[April-7-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This comprehensive cyber threat intelligence report provides an in-depth analysis of a massive influx of cybersecurity incidents recorded primarily on April 7, 2026. The data encompasses a wide array of malicious activities, including high-impact data breaches, the mass distribution of credential combolists, critical infrastructure compromises, zero-day vulnerability disclosures, and widespread website defacements. The raw data details a series of recent cyber incidents, providing key information strictly based on the provided logs.

The threat landscape on this date was dominated by several key themes. First, the prolific threat actor group “ShinyHunters” executed a highly coordinated and severe breach of Cisco Systems, claiming to have exfiltrated extensive proprietary source code. Second, the geopolitical cyberwarfare theater, particularly in the Middle East and Eastern Europe, saw dramatic escalations. Groups like “Handala” (or Hanzala) claimed severe breaches of Israeli critical infrastructure and defense contractors , while pro-Russian and pro-Palestinian hacktivists launched disruptive campaigns against Western and Indian targets. Third, the underground economy was flooded with hundreds of millions of stolen credentials, with an overwhelming, targeted campaign against Microsoft Hotmail accounts. Finally, automated or highly organized website defacement campaigns were executed by individual threat actors and teams, altering the digital footprint of hundreds of global organizations.

This report is structured to dissect these events by attack vector, threat actor profiling, victimology, and geopolitical motivation, concluding with an assessment of the current threat landscape.

2. Advanced Persistent Threats and Major Corporate Breaches

2.1 The ShinyHunters Campaign Against Cisco Systems

One of the most critical incidents recorded is a coordinated cyber attack against the American technology and networking giant, Cisco Systems Inc.. The operation was announced by the notorious threat actor group ShinyHunters, who claimed the involvement of multiple UNC-designated clusters operating using tactics similar to Scattered Spider, Shiny, SLSH, and LAPSUS. The group established communication channels via Telegram, email, Tox, and Session, alongside a Tor-based data leak site, signaling an imminent extortion operation.

The severity of the breach escalated when ShinyHunters announced the sale of what they claimed to be Cisco’s complete source code on BreachForums. The listing referenced 3 million files or records. The compromised intellectual property allegedly spans a massive range of Cisco’s product catalog, including Cisco IOS, IOS-XE, ASA Software, NX-OS, IOS-XR, CatOS, FTD, Viptela, Meraki MS/MX/MR, ACI, UCM, and IOS-FG. Furthermore, the threat actors explicitly claimed to have stolen source code for Cisco’s AI-related products, such as AI Assistants, AI Defense, AI Canvas, and AI Cisco Cloud Control. The actor implied possession of additional sensitive data beyond the source code.

In addition to the Cisco breach, ShinyHunters maintained a highly active presence on April 7. The group posted a taunting message directed at Air Canada (“check yo fuckin emails”) accompanied by a photo, strongly suggesting a successful intrusion into the Canadian aviation company. They utilized hashtags referencing “spid3rhunters” and “cr0wdsp1d3rz,” which indicates collaboration with affiliated threat actor groups. ShinyHunters also announced the re-upload of multiple legacy databases on BreachForums, restoring broken download links for data belonging to figure.com, Canada Goose (583K records), Soundcloud (31GB), and Jaguar Land Rover. Concurrently, the group announced a new official Telegram channel, warning followers of impersonators using aliases such as shinycorp, Rey, sevy, indra, Tanaka, Loki, 888, and Paw, and noted that BreachForums was “in a state of chaos and is up for sale”. Finally, ShinyHunters published a dox of a former BreachForums administrator named Angel Tsvetkov (aliases N/A and Caine), accusing him of being an exit scammer and publishing his personal information on justpaste.it.

2.2 Global Corporate and Enterprise Data Breaches

Beyond Cisco, numerous other major corporations suffered alleged data breaches and leaks:

Service Telecom (France): Threat actor NormalLeVrai offered a database containing 2,835,372 user records, 16GB of source code, and email backups for $2,200. The data from the French telecommunications company includes customer profiles, change logs, feedback, and administrator data.
A1TechDeals: A database from A1TechDeals.com was leaked by the actor “punk,” encompassing transaction data, checkout sessions, shipments, and payment processor information linked to Shopify, Stripe, and PayPal.
Askul Corporation (Japan): Threat actor “Joker” claimed to have breached Askul Corporation (askul.co.jp), a leading Japanese B2B/B2C e-commerce platform, with the breach allegedly occurring on October 19, 2025.
GEG Telecomunicazioni (Italy): The same actor, “Joker,” claimed a breach dated March 30, 2026, against GEG srl, an Italian telecommunications firm serving over 500 public administrations and holding 60% of Italy’s civilian TETRA market.
Hisense USA: The threat actor “Wadjet” offered over 609,000 email records acquired from Hisense USA’s product registration, TV QR codes, and customer support forms.
TransPerfect: A massive leak of 370,000 notification and appointment logs from translation service TransPerfect was released by “xorcat”. The data included interpreter records, medical appointment details, and location data for healthcare and corporate clients.
Nasdaq: The actor “McLovin” attempted to sell 5 million records of alleged Nasdaq trading and finance data for $2,000, including names, addresses, trading experience, and credit scores.
Robinhood & Coinbase: “McLovin” also listed 4.6 million Robinhood Gold membership records for $3,190. Concurrently, the actor “OnarDev” sold 2 million Coinbase user records (full names, emails, phone numbers) for $500, claiming it was a fresh 2025/2026 extraction.
Binance Australia: A database of 470,000 Binance Australia customers was listed by “McLovin” for $2,500.
Japanese Real Estate Platforms: Data on 2.4 million Japanese civilians seeking housing was aggregated from SUUMO, CHINTAI, and At Home, and sold by “Dumpsec” for €1,000.

2.3 The “888” Source Code Leaks

A specific threat actor utilizing the moniker “888” orchestrated a campaign focused purely on the theft and free distribution of corporate source code. All breaches were allegedly conducted between February and April 2026. Targets included:

Upwave: A YC-funded advertising technology startup breached in April 2026.
IDEXX Laboratories: An American veterinary diagnostics company whose “Cornerstone” source code was stolen in March 2026.
Lakmobile: A mobile and web technology company breached in March 2026.
Toomics: A digital comics platform whose source code was distributed following a March 2026 breach.
E-accounting.co.kr: A South Korean SaaS company breached in February 2026.
Datamatics: An IT and consulting firm breached in March 2026.
Talavest: An Iranian gold and silver trading platform breached in February 2026.

3. Geopolitical Cyber Warfare and Hacktivism

3.1 The Middle Eastern Conflict: Handala and Anti-Israel Operations

The cyber conflict mirroring kinetic tensions in the Middle East was highly active. The Iranian-linked threat actor group “Handala” (also spelled Hanzala / حنظله) executed severe operations against Israeli critical infrastructure and defense entities. Handala claimed to have successfully exfiltrated all data related to the sensitive electrical power infrastructure of Israel. Escalating the threat, the group stated this intelligence was actively transferred to a missile unit on standby. The group explicitly claimed to be the sole provider of intelligence support for the “Axis of Resistance,” denying involvement from other nations.

Handala also targeted Elbit Systems, a prominent Israeli defense contractor. The group published exclusive images revealing the primary team responsible for designing and developing the Hermes unmanned aerial vehicle (UAV). They described this leak as unprecedented due to the project’s top-secret classification and warned it was the beginning of exposing hidden aspects of Israeli military projects. A subsequent post by Handala alleged that an individual named Vered Haimovich was bribed with €40,000 during a clandestine meeting in Uzbekistan to provide unauthorized insider access to Elbit Systems’ camera infrastructure.

Other anti-Israel operations included:

Threat actor “Keymous+” announced an imminent cyber attack targeting Israel, indicated by the Israeli flag emoji, though no specific vector was initially named.
The group “Cyber Islamic Resistance” defaced multiple Israeli tourism and commercial websites (including habustan-moti.co.il and focus-academy.co.il), framing the attack as a religious operation supporting Palestinian prisoners.

3.2 Iranian Operations Against US Critical Infrastructure

In direct retaliation or parallel action to the Middle Eastern conflict, US cybersecurity agencies warned of Iranian-affiliated hackers exploiting vulnerabilities in industrial control systems (ICS), specifically Programmable Logic Controllers (PLCs) manufactured by Rockwell Automation. The attacks targeted the US water and energy sectors. Authorities attributed the activity to advanced Iran-linked actors, noting similarities to the group “CyberAv3ngers”. The escalation is directly assessed to be tied to recent geopolitical tensions.

Additionally, a message forwarded from Kianoosh Adib on the Cyberban News Telegram channel announced a coordinated cyber and kinetic military operation, stating that “cyber and missile soldiers will fight side by side for one nation tonight”. The bilingual message (Persian and English) indicated Iranian threat actors were actively preparing for offensive operations.

3.3 Pro-Russian and Pro-Palestine Hacktivism Alliances

A robust alliance of hacktivist groups engaged in politically motivated defacements and infrastructure attacks.

#OpGreatBritain: The pro-Russian hacktivist group NoName057(16) and an actor named “Shadow Clawz 404” launched attacks against UK targets, framing the UK as “russophobic”. Specifically, they compromised CCTV surveillance cameras at M.E. Kebab in London, sharing live footage access as retaliation. Shadow Clawz 404 announced a broader coordinated campaign against British infrastructure, warning of unpredictable future attacks.
#OpsShadowStrike: This hacktivist group claimed responsibility for defacing Indian educational websites, including pmsbajina.edu.in and pmsdadri.edu.in. The attacks were politically motivated, referencing pro-Palestine and anti-Israel sentiments. The operation was a coordinated campaign listing collaborating groups such as TengkorakCyberCrew, MalaysiaHacktivist, and EagleCyberCrew.
Z-Pentest Alliance: This group targeted South Korea under “#OpSouthKorea.” They claimed complete control over the industrial greenhouse management system of South Korean company Aion Eng, gaining real-time access to microclimate, irrigation, and nutrition control parameters. The group threatened to destroy current crops by manipulating environmental conditions and cited political/ideological motivations.
Infrastructure Destruction Squad: This group posted a message in Chinese explicitly threatening the United States of America and referencing “Trump,” suggesting a politically motivated DDoS or infrastructure attack.
Wolves of Turan: This group announced “#opArmenia,” indicating an active or planned coordinated cyber operation targeting Armenian entities, likely in collaboration with “BD Anonymous”.

4. The Credential Harvesting Epidemic

The most statistically significant trend observed in the dataset is the massive, industrial-scale distribution of credential combolists (email:password combinations). These lists are primarily distributed for free on open-web cybercrime forums (such as CrackingX and DemonForums) to build reputation, or sold in massive aggregations via Telegram.

4.1 The Unprecedented Targeting of Microsoft Hotmail

A distinct and highly focused campaign targeted Microsoft Hotmail accounts, resulting in dozens of individual database dumps on April 7. The sheer volume suggests a successful, large-scale credential stuffing operation, a major breach of a third-party service predominantly used by Hotmail users, or the aggregation of historical logs.

Notable Hotmail credential leaks include:

MegaCloudshop: Released a massive combolist containing 337,000 Hotmail credentials described as “Hits”.
MailAccesss: Distributed an enormous file containing 400,000 Hotmail combinations.
D4rkNetHub: Shared a massive combolist containing 251,400 Hotmail credentials , alongside smaller lists.
UniqueCombo: Repeatedly posted a list of 18,000 unique Hotmail combinations.
NUllSHop0X: Shared 11,000 allegedly valid Hotmail credentials.
Kommander0: Distributed 11,000 valid Hotmail credentials.
redcloud: Shared 6,500 valid Hotmail credentials providing full mail access.
Cl0ud0wner: Distributed multiple lists containing 4,700 and 21,500 Hotmail credentials.
Jelooos: Posted 1,200 “hits” , a private list of 2,386 combinations devoid of Hulu hits , and a separate list of 2,300 unique credentials.
alphaxdd: Shared 1,342 premium hits , and 2,206 valid hits from a private cloud.
noir: Shared 1,388 high-quality Hotmail credentials.
Smaller, high-quality lists were shared by actors including KiwiShio (700 records) , HollowKnight07 (380 and 560 records) , klyne05 , COYTO (1,000 records) , and snowstormxd.
Fresh, valid, and private Hotmail UHQ combolists spanning multiple countries and platforms (Amazon, eBay, Walmart) were actively sold by the actor “Yìchén” via Telegram.

4.2 Geographic Targeting of Combolists

Threat actors highly segmented their credential data by victim country, allowing for localized cyber attacks, phishing, and fraud.

Germany: The actor “COYTO” distributed 79,000 German credentials. “thejackal101” shared a massive list of 234,000 German credentials. “MailAccesss” dumped 39,000 German credentials verified with mail access.
France: “thejackal101” distributed an elite cloud-sourced list of 629,000 French credentials. “MailAccesss” shared 2,600 valid French credentials.
China: “MegaCloudshop” and “MailAccesss” both leaked lists of 3,300 valid Chinese email credentials. “CobraEgy” released over 11,000 Chinese credentials.
Japan: “MegaCloudshop” and “MailAccesss” dumped 4,900 valid Japanese credentials.
Russia: “Kokos2846q” distributed fresh Russian email lists updated daily. “MailAccesss” leaked 1,400 Russian credentials with full access.
Other Nations: Specific dumps targeted Italy (13,000 records by COYTO) , Hungary (64,000 by thejackal101) , Ecuador (44,000 by thejackal101) , Greece (44,000 by thejackal101) , Croatia (12,000 by CobraEgy) , and Cuba (10,000 by CobraEgy).

4.3 Mega-Dumps and Mixed Corporate Lists

Several threat actors specialize in the mass aggregation of billions of data points.

CODER: This highly active threat actor distributed a staggering volume of data via open web forums and Telegram. CODER released a 7 million credential combolist covering Poland, Japan, China, South Africa, and Saudi Arabia. Later, they released a 15 million record combolist spanning the USA, Israel, Egypt, Italy, Canada, Mexico, Brazil, UK, Spain, Portugal, Netherlands, Switzerland, and Poland. CODER also released a 13 million record mixed account list (shopping, banking, corporate) , a 9 million mixed corporate credential list , a 3 million educational credential combolist , and a 7 million semi-valid credential list.
DaxusULP: Distributed 18.04 million ultra-high-quality URL:username:password combinations via the DAXUS.PRO platform.
Ra-Zi: Shared a 150,000 record credential combolist targeting streaming and gaming platforms like Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify. They also dumped a highly targeted Gmail combolist containing 127,000 records.

5. Government and Public Sector Breaches

Government entities worldwide were heavily targeted, resulting in the compromise of highly sensitive citizen data, electoral systems, and civil servant registries.

Russia (MVD Rospassport): In a massive data sale, the threat actor “Flexx” offered a 636 GB database allegedly containing the personal data of 159.6 million Russian citizens. Originating from a December 2021 breach of the Rospassport system, the data includes passport details, addresses, and biometric photos across three main tables.
Mexico (Poder Judicial de Baja California): The actor “Thelizard001” leaked a registry of attorneys and public officials from Baja California. The leak included photos, names, identification numbers, and over 30,000 personal documents dating from 2013 to the present. Furthermore, “SpeakTeam” posted a list indicating the targeting of major Mexican government and social programs, including IMSS, Bienestar, INE, and pension programs.
Colombia (Municipality of Cali): The group “NyxarGroup” sold personal information exfiltrated from the Colombian government websites saul.cali.gov.co and sider.cali.gov.co. The data included full names, document numbers, addresses, birth dates, and contact details of citizens.
Uruguay (Plan Ceibal): Threat actor “LaPampaLeaks” obtained databases from the Uruguayan government technology agency, affecting 1.2 million users of the CREA social network and 1 million citizen device assignment records.
Argentina (Municipality of Tornquist): The actor “wh6ami” sold access to three databases from the Municipality of Tornquist, containing WordPress credentials across 50 tables and the personal data of residents, for $40.
Indonesia (Samarinda City): Threat actor “karedoxcbr” shared a full database containing the personal information of civil servants and PPPK employees from the Samarinda city government.
Botswana (Health Portal): The actor “Florence” offered root-level remote code execution (RCE) access to Botswana’s government health portal system for $300. The compromised system runs on Linux, and the actor achieved firewall device access and shell privileges.
South Africa (Buffalo City): “wh6ami” posted data regarding the Buffalo City Metropolitan Municipality government.

6. Educational and Healthcare Institution Attacks

The education and healthcare sectors faced targeted breaches, resulting in the theft of personal identifiable information (PII) and service disruptions.

6.1 Education Sector

Harvard University & University of Pennsylvania: The threat actor “McLovin” claimed massive breaches at elite American universities. They alleged the compromise of over 1 million records containing PII and donation data from Harvard University. In a separate post, McLovin claimed to have 1.2 million records from the University of Pennsylvania, explicitly contradicting official reports that fewer than 10 records were affected.
NUST (Pakistan Armed Forces): “ModernStealer” breached the National University of Sciences and Technology (NUST), a Pakistani institution linked to the Armed Forces, promising further disclosures.
CONALEP Morelos (Mexico): Actor “Lvn4t1k0” leaked personal data of teachers (RFC, CURP, passwords) and student credentials from this educational institution.
Instituto Tecnológico Campus Tuxtla Gutiérrez (Mexico): “Z3r00” shared a database containing full names, phone numbers, CURP numbers, and parent details of students.

6.2 Healthcare Sector

Nippon Medical School Musashi Kosugi Hospital (Japan): The actor “Joker” claimed a March 2026 breach of the database belonging to this 372-bed regional teaching hospital in Kawasaki, Japan.
Serbian Gynecology Clinic: Threat actor “RatkoMladic” sold patient data, banking statements, and internal documents from a Serbian gynecology clinic, threatening to leak more if affiliates were arrested.
US Hospital Disruptions: Cyberattacks caused physical disruptions at US medical facilities. Gritman Medical Center in Moscow, Idaho, began reopening clinics after an incident disrupted outpatient care, though no patient data was confirmed compromised. Similarly, Signature Healthcare and Brockton hospital in Massachusetts suffered an incident resulting in ambulance traffic diversion, cancellation of chemotherapy, and the activation of offline operating procedures.

7. The Defacement Epidemic: Mass Vandalism Campaigns

A significant portion of the incidents recorded on April 7 consisted of website defacements. These attacks, where hackers alter the visual appearance or content of a website, were largely carried out by a few highly active individuals and teams executing automated or semi-automated campaigns.

7.1 DimasHxR

Operating as an independent attacker, “DimasHxR” executed a prolific string of defacements targeting specific subdirectories and media folders across European and African domains. Targets included:

France: Vins Grands Crus (vinsgrandscrus.fr).
Italy: Sushi Sushi restaurant (sushi-sushi.it).
Spain: Zacatrus board game retailer (zacatrus.es).
Germany: Speichermarkt (speichermarkt.de) and anti-stress-ente.com.
Russia: cmetrix.ru , gyrlandy.ru , and belikatimens.ru.
Romania: Salice (salice.ro).
Czech Republic: Sullus (sullus.cz).
South Africa: Wikideals (wikideals.co.za).
Mozambique: Bazara (bazara.co.mz) – a redefacement.
Colombia: Libus (libus.com.co) – a redefacement.
UK: Clearance King (clearance-king.co.uk) – a redefacement.
Unknown: Arcdyn (arcdyn.com).

7.2 Botak Blocker

Another prolific defacer, “Botak Blocker,” focused heavily on retail, fashion, and e-commerce websites located primarily in Asia and the UK. Targets included:

Wacoal Malaysia (lingerie retailer).
India Circus (e-commerce).
Pak Factory (manufacturing, Pakistan).
TFN London (tfnclondon.com).
Aashni and Co (aashniandco.com).
Falguni Shane Peacock (falgunishanepeacock.com).
School Time Uniforms (schooltimeuniforms.com).
Perdormire (perdormire.com).

7.3 spl1nt3r and the m0z1ll4s Team

The attacker “spl1nt3r,” affiliated with the “m0z1ll4s” team, targeted high-profile government and commercial sites in Brazil, as well as adult entertainment sites globally.

Brazilian Electoral Courts: In a significant political defacement, spl1nt3r altered search functionality pages on the official Superior Electoral Court of Brazil (tse.jus.br) and the Regional Electoral Tribunal of Roraima (tre-rr.jus.br).
Logitech Brazil: Defaced a media subdirectory of https://www.google.com/search?q=logitechstore.com.br.
Adult Entertainment: Defaced search pages on [suspicious link removed] and pornolandia.xxx.
Other: meudome.com and Finnish site piipitin.fi.

7.4 Other Notable Defacement Teams

CYKOMNEPAL: Targeted Brazilian pharmacy chain Farmácia Superfarma , Bangladeshi site Neron BD , Indian event site Tweety Birds India , trainingpttf.com , and jayrama.com.
Pharaohs Team: Claimed a mass defacement of approximately 30 websites, predominantly Brazilian domains (.com.br, .net.br), listing targets by Domain Authority (DA). They also allegedly sold the domain access to criamosseusite.com.br.
MR YOS: Defaced dev.karyakeeper.com , Swiss site victoris.ch , and aapnaadda.com , giving shoutouts to a massive collective of Indonesian hacking groups (e.g., Defacer Indonesian Team, Z_BLACK HAT, Brotherhood Capung Indonesia).
Zod: Targeted Kenyan tourism site Arboreal Safaris , Mexican tech firm MAZ Computación , and executed a mass defacement against Hotel du Monde Vietnam.
H4CKTHOR: Defaced [suspicious link removed] and French hospitality site Le Clos de Chatres.
BlackMaskers Army: Claimed attacks on digital media platform Eezy.com and Indian tech firm Robosoftin , leaking FTP credentials (robomumbai/Robo#$%Admin) for the latter.

8. Gambling Platforms and Identity Data Exploitation

Cybercriminals heavily targeted Southeast Asian online casinos and gambling platforms to extract KYC (Know Your Customer) data, financial records, and VIP user information.

GoldenCity (China): Threat actor “xorcat” obtained the personal data of 10,000 Chinese high-roller gamblers from goldencity.cn, including QQ details, addresses, and financial info.
BLW99 Casino (Southeast Asia): “xorcat” leaked 43,000 records containing complete KYC verification, affiliate network data, and device fingerprints.
66THB (Thailand): “xorcat” also leaked 156,000 player records from 66THB.com, including VIP levels and login details of users from Thailand, Singapore, and Malaysia.

The theft of KYC data feeds directly into the underground market for forged identity documents. Threat actor “Bugoww” sold editable PSD templates, driver’s licenses, and passports with selfie verifications. Another actor, “Arnoldsudney,” sold verified KYC data packages (passports, ID cards) from over 160 countries, specifically advertising Ukrainian and Turkish identity documents for bulk orders.

9. Vulnerabilities, Services, and Underground Infrastructure

The technical facilitation of these attacks relies on the discovery of vulnerabilities, the sharing of hacking tools, and the operation of underground marketplaces.

9.1 Vulnerabilities & Exploits

Cisco SD-WAN (CVE-2026-20127): A critical pre-authentication remote code execution (RCE) vulnerability in Cisco Catalyst SD-WAN Controller and Manager was published by “zerozenxlabs”. The working proof-of-concept exploit allows unauthenticated attackers to gain administrative access, a flaw allegedly exploited in the wild since 2023.
Telnetd Service (CVE-2026-24061): A critical vulnerability in the Telnetd service allowing unauthenticated remote root access was reported by Cyberban News. Real-world exploitation cases have been reported, prompting recommendations to migrate to SSH.

9.2 Tools and Services

OMNITRIX IMAP: Actor “JINKUSU” advertised a service designed to monitor email accounts, intercept attachments, and replace IBANs in financial documents via unauthorized IMAP access.
Credential Checkers & Scanners: “Starip” distributed a multi-threaded Twitch credential checking tool and a network reconnaissance tool called TE Port Scanner.
OpenSense OSINT Platform: Actor “Glowie” advertised OpenSense, an OSINT platform providing access to leaked data searchable by IP, Discord, Github, and phone numbers without maintaining logs.
LeakZero: Actor “LeakZero” offered a credential search tool granting access to 15 billion URL:LOG:PASS records with query builder functionality.
Proxy Services: “1024Proxy” advertised residential and static IP proxies for traffic arbitrage and multi-accounting.

9.3 Underground Marketplaces

The infrastructure of cybercrime was also active. PwnForums announced the relaunch of their escrow system in semi-automatic mode to facilitate secure illegal transactions. The marketplace “Panda-Market.cc” advertised the sale of Telegram accounts globally. Meanwhile, the “Squad Chat Marketplace” Telegram channel hosted multiple actors selling stolen credit cards (CC/CVV), high-balance cards, and carding tools. Actor “zoozkooz” attempted to sell 10TB of archived files from the seized data marketplace Leakbase for $200.

10. Conclusion

The data analyzed from April 7, 2026, reveals a hyper-active, highly commercialized, and geopolitically aggressive cyber threat landscape. The boundaries between state-aligned hacktivism (e.g., Handala, NoName057(16)) and financially motivated cybercrime (e.g., ShinyHunters, CODER) continue to blur, as both factions utilize similar platforms like Telegram and open-web forums to disseminate stolen data and announce breaches.

The catastrophic compromise of Cisco Systems by ShinyHunters , alongside the alleged exfiltration of Israeli electrical and defense data by Handala, represent the most critical systemic risks observed. Furthermore, the sheer volume of credential combolists distributed—numbering in the tens of millions and heavily targeting Microsoft Hotmail infrastructure —indicates that credential stuffing and account takeover attacks will remain a persistent, high-volume threat.

Organizations must prioritize robust identity and access management, aggressive patching of critical vulnerabilities (such as CVE-2026-20127), and continuous monitoring for leaked credentials. The integration of stolen KYC data, high-quality residential proxies, and billions of fresh credentials equips threat actors with the necessary tools to bypass standard security controls, requiring a shift toward zero-trust architectures and advanced anomaly detection.

Detected Incidents Draft Data

Alleged Imminent Cyber Attack Targeting Israel by Keymous+
Category: Cyber Attack
Content: Threat actor Keymous+ announced an imminent (soon a visit) targeting Israel, indicated by the Israeli flag emoji. No specific target organization or attack vector was specified.
Date: 2026-04-07T23:30:48Z
Network: telegram
Published URL: https://t.me/c/2588114907/1058
Screenshots:
None
Threat Actors: Keymous+
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolists from multiple countries
Category: Combo List
Content: Threat actor allegedly distributing 7 million credential combinations (email:password pairs) from Poland, Japan, China, South Africa, and Saudi Arabia through Telegram channels. The combolists are being shared for free rather than sold.
Date: 2026-04-07T23:28:57Z
Network: openweb
Published URL: https://crackingx.com/threads/71446/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of PicTools AI database
Category: Data Leak
Content: A database containing user IDs, registration data, and email addresses from PicTools.AI, an online AI image editing service, was allegedly leaked and made available for free download on a cybercrime forum. The breach reportedly occurred in April 2026 and contains 31,095 records.
Date: 2026-04-07T23:07:09Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-PicTools-AI-Database-leaked-Download
Screenshots:
None
Threat Actors: [Trial Mod]xtc
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: PicTools AI
Victim Site: pictools.ai
Alleged leak of German credential combolist
Category: Combo List
Content: Threat actor COYTO shared a free download link to a combolist containing 79,000 email and password combinations targeting German users on DemonForums.
Date: 2026-04-07T23:06:14Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-79K-GERMANY-ACCESS
Screenshots:
None
Threat Actors: COYTO
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of Indian education site pmsbajina.edu.in by OpsShadowStrike
Category: Defacement
Content: The hacktivist group #OpsShadowStrike claims to have defaced an Indian education website (pmsbajina.edu.in), uploading a deface page at /ops.html. The attack appears politically motivated, referencing pro-Palestine and anti-Israel sentiments. Multiple collaborating groups are listed including TengkorakCyberCrew, MalaysiaHacktivist, EagleCyberCrew, and others, suggesting a coordinated hacktivist campaign targeting Indian educational infrastructure.
Date: 2026-04-07T22:39:19Z
Network: telegram
Published URL: https://t.me/c/3844432135/256
Screenshots:
None
Threat Actors: #OpsShadowStrike
Victim Country: India
Victim Industry: Education
Victim Organization: pmsbajina.edu.in
Victim Site: pmsbajina.edu.in
Alleged distribution of credential combolists from multiple countries
Category: Combo List
Content: Threat actor distributing email:password credential combolists from multiple countries including USA, Israel, Egypt, Italy, Canada, Mexico, Brazil, UK, Spain, Portugal, Netherlands, Switzerland, and Poland through Telegram channels. The combolists contain approximately 15 million records and are being made available for free download.
Date: 2026-04-07T22:31:32Z
Network: openweb
Published URL: https://crackingx.com/threads/71445/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Service Telecom
Category: Data Breach
Content: Threat actor NormalLeVrai is selling alleged Service Telecom database containing 2,835,372 user records, 16GB source code, and email backups for $2,200. The database reportedly includes customer profiles, change logs, feedback, and administrator data from the French telecommunications company.
Date: 2026-04-07T22:25:59Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-SERVICE-TELECOM-2-8M-user-16gb-code-mails
Screenshots:
None
Threat Actors: NormalLeVrai
Victim Country: France
Victim Industry: Telecommunications
Victim Organization: Service Telecom
Victim Site: Unknown
Alleged leak of credential combolist targeting multiple streaming and gaming platforms
Category: Combo List
Content: Threat actor Ra-Zi shared a 150,000 record credential combolist containing email and password combinations allegedly valid for Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify accounts. The actor also advertises selling additional credential lists and email databases through Telegram.
Date: 2026-04-07T22:23:55Z
Network: openweb
Published URL: https://demonforums.net/Thread-150k-Fresh-HQ-Combolist-Email-Pass-Netflix-Minecraft-Uplay-Steam-Hulu-spotify–199710
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Entertainment and Gaming
Victim Organization: Multiple (Netflix, Minecraft, Uplay, Steam, Hulu, Spotify)
Victim Site: Unknown
Alleged Coordinated Cyber and Kinetic Military Operation Announced by Iranian Threat Actor
Category: Cyber Attack
Content: A post forwarded from Kianoosh Adib on the Cyberban News channel announces that cyber and missile soldiers will fight side by side for one nation tonight, suggesting an imminent coordinated cyber and kinetic operation. The message is in both Persian and English, tagged with Iran flag, indicating Iranian threat actors preparing for offensive cyber operations alongside military action.
Date: 2026-04-07T22:10:49Z
Network: telegram
Published URL: https://t.me/KianooshAdib/455
Screenshots:
None
Threat Actors: KianooshAdib
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 150,000 email and password combinations for free download on a cybercrime forum.
Date: 2026-04-07T22:10:03Z
Network: openweb
Published URL: https://crackingx.com/threads/71443/
Screenshots:
None
Threat Actors: steeve75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of A1TechDeals database
Category: Data Leak
Content: A database allegedly containing transaction data, payment information, and customer details from A1TechDeals.com technology commerce website has been leaked. The data reportedly includes checkout sessions, transactions, orders, shipments, and payment processor information from Shopify, Stripe, and PayPal.
Date: 2026-04-07T22:08:27Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-A1TechDeals-com-Database-Leaked-Download
Screenshots:
None
Threat Actors: punk
Victim Country: Unknown
Victim Industry: Technology Commerce
Victim Organization: A1TechDeals
Victim Site: A1TechDeals.com
Alleged data leak or credential list targeting multiple Mexican financial institutions and organizations
Category: Combo List
Content: A threat actor associated with SpeakTeam has posted a list of high-profile Mexican targets including major banks (Santander, HSBC, BBVA, Banamex, Banorte, Scotiabank, Coppel, Baz, Multibanco, Invex, Bajio), government/social programs (IMSS, Bienestar, INE, Jubilados, Pensionados, Afores, 65+), telecom providers (Movistar, Telcel, ATT, Totalplay, Telmex), and business sectors (Empresas, Escuelas, Corporativos, Pymes). The formatting with checkmarks and flags suggests availability or targeting of data/credentials across these entities in Mexico.
Date: 2026-04-07T22:06:13Z
Network: telegram
Published URL: https://t.me/c/3764001014/92
Screenshots:
None
Threat Actors: SpeakTeam
Victim Country: Mexico
Victim Industry: Banking, Financial Services, Government, Telecommunications
Victim Organization: Santander, HSBC, BBVA, Banamex, Banorte, Scotiabank, Coppel, Baz, Multibanco, Invex, Bajio, IMSS, Bienestar, INE, Movistar, Telcel, ATT, Totalplay, Telmex
Victim Site: Unknown
Alleged distribution of mixed credential combolist containing 13 million accounts
Category: Combo List
Content: Threat actor distributes a 13 million record credential combolist containing mixed accounts from GMX, French, German, educational, Italian corporate, and other sources including shopping and banking sites. The combolist is being shared for free through Telegram channels.
Date: 2026-04-07T21:59:22Z
Network: openweb
Published URL: https://crackingx.com/threads/71442/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of fresh Hotmail UHQ combolists and multi-platform credentials
Category: Combo List
Content: A threat actor is offering for sale fresh, valid, and private Hotmail UHQ combolists and credential lists spanning multiple countries (FR, IT, BR, UK, US, AU, JP, NL, PL, ES, MX, CA, SP, SG) and platforms including Amazon, eBay, Klei, Walmart, Poshmark, and Marriott. The seller claims exclusivity and offers keyword-based searching.
Date: 2026-04-07T21:53:59Z
Network: telegram
Published URL: https://t.me/c/2613583520/59847
Screenshots:
None
Threat Actors: Yìchén
Victim Country: Unknown
Victim Industry: E-commerce, Hospitality, Technology
Victim Organization: Hotmail, Amazon, eBay, Walmart, Poshmark, Marriott
Victim Site: Unknown
Alleged Iranian Cyber Attack on US Industrial Control Systems and Critical Infrastructure
Category: Cyber Attack
Content: US cybersecurity and intelligence agencies have warned that Iranian-affiliated hackers are exploiting vulnerabilities in industrial control systems, particularly Programmable Logic Controllers (PLCs), targeting critical infrastructure such as water and energy sectors. Attacks have specifically targeted Rockwell Automation equipment. Authorities attribute the activity to advanced Iran-linked actors and note similarities to 2023 operations by the group CyberAv3ngers. Organizations have been advised to isolate these systems from direct internet access and monitor for suspicious activity. The attacks are assessed to have escalated amid recent geopolitical tensions.
Date: 2026-04-07T21:48:02Z
Network: telegram
Published URL: https://t.me/c/1283513914/21060
Screenshots:
None
Threat Actors: CyberAv3ngers
Victim Country: United States
Victim Industry: Critical Infrastructure / Industrial Control Systems
Victim Organization: US Critical Infrastructure (Water and Energy Sectors)
Victim Site: Unknown
Alleged data leak of MHI.org database containing 33,000 user records
Category: Data Leak
Content: A threat actor shared a database dump from MHI.org containing personal and professional information of over 33,000 users from a supply chain event website. The leaked data includes names, emails, company information, job titles, and download activity records from 2014.
Date: 2026-04-07T21:45:05Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-MHI-org-Database-Leaked-Download
Screenshots:
None
Threat Actors: punk
Victim Country: Unknown
Victim Industry: Supply Chain Events
Victim Organization: MHI.org
Victim Site: MHI.org
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a file containing 4,700 alleged Hotmail email credentials through a file sharing service. The credentials are being distributed for free download on a cybercriminal forum.
Date: 2026-04-07T21:35:54Z
Network: openweb
Published URL: https://crackingx.com/threads/71440/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 149,500 mixed email credentials through a MediaFire download link on a cybercrime forum.
Date: 2026-04-07T21:24:26Z
Network: openweb
Published URL: https://crackingx.com/threads/71438/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 21,500 alleged Hotmail email credentials via a free download link on a cybercriminal forum.
Date: 2026-04-07T21:24:07Z
Network: openweb
Published URL: https://crackingx.com/threads/71439/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed email credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 3,445 email and password combinations described as good quality credentials with mail access from mixed sources.
Date: 2026-04-07T21:00:51Z
Network: openweb
Published URL: https://crackingx.com/threads/71437/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Cyber Attack on Cisco Systems Inc. by ShinyHunters and Associated Threat Actor Clusters
Category: Cyber Attack
Content: The ShinyHunters threat actor group has announced a coordinated operation targeting Cisco Systems Inc., claiming involvement of multiple UNC-designated clusters operating in the style of known groups including Scattered Spider, Shiny, SLSH, and LAPSUS. The post includes contact channels (Telegram, email, Tox, Session) and a Tor-based data leak site, suggesting a potential data breach or ransomware/extortion operation is imminent or underway.
Date: 2026-04-07T20:41:33Z
Network: telegram
Published URL: https://t.me/c/3737716184/890
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Technology
Victim Organization: Cisco Systems Inc.
Victim Site: cisco.com
Alleged leak of French credentials combolist
Category: Combo List
Content: Threat actor shared a credential list containing over 629,000 email and password combinations allegedly from French users. The combolist was described as fresh and high quality, distributed through a hidden content section requiring registration.
Date: 2026-04-07T20:38:31Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-629-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-France-%E2%9C%AA-7-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German credential combolist
Category: Combo List
Content: Threat actor shared a combolist containing over 234,000 email:password credentials allegedly from German sources. The credentials are claimed to be fresh and high quality, distributed through a hidden content section and Telegram channel.
Date: 2026-04-07T20:37:43Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-234-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Germany-%E2%9C%AA-7-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hungarian credential combolist
Category: Combo List
Content: Threat actor shared a credential combolist containing over 64,000 email and password combinations allegedly from Hungary. The data is described as fresh and high quality, distributed through a hidden content section requiring registration.
Date: 2026-04-07T20:36:58Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-64-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Hungary-%E2%9C%AA-7-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Hungary
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Ecuadorian credentials
Category: Combo List
Content: Threat actor shared a combolist containing over 44,000 email and password combinations allegedly from Ecuador, distributed through a cybercrime forum with additional content available via Telegram.
Date: 2026-04-07T20:36:03Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-44-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Ecuador-%E2%9C%AA-7-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Ecuador
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Greek credential combolist
Category: Combo List
Content: A threat actor shared a credential combolist containing over 44,000 email and password combinations allegedly from Greek sources. The data is described as fresh and high quality, distributed through a hidden content section and Telegram channel.
Date: 2026-04-07T20:35:01Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-44-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Greece-%E2%9C%AA-7-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Greece
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged re-upload of multiple data leaks by ShinyHunters on BreachForums
Category: Data Leak
Content: Threat actor ShinyHunters announced the re-upload of multiple database leaks on BreachForums, including data from figure.com (blockchain company), Canada Goose (583K records), Soundcloud (31GB), and Jaguar Land Rover. The actor also noted fixes to previously broken download links.
Date: 2026-04-07T20:26:03Z
Network: telegram
Published URL: https://t.me/c/3737716184/878
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Multiple (Blockchain, Retail, Music Streaming, Automotive)
Victim Organization: figure.com, Canada Goose, Soundcloud, Jaguar Land Rover
Victim Site: figure.com
Alleged Sale of Cisco Complete Source Code by ShinyHunters
Category: Data Breach
Content: Threat actor ShinyHunters is allegedly selling what they claim to be Ciscos complete source code on BreachForums. The listing references 3 million files or records associated with Cisco Systems Inc. This represents a potentially critical intellectual property breach targeting one of the worlds largest networking and cybersecurity companies.
Date: 2026-04-07T20:24:00Z
Network: telegram
Published URL: https://t.me/c/3737716184/889
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Technology / Networking
Victim Organization: Cisco Systems Inc
Victim Site: cisco.com
Alleged leak of Hotmail credential lists
Category: Combo List
Content: Threat actor distributes fresh Hotmail credential lists through Telegram channel and file sharing platform. Claims to add new credential data daily with focus on valid email addresses.
Date: 2026-04-07T20:21:59Z
Network: openweb
Published URL: https://crackingx.com/threads/71433/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials on cybercriminal forum
Category: Combo List
Content: Forum post claims to contain 1,200 Hotmail credential combinations, described as hits which typically refers to valid email and password pairs from credential stuffing attacks.
Date: 2026-04-07T20:21:21Z
Network: openweb
Published URL: https://crackingx.com/threads/71434/
Screenshots:
None
Threat Actors: Jelooos
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Cisco SD-WAN Zero-Day CVE-2026-20127 Pre-Auth RCE PoC Published
Category: Vulnerability
Content: A working proof-of-concept exploit has been published on GitHub for CVE-2026-20127, a critical pre-authentication remote code execution vulnerability affecting Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage). The vulnerability is claimed to have been actively exploited in the wild since 2023, enabling unauthenticated attackers to gain administrative access to affected systems.
Date: 2026-04-07T20:11:15Z
Network: telegram
Published URL: https://t.me/SliceForLife/3893
Screenshots:
None
Threat Actors: zerozenxlabs
Victim Country: Unknown
Victim Industry: Technology / Networking
Victim Organization: Cisco
Victim Site: cisco.com
Alleged distribution of credential combolist on CrackingX forum
Category: Combo List
Content: A threat actor named Jelooos allegedly shared a combolist containing 600 valid, untested credentials on the CrackingX forum. The post content is hidden behind registration requirements.
Date: 2026-04-07T20:09:24Z
Network: openweb
Published URL: https://crackingx.com/threads/71432/
Screenshots:
None
Threat Actors: Jelooos
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of stealer logs containing credentials
Category: Logs
Content: Threat actor shared a 0.5 GB compressed collection of stealer logs containing credentials and passwords, dated April 7, 2026. The logs are described as fresh and high quality, with additional content available through a Telegram channel.
Date: 2026-04-07T20:08:00Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-%E2%9C%AA-0-5-GB-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-ULP-LOG-S-Date-%E2%9C%AA-7-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials on cybercrime forum
Category: Combo List
Content: A threat actor named Jelooos shared a credential list containing 2,386 Hotmail email and password combinations on the CrackingX forum. The post indicates these are private credentials with no Hulu-related hits.
Date: 2026-04-07T19:35:45Z
Network: openweb
Published URL: https://crackingx.com/threads/71430/
Screenshots:
None
Threat Actors: Jelooos
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor claims to have leaked a fresh combolist containing 2,300 Hotmail credentials without duplicates on a cybercriminal forum.
Date: 2026-04-07T19:35:08Z
Network: openweb
Published URL: https://crackingx.com/threads/71431/
Screenshots:
None
Threat Actors: Jelooos
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged ShinyHunters Threat Actor Group Official Telegram Channel Announcement
Category: Cyber Attack
Content: The ShinyHunters threat actor group has announced the opening of an official Telegram channel. The post includes contact information (Telegram handle, email, Tox ID, Session ID), an onion-based data leak site (DLS), and affiliated channels including BreachForums. The group warns of potential impersonators using aliases such as shinycorp, Rey, sevy, indra, Tanaka, Loki, 888, and Paw. They also mention BreachForums is in a state of chaos and is up for sale.
Date: 2026-04-07T19:31:32Z
Network: telegram
Published URL: https://t.me/c/3737716184/880
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Italian credential combolist
Category: Combo List
Content: A threat actor leaked a combolist containing approximately 13,000 email and password combinations targeting Italian users. The credential list was made available for free download on a cybercriminal forum.
Date: 2026-04-07T19:23:20Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-13K-ITALY-ACCESS
Screenshots:
None
Threat Actors: COYTO
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of French banking customer data from multiple financial institutions
Category: Data Breach
Content: Threat actor claims to be selling a dataset containing comprehensive personal and financial information of 1.2 million French banking customers from major institutions including BNP Paribas, Societe Generale, and Credit Agricole. The data allegedly includes IBAN numbers, social security numbers, tax identifiers, and extensive personal details.
Date: 2026-04-07T19:20:44Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-1-2-MIL-FR-FICOBA-BANK-LEADS-2026
Screenshots:
None
Threat Actors: bestdata
Victim Country: France
Victim Industry: Financial Services
Victim Organization: Multiple French Banks
Victim Site: Unknown
Alleged data breach of Australian cryptocurrency platform
Category: Data Breach
Content: Threat actor claims to be selling database from Australian cryptocurrency website containing account balances, KYC documents for 1,000 users, and related personal information for 6,000 total users.
Date: 2026-04-07T19:20:30Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-Australian-Cryptocurrency-Data-With-Balances
Screenshots:
None
Threat Actors: Brazzers
Victim Country: Australia
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist
Category: Data Leak
Content: A threat actor shared a credential combolist containing approximately 18.04 million URL:username:password combinations. The data is being distributed through the DAXUS.PRO platform and marked as ultra high quality.
Date: 2026-04-07T19:02:19Z
Network: openweb
Published URL: https://xforums.st/threads/url-log-pass-18-04-m-daxus-pro-uhq.605137/
Screenshots:
None
Threat Actors: DaxusULP
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged cyber attack on Air Canada by ShinyHunters
Category: Data Breach
Content: Threat actor ShinyHunters posted a taunting message directed at Air Canada (check yo fuckin emails), accompanied by a photo, suggesting a successful intrusion or data breach. The post includes hashtags referencing spid3rhunters and cr0wdsp1d3rz, indicating possible collaboration with or affiliation to related threat actor groups.
Date: 2026-04-07T19:00:16Z
Network: telegram
Published URL: https://t.me/c/3737716184/873
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Canada
Victim Industry: Aviation / Airlines
Victim Organization: Air Canada
Victim Site: aircanada.com
Alleged Source Code Breach of Cisco by ShinyHunters
Category: Data Breach
Content: Threat actor ShinyHunters claims to have obtained source code for a wide range of Cisco products, including Cisco IOS, IOS-XE, ASA Software, NX-OS, IOS-XR, CatOS, FTD, Viptela, Meraki MS/MX/MR, ACI, UCM, and IOS-FG, as well as AI-related products (AI Assistants, AI Defense, AI Canvas, AI Cisco Cloud Control). The actor implies possession of additional data beyond just source code.
Date: 2026-04-07T18:40:54Z
Network: telegram
Published URL: https://t.me/c/3737716184/872
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Technology / Networking
Victim Organization: Cisco
Victim Site: cisco.com
Alleged sale of multi-platform combolists, logs, and account credentials
Category: Logs
Content: A threat actor is offering for sale a wide variety of stolen credentials and account access including email combolists (Hotmail, Gmail, Yahoo, AOL, Comcast, etc.), social media accounts (Facebook, Instagram, TikTok, LinkedIn), streaming services (Netflix, Disney), e-commerce platforms (Amazon, eBay, Poshmark), gaming accounts (PSN, Xbox, Steam, Roblox), and associated cookies and stealer logs. The actor claims top quality, valid, and targeted access across US, UK, and Canada.
Date: 2026-04-07T18:33:04Z
Network: telegram
Published URL: https://t.me/c/2613583520/59843
Screenshots:
None
Threat Actors: tuzelity
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Valid Admin Credentials Leaked for privat-advokat.com.ua (Ukraine)
Category: Initial Access
Content: A threat actor shared verified admin panel credentials for privat-advokat.com.ua, a Ukrainian website. The post includes the admin login URL (privat-advokat.com.ua/admin/myadm.php), credentials (login: admadvokat, password: md3778vk), the site IP (185.13.5.54), and confirms successful authentication with HTTP 200 status. Content attributed to @krigs_workV2.
Date: 2026-04-07T18:23:52Z
Network: telegram
Published URL: https://t.me/c/2738999379/278
Screenshots:
None
Threat Actors: krigs_workV2
Victim Country: Ukraine
Victim Industry: Legal Services
Victim Organization: Privat Advokat
Victim Site: privat-advokat.com.ua
Website defacement of neronbd.com by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL defaced a product page on neronbd.com on April 8, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-07T18:14:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831428
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Bangladesh
Victim Industry: Unknown
Victim Organization: Neron BD
Victim Site: neronbd.com
Alleged sale of stolen mail access accounts across multiple countries
Category: Logs
Content: Threat actor @xRealWorker is selling fresh, premium-quality stolen email/mail access accounts described as untouched. Available for France, Italy, United States, United Kingdom, Germany, Spain, and more countries. Advertised as private, secure, and 100% untouched, indicating recently compromised credentials.
Date: 2026-04-07T17:57:52Z
Network: telegram
Published URL: https://t.me/c/2613583520/59841
Screenshots:
None
Threat Actors: xRealWorker
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Tweety Birds India by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL defaced the Tweety Birds India website on April 8, 2026. The attack targeted a specific event details page rather than the homepage.
Date: 2026-04-07T17:57:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831425
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: India
Victim Industry: Entertainment/Events
Victim Organization: Tweety Birds India
Victim Site: tweetybirdsindia.com
Alleged leak of premium email credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 4,275 premium mixed email credentials including Hotmail accounts through a Telegram contact. The credentials are being distributed as a free download on a cybercriminal forum.
Date: 2026-04-07T17:43:32Z
Network: openweb
Published URL: https://crackingx.com/threads/71427/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials
Category: Combo List
Content: A combolist containing 6,770 mixed email and password combinations was allegedly made available for free download on a cybercrime forum.
Date: 2026-04-07T17:43:11Z
Network: openweb
Published URL: https://crackingx.com/threads/71428/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Cyber Attack Targeting United States Infrastructure by Infrastructure Destruction Squad
Category: Cyber Attack
Content: The threat actor group Infrastructure Destruction Squad posted a message in Chinese stating their target is the United States of America, referencing Trump. This appears to be a politically motivated cyber attack or DDoS threat against US infrastructure.
Date: 2026-04-07T17:30:01Z
Network: telegram
Published URL: https://t.me/c/2735908986/3929
Screenshots:
None
Threat Actors: Infrastructure Destruction Squad
Victim Country: United States
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed forum credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 82,000 mixed credentials allegedly sourced from various forums. The credentials are claimed to be valid and made available for download.
Date: 2026-04-07T17:27:58Z
Network: openweb
Published URL: https://crackingx.com/threads/71420/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor has allegedly made available a combolist containing 400,000 Hotmail email and password combinations dated April 7th. The credentials are being distributed through a forum post with hidden content for registered users.
Date: 2026-04-07T17:27:38Z
Network: openweb
Published URL: https://crackingx.com/threads/71423/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: Forum post claims to contain Hotmail credential hits, but actual content is hidden behind registration requirement making verification impossible.
Date: 2026-04-07T17:27:15Z
Network: openweb
Published URL: https://crackingx.com/threads/71426/
Screenshots:
None
Threat Actors: FlashCloud2
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of stealer logs and credential data
Category: Logs
Content: Threat actor watercloud distributed stealer logs and credential data through file sharing links on a cybercrime forum. The actor provides daily access to fresh logs and promotes a Telegram channel for instant updates.
Date: 2026-04-07T17:26:38Z
Network: openweb
Published URL: https://darkforums.su/Thread-%E2%AD%90%E2%AD%90%E2%AD%90-STEALER-LOGS-AND-U-L-P-07-04-2026–72658
Screenshots:
None
Threat Actors: watercloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Critical Vulnerability in Telnetd Service (CVE-2026-24061) Enabling Unauthenticated Remote Root Access
Category: Vulnerability
Content: A critical vulnerability identified as CVE-2026-24061 has been reported in the Telnetd service, allowing unauthenticated remote access and potential root-level privilege escalation. The flaw is described as easily exploitable, and real-world exploitation cases have been reported. Recommendations include updating or disabling the Telnetd service and migrating to SSH.
Date: 2026-04-07T17:24:29Z
Network: telegram
Published URL: https://t.me/c/1283513914/21054
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Buffalo City Metropolitan Municipality
Category: Data Breach
Content: Forum post regarding South Africas Buffalo City Metropolitan Municipality government data, though specific details about the nature and scope of the alleged breach are not available in the visible content.
Date: 2026-04-07T17:13:39Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Government-of-South-Africa-Buffalo-City-Metropolitan-Municipality
Screenshots:
None
Threat Actors: wh6ami
Victim Country: South Africa
Victim Industry: Government
Victim Organization: Buffalo City Metropolitan Municipality
Victim Site: Unknown
Alleged data breach of Municipality of Tornquist government database
Category: Data Breach
Content: Threat actor wh6ami is allegedly selling access to 3 databases from the Municipality of Tornquist in Argentina for $40. The databases reportedly contain sensitive information including WordPress credentials across approximately 50 tables, with the dump dated April 29, 2025.
Date: 2026-04-07T17:13:04Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Argentina-government-Municipality-of-Tornquist
Screenshots:
None
Threat Actors: wh6ami
Victim Country: Argentina
Victim Industry: Government
Victim Organization: Municipality of Tornquist
Victim Site: tornquist.gov.ar
Alleged sale of American Chinese women personal database
Category: Data Breach
Content: Threat actor claims to be selling a database containing personal information of 1.3 million American Chinese women, including US mobile phone numbers, Chinese names, gender, city, origin, and relationship status. The seller provides sample records and requests contact via Telegram for pricing information.
Date: 2026-04-07T17:12:45Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-American-Chinese-women-1300000
Screenshots:
None
Threat Actors: DDying
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Leakbase archived data collection
Category: Data Breach
Content: Actor claims to be selling archived files from seized data marketplace Leakbase for $200, containing cookies, credential lists, SQL dumps, financial records, and other stolen data totaling over 10TB.
Date: 2026-04-07T17:12:25Z
Network: openweb
Published URL: https://darkforums.su/Thread-SELL-All-leakbase-s-paid-files-10TB
Screenshots:
None
Threat Actors: zoozkooz
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Leakbase
Victim Site: Unknown
Alleged financial fraud scheme targeting German banking customers
Category: Data Breach
Content: Forum post advertising fixed deposit rates while listing personal information of 10 German individuals including names, email addresses, phone numbers, and financial amounts ranging from 10,000 to over 100,000 euros. This appears to be a fraudulent scheme potentially targeting banking customers or investors.
Date: 2026-04-07T17:11:50Z
Network: openweb
Published URL: https://darkforums.su/Thread-Live-Festgeldzinsen
Screenshots:
None
Threat Actors: jack345
Victim Country: Germany
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of NUST Pakistan Armed Forces
Category: Data Breach
Content: Threat actor ModernStealer claims to have breached NUST, a Pakistani educational institution linked to the Pakistan Armed Forces. The actor indicates more data breaches will be disclosed and provides a contact session ID for communication.
Date: 2026-04-07T17:11:31Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-NUST-DATA-PAKISTAN-ARMED-FORCES
Screenshots:
None
Threat Actors: ModernStealer
Victim Country: Pakistan
Victim Industry: Education/Defense
Victim Organization: NUST (National University of Sciences and Technology)
Victim Site: Unknown
Alleged sale of Russian citizen personal data database
Category: Data Breach
Content: Threat actor IntelHead is allegedly selling a database containing over 100 million Russian phone numbers along with full names and dates of birth. The actor provides sample data and contact information via Telegram for potential buyers.
Date: 2026-04-07T17:11:10Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-100-Million-Russian-Phone-Numbers-database-Phone-Numbers-Full-Name-DOB–72604
Screenshots:
None
Threat Actors: IntelHead
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Argentina government database from Municipality of Tornquist
Category: Data Breach
Content: Threat actor claims to be selling database dumps from the Municipality of Tornquist in Argentina for $40. The alleged breach contains 3 databases with sensitive information including WordPress credentials across approximately 50 tables, along with personal data such as names, email addresses, phone numbers, and physical addresses of residents.
Date: 2026-04-07T17:10:51Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Argentina-government-databases-leaked-Municipality-of-Tornquist
Screenshots:
None
Threat Actors: wh6ami
Victim Country: Argentina
Victim Industry: Government
Victim Organization: Municipality of Tornquist
Victim Site: tornquist.gov.ar
Alleged data breach of Nasdaq trading and finance data
Category: Data Breach
Content: Threat actor McLovin is selling alleged Nasdaq trading and finance data containing personal and financial information of 5 million records for $2,000. The data includes names, addresses, trading experience, account details, and credit scores in CSV format.
Date: 2026-04-07T17:10:28Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-USA-Nasdaq-Trading-and-Finance
Screenshots:
None
Threat Actors: McLovin
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Nasdaq
Victim Site: nasdaq.com
Alleged leak of educational institution credentials
Category: Combo List
Content: Threat actor distributing a 3 million record educational credential combolist for free through Telegram channels. The actor is sharing the combolist along with related tools through multiple Telegram groups.
Date: 2026-04-07T17:10:14Z
Network: openweb
Published URL: https://crackingx.com/threads/71416/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Colombian government websites by NyxarGroup
Category: Data Breach
Content: NyxarGroup and collaborators are allegedly selling personal information from Colombian government websites saul.cali.gov.co and sider.cali.gov.co. The data includes full names, document numbers, addresses, birth dates, phone numbers, and email addresses of citizens.
Date: 2026-04-07T17:10:08Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-CO-CALI-GOV-CO
Screenshots:
None
Threat Actors: NyxarGroup
Victim Country: Colombia
Victim Industry: Government
Victim Organization: Municipality of Cali
Victim Site: cali.gov.co
Alleged data breach of Binance Australia customer database
Category: Data Breach
Content: Threat actor McLovin is selling a database containing 470,000 records of Binance Australia customers for $2,500 USD. The data includes personal information such as names, emails, phone numbers, and trading pair information in CSV format.
Date: 2026-04-07T17:09:45Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Australia-470K-binance-com
Screenshots:
None
Threat Actors: McLovin
Victim Country: Australia
Victim Industry: Financial Services
Victim Organization: Binance
Victim Site: binance.com
Alleged sale of Telegram accounts on Panda-Market marketplace
Category: Data Breach
Content: Cybercriminal marketplace Panda-Market.cc is advertising the sale of Telegram accounts from multiple countries. The platform claims to have operated for over 5 years and offers various digital products including social media accounts.
Date: 2026-04-07T17:09:22Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Panda-Market-cc-Digital-Mega-Market-The-Largest-Range-of-Telegram-Accounts
Screenshots:
None
Threat Actors: PandaAdmin
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Telegram
Victim Site: telegram.org
Alleged sale of Robinhood Gold membership data
Category: Data Breach
Content: Threat actor McLovin is allegedly selling a database containing 4.6 million Robinhood Gold membership records for $3,190. The data includes names, phone numbers, addresses, and email addresses in CSV format.
Date: 2026-04-07T17:08:58Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-4-6M-Robinhood-com-Gold-Membership
Screenshots:
None
Threat Actors: McLovin
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Robinhood
Victim Site: robinhood.com
Alleged data breach of Japanese real estate platforms SUUMO, CHINTAI, and At Home
Category: Data Breach
Content: Threat actor Dumpsec is selling a database containing 2.4 million records of Japanese civilians searching for housing from real estate platforms SUUMO, CHINTAI, and At Home for €1,000. The data includes client IDs, names, contact information, property preferences, and housing requirements.
Date: 2026-04-07T17:08:47Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-JP-SUUMO-CHINTAI-At-Home-2-4M-Japanese-civilians-in-search-of-housing
Screenshots:
None
Threat Actors: Dumpsec
Victim Country: Japan
Victim Industry: Real Estate
Victim Organization: SUUMO, CHINTAI, At Home
Victim Site: suumo.jp
Alleged data breach of Coinbase user database
Category: Data Breach
Content: Threat actor OnarDev is allegedly selling a database containing personal information of 2 million Coinbase users for $500 USD. The data includes full names, email addresses, phone numbers, and country information, claimed to be from a fresh 2025/2026 extraction.
Date: 2026-04-07T17:08:40Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-2M-PRIVATE-COINBASE-USER-PII-%E2%80%93-FRESH-2025-2026-EXTRACTION
Screenshots:
None
Threat Actors: OnarDev
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Coinbase
Victim Site: coinbase.com
Alleged sale of Thailand population database
Category: Data Breach
Content: Threat actor McLovin is selling a Thailand population database containing 3.8 million records in CSV format for $850. The database is offered as a 0.7 GB uncompressed file with samples provided via external link.
Date: 2026-04-07T17:08:21Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-3-8M-Thailand-Population
Screenshots:
None
Threat Actors: McLovin
Victim Country: Thailand
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of AusBD Bazaar database
Category: Data Breach
Content: Actor claims to possess a database dump from ausbdbazaar.com containing 500,000 records with employee and user data including names, phone numbers, email addresses, hashed passwords, roles, and salary information. The structured data appears to be from an internal management system with various user roles including admins, delivery personnel, and cashiers.
Date: 2026-04-07T17:08:05Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Bangladesh-database-ausbdbazaar-com-500K
Screenshots:
None
Threat Actors: Richard2002
Victim Country: Bangladesh
Victim Industry: E-commerce
Victim Organization: AusBD Bazaar
Victim Site: ausbdbazaar.com
Alleged sale of China shopping delivery address database
Category: Data Breach
Content: Threat actor McLovin is selling a database containing 810 million Chinese shopping delivery addresses for $1000. The data is offered in text format as an 18GB compressed file with samples provided via external link.
Date: 2026-04-07T17:08:00Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-810M-China-Shopping-Delivery-Address
Screenshots:
None
Threat Actors: McLovin
Victim Country: China
Victim Industry: E-commerce
Victim Organization: Unknown
Victim Site: Unknown
Alleged FTP credentials leak for Robosoft Technologies (robosoftin.com)
Category: Data Leak
Content: Threat actor from BlackMaskers Army channel has posted alleged FTP credentials for ftp.robosoftin.com, including a username robomumbai and password Robo#$%Admin, suggesting unauthorized access or credential exposure for Robosoft Technologies.
Date: 2026-04-07T16:59:51Z
Network: telegram
Published URL: https://t.me/c/2746641043/327
Screenshots:
None
Threat Actors: BlackMaskers Army
Victim Country: India
Victim Industry: Technology
Victim Organization: Robosoft Technologies
Victim Site: robosoftin.com
Alleged cyber attack on Eezy.com by BlackMaskers Army
Category: Cyber Attack
Content: Threat actor group BlackMaskers Army claims to have hacked eezy.com, a stock content/creative assets platform. A photo was shared alongside the claim, potentially as proof of the intrusion.
Date: 2026-04-07T16:59:23Z
Network: telegram
Published URL: https://t.me/c/2746641043/325
Screenshots:
None
Threat Actors: BlackMaskers Army
Victim Country: Unknown
Victim Industry: Digital Media / Stock Content
Victim Organization: Eezy
Victim Site: eezy.com
Alleged cyber attack on Robosoftin
Category: Cyber Attack
Content: Threat actor BlackMaskers Army claims to have hacked robosoftin.com.
Date: 2026-04-07T16:57:41Z
Network: telegram
Published URL: https://t.me/c/2746641043/324
Screenshots:
None
Threat Actors: BlackMaskers Army
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Robosoftin
Victim Site: robosoftin.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor is allegedly sharing a combolist containing 18,000 unique Hotmail email and password combinations on a cybercriminal forum.
Date: 2026-04-07T16:54:07Z
Network: openweb
Published URL: https://crackingx.com/threads/71415/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of initial access to Botswana Government Health Portal
Category: Initial Access
Content: Threat actor Florence is allegedly selling root-level remote code execution access to Botswanas government health portal system for $300. The compromised system is reportedly running on Linux with firewall device access and shell privileges.
Date: 2026-04-07T16:52:21Z
Network: openweb
Published URL: https://pwnforums.st/Thread-Botswana-Government-Health-Portal
Screenshots:
None
Threat Actors: Florence
Victim Country: Botswana
Victim Industry: Government
Victim Organization: Botswana Government Health Portal
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Actor KiwiShio shared a combolist containing 700 alleged Hotmail email and password combinations on a cybercriminal forum, advertising them as fresh and high quality credentials.
Date: 2026-04-07T16:39:55Z
Network: openweb
Published URL: https://crackingx.com/threads/71413/
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged defacement of Indian education site pmsdadri.edu.in by OpsShadowStrike
Category: Defacement
Content: Hacktivist group #OpsShadowStrike claimed responsibility for defacing an Indian education website (pmsdadri.edu.in), uploading a defacement page at /ops.html. The operation appears politically motivated, referencing pro-Palestine and anti-Israel sentiments. Multiple collaborating groups are listed including TengkorakCyberCrew, MalaysiaHacktivist, EagleCyberCrew, and others, suggesting a coordinated hacktivist campaign.
Date: 2026-04-07T16:37:23Z
Network: telegram
Published URL: https://t.me/c/3844432135/254
Screenshots:
None
Threat Actors: #OpsShadowStrike
Victim Country: India
Victim Industry: Education
Victim Organization: pmsdadri.edu.in
Victim Site: pmsdadri.edu.in
Alleged OMNITRIX IMAP service for email monitoring and manipulation
Category: Services
Content: Threat actor JINKUSU advertises OMNITRIX IMAP service offering email account monitoring, attachment interception, IBAN replacement in documents, and email editing capabilities via IMAP access. The service appears designed for unauthorized access to email accounts and manipulation of financial documents.
Date: 2026-04-07T16:36:46Z
Network: openweb
Published URL: https://pwnforums.st/Thread-OMNITRIX-IMAP
Screenshots:
None
Threat Actors: JINKUSU
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of vinsgrandscrus.fr by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the French wine company Vins Grands Crus website on April 7, 2026. The defacement targeted a specific media directory rather than the main homepage.
Date: 2026-04-07T16:32:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831417
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: France
Victim Industry: Wine/Beverages
Victim Organization: Vins Grands Crus
Victim Site: vinsgrandscrus.fr
Alleged Dox of Former BreachForums Administrator Caine (Angel Tsvetkov)
Category: Data Leak
Content: ShinyHunters published a dox of Angel Tsvetkov, identified by aliases N/A and Caine, described as a former BreachForums administrator turned exit scammer. The post links to a paste on justpaste.it containing personal information, credited to KeyserSoze1337, with additional details on BreachForums Wall of Shame page.
Date: 2026-04-07T16:24:40Z
Network: telegram
Published URL: https://t.me/c/3737716184/859
Screenshots:
None
Threat Actors: Caine
Victim Country: Unknown
Victim Industry: Cybercrime Forum
Victim Organization: BreachForums
Victim Site: breachforums.ai
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a sample of 380 Hotmail credentials on a cybercrime forum. The post appears to offer free access to the credential list rather than selling it.
Date: 2026-04-07T16:24:21Z
Network: openweb
Published URL: https://crackingx.com/threads/71411/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a list of 1,300 allegedly valid Hotmail email credentials with mail access capabilities on an underground forum.
Date: 2026-04-07T16:23:46Z
Network: openweb
Published URL: https://crackingx.com/threads/71412/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of Upwave source code
Category: Data Leak
Content: Threat actor 888 claims to have breached Upwave.com in April 2026, stealing source code from the YC-funded advertising technology startup. The compromised source code is being distributed for free download on cybercrime forums.
Date: 2026-04-07T16:21:05Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SOURCE-CODE-Upwave-com-Data-Breach-Leaked-Download
Screenshots:
None
Threat Actors: 888
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Upwave
Victim Site: upwave.com
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 1,342 valid Hotmail email and password combinations on a cybercriminal forum. The credentials are described as premium hits from a private cloud source.
Date: 2026-04-07T16:11:39Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1342x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged cyber attack on CCTV systems at M.E. Kebab, London by NoName057(16)
Category: Cyber Attack
Content: Hacktivist group NoName057(16) claims to have compromised surveillance cameras at M.E. Kebab located at 102 Frampton Street, Edgware Road, London NW8 8NB. The post shares footage access as part of #OpGreatBritain campaign, tagged with #FuckEastwood and #TimeOfRetribution hashtags, suggesting an ongoing hacktivist campaign targeting UK entities.
Date: 2026-04-07T16:11:05Z
Network: telegram
Published URL: https://t.me/c/3584758467/707
Screenshots:
None
Threat Actors: NoName057(16)
Victim Country: United Kingdom
Victim Industry: Food & Beverage
Victim Organization: M.E. Kebab
Victim Site: Unknown
Alleged leak of Gmail credential combolist
Category: Combo List
Content: A threat actor shared a targeted Gmail combolist containing 127,000 email and password combinations on a cybercriminal forum. The actor also advertises additional credential lists for various email providers and geographic regions through Telegram.
Date: 2026-04-07T16:10:45Z
Network: openweb
Published URL: https://demonforums.net/Thread-127K-GMAIL-TARGETED-COMBOLIST
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged cryptocurrency investment fraud scheme targeting forum users
Category: Combo List
Content: Forum post promoting Investrop cryptocurrency arbitrage platform promising unrealistic daily returns of 4%, appearing to be a fraudulent investment scheme targeting users on cybercrime forums. No actual data breach or leak is being offered in this post.
Date: 2026-04-07T16:09:07Z
Network: openweb
Published URL: https://crackingx.com/threads/71407/
Screenshots:
None
Threat Actors: AnonymousHelper
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of USDT flash cryptocurrency tokens on Solana blockchain
Category: Initial Access
Content: Threat actor Target777 is selling USDT flash coins on the Solana blockchain with pricing at 2.5% from 100k and 1.5% from 1 million, claiming compatibility with Trust Wallet, Metamask, and Gate web3 wallets.
Date: 2026-04-07T16:08:29Z
Network: openweb
Published URL: https://crackingx.com/threads/71406/
Screenshots:
None
Threat Actors: Target777
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of IDEXX Laboratories with source code leak
Category: Data Leak
Content: Threat actor claims IDEXX Laboratories suffered a data breach in March 2026 resulting in the theft of IDEXX Cornerstone source code. The actor is distributing the stolen source code for free download on underground forums.
Date: 2026-04-07T16:06:37Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SOURCE-CODE-IDEXX-Data-Breach-Leaked-Download
Screenshots:
None
Threat Actors: 888
Victim Country: United States
Victim Industry: Veterinary and Laboratory Services
Victim Organization: IDEXX Laboratories, Inc.
Victim Site: Unknown
Alleged CCTV Camera Hack at M.E. Kebab London by Shadow Clawz 404
Category: Cyber Attack
Content: Threat actor Shadow Clawz 404 claims to have compromised CCTV cameras at M.E. Kebab restaurant located at 102 Frampton Street, Edgware Road, London NW8 8NB. The attack is framed as part of #OpGreatBritain, conducted in coordination with pro-Russian hacktivist group NoName057(16) targeting UK infrastructure. The actors claim to be exposing live camera feeds and describe the action as retaliation against russophobic Britain.
Date: 2026-04-07T16:06:32Z
Network: telegram
Published URL: https://t.me/c/3087552512/1688
Screenshots:
None
Threat Actors: Shadow Clawz 404
Victim Country: United Kingdom
Victim Industry: Food & Beverage
Victim Organization: M.E. Kebab
Victim Site: Unknown
Alleged source code leak of Lakmobile
Category: Data Leak
Content: User 888 claims to have leaked source code from Lakmobile.com following an alleged March 2026 data breach. The compromised data consists of a collection of source codes from the mobile and web technology company.
Date: 2026-04-07T16:06:17Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SOURCE-CODE-Lakmobile-com-Data-Breach-Leaked-Download
Screenshots:
None
Threat Actors: 888
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Lakmobile
Victim Site: lakmobile.com
Alleged data breach of Askul Corporation (Japan)
Category: Data Breach
Content: A threat actor claims to have breached Askul Corporation, a leading Japanese e-commerce company headquartered in Tokyo. The post references the domain askul.co.jp and states the breach occurred on October 19, 2025. Askul operates B2B and B2C platforms offering office supplies, logistics, and digital business solutions.
Date: 2026-04-07T16:06:10Z
Network: telegram
Published URL: https://t.me/c/1887244124/1623
Screenshots:
None
Threat Actors: Joker
Victim Country: Japan
Victim Industry: E-Commerce / Retail
Victim Organization: Askul Corporation
Victim Site: askul.co.jp
Alleged data breach of Toomics with source code leak
Category: Data Leak
Content: User claims Toomics, a digital comics platform, suffered a data breach in March 2026 resulting in the theft and public distribution of the companys source code on a hacking forum.
Date: 2026-04-07T16:05:53Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SOURCE-CODE-Toomics-Data-Breach-Leaked-Download
Screenshots:
None
Threat Actors: 888
Victim Country: Unknown
Victim Industry: Entertainment
Victim Organization: Toomics
Victim Site: Unknown
Alleged distribution of mixed corporate credential lists
Category: Combo List
Content: Threat actor CODER is distributing free credential lists containing 9 million mixed corporate credentials through Telegram channels, with additional credentials available upon request.
Date: 2026-04-07T15:56:34Z
Network: openweb
Published URL: https://crackingx.com/threads/71405/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of E-accounting.co.kr
Category: Data Leak
Content: A South Korean SaaS company E-accounting.co.kr allegedly suffered a data breach in February 2026 resulting in source code theft. The stolen source code is being distributed for free download on cybercriminal forums.
Date: 2026-04-07T15:54:20Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SOURCE-CODE-E-accounting-co-kr-Data-Breach-Leaked-Download
Screenshots:
None
Threat Actors: 888
Victim Country: South Korea
Victim Industry: Technology
Victim Organization: E-accounting
Victim Site: e-accounting.co.kr
Alleged data breach of Datamatics with source code leak
Category: Data Leak
Content: Threat actor claims to have leaked source code from Datamatics, a provider of consulting, IT, data management, and business process management services, allegedly breached in March 2026. The source code is being distributed for free download on underground forums.
Date: 2026-04-07T15:53:53Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SOURCE-CODE-Datamatics-Data-Breach-Leaked-Download
Screenshots:
None
Threat Actors: 888
Victim Country: Unknown
Victim Industry: Information Technology
Victim Organization: Datamatics
Victim Site: Unknown
Alleged sale of access or domain criamosseusite.com.br by Pharaohs Team
Category: Initial Access
Content: Pharaohs Team market posted the Brazilian domain criamosseusite.com.br marked as #sold, indicating a completed transaction involving this website, likely initial access, defacement, or domain sale.
Date: 2026-04-07T15:46:14Z
Network: telegram
Published URL: https://t.me/c/3205199875/463
Screenshots:
None
Threat Actors: Pharaohs Team
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: criamosseusite.com.br
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: User noir shared what appears to be valid Hotmail credentials and mixed credential lists on CrackingX forum. The post mentions VALID HOTMAIL || PRIVATE CLOUD || VALID MIX suggesting a collection of working email credentials from various sources.
Date: 2026-04-07T15:44:37Z
Network: openweb
Published URL: https://crackingx.com/threads/71404/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of Talavest.com
Category: Data Leak
Content: Actor claims Talavest.com, an Iranian gold and silver trading platform, suffered a data breach in February 2026 resulting in source code theft. The compromised source code is being distributed for free download on underground forums.
Date: 2026-04-07T15:41:40Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SOURCE-CODE-Talavest-com-Data-Breach–187919
Screenshots:
None
Threat Actors: 888
Victim Country: Iran
Victim Industry: Precious Metals Trading
Victim Organization: Talavest
Victim Site: talavest.com
Alleged data leak shared via Brona Blanco channel
Category: Data Leak
Content: A media file was shared in the Brona Blanco channel accompanied by the message Have fun, suggesting a data dump, combolist, or similar leaked content being distributed for free.
Date: 2026-04-07T15:34:57Z
Network: telegram
Published URL: https://t.me/c/3896868760/281
Screenshots:
None
Threat Actors: Inspector
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 18,000 unique Hotmail email and password combinations on a cybercriminal forum.
Date: 2026-04-07T15:31:53Z
Network: openweb
Published URL: https://crackingx.com/threads/71400/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor NUllSHop0X shared a combolist containing 11,000 allegedly valid Hotmail email credentials for free download on a cybercriminal forum.
Date: 2026-04-07T15:31:19Z
Network: openweb
Published URL: https://crackingx.com/threads/71402/
Screenshots:
None
Threat Actors: NUllSHop0X
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,474 premium fresh Hotmail email credentials for free download on a cybercrime forum.
Date: 2026-04-07T15:30:37Z
Network: openweb
Published URL: https://crackingx.com/threads/71403/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
I search job: posting your advertisement(sale,service) on various forums.
Category: Alert
Content: New thread posted by vlesskey: I search job: posting your advertisement(sale,service) on various forums.
Date: 2026-04-07T15:02:08Z
Network: openweb
Published URL: https://crackingx.com/threads/71401/
Screenshots:
None
Threat Actors: vlesskey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist
Category: Combo List
Content: A forum post advertising a high-quality mixed credential combolist titled X1448 HQ Mix made available for download. The content is hidden behind registration requirements, suggesting free distribution of stolen credentials.
Date: 2026-04-07T14:48:32Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9A%A1%E2%9A%A1-X1448-HQ-Mix-%E2%9A%A1%E2%9A%A1-BY-Steveee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: User HollowKnight07 shared a sample containing 560 Hotmail credentials as a free download on a cybercriminal forum specializing in combolists and data dumps.
Date: 2026-04-07T14:47:39Z
Network: openweb
Published URL: https://crackingx.com/threads/71399/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Data Breach of Israeli Electrical Power Infrastructure by Hanzala Group
Category: Data Breach
Content: The hacking group Hanzala (حنظله) claims to have successfully exfiltrated all data related to the sensitive electrical power infrastructure of Israel. The group states this intelligence is now in the possession of a missile unit on standby. Hanzala also asserts it is the sole provider of intelligence support for the Axis of Resistance and that no other country is involved. The claim was reported by Iranian cyber news outlet Cyberban News.
Date: 2026-04-07T14:38:59Z
Network: telegram
Published URL: https://t.me/c/1283513914/21044
Screenshots:
None
Threat Actors: حنظله
Victim Country: Israel
Victim Industry: Energy & Utilities
Victim Organization: Israeli Electrical Power Infrastructure
Victim Site: Unknown
Alleged distribution of Twitch credential checking tool
Category: Initial Access
Content: A console-based credential checking tool specifically designed for Twitch accounts is being distributed on underground forums. The tool features multi-threaded processing, real-time statistics, and retry logic for validating large credential lists against Twitchs platform.
Date: 2026-04-07T14:30:46Z
Network: openweb
Published URL: https://demonforums.net/Thread-Twitch-Checker-by-Mr-Nexer–199681
Screenshots:
None
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Gaming/Streaming
Victim Organization: Twitch
Victim Site: twitch.tv
Alleged data leak of Elbit Systems Hermes drone development team by Hanzala cyber group
Category: Data Leak
Content: The Hanzala cyber group claims to have published an exclusive image of the primary team responsible for designing and developing the Hermes unmanned aerial vehicle (UAV) at Elbit Systems (Elbit Systems / Bit Systems). The group states this is the first leak of its kind in recent years, given the projects top-secret classification and stringent security protocols. They describe this as the beginning of exposing hidden aspects of Israeli military and security projects, promising additional details and names in the near future.
Date: 2026-04-07T14:30:37Z
Network: telegram
Published URL: https://t.me/c/2189724818/7832
Screenshots:
None
Threat Actors: حنظلة
Victim Country: Israel
Victim Industry: Defense / Aerospace
Victim Organization: Elbit Systems
Victim Site: elbitsystems.com
Alleged leak of German email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 39,000 German email credentials with mail access verification dated April 7th. The credentials were made available for registered forum users to download.
Date: 2026-04-07T14:29:27Z
Network: openweb
Published URL: https://crackingx.com/threads/71398/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of multiple personal data databases including SSN and passport information
Category: Data Breach
Content: Threat actor jannatmirza11 claims to have access to multiple databases containing driver licenses, SSNs, passports, company EIN/LTD information, consumer data, phone lists, email lists, and credentials from large sites. Contact is provided via Telegram for potential transactions.
Date: 2026-04-07T14:16:25Z
Network: openweb
Published URL: https://crackingx.com/threads/71397/
Screenshots:
None
Threat Actors: jannatmirza11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Cyber Attack on Industrial Greenhouse Control System of South Korean Company Aion Eng by Z-Pentest Alliance
Category: Cyber Attack
Content: The threat actor group Z-Pentest Alliance claims to have gained complete control over the industrial greenhouse management system of Aion Eng, a South Korean company. The group states they have full access to all sensors, actuators, and microclimate/irrigation/nutrition control parameters in real time. They claim the compromise was achieved via standard vulnerabilities, weak authentication, and poor network segmentation. The group threatens to destroy the current crop by manipulating environmental conditions and warns of more serious future targets. The post is tagged #OpSouthKorea and includes political hashtags suggesting ideological motivation.
Date: 2026-04-07T14:13:54Z
Network: telegram
Published URL: https://t.me/c/2729466495/927
Screenshots:
None
Threat Actors: Z-Pentest Alliance
Victim Country: South Korea
Victim Industry: Agriculture / Food Security
Victim Organization: Aion Eng
Victim Site: Unknown
Website defacement of trainingpttf.com by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL successfully defaced the Training PTTF website on April 7, 2026. This was a targeted home page defacement rather than a mass attack.
Date: 2026-04-07T14:05:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831339
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Unknown
Victim Industry: Training/Education
Victim Organization: Training PTTF
Victim Site: trainingpttf.com
Alleged distribution of TE Port Scanner tool
Category: Initial Access
Content: A threat actor shared TE Port Scanner, a lightweight network reconnaissance tool designed for scanning ports, detecting open services, and mapping host exposure on target systems.
Date: 2026-04-07T14:04:46Z
Network: openweb
Published URL: https://demonforums.net/Thread-TE-Port-Scanner
Screenshots:
None
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Nippon Medical School Musashi Kosugi Hospital
Category: Data Breach
Content: A threat actor operating under Jokers world of Database claims to have breached the database of Nippon Medical School Musashi Kosugi Hospital (nms.ac.jp), a 372-bed regional teaching hospital in Kawasaki, Japan. The alleged breach date is listed as 03/04/2026. The post includes detailed organizational background about the hospital, suggesting reconnaissance or insider knowledge.
Date: 2026-04-07T13:54:19Z
Network: telegram
Published URL: https://t.me/c/1887244124/1622
Screenshots:
None
Threat Actors: Joker
Victim Country: Japan
Victim Industry: Healthcare
Victim Organization: Nippon Medical School Musashi Kosugi Hospital
Victim Site: nms.ac.jp
Alleged Cyber Attack Campaign Against UK Targets by Shadow Clawz 404 and NoName057
Category: Cyber Attack
Content: Threat actor Shadow Clawz 404 announced a coordinated attack campaign targeting the United Kingdom, explicitly stating support for pro-Russian hacktivist group NoName057. The post references exposing CCTV systems and implies ongoing or imminent attacks against British infrastructure, framing the UK as russophobic. The message includes a warning of further unpredictable attacks.
Date: 2026-04-07T13:54:12Z
Network: telegram
Published URL: https://t.me/c/3251820623/61
Screenshots:
None
Threat Actors: Shadow Clawz 404
Victim Country: United Kingdom
Victim Industry: Government / Critical Infrastructure
Victim Organization: Unknown
Victim Site: Unknown
Alleged mass website defacement by Pharaohs Team targeting Brazilian and international domains
Category: Defacement
Content: Pharaohs Team claims to have defaced approximately 30 websites, predominantly Brazilian (.com.br, .net.br, .rec.br, .tv.br) domains along with a few Canadian (.ca) and international sites. The post lists domains with their Domain Authority (DA) and Page Authority (PA) scores, consistent with defacement campaign reporting. Targets span various industries including retail, sports, foundations, and food services.
Date: 2026-04-07T13:51:35Z
Network: telegram
Published URL: https://t.me/c/3205199875/462
Screenshots:
None
Threat Actors: Pharaohs Team
Victim Country: Brazil
Victim Industry: Multiple
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor D4rkNetHub shared a collection of 735 Hotmail credentials on a cybercrime forum. The credentials are described as good suggesting they may be valid or recently tested.
Date: 2026-04-07T13:50:33Z
Network: openweb
Published URL: https://crackingx.com/threads/71394/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of mixed credential combolist
Category: Combo List
Content: Actor distributes a mixed combolist containing 7 million credentials described as semi-valid through Telegram channels. The threat actor promotes free distribution of credential lists and programs through multiple Telegram groups.
Date: 2026-04-07T13:37:43Z
Network: openweb
Published URL: https://crackingx.com/threads/71393/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Elbit Systems Hermes UAV design team members by Hanzala
Category: Data Leak
Content: The threat actor group Hanzala (حنظله) claims to have published, for the first time, photos of key members of the Hermes drone design and development team at Elbit Systems. The group states this is only the beginning of exposing hidden aspects of Israeli military and security projects, and threatens to release more details and names.
Date: 2026-04-07T13:31:01Z
Network: telegram
Published URL: https://t.me/c/1283513914/21041
Screenshots:
None
Threat Actors: حنظله
Victim Country: Israel
Victim Industry: Defense & Aerospace
Victim Organization: Elbit Systems
Victim Site: elbitsystems.com
Alleged leak of mixed email credentials combolist
Category: Logs
Content: Threat actor MegaCloud allegedly leaked a collection of 34,000 valid email credentials from mixed sources. The post indicates full mail access credentials were made available on a cybercriminal forum.
Date: 2026-04-07T13:27:56Z
Network: openweb
Published URL: https://xforums.st/threads/34k-full-valid-mail-access-mix-07-04.605115/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Facebook and Instagram credentials
Category: Combo List
Content: A threat actor shared a combolist containing username and password combinations claimed to be valid for Facebook and Instagram accounts. The post content is hidden and requires registration to view details.
Date: 2026-04-07T13:13:21Z
Network: openweb
Published URL: https://crackingx.com/threads/71392/
Screenshots:
None
Threat Actors: Kinglukeman
Victim Country: Unknown
Victim Industry: Social Media
Victim Organization: Facebook and Instagram
Victim Site: facebook.com
Website defacement of Salice by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR successfully defaced the Romanian website salice.ro on April 7, 2026. The attack targeted a specific subdirectory rather than the main homepage.
Date: 2026-04-07T13:04:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831331
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Romania
Victim Industry: Unknown
Victim Organization: Salice
Victim Site: salice.ro
Alleged leak of email credential combolist targeting multiple countries
Category: Combo List
Content: Actor karaokecloud shared a combolist containing 10,675 email credentials with mail access targeting users from EU, USA, Netherlands, Poland, and Germany. The credentials are being distributed for free download on a cybercriminal forum.
Date: 2026-04-07T12:48:46Z
Network: openweb
Published URL: https://crackingx.com/threads/71391/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Moscow, Idaho, clinics reopen after Gritman cyber incident
Category: Cyber Attack
Content: Gritman Medical Center began reopening its clinics in Moscow, Idaho on Friday following a cybersecurity incident that occurred on Wednesday, which disrupted outpatient care. While the hospital and emergency services remained open, several specialty clinics had to be temporarily closed pending restoration of electronic systems. Investigators confirmed that no patient data was compromised, although the exact nature of the incident and its origin remain to be determined.
Date: 2026-04-07T12:37:26Z
Network: openweb
Published URL: https://dysruptionhub.com/gritman-cyber-incident-idaho/
Screenshots:
None
Threat Actors:
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Gritman Medical Center
Victim Site: gritman.org
Brockton hospital hit by cybersecurity incident, services affected
Category: Cyber Attack
Content: Signature Healthcare and Brockton hospital confirmed a cybersecurity incident disrupting certain computer systems, resulting in ambulance traffic diversion and cancellation of chemotherapy infusion services for April 6. While emergency services and scheduled surgical procedures continue, retail pharmacies were closed and patients reported significant delays and increased stress during their visits. The facility activated offline operating procedures and is working with external partners to investigate and restore operations as quickly as possible.
Date: 2026-04-07T12:37:24Z
Network: openweb
Published URL: https://www.wcvb.com/article/brockton-hospital-services-affected-by-cyber-incident/70944847
Screenshots:
None
Threat Actors:
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Signature Healthcare
Victim Site: signature-healthcare.org
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 18,000 unique Hotmail email and password combinations on a cybercrime forum. The credentials appear to be offered as a free download to forum members.
Date: 2026-04-07T12:36:38Z
Network: openweb
Published URL: https://crackingx.com/threads/71389/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged credential search tool offering access to 15 billion records
Category: Data Leak
Content: Threat actor LeakZero advertises a credential search tool called LeakZero providing access to 15 billion URL:LOG:PASS records with query builder and breach alert functionality. The tool appears to be offered for vouching purposes, suggesting free initial access to demonstrate capabilities.
Date: 2026-04-07T12:27:43Z
Network: openweb
Published URL: https://xforums.st/threads/bot-web-leakzero-url-log-pass-ulp-searcher-1-15kkk-rows-query-builder-breach-alert-for-vouch.605111/
Screenshots:
None
Threat Actors: LeakZero
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Russian email credential lists
Category: Combo List
Content: Threat actor shares free access to Russian email credential lists through Telegram channel and file sharing platform, claiming fresh databases are added daily with only relevant and latest data.
Date: 2026-04-07T12:11:33Z
Network: openweb
Published URL: https://crackingx.com/threads/71387/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor klyne05 shared what appears to be Hotmail credentials described as private, fresh, and checked on a cybercriminal forum.
Date: 2026-04-07T12:10:54Z
Network: openweb
Published URL: https://crackingx.com/threads/71388/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data leak of Europeansafelist.com database
Category: Data Leak
Content: A threat actor shared a database dump from europeansafelist.com containing member information including names, usernames, email addresses, password hashes, IP addresses, payment methods, and account details. The database appears to contain records from the SP_members table with personal and account information of registered users.
Date: 2026-04-07T12:08:34Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Database-europeansafelist-com
Screenshots:
None
Threat Actors: Robert2025
Victim Country: Unknown
Victim Industry: Marketing Services
Victim Organization: Europeansafelist
Victim Site: europeansafelist.com
Alleged data breach of GEG Telecomunicazioni (Italy)
Category: Data Breach
Content: A threat actor claims to have breached the database of GEG srl (geg.it), an Italian telecommunications company specializing in integrated mobile radio systems. GEG serves 500+ public administrations, manages 100,000+ radios, and holds approximately 60% of Italys civilian TETRA market. The alleged breach date is 30/03/2026.
Date: 2026-04-07T12:07:55Z
Network: telegram
Published URL: https://t.me/c/1887244124/1621
Screenshots:
None
Threat Actors: Joker
Victim Country: Italy
Victim Industry: Telecommunications
Victim Organization: GEG Telecomunicazioni (GEG srl)
Victim Site: geg.it
Alleged cyber operation against Armenia by Wolves of Turan (#opArmenia)
Category: Cyber Attack
Content: The Wolves of Turan hacktivist group posted tags referencing #opArmenia and #BDAnonymouseWoiveOfTuran, indicating an active or planned coordinated cyber operation targeting Armenian entities, likely in collaboration with BD Anonymous.
Date: 2026-04-07T11:54:36Z
Network: telegram
Published URL: https://t.me/c/3631190028/75
Screenshots:
None
Threat Actors: Wolves of Turan
Victim Country: Armenia
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Wacoal Malaysia by Botak Blocker
Category: Defacement
Content: Botak Blocker defaced the Malaysian website of lingerie and underwear retailer Wacoal on April 7, 2026. The attack targeted a specific media/customer section of the website rather than the homepage.
Date: 2026-04-07T11:51:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831319
Screenshots:
None
Threat Actors: Botak Blocker
Victim Country: Malaysia
Victim Industry: Retail/Fashion
Victim Organization: Wacoal Malaysia
Victim Site: wacoal.com.my
Website defacement of tfnclondon.com by Botak Blocker
Category: Defacement
Content: Botak Blocker defaced a media directory page on tfnclondon.com on April 7, 2026. The attack targeted a specific subdirectory rather than the main homepage.
Date: 2026-04-07T11:51:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831320
Screenshots:
None
Threat Actors: Botak Blocker
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: TFN London
Victim Site: tfnclondon.com
Website defacement of India Circus by Botak Blocker
Category: Defacement
Content: The attacker Botak Blocker defaced the India Circus e-commerce website on April 7, 2026. The defacement targeted a specific media/customer subdirectory rather than the main homepage.
Date: 2026-04-07T11:50:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831324
Screenshots:
None
Threat Actors: Botak Blocker
Victim Country: India
Victim Industry: E-commerce
Victim Organization: India Circus
Victim Site: indiacircus.com
Website defacement of perdormire.com by Botak Blocker
Category: Defacement
Content: Botak Blocker conducted a website defacement attack against perdormire.com on April 7, 2026. The attack targeted a specific media/customer directory on the site rather than the main homepage.
Date: 2026-04-07T11:49:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831325
Screenshots:
None
Threat Actors: Botak Blocker
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: perdormire.com
Website defacement of Aashni and Co by Botak Blocker
Category: Defacement
Content: Individual attacker Botak Blocker defaced the aashniandco.com website on April 7, 2026. This was a targeted single-site defacement with no apparent team affiliation or stated motivation.
Date: 2026-04-07T11:49:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831326
Screenshots:
None
Threat Actors: Botak Blocker
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Aashni and Co
Victim Site: aashniandco.com
Website defacement of falgunishanepeacock.com by Botak Blocker
Category: Defacement
Content: Botak Blocker defaced falgunishanepeacock.com on April 7, 2026. This was an isolated defacement incident affecting the media directory of the target website.
Date: 2026-04-07T11:48:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831327
Screenshots:
None
Threat Actors: Botak Blocker
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: falgunishanepeacock.com
Website defacement of School Time Uniforms by Botak Blocker
Category: Defacement
Content: Botak Blocker successfully defaced the School Time Uniforms website on April 7, 2026. The attack targeted a school uniform retailers website, compromising a subdirectory on the domain.
Date: 2026-04-07T11:48:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831328
Screenshots:
None
Threat Actors: Botak Blocker
Victim Country: Unknown
Victim Industry: Retail/Education Services
Victim Organization: School Time Uniforms
Victim Site: schooltimeuniforms.com
Website defacement of pakfactory.com by Botak Blocker
Category: Defacement
Content: On April 7, 2026, the attacker known as Botak Blocker defaced a customer media page on pakfactory.com. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-07T11:47:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831329
Screenshots:
None
Threat Actors: Botak Blocker
Victim Country: Pakistan
Victim Industry: Manufacturing
Victim Organization: Pak Factory
Victim Site: pakfactory.com
Alleged data leak of Plan Ceibal databases containing Uruguayan citizen information
Category: Data Leak
Content: Threat actor LaPampaLeaks claims to have obtained databases from Plan Ceibal, a Uruguayan government technology agency, affecting 1.2 million users of the CREA social network and 1 million citizens device assignment records. The actor has published samples totaling 75,000 records and offers to provide individual citizen information upon request for free.
Date: 2026-04-07T11:47:23Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-uruguay-ceibal-databases-citizens-Sample
Screenshots:
None
Threat Actors: LaPampaLeaks
Victim Country: Uruguay
Victim Industry: Government
Victim Organization: Plan Ceibal
Victim Site: Unknown
Website defacement of Arboreal Safaris by Zod
Category: Defacement
Content: The attacker Zod defaced the Arboreal Safaris tourism company website on April 7, 2026. The defacement targeted a Kenyan safari tour operators web presence.
Date: 2026-04-07T11:35:34Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248343
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Kenya
Victim Industry: Tourism
Victim Organization: Arboreal Safaris
Victim Site: arborealsafaris.co.ke
Website defacement of MAZ Computación by Zod
Category: Defacement
Content: The attacker Zod successfully defaced the website of MAZ Computación, a Mexican computer services company, on April 7, 2026. This was a single-site defacement targeting the companys web presence.
Date: 2026-04-07T11:29:46Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248341
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Mexico
Victim Industry: Technology/Computer Services
Victim Organization: MAZ Computación
Victim Site: mazcomputacion.com.mx
Mass defacement targeting Hotel du Monde Vietnam by Zod
Category: Defacement
Content: The threat actor Zod conducted a mass defacement campaign targeting Hotel du Mondes Vietnamese website. This incident was part of a broader mass defacement operation rather than a targeted attack on a single site.
Date: 2026-04-07T11:29:27Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248342
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Vietnam
Victim Industry: Hospitality
Victim Organization: Hotel du Monde
Victim Site: hoteldumonde.com.vn
Website defacement of modgamepass.com by B1dar4
Category: Defacement
Content: Threat actor B1dar4 defaced the gaming website modgamepass.com on April 7, 2026. The defacement targeted a specific page (b4.html) on the gaming modification service platform.
Date: 2026-04-07T11:23:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831313
Screenshots:
None
Threat Actors: B1dar4
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: ModGamePass
Victim Site: modgamepass.com
Alleged data breach of SEIDOR
Category: Data Breach
Content: Threat actor TiMc claims to have breached SEIDOR and obtained over 200GB of data. A file preview is provided with the full data breach promised after a countdown period via a dark web link.
Date: 2026-04-07T11:16:03Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DOCUMENTS-SEIDOR-COM-DATA-BREACH-200GB
Screenshots:
None
Threat Actors: TiMc
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: SEIDOR
Victim Site: seidor.com
Alleged sale of combolists, logs, and account credentials across multiple platforms
Category: Logs
Content: Multiple threat actors in the channel are offering for sale a wide range of stolen credentials and combolists including Hotmail, Gmail, Yahoo, AOL, Comcast, ATT, Spectrum, Windstream accounts, as well as cookies and logs for Facebook, Instagram, LinkedIn, Netflix, Disney, PSN, Xbox, Steam, TikTok, iCloud, PayPal, Amazon, eBay, Walmart, Kleinanzeigen, Poshmark, Airbnb, Booking, Marriott, Roblox, Vinted, and many others. Sellers claim access to private cloud databases with UHQ (ultra-high quality) data segmented by country (US, UK, FR, IT, BR, JP, PL, ES, MX, CA, SG, etc.) and offer keyword search capabilities.
Date: 2026-04-07T11:09:54Z
Network: telegram
Published URL: https://t.me/c/2613583520/59800
Screenshots:
None
Threat Actors: tuzelity
Victim Country: Unknown
Victim Industry: Multiple — Email, Social Media, E-Commerce, Gaming, Streaming
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed credential combolist
Category: Combo List
Content: A threat actor is allegedly distributing a private mixed combolist containing 10,000 credential entries on a cybercrime forum.
Date: 2026-04-07T11:06:13Z
Network: openweb
Published URL: https://crackingx.com/threads/71385/
Screenshots:
None
Threat Actors: FlashCloud2
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of GoldenCity gambling platform
Category: Data Breach
Content: Threat actor claims to have obtained personal information of Chinese high-roller gamblers from goldencity.cn, including QQ contact details, full addresses, and financial information affecting 10,000 individuals.
Date: 2026-04-07T11:04:28Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-goldencity-cn-10K-Chinese-High-Roller-Gamblers-QQ-DOX-Full-Addresses-Financia
Screenshots:
None
Threat Actors: xorcat
Victim Country: China
Victim Industry: Gaming and Gambling
Victim Organization: GoldenCity
Victim Site: goldencity.cn
Alleged data leak of TransPerfect interpreter records and medical appointment logs
Category: Data Leak
Content: A threat actor shared a database containing over 370,000 notification and appointment logs from TransPerfect, including interpreter records, medical appointment details, client information, and language pair data. The leaked data contains email communications, appointment details, and location information for healthcare and corporate clients.
Date: 2026-04-07T11:04:07Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-transperfect-com-370K-Interpreter-Records-Medical-Appointment-Logs
Screenshots:
None
Threat Actors: xorcat
Victim Country: United States
Victim Industry: Translation and Interpretation Services
Victim Organization: TransPerfect
Victim Site: transperfect.com
Alleged defacement of multiple Israeli websites by Cyber Islamic Resistance
Category: Defacement
Content: The group Cyber Islamic Resistance (محور المقاومة الاسلامية) claims to have defaced multiple Israeli websites belonging to tourism companies and other institutions, framed as a religious and political operation in support of Palestinian prisoners. Six target domains are listed along with six Zone-H mirror links as defacement proof.
Date: 2026-04-07T10:55:35Z
Network: telegram
Published URL: https://t.me/c/1651470668/1853
Screenshots:
None
Threat Actors: Cyber Islamic Resistance
Victim Country: Israel
Victim Industry: Tourism / Commercial
Victim Organization: Multiple Israeli tourism and commercial entities (habustan-moti, nofeshdeal, hay-kef, focus-academy, greenbeach, cpn)
Victim Site: habustan-moti.co.il, nofeshdeal.co.il, hay-kef.cpn.co.il, focus-academy.co.il, greenbeach.cpn.co.il, cpn.co.il
Alleged leak of USA and EU email credentials
Category: Combo List
Content: A threat actor leaked a collection of 4,000 fresh email credentials from USA and EU users dated April 7th. The credentials are being distributed as free content to registered forum users.
Date: 2026-04-07T10:52:10Z
Network: openweb
Published URL: https://crackingx.com/threads/71384/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of BLW99 Casino Southeast Asia gambling platform
Category: Data Leak
Content: A threat actor leaked a database dump containing over 43,000 records from BLW99 Casino, a Southeast Asian gambling platform. The leaked data includes complete KYC verification information, personal details, financial records, affiliate network data, and device fingerprints of players and affiliates.
Date: 2026-04-07T10:49:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-blw99-com-Southeast-Asia-Gambling-Ring-Full-KYC-Crypto-Wallets-Apr-2026
Screenshots:
None
Threat Actors: xorcat
Victim Country: Unknown
Victim Industry: Gaming and Gambling
Victim Organization: BLW99 Casino
Victim Site: blw99.com
Alleged data breach of 66THB online casino platform
Category: Data Breach
Content: Threat actor claims to have leaked a database from 66THB.com, a Thailand-based online casino platform, containing over 156,000 player records. The leaked data allegedly includes personal information, VIP levels, financial records, KYC verification data, device fingerprints, and login details of users primarily from Thailand, Singapore, and Malaysia.
Date: 2026-04-07T10:49:32Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-66thb-com-156K-Thailand-Casino-VIPs-Fingerprint-Logs-KYC-Full-DOX
Screenshots:
None
Threat Actors: xorcat
Victim Country: Thailand
Victim Industry: Gaming and Gambling
Victim Organization: 66THB
Victim Site: 66thb.com
Alleged leak of Chinese email credentials
Category: Combo List
Content: Actor MegaCloudshop shared a combolist containing 3.3K valid Chinese email credentials dated April 7th on cybercriminal forum.
Date: 2026-04-07T10:39:50Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3-3K-CHINA-Valid-Fresh-MAil-Access-07-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Chinese email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 3,300 allegedly valid email credentials from China, dated April 7th. The credentials are described as fresh and valid mail access.
Date: 2026-04-07T10:39:26Z
Network: openweb
Published URL: https://crackingx.com/threads/71381/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Japanese email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 4,900 valid Japanese email credentials dated April 7th on an underground forum.
Date: 2026-04-07T10:38:50Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-4-9K-Japan-Just-Valid-Mail-Access-07-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: Forum user snowstormxd distributed what appears to be fresh Hotmail credentials through free download links on Pasteview and Telegram. The post offers free access to credential data without specifying the number of records.
Date: 2026-04-07T10:38:47Z
Network: openweb
Published URL: https://crackingx.com/threads/71382/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Japanese email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 4,900 allegedly valid Japanese email credentials on an underground forum.
Date: 2026-04-07T10:38:14Z
Network: openweb
Published URL: https://crackingx.com/threads/71383/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Hisense USA
Category: Data Breach
Content: Threat actor claims to possess over 609,000 email records from Hisense USA obtained through various registration forms including TV QR code registration, product registration, and customer support forms. The data is being offered with samples provided via external paste sites.
Date: 2026-04-07T10:35:03Z
Network: openweb
Published URL: https://pwnforums.st/Thread-hisense-usa-com
Screenshots:
None
Threat Actors: Wadjet
Victim Country: United States
Victim Industry: Consumer Electronics
Victim Organization: Hisense USA
Victim Site: hisense-usa.com
Alleged leak of Hotmail credential combolist containing 337,000 records
Category: Combo List
Content: Threat actor MegaCloudshop shared a combolist containing 337,000 Hotmail credentials on cybercriminal forum. The post appears to offer free access to the credential list behind registration requirement.
Date: 2026-04-07T10:24:42Z
Network: openweb
Published URL: https://demonforums.net/Thread-337X-%C2%A0Hotmail-Just-Hits-07-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Russian email credentials
Category: Combo List
Content: A threat actor leaked approximately 1,400 Russian email credentials with full access capabilities. The credentials were made available as a free download on an underground forum.
Date: 2026-04-07T10:23:44Z
Network: openweb
Published URL: https://crackingx.com/threads/71378/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist
Category: Combo List
Content: Actor COYTO shared a combolist containing 4,000 mixed email and password combinations via a free download link on DemonForums.
Date: 2026-04-07T10:23:11Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-4K-MIXED-LEAK-PRIVATE
Screenshots:
None
Threat Actors: COYTO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 18,000 unique Hotmail email and password combinations on a cybercrime forum.
Date: 2026-04-07T10:22:59Z
Network: openweb
Published URL: https://crackingx.com/threads/71379/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of French email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 2,600 valid French email credentials dated April 7th. The credentials appear to be made available for free download to registered forum users.
Date: 2026-04-07T10:22:17Z
Network: openweb
Published URL: https://crackingx.com/threads/71380/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist from forums
Category: Combo List
Content: A threat actor shared a collection of 82,000 mixed credentials allegedly sourced from various forums. The post indicates these are valid email and password combinations being distributed on a cybercriminal marketplace.
Date: 2026-04-07T10:10:28Z
Network: openweb
Published URL: https://crackingx.com/threads/71377/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of identity document templates and verification materials
Category: Data Breach
Content: Threat actor claims to sell identity documents, drivers licenses, passports with selfie verification photos, and editable PSD templates for multiple countries. Actor offers custom document creation services and accepts cryptocurrency payments.
Date: 2026-04-07T09:46:59Z
Network: openweb
Published URL: https://demonforums.net/Thread-Sale-of-ID-DL-Selfie-Scans-Bills-PSD-templates-proof–199663
Screenshots:
None
Threat Actors: Bugoww
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Israeli electrical infrastructure by Handala hack group
Category: Data Breach
Content: The Handala hacktivist group claims to have extracted sensitive data related to Israels electrical infrastructure and transferred it to a missile unit described as on standby. The group states it is providing intelligence support for the Axis of Resistance and explicitly denies involvement from other countries. A link to Israeli news outlet Maariv is included, suggesting media coverage of the incident.
Date: 2026-04-07T09:40:48Z
Network: telegram
Published URL: https://t.me/c/3548035165/122
Screenshots:
None
Threat Actors: Handala
Victim Country: Israel
Victim Industry: Energy & Utilities
Victim Organization: Israeli Electrical Infrastructure
Victim Site: Unknown
Alleged data leak of NaturApps.es user database
Category: Data Leak
Content: A threat actor leaked a database containing 130,814 records from Spanish nature and wildlife mobile app platform NaturApps.es, including user IDs, device IDs, email addresses, and registration dates from a 2021 breach. The data spans from 2013-2021 with only approximately 5% containing complete email records.
Date: 2026-04-07T09:32:42Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-NaturApps-es-130K-Nature-Wildlife-App-Users-2021-Breach
Screenshots:
None
Threat Actors: xorcat
Victim Country: Spain
Victim Industry: Technology
Victim Organization: NaturApps
Victim Site: naturapps.es
Alleged solicitation for US/Canadian consumer data logs
Category: Logs
Content: Threat actor soliciting large quantities of consumer shopping logs from US and Canada containing personal information and credit card data. Actor specifically requests unsold logs with daily requirement of 2000+ entries.
Date: 2026-04-07T09:20:08Z
Network: openweb
Published URL: https://pwnforums.st/Thread-Seeking-fresh-US-CA-shopping-log-data
Screenshots:
None
Threat Actors: xiniouer
Victim Country: United States
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Alleged operational announcement of PwnForums escrow system
Category: Alert
Content: PwnForums cybercriminal marketplace announces the relaunch of their escrow system in semi-automatic mode with manual admin validation for all transactions. The platform operates on both clearnet and dark web domains to facilitate illegal transactions between threat actors.
Date: 2026-04-07T09:08:49Z
Network: openweb
Published URL: https://pwnforums.st/Thread-IMPORTANT-READ-Escrow-System-is-Now-Operational
Screenshots:
None
Threat Actors: John
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged proxy service advertisement for anonymity and account management
Category: Initial Access
Content: 1024Proxy advertises residential and static IP proxy services for traffic arbitrage, e-commerce, social media management, multi-accounting, and data scraping activities. The service claims to provide high anonymity and help reduce account ban risks.
Date: 2026-04-07T08:57:05Z
Network: openweb
Published URL: https://crackingx.com/threads/71375/
Screenshots:
None
Threat Actors: 1024proxy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: A threat actor allegedly shared a combolist containing 251,400 Hotmail credentials on the CrackingX forum. The post is located in the Combolists & Dumps section, suggesting free distribution of credential data.
Date: 2026-04-07T08:45:32Z
Network: openweb
Published URL: https://crackingx.com/threads/71373/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor alphaxdd shared a combolist containing 2,206 Hotmail email and password combinations on DemonForums. The credentials are described as valid and premium hits from private cloud sources.
Date: 2026-04-07T08:45:21Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-2206x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential list
Category: Combo List
Content: Threat actor shared a credential list containing 2,206 Hotmail email accounts described as premium hits with valid credentials from private cloud storage.
Date: 2026-04-07T08:44:51Z
Network: openweb
Published URL: https://crackingx.com/threads/71374/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of Sullus by DimasHxR
Category: Defacement
Content: DimasHxR defaced the Sullus website on April 7, 2026. The attack targeted a Czech Republic domain and was documented with a mirror available on zone-xsec.com.
Date: 2026-04-07T08:42:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831311
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Czech Republic
Victim Industry: Unknown
Victim Organization: Sullus
Victim Site: www.sullus.cz
Alleged leak of Croatian email credentials
Category: Combo List
Content: A threat actor shared a credential list containing over 12,000 email and password combinations allegedly from Croatia. The combolist is marked as fresh and dated April 7, 2026.
Date: 2026-04-07T08:21:20Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-12-K-%E2%9C%A6-Croatia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-7-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Croatia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Chinese credentials combolist
Category: Combo List
Content: A threat actor shared a fresh combolist containing over 11,000 email and password combinations allegedly from Chinese sources. The credentials are being distributed for free through hidden content on a cybercrime forum.
Date: 2026-04-07T08:20:48Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-11-K-%E2%9C%A6-China-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-7-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Cuban credentials combolist
Category: Combo List
Content: Threat actor CobraEgy shared a fresh combolist containing over 10,000 email and password combinations allegedly from Cuba. The credentials are being distributed for free through a forum post with hidden content requiring registration to access.
Date: 2026-04-07T08:19:29Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-10-K-%E2%9C%A6-Cuba-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-7-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Cuba
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,000 Hotmail email and password combinations on a cybercrime forum. The credentials are being distributed for free download via a paste site.
Date: 2026-04-07T08:18:27Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1K-HQ-HOTMAIL–199655
Screenshots:
None
Threat Actors: COYTO
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of Brazilian Electoral Court by spl1nt3r (m0z1ll4s team)
Category: Defacement
Content: The Brazilian Superior Electoral Court website was defaced by attacker spl1nt3r affiliated with the m0z1ll4s team on April 7, 2026. The attack targeted a search functionality page of the official electoral authority website.
Date: 2026-04-07T08:13:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831307
Screenshots:
None
Threat Actors: spl1nt3r, m0z1ll4s
Victim Country: Brazil
Victim Industry: Government
Victim Organization: Superior Electoral Court of Brazil
Victim Site: tse.jus.br
Website defacement of Brazilian Electoral Tribunal by spl1nt3r/m0z1ll4s team
Category: Defacement
Content: The Brazilian Regional Electoral Tribunal of Roraima website was defaced by attacker spl1nt3r affiliated with the m0z1ll4s team on April 7, 2026. The attack targeted a government judicial institution responsible for electoral processes in the state of Roraima.
Date: 2026-04-07T08:12:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831308
Screenshots:
None
Threat Actors: spl1nt3r, m0z1ll4s
Victim Country: Brazil
Victim Industry: Government
Victim Organization: Regional Electoral Tribunal of Roraima
Victim Site: www.tre-rr.jus.br
Alleged sale of kyuncall.com user database containing personal information and credentials
Category: Data Breach
Content: A threat actor is allegedly selling a 250GB+ database from kyuncall.com, a Japanese video chat platform. The data includes usernames, phone numbers, email addresses, plaintext and hashed passwords, birthdates, gender, location data, login timestamps, device information, and user activity metadata.
Date: 2026-04-07T08:06:44Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-kyuncall-com-Data-Exposure-%E2%80%94-User-Profiles-Phone-Numbers-Plaintext-Passwords-Leak
Screenshots:
None
Threat Actors: kyuncall.com Data Exposure — User Profiles, Phone Numbers & Plaintext Passwords Leak
Victim Country: Japan
Victim Industry: Technology
Victim Organization: kyuncall.com
Victim Site: kyuncall.com
Website defacement of xhamster.com by spl1nt3r (m0z1ll4s team)
Category: Defacement
Content: The attacker spl1nt3r from the m0z1ll4s team successfully defaced a search page on xhamster.com on April 7, 2026. The defacement targeted a specific search URL rather than the main homepage of the adult entertainment website.
Date: 2026-04-07T07:55:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831296
Screenshots:
None
Threat Actors: spl1nt3r, m0z1ll4s
Victim Country: Unknown
Victim Industry: Adult Entertainment
Victim Organization: xHamster
Victim Site: xhamster.com
Website defacement of adult entertainment site by spl1nt3r (m0z1ll4s team)
Category: Defacement
Content: Attacker spl1nt3r from the m0z1ll4s team defaced the adult entertainment website pornolandia.xxx on April 7, 2026. The incident was archived and documented on zone-xsec.com mirror service.
Date: 2026-04-07T07:54:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831298
Screenshots:
None
Threat Actors: spl1nt3r, m0z1ll4s
Victim Country: Unknown
Victim Industry: Adult Entertainment
Victim Organization: Pornolandia
Victim Site: www.pornolandia.xxx
Website defacement of Sushi Sushi restaurant by DimasHxR
Category: Defacement
Content: DimasHxR defaced the website of Sushi Sushi, an Italian restaurant, on April 7, 2026. The attack targeted a specific page within the restaurants media directory rather than the homepage.
Date: 2026-04-07T07:48:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831295
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Italy
Victim Industry: Food & Beverage
Victim Organization: Sushi Sushi
Victim Site: sushi-sushi.it
Website defacement of Logitech Brazil store by spl1nt3r (m0z1ll4s team)
Category: Defacement
Content: The attacker spl1nt3r from the m0z1ll4s team defaced the Brazilian Logitech store website on April 7, 2026. The defacement targeted a specific media subdirectory of the official Logitech retail site.
Date: 2026-04-07T07:36:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831294
Screenshots:
None
Threat Actors: spl1nt3r, m0z1ll4s
Victim Country: Brazil
Victim Industry: Technology/Retail
Victim Organization: Logitech
Victim Site: www.logitechstore.com.br
Website defacement of cmetrix.ru by DimasHxR
Category: Defacement
Content: DimasHxR defaced cmetrix.ru/b.html on April 7, 2026. This was a single-target defacement with no identified team affiliation or stated motivation.
Date: 2026-04-07T07:30:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831291
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: cmetrix.ru
Alleged advertisement of OSINT data aggregation platform
Category: Services
Content: Threat actor advertises OpenSense, an OSINT platform claiming to provide access to leaked or exposed personal information searchable by IP, email, Discord, Github, phone, username and other identifiers. The service claims to require no registration credentials and maintains no logs.
Date: 2026-04-07T07:30:22Z
Network: openweb
Published URL: https://pwnforums.st/Thread-OpenSense-Cheapest-OSINT-Platform
Screenshots:
None
Threat Actors: Glowie
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of gyrlandy.ru by DimasHxR
Category: Defacement
Content: Russian website gyrlandy.ru was defaced by threat actor DimasHxR on April 7, 2026. The attacker operated independently without team affiliation and targeted the sites readme.txt file.
Date: 2026-04-07T07:30:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831292
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: gyrlandy.ru
Alleged cyber attack and data breach of adatbank.ro (Romania)
Category: Data Breach
Content: Threat actor @kittysearchnews claims to have fully compromised adatbank.ro, a Romanian organization, gaining admin panel access with visibility into all data, clients, and configurations. The actor cites geopolitical motivation (Romania being unfriendly to the Russian Federation) and threatens to leak a full data archive contingent on 20 reactions to the post. A screenshot of the admin panel is included as proof.
Date: 2026-04-07T07:29:06Z
Network: telegram
Published URL: https://t.me/c/2738999379/275
Screenshots:
None
Threat Actors: kittysearchnews
Victim Country: Romania
Victim Industry: Unknown
Victim Organization: Adatbank
Victim Site: adatbank.ro
Website defacement of Wikideals by DimasHxR
Category: Defacement
Content: DimasHxR conducted a website defacement attack against South African e-commerce platform Wikideals on April 7, 2026. The attack targeted a specific subdirectory of the wikideals.co.za domain.
Date: 2026-04-07T07:23:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831287
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: South Africa
Victim Industry: E-commerce
Victim Organization: Wikideals
Victim Site: wikideals.co.za
Website defacement of Zacatrus by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Spanish board game retailer Zacatrus website on April 7, 2026. The defacement targeted a specific customer add page rather than the main homepage.
Date: 2026-04-07T07:23:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831288
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Spain
Victim Industry: Retail/Gaming
Victim Organization: Zacatrus
Victim Site: zacatrus.es
Website defacement of Speichermarkt by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the German storage market website speichermarkt.de on April 7, 2026. The incident appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-07T07:22:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831289
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Technology/Storage
Victim Organization: Speichermarkt
Victim Site: www.speichermarkt.de
Website defacement of Arcdyn by DimasHxR
Category: Defacement
Content: The attacker DimasHxR successfully defaced a media directory on the Arcdyn website on April 7, 2026. This appears to be a targeted single-site defacement attack rather than part of a mass campaign.
Date: 2026-04-07T07:22:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831290
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Arcdyn
Victim Site: arcdyn.com
Alleged leak of Maxi_Leaks credential database
Category: Data Leak
Content: Threat actor CobraEgy shared an 8.1 GB collection of credentials labeled as Maxi_Leaks containing login credentials and passwords, allegedly fresh and high quality data from July 4, 2026.
Date: 2026-04-07T07:21:09Z
Network: openweb
Published URL: https://demonforums.net/Thread-Request-%E2%9C%A6%E2%9C%A6-LOG-S-%E2%9C%A6%E2%9C%A6-Maxi-Leaks-%E2%9C%A6%E2%9C%A6-7-4-2026-%E2%9C%A6%E2%9C%A6-8-1-GB-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Russian MVD Rospassport system
Category: Data Breach
Content: Threat actor claims to be selling a 636 GB database from Russias Rospassport system containing personal data of 159.6 million Russian citizens, including passport details, addresses, and biometric photos, allegedly breached in December 2021. The data is offered for $6,000 and includes three main tables with documents, addresses, and photographs.
Date: 2026-04-07T07:19:10Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-MVD-2004-2022-PHOTO
Screenshots:
None
Threat Actors: Flexx
Victim Country: Russia
Victim Industry: Government
Victim Organization: MVD Russia (Rospassport system)
Victim Site: Unknown
Website defacement of meudome.com by spl1nt3r (m0z1ll4s team)
Category: Defacement
Content: The attacker spl1nt3r, affiliated with the m0z1ll4s team, successfully defaced the meudome.com website on April 7, 2026. The defacement targeted a specific customer management section of the site.
Date: 2026-04-07T07:16:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831274
Screenshots:
None
Threat Actors: spl1nt3r, m0z1ll4s
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: meudome.com
Website defacement of belikatimens.ru by DimasHxR
Category: Defacement
Content: On April 7, 2026, the website belikatimens.ru was defaced by an individual attacker identified as DimasHxR. The defacement targeted a specific page (b.html) on the Russian domain and was not part of a mass defacement campaign.
Date: 2026-04-07T07:15:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831284
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: belikatimens.ru
Alleged data leak of Zmuth.com database containing WhatsApp API keys and CRM data
Category: Data Leak
Content: A threat actor shared a database dump from Zmuth.com containing over 40,000 records including email addresses, phone numbers, WhatsApp IDs, message logs, live CRM API keys, and business contact details. The leaked data includes sensitive information from a digital marketing and CRM platform with WhatsApp automation capabilities.
Date: 2026-04-07T07:09:31Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-40K-Zmuth-com-LIVE-WhatsApp-API-Keys-Full-CRM-April-2026
Screenshots:
None
Threat Actors: xorcat
Victim Country: Unknown
Victim Industry: Digital Marketing
Victim Organization: Zmuth
Victim Site: zmuth.com
Website defacement of anti-stress-ente.com by DimasHxR
Category: Defacement
Content: DimasHxR successfully defaced the anti-stress-ente.com website on April 7, 2026. The attack was documented and archived on the Zone-Xsec mirror platform with ID 831251.
Date: 2026-04-07T07:09:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831251
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: anti-stress-ente.com
Alleged data leak of MyLovely.AI platform
Category: Data Leak
Content: Threat actor leaked a database dump from NSFW AI artwork generation platform MyLovely.AI containing over 106,000 users personal information, generated content, private prompts, and profile metadata from April 2026.
Date: 2026-04-07T07:09:04Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-MyLovely-AI-106K-Users-AI-Generated-Content-Private-Prompts-April-2026
Screenshots:
None
Threat Actors: xorcat
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: MyLovely.AI
Victim Site: Unknown
Alleged data leak of Elbit Systems Hermes Drone Design Team Personnel by Handala Hack
Category: Data Leak
Content: The threat actor group Handala Hack claims to have published the first image revealing core members of the Hermes drone design and development team at Elbit Systems, an Israeli defense contractor. The group states this is the beginning of a broader exposure campaign targeting hidden aspects of Israeli military and security projects, with promises of more names and details to follow.
Date: 2026-04-07T07:04:17Z
Network: telegram
Published URL: https://t.me/c/3548035165/121
Screenshots:
None
Threat Actors: HANDALA HACK
Victim Country: Israel
Victim Industry: Defense & Aerospace
Victim Organization: Elbit Systems
Victim Site: elbitsystems.com
Website defacement of piipitin.fi by spl1nt3r (m0z1ll4s team)
Category: Defacement
Content: Threat actor spl1nt3r, associated with the m0z1ll4s team, successfully defaced the Finnish website piipitin.fi on April 7, 2026. The attack targeted a specific web path containing pastebin-related content.
Date: 2026-04-07T07:03:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831250
Screenshots:
None
Threat Actors: spl1nt3r, m0z1ll4s
Victim Country: Finland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: piipitin.fi
Alleged Insider Access Compromise of Elbit Systems Camera Infrastructure
Category: Initial Access
Content: Hacktivist group Handala Hack alleges that an individual named Vered Haimovich received €40,000 in exchange for providing unauthorized access to Elbit Systems camera systems. The post implies a clandestine meeting in Uzbekistan was the origin of the deal. The group teases further revelations, suggesting this is a precursor to a larger data leak or exposure campaign targeting Elbit Systems, a major Israeli defense and technology company.
Date: 2026-04-07T07:03:11Z
Network: telegram
Published URL: https://t.me/c/3548035165/116
Screenshots:
None
Threat Actors: HANDALA HACK
Victim Country: Israel
Victim Industry: Defense & Aerospace
Victim Organization: Elbit Systems
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 3,116 allegedly valid Hotmail email credentials on a cybercrime forum. The credentials are described as fresh and valid, suggesting they may be recently compromised accounts.
Date: 2026-04-07T06:58:09Z
Network: openweb
Published URL: https://crackingx.com/threads/71370/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor shared what appears to be a Hotmail credentials combolist on a cybercrime forum. The post indicates high-quality (HQ) credentials are being distributed through hidden content requiring forum registration to access.
Date: 2026-04-07T06:47:57Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9A%A1%E2%9A%A1-X1043-HQ-Hotmail-%E2%9A%A1%E2%9A%A1-BY-Steveee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed credential combinations targeting specific keywords
Category: Combo List
Content: A threat actor shared a combolist containing 4,382 valid credential combinations with keyword-based targets for free download on a cybercriminal forum.
Date: 2026-04-07T06:35:57Z
Network: openweb
Published URL: https://crackingx.com/threads/71369/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Poder Judicial de Baja California registry
Category: Data Leak
Content: Threat actor leaked a registry of attorneys and public officials from Baja California state containing personal information including photos, names, identification numbers, contact details, and over 30,000 personal documents dating from 2013 to present.
Date: 2026-04-07T06:35:47Z
Network: openweb
Published URL: https://darkforums.su/Thread-MX-LEAK-PODER-JUDICIAL-DE-BAJA-CALIFORNIA-LEAK-MX
Screenshots:
None
Threat Actors: Thelizard001
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Poder Judicial de Baja California
Victim Site: Unknown
Alleged data breach of SAFir Stores
Category: Data Leak
Content: User McLovin claims to have leaked a customer database from SAFir Stores containing over 150,000 records, allegedly from a breach that occurred in October 2025. The database is being made available for free download on dark web forums.
Date: 2026-04-07T06:35:16Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-IRAN-safirstores-com-150K
Screenshots:
None
Threat Actors: McLovin
Victim Country: Iran
Victim Industry: Retail
Victim Organization: SAFir Stores
Victim Site: safirstores.com
Alleged data leak of OurDreambox forum database
Category: Data Leak
Content: A threat actor leaked a SQL database dump from the OurDreambox online forum containing user registration data including usernames, email addresses, password hashes, IP addresses, and membership levels. The database contains comprehensive user account information with timestamps and user status flags.
Date: 2026-04-07T06:34:56Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-ourdreambox-com-online-forum-database-12k-users
Screenshots:
None
Threat Actors: blackwinter99
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: OurDreambox
Victim Site: ourdreambox.com
Alleged data leak of Samarinda city government civil servants database
Category: Data Leak
Content: A threat actor shared what is claimed to be a full database containing personal information of civil servants and PPPK employees from the Samarinda city government in Indonesia.
Date: 2026-04-07T06:34:34Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-database-of-civil-servants-and-PPPK-of-Samarinda-city-government-Indonesia
Screenshots:
None
Threat Actors: karedoxcbr
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Samarinda city government
Victim Site: Unknown
Alleged data leak of Sortirensemble.com database
Category: Data Leak
Content: Armenian hacker group HXH (HAY X HACKER) leaked a 1.6MB CSV database file from sortirensemble.com via MediaFire. The leak appears to be politically motivated with references to Artsakh.
Date: 2026-04-07T06:24:37Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-sortirensemble-com–72542
Screenshots:
None
Threat Actors: HXH__HAYXHACKER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Sortirensemble
Victim Site: sortirensemble.com
Alleged data leak of CONALEP Morelos educational institution
Category: Data Leak
Content: Threat actor Lvn4t1k0 leaked personal data from CONALEP Morelos including teacher information (RFC, CURP, Gmail, passwords, usernames, full names) and student credentials. Three files were made available for download containing teacher and student login credentials for the institutions online systems.
Date: 2026-04-07T06:24:15Z
Network: openweb
Published URL: https://darkforums.su/Thread-CONALEP-MORELOS-DATOS-PERSONALES
Screenshots:
None
Threat Actors: Lvn4t1k0
Victim Country: Mexico
Victim Industry: Education
Victim Organization: CONALEP Morelos
Victim Site: conalepmorelos.edu.mx
Alleged data breach of Banco Agrario Colombia database
Category: Data Leak
Content: Threat actor Petro_Escobar claims to have leaked internal and confidential databases from Banco Agrario Colombia containing customer financial information including loan details, payment records, and personal data from 2022 operations. The database is being distributed for free and contains 40,000 records with detailed customer financial information including names, document numbers, loan amounts, and payment statuses.
Date: 2026-04-07T06:23:52Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Banco-Agrario-EmergiaCC-Conalcreditos-ColombiA
Screenshots:
None
Threat Actors: Petro_Escobar
Victim Country: Colombia
Victim Industry: Financial Services
Victim Organization: Banco Agrario
Victim Site: bancoagrario.gov.co
Alleged data breach of Harvard University
Category: Data Breach
Content: Threat actor claims to have compromised over 1 million records containing personally identifiable information and donation data from Harvard University. The data is reportedly 1.1GB compressed and contact is provided via Telegram.
Date: 2026-04-07T06:12:57Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Harvard-University
Screenshots:
None
Threat Actors: McLovin
Victim Country: United States
Victim Industry: Education
Victim Organization: Harvard University
Victim Site: Unknown
Alleged sale of Serbian gynecology clinic database
Category: Data Breach
Content: Threat actor claims to be selling remaining files from a Serbian gynecology clinic database breach, including patient data, banking statements, employee documents, and internal company information. Actor threatens to leak additional clinic databases if affiliates are arrested.
Date: 2026-04-07T06:12:54Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-RS-Serbia-Gynecology-Part-2
Screenshots:
None
Threat Actors: RatkoMladic
Victim Country: Serbia
Victim Industry: Healthcare
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of University of Pennsylvania
Category: Data Breach
Content: Threat actor claims to have compromised 1.2 million records containing personally identifiable information and donation data from the University of Pennsylvania, contradicting official reports of fewer than 10 affected records.
Date: 2026-04-07T06:12:33Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-University-of-Pennsylvania
Screenshots:
None
Threat Actors: McLovin
Victim Country: United States
Victim Industry: Education
Victim Organization: University of Pennsylvania
Victim Site: Unknown
Website defacement of Farmácia Superfarma by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL defaced the blog section of Brazilian pharmacy chain Farmácia Superfarmas website on April 7, 2026. The attack targeted a single page rather than the main homepage or multiple sites simultaneously.
Date: 2026-04-07T06:07:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831249
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Brazil
Victim Industry: Healthcare/Pharmacy
Victim Organization: Farmácia Superfarma
Victim Site: farmaciasuperfarma.com.br
Alleged leak of WordPress credentials
Category: Combo List
Content: Forum post allegedly sharing WordPress login credentials with valid URLs. No content details are available to verify the scope or authenticity of the claimed credentials.
Date: 2026-04-07T05:50:51Z
Network: openweb
Published URL: https://crackingx.com/threads/71367/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of jayrama.com by CYKOMNEPAL
Category: Defacement
Content: The threat actor CYKOMNEPAL successfully defaced the jayrama.com website on April 7, 2026. This appears to be an isolated defacement incident targeting a single website rather than a mass defacement campaign.
Date: 2026-04-07T05:39:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831247
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: jayrama.com
Alleged defacement of dev.karyakeeper.com by MR YOS
Category: Defacement
Content: A threat actor using the handle MR YOS claims to have defaced the website dev.karyakeeper.com. The defacement message includes shoutouts to multiple Indonesian hacking groups including Defacer Indonesian Team, Z_BLACK HAT, Enther Error System, Cyber Operations Culture, Dream Hack, Brotherhood Capung Indonesia, Cyber Team Indonesia, Bekasi Root Sec, Babayo Error System, BD Anonymous Team, Silent Error System, and VYN-GROUP.
Date: 2026-04-07T05:35:12Z
Network: telegram
Published URL: https://t.me/c/3755871403/199
Screenshots:
None
Threat Actors: MR YOS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Karya Keeper
Victim Site: dev.karyakeeper.com
Alleged defacement of victoris.ch by MR YOS
Category: Defacement
Content: A threat actor using the handle MR YOS claims to have defaced the website victoris.ch. The post includes a photo as evidence and credits multiple hacking groups including Defacer Indonesian Team, Z_BLACK HAT, Enther Error System, Cyber Operations Culture, Dream Hack, Brotherhood Capung Indonesia, Cyber Team Indonesia, Bekasi Root Sec, Babayo Error System, BD Anonymous Team, Silent Error System, and VYN-GROUP.
Date: 2026-04-07T05:34:42Z
Network: telegram
Published URL: https://t.me/c/3755871403/197
Screenshots:
None
Threat Actors: MR YOS
Victim Country: Switzerland
Victim Industry: Unknown
Victim Organization: Victoris
Victim Site: victoris.ch
Alleged defacement of aapnaadda.com by MR YOS
Category: Defacement
Content: A threat actor identified as MR YOS claims to have defaced the website aapnaadda.com. The post includes a photo as proof and credits multiple Indonesian hacking groups and individuals including DEFACER INDONESIAN TEAM, HMEI7, Z_JAWA, Z_BLACK_HAT, ENTHER ERROR SYSTEM, CYBER OPERATIONS CULTURE, MR_SILENT, ZAMSEC, DREAM HACK, BROTHERHOOD CAPUNG INDONESIA, CYBER TEAM INDONESIA, BEKASI ROOT SEC, BABAYO ERROR SYSTEM, and BD Anonymous.
Date: 2026-04-07T05:33:58Z
Network: telegram
Published URL: https://t.me/c/3755871403/195
Screenshots:
None
Threat Actors: MR YOS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Aapna Adda
Victim Site: aapnaadda.com
Website defacement of yourlyfeapp.com by H4CKTHOR
Category: Defacement
Content: The attacker H4CKTHOR successfully defaced the yourlyfeapp.com website on April 7, 2026. The defacement targeted a single page rather than being part of a mass or repeat attack campaign.
Date: 2026-04-07T05:10:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831245
Screenshots:
None
Threat Actors: H4CKTHOR
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: YourLyfe App
Victim Site: yourlyfeapp.com
Website defacement of Le Clos de Chatres by H4CKTHOR
Category: Defacement
Content: The attacker H4CKTHOR conducted a redefacement of the French hospitality website leclosdechatres.com on April 7, 2026. This incident represents a repeat attack against the same target.
Date: 2026-04-07T05:09:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831246
Screenshots:
None
Threat Actors: H4CKTHOR
Victim Country: France
Victim Industry: Hospitality
Victim Organization: Le Clos de Chatres
Victim Site: leclosdechatres.com
Alleged data leak of Instituto Tecnológico Campus Tuxtla Gutiérrez database
Category: Data Leak
Content: User Z3r00 shared a database containing personal information from Instituto Tecnológico Campus Tuxtla Gutiérrez including full names, phone numbers, parent names, addresses, postal codes, CURP numbers, gender, and email addresses. The data is made available as a free download through an anonymous file sharing service.
Date: 2026-04-07T04:41:21Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-CHIAPAS-INSTITUTO-TECNOLOGICO-CAMPUS-TUXTLA-GTZ
Screenshots:
None
Threat Actors: Z3r00
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Instituto Tecnológico Campus Tuxtla Gutiérrez
Victim Site: Unknown
Website defacement of Clearance King by DimasHxR
Category: Defacement
Content: DimasHxR conducted a redefacement attack against the UK-based retail company Clearance Kings website on April 7, 2026. This incident represents a repeated compromise of the same target by the individual attacker.
Date: 2026-04-07T04:24:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831244
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Retail
Victim Organization: Clearance King
Victim Site: www.clearance-king.co.uk
Alleged data breach of Chinas National Super-computing Center (NSCC) Research Facility
Category: Data Breach
Content: Threat actor claims to have breached Chinas National Super-computing Center research facility, allegedly obtaining 10+ petabytes of sensitive research data across aerospace engineering, military research, bioinformatics, and fusion simulation from organizations including AVIC, COMAC, NUDT, NWPU, and HUST. The actor is selling access to the dataset with a current highest bid of 1500 XMR.
Date: 2026-04-07T04:06:44Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Data-Breach-China-s-National-Super-computing-Center-NSCC-Research-Facility-HACKED
Screenshots:
None
Threat Actors: airborneshark1
Victim Country: China
Victim Industry: Government/Research
Victim Organization: Chinas National Super-computing Center (NSCC) Research Facility
Victim Site: Unknown
Website defacement of Libus by DimasHxR
Category: Defacement
Content: DimasHxR conducted a redefacement attack against Libus, a Colombian organization, targeting their media subdirectory on April 7, 2026. This was identified as a redefacement rather than an initial compromise of the website.
Date: 2026-04-07T03:50:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831226
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Colombia
Victim Industry: Unknown
Victim Organization: Libus
Victim Site: www.libus.com.co
Alleged sale of stolen CVV credit card data with high balance claims
Category: Data Leak
Content: A user is advertising stolen CVV credit card data claiming 100% validity and high balances, directing users to a Telegram channel (t.me/genhaosan123) for carding services. A separate forwarded message promotes a CVV benefits chat group via @nzccg001. Both posts relate to carding/stolen financial data activity.
Date: 2026-04-07T03:35:05Z
Network: telegram
Published URL: https://t.me/c/2613583520/59752
Screenshots:
None
Threat Actors: NeZha CVV Support
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Ukrainian identity documents and KYC data from 160+ countries
Category: Data Breach
Content: Threat actor claims to sell verified KYC data packages including passports, ID cards, drivers licenses, and personal information from over 160 countries including Ukraine. The actor provides contact information for bulk orders and claims instant access to searchable identity documents with selfies.
Date: 2026-04-07T03:34:11Z
Network: openweb
Published URL: https://darkforums.su/Thread-Ukrainian-ID-card
Screenshots:
None
Threat Actors: Arnoldsudney
Victim Country: Ukraine
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed forum credential combolist
Category: Combo List
Content: A threat actor leaked a combolist containing 82,000 mixed credentials allegedly sourced from various forums.
Date: 2026-04-07T02:51:24Z
Network: openweb
Published URL: https://crackingx.com/threads/71361/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of stolen credit cards and carding tools in marketplace channel
Category: Logs
Content: Multiple actors in the Squad Chat Marketplace channel are advertising stolen credit cards (CC/CVV), high-balance cards, card checker tools, and related carding services via Telegram handles including @vcxdcvx, @cocococococococo1, t.me/genhaosan123, and @nzccg001. Posts include multilingual (English and Chinese) promotions targeting international buyers.
Date: 2026-04-07T02:28:32Z
Network: telegram
Published URL: https://t.me/c/2613583520/59715
Screenshots:
None
Threat Actors: Squad Chat Marketplace
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Turkish identity documents and KYC data from multiple countries
Category: Data Leak
Content: Threat actor shared Turkish ID card data via file hosting service and advertised access to verified KYC data including passports, ID cards, drivers licenses, and personal information from over 160 countries. Contact information provided for bulk orders suggesting commercial operation.
Date: 2026-04-07T02:26:18Z
Network: openweb
Published URL: https://darkforums.su/Thread-Turkish-ID-card
Screenshots:
None
Threat Actors: Arnoldsudney
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor Kommander0 shared a combolist containing 11,000 alleged valid Hotmail email and password combinations via file sharing service. The credentials are being distributed for free download on underground forums.
Date: 2026-04-07T02:15:58Z
Network: openweb
Published URL: https://crackingx.com/threads/71360/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of Bazara by DimasHxR
Category: Defacement
Content: DimasHxR conducted a redefacement attack against the Mozambican e-commerce platform Bazara. This represents a second compromise of the target website by the same threat actor.
Date: 2026-04-07T02:10:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831201
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Mozambique
Victim Industry: E-commerce
Victim Organization: Bazara
Victim Site: www.bazara.co.mz
Alleged leak of mixed credential combolist
Category: Combo List
Content: A threat actor shared an 18,000 record mixed credential combolist described as high quality for free download on a cybercriminal forum.
Date: 2026-04-07T02:05:18Z
Network: openweb
Published URL: https://crackingx.com/threads/71359/
Screenshots:
None
Threat Actors: lpbPrivate
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared 1,388 allegedly valid Hotmail credentials on a cybercriminal forum. The actor claims the credentials are high quality and obtained from a private cloud source.
Date: 2026-04-07T01:30:14Z
Network: openweb
Published URL: https://crackingx.com/threads/71358/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: User redcloud shared a combolist containing 6,500 allegedly valid Hotmail email credentials for free download via MediaFire. The threat actor claims the credentials provide mail access and are high quality.
Date: 2026-04-07T00:56:21Z
Network: openweb
Published URL: https://crackingx.com/threads/71357/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of credential lists from multiple platforms including gaming, social media, and other services
Category: Combo List
Content: Threat actor distributes credential lists containing email:password combinations from various platforms including gaming sites, social media platforms (Tinder, Facebook, Twitter, Instagram, Reddit), and other online services. The credentials are being shared freely through Telegram channels.
Date: 2026-04-07T00:34:26Z
Network: openweb
Published URL: https://crackingx.com/threads/71356/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email and password credential list
Category: Combo List
Content: A threat actor shared a combolist containing 160,000 email and password combinations described as fresh and high quality. The credentials appear to be from mixed sources and are being distributed for free download.
Date: 2026-04-07T00:02:06Z
Network: openweb
Published URL: https://crackingx.com/threads/71354/
Screenshots:
None
Threat Actors: steeve75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown