[April-5-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This comprehensive threat intelligence report details a concentrated wave of cybersecurity incidents that occurred primarily between April 5 and April 6, 2026. The threat landscape during this period was characterized by a massive volume of website defacements, the distribution of billions of compromised credentials via combo lists, high-profile corporate and government data breaches, and the sale of sophisticated malware and initial access vectors.

The data indicates a highly active cybercriminal ecosystem operating across the open web and Telegram networks. The most prolific activity was driven by hacktivist and defacement groups, particularly the “Umbra Community,” which executed dozens of targeted defacements and redefacements across multiple global sectors. Simultaneously, notorious data breach groups such as “ShinyHunters” targeted major financial and governmental institutions, demanding ransoms and leaking terabytes of sensitive information. Furthermore, the underground economy thrived on the mass distribution of combo lists, with actors like “Leak Realm” and “VitVit” sharing lists containing hundreds of millions to billions of credential records.

This report provides a granular analysis of the threat actors involved, the attack vectors utilized, the targeted industries, and the geographical distribution of the victims, concluding with a summary of the evolving threat landscape based strictly on the detected incidents.

2. Scope and Methodology

This report is strictly based on a provided dataset of detected cyber incidents, encompassing raw intelligence drafts detailing events logged on April 5 and April 6, 2026. The methodology for this report involves the systematic categorization and analysis of these events based on several key indicators:

Threat Actor Profiling: Identifying and linking activities to specific threat actors and groups.
Attack Categorization: Classifying incidents into categories such as Defacement, Combo List distribution, Data Leaks, Data Breaches, Malware deployment, and Initial Access sales.
Victimology: Analyzing the targeted industries (e.g., Healthcare, Education, Financial Services) and the specific organizations affected.
Geographical Impact: Assessing the countries targeted by these cyber operations.
Network Intelligence: Documenting the platforms used for illicit activities, primarily dividing between the “openweb” (including cybercrime forums) and encrypted messaging applications like “telegram”.

3. Threat Actor Landscape and Profiling

The analyzed dataset reveals a diverse ecosystem of threat actors, ranging from script kiddies and defacement teams to sophisticated ransomware operators and initial access brokers.

3.1 The Defacement Collectives

A significant portion of the recorded incidents constitutes website defacements. These attacks were largely dominated by a few highly active collectives.

Umbra Community (Actor: Nicotine) The Umbra Community, specifically an actor using the alias “Nicotine,” was the most prolific entity in the dataset. Their operations heavily targeted WordPress installations and theme directories. A defining characteristic of Nicotine’s methodology is the “redefacement” of targets—compromising websites that had already been previously attacked, indicating either incomplete remediation by the victims or persistent backdoor access established by the threat actor. Nicotine’s targets were geographically and sectorally diverse, including:

Brazil: tiocaio.com.br (Defacement) , AMG Despachante (Professional Services) , Desentupidora Roto Master (Commercial Services) , jjacalhas.com.br , Loc Soluções , Reboque de Lima (Transportation) , Reinert SC.
India: dmkengwing.in , pharmaclowd.in (Healthcare) , skyartcgs.in , Agrawal Industries (Manufacturing) , Arpan Engineers (Engineering) , Discovery Lane Academy (Education) , Garg Ayurveda (Healthcare) , Mercury Lock India (Manufacturing) , QuickMark , Scintillate Playway School (Education) , The Creative School Aligarh , Vastu Vida Jaykhanna (Professional Services) , Sign Maker (Manufacturing) , Thanjavur Art Gallery (Arts and Culture).
United Arab Emirates: City Park Electronics (Retail) , Wilabs , Holistic OB/GYN Dubai (Healthcare) , Bosla Mortgage (Financial Services) , IT City (Technology) , IT Village (Technology) , Locksmith Dubai 24/7 (Professional Services) , jobsinabudhabi.com (Employment Services – though this was by VinzXploit, UAE was heavily targeted overall).
Pakistan: SpeedTech (Technology) , Greenway Healthcare , Lahore IT Solutions , Lahore Startups , Pakit Solutions , PropertyInfo (Real Estate) , Sasti Shop (E-commerce).
United Kingdom: myskyline.co.uk , RehabFinder (Healthcare) , ERP Solutions (Technology).
Other Notable Targets: Wings Wide Shipping (Transportation/Logistics) , Emynix , Alam Import Export , Red Mind Technologies (Technology) , Ekalaiva AI (Technology) , myrootstn.com (Tunisia) , Rayie Petrochemical , Skyreach Scaffolding (Construction) , I2 Real Estate , Blingua English Classes (Education) , Dhanwantari Central (Healthcare) , GK Institute , Hotel Silver Pearl (Hospitality) , Optrica Pharmaceutical , Pankaj Pharma , Rama Nursing Home , Statue Galleria , ZX Holding (Qatar, Business Services) , SchoolScaler (Education) , ATI Corporation (Bangladesh) , Insect Killer Services , HealVibe (Healthcare) , wania.com.bd (Bangladesh) , demowebsiteorganisasi.web.id (Indonesia) , energysep.com (Energy) , Sonex Branding (Marketing) , Fruit of Eden (US) , Fruit of the Spirit Cleaning , Toyinks Care Services (Healthcare) , elarashine.my.id (Malaysia) , AppTechCode (Technology) , Binzish Solutions (Technology) , DevTrixSol , Golden Wind FM (Media) , hertelaviv.com (Israel) , Jaimes Landscape Design , Kahale Properties (Real Estate) , OscarDeFi (Financial Services) , aspiredukyuan.com , Skinmed Academia (Healthcare) , Clinica Veterinaria Bylaardt , Aptive Environmental , Ecomhandler (E-commerce).

INDOHAXSEC (Actor: fidzxploit) The INDOHAXSEC group, primarily operating through the actor “fidzxploit,” engaged in widespread mass defacement campaigns. Their operations targeted Linux-based servers. Fidzxploit claimed responsibility for defacing multiple websites across different countries, often utilizing Zone-H mirrors (e.g., ID: 41673308) to archive proof of their attacks. Targets included:

Siva Advertising Company (boovikey.sivaadvertisingcompany.in, India).
heavydata.khurramumtaz.com (Pakistan).
Lampiao Solucoes (lp.lampiaosolucoes.com.br, Brazil).
hospital.spearas.com (Healthcare infrastructure).
heavydata.spearas.com.
school.spearas.com (Education).
BIET Bhadrak (Education, India).

Zod An actor or group identified simply as “Zod” executed extensive mass defacement campaigns, compromising multiple websites simultaneously rather than focusing on targeted, single-site breaches. These attacks largely impacted Linux-hosted platforms. Targets included:

skillerio.com (Technology/Education).
Infinia Clinic (Healthcare).
Housing Compare (Real Estate, India).
Faces by Madhuraa (Beauty/Cosmetics).
DigitizeLearn (Education, India).
digitalhackzone.com.
chanakyacp.com (India).
A Digital Galaxy (Technology).
sportmassage.hu (Healthcare/Wellness, Hungary).
Oznetshop (E-commerce).

jatengblekhet (Actor: tirz4sec) The jatengblekhet team, utilizing the actor name “tirz4sec,” focused heavily on defacing WordPress content and upload directories. Their victims included:

Meshkat Store (E-commerce).
Free-Find (Technology, UK).
GearOwl.
City of Neckarsulm (gv-neckarsulm.de, Government, Germany).
Mobilificio Solinas (Furniture Manufacturing, Italy).
niptuckpages.com.
Campiutti Esteves (Brazil).

CYBER ERROR SYSTEM (Actor: VinzXploit) VinzXploit from the CYBER ERROR SYSTEM team specifically targeted the “pwd.php” pages of various websites. Targets included:

Jobs in Abu Dhabi (Employment Services, UAE).
The Infopedia (Information/Media).
ittedi.com.
IT Team Corp (Information Technology).
Real Wealth Australia (Financial Services, Australia).

Alpha wolf (Actor: XYZ) The Alpha wolf team, via actor XYZ, targeted homepages and Linux/FreeBSD-based servers. Victims included:

Evervision (Technology, South Korea).
Aiello Engineering (Engineering).

Leviathan Perfect Hunter (Actor: Aptisme) Actor Aptisme executed targeted single-site defacements, often altering specific HTML or text files (e.g., art.txt, art.html). Targets included:

ALC Coaching (Professional Services).
Akademia Tip Top (Education, Poland).
Penosil (Construction/Manufacturing).
agentn.net.
World Meeting and Events.

DimasHxR Operating as a solo attacker, DimasHxR frequently targeted specific media and customer subdirectories rather than root homepages, executing numerous redefacements. Victims included:

HOM.
BusyB (UK).
Ragan and Massey.
Saucer Solutions.
Mardi Gras Beads For Less (Retail/E-commerce).
Gadget Parts (Electronics, Australia).
TimeToCart (E-commerce).
almandoos.com.
Venashop (E-commerce, Poland).
CanMedDirect (Healthcare, Canada).
bijurdelimon.com.
thisisfromroy.com.
BH Online Store (E-commerce).
Edumalls (Education).

Other Defacement Actors:

HackerSec.ID (Mr.Spongebob): Defaced Glicowings in Indonesia.
Alperen_216 (ALP): Defaced worldhorizon.cn (China), specifically targeting the wp-load.php file.
XSQDD PHILIPPINE (PredixorX): Defaced the Linux server of ELTS in the Philippines.
XmrAnonye.id (E.H.9): Defaced Vaughan Tamils, a Canadian community organization.
Maros Black Hat (Hiro-X): Defaced the German personal site gerhardthiel.com.
BABAYO EROR SYSTEM (Mr.PIMZZZXploit): Defaced multiple domains including jurnal.angkoso.my.id, ahadbinilyas.passionflip.pk, travel.skyrank.shop, shop.abbasgarments.com, thepicwall.com.pikesway.com, and marie.abbasgarments.com.
STORM BREAKER SECURITY (PH.BL4KE): Defaced telecommunications provider ProtonsCable.

3.2 Advanced Persistent Threats and High-Impact Breach Groups

ShinyHunters ShinyHunters operated as an advanced threat group focused on high-value data breaches, ransomware operations, and the subsequent sale or leaking of exfiltrated data. They aggressively solicited private contact via the encrypted Session messenger. Furthermore, they were heavily involved in the promotion of a new cybercrime forum, “PwnForums,” operating on both the clearnet and the Tor network, likely intended as a successor to BreachForums for hosting stolen data. ShinyHunters executed several massive corporate and government breaches, systematically leaking data when ransom demands were not met:

European Commission (europa.eu): Leaked over 350GB of uncompressed data, including mail server dumps, databases, contracts, and confidential documents, distributed via Tor and a direct IP.
Ameriprise Financial, Inc.: Exfiltrated 236GB of Salesforce records containing PII and corporate data after ransom negotiations failed, publishing the data on an onion site.
Infinite Campus, Inc.: Leaked 1.2GB of Salesforce records, indicating an unpaid ransom through their file naming conventions.
Berkadia Commercial Mortgage, LLC: Compromised and leaked 27GB of compressed Salesforce records, publishing archives explicitly named to mock the victim for not paying the ransom (e.g., “shouldve_paid_the_ransom_berkadia-shinyhunters.7z”).
French Ministry of Culture Subsidized Entity: Sold near-complete access to a French government entity, including Domain Admin rights with plain-text passwords, access to 1,250 Windows devices, 33 XEN servers, Google Workspace, Azure, EDR Security Center, and physical server iDRACs, exposing IDs, passports, and medical records.

ShadowByt3S This group executed a ransomware-style data breach against Starbucks, leaking 10GB of data sourced from an AWS S3 bucket after the corporation allegedly failed to meet ransom demands within a 72-hour window.

3.3 Hacktivism and Politically Motivated Groups

Handala Hack (حنظله) Handala Hack is a pro-Palestinian hacktivist group that launched severe politically motivated cyber attacks.

They claimed responsibility for attacking 27 Israeli companies, explicitly stating the operations were cyber retaliation for the killing of children in Minab.
They frequently utilized Telegram and shortened URLs to announce new leaks and operations against Israeli targets.
They issued formal, severe threats against the critical infrastructure (water, electricity, oil) of countries perceived as hostile to Iran or the “Resistance Axis,” claiming to have these infrastructures under complete surveillance and control, preparing for paralyzing attacks in response to actions against Iran’s energy sector.

Nasir Hacker Group (نصیر) This group claimed massive infiltration of Kuwaiti government and intelligence systems, specifically targeting the Ministry of Interior. They alleged possession of highly sensitive documents detailing Kuwait’s military and intelligence cooperation with foreign entities (including the US), threatening to publish data on officials and military personnel, and warned of further attacks on Kuwaiti infrastructure.

Z-Pentest Alliance Operating under the hashtag #OpUK, this group claimed unauthorized access to the CCTV surveillance systems of a UK hostel. They asserted control over all cameras (kitchen, entrance, hallways, exterior) and claimed access was achieved without brute force, framing the incident as a vulnerability demonstration to highlight weak security postures rather than an extortion attempt.

3.4 Data Brokers and Combolist Distributors

A vast underground economy revolved around the free distribution and sale of “Combo Lists” (combinations of usernames/emails and passwords) and “Stealer Logs” (data harvested by information-stealing malware).

Leak Realm Leak Realm was responsible for distributing astronomical volumes of credential data on cybercrime forums. Their releases included combolists of varying sizes: 7.9 million records , 11 million records , 25 million records , 60 million records , 70 million records , 129 million records , and a staggering 196 million URL:LOGIN:PASS combinations.

VitVit Actor VitVit shared the largest single credential leak in the dataset: a 100GB combolist containing 3 billion URL:Log:Pass combinations.

CODER CODER specialized in targeted combolists focusing on highly lucrative sectors, distributing them freely via Telegram channels. Their targeted lists included:

Gaming platforms and Spotify.
12 million records targeting financial institutions like Starling Bank, Ally Bank, SoFi, Venmo, and Zelle.
8 million records targeting Office 365, N26, Chime, Monzo, and cryptocurrency exchanges.
15 million records targeting financial services like Stripe, Square, QuickBooks, and Xero.
12 million records targeting PayPal, Wise, Revolut, Payoneer, and Cash App.
17 million credentials targeting Discord, Stack Overflow, Medium, Binance, Coinbase, Trust Wallet, Reddit, GitHub, Quora, and e-commerce sites.
7 million corporate credentials.
12.3 million credentials for Alibaba, eBay, Lennar, CBRE, Brookfield, and Shopify.

HQcomboSpace

This actor focused on both platform-specific and geographically targeted credential leaks:

1.3 million Yahoo credentials.
179,363 mixed country Hotmail credentials.
1.58 million mixed country Hotmail credentials.
59,674 corporate email/SMTP combinations.
136,052 entries targeting educational, social media, and shopping sites.
Massive country-specific lists targeting Germany: 1.1 million lines , 831,238 pairs , 566,368 lines , and 495,248 pairs specifically targeting German shopping websites.

CobraEgy CobraEgy operated the “Maxi_Leaks” operation, distributing high-quality, geographically targeted email:password combinations. Their leaks included:

New Zealand: 15,000 records.
Norway: 14,000 records.
Portugal: 45,000 records.
South Africa: 39,000 records.
Romania: 34,000 records.
Slovakia: 24,000 records.
Russia: 1.3 million records.
A massive 3.4 GB collection of stealer logs dated April 6, 2026.

MailAccesss

MailAccesss was a prolific distributor of fresh, verified email credentials across various jurisdictions:

700,000 Hotmail credentials.
1,700 fresh mixed email credentials.
5,000 valid mixed email access credentials.
1,700 valid Japanese email credentials.
1,000 US-based email credentials.
1,100 French email credentials.
34,000 German email credentials with full mail access.
19,000 valid corporate email credentials.
1,000 valid Hotmail credentials.

Other Combolist and Log Distributors:

Kokos2846q: PandaCloud fresh email credentials , and 39,000 mixed email credentials via Telegram.
steeve75: 170,000 mixed email/password combinations.
Ra-Zi: 170,000 credentials targeting Netflix, Minecraft, Uplay, Steam, Hulu, Spotify; 124,000 targeted GMX email credentials.
tuzelity: Sold combolists and stealer logs for Hotmail, Gmail, Yahoo, Facebook, TikTok, Netflix, Amazon, etc., across the US, UK, DE, FR, CA, AU, and JP.
NUllSHop0X: 1,400 high-quality Hotmail credentials.
ValidMail: 82,000 valid forum credentials distributed multiple times.
FlashCloud2: 13,000 Hotmail combinations.
UP_DAISYCLOUD: 5,378 fresh stealer logs from April 5th.
WINGO: 3,000 fresh mixed credentials; 3,000 WEB.DE credentials; 9,000 mixed credentials.
Blackcloud: 1.1 million credential records.
RandomUpload: 20,000 mixed email credentials; 10,000 mixed credentials via Google Drive.
D4rkNetHub: Distributed Hotmail credentials across multiple dumps (2,186 , 2,408 , 1,210 ).
Jelooos: Hotmail lists with full verification status (600 , 2,400 mixed country , 3,400 fresh ).
Max_Leaks: 3.4 GB of high-quality stealer malware logs.
martcloud: Fresh Hotmail databases.
alphaxdd: Premium Hotmail credentials (3,886 , 1,421 from a private cloud , 1,220 valid ).
noir: Hotmail and mixed email combos via Telegram.
strelok639: Massive 1.3TB private database of URL/logins/passwords and browsing history.
erwinn91 / Steveee36: HQ Mix lists and 1,120 HQ Hotmail credentials.
Lexser: 4,000 mixed email credentials.
HollowKnight07: Sample Hotmail lists (484 , 650 ).
fatetraffic: 1,392 mixed stealer logs with browser data.
snowstormxd: Fresh Hotmail credentials via Telegram.
zod: WordPress-related combolists; 32,890 lines of mixed credentials via Telegram.
KiwiShio: 1,120 Hotmail combinations.
TeraCloud1: 3,000 valid mixed credentials with private cloud access via Telegram.
Akari21: Fresh, untouched Hotmail “drops”.
COYTO: 1,000 valid mixed combinations ; mixed access credentials via Pasteview.
NotSellerxd: 2,910 mixed email credentials.
klyne05: Private, fresh, checked Hotmail lists.
Admu: Selling themed Hotmail combolists (PayPal, eBay, Uber, Amazon, etc.) for UK, DE, JP, US, and NTLWorld webmails, with keyword inbox searching.
redcloud: 4,600 valid Hotmail credentials via MediaFire.
seainloq12: 604GB of fresh stealer logs with daily updates via Telegram.
Yìchén: Selling multi-platform (Hotmail, Amazon, PayPal, Netflix, PSN) lists across the US, UK, FR, DE, JP, etc., offering keyword inbox searching from a private cloud.
Dataxlogs: Selling mail access, configs, and scripts for France, Belgium, Australia, Canada, UK, US, etc., with custom requests.

3.5 Initial Access Brokers, Tool Developers, and Malware Operators

JINKUSU (jinkusu01)

JINKUSU operated as a sophisticated tool developer catering to financial fraud and identity theft.

They sold “NFC RIPPER,” an Android toolkit designed for NFC relay attacks against payment cards at POS terminals and ATMs, featuring PIN bypass, card limit bypass, and remote Python server operation.
They advertised deepfake and voice manipulation software (face swapping, voice changing, virtual cameras) specifically designed to bypass Know Your Customer (KYC) identity verification processes.
They sold the source code for “EvilNote,” a mass email sending tool for $500, enabling custom SMTP server usage, template management, and personalization.

xibulipali This actor advertised a “marketplace-as-a-service” platform—a complete infrastructure for cybercriminal activities. The platform included escrow systems, vendor management, automated verification, and listings for selling RDP/VPS access, credentials, and illegal digital products.

North Korean-linked Hackers

State-sponsored or affiliated hackers executed sophisticated campaigns:

They conducted a social engineering supply chain attack targeting a developer of the popular “Axios” npm package. By using fake meetings and fabricated Microsoft Teams errors, they tricked the developer into installing remote access malware, subsequently publishing malicious versions of Axios to infect downstream users and steal data.
They breached a cryptocurrency platform not solely via technical exploits, but through slow infiltration and social engineering to gain trust and exploit internal management processes.

NoVoice Malware Operators Actors distributed the “NoVoice” Android malware through over 50 applications on the Google Play Store, infecting an estimated 2.3 million devices. The malware exploited legacy vulnerabilities to gain root access without suspicious permissions, established persistent C2 communication, and infiltrated apps to steal data and accounts even after factory resets.

Other Initial Access Brokers and Tool Providers:

Threat Market: Offered comprehensive cookie/session management software for $199 via Telegram (@ThreatMarketBot) and Tor, used for account takeover, with new updates frequently announced.
NormalLeVrai: Sold a vulnerability for $600 affecting 38,575 website panels globally, including cPanels, SSH/WHM, SMTP, and government access points.
miyako: Sold an “Intermediate Cyber Operations Guide v2” for $1000, detailing methods for government access, botnets, ransomware deployment, and C2 setup, highlighting a breach of the Indonesian government.
Target777: Advertised lookup services on the CrackingX forum.
wh6ami: Sold administrative access to the Bangladesh Public Works Department’s HRIS system for $80, exposing employee, attendance, and salary data.
Jurak: Sold an active business PayPal account with a $30,000 balance and $19M transaction history.
Jax Plans Bot: Offered a security bypass tool targeting pbipsi.com.
NeZha CVV Support & Squad Chat Marketplace: Operated Telegram carding stores (PepeCard, AllCards, CocoCheck, @vcxdcvx, @cocococococococo1, t.me/fsdf12452) selling stolen credit cards globally starting at $1, with 75-95% validity rates and bulk CVV checking services.
GetRenewed: Rented virtual phone numbers from 40+ countries for SMS verification bypass, accepting Monero for anonymity.
lockbit: Offered US driver’s license counterfeiting services with worldwide shipping via the dark web.
DuperKinger123: Sold admin access to government email systems in Bulgaria, Angola, South Africa, and Nigeria, allowing unlimited account creation and intelligence access.
pstipwner: Sold admin access to the Brazilian Central Bank’s PSTI system for $5,000, exposing PIX certificates and internal files.
Nullsec Philippines: Sold web shells hosted on Brazilian government (.gov.br) domains.
MILNET Services: Advertised raw network infrastructure power for DDoS or offensive operations via Telegram.
Cyberban News: Reported on 36 malicious npm packages masquerading as Strapi plugins that executed remote access, established backdoors, and exfiltrated cryptocurrency data using Redis and PostgreSQL.

