweb
Published URL: https://crackingx.com/threads/70877/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of stolen credit cards and CVV data via Telegram storefronts
Category: Logs
Content: Multiple users in a Telegram marketplace channel are advertising stolen credit card (CC) stores and CVV data services. Actors promote storefronts claiming 100% alive, high balance cards and cheapest checker services, referencing Telegram handles @vcxdcvx, @cocococococococo1, t.me/fsdf12452, and @nzccg001. The NeZha CVV Support channel is also being forwarded, indicating an organized carding operation with multiple fronts.
Date: 2026-04-03T05:16:15Z
Network: telegram
Published URL: https://t.me/c/2613583520/58959
Screenshots:
None
Threat Actors: NeZha CVV Support
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mail access logs and combo hits targeting multiple countries
Category: Logs
Content: A threat actor operating via @Dataxlogs is advertising mail access logs, configs, scripts, tools, hits, and combo lists targeting users in France, Belgium, Australia, Canada, United Kingdom, United States, Netherlands, Poland, Germany, and Japan. Custom requests are available, indicating an active logs/credential marketplace operation.
Date: 2026-04-03T05:13:03Z
Network: telegram
Published URL: https://t.me/c/2613583520/58963
Screenshots:
None
Threat Actors: Dataxlogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 42,000 Hotmail email credentials allegedly validated against forums. The credentials are being distributed on a cybercriminal forum.
Date: 2026-04-03T04:59:07Z
Network: openweb
Published URL: https://crackingx.com/threads/70876/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of German mixed target combolist
Category: Combo List
Content: A combolist containing 591,792 credential pairs targeting German users has been leaked on a cybercrime forum. The data appears to be sourced from mixed targets and is being distributed for free via a Mega.nz file sharing link.
Date: 2026-04-03T04:50:06Z
Network: openweb
Published URL: https://crackingx.com/threads/70875/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of 7 Days Garden Services by Alpha wolf team
Category: Defacement
Content: Alpha wolf team conducted a redefacement attack against Australian garden services company 7 Days Garden Services on April 3, 2026. The attack targeted the companys primary website domain and represents a repeat compromise of the same target.
Date: 2026-04-03T04:41:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827715
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Landscaping/Garden Services
Victim Organization: 7 Days Garden Services
Victim Site: 7daysgardenservices.com.au
Website defacement of ASAP Landscape Concrete by Alpha wolf team
Category: Defacement
Content: The Alpha wolf team, identified by attacker XYZ, successfully defaced the website of ASAP Landscape Concrete, an Australian landscaping and concrete services company. This incident represents a redefacement targeting the companys homepage.
Date: 2026-04-03T04:41:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827716
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Construction/Landscaping
Victim Organization: ASAP Landscape Concrete
Victim Site: asaplandscapeconcrete.com.au
Alleged leak of US government identity documents and financial records
Category: Data Leak
Content: A threat actor claims to have leaked 145 GB of US driver licenses, passport data, ID cards with SSN, W9 forms, utility bills, and bank statements. The post contains no visible content but the thread title suggests a large-scale leak of sensitive US identity and financial documents.
Date: 2026-04-03T04:40:41Z
Network: openweb
Published URL: https://darkforums.su/Thread-145-GB-USA-DRIVER-LICENSE-PASSPORT-ID-CARD-WITH-SSN-W9-BILL-UTINITY-BANK-STATEME
Screenshots:
None
Threat Actors: MONEYLINE
Victim Country: United States
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of DP International Moving by Alpha wolf team
Category: Defacement
Content: The Alpha wolf team, with attacker XYZ, conducted a redefacement attack against DP International Movings website on April 3, 2026. This was a targeted home page defacement rather than a mass defacement campaign.
Date: 2026-04-03T04:40:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827717
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Transportation and Logistics
Victim Organization: DP International Moving
Victim Site: dpintlmoving.com
Website defacement of e-loyalty.com.au by Alpha wolf team
Category: Defacement
Content: Alpha wolf team successfully defaced the e-loyalty.com.au website on April 3, 2026. This appears to be a redefacement incident targeting the Australian loyalty services companys homepage.
Date: 2026-04-03T04:39:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827718
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Technology
Victim Organization: E-Loyalty
Victim Site: e-loyalty.com.au
Website defacement of edidigital.co by XYZ/Alpha wolf team
Category: Defacement
Content: XYZ attacker and Alpha wolf team conducted a redefacement attack against EDI Digitals website on April 3, 2026. This represents a repeated compromise of the same target rather than an initial breach.
Date: 2026-04-03T04:39:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827719
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Colombia
Victim Industry: Technology/Digital Services
Victim Organization: EDI Digital
Victim Site: edidigital.co
Website defacement of ediediting.com by XYZ/Alpha wolf team
Category: Defacement
Content: The XYZ attacker group working with Alpha wolf team successfully defaced the EDI Editing website on April 3, 2026. This incident represents a redefacement of the target site rather than an initial compromise.
Date: 2026-04-03T04:38:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827720
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Professional Services
Victim Organization: EDI Editing
Victim Site: ediediting.com
Website defacement of Fix My Oven by Alpha wolf team
Category: Defacement
Content: Alpha wolf team, attributed to attacker XYZ, conducted a redefacement attack against Australian home appliance repair service Fix My Oven on April 3, 2026. This represents a targeted single-site defacement rather than a mass campaign.
Date: 2026-04-03T04:38:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827721
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Home Services
Victim Organization: Fix My Oven
Victim Site: fixmyoven.com.au
Website defacement of Jyotshna Enterprises by Alpha wolf team
Category: Defacement
Content: Alpha wolf team successfully defaced the Jyotshna Enterprises website on April 3, 2026. This appears to be a redefacement of a previously compromised site targeting the Indian companys web presence.
Date: 2026-04-03T04:37:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827722
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: India
Victim Industry: Unknown
Victim Organization: Jyotshna Enterprises
Victim Site: jyotshnaenterprises.co.in
Website defacement of Lockyer Valley Colonics by Alpha wolf team
Category: Defacement
Content: Alpha wolf team, with attacker XYZ, conducted a redefacement attack against Lockyer Valley Colonics healthcare website on April 3, 2026. This was a targeted single-site defacement rather than a mass attack campaign.
Date: 2026-04-03T04:36:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827723
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Healthcare
Victim Organization: Lockyer Valley Colonics
Victim Site: lockyervalleycolonics.com
Website defacement of Mactek Telecom by XYZ/Alpha wolf team
Category: Defacement
Content: XYZ attacker from Alpha wolf team successfully defaced the Mactek Telecom website on April 3, 2026. This incident was classified as a redefacement targeting the telecommunications companys homepage.
Date: 2026-04-03T04:36:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827724
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Telecommunications
Victim Organization: Mactek Telecom
Victim Site: mactektelecom.com.au
Website defacement of mcss.org.au by Alpha wolf team
Category: Defacement
Content: The Alpha wolf team, attributed to attacker XYZ, successfully defaced the MCSS website on April 3, 2026. This was identified as a redefacement incident targeting the organizations homepage.
Date: 2026-04-03T04:35:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827725
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: MCSS
Victim Site: mcss.org.au
Website defacement of Mobile Repair Central by XYZ/Alpha wolf team
Category: Defacement
Content: The XYZ attacker group, operating as part of the Alpha wolf team, successfully defaced the Mobile Repair Central website on April 3, 2026. This incident represents a redefacement of the target, indicating the attackers either regained access or the initial compromise was not fully remediated.
Date: 2026-04-03T04:34:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827726
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Technology/Electronics Repair
Victim Organization: Mobile Repair Central
Victim Site: mobilerepaircentral.com.au
Website defacement of Multi Community Support Solutions by XYZ/Alpha wolf
Category: Defacement
Content: XYZ attacker affiliated with Alpha wolf team conducted a redefacement attack against Multi Community Support Solutions website on April 3, 2026. This was identified as a targeted home page defacement rather than a mass defacement campaign.
Date: 2026-04-03T04:34:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827727
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Social Services
Victim Organization: Multi Community Support Solutions
Victim Site: multicommunitysupportsolutions…
Website defacement of Pest Control First by XYZ/Alpha wolf team
Category: Defacement
Content: The Alpha wolf team, operating under the XYZ attacker identity, successfully defaced the Pest Control First website on April 3, 2026. This appears to be a redefacement of a previously compromised target rather than an initial attack.
Date: 2026-04-03T04:33:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827728
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Pest Control Services
Victim Organization: Pest Control First
Victim Site: pestcontrolfirst.com.au
Website defacement of Property Shine Cleaning by Alpha wolf team
Category: Defacement
Content: Alpha wolf team conducted a redefacement attack against Property Shine Cleanings website on April 3rd, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-03T04:32:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827729
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Commercial Services
Victim Organization: Property Shine Cleaning
Victim Site: propertyshinecleaning.com.au
Website defacement of topendchill.com.au by XYZ/Alpha wolf team
Category: Defacement
Content: The Australian website topendchill.com.au was defaced by attacker XYZ associated with the Alpha wolf team on April 3, 2026. This was identified as a redefacement targeting the sites home page.
Date: 2026-04-03T04:32:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827730
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: topendchill.com.au
Website defacement of Trinity Point Wellbeing Clinic by XYZ/Alpha wolf team
Category: Defacement
Content: XYZ attacker from Alpha wolf team conducted a redefacement attack against Trinity Point Wellbeing Clinics website on April 3, 2026. This was a targeted home page defacement rather than part of a mass defacement campaign.
Date: 2026-04-03T04:31:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827731
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Trinity Point Wellbeing Clinic
Victim Site: trinitypointwellbeingclinic.co…
Website defacement of Triple S Cleaning Services by XYZ/Alpha wolf team
Category: Defacement
Content: XYZ attacker from Alpha wolf team conducted a redefacement of Triple S Cleaning Services website on April 3, 2026. This was a targeted home defacement rather than part of a mass defacement campaign.
Date: 2026-04-03T04:31:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827732
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Cleaning Services
Victim Organization: Triple S Cleaning Services
Victim Site: triplesrcleaningservices.com.au
Website defacement of Bolivian government portal by Alpha wolf team
Category: Defacement
Content: The Alpha wolf team, represented by attacker XYZ, successfully defaced the Bolivian governments Quipus portal on April 3, 2026. The incident targeted a Linux-based government website and was archived as a single defacement rather than part of a mass campaign.
Date: 2026-04-03T04:30:03Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248208
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Bolivia
Victim Industry: Government
Victim Organization: Government of Bolivia
Victim Site: quipus.gob.bo
Website defacement of hyhysmile.com intranet by XYZ/Alpha wolf team
Category: Defacement
Content: The XYZ attacker from Alpha wolf team successfully defaced the internal intranet portal of hyhysmile organization on April 3, 2026. The attack targeted a Linux-based server hosting the companys intranet infrastructure.
Date: 2026-04-03T04:29:41Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248209
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: hyhysmile
Victim Site: intranet.hyhysmile.com
Mass defacement campaign by Alpha wolf team targeting Australian garden services website
Category: Defacement
Content: The Alpha wolf team, attributed to attacker XYZ, conducted a mass defacement campaign targeting multiple websites including an Australian garden services company. This incident was part of a broader mass defacement operation rather than a targeted attack on the specific organization.
Date: 2026-04-03T04:29:20Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248210
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Professional Services
Victim Organization: 7 Days Garden Services
Victim Site: 7daysgardenservices.com.au
Mass website defacement targeting Australian landscaping company by Alpha wolf team
Category: Defacement
Content: The Alpha wolf team conducted a mass defacement campaign targeting multiple websites including an Australian landscaping and concrete services company. The attack was executed by attacker XYZ as part of a broader mass defacement operation on April 3, 2026.
Date: 2026-04-03T04:28:58Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248211
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Construction/Landscaping
Victim Organization: ASAP Landscape Concrete
Victim Site: asaplandscapeconcrete.com.au
Mass website defacement by Alpha wolf team targeting dpintlmoving.com
Category: Defacement
Content: Alpha wolf team conducted a mass defacement campaign targeting multiple websites including DP International Movings website. The attack was carried out by attacker XYZ as part of a broader mass defacement operation on April 3, 2026.
Date: 2026-04-03T04:28:36Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248212
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Transportation/Moving Services
Victim Organization: DP International Moving
Victim Site: dpintlmoving.com
Mass defacement targeting e-loyalty.com.au by XYZ/Alpha wolf team
Category: Defacement
Content: Mass defacement attack conducted by XYZ attacker from Alpha wolf team targeting e-loyalty.com.au on April 3, 2026. The incident was part of a broader mass defacement campaign rather than a targeted single-site attack.
Date: 2026-04-03T04:28:15Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248213
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Technology/Marketing
Victim Organization: E-Loyalty
Victim Site: e-loyalty.com.au
Website defacement of edidigital.co by XYZ/Alpha wolf team
Category: Defacement
Content: The XYZ attacker from Alpha wolf team successfully defaced the EDI Digital website on April 3, 2026. The incident was archived and mirrors are available showing evidence of the compromise.
Date: 2026-04-03T04:27:54Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248214
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Colombia
Victim Industry: Technology
Victim Organization: EDI Digital
Victim Site: edidigital.co
Mass defacement by Alpha wolf group targeting ediediting.com
Category: Defacement
Content: Alpha wolf group conducted a mass defacement campaign targeting ediediting.com and potentially other websites. The attack was part of a broader defacement operation rather than targeting this specific editing services company.
Date: 2026-04-03T04:27:33Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248215
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Professional Services
Victim Organization: EDI Editing
Victim Site: ediediting.com
Mass defacement campaign by Alpha wolf team targeting fixmyoven.com.au
Category: Defacement
Content: Alpha wolf team conducted a mass defacement campaign targeting the Fix My Oven website as part of a broader attack affecting multiple sites. The incident occurred on April 3, 2026, with the attacker identified as XYZ from the Alpha wolf group.
Date: 2026-04-03T04:27:11Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248216
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Consumer Services
Victim Organization: Fix My Oven
Victim Site: fixmyoven.com.au
Mass defacement campaign by Alpha wolf team targeting Jyotshna Enterprises
Category: Defacement
Content: Alpha wolf team conducted a mass defacement campaign targeting multiple websites including Jyotshna Enterprises. The attack was executed by attacker XYZ on April 3, 2026, affecting a Linux-based web server.
Date: 2026-04-03T04:26:50Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248217
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: India
Victim Industry: Unknown
Victim Organization: Jyotshna Enterprises
Victim Site: jyotshnaenterprises.co.in
Mass defacement campaign by Alpha wolf team targeting lockyervalleycolonics.com
Category: Defacement
Content: Alpha wolf team conducted a mass defacement campaign targeting multiple websites including lockyervalleycolonics.com on April 3, 2026. The attack was attributed to attacker XYZ as part of a broader mass defacement operation rather than a targeted attack on the specific healthcare organization.
Date: 2026-04-03T04:26:29Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248218
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Healthcare
Victim Organization: Lockyer Valley Colonics
Victim Site: lockyervalleycolonics.com
Mass website defacement of Mactek Telecom by Alpha wolf team
Category: Defacement
Content: The Alpha wolf team, attributed to attacker XYZ, conducted a mass defacement campaign targeting multiple websites including Australian telecommunications company Mactek Telecom on April 3, 2026.
Date: 2026-04-03T04:26:06Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248219
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Telecommunications
Victim Organization: Mactek Telecom
Victim Site: mactektelecom.com.au
Mass defacement campaign by Alpha wolf team targeting mcss.org.au
Category: Defacement
Content: The Alpha wolf team conducted a mass defacement campaign targeting mcss.org.au on April 3rd, 2026. This was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-04-03T04:25:45Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248220
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: mcss.org.au
Mass defacement targeting mobile repair services by Alpha wolf team
Category: Defacement
Content: Alpha wolf team, attributed to attacker XYZ, conducted a mass defacement campaign targeting multiple websites including Mobile Repair Centrals Australian website on April 3, 2026. This attack was part of a broader mass defacement operation rather than a targeted single-site compromise.
Date: 2026-04-03T04:25:25Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248221
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Technology Services
Victim Organization: Mobile Repair Central
Victim Site: mobilerepaircentral.com.au
Mass defacement targeting Australian community support organization by Alpha wolf team
Category: Defacement
Content: Alpha wolf team conducted a mass defacement campaign targeting Multi Community Support Solutions, an Australian social services organization. The attack was part of a broader mass defacement operation rather than a targeted attack on this specific organization.
Date: 2026-04-03T04:25:02Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248222
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Social Services
Victim Organization: Multi Community Support Solutions
Victim Site: multicommunitysupportsolutions.com.au
Mass defacement campaign by Alpha wolf team targeting Australian pest control website
Category: Defacement
Content: The Alpha wolf team, attributed to attacker XYZ, conducted a mass defacement campaign targeting pestcontrolfirst.com.au on April 3, 2026. This incident was part of a broader mass defacement operation rather than a targeted attack on the specific organization.
Date: 2026-04-03T04:24:40Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248223
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Pest Control Services
Victim Organization: Pest Control First
Victim Site: pestcontrolfirst.com.au
Mass website defacement targeting Australian cleaning company by Alpha wolf team
Category: Defacement
Content: The Alpha wolf team conducted a mass defacement attack targeting Property Shine Cleanings website in Australia. The incident was part of a broader mass defacement campaign rather than a targeted attack on the specific organization.
Date: 2026-04-03T04:24:20Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248224
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Cleaning Services
Victim Organization: Property Shine Cleaning
Victim Site: propertyshinecleaning.com.au
Mass website defacement campaign by Alpha wolf team targeting topendchill.com.au
Category: Defacement
Content: The Alpha wolf team, attributed to attacker XYZ, conducted a mass defacement campaign on April 3, 2026, targeting topendchill.com.au among other websites. This incident was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-04-03T04:24:01Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248225
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Top End Chill
Victim Site: topendchill.com.au
Alleged sale of USA Police Tipline Database containing 8.3 million records
Category: Data Breach
Content: Threat actor claims to be selling a database containing 8.3 million records from USA/Canada police tiplines, including anonymous crime tips, personal identifiers like SSNs, addresses, and phone numbers. The data is allegedly from P3Global/CrimeStoppers and being offered for $10,000 in cryptocurrency.
Date: 2026-04-03T04:23:55Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-USA-Police-Tipline-Database-8mil
Screenshots:
None
Threat Actors: iym
Victim Country: United States
Victim Industry: Government
Victim Organization: P3Global / CrimeStoppers
Victim Site: Unknown
Mass website defacement campaign by Alpha wolf team targeting Trinity Point Wellbeing Clinic
Category: Defacement
Content: Alpha wolf team conducted a mass defacement campaign targeting multiple websites including Trinity Point Wellbeing Clinics website on April 3, 2026. The attack was attributed to attacker XYZ and affected the Australian healthcare providers online presence.
Date: 2026-04-03T04:23:36Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248226
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Healthcare
Victim Organization: Trinity Point Wellbeing Clinic
Victim Site: trinitypointwellbeingclinic.com.au
Mass defacement targeting cleaning services website by Alpha wolf team
Category: Defacement
Content: The Alpha wolf team conducted a mass defacement attack targeting multiple websites including Triple SR Cleaning Services website in Australia. The attack was attributed to attacker XYZ and occurred as part of a broader mass defacement campaign rather than a targeted attack on the specific organization.
Date: 2026-04-03T04:23:15Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248227
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Cleaning Services
Victim Organization: Triple SR Cleaning Services
Victim Site: triplesrcleaningservices.com.au
Website defacement of adulteducation.voloka.org by XYZ/Alpha wolf team
Category: Defacement
Content: The threat actor XYZ from the Alpha wolf team successfully defaced the adult education website adulteducation.voloka.org on April 3, 2026. The attack targeted a Linux-hosted educational platform.
Date: 2026-04-03T04:22:54Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248228
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: adulteducation.voloka.org
Mass defacement campaign by Alpha wolf team targeting Ukrainian websites
Category: Defacement
Content: The Alpha wolf team conducted a mass defacement campaign targeting multiple Ukrainian websites including bunchuk.com.ua on April 3, 2026. The attack was part of a coordinated mass defacement operation rather than targeting a single site.
Date: 2026-04-03T04:22:34Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248229
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Ukraine
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: bunchuk.com.ua
Mass defacement campaign by Alpha wolf (XYZ) targeting destin-project.info
Category: Defacement
Content: The Alpha wolf team conducted a mass defacement campaign on April 3, 2026, compromising destin-project.info along with multiple other websites. The attack targeted a Linux-based server as part of a broader coordinated defacement operation.
Date: 2026-04-03T04:22:10Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248230
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Destin Project
Victim Site: destin-project.info
Mass defacement targeting Ukrainian organization by Alpha wolf (XYZ)
Category: Defacement
Content: The Alpha wolf team (attacker XYZ) conducted a mass defacement campaign targeting the Ukrainian regional dialogue organizations website. This incident was part of a broader mass defacement operation rather than a targeted single-site attack.
Date: 2026-04-03T04:21:47Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248231
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Ukraine
Victim Industry: Non-profit/Civil Society
Victim Organization: Regio Dialogue
Victim Site: www.regiodialogue.org.ua
Mass defacement campaign by Alpha wolf team member XYZ targeting tvoryty.com
Category: Defacement
Content: A mass defacement attack was conducted by attacker XYZ from the Alpha wolf team against tvoryty.com on April 3, 2026. The incident was part of a larger mass defacement campaign targeting multiple websites simultaneously.
Date: 2026-04-03T04:21:23Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248232
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: tvoryty.com
Alleged Data Leak of Centenaria y Benemérita Escuela Normal para Profesores Student/Applicant Records
Category: Data Leak
Content: Threat actor MagoSpeak claims to have leaked personal data from the Centenaria y Benemérita Escuela Normal para Profesores, a Mexican teachers college. The leaked data allegedly includes full names, paternal and maternal surnames, landline and mobile phone numbers, dates of birth, Gmail addresses, sex, age, CURP (Clave Única de Registro de Población — Mexican national ID), UID, application folio and status, birth entity, nationality, school ID, SIGED school key, school record key, school name, indigenous language status, disability status, and financial aid amounts received.
Date: 2026-04-03T04:02:30Z
Network: telegram
Published URL: https://t.me/c/3764001014/90
Screenshots:
None
Threat Actors: MagoSpeak
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Centenaria y Benemérita Escuela Normal para Profesores
Victim Site: Unknown
Alleged Data Leak of Escuela Normal del Estado de Querétaro Andrés Student Records
Category: Data Leak
Content: Threat actor MagoSpeak claims to have leaked data from the Centenaria y Benemérita Escuela Normal del Estado de Querétaro Andrés, a Mexican teacher training institution. The leaked data allegedly contains full names (paternal and maternal surnames), landline and mobile phone numbers, dates of birth, Gmail addresses, gender, age, CURP (unique population registry code), UID, application folio, application status, birth entity, nationality, school ID, SIGED school key, school record key, school name, indigenous language status, disability status, and financial aid information.
Date: 2026-04-03T03:58:37Z
Network: telegram
Published URL: https://t.me/c/3764001014/88
Screenshots:
None
Threat Actors: MagoSpeak
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Centenaria y Benemérita Escuela Normal del Estado de Querétaro Andrés
Victim Site: Unknown
Alleged Data Leak of Centenaria Escuela Normal del Estado Ignacio Manuel Altamirano by MagoSpeak
Category: Data Leak
Content: Threat actor MagoSpeak claims to have leaked data from Centenaria Escuela Normal del Estado Ignacio Manuel Altamirano, a Mexican state normal school. The leaked data allegedly contains extensive PII including full names, paternal and maternal surnames, landline and mobile phone numbers, dates of birth, Gmail addresses, sex, age, CURP (Clave Única de Registro de Población), UID, application folio and status, birth entity, nationality, school ID, SIGED school key, school record key, school name, indigenous language status, disability status, and financial information.
Date: 2026-04-03T03:56:20Z
Network: telegram
Published URL: https://t.me/c/3764001014/86
Screenshots:
None
Threat Actors: MagoSpeak
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Centenaria Escuela Normal del Estado Ignacio Manuel Altamirano
Victim Site: Unknown
Alleged Data Leak of Benemérita y Centenaria Escuela Normal Oficial de Guanajuato (Mexico)
Category: Data Leak
Content: Threat actor MagoSpeak claims to have leaked data from the Benemérita y Centenaria Escuela Normal Oficial de Guanajuato, a teacher training institution in Guanajuato, Mexico. The leaked data allegedly includes full names, paternal and maternal surnames, landline and mobile phone numbers, dates of birth, Gmail addresses, gender, age, CURP (national ID), UID, application folio and status, birth entity, nationality, school ID, SIGED school key, academic record key, school name, indigenous language status, disability status, and financial information.
Date: 2026-04-03T03:53:47Z
Network: telegram
Published URL: https://t.me/c/3764001014/84
Screenshots:
None
Threat Actors: MagoSpeak
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Benemérita y Centenaria Escuela Normal Oficial de Guanajuato
Victim Site: Unknown
Alleged Data Leak of Benemérito Instituto Normal del Estado General Juan Crisóstomo Bonilla by MagoSpeak
Category: Data Leak
Content: Threat actor MagoSpeak claims to have leaked data from the Benemérito Instituto Normal del Estado General Juan Crisóstomo Bonilla, a Mexican state normal school. The leaked data allegedly contains full names (paternal and maternal surnames), fixed and mobile phone numbers, dates of birth, Gmail addresses, gender, age, CURP (Clave Única de Registro de Población – Mexican national ID), UID, application folio and status, birth entity, nationality, school campus identifiers (ID Plantel, Clave SIGED), school record keys, indigenous language status, disability status, and financial aid information.
Date: 2026-04-03T03:49:35Z
Network: telegram
Published URL: https://t.me/c/3764001014/82
Screenshots:
None
Threat Actors: MagoSpeak
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Benemérito Instituto Normal del Estado General Juan Crisóstomo Bonilla
Victim Site: Unknown
Alleged leak of gaming and streaming platform credentials
Category: Combo List
Content: A threat actor shared a combolist containing approximately 4.8 million credentials allegedly targeting gaming and streaming platforms. The data is being distributed via a Mega file sharing link.
Date: 2026-04-03T03:34:05Z
Network: openweb
Published URL: https://crackingx.com/threads/70874/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Gaming and Entertainment
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Vietnamese telecommunications infrastructure
Category: Data Breach
Content: Indonesian hacktivist group Sadboy Cyber Team claims to have breached Vietnamese telephone infrastructure, allegedly obtaining 80 million phone records and 70 million voice recordings totaling 34GB. The group is selling the database for $160 and threatening further leaks if the Vietnamese government does not address their demands regarding Vietnamese citizens in Indonesia.
Date: 2026-04-03T03:23:09Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-80-Million-Vietnamese-Telephone-Line-Database–72135
Screenshots:
None
Threat Actors: SCTH
Victim Country: Vietnam
Victim Industry: Telecommunications
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor leaked 2,500 alleged valid Hotmail credentials through a free MediaFire download link.
Date: 2026-04-03T03:02:32Z
Network: openweb
Published URL: https://crackingx.com/threads/70873/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Yahoo credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 416,208 credentials allegedly from Yahoo users across mixed countries via a file sharing platform.
Date: 2026-04-03T02:42:55Z
Network: openweb
Published URL: https://crackingx.com/threads/70872/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com
Alleged defacement of hehindia.in by MANGSZXPLOIT
Category: Defacement
Content: A threat actor operating under the handle MANGSZXPLOIT claims to have defaced the website hehindia.in. The defacement message credits multiple groups including DREAM HACK, SILENT ERROR SYSTEM, ORDER 403, DEFACER INDONESIA TEAM, BABAYO ERROR SYSTEM, AN0NM_GH0ST_TR4CK, and PASKO CYBER REXOR, suggesting a coordinated or affiliated Indonesian hacktivist operation.
Date: 2026-04-03T02:41:39Z
Network: telegram
Published URL: https://t.me/c/3841736872/247
Screenshots:
None
Threat Actors: MANGSZXPLOIT
Victim Country: India
Victim Industry: Unknown
Victim Organization: HEH India
Victim Site: hehindia.in
Website defacement of Pertamina by redayourfav
Category: Defacement
Content: Indonesian state-owned oil and gas company Pertaminas website was defaced by threat actor redayourfav on April 3, 2026. The attack targeted a search page on the companys primary domain.
Date: 2026-04-03T02:36:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827709
Screenshots:
None
Threat Actors: redayourfav
Victim Country: Indonesia
Victim Industry: Energy
Victim Organization: Pertamina
Victim Site: pertamina.com
Website defacement of himla.com by DimasHxR
Category: Defacement
Content: Attacker DimasHxR successfully defaced himla.com on April 3, 2026, targeting a customer address page on the website. The defacement was documented and archived on zone-xsec.com mirror service.
Date: 2026-04-03T02:30:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827609
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Himla
Victim Site: himla.com
Website defacement of infshop.hu by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced the Hungarian e-commerce website infshop.hu on April 3, 2026, targeting what appears to be a customer address page within the sites media directory.
Date: 2026-04-03T02:29:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827618
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Hungary
Victim Industry: E-commerce
Victim Organization: Infshop
Victim Site: infshop.hu
Website defacement of kolborstar-gomes.se by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Swedish website kolborstar-gomes.se on April 3, 2026. The incident was documented as a single-target defacement with no apparent political motivation or mass campaign involvement.
Date: 2026-04-03T02:28:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827625
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Sweden
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: kolborstar-gomes.se
Website defacement of karmybrit.pl by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced a subdirectory of karmybrit.pl on April 3, 2026. This was an isolated defacement incident targeting a single page rather than a mass or home page defacement.
Date: 2026-04-03T02:28:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827628
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: karmybrit.pl
Website defacement of Kerashop by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced the Kerashop e-commerce website on April 3, 2026, targeting a customer management section of the Dutch online retailers platform.
Date: 2026-04-03T02:27:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827629
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Netherlands
Victim Industry: E-commerce
Victim Organization: Kerashop
Victim Site: kerashop.nl
Website defacement of lagarza.eu by DimasHxR
Category: Defacement
Content: DimasHxR conducted a website defacement attack against lagarza.eu on April 3, 2026. The attack targeted a specific subdirectory containing customer address data.
Date: 2026-04-03T02:27:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827631
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: lagarza.eu
Website defacement of Measurement Solutions Inc by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR successfully defaced the website of Measurement Solutions Inc on April 3rd, 2026. The defacement targeted a single page rather than the homepage and was not part of a mass campaign.
Date: 2026-04-03T02:26:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827643
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Technology/Engineering Services
Victim Organization: Measurement Solutions Inc
Victim Site: measurementsolutionsinc.com
Website defacement of meushot.com.br by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Brazilian website meushot.com.br on April 3, 2026. The attack targeted a specific page within the media/customer directory rather than the homepage.
Date: 2026-04-03T02:26:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827648
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: meushot.com.br
Website defacement of pessere.com by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR successfully defaced the pessere.com website on April 3, 2026, targeting a specific customer management page within the sites media directory.
Date: 2026-04-03T02:25:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827660
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Pessere
Victim Site: pessere.com
Website defacement of brander.technology subdomain by DimasHxR
Category: Defacement
Content: DimasHxR defaced a subdomain of brander.technology on April 3, 2026. The attack targeted a specific page rather than the main website and was not part of a mass defacement campaign.
Date: 2026-04-03T02:24:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827676
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Brander Technology
Victim Site: rost.m2.brander.technology
Website defacement of shondo.vn by DimasHxR
Category: Defacement
Content: The attacker DimasHxR successfully defaced the shondo.vn website on April 3, 2026, targeting a customer address page. This was an individual defacement incident rather than a mass defacement campaign.
Date: 2026-04-03T02:24:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827681
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: shondo.vn
Website defacement of Stack Systems by DimasHxR
Category: Defacement
Content: The attacker DimasHxR successfully defaced the Stack Systems website on April 3, 2026. This was a targeted single-site defacement rather than a mass attack or redefacement.
Date: 2026-04-03T02:23:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827682
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: France
Victim Industry: Technology
Victim Organization: Stack Systems
Victim Site: stack-systems.fr
Website defacement of thegioinano.com by DimasHxR
Category: Defacement
Content: Vietnamese website thegioinano.com was defaced by attacker DimasHxR on April 3, 2026. The defacement targeted a specific media/customer directory rather than the main homepage.
Date: 2026-04-03T02:23:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827700
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: thegioinano.com
Website defacement of xero.online by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR successfully defaced the xero.online website on April 3, 2026, targeting a customer management section of the site. This appears to be an individual attack rather than part of a coordinated campaign.
Date: 2026-04-03T02:22:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827706
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Technology/Software
Victim Organization: Xero Online
Victim Site: xero.online
Website defacement of Cavallaro by DimasHxR
Category: Defacement
Content: DimasHxR defaced a subdirectory of the Cavallaro fashion retailer website on April 3, 2026. The attack targeted a media/customer advertisement section of the Dutch companys website.
Date: 2026-04-03T02:16:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827531
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Netherlands
Victim Industry: Fashion/Retail
Victim Organization: Cavallaro
Victim Site: cavallaro.nl
Website defacement of elektropepi.eu by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced a subdirectory of elektropepi.eu on April 3, 2026. This was an isolated defacement incident targeting the organizations media customer section.
Date: 2026-04-03T02:16:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827532
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Elektropepi
Victim Site: elektropepi.eu
Website defacement of bossu.co.uk by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced a subdirectory of bossu.co.uk on April 3, 2026. This was a single-site defacement targeting the customer media section of the website.
Date: 2026-04-03T02:15:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827533
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: bossu.co.uk
Website defacement of DVS Wines by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the DVS Wines website on April 3, 2026, targeting the companys media section. This appears to be an isolated defacement incident rather than part of a broader campaign.
Date: 2026-04-03T02:15:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827534
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Food and Beverage
Victim Organization: DVS Wines
Victim Site: dvswines.com
Website defacement of Leaderfins Russia by DimasHxR
Category: Defacement
Content: Individual threat actor DimasHxR defaced the Russian diving equipment manufacturer Leaderfins website on April 3, 2026. The attack targeted a specific media subdirectory rather than the main homepage.
Date: 2026-04-03T02:14:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827535
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Manufacturing
Victim Organization: Leaderfins Russia
Victim Site: leaderfins-russia.ru
Website defacement of rebelleftc.com by DimasHxR
Category: Defacement
Content: On April 3, 2026, threat actor DimasHxR successfully defaced the rebelleftc.com website, targeting a specific media customer page. The attack was carried out by a single individual rather than an organized group.
Date: 2026-04-03T02:13:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827538
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: rebelleftc.com
Website defacement of The Lounge Kuwait by DimasHxR
Category: Defacement
Content: On April 3, 2026, attacker DimasHxR successfully defaced theloungekwt.com, targeting what appears to be a hospitality business in Kuwait. The defacement was a single-target attack rather than part of a mass defacement campaign.
Date: 2026-04-03T02:13:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827540
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Kuwait
Victim Industry: Hospitality
Victim Organization: The Lounge Kuwait
Victim Site: theloungekwt.com
Website defacement of UK Flooring Sale by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the UK Flooring Sale e-commerce website on April 3, 2026. The defacement targeted a specific media directory rather than the main homepage.
Date: 2026-04-03T02:12:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827542
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Retail/E-commerce
Victim Organization: UK Flooring Sale
Victim Site: ukflooringsale.co.uk
Alleged Data Leak of Benemérita y Centenaria Escuela Normal del Estado de San Luis Potosí
Category: Data Leak
Content: Threat actor MagoSpeak claims to have leaked data from the Benemérita y Centenaria Escuela Normal del Estado de San Luis Potosí (a teacher training institution in San Luis Potosí, Mexico). The leaked data allegedly includes full names, paternal and maternal surnames, landline and mobile phone numbers, dates of birth, Gmail addresses, sex, age, CURP (unique population registry code), UID, application folio, application status, birth entity, nationality, school ID, SIGED school key, school enrollment key, school name, indigenous language status, disability status, and financial aid information.
Date: 2026-04-03T02:10:24Z
Network: telegram
Published URL: https://t.me/c/3764001014/80
Screenshots:
None
Threat Actors: MagoSpeak
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Benemérita y Centenaria Escuela Normal del Estado de San Luis Potosí
Victim Site: Unknown
Alleged malware campaign abusing Claude Code leak to distribute Vidar infostealer via fake GitHub repositories
Category: Malware
Content: Threat actors are creating fake GitHub repositories impersonating Claude Code to lure users into downloading malicious files. Once executed, the files install the Vidar information-stealing malware. The campaign continuously changes tactics and appears in search results to maximize victim reach, highlighting risks of downloading from unofficial sources.
Date: 2026-04-03T02:08:18Z
Network: telegram
Published URL: https://t.me/c/1283513914/20919
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Benemérita y Centenaria Escuela Normal del Estado de Durango
Category: Data Leak
Content: Threat actor MagoSpeak claims to have leaked data from the Benemérita y Centenaria Escuela Normal del Estado de Durango (a teacher training institution in Durango, Mexico). The leaked data allegedly includes full names, paternal and maternal surnames, landline and mobile phone numbers, dates of birth, Gmail addresses, sex, age, CURP (national ID), UID, application folio and status, birth entity, nationality, school ID, SIGED school key, school record key, institution name, indigenous language status, disability status, and financial aid information.
Date: 2026-04-03T02:06:35Z
Network: telegram
Published URL: https://t.me/c/3764001014/78
Screenshots:
None
Threat Actors: MagoSpeak
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Benemérita y Centenaria Escuela Normal del Estado de Durango
Victim Site: Unknown
Alleged data breach of Xiamen Tungsten Co., Ltd.
Category: Data Breach
Content: Threat actor claims to have compromised Xiamen Tungsten Co., Ltd. infrastructure and is distributing over 160GB of SQL database backups containing R&D data, ERP systems, HR records, financial information, manufacturing data, and government relations records.
Date: 2026-04-03T02:05:10Z
Network: openweb
Published URL: https://darkforums.su/Thread-Xiamen-Tungsten-Co-XTC-Full-Infrastructure-Dump-2026–72130
Screenshots:
None
Threat Actors: Moneyistime
Victim Country: China
Victim Industry: Mining and Manufacturing
Victim Organization: Xiamen Tungsten Co., Ltd.
Victim Site: Unknown
Alleged data breach of JPMorgan Securities Thailand
Category: Data Breach
Content: Threat actor claims to possess a database containing 2.1 million records from JPMorgan Securities Thailand, including customer names, mobile numbers, gender, ID numbers, and securities firm information. The actor is soliciting buyers through Telegram contact.
Date: 2026-04-03T02:05:07Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-JPMorgan-Securities-Thailand-Stocks-2100000
Screenshots:
None
Threat Actors: globalData1
Victim Country: Thailand
Victim Industry: Financial Services
Victim Organization: JPMorgan Securities Thailand
Victim Site: Unknown
Alleged sale of US car owner database containing drivers license and personal information
Category: Data Breach
Content: Threat actor claims to be selling a database containing 4.8 million US car owner records with drivers license information, personal details including names, emails, phone numbers, SSNs, dates of birth, addresses, and IP addresses. Sample data from North Carolina residents is provided as verification.
Date: 2026-04-03T02:05:04Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-USA-car-owner-driver-s-license-and-ID-card-4800000
Screenshots:
None
Threat Actors: dataPenetrationA
Victim Country: United States
Victim Industry: Government/Motor Vehicle Department
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of National Public Data (NPD) database
Category: Data Leak
Content: Threat actor shared a magnet link providing free access to the NPD (National Public Data) database, criticizing others who were charging for the same data. The leak appears to be distributed via torrent with password protection.
Date: 2026-04-03T02:05:01Z
Network: openweb
Published URL: https://darkforums.su/Thread-Full-NPD
Screenshots:
None
Threat Actors: randomddos
Victim Country: United States
Victim Industry: Data Services
Victim Organization: National Public Data
Victim Site: Unknown
Alleged data breach involving Indian stock market investors
Category: Data Breach
Content: Thread indicates potential compromise of Indian stock market investor data affecting 2.4 million records. No post content available for verification of claims or additional details.
Date: 2026-04-03T02:04:57Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Indian-stock-market-investors-securities-2400K
Screenshots:
None
Threat Actors: globalData1
Victim Country: India
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Stripe payment processing data
Category: Data Leak
Content: A threat actor shared what appears to be a Stripe live API key along with payment transaction data including customer billing details, payment methods, and transaction histories. The leaked data contains information for transactions processed through ZAYON WOODEN WATCHES merchant account.
Date: 2026-04-03T02:03:57Z
Network: openweb
Published URL: https://darkforums.su/Thread-stripe-key-and-partial-info
Screenshots:
None
Threat Actors: polrbearagainblud
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Stripe
Victim Site: stripe.com
Alleged promotion of HellsKey OSINT framework for dark web intelligence gathering
Category: Initial Access
Content: Threat actor promotes HellsKey Breach, an advanced OSINT tool for gathering intelligence from dark web sources including domains, credentials, and network reconnaissance. The tool offers subscription-based access to unobfuscated sensitive data through Telegram channels and dark web sites.
Date: 2026-04-03T02:03:37Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-HellsKey-Breach-%E2%80%93-Elite-OSINT-Framework
Screenshots:
None
Threat Actors: hellskeybreach
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Benemérita y Centenaria Escuela Normal de Jalisco by MagoSpeak
Category: Data Leak
Content: Threat actor MagoSpeak claims to have leaked personal data from the Benemérita y Centenaria Escuela Normal de Jalisco, a teacher training institution in Jalisco, Mexico. The leaked data allegedly includes full names, paternal and maternal surnames, landline and mobile phone numbers, dates of birth, Gmail addresses, gender, age, CURP (Clave Única de Registro de Población), UID, application folio and status, birth entity, nationality, school ID, SIGED school key, school record key, school name, indigenous language status, disability status, and financial aid information.
Date: 2026-04-03T01:49:18Z
Network: telegram
Published URL: https://t.me/c/3764001014/75
Screenshots:
None
Threat Actors: MagoSpeak
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Benemérita y Centenaria Escuela Normal de Jalisco
Victim Site: Unknown
Website defacement of levelinaja.com by ARJUN-X001/KEJE ARMY
Category: Defacement
Content: ARJUN-X001 from the KEJE ARMY group successfully defaced the levelinaja.com website on April 3, 2026. This was a single home page defacement rather than a mass attack.
Date: 2026-04-03T01:44:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827530
Screenshots:
None
Threat Actors: ARJUN-X001, KEJE ARMY
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: levelinaja.com
Alleged data leak of Benemérita Universidad Autónoma de Puebla (BUAP) student records
Category: Data Leak
Content: Threat actor MagoSpeak claims to have leaked data from the Benemérita Universidad Autónoma de Puebla (BUAP), a major Mexican public university. The leaked dataset allegedly contains extensive PII including full names, paternal/maternal surnames, landline and mobile phone numbers, dates of birth, Gmail addresses, gender, age, CURP (Clave Única de Registro de Población – Mexican national ID), UID, application folio and status, birth entity, nationality, school campus identifiers (ID Plantel, Clave SIGED), academic enrollment keys, indigenous language status, disability status, and financial aid information.
Date: 2026-04-03T01:41:55Z
Network: telegram
Published URL: https://t.me/c/3764001014/74
Screenshots:
None
Threat Actors: MagoSpeak
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Benemérita Universidad Autónoma de Puebla (BUAP)
Victim Site: buap.mx
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,993 allegedly valid Hotmail email and password combinations on a cybercrime forum. The credentials are being distributed through a Telegram channel.
Date: 2026-04-03T01:41:09Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X1993-Valid-UHQ-Hotmail-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
North Attleboro schools hit by suspected cyberattack
Category: Cyber Attack
Content: According to Superintendent John Antonucci, North Attleboro schools are facing a cybersecurity incident involving unauthorized activities on its network. The nature of the activities has not been specified.
Date: 2026-04-03T01:29:57Z
Network: openweb
Published URL: https://www.thesunchronicle.com/news/local_news/north-attleboro-schools-hit-by-suspected-cyberattack/article_be4c41b0-57ef-4516-9234-b03a45b08d29.html
Screenshots:
None
Threat Actors:
Victim Country: United States
Victim Industry: Unknown
Victim Organization: North Attleboro schools
Victim Site: naschools.net
Patriot Regional Emergency Communications Center in Pepperell hit by cyberattack, affecting multiple towns
Category: Cyber Attack
Content: A cyberattack occurring on March 31, 2026 disrupted non-priority and commercial phone lines at the Patriot Regional Emergency Communications Center (PRECC) and public safety services of several Massachusetts municipalities. Although the 911 emergency system remained operational and no personal data breach was confirmed, authorities engaged cybersecurity experts and federal partners to contain the incident and restore services. The cities of Pepperell, Dunstable, Townsend and Groton asked citizens to use an alternative phone number for non-priority lines pending resolution of the crisis.
Date: 2026-04-03T01:29:54Z
Network: openweb
Published URL: https://www.sentinelandenterprise.com/2026/04/01/patriot-regional-emergency-communications-center-in-pepperell-hit-by-cyberattack-affecting-multiple-towns/
Screenshots:
None
Threat Actors:
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Patriot Regional Emergency Communications Center
Victim Site: pepperell.ma.us
Alleged sale of Hotmail combolists with inbox access across multiple countries
Category: Combo List
Content: A threat actor is offering Hotmail credential lists spanning multiple countries including UK, DE, JP, NL, BR, PL, ES, US, and IT. The seller claims to provide inbox searching by keyword (e.g., eBay, PSN, Amazon, Walmart, Uber, Booking, Poshmark, Alibaba, Mercari, Neosurf), and also offers valid ntlworld webmails via a private cloud infrastructure. Buyers are directed to DM for custom requests.
Date: 2026-04-03T01:23:15Z
Network: telegram
Published URL: https://t.me/c/2613583520/58954
Screenshots:
None
Threat Actors: Admu
Victim Country: Unknown
Victim Industry: Technology / Email Services
Victim Organization: Hotmail
Victim Site: hotmail.com
Alleged leak of private credential mix pack
Category: Combo List
Content: Threat actor maicolpg19 shared a private mix pack of credential logs via Mega file hosting service. The content is distributed for free with password available through a Telegram channel.
Date: 2026-04-03T01:10:29Z
Network: openweb
Published URL: https://crackingx.com/threads/70869/
Screenshots:
None
Threat Actors: maicolpg19
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of T-Online credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 38,479 credential lines specifically targeting the t-online.de domain. The data was shared for free download via a file hosting service.
Date: 2026-04-03T01:10:05Z
Network: openweb
Published URL: https://crackingx.com/threads/70870/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Germany
Victim Industry: Telecommunications
Victim Organization: T-Online
Victim Site: t-online.de
Website defacement of Salameh Beauty by ARJUN-X001 (KEJE ARMY)
Category: Defacement
Content: ARJUN-X001 from the KEJE ARMY group defaced the homepage of salamehbeauty.com on April 3, 2026. This was a single home page defacement targeting a beauty/cosmetics business website.
Date: 2026-04-03T01:05:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/827529
Screenshots:
None
Threat Actors: ARJUN-X001, KEJE ARMY
Victim Country: Unknown
Victim Industry: Beauty/Cosmetics
Victim Organization: Salameh Beauty
Victim Site: salamehbeauty.com
Alleged sale of non-VBV credit card data
Category: Data Breach
Content: Threat actor WongL is allegedly selling fresh credit card data without VBV (Verified by Visa) protection with replacement guarantee. The actor claims 100% validity and does not offer free testing.
Date: 2026-04-03T00:59:45Z
Network: openweb
Published URL: https://crackingx.com/threads/70868/
Screenshots:
None
Threat Actors: WongL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German shopping credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 617,266 credential entries allegedly targeting German shopping websites. The data was shared as a free download via a file-sharing platform.
Date: 2026-04-03T00:27:00Z
Network: openweb
Published URL: https://crackingx.com/threads/70867/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of stolen credentials via stealer logs
Category: Logs
Content: Threat actor UP_DAISYCLOUD distributed 5,610 stealer logs containing stolen credentials for free download via cloud storage, claiming daily uploads of fresh stolen data.
Date: 2026-04-03T00:16:43Z
Network: openweb
Published URL: https://darkforums.su/Thread-%F0%9F%9A%80-5610-LOGS-CLOUD-%E2%98%81-01-APRIL-%E2%9D%A4%EF%B8%8F-FRESH-LOGS%E2%9D%97%EF%B8%8F
Screenshots:
None
Threat Actors: UP_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged account compromise and data exfiltration targeting Telegram user @Songokukakarotooficiall
Category: Cyber Attack
Content: Threat groups CASH COL and IRON ATLAS NEW GENERATION claim to have jointly compromised the Telegram account of user @Songokukakarotooficiall, allegedly due to their use of Henxx tools. The actors claim to have exfiltrated all messages, files, photos, hidden documents, and contact/network data. The post is written in Spanish and signed by @IMPORT_404. The stolen data is described as being archived and publicly exposed.
Date: 2026-04-03T00:10:39Z
Network: telegram
Published URL: https://t.me/c/3518294966/58
Screenshots:
None
Threat Actors: CASH COL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 9.3 million credential combinations targeting multiple sectors
Category: Combo List
Content: Threat actor distributes a combolist containing 9.3 million email and password combinations through Telegram channels, targeting government services, social networks, streaming platforms, gaming services, and other online platforms.
Date: 2026-04-03T00:07:33Z
Network: openweb
Published URL: https://crackingx.com/threads/70865/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Multiple sectors
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of GitHub Personal Access Token and Cisco IT Splunk Query by ShinyHunters
Category: Data Breach
Content: ShinyHunters posted a GitHub Personal Access Token (ghp_798fnSquvZ4IrZUiTPoin61nsbDL0x2cxpJ1) along with its base64-hashed equivalent and a Splunk query targeting a Cisco IT GitHub audit log index (ds-github). The query filters for non-US actor locations and extracts IP addresses, actions, repository names, user agents, and hashed tokens. The tag #speedboat67 may indicate an internal operation or campaign identifier. This suggests potential compromise of Ciscos GitHub environment or insider access being leveraged for reconnaissance.
Date: 2026-04-03T00:02:33Z
Network: telegram
Published URL: https://t.me/c/3737716184/639
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Technology
Victim Organization: Cisco
Victim Site: Unknown