[April-8-2026] Daily Cybersecurity Threat Report

1. Executive Summary This report details a series of recent cyber incidents, providing key information for each event, including published URLs, associated screenshots, and threat actor details, strictly based on the provided data. The provided dataset comprises 258 individual cybersecurity events, predominantly recorded on April 8, 2026, which showcase a volatile and highly active global cyber threat landscape. The observed incidents span multiple critical categories, including massive data breaches, targeted data leaks, extensive credential stuffing operations fueled by combo lists, politically motivated website defacements, infrastructure attacks, and the sale of initial access or malware tools.

A significant portion of the recorded events involves the mass distribution of compromised credentials (combo lists) targeting major technology providers, e-commerce platforms, and regional populations. Simultaneously, high-profile corporate entities such as Ticketmaster, Cisco, and Airbus SE experienced severe data or source code exposures. Critical infrastructure was actively targeted, particularly in India and Taiwan, demonstrating an alarming intersection between cyber capabilities and physical utility disruption. Furthermore, hacktivist groups heavily influenced the threat landscape, executing coordinated defacement campaigns and direct threats against government officials and infrastructure, heavily influenced by geopolitical conflicts in the Middle East and Eastern Europe.

2. High-Profile Corporate and Government Data Breaches

The dataset reveals several catastrophic data breaches impacting major multinational corporations and government entities, resulting in the unauthorized exposure of highly sensitive personally identifiable information (PII), source code, and classified research.

Ticketmaster and Live Nation: The threat actor “ShinyHunters” orchestrated multiple massive data sales involving Ticketmaster. The actor claimed to sell a dataset containing full employee PII from Ticketmaster, including names, emails, addresses, cities, ZIP codes, phone numbers, IP addresses, and browser fingerprints. The data was offered for $15,000. ShinyHunters explicitly stated this was a separate incident from the previously known 2024 Ticketmaster breach. Furthermore, ShinyHunters claimed to possess approximately 4.51TB of Ticketmaster archive data. In a separate listing, the actor attempted to sell a massive Ticketmaster database for $25,000, allegedly containing 980 million sales orders, 680 million order details, 1.2 billion party lookup records, 440 million unique email addresses, 560 million AVS detail records, and 400 million encrypted credit card details.
Cisco Systems: ShinyHunters also targeted Cisco, offering 500,000 lines of Cisco source code for $10,000 USD via the Telegram handle @shinyc0rpsss.
China National Supercomputing Center (NSCC): A threat actor known as “amazcyber” claimed to have breached China’s NSCC, allegedly exfiltrating over 10 petabytes of classified military and aerospace research data. The compromised data reportedly includes simulation data, design files, satellite telemetry, and defense contractor research.
Airbus SE: The threat actor “AckLine” allegedly leaked 16GB of compressed Airbus SE source code through a file-sharing service. This archive contained 1,220 directories and 6,207 files originating from the Airbus Artifactory.
Morgan Stanley: The threat actor “McLovin” advertised a database containing 2.77 million records of male financial investors from Morgan Stanley for $800 USD. The data included full names, emails, addresses, and phone numbers.
ENEA: The Swedish telecommunications and cybersecurity company ENEA allegedly suffered a data breach in November 2025 by the threat actor “KaruHunters,” resulting in a source code leak that was made available for free download by a forum moderator named Tanaka.
Shanghai Fudan Microelectronics Group: The threat actor “s1ic3r” leaked 175 MB of compressed documents, schematics, and intellectual property from the company, claiming the breach occurred in April 2026.
Mytheresa: The luxury retail platform suffered a breach, with actor “McLovin” selling 920,000 customer records for $840 USD. The data included names, addresses, contact details, dates of birth, and IP addresses.
Hisense USA: A threat actor leaked customer registration data containing over 600,000 email records across multiple categories, including TV QR code registrations and service support inquiries.
Indonesian Government (Satpol PP): The threat actor “capybaraxploit” claimed to have targeted the database of satpolpp.go.id, an Indonesian government law enforcement agency.
Bitwyre: A threat actor breached the Indonesian cryptocurrency exchange Bitwyre in April 2026, stealing the company’s source code and offering it for free download.
Treasurenet: A treasure hunting forum database from August 2020 containing over 143,000 user records (emails, IP addresses, MD5+salt hashed passwords) was leaked by the actor “Seacoat”.

3. Cyber Attacks on Critical Infrastructure and OT/IoT Systems

The intelligence highlights severe escalations in cyber-physical attacks, where threat actors targeted Operational Technology (OT) and critical utility infrastructure, threatening public safety and grid stability.

Indian Water and Power Infrastructure: The “Infrastructure Destruction Squad” claimed successful compromise of Indian critical infrastructure, including water supply systems, reservoir monitoring systems, and power grids. The group claimed to have cut off water supply to one village for 3 days as a warning and threatened simultaneous disruption to hundreds of villages. They possessed detailed reservoir water levels (e.g., main reservoir 39,000L) and government development plan progress metrics.
SAI LILAGAR POWER GENERATION LIMITED (India): The same “Infrastructure Destruction Squad” compromised this Indian power generation company, exfiltrating extensive operational data. Compromised metrics included instantaneous and average grid frequency data (49.93–50.13 Hz), dispatch metrics, fuel rates, and real-time gas turbine outputs. The actor highlighted negative output power values (up to -19.10 MW), indicating the plant was drawing from the grid, highlighting severe grid instability.
Taiwan Smart Energy Metering: The “Z-Pentest Alliance” gained unauthorized access to the Smart Remote Meter Reading & Energy Management System (model SMART-100-5) manufactured by Zhisheng Automation Technology Co., Ltd.. Widely deployed in rental properties, the compromise allowed full real-time access to electricity meter readings, the ability to modify nominal current settings, reset alarms, and control electromagnetic door locks and lighting. The attack was tagged “#OpTaiwan”.
Botswana Energy Regulatory Authority (BERA): The “Infrastructure Destruction Squad” infiltrated BERA systems, stealing sensitive documents including Small-Scale Embedded Generation (SSEG) license applications (e.g., Gaborone Solar Grid project), wind energy license applications, and active licenses for entities like TotalEnergies Botswana.
Egyptian Oil Company (WASCO): A hacker group named “Payload” claimed to have infiltrated the systems of Al-Wustani (WASCO), allegedly exfiltrating approximately 50GB of data on April 7, 2026.
United Arab Emirates: The UAE reported a massive surge in AI-powered cyberattacks targeting the country, occurring at a rate of hundreds of thousands of incidents daily, including vulnerability reconnaissance and malware development.

4. Hacktivism, Extortion, and Politically Motivated Campaigns

Geopolitical tensions heavily influenced the cyber threat landscape, resulting in targeted doxxing, extortion, and mass defacements orchestrated by politically aligned hacktivist groups.

Doxxing and Death Threats Targeting the US White House: The US White House Press Secretary, Karoline Leavitt, and her family were subjected to a severe, targeted doxxing and extortion campaign. The threat actor “ZXR” sent emails containing explicit assassination threats, GPS coordinates of their home, financial history, and an extortion demand requiring Leavitt to announce a 2-day leave on X within 24 hours. The threats explicitly included her infant son. Concurrently, an Iranian-linked group identifying as “Shamshir Ali” (شمشیر علی) collaborated with the “Hashashin” team to publish Leavitt’s personal information in Farsi with Islamic religious framing, exposing detailed business addresses and her spouse’s personal phone number.
Cyber Islamic Resistance and Middle East Operations: The hacktivist group “Cyber Islamic Resistance” defaced 38 Israeli websites belonging to tourism, entertainment, and commercial entities. The operation was framed as retaliation for the 38-day closure of the Al-Aqsa Mosque. Furthermore, the group announced coordinated cyber operations alongside the Russian hacktivist group “KillNet,” stating all fronts have been opened against an unspecified enemy.
Handala Operations Against Israel: The “Handala” hacking group claimed persistent, long-term direct access to Israeli military commanders’ systems, obtaining unedited, full-resolution images of forces and equipment. Handala also issued a direct threat against former Chief of the General Staff of the IDF, General Herzi Halevi, claiming to have him under intelligence surveillance. The group published a threat manifesto pledging continued cyber operations against Israeli and US infrastructure.
Russia-Iran Cyber Cooperation: Reports indicated that Russia has been providing satellite imagery and cyber support to Iran to assist in targeting attacks in the Middle East, with alleged collaboration between Russian and Iranian hacker groups against infrastructure.
Wolves of Turan: The hacktivist group posted a threatening message stating “Today it will be hot in Armenia,” tagged with #opArmenia, suggesting imminent attacks against Armenian infrastructure.
OpsShadowStrike: This hacktivist group defaced the website of The Saksham School in India, operating in collaboration with Malaysian hacktivist groups such as TengkorakCyberCrew and EagleCyberCrew. The operation was politically motivated, referencing pro-Palestinian and anti-Israel sentiments. The same coalition defaced the Indian educational site pmskaliyana.edu.in.
NoName057(16): This pro-Russia hacktivist group claimed unauthorized access to the CAME Parkare parking payment terminal system at University Hospitals of Leicester NHS Trust in the UK, alleging they could monitor all license plates of vehicles entering the hospital in real time. The attack was tagged OpGreatBritain.

5. Malware, Tools, and Initial Access Services

Threat actors actively distributed custom malware, brute-force tools, and sold initial access to critical networks, lowering the barrier to entry for other cybercriminals.

Cisco SSL VPN Brute-Force Tool: The actor “ShinyHunters” published a Python-based brute-force script targeting Cisco SSL VPN (AnyConnect/WebVPN) portals via the /+CSCOE+/logon.html and /+webvpn+/index.html endpoints. The tool enumerates VPN groups from the login page and attempts credential stuffing using a hardcoded list of 27 common username:password pairs (e.g., admin:admin, cisco:cisco, root:password). The script utilizes 50 concurrent workers for mass scanning capability.
BreachForums Infrastructure Takedown: BreachForums experienced law enforcement action, resulting in the suspension of their backup CDN file hosting account and loss of access to hosted files. The forum claimed to have restored user data up to February 2026.
Government VPN Access Sales: The actor “AckLine” offered paid access to Algerian government Fortinet infrastructure. The same actor sold access to an Argentine government VPN system utilizing Fortinet technology for $400.
Aerospace Firm Initial Access: An actor named “miyako” attempted to sell root-level remote code execution access to a firewall at a major US aerospace and defense company with $20 billion in revenue for $1000.
Cybercriminal Infrastructure Exposure: A Russian-language post exposed an actor (“ThorZireael”) allegedly operating a Cobalt Strike team server, a botnet, DDoS stresser services (stresser.tech and swifty.club), and two ransomware hack forums from a single IP address registered under their real name and home address.
Webshell Exploits: A member of the “Nullsec Philippines” channel offered free webshell exploits, which are used to maintain persistent unauthorized access to compromised web servers.
Document Forgery and SEO Manipulation: The actor “vlesskey” advertised paid document forgery services through Photoshop manipulation. Another actor, “SEO_killers,” advertised services including website removal from search results, DMCA abuse, and phishing campaign development for $200-$500.
Session ID Hijacking: The actor “0BITS” advertised a session ID hijacking service on PwnForums for $5,000 USD in XMR.

6. Healthcare and Educational Sector Breaches

The healthcare and educational sectors suffered extensive data leaks, exposing highly sensitive medical and personal records to the public internet.

ChipSoft (Netherlands): A severe cyberattack targeted ChipSoft, a major electronic health record provider in the Netherlands, forcing eleven hospitals to disconnect their portals. Reports suggested the use of ransomware, impacting approximately three-quarters of Dutch hospitals.
Mexican Healthcare Infrastructure: The actor “Thelizard001” leaked a database containing over 580,000 patient records from the Secretaria de Salud del Estado de Chihuahua, including medical details. The same actor leaked medical records and appointment data from the Centro de Estudios Clinicos Anahuac Mayab.
Oncologica and Debene: The threat actor “TiMc” breached oncologica.com and debene.com, advertising over 500GB of healthcare data.
African and Asian Health Systems: The group “Keymous Plus” claimed initial access to Health Management Information Systems (HMIS / DHSI panels) affecting multiple countries across Africa and Asia.
Mexican Educational Institutes: A threat actor operating as “MagoSpeak” systematically leaked student and faculty data across multiple Mexican technical institutes. This included 514 records from Instituto Tecnológico del Sur de Guanajuato , 678 records from Instituto Tecnológico del Valle de Oaxaca , 1,110 records from Instituto Tecnológico del Valle de Etla , and 1,404 records from Instituto Tecnológico de Estudios Superiores de Purépecha. The data included deep PII such as CURP numbers, financial aid amounts, indigenous language status, and municipality-level marginalization indicators.
Eastern Illinois University: The actor “coderx” shared a 758MB database dump from Eastern Illinois University containing 93 CSV files.
French Education (Ac-nice.fr): The actor “ChimeraZ” leaked a partial database containing 19,384 employee records, including names and school assignments, from French educational institutions.
SAT Database: The actor “Sc0rp10nn” leaked a private SAT database containing 6.5 million records, originally extracted in 2024, claiming it included timestamp tampering techniques to evade tracking.

7. Mass Defacement Campaigns

Website defacement remained a prevalent tactic for hacktivists and lower-tier threat actors seeking visibility, with several actors conducting automated, mass-scale defacement operations across global domains.

DimasHxR Operations: This individual attacker conducted a widespread defacement campaign across multiple international domains. Targets included lacasadelpensionado.com (a retirement facility) , mechta-nsk.ru (Russia) , venusoman.com (Oman) , atmosfera54.ru (Russia) , tweegrupo.com , activeagro.de (Germany) , webshopsenzo.nl (Netherlands e-commerce) , and drillsforglass.pl (Poland).
Alpha wolf / XYZ Operations: The “Alpha wolf” team, primarily through an attacker identified as “XYZ,” conducted mass defacements targeting Malaysian and international sites. Targets included martialarts.com.my , notisbod.com , bikewithelena.com , and biketours.notisbod.com.
MR~TNT and QATAR911: The actor “MR~TNT,” sometimes operating with the “QATAR911” team, targeted Kenyan business sites running on Linux servers, including an aluminium windows company and Elizabest Services. The actor also targeted the Think and Do Africa organization (thinkanddoafrica.org).
Other Defacements: The “CYKOMNEPAL” group defaced the Nepalese retail site Langtang Gear and the privacy policy page of Canal Summit TV. Attacker “PH.BL4KE” of “STORM BREAKER SECURITY” defaced Sage Service DRC. Attacker “0xfansX” defaced bhamplumbing.com. Attacker “Irene” of “XmrAnonye.id” re-defaced Kalmarland.

8. Regional and National Data Leaks

Several incidents involved the mass exposure of citizen, corporate, and government data specific to geographic regions.

Philippines: The actor “KurdFemboys” leaked a massive dataset containing 13 million records of Philippine customers, citizens, and companies, including hashed passwords and physical addresses.
Georgia: The actor “Tanaka” shared a citizenship database allegedly containing personal information of 4.9 million Georgian citizens from approximately 2012.
Italy: “Tanaka” also leaked a database containing 32,000 email contacts and personal information of Italian public administration employees across ministries and law enforcement agencies.
Mexico: Aside from the educational and healthcare leaks mentioned prior, actor “VeguiDize” leaked a database from the Tlaxcala state government containing details on 60 dependencies and procurement data. Additionally, data belonging to 700,000 subscribers of the Querétaro state water utility was put up for sale. Business license registration data for 38,000 individuals from Ayuntamiento de Benito Juarez was also leaked.
Bangladesh: “ModernStealer” leaked a database containing Bangladesh Army personnel information, including ranks and spouse names.
Egypt: The group “Keymous+” leaked 20,000 records belonging to the Egyptian National Organization for Social Insurance.
Ukraine: Access to the Ukrainian government digital service platform (TsNAP) for the city of Ternopil, containing 5,000 user login credentials, was sold for $100.
Colombia: Financial data from Grupo Bancolombia SUFI (visit records, GPS coordinates) and 20,000 customer records from Banco de Bogotá were put up for sale.
Australia: Customer registration data for 900,000 subscribers of Australian electricity company Synergy was offered for sale by the actor “hackboy”.
Brazil: Brazilian files containing birth certificates and identification documents leaked from an Amazon S3 bucket (182.5 MB archive). “Nova Department of BlackAds” leaked 1TB of data from Brazilian e-commerce store VX Case.
United States: In addition to Ticketmaster and Morgan Stanley, databases containing 2.1 million New York/Brooklyn resident records and 918,000 Binance US user records were sold by the actor “TRD”. A cybercriminal (“Dataline24”) sold comprehensive US personal identity data, including SSNs and background checks, for $1 per lookup via an API. Furthermore, a threat actor claimed that Winona County, Minnesota required National Guard assistance following a severe cyberattack that crippled municipal services.

9. The Credential Combo List Epidemic

By volume, the largest category of incidents in the dataset is the distribution of massive credential combinations (combo lists). Threat actors continuously aggregated, verified, and distributed hundreds of millions of compromised username/email and password pairs across underground forums and Telegram channels. This enables widespread credential stuffing attacks.

9.1 Operations by Actor “CODER” The threat actor “CODER” executed an extraordinarily high-volume distribution campaign through Telegram channels. CODER distributed an 11 million record combolist targeting Hotmail, Yahoo, and Orange accounts. The actor also shared a 7 million record SMTP credential list and later a 14 million record SMTP credential list. In the corporate sphere, CODER leaked a 7.5 million record corporate email combolist and an 11 million entry business-focused credential list. CODER heavily targeted global e-commerce, distributing 7 million credential combinations for Uniqlo, Bic Camera, Yodobashi, and DHgate , 8.5 million combinations for Indian platforms like Amazon India and Myntra , and a 9 million record list targeting Taobao, AliExpress, and Amazon Japan. The actor also shared geographically targeted lists, including an 8 million record collection for Eastern Europe (Bulgaria, Serbia, etc.) and an 11 million record list targeting multiple European countries (Germany, France, Spain, etc.). CODER also shared a generic 8 million record free combolist.

9.2 Operations by Actor “CobraEgy” Operating primarily on “DemonForums,” CobraEgy distributed high-quality, geographically sorted credential lists. These included 142,000 Indian credentials , 72,000 Japanese credentials , 31,000 Latvian credentials , 15,000 Israeli credentials , 12,000 Kenyan credentials , 503,000 Italian credentials , and 152,000 Indonesian credentials. Furthermore, CobraEgy shared an enormous 11.82 GB collection of credential logs labeled as “Maxi_Leaks”.

9.3 Operations by Actor “SYCOSUNNY” SYCOSUNNY focused heavily on the Asia-Pacific, European, and African regions, distributing credentials described as “ultra high quality.” The actor shared 140,000 Vietnam-based credentials , 105,000 Romanian credentials , 117,000 Australian credentials , 121,000 Taiwan-based credentials , and 124,000 South African credentials.

9.4 Operations by Actor “thejackal101” (Elite_Cloud1) This actor utilized Telegram and “DemonForums” to distribute geographically specific combo lists. Releases included 36,000 Montenegro credentials , 10,000 Nigerian credentials , 187,000 Netherlands credentials , 97,000 Mexican credentials , and 35,000 Malaysian credentials. The actor also shared a 1.5 GB compressed collection of ULP (username:login:password) credential and stealer logs.

9.5 Operations by Actor “UniqueCombo” A distinct anomaly in the dataset is the repetitive action of the threat actor “UniqueCombo.” This actor continuously posted identical or nearly identical threads across multiple forums (CrackingX, DemonForums, xforums), each distributing a mixed credential combolist containing exactly 35,000 unique email and password combinations. This pattern suggests automated forum posting to drive traffic to the actor’s associated shops.

9.6 Other Major Combo List Distributors

Daxus: Distributed an 18.04 million URL:LOG:PASS entry list and a separate 27.86 million combination list.
zod: Allegedly leaked an unprecedented 5 billion ULP (username/login/password) records on a cracking forum.
ValidMail: Specialized in forum access, sharing an 82,000 record mixed forum credentials combolist multiple times across different platforms. ValidMail also shared 350,000 mixed domain credentials validated on April 26, 2009 and 58,000 Hotmail credentials.
4Real: Sold access to fresh, untouched email account access across multiple countries (France, Italy, US, UK, Germany, Spain) and specifically targeted platforms including Walmart, eBay, Uber, and Marriott. Also sold compromised multi-platform logs including Facebook, Netflix, and PayPal.
D4rkNetHub: Sold a 37,020 record combolist via a cloud service and shared 39,027 German credentials.
Ra-Zi: Leaked 140,000 credentials targeting Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify , as well as 169,000 credentials targeting educational institutions.
MegaCloudshop / MegaCloud: Distributed 667,000 Hotmail credentials , 3,200 USA/EU combos , 1,300 Hotmail credentials , 1,300 USA mail access credentials , and 27,000 mixed valid credentials.

9.7 Sustained Targeting of Microsoft Hotmail Ecosystem

Throughout the reporting period, Hotmail credentials were treated as highly valuable commodities, actively traded and freely distributed. Beyond CODER and MegaCloud, numerous actors specifically parsed and distributed Hotmail-only databases:

“MailAccesss” distributed 667,000 Hotmail credentials , 1,300 Hotmail hits , 1,300 USA credentials , 16,000 German credentials , 9,000 mixed region credentials , and 27,000 mixed credentials.
“KiwiShio” shared 735,000 Hotmail credentials.
“RandomUpload” leaked 30,000 Hotmail credentials and 13,000 Hotmail credentials , along with 23,000 USA credentials.
“alphaxdd” distributed premium Hotmail and mixed hits in batches of 4,407 , 1,205 , and 1,154.
“Hotmail Cloud” shared 1,274 fresh Hotmail credentials and 1,389 mixed high-quality accounts.
“RedCloud” shared 4,300 Hotmail credentials.
“HollowKnight07” shared 725 and 970 Hotmail credentials.
“NUllSHop0X” shared 800 and 500 Hotmail credentials.
“erwinn91” distributed 2,316 mixed credentials and 1,120 Hotmail credentials.
Other actors leaking varying amounts of Hotmail data included “karaokecloud” (1,700 Hotmail/Outlook ), “snowstormxd” , “Kommander0” , “WINGO” (85k mixed and HQ private Hotmail ), “lpbPrivate” (572 Hotmail ), “FlashCloud2” (660 Hotmail ), “Roronoa044” (2,965 mix and 732 Hotmail ), “noir” , and “martcloud”.

9.8 General Credential, Stealer Logs, and Financial Data Economy

The ecosystem is deeply supported by stealer logs and financial data trading.

“fatetraffic” shared 1,700 mixed stealer logs.
“UP_DAISYCLOUD” and “NEW_DAISYCLOUD” shared collections of 5,408 stealer logs and credential logs.
“MrCOMBOROBOA” sold 6.9K mixed valid email accounts and offered private combo groups ranging from $50/week to $500/lifetime.
“UniqueCombo”, “stormtrooper” (39,341 lines) , “Browzchel” (39,341 lines) , “Lexser” (5,000 lines) , “klyne05” , “Kinglukeman” , “NotSellerxd” (5,305 lines) , “COYTO” (1,000 GMX , 3,000 mixed , 6,000 USA ), and “MrKordy” continuously flooded the market with raw ULP data.
“gsmfix” shared specialized lists, including phone number and password combos , WordPress credentials , ULP format lists , and USA/Europe specific lists.
To consolidate this massive influx of stolen data, an actor promoted “Leaksyr,” a credential search engine service offering access to over 7 billion stolen credentials and stealer logs.
Furthermore, high-volume purchasers are actively seeking specific data. The actor “Douglas” actively sought to purchase credential combolists targeting APAC and Western countries (Japan, Taiwan, USA, UK), claiming a daily purchase budget of 5,000–10,000 USDT.

10. Miscellaneous Intrusions and Threats

Several other distinct threats were identified within the operational period:

“LulzSec” distributed a phishing link hosted on ngrok disguised as a ₱10,000 peso giveaway to harvest credentials from Filipino users.
The “QATAR911” team defaced the Think and Do Africa organization website.
A data breach occurred at Anodot, a cloud analytics company, resulting in a number of the company’s customers being targeted for extortion.
A threat actor leaked a database from “Stimulation.Studio,” a BDSM AI artwork generation service, exposing 8,752 user records.
The actor “catwoman” leaked Spanish identity documents including front and back images and facial GIFs.
The actor “testhack90” leaked data from the French ticket trading platform EasyTick.
The actor “OriginalCrazyOldFart” shared payroll and corporate files allegedly obtained from a 2021 breach of the technology company Maxlinear.
Source code for AffiliatePro SaaS v15 was leaked by the actor “SolomonVoss”.
“yuefan” advertised discounted residential proxy services as an alternative to the 911 proxy service, aiding attackers in obscuring their origins.
“ouaaka_06” shared 33 M3U IPTV streaming links for free access to television content.

11. Conclusion

The analysis of the 258 cybersecurity incidents recorded during this reporting window underscores a deeply fractured and highly specialized cybercriminal ecosystem. The threat landscape is currently dominated by two distinct, yet equally dangerous, attack vectors: highly targeted, sophisticated intrusions against critical infrastructure and corporate giants, and the massive, automated commoditization of basic credential data.

High-tier threat actors, notably “ShinyHunters” and the “Infrastructure Destruction Squad,” have demonstrated the capability to breach heavily fortified enterprise networks (Ticketmaster, Cisco) and directly manipulate critical operational technologies (Indian power generation, Taiwanese smart meters). These incidents represent the apex of the current threat model, capable of causing significant financial devastation, intellectual property loss, and physical utility disruption. Simultaneously, geopolitical conflicts continue to fuel hacktivist operations. Groups such as Handala, Cyber Islamic Resistance, and various regional actors use cyber operations as asymmetric warfare tools, relying on mass defacements, targeted doxxing of government officials, and coordinated infrastructure disruption to achieve political objectives.

Conversely, the sheer volume of combo list distribution—amounting to hundreds of millions of credentials shared daily by actors like CODER, CobraEgy, and UniqueCombo—highlights a persistent, low-effort, high-impact threat. The availability of billions of raw, parsed, and geographically sorted credential pairs fuels an endless cycle of credential stuffing, account takeovers, and initial access compromises. This data pipeline is the lifeblood of the broader cybercrime economy, supporting everything from low-level fraud to providing initial access footholds for sophisticated ransomware operators. The ecosystem is entirely self-sustaining, supported by specialized services offering bulletproof hosting, proxy networks, custom brute-force tools, and search engines specifically designed to index stolen data. Organizations must recognize that the modern threat landscape requires robust defense-in-depth strategies capable of mitigating both advanced persistent threats targeting core infrastructure and the relentless, automated exploitation of compromised identity data.

Detected Incidents Draft Data

Alleged data breach of Satuan Polisi Pamong Praja (satpol pp go.id) Indonesia
Category: Data Breach
Content: A threat actor using the handle capybaraxploit (ranked Ghost Operator) posted on Forum404 claiming to have targeted the database of satpol pp go.id, an Indonesian government law enforcement agency (Satuan Polisi Pamong Praja). The post was shared via a third-party forum link. No further details on data volume or exfiltration method are available from this alert.
Date: 2026-04-08T23:51:05Z
Network: telegram
Published URL: https://t.me/forum404in/46
Screenshots:
None
Threat Actors: capybaraxploit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Satuan Polisi Pamong Praja (Satpol PP)
Victim Site: satpolpp.go.id
Alleged Data Leak of Corrupt Officials Database by MrVasko
Category: Data Leak
Content: A threat actor using the handle MrVasko (ranked God with 10 posts) shared a post on Forum404 on April 8, 2026, claiming to have posted a database of corrupt officials. The post links to an external thread at shop.insectastudios.com. No pricing was mentioned, suggesting the data may be freely shared or discussed in the thread.
Date: 2026-04-08T23:50:29Z
Network: telegram
Published URL: https://t.me/forum404in/47
Screenshots:
None
Threat Actors: MrVasko
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged Law Enforcement Action Against BreachForums CDN Infrastructure
Category: Cyber Attack
Content: BreachForums posted an operational update stating that law enforcement identified and suspended their backup CDN file hosting account, resulting in loss of access to hosted files. The forum claims to have successfully restored user data from 2022 to February 2026 including ranks, reputation, awards, threads and posts. The forum is investigating the CDN situation and working on new features.
Date: 2026-04-08T23:46:59Z
Network: telegram
Published URL: https://t.me/BreachForumsReturn/64
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Cybercrime Forum
Victim Organization: BreachForums
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 667,000 allegedly valid Hotmail email and password combinations from April 9th. The credentials are being distributed through a forum post with hidden content requiring registration to access.
Date: 2026-04-08T23:25:03Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-667X-Full-Valid-Fresh-HOTMAIL-Hits-09-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of IPTV streaming credentials
Category: Combo List
Content: Forum post shares 33 M3U IPTV streaming links for free access to television content from various hosts.
Date: 2026-04-08T23:22:57Z
Network: openweb
Published URL: https://crackingx.com/threads/71536/
Screenshots:
None
Threat Actors: ouaaka_06
Victim Country: Unknown
Victim Industry: Media and Entertainment
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor shared a combolist containing 667,000 allegedly fresh and valid Hotmail email credentials on a cybercrime forum.
Date: 2026-04-08T23:22:33Z
Network: openweb
Published URL: https://crackingx.com/threads/71537/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of credential combolist targeting multiple streaming and gaming platforms
Category: Combo List
Content: A threat actor leaked a combolist containing 140,000 email and password combinations allegedly targeting Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify accounts.
Date: 2026-04-08T23:00:33Z
Network: openweb
Published URL: https://demonforums.net/Thread-140k-Fresh-HQ-Combolist-Email-Pass-Netflix-Minecraft-Uplay-Steam-Hulu-spotify–199859
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Cisco SSL VPN Brute-Force Tool Shared by ShinyHunters
Category: Malware
Content: ShinyHunters published a Python-based brute-force script targeting Cisco SSL VPN (AnyConnect/WebVPN) portals via the /+CSCOE+/logon.html and /+webvpn+/index.html endpoints. The tool enumerates VPN groups from the login page, then attempts credential stuffing using a hardcoded list of 27 common username:password pairs (e.g., admin:admin, cisco:cisco, root:password). Successful logins are written to app_ssl.txt. The script uses concurrent processing (50 workers) and reads targets from a loginz.txt file, indicating mass scanning capability. This constitutes a credential stuffing/brute-force tool targeting network infrastructure.
Date: 2026-04-08T22:59:07Z
Network: telegram
Published URL: https://t.me/c/3737716184/943
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Network Infrastructure / VPN
Victim Organization: Unknown
Victim Site: Unknown
Alleged Cisco SSL VPN Brute-Force Tool Shared by ShinyHunters
Category: Malware
Content: ShinyHunters shared Python source code for a Cisco SSL VPN (ASA/AnyConnect) brute-force and credential stuffing tool. The script targets the /+CSCOE+/logon.html and /+webvpn+/index.html endpoints, enumerates VPN group lists, and attempts login with a hardcoded list of 27 common credential pairs. Successful logins are saved to app_ssl.txt. The tool uses concurrent processing (50 workers) and reads targets from a loginz.txt file, indicating mass-scale automated attacks against Cisco VPN infrastructure.
Date: 2026-04-08T22:58:14Z
Network: telegram
Published URL: https://t.me/c/3737716184/942
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of SMTP credential combolist containing 7 million records
Category: Combo List
Content: Threat actor CODER is distributing a combolist containing 7 million SMTP credentials through Telegram channels. The credentials are being shared for free along with related programs and tools.
Date: 2026-04-08T22:56:03Z
Network: openweb
Published URL: https://crackingx.com/threads/71535/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email and password credentials
Category: Combo List
Content: A threat actor shared a combolist containing 140,000 email:password credentials from various providers including AOL, Yahoo, Hotmail, and Outlook across multiple countries. The actor also advertises selling additional credential lists and maillists via Telegram.
Date: 2026-04-08T22:44:44Z
Network: openweb
Published URL: https://crackingx.com/threads/71533/
Screenshots:
None
Threat Actors: steeve75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of The Saksham School (India) by OpsShadowStrike
Category: Defacement
Content: Hacktivist group #OpsShadowStrike claimed to have defaced the website of The Saksham School, an educational institution in India. The defacement page was posted at thesakshamschool.edu.in/ops.html. The attack was carried out in collaboration with multiple hacktivist groups including TengkorakCyberCrew, EagleCyberCrew, MalaysiaHacktivist, CyberActivistMalaysia, and others. The operation appears politically motivated, referencing pro-Palestinian and anti-Israel sentiments.
Date: 2026-04-08T22:37:55Z
Network: telegram
Published URL: https://t.me/c/3844432135/262
Screenshots:
None
Threat Actors: #OpsShadowStrike
Victim Country: India
Victim Industry: Education
Victim Organization: The Saksham School
Victim Site: thesakshamschool.edu.in
Alleged leak of credential combolist containing 18.04 million records
Category: Combo List
Content: A threat actor distributed a credential combolist containing 18.04 million URL:LOG:PASS format entries through various platforms including Telegram and a dedicated website.
Date: 2026-04-08T22:33:45Z
Network: openweb
Published URL: https://crackingx.com/threads/71531/
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 27.86 million records
Category: Combo List
Content: Threat actor Daxus shared a credential combolist containing 27.86 million URL:username:password combinations on CrackingX forum. The actor operates through the website Daxus.pro and Telegram channel @DaxusPortal.
Date: 2026-04-08T22:33:17Z
Network: openweb
Published URL: https://crackingx.com/threads/71532/
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Chinas National Supercomputing Center
Category: Data Breach
Content: Threat actor claims to have breached Chinas National Supercomputing Center and exfiltrated over 10 petabytes of classified military and aerospace research data including simulation data, design files, satellite telemetry, and defense contractor research. The post indicates the data is being sold rather than freely distributed.
Date: 2026-04-08T22:30:30Z
Network: openweb
Published URL: https://pwnforums.st/Thread-CHINA-NSCC-SUPERCOMPUTING-BREACH-%E2%80%93-10-PETABYTES-OF-CLASSIFIED-MILITARY-LEAK-2026
Screenshots:
None
Threat Actors: amazcyber
Victim Country: China
Victim Industry: Government/Defense
Victim Organization: National Supercomputing Center (NSCC)
Victim Site: Unknown
Alleged Sale of Ticketmaster Employee PII Data by ShinyHunters
Category: Data Breach
Content: The threat actor ShinyHunters is claiming to sell a dataset containing full employee PII from Ticketmaster (owned by Live Nation), including names, emails, addresses, cities, ZIP codes, phone numbers, IP addresses, and browser fingerprints. The actor explicitly states this is a separate incident from the previously known 2024 Ticketmaster breach. The data is being offered for $15,000. Contact is provided via Telegram, email, Tox, and Session IDs, along with a BreachForums link and an onion DLS site.
Date: 2026-04-08T22:23:57Z
Network: telegram
Published URL: https://t.me/c/3737716184/932
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Entertainment / Ticketing
Victim Organization: Ticketmaster
Victim Site: Unknown
Alleged Sale of Ticketmaster Employee PII by ShinyHunters
Category: Data Breach
Content: The ShinyHunters threat actor is offering to sell Ticketmaster employee personally identifiable information (PII) for $15,000. The dataset allegedly includes names, emails, addresses, cities, ZIP codes, phone numbers, IP addresses, and browser fingerprints. The actor explicitly states this is a separate incident from the previously known Ticketmaster/Live Nation breach. Contact methods and a BreachForums link are provided.
Date: 2026-04-08T22:23:42Z
Network: telegram
Published URL: https://t.me/c/3737716184/931
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Entertainment / Ticketing
Victim Organization: Ticketmaster
Victim Site: ticketmaster.com
Alleged leak of mixed forum credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 82,000 mixed forum credentials on a cybercriminal forum. The credentials are described as valid and sourced from various forums.
Date: 2026-04-08T22:21:29Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%99%8B-82k-MIX-Base-With-Valid-FORUMS-%E2%99%8B-15
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed forum credentials combolist
Category: Combo List
Content: A threat actor shared an 82,000 record mixed combolist containing valid forum credentials. The post indicates these are verified working credentials from various forum platforms.
Date: 2026-04-08T22:19:20Z
Network: openweb
Published URL: https://crackingx.com/threads/71530/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Targeted Death Threat and Doxxing Campaign Against US White House Press Secretary and Family
Category: Cyber Attack
Content: Two threatening emails were shared targeting White House Press Secretary Karoline Leavitt and her husband Nicholas Riccio. The messages contain explicit assassination threats, detailed personal doxxing (home addresses, GPS coordinates, phone numbers, family details, financial history), and an extortion demand requiring the Press Secretary to publicly announce a 2-day leave on X within 24 hours or face consequences including exposure of personal information, job loss, harm to family, and deployment of operatives. The threat actor references a prior victim (Charles James Crick) and claims control over federal entities. The messages include the infant son as a potential target.
Date: 2026-04-08T22:15:43Z
Network: telegram
Published URL: https://t.me/c/2710529294/200
Screenshots:
None
Threat Actors: ZXR
Victim Country: United States
Victim Industry: Government
Victim Organization: White House
Victim Site: Unknown
Alleged sale of multi-platform account credentials, combolists, cookies and logs
Category: Logs
Content: A threat actor operating as 4Real and tuzelity is selling compromised account credentials, combolists, cookies, and logs across numerous platforms including Hotmail, Gmail, Yahoo, Facebook, Netflix, PayPal, Amazon, Instagram, and many others. The offering includes accounts from multiple countries (France, Italy, US, UK, Germany, Spain) and covers mail access, social media, streaming, e-commerce, and financial services. Contact is via Telegram handle @xRealWorker.
Date: 2026-04-08T22:02:42Z
Network: telegram
Published URL: https://t.me/c/2613583520/59973
Screenshots:
None
Threat Actors: 4Real
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Langtang Gear by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL successfully defaced the Langtang Gear website on April 9, 2026. The attack targeted a Nepalese retail/outdoor gear companys blog section.
Date: 2026-04-08T21:56:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831568
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Nepal
Victim Industry: Retail/E-commerce
Victim Organization: Langtang Gear
Victim Site: www.langtanggear.com.np
Alleged leak of Hotmail and Outlook credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,700 email and password combinations for Hotmail and Outlook accounts as a free download on an underground forum.
Date: 2026-04-08T21:55:41Z
Network: openweb
Published URL: https://crackingx.com/threads/71527/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a collection of 1,274 allegedly premium fresh Hotmail credentials on a cybercriminal forum as a free download.
Date: 2026-04-08T21:55:24Z
Network: openweb
Published URL: https://crackingx.com/threads/71528/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor NUllSHop0X leaked a combolist containing 800 alleged valid Hotmail account credentials on a cybercriminal forum. The credentials are claimed to be fresh and working.
Date: 2026-04-08T21:55:07Z
Network: openweb
Published URL: https://crackingx.com/threads/71529/
Screenshots:
None
Threat Actors: NUllSHop0X
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Montenegro credential combolist
Category: Combo List
Content: Threat actor shared a credential combolist containing over 36,000 email:password combinations allegedly from Montenegro sources, marked as fresh and high quality. The actor promotes their Telegram channel for additional credential lists.
Date: 2026-04-08T21:45:01Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-36-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Montenegro-%E2%9C%AA-8-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Montenegro
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Nigerian credential combolist
Category: Combo List
Content: Actor thejackal101 shared a combolist containing over 10,000 email and password combinations allegedly from Nigeria, dated April 8, 2026. The credentials are being distributed for free download to registered forum users.
Date: 2026-04-08T21:43:52Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-10-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Nigeria-%E2%9C%AA-8-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Nigeria
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential logs via cloud storage
Category: Combo List
Content: Threat actor NEW_DAISYCLOUD shared a collection of 5,408 credential logs via cloud storage service, advertised as fresh logs from April 8th and made available for free download.
Date: 2026-04-08T21:41:45Z
Network: openweb
Published URL: https://crackingx.com/threads/71526/
Screenshots:
None
Threat Actors: NEW_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Ticketmaster by ShinyHunters – 4.51TB Database Claimed
Category: Data Breach
Content: Threat actor ShinyHunters claims to still possess approximately 4.51TB of Ticketmaster archive data, suggesting continued retention of previously stolen database contents. The post includes a photo as evidence.
Date: 2026-04-08T21:41:24Z
Network: telegram
Published URL: https://t.me/c/3737716184/930
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Entertainment / Ticketing
Victim Organization: Ticketmaster
Victim Site: ticketmaster.com
Alleged leak of stealer logs collection
Category: Logs
Content: Threat actor UP_DAISYCLOUD shared a collection of 5,408 fresh stealer logs from April 8th via file sharing platform. The actor claims to upload new logs daily on their Telegram channel.
Date: 2026-04-08T21:40:17Z
Network: openweb
Published URL: https://darkforums.su/Thread-%F0%9F%9A%80-5408-LOGS-CLOUD-%E2%98%81-08-APRIL-%E2%9D%A4%EF%B8%8F-FRESH-LOGS%E2%9D%97%EF%B8%8F
Screenshots:
None
Threat Actors: UP_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Bitwyre cryptocurrency exchange
Category: Data Leak
Content: Threat actor claims to have breached Indonesian cryptocurrency exchange Bitwyre in April 2026, allegedly stealing the companys source code. The compromised source code is being made available for free download on underground forums.
Date: 2026-04-08T21:39:15Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SOURCE-CODE-Bitwyre-Data-Breach-Leaked-Download
Screenshots:
None
Threat Actors: 888
Victim Country: Indonesia
Victim Industry: Financial Services
Victim Organization: Bitwyre
Victim Site: Unknown
Website defacement of Canal Summit TV by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL threat actor defaced the privacy policy page of Canal Summit TVs website on April 9, 2026. The incident targeted a specific page rather than the homepage and was not part of a mass defacement campaign.
Date: 2026-04-08T21:39:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831567
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Unknown
Victim Industry: Media/Broadcasting
Victim Organization: Canal Summit TV
Victim Site: canalsummittv.com
Alleged leak of Netherlands credential combolist
Category: Combo List
Content: Threat actor shared a credential combolist containing over 187,000 email:password combinations allegedly sourced from Netherlands. The data is marked as fresh and high quality, distributed through a hidden forum section and Telegram channel.
Date: 2026-04-08T21:30:25Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-187-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Netherlands-%E2%9C%AA-8-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Netherlands
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Mexican credential combolist
Category: Combo List
Content: Threat actor shared a combolist containing over 97,000 email and password combinations allegedly from Mexico. The credentials are claimed to be fresh and high quality, distributed through a Telegram channel.
Date: 2026-04-08T21:29:35Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-97-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Mexico-%E2%9C%AA-8-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Mexico
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Malaysian credentials combolist
Category: Combo List
Content: A threat actor shared a credentials combolist containing over 35,000 email and password combinations allegedly from Malaysian sources. The combolist is described as fresh and high quality, distributed through Telegram channel elite_cloud1.
Date: 2026-04-08T21:28:27Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-35-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Malaysia-%E2%9C%AA-8-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Malaysia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Elite_Cloud1 credential logs
Category: Data Leak
Content: Threat actor thejackal101 shared a 1.5 GB compressed collection of credential logs labeled as ULP LOGS dated April 8, 2026, claiming the data is fresh and high quality. The logs are being distributed for free download to registered forum users.
Date: 2026-04-08T21:26:59Z
Network: openweb
Published URL: https://demonforums.net/Thread-Request-%E2%9C%AA-1-5-GB-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-ULP-LOG-S-Date-%E2%9C%AA-8-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credential combolist targeting multiple providers
Category: Combo List
Content: Threat actor distributing an 11 million record credential combolist containing Hotmail, Yahoo, Orange, and other email accounts through Telegram channels. The threat actor is offering free access to the combolist and related cracking tools through dedicated Telegram groups.
Date: 2026-04-08T21:26:22Z
Network: openweb
Published URL: https://crackingx.com/threads/71525/
Screenshots:
None
Threat Actors: CODER
Victim Country: France
Victim Industry: Technology
Victim Organization: Multiple email providers
Victim Site: hotmail.com
Alleged mass defacement of 38 Israeli websites by Cyber Islamic Resistance
Category: Defacement
Content: The hacktivist group Cyber Islamic Resistance claims to have defaced 38 Israeli websites belonging to tourism, entertainment, and commercial entities. The operation is framed as retaliation for the 38-day closure of Al-Aqsa Mosque. Targets include Israeli domains across various sectors. Zone-H mirror archives are provided as proof of defacement.
Date: 2026-04-08T21:24:20Z
Network: telegram
Published URL: https://t.me/c/1651470668/1866
Screenshots:
None
Threat Actors: Cyber Islamic Resistance
Victim Country: Israel
Victim Industry: Tourism, Entertainment, Commercial
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of stealer log credentials via Elite_Cloud1
Category: Logs
Content: Threat actor thejackal101 shared a 1.5 GB compressed collection of stealer logs containing credentials on a dark web forum. The logs are described as fresh and high quality, dated April 8, 2026, and made available through a Telegram channel.
Date: 2026-04-08T21:24:09Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-%E2%9C%AA-1-5-GB-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-ULP-LOG-S-Date-%E2%9C%AA-8-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Treasurenet treasure hunting forum
Category: Data Leak
Content: A treasure hunting forum database from August 2020 containing over 143,000 user records with email addresses, IP addresses, usernames, and MD5+salt hashed passwords has been leaked for free download. The breach was allegedly conducted by threat actor Seacoat.
Date: 2026-04-08T21:11:20Z
Network: openweb
Published URL: https://pwnforums.st/Thread-Treasurenet-Database-Leaked-Download
Screenshots:
None
Threat Actors: Seacoat
Victim Country: Unknown
Victim Industry: Online Communities
Victim Organization: Treasurenet
Victim Site: treasurenet.com
Alleged imminent cyber extortion and data leak threat by Infrastructure Destruction Squad
Category: Data Leak
Content: A threat actor operating under Infrastructure Destruction Squad has announced plans to threaten an unnamed company and release hacked data along with documents the following day. No specific victim identified.
Date: 2026-04-08T20:58:46Z
Network: telegram
Published URL: https://t.me/c/2735908986/3964
Screenshots:
None
Threat Actors: Infrastructure Destruction Squad
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Mass Defacement of 38 Israeli Websites by Cyber Islamic Resistance
Category: Defacement
Content: The hacktivist group Cyber Islamic Resistance claims to have defaced 38 Israeli websites belonging to tourism, entertainment, and commercial entities. The operation is framed as retaliation for the 38-day closure of Al-Aqsa Mosque. Targets include florists, spas, computer centers, and leisure businesses across Israel. Zone-H mirror links are provided as proof of defacement.
Date: 2026-04-08T20:49:49Z
Network: telegram
Published URL: https://t.me/c/1651470668/1862
Screenshots:
None
Threat Actors: Cyber Islamic Resistance
Victim Country: Israel
Victim Industry: Tourism, Entertainment, Retail
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Forum post claims to contain 58,000 Hotmail email credentials dated April 9, 2026. The post appears to be offering access to a combolist containing Hotmail domain email addresses and associated passwords.
Date: 2026-04-08T20:48:54Z
Network: openweb
Published URL: https://crackingx.com/threads/71523/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed domain credentials
Category: Combo List
Content: A threat actor shared a combolist containing 350,000 mixed domain credentials allegedly valid as of April 26, 2009. The post content is restricted to registered forum members only.
Date: 2026-04-08T20:37:07Z
Network: openweb
Published URL: https://crackingx.com/threads/71520/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed domain credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 350,000 email and password combinations from mixed domains, validated on April 26, 2009. The credentials are being distributed through hidden forum content with associated Telegram and shop links provided.
Date: 2026-04-08T20:37:03Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%99%8B-350k-MIX-DOMAIN-WITH-VALID-09-04-26-%E2%99%8B
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of corporate email credentials combolist
Category: Combo List
Content: Threat actor CODER allegedly leaked a combolist containing 7.5 million corporate email credentials. The credentials are being distributed for free through Telegram channels.
Date: 2026-04-08T20:36:29Z
Network: openweb
Published URL: https://crackingx.com/threads/71522/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged document forgery services offered on underground forum
Category: Initial Access
Content: Threat actor vlesskey advertises paid document forgery services through Photoshop manipulation on CrackingX forum. The actor claims to refuse illegal orders but offers document modification services through an intermediary model with cryptocurrency payments.
Date: 2026-04-08T20:35:32Z
Network: openweb
Published URL: https://crackingx.com/threads/71521/
Screenshots:
None
Threat Actors: vlesskey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Doxxing of White House Press Secretary Karoline Leavitt by Iranian-Linked Threat Actors
Category: Data Leak
Content: A group identifying as Shamshir Ali (شمشیر علی) in collaboration with Hashashin (حشاشین) team claims to have obtained and published personal information on White House Press Secretary Karoline Leavitt. The post, written in Farsi with Islamic religious framing, exposes alleged personal details including full name, date of birth, birthplace, marital status, spouses name (Nicholas Riccio), childs name and birthdate, business address (Riccio Enterprises LLC, 147 Ashworth Avenue, Hampton, NH 03842), P.O. Box address, postal code, and spouses phone number (+1 603-396-4937). This constitutes a targeted doxxing operation against a senior US government official by what appears to be an Iran-affiliated hacktivist group.
Date: 2026-04-08T20:30:53Z
Network: telegram
Published URL: https://t.me/shamshireali313/66
Screenshots:
None
Threat Actors: شمشیر علی
Victim Country: United States
Victim Industry: Government
Victim Organization: White House / Karoline Leavitt
Victim Site: Unknown
Alleged leak of mixed corporate email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 6,130 mixed corporate email credentials for free download on a cybercriminal forum.
Date: 2026-04-08T20:24:26Z
Network: openweb
Published URL: https://crackingx.com/threads/71519/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mixed email credential combolists
Category: Combo List
Content: Threat actor MrCOMBOROBOA is selling 6.9K mixed valid email access credentials on cybercriminal forums. The actor also offers access to private combo groups with pricing tiers ranging from $50/week to $500/lifetime, and bulk credential lists from various countries and industries with prices from $30 for 100K records to $300 for 10 million records.
Date: 2026-04-08T20:01:29Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-6-9K-MIXED-GOOD-VALID-ACCESS-MAILS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of mixed credential combolist containing 1,300 email accounts
Category: Combo List
Content: Threat actor MrCOMBOROBOA is selling a credential combolist containing 1,300 mixed valid email accounts with access credentials. The actor also offers various pricing tiers for larger credential collections and private group access.
Date: 2026-04-08T19:48:41Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1-3k-MIXED-GOOD-VALID-ACCESS-MAILS
Screenshots:
None
Threat Actors: MrCOMBOROBOA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Persistent Access to Israeli Military Command Systems by Handala
Category: Cyber Attack
Content: The Handala hacking group claims to have maintained long-term direct access to Israeli military commanders systems, allegedly obtaining unedited, full-resolution images of forces, equipment, and meetings that the Israeli army pixelates before public release. The group teases an imminent disclosure, stating Tomorrow You Will be Surprised, suggesting an upcoming data leak or exposure of sensitive military intelligence.
Date: 2026-04-08T19:30:44Z
Network: telegram
Published URL: https://t.me/c/3548035165/141
Screenshots:
None
Threat Actors: Handala
Victim Country: Israel
Victim Industry: Defense & Military
Victim Organization: Israeli Defense Forces (IDF)
Victim Site: Unknown
Alleged sale of credit card data and financial services
Category: Logs
Content: Threat actor is selling credit card data with high and low balances for online shopping, carding, and various payment services. Also offering bank logs, checks, and gift cards through multiple communication channels.
Date: 2026-04-08T19:22:27Z
Network: openweb
Published URL: https://darkforums.su/Thread-tele-TerrellWhitte-Discord-active24hrs-Gmail-sosaboy959-gmail-com-WhatsApp-1–72769
Screenshots:
None
Threat Actors: serialgajnz
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of stolen credit card data and financial services
Category: Data Breach
Content: Threat actor offers stolen credit card data with various balance amounts for online shopping, payments, and carding activities. Additional services include bank logs, checks, gift cards, and cryptocurrency cashout methods through multiple payment platforms.
Date: 2026-04-08T19:22:04Z
Network: openweb
Published URL: https://darkforums.su/Thread-tele-TerrellWhitte-Discord-active24hrs-Gmail-sosaboy959-gmail-com-WhatsApp-1–72768
Screenshots:
None
Threat Actors: serialgajnz
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Tlaxcala State Government database
Category: Data Leak
Content: Threat actor VeguiDize allegedly leaked a database from compromised server 187.157.173.179 containing over 60 Tlaxcala state government dependencies with official names, acronyms, officials details, contact information, and procurement data. The leak includes email lists from the government acquisitions platform totaling 43 email accounts.
Date: 2026-04-08T19:21:49Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-MX-Fresh-leak-del-Gobierno-del-Estado-de-Tlaxcala%C2%A0-MX
Screenshots:
None
Threat Actors: VeguiDize
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Gobierno del Estado de Tlaxcala
Victim Site: Unknown
Alleged NATO document leak by threat actor floripe
Category: Data Leak
Content: Threat actor floripe allegedly leaked NATO documents in multiple versions (v1, v2, v3) via file sharing platform. The documents are being distributed freely through a pixeldrain link.
Date: 2026-04-08T19:21:45Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-Sieged-NATO-Leaks-v1-v2-v3
Screenshots:
None
Threat Actors: floripe
Victim Country: Unknown
Victim Industry: Government/Military
Victim Organization: NATO
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor allegedly leaked a combolist containing 30,000 Hotmail email account credentials on a cybercrime forum. The content is hidden and requires user registration to access.
Date: 2026-04-08T19:01:20Z
Network: openweb
Published URL: https://crackingx.com/threads/71516/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of credential combolists via Telegram channels
Category: Combo List
Content: Threat actor CODER is distributing free credential combolists through Telegram channels, including an 8 million record collection. The actor operates multiple Telegram groups for sharing both credential lists and cracking tools.
Date: 2026-04-08T19:00:48Z
Network: openweb
Published URL: https://crackingx.com/threads/71517/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Italian public administration employee data
Category: Data Leak
Content: A threat actor leaked a database containing 32,000 email contacts and personal information of Italian public administration employees. The data includes names, addresses, phone numbers, email addresses, and social media links from various government entities including ministries, municipalities, and law enforcement agencies.
Date: 2026-04-08T18:57:42Z
Network: openweb
Published URL: https://pwnforums.st/Thread-32K-Italian-public-administration-email-contacts
Screenshots:
None
Threat Actors: Tanaka
Victim Country: Italy
Victim Industry: Government
Victim Organization: Italian Public Administration
Victim Site: Unknown
Alleged leak of GMX email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,000 GMX email credentials on a cybercrime forum. The credentials are being distributed for free download via a paste site.
Date: 2026-04-08T18:48:35Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1K-GMX-TN
Screenshots:
None
Threat Actors: COYTO
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: GMX
Victim Site: gmx.net
Alleged leak of USA credential combinations
Category: Combo List
Content: A threat actor shared a combolist containing 23,000 credential combinations allegedly from USA-based accounts. The data is being distributed for free to registered forum users.
Date: 2026-04-08T18:46:16Z
Network: openweb
Published URL: https://crackingx.com/threads/71515/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Sage Service DRC by PH.BL4KE (STORM BREAKER SECURITY)
Category: Defacement
Content: On April 9, 2026, the website www.sageservice-drc.com was defaced by attacker PH.BL4KE affiliated with STORM BREAKER SECURITY team. This was a single home page defacement rather than a mass attack.
Date: 2026-04-08T18:36:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831559
Screenshots:
None
Threat Actors: PH.BL4KE, STORM BREAKER SECURITY
Victim Country: Democratic Republic of the Congo
Victim Industry: Professional Services
Victim Organization: Sage Service DRC
Victim Site: www.sageservice-drc.com
Alleged data leak of Hisense USA customer database
Category: Data Leak
Content: A threat actor has leaked customer registration data from Hisense USA containing over 600,000 email records across multiple categories including TV QR code registrations, product registrations, and service support inquiries. The data is being distributed for free through multiple download links.
Date: 2026-04-08T18:36:24Z
Network: openweb
Published URL: https://spear.cx/Thread-hisense-usa-com
Screenshots:
None
Threat Actors: [Mod] Tanaka
Victim Country: United States
Victim Industry: Consumer Electronics
Victim Organization: Hisense USA
Victim Site: hisense-usa.com
Alleged phishing campaign targeting Filipino users via fake giveaway login page
Category: Phishing
Content: A threat actor using the handle LulzSec is distributing a phishing link hosted on ngrok (256superph.ngrok.app/login.php) disguised as a ₱10,000 peso giveaway. The fake login page is designed to harvest credentials from victims lured by the financial incentive.
Date: 2026-04-08T18:10:50Z
Network: telegram
Published URL: https://t.me/c/3896868760/317
Screenshots:
None
Threat Actors: LulzSec
Victim Country: Philippines
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 256superph.ngrok.app
Alleged sale of New York resident database and Binance US user data
Category: Data Breach
Content: Threat actor TRD is allegedly selling two databases containing 2.1 million New York/Brooklyn resident records with personal information and a processed Binance US database with 918,000 records after doxing enrichment. The seller is requesting $1,000 OBO for each database.
Date: 2026-04-08T18:03:53Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-2-DB-s-for-sale-cheap
Screenshots:
None
Threat Actors: TRD
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Binance US
Victim Site: binance.us
Alleged leak of Hotmail credential combolist containing 1,389 accounts
Category: Combo List
Content: Threat actor shared a combolist containing 1,389 high-quality credential pairs targeting Hotmail and mixed email providers. The post includes both hits and keyword targets for credential stuffing attacks.
Date: 2026-04-08T17:48:53Z
Network: openweb
Published URL: https://crackingx.com/threads/71512/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of credential lists targeting multiple e-commerce platforms
Category: Combo List
Content: Threat actor distributing 7 million credential combinations (combolists) targeting multiple e-commerce platforms including Uniqlo, Bic Camera, Yodobashi, DHgate, LightInTheBox, and Gearbest through Telegram channels.
Date: 2026-04-08T17:48:18Z
Network: openweb
Published URL: https://crackingx.com/threads/71514/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Multiple (Uniqlo, Bic Camera, Yodobashi, DHgate, LightInTheBox, Gearbest)
Victim Site: Unknown
Mass website defacement by QATAR911 team targeting thinkanddoafrica.org
Category: Defacement
Content: The QATAR911 team conducted a mass defacement attack targeting the Think and Do Africa organization website on April 9, 2026. The attack was executed by an individual using the handle MR~TNT as part of a broader mass defacement campaign.
Date: 2026-04-08T17:46:11Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248351
Screenshots:
None
Threat Actors: MR~TNT, QATAR911
Victim Country: Unknown
Victim Industry: Non-profit/Think Tank
Victim Organization: Think and Do Africa
Victim Site: thinkanddoafrica.org
Mass website defacement campaign by MR~TNT targeting Kenyan business sites
Category: Defacement
Content: Threat actor MR~TNT conducted a mass defacement campaign targeting multiple websites including a Kenyan aluminium windows business. The attack occurred on April 9, 2026 and affected sites running on Linux servers.
Date: 2026-04-08T17:40:20Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248350
Screenshots:
None
Threat Actors: MR~TNT, No team
Victim Country: Kenya
Victim Industry: Construction/Manufacturing
Victim Organization: Aluminium Windows Company
Victim Site: aluminiumwindows.co.ke
Alleged data breach of ENEA with source code leak
Category: Data Leak
Content: Swedish telecommunications and cybersecurity company ENEA allegedly suffered a data breach in November 2025 by threat actor KaruHunters. The compromised data includes source code that has been leaked and made available for free download.
Date: 2026-04-08T17:37:56Z
Network: openweb
Published URL: https://spear.cx/Thread-Source-Code-ENEA-Data-Breach
Screenshots:
None
Threat Actors: [Mod] Tanaka
Victim Country: Sweden
Victim Industry: Telecommunications
Victim Organization: ENEA
Victim Site: Unknown
Alleged data leak of Shanghai Fudan Microelectronics Group
Category: Data Leak
Content: Threat actor s1ic3r allegedly leaked 175 MB of compressed documents, schematics, and intellectual property from Shanghai Fudan Microelectronics Group, claiming the breach occurred in April 2026. The data is being distributed for free on cybercrime forums.
Date: 2026-04-08T17:37:13Z
Network: openweb
Published URL: https://spear.cx/Thread-Fudan-Microelectronics-Breach-Free-Docs-Data
Screenshots:
None
Threat Actors: s1ic3r
Victim Country: China
Victim Industry: Technology
Victim Organization: Shanghai Fudan Microelectronics Group., Ltd.
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 4,407 mixed email credentials including Hotmail accounts. The credentials are described as premium hits from a private cloud source.
Date: 2026-04-08T17:35:57Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-4407x-PREMIUM-MIX-MAIL-HITS%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist containing 85K records
Category: Combo List
Content: Threat actor WINGO shared a free download link to a mixed credential combolist containing 85,000 email and password combinations on DemonForums.
Date: 2026-04-08T17:35:00Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-85K-MIXED-LEAK
Screenshots:
None
Threat Actors: WINGO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist containing 4,407 records
Category: Combo List
Content: A threat actor is distributing a combolist containing 4,407 Hotmail email credentials described as premium mix mail hits. The credentials are being made available for free download through Telegram contact.
Date: 2026-04-08T17:33:59Z
Network: openweb
Published URL: https://crackingx.com/threads/71511/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data leak of Shanghai Fudan Microelectronics Group
Category: Data Leak
Content: Threat actor s1ic3r shared 175 MB of compressed documents, schematics, and intellectual property allegedly stolen from Shanghai Fudan Microelectronics Group in April 2026. The data is being distributed for free on dark web forums.
Date: 2026-04-08T17:31:30Z
Network: openweb
Published URL: https://darkforums.su/Thread-Fudan-Microelectronics-Breach-Free-Docs-Data
Screenshots:
None
Threat Actors: s1ic3r
Victim Country: China
Victim Industry: Technology/Semiconductors
Victim Organization: Shanghai Fudan Microelectronics Group., Ltd.
Victim Site: Unknown
Alleged cyber attack on Taiwan Smart Energy Metering OT/IoT System by Z-Pentest Alliance
Category: Cyber Attack
Content: The Z-Pentest Alliance claims to have gained unauthorized access to the 租屋雲端抄表智能管理系統 (Smart Remote Meter Reading & Energy Management System), model SMART-100-5 (BAW-2C), manufactured by Zhisheng Automation Technology Co., Ltd. (至盛自動科技有限公司). The system is widely deployed in Taiwan for managing rental residential properties. The group claims full real-time access to electricity meter readings across multiple channels, monitoring of voltage/current/power, ability to modify nominal current settings, reset alarms, control electromagnetic door locks and lighting, and access historical overload alerts. The post highlights critical weaknesses in network segmentation, remote access protection, and firmware update mechanisms. The attack is tagged #OpTaiwan, suggesting a politically motivated campaign targeting Taiwanese infrastructure.
Date: 2026-04-08T17:26:21Z
Network: telegram
Published URL: https://t.me/c/2729466495/928
Screenshots:
None
Threat Actors: Z-Pentest Alliance
Victim Country: Taiwan
Victim Industry: Energy / Smart Building / OT-IoT
Victim Organization: Zhisheng Automation Technology Co., Ltd. (至盛自動科技有限公司)
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Forum post distributing what appears to be Hotmail credential lists through free download links on Pasteview and Telegram channels.
Date: 2026-04-08T17:21:19Z
Network: openweb
Published URL: https://crackingx.com/threads/71508/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of BidenCash market credit card data
Category: Data Leak
Content: BidenCash dark web market leaked nearly 1.2 million credit card records containing card numbers, expiration dates, and CVV codes. The stolen financial data was distributed for free through clearnet file-hosting services and promoted on Russian-speaking hacker forums.
Date: 2026-04-08T17:18:43Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-BidenCash-1-221-551-cards-for-free2-csv
Screenshots:
None
Threat Actors: HarleenQuinzel2905
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of USA email credential lists via PandaCloud service
Category: Combo List
Content: Threat actor distributes fresh USA email credential lists through a Telegram channel called PandaCloud, claiming to add new databases daily with only relevant and latest data.
Date: 2026-04-08T17:07:56Z
Network: openweb
Published URL: https://crackingx.com/threads/71506/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combinations from multiple e-commerce platforms
Category: Combo List
Content: Threat actor CODER allegedly leaked 8.5 million credential combinations from multiple e-commerce platforms including Amazon India, Myntra, Ajio, and others. The combolist is being distributed for free through Telegram channels.
Date: 2026-04-08T17:07:25Z
Network: openweb
Published URL: https://crackingx.com/threads/71507/
Screenshots:
None
Threat Actors: CODER
Victim Country: India
Victim Industry: E-commerce
Victim Organization: Multiple (Amazon India, Myntra, Ajio, Bamilo, Snapp Market, Miswag, OpenSooq)
Victim Site: Unknown
Alleged leak of educational institution credentials
Category: Combo List
Content: A threat actor shared a combolist containing 169,000 credentials specifically targeting educational institutions. The actor also advertises selling additional credential lists for various email providers and countries through Telegram contact.
Date: 2026-04-08T16:55:13Z
Network: openweb
Published URL: https://demonforums.net/Thread-169K-EDU-TARGETED-COMBOLIST
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credential list
Category: Combo List
Content: A threat actor shared a mixed email credential list (combolist) for free download on a cybercriminal forum, claiming the data is private, fresh, and verified.
Date: 2026-04-08T16:53:08Z
Network: openweb
Published URL: https://crackingx.com/threads/71505/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement campaign by MR~TNT targeting Kenyan business websites
Category: Defacement
Content: MR~TNT conducted a mass defacement campaign targeting multiple websites including the Kenyan business services company Elizabest Services. The attack occurred on April 8, 2026 and affected a Linux-based web server.
Date: 2026-04-08T16:50:21Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248349
Screenshots:
None
Threat Actors: MR~TNT, No team
Victim Country: Kenya
Victim Industry: Business Services
Victim Organization: Elizabest Services
Victim Site: elizabestservices.co.ke
Alleged distribution of USA and EU credential combolist
Category: Combo List
Content: Threat actor MegaCloudshop shared a combolist containing 3,200 alleged valid email and password combinations from USA and EU users on a cybercrime forum.
Date: 2026-04-08T16:42:06Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3-2K-Usa-EU-Full-Valid-Mix-Just-Top-Quality-08-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed USA and EU credentials
Category: Combo List
Content: A threat actor shared a collection of 3,200 mixed USA and EU credentials on a cybercrime forum, claiming high quality and validity.
Date: 2026-04-08T16:39:55Z
Network: openweb
Published URL: https://crackingx.com/threads/71504/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Vietnam credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 140,000 Vietnam-based credentials on a cybercrime forum. The credentials appear to be offered as a free download to forum members.
Date: 2026-04-08T16:39:23Z
Network: openweb
Published URL: https://pwnforums.st/Thread-140K-Vietnam-HQ-Combolist
Screenshots:
None
Threat Actors: SYCOSUNNY
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of credit card data and financial services
Category: Data Breach
Content: Threat actor selling credit card data with high and low balances for online shopping, payments, carding, and other fraudulent activities. Also offering bank logs, gift cards, and various financial account access services.
Date: 2026-04-08T16:32:54Z
Network: openweb
Published URL: https://xforums.st/threads/tele-terrellwhitte-discord-active24hrs-gmail-sosaboy959-gmail-com-whatsapp-1-425-531-1773.606370/
Screenshots:
None
Threat Actors: misshavisham
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of access to Algerian government Fortinet infrastructure
Category: Initial Access
Content: Threat actor offers paid access to Algerian government Fortinet infrastructure with negotiations conducted through encrypted Qtox messaging.
Date: 2026-04-08T16:31:07Z
Network: openweb
Published URL: https://spear.cx/Thread-VPN-DZ-Algeria-gov-fortinet
Screenshots:
None
Threat Actors: AckLine
Victim Country: Algeria
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: User Kommander0 shared a link to what appears to be a collection of valid Hotmail credentials. The post contains only a file sharing link without additional details about the data size or acquisition method.
Date: 2026-04-08T16:27:07Z
Network: openweb
Published URL: https://crackingx.com/threads/71502/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Romanian credentials combolist
Category: Combo List
Content: A threat actor shared a high-quality combolist containing 105,000 Romanian credentials for free download on a cybercrime forum.
Date: 2026-04-08T16:26:32Z
Network: openweb
Published URL: https://pwnforums.st/Thread-105K-Romania-HQ-Combolist
Screenshots:
None
Threat Actors: SYCOSUNNY
Victim Country: Romania
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Australian credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 117,000 Australian credentials described as ultra high quality (UHQ) on a cybercrime forum. The credentials are being distributed for free through a Telegram group.
Date: 2026-04-08T16:26:17Z
Network: openweb
Published URL: https://pwnforums.st/Thread-117K-Australia-UHQ-Combolist
Screenshots:
None
Threat Actors: SYCOSUNNY
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Taiwan credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 121,000 Taiwan-based credentials on a cybercrime forum. The credentials are described as good quality and made available for free download.
Date: 2026-04-08T16:25:59Z
Network: openweb
Published URL: https://pwnforums.st/Thread-121K-Taiwan-Good-Quality-Combolist
Screenshots:
None
Threat Actors: SYCOSUNNY
Victim Country: Taiwan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of South African credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 124,000 credentials allegedly from South African users on a cybercrime forum, making the data freely available to forum members.
Date: 2026-04-08T16:25:43Z
Network: openweb
Published URL: https://pwnforums.st/Thread-124K-South-Africa-Good-Combolist
Screenshots:
None
Threat Actors: SYCOSUNNY
Victim Country: South Africa
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged exposure of threat actor operating Cobalt Strike, botnets, DDoS stressers, and ransomware forums on personal infrastructure
Category: Cyber Attack
Content: A Russian-language post exposes a threat actor who allegedly operates multiple cybercriminal services from a single IP address registered under their real name and home address. The infrastructure reportedly includes a Cobalt Strike team server, a botnet, DDoS stresser services (stresser.tech and swifty.club), and two ransomware hack forums. The actor allegedly administers these services via a personal Telegram account linked to their personal business card website. DDoS attacks against Russian and US government websites are claimed. A secondary network not registered under their name but referenced on their personal site hosts an additional stresser (swifty.club) and a second ransomware forum.
Date: 2026-04-08T16:25:23Z
Network: telegram
Published URL: https://t.me/c/2138027628/945
Screenshots:
None
Threat Actors: ThorZireael
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email provider credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing email and password combinations for Gmail, Yahoo, and AOL accounts. The post indicates the credentials are fresh and dated 4-8-26, though the content requires registration to view.
Date: 2026-04-08T16:16:23Z
Network: openweb
Published URL: https://crackingx.com/threads/71501/
Screenshots:
None
Threat Actors: Kinglukeman
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed credential combolist containing 35,000 records
Category: Logs
Content: A threat actor shared a mixed credential combolist containing 35,000 unique email and password combinations on a cybercriminal forum.
Date: 2026-04-08T16:07:56Z
Network: openweb
Published URL: https://xforums.st/threads/mix-unique-combo_5_35000.606378/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of VX Case e-commerce store
Category: Data Leak
Content: The Nova Department of BlackAds group allegedly leaked 1TB of data from VX Case, a Brazilian e-commerce store selling cell phone accessories and electronics. The data is being distributed for free via darkweb links.
Date: 2026-04-08T16:05:35Z
Network: openweb
Published URL: https://spear.cx/Thread-Free-Nova-Leaks-Department-of-BlackAds
Screenshots:
None
Threat Actors: ShameLeaks
Victim Country: Brazil
Victim Industry: E-commerce
Victim Organization: VX Case
Victim Site: vxcase.com.br
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor alphaxdd shared a combolist containing 1,205 Hotmail email and password combinations on cybercriminal forum. The credentials are described as valid premium accounts from a private cloud source.
Date: 2026-04-08T16:04:26Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1205x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of mixed credential combolist containing 35,000 records
Category: Combo List
Content: Threat actor distributed a mixed credential combolist containing 35,000 email and password combinations through a cybercrime forum, with additional credentials available through their shop.
Date: 2026-04-08T16:03:27Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-MIX-Unique-Combo-5-35000
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credentials from multiple e-commerce platforms
Category: Combo List
Content: A threat actor is distributing a 9 million record combolist containing email and password combinations allegedly obtained from multiple e-commerce platforms including Taobao, AliExpress, Amazon Japan, and others through Telegram channels.
Date: 2026-04-08T16:01:05Z
Network: openweb
Published URL: https://crackingx.com/threads/71499/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Multiple (Taobao, Tmall, AliExpress, Rakuten, Amazon Japan, Flipkart, Meesho, Digikala, Feel22)
Victim Site: Multiple platforms
Alleged distribution of credential combolist containing 35,000 records
Category: Combo List
Content: A threat actor shared a credential combolist containing 35,000 unique email and password combinations on a cybercrime forum. The post content is restricted to registered forum users only.
Date: 2026-04-08T16:00:50Z
Network: openweb
Published URL: https://crackingx.com/threads/71498/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Querétaro State Water Company in Mexico
Category: Data Breach
Content: Data belonging to approximately 700,000 subscribers of the Querétaro state water utility in Mexico has been put up for sale online. The leaked data reportedly includes names, addresses, phone numbers, debt amounts, water consumption records, service history, and precise locations of some facilities. Additionally, employee details, operational missions, and equipment information are included in the dataset.
Date: 2026-04-08T15:40:33Z
Network: telegram
Published URL: https://t.me/c/1283513914/21076
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Mexico
Victim Industry: Utilities
Victim Organization: Querétaro State Water Company
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: Threat actor shared a combolist containing valid email and password combinations described as UHQ Mix including Hotmail and private cloud credentials via Telegram contact.
Date: 2026-04-08T15:39:54Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X2965-Valid-UHQ-Mix-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor noir allegedly shared a collection of valid Hotmail credentials and mixed account data through Telegram channel. The post advertises high-quality credential lists including private cloud accounts.
Date: 2026-04-08T15:38:24Z
Network: openweb
Published URL: https://crackingx.com/threads/71497/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of martial arts organization by Alpha wolf team (XYZ)
Category: Defacement
Content: The Alpha wolf team conducted a home page defacement attack against martialarts.com.my on April 8, 2026. The attack targeted a Malaysian martial arts website and was attributed to an attacker identified as XYZ.
Date: 2026-04-08T15:32:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831554
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Malaysia
Victim Industry: Sports/Recreation
Victim Organization: Unknown
Victim Site: martialarts.com.my
Website defacement of martial arts organization by Alpha wolf team member XYZ
Category: Defacement
Content: The Alpha wolf team member XYZ defaced the martialarts.com.my website on April 8, 2026. The attack targeted a Malaysian martial arts organizations website hosted on a Linux server.
Date: 2026-04-08T15:31:38Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248345
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Malaysia
Victim Industry: Sports and Recreation
Victim Organization: Unknown
Victim Site: martialarts.com.my
Mass defacement campaign by Alpha wolf team member XYZ targeting notisbod.com
Category: Defacement
Content: The Alpha wolf team conducted a mass defacement campaign on April 8, 2026, targeting notisbod.com among other sites. The attack was executed by team member XYZ against a Linux-based server.
Date: 2026-04-08T15:31:17Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248346
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: notisbod.com
Mass defacement campaign targeting bikewithelena.com by XYZ/Alpha wolf team
Category: Defacement
Content: The XYZ attacker group, operating under the Alpha wolf team, conducted a mass defacement campaign targeting bikewithelena.com on April 8, 2026. This appears to be part of a broader mass defacement operation rather than a targeted attack on the cycling-related website.
Date: 2026-04-08T15:30:55Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248347
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Recreation/Sports
Victim Organization: Bike with Elena
Victim Site: bikewithelena.com
Mass defacement campaign by Alpha wolf team member XYZ
Category: Defacement
Content: The Alpha wolf team conducted a mass defacement campaign targeting multiple websites including a bike tours website. The attack was carried out by an individual identified as XYZ on April 8, 2026.
Date: 2026-04-08T15:30:34Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248348
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Tourism/Recreation
Victim Organization: Unknown
Victim Site: biketours.notisbod.com
Alleged cyber attack on Egyptian oil company WASCO by threat actor Payload
Category: Data Breach
Content: A hacker group calling itself Payload claims to have infiltrated the systems of Egyptian oil company Al-Wustani (WASCO), allegedly exfiltrating approximately 50GB of data. The type of data stolen has not yet been disclosed. The incident was reported on April 7, 2026, and remains unverified. No details on potential damage have been released.
Date: 2026-04-08T15:27:33Z
Network: telegram
Published URL: https://t.me/c/1283513914/21075
Screenshots:
None
Threat Actors: Payload
Victim Country: Egypt
Victim Industry: Oil & Gas
Victim Organization: WASCO (Al-Wustani)
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a sample combolist containing 725 Hotmail email and password combinations on a cybercriminal forum as a free download.
Date: 2026-04-08T15:26:54Z
Network: openweb
Published URL: https://crackingx.com/threads/71496/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Security Incident and Customer Extortion at Anodot
Category: Cyber Attack
Content: A security incident has reportedly occurred at Anodot, a cloud analytics company. Following the breach, reports indicate that a number of the companys customers have been targeted for extortion. Anodot is noted for its connections to various cloud infrastructures and international services, giving it a wide user base. The incident appears to involve data theft and subsequent extortion of affected customers.
Date: 2026-04-08T15:23:10Z
Network: telegram
Published URL: https://t.me/c/1283513914/21074
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Israel
Victim Industry: Technology / Cloud Analytics
Victim Organization: Anodot
Victim Site: anodot.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 735,000 Hotmail credentials on a cybercriminal forum as a free download.
Date: 2026-04-08T15:14:33Z
Network: openweb
Published URL: https://crackingx.com/threads/71495/
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of fresh email account access and combolists for multiple countries
Category: Combo List
Content: A threat actor operating as 4Real is selling fresh, untouched email account access described as mail access restock with configs/combos for multiple countries including France, Italy, United States, United Kingdom, Germany, and Spain. Contact via @xRealWorker for purchase.
Date: 2026-04-08T15:11:23Z
Network: telegram
Published URL: https://t.me/c/2613583520/59934
Screenshots:
None
Threat Actors: 4Real
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Indian email credentials
Category: Combo List
Content: A threat actor shared a combolist containing over 142,000 email and password combinations allegedly from Indian users. The credentials are claimed to be fresh and high quality.
Date: 2026-04-08T15:04:34Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-142-K-%E2%9C%A6-India-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-8-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
✦✦ [ 72 K++ ]✦{ Japan }✦Email:Pass✦FRESH✦Maxi_Leaks✦[ 8-4-2026 ]✦✦
Category: Combo List
Content: New thread posted by CobraEgy: ✦✦ [ 72 K++ ]✦{ Japan }✦Email:Pass✦FRESH✦Maxi_Leaks✦[ 8-4-2026 ]✦✦
Date: 2026-04-08T15:03:48Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-72-K-%E2%9C%A6-Japan-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-8-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credentials combolist
Category: Combo List
Content: Threat actor stormtrooper shared a fresh mixed combolist containing 39,341 credential pairs on cybercriminal forum. The actor also promotes a Telegram channel for additional content distribution.
Date: 2026-04-08T15:03:11Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-39-341-Lines-Fresh-Mix-Combolist
Screenshots:
None
Threat Actors: stormtrooper
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Latvian credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 31,000 email and password combinations allegedly from Latvia. The credentials are claimed to be fresh and high quality, distributed through hidden content requiring forum registration.
Date: 2026-04-08T15:02:33Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-31-K-%E2%9C%A6-Latvia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-8-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Latvia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Israeli credential combolist
Category: Combo List
Content: Threat actor CobraEgy shared a credential combolist containing over 15,000 Israeli email and password combinations on a cybercriminal forum. The actor claims the data is fresh and high quality.
Date: 2026-04-08T15:01:53Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-15-K-%E2%9C%A6-Israel-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-8-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Kenyan email credentials
Category: Combo List
Content: Threat actor CobraEgy shared a combolist containing over 12,000 email and password combinations allegedly from Kenya. The credentials are described as fresh and high quality, distributed through the Maxi_Leaks channel.
Date: 2026-04-08T15:01:13Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-12-K-%E2%9C%A6-Kenya-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-8-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Kenya
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed forum credentials combolist
Category: Combo List
Content: A threat actor shared an 82,000 record credential list (combolist) containing mixed forum credentials. The data appears to be freely distributed through hidden content requiring forum registration to access.
Date: 2026-04-08T15:00:24Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%99%8B-82k-MIX-Base-With-Valid-FORUMS-%E2%99%8B-14
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of business credential combolist containing 11 million entries
Category: Combo List
Content: Threat actor CODER is distributing a business-focused credential combolist containing 11 million entries through Telegram channels. The actor provides free access to combos and related programs through dedicated Telegram groups.
Date: 2026-04-08T14:58:25Z
Network: openweb
Published URL: https://crackingx.com/threads/71492/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist
Category: Combo List
Content: A threat actor shared a fresh mixed combolist containing 39,341 credential combinations through a forum post, with additional content available via Telegram channel.
Date: 2026-04-08T14:58:09Z
Network: openweb
Published URL: https://crackingx.com/threads/71493/
Screenshots:
None
Threat Actors: Browzchel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed forum credentials
Category: Combo List
Content: A threat actor shared a mixed collection of 82,000 forum credentials. The post indicates these are valid credentials from various forum platforms.
Date: 2026-04-08T14:57:52Z
Network: openweb
Published URL: https://crackingx.com/threads/71494/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Italian credentials combolist
Category: Combo List
Content: A threat actor has shared a combolist containing over 503,000 email and password combinations allegedly from Italy. The credentials are described as fresh and high quality.
Date: 2026-04-08T14:48:25Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-503-K-%E2%9C%A6-Italy-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-8-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Indonesian credentials combolist
Category: Combo List
Content: Threat actor CobraEgy shared a combolist containing over 152,000 Indonesian email and password combinations on a cybercriminal forum. The credentials are claimed to be fresh and high quality.
Date: 2026-04-08T14:47:48Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%A6%E2%9C%A6-152-K-%E2%9C%A6-Indonesia-%E2%9C%A6Email-Pass%E2%9C%A6FRESH%E2%9C%A6Maxi-Leaks%E2%9C%A6-8-4-2026-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist
Category: Combo List
Content: A threat actor shared a credential combolist titled X2316 HQ Mix containing email and password combinations from various sources. The content is hidden behind registration requirements on the cybercriminal forum.
Date: 2026-04-08T14:46:58Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9A%A1%E2%9A%A1-X2316-HQ-Mix-%E2%9A%A1%E2%9A%A1-BY-Steveee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Maxi_Leaks credential logs
Category: Data Leak
Content: Threat actor CobraEgy shared an 11.82 GB collection of credential logs labeled as Maxi_Leaks on a cybercrime forum. The logs are described as fresh and high quality, containing username and password combinations.
Date: 2026-04-08T14:46:37Z
Network: openweb
Published URL: https://demonforums.net/Thread-Request-%E2%9C%A6%E2%9C%A6-LOG-S-%E2%9C%A6%E2%9C%A6-Maxi-Leaks-%E2%9C%A6%E2%9C%A6-8-4-2026-%E2%9C%A6%E2%9C%A6-11-82-GB-%E2%9C%A6%E2%9C%A6
Screenshots:
None
Threat Actors: CobraEgy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 5,000 mixed email credentials described as fresh and high quality on a cybercrime forum.
Date: 2026-04-08T14:45:33Z
Network: openweb
Published URL: https://crackingx.com/threads/71491/
Screenshots:
None
Threat Actors: Lexser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of SMTP credential combolist containing 14 million records
Category: Combo List
Content: Threat actor CODER is distributing a combolist containing 14 million SMTP credentials through Telegram channels. The credentials are being shared for free through dedicated Telegram groups for combos and programs.
Date: 2026-04-08T14:01:35Z
Network: openweb
Published URL: https://crackingx.com/threads/71490/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Airbus SE source code
Category: Data Leak
Content: User AckLine allegedly leaked 16GB of compressed Airbus SE source code containing 1,220 directories and 6,207 files through a file sharing service.
Date: 2026-04-08T13:59:31Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SOURCE-CODE-Airbus-Artifactory–187959
Screenshots:
None
Threat Actors: AckLine
Victim Country: France
Victim Industry: Aerospace
Victim Organization: Airbus SE
Victim Site: airbus.com
Alleged leak of Hotmail credentials
Category: Logs
Content: Threat actor shared a combolist containing 1,300 valid Hotmail email credentials on a cybercrime forum.
Date: 2026-04-08T13:53:14Z
Network: openweb
Published URL: https://xforums.st/threads/1-3k-full-valid-hotmail-hits-08-04.606357/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed credential combolist
Category: Logs
Content: A threat actor shared a mixed credential combolist containing 35,000 email and password combinations on a cybercrime forum.
Date: 2026-04-08T13:52:39Z
Network: openweb
Published URL: https://xforums.st/threads/mix-unique-combo_4_35000.606360/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor shared a combolist containing 1,300 valid Hotmail email and password combinations on cybercrime forum. The credentials are being distributed for free download to registered forum members.
Date: 2026-04-08T13:49:44Z
Network: openweb
Published URL: https://demonforums.net/Thread-1-3K-Full-Valid-HOTMAIL-HITS-08-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of mixed credential combolist containing 35,000 records
Category: Combo List
Content: Threat actor shared a mixed credential combolist containing 35,000 email and password combinations on cybercriminal forum. The actor also advertises a shop selling additional combo lists from various countries.
Date: 2026-04-08T13:48:45Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-MIX-Unique-Combo-4-35000
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor shared a combolist containing 1,300 allegedly valid Hotmail email credentials on a cybercrime forum. The credentials are described as full valid hits indicating they may be recently tested and functional.
Date: 2026-04-08T13:46:57Z
Network: openweb
Published URL: https://crackingx.com/threads/71488/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of credential combolist containing 35,000 records
Category: Combo List
Content: A threat actor is allegedly distributing a credential combolist containing 35,000 unique username and password combinations on a cybercriminal forum.
Date: 2026-04-08T13:46:40Z
Network: openweb
Published URL: https://crackingx.com/threads/71489/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of US personal identity data and document scanning services
Category: Data Breach
Content: Cybercriminal selling comprehensive US personal identity data including SSN, DOB, drivers license numbers, and background checks for $1 per lookup through an unlimited API service.
Date: 2026-04-08T13:24:37Z
Network: openweb
Published URL: https://crackingx.com/threads/71487/
Screenshots:
None
Threat Actors: Dataline24
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of Eastern European credential combolist
Category: Combo List
Content: Threat actor distributes a free combolist containing 8 million email:password credentials allegedly from Bulgaria, Serbia, Croatia, Czechia, Slovakia, Slovenia, Lithuania, Latvia, Estonia, and Iceland through Telegram channels.
Date: 2026-04-08T13:14:14Z
Network: openweb
Published URL: https://crackingx.com/threads/71486/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credentials from multiple countries
Category: Combo List
Content: A threat actor leaked a combolist containing 3,185 email credentials from France, United States, Poland, and Italy for free download on a cybercrime forum.
Date: 2026-04-08T13:01:49Z
Network: openweb
Published URL: https://crackingx.com/threads/71485/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 5,305 mixed email credentials for free download on a cybercriminal forum.
Date: 2026-04-08T12:51:27Z
Network: openweb
Published URL: https://crackingx.com/threads/71484/
Screenshots:
None
Threat Actors: NotSellerxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of residential proxy services as 911 alternative
Category: Initial Access
Content: Threat actor yuefan advertises discounted residential proxy services including dynamic and short-duration IPs as an alternative to 911 proxy service. The actor promotes multiple proxy providers including 711proxy, b2proxy, ipweb, ipwo, cliproxy, lokiproxy, and 9proxy.
Date: 2026-04-08T12:50:03Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-Dynamic-Residential-IPs-Short-Duration-Residential-IPs-911-Alternative
Screenshots:
None
Threat Actors: yuefan
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist
Category: Combo List
Content: Actor COYTO shared a combolist containing 3,000 mixed email and password combinations through a free download link on a cybercrime forum.
Date: 2026-04-08T12:40:36Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3K-MIXED-ACCESS-PRIVATE
Screenshots:
None
Threat Actors: COYTO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor HollowKnight07 shared a sample of 970 Hotmail credentials as a free download on CrackingX forum. This appears to be a credential list or combolist containing email and password combinations.
Date: 2026-04-08T12:39:31Z
Network: openweb
Published URL: https://crackingx.com/threads/71483/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
National Guard to assist Winona County following cyberattack
Category: Cyber Attack
Content: Le gouverneur du Minnesota, Tim Walz, a autorisé la Garde nationale à fournir une assistance durgence au comté de Winona suite à une cyberattaque survenue le lundi 7 avril 2026. Cette attaque, qui sest prolongée jusquau mardi, a considérablement entravé la capacité du comté à fournir des services municipaux et durgence essentiels. Les autorités locales collaborent avec diverses agences, notamment le FBI et des experts en cybersécurité, pour sécuriser les opérations, alors que le comté avait déjà subi une attaque par ransomware en janvier.
Date: 2026-04-08T12:39:28Z
Network: openweb
Published URL: https://www.kttc.com/2026/04/07/national-guard-assist-winona-county-following-cyberattack/
Screenshots:
None
Threat Actors:
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Winona County
Victim Site: winonacounty.gov
Aanval op ChipSoft heeft grote impact op zorginstellingen – Computable.nl
Category: Cyber Attack
Content: Un grave cyberattaque ciblant ChipSoft, fournisseur majeur de dossiers médicaux électroniques aux Pays-Bas, a conduit onze onze hôpitaux à déconnecter leurs portails par précaution. Bien que le type exact de lattaque ne soit pas officiellement confirmé par lentreprise, des rapports internes suggèrent fortement lutilisation de ransomware, avec un risque potentiel de vol de données patients. Cette incident, qui touche environ trois quarts des hôpitaux néerlandais, suscite des craintes majeures concernant limpact sur la continuité des soins et la sécurité des informations de santé.
Date: 2026-04-08T12:39:26Z
Network: openweb
Published URL: https://www.computable.nl/2026/04/08/aanval-op-chipsoft-heeft-grote-impact-op-zorginstellingen/
Screenshots:
None
Threat Actors:
Victim Country: Netherlands
Victim Industry: Unknown
Victim Organization: ChipSoft
Victim Site: chipsoft.nl
Alleged Cyber Attack on Indias Water Supply Infrastructure and Government Systems by Infrastructure Destruction Squad
Category: Cyber Attack
Content: A threat actor group calling themselves Infrastructure Destruction Squad claims to have successfully compromised Indian critical infrastructure including water supply systems, reservoir monitoring systems, power grid systems, and government servers responsible for energy development and citizen services. They claim to have already cut off water supply to one village for 3 days as a warning, and threaten to simultaneously disrupt water supply to hundreds of villages. They possess detailed data including reservoir water levels (main reservoir 39,000L, north 24,000L, south 11,250L, east 18,000L), village council health metrics, regional asset details across Maharashtra, Karnataka, and Punjab, and government development plan progress (JJM water scheme 64%, RDSS power scheme 70%, PMGSY roads 60%). The post includes a photo as proof.
Date: 2026-04-08T12:35:24Z
Network: telegram
Published URL: https://t.me/c/2735908986/3950
Screenshots:
None
Threat Actors: Infrastructure Destruction Squad
Victim Country: India
Victim Industry: Critical Infrastructure / Government
Victim Organization: Indian Water Supply and Power Grid Infrastructure
Victim Site: Unknown
Alleged leak of SAT database
Category: Data Leak
Content: Threat actor Sc0rp10nn leaked a private SAT database containing 6.5 million records for free after claiming third parties were monetizing their previously extracted data. The actor states the data was originally extracted in 2024 and includes timestamp tampering techniques to deceive tracking.
Date: 2026-04-08T12:27:08Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-SAT-DATABASE
Screenshots:
None
Threat Actors: Sc0rp10nn
Victim Country: Unknown
Victim Industry: Education
Victim Organization: SAT
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a link to what they claim is a high-quality private Hotmail credential list. The data is being distributed for free download via a paste site.
Date: 2026-04-08T12:17:15Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-HQ-HOTMAIL-PRIVATE
Screenshots:
None
Threat Actors: WINGO
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of mixed email credential combos via D4rkNetHub
Category: Combo List
Content: Threat actor D4rkNetHub is selling a combolist containing 37,020 email:password credentials described as ValidMail MIXED GOODS through their cloud service with subscription pricing ranging from $10-50.
Date: 2026-04-08T12:16:38Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-37-020-ValidMail-MIXED-GOODS-D4RKNETHUB-CLOUD-2026-04-08
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor leaked a combolist containing 37,020 mixed email credentials with validity extending to April 2026. The data was shared on a cybercriminal forum focused on credential lists and compromised data.
Date: 2026-04-08T12:15:32Z
Network: openweb
Published URL: https://crackingx.com/threads/71482/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 5 billion credential records
Category: Combo List
Content: Threat actor zod allegedly leaked 5 billion ULP (username/login/password) records on a cracking forum. The leaked credential data is being distributed through a public Telegram channel.
Date: 2026-04-08T12:05:24Z
Network: openweb
Published URL: https://crackingx.com/threads/71481/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Ticketmaster Database by ShinyHunters
Category: Data Breach
Content: Threat actor ShinyHunters is allegedly selling a massive Ticketmaster dataset priced at $25,000 (negotiable to $10,000 for direct deal). The alleged dataset includes 980 million sales orders, 680 million order details, 1.2 billion party lookup records, 440 million unique email addresses, 4 million uncased/deduped records, 560 million AVS detail records, and 400 million encrypted credit card details with partial information. Contact via Telegram and onion DLS site provided.
Date: 2026-04-08T12:02:10Z
Network: telegram
Published URL: https://t.me/c/3737716184/901
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Entertainment / Ticketing
Victim Organization: Ticketmaster
Victim Site: Unknown
Alleged leak of phone number and password credentials
Category: Combo List
Content: A threat actor is sharing a private combolist containing phone numbers paired with passwords. The post indicates this is high quality private data being made available on a cracking forum.
Date: 2026-04-08T11:55:10Z
Network: openweb
Published URL: https://crackingx.com/threads/71477/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential combolist with 35,000 records
Category: Combo List
Content: A threat actor named UniqueCombo allegedly distributed a credential combolist containing 35,000 unique email and password combinations on a cybercriminal forum.
Date: 2026-04-08T11:54:48Z
Network: openweb
Published URL: https://crackingx.com/threads/71478/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor named FlashCloud2 allegedly shared a list of 660 Hotmail credentials on a cybercriminal forum. The post requires registration to view the full content.
Date: 2026-04-08T11:54:34Z
Network: openweb
Published URL: https://crackingx.com/threads/71479/
Screenshots:
None
Threat Actors: FlashCloud2
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of mixed credential combolist containing 35,000 records
Category: Combo List
Content: A threat actor is distributing a mixed credential combolist containing 35,000 email and password combinations on a cybercrime forum. The actor also promotes a shop selling combos from various countries.
Date: 2026-04-08T11:54:30Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-MIX-Unique-Combo-3-35000
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of WordPress credentials
Category: Combo List
Content: A threat actor is distributing WordPress credentials containing valid URLs and login/password combinations. The post indicates these are verified working credentials for WordPress sites.
Date: 2026-04-08T11:54:17Z
Network: openweb
Published URL: https://crackingx.com/threads/71480/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: WordPress
Victim Site: Unknown
Alleged session ID hijacking service offered on cybercrime forum
Category: Services
Content: A threat actor is advertising a session ID hijacking service on PwnForums, claiming the ability to hijack any session IDs with additional information for $5,000 USD in XMR. The service is marketed as account recovery for alleged educational purposes.
Date: 2026-04-08T11:53:19Z
Network: openweb
Published URL: https://pwnforums.st/Thread-Session-ID-Hijacking-Service
Screenshots:
None
Threat Actors: 0BITS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Argentine government VPN access
Category: Initial Access
Content: Threat actor AckLine is allegedly selling access to an Argentine government VPN system using Fortinet technology for $400. Additional details are being shared through encrypted Qtox messaging.
Date: 2026-04-08T11:45:24Z
Network: openweb
Published URL: https://spear.cx/Thread-VPN-AR-Gov-vpn-access
Screenshots:
None
Threat Actors: AckLine
Victim Country: Argentina
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of European and US credential combolists
Category: Combo List
Content: Threat actor distributing credential combolists claimed to be valid and high quality, targeting users from Europe and the United States.
Date: 2026-04-08T11:42:38Z
Network: openweb
Published URL: https://crackingx.com/threads/71476/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Instituto Tecnológico del Sur de Guanajuato by MagoSpeak
Category: Data Leak
Content: Threat actor MagoSpeak claims to have leaked personal data of 514 individuals associated with Instituto Tecnológico del Sur de Guanajuato, a Mexican technical institute. The leaked data allegedly includes full names, paternal and maternal surnames, landline and mobile phone numbers, dates of birth, Gmail addresses, gender, age, CURP (Clave Única de Registro de Población — Mexican national ID), UID, application folios and status, birth entity, nationality, school campus identifiers (ID Plantel, Clave Plantel SIGED), academic records (GPA, total periods), indigenous language status, disability status, financial aid amounts, municipality violence and marginalization indicators, and more.
Date: 2026-04-08T11:39:19Z
Network: telegram
Published URL: https://t.me/c/3764001014/100
Screenshots:
None
Threat Actors: MagoSpeak
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Instituto Tecnológico del Sur de Guanajuato
Victim Site: Unknown
Alleged sale of mail access credentials and combolists across multiple countries
Category: Combo List
Content: Multiple threat actors in a marketplace channel are selling private cloud Hotmail access, geo-targeted combolists, and mail account credentials for platforms including Walmart, eBay, Kleinanzeigen, Reddit, Poshmark, Vinted, Uber, and Marriott. Coverage spans US, UK, CA, FR, IT, DE, BR, JP, PL, RU, ES, MX, SG and more. Sellers claim UHQ/HQ quality, untouched and fresh accounts, with keyword search capability.
Date: 2026-04-08T11:37:19Z
Network: telegram
Published URL: https://t.me/c/2613583520/59909
Screenshots:
None
Threat Actors: 4Real
Victim Country: Unknown
Victim Industry: Multiple (E-commerce, Telecommunications, Hospitality)
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Instituto Tecnológico del Valle de Oaxaca student records
Category: Data Leak
Content: A threat actor operating under the alias MagoSpeak claims to have leaked data belonging to 678 individuals associated with Instituto Tecnológico del Valle de Oaxaca, a Mexican technical institute. The leaked dataset allegedly contains extensive PII including full names, paternal and maternal surnames, landline and mobile phone numbers, dates of birth, Gmail addresses, gender, age, CURP (unique population registry code), UID, academic enrollment details (folio, status, school key, GPA, academic periods), birth entity, nationality, school campus identifiers, indigenous language status, disability status, financial aid amounts received, and municipality-level violence and marginalization indicators.
Date: 2026-04-08T11:34:05Z
Network: telegram
Published URL: https://t.me/c/3764001014/98
Screenshots:
None
Threat Actors: MagoSpeak
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Instituto Tecnológico del Valle de Oaxaca
Victim Site: Unknown
Alleged sharing of credential combolist in ULP format
Category: Combo List
Content: Forum user gsmfix shared a credential combolist in URL:LOGIN:PASS (ULP) format, advertised as high quality and private. The post appears to be offering free access to the credential list rather than selling it.
Date: 2026-04-08T11:32:26Z
Network: openweb
Published URL: https://crackingx.com/threads/71474/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of USA and Europe credential combolist
Category: Combo List
Content: A threat actor shared an exclusive combolist containing credentials from users in the USA and Europe. The post indicates this is a mixed collection of credential hits from multiple sources across these regions.
Date: 2026-04-08T11:32:06Z
Network: openweb
Published URL: https://crackingx.com/threads/71475/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Georgia citizenship database
Category: Data Leak
Content: A threat actor shared a citizenship database allegedly containing personal information of 4.9 million Georgian citizens from approximately 2012. The leaked data includes ID numbers, names, dates of birth, physical addresses, and phone numbers.
Date: 2026-04-08T11:31:27Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Citizenship-of-Georgia-4-9M
Screenshots:
None
Threat Actors: Tanaka
Victim Country: Georgia
Victim Industry: Government
Victim Organization: Government of Georgia
Victim Site: Unknown
Alleged data breach of Oncologica and Debene
Category: Data Breach
Content: Threat actor TiMc claims to have breached oncologica.com and debene.com, advertising over 500GB of data with file previews available and full data release planned after a countdown. The actor operates a dark web leak site and indicates more corporate victims are waiting to be released.
Date: 2026-04-08T11:30:40Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DOCUMENTS-oncologica-com-debene-com-DATA-BREACH-500GB-TT
Screenshots:
None
Threat Actors: TiMc
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Oncologica and Debene
Victim Site: oncologica.com, debene.com
Alleged data leak of Instituto Tecnológico del Valle de Etla student records
Category: Data Leak
Content: A threat actor operating under the alias MagoSpeak claims to have leaked personal data of 1,110 individuals associated with Instituto Tecnológico del Valle de Etla, a Mexican technical educational institution. The leaked data allegedly includes full names, phone numbers (landline and mobile), dates of birth, Gmail addresses, gender, age, CURP (national ID number), UIDs, enrollment folios, application status, birth entity, nationality, school campus details, indigenous language status, disability information, financial aid amounts, and municipality-level socioeconomic indicators.
Date: 2026-04-08T11:30:29Z
Network: telegram
Published URL: https://t.me/c/3764001014/96
Screenshots:
None
Threat Actors: MagoSpeak
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Instituto Tecnológico del Valle de Etla
Victim Site: Unknown
Alleged Cyber Intrusion into University Hospitals of Leicester NHS Trust Parking Payment System by NoName057(16)
Category: Cyber Attack
Content: NoName057(16) via their DDoSia Project volunteers claims to have gained unauthorized access to the CAME Parkare parking payment terminal system at University Hospitals of Leicester NHS Trust in Leicester, UK. The group alleges they can monitor all license plates of vehicles entering the hospital car park in real time. The post is politically motivated, referencing OpGreatBritain and pro-Russia messaging. The group is also recruiting volunteers with crypto rewards.
Date: 2026-04-08T11:29:57Z
Network: telegram
Published URL: https://t.me/c/3087552512/1692
Screenshots:
None
Threat Actors: NoName057(16)
Victim Country: United Kingdom
Victim Industry: Healthcare
Victim Organization: University Hospitals of Leicester NHS Trust
Victim Site: Unknown
Alleged data leak of Instituto Tecnológico de Estudios Superiores de Purépecha
Category: Data Leak
Content: Threat actor MagoSpeak claims to have leaked personal data of 1,404 individuals from Instituto Tecnológico de Estudios Superiores de Purépecha, a Mexican higher education institution. The leaked data allegedly includes full names, paternal and maternal surnames, landline and mobile phone numbers, dates of birth, Gmail addresses, gender, age, CURP (unique population registry code), UID, enrollment folios, application status, birth entity, nationality, school campus details, indigenous language status, disability information, financial aid amounts, municipality violence/marginalization indicators, and academic records.
Date: 2026-04-08T11:25:31Z
Network: telegram
Published URL: https://t.me/c/3764001014/94
Screenshots:
None
Threat Actors: MagoSpeak
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Instituto Tecnológico de Estudios Superiores de Purépecha
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 572 Hotmail email and password combinations on a cybercrime forum.
Date: 2026-04-08T11:21:24Z
Network: openweb
Published URL: https://crackingx.com/threads/71472/
Screenshots:
None
Threat Actors: lpbPrivate
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of fraudulent identity documents and business registration materials
Category: Data Breach
Content: Threat actor offers fraudulent identity documents including driver licenses, SSNs, passports, and business registration materials through direct messaging contact.
Date: 2026-04-08T10:59:52Z
Network: openweb
Published URL: https://crackingx.com/threads/71471/
Screenshots:
None
Threat Actors: jannatmirza11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged surge in AI-powered cyberattacks targeting the United Arab Emirates
Category: Cyber Attack
Content: The United Arab Emirates has reported a significant increase in cyberattacks intensifying alongside regional tensions. A large portion of these attacks are conducted using AI-powered tools. The attacks include phishing campaigns, vulnerability reconnaissance, and malware development, reportedly occurring at a rate of hundreds of thousands of incidents daily.
Date: 2026-04-08T10:59:39Z
Network: telegram
Published URL: https://t.me/c/1283513914/21072
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: United Arab Emirates
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged cybercriminal services offering website manipulation and phishing campaigns
Category: Initial Access
Content: Threat actor SEO_killers advertises various cybercriminal services including website removal from search results, DMCA abuse, website blocking, and phishing campaign development with prices ranging from $200-$500. The actor provides contact information via Telegram for coordination of these illegal activities.
Date: 2026-04-08T10:39:12Z
Network: openweb
Published URL: https://crackingx.com/threads/71470/
Screenshots:
None
Threat Actors: SEO_killers
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of USA mail access credentials
Category: Logs
Content: A threat actor shared 1,300 allegedly fresh and valid email access credentials from USA users dated April 8th on an underground forum specializing in mail access and credential lists.
Date: 2026-04-08T10:31:08Z
Network: openweb
Published URL: https://xforums.st/threads/1-3k-usa-fresh-full-valid-mail-access-08-04.606346/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of USA email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 1,300 allegedly fresh and valid USA email credentials with full mail access on a cybercriminal forum.
Date: 2026-04-08T10:28:15Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1-3K-USA-Fresh-Full-VALID-Mail-Access-08-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of USA email credentials
Category: Combo List
Content: A threat actor shared a collection of 1,300 allegedly fresh and valid USA email credentials on an underground forum. The content is hidden and available only to registered forum users.
Date: 2026-04-08T10:28:10Z
Network: openweb
Published URL: https://crackingx.com/threads/71469/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German email credentials
Category: Combo List
Content: A threat actor shared access to approximately 16,000 German email credentials dated April 8th on a cybercrime forum. The credentials are described as fresh and valid mail access.
Date: 2026-04-08T10:17:33Z
Network: openweb
Published URL: https://crackingx.com/threads/71468/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Cisco Source Code by ShinyHunters
Category: Data Breach
Content: Threat actor ShinyHunters is allegedly selling 500k lines of Cisco source code for $10,000 USD. Contact provided via Telegram handle @shinyc0rpsss.
Date: 2026-04-08T10:14:21Z
Network: telegram
Published URL: https://t.me/c/3737716184/900
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: United States
Victim Industry: Technology
Victim Organization: Cisco
Victim Site: cisco.com
Website defacement of Kalmarland by XmrAnonye.id team member Irene
Category: Defacement
Content: The XmrAnonye.id team, specifically member Irene, conducted a mass defacement attack targeting the Kalmarland website. This incident represents a redefacement of the site, indicating previous compromise activity.
Date: 2026-04-08T09:59:32Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248344
Screenshots:
None
Threat Actors: Irene, XmrAnonye.id
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Kalmarland
Victim Site: www.kalmarland.com
Alleged leak of mixed email credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 27,000 fresh valid email credentials from mixed sources on an underground forum. The credentials are being distributed as free content to forum members.
Date: 2026-04-08T09:56:21Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-27K-Fresh-Valid-Mail-Access-MIX-08-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 27,000 allegedly fresh and valid email credentials from mixed sources. The credentials are being distributed through a forum thread with hidden content accessible to registered users.
Date: 2026-04-08T09:54:11Z
Network: openweb
Published URL: https://crackingx.com/threads/71466/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of ULP credential data
Category: Logs
Content: Threat actor MrKordy shared fresh ULP credential data via file hosting service. The data is being distributed for free download rather than sold.
Date: 2026-04-08T09:53:51Z
Network: openweb
Published URL: https://darkforums.su/Thread-Fresh-Lines-ULP-Today-8-APRIL-%E2%80%94
Screenshots:
None
Threat Actors: MrKordy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Philippine customer and citizen records
Category: Data Leak
Content: Threat actor KurdFemboys leaked a dataset containing 13 million records of Philippine customers, citizens, and companies including emails, phone numbers, hashed passwords, and physical addresses. The leak also includes data from international entities such as Citibank and state.gov, described as batch-1 of a larger release.
Date: 2026-04-08T09:53:23Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-13-Million-Philippine-costumers-citizens-companies–72713
Screenshots:
None
Threat Actors: KurdFemboys
Victim Country: Philippines
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Cyber Threat by Handala Against Former IDF Chief of Staff Herzi Halevi
Category: Cyber Attack
Content: Hacktivist group Handala posted a direct threat targeting former Chief of the General Staff of the Israeli Defense Forces, General Herzi Halevi. The message claims Handala has the target under intelligence umbrella surveillance and warns of an imminent exposure/doxing operation, stating You will only be informed at the time of exposure… Soon…
Date: 2026-04-08T09:50:51Z
Network: telegram
Published URL: https://t.me/c/3548035165/140
Screenshots:
None
Threat Actors: Handala
Victim Country: Israel
Victim Industry: Government & Defense
Victim Organization: Israel Defense Forces
Victim Site: Unknown
Alleged Data Breach of Egyptian National Organization for Social Insurance by Keymous+
Category: Data Breach
Content: Threat actor group Keymous+ claims to have leaked 20,000 records belonging to the Egyptian National Organization for Social Insurance. The breach is documented via a third-party breach alert site (brinztech.com). A separate claim regarding health systems access across Africa and Asia is also referenced via a DailyDarkWeb Twitter post.
Date: 2026-04-08T09:50:12Z
Network: telegram
Published URL: https://t.me/KeymousTG/1060
Screenshots:
None
Threat Actors: Keymous+
Victim Country: Egypt
Victim Industry: Government / Social Insurance
Victim Organization: Egyptian National Organization for Social Insurance
Victim Site: Unknown
Alleged Initial Access to Health Management Information Systems Across Africa and Asia by Keymous Plus
Category: Initial Access
Content: The threat actor group Keymous Plus has claimed and shared information regarding alleged access to Health Management Information Systems (HMIS / DHSI panels) affecting multiple countries across Africa and Asia. The claim was shared directly with the Daily Dark Web (DDW) team. This represents a critical exposure of healthcare administrative infrastructure across multiple nations.
Date: 2026-04-08T09:49:45Z
Network: telegram
Published URL: https://t.me/c/2588114907/1059
Screenshots:
None
Threat Actors: Keymous Plus
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credentials from multiple regions
Category: Combo List
Content: A threat actor shared a combolist containing 9,000 email credentials allegedly from USA, EU, Asia, and Russia dated April 8th. The credentials are described as fresh and valid email access.
Date: 2026-04-08T09:43:42Z
Network: openweb
Published URL: https://crackingx.com/threads/71464/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German credential data
Category: Combo List
Content: A threat actor shared a combolist containing 39,027 German credentials on a cybercrime forum. The data appears to be freely distributed rather than sold.
Date: 2026-04-08T09:43:28Z
Network: openweb
Published URL: https://crackingx.com/threads/71465/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of lacasadelpensionado.com by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR defaced the lacasadelpensionado.com website on April 8, 2026. The attack targeted what appears to be a retirement or elderly care facility website.
Date: 2026-04-08T09:37:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831494
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Healthcare/Social Services
Victim Organization: Casa del Pensionado
Victim Site: lacasadelpensionado.com
Alleged Russia-Iran Cyber and Intelligence Cooperation Targeting Middle East Infrastructure
Category: Cyber Attack
Content: Ukraine claims Russia has been providing satellite imagery and cyber support to Iran to assist in targeting attacks in the Middle East, with some targets reportedly struck following this intelligence sharing. The report also alleges collaboration between Russian and Iranian hacker groups in cyberattacks against infrastructure. Iranian cyber experts dismiss these claims as attempts to downplay Irans independent cyber capabilities.
Date: 2026-04-08T09:22:31Z
Network: telegram
Published URL: https://t.me/c/1283513914/21071
Screenshots:
None
Threat Actors: Russian hacker groups
Victim Country: Unknown
Victim Industry: Critical Infrastructure
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of mechta-nsk.ru by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Russian website mechta-nsk.ru on April 8, 2026, targeting the readme.txt file.
Date: 2026-04-08T09:20:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831490
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: mechta-nsk.ru
Alleged data leak of EasyTick ticket trading platform
Category: Data Leak
Content: Threat actor testhack90 shared a data breach of French ticket trading platform EasyTick from December 2025, making the content available behind a registration wall on PwnForums.
Date: 2026-04-08T09:19:21Z
Network: openweb
Published URL: https://pwnforums.st/Thread-FR-easytick-com
Screenshots:
None
Threat Actors: testhack90
Victim Country: France
Victim Industry: Entertainment/Ticketing
Victim Organization: EasyTick
Victim Site: easytick.com
Website defacement of venusoman.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced venusoman.com on April 8, 2026, targeting a specific page rather than conducting a mass defacement campaign.
Date: 2026-04-08T09:13:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831484
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Oman
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: venusoman.com
Website defacement of atmosfera54.ru by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Russian website atmosfera54.ru on April 8, 2026, targeting a readme.txt file on the domain.
Date: 2026-04-08T09:13:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831485
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: atmosfera54.ru
Alleged leak of stealer logs and credential data
Category: Combo List
Content: A threat actor shared a collection of 1,700 mixed stealer logs containing credential data through a file sharing service.
Date: 2026-04-08T09:10:11Z
Network: openweb
Published URL: https://crackingx.com/threads/71463/
Screenshots:
None
Threat Actors: fatetraffic
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed stealer logs collection
Category: Logs
Content: Threat actor fatetraffic made available a collection of 1,700 mixed stealer logs through a file sharing platform. The logs appear to be freely distributed without mention of payment.
Date: 2026-04-08T09:09:42Z
Network: openweb
Published URL: https://darkforums.su/Thread-%F0%9F%93%97-FATETRAFFIC-1700-MIX-08-04-2026-STEALER-LOGS
Screenshots:
None
Threat Actors: fatetraffic
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of tweegrupo.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced a specific page on tweegrupo.com on April 8, 2026. This was a targeted single-page defacement rather than a mass attack or homepage compromise.
Date: 2026-04-08T09:01:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831483
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Twee Grupo
Victim Site: tweegrupo.com
Alleged Cyber Attack and Data Breach of SAI LILAGAR POWER GENERATION LIMITED, India
Category: Data Breach
Content: A threat actor operating under Infrastructure Destruction Squad formally announced the successful compromise of SAI LILAGAR POWER GENERATION LIMITED, an Indian power generation company. The actor claims to have exfiltrated extensive sensitive operational data including: power generation schedules (blocks 41-53+), instantaneous and average grid frequency data (49.93–50.13 Hz), generation/dispatch/consumption metrics (DC MW, SG MW, Net AG MW), deviation and regulation data, APC max power limits, market electricity pricing (0.70–2.78 currency units), fuel rates and charges, net profit/loss per time block, decision aspect ratios (88%/100%/112%), target MW values, and real-time instantaneous data (apparent power, gas turbine output, generator output, reactive power MVAR). The actor also claims possession of future block operational data (blocks 46–49), indicating advance knowledge of plant operations. The post highlights grid instability indicators including negative output power values (up to -19.10 MW) suggesting the plant was drawing from the grid rather than supplying it.
Date: 2026-04-08T08:56:48Z
Network: telegram
Published URL: https://t.me/c/2735908986/3944
Screenshots:
None
Threat Actors: Infrastructure Destruction Squad
Victim Country: India
Victim Industry: Energy / Power Generation
Victim Organization: SAI LILAGAR POWER GENERATION LIMITED
Victim Site: Unknown
Alleged Cyber Operation Targeting Armenia by Wolves of Turan (#opArmenia)
Category: Cyber Attack
Content: The hacktivist group Wolves of Turan posted a threatening message with a photo stating Today it will be hot in Armenia, tagged with #opArmenia, suggesting an imminent coordinated cyber attack campaign targeting Armenian infrastructure or organizations.
Date: 2026-04-08T08:41:31Z
Network: telegram
Published URL: https://t.me/c/3631190028/77
Screenshots:
None
Threat Actors: Wolves of Turan
Victim Country: Armenia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor alphaxdd shared a combolist containing 1,154 allegedly valid Hotmail email and password combinations on cybercriminal forums. The credentials are described as premium quality from a private cloud source.
Date: 2026-04-08T08:37:41Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-1154x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged APT28 Cyber Espionage Campaign Targeting German Military and Government Infrastructure
Category: Cyber Attack
Content: Germany has issued a warning about an increase in cyberattacks by Russian threat group APT28. The group is exploiting vulnerable TP-Link routers to conduct espionage operations against military, government, and critical infrastructure targets. APT28 has previously conducted attacks against entities in Germany.
Date: 2026-04-08T08:37:31Z
Network: telegram
Published URL: https://t.me/c/1283513914/21069
Screenshots:
None
Threat Actors: APT28
Victim Country: Germany
Victim Industry: Government, Military, Critical Infrastructure
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 13,000 allegedly valid Hotmail email and password combinations on a cybercrime forum.
Date: 2026-04-08T08:36:05Z
Network: openweb
Published URL: https://crackingx.com/threads/71461/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor alphaxdd leaked a combolist containing 1,154 Hotmail email and password combinations on a cybercrime forum. The credentials are described as premium hits and are being distributed for free download.
Date: 2026-04-08T08:35:23Z
Network: openweb
Published URL: https://crackingx.com/threads/71462/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of mixed credential combolist containing 35,000 records
Category: Logs
Content: A threat actor distributed a mixed credential combolist containing 35,000 unique email and password combinations on a cybercriminal forum.
Date: 2026-04-08T08:27:21Z
Network: openweb
Published URL: https://xforums.st/threads/mix-unique-combo_2_35000.606335/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed credential combolist containing 35,000 records
Category: Combo List
Content: A threat actor shared a mixed credential combolist containing 35,000 email and password combinations. The actor also promotes a shop offering combos from various countries.
Date: 2026-04-08T08:24:35Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-MIX-Unique-Combo-2-35000
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sharing of credential combolist with 35,000 records
Category: Combo List
Content: A threat actor named UniqueCombo allegedly shared a credential combolist containing 35,000 unique username and password combinations on a cybercriminal forum specializing in credential dumps and combolists.
Date: 2026-04-08T08:23:03Z
Network: openweb
Published URL: https://crackingx.com/threads/71460/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of pmskaliyana.edu.in by OpsShadowStrike
Category: Defacement
Content: The hacktivist group #OpsShadowStrike, in collaboration with multiple Malaysian hacktivist groups including TengkorakCyberCrew, EagleCyberCrew, MalaysiaHacktivist, and others, claims to have defaced the website pmskaliyana.edu.in. The defacement page is hosted at https://pmskaliyana.edu.in/ops.html. The operation appears politically motivated, referencing pro-Palestine and anti-Israel sentiments. Multiple threat actor handles are listed as collaborators.
Date: 2026-04-08T08:14:18Z
Network: telegram
Published URL: https://t.me/c/3844432135/260
Screenshots:
None
Threat Actors: #OpsShadowStrike
Victim Country: India
Victim Industry: Education
Victim Organization: PMSKaliyana
Victim Site: pmskaliyana.edu.in
Alleged data breach of Bangladesh Army personnel database
Category: Data Breach
Content: Threat actor ModernStealer claims to have obtained a database containing Bangladesh Army personnel information including names, ranks, spouse names, mobile numbers and addresses. The actor is sharing sample data and providing contact information for access to the full dataset.
Date: 2026-04-08T08:11:38Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-OF-BANGLADESH-ARMY
Screenshots:
None
Threat Actors: ModernStealer
Victim Country: Bangladesh
Victim Industry: Government
Victim Organization: Bangladesh Army
Victim Site: Unknown
Alleged data breach of Synergy electricity corporation
Category: Data Breach
Content: Threat actor claims to possess customer registration data from Australian electricity company Synergy containing personal information, billing details, and account data for over 900,000 subscribers. The actor is offering the data through middleman/escrow services and requests private contact for pricing information.
Date: 2026-04-08T08:11:23Z
Network: openweb
Published URL: https://darkforums.su/Thread-AUSTRALIA-Synergy-electricity-corporation-900-K-registrations
Screenshots:
None
Threat Actors: hackboy
Victim Country: Australia
Victim Industry: Energy/Utilities
Victim Organization: Synergy
Victim Site: Unknown
Alleged data breach of Botswana Energy Regulatory Authority (BERA)
Category: Data Breach
Content: A threat actor from the Infrastructure Destruction Squad channel claims to have successfully infiltrated the systems of the Botswana Energy Regulatory Authority (BERA). The post, written in Chinese, announces the breach and states that a large volume of sensitive documents were stolen, including: Small-Scale Embedded Generation (SSEG) license applications (e.g., Gaborone Solar Grid project, 250 kW capacity), wind energy license applications (e.g., Gaborone Wind Energy Partners, 50 MW capacity), electricity distribution license applications (e.g., Debswana Diamond Mining project, 500 MW capacity), active licenses (e.g., TotalEnergies Botswana, valid until August 31, 2026), and unapproved financial documents. The post includes a screenshot of a secure government system notice, suggesting unauthorized access to a government portal.
Date: 2026-04-08T07:50:33Z
Network: telegram
Published URL: https://t.me/c/2735908986/3932
Screenshots:
None
Threat Actors: Infrastructure Destruction Squad
Victim Country: Botswana
Victim Industry: Energy & Utilities Regulation
Victim Organization: Botswana Energy Regulatory Authority (BERA)
Victim Site: Unknown
Alleged bulk purchase solicitation of credential combolists targeting APAC and Western countries
Category: Combo List
Content: A threat actor operating as Douglas is actively seeking to purchase credential combolists in email:password or phone:password format. Targeted countries include Japan, Taiwan, Singapore, South Korea, United States, and United Kingdom. The actor requests test samples of 10,000–50,000 records and claims a daily purchase budget of 5,000–10,000 USDT, indicating a high-volume, financially motivated credential acquisition operation.
Date: 2026-04-08T07:49:28Z
Network: telegram
Published URL: https://t.me/c/2613583520/59899
Screenshots:
None
Threat Actors: DouglasBrian
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed forum credentials
Category: Combo List
Content: A threat actor shared a collection of 82,000 mixed forum credentials described as valid. The combolist appears to contain login credentials from various forums.
Date: 2026-04-08T07:47:27Z
Network: openweb
Published URL: https://crackingx.com/threads/71459/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Brazilian government documents
Category: Data Leak
Content: Brazilian files containing birth certificates and identification documents leaked from an Amazon S3 bucket and shared as a 182.5 MB archive. The threat actor claims to have discovered additional files in the same S3 bucket.
Date: 2026-04-08T07:46:02Z
Network: openweb
Published URL: https://pwnforums.st/Thread-Brazil-files
Screenshots:
None
Threat Actors: OriginalCrazyOldFart
Victim Country: Brazil
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of AffiliateSaaS source code
Category: Data Leak
Content: Source code for AffiliatePro SaaS v15, a self-hosted affiliate network and e-commerce platform, has been made available for free download on a cybercrime forum.
Date: 2026-04-08T07:35:05Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SOURCE-CODE-AffiliateSaaS-v15
Screenshots:
None
Threat Actors: SolomonVoss
Victim Country: Unknown
Victim Industry: Software/Technology
Victim Organization: AffiliatePro
Victim Site: Unknown
Alleged leak of USA credential combolist
Category: Combo List
Content: A threat actor shared a free download link to a combolist containing 6,000 valid email and password combinations from USA users on a cybercrime forum.
Date: 2026-04-08T07:14:10Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-6K-USA-VALID
Screenshots:
None
Threat Actors: COYTO
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 1,120 Hotmail email and password combinations on an underground forum.
Date: 2026-04-08T06:52:55Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9A%A1%E2%9A%A1-X1120-HQ-Hotmail-%E2%9A%A1%E2%9A%A1-BY-Steveee36-%E2%9A%A1%E2%9A%A1–199738
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged offering of bulletproof hosting services
Category: Services
Content: Threat actor c00lssh is allegedly offering anonymous offshore VPS/RDP hosting services with various bandwidth options starting at $5, marketed as bulletproof hosting.
Date: 2026-04-08T06:38:37Z
Network: openweb
Published URL: https://pwnforums.st/Thread-OFFSHORE-VPS-RDP-ANON-1G-2G-5G-10G-CUSTOM-OPTION-BULLETPROOF-BUY-NOW-5
Screenshots:
None
Threat Actors: c00lssh
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed credential combolist
Category: Logs
Content: A threat actor shared a mixed credential combolist containing 35,000 unique email and password combinations on a cybercrime forum.
Date: 2026-04-08T06:20:14Z
Network: openweb
Published URL: https://xforums.st/threads/mix-unique-combo_1_35000.606328/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed credential combolist containing 35,000 records
Category: Combo List
Content: Threat actor shared a mixed credential combolist containing 35,000 email:password combinations on cybercriminal forum. The actor also advertises a shop selling combos from various countries.
Date: 2026-04-08T06:17:24Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-MIX-Unique-Combo-1-35000
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential combolist containing 35,000 records
Category: Combo List
Content: Threat actor UniqueCombo allegedly made available a credential combolist containing 35,000 unique email and password combinations on a cybercriminal forum.
Date: 2026-04-08T06:14:30Z
Network: openweb
Published URL: https://crackingx.com/threads/71458/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of ActiveAgro by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the ActiveAgro website, targeting a specific media directory rather than the homepage. The incident occurred on April 8, 2026 and appears to be an isolated attack rather than part of a mass defacement campaign.
Date: 2026-04-08T06:14:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831479
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Agriculture
Victim Organization: ActiveAgro
Victim Site: activeagro.de
Website defacement of webshopsenzo.nl by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Dutch e-commerce website webshopsenzo.nl on April 8, 2026. The defacement targeted a specific page rather than the homepage and was not part of a mass defacement campaign.
Date: 2026-04-08T06:13:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831481
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Netherlands
Victim Industry: E-commerce
Victim Organization: Webshop Senzo
Victim Site: webshopsenzo.nl
Website defacement of drillsforglass.pl by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the drillsforglass.pl website on April 8, 2026. The incident targeted a Polish company specializing in glass drilling equipment and was not part of a mass defacement campaign.
Date: 2026-04-08T04:49:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831441
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Poland
Victim Industry: Manufacturing/Industrial
Victim Organization: Drills for Glass
Victim Site: drillsforglass.pl
Alleged Cyber Threat Manifesto by Handala Hack: Continued Operations Against Israeli and US Infrastructure
Category: Cyber Attack
Content: Handala Hack published a threat manifesto mourning the reported death of Khamenei and pledging continued cyber operations. The group claims multiple specialized teams operating globally under its flag, references a prior hack of the FBI director as a demonstration of capability, announces postponed overt confrontation with the US (but reserves future strikes), and declares ongoing cyber operations against Israeli government, security, and military infrastructure. The group also references the Epstein revelations campaign and warns of retaliation against perceived traitors to the Resistance front.
Date: 2026-04-08T04:37:08Z
Network: telegram
Published URL: https://t.me/c/3548035165/138
Screenshots:
None
Threat Actors: Handala Hack
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of compromised mail access accounts across multiple countries
Category: Combo List
Content: A threat actor operating as @xRealWorker is selling freshly restocked compromised mail access accounts described as premium quality and untouched. Available countries include France, Italy, United States, United Kingdom, Germany, Spain, and more. The post advertises configs/combos alongside the mail access offering.
Date: 2026-04-08T04:15:46Z
Network: telegram
Published URL: https://t.me/c/2613583520/59877
Screenshots:
None
Threat Actors: 4Real
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged joint cyber operation by Cyber Islamic Resistance and KillNet
Category: Cyber Attack
Content: The Cyber Islamic Resistance group announced coordinated cyber operations alongside Russian hacktivist group KillNet, stating all fronts have been opened against an unspecified enemy. The post includes a direct link to the KillNet Telegram channel and hashtags indicating affiliation between both groups.
Date: 2026-04-08T04:11:28Z
Network: telegram
Published URL: https://t.me/c/1651470668/1859
Screenshots:
None
Threat Actors: Cyber Islamic Resistance
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Birmingham Plumbing by 0xfansX
Category: Defacement
Content: The 0xfans team member 0xfansX defaced bhamplumbing.com on April 8, 2026, targeting a plumbing services companys website.
Date: 2026-04-08T03:42:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831431
Screenshots:
None
Threat Actors: 0xfansX, 0xfans
Victim Country: Unknown
Victim Industry: Construction/Plumbing Services
Victim Organization: Birmingham Plumbing
Victim Site: bhamplumbing.com
Alleged leak of credential logs
Category: Logs
Content: Forum post claims to offer stealer logs dated July 4, 2026 with 99% validity. The actual content is hidden behind registration requirements, making verification of claims impossible.
Date: 2026-04-08T03:04:00Z
Network: openweb
Published URL: https://darkforums.su/Thread-U-L-P-LOGS-04-07-2026-VALID-99
Screenshots:
None
Threat Actors: Matthiasxd17
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Morgan Stanley investor records
Category: Data Breach
Content: Threat actor is selling a database containing 2.77 million records of male financial investors from Morgan Stanley for $800 USD. The data includes full names, emails, addresses, phone numbers, and other personal information.
Date: 2026-04-08T03:03:21Z
Network: openweb
Published URL: https://darkforums.su/Thread-USA-2-77M-Financial-Investors-Male-Only
Screenshots:
None
Threat Actors: McLovin
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Morgan Stanley
Victim Site: morganstanley.com
Alleged leak of Hotmail credentials
Category: Data Leak
Content: Forum post claims to offer free download of fresh Hotmail email credentials. The post provides minimal details about the scope or source of the alleged credential list.
Date: 2026-04-08T03:03:18Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-FULL-FRESH-HOTMAILS-unrapped–72669
Screenshots:
None
Threat Actors: martcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of Mytheresa luxury retail platform
Category: Data Breach
Content: Threat actor is selling a database containing 920,000 records from Mytheresa luxury retail platform for $840 USD. The data includes personal information such as names, addresses, contact details, dates of birth, and IP addresses of customers.
Date: 2026-04-08T03:03:08Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-USA-Luxury-Retail-E-commerce-Clients
Screenshots:
None
Threat Actors: McLovin
Victim Country: United States
Victim Industry: Retail
Victim Organization: Mytheresa
Victim Site: mytheresa.com
Alleged data leak of Eastern Illinois University database
Category: Data Leak
Content: Actor coderx shared a 758MB database dump from Eastern Illinois University containing 93 CSV files, claiming the action was in response to attacks on Iranian universities. The compressed data is made available for free download via cloud storage.
Date: 2026-04-08T03:03:04Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Eastern-Illinois-University-Database
Screenshots:
None
Threat Actors: coderx
Victim Country: United States
Victim Industry: Education
Victim Organization: Eastern Illinois University
Victim Site: eiu.edu
Alleged data leak of Secretaria de Salud del Estado de Chihuahua medical records
Category: Data Leak
Content: A threat actor leaked a database containing over 580,000 patient records from Mexicos Chihuahua State Health Department, including personal information, medical details, and contact information. The data is being distributed for free download.
Date: 2026-04-08T03:02:51Z
Network: openweb
Published URL: https://darkforums.su/Thread-MX-LEAK-SECRETARIA-DE-SALUD-DEL-ESTADO-DE-CHIHUAHUA-MX-LEAK
Screenshots:
None
Threat Actors: Thelizard001
Victim Country: Mexico
Victim Industry: Healthcare
Victim Organization: Secretaria de Salud del Estado de Chihuahua
Victim Site: Unknown
Alleged data breach of Ukrainian government TsNAP service in Ternopil
Category: Data Breach
Content: Threat actor claims to be selling access to Ukrainian government digital service platform containing 5,000 user login credentials, emails, Joomla data and internal information for $100. The targeted service provides administrative, passport, and permitting services for Ternopil city residents.
Date: 2026-04-08T03:02:42Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Government-of-Ukraine-TsNAP-of-the-city-of-Ternopil
Screenshots:
None
Threat Actors: wh6ami
Victim Country: Ukraine
Victim Industry: Government
Victim Organization: TsNAP of the city of Ternopil
Victim Site: cnap.rada.te.ua
Alleged data leak of Ayuntamiento de Benito Juarez business license records
Category: Data Leak
Content: A threat actor leaked business license registration data from Ayuntamiento de Benito Juarez, affecting over 38,000 individuals. The leaked data includes personal information, tax IDs, business details, contact information, and financial data related to business licenses.
Date: 2026-04-08T03:02:24Z
Network: openweb
Published URL: https://darkforums.su/Thread-MX-LEAK-AYUNTAMIENTO-DE-BENITO-JUAREZ-LEAK-MX
Screenshots:
None
Threat Actors: Thelizard001
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Ayuntamiento de Benito Juarez
Victim Site: Unknown
Alleged data breach of Grupo Bancolombia SUFI
Category: Data Breach
Content: Threat actors claim to be selling financial data from SUFI, a financing company within Grupo Bancolombia. The alleged breach includes advisory records, visit records, and disbursement records containing customer information, GPS coordinates, and transaction details.
Date: 2026-04-08T03:02:14Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Grupo-Bancolombia-Atento-Colombia
Screenshots:
None
Threat Actors: Petro_Escobar
Victim Country: Colombia
Victim Industry: Financial Services
Victim Organization: Grupo Bancolombia
Victim Site: sufi.com.co
Alleged data leak of Centro de Estudios Clinicos Anahuac Mayab medical records
Category: Data Leak
Content: Medical records, appointment data, and inventory information from a Mexican clinical studies center has been leaked. The data includes patient personal information, medical details, appointment records, and facility inventory data made available for free download.
Date: 2026-04-08T03:02:00Z
Network: openweb
Published URL: https://darkforums.su/Thread-MX-LEAK-CENTRO-DE-ESTUDIOS-CLINICOS-ANAHUAC-MAYAB-LEAK-MX
Screenshots:
None
Threat Actors: Thelizard001
Victim Country: Mexico
Victim Industry: Healthcare
Victim Organization: Centro de Estudios Clinicos Anahuac Mayab
Victim Site: Unknown
Alleged data breach of Banco de Bogotá customer database
Category: Data Breach
Content: Threat actors claim to be selling a database containing over 20,000 customer records from Banco de Bogotá, including personal information, phone numbers, addresses, and financial obligation details. The data allegedly originates from the banks collections unit operated by EmergiaCC Conalcreditos.
Date: 2026-04-08T03:01:54Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Banco-De-Bogota-EmergiaCC-Conalcreditos-Colombia
Screenshots:
None
Threat Actors: Petro_Escobar
Victim Country: Colombia
Victim Industry: Financial Services
Victim Organization: Banco de Bogotá
Victim Site: bancodebogota.com
Alleged data leak of Ac-nice.fr database containing employee records
Category: Data Leak
Content: ChimeraZ leaked a partial database of Ac-nice.fr containing 19,384 employee records including names, job functions, school assignments, and email addresses. The data includes information about educational staff and administrators from French educational institutions.
Date: 2026-04-08T03:01:44Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-19-384-Ac-nice-fr
Screenshots:
None
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Education
Victim Organization: Ac-nice.fr
Victim Site: ac-nice.fr
Alleged Free Distribution of Webshell Exploits by Nullsec Philippines Member
Category: Initial Access
Content: A member of the Nullsec Philippines channel is offering free webshell exploits via direct message to the handle @Lei_BF. Webshells are malicious scripts used to maintain persistent unauthorized access to compromised web servers, representing a significant initial access threat.
Date: 2026-04-08T02:57:48Z
Network: telegram
Published URL: https://t.me/c/2590737229/899
Screenshots:
None
Threat Actors: Nullsec Philippines
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of AMAInterview.ai database
Category: Data Leak
Content: Actor claims to have leaked AMAInterview.ai database containing personal information of over 24,000 users including emails, resumes, subscription data, and career information from a March 2026 breach. The database is being distributed for free download on cybercriminal forums.
Date: 2026-04-08T02:52:19Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-AMAInterview-ai-Database-Leaked-Download
Screenshots:
None
Threat Actors: [Manager]punk
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: AMAInterview.ai
Victim Site: amainterview.ai
Alleged data leak of AMAInterview.ai database
Category: Data Leak
Content: User punk shared a database dump from AMAInterview.ai containing 24,000 user records including emails, resumes, subscription info, and usage data from a March 2026 breach. The data is being distributed for free download on PwnForums.
Date: 2026-04-08T02:49:31Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-AMAInterview-ai-Database-Leaked-Download
Screenshots:
None
Threat Actors: punk
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: AMAInterview.ai
Victim Site: amainterview.ai
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor named RedCloud allegedly leaked a combolist containing 4,300 Hotmail email credentials dated April 8th, 2026. The credentials are being distributed for free download through hidden forum content.
Date: 2026-04-08T02:40:43Z
Network: openweb
Published URL: https://demonforums.net/Thread-4-3K-%E2%9A%A1Hotmail%E2%9A%A1Valid-Mail-Access-08-04
Screenshots:
None
Threat Actors: RedCloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 4.3K allegedly valid Hotmail email credentials dated April 8th, 2026. The credentials are being distributed for free via a MediaFire download link.
Date: 2026-04-08T02:39:09Z
Network: openweb
Published URL: https://crackingx.com/threads/71455/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of credential combolists from multiple European countries
Category: Combo List
Content: Threat actor CODER is distributing an 11 million record credential combolist containing data from multiple European countries through Telegram channels. The actor operates free Telegram groups for distributing both credential lists and related programs.
Date: 2026-04-08T02:27:53Z
Network: openweb
Published URL: https://crackingx.com/threads/71454/
Screenshots:
None
Threat Actors: CODER
Victim Country: Multiple (Germany, France, Spain, Portugal, Netherlands, Belgium, Austria, Switzerland, Poland)
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor NUllSHop0X shared a free download of 500 allegedly valid Hotmail credentials on CrackingX forum. The credentials are claimed to be fresh and verified working.
Date: 2026-04-08T02:07:06Z
Network: openweb
Published URL: https://crackingx.com/threads/71452/
Screenshots:
None
Threat Actors: NUllSHop0X
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor shared a combolist containing 732 allegedly valid Hotmail email and password combinations through a Telegram channel. The credentials are described as high quality and validated.
Date: 2026-04-08T01:45:19Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X732-Valid-UHQ-Hotmail-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Forum post claims to offer valid Hotmail email credentials through a Telegram contact. The post indicates these are high-quality valid credentials stored in a private cloud.
Date: 2026-04-08T01:43:56Z
Network: openweb
Published URL: https://crackingx.com/threads/71451/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data leak of Stimulation.Studio database
Category: Data Leak
Content: A threat actor leaked a database from Stimulation.Studio, a BDSM AI artwork generation service, containing 8,752 records with user IDs and email addresses from an alleged April 2026 breach.
Date: 2026-04-08T01:00:23Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Stimulation-Studio-Database-Leaked-Download
Screenshots:
None
Threat Actors: [Trial Mod]xtc
Victim Country: Unknown
Victim Industry: Adult Entertainment
Victim Organization: Stimulation.Studio
Victim Site: stimulation.studio
Alleged leak of Spanish identity documents
Category: Data Leak
Content: A threat actor shared Spanish identity documents including front and back images and facial GIFs, promising to release more if the post receives community support.
Date: 2026-04-08T00:49:18Z
Network: openweb
Published URL: https://spear.cx/Thread-Spain-IDS
Screenshots:
None
Threat Actors: catwoman
Victim Country: Spain
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed forum credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 82,000 mixed forum credentials. The data appears to be distributed for free through hidden content on the forum.
Date: 2026-04-08T00:37:24Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%99%8B-82k-MIX-Base-With-Valid-FORUMS-%E2%99%8B-12
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed forum credential combolist
Category: Combo List
Content: A threat actor shared an 82,000 record combolist containing mixed forum credentials described as valid. The post appears to offer free access to the credential list rather than selling it.
Date: 2026-04-08T00:36:05Z
Network: openweb
Published URL: https://crackingx.com/threads/71449/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of initial access to US aerospace and defense firm
Category: Initial Access
Content: Threat actor is selling root-level remote code execution access to a firewall at a major US aerospace and defense company with $20 billion revenue for $1000.
Date: 2026-04-08T00:35:14Z
Network: openweb
Published URL: https://pwnforums.st/Thread-USA-Top-10-Global-Aerospace-and-Defense-Firm-20Billion-Revenue–187940
Screenshots:
None
Threat Actors: miyako
Victim Country: United States
Victim Industry: Aerospace and Defense
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of credit card dumps with PINs from multiple banks
Category: Combo List
Content: Threat actor shadowcrax is allegedly selling credit card track data with PINs from various international banks including Barclays, Natixis, Canadian Imperial Bank of Commerce, and Commonwealth Bank of Australia. Prices range from $60-80 per card depending on country, with sample data provided from UK, France, Canada, and Australia.
Date: 2026-04-08T00:25:07Z
Network: openweb
Published URL: https://crackingx.com/threads/71448/
Screenshots:
None
Threat Actors: shadowcrax
Victim Country: Multiple
Victim Industry: Financial Services
Victim Organization: Multiple Banks
Victim Site: Unknown
Alleged data leak of Maxlinear payroll and corporate files from 2021 breach
Category: Data Leak
Content: A threat actor is sharing payroll and corporate files allegedly obtained from a 2021 breach of Maxlinear, including finance, accounting, human resources, and engineering data across 66 zip files. The files are being distributed for free via download links hosted on mazenews.top.
Date: 2026-04-08T00:23:40Z
Network: openweb
Published URL: https://pwnforums.st/Thread-The-Payroll-file-from-old-breach-of-Maxlinear-from-2021
Screenshots:
None
Threat Actors: OriginalCrazyOldFart
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Maxlinear
Victim Site: Unknown
Alleged credential search engine service offering access to stolen data
Category: Services
Content: A threat actor is promoting Leaksyr, a credential search engine service that provides access to over 7 billion stolen credentials and stealer logs. The service offers 10 free daily searches and claims to continuously aggregate data from premium and private log channels.
Date: 2026-04-08T00:13:21Z
Network: openweb
Published URL: https://pwnforums.st/Thread-%E2%AD%90-7B-Logs-Leaksyr-Leak-Search-Engine-10-FREE-Searches-%E2%AD%90
Screenshots:
None
Threat Actors: Leaksyr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

Related Posts

[July-09-2025] Daily Cybersecurity Threat Report

[October-29-2025] Daily Cybersecurity Threat Report

[November-25-2025] Daily Cybersecurity Threat Report