4. Specific Data Breaches and Leaks

Beyond the high-profile ShinyHunters breaches, numerous threat actors leaked or sold targeted databases.

Katarinka

This actor focused on comprehensive database dumps:

Consult2Bond: Leaked customer credentials, personal info, order details, passwords, and addresses.
vip.ithk.com: Leaked internal staff contacts, customer data, and pricing metadata across 136 records.
Gedeon (Poland): Leaked 489 records including user credentials and CMS content.
Indian Construction Industry: Leaked 26,562 records containing payment details, communications, and company profiles.
Tripeak Bearing: Leaked 265 records covering user credentials and activity logs.

crazyboy68

Focused on E-commerce and Education databases:

CustomKing (UK): Shared a 105MB SQL database dump of the online store.
Greenhandle.in (India): Leaked a B2B packaging customer database with business names, emails, and orders.
UNIFAP (Brazil): Sold a university student portal database containing MD5 password hashes, grades, and documents.
anhsangsoiduong.vn (Vietnam): Leaked an 800MB SQL database of user credentials.

Petro_Escobar

Targeted South American energy and financial sectors:

Endesa (Spain/Colombia) & EmergiaCC: Sold internal documents and 25 million records containing PII, IBAN numbers, and contact info for $200.
Gas Natural Vanti & GNP Grupo Nacional de Proyectos: Sold SQL databases with 10 million records covering back-office messaging and sales for $500.
Banco AV Villas & Conalcreditos (Colombia): Published internal databases with customer info, loan obligations, payment agreements, and collection management data.

Blastoize

XAM’s 316 Database Collection: Leaked 5.7 million records from gaming, automotive, and medical forums originating from RaidForums 2019.
Bank Pembangunan Daerah Banten (Indonesia): Claimed to possess 733,000 card details and 73,000 customer records (names, IDs, transaction details).
zyh365.com (China): Sold a massive 92.5 million record database from China’s national volunteer service platform, including IDs, political party affiliations, and organizational memberships.

Other Notable Breaches and Leaks:

Kyy: Sold 11,550 job applicant records and 478 partnership records from Nakamura Co (Indonesia).
ARPANET744: Shared alleged French UCAR data.
Angel_Batista: Doxxed a cybersecurity researcher named “Saxx”, publishing PII alongside personal attacks.
RainbowDF: Claimed to possess 700,000 Spanish customer records (CSV/SQL) from evolveyourenglish.com (2020-2026).
Databroker1: Sold 1.4 million CRM entries (PII, credentials, loyalty data) from Thai duty-free retailer King Power.
XZeeoneOfc: Leaked internal HR data (names, IDs, complete addresses) of 2,200 employees from Indonesian cigarette companies PT Putra Pacitan Indonesia Sejahtera and PT Tunas Mandiri.
Proculin: Distributed a leaked 64MB PDF of the “Internet Security Complete Manual 27th Edition 2026”.
phoenix_leads: Leaked a Canadian residential database with 10 million consumer records (names, addresses, phone numbers).
Перун Сварога: Leaked government administrative data related to the Center for Administrative Services in Ternopil, Ukraine (cnap.rada.te.ua).
AckLine: Sold a 21GB database from Botswana ISP PrimeTel/NConnect for $300, containing employee emails and data from 2014-2026.
PaskoCyberRexor / DanzNisMxst7: Distributed the TEEB Valuation Database via a Telegram channel.
GoRainCC: Repeatedly distributed pirated and cracked engineering software, including ConcreteBending 8.01 , CADValley InfraWizard Professional 2026 , Codemill IFC Export , CadPro Tools for AutoCAD 2026 , and CadPro Tools for Revit 2026.
marssepe: Leaked 640,000 personnel records from Puerto Inteligente Seguro Mexico, including CURP, RFC, social security numbers, and photos.
MONEYLINE: Distributed French identity documents (ID cards, passports, driver licenses) for free via Google Drive.
FANZIO: Operated a store selling OnlyFans account balances and adult content platform credentials.
Dumpsec: Sold 35 million records from French Regional Health Agencies (ARS) and over 130 hospitals (including APHP), containing detailed patient medical identifiers.
vexin: Sold 30.26 GB of corporate infrastructure data from Susinsumos.com for $500, including payroll, tax documents, and server backups.
uhqboyz: Leaked 3,312,785 records from the French entity BourseDesVols.
SnowSoul: Leaked 100GB of financial processing data from Summit USA, including ACH databases, payment settlements, and bank affiliate info.
AleDelRey: Leaked 85,000 customer records from an Italian tax and legal portal.
Rakyat Digital Crew: Leaked the Mitra Husada University (UPPM) database, exposing admin credentials (including an easily crackable MD5 hash for the password “admin”).
hannisonntag / LegioNLeakeRs: Shared URL, login, and password data on xforums.

5. Geographical Impact Analysis

The recorded incidents demonstrate a globally distributed attack surface, with distinct clusters of activity in several key regions.

United States: Experienced high-impact breaches affecting major corporations and financial institutions. ShinyHunters compromised Ameriprise Financial , Infinite Campus , and Berkadia Commercial Mortgage. ShadowByt3S successfully extorted Starbucks, leaking 10GB of AWS data. Furthermore, 100GB of Summit USA financial data was leaked , and malicious actors actively sold US driver’s license counterfeits and compromised US PayPal accounts. Defacements also impacted US domains like Fruit of Eden.
India: A major focal point for website defacements and data leaks. The Umbra Community and INDOHAXSEC heavily targeted Indian domains across manufacturing, education, and professional services (e.g., dmkengwing.in , Agrawal Industries , Discovery Lane Academy , Siva Advertising Company , BIET Bhadrak ). Additionally, a significant breach exposed 26,562 records from the Indian Construction Industry and B2B marketplace Greenhandle.in.
Brazil: Heavily targeted by the Umbra Community (Nicotine) and jatengblekhet (tirz4sec) for defacements, affecting tiocaio.com.br , AMG Despachante , Reboque de Lima , and Campiutti Esteves. More critically, high-level administrative access to the Central Bank of Brazil’s PSTI system was sold , alongside the sale of .gov.br web shells. A university database (UNIFAP) was also breached.
France: Suffered critical government and healthcare breaches. ShinyHunters compromised a Ministry of Culture subsidized entity, gaining domain admin access and exposing medical/passport data. A massive 35 million record healthcare breach impacted French Regional Health Agencies (ARS) and over 130 hospitals. French identity documents were leaked for free , along with 3.3 million BourseDesVols records.
Indonesia: Impacted by targeted data breaches including the sale of Bank Pembangunan Daerah Banten card details , Nakamura Co applicant records , and PT Putra Pacitan cigarette company HR data. The Mitra Husada University (UPPM) portal was breached exposing admin credentials. Defacements affected domains like demowebsiteorganisasi.web.id and Glicowings.
United Arab Emirates: Retail, technology, and service providers were targeted by Umbra Community defacements (City Park Electronics , Bosla Mortgage , IT City , Locksmith Dubai , Jobs in Abu Dhabi ).
Pakistan: Experienced targeted defacements by Nicotine against domestic IT and real estate sectors (SpeedTech , Lahore IT Solutions , PropertyInfo ).
Germany: Extensively targeted for credential harvesting, with HQcomboSpace and others distributing massive German-specific combolists (over 1.1 million , 831k , and 495k records). Defacements hit the City of Neckarsulm government site.
Colombia: Severe financial and utility breaches by Petro_Escobar, leaking millions of records from Banco AV Villas, Conalcreditos, Gas Natural Vanti, and GNP.
Israel: Targeted by political hacktivist groups (Handala) claiming attacks on 27 companies. Defacements hit hertelaviv.com.
China: A massive 92.5 million record breach hit the zyh365.com volunteer and political party database. Defacements affected Microsoft Store China.
United Kingdom: Z-Pentest Alliance compromised hostel CCTV systems. Defacements targeted RehabFinder and Free-Find.
Other Impacted Nations: Belgium (European Commission) , Mexico (Puerto Inteligente Seguro) , Canada (10 million residential records leaked ), Kuwait (Ministry of Interior targeted by Nasir) , Bangladesh (HRIS system access sold ), Thailand (King Power breach ), Ukraine (Ternopil admin services leak ), Spain (EvolveYourEnglish ), Poland (Gedeon ), Italy (Tax portal ), Botswana (PrimeTel ISP ), and Vietnam.

6. Victimology: Industry Sector Analysis

Financial Services & Cryptocurrency: A highly targeted sector for both ransomware and combo list distribution. ShinyHunters hit Ameriprise and Berkadia. Petro_Escobar breached Colombian banks. Access to the Brazilian Central Bank was sold. North Korean actors compromised a crypto platform via social engineering. Threat actor CODER circulated millions of credentials specifically targeting Stripe, Square, PayPal, Wise, Venmo, and Monzo.
Government & Public Sector: High-value targets suffered significant data loss. The European Commission was breached by ShinyHunters. Access to government emails across Bulgaria, Angola, South Africa, and Nigeria was sold. A French Ministry of Culture entity was deeply compromised. Hacktivists targeted the Kuwait Ministry of Interior. Web shells on Brazilian .gov.br sites were sold.
Healthcare & Pharmaceuticals: Suffered massive data loss and widespread defacements. A 35 million record breach hit French Regional Health Agencies and 130+ hospitals. Nicotine/Umbra Community persistently defaced healthcare sites including pharmaclowd.in , Dhanwantari Central , Garg Ayurveda , Optrica Pharmaceutical , Pankaj Pharma , Rama Nursing Home , HealVibe , Toyinks Care Services , and Holistic OB/GYN Dubai.
Technology & E-commerce: Highly targeted by combo list distributors (Amazon, eBay, Shopify, Alibaba). The Axios npm supply chain attack demonstrated sophisticated targeting of open-source infrastructure. E-commerce platforms like sastishop.pk and CustomKing were breached or defaced.
Education: Targeted for PII extraction. Infinite Campus was breached by ShinyHunters. UNIFAP (Brazil) and Mitra Husada University (Indonesia) suffered database leaks exposing student and admin records. EvolveYourEnglish lost 700k Spanish records. Nicotine defaced numerous academies (Blingua English Classes , Discovery Lane Academy ).

7. Conclusion

The cybersecurity intelligence from April 5-6, 2026, illustrates a highly volatile threat landscape dominated by two primary methodologies: the overwhelming volume of automated/semi-automated website defacements (led by the Umbra Community and INDOHAXSEC) and the mass aggregation and distribution of compromised credentials (led by data brokers like Leak Realm, CODER, and VitVit).

The activities of advanced persistent threats like ShinyHunters and North Korean-affiliated hackers demonstrate that high-value targets (financial institutions, government entities, and software supply chains) remain highly vulnerable to sophisticated extortion and social engineering tactics. The sale of administrative access to critical infrastructure, such as the Central Bank of Brazil and global government email systems, indicates a thriving “Access-as-a-Service” economy that lowers the barrier to entry for devastating cyber attacks.

The continuous “redefacement” of websites points to a systemic failure in incident response and vulnerability patching among small-to-medium enterprises, allowing threat actors to maintain persistent access. Furthermore, the availability of specialized tools for NFC fraud, KYC bypass, and bulk credential checking exacerbates the threat posed by the billions of leaked credentials, ensuring that identity theft and financial fraud will remain critical risks in the near term. Organizations must prioritize immediate remediation of known vulnerabilities, enforce multi-factor authentication to combat credential stuffing, and enhance monitoring of both technical boundaries and social engineering vectors to mitigate these converging threats.

Detected Incidents Draft Data

Website defacement of tiocaio.com.br by Nicotine (Umbra Community)
Category: Defacement
Content: The website tiocaio.com.br was defaced by attacker Nicotine affiliated with the Umbra Community team on April 6, 2026. This appears to be a single site defacement targeting a Brazilian domain.
Date: 2026-04-05T23:32:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830237
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: tiocaio.com.br
Alleged distribution of fresh email credential lists via PandaCloud service
Category: Combo List
Content: Threat actor is distributing fresh email credential lists through a Telegram channel called PandaCloud, claiming to add new databases daily with only relevant and latest data.
Date: 2026-04-05T23:28:05Z
Network: openweb
Published URL: https://crackingx.com/threads/71256/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Wings Wide Shipping by Nicotine/Umbra Community
Category: Defacement
Content: Umbra Community member Nicotine defaced the Wings Wide Shipping website on April 6, 2026. This incident was marked as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-05T23:26:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830233
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Transportation/Logistics
Victim Organization: Wings Wide Shipping
Victim Site: wingswideshipping.com
Website defacement of emynix.com by Nicotine (Umbra Community)
Category: Defacement
Content: On April 6, 2026, the attacker Nicotine from the Umbra Community team successfully defaced the emynix.com website, targeting the WordPress themes directory. This was an isolated defacement incident rather than part of a mass campaign.
Date: 2026-04-05T23:20:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830232
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Emynix
Victim Site: emynix.com
Website defacement of Alam Import Export by Nicotine (Umbra Community)
Category: Defacement
Content: The website alamimportexport.com was defaced by attacker Nicotine from the Umbra Community group on April 6, 2026. The defacement targeted an import/export business website.
Date: 2026-04-05T22:57:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830197
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Import/Export
Victim Organization: Alam Import Export
Victim Site: alamimportexport.com
Alleged ShinyHunters Threat Actor Soliciting Private Contact via Session Messenger
Category: Data Breach
Content: The ShinyHunters threat actor group is soliciting private contact through the Session encrypted messenger, providing their Session ID for secure communications. This is consistent with their known pattern of selling stolen databases and breached data through encrypted channels.
Date: 2026-04-05T22:54:16Z
Network: telegram
Published URL: https://t.me/c/3737716184/812
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email and password credentials
Category: Combo List
Content: A threat actor shared a combolist containing 170,000 email and password combinations for free download on a cybercriminal forum.
Date: 2026-04-05T22:53:30Z
Network: openweb
Published URL: https://crackingx.com/threads/71252/
Screenshots:
None
Threat Actors: steeve75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Red Mind Technologies by Nicotine (Umbra Community)
Category: Defacement
Content: Red Mind Technologies website was defaced by attacker Nicotine from the Umbra Community group on April 6, 2026. This incident represents a redefacement of a previously compromised target.
Date: 2026-04-05T22:45:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830168
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Red Mind Technologies
Victim Site: redmindtechnologies.ai
Alleged leak of credential combolist targeting multiple streaming and gaming platforms
Category: Combo List
Content: A threat actor shared a combolist containing 170,000 email and password combinations allegedly targeting Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify accounts. The actor also advertises additional credential lists for sale via Telegram.
Date: 2026-04-05T22:45:23Z
Network: openweb
Published URL: https://demonforums.net/Thread-170k-Fresh-HQ-Combolist-Email-Pass-Netflix-Minecraft-Uplay-Steam-Hulu-spotify–199463
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Entertainment and Gaming
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of City Park Electronics by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community group defaced the City Park Electronics website on April 6, 2026. This was identified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-05T22:45:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830173
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United Arab Emirates
Victim Industry: Electronics/Retail
Victim Organization: City Park Electronics
Victim Site: cityparkelectronics.ae
Website defacement of dmkengwing.in by Nicotine (Umbra Community)
Category: Defacement
Content: Umbra Community member Nicotine successfully defaced dmkengwing.in on April 6, 2026. This incident represents a redefacement of the target site rather than an initial compromise.
Date: 2026-04-05T22:44:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830175
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: dmkengwing.in
Website defacement of ekalaiva-ai.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website ekalaiva-ai.com was defaced by attacker Nicotine from the Umbra Community group on April 6, 2026. This appears to be a redefacement of a previously compromised AI technology company website.
Date: 2026-04-05T22:44:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830176
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Ekalaiva AI
Victim Site: ekalaiva-ai.com
Website defacement of myrootstn.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website myrootstn.com was defaced by the attacker Nicotine associated with the Umbra Community team on April 6, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-05T22:43:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830179
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Tunisia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: myrootstn.com
Website defacement of pharmaclowd.in by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community conducted a redefacement of the Indian pharmaceutical website pharmaclowd.in on April 6, 2026. This represents a repeat attack against the same target, indicating persistent targeting of the healthcare sector.
Date: 2026-04-05T22:42:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830181
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Healthcare/Pharmaceutical
Victim Organization: Unknown
Victim Site: pharmaclowd.in
Website defacement of Rayie Petrochemical by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community group conducted a redefacement of rayiepetrochem.com on April 6, 2026. This marks a repeat compromise of the petrochemical companys website.
Date: 2026-04-05T22:42:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830183
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Petrochemical
Victim Organization: Rayie Petrochemical
Victim Site: rayiepetrochem.com
Website defacement of Red Mind Technologies by Nicotine from Umbra Community
Category: Defacement
Content: The technology company Red Mind Technologies was targeted in a redefacement attack by the attacker Nicotine associated with the Umbra Community group on April 6, 2026. This represents a secondary compromise of the website, indicating either incomplete remediation from a previous incident or persistent threat actor access.
Date: 2026-04-05T22:41:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830184
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Red Mind Technologies
Victim Site: redmindtechnologies.com
Website defacement of skpkaruna.com by Nicotine of Umbra Community
Category: Defacement
Content: The website skpkaruna.com was defaced by attacker Nicotine affiliated with the Umbra Community group on April 6, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-05T22:41:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830186
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: skpkaruna.com
Website defacement of Skyreach Scaffolding by Nicotine (Umbra Community)
Category: Defacement
Content: The website of Skyreach Scaffolding was defaced by attacker Nicotine affiliated with the Umbra Community group on April 6, 2026. This was identified as a redefacement incident targeting the construction companys website.
Date: 2026-04-05T22:40:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830187
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Construction
Victim Organization: Skyreach Scaffolding
Victim Site: skyreachscaffolding.com
Website defacement of thei2realestate.com by Nicotine/Umbra Community
Category: Defacement
Content: The Umbra Community threat group, specifically actor Nicotine, conducted a redefacement attack against I2 Real Estates website on April 6, 2026. This represents a repeat compromise of the real estate companys web presence.
Date: 2026-04-05T22:39:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830189
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Real Estate
Victim Organization: I2 Real Estate
Victim Site: thei2realestate.com
Website defacement of thinkitstampit.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website thinkitstampit.com was defaced by attacker Nicotine associated with the Umbra Community team on April 6, 2026. This incident represents a redefacement of the target site.
Date: 2026-04-05T22:39:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830190
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: thinkitstampit.com
Website defacement of zspeciality.com by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from Umbra Community conducted a redefacement of zspeciality.com on April 6, 2026. This was identified as a redefacement rather than an initial compromise, suggesting the site had been previously targeted.
Date: 2026-04-05T22:38:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830194
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: zspeciality.com
Website defacement of skyartcgs.in by Nicotine (Umbra Community)
Category: Defacement
Content: Umbra Community member Nicotine conducted a redefacement attack against skyartcgs.in on April 6, 2026. The attack targeted a WordPress theme directory on the Indian domain.
Date: 2026-04-05T22:32:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830103
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: skyartcgs.in
Website defacement of Agrawal Industries by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community conducted a redefacement of Agrawal Industries website on April 6, 2026. This represents a repeat attack against the Indian manufacturing companys web presence.
Date: 2026-04-05T22:31:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830104
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Manufacturing
Victim Organization: Agrawal Industries
Victim Site: agrawalindustries.in
Website defacement of Arpan Engineers by Nicotine from Umbra Community
Category: Defacement
Content: Attacker Nicotine from the Umbra Community group defaced the Arpan Engineers website on April 6, 2026. This appears to be a redefacement of a previously compromised site.
Date: 2026-04-05T22:31:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830106
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Engineering/Construction
Victim Organization: Arpan Engineers
Victim Site: arpanengineers.com
Website defacement of Blingua English Classes by Nicotine (Umbra Community)
Category: Defacement
Content: The educational website blinguaenglishclasses.com was defaced by attacker Nicotine affiliated with Umbra Community on April 6, 2026. This represents a redefacement of the target site rather than an initial compromise.
Date: 2026-04-05T22:30:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830107
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Blingua English Classes
Victim Site: blinguaenglishclasses.com
Website defacement of Dhanwantari Central by Nicotine (Umbra Community)
Category: Defacement
Content: The healthcare website dhanwantaricentral.com was defaced by attacker Nicotine from the Umbra Community group on April 6, 2026. This incident represents a redefacement of the target site.
Date: 2026-04-05T22:30:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830108
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Dhanwantari Central
Victim Site: dhanwantaricentral.com
Website defacement of Discovery Lane Academy by Nicotine (Umbra Community)
Category: Defacement
Content: The educational institution Discovery Lane Academys website was defaced by attacker Nicotine associated with the Umbra Community group on April 6, 2026. This incident represents a redefacement of the target site.
Date: 2026-04-05T22:29:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830109
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Education
Victim Organization: Discovery Lane Academy
Victim Site: discoverylaneacademy.in
Website defacement of Garg Ayurveda by Nicotine (Umbra Community)
Category: Defacement
Content: Umbra Community member Nicotine conducted a redefacement attack against Garg Ayurvedas website on April 6, 2026. This represents a repeat compromise of the Indian ayurvedic healthcare organizations web presence.
Date: 2026-04-05T22:29:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830110
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Healthcare
Victim Organization: Garg Ayurveda
Victim Site: gargayurveda.in
Website defacement of GK Institute by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community threat actor Nicotine conducted a redefacement attack against GK Institutes website on April 6, 2026. This marks a repeated compromise of the educational institutions web infrastructure.
Date: 2026-04-05T22:28:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830111
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Education
Victim Organization: GK Institute
Victim Site: gkinstitute.net
Alleged distribution of gaming and streaming service credential lists
Category: Combo List
Content: Threat actor distributes credential lists targeting gaming platforms and Spotify accounts through Telegram channels. The actor offers free access to credential combinations and related tools through multiple Telegram groups.
Date: 2026-04-05T22:28:13Z
Network: openweb
Published URL: https://crackingx.com/threads/71251/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Entertainment
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of goldinleaf.com by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community group conducted a redefacement of goldinleaf.com on April 6, 2026. This represents a repeat compromise of the same target website.
Date: 2026-04-05T22:27:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830112
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: goldinleaf.com
Website defacement of hemitlocks.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website hemitlocks.com was defaced by the attacker Nicotine affiliated with Umbra Community on April 6, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-05T22:27:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830113
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: hemitlocks.com
Website defacement of Hotel Silver Pearl by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community threat actor known as Nicotine conducted a redefacement attack against Hotel Silver Pearls website on April 6, 2026. This incident represents a repeated compromise of the hospitality organizations web infrastructure.
Date: 2026-04-05T22:26:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830114
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Hospitality
Victim Organization: Hotel Silver Pearl
Victim Site: hotelsilverpearl.com
Website defacement of Mercury Lock India by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community threat actor Nicotine conducted a redefacement attack against Mercury Lock Indias website on April 6, 2026. This marks a repeat compromise of the Indian lock manufacturing companys web presence.
Date: 2026-04-05T22:26:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830115
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Manufacturing
Victim Organization: Mercury Lock India
Victim Site: mercurylockindia.com
Website defacement of Optrica Pharmaceutical by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community group defaced the Optrica Pharmaceutical website on April 6, 2026. This was identified as a redefacement incident, indicating the site had been previously compromised.
Date: 2026-04-05T22:25:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830116
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare/Pharmaceutical
Victim Organization: Optrica Pharmaceutical
Victim Site: optricapharmaceutical.com
Website defacement of Pankaj Pharma by Nicotine (Umbra Community)
Category: Defacement
Content: The pharmaceutical company Pankaj Pharmas website was defaced by threat actor Nicotine from the Umbra Community group on April 6, 2026. This appears to be a redefacement of a previously compromised target.
Date: 2026-04-05T22:25:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830117
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Pharmaceutical
Victim Organization: Pankaj Pharma
Victim Site: pankajpharma.com
Website defacement of QuickMark by Nicotine (Umbra Community)
Category: Defacement
Content: Threat actor Nicotine from Umbra Community conducted a redefacement attack against quickmark.co.in on April 6, 2026. This appears to be a targeted attack against an Indian commercial website.
Date: 2026-04-05T22:24:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830118
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Unknown
Victim Organization: QuickMark
Victim Site: quickmark.co.in
Website defacement of Rama Nursing Home by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community group defaced the website of Rama Nursing Home on April 6, 2026. This appears to be a redefacement of a previously compromised healthcare facility website.
Date: 2026-04-05T22:23:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830119
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Rama Nursing Home
Victim Site: ramanursinghome.com
Website defacement of Scintillate Playway School by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community group conducted a redefacement attack against the Scintillate Playway School website on April 6, 2026. This marks a repeat compromise of the educational institutions web presence.
Date: 2026-04-05T22:23:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830121
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Education
Victim Organization: Scintillate Playway School
Victim Site: scintillateplaywayschool.in
Website defacement of Statue Galleria by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community defaced the Statue Galleria website on April 6, 2026. This incident represents a redefacement of the target site rather than an initial compromise.
Date: 2026-04-05T22:22:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830122
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Arts and Culture
Victim Organization: Statue Galleria
Victim Site: statuegalleria.com
Website defacement of The Creative School Aligarh by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community threat actor Nicotine conducted a redefacement attack against The Creative School Aligarhs website on April 6, 2026. This appears to be a targeted attack against an educational institution in Aligarh, India.
Date: 2026-04-05T22:22:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830123
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Education
Victim Organization: The Creative School Aligarh
Victim Site: thecreativeschoolaligarh.com
Alleged sale of multi-platform combolists, logs, and account credentials
Category: Logs
Content: A threat actor is offering for sale combolists and stealer logs covering multiple email providers (Hotmail, Gmail, Yahoo, AOL, Comcast, etc.), social media accounts (Facebook, Instagram, TikTok), streaming services (Netflix, Disney), e-commerce platforms (Amazon, eBay, Walmart), and more. Coverage spans numerous countries including US, UK, DE, FR, CA, AU, JP, and others. Also includes cookies, configs, scripts, and tools.
Date: 2026-04-05T22:21:44Z
Network: telegram
Published URL: https://t.me/c/2613583520/59496
Screenshots:
None
Threat Actors: tuzelity
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Vastu Vida Jaykhanna by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community, specifically attacker Nicotine, conducted a redefacement of the Vastu Vida Jaykhanna website on April 6, 2026. This appears to be a targeted attack against an Indian professional services website specializing in Vastu consulting.
Date: 2026-04-05T22:21:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830124
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Professional Services
Victim Organization: Vastu Vida Jaykhanna
Victim Site: vastuvidajaykhanna.in
Alleged leak of credential combolist containing 7.9 million records
Category: Combo List
Content: A threat actor shared a combolist containing 7.9 million URL:LOGIN:PASS combinations on a cybercrime forum. The post requires registration to view the full content and download links.
Date: 2026-04-05T22:17:03Z
Network: openweb
Published URL: https://crackingx.com/threads/71249/
Screenshots:
None
Threat Actors: Leak Realm
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,400 allegedly valid Hotmail email credentials on a cybercriminal forum. The credentials are described as high quality, fresh, and validated.
Date: 2026-04-05T22:16:31Z
Network: openweb
Published URL: https://crackingx.com/threads/71250/
Screenshots:
None
Threat Actors: NUllSHop0X
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of ZX Holding by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community threat actor Nicotine successfully defaced the ZX Holding website on April 6, 2026. The attack targeted the companys main index page, compromising their web presence.
Date: 2026-04-05T22:15:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830052
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Qatar
Victim Industry: Business Services
Victim Organization: ZX Holding
Victim Site: zxholding.qa
Website defacement of SchoolScaler by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team defaced the SchoolScaler educational platform website on April 6, 2026. The defacement targeted a specific subdirectory rather than the main homepage of the educational service provider.
Date: 2026-04-05T22:15:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830055
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Education
Victim Organization: SchoolScaler
Victim Site: schoolscaler.com
Website defacement of Wilabs by Nicotine (Umbra Community)
Category: Defacement
Content: Nicotine from Umbra Community successfully defaced the Wilabs website on April 6, 2026. The attack targeted a WordPress theme file on the UAE-based organizations website.
Date: 2026-04-05T22:14:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830056
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United Arab Emirates
Victim Industry: Unknown
Victim Organization: Wilabs
Victim Site: wilabs.ae
Website defacement of ATI Corporation by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from Umbra Community defaced the ATI Corporation website on April 6, 2026. This appears to be a redefacement of the same target, indicating the site was previously compromised.
Date: 2026-04-05T22:14:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830057
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Bangladesh
Victim Industry: Corporate
Victim Organization: ATI Corporation
Victim Site: aticorporationbd.net
Website defacement of signmaker.in by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community group conducted a redefacement of the Indian sign manufacturing companys website on April 6, 2026. This represents a repeat attack against the same target, indicating persistent threat actor interest in the victim organization.
Date: 2026-04-05T22:13:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830072
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Manufacturing
Victim Organization: Sign Maker
Victim Site: signmaker.in
Website defacement of insectkillerservices.com by Nicotine (Umbra Community)
Category: Defacement
Content: The pest control services website insectkillerservices.com was defaced by threat actor Nicotine affiliated with the Umbra Community group on April 6, 2026. This appears to be a targeted single-site defacement rather than a mass or repeat attack.
Date: 2026-04-05T22:07:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830023
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Pest Control Services
Victim Organization: Insect Killer Services
Victim Site: insectkillerservices.com
Website defacement of shivachin.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website shivachin.com was defaced by threat actor Nicotine affiliated with the Umbra Community group on April 6, 2026. The attack specifically targeted the WordPress theme directory of the site.
Date: 2026-04-05T22:06:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830025
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: shivachin.com
Website defacement of healvibe.me by Nicotine (Umbra Community)
Category: Defacement
Content: The healthcare website healvibe.me was defaced by attacker Nicotine affiliated with Umbra Community on April 6, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-05T22:06:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830027
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: HealVibe
Victim Site: healvibe.me
Website defacement of turbonest.me by Nicotine (Umbra Community)
Category: Defacement
Content: Redefacement attack conducted by attacker Nicotine affiliated with Umbra Community targeting turbonest.me website on April 6, 2026. This represents a repeated compromise of the same target.
Date: 2026-04-05T22:05:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830029
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: turbonest.me
Website defacement of amahenna.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website amahenna.com was defaced by attacker Nicotine affiliated with Umbra Community on April 6, 2026. The defacement targeted the index.txt file of the domain.
Date: 2026-04-05T22:05:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830031
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: amahenna.com
Website defacement of wania.com.bd by Nicotine (Umbra Community)
Category: Defacement
Content: The website wania.com.bd was defaced by the attacker Nicotine affiliated with the Umbra Community group on April 6, 2026. The defacement targeted the WordPress themes directory of the Bangladesh-based website.
Date: 2026-04-05T22:04:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830032
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Bangladesh
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: wania.com.bd
Website defacement of demowebsiteorganisasi.web.id by Nicotine from Umbra Community
Category: Defacement
Content: On April 6, 2026, the website demowebsiteorganisasi.web.id was defaced by an attacker named Nicotine, affiliated with the Umbra Community group. This appears to be a single-target defacement incident rather than a mass or repeat attack.
Date: 2026-04-05T22:04:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830033
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: demowebsiteorganisasi.web.id
Website defacement of energysep.com by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team defaced the energysep.com website on April 6, 2026. The defacement targeted what appears to be an energy sector related website.
Date: 2026-04-05T22:03:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830034
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Energy
Victim Organization: Unknown
Victim Site: energysep.com
Website defacement of Sonex Branding by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community team defaced the Sonex Branding company website on April 6, 2026. The defacement targeted a specific page within the WordPress content directory of the branding companys site.
Date: 2026-04-05T22:02:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830037
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Marketing/Branding
Victim Organization: Sonex Branding
Victim Site: sonexbranding.com
Website defacement of Fruit of Eden by Nicotine (Umbra Community)
Category: Defacement
Content: The website fruitofedenmn.com was defaced by attacker Nicotine affiliated with the Umbra Community team on April 6, 2026. This appears to be a single-target defacement incident rather than part of a mass campaign.
Date: 2026-04-05T22:02:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830038
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Fruit of Eden
Victim Site: fruitofedenmn.com
Website defacement of Fruit of the Spirit Cleaning by Nicotine (Umbra Community)
Category: Defacement
Content: The cleaning services company Fruit of the Spirit Cleanings website was defaced by attacker Nicotine affiliated with the Umbra Community team on April 6, 2026. This appears to be an isolated defacement targeting a single commercial website rather than a mass attack campaign.
Date: 2026-04-05T22:01:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830039
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Cleaning Services
Victim Organization: Fruit of the Spirit Cleaning
Victim Site: fruitofthespiritcleaning.com
Website defacement of Toyinks Care Services by Nicotine (Umbra Community)
Category: Defacement
Content: Umbra Community member Nicotine defaced the Toyinks Care Services website on April 6, 2026. The attack targeted a WordPress installation and was archived as a single defacement incident.
Date: 2026-04-05T22:01:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830040
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Toyinks Care Services
Victim Site: toyinkscareservices.com
Alleged sale of comprehensive cookie/session data package on Threat Market
Category: Logs
Content: A threat actor on the Threat Market channel is offering a Comprehensive cookie management package for sale at $199 for a limited time. The package is available via an onion site and a Telegram bot (@ThreatMarketBot), suggesting it contains stolen browser cookies or session tokens used for account takeover or credential access.
Date: 2026-04-05T22:01:15Z
Network: telegram
Published URL: https://t.me/c/3881618514/30
Screenshots:
None
Threat Actors: Threat Market
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of elarashine.my.id by Nicotine (Umbra Community)
Category: Defacement
Content: The website elarashine.my.id was defaced by attacker Nicotine affiliated with Umbra Community on April 6, 2026. This incident represents a redefacement of the target site.
Date: 2026-04-05T22:00:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830041
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Malaysia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: elarashine.my.id
Alleged leak of mixed forum credentials
Category: Combo List
Content: A threat actor shared a mixed collection of 82,000 valid forum credentials on a cybercriminal forum. The combolist appears to contain credentials from various forum platforms.
Date: 2026-04-05T21:56:41Z
Network: openweb
Published URL: https://crackingx.com/threads/71246/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged marketplace-as-a-service platform for cybercriminal activities
Category: Combo List
Content: Threat actor advertising a complete marketplace platform designed for cybercriminal activities, featuring escrow systems, vendor management, and infrastructure for selling illegal digital products and services. The platform includes capabilities for RDP/VPS sales, credential trading, and automated vendor verification systems.
Date: 2026-04-05T21:56:19Z
Network: openweb
Published URL: https://crackingx.com/threads/71247/
Screenshots:
None
Threat Actors: xibulipali
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged marketplace platform offering cybercriminal services infrastructure
Category: Initial Access
Content: Threat actor advertising a complete cybercriminal marketplace platform infrastructure offering digital product sales, server listings, vendor management, escrow protection, and administrative controls for illegal marketplaces.
Date: 2026-04-05T21:56:00Z
Network: openweb
Published URL: https://crackingx.com/threads/71245/
Screenshots:
None
Threat Actors: xibulipali
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of apptechcode.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website apptechcode.com was defaced by attacker Nicotine affiliated with Umbra Community on April 6, 2026. This incident was marked as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-05T21:54:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829979
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: AppTechCode
Victim Site: apptechcode.com
Website defacement of Binzish Solutions by Nicotine (Umbra Community)
Category: Defacement
Content: The website of Binzish Solutions was defaced by attacker Nicotine affiliated with the Umbra Community group on April 6, 2026. This represents a redefacement of the target rather than an initial compromise.
Date: 2026-04-05T21:54:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829981
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology/IT Services
Victim Organization: Binzish Solutions
Victim Site: binzishsolutions.com
Website defacement of DevTrixSol by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from Umbra Community successfully defaced the DevTrixSol website on April 6, 2026. This incident represents a redefacement of the target, indicating the site may have been compromised previously.
Date: 2026-04-05T21:53:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829983
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: DevTrixSol
Victim Site: devtrixsol.com
Website defacement of gmmarmi.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website gmmarmi.com was defaced by attacker Nicotine affiliated with Umbra Community on April 6, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-05T21:52:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829985
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: gmmarmi.com
Website defacement of Golden Wind FM by Umbra Community (Nicotine)
Category: Defacement
Content: Umbra Community member Nicotine conducted a redefacement attack against Golden Wind FMs website on April 6, 2026. This appears to be a targeted attack against the radio stations web presence.
Date: 2026-04-05T21:52:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829986
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Media/Broadcasting
Victim Organization: Golden Wind FM
Victim Site: goldenwindfm.com
Website defacement of hertelaviv.com by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community team conducted a redefacement of hertelaviv.com on April 6, 2026. This was not a mass defacement campaign but rather a targeted single-site attack.
Date: 2026-04-05T21:51:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829987
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: hertelaviv.com
Website defacement of Holistic OB/GYN Dubai by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team successfully defaced the website of a Dubai-based obstetrics and gynecology healthcare provider. This incident represents a redefacement of the target site, indicating the vulnerability may have been previously exploited.
Date: 2026-04-05T21:51:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829988
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United Arab Emirates
Victim Industry: Healthcare
Victim Organization: Holistic OB/GYN Dubai
Victim Site: holisticobgyndubai.com
Website defacement of Jaimes Landscape Design by Nicotine/Umbra Community
Category: Defacement
Content: Umbra Community member Nicotine conducted a redefacement attack against Jaimes Landscape Design website on April 6, 2026. This appears to be a repeat defacement of the landscaping companys website rather than an initial compromise.
Date: 2026-04-05T21:50:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829989
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Landscaping/Construction
Victim Organization: Jaimes Landscape Design
Victim Site: jaimeslandscapedesign.com
Website defacement of Kahale Properties by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community team conducted a redefacement of the Kahale Properties real estate website on April 6, 2026. This incident represents a repeat targeting of the same victim organization.
Date: 2026-04-05T21:49:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829991
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Real Estate
Victim Organization: Kahale Properties
Victim Site: kahaleproperties.com
Website defacement of myskyline.co.uk by Nicotine (Umbra Community)
Category: Defacement
Content: The website myskyline.co.uk was defaced by attacker Nicotine from the Umbra Community group on April 6, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised.
Date: 2026-04-05T21:49:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829998
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: myskyline.co.uk
Website defacement of oscardefi.com by Nicotine (Umbra Community)
Category: Defacement
Content: The DeFi platform oscardefi.com was defaced by attacker Nicotine from the Umbra Community group on April 6, 2026. This incident represents a redefacement of the target website.
Date: 2026-04-05T21:48:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830001
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: OscarDeFi
Victim Site: oscardefi.com
Website defacement of SpeedTech by Nicotine (Umbra Community)
Category: Defacement
Content: The website of Pakistani technology company SpeedTech was defaced by attacker Nicotine from the Umbra Community group. This incident represents a redefacement of the target site, indicating previous compromise activity.
Date: 2026-04-05T21:48:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/830006
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Pakistan
Victim Industry: Technology
Victim Organization: SpeedTech
Victim Site: speedtech.com.pk
Website defacement of Thanjavur Art Gallery by Nicotine (Umbra Community)
Category: Defacement
Content: On April 6, 2026, the Thanjavur Art Gallery website was defaced by an attacker identified as Nicotine from the Umbra Community team. The incident affected the main index page of the art gallerys website.
Date: 2026-04-05T21:41:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829888
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Arts and Culture
Victim Organization: Thanjavur Art Gallery
Victim Site: thanjavurartgallery.com
Website defacement of aspiredukyuan.com by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine, affiliated with Umbra Community, successfully defaced aspiredukyuan.com on April 6, 2026. The defacement targeted a specific path within the WordPress content directory of the website.
Date: 2026-04-05T21:41:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829891
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: aspiredukyuan.com
Website defacement of RehabFinder by Nicotine (Umbra Community)
Category: Defacement
Content: On April 6, 2026, the RehabFinder healthcare website was defaced by an attacker known as Nicotine associated with the Umbra Community group. The defacement targeted a specific page within the WordPress content directory of the rehabilitation service finder platform.
Date: 2026-04-05T21:40:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829892
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United Kingdom
Victim Industry: Healthcare
Victim Organization: RehabFinder
Victim Site: rehabfinder.co.uk
Website defacement of skinmedacademia.com by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community threat actor Nicotine successfully defaced the skinmedacademia.com website on April 6, 2026. The attack targeted what appears to be a medical education or dermatology-related organizations web presence.
Date: 2026-04-05T21:40:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829893
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare/Medical Education
Victim Organization: Skinmed Academia
Victim Site: skinmedacademia.com
Website defacement of gillandgills.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website gillandgills.com was defaced on April 6, 2026 by an attacker identified as Nicotine affiliated with the Umbra Community group. The defacement targeted a specific subdirectory of the WordPress installation.
Date: 2026-04-05T21:39:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829894
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Gill and Gills
Victim Site: gillandgills.com
Website defacement of AMG Despachante by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from Umbra Community defaced the website of AMG Despachante, a Brazilian professional services company. The defacement targeted the WordPress content directory of the organizations website.
Date: 2026-04-05T21:38:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829897
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Brazil
Victim Industry: Professional Services
Victim Organization: AMG Despachante
Victim Site: amgdespachante.com
Website defacement of Clinica Veterinaria Bylaardt by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community threat group, specifically attacker Nicotine, successfully defaced the website of Clinica Veterinaria Bylaardt on April 6, 2026. The incident targeted a veterinary clinics website and was documented with a mirror URL for analysis.
Date: 2026-04-05T21:38:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829898
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Clinica Veterinaria Bylaardt
Victim Site: clinicaveterinariabylaardt.com
Website defacement of desentupidorarotomaster.com by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community group, through member Nicotine, successfully defaced the website of Desentupidora Roto Master, a Brazilian plumbing/drain cleaning service company on April 6, 2026.
Date: 2026-04-05T21:37:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829900
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Brazil
Victim Industry: Commercial Services
Victim Organization: Desentupidora Roto Master
Victim Site: desentupidorarotomaster.com
Website defacement of jjacalhas.com.br by Nicotine from Umbra Community
Category: Defacement
Content: The website jjacalhas.com.br was defaced by an attacker known as Nicotine associated with the Umbra Community group on April 6, 2026. The defacement targeted a specific path within the WordPress content directory of the Brazilian website.
Date: 2026-04-05T21:37:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829906
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: jjacalhas.com.br
Website defacement of Loc Soluções by Nicotine (Umbra Community)
Category: Defacement
Content: The Brazilian website locsolucoes.com.br was defaced by attacker Nicotine associated with the Umbra Community group on April 6, 2026. The attack targeted the WordPress content directory of the site.
Date: 2026-04-05T21:36:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829908
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Loc Soluções
Victim Site: locsolucoes.com.br
Website defacement of Reboque de Lima by Nicotine (Umbra Community)
Category: Defacement
Content: The website of Reboque de Lima, a Brazilian towing/automotive service company, was defaced by the attacker Nicotine associated with the Umbra Community group on April 6, 2026. The defacement targeted the WordPress content directory of the companys website.
Date: 2026-04-05T21:35:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829909
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Brazil
Victim Industry: Transportation/Automotive Services
Victim Organization: Reboque de Lima
Victim Site: reboquedelima.com.br
Website defacement of reinertsc.com.br by Nicotine (Umbra Community)
Category: Defacement
Content: The Brazilian website reinertsc.com.br was defaced by the attacker Nicotine associated with the Umbra Community team on April 6, 2026. The defacement targeted a specific path within the WordPress content directory of the site.
Date: 2026-04-05T21:35:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829910
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Reinert SC
Victim Site: reinertsc.com.br
Website defacement of Aptive Environmental by Nicotine (Umbra Community)
Category: Defacement
Content: The environmental services company Aptive Environmentals website was defaced by the attacker Nicotine affiliated with the Umbra Community group on April 6, 2026. The defacement targeted the WordPress theme directory of the companys website.
Date: 2026-04-05T21:28:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829709
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Environmental Services
Victim Organization: Aptive Environmental
Victim Site: aptiveeco.com
Website defacement of Bosla Mortgage by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from Umbra Community defaced the Bosla Mortgage website on April 6, 2026. This was a single-site defacement targeting a UAE-based mortgage company.
Date: 2026-04-05T21:28:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829710
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United Arab Emirates
Victim Industry: Financial Services
Victim Organization: Bosla Mortgage
Victim Site: boslamortgage.ae
Alleged leak of credential combolist containing 129 million records
Category: Combo List
Content: A threat actor shared a credential combolist containing 129 million URL:LOGIN:PASS combinations on a cybercrime forum. The post content is restricted and requires forum registration to view details.
Date: 2026-04-05T21:28:05Z
Network: openweb
Published URL: https://crackingx.com/threads/71238/
Screenshots:
None
Threat Actors: Leak Realm
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of ecomhandler.com by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team successfully defaced the ecomhandler.com website on April 6, 2026. The incident targeted what appears to be an e-commerce platform or service provider.
Date: 2026-04-05T21:27:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829712
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Ecomhandler
Victim Site: ecomhandler.com
Website defacement of ERP Solutions by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team defaced the ERP Solutions website on April 6, 2026. The defacement targeted a WordPress theme directory on the UK-based technology companys website.
Date: 2026-04-05T21:26:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829715
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United Kingdom
Victim Industry: Technology
Victim Organization: ERP Solutions
Victim Site: erpsol.co.uk
Website defacement of Greenway Healthcare by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team successfully defaced the Greenway Healthcare website on April 6, 2026. This represents a targeted attack against a Pakistani healthcare organizations web presence.
Date: 2026-04-05T21:26:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829716
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Pakistan
Victim Industry: Healthcare
Victim Organization: Greenway Healthcare
Victim Site: greenwayhealthcare.pk
Website defacement of IT City by Nicotine (Umbra Community)
Category: Defacement
Content: The website itcity.ae was defaced by threat actor Nicotine associated with the Umbra Community group on April 6, 2026. The attack targeted the WordPress theme directory of the technology companys website.
Date: 2026-04-05T21:25:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829719
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United Arab Emirates
Victim Industry: Technology
Victim Organization: IT City
Victim Site: itcity.ae
Website defacement of IT Village by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community defaced the IT Village website on April 6, 2026. The defacement targeted the WordPress themes directory of the UAE-based technology companys website.
Date: 2026-04-05T21:25:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829720
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United Arab Emirates
Victim Industry: Technology
Victim Organization: IT Village
Victim Site: itvillage.ae
Website defacement of Lahore IT Solutions by Nicotine from Umbra Community
Category: Defacement
Content: Cybercriminal Nicotine from the Umbra Community hacker group defaced the website of Lahore IT Solutions on April 6, 2026. The attack targeted a specific page within the WordPress content directory of the Pakistani IT companys website.
Date: 2026-04-05T21:24:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829721
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Pakistan
Victim Industry: Information Technology
Victim Organization: Lahore IT Solutions
Victim Site: lahoreitsol.com
Website defacement of Lahore Startups by Nicotine (Umbra Community)
Category: Defacement
Content: The lahorestartups.com website was defaced by attacker Nicotine associated with the Umbra Community team on April 6, 2026. The attack targeted a startup-focused platform based in Lahore, Pakistan.
Date: 2026-04-05T21:24:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829722
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Pakistan
Victim Industry: Technology/Startups
Victim Organization: Lahore Startups
Victim Site: lahorestartups.com
Website defacement of locksmith service provider by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community threat group, specifically attacker Nicotine, successfully defaced the website of a Dubai-based locksmith service provider on April 6, 2026. The attack targeted the WordPress content directory of the commercial locksmith business.
Date: 2026-04-05T21:23:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829723
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United Arab Emirates
Victim Industry: Professional Services
Victim Organization: Locksmith Dubai 24/7
Victim Site: locksmithdubai247.ae
Website defacement of pakitsol.com by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community team defaced the pakitsol.com website on April 6, 2026. The attack targeted the WordPress theme directory of the Pakistani technology companys website.
Date: 2026-04-05T21:23:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829725
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Pakistan
Victim Industry: Technology
Victim Organization: Pakit Solutions
Victim Site: pakitsol.com
Website defacement of PropertyInfo by Nicotine from Umbra Community
Category: Defacement
Content: The real estate website PropertyInfo was defaced by attacker Nicotine affiliated with the Umbra Community group on April 6, 2026. The defacement targeted the WordPress content directory of the Pakistani property information portal.
Date: 2026-04-05T21:21:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829726
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Pakistan
Victim Industry: Real Estate
Victim Organization: PropertyInfo
Victim Site: propertyinfo.pk
Website defacement of sastishop.pk by Nicotine (Umbra Community)
Category: Defacement
Content: Pakistani e-commerce website sastishop.pk was defaced by attacker Nicotine associated with the Umbra Community group on April 6, 2026. The defacement targeted the WordPress themes directory of the online shopping platform.
Date: 2026-04-05T21:21:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829727
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Pakistan
Victim Industry: E-commerce
Victim Organization: Sasti Shop
Victim Site: sastishop.pk
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing approximately 13,000 Hotmail email and password combinations on a cybercrime forum.
Date: 2026-04-05T21:17:35Z
Network: openweb
Published URL: https://crackingx.com/threads/71236/
Screenshots:
None
Threat Actors: FlashCloud2
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of stealer logs collection
Category: Logs
Content: Threat actor UP_DAISYCLOUD distributed a collection of 5,378 stealer logs from April 5th via file sharing platform. The actor operates a Telegram channel for regular distribution of fresh credential data harvested by information stealing malware.
Date: 2026-04-05T21:16:56Z
Network: openweb
Published URL: https://darkforums.su/Thread-%F0%9F%9A%80-5378-LOGS-CLOUD-%E2%98%81-05-APRIL-%E2%9D%A4%EF%B8%8F-FRESH-LOGS%E2%9D%97%EF%B8%8F
Screenshots:
None
Threat Actors: UP_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Consult2Bond
Category: Data Leak
Content: Database dump from consult2bond.com containing customer credentials, personal information, order details, and administrative data across multiple tables. The leak includes passwords, emails, phone numbers, addresses, and authentication codes for customers and administrators.
Date: 2026-04-05T21:16:34Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-consult2bond-com
Screenshots:
None
Threat Actors: Katarinka
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Consult2Bond
Victim Site: consult2bond.com
Alleged data leak of vip.ithk.com database
Category: Data Leak
Content: A database containing 136 records from vip.ithk.com was allegedly leaked, including internal staff contact information, customer data, and product/pricing metadata across multiple tables.
Date: 2026-04-05T21:16:17Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-vip-ithk-com
Screenshots:
None
Threat Actors: Katarinka
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: vip.ithk.com
Alleged data leak of Gedeon database
Category: Data Leak
Content: A database dump from gedeon.pl containing 489 records across 4 tables was leaked, including user credentials, product catalog data, and CMS content. The dataset includes 6 user accounts with authentication data including login credentials and email addresses.
Date: 2026-04-05T21:15:58Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-www-gedeon-pl
Screenshots:
None
Threat Actors: Katarinka
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Gedeon
Victim Site: gedeon.pl
Alleged data breach of Nakamura Co
Category: Data Breach
Content: Threat actor allegedly selling database containing over 11,550 job applicant records and 478 partnership records from Indonesian company Nakamura Co. The data is being offered for sale via Telegram contact.
Date: 2026-04-05T21:15:42Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-12K-DATA-CALON-PEGAWAI-PARTNERSHIP-NAKAMURA-CO-ID
Screenshots:
None
Threat Actors: Kyy
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Nakamura Co
Victim Site: nakamura.co.id
Alleged data leak of Indian Construction Industry database
Category: Data Leak
Content: Threat actor Katarinka leaked a database dump from indianconstructionindustry.com containing 26,562 records across 26 tables. The database includes sensitive payment details, user communication records, construction listings, and company profiles.
Date: 2026-04-05T21:15:38Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-www-indianconstructionindustry-com
Screenshots:
None
Threat Actors: Katarinka
Victim Country: India
Victim Industry: Construction
Victim Organization: Indian Construction Industry
Victim Site: indianconstructionindustry.com
Alleged data leak of Tripeak Bearing database
Category: Data Leak
Content: Database dump from tripeakbearing.com containing 265 records across 19 tables, including sensitive data such as user credentials, contact information, and activity logs. The dump appears to be made available for free download on a cybercrime forum.
Date: 2026-04-05T21:15:15Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-www-tripeakbearing-com
Screenshots:
None
Threat Actors: Katarinka
Victim Country: Unknown
Victim Industry: Manufacturing
Victim Organization: Tripeak Bearing
Victim Site: tripeakbearing.com
Alleged sale of vulnerability affecting 38,575 website panels globally
Category: Initial Access
Content: Threat actor selling a vulnerability allegedly affecting 38,575 website panels worldwide for $600, including government access points, cPanels, shells, SSH/WHM, SMTP, mailers, and webmail systems.
Date: 2026-04-05T21:15:10Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Vulnerability-affecting-38%E2%80%AF575-website-panel–72439
Screenshots:
None
Threat Actors: NormalLeVrai
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of UCAR French data
Category: Data Leak
Content: Threat actor ARPANET744 shared a link to alleged UCAR French data via file hosting service. The specific nature and scope of the data remains unclear from the brief forum post.
Date: 2026-04-05T21:14:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-UCAR-DATA-FRENCH
Screenshots:
None
Threat Actors: ARPANET744
Victim Country: France
Victim Industry: Unknown
Victim Organization: UCAR
Victim Site: Unknown
Alleged leak of mixed credential combolist
Category: Combo List
Content: A threat actor shared a fresh mixed combolist containing 3,000 email and password combinations via a free download link on a cybercriminal forum.
Date: 2026-04-05T21:12:48Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3K-FRESH-MIXED
Screenshots:
None
Threat Actors: WINGO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Yahoo credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 1.3 million Yahoo credentials through a file sharing service. The credentials appear to be targeted for social engineering purposes.
Date: 2026-04-05T21:01:12Z
Network: openweb
Published URL: https://crackingx.com/threads/71235/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com
Alleged sale of cyber operations guide with government access methods
Category: Initial Access
Content: Threat actor miyako is selling an Intermediate Cyber Operations Guide v2 for $1000 that allegedly contains methods for gaining government access, establishing botnets, and includes case studies of breaching various organizations including the Indonesian government. The guide covers tactics for ransomware deployment, command and control setup, persistence methods, and selling access to compromised systems.
Date: 2026-04-05T20:59:56Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-Intermediate-Cyber-Operations-Guide-v2
Screenshots:
None
Threat Actors: miyako
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Indonesian Government
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 700,000 Hotmail email credentials on a cybercriminal forum. The data is reportedly for mail access only and was made available on April 5th.
Date: 2026-04-05T20:47:17Z
Network: openweb
Published URL: https://crackingx.com/threads/71234/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of Glicowings by Mr.Spongebob (HackerSec.ID)
Category: Defacement
Content: HackerSec.ID team member Mr.Spongebob defaced the Glicowings website on April 6, 2026. The incident targeted the Indonesian companys main website domain.
Date: 2026-04-05T20:42:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829708
Screenshots:
None
Threat Actors: Mr.Spongebob, HackerSec.ID
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Glicowings
Victim Site: glicowings.co.id
Alleged doxxing and personal information disclosure of cybersecurity researcher
Category: Data Leak
Content: Forum user Angel_Batista claims to have obtained and shared personal identifying information about an individual known as Saxx described as a cybersecurity expert. The post includes derogatory personal attacks and references to previous social media interactions between the parties.
Date: 2026-04-05T20:10:22Z
Network: openweb
Published URL: https://pwnforums.st/Thread-Clement-Saxx-Domingo-ID
Screenshots:
None
Threat Actors: Angel_Batista
Victim Country: Unknown
Victim Industry: Cybersecurity
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 1.1 million records
Category: Combo List
Content: Threat actor shared a fresh credential combolist containing 1.1 million records for free download on underground forum.
Date: 2026-04-05T19:32:00Z
Network: openweb
Published URL: https://crackingx.com/threads/71231/
Screenshots:
None
Threat Actors: Blackcloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 25 million records
Category: Combo List
Content: A threat actor shared a combolist containing 25 million URL:LOGIN:PASS credentials on a cybercriminal forum. The post appears to offer free access to the credential list through the forums registration system.
Date: 2026-04-05T19:18:11Z
Network: openweb
Published URL: https://crackingx.com/threads/71230/
Screenshots:
None
Threat Actors: Leak Realm
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of corporate email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 59,674 email and password combinations, reportedly with hits against SMTP services and corporate mail systems.
Date: 2026-04-05T18:49:56Z
Network: openweb
Published URL: https://crackingx.com/threads/71227/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 20,000 mixed email credentials on a cybercrime forum. The content is hidden and only available to registered users of the platform.
Date: 2026-04-05T18:36:23Z
Network: openweb
Published URL: https://crackingx.com/threads/71226/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor distributed a combolist containing 2,186 Hotmail email credentials on a cybercriminal forum.
Date: 2026-04-05T18:23:40Z
Network: openweb
Published URL: https://crackingx.com/threads/71225/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged lookup service offering on CrackingX forum
Category: Initial Access
Content: Actor Target777 advertises a lookup service on CrackingX forum, directing potential customers to contact store support with research details. The specific nature of the lookup service and target data is not specified in the post.
Date: 2026-04-05T18:23:04Z
Network: openweb
Published URL: https://crackingx.com/threads/71224/
Screenshots:
None
Threat Actors: Target777
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of worldhorizon.cn by ALP/Alperen_216
Category: Defacement
Content: The attacker ALP from team Alperen_216 defaced the worldhorizon.cn website on April 6, 2026. The defacement targeted a specific WordPress file (wp-load.php) rather than the homepage.
Date: 2026-04-05T18:22:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829707
Screenshots:
None
Threat Actors: ALP, Alperen_216
Victim Country: China
Victim Industry: Unknown
Victim Organization: World Horizon
Victim Site: worldhorizon.cn
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Forum post claims to share a Hotmail credential combolist containing 600 entries with country-specific information and full verification status.
Date: 2026-04-05T18:00:43Z
Network: openweb
Published URL: https://crackingx.com/threads/71222/
Screenshots:
None
Threat Actors: Jelooos
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of financial services credentials targeting multiple banks
Category: Combo List
Content: Threat actor CODER is distributing a 12 million record credential list (combolist) targeting multiple financial institutions including Starling Bank, Ally Bank, SoFi, Venmo, and Zelle through Telegram channels.
Date: 2026-04-05T17:59:57Z
Network: openweb
Published URL: https://crackingx.com/threads/71223/
Screenshots:
None
Threat Actors: CODER
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Multiple (Starling Bank, Ally Bank, SoFi, Venmo, Zelle)
Victim Site: Unknown
Alleged sale of NFC relay toolkit for payment card fraud
Category: Initial Access
Content: Threat actor JINKUSU is selling NFC RIPPER, an Android toolkit designed to perform NFC relay attacks against payment cards at POS terminals and ATMs. The tool includes multiple PIN bypass methods and can be used to clone and replay NFC payment card transactions.
Date: 2026-04-05T17:57:02Z
Network: openweb
Published URL: https://pwnforums.st/Thread-NFCRIPPER
Screenshots:
None
Threat Actors: JINKUSU
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of EvilNote email sending tool source code
Category: Initial Access
Content: Threat actor JINKUSU is selling the source code for EvilNote, a bulk email sending tool, for $500. The tool allows users to send mass emails using their own SMTP servers with features like recipient list management, email templates, and personalization capabilities.
Date: 2026-04-05T17:56:37Z
Network: openweb
Published URL: https://pwnforums.st/Thread-EVILNOTE
Screenshots:
None
Threat Actors: JINKUSU
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials
Category: Combo List
Content: A threat actor shared a collection of 1,700 mixed email credentials described as fresh mail access data from April 5th. The credentials appear to be distributed as a combolist for registered forum users.
Date: 2026-04-05T17:46:47Z
Network: openweb
Published URL: https://crackingx.com/threads/71220/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential data by Max_Leaks threat actor
Category: Logs
Content: Threat actor Max_Leaks shared a 3.4 GB collection of credential logs on a cybercrime forum, claiming the data is fresh and high quality. The logs appear to be stealer malware output containing username and password combinations.
Date: 2026-04-05T17:45:08Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-%E2%9C%A6%E2%9C%A6-LOG-S-%E2%9C%A6%E2%9C%A6-Maxi-Leaks-%E2%9C%A6%E2%9C%A6-5-4-2026-%E2%9C%A6%E2%9C%A6-3-4-GB-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: Max_Leaks
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged offering of KYC bypass tools and deepfake technology
Category: Initial Access
Content: Actor jinkusu advertises sophisticated deepfake and voice manipulation software designed to bypass Know Your Customer (KYC) verification processes. The tool features real-time face swapping, voice changing, and virtual camera capabilities for use in identity verification systems.
Date: 2026-04-05T17:45:03Z
Network: openweb
Published URL: https://darkforums.su/Thread-JINKUSU-CAM-BYPASS-KYC
Screenshots:
None
Threat Actors: jinkusu
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of EvolveYourEnglish database containing Spanish customer records
Category: Data Breach
Content: Threat actor claims to have obtained a database from evolveyourenglish.com containing 700,000 Spanish customer records from 2020-2026. The database includes names, phone numbers, cities, and other customer information in CSV/SQL format.
Date: 2026-04-05T17:44:36Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-evolveyourenglish-com-Database-Spain-700K%C2%A0-CVS-SQL-Format
Screenshots:
None
Threat Actors: RainbowDF
Victim Country: Spain
Victim Industry: Education
Victim Organization: EvolveYourEnglish
Victim Site: evolveyourenglish.com
Alleged sale of admin access to Bangladesh PWD HRIS system
Category: Initial Access
Content: Threat actor is selling administrative access to the Bangladesh Public Works Departments Human Resources Information System (HRIS) for $80. The system manages employee data, attendance, salary records, and other HR functions for PWD staff.
Date: 2026-04-05T17:44:33Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Government-of-Bangladesh-HRIS-PWD-Access-to-admin-panel
Screenshots:
None
Threat Actors: wh6ami
Victim Country: Bangladesh
Victim Industry: Government
Victim Organization: Public Works Department (PWD) of Bangladesh
Victim Site: hris.pwd.gov.bd
Alleged data breach of King Power duty-free retailer
Category: Data Breach
Content: Threat actor claims to possess a recently breached database from King Power containing 1.4 million customer CRM entries with personal information, credentials, and loyalty program data. The actor is offering the database through encrypted messaging channels.
Date: 2026-04-05T17:44:12Z
Network: openweb
Published URL: https://darkforums.su/Thread-1-4m-data-kingpower-com-once-deleted-duplicate-unique-lines-are-520k
Screenshots:
None
Threat Actors: Databroker1
Victim Country: Thailand
Victim Industry: Retail
Victim Organization: King Power
Victim Site: kingpower.com
Alleged data leak of PT Putra Pacitan Indonesia Sejahtera and PT Tunas Mandiri employee records
Category: Data Leak
Content: Threat actor XZeeoneOfc shared internal employee data from two Indonesian cigarette companies containing full names, national identification numbers, complete addresses, and job positions of approximately 2,200 workers. The data is being distributed for free via download link.
Date: 2026-04-05T17:44:06Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-internal-data-of-cigarette-companies-PT-Putra-Pacitan-Indonesia-Sejahtera-and-PT-Tun
Screenshots:
None
Threat Actors: XZeeoneOfc
Victim Country: Indonesia
Victim Industry: Tobacco Manufacturing
Victim Organization: PT Putra Pacitan Indonesia Sejahtera and PT Tunas Mandiri
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Data Leak
Content: Forum user martcloud shared a download link for what they claim to be fresh Hotmail credentials. The post appears to offer free access to the credential list rather than selling it.
Date: 2026-04-05T17:43:47Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-FULL-FRESH-HOTMAILS-unrapped–72386
Screenshots:
None
Threat Actors: martcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Internet Security Complete Manual publication
Category: Data Leak
Content: A threat actor shared download links for the Internet Security Complete Manual 27th Edition 2026, a 64MB PDF document in English, making it freely available through multiple file hosting services.
Date: 2026-04-05T17:43:43Z
Network: openweb
Published URL: https://darkforums.su/Thread-Tech-magazine-collection
Screenshots:
None
Threat Actors: Proculin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Canadian residential database containing 10 million records
Category: Data Leak
Content: A threat actor shared a Canadian residential database containing 10 million consumer records with personal information including names, addresses, phone numbers, and location data for free download on a cybercrime forum.
Date: 2026-04-05T17:43:25Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-2025-Canada-Residential-Data-10-Million
Screenshots:
None
Threat Actors: phoenix_leads
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of NFC RIPPER toolkit for payment card fraud
Category: Initial Access
Content: Threat actor jinkusu01 is advertising NFC RIPPER, an Android NFC relay toolkit designed to bypass payment card security measures at POS terminals and ATMs. The toolkit includes multiple PIN bypass methods, card limit bypass capabilities, and supports remote operation through a Python server with web admin panel.
Date: 2026-04-05T17:43:15Z
Network: openweb
Published URL: https://pwnforums.st/Thread-NFCRIPPER
Screenshots:
None
Threat Actors: jinkusu01
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Forum post claims to offer free download of 3,886 premium Hotmail email credentials described as valid hits from a mixed email list.
Date: 2026-04-05T17:33:25Z
Network: openweb
Published URL: https://crackingx.com/threads/71219/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged launch of new cybercrime forum PwnForums on clearnet and dark web
Category: Cyber Attack
Content: A new BreachForums-style cybercrime forum has been advertised, accessible via clearnet at pwnforums[.]st and via Tor at pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd[.]onion. The forum appears to be positioned as a replacement or clone of BreachForums, likely intended to host stolen data, credential leaks, and other cybercriminal activity.
Date: 2026-04-05T17:14:04Z
Network: telegram
Published URL: https://t.me/SliceForLife/5088
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 196 million records
Category: Combo List
Content: A threat actor shared a credential combolist containing 196 million URL:LOGIN:PASS combinations on a cybercrime forum. The specific source or target organizations of these credentials are not specified in the post.
Date: 2026-04-05T17:10:40Z
Network: openweb
Published URL: https://crackingx.com/threads/71218/
Screenshots:
None
Threat Actors: Leak Realm
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Starbucks by ShadowByt3S group
Category: Data Breach
Content: The ShadowByt3S group claims to have breached Starbucks and leaked 10GB of data after the company allegedly failed to respond to ransom demands within 72 hours. The threat actors claim to have accessed data from an AWS S3 bucket and are distributing the stolen information through Tor onion sites.
Date: 2026-04-05T17:09:48Z
Network: openweb
Published URL: https://darkforums.su/Thread-StarBucks-10gb-gets-leaked
Screenshots:
None
Threat Actors: ShadowByt3S
Victim Country: United States
Victim Industry: Food and Beverage
Victim Organization: Starbucks
Victim Site: starbucks.com
Alleged distribution of Office 365 credential combolist targeting multiple financial platforms
Category: Combo List
Content: Threat actor distributes an 8 million record credential combolist targeting Office 365 accounts and various financial platforms including N26, Chime, Monzo, and cryptocurrency exchanges. The credentials are being shared through Telegram channels for free distribution.
Date: 2026-04-05T17:00:57Z
Network: openweb
Published URL: https://crackingx.com/threads/71217/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Multiple
Victim Site: Unknown
Alleged leak of Hotmail credential lists
Category: Combo List
Content: Threat actor alphaxdd allegedly leaked 1,421 premium Hotmail email credentials as a free download on CrackingX forum. The actor claims the credentials are valid and from a private cloud source.
Date: 2026-04-05T16:42:27Z
Network: openweb
Published URL: https://crackingx.com/threads/71215/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of Microsoft Store China by Blasphemy (Singularity team)
Category: Defacement
Content: The Singularity team, specifically attacker Blasphemy:), defaced Microsofts Chinese online store website on April 5, 2026. This appears to be a redefacement of a previously compromised site.
Date: 2026-04-05T16:41:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829701
Screenshots:
None
Threat Actors: Blasphemy:), Singularity
Victim Country: China
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: www.microsoftstore.com.cn
Alleged leak of German credential combolist
Category: Combo List
Content: A threat actor shared a credential combolist containing over 1.1 million lines of mixed German domain email and password combinations via a Mega.nz download link.
Date: 2026-04-05T16:32:28Z
Network: openweb
Published URL: https://crackingx.com/threads/71214/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of massive credential combolist containing 3 billion records
Category: Combo List
Content: A threat actor shared a massive credential combolist containing 3 billion URL:Log:Pass combinations totaling 100GB in size on a cybercrime forum.
Date: 2026-04-05T16:11:51Z
Network: openweb
Published URL: https://crackingx.com/threads/71210/
Screenshots:
None
Threat Actors: VitVit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: A threat actor shared a collection of 2,408 Hotmail credentials on the CrackingX forum. The post appears to offer free access to the credential list for registered forum users.
Date: 2026-04-05T16:02:57Z
Network: openweb
Published URL: https://crackingx.com/threads/71207/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of email credentials combolist
Category: Combo List
Content: Threat actor noir shared a combolist containing valid email credentials including Hotmail accounts and other mixed email providers through their Telegram channel.
Date: 2026-04-05T16:02:33Z
Network: openweb
Published URL: https://crackingx.com/threads/71208/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential lists targeting Stripe, Square, QuickBooks, and Xero
Category: Combo List
Content: Threat actor distributes a 15 million record credential list targeting financial service platforms including Stripe, Square, QuickBooks, and Xero through Telegram channels. The actor offers free access to combolists and related programs through multiple Telegram groups.
Date: 2026-04-05T15:52:28Z
Network: openweb
Published URL: https://crackingx.com/threads/71205/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of New Zealand credentials combolist
Category: Combo List
Content: Threat actor CobraEgy shared a combolist containing over 15,000 email and password combinations allegedly from New Zealand users. The credentials are described as fresh and high quality.
Date: 2026-04-05T15:31:46Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-15-K-%E2%9C%A6-New-Zealand-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-5-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: New Zealand
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Norwegian credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 14,000 email and password combinations allegedly from Norway. The credentials are claimed to be fresh and high quality, distributed through hidden content on a cybercriminal forum.
Date: 2026-04-05T15:30:39Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-14-K-%E2%9C%A6-Norway-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-5-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Norway
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 1.3TB credential combolist
Category: Combo List
Content: A threat actor shared a 1.3TB collection of URL-login-password credentials described as a private database. The data appears to be offered as a free download containing browsing history and credential combinations.
Date: 2026-04-05T15:28:49Z
Network: openweb
Published URL: https://crackingx.com/threads/71204/
Screenshots:
None
Threat Actors: strelok639
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Portugal credential combolist
Category: Combo List
Content: Threat actor CobraEgy shared a credential combolist containing over 45,000 email and password combinations targeting Portugal users. The data is described as fresh and high quality, distributed through the Maxi_Leaks channel.
Date: 2026-04-05T15:17:48Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-45-K-%E2%9C%A6-Portugal-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-5-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Portugal
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of South African credential combolist
Category: Combo List
Content: Threat actor CobraEgy shared a combolist containing over 39,000 email and password combinations allegedly from South African users. The credentials are claimed to be fresh and high quality, distributed through hidden content requiring forum registration.
Date: 2026-04-05T15:16:14Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-39-K-%E2%9C%A6-South-Africa-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-5-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: South Africa
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Romanian credentials combolist
Category: Combo List
Content: A threat actor shared a fresh credential combolist containing over 34,000 email and password combinations targeting Romanian users. The credentials are being distributed for free on cybercrime forums.
Date: 2026-04-05T15:15:05Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-34-K-%E2%9C%A6-Romania-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-5-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Romania
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Slovakia credentials combolist
Category: Combo List
Content: Threat actor CobraEgy shared a combolist containing over 24,000 email and password combinations allegedly from Slovakia users. The credentials are claimed to be fresh and high quality, distributed through the Maxi_Leaks operation.
Date: 2026-04-05T15:13:48Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-24-K-%E2%9C%A6-Slovakia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-5-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Slovakia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of ELTS by PredixorX (XSQDD PHILIPPINE)
Category: Defacement
Content: PredixorX from the XSQDD PHILIPPINE team successfully defaced the ELTS website on April 5, 2026. The attack targeted a Linux-based server hosting the Philippine companys website.
Date: 2026-04-05T15:05:47Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248287
Screenshots:
None
Threat Actors: PredixorX, XSQDD PHILIPPINE
Victim Country: Philippines
Victim Industry: Unknown
Victim Organization: ELTS
Victim Site: elts.com.ph
Alleged leak of Russian credential data via combolist
Category: Combo List
Content: Threat actor CobraEgy shared a combolist containing over 1.3 million email and password combinations allegedly originating from Russia. The credentials are described as fresh and high quality, distributed through a hidden download link on DemonForums.
Date: 2026-04-05T15:01:19Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-1-3-M-%E2%9C%A6-Russia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-5-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Maxi_Leaks credential logs
Category: Data Leak
Content: Threat actor CobraEgy shared a 3.4 GB collection of credential logs labeled as Maxi_Leaks dated 6/4/2026. The logs are described as fresh and high quality, containing username and password combinations.
Date: 2026-04-05T15:00:13Z
Network: openweb
Published URL: https://demonforums.net/Thread-Request-%E2%9C%A6%E2%9C%A6-LOG-S-%E2%9C%A6%E2%9C%A6-Maxi-Leaks-%E2%9C%A6%E2%9C%A6-6-4-2026-%E2%9C%A6%E2%9C%A6-3-4-GB-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential lists targeting PayPal, Wise, Revolut, Payoneer, and Cash App users
Category: Combo List
Content: Threat actor CODER is distributing email:password credential lists (combolists) containing 12 million records allegedly targeting users of financial services including PayPal, Wise, Revolut, Payoneer, and Cash App through Telegram channels.
Date: 2026-04-05T14:59:33Z
Network: openweb
Published URL: https://crackingx.com/threads/71201/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Vaughan Tamils community organization by E.H.9/XmrAnonye.id team
Category: Defacement
Content: The website of Vaughan Tamils, a Canadian Tamil community organization, was defaced by attacker E.H.9 affiliated with the XmrAnonye.id team on April 5, 2026. The attack targeted a Linux-based server hosting the community organizations website.
Date: 2026-04-05T14:54:27Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248286
Screenshots:
None
Threat Actors: E.H.9, XmrAnonye.id
Victim Country: Canada
Victim Industry: Community Organization
Victim Organization: Vaughan Tamils
Victim Site: vaughantamils.ca
Alleged leak of mixed forum credential combolist
Category: Combo List
Content: User ValidMail allegedly shared an 82,000 record mixed credential combolist containing valid forum accounts on CrackingX forum. The post content is restricted to registered users only.
Date: 2026-04-05T14:47:45Z
Network: openweb
Published URL: https://crackingx.com/threads/71200/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed credential combolist
Category: Combo List
Content: Forum post shares a mixed credential combolist labeled as HQ Mix containing login credentials from various sources. The post requires registration to access the hidden content.
Date: 2026-04-05T14:36:25Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9A%A1%E2%9A%A1-X2686-HQ-Mix-%E2%9A%A1%E2%9A%A1-BY-Steveee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a fresh high-quality combolist containing 4,000 mixed email credentials on a cybercriminal forum.
Date: 2026-04-05T14:34:06Z
Network: openweb
Published URL: https://crackingx.com/threads/71199/
Screenshots:
None
Threat Actors: Lexser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Center for Administrative Services in Ternopil, Ukraine
Category: Data Leak
Content: A Telegram channel posted what appears to be leaked data or compromised content related to the Center for Administrative Services in Ternopil, Ukraine (cnap.rada.te.ua). The post is framed as a celebratory share, suggesting the content was made available for free. The nature of the leaked content is not fully specified but implies government administrative data.
Date: 2026-04-05T14:11:20Z
Network: telegram
Published URL: https://t.me/c/2453363811/1328
Screenshots:
None
Threat Actors: Перун Сварога
Victim Country: Ukraine
Victim Industry: Government
Victim Organization: Center for Administrative Services in Ternopil (ЦНАП)
Victim Site: cnap.rada.te.ua
Alleged sale of compromised business PayPal account
Category: Initial Access
Content: Threat actor claims to be selling access to an active business PayPal account from a US shop, reportedly containing approximately $30,000 and having processed over $19 million in transactions over three years.
Date: 2026-04-05T14:04:24Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Business-Paypal-account
Screenshots:
None
Threat Actors: Jurak
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credentials from multiple platforms including Discord, Stack Overflow, Binance, and Coinbase
Category: Combo List
Content: Threat actor distributes a mixed combolist containing 17 million credentials allegedly from Discord, Stack Overflow, Medium, Binance, Coinbase, and Trust Wallet through Telegram channels. The credentials are being distributed for free through specified Telegram groups.
Date: 2026-04-05T14:02:50Z
Network: openweb
Published URL: https://crackingx.com/threads/71196/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple (Discord, Stack Overflow, Binance, Coinbase, Trust Wallet)
Victim Site: Multiple platforms
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 179,363 mixed country Hotmail email and password combinations via a file sharing service.
Date: 2026-04-05T14:02:30Z
Network: openweb
Published URL: https://crackingx.com/threads/71197/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Forum user HollowKnight07 shared a sample combolist containing 484 Hotmail email credentials on CrackingX forum as a free download.
Date: 2026-04-05T14:02:12Z
Network: openweb
Published URL: https://crackingx.com/threads/71198/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Cyber Attack on Kuwait Ministry of Interior by Nasir Hacker Group
Category: Cyber Attack
Content: The hacker group Nasir has claimed responsibility for infiltrating Kuwaiti government and intelligence systems, including the Ministry of Interior. The group alleges it obtained documents related to Kuwaits military and intelligence cooperation with foreign entities, including the United States. They claim to possess information on Kuwaiti officials, military personnel, and political figures, threatening to publish portions of the data. The group also warned of further cyberattacks against Kuwaiti infrastructure if current conditions continue.
Date: 2026-04-05T13:59:00Z
Network: telegram
Published URL: https://t.me/c/1283513914/20995
Screenshots:
None
Threat Actors: نصیر
Victim Country: Kuwait
Victim Industry: Government
Victim Organization: Kuwait Ministry of Interior
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,000 allegedly valid Hotmail email account credentials dated April 5th.
Date: 2026-04-05T13:49:04Z
Network: openweb
Published URL: https://crackingx.com/threads/71195/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of stealer logs by FateTraffic threat actor
Category: Logs
Content: Threat actor fatetraffic distributed a collection of 1,392 mixed stealer logs via file sharing platform, containing stolen credentials and browser data harvested by information stealing malware.
Date: 2026-04-05T13:48:37Z
Network: openweb
Published URL: https://darkforums.su/Thread-%F0%9F%93%97-FATETRAFFIC-1392-MIX-05-04-2026-STEALER-LOGS
Screenshots:
None
Threat Actors: fatetraffic
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of alccoaching.org by Aptisme (Leviathan Perfect Hunter team)
Category: Defacement
Content: The coaching services website alccoaching.org was defaced by threat actor Aptisme, operating as part of the Leviathan Perfect Hunter team. This was a targeted single-site defacement attack rather than part of a mass campaign.
Date: 2026-04-05T13:42:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829698
Screenshots:
None
Threat Actors: Aptisme, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Professional Services
Victim Organization: ALC Coaching
Victim Site: alccoaching.org
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor snowstormxd allegedly shared fresh Hotmail credentials via a Telegram channel. The exact number of affected accounts and method of acquisition are not specified in the post.
Date: 2026-04-05T13:38:46Z
Network: openweb
Published URL: https://crackingx.com/threads/71193/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of Evervision by Alpha wolf team
Category: Defacement
Content: The Alpha wolf team, with attacker XYZ, successfully defaced the homepage of Evervisions website on April 5, 2026. This was a single-target home page defacement rather than a mass attack.
Date: 2026-04-05T13:31:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829697
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: South Korea
Victim Industry: Unknown
Victim Organization: Evervision
Victim Site: evervision.co.kr
Website defacement of Evervision by Alpha wolf team
Category: Defacement
Content: The Alpha wolf team, attributed to attacker XYZ, successfully defaced the Evervision website on April 5, 2026. The attack targeted a Linux-based server hosting the South Korean technology companys website.
Date: 2026-04-05T13:30:03Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248285
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: South Korea
Victim Industry: Technology
Victim Organization: Evervision
Victim Site: evervision.co.kr
Alleged WordPress-related data leak by threat actor zod
Category: Combo List
Content: Threat actor zod posted WordPress-related content in a combolists and dumps forum section, with access details provided via Telegram channel. Specific content details are protected behind registration requirements.
Date: 2026-04-05T13:29:07Z
Network: openweb
Published URL: https://crackingx.com/threads/71191/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor shared a combolist containing 1,120 Hotmail email and password combinations on a cybercrime forum as a free download.
Date: 2026-04-05T13:28:46Z
Network: openweb
Published URL: https://crackingx.com/threads/71192/
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of XAMs 316 database collection from multiple forums
Category: Data Leak
Content: A threat actor shared XAMs collection of 316 databases containing 5.7 million records originally from RaidForums 2019. The databases were allegedly obtained using a custom auto dumper tool and contain data from various forum websites including gaming, automotive, medical, and other industry forums.
Date: 2026-04-05T13:27:58Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-XAM-s-316-Database-Collection-2019-5-7-Million
Screenshots:
None
Threat Actors: Blastoize
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email access credentials
Category: Combo List
Content: A threat actor leaked a collection of 5,000 valid email access credentials from mixed sources. The credentials are being distributed on a cybercriminal forum as hidden content for registered users.
Date: 2026-04-05T13:19:13Z
Network: openweb
Published URL: https://crackingx.com/threads/71190/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Aiello Engineering by XYZ/Alpha wolf team
Category: Defacement
Content: The XYZ attacker working with the Alpha wolf team successfully defaced the homepage of Aiello Engineerings website on April 5, 2026. This was a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-05T13:18:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829696
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Engineering
Victim Organization: Aiello Engineering
Victim Site: aielloengineering.com
Website defacement of Aiello Engineering by XYZ/Alpha wolf team
Category: Defacement
Content: The XYZ attacker from Alpha wolf team defaced the Aiello Engineering website on April 5, 2026. The attack targeted a FreeBSD-hosted engineering company website.
Date: 2026-04-05T13:17:54Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248284
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Engineering
Victim Organization: Aiello Engineering
Victim Site: aielloengineering.com
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: Actor TeraCloud1 shared a collection of 3,000 valid email credentials described as Mix on a cracking forum. The content is hidden and requires registration to access, with additional private cloud access offered via Telegram.
Date: 2026-04-05T13:09:13Z
Network: openweb
Published URL: https://crackingx.com/threads/71189/
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of CustomKing database
Category: Data Leak
Content: A 105MB SQL database dump from UK online store CustomKing is being shared on a dark web forum. The threat actor has provided contact information via Telegram for further communication.
Date: 2026-04-05T13:08:22Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-customking-co-uk-UK-online-store-website-database
Screenshots:
None
Threat Actors: crazyboy68
Victim Country: United Kingdom
Victim Industry: E-commerce
Victim Organization: CustomKing
Victim Site: customking.co.uk
Alleged leak of Japanese email credentials
Category: Combo List
Content: A threat actor leaked approximately 1,700 valid Japanese email credentials on a cybercrime forum. The credentials appear to be from April 5th, 2024 and are being distributed to registered forum users.
Date: 2026-04-05T12:59:29Z
Network: openweb
Published URL: https://crackingx.com/threads/71188/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of US email credentials
Category: Combo List
Content: A threat actor shared a collection of 1,000 US-based email credentials dated April 5th on a cybercrime forum. The post indicates the data consists of valid email access credentials.
Date: 2026-04-05T12:47:15Z
Network: openweb
Published URL: https://crackingx.com/threads/71187/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of French email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,100 French email credentials allegedly obtained in April 2024. The credentials are being distributed for free to registered forum users.
Date: 2026-04-05T12:37:20Z
Network: openweb
Published URL: https://crackingx.com/threads/71186/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of jobsinabudhabi.com by VinzXploit/CYBER ERROR SYSTEM
Category: Defacement
Content: The attacker VinzXploit from the CYBER ERROR SYSTEM team successfully defaced the jobsinabudhabi.com website on April 5, 2026. The defacement targeted a job portal serving the Abu Dhabi employment market.
Date: 2026-04-05T12:26:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829682
Screenshots:
None
Threat Actors: VinzXploit, CYBER ERROR SYSTEM
Victim Country: United Arab Emirates
Victim Industry: Employment Services
Victim Organization: Jobs in Abu Dhabi
Victim Site: jobsinabudhabi.com
Website defacement of theinfopedia.com by VinzXploit (CYBER ERROR SYSTEM)
Category: Defacement
Content: VinzXploit from the CYBER ERROR SYSTEM team successfully defaced theinfopedia.com on April 5, 2026, targeting the pwd.php page of the information/media website.
Date: 2026-04-05T12:25:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829683
Screenshots:
None
Threat Actors: VinzXploit, CYBER ERROR SYSTEM
Victim Country: Unknown
Victim Industry: Information/Media
Victim Organization: The Infopedia
Victim Site: theinfopedia.com
Website defacement of ittedi.com by VinzXploit/CYBER ERROR SYSTEM
Category: Defacement
Content: VinzXploit from the CYBER ERROR SYSTEM team defaced the ittedi.com website on April 5, 2026, targeting the pwd.php page. The attack was documented and archived on zone-xsec.com mirror.
Date: 2026-04-05T12:25:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829689
Screenshots:
None
Threat Actors: VinzXploit, CYBER ERROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ittedi.com
Website defacement of IT Team Corp by VinzXploit (CYBER ERROR SYSTEM)
Category: Defacement
Content: VinzXploit from the CYBER ERROR SYSTEM team successfully defaced the IT Team Corp website on April 5, 2026, targeting the pwd.php page. The incident appears to be a single-site defacement rather than a mass attack campaign.
Date: 2026-04-05T12:24:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829694
Screenshots:
None
Threat Actors: VinzXploit, CYBER ERROR SYSTEM
Victim Country: Unknown
Victim Industry: Information Technology
Victim Organization: IT Team Corp
Victim Site: itteamcorp.com
Website defacement of Real Wealth Australia by VinzXploit/CYBER ERROR SYSTEM
Category: Defacement
Content: Website defacement attack conducted by VinzXploit from the CYBER ERROR SYSTEM team against Real Wealth Australias website on April 5, 2026. The attack targeted what appears to be a financial services company based in Australia.
Date: 2026-04-05T12:24:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829695
Screenshots:
None
Threat Actors: VinzXploit, CYBER ERROR SYSTEM
Victim Country: Australia
Victim Industry: Financial Services
Victim Organization: Real Wealth Australia
Victim Site: www.realwealthaustralia.com
Mass website defacement campaign by Zod targeting skillerio.com
Category: Defacement
Content: The attacker/group known as Zod conducted a mass defacement campaign targeting skillerio.com on April 5, 2026. This was identified as a mass defacement operation rather than a targeted single-site attack.
Date: 2026-04-05T12:17:54Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248274
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Technology/Education
Victim Organization: Skiller
Victim Site: skillerio.com
Mass website defacement campaign by Zod targeting infiniaclinic.com
Category: Defacement
Content: Threat actor Zod conducted a mass defacement campaign targeting the Infinia Clinic website on April 5, 2026. The attack was part of a broader mass defacement operation rather than a targeted single-site compromise.
Date: 2026-04-05T12:17:35Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248276
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Infinia Clinic
Victim Site: infiniaclinic.com
Mass defacement campaign by Zod targeting housingcompare.in
Category: Defacement
Content: Attacker group Zod conducted a mass defacement campaign targeting housingcompare.in, a real estate comparison website. The attack was part of a broader mass defacement operation rather than a targeted single-site compromise.
Date: 2026-04-05T12:17:12Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248277
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: India
Victim Industry: Real Estate
Victim Organization: Housing Compare
Victim Site: housingcompare.in
Mass defacement campaign by Zod threat actor targeting facesmbymadhuraa.com
Category: Defacement
Content: The threat actor Zod conducted a mass defacement campaign targeting facesmbymadhuraa.com, a beauty/cosmetics business website. The attack occurred on April 5, 2026, affecting a Linux-based server hosting the victims website.
Date: 2026-04-05T12:16:51Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248278
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Beauty/Cosmetics
Victim Organization: Faces by Madhuraa
Victim Site: facesmbymadhuraa.com
Mass defacement targeting education sector by Zod
Category: Defacement
Content: The threat actor Zod conducted a mass defacement campaign targeting the DigitizeLearn educational platform. This incident was part of a broader mass defacement operation affecting multiple websites simultaneously.
Date: 2026-04-05T12:16:32Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248279
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: India
Victim Industry: Education
Victim Organization: DigitizeLearn
Victim Site: digitizelearn.in
Mass website defacement campaign by Zod threat actor
Category: Defacement
Content: Threat actor Zod conducted a mass defacement campaign targeting multiple websites including digitalhackzone.com on April 5, 2026. The attack targeted Linux-based systems and affected multiple sites simultaneously rather than a single organization.
Date: 2026-04-05T12:16:12Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248280
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: digitalhackzone.com
Mass website defacement by Zod targeting chanakyacp.com
Category: Defacement
Content: The attacker known as Zod conducted a mass defacement campaign targeting chanakyacp.com on April 5, 2026. The incident was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-04-05T12:15:52Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248283
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: India
Victim Industry: Unknown
Victim Organization: Chanakya CP
Victim Site: chanakyacp.com
Website defacement of adigitalgalaxy.com by Zod
Category: Defacement
Content: The attacker known as Zod successfully defaced the adigitalgalaxy.com website on April 5, 2026. The target appears to be a technology-related organization running on a Linux server.
Date: 2026-04-05T12:09:55Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248273
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: A Digital Galaxy
Victim Site: adigitalgalaxy.com
Alleged leak of GMX email credentials combolist
Category: Combo List
Content: A threat actor distributed a targeted combolist containing 124,000 GMX email credentials in email:password format. The actor also advertises selling additional credential lists for various email providers and countries through Telegram contact.
Date: 2026-04-05T12:06:56Z
Network: openweb
Published URL: https://demonforums.net/Thread-124K-GMX-TARGETED-COMBOLIST
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: GMX
Victim Site: gmx.com
Alleged distribution of corporate credential combolist via Telegram
Category: Combo List
Content: Threat actor CODER is distributing a 7 million record corporate credential combolist for free through Telegram channels. The actor also operates channels for free programs and additional credential lists.
Date: 2026-04-05T11:55:36Z
Network: openweb
Published URL: https://crackingx.com/threads/71183/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of sportmassage.hu by Zod
Category: Defacement
Content: The attacker known as Zod successfully defaced the Hungarian sports massage website sportmassage.hu on April 5, 2026. This appears to be an isolated defacement incident targeting a healthcare/wellness service provider.
Date: 2026-04-05T11:52:59Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248271
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Hungary
Victim Industry: Healthcare/Wellness
Victim Organization: Unknown
Victim Site: sportmassage.hu
Website defacement of oznetshop.com by Zod
Category: Defacement
Content: The attacker known as Zod successfully defaced the oznetshop.com e-commerce website on April 5, 2026. The defacement targeted a specific page (zod.html) on the cloud-hosted platform.
Date: 2026-04-05T11:52:41Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248272
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Oznetshop
Victim Site: oznetshop.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared what they claim are fresh, valid Hotmail credentials in a combolist format. The actor indicates these are private files with untouched hits, suggesting previously unused credential combinations.
Date: 2026-04-05T11:45:17Z
Network: openweb
Published URL: https://demonforums.net/Thread-Fresh-Hotmail-Drops
Screenshots:
None
Threat Actors: Akari21
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed credential combolist
Category: Combo List
Content: A threat actor leaked a mixed credential combolist containing 32,890 lines of compromised credentials. The data is distributed for free via Telegram channel with password protection.
Date: 2026-04-05T11:43:12Z
Network: openweb
Published URL: https://crackingx.com/threads/71181/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of WEB.DE email credentials
Category: Combo List
Content: Actor WINGO allegedly shared a combolist containing 3,000 WEB.DE email and password combinations on a cybercriminal forum.
Date: 2026-04-05T11:33:43Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3K-WEB-DE
Screenshots:
None
Threat Actors: WINGO
Victim Country: Germany
Victim Industry: Technology
Victim Organization: WEB.DE
Victim Site: web.de
Alleged leak of mixed credential combolist
Category: Combo List
Content: Threat actor shared a combolist containing 1,000 valid mixed email and password combinations through a free download link on Pasteview.
Date: 2026-04-05T11:32:44Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1K-VALID-MIXED
Screenshots:
None
Threat Actors: COYTO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of educational institution credentials and social media data
Category: Combo List
Content: A threat actor shared a credential list containing 136,052 entries allegedly targeting educational institutions, social media platforms, and shopping sites. The data is being distributed for free through a file hosting service.
Date: 2026-04-05T11:30:46Z
Network: openweb
Published URL: https://crackingx.com/threads/71179/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of PrimeTel/NConnect
Category: Data Breach
Content: Threat actor AckLine is selling a 21GB database dump from Botswana internet service provider NConnect/PrimeTel for $300. The data allegedly contains information from 2014-2026 including 67 employees full names and emails.
Date: 2026-04-05T10:51:37Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-PrimeTel-PTY-LTD-T-A-Nconnect
Screenshots:
None
Threat Actors: AckLine
Victim Country: Botswana
Victim Industry: Telecommunications
Victim Organization: PrimeTel (PTY) LTD T/A Nconnect
Victim Site: Unknown
Alleged leak of corporate email credentials
Category: Combo List
Content: A threat actor shared a collection of 19,000 corporate email credentials described as fresh and valid, dated April 5th. The credentials appear to be made available for free download to registered forum users.
Date: 2026-04-05T10:47:48Z
Network: openweb
Published URL: https://crackingx.com/threads/71176/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 2,910 mixed email credentials for free download on a cybercrime forum.
Date: 2026-04-05T10:47:31Z
Network: openweb
Published URL: https://crackingx.com/threads/71177/
Screenshots:
None
Threat Actors: NotSellerxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Greenhandle.in customer database
Category: Data Leak
Content: Customer database from Indian B2B packaging marketplace Greenhandle.in allegedly leaked, containing customer names, business names, mobile numbers, email addresses, product orders, and quantities.
Date: 2026-04-05T10:47:16Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-greenhandle-in-is-an-online-B2B-marketplace-based-in-INDIA
Screenshots:
None
Threat Actors: crazyboy68
Victim Country: India
Victim Industry: E-commerce
Victim Organization: Greenhandle
Victim Site: greenhandle.in
Alleged data breach of UNIFAP university portal in Brazil
Category: Data Breach
Content: Database dump from a Brazilian university student portal containing user IDs, email addresses, password hashes, and account status information. The compromised system manages student grades, curricula, announcements, and educational documents.
Date: 2026-04-05T10:46:57Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-conta-unifapace-edu-br-is-a-student-website-from-BRAZIL-DB-Access
Screenshots:
None
Threat Actors: crazyboy68
Victim Country: Brazil
Victim Industry: Education
Victim Organization: UNIFAP
Victim Site: conta.unifapace.edu.br
Website defacement of gerhardthiel.com by Hiro-X (Maros Black Hat)
Category: Defacement
Content: The personal website gerhardthiel.com was defaced by attacker Hiro-X, affiliated with the Maros Black Hat team, on April 5th, 2026. The incident targeted a Linux-hosted website and appears to be an isolated defacement rather than part of a mass campaign.
Date: 2026-04-05T10:45:34Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248270
Screenshots:
None
Threat Actors: Hiro-X, Maros Black Hat
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Gerhard Thiel
Victim Site: gerhardthiel.com
Alleged leak of TEEB Valuation Database by PaskoCyberRexor
Category: Data Leak
Content: A post forwarded from PASKO FORUM (P/F) claims to share the TEEB Valuation Database via an external document link (sg.docworkspace.com). The post is attributed to handles DanzNisMxst7 and PaskoCyberRexor, with a linked Telegram channel. The database appears to be made available for free download.
Date: 2026-04-05T10:38:56Z
Network: telegram
Published URL: https://t.me/paskocyberrexor/65
Screenshots:
None
Threat Actors: PaskoCyberRexor
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: TEEB
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: User klyne05 shared a combolist containing Hotmail email credentials on a cybercriminal forum. The post indicates the credentials are described as private, fresh, and checked.
Date: 2026-04-05T10:36:09Z
Network: openweb
Published URL: https://crackingx.com/threads/71174/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a sample combolist containing 650 Hotmail email and password combinations on a cybercriminal forum.
Date: 2026-04-05T10:35:51Z
Network: openweb
Published URL: https://crackingx.com/threads/71175/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data leak of Vietnamese website anhsangsoiduong.vn database
Category: Data Leak
Content: A threat actor leaked an 800MB SQL database dump from Vietnamese website anhsangsoiduong.vn containing user credentials, email addresses, and registration data.
Date: 2026-04-05T10:35:11Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-anhsangsoiduong-vn-Vietnamese-website-database
Screenshots:
None
Threat Actors: crazyboy68
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: anhsangsoiduong.vn
Website defacement of meshkat.store by tirz4sec (jatengblekhet team)
Category: Defacement
Content: The e-commerce website meshkat.store was defaced by attacker tirz4sec, affiliated with the jatengblekhet team, on April 5, 2026. The defacement targeted the WordPress uploads directory of the online store.
Date: 2026-04-05T10:34:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829673
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Meshkat Store
Victim Site: meshkat.store
Website defacement of Free-Find by tirz4sec (jatengblekhet team)
Category: Defacement
Content: The attacker tirz4sec, associated with the jatengblekhet team, defaced the Free-Find website on April 5, 2026. The attack targeted the WordPress content directory of the UK-based technology service provider.
Date: 2026-04-05T10:32:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829674
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: United Kingdom
Victim Industry: Technology
Victim Organization: Free-Find
Victim Site: free-find.co.uk
Alleged leak of German email credentials
Category: Combo List
Content: A threat actor allegedly leaked 34,000 German email credentials with full valid mail access on a cybercrime forum.
Date: 2026-04-05T10:25:55Z
Network: openweb
Published URL: https://crackingx.com/threads/71172/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credential combolist
Category: Combo List
Content: Threat actor leaked a mixed combolist containing 39,000 email credentials through a file sharing service and promoted additional credential databases via Telegram channel.
Date: 2026-04-05T10:25:37Z
Network: openweb
Published URL: https://crackingx.com/threads/71173/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Hotmail Credential Combolists Across Multiple Countries
Category: Combo List
Content: A threat actor is selling Hotmail credential combolists covering multiple countries including UK, DE, JP, NL, BR, PL, ES, US, IT, and others. The actor claims to own a private cloud and offers inbox searching with keyword filtering. The combolists are themed around popular platforms including PayPal, eBay, OfferUp, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Amazon, Mercari, Kleinanzeigen, and Neosurf. Valid NTLWorld webmails are also offered. Buyers are directed to DM for requests.
Date: 2026-04-05T10:20:49Z
Network: telegram
Published URL: https://t.me/c/2613583520/59408
Screenshots:
None
Threat Actors: Admu
Victim Country: Unknown
Victim Industry: Technology / Email Services
Victim Organization: Hotmail / Microsoft
Victim Site: hotmail.com
Website defacement of gearowl.com by tirz4sec (jatengblekhet team)
Category: Defacement
Content: The website gearowl.com was defaced by attacker tirz4sec, associated with the jatengblekhet team, on April 5, 2026. The defacement targeted the WordPress uploads directory of the site.
Date: 2026-04-05T10:19:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829668
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: GearOwl
Victim Site: gearowl.com
Website defacement of gv-neckarsulm.de by tirz4sec (jatengblekhet team)
Category: Defacement
Content: On April 5, 2026, the website of gv-neckarsulm.de was defaced by attacker tirz4sec, who is affiliated with the jatengblekhet team. The defacement targeted the WordPress content directory of what appears to be a German municipal government website.
Date: 2026-04-05T10:18:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829669
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: Germany
Victim Industry: Government
Victim Organization: City of Neckarsulm
Victim Site: gv-neckarsulm.de
Website defacement of Mobilificio Solinas by tirz4sec (jatengblekhet team)
Category: Defacement
Content: The attacker tirz4sec, affiliated with the jatengblekhet team, successfully defaced the website of Italian furniture manufacturer Mobilificio Solinas on April 5, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-05T10:18:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829670
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: Italy
Victim Industry: Furniture Manufacturing
Victim Organization: Mobilificio Solinas
Victim Site: www.mobilificiosolinas.it
Website defacement of niptuckpages.com by tirz4sec/jatengblekhet team
Category: Defacement
Content: The website niptuckpages.com was defaced by attacker tirz4sec affiliated with the jatengblekhet team on April 5, 2026. This appears to be an isolated single-site defacement incident.
Date: 2026-04-05T10:17:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829671
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: niptuckpages.com
Alleged cyber attack by Hanzala group targeting 27 Israeli companies
Category: Cyber Attack
Content: The hacktivist group Hanzala claimed responsibility for a cyber attack targeting the websites of 27 Israeli companies. The group stated the operation was carried out in response to the killing of children in Minab, framing it as cyber retaliation. The attack reportedly targeted company websites to deliver a political message.
Date: 2026-04-05T10:17:44Z
Network: telegram
Published URL: https://t.me/c/1283513914/20993
Screenshots:
None
Threat Actors: حنظله
Victim Country: Israel
Victim Industry: Multiple sectors
Victim Organization: Multiple Israeli companies (27)
Victim Site: Unknown
Alleged leak of Hotmail credential combinations
Category: Combo List
Content: A threat actor shared a combolist containing 2,400 Hotmail credential combinations from various countries on a cybercriminal forum.
Date: 2026-04-05T10:15:27Z
Network: openweb
Published URL: https://crackingx.com/threads/71171/
Screenshots:
None
Threat Actors: Jelooos
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of campiuttiesteves.com.br by tirz4sec (jatengblekhet team)
Category: Defacement
Content: The website campiuttiesteves.com.br was defaced by attacker tirz4sec, affiliated with the jatengblekhet team, on April 5, 2026. The defacement targeted a specific file (t.txt) on the Brazilian website.
Date: 2026-04-05T10:06:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829666
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Campiutti Esteves
Victim Site: campiuttiesteves.com.br
Alleged new operation or data release by Handala hack group
Category: Cyber Attack
Content: Handala, a known pro-Palestinian hacktivist group, announced a new post on their official site via a shortened URL. The post likely contains details of a cyber attack, data breach, or leak targeting Israeli organizations, consistent with the groups historical activity.
Date: 2026-04-05T10:05:00Z
Network: telegram
Published URL: https://t.me/c/3548035165/75
Screenshots:
None
Threat Actors: HANDALA HACK
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged malicious npm packages impersonating Strapi plugins used for remote access and data theft
Category: Malware
Content: 36 malicious packages were identified on npm, masquerading as legitimate Strapi plugins. Upon installation, they execute malicious code enabling remote access, credential theft, and persistent backdoor establishment. Attackers leveraged Redis and PostgreSQL to exfiltrate sensitive data, with a particular focus on cryptocurrency-related information.
Date: 2026-04-05T09:57:32Z
Network: telegram
Published URL: https://t.me/c/1283513914/20992
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Unknown
Victim Industry: Software Development
Victim Organization: Unknown
Victim Site: npmjs.com
Alleged leak of mixed access credential list
Category: Combo List
Content: A threat actor shared a credential list containing email and password combinations for mixed access accounts via a free download link on a cybercriminal forum.
Date: 2026-04-05T09:47:34Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-mixed-access
Screenshots:
None
Threat Actors: COYTO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: A threat actor named Jelooos allegedly shared a combolist containing 3.4K fresh Hotmail credentials on the CrackingX forum. The post indicates these are valid credential combinations.
Date: 2026-04-05T09:46:29Z
Network: openweb
Published URL: https://crackingx.com/threads/71169/
Screenshots:
None
Threat Actors: Jelooos
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Cyber Attack by North Korean Hackers on Cryptocurrency Platform via Social Engineering
Category: Cyber Attack
Content: A report from Cyberban News (Persian-language cybersecurity outlet) describes a recent attack attributed to North Korea-linked hackers against a cryptocurrency platform. The attackers reportedly did not rely solely on technical vulnerabilities; instead, they used slow infiltration and social engineering to gain the trust of platform members and exploit internal decision-making processes. The report highlights that cryptocurrency security cannot be guaranteed by technical code review alone, as human factors and management processes represent significant attack surfaces.
Date: 2026-04-05T09:42:15Z
Network: telegram
Published URL: https://t.me/c/1283513914/20991
Screenshots:
None
Threat Actors: North Korean Hackers
Victim Country: Unknown
Victim Industry: Cryptocurrency / Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of multiple websites by INDOHAXSEC (FidzXploit)
Category: Defacement
Content: Threat actor FidzXploit operating under the group INDOHAXSEC claimed responsibility for defacing multiple websites including domains associated with India (sivaadvertisingcompany.in), Pakistan (khurramumtaz.com), and Brazil (lampiaosolucoes.com.br), among others. A Zone-H mirror (ID: 41673308) was submitted as proof of the defacements.
Date: 2026-04-05T09:25:22Z
Network: telegram
Published URL: https://t.me/IndoHaxSec3/83
Screenshots:
None
Threat Actors: INDOHAXSEC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: boovikey.sivaadvertisingcompany.in, heavydata.khurramumtaz.com, hospital.spearas.com, heavydata.spearas.com, lp.lampiaosolucoes.com.br, school.spearas.com, shop.spearas.com
Alleged defacement of multiple websites by INDOHAXSEC
Category: Defacement
Content: Threat actor FidzXploit operating under the INDOHAXSEC group claims to have defaced multiple websites including domains associated with sivaadvertisingcompany.in, khurramumtaz.com, spearas.com, and lampiaosolucoes.com.br. A photo was shared as proof of the defacements.
Date: 2026-04-05T09:23:40Z
Network: telegram
Published URL: https://t.me/c/3180612800/83
Screenshots:
None
Threat Actors: FidzXploit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: boovikey.sivaadvertisingcompany.in, heavydata.khurramumtaz.com, hospital.spearas.com, heavydata.spearas.com, lp.lampiaosolucoes.com.br, school.spearas.com, shop.spearas.com
Website defacement of Siva Advertising Company by fidzxploit/INDOHAXSEC
Category: Defacement
Content: The website boovikey.sivaadvertisingcompany.in belonging to Siva Advertising Company was defaced by attacker fidzxploit from the INDOHAXSEC team on April 5, 2026. The targeted server was running on Linux operating system.
Date: 2026-04-05T09:20:49Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248263
Screenshots:
None
Threat Actors: fidzxploit, INDOHAXSEC
Victim Country: India
Victim Industry: Advertising
Victim Organization: Siva Advertising Company
Victim Site: boovikey.sivaadvertisingcompany.in
Website defacement of heavydata.khurramumtaz.com by fidzxploit/INDOHAXSEC
Category: Defacement
Content: The website heavydata.khurramumtaz.com was defaced by attacker fidzxploit from the INDOHAXSEC team on April 5, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-05T09:20:30Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248264
Screenshots:
None
Threat Actors: fidzxploit, INDOHAXSEC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: heavydata.khurramumtaz.com
Mass defacement campaign by INDOHAXSEC targeting hospital infrastructure
Category: Defacement
Content: The threat actor fidzxploit from INDOHAXSEC team conducted a mass defacement campaign targeting healthcare infrastructure on April 5, 2026. The attack affected hospital.spearas.com as part of a broader mass defacement operation rather than a targeted single-site attack.
Date: 2026-04-05T09:20:11Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248265
Screenshots:
None
Threat Actors: fidzxploit, INDOHAXSEC
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Unknown
Victim Site: hospital.spearas.com
Mass website defacement by INDOHAXSEC team member fidzxploit targeting heavydata.spearas.com
Category: Defacement
Content: INDOHAXSEC team member fidzxploit conducted a mass defacement attack targeting heavydata.spearas.com on April 5, 2026. This was part of a larger mass defacement campaign rather than an isolated single-site attack.
Date: 2026-04-05T09:19:53Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248266
Screenshots:
None
Threat Actors: fidzxploit, INDOHAXSEC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: heavydata.spearas.com
Website defacement of Lampiao Solucoes by fidzxploit (INDOHAXSEC)
Category: Defacement
Content: Brazilian business services company Lampiao Solucoes had their website defaced by attacker fidzxploit associated with the INDOHAXSEC team on April 5, 2026. The attack targeted the companys subdomain landing page hosted on a Linux server.
Date: 2026-04-05T09:19:35Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248267
Screenshots:
None
Threat Actors: fidzxploit, INDOHAXSEC
Victim Country: Brazil
Victim Industry: Business Services
Victim Organization: Lampiao Solucoes
Victim Site: lp.lampiaosolucoes.com.br
Mass defacement campaign by INDOHAXSEC targeting educational institutions
Category: Defacement
Content: INDOHAXSEC threat group conducted a mass defacement campaign targeting educational websites. The attack was carried out by operator fidzxploit and affected the school.spearas.com domain as part of a broader campaign against multiple sites.
Date: 2026-04-05T09:19:17Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248268
Screenshots:
None
Threat Actors: fidzxploit, INDOHAXSEC
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: school.spearas.com
Alleged leak of mixed credential combolist
Category: Combo List
Content: A threat actor shared a mixed credential combolist containing 9,000 email and password combinations through a free download link on a cybercriminal forum.
Date: 2026-04-05T09:18:51Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-9K-MIXED-LEAK
Screenshots:
None
Threat Actors: WINGO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A combolist containing 1.58 million Hotmail credentials from mixed countries has been made available for free download. The threat actor shared the credential list through a file hosting service.
Date: 2026-04-05T08:59:09Z
Network: openweb
Published URL: https://crackingx.com/threads/71165/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a Google Drive link containing a combolist of 10,000 mixed email credentials for free download on a cybercrime forum.
Date: 2026-04-05T08:21:57Z
Network: openweb
Published URL: https://crackingx.com/threads/71163/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of ConcreteBending 8.01 cracked software
Category: Initial Access
Content: Forum post offering download of cracked ConcreteBending 8.01 engineering software for concrete structural analysis. The post appears to be distributing pirated software disguised as legitimate engineering content.
Date: 2026-04-05T08:21:42Z
Network: openweb
Published URL: https://crackingx.com/threads/71164/
Screenshots:
None
Threat Actors: GoRainCC
Victim Country: Unknown
Victim Industry: Software
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of stolen credit cards and carding tools via Telegram channels
Category: Cyber Attack
Content: Multiple actors are advertising stolen credit card (CC) stores, card checkers, and CVV services across a Telegram marketplace channel. Advertisements reference @vcxdcvx as a CC store, @cocococococococo1 as a card checker service, t.me/fsdf12452 for high-balance cards, and @nzccg001 for a CVV benefits group. Chinese-language posts also advertise bulk messaging and custom software services via @LW_0808.
Date: 2026-04-05T08:15:30Z
Network: telegram
Published URL: https://t.me/c/2613583520/59360
Screenshots:
None
Threat Actors: NeZha CVV Support
Victim Country: Unknown
Victim Industry: Financial
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of pirated CADValley InfraWizard Professional 2026 software
Category: Data Leak
Content: Forum post appears to be distributing pirated CADValley InfraWizard Professional 2026 software for free download. The post contains detailed product descriptions and features of the infrastructure design software.
Date: 2026-04-05T08:12:17Z
Network: openweb
Published URL: https://crackingx.com/threads/71161/
Screenshots:
None
Threat Actors: GoRainCC
Victim Country: Unknown
Victim Industry: Software
Victim Organization: CADValley
Victim Site: Unknown
Alleged distribution of cracked Codemill IFC Export software
Category: Initial Access
Content: A forum post distributes cracked version of Codemill IFC Export for Autodesk AutoCAD Plant3D 3.0.5 software for free download. The post provides detailed description of the softwares features and functionality for Building Information Modeling workflows.
Date: 2026-04-05T08:11:58Z
Network: openweb
Published URL: https://crackingx.com/threads/71162/
Screenshots:
None
Threat Actors: GoRainCC
Victim Country: Unknown
Victim Industry: Software
Victim Organization: Codemill
Victim Site: Unknown
Alleged data breach of Bank Pembangunan Daerah Banten
Category: Data Breach
Content: Threat actor Blastoize claims to possess data from Indonesian regional development bank containing 733,000 card details and 73,000 individual customer records. The leaked data includes card numbers, transaction details, customer names, addresses, and identification numbers from Bank Pembangunan Daerah Bantens systems.
Date: 2026-04-05T08:11:25Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Indonesia-bankbanten-co-id-Bank-Pembangunan-Daerah-Banten-16-Million-2024
Screenshots:
None
Threat Actors: Blastoize
Victim Country: Indonesia
Victim Industry: Financial Services
Victim Organization: Bank Pembangunan Daerah Banten
Victim Site: bankbanten.co.id
Alleged data leak of Puerto Inteligente Seguro Mexico personnel database
Category: Data Leak
Content: Threat actor marssepe leaked a database containing personal information of over 640,000 personnel registered with Puerto Inteligente Seguro Mexico. The leaked data includes names, government IDs (CURP, RFC), social security numbers, blood types, employment details, and photos.
Date: 2026-04-05T08:11:13Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-LEAK-Personal-Puerto-Inteligente-Seguro-Mexico-640K
Screenshots:
None
Threat Actors: marssepe
Victim Country: Mexico
Victim Industry: Transportation
Victim Organization: Puerto Inteligente Seguro
Victim Site: puertointeligenteseguro.mx
Alleged bypass sale targeting pbipsi.com
Category: Vulnerability
Content: A threat actor is offering a 1x bypass for pbipsi.com, suggesting a security bypass tool or technique targeting this domain, potentially for unauthorized access or circumventing security controls.
Date: 2026-04-05T08:01:08Z
Network: telegram
Published URL: https://t.me/c/2939819285/77
Screenshots:
None
Threat Actors: Jax Plans Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: pbipsi.com
Alleged distribution of cracked CadPro Tools for AutoCAD 2026
Category: Data Leak
Content: Forum post distributing cracked version of CadPro Tools for AutoCAD 2026 software with detailed feature descriptions and installation instructions.
Date: 2026-04-05T08:00:58Z
Network: openweb
Published URL: https://crackingx.com/threads/71158/
Screenshots:
None
Threat Actors: GoRainCC
Victim Country: Unknown
Victim Industry: Software
Victim Organization: CadPro Tools
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor is distributing a combolist containing 1,220 valid Hotmail email and password combinations through a free download link on a cybercriminal forum.
Date: 2026-04-05T08:00:50Z
Network: openweb
Published URL: https://crackingx.com/threads/71160/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of pirated CadPro Tools for Revit 2026 software
Category: Data Leak
Content: Forum user GoRainCC is distributing what appears to be pirated CadPro Tools for Revit 2026 software on a cracking forum. The post provides detailed feature descriptions of the BIM automation software.
Date: 2026-04-05T08:00:39Z
Network: openweb
Published URL: https://crackingx.com/threads/71159/
Screenshots:
None
Threat Actors: GoRainCC
Victim Country: Unknown
Victim Industry: Software
Victim Organization: CadPro Tools
Victim Site: Unknown
Website defacement of BIET Bhadrak by fidzxploit (INDOHAXSEC)
Category: Defacement
Content: The INDOHAXSEC team member fidzxploit defaced the website of BIET Bhadrak, an educational institution in India, on April 5, 2026. The attack targeted the institutions primary website hosted on cloud infrastructure.
Date: 2026-04-05T07:42:06Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248262
Screenshots:
None
Threat Actors: fidzxploit, INDOHAXSEC
Victim Country: India
Victim Industry: Education
Victim Organization: BIET Bhadrak
Victim Site: bietbhadrak.ac.in
Alleged leak of mixed forum credentials
Category: Combo List
Content: A threat actor shared a collection of 82,000 mixed forum credentials described as valid. The combolist appears to contain credentials from various forum platforms.
Date: 2026-04-05T07:39:32Z
Network: openweb
Published URL: https://crackingx.com/threads/71157/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Unauthorized Access to CCTV Surveillance System of UK Hostel by Z-Pentest Alliance
Category: Cyber Attack
Content: Threat actor group Z-Pentest Alliance claims to have gained full access to the CCTV system of an unnamed hostel in the United Kingdom. The group states all cameras are under their control, covering areas including the kitchen, entrance, hallways, dining room, living room, backyard, and street-facing exterior. Access was reportedly obtained without brute force or physical interference, indicating critically weak security posture. The group frames the intrusion as a vulnerability demonstration rather than a financially motivated attack, and denies blackmail or data theft intent. Post is tagged with #OpUK and references to specific targets (#FuckEastwood, #FuckRedCircus), suggesting a targeted campaign against UK infrastructure.
Date: 2026-04-05T07:28:23Z
Network: telegram
Published URL: https://t.me/c/2729466495/924
Screenshots:
None
Threat Actors: Z-Pentest Alliance
Victim Country: United Kingdom
Victim Industry: Hospitality
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of stolen credit card data via carding stores PepeCard, AllCards, and CocoCheck
Category: Initial Access
Content: Multiple carding stores are advertising stolen credit card (CVV) data for sale. PepeCard offers 100,000+ cards daily (US/Canada/UK/Global) starting at $1 per valid card with 75-95% validity rate, accessible via pepecard.mobi and a Tor hidden service. AllCards offers 100k+ global cards daily, with US cards at $1.2-2 per valid card and other countries at $2.5-3, accessible via allcards.vlweh.com and a Tor hidden service. CocoCheck is advertised as a CC checker service at $0.01 per check, supporting bulk validation at cococheck.co. All three platforms have been operating for over three years.
Date: 2026-04-05T07:20:51Z
Network: telegram
Published URL: https://t.me/c/2613583520/59372
Screenshots:
None
Threat Actors: PepeCard
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of HOM by DimasHxR
Category: Defacement
Content: DimasHxR conducted a redefacement attack against www.hom.com on April 5, 2026, targeting the media/customer section of the website. This appears to be a repeat attack on the same target rather than an initial compromise.
Date: 2026-04-05T07:03:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829652
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: HOM
Victim Site: www.hom.com
Alleged sale of mail access, combolists, and credential tools across multiple countries
Category: Logs
Content: A threat actor operating as @Dataxlogs is advertising the sale of mail access for multiple countries including France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, and Japan. The offering includes configs, scripts, tools, hits, combos, and more, with custom requests available.
Date: 2026-04-05T06:52:15Z
Network: telegram
Published URL: https://t.me/c/2613583520/59356
Screenshots:
None
Threat Actors: Dataxlogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of akademiatiptop.pl by Aptisme (Leviathan Perfect Hunter)
Category: Defacement
Content: The attacker Aptisme, affiliated with the Leviathan Perfect Hunter team, defaced the Polish educational institution Akademia Tip Tops website on April 5, 2026. The attack targeted a specific file (art.txt) on the victims domain.
Date: 2026-04-05T06:51:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829632
Screenshots:
None
Threat Actors: Aptisme, Leviathan Perfect Hunter
Victim Country: Poland
Victim Industry: Education
Victim Organization: Akademia Tip Top
Victim Site: akademiatiptop.pl
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,120 Hotmail email and password combinations on an underground forum.
Date: 2026-04-05T06:50:27Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9A%A1%E2%9A%A1-X1120-HQ-Hotmail-%E2%9A%A1%E2%9A%A1-BY-Steveee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of penosil.pro by Aptisme/Leviathan Perfect Hunter team
Category: Defacement
Content: The threat actor Aptisme, associated with the Leviathan Perfect Hunter team, successfully defaced the penosil.pro website on April 5, 2026. The attack targeted a specific page on the construction materials companys website.
Date: 2026-04-05T06:45:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829610
Screenshots:
None
Threat Actors: Aptisme, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Construction/Manufacturing
Victim Organization: Penosil
Victim Site: penosil.pro
Website defacement of agentn.net by Aptisme (Leviathan Perfect Hunter team)
Category: Defacement
Content: The attacker Aptisme, affiliated with the Leviathan Perfect Hunter team, successfully defaced the art.html page of agentn.net on April 5, 2026. This appears to be an isolated defacement incident targeting a single webpage rather than a mass attack.
Date: 2026-04-05T06:44:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829611
Screenshots:
None
Threat Actors: Aptisme, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: agentn.net
Website defacement of BusyB by DimasHxR
Category: Defacement
Content: DimasHxR defaced the BusyB website on April 5, 2026. The attack targeted a specific page within the customer media directory of the UK-based organization.
Date: 2026-04-05T06:44:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829612
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: BusyB
Victim Site: busyb.co.uk
Website defacement of Ragan and Massey by DimasHxR
Category: Defacement
Content: The website raganandmassey.com was defaced by threat actor DimasHxR on April 5, 2026. This was an isolated defacement incident targeting a single organizations web presence.
Date: 2026-04-05T06:43:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829613
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Ragan and Massey
Victim Site: raganandmassey.com
Website defacement of Saucer Solutions by DimasHxR
Category: Defacement
Content: On April 5, 2026, attacker DimasHxR defaced the Saucer Solutions website. This was an individual defacement incident rather than part of a mass defacement campaign.
Date: 2026-04-05T06:43:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829614
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Saucer Solutions
Victim Site: saucersolutions.com
Website defacement of Mardi Gras Beads For Less by DimasHxR
Category: Defacement
Content: DimasHxR successfully defaced the Mardi Gras Beads For Less e-commerce website on April 5, 2026. The attack targeted a retail website specializing in Mardi Gras merchandise and party supplies.
Date: 2026-04-05T06:42:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829617
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail/E-commerce
Victim Organization: Mardi Gras Beads For Less
Victim Site: mardigrasbeadsforless.com
Website defacement of Gadget Parts by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced the Australian electronics retailer Gadget Parts website on April 5, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-05T06:41:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829620
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Australia
Victim Industry: Electronics/Retail
Victim Organization: Gadget Parts
Victim Site: gadgetparts.com.au
Website defacement of TimeToCart e-commerce platform by DimasHxR
Category: Defacement
Content: E-commerce website timetocart.com was defaced by threat actor DimasHxR on April 5, 2026. The defacement targeted a specific media directory path rather than the main homepage.
Date: 2026-04-05T06:41:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829621
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: TimeToCart
Victim Site: timetocart.com
Website defacement of almandoos.com by DimasHxR
Category: Defacement
Content: DimasHxR defaced the almandoos.com website on April 5, 2026, targeting a specific media/customer subdirectory. This was an individual attack rather than part of a mass defacement campaign.
Date: 2026-04-05T06:40:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829622
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: almandoos.com
Website defacement of Venashop by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced a customer-related page on the Polish e-commerce website venashop.pl on April 5, 2026. This appears to be a single-target defacement incident affecting the online retail platform.
Date: 2026-04-05T06:39:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829626
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Poland
Victim Industry: E-commerce
Victim Organization: Venashop
Victim Site: venashop.pl
Website defacement of CanMedDirect by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR successfully defaced the Canadian medical services website canmeddirect.ca on April 5, 2026. The attack targeted a specific media/customer section of the healthcare organizations website.
Date: 2026-04-05T06:39:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829628
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Canada
Victim Industry: Healthcare
Victim Organization: CanMedDirect
Victim Site: canmeddirect.ca
Website defacement of bijurdelimon.com by DimasHxR
Category: Defacement
Content: Solo attacker DimasHxR defaced bijurdelimon.com on April 5, 2026, targeting a specific subdirectory rather than the homepage.
Date: 2026-04-05T06:38:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829629
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: bijurdelimon.com
Website defacement of thisisfromroy.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced www.thisisfromroy.com on April 5, 2026. The incident was a single-site defacement with no apparent political motivation or mass campaign involvement.
Date: 2026-04-05T06:38:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829631
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: www.thisisfromroy.com
Website defacement of World Meeting and Events by Aptisme/Leviathan Perfect Hunter
Category: Defacement
Content: The attacker Aptisme, associated with team Leviathan Perfect Hunter, defaced the World Meeting and Events website on April 5, 2026. This appears to be a targeted single-site defacement rather than a mass attack campaign.
Date: 2026-04-05T06:31:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829609
Screenshots:
None
Threat Actors: Aptisme, Leviathan Perfect Hunter
Victim Country: Unknown
Victim Industry: Events and Conferences
Victim Organization: World Meeting and Events
Victim Site: worldmeetingandevents.com
Alleged leak of German credential combolist
Category: Combo List
Content: A credential combolist containing 566,368 lines targeting German users has been made available for free download via file sharing platform.
Date: 2026-04-05T06:29:32Z
Network: openweb
Published URL: https://crackingx.com/threads/71156/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Cyber Threat by Handala Hack Against Critical Infrastructure of Irans Adversaries
Category: Cyber Attack
Content: Handala Hack issued a formal warning threatening widespread cyberattacks against water, electricity, and oil infrastructure in countries perceived as hostile to Iran or the Resistance Axis. The group claims to have these infrastructures under complete surveillance and control and promises a paralyzing cyberattack in response to any action against Irans energy infrastructure. The statement is framed as a final warning and describes years of preparation for such attacks.
Date: 2026-04-05T06:23:54Z
Network: telegram
Published URL: https://t.me/c/3548035165/74
Screenshots:
None
Threat Actors: Handala Hack
Victim Country: Unknown
Victim Industry: Energy, Water, Oil & Gas
Victim Organization: Unknown
Victim Site: Unknown
Alleged Cookie Stealer/Manager Software Package — New Update Announced
Category: Malware
Content: A Telegram channel Threat Market is advertising a full cookie management software package, claiming a new update will be available soon. The post is in Russian and suggests a tool designed for cookie theft or session hijacking operations.
Date: 2026-04-05T06:16:57Z
Network: telegram
Published URL: https://t.me/c/3881618514/29
Screenshots:
None
Threat Actors: Threat Market
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Android Malware NoVoice Distributed via Google Play Infecting 2.3 Million Devices
Category: Malware
Content: A malware named NoVoice has reportedly been distributed through more than 50 applications on the Google Play Store, infecting approximately 2.3 million Android devices. The malware exploits vulnerabilities in older Android versions to gain root-level system access without requiring suspicious permissions. It is reportedly persistent even after a factory reset, capable of infiltrating apps to steal data and access user accounts. Infected devices maintain continuous communication with attacker-controlled C2 servers to receive new commands.
Date: 2026-04-05T06:03:00Z
Network: telegram
Published URL: https://t.me/c/1283513914/20986
Screenshots:
None
Threat Actors: NoVoice
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google Play
Victim Site: play.google.com
Website defacement of BH Online Store by DimasHxR
Category: Defacement
Content: DimasHxR defaced a subdirectory of the BH Online Store e-commerce website on April 5, 2026. The attack targeted a specific media directory rather than the main homepage.
Date: 2026-04-05T05:52:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829608
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: BH Online Store
Victim Site: www.bhonlinestore.com
Alleged data leak by LegioNLeakeRs group
Category: Data Leak
Content: Thread posted by LegioNLeakeRs group claiming to share URL, login, and password data, though no specific content details are available in the post.
Date: 2026-04-05T05:32:28Z
Network: openweb
Published URL: https://xforums.st/threads/legionleakers-url-log-pass.604931/
Screenshots:
None
Threat Actors: hannisonntag
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of ProtonsCable by PH.BL4KE (STORM BREAKER SECURITY)
Category: Defacement
Content: The telecommunications company ProtonsCables website was defaced by attacker PH.BL4KE from the STORM BREAKER SECURITY team on April 5, 2026. This was a targeted home defacement affecting the organizations main website.
Date: 2026-04-05T05:12:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829575
Screenshots:
None
Threat Actors: PH.BL4KE, STORM BREAKER SECURITY
Victim Country: Unknown
Victim Industry: Telecommunications
Victim Organization: ProtonsCable
Victim Site: protonscable.com
Website defacement of Edumalls by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR successfully defaced the Edumalls educational platform website. This incident represents a redefacement of the target, indicating the site may have been previously compromised and restored.
Date: 2026-04-05T05:00:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/829557
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Edumalls
Victim Site: www.edumalls.com
Alleged data breach of Mitra Husada University UPPM portal with admin credentials exposed
Category: Data Breach
Content: A threat actor associated with Rakyat Digital Crew has leaked what appears to be an SQL database dump from uppm.mitrahusada.ac.id, an Indonesian academic institution (Mitra Husada University). The dump includes admin table records with usernames, MD5-hashed passwords, full names, and email addresses. The MD5 hash 21232f297a57a5a743894a0e4a801fc3 corresponds to the password admin, indicating weak credential practices.
Date: 2026-04-05T04:55:07Z
Network: telegram
Published URL: https://t.me/c/3755871403/188
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Mitra Husada University (UPPM)
Victim Site: uppm.mitrahusada.ac.id
Alleged leak of credential combolist containing 60 million records
Category: Combo List
Content: A threat actor leaked a credential combolist containing 60 million URL:LOGIN:PASS combinations on a cybercrime forum. The post appears to offer free access to the credential data requiring forum registration to view.
Date: 2026-04-05T04:30:24Z
Network: openweb
Published URL: https://crackingx.com/threads/71148/
Screenshots:
None
Threat Actors: Leak Realm
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of shell access by threat actor BABAYO EROR SYSTEM
Category: Initial Access
Content: A threat actor operating under BABAYO EROR SYSTEM is offering shell access for sale (Wts domut Akses Shell). The post instructs interested buyers to contact via private message (@yatimluajg) and mentions use of a trusted middleman/escrow service (Rekber kan). No specific target or price disclosed.
Date: 2026-04-05T04:16:42Z
Network: telegram
Published URL: https://t.me/c/3865526389/453
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of multiple websites by Mr.PIMZZZXploit
Category: Defacement
Content: Threat actor Mr.PIMZZZXploit, affiliated with Babayo Eror System, claims to have defaced multiple websites including domains hosted in Indonesia, Pakistan, and other regions. Targeted sites include jurnal.angkoso.my.id, ahadbinilyas.passionflip.pk, travel.skyrank.shop, shop.abbasgarments.com, thepicwall.com.pikesway.com, and marie.abbasgarments.com.
Date: 2026-04-05T04:14:51Z
Network: telegram
Published URL: https://t.me/c/3865526389/452
Screenshots:
None
Threat Actors: Mr.PIMZZZXploit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: jurnal.angkoso.my.id, ahadbinilyas.passionflip.pk, travel.skyrank.shop, shop.abbasgarments.com, thepicwall.com.pikesway.com, marie.abbasgarments.com
Alleged Sale of Full Access to French Ministry of Culture Subsidized Entity
Category: Initial Access
Content: A threat actor is offering for sale near-complete access to a French government-owned entity subsidized by the Ministry of Culture. The package includes Domain Admin rights with plain-text passwords for 18 accounts, ~850 AD users (546 with plain-text passwords), ~1,250 Windows devices, root access to 33 XEN servers and 282 VMs, firewall and web proxy admin, Google Workspace and Microsoft Azure full administration, EDR Security Center full control, iDRAC access to 22 physical servers, Cisco network device root passwords, and multiple SaaS/business accounts. Access methods include a C2 beacon, RDP on an unmonitored server, and VPN. Personal data of employees including IDs, passports, IBANs, and medical records is also accessible.
Date: 2026-04-05T04:00:20Z
Network: telegram
Published URL: https://t.me/c/3500620464/6405
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: France
Victim Industry: Government
Victim Organization: French Ministry of Culture subsidized entity
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a collection of 1,210 Hotmail credentials in a cybercriminal forum. The credentials appear to be distributed as a free download rather than being sold.
Date: 2026-04-05T03:58:13Z
Network: openweb
Published URL: https://crackingx.com/threads/71145/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of multi-platform credential combolist affecting Reddit, GitHub, and other services
Category: Combo List
Content: Threat actor CODER is distributing a 17 million record credential combolist containing SMTP and gaming credentials from multiple platforms including Reddit, GitHub, Quora, and various e-commerce sites. The combolist is being shared through Telegram channels for free distribution.
Date: 2026-04-05T03:57:36Z
Network: openweb
Published URL: https://crackingx.com/threads/71146/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple (Reddit, Quora, Shein, Temu, Etsy, Wish, GitHub, IntelliJ IDEA, GitLab)
Victim Site: Multiple platforms
Alleged leak of German credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 831,238 credential pairs targeting German users through a file sharing service. The credentials appear to be mixed from various sources and made available for free download.
Date: 2026-04-05T03:57:02Z
Network: openweb
Published URL: https://crackingx.com/threads/71147/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 70 million credentials
Category: Combo List
Content: A threat actor shared a combolist containing 70 million URL:LOGIN:PASS credentials on a cybercrime forum.
Date: 2026-04-05T03:25:25Z
Network: openweb
Published URL: https://crackingx.com/threads/71143/
Screenshots:
None
Threat Actors: Leak Realm
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credentials containing 11 million records
Category: Combo List
Content: A threat actor allegedly leaked a credential list containing 11 million records in a cybercriminal forum. The post content is restricted and requires registration to view details.
Date: 2026-04-05T03:03:35Z
Network: openweb
Published URL: https://crackingx.com/threads/71138/
Screenshots:
None
Threat Actors: Leak Realm
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist containing 4,600 accounts
Category: Combo List
Content: A threat actor shared a combolist containing 4,600 Hotmail email credentials through a free download link on MediaFire. The credentials are claimed to be valid and high quality, dated April 5, 2026.
Date: 2026-04-05T03:02:58Z
Network: openweb
Published URL: https://crackingx.com/threads/71139/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Data Breach and Leak of European Commission (europa.eu) by ShinyHunters
Category: Data Breach
Content: Threat actor ShinyHunters claims to have compromised over 350GB (uncompressed) of data from the European Commission (europa.eu). The leaked data allegedly includes mail server dumps, databases, confidential documents, contracts, and other sensitive material. The data has been made available for free download via a direct IP-hosted ZIP file and is also listed on the groups Tor-based leak site. The post was updated on 28 March 2026.
Date: 2026-04-05T02:34:58Z
Network: telegram
Published URL: https://t.me/c/3737716184/772
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Belgium
Victim Industry: Government
Victim Organization: European Commission
Victim Site: europa.eu
Alleged Data Breach of Ameriprise Financial by ShinyHunters
Category: Data Breach
Content: Threat actor ShinyHunters claims to have breached Ameriprise Financial, Inc., exfiltrating 236GB (compressed) of Salesforce records containing PII and internal corporate data. The group states the company failed to reach a ransom agreement and has published a download link along with an onion site, indicating the data has been leaked publicly as of March 26, 2026.
Date: 2026-04-05T02:33:59Z
Network: telegram
Published URL: https://t.me/c/3737716184/771
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Ameriprise Financial, Inc.
Victim Site: Unknown
Alleged leak of French government identity documents
Category: Data Leak
Content: Actor MONEYLINE claims to possess French identity documents including ID cards, driver licenses, and passports, sharing links to Google Drive and Telegram channel for access. No pricing mentioned suggesting free distribution of sensitive government documents.
Date: 2026-04-05T02:32:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-big-data-france-if-you-need-tell-me-france-id-card-driver-licende-passport
Screenshots:
None
Threat Actors: MONEYLINE
Victim Country: France
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach and leak of Infinite Campus, Inc. by ShinyHunters
Category: Data Breach
Content: Threat actor ShinyHunters claims to have breached Infinite Campus, Inc., exfiltrating 1.2GB (compressed) of Salesforce records containing PII and internal corporate data. The data has been made available for free download via a direct IP-hosted URL, with the filename suggesting a ransom was demanded but not paid. The post references an onion site for verification. Updated 26 March 2026.
Date: 2026-04-05T02:32:25Z
Network: telegram
Published URL: https://t.me/c/3737716184/770
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Education Technology
Victim Organization: Infinite Campus, Inc.
Victim Site: Unknown
Alleged ransomware data leak of Berkadia Commercial Mortgage by ShinyHunters
Category: Data Leak
Content: Threat actor ShinyHunters claims to have compromised Berkadia Commercial Mortgage, LLC (berkadia.com), exfiltrating Salesforce records containing PII and internal corporate data totaling 27GB compressed. The actor states the company failed to reach a ransom agreement and has published a download link to the leaked data. The archive is hosted at 91.215.85.22 and also accessible via a Tor onion address.
Date: 2026-04-05T02:31:26Z
Network: telegram
Published URL: https://t.me/c/3737716184/769
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Berkadia Commercial Mortgage, LLC
Victim Site: berkadia.com
Alleged Data Breach and Leak of Berkadia Commercial Mortgage by ShinyHunters
Category: Data Breach
Content: The ShinyHunters threat actor claims to have compromised Berkadia Commercial Mortgage, LLC (berkadia.com), exfiltrating 27GB (compressed) of Salesforce records containing PII and internal corporate data. The group states the company failed to reach a ransom agreement and has published a download link to the stolen data archive named shouldve_paid_the_ransom_berkadia-shinyhunters.7z. The leak was updated on 25 March 2026 and is also accessible via a Tor onion site.
Date: 2026-04-05T02:29:17Z
Network: telegram
Published URL: https://t.me/c/3737716184/768
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Berkadia Commercial Mortgage, LLC
Victim Site: berkadia.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Forum post claims to offer valid Hotmail credential lists through a Telegram channel. The post advertises high-quality credentials but requires registration to view full content.
Date: 2026-04-05T02:23:22Z
Network: openweb
Published URL: https://crackingx.com/threads/71136/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of stolen credit cards via Telegram storefront
Category: Logs
Content: Multiple posts in the channel advertise a credit card store at t.me/fsdf12452, claiming to sell CCS (credit cards) described as 100% alive with high balances. This is consistent with carding marketplace activity involving stolen payment card data.
Date: 2026-04-05T02:07:23Z
Network: telegram
Published URL: https://t.me/c/2613583520/59309
Screenshots:
None
Threat Actors: Squad Chat Marketplace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: t.me/fsdf12452
Alleged sale of multi-platform combolists and credential logs including Hotmail, Amazon, PayPal, and more
Category: Combo List
Content: A threat actor is offering for sale fresh, valid, and private combolists and credential logs covering multiple platforms including Hotmail, Amazon, eBay, PayPal, Netflix, PSN, Xbox, Instagram, and many others. Coverage spans numerous countries including US, UK, FR, DE, JP, AU, CA, NL, PL, BR, IT, ES, MX, and more. The seller claims to operate a private cloud and offers keyword-based inbox searching on request.
Date: 2026-04-05T02:04:40Z
Network: telegram
Published URL: https://t.me/c/2613583520/59310
Screenshots:
None
Threat Actors: Yìchén
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Spotify and Apple Music credentials
Category: Combo List
Content: Threat actor distributing a 14 million credential combolist targeting Spotify and Apple Music accounts through Telegram channels. The credentials are being shared for free through dedicated Telegram groups.
Date: 2026-04-05T02:02:19Z
Network: openweb
Published URL: https://crackingx.com/threads/71135/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Entertainment and Media
Victim Organization: Spotify and Apple Music
Victim Site: Unknown
Alleged data breach of Endesa and EmergiaCC customer database
Category: Logs
Content: Threat actors claim to be selling internal and confidential documents from Endesa (Manizales, Spain) and Emergia Customer Care containing 25 million records with personal information including names, addresses, phone numbers, email addresses, and IBAN numbers for $200.
Date: 2026-04-05T02:01:47Z
Network: openweb
Published URL: https://darkforums.su/Thread-ENDESA-EmergiaCC-Manizales-Spain
Screenshots:
None
Threat Actors: Petro_Escobar
Victim Country: Spain
Victim Industry: Energy/Utilities
Victim Organization: Endesa / EmergiaCC
Victim Site: emergiacc.com
Alleged distribution of stolen credential logs via Telegram
Category: Logs
Content: Threat actor is distributing 604GB of fresh stealer logs containing URL:USER:PASS credential combinations through a free Telegram channel with daily updates.
Date: 2026-04-05T02:01:24Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-604GB-URL-USER-PASS-FRESH-LOGS-DAILY-UPDATE-FREE-TELEGRAM
Screenshots:
None
Threat Actors: seainloq12
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged offering of virtual phone numbers for SMS verification services
Category: Initial Access
Content: Threat actor offering virtual phone number rental service for SMS verification with numbers from over 40 countries, accepting cryptocurrency payments including Monero for anonymity. Service provides unlimited SMS messages for up to 90 days and could facilitate account creation or verification bypass for malicious purposes.
Date: 2026-04-05T02:01:15Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Rent-virtual-numbers-for-SMS-via-telegram-bot–72283
Screenshots:
None
Threat Actors: GetRenewed
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged counterfeiting service for US drivers licenses
Category: Initial Access
Content: Threat actor lockbit advertises counterfeiting services for US drivers licenses on dark web forum, claiming lowest market prices and worldwide shipping. Contact established via Telegram for custom orders.
Date: 2026-04-05T02:00:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Advanced-counterfeiting-US-driver-s-licenses
Screenshots:
None
Threat Actors: lockbit
Victim Country: United States
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Chinese volunteer and political party database
Category: Data Breach
Content: Threat actor claims to have obtained a database containing 92.5 million records from Chinas national volunteer service platform, including names, ID cards, phone numbers, emails, political party affiliations, and organizational memberships. The data allegedly includes members from various Chinese political parties and volunteer organizations.
Date: 2026-04-05T02:00:42Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-China-zyh365-com-Political-Parties-and-Volunteer-Communities-92-Million-2024
Screenshots:
None
Threat Actors: Blastoize
Victim Country: China
Victim Industry: Government
Victim Organization: zyh365.com Volunteer Collection Platform
Victim Site: zyh365.com
Alleged sale of OnlyFans accounts and adult content platform credentials
Category: Data Breach
Content: Forum post advertising a shop selling OnlyFans account balances and accounts for various adult content platforms. The post includes extensive categorization of adult content types and popular adult entertainment brands.
Date: 2026-04-05T02:00:33Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-1-PORN-SHOP-%E2%9C%A8-OnlyFans-Balance-Porn-Sites-Accounts-Shop-%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: FANZIO
Victim Country: Unknown
Victim Industry: Adult Entertainment
Victim Organization: OnlyFans
Victim Site: onlyfans.com
Alleged data breach of French Regional Health Agencies (ARS) and hospitals
Category: Data Breach
Content: Threat actor claims to be selling a database containing 35 million records from French Regional Health Agencies (ARS) and over 130 hospitals including APHP. The data appears to include detailed patient information with medical identifiers, personal details, and hospital system data.
Date: 2026-04-05T02:00:18Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-FR-35-M-130-HOPITAUX-APHP
Screenshots:
None
Threat Actors: Dumpsec
Victim Country: France
Victim Industry: Healthcare
Victim Organization: Regional Health Agencies (ARS) and French hospitals
Victim Site: normandie.ars.sante.fr
Alleged data breach of Gas Natural Vanti and GNP Grupo Nacional de Proyectos
Category: Data Breach
Content: Threat actor Petro_Escobar claims to be selling internal SQL databases from Gas Natural Vanti and GNP Grupo Nacional de Proyectos containing over 10 million records for $500 USD. The data allegedly includes operational social media management, back-office messaging, and product sales information totaling 500 MB.
Date: 2026-04-05T02:00:07Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Gas-Natural-Vanti-GNP-Grupo-Nacional-de-Proyectos
Screenshots:
None
Threat Actors: Petro_Escobar
Victim Country: Colombia
Victim Industry: Energy/Utilities
Victim Organization: Gas Natural Vanti, GNP Grupo Nacional de Proyectos
Victim Site: gnpsa.com, grupovanti.com
Alleged data breach of Susinsumos.com involving corporate database and documents sale
Category: Data Breach
Content: Threat actor is selling 30.26 GB of corporate data from Susinsumos.com for $500, including databases, financial records, HR data, tax documents, and business files. The data appears to contain comprehensive corporate infrastructure including web servers, databases, payroll information, and tax compliance documents.
Date: 2026-04-05T01:59:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Susinsumos-com-Databases-Backups-Documents
Screenshots:
None
Threat Actors: vexin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Susinsumos
Victim Site: susinsumos.com
Alleged sale of access to multiple government email systems
Category: Initial Access
Content: Threat actor selling administrative access to government email systems across Bulgaria, Angola, South Africa, and Nigeria, including capabilities to create unlimited government email accounts and access to intelligence services.
Date: 2026-04-05T01:59:40Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Selling-Government-Emails-for-Cheap–72315
Screenshots:
None
Threat Actors: DuperKinger123
Victim Country: Multiple
Victim Industry: Government
Victim Organization: Multiple Government Agencies
Victim Site: Unknown
Alleged data breach of Banco AV Villas and associated Colombian financial institutions
Category: Data Breach
Content: Threat actor published internal databases from Colombian financial institutions containing customer information, loan obligations, contact details, payment statuses, and collection management data. The leaked data includes sensitive financial information such as document numbers, payment agreements, debt amounts, and customer management activities.
Date: 2026-04-05T01:59:28Z
Network: openweb
Published URL: https://darkforums.su/Thread-Banco-Av-Villas-EmergiaCC-Conalcreditos-Colombia
Screenshots:
None
Threat Actors: Petro_Escobar
Victim Country: Colombia
Victim Industry: Financial Services
Victim Organization: Banco AV Villas, EmergiaCC, Conalcreditos
Victim Site: emergiacc.com, conalcreditos.com.co
Alleged sale of administrative access to Brazilian Central Bank PSTI system
Category: Initial Access
Content: Threat actor claims to be selling administrative-level access to Brazilian Central Banks PSTI system for $5,000 USD, offering access to internal communications, files, and PIX system certificates. The actor guarantees persistence within the environment and accepts only cryptocurrency payments.
Date: 2026-04-05T01:59:22Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Access-to-sta-bcb-gov-br-PSTI-Account
Screenshots:
None
Threat Actors: pstipwner
Victim Country: Brazil
Victim Industry: Financial Services
Victim Organization: Central Bank of Brazil
Victim Site: sta.bcb.gov.br
Alleged data leak of BourseDesVols database
Category: Data Leak
Content: A threat actor shared a database dump allegedly containing 3,312,785 records from BourseDesVols, a French entity. The data is being distributed for free download via file sharing service.
Date: 2026-04-05T01:59:07Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-BourseDesVols-FR
Screenshots:
None
Threat Actors: uhqboyz
Victim Country: France
Victim Industry: Unknown
Victim Organization: BourseDesVols
Victim Site: Unknown
Alleged data leak of Summit USA financial and payment processing databases
Category: Data Leak
Content: Threat actor SnowSoul leaked approximately 100GB of data allegedly from Summit USA, including payment settlement data, ACH processing databases, bank affiliate information, and various financial database backups spanning multiple years. The data is being distributed for free through multiple file hosting services.
Date: 2026-04-05T01:58:53Z
Network: openweb
Published URL: https://darkforums.su/Thread-USA-data-summitusa-com-8115-SnowSoul-ID-1278-Free-download-100G
Screenshots:
None
Threat Actors: SnowSoul
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Summit USA
Victim Site: summitusa.com
Alleged data leak of Italian tax/legal portal database
Category: Data Leak
Content: Database containing 85,000 customer records from an Italian tax and legal services portal has been leaked and made available for free download on a dark web forum.
Date: 2026-04-05T01:58:49Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Italian-tax-legal-portal-85K-customers-and-more
Screenshots:
None
Threat Actors: AleDelRey
Victim Country: Italy
Victim Industry: Legal Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged supply chain cyber attack on Axios npm package via North Korean-linked threat actors
Category: Malware
Content: Hackers attributed to North Korea conducted a social engineering attack targeting an Axios developer. By inviting the victim to fake meetings and displaying fabricated Microsoft Teams errors, they tricked the developer into installing a malicious update that was actually remote access malware. The attackers then published malicious versions of the Axios npm package. The compromised versions were available for only a few hours but could infect user systems and steal sensitive information. The Axios team removed the malicious versions and reset access credentials, stating the attack is part of a broader campaign targeting major open-source projects.
Date: 2026-04-05T01:35:38Z
Network: telegram
Published URL: https://t.me/c/1283513914/20985
Screenshots:
None
Threat Actors: North Korea-linked hackers
Victim Country: Unknown
Victim Industry: Software / Open Source
Victim Organization: Axios
Victim Site: npmjs.com
Alleged leak of German shopping website credentials
Category: Combo List
Content: A threat actor shared a combolist containing 495,248 credential pairs allegedly targeting German shopping websites. The data was made available as a free download via a cloud storage link.
Date: 2026-04-05T01:28:09Z
Network: openweb
Published URL: https://crackingx.com/threads/71131/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of access to Brazilian government web shells
Category: Initial Access
Content: A threat actor is offering two web shells on Brazilian government (.gov.br) domains for sale, with contact directed to @Rici144.
Date: 2026-04-05T01:05:07Z
Network: telegram
Published URL: https://t.me/c/2590737229/894
Screenshots:
None
Threat Actors: Nullsec Philippines
Victim Country: Brazil
Victim Industry: Government
Victim Organization: Unknown
Victim Site: gov.br
Alleged Sale of Raw Network Infrastructure Power by MILNET Services
Category: Malware
Content: A forwarded message from MilitaryNetworks advertises MILNET, a raw network infrastructure service operational since 2015, offering high-power network capacity. The post directs interested parties to contact via @HaxStrokeServices and @MILNETServices on Telegram, suggesting this is a paid service for offensive network operations or DDoS infrastructure.
Date: 2026-04-05T00:55:42Z
Network: telegram
Published URL: https://t.me/MILNETServices/2
Screenshots:
None
Threat Actors: MILNET
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credentials from multiple organizations including Alibaba, eBay, and others
Category: Combo List
Content: A threat actor is distributing a combolist containing 12.3 million credentials allegedly from multiple organizations including Alibaba, eBay, Lennar, D.R. Horton, CBRE, Brookfield, and Shopify through Telegram channels. The credentials are being shared for free along with associated programs.
Date: 2026-04-05T00:37:30Z
Network: openweb
Published URL: https://crackingx.com/threads/71128/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Multiple
Victim Organization: Multiple (Alibaba, eBay, Lennar, D.R. Horton, CBRE, Brookfield, Shopify)
Victim Site: Unknown
Alleged leak of mixed forum credentials combolist
Category: Combo List
Content: Forum user ValidMail allegedly shared a combolist containing 82,000 mixed forum credentials described as valid. The post appears to offer access to the credential data through the CrackingX forum.
Date: 2026-04-05T00:27:14Z
Network: openweb
Published URL: https://crackingx.com/threads/71127/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown