[April-9-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This report provides a comprehensive analysis of the global cyber threat landscape based on intelligence gathered on April 9, 2026. The data reflects a highly volatile environment characterized by massive credential dumping, geopolitically motivated hacktivism, high-impact data breaches involving critical infrastructure and military targets, and automated mass-defacement campaigns.

The day’s events underscore a thriving underground economy where multi-million-record combo lists are distributed freely to build reputation, while high-value zero-days, initial access vectors, and corporate databases are sold for premium cryptocurrency payouts. The most alarming trends include unverified but highly damaging claims of petabyte-scale military data theft , the compromise of Industrial Control Systems (ICS) , and targeted psychological operations against state intelligence apparatuses.

2. High-Impact Data Breaches and Extortion

The intelligence reveals several catastrophic data breach claims targeting government, military, and multinational corporate entities.

China National Supercomputing Center (NSCC): A highly critical claim emerged regarding the breach of China’s National Supercomputing Center. A threat actor operating under the moniker “amazcybr” (and later referenced as “McLovin” and “Mipor”) alleges the exfiltration of over 10 petabytes of classified military and aerospace research data. The stolen data purportedly includes satellite schematics, aerospace simulations, and defense contractor research, which is being offered for $20,000. If verified, this represents a severe compromise of the People’s Liberation Army (PLA) intelligence and operational planning capabilities.
Cisco and Salesforce: A threat actor is attempting to sell a massive cache of confidential data allegedly belonging to Cisco and Salesforce, reportedly sourced by the group UNC6040/ShinyHunters. The data is claimed to include source code for core Cisco products (IOS, ASA, NX-OS), GitHub repositories, AWS buckets, and over 3.15 million Salesforce records. The asking price is roughly $500,000, and ShinyHunters was observed advertising “ShinyHunters Files Cloud” with 9.1 million Salesforce files for a $10,000 lifetime access fee.
Los Angeles Metro Transit: The Iranian hacking group “Ababeel Minab” claimed responsibility for a devastating attack on the Los Angeles County Metropolitan Transportation Authority (LA Metro). The group alleges they wiped over 500 terabytes of critical server data and exfiltrated 1 terabyte of sensitive information, describing it as one of the largest attacks on the US urban transportation sector. Western sources indicated the attackers focused on infiltrating industrial control systems and Rockwell Automation equipment.
Financial and Banking Institutions: The financial sector faced severe targeting. A threat actor claimed to hold data on 1.2 million French banking customers, including IBANs and PII from major institutions like BNP Paribas, Societe Generale, and Credit Agricole. Furthermore, a breach of Bank BSI Indonesia exposed 24,000 employee records , and a massive Serasa database dump allegedly containing 220 million Brazilian citizen records (1.8TB of data) was offered for $350. Additionally, 88,483 records from Mexican AFORE retirement funds were put up for sale.

3. Geopolitical Hacktivism and Cyber Warfare

State-aligned and politically motivated hacktivism formed a major pillar of the day’s threat activity, with conflicts in the Middle East and Asia spilling over into the cyber domain.

Targeting Israel and the IDF

The threat actor group “Handala” (حنظله) executed a sustained psychological and data-leak campaign against the Israeli Defense Forces (IDF) and its intelligence apparatus.

Handala announced an imminent operation targeting IDF Unit 8200, specifically its “Iran Desk”.
The group claimed persistent access to systems associated with former IDF Chief of Staff General Herzi Halevi.
They allegedly extracted over 19,000 confidential images and videos from top-secret meetings, including classified files and unredacted faces of Israeli military pilots and operatives. Handala explicitly mocked Israeli military operational security, stating that blurring and pixelating images did not prevent them from accessing the underlying intelligence.
In a coordinated effort, the hacktivist group “OpsShadowStrike” defaced Israeli religious sites like prayersinisrael.com under the #SavePalestine banner.

Z-Pentest Alliance Campaigns

The group “Z-Pentest Alliance” demonstrated advanced capabilities targeting both educational and critical infrastructure sectors.

Taiwan Operations: Tagged under #OpTaiwan, the group compromised Tatung University (TTU), gaining administrative access to the SINEW SCMS classroom management system. They claimed the ability to mass-deploy malware across all lab machines and threatened to leak Microsoft and Google credentials of students and faculty.
Luxembourg ICS Compromise: In a highly concerning escalation, the group claimed to have compromised an RTU32 industrial controller managing cathodic protection systems for pipelines in Luxembourg. The actors asserted full control over the HMI panel and substation parameters, manipulating values while disguising the activity as routine communication errors.

Operations in Asia and the Middle East

“The Garuda Eye” announced a series of attacks against Indonesian government-affiliated companies and indicated a future pivot to the Bank of Philippines.
A Pakistani group named “Evil Markhors” claimed to leak over 1TB of Indian election data spanning from 1948 to 2026.
Widespread GPS/GNSS spoofing and jamming operations were reported in the Persian Gulf, Sea of Oman, and Strait of Hormuz, threatening maritime and aviation navigation safety.

4. The Epidemic of Automated Website Defacements

April 9, 2026, saw an extraordinary volume of website defacements, primarily driven by automated exploitation tools operated by a few highly active threat actors.

The “DimasHxR” Spree: A solo attacker operating as “DimasHxR” compromised dozens of websites globally. Their methodology appears highly automated, specifically targeting subdirectories—often /media/ or /customer/ pathways—rather than root homepages. Victims spanned various sectors and countries, including German e-commerce (Radbag) , the UK (Make It Homely) , Vietnam (The Body Shop) , South Africa (Leroy Merlin) , and Italy (Gruppo San Marco). The sheer volume suggests the exploitation of a common vulnerability in a specific CMS plugin or media-handling library.
Zod’s Mass Campaigns: The actor “Zod” orchestrated massive defacement campaigns affecting numerous domains simultaneously, such as foresttravel.site, 9999webportal.cloud, and spacehub.cloud. These attacks were classified as mass defacement operations, indicating the compromise of shared hosting environments or the exploitation of widespread software flaws.
Other Actors: Additional defacements were carried out by “maw3six” (targeting the University of Buton in Indonesia and a German government portal) , and “0xfansX” (targeting Sri Lankan and international sites).

5. The Underground Credential Economy: Combo Lists and Logs

The proliferation of “Combo Lists” (combinations of usernames/emails and passwords) remains a foundational element of the cybercrime ecosystem, fueling credential stuffing and account takeover (ATO) attacks.

Massive Volume: Billions of credentials changed hands on forums like CrackingX and DemonForums. A user named “zod” allegedly shared a list containing 5 billion URL/login/password combinations. Actor “Daxus” distributed 22.85 million records , and “CODER” distributed multiple lists, including an 8 million line list and an 11 million line eBay-targeted list.
Targeting Microsoft/Hotmail: Microsoft services, particularly Hotmail, were overwhelmingly targeted. Actors like “alphaxdd”, “UniqueCombo”, “MailAccesss”, and “Kokos2846q” repeatedly dumped thousands of “fresh, UHQ (Ultra High Quality)” Hotmail credentials. The obsession with Microsoft accounts is likely due to their utility in bypassing spam filters and serving as pivot points for broader identity theft.
Geographic Targeting: Threat actors frequently segmented combo lists by nationality. Actor “thejackal101” was highly prolific, releasing geographically specific lists for Romania (28K), Russia (86K), Philippines (68K), Peru (77K), Portugal (46K), Pakistan (30K), and Poland (250K).
Stealer Logs: Beyond simple passwords, actors traded “stealer logs” obtained via malware like Mystic Stealer. These logs (shared by actors like “KazeFreak”, “UP_DAISYCLOUD”, and “Xyph0rix”) are highly valuable as they contain not just credentials, but session cookies, autofill data, and cryptocurrency wallet information, allowing attackers to bypass Multi-Factor Authentication (MFA).

6. Initial Access, Malware, and Exploits

The infrastructure enabling these attacks was actively traded and upgraded in underground marketplaces.

DDoS-for-Hire: The “Deepstresser” service announced an update to version 1.0.3, introducing a new TCP Amplification bypass method. The operators claimed it exploits HTTP/HTTPS vulnerabilities to achieve up to 120Mpps, successfully bypassing protections from Cloudflare, OVH, and DDoS-Guard.
Offensive Toolkits: Actors like “Keymous” and “LulzSec Black” sold bundled offensive security tools for $99, which notably included CobaltStrike—a legitimate penetration testing framework heavily abused by ransomware operators for Command and Control (C2) operations.
Exploits and Vulnerabilities: A threat actor claimed to sell an exploit abusing a Discord feature to retrieve any user’s email address using only their user ID, bypassing rate limits. Another actor, “SysInvaders”, sold reflected XSS vulnerabilities affecting European companies for Monero and Bitcoin.
Fraud Facilitation: Actors offered tutorials and tools for financial fraud, including Apple Pay fraud methods requiring only BIN and credit card data, and SMS verification bypass services like “DogeSMS” to defeat OTP (One-Time Password) security.

7. Conclusion

The cybersecurity events of April 9, 2026, illustrate a mature, highly compartmentalized cybercrime ecosystem. The data reveals a clear dichotomy in threat actor behavior. On one end, automated script kiddies and low-tier actors flood forums with billions of recycled credentials and execute indiscriminate mass defacements to build clout. On the other end, sophisticated APTs and specialized initial access brokers compromise critical infrastructure (such as the Luxembourg ICS and LA Metro ), steal petabytes of classified military data (China NSCC ), and engage in high-stakes psychological warfare (Handala vs. Israel ).

The sheer volume of credential dumping, particularly targeting Microsoft/Hotmail accounts, indicates that credential stuffing remains one of the most persistent and effective attack vectors globally. Furthermore, the commercialization of advanced tools—such as CobaltStrike bundles and TCP amplification DDoS services —lowers the barrier to entry, empowering less skilled actors to launch devastating attacks.

Organizations must assume that user credentials are fundamentally compromised and prioritize zero-trust architectures, robust session management (to combat cookie-stealing malware ), and rigorous isolation of industrial control systems from internet-facing networks. The incidents observed in this intelligence dataset highlight that no sector—from local retail to national defense—is immune to the escalating scale and severity of modern cyber threats.

Detected Incidents Draft Data

Alleged data breach of China National Supercomputing Center
Category: Data Breach
Content: Threat actor claims to have breached Chinas National Supercomputing Center and obtained over 10 petabytes of classified military and aerospace research data including simulation data, design files, and satellite telemetry. The post includes hashtags and mentions proof files but access requires forum registration.
Date: 2026-04-09T23:48:24Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-CHINA-NSCC-SUPERCOMPUTING-BREACH-%E2%80%93-10-PETABYTES-OF-CLASSIFIED-MILITARY-DB-LEAK
Screenshots:
None
Threat Actors: amazcybr
Victim Country: China
Victim Industry: Government/Defense
Victim Organization: National Supercomputing Center (NSCC)
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 25,000 Hotmail email and password combinations through a paste site link. The credentials are being distributed for free on a cybercriminal forum.
Date: 2026-04-09T23:39:22Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-25k-Good-Hotmail-List
Screenshots:
None
Threat Actors: Razly
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 25,000 Hotmail email and password combinations on a cybercrime forum.
Date: 2026-04-09T23:37:05Z
Network: openweb
Published URL: https://crackingx.com/threads/71620/
Screenshots:
None
Threat Actors: Cir4d
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Sale of Private Cloud Hotmail UHQ Credentials and Multi-Platform Combolists
Category: Combo List
Content: Three actors (Yhōu, Yìchén, Wěilóng) are selling access to private cloud databases containing high-quality (UHQ) Hotmail credentials and geo-specific combolists. Coverage includes FR, IT, BR, UK, US, AU, JP, NL, PL, ES, MX, CA, SG, DE, RU and more. Platform-specific data includes Amazon, eBay, Walmart, Poshmark, Kleinanzeigen, Reddit, Depop, and Marriott. Sellers claim keyword search capability and describe the data as fresh, valid, and private.
Date: 2026-04-09T23:26:28Z
Network: telegram
Published URL: https://t.me/c/2613583520/60044
Screenshots:
None
Threat Actors: Squad Chat Marketplace
Victim Country: Multiple
Victim Industry: E-Commerce, Technology, Retail, Hospitality
Victim Organization: Hotmail, Amazon, eBay, Walmart, Poshmark, Kleinanzeigen, Reddit, Depop, Marriott
Victim Site: Unknown
Alleged distribution of credential combinations from multiple forums
Category: Combo List
Content: Threat actor CODER is distributing credential combinations (combolists) containing 8 million lines allegedly sourced from various forums. The credentials are being shared through Telegram channels for free access.
Date: 2026-04-09T23:25:26Z
Network: openweb
Published URL: https://crackingx.com/threads/71619/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed email credential combolist
Category: Combo List
Content: A threat actor is distributing a free download of 130,000 email and password credentials in mixed format, while also advertising separate sales of additional credential lists and email lists targeting multiple countries including France, UK, Germany, USA, Spain, Italy, Canada, and Australia.
Date: 2026-04-09T23:13:51Z
Network: openweb
Published URL: https://crackingx.com/threads/71617/
Screenshots:
None
Threat Actors: steeve75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist targeting multiple streaming and gaming platforms
Category: Combo List
Content: A threat actor is distributing a combolist containing 130,000 email and password combinations claimed to be valid for Netflix, Minecraft, Uplay, Steam, Hulu, and Spotify accounts. The actor is also separately offering to sell high-quality credential lists from various email providers and geographic regions.
Date: 2026-04-09T23:03:31Z
Network: openweb
Published URL: https://demonforums.net/Thread-130k-Fresh-HQ-Combolist-Email-Pass-Netflix-Minecraft-Uplay-Steam-Hulu-spotify–199962
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Cyber Intrusion into Chinas Peoples Liberation Army Exposing 10 Petabytes of Classified Military Data
Category: Data Breach
Content: Unofficial sources report a cyberattack against the Peoples Liberation Army (PLA) of China, allegedly resulting in the exposure of over 10 petabytes of sensitive military information. The leaked data purportedly includes personnel records, intelligence reports, operational plans, and classified documents. The claim remains unverified.
Date: 2026-04-09T22:45:28Z
Network: telegram
Published URL: https://t.me/c/1283513914/21110
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: China
Victim Industry: Defense & Military
Victim Organization: Peoples Liberation Army (PLA)
Victim Site: Unknown
Alleged leak of educational institution credentials
Category: Combo List
Content: Threat actor CODER is distributing a 7 million record educational institution combolist for free via Telegram channels. The actor operates multiple Telegram groups providing free credential lists and tools.
Date: 2026-04-09T22:40:09Z
Network: openweb
Published URL: https://crackingx.com/threads/71616/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of 365.loans
Category: Data Breach
Content: Threat actor claims to be selling a 365.loans database containing over 6 million records including emails, IP addresses, user agents, UIDs, and API keys. The actor is accepting offers and requesting payment in cryptocurrency through onsite escrow.
Date: 2026-04-09T22:30:47Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-365-Loans-USA-Canada-Loans-service
Screenshots:
None
Threat Actors: [Trial Mod]xtc
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: 365.loans
Victim Site: 365.loans
Alleged leak of Spanish identity documents
Category: Data Leak
Content: Threat actor catwoman shared Spanish identity documents including front and back of IDs with facial images. This appears to be part two of a series, with continuation dependent on community support.
Date: 2026-04-09T22:29:52Z
Network: openweb
Published URL: https://spear.cx/Thread-Spain-IDS-2
Screenshots:
None
Threat Actors: catwoman
Victim Country: Spain
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 290,000 credential combinations
Category: Combo List
Content: A threat actor shared a combolist containing 290,000 URL:username:password combinations in URL:LOG:PASS format on a cybercriminal forum. The credentials appear to be offered as a free download to registered forum members.
Date: 2026-04-09T22:06:47Z
Network: openweb
Published URL: https://demonforums.net/Thread-290K-HIGH-QUALITY-URL-LOG-PASS
Screenshots:
None
Threat Actors: Seaborg
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 290,000 records
Category: Combo List
Content: A threat actor shared a credential combolist containing 290,000 URL:username:password combinations on a cybercriminal forum. The data is being distributed for free to registered forum members.
Date: 2026-04-09T22:04:24Z
Network: openweb
Published URL: https://crackingx.com/threads/71615/
Screenshots:
None
Threat Actors: Seaborg
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential lists
Category: Combo List
Content: Threat actor distributing fresh Hotmail credential lists through Telegram channel and file sharing platform. Claims to add new credential data daily with focus on valid email accounts.
Date: 2026-04-09T21:53:37Z
Network: openweb
Published URL: https://crackingx.com/threads/71613/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared 345 Hotmail credential combinations on a cybercrime forum. The post contains hidden content available only to registered users of the platform.
Date: 2026-04-09T21:53:20Z
Network: openweb
Published URL: https://crackingx.com/threads/71614/
Screenshots:
None
Threat Actors: lpbPrivate
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data leak of Universidad Politecnica de Tapachula database
Category: Data Leak
Content: User Z3r00 shared a database containing personal information from Universidad Politecnica de Tapachula including full names, phone numbers, emails, addresses, postal codes, CURP identifiers, and other personal details via free download link.
Date: 2026-04-09T21:40:55Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-CHIAPAS-UNIVERSIDAD-POLITECNICA-DE-TAPACHULA
Screenshots:
None
Threat Actors: Z3r00
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Universidad Politecnica de Tapachula
Victim Site: Unknown
Alleged DDoS-for-Hire Service Deepstresser 1.0.3 Update with TCP Amplification Bypass Capabilities
Category: Malware
Content: Deepstresser (deepstresser.su) has announced version 1.0.3 of their DDoS-for-hire stresser service, introducing a new TCPAMP (TCP Amplification) attack method. The method exploits vulnerabilities in HTTP/HTTPS servers to amplify packet output, achieving 600k–1Mpps per concurrent with a projected total capacity of 120Mpps. The operator claims successful bypass testing against Cloudflare IPv4 peer protection, OVH, TCPShield, DDoS-Guard, Aurologic, and Path. Additionally, a new dedicated Layer 4 spoof server was added to the network, providing up to 1.8Gbps (4Mpps) output and increasing available slots by 20.
Date: 2026-04-09T21:35:07Z
Network: telegram
Published URL: https://t.me/c/1669509146/92336
Screenshots:
None
Threat Actors: Deepstresser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 1 million login credentials
Category: Combo List
Content: A threat actor shared a MEGA download link containing an alleged combolist of 1 million URL, login, and password combinations on a criminal forum.
Date: 2026-04-09T21:31:01Z
Network: openweb
Published URL: https://crackingx.com/threads/71612/
Screenshots:
None
Threat Actors: WashingtonDC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of minhhanhh1234.id.vn by Alperen_216
Category: Defacement
Content: The threat actor Alperen_216 (ALP team) successfully defaced the Vietnamese website minhhanhh1234.id.vn on April 10, 2026. The attack targeted a specific PHP file on the domain.
Date: 2026-04-09T21:30:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832110
Screenshots:
None
Threat Actors: ALP, Alperen_216
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: minhhanhh1234.id.vn
Alleged Sale of Hotmail, Gmail, and Multi-Platform Combolists and Account Logs
Category: Combo List
Content: Multiple threat actors are selling combolists and account credentials spanning Hotmail, Gmail, Comcast, ATT, AOL, GMX-DE, and dozens of platforms including PayPal, Amazon, Netflix, Facebook Ads, iCloud, LinkedIn, and more. Coverage includes multiple countries (US, UK, DE, FR, IT, BR, JP, etc.). Offerings include UHQ mail access, cookies, logs, fullz, and account-specific credentials for financial, dating, gaming, and e-commerce platforms.
Date: 2026-04-09T21:20:17Z
Network: telegram
Published URL: https://t.me/c/2613583520/60030
Screenshots:
None
Threat Actors: Wěilóng
Victim Country: Unknown
Victim Industry: Multiple
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Forestal Atlántico Sur by ShadowByt3S
Category: Data Breach
Content: ShadowByt3S claims to have stolen 9GB of data from Forestal Atlántico Sur including PostgreSQL database dumps, employee records, operational data, and GPS coordinates. The threat actor is demanding ransom payment within 72 hours or they will sell the complete database.
Date: 2026-04-09T21:19:19Z
Network: openweb
Published URL: https://darkforums.su/Thread-ShadowByt3-Claims-Responsibility-For-Forestal-Atl%C3%A1ntico-Sur-FAS
Screenshots:
None
Threat Actors: ShadowByt3S
Victim Country: Uruguay
Victim Industry: Forestry
Victim Organization: Forestal Atlántico Sur
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 370,000 Hotmail email and password combinations dated April 9th. The credentials are being distributed for free to registered forum members.
Date: 2026-04-09T20:46:48Z
Network: openweb
Published URL: https://crackingx.com/threads/71611/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Bank BSI Indonesia employee database
Category: Data Leak
Content: Actor XSVSHACKER leaked a database containing 24,000 records of Bank BSI Indonesia employees including names, employee IDs, phone numbers, email addresses, job titles, and office locations.
Date: 2026-04-09T20:45:28Z
Network: openweb
Published URL: https://darkforums.su/Thread-INDONESIA-DATABASE-BANKBSI-GO-ID
Screenshots:
None
Threat Actors: XSVSHACKER
Victim Country: Indonesia
Victim Industry: Banking
Victim Organization: Bank BSI
Victim Site: bankbsi.go.id
Alleged Cyber Attack on Los Angeles Metro by Iranian Hacking Group Ababeel Minab
Category: Cyber Attack
Content: The Iranian hacking group Ababeel Minab has claimed responsibility for a cyberattack targeting the IT infrastructure of the Los Angeles County Metropolitan Transportation Authority (LA Metro). The group alleges that over 500 terabytes of critical server data was completely wiped, and more than 1 terabyte of sensitive data was exfiltrated prior to destruction. The attack is being described as one of the largest cyber incidents in the US urban transportation sector.
Date: 2026-04-09T20:18:01Z
Network: telegram
Published URL: https://t.me/c/1283513914/21109
Screenshots:
None
Threat Actors: ابابیل میناب
Victim Country: United States
Victim Industry: Transportation / Public Transit
Victim Organization: Los Angeles County Metropolitan Transportation Authority (LA Metro)
Victim Site: Unknown
Alleged leak of Romanian credential combolist
Category: Combo List
Content: A threat actor shared a credential combolist containing over 28,000 email:password combinations allegedly from Romanian users. The data is described as fresh and high quality, with additional content available through a Telegram channel.
Date: 2026-04-09T20:15:19Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-28-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Romania-%E2%9C%AA-9-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Romania
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of forum credentials combolist
Category: Combo List
Content: A threat actor shared an 82,000 record combolist containing forum credentials. The credentials are described as a mix of valid email and password combinations from various forum platforms.
Date: 2026-04-09T20:14:40Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%99%8B-82k-MIX-Base-With-Valid-FORUMS-%E2%99%8B-18
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 24,000 email and password combinations for mail access on a cybercrime forum.
Date: 2026-04-09T20:14:00Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-24k-Good-MailAccess-Combolist
Screenshots:
None
Threat Actors: VegaM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Forum post claims to offer fresh private Hotmail credentials containing 1,243 records. The actual content is hidden behind registration requirements.
Date: 2026-04-09T20:13:02Z
Network: openweb
Published URL: https://crackingx.com/threads/71609/
Screenshots:
None
Threat Actors: Jelooos
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed forum credential combolist
Category: Combo List
Content: A mixed combolist containing 82,000 valid forum credentials is being distributed on underground forum CrackingX.
Date: 2026-04-09T20:12:26Z
Network: openweb
Published URL: https://crackingx.com/threads/71610/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Russian credential combolist
Category: Combo List
Content: Threat actor shared a combolist containing over 86,000 email and password combinations allegedly from Russian sources. The credentials are claimed to be fresh and high quality, and were made available for free download on an underground forum.
Date: 2026-04-09T20:01:47Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-86-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Russia-%E2%9C%AA-9-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Philippines credential combolist
Category: Combo List
Content: Threat actor thejackal101 shared a credential combolist containing over 68,000 email and password combinations allegedly from Philippines users. The data is described as fresh and high quality, distributed through hidden forum content.
Date: 2026-04-09T20:00:46Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-68-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Philippines-%E2%9C%AA-9-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Philippines
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Peruvian credential combolist
Category: Combo List
Content: A threat actor leaked a credential combolist containing over 77,000 email and password combinations allegedly originating from Peru. The actor also provided a Telegram channel for additional compromised data.
Date: 2026-04-09T19:59:31Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-77-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Peru-%E2%9C%AA-9-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Peru
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Portuguese credentials combolist
Category: Combo List
Content: Threat actor shared a combolist containing over 46,000 email and password combinations allegedly from Portugal, marked as fresh and high quality. The credentials are being distributed for free on underground forums.
Date: 2026-04-09T19:58:34Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-46-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Portugal-%E2%9C%AA-9-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Portugal
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Pakistani credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 30,000 email:password credential pairs allegedly originating from Pakistan. The credentials are being distributed for free and promoted as fresh and high quality.
Date: 2026-04-09T19:57:25Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-30-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Pakistan-%E2%9C%AA-9-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Pakistan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of 9 million credential combolist targeting multiple platforms
Category: Combo List
Content: Threat actor distributes a 9 million record combolist containing email and password combinations for various platforms including PSN, Payback, and PayPal through Telegram channels. The credentials are being shared freely rather than sold.
Date: 2026-04-09T19:55:37Z
Network: openweb
Published URL: https://crackingx.com/threads/71607/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged promotion of SMS verification bypass service DogeSMS
Category: Initial Access
Content: Threat actor promotes DogeSMS service offering virtual phone numbers and SMS verification bypass capabilities for OTP codes across multiple countries. The service is marketed for testing workflows but could facilitate account takeover and fraud activities.
Date: 2026-04-09T19:55:20Z
Network: openweb
Published URL: https://crackingx.com/threads/71606/
Screenshots:
None
Threat Actors: Dogesms
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German credential combolist
Category: Combo List
Content: A threat actor leaked a combolist containing 59,594 German email and password combinations on a cybercrime forum. The actor also promotes a premium cloud service with paid subscription tiers ranging from $10-50.
Date: 2026-04-09T19:45:49Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-59-594-Good-Germany-D4RKNETHUB-CLOUD-09-04-26
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Polish credentials combolist
Category: Combo List
Content: Threat actor thejackal101 shared a combolist containing over 250,000 email:password combinations allegedly from Polish users. The credentials are described as fresh and high quality, distributed through a hidden content section requiring registration to access.
Date: 2026-04-09T19:44:45Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9C%AA-250-K-Combo-%E2%9C%AA-Elite-Cloud1-%E2%9C%AA-Poland-%E2%9C%AA-9-APR-2026-%E2%9C%AA
Screenshots:
None
Threat Actors: thejackal101
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German credentials combolist
Category: Combo List
Content: Threat actor D4rkNetHub shared a combolist containing 59,594 German credentials on a cracking forum. The post appears to offer free access to the credential data through an image hosting link.
Date: 2026-04-09T19:42:46Z
Network: openweb
Published URL: https://crackingx.com/threads/71605/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Cyber Attack and Initial Access Compromise of Tatung University (TTU) by Z-Pentest Alliance
Category: Initial Access
Content: Threat actor group Z-Pentest Alliance claims to have gained full control of a faculty/administrator computer at Tatung University (TTU), Taiwan, Department of Digital Media Design. They report administrative access to SINEW SCMS (classroom management system), exposing a full inventory of lab computers, internal IP addresses (142.123..), MAC addresses, and hardware specs. The actor claims access to the instructors work files, OneDrive, and Microsoft account, with the ability to mass-deploy malware across all lab machines via SCMS. Threats include mass infection, credential leakage (Microsoft, Google), data exfiltration of student/faculty records, and using the university network as a pivot point into other Taiwanese systems. Post is tagged #OpTaiwan.
Date: 2026-04-09T19:41:42Z
Network: telegram
Published URL: https://t.me/Z_Pentest_Alliance_ru/930
Screenshots:
None
Threat Actors: Z-Pentest Alliance
Victim Country: Taiwan
Victim Industry: Education
Victim Organization: Tatung University (大同大學, TTU)
Victim Site: ttu.edu.tw
Alleged distribution of corporate email credentials combolist
Category: Combo List
Content: Threat actor CODER is distributing a 7 million record combolist containing corporate email credentials through Telegram channels. The actor operates multiple Telegram groups offering free credential lists and programs.
Date: 2026-04-09T19:30:52Z
Network: openweb
Published URL: https://crackingx.com/threads/71602/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential logs via DAISY CLOUD service
Category: Combo List
Content: Threat actor NEW_DAISYCLOUD shared 5,330 fresh credential logs through a cloud service called DAISY CLOUD, distributed via a password-protected file hosting link on pixeldrain.com.
Date: 2026-04-09T19:30:32Z
Network: openweb
Published URL: https://crackingx.com/threads/71603/
Screenshots:
None
Threat Actors: NEW_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credentials from USA and Europe
Category: Combo List
Content: A threat actor shared a combolist containing 6,300 email credentials with valid mail access, reportedly from users in the USA and Europe. The credentials are being distributed as a free download on an underground forum.
Date: 2026-04-09T19:30:13Z
Network: openweb
Published URL: https://crackingx.com/threads/71604/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of stealer logs containing credentials
Category: Logs
Content: Threat actor UP_DAISYCLOUD shared 5,330 fresh stealer logs from April 9th via a cloud storage link. The logs are distributed for free download and the actor promotes daily updates through their Telegram channel.
Date: 2026-04-09T19:29:13Z
Network: openweb
Published URL: https://darkforums.su/Thread-%F0%9F%9A%80-5330-LOGS-CLOUD-%E2%98%81-09-APRIL-%E2%9D%A4%EF%B8%8F-FRESH-LOGS%E2%9D%97%EF%B8%8F
Screenshots:
None
Threat Actors: UP_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Prefeitura Municipal de Caieiras
Category: Data Breach
Content: Threat actor Spirigatito claims to be selling a database containing 363,519 records from the municipal government of Caieiras, São Paulo, Brazil. The data allegedly includes personal information such as full names, CPF numbers, birth dates, phone numbers, email addresses, and medical record numbers.
Date: 2026-04-09T19:28:10Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-Government-of-Brazil-Prefeitura-Municipal-de-Caieiras–188012
Screenshots:
None
Threat Actors: Spirigatito
Victim Country: Brazil
Victim Industry: Government
Victim Organization: Prefeitura Municipal de Caieiras
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Forum post claims to offer 600 valid Hotmail email credentials. The post appears to be offering a combolist of Hotmail accounts, though the actual content requires forum registration to view.
Date: 2026-04-09T19:06:44Z
Network: openweb
Published URL: https://crackingx.com/threads/71600/
Screenshots:
None
Threat Actors: Jelooos
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Cyber Attack and Initial Access Compromise of Tatung University (TTU) Taiwan by Z-Pentest Alliance
Category: Cyber Attack
Content: Threat actor group Z-Pentest Alliance claims to have gained full control over a faculty/administrator computer at Tatung University (TTU), Taiwan, specifically within the Department of Digital Media Design. They report administrative access to SINEW SCMS (信業科技教室管理系統), a classroom computer management system, exposing a full inventory of lab computers, internal IP addresses (142.123..), MAC addresses, and Windows version details. The actors claim access to the instructors OneDrive and Microsoft account, all work files, and the ability to mass-deploy malware across all lab machines via SCMS. They threaten credential leaks (Microsoft, Google), public release of academic materials under their brand, and further lateral movement into other Taiwanese systems. Post is tagged #OpTaiwan indicating a broader campaign.
Date: 2026-04-09T19:06:38Z
Network: telegram
Published URL: https://t.me/c/2729466495/930
Screenshots:
None
Threat Actors: Z-Pentest Alliance
Victim Country: Taiwan
Victim Industry: Education
Victim Organization: Tatung University (大同大學, TTU)
Victim Site: ttu.edu.tw
Alleged leak of email credential combolists via PandaCloud service
Category: Combo List
Content: Threat actor advertising a free service providing fresh email credential combolists updated daily through Telegram channel and file sharing platform. The service claims to offer only valid and recent credential combinations from various email providers.
Date: 2026-04-09T19:05:57Z
Network: openweb
Published URL: https://crackingx.com/threads/71601/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Matomo analytics platform database
Category: Data Leak
Content: A threat actor claims to have discovered multiple SQL database files totaling over 24GB in an Amazon S3 bucket, allegedly containing Matomo analytics platform data including visitor logs and database dumps. The actor is sharing download links to the leaked data for free.
Date: 2026-04-09T19:03:09Z
Network: openweb
Published URL: https://pwnforums.st/Thread-Matomo-Privacy-first-Google-Analytics-Alternative
Screenshots:
None
Threat Actors: OriginalCrazyOldFart
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Matomo
Victim Site: matomo.org
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: A threat actor allegedly shared a collection of valid Hotmail credentials on a cybercrime forum. The post indicates the credentials are fresh and valid, though the exact count is hidden behind registration requirements.
Date: 2026-04-09T18:53:03Z
Network: openweb
Published URL: https://crackingx.com/threads/71599/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of credit card data and financial services on XF forum
Category: Data Breach
Content: Threat actor bigpunisher111 is selling credit card data with high and low balances for online shopping, carding, and various payment platforms. The actor also offers bank logs, gift cards, and cash-out services through multiple communication channels.
Date: 2026-04-09T18:44:18Z
Network: openweb
Published URL: https://xforums.st/threads/tele-terrellwhitte-discord-active24hrs-gmail-sosaboy959-gmail-com-whatsapp-1-425-531-1773.606517/
Screenshots:
None
Threat Actors: bigpunisher111
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of MiFlash Mobile
Category: Data Breach
Content: Threat actor claims to have compromised MiFlash Mobile database containing personal information of 500,000 members and MD5-encrypted passwords for 200,000 members. The actor is allegedly selling the data and claims most passwords are being cracked.
Date: 2026-04-09T18:37:10Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-FLASHMOBILE-MX-500K-With-Password-FULL-PII
Screenshots:
None
Threat Actors: Brazzers
Victim Country: Mexico
Victim Industry: Technology
Victim Organization: MiFlash Mobile
Victim Site: miflashmobile.mx
Alleged data leak of Bangladesh fuel pump database from fuelpass.gov.bd
Category: Data Leak
Content: A threat actor leaked a database containing fuel pump station information from the Bangladesh governments fuel pass system. The leaked data includes station details, owner information, contact details, location data, and transaction counts for fuel pumps across Bangladesh.
Date: 2026-04-09T18:36:57Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-fuelpass-gov-bd-fuel-pump-data-leak
Screenshots:
None
Threat Actors: death11
Victim Country: Bangladesh
Victim Industry: Government
Victim Organization: Bangladesh Government Fuel Pass System
Victim Site: fuelpass.gov.bd
Alleged leak of California identification documents with selfies
Category: Data Leak
Content: A threat actor shared California identification documents paired with selfie photographs on a cybercrime forum. The content is hidden behind registration requirements, making specific details unavailable.
Date: 2026-04-09T18:36:46Z
Network: openweb
Published URL: https://darkforums.su/Thread-%F0%9F%92%8EUSA-Cali-ID-Selfie-%F0%9F%92%8E
Screenshots:
None
Threat Actors: Databroque
Victim Country: United States
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Lenme platform
Category: Data Breach
Content: Threat actor claims to possess a database containing personal information from Lenme.com including names, addresses, phone numbers, and Social Security numbers. The actor is gauging interest in the full database by sharing a small sample of 5 records.
Date: 2026-04-09T18:36:41Z
Network: openweb
Published URL: https://darkforums.su/Thread-lenme-com-invest-btc-data-usa
Screenshots:
None
Threat Actors: bases_email_num_usa
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Lenme
Victim Site: lenme.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor MegaCloudshop shared a combolist containing 1,200 allegedly valid Hotmail email credentials via file sharing service. The credentials are claimed to be fresh and provide full mail access.
Date: 2026-04-09T18:27:26Z
Network: openweb
Published URL: https://demonforums.net/Thread-1-2K-Full-Valid-HOTMAIL-Fresh-Mail-Access-09-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,200 allegedly valid Hotmail email credentials on a cybercrime forum. The credentials are claimed to be fresh and from April 9th.
Date: 2026-04-09T18:25:37Z
Network: openweb
Published URL: https://crackingx.com/threads/71598/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of credential combolist containing 22.85 million records
Category: Logs
Content: Threat actor Daxus made available a credential combolist containing 22.85 million URL:LOGIN:PASS records through their platform. The actor promotes additional services through their website and Telegram channel.
Date: 2026-04-09T18:23:13Z
Network: openweb
Published URL: https://pwnforums.st/Thread-URL-LOGIN-PASS-%E2%AD%90%EF%B8%8FURL-LOG-PASS-22-85-M-%E2%9C%85-ULP-DAXUS-PRO-UHQ-%E2%AD%90%EF%B8%8F
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of baitaranighat.com by OpsShadowStrike
Category: Defacement
Content: The hacktivist group #OpsShadowStrike claimed responsibility for defacing the Indian website baitaranighat.com, uploading a defacement page at /ops.html. The attack was carried out in collaboration with multiple Malaysian hacktivist groups including TengkorakCyberCrew, EagleCyberCrew, MalaysiaHacktivist, CyberActivistMalaysia, AskarBadai, TheSweetNight, Noheartz, and several individual actors. The operation appears politically motivated, tied to pro-Palestine and anti-Israel sentiment under the #AllMuslimHackers banner.
Date: 2026-04-09T18:12:48Z
Network: telegram
Published URL: https://t.me/c/3844432135/274
Screenshots:
None
Threat Actors: OpsShadowStrike
Victim Country: India
Victim Industry: Unknown
Victim Organization: Baitarani Ghat
Victim Site: baitaranighat.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Actor snowstormxd shared fresh Hotmail credentials through free download links on a cybercriminal forum. The combolist was made available via Pasteview and Telegram channels at no cost.
Date: 2026-04-09T17:49:12Z
Network: openweb
Published URL: https://crackingx.com/threads/71596/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of stolen credentials via Mystic Stealer
Category: Logs
Content: Threat actor KazeFreak distributed 1,000 stolen credential logs obtained via Mystic Stealer malware from Spanish victims running Windows 10 Enterprise and Chrome browser. The logs include credentials, cookies, cryptocurrency wallet data, and autofill information.
Date: 2026-04-09T17:46:32Z
Network: openweb
Published URL: https://darkforums.su/Thread-URL-LOGIN-PASS-Mystic-Stealer-1000-logs
Screenshots:
None
Threat Actors: KazeFreak
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Discord email disclosure exploit
Category: Initial Access
Content: Threat actor claims to be selling an exploit that abuses an outdated Discord feature to retrieve any users email address using only their user ID for 0.5 XMR. The alleged exploit reportedly bypasses rate limiting mechanisms.
Date: 2026-04-09T17:46:17Z
Network: openweb
Published URL: https://darkforums.su/Thread-GET-ANY-DISCORD-USERS-EMAIL-%F0%9F%92%99
Screenshots:
None
Threat Actors: znf
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Discord
Victim Site: discord.com
Alleged sale of classified Chinese military supercomputing data
Category: Data Breach
Content: Threat actor claims to be selling over 10 petabytes of classified military research data allegedly stolen from Chinas National Supercomputing Center, including satellite schematics, aerospace simulations, and defense contractor research for $20,000.
Date: 2026-04-09T17:46:01Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-CHINA-10-PETABYTES-MILITARY-LEAK
Screenshots:
None
Threat Actors: McLovin
Victim Country: China
Victim Industry: Government/Military
Victim Organization: National Supercomputing Center (NSCC)
Victim Site: Unknown
Alleged data leak of Payap University database
Category: Data Leak
Content: A threat actor allegedly leaked a database from Payap University containing personal information including names, ID numbers, phone numbers, email addresses, and administrative data. The sample shows structured database records with employee or member information across various Indonesian regions.
Date: 2026-04-09T17:45:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-payap-ac-th-Payap-University-Official-Website-In-Thailand
Screenshots:
None
Threat Actors: blackhunter1
Victim Country: Thailand
Victim Industry: Education
Victim Organization: Payap University
Victim Site: payap.ac.th
Alleged data breach of Shukah.com
Category: Data Breach
Content: Threat actor undertaker is selling a database containing 7.7 million records from Shukah.com dated July 2025. The data includes customer information, payment details, driver data, and location coordinates for $600.
Date: 2026-04-09T17:45:44Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Shukah-com-7M
Screenshots:
None
Threat Actors: undertaker
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Shukah
Victim Site: shukah.com
Alleged leak of Hotmail credentials
Category: Data Leak
Content: Threat actor martcloud posted a free download link claiming to contain fresh Hotmail credentials on a dark web forum.
Date: 2026-04-09T17:45:32Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-FULL-FRESH-HOTMAILS-unrapped–72856
Screenshots:
None
Threat Actors: martcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of French banking institutions
Category: Data Breach
Content: Threat actor claims to possess a dataset containing comprehensive personal and financial information including IBANs, personal details, and account information from multiple major French and European banks including BNP Paribas, Societe Generale, and Credit Agricole.
Date: 2026-04-09T17:45:28Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-1-2M-FR-FICOBA-BANK-LEADS-2026
Screenshots:
None
Threat Actors: bestdata
Victim Country: France
Victim Industry: Financial Services
Victim Organization: Multiple French Banks
Victim Site: Unknown
Alleged data breach of Optavia customer database
Category: Data Breach
Content: Threat actor claims to have obtained customer data from Optavia including email addresses, passwords, names, phone numbers, and partial credit card information. The data is being distributed through a download link and the actor is offering additional databases through Telegram contact.
Date: 2026-04-09T17:45:16Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-optavia-com-website-USA-data
Screenshots:
None
Threat Actors: bases_email_num_usa
Victim Country: United States
Victim Industry: Health and Wellness
Victim Organization: Optavia
Victim Site: optavia.com
Alleged leak of BidenCash credit card data
Category: Data Leak
Content: Nearly one million credit cards allegedly leaked by BidenCash dark web market, including card numbers, expiration dates, and CVV codes. The data was shared for free through clearnet file-hosting services and promoted on Russian-speaking hacker forums.
Date: 2026-04-09T17:44:33Z
Network: openweb
Published URL: https://pwnforums.st/Thread-BidenCash-1-221-551-cards-for-free2-csv
Screenshots:
None
Threat Actors: HarleenQuinzel2905
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Carwah car rental platform database
Category: Data Leak
Content: Threat actor Spirigatito leaked a database from Carwah, Saudi Arabias digital car rental platform, containing personal information including names, emails, phone numbers, national IDs, dates of birth, and driver license data with images.
Date: 2026-04-09T17:44:18Z
Network: openweb
Published URL: https://pwnforums.st/Thread-DATABASE-Carwah-Database-Drivers-Licence-Leaked-Download
Screenshots:
None
Threat Actors: Spirigatito
Victim Country: Saudi Arabia
Victim Industry: Transportation
Victim Organization: Carwah
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor has made available a credential combolist containing 3,183 Hotmail email and password combinations described as premium mixed mail hits.
Date: 2026-04-09T17:35:19Z
Network: openweb
Published URL: https://crackingx.com/threads/71595/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged CCTV System Compromise of Manchester Pharmacy by NoName057(16)
Category: Cyber Attack
Content: The threat actor group NoName057(16) claims to have successfully infiltrated the CCTV surveillance system of a pharmacy located in Manchester, UK. The post includes politically motivated commentary targeting the UK, references to OpGreatBritain, and hashtags suggesting an ongoing campaign against British targets. The group frames this as retaliation against Russophobes, indicating a pro-Russian hacktivist motivation.
Date: 2026-04-09T17:17:51Z
Network: telegram
Published URL: https://t.me/c/3087552512/1706
Screenshots:
None
Threat Actors: NoName057(16)
Victim Country: United Kingdom
Victim Industry: Healthcare / Retail Pharmacy
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of USA credential combolist
Category: Logs
Content: Threat actor D4rkNetHub shared a credential combolist containing 1,133 USA-based accounts on a cybercriminal forum. The post appears to offer free access to the credential list rather than selling it.
Date: 2026-04-09T16:48:01Z
Network: openweb
Published URL: https://xforums.st/threads/1-133-good-usa-d4rknethub-cloud-09-04-26.606492/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of USA credentials combolist
Category: Combo List
Content: Threat actor D4rkNetHub allegedly leaked a combolist containing 1,133 credentials from USA users on a cybercrime forum. The credentials are described as Good USA suggesting they are verified or high-quality.
Date: 2026-04-09T16:45:19Z
Network: openweb
Published URL: https://crackingx.com/threads/71594/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement targeting Indonesian educational institution by maw3six
Category: Defacement
Content: Threat actor maw3six conducted a mass defacement attack targeting the University of Butons website as part of a broader campaign. The attack was executed on April 9, 2026, affecting the institutions online presence.
Date: 2026-04-09T16:35:32Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248376
Screenshots:
None
Threat Actors: maw3six
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: University of Buton
Victim Site: sijamu.umbuton.ac.id
Alleged leak of Hotmail credentials
Category: Combo List
Content: Actor alphaxdd shared a combolist containing 659 allegedly valid Hotmail email and password combinations on cybercriminal forum. The credentials are described as premium hits with mixed mail types.
Date: 2026-04-09T16:32:34Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-659x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor alphaxdd shared a combolist containing 659 premium Hotmail email credentials on CrackingX forum. The credentials are described as valid hits from private cloud sources and mixed email accounts.
Date: 2026-04-09T16:31:05Z
Network: openweb
Published URL: https://crackingx.com/threads/71592/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Imminent Cyber Attack Announced by Handala Against Israeli IDF Unit 8200
Category: Cyber Attack
Content: Threat actor Handala has announced a forthcoming cyber operation targeting the Israeli militarys Unit 8200, with specific focus on its Iran Desk. The group is teasing a surprise to be revealed the following day, suggesting a planned data breach, leak, or disruptive attack against Israeli signals intelligence infrastructure.
Date: 2026-04-09T16:29:35Z
Network: telegram
Published URL: https://t.me/c/3548035165/217
Screenshots:
None
Threat Actors: HANDALA HACK
Victim Country: Israel
Victim Industry: Government / Military Intelligence
Victim Organization: Unit 8200 (IDF Intelligence Corps)
Victim Site: Unknown
Alleged Sale of Sensitive Cisco and Salesforce Data Including Source Code and Credentials
Category: Data Breach
Content: A threat actor is allegedly selling a large volume of confidential data from Cisco and Salesforce. The claimed data includes source code for Cisco products (IOS, ASA, NX-OS), user identity information, GitHub repositories, and AWS-stored data. Over 3.15 million Salesforce records are also reportedly included. The data is being offered for approximately $500,000. No official confirmation has been issued by either company.
Date: 2026-04-09T16:29:07Z
Network: telegram
Published URL: https://t.me/c/1283513914/21099
Screenshots:
None
Threat Actors: Unknown
Victim Country: United States
Victim Industry: Technology
Victim Organization: Cisco, Salesforce
Victim Site: Unknown
Alleged Sale of Mexican AFORE Retirement Fund Database with 88,483 Records
Category: Data Breach
Content: A threat actor is selling an alleged database of Mexican AFORE (Administradoras de Fondos para el Retiro / retirement fund administrators) records in .xlsx format. The dataset reportedly contains 88,483 individual records with extensive PII including full name, CURP (national ID), email, employer, home address, postal code, retirement account balance (RCV), AFORE provider, NSS (social security number), NRP, and sector/industry. A sample record shows a balance of $2,348,472 MXN. Price is described as negotiable. Contact handle: @MagoSpeak.
Date: 2026-04-09T16:27:58Z
Network: telegram
Published URL: https://t.me/c/3764001014/102
Screenshots:
None
Threat Actors: SpeakTeam
Victim Country: Mexico
Victim Industry: Financial Services / Retirement Funds
Victim Organization: AFORE (Multiple Retirement Fund Administrators)
Victim Site: Unknown
Alleged leak of mixed email credential combolist
Category: Combo List
Content: Threat actor klyne05 shared a mixed email credential combolist described as private, fresh, and checked on a cybercriminal forum. The post offers the credential data as a free download with minimal details provided about the source or contents.
Date: 2026-04-09T16:19:02Z
Network: openweb
Published URL: https://crackingx.com/threads/71588/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 22.85 million records
Category: Combo List
Content: Threat actor Daxus allegedly leaked a credential combolist containing 22.85 million URL:LOG:PASS combinations on CrackingX forum. The data is being distributed through the actors website and Telegram channel.
Date: 2026-04-09T16:18:13Z
Network: openweb
Published URL: https://crackingx.com/threads/71590/
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of DeepNude v2 Premium cracking tool
Category: Data Leak
Content: Cracked version of DeepNude v2 Premium AI image transformation software being distributed on cybercrime forum. The tool is designed for automated generation of fake nude images and may facilitate non-consensual intimate imagery creation.
Date: 2026-04-09T16:05:55Z
Network: openweb
Published URL: https://demonforums.net/Thread-DeepNude-v2-Premium-Cracked
Screenshots:
None
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Software
Victim Organization: DeepNude
Victim Site: Unknown
WhatDROID Pro Activated
Category: Alert
Content: New thread posted by Starip: WhatDROID Pro Activated
Date: 2026-04-09T16:04:44Z
Network: openweb
Published URL: https://demonforums.net/Thread-WhatDROID-Pro-Activated
Screenshots:
None
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
136K CORPS TARGETED COMBOLIST
Category: Combo List
Content: New thread posted by Ra-Zi: 136K CORPS TARGETED COMBOLIST
Date: 2026-04-09T16:03:42Z
Network: openweb
Published URL: https://demonforums.net/Thread-136K-CORPS-TARGETED-COMBOLIST
Screenshots:
None
Threat Actors: Ra-Zi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
[1035x] ⭐⭐ FRESH HQ HOTMAIL ⭐⭐
Category: Combo List
Content: New thread posted by KiwiShio: [1035x] ⭐⭐ FRESH HQ HOTMAIL ⭐⭐
Date: 2026-04-09T16:03:09Z
Network: openweb
Published URL: https://crackingx.com/threads/71585/
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
9K Full Valid Mail Access Just top Quality 09.04
Category: Combo List
Content: New thread posted by MailAccesss: 9K Full Valid Mail Access Just top Quality 09.04
Date: 2026-04-09T16:02:34Z
Network: openweb
Published URL: https://crackingx.com/threads/71587/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
DIGECAM (GUATEMALA) 62K FireArm Serials And Models.
Category: Alert
Content: New thread posted by GordonFreeman: DIGECAM (GUATEMALA) 62K FireArm Serials And Models.
Date: 2026-04-09T16:00:28Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-DIGECAM-GUATEMALA-62K-FireArm-Serials-And-Models
Screenshots:
None
Threat Actors: GordonFreeman
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of US email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 1,200 fresh valid US email credentials dated April 9th on an underground forum.
Date: 2026-04-09T15:50:55Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1-2K-Usa-Fresh-Valid-Mail-Access-09-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of US email credentials
Category: Combo List
Content: A threat actor shared a collection of 1,200 allegedly fresh and valid US email credentials dated April 9th on a cybercriminal forum specializing in combolists and credential dumps.
Date: 2026-04-09T15:49:35Z
Network: openweb
Published URL: https://crackingx.com/threads/71583/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Cyber Attack on Luxembourg Pipeline Cathodic Protection ICS Infrastructure by Z-Pentest Alliance
Category: Cyber Attack
Content: Threat group Z-Pentest Alliance claims one of their members successfully compromised an RTU32 (Remote Terminal Unit 32) industrial controller managing cathodic protection systems for pipelines and metal structures in Luxembourg. The actor claims full access to the main HMI panel, with control over substation parameters including New Setpoints, Off Potential, IR-Drop, Impedance, and Setup across four channels. The system is reportedly generating communication errors with values maxing out at 999, while operators believe it is a routine Comm err station 0 issue. The group frames this as a demonstration of offensive ICS capability and states the next target is already being worked on.
Date: 2026-04-09T15:39:13Z
Network: telegram
Published URL: https://t.me/c/2729466495/929
Screenshots:
None
Threat Actors: Z-Pentest Alliance
Victim Country: Luxembourg
Victim Industry: Energy / Critical Infrastructure (Pipeline / Utilities)
Victim Organization: Unknown
Victim Site: Unknown
⚡⚡ X1915 Valid UHQ Mix ⚡⚡
Category: Combo List
Content: New thread posted by Roronoa044: ⚡⚡ X1915 Valid UHQ Mix ⚡⚡
Date: 2026-04-09T15:38:04Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X1915-Valid-UHQ-Mix-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: Forum user noir shared what appears to be valid Hotmail credentials in a mixed combolist format on CrackingX forum. The post mentions X1915 Valid UHQ Mix suggesting high-quality credential data.
Date: 2026-04-09T15:37:24Z
Network: openweb
Published URL: https://crackingx.com/threads/71581/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of Radbag by DimasHxR
Category: Defacement
Content: The German e-commerce website Radbag was defaced by the attacker DimasHxR on April 9, 2026. The defacement targeted a customer media subdirectory of the main website.
Date: 2026-04-09T15:23:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832108
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: E-commerce
Victim Organization: Radbag
Victim Site: www.radbag.de
Alleged sale of offensive hacking tools bundle including CobaltStrike and AI vulnerability finder
Category: Malware
Content: A threat actor operating under CyberShop is selling a bundle of offensive security and hacking tools for $99, including TargetFetcher, CobaltStrike, CodeShield Pro, and AI Vuln Finder, with Diecat included as a free bonus. The offer is promoted as a 72-hour limited promo via a Telegram bot contact.
Date: 2026-04-09T14:59:05Z
Network: telegram
Published URL: https://t.me/c/2588114907/1064
Screenshots:
None
Threat Actors: Keymous
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of giaysneaker.store by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR defaced the Vietnamese sneaker retailer website giaysneaker.store on April 9, 2026. The attack targeted a specific page within the media/custom directory rather than the main homepage.
Date: 2026-04-09T14:54:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832104
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail/E-commerce
Victim Organization: Unknown
Victim Site: giaysneaker.store
Website defacement of funkbomb.com by DimasHxR
Category: Defacement
Content: The attacker DimasHxR successfully defaced the funkbomb.com website on April 9, 2026. This appears to be an isolated defacement incident targeting a single website rather than a mass attack campaign.
Date: 2026-04-09T14:54:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832105
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: funkbomb.com
Alleged cyber attack on Syria Ministry of Public Works and Housing by Keymous
Category: Defacement
Content: Threat actor group Keymous claims to have targeted the Syrian Ministry of Public Works and Housing. The post uses the Syrian flag emoji and ministry name as a trophy post, consistent with defacement or data breach activity attributed to this group.
Date: 2026-04-09T14:51:13Z
Network: telegram
Published URL: https://t.me/c/2588114907/1066
Screenshots:
None
Threat Actors: Keymous
Victim Country: Syria
Victim Industry: Government
Victim Organization: Ministry of Public Works and Housing
Victim Site: Unknown
Alleged leak of mixed domain credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 30,000 email and password combinations from mixed domains via a paste service link. The credentials are being distributed for free on a cybercriminal forum.
Date: 2026-04-09T14:50:42Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-30k-Mixed-Domains-Good-Combolist
Screenshots:
None
Threat Actors: Razly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed domain credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 30,000 mixed domain credentials. The credentials are described as good quality and made available through a file sharing service.
Date: 2026-04-09T14:50:00Z
Network: openweb
Published URL: https://crackingx.com/threads/71580/
Screenshots:
None
Threat Actors: Cir4d
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of domain list with authority metrics by Pharaohs Team
Category: Phishing
Content: Pharaohs Team market is offering a list of 22 domains across multiple countries and TLDs, each accompanied by Domain Authority (DA) and Page Authority (PA) scores. Such lists are commonly used for phishing infrastructure, spam campaigns, SEO manipulation, or malicious redirects. Contact provided via Telegram handle @phteam_s.
Date: 2026-04-09T14:49:31Z
Network: telegram
Published URL: https://t.me/c/3205199875/464
Screenshots:
None
Threat Actors: Pharaohs Team
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of AWS S3 access to US corporation
Category: Initial Access
Content: Threat actor AckLine is allegedly selling access to AWS S3 backup systems of a US corporation with $5.8M revenue, requesting offers via private message on Qtox.
Date: 2026-04-09T14:47:11Z
Network: openweb
Published URL: https://pwnforums.st/Thread-AWS-US-Corp
Screenshots:
None
Threat Actors: AckLine
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Ladministration communale dAnderlues subit une cyberattaque de grande ampleur: les services fermés pour une durée inconnue
Category: Cyber Attack
Content: La commune dAnderlues a été victime dune cyberattaque de grande ampleur, entraînant la fermeture de ses services administratifs pour une durée indéterminée. Lattaque a eu lieu entre minuit et 5h du matin le 8 avril 2026. Les autorités locales et fédérales tentent de rétablir laccès aux systèmes informatiques et de déterminer lorigine de lattaque.
Date: 2026-04-09T14:40:44Z
Network: openweb
Published URL: https://www.dhnet.be/regions/charleroi/2026/04/09/ladministration-communale-danderlues-subit-une-cyberattaque-de-grande-ampleur-les-services-fermes-pour-une-duree-inconnue-MBTDZSJTLJB7TIM2SXAWOQ4OAQ/
Screenshots:
None
Threat Actors:
Victim Country: Belgium
Victim Industry: Unknown
Victim Organization: Anderlues
Victim Site: anderlues.be
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 53,000 mixed email and password combinations on a cybercrime forum, providing free access to registered users.
Date: 2026-04-09T14:38:33Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-53K-Mix-Mail-Access-Combo–199925
Screenshots:
None
Threat Actors: MarkVesto
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 53,000 mixed email and password combinations on a cybercriminal forum. The credentials appear to be from various sources and are being distributed for free to registered forum users.
Date: 2026-04-09T14:37:13Z
Network: openweb
Published URL: https://crackingx.com/threads/71579/
Screenshots:
None
Threat Actors: MarkVesto
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Diktum by DimasHxR
Category: Defacement
Content: DimasHxR conducted a website defacement attack against diktum.lt on April 9, 2026. The attack targeted a specific media/customer section of the Lithuanian website.
Date: 2026-04-09T14:31:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832098
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Lithuania
Victim Industry: Unknown
Victim Organization: Diktum
Victim Site: diktum.lt
Alleged leak of Comcast credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,000 Comcast email and password combinations via a free download link on a cybercrime forum.
Date: 2026-04-09T14:25:39Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1K-COMCAST
Screenshots:
None
Threat Actors: WINGO
Victim Country: United States
Victim Industry: Telecommunications
Victim Organization: Comcast
Victim Site: comcast.com
Alleged distribution of HQ Mix combolist containing 1,779 credentials
Category: Combo List
Content: A threat actor is distributing a high-quality mixed credential list containing 1,779 entries on a cybercriminal forum. The combolist appears to be shared for free download behind a registration gate.
Date: 2026-04-09T14:24:37Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9A%A1%E2%9A%A1-X1779-HQ-Mix-%E2%9A%A1%E2%9A%A1-BY-Steveee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged solicitation for stolen email credentials and social media cookies
Category: Logs
Content: A threat actor operating under the handle best_ is actively seeking to purchase stolen credentials and session cookies, specifically: valid IMAP email:password combos (non-Gmail/Microsoft), fresh Gmail cookies not previously verified by LinkedIn buyers, and LinkedIn cookies with passwords. The actor is seeking long-term partnerships with data providers, suggesting ongoing bulk acquisition of compromised account data.
Date: 2026-04-09T14:21:59Z
Network: telegram
Published URL: https://t.me/c/2613583520/60019
Screenshots:
None
Threat Actors: best_
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of multi-platform combolists, cookies, and logs including Hotmail, Gmail, Yahoo, PayPal, and more
Category: Logs
Content: A threat actor is selling combolists and stealer logs covering a wide range of platforms including email providers (Hotmail, Gmail, Yahoo, AOL, Comcast), social media (Facebook, Instagram, TikTok), streaming services (Netflix, Disney), e-commerce (Amazon, eBay, PayPal), and dating apps (Badoo, Bumble, OkCupid). The offering includes cookies and logs for accounts across multiple countries including France, Italy, United States, United Kingdom, Germany, and Spain. Contact is directed to @xRealWorker on Telegram.
Date: 2026-04-09T14:19:00Z
Network: telegram
Published URL: https://t.me/c/2613583520/60013
Screenshots:
None
Threat Actors: xRealWorker
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Foxhog Ventures VC firm database
Category: Data Leak
Content: Threat actor leaked alleged database dump from Foxhog Ventures VC firm containing CRM data of 172 startup founders and SME owners, including personal information, project details, and financial records. The leak includes detailed victim profiles with contact information and investment-related documentation.
Date: 2026-04-09T14:12:42Z
Network: openweb
Published URL: https://spear.cx/Thread-Foxhog-Ventures-Leaked
Screenshots:
None
Threat Actors: nono0101
Victim Country: India
Victim Industry: Financial Services
Victim Organization: Foxhog Ventures
Victim Site: Unknown
Alleged leak of mixed email credential list
Category: Combo List
Content: A threat actor shared a combolist containing 4,400 mixed email credentials for free download on a cybercriminal forum.
Date: 2026-04-09T14:11:52Z
Network: openweb
Published URL: https://crackingx.com/threads/71578/
Screenshots:
None
Threat Actors: NotSellerxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged initial access to held.co.il admin panel (Israel)
Category: Initial Access
Content: Threat actor Keymous Plus shared admin panel access credentials for held.co.il, an Israeli domain. The post includes the admin panel URL (https://held.co.il/admin), confirmed successful login credentials (7stars:7stars), login statistics showing 1 successful login on 2026-03-25, and diagnostic details indicating an unhandled exception during an order export attempt. The access appears to be to an e-commerce or order management system.
Date: 2026-04-09T14:11:15Z
Network: telegram
Published URL: https://t.me/c/2588114907/1065
Screenshots:
None
Threat Actors: Keymous Plus
Victim Country: Israel
Victim Industry: E-commerce
Victim Organization: Held
Victim Site: held.co.il
Alleged leak of email credential combolist containing 16,000 records
Category: Combo List
Content: Threat actor COYTO shared a combolist containing 16,000 email credentials for free download on DemonForums. The credential list was made available through a paste sharing service.
Date: 2026-04-09T14:00:07Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-16K-MAIL-ACCESS-HQ
Screenshots:
None
Threat Actors: COYTO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Casmar Global by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced a subdirectory of the Casmar Global website on April 9, 2026. The incident was not a mass defacement or redefacement attack.
Date: 2026-04-09T13:52:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832069
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Casmar Global
Victim Site: casmarglobal.com
Alleged leak of credential combolist containing 3,000 valid accounts
Category: Combo List
Content: Threat actor WINGO shared a combolist containing 3,000 allegedly valid email and password combinations through a free download link on DemonForums.
Date: 2026-04-09T13:47:17Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3k-VALID-ACCESS–199919
Screenshots:
None
Threat Actors: WINGO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist containing 64,418 records
Category: Combo List
Content: A threat actor shared a combolist containing 64,418 email and password combinations described as a fresh mix on a cybercrime forum. The credentials appear to be from mixed sources and are being distributed for free.
Date: 2026-04-09T13:46:19Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-64-418-Lines-Fresh-Mix-Combolist
Screenshots:
None
Threat Actors: stormtrooper
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of CAD File Store by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR successfully defaced the CAD File Store website on April 9, 2026. The incident targeted a single page rather than the main homepage or multiple sites simultaneously.
Date: 2026-04-09T13:46:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832067
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Technology/Software
Victim Organization: CAD File Store
Victim Site: cadfilestore.com
Website defacement of BuyMyStock by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced a customer media subdirectory of buymystock.com on April 9, 2026. This appears to be an isolated defacement incident targeting the financial services platform.
Date: 2026-04-09T13:45:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832068
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: BuyMyStock
Victim Site: buymystock.com
Alleged leak of mixed credential combolist
Category: Combo List
Content: A threat actor shared a fresh mixed combolist containing 64,418 credential pairs through a cybercrime forum. The actor promotes additional content through a Telegram channel.
Date: 2026-04-09T13:45:09Z
Network: openweb
Published URL: https://crackingx.com/threads/71577/
Screenshots:
None
Threat Actors: Browzchel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of makeithomely.co.uk by DimasHxR
Category: Defacement
Content: Solo attacker DimasHxR successfully defaced the Make It Homely website on April 9, 2026. The defacement targeted the media directory of the UK-based home goods retailer.
Date: 2026-04-09T13:39:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832065
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Retail/E-commerce
Victim Organization: Make It Homely
Victim Site: makeithomely.co.uk
Website defacement of German government portal by maw3six
Category: Defacement
Content: Attacker maw3six successfully defaced a German government procedure guide portal on April 9, 2026. The incident targeted a subdomain of the official Verfahrenslotse service platform used for administrative procedures.
Date: 2026-04-09T13:38:13Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248375
Screenshots:
None
Threat Actors: maw3six
Victim Country: Germany
Victim Industry: Government
Victim Organization: Verfahrenslotse
Victim Site: platz.verfahrenslotse.org
Website defacement of The Body Shop Vietnam by DimasHxR
Category: Defacement
Content: DimasHxR defaced The Body Shop Vietnams website on April 9, 2026, targeting the media section of their e-commerce platform. This appears to be an isolated defacement incident rather than part of a mass campaign.
Date: 2026-04-09T13:32:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832054
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Vietnam
Victim Industry: Retail/Cosmetics
Victim Organization: The Body Shop Vietnam
Victim Site: thebodyshop.com.vn
Website defacement of TKC by DimasHxR
Category: Defacement
Content: DimasHxR successfully defaced a subdirectory of the TKC website on April 9, 2026. The attack targeted a customer address page within the media section of the site.
Date: 2026-04-09T13:32:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832059
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: TKC
Victim Site: tkc.co.uk
Website defacement of TimeLuxury by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the TimeLuxury website on April 9, 2026. The defacement targeted a specific subdirectory rather than the main homepage of what appears to be a luxury goods retailer.
Date: 2026-04-09T13:31:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832060
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail/E-commerce
Victim Organization: TimeLuxury
Victim Site: timeluxury.com
Website defacement of Luxan BV by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced a customer address page on the Luxan BV website on April 9, 2026. Luxan is a Dutch agricultural chemical company specializing in crop protection products.
Date: 2026-04-09T13:30:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832061
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Netherlands
Victim Industry: Agriculture/Chemical
Victim Organization: Luxan BV
Victim Site: luxan.nl
Website defacement of krab.sk by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced a customer address page on krab.sk on April 9, 2026. This was an individual defacement targeting a specific subdirectory of the Slovak website.
Date: 2026-04-09T13:23:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832045
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Slovakia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: krab.sk
Website defacement of Systems Print Media by DimasHxR
Category: Defacement
Content: DimasHxR defaced the Systems Print Media website on April 9, 2026. The attack targeted a UK-based media and printing companys web presence.
Date: 2026-04-09T13:23:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832046
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Media/Printing
Victim Organization: Systems Print Media
Victim Site: systemsprintmedia.co.uk
Website defacement of LED Technologies by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced LED Technologies website on April 9, 2026. The incident targeted a single page rather than the main homepage or multiple sites.
Date: 2026-04-09T13:22:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832053
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Technology
Victim Organization: LED Technologies
Victim Site: ledtechnologies.co.uk
Alleged sale of offensive hacking toolkit bundle including CobaltStrike by LulzSec Black
Category: Malware
Content: LulzSec Black is advertising a 72-hour promotional bundle of offensive security/hacking tools for $99, including TargetFetcher, CobaltStrike, CodeShield Pro, AI Vuln Finder, and Diecat (free). Contact via @CyberShop_contact_bot. CobaltStrike is a well-known post-exploitation framework commonly abused by threat actors for C2 operations.
Date: 2026-04-09T13:21:49Z
Network: telegram
Published URL: https://t.me/c/2727439812/5599
Screenshots:
None
Threat Actors: LulzSec Black
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of iNews Agency by DimasHxR
Category: Defacement
Content: Australian news agency iNews Agency was defaced by attacker DimasHxR on April 9, 2026. The defacement targeted a specific page in the media/customer section of the website.
Date: 2026-04-09T13:16:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832042
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Australia
Victim Industry: Media/News
Victim Organization: iNews Agency
Victim Site: inewsagency.com.au
Website defacement of KiltsForMen by DimasHxR
Category: Defacement
Content: The attacker DimasHxR successfully defaced the kiltsformen.com website on April 9, 2026. This appears to be an isolated defacement incident targeting the retail companys online presence.
Date: 2026-04-09T13:15:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832043
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail/E-commerce
Victim Organization: KiltsForMen
Victim Site: kiltsformen.com
Alleged sale of US credentials combolist
Category: Data Breach
Content: Threat actor Seacoat is allegedly selling a credential list containing 400,000 email:password combinations claimed to be from United States users. The actor provides a sample file and requests contact via Telegram for purchase.
Date: 2026-04-09T13:14:51Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-Strong-400k-USA-email-pass
Screenshots:
None
Threat Actors: Seacoat
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of classified images of former Israeli Chief of Staff by Iranian group Handala
Category: Data Leak
Content: Iranian hacking group HANDALA claims to have leaked classified images showing former Israeli Chief of Staff Herzi Halevi during undisclosed trips to Jordan and Qatar. The leaked material allegedly includes images of meetings in Jordan where Halevi reportedly presented a dagger belonging to a Jordanian soldier killed in the 1967 war. The claim was shared via LulzSec Black channel.
Date: 2026-04-09T13:11:42Z
Network: telegram
Published URL: https://t.me/c/2727439812/5597
Screenshots:
None
Threat Actors: HANDALA
Victim Country: Israel
Victim Industry: Government & Defense
Victim Organization: Israel Defense Forces
Victim Site: Unknown
Website defacement of JYSK Vietnam by DimasHxR
Category: Defacement
Content: DimasHxR defaced the JYSK Vietnam retail website on April 9, 2026, targeting the customer address media directory. This appears to be an isolated defacement incident against the Danish furniture retailers Vietnamese operations.
Date: 2026-04-09T13:09:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832039
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Vietnam
Victim Industry: Retail
Victim Organization: JYSK Vietnam
Victim Site: jysk.vn
Website defacement of arsludica.com by DimasHxR
Category: Defacement
Content: The website arsludica.com was defaced by threat actor DimasHxR on April 9, 2026. This was a targeted single-site defacement with no specified motivation or proof of concept provided.
Date: 2026-04-09T13:09:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832040
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Ars Ludica
Victim Site: arsludica.com
Website defacement of HH Formulations by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the HH Formulations website on April 9, 2026. The defacement targeted a specific media directory rather than the homepage.
Date: 2026-04-09T12:57:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832031
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Chemical/Pharmaceutical
Victim Organization: HH Formulations
Victim Site: hhformulations.com
Website defacement of safta.com by DimasHxR
Category: Defacement
Content: DimasHxR successfully defaced the safta.com website on April 9, 2026. The attack targeted a specific subdirectory rather than the main homepage and was conducted by an individual attacker without team affiliation.
Date: 2026-04-09T12:56:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832032
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: SAFTA
Victim Site: safta.com
Website defacement of dufio.com.br by M789
Category: Defacement
Content: Attacker M789 defaced the dufio.com.br website on April 9, 2026, targeting specific banner images on the Brazilian site. This was an isolated defacement incident not part of a mass campaign.
Date: 2026-04-09T12:56:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832036
Screenshots:
None
Threat Actors: M789
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Dufio
Victim Site: dufio.com.br
Website defacement of Movimento Vida Saudável by maw3six
Category: Defacement
Content: The attacker maw3six defaced the Brazilian health and wellness organization Movimento Vida Saudávels website on April 9, 2026. The defacement targeted a specific page rather than the homepage and appears to be an isolated incident.
Date: 2026-04-09T12:55:19Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248374
Screenshots:
None
Threat Actors: maw3six
Victim Country: Brazil
Victim Industry: Healthcare/Wellness
Victim Organization: Movimento Vida Saudável
Victim Site: movimentovidasaudavel.com.br
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 45,000 Hotmail email and password combinations on a cybercrime forum. The actor also advertises a shop for credential combinations from various countries.
Date: 2026-04-09T12:53:09Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-Hotmail-Unique-Combo-4-45000
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed forum credentials combolist
Category: Combo List
Content: A threat actor shared an 82,000 record combolist containing email and password combinations from various forums. The credentials are described as validated and mixed from multiple forum platforms.
Date: 2026-04-09T12:51:56Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%99%8B-82k-MIX-Base-With-Valid-FORUMS-%E2%99%8B-17
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed forum credentials combolist
Category: Combo List
Content: A mixed combolist containing 82,000 valid forum credentials is being shared on a cybercriminal forum. The credentials appear to be sourced from various forum platforms.
Date: 2026-04-09T12:50:38Z
Network: openweb
Published URL: https://crackingx.com/threads/71571/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Crypto.com credential samples
Category: Combo List
Content: Forum post claims to contain sample credentials allegedly from Crypto.com, posted in a combolists and dumps section with hidden preview content.
Date: 2026-04-09T12:49:59Z
Network: openweb
Published URL: https://crackingx.com/threads/71572/
Screenshots:
None
Threat Actors: knvx
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Crypto.com
Victim Site: crypto.com
Website defacement of sviato.shop by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the e-commerce website sviato.shop on April 9, 2026. The defacement targeted a specific customer addition page rather than the main homepage.
Date: 2026-04-09T12:49:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832016
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Sviato
Victim Site: sviato.shop
Website defacement of cuirsy.com by DimasHxR
Category: Defacement
Content: Website defacement attack conducted by threat actor DimasHxR against cuirsy.com on April 9, 2026. The attack targeted a specific subdirectory containing customer address information.
Date: 2026-04-09T12:49:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832017
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: cuirsy.com
Website defacement of GreenVibe by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the GreenVibe website on April 9, 2026. The incident targeted a single page rather than the homepage and was not part of a mass defacement campaign.
Date: 2026-04-09T12:48:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832022
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Ukraine
Victim Industry: Unknown
Victim Organization: GreenVibe
Victim Site: greenvibe.com.ua
Website defacement of Greenheart Premiums by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced the greenheart-premiums.com website on April 9, 2026. This was an isolated defacement incident targeting a single organization rather than a mass defacement campaign.
Date: 2026-04-09T12:47:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832023
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Greenheart Premiums
Victim Site: greenheart-premiums.com
Alleged leak of credential combolists containing 1,000 lists
Category: Combo List
Content: Threat actor BlackPanda shared 1,000 credential combolists for free download via MEGA file sharing service. The post includes sample email:password combinations from various domains and organizations.
Date: 2026-04-09T12:47:40Z
Network: openweb
Published URL: https://pwnforums.st/Thread-Exclusive-1k-Combolists
Screenshots:
None
Threat Actors: BlackPanda
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Hydromarket by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Indonesian e-commerce website Hydromarket on April 9, 2026. The defacement targeted a specific subdirectory rather than the main homepage.
Date: 2026-04-09T12:47:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832024
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Indonesia
Victim Industry: E-commerce
Victim Organization: Hydromarket
Victim Site: hydromarket.co.id
Sumitomo Metal Mining Reports Ransomware Attack at Philippine Nickel Subsidiary – TipRanks.com
Category: Cyber Attack
Content: Sumitomo Metal Mining Cos Philippine nickel smelting subsidiary, Coral Bay Nickel Corporation, suffered a ransomware attack. The company isolated the affected servers and is investigating the breach with external specialists. The attack had a limited impact on operations and is not expected to significantly affect the companys consolidated results.
Date: 2026-04-09T12:46:49Z
Network: openweb
Published URL: https://www.tipranks.com/news/company-announcements/sumitomo-metal-mining-reports-ransomware-attack-at-philippine-nickel-subsidiary
Screenshots:
None
Threat Actors:
Victim Country: Philippines
Victim Industry: Unknown
Victim Organization: Coral Bay Nickel Corporation
Victim Site: cbnc.com.ph
Caos en entrega de pasaportes por supuesto âataque cibernÃ©ticoâ, Â¿tiene que ver el nuevo modelo?
Category: Cyber Attack
Content: Un supuesto ataque cibernético causó la suspensión de la atención en las oficinas de la Cancillería de Colombia para la expedición de pasaportes en varias ciudades, incluyendo Medellín, Bogotá, Cali y Bucaramanga. El problema se concentró en la plataforma SITAC, lo que impidió la prestación de servicios clave como apostilla y pasaportes en línea. La Cancillería informó que se están realizando labores técnicas para resolver las intermitencias y mejorar la plataforma.
Date: 2026-04-09T12:46:47Z
Network: openweb
Published URL: https://www.elcolombiano.com/colombia/caos-en-entrega-de-pasaportes-por-supuesto-ataque-cibernetico-tiene-que-ver-el-nuevo-modelo-PB35343682
Screenshots:
None
Threat Actors:
Victim Country: Colombia
Victim Industry: Unknown
Victim Organization: Cancillería de Colombia
Victim Site: cancilleria.gov.co
Website defacement of ixpress.se by DimasHxR
Category: Defacement
Content: DimasHxR defaced the ixpress.se website on April 9, 2026, targeting what appears to be a customer address media directory. The attack was an isolated defacement incident rather than part of a mass campaign.
Date: 2026-04-09T12:46:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832025
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Sweden
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ixpress.se
Website defacement of Gruppo San Marco by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Gruppo San Marco website on April 9, 2026. The attack targeted a specific subdirectory rather than the homepage and was not part of a mass defacement campaign.
Date: 2026-04-09T12:45:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832030
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Gruppo San Marco
Victim Site: grupposanmarco.eu
Mass defacement campaign by Zod targeting foresttravel.site
Category: Defacement
Content: The attacker Zod conducted a mass defacement campaign targeting foresttravel.site on April 9, 2026. This was part of a broader mass defacement operation rather than a targeted attack on the individual organization.
Date: 2026-04-09T12:44:51Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248357
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Travel and Tourism
Victim Organization: Forest Travel
Victim Site: foresttravel.site
Mass defacement campaign by Zod targeting 9999webportal.cloud
Category: Defacement
Content: The attacker Zod conducted a mass defacement campaign targeting 9999webportal.cloud on April 9, 2026. The incident was part of a broader mass defacement operation rather than targeting a single specific organization.
Date: 2026-04-09T12:44:30Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248358
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 9999webportal.cloud
Mass website defacement campaign by Zod targeting motivationalbooks.site
Category: Defacement
Content: The attacker Zod conducted a mass defacement campaign targeting motivationalbooks.site on April 9, 2026. This incident was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-04-09T12:44:08Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248359
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Publishing/Media
Victim Organization: Unknown
Victim Site: motivationalbooks.site
Mass website defacement campaign by Zod targeting purewords4u.com
Category: Defacement
Content: The attacker or group known as Zod conducted a mass defacement campaign targeting multiple websites including purewords4u.com on April 9, 2026. This was part of a broader mass defacement operation rather than targeting a specific organization.
Date: 2026-04-09T12:43:48Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248360
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: purewords4u.com
Mass defacement targeting spacehub.cloud by Zod
Category: Defacement
Content: The threat actor Zod conducted a mass defacement campaign targeting spacehub.cloud on April 9, 2026. The attack affected multiple pages as part of a broader mass defacement operation rather than targeting the homepage specifically.
Date: 2026-04-09T12:43:08Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248362
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: SpaceHub
Victim Site: spacehub.cloud
Mass defacement targeting spicefoods.site by Zod
Category: Defacement
Content: Attacker Zod conducted a mass defacement campaign targeting spicefoods.site on April 9, 2026. The attack affected multiple pages rather than just the homepage, indicating a broader compromise of the website.
Date: 2026-04-09T12:42:49Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248363
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Food/Restaurant
Victim Organization: Spice Foods
Victim Site: spicefoods.site
Mass website defacement campaign by Zod targeting spicesign.com
Category: Defacement
Content: Threat actor Zod conducted a mass defacement campaign targeting spicesign.com on April 9, 2026. The attack was part of a broader mass defacement operation rather than a targeted attack on the specific organization.
Date: 2026-04-09T12:42:29Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248364
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Spice Sign
Victim Site: spicesign.com
Mass website defacement campaign by Zod targeting tagsfor.site
Category: Defacement
Content: The threat actor known as Zod conducted a mass defacement campaign targeting multiple websites including tagsfor.site on April 9, 2026. This was part of a broader mass defacement operation rather than targeting a specific organization.
Date: 2026-04-09T12:42:08Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248365
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: tagsfor.site
Mass website defacement campaign by Zod threat actor
Category: Defacement
Content: The threat actor Zod conducted a mass defacement campaign targeting multiple websites including theaitech.site. This was identified as part of a broader mass defacement operation rather than targeting a specific organization.
Date: 2026-04-09T12:41:48Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248366
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: theaitech.site
Mass website defacement campaign by Zod targeting thecryptopulse.cloud
Category: Defacement
Content: Zod conducted a mass defacement campaign targeting thecryptopulse.cloud on April 9, 2026. The attack appears to be part of a broader mass defacement operation rather than a targeted attack on the cryptocurrency news platform.
Date: 2026-04-09T12:41:27Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248367
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Cryptocurrency/Financial Technology
Victim Organization: The Crypto Pulse
Victim Site: thecryptopulse.cloud
Mass defacement campaign targeting theinsure.site by Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement campaign targeting theinsure.site on April 9, 2026. The attack was part of a broader mass defacement operation rather than a targeted single-site attack.
Date: 2026-04-09T12:41:07Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248368
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Insurance
Victim Organization: Unknown
Victim Site: theinsure.site
Mass website defacement by Zod targeting thespices.site
Category: Defacement
Content: The threat actor Zod conducted a mass defacement attack targeting thespices.site on April 9, 2026. This incident was part of a broader mass defacement campaign rather than a targeted attack on a specific organization.
Date: 2026-04-09T12:40:47Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248369
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: thespices.site
Mass defacement campaign by Zod targeting thesurehub.site
Category: Defacement
Content: Mass defacement attack conducted by threat actor Zod targeting thesurehub.site on April 9, 2026. The attack was part of a larger mass defacement campaign rather than targeting a specific organization.
Date: 2026-04-09T12:40:28Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248370
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: thesurehub.site
Mass defacement campaign by Zod targeting multiple websites
Category: Defacement
Content: Zod conducted a mass defacement campaign targeting multiple websites including thetechai.site on April 9, 2026. The attack appears to be part of a broader campaign rather than targeting a specific organization.
Date: 2026-04-09T12:40:08Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248371
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: The Tech AI
Victim Site: thetechai.site
Mass website defacement campaign by Zod targeting usinsurance.site
Category: Defacement
Content: The threat actor Zod conducted a mass defacement campaign targeting usinsurance.site on April 9, 2026. This incident was part of a broader mass defacement operation rather than a targeted single-site attack.
Date: 2026-04-09T12:39:48Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248372
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: United States
Victim Industry: Insurance
Victim Organization: Unknown
Victim Site: usinsurance.site
Mass defacement campaign by Zod targeting usnewshub.cloud
Category: Defacement
Content: The threat actor Zod conducted a mass defacement campaign targeting the news website usnewshub.cloud on April 9, 2026. This incident appears to be part of a broader mass defacement operation rather than a targeted attack on a specific organization.
Date: 2026-04-09T12:39:27Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248373
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Media/News
Victim Organization: US News Hub
Victim Site: usnewshub.cloud
Website defacement of Absaugwelt24 by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the German industrial equipment website absaugwelt24.de on April 9, 2026. The defacement targeted a specific page within the customer media section of the site.
Date: 2026-04-09T12:33:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831983
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Industrial Equipment
Victim Organization: Absaugwelt24
Victim Site: absaugwelt24.de
Website defacement of Allynor by DimasHxR
Category: Defacement
Content: DimasHxR conducted a website defacement attack against allynor.com on April 9, 2026. The attack targeted a specific customer addition page on the media subdirectory of the victims website.
Date: 2026-04-09T12:33:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831984
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Allynor
Victim Site: allynor.com
Website defacement of annaver.shop by DimasHxR
Category: Defacement
Content: The e-commerce website annaver.shop was defaced by threat actor DimasHxR on April 9, 2026. The attack targeted a specific page within the sites media directory rather than the homepage.
Date: 2026-04-09T12:32:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831985
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Annaver
Victim Site: annaver.shop
Website defacement of autocosmetic.pl by DimasHxR
Category: Defacement
Content: DimasHxR successfully defaced the autocosmetic.pl website, targeting what appears to be an automotive cosmetics retailer based in Poland. The defacement occurred on April 9, 2026 and was documented with a mirror URL for threat intelligence purposes.
Date: 2026-04-09T12:32:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831986
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Poland
Victim Industry: Automotive/Retail
Victim Organization: Auto Cosmetic
Victim Site: autocosmetic.pl
Website defacement of bakwerk.net by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the bakwerk.net website on April 9, 2026. The defacement targeted a specific customer add page rather than the main site homepage.
Date: 2026-04-09T12:31:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831988
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Bakwerk
Victim Site: bakwerk.net
Website defacement of Calamar Menswear by DimasHxR
Category: Defacement
Content: The attacker DimasHxR successfully defaced the Calamar Menswear website on April 9, 2026. The defacement targeted a specific media subdirectory rather than the homepage of the mens clothing retailer.
Date: 2026-04-09T12:31:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831990
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail/Fashion
Victim Organization: Calamar Menswear
Victim Site: calamar-menswear.com
Website defacement of Carnilove by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced a media subdirectory of the Polish pet food company Carniloves website on April 9, 2026. The attack targeted a specific page rather than the main homepage.
Date: 2026-04-09T12:30:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831991
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Poland
Victim Industry: Pet Food/Animal Nutrition
Victim Organization: Carnilove
Victim Site: carnilove.com.pl
Alleged Cyber Attack Against Indonesia by TheGarudaEye
Category: Cyber Attack
Content: Threat actor TheGarudaEye announced that tomorrow will be their last attack against Indonesia, and they will continue targeting the next BoP (likely Bank of Philippines or similar financial/government target). The post implies an ongoing attack campaign with a planned pivot to a new target.
Date: 2026-04-09T12:30:07Z
Network: telegram
Published URL: https://t.me/c/2738395378/1479
Screenshots:
None
Threat Actors: TheGarudaEye
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of creasemplice.it by DimasHxR
Category: Defacement
Content: The website creasemplice.it was defaced by threat actor DimasHxR on April 9, 2026. This was an individual defacement targeting a specific subdirectory of the site.
Date: 2026-04-09T12:29:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831992
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: creasemplice.it
Website defacement of donsap.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the donsap.com website on April 9, 2026, specifically targeting the customer address media section of the site.
Date: 2026-04-09T12:29:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831994
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Donsap
Victim Site: donsap.com
Website defacement of ECS Georgia by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced a subdirectory of ecs.ge on April 9, 2026. This was an isolated defacement incident targeting the Georgian organizations customer address media section.
Date: 2026-04-09T12:28:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831995
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Georgia
Victim Industry: Unknown
Victim Organization: ECS
Victim Site: ecs.ge
Website defacement of iamsleepy.co.uk by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR defaced the iamsleepy.co.uk website on April 9, 2026. The attack targeted a specific subdirectory rather than the main homepage.
Date: 2026-04-09T12:28:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831996
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: iamsleepy.co.uk
Website defacement of Maison du Kilim by DimasHxR
Category: Defacement
Content: DimasHxR conducted a website defacement attack against Maison du Kilims e-commerce platform on April 9, 2026. The attack targeted a specific subdirectory of the retail website rather than the homepage.
Date: 2026-04-09T12:27:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831997
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail/E-commerce
Victim Organization: Maison du Kilim
Victim Site: maisondukilim.com
Website defacement of niewiem.cloud by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR conducted a website defacement attack against niewiem.cloud on April 9, 2026. The attack targeted a specific customer media section of the cloud service providers infrastructure.
Date: 2026-04-09T12:27:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832000
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: niewiem.cloud
Website defacement of octelift.shop by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR successfully defaced the e-commerce website octelift.shop on April 9, 2026. The attack targeted a specific customer media directory rather than the main homepage.
Date: 2026-04-09T12:26:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832002
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Octelift
Victim Site: octelift.shop
Website defacement of optibarca.com by DimasHxR
Category: Defacement
Content: The attacker DimasHxR successfully defaced a subdirectory of optibarca.com on April 9, 2026. This was an isolated defacement incident targeting a specific media customer area of the website.
Date: 2026-04-09T12:26:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832003
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Optibarca
Victim Site: optibarca.com
Alleged leak of USA email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 1,800 valid USA email credentials with full access on a cybercrime forum. The credentials are claimed to be valid and provide full mail access.
Date: 2026-04-09T12:25:52Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-1-8K-USA-Full-Valid-Mail-Access-09-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of parafarmacia.click by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the parafarmacia.click website on April 9, 2026. The target appears to be a parapharmacy or pharmaceutical-related website based on the domain name.
Date: 2026-04-09T12:25:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832004
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Healthcare/Pharmaceutical
Victim Organization: Unknown
Victim Site: parafarmacia.click
Website defacement of paulroth.fr by DimasHxR
Category: Defacement
Content: DimasHxR defaced a customer management page on paulroth.fr on April 9, 2026. The attack targeted a specific media/customer section of the website rather than the main homepage.
Date: 2026-04-09T12:25:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832005
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: paulroth.fr
Website defacement of PFIPL by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced a page on pfipl.com on April 9, 2026, targeting what appears to be a customer address section of the website.
Date: 2026-04-09T12:24:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832006
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: PFIPL
Victim Site: pfipl.com
Alleged leak of USA email credentials
Category: Combo List
Content: A threat actor shared a credential list containing 1,800 allegedly valid USA email accounts with full access credentials dated April 9th.
Date: 2026-04-09T12:24:23Z
Network: openweb
Published URL: https://crackingx.com/threads/71570/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of pick-up-moebel.de by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR defaced the German furniture retailer Pick-up Möbels website on April 9, 2026. The defacement targeted a specific media directory rather than the main homepage.
Date: 2026-04-09T12:23:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832007
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Retail/Furniture
Victim Organization: Pick-up Möbel
Victim Site: pick-up-moebel.de
Website defacement of Plasticenter-Toolcenter by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Plasticenter-Toolcenter website on April 9, 2026. The incident targeted a manufacturing/industrial companys web presence without apparent team affiliation.
Date: 2026-04-09T12:23:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832008
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Manufacturing/Industrial
Victim Organization: Plasticenter-Toolcenter
Victim Site: plasticenter-toolcenter.com
Website defacement of Schottenrock by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced a media directory on the German website schottenrock.com.de on April 9, 2026. This appears to be an isolated defacement incident targeting a single subdirectory rather than the main homepage.
Date: 2026-04-09T12:22:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/832010
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Schottenrock
Victim Site: schottenrock.com.de
Alleged leak of email credentials from EU, Asia, and Russia
Category: Logs
Content: Threat actor MegaCloud claims to have 10,000 fresh valid email access credentials from EU, Asia, and Russia regions. No content is available to verify the claims or determine if this is a free leak or paid offering.
Date: 2026-04-09T12:14:51Z
Network: openweb
Published URL: https://xforums.st/threads/10k-fresh-eu-asia-ru-full-valid-mail-access-09-04.606474/
Screenshots:
None
Threat Actors: MegaCloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credentials from EU, Asia, and Russia
Category: Combo List
Content: Threat actor shared a collection of 10,000 allegedly fresh and valid email credentials from European, Asian, and Russian sources dated April 9th. The credentials are being distributed as hidden content requiring forum registration to access.
Date: 2026-04-09T12:12:04Z
Network: openweb
Published URL: https://crackingx.com/threads/71569/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Taiwan PIDC government website
Category: Data Breach
Content: Threat actor claims to have obtained a database containing 462,000 records from Taiwans PIDC government website. The data includes contact information, email addresses, phone numbers, job titles, and technical support tickets of active web users and tech analysts.
Date: 2026-04-09T12:09:41Z
Network: openweb
Published URL: https://pwnforums.st/Thread-462k-Taiwan-www-pidc-gov-tw-Active-web-users-contact-and-tech-analyst-data-recor
Screenshots:
None
Threat Actors: Bfdf2
Victim Country: Taiwan
Victim Industry: Government
Victim Organization: Public Investment and Development Corporation
Victim Site: pidc.gov.tw
Alleged leak of mixed email credential list
Category: Combo List
Content: A threat actor shared a credential list containing 3,950 email access credentials from mixed sources as a free download on an underground forum.
Date: 2026-04-09T12:00:52Z
Network: openweb
Published URL: https://crackingx.com/threads/71564/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 5 billion credential combinations
Category: Combo List
Content: Forum post claims to offer access to 5 billion username/password combinations (ULP combolist) shared by user @hello_zod_bot on a credential sharing forum.
Date: 2026-04-09T12:00:24Z
Network: openweb
Published URL: https://crackingx.com/threads/71566/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credential combolists via PandaCloud service
Category: Combo List
Content: Threat actor Kokos2846q advertises a service called PandaCloud that provides free access to email credential combolists, claiming fresh databases are added daily with only valid and recent credentials.
Date: 2026-04-09T11:59:39Z
Network: openweb
Published URL: https://crackingx.com/threads/71567/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of eBay credential combolist
Category: Combo List
Content: Threat actor distributing an 11 million record credential combolist allegedly containing eBay email and password combinations through Telegram channels. The actor is offering free access to the combolist and associated cracking tools through their Telegram groups.
Date: 2026-04-09T11:59:05Z
Network: openweb
Published URL: https://crackingx.com/threads/71568/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: eBay
Victim Site: ebay.com
Alleged commercial graphic design services offering
Category: Alert
Content: Forum post advertising legitimate graphic design services including logos, signatures, banners and branding assets, claiming over 2000 completed projects for various clients.
Date: 2026-04-09T11:58:29Z
Network: openweb
Published URL: https://crackingx.com/threads/71565/
Screenshots:
None
Threat Actors: OlympusReigns
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged defacement of prayersinisrael.com by OpsShadowStrike
Category: Defacement
Content: Hacktivist group OpsShadowStrike, in collaboration with multiple groups including TengkorakCyberCrew, MalaysiaHacktivist, EagleCyberCrew, and others, claims to have defaced the Israeli website prayersinisrael.com. The operation appears politically motivated, targeting Israeli sites under the #SavePalestine and #AllMuslimHackers banners.
Date: 2026-04-09T11:46:30Z
Network: telegram
Published URL: https://t.me/c/3844432135/272
Screenshots:
None
Threat Actors: OpsShadowStrike
Victim Country: Israel
Victim Industry: Religious/Non-profit
Victim Organization: Prayers in Israel
Victim Site: prayersinisrael.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 1,522 Hotmail credentials on a cybercriminal forum. The post appears to offer free access to the credential list.
Date: 2026-04-09T11:34:39Z
Network: openweb
Published URL: https://crackingx.com/threads/71563/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of German email credentials
Category: Combo List
Content: Threat actor leaked a collection of 31,000 German email credentials through a Telegram channel, promoting a service that provides free email credential lists with daily updates.
Date: 2026-04-09T11:11:15Z
Network: openweb
Published URL: https://crackingx.com/threads/71561/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials including corporate accounts
Category: Combo List
Content: A threat actor shared a combolist containing 40,000 valid email credentials including corporate accounts through a file sharing service. The credentials appear to be from mixed sources and were made available for free download.
Date: 2026-04-09T10:59:47Z
Network: openweb
Published URL: https://crackingx.com/threads/71560/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 40,000 valid email access credentials, including corporate accounts, on a cybercrime forum.
Date: 2026-04-09T10:59:25Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-40K-Full-Valid-Mail-Access-MIX-with-Corp-09-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential lists targeting corporate SMTP servers
Category: Combo List
Content: Threat actor CODER is distributing credential lists (combolists) targeting corporate SMTP servers through Telegram channels. The actor offers free access to credential combinations and associated programs through dedicated Telegram groups.
Date: 2026-04-09T10:48:12Z
Network: openweb
Published URL: https://crackingx.com/threads/71557/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German email credentials
Category: Combo List
Content: A threat actor shared a collection of 71,000 German email credentials with full mail access on an underground forum. The credentials appear to be recently obtained as of April 9th.
Date: 2026-04-09T10:47:39Z
Network: openweb
Published URL: https://crackingx.com/threads/71558/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 71,000 German email credentials with full mail access on a cybercriminal forum.
Date: 2026-04-09T10:47:11Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-71K-GERMANY-Just-Full-Mail-Access-09-04
Screenshots:
None
Threat Actors: MegaCloudshop
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 7,302 mixed email credentials on a cybercriminal forum. The credentials appear to be made available for free download to registered forum users.
Date: 2026-04-09T10:35:44Z
Network: openweb
Published URL: https://crackingx.com/threads/71556/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of stolen CVV card data via multiple carding shops
Category: Logs
Content: Multiple carding shop advertisements shared in the channel promoting stolen CVV/payment card data. Shops include PepeCard (pepecard.mobi), AllCards (allcards.vlweh.com), CocoCheck (cococheck.co), and 9Check.me. These services offer 100,000+ cards daily across US, Canada, UK, and global regions. Pricing ranges from $1–$3 per valid card. Services include card validity checking, bulk purchasing, and Tor-accessible storefronts. All shops claim to charge only for valid/active cards.
Date: 2026-04-09T10:25:08Z
Network: telegram
Published URL: https://t.me/c/2613583520/60003
Screenshots:
None
Threat Actors: PepeCard
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor UniqueCombo shared a combolist containing 45,000 allegedly unique Hotmail email and password combinations on cybercriminal forum. The actor also promotes a shop selling credential combinations from various countries.
Date: 2026-04-09T10:23:50Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-Hotmail-Unique-Combo-3-45000
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of TechWorld Supply by DimasHxR
Category: Defacement
Content: DimasHxR defaced the TechWorld Supply website on April 9, 2026, targeting a media/customer section of the technology supply companys domain. This was an isolated defacement incident rather than part of a mass campaign.
Date: 2026-04-09T10:19:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831902
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Technology/Retail
Victim Organization: TechWorld Supply
Victim Site: techworldsupply.com
Website defacement of The Little Goldsmith by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced a subdirectory of The Little Goldsmith jewelry website on April 9, 2026. The attack targeted a specific media directory rather than the main homepage.
Date: 2026-04-09T10:19:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831906
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Switzerland
Victim Industry: Jewelry/Retail
Victim Organization: The Little Goldsmith
Victim Site: thelittlegoldsmith.ch
Website defacement of The Patio Store by DimasHxR
Category: Defacement
Content: DimasHxR defaced thepatiostore.com, a retail website selling patio furniture and outdoor equipment. The defacement targeted a specific subdirectory rather than the main homepage.
Date: 2026-04-09T10:18:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831907
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: The Patio Store
Victim Site: thepatiostore.com
Website defacement of The Prime Blinds by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the website of The Prime Blinds, a home furnishings retailer, on April 9, 2026. The defacement targeted a specific subdirectory rather than the main homepage.
Date: 2026-04-09T10:18:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831908
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail/Home Furnishings
Victim Organization: The Prime Blinds
Victim Site: theprimeblinds.com
Website defacement of theqgear.com by DimasHxR
Category: Defacement
Content: DimasHxR defaced theqgear.com on April 9, 2026, targeting a specific directory path on the website. The attack was a single defacement incident with no identified team affiliation.
Date: 2026-04-09T10:17:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831909
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: theqgear.com
Website defacement of tommylyy.com by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR conducted a website defacement attack against tommylyy.com on April 9, 2026. The attack targeted a specific media/customer advertising section of the website rather than the main homepage.
Date: 2026-04-09T10:17:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831910
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: tommylyy.com
Website defacement of Topbonsai by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR successfully defaced the Topbonsai website, a Brazilian bonsai retailer, targeting a subdirectory rather than the main homepage. The incident occurred on April 9, 2026, affecting the media/custom section of the site.
Date: 2026-04-09T10:16:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831911
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Retail/E-commerce
Victim Organization: Topbonsai
Victim Site: topbonsai.com.br
Website defacement of trefasajandekok.hu by DimasHxR
Category: Defacement
Content: DimasHxR defaced the Hungarian website trefasajandekok.hu on April 9, 2026. The attack was a single-site defacement with no specified motivation or proof of concept provided.
Date: 2026-04-09T10:16:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831912
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Hungary
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: trefasajandekok.hu
Website defacement of true-whey.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the True Whey nutrition company website on April 9, 2026. The defacement targeted a specific media directory rather than the main homepage.
Date: 2026-04-09T10:15:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831913
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Health/Nutrition
Victim Organization: True Whey
Victim Site: true-whey.com
Website defacement of unidentshop.ru by DimasHxR
Category: Defacement
Content: A single website defacement targeting the Russian e-commerce site unidentshop.ru was conducted by the attacker DimasHxR on April 9, 2026. The defacement specifically targeted a subdirectory of the sites media content area.
Date: 2026-04-09T10:14:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831919
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: E-commerce
Victim Organization: Unident Shop
Victim Site: unidentshop.ru
Website defacement of UziMall by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced the UziMall e-commerce website on April 9, 2026, targeting a specific customer management page. This was an isolated defacement incident with no apparent team affiliation.
Date: 2026-04-09T10:14:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831923
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: UziMall
Victim Site: uzimall.com
Website defacement of venige.com by DimasHxR
Category: Defacement
Content: DimasHxR successfully defaced venige.com on April 9, 2026, targeting the customer address section of the website. The attacker operated independently without team affiliation.
Date: 2026-04-09T10:13:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831924
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Venige
Victim Site: venige.com
Website defacement of Venture Wholesale by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the UK-based wholesale company Venture Wholesales website on April 9, 2026. The defacement targeted a specific page within the media directory rather than the homepage.
Date: 2026-04-09T10:13:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831925
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Wholesale Trade
Victim Organization: Venture Wholesale
Victim Site: venturewholesale.co.uk
Alleged leak of Hotmail credentials
Category: Combo List
Content: User klyne05 shared a fresh, checked combolist containing Hotmail credentials on CrackingX forum. The post indicates the credentials are private and recently verified.
Date: 2026-04-09T10:12:48Z
Network: openweb
Published URL: https://crackingx.com/threads/71554/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of mexbs.com by DimasHxR
Category: Defacement
Content: DimasHxR defaced a subdirectory of mexbs.com on April 9, 2026. The attack targeted a specific media/customer section of the website rather than the main homepage.
Date: 2026-04-09T10:12:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831935
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: mexbs.com
Website defacement of viewdep.com by DimasHxR
Category: Defacement
Content: The attacker DimasHxR successfully defaced a page on viewdep.com on April 9, 2026. This appears to be an isolated defacement incident targeting a specific customer management page on the domain.
Date: 2026-04-09T10:12:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831936
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: viewdep.com
Website defacement of Leroy Merlin South Africa by DimasHxR
Category: Defacement
Content: DimasHxR successfully defaced a media subdirectory of the Leroy Merlin South Africa retail website on April 9, 2026. The attack targeted the home improvement retailers online presence without apparent mass defacement or redefacement characteristics.
Date: 2026-04-09T10:11:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831937
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: South Africa
Victim Industry: Retail
Victim Organization: Leroy Merlin
Victim Site: leroymerlin.co.za
Website defacement of Trussardi Parfums by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced a media subdirectory of the Trussardi Parfums website on April 9, 2026. This was an isolated defacement targeting the luxury fragrance brands web presence.
Date: 2026-04-09T10:10:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831940
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Fashion/Luxury Goods
Victim Organization: Trussardi Parfums
Victim Site: trussardiparfums.com
Website defacement of genericday.com by DimasHxR
Category: Defacement
Content: The attacker DimasHxR successfully defaced the genericday.com website on April 9, 2026. This was an individual defacement attack with no identified team affiliation or stated motivation.
Date: 2026-04-09T10:04:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831690
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: genericday.com
Website defacement of Getmore by DimasHxR
Category: Defacement
Content: DimasHxR defaced a subdirectory of the Getmore website on April 9, 2026. The attack targeted a specific media/customer section rather than the main homepage.
Date: 2026-04-09T10:04:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831691
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Zimbabwe
Victim Industry: Unknown
Victim Organization: Getmore
Victim Site: getmore.co.zw
Website defacement of GlobalSingleSource by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced the GlobalSingleSource website on April 9, 2026. This was an isolated defacement targeting a single page rather than a mass or home page defacement.
Date: 2026-04-09T10:03:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831692
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: GlobalSingleSource
Victim Site: globalsinglesource.co.uk
Website defacement of Graphic Visuals by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the graphicvisuals.com website on April 9, 2026. The attack targeted a specific subdirectory rather than the main homepage and was not part of a mass defacement campaign.
Date: 2026-04-09T10:02:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831695
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Media/Design
Victim Organization: Graphic Visuals
Victim Site: graphicvisuals.com
Website defacement of Graphic Visuals by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the graphicvisuals.com website on April 9, 2026. This was a single-target defacement incident affecting a design/creative services company.
Date: 2026-04-09T10:02:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831696
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Design/Creative Services
Victim Organization: Graphic Visuals
Victim Site: graphicvisuals.com
Website defacement of Green Olive by DimasHxR
Category: Defacement
Content: DimasHxR defaced the Green Olive website (greenolive.com.au) on April 9, 2026. This was a single-site defacement targeting a specific subdirectory of the Australian organizations web presence.
Date: 2026-04-09T10:01:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831697
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Green Olive
Victim Site: greenolive.com.au
Website defacement of Green Olive by DimasHxR
Category: Defacement
Content: DimasHxR successfully defaced the Green Olive website on April 9, 2026. The attack targeted a specific subdirectory rather than the main homepage.
Date: 2026-04-09T10:01:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831698
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Australia
Victim Industry: Food/Restaurant
Victim Organization: Green Olive
Victim Site: greenolive.com.au
Website defacement of Groomer Shop by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the groomershop.eu website on April 9, 2026. The attack targeted a retail grooming services website and was not part of a mass defacement campaign.
Date: 2026-04-09T10:00:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831699
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail/E-commerce
Victim Organization: Groomer Shop
Victim Site: groomershop.eu
Alleged leak of email credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 3,500 allegedly fresh and valid email access credentials through a file sharing platform.
Date: 2026-04-09T10:00:12Z
Network: openweb
Published URL: https://crackingx.com/threads/71553/
Screenshots:
None
Threat Actors: Cir4d
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Harvey Nichols Saudi Arabia by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced a media subdirectory of Harvey Nichols Saudi Arabias website on April 9, 2026. This appears to be a single-target defacement incident affecting the luxury retailers regional website.
Date: 2026-04-09T09:59:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831700
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Saudi Arabia
Victim Industry: Retail
Victim Organization: Harvey Nichols
Victim Site: harveynichols.sa
Website defacement of Herbganic by DimasHxR
Category: Defacement
Content: Attacker DimasHxR defaced the Herbganic UK website on April 9, 2026, targeting what appears to be an organic/herbal products retailer. The defacement affected a specific media/customer directory rather than the main homepage.
Date: 2026-04-09T09:59:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831701
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Kingdom
Victim Industry: Retail/E-commerce
Victim Organization: Herbganic
Victim Site: herbganic.co.uk
Alleged leak of email credential combolist
Category: Combo List
Content: Threat actor leaked a combolist containing 3,500 fresh valid email access credentials through a paste service. The credentials are being distributed freely on cybercriminal forums.
Date: 2026-04-09T09:59:02Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-3-5K-Fresh-Valid-Mail-Access
Screenshots:
None
Threat Actors: Razly
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of HQRP by DimasHxR
Category: Defacement
Content: Attacker DimasHxR defaced the hqrp.com website on April 9, 2026. The defacement targeted a specific directory path within the customer media section of the site.
Date: 2026-04-09T09:58:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831702
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: HQRP
Victim Site: hqrp.com
Website defacement of Hydac by DimasHxR
Category: Defacement
Content: DimasHxR defaced the Hydac New Zealand website on April 9, 2026. The attack targeted a specific page within the companys media directory rather than the homepage.
Date: 2026-04-09T09:58:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831703
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: New Zealand
Victim Industry: Industrial Equipment/Hydraulics
Victim Organization: Hydac
Victim Site: hydac.co.nz
Website defacement of idropanshop.com by DimasHxR
Category: Defacement
Content: Solo attacker DimasHxR defaced the iDropanShop e-commerce website on April 9, 2026. The attack targeted a specific page rather than the main site and was not part of a mass defacement campaign.
Date: 2026-04-09T09:57:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831704
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: iDropanShop
Victim Site: idropanshop.com
Website defacement of Impulse USA by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced the impulseusa.com website on April 9, 2026, targeting a specific media directory path. This was an isolated defacement incident not part of a mass campaign.
Date: 2026-04-09T09:56:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831705
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Impulse USA
Victim Site: impulseusa.com
Website defacement of Innov8tive Designs by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced a subdirectory of innov8tivedesigns.com on April 9, 2026. This was an isolated single-site defacement targeting what appears to be a design services company.
Date: 2026-04-09T09:56:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831707
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Design/Creative Services
Victim Organization: Innov8tive Designs
Victim Site: innov8tivedesigns.com
Website defacement of Isadora Jewellery by DimasHxR
Category: Defacement
Content: DimasHxR defaced the Isadora Jewellery website on April 9, 2026, targeting a media subdirectory. The incident was documented as a single defacement rather than a mass attack.
Date: 2026-04-09T09:55:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831708
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail/Jewelry
Victim Organization: Isadora Jewellery
Victim Site: isadorajewellery.com
Website defacement of Isoteam Homecare by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Isoteam Homecare website on April 9, 2026. The incident targeted a healthcare organization providing home care services.
Date: 2026-04-09T09:54:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831709
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Isoteam Homecare
Victim Site: isoteamhomecare.com
Website defacement of kaafmeem.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced a subdirectory on kaafmeem.com on April 9, 2026. The attack targeted a specific media/customer advertisement section rather than the main homepage.
Date: 2026-04-09T09:54:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831711
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: kaafmeem.com
Website defacement of kanna.pe by DimasHxR
Category: Defacement
Content: DimasHxR defaced a customer address page on kanna.pe domain on April 9, 2026. The attack targeted a specific page rather than the homepage and was not part of a mass defacement campaign.
Date: 2026-04-09T09:53:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831712
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Peru
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: kanna.pe
Website defacement of kardoules.com by DimasHxR
Category: Defacement
Content: The attacker DimasHxR successfully defaced kardoules.com on April 9, 2026. This appears to be an isolated defacement incident targeting a single website.
Date: 2026-04-09T09:53:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831713
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: kardoules.com
Website defacement of keiconn.com by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR successfully defaced the keiconn.com website on April 9, 2026, targeting a specific customer addition page within the media directory.
Date: 2026-04-09T09:52:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831717
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Keiconn
Victim Site: keiconn.com
Website defacement of kidley.com by DimasHxR targeting customer address data
Category: Defacement
Content: DimasHxR defaced kidley.com targeting the customer address section on April 9, 2026. The attacker operated independently without team affiliation and specifically targeted customer data areas of the website.
Date: 2026-04-09T09:51:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831718
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Kidley
Victim Site: kidley.com
Alleged data breach of Strelnik amber jewelry store
Category: Data Breach
Content: Customer database from Russian amber jewelry e-commerce site strelnik.ru containing personal information including names, emails, phone numbers, addresses and hashed passwords. The store operates from Kaliningrad and specializes in Baltic amber jewelry with international shipping.
Date: 2026-04-09T09:34:43Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-strelnik-ru-is-an-online-amber-jewelry-store-based-in-Russia
Screenshots:
None
Threat Actors: blackhunter1
Victim Country: Russia
Victim Industry: Retail/E-commerce
Victim Organization: Strelnik
Victim Site: strelnik.ru
Alleged GPS/GNSS Spoofing and Jamming Operations in Middle East Region
Category: Cyber Attack
Content: Reports indicate increased GPS/GNSS disruption and manipulation in sensitive Middle Eastern regions, particularly the Persian Gulf, Sea of Oman, Strait of Hormuz, and surrounding occupied territories. The disruptions include signal spoofing (transmitting fake GPS signals) and jamming, causing ships and aircraft to display incorrect position data. This poses significant risks to maritime and aviation navigation safety in the region.
Date: 2026-04-09T09:21:48Z
Network: telegram
Published URL: https://t.me/c/1283513914/21094
Screenshots:
None
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Unknown
Victim Industry: Transportation & Logistics
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Chinese Government Supercomputer Center with Sensitive Military Data Exfiltration
Category: Data Breach
Content: An unidentified hacking group claims to have infiltrated a Chinese government-affiliated supercomputer center and exfiltrated more than 10 petabytes of data. The alleged stolen data includes classified documents, missile and weapons design plans, aerospace research, and information related to key industrial entities. The threat actor claims to have maintained access for months. A portion of the data has been publicly released while the remainder is being offered for sale. Published samples are reported to be consistent with the nature of such a facility, though the claim remains independently unverified.
Date: 2026-04-09T09:14:22Z
Network: telegram
Published URL: https://t.me/c/1283513914/21093
Screenshots:
None
Threat Actors: Unknown
Victim Country: China
Victim Industry: Government / Defense
Victim Organization: Chinese Government Supercomputer Center
Victim Site: Unknown
Alleged sale of combolists, logs, and account credentials across multiple platforms
Category: Logs
Content: A threat actor is selling a wide range of stolen credentials and logs including Hotmail, Comcast, Windstream, Spectrum, AT&T, AOL, Gmail, Yahoo combolists, cookies and logs, as well as account access for Facebook, Instagram, Netflix, PayPal, Amazon, Steam, TikTok, iCloud, LinkedIn, and many other platforms. The actor claims to own a private cloud and offers inbox searching by keyword for Hotmail databases across multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT).
Date: 2026-04-09T09:06:15Z
Network: telegram
Published URL: https://t.me/c/2613583520/59999
Screenshots:
None
Threat Actors: tuzelity
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of identity documents from multiple countries
Category: Data Breach
Content: Threat actor BigDataSeller is selling 15GB of passport, drivers license, and ID card data from various countries including Germany, USA, UK, China, and others. The documents allegedly have expiration dates of 2026 or later and payment is requested in Monero cryptocurrency.
Date: 2026-04-09T09:03:31Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-15GB-of-passport-DL-and-ID-card-data-from-various-countries
Screenshots:
None
Threat Actors: BigDataSeller
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of reflected XSS vulnerabilities in multiple European companies
Category: Initial Access
Content: Threat actor SysInvaders is selling reflected XSS vulnerabilities affecting four companies across Sweden, Norway, and Poland with revenues ranging from $1 million to $500 million. Payment is accepted in XMR and BTC.
Date: 2026-04-09T09:03:04Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Reflected-XSS-Vulnerabilities
Screenshots:
None
Threat Actors: SysInvaders
Victim Country: Multiple
Victim Industry: Multiple
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of French DCL language certification system
Category: Data Breach
Content: Threat actor HexDex claims to be selling personal data of 93,061 individuals who completed French Language Proficiency Diploma certification. The data includes full names, birth dates, addresses, phone numbers, emails, educational background, and professional information including military personnel details.
Date: 2026-04-09T09:02:52Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-FR-DCL-Dipl%C3%B4mes-de-comp%C3%A9tence-en-langue
Screenshots:
None
Threat Actors: HexDex
Victim Country: France
Victim Industry: Education
Victim Organization: DCL (Diplôme de Compétence en Langue)
Victim Site: Unknown
Alleged data breach of InigoApp digital business card platform
Category: Data Breach
Content: A threat actor is selling a database dump from InigoApp.com, a digital business card platform, containing over 1 million unique email addresses and 30 million rows of data including personal profiles, contact information, and account details for $1,000.
Date: 2026-04-09T09:02:48Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-InigoApp-com-1M
Screenshots:
None
Threat Actors: undertaker
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: InigoApp
Victim Site: inigoapp.com
Alleged data breach of sapabansos.jatim.go.id – Indonesian Government Social Assistance Database
Category: Data Breach
Content: Threat actor BABAYO EROR SYSTEM claims to be selling a database from sapabansos.jatim.go.id, an Indonesian East Java provincial government social assistance (bansos) portal. The alleged breach contains 1.2 million records in XLSX format (760 MB), purportedly from 2026. Exposed fields include PKH program IDs, NIK (national identity numbers), family card numbers (No KK), names of elderly recipients, guardians, biological mothers, and companions, age, address, gender, date of birth, Bank Jatim account numbers, and administrative location data (kabupaten/kecamatan/kelurahan). The data is being sold for $590 USD and is also listed on BreachForums (breached.st).
Date: 2026-04-09T09:02:35Z
Network: telegram
Published URL: https://t.me/BabayoErorSyteam/461
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Sapabansos Jawa Timur (East Java Social Assistance Portal)
Victim Site: sapabansos.jatim.go.id
Alleged data breach of Globaltalex recruitment platform
Category: Data Breach
Content: Threat actor undertaker is selling a database dump from Globaltalex.com containing over 80,000 records of candidate information including emails, contact numbers, names, skills, experience, and location data for $300.
Date: 2026-04-09T09:02:32Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Globaltalex-com-80k
Screenshots:
None
Threat Actors: undertaker
Victim Country: Unknown
Victim Industry: Staffing and Recruitment
Victim Organization: Globaltalex
Victim Site: globaltalex.com
Alleged data breach of Mossad and Israeli companies
Category: Data Breach
Content: Thread claims to involve database related to Mossad and Israeli companies, though no specific details about the data or distribution method are available in the post content.
Date: 2026-04-09T09:02:24Z
Network: openweb
Published URL: https://darkforums.su/Thread-MOSSAD-DATABASE-AND-ISRAEL-COMPANIES
Screenshots:
None
Threat Actors: INSOMNIAX
Victim Country: Israel
Victim Industry: Government
Victim Organization: Mossad
Victim Site: Unknown
Alleged data leak from Chinas National Supercomputing Centre (NSCC) Tianjin
Category: Data Leak
Content: Threat actor claims to have exfiltrated classified military and aerospace research data from Chinas National Supercomputing Centre, including satellite schematics, defense simulations, and employee personal information. The leaked data allegedly contains years of computational research from top Chinese defense contractors and universities.
Date: 2026-04-09T09:02:15Z
Network: openweb
Published URL: https://darkforums.su/Thread-CHINA-NSCC-SUPERCOMPUTING-CLASSIFIED-MILITARY-LEAK-2026
Screenshots:
None
Threat Actors: Mipor
Victim Country: China
Victim Industry: Government/Defense
Victim Organization: National Supercomputing Centre (NSCC) Tianjin
Victim Site: Unknown
Alleged data leak of Universidad Popular de la Chontalpa database
Category: Data Leak
Content: Threat actor SpeakTeam leaked a database containing personal information of Universidad Popular de la Chontalpa students/applicants including full names, phone numbers, birthdates, emails, and other sensitive personal details. The data is being distributed for free via file sharing links.
Date: 2026-04-09T09:02:08Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-M%C3%89XICO-UNIVERSIDAD-POPULAR-DE-LA-CHONTALPA
Screenshots:
None
Threat Actors: SpeakTeam
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Universidad Popular de la Chontalpa
Victim Site: Unknown
Alleged data breach of sapabansos.jatim.go.id – Indonesian Government Social Assistance Database
Category: Data Breach
Content: Threat actor BABAYO EROR SYSTEM is selling an alleged database dump from sapabansos.jatim.go.id, an Indonesian East Java provincial government social assistance (bansos) portal. The dataset reportedly contains 1.2 million records in XLSX format (760 MB), including fields such as PKH+ ID, NIK (national identity number), KK number (family card), names of elderly recipients, guardians, biological mothers, and companions, age, address, gender, date of birth, Bank Jatim account numbers, and administrative location data (kabupaten, kecamatan, kelurahan). The data is dated 2026 and is being offered for $590 USD via Telegram and BreachForums.
Date: 2026-04-09T09:01:51Z
Network: telegram
Published URL: https://t.me/c/3865526389/461
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Sapabansos Jatim (East Java Social Assistance Portal)
Victim Site: sapabansos.jatim.go.id
Alleged leak of Hotmail credentials
Category: Combo List
Content: Forum user COYTO shared a link to what is claimed to be high quality Hotmail email and password combinations distributed as a free download.
Date: 2026-04-09T08:52:55Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-HQ-HOTMAIL–199899
Screenshots:
None
Threat Actors: COYTO
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Mass defacement campaign by XSQDD PHILIPPINE team targeting French educational institution
Category: Defacement
Content: XSQDD PHILIPPINE team conducted a mass defacement campaign targeting the Institut de Genech educational institution in France. The attack was carried out by threat actor PredixorX as part of a broader mass defacement operation on April 9, 2026.
Date: 2026-04-09T08:44:26Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248356
Screenshots:
None
Threat Actors: PredixorX, XSQDD PHILIPPINE
Victim Country: France
Victim Industry: Education
Victim Organization: Institut de Genech
Victim Site: cdr.institutdegenech.fr
Website defacement of Institut de Genech by PredixorX/XSQDD PHILIPPINE
Category: Defacement
Content: The Chamilo learning management system of Institut de Genech was defaced by attacker PredixorX affiliated with team XSQDD PHILIPPINE on April 9, 2026. The attack targeted the French educational institutions e-learning platform.
Date: 2026-04-09T08:38:33Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248355
Screenshots:
None
Threat Actors: PredixorX, XSQDD PHILIPPINE
Victim Country: France
Victim Industry: Education
Victim Organization: Institut de Genech
Victim Site: chamilo.institutdegenech.fr
Alleged Cyber Attack on Los Angeles Transportation Infrastructure Targeting Industrial Control Systems
Category: Cyber Attack
Content: A cyber attack has reportedly targeted Los Angeles public transportation systems, causing disruption to parts of the network. According to Western sources, attackers focused on infiltrating industrial control systems and Rockwell Automation equipment. US cybersecurity authorities had previously warned about increased activity from Iran-linked hacker groups targeting critical infrastructure. Full details regarding the extent of damage or disruption have not been officially confirmed and investigations are ongoing.
Date: 2026-04-09T08:36:50Z
Network: telegram
Published URL: https://t.me/c/1283513914/21092
Screenshots:
None
Threat Actors: Iran-linked hacker groups
Victim Country: United States
Victim Industry: Transportation
Victim Organization: Los Angeles Public Transportation
Victim Site: Unknown
Alleged leak of mixed domain credentials combolist
Category: Combo List
Content: Threat actor shared a combolist containing 46,400 email and password combinations from mixed domains as a free download on cybercriminal forum.
Date: 2026-04-09T08:30:16Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-46-4K-MIXED-DOMAINS
Screenshots:
None
Threat Actors: WINGO
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Ficha.jp GitHub source code repositories
Category: Data Leak
Content: Threat actor claims to have leaked comprehensive GitHub repositories from Japanese AI development company Ficha.jp, including core SDK platforms, ADAS algorithms, DMS neural networks, OCR projects, and customer-specific project code for companies like Desay, Koito, and JVC.
Date: 2026-04-09T08:18:27Z
Network: openweb
Published URL: https://spear.cx/Thread-japan-ai-ficha-jp-company-all-GitHub-code
Screenshots:
None
Threat Actors: datasolu
Victim Country: Japan
Victim Industry: Technology
Victim Organization: Ficha.jp
Victim Site: ficha.jp
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor alphaxdd shared a combolist containing 831 alleged valid Hotmail email and password combinations on a cybercrime forum. The credentials are described as premium hits from private cloud sources.
Date: 2026-04-09T08:17:32Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F-831x-PREMIUM-HOTMAIL-HITS-%E2%9D%84%EF%B8%8F%E2%9D%84%EF%B8%8F
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential lists
Category: Combo List
Content: Threat actor alphaxdd distributed a collection of 831 allegedly valid Hotmail credential combinations through a forum post, providing free download access via Telegram contact.
Date: 2026-04-09T08:16:25Z
Network: openweb
Published URL: https://crackingx.com/threads/71552/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 45,000 Hotmail email and password combinations on a cybercrime forum. The actor also promotes a shop selling credential lists from various countries.
Date: 2026-04-09T07:55:12Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-Hotmail-Unique-Combo-2-45000
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 45,000 alleged Hotmail email and password combinations on a cybercriminal forum.
Date: 2026-04-09T07:54:58Z
Network: openweb
Published URL: https://crackingx.com/threads/71551/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of Sparsa Digital by OpsShadowStrike
Category: Data Breach
Content: Hacktivist group OpsShadowStrike, in collaboration with multiple Malaysian and international hacktivist crews including TengkorakCyberCrew, EagleCyberCrew, and others, claims to have breached Indian digital signage and media solutions company Sparsa Digital. The threat actors allege they have obtained and are making available source code and database contents. The operation appears politically motivated, referencing pro-Palestinian and anti-Israel sentiments under the #AllMuslimHackers banner.
Date: 2026-04-09T07:35:57Z
Network: telegram
Published URL: https://t.me/c/3844432135/267
Screenshots:
None
Threat Actors: OpsShadowStrike
Victim Country: India
Victim Industry: Technology / Digital Media
Victim Organization: Sparsa Digital
Victim Site: Unknown
Alleged Cyber Intrusion of Israeli Military Systems by Hanzala Hacker Group
Category: Cyber Attack
Content: The Hanzala hacker group has issued a statement claiming persistent access to systems associated with General Herzi Halevi, former Chief of Staff of the Israeli Defense Forces. The group alleges extraction and archiving of a significant volume of images and videos from military meetings and activities. They further claim that recent Israeli military efforts to blur published images did not prevent their access to the underlying information. The statement also references access to details about military commanders and facilities, with promises of future content releases.
Date: 2026-04-09T07:33:51Z
Network: telegram
Published URL: https://t.me/c/1283513914/21086
Screenshots:
None
Threat Actors: حنظله
Victim Country: Israel
Victim Industry: Defense & Military
Victim Organization: Israeli Defense Forces (IDF)
Victim Site: Unknown
Alleged Cyber Intrusion of Israeli Army Systems by Hanzala Hacker Team
Category: Cyber Attack
Content: The Hanzala hacker team issued a statement claiming they maintained long-term access to systems associated with former Israeli Army Chief of Staff General Herzi Halevi. The group claims to have extracted and archived a significant volume of images and videos from military meetings and activities. They assert that recent Israeli Army efforts to blur published images did not prevent their access to information. The statement also references access to details about military commanders and facilities, with promises of further data releases in the future.
Date: 2026-04-09T07:31:53Z
Network: telegram
Published URL: https://t.me/c/1283513914/21085
Screenshots:
None
Threat Actors: حنظله
Victim Country: Israel
Victim Industry: Government & Defense
Victim Organization: Israeli Defense Forces (IDF)
Victim Site: Unknown
Website defacement of Anglia Bijeljina by VOID2401/ANTI VOID team
Category: Defacement
Content: The ANTI VOID team, specifically member VOID2401, successfully defaced the website of Anglia Bijeljina, an educational institution. The attack occurred on April 9, 2026, targeting a Linux-based server hosting the organizations primary website.
Date: 2026-04-09T07:09:17Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248353
Screenshots:
None
Threat Actors: VOID2401, ANTI VOID
Victim Country: Bosnia and Herzegovina
Victim Industry: Education
Victim Organization: Anglia Bijeljina
Victim Site: anglia-bijeljina.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A forum user shared a combolist containing 548 Hotmail email and password combinations. The credentials are described as HQ (high quality) and are being distributed for free to registered forum members.
Date: 2026-04-09T06:58:29Z
Network: openweb
Published URL: https://demonforums.net/Thread-%E2%9A%A1%E2%9A%A1-X548-HQ-Hotmail-%E2%9A%A1%E2%9A%A1-BY-Steveee36-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: erwinn91
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Claim by Hanzala Group That Pixelation of Israeli Military Images Does Not Prevent Intelligence Access
Category: Cyber Attack
Content: The threat actor group Hanzala (حنظله) issued a statement in response to the Israeli militarys practice of pixelating and blurring images of personnel, equipment, and meetings before public release. The group claims that such pixelation measures are ineffective and do not prevent access to the underlying details, implying they possess technical capabilities (such as image reconstruction or de-pixelation techniques) to recover redacted information from Israeli military imagery.
Date: 2026-04-09T06:49:26Z
Network: telegram
Published URL: https://t.me/c/1283513914/21084
Screenshots:
None
Threat Actors: حنظله
Victim Country: Israel
Victim Industry: Defense & Military
Victim Organization: Israeli Defense Forces (IDF)
Victim Site: Unknown
Threat: HANDALA HACK
Category: Cyber Attack
Content: Insufficient content to assess threat intelligence value. Message 208 is media only with no text context, and message 215 only says More Details on site with no URL, target, or actionable intel provided.
Date: 2026-04-09T06:30:13Z
Network: telegram
Published URL: https://t.me/c/3548035165/208
Screenshots:
None
Threat Actors: HANDALA HACK
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Persistent Cyber Intrusion of Israeli Military General Staff Systems by Handala
Category: Cyber Attack
Content: Hacktivist group Handala claims to have maintained long-term covert access to systems associated with former Israeli Chief of Staff General Herzi Halevis command infrastructure. The group alleges extraction and archiving of over 19,000 confidential images and videos from top-secret meetings, classified files, and military crisis rooms. They further claim to have identified and archived unredacted faces of hundreds of Israeli military pilots, field commanders, and security operatives. The group states full exposure has not yet occurred but threatens future release.
Date: 2026-04-09T06:22:55Z
Network: telegram
Published URL: https://t.me/c/3548035165/183
Screenshots:
None
Threat Actors: Handala
Victim Country: Israel
Victim Industry: Defense & Military
Victim Organization: Israel Defense Forces (IDF) General Staff
Victim Site: Unknown
Alleged stealer logs with browser-extracted credentials shared by Xyph0rix X CapybaraXploit
Category: Logs
Content: Threat actors Xyph0rix and CapybaraXploit shared stealer log output containing browser-extracted credentials from Google Chrome Login Data files. The dump includes plaintext passwords for multiple accounts belonging to identifiable individuals, covering services such as Netflix, Google Accounts, Instagram, Facebook, Spotify, Walmart Mexico, Microsoft, and Mexican government portals (declaranetqro.queretaro.gob.mx, empleo.gob.mx, sems.gob.mx). Credentials appear to originate from a victim machine at C:\Users\DeadCode\AppData\Local\Google\Chrome. An SSH RSA public key (root@hajek45) is also included in the dump.
Date: 2026-04-09T06:21:46Z
Network: telegram
Published URL: https://t.me/Xyph0rix_CapybaraXploit/45
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Stolen Data Collections by ShinyHunters Including Salesforce Databases and Ransom Files
Category: Data Breach
Content: The ShinyHunters threat actor group is advertising three paid Telegram-based data access channels: (1) ShinyHunters Files Cloud containing 9.1M+ files from Salesforce databases (2024-2026) priced at $10,000 lifetime; (2) Pay or leaks ransom database with 1.02M+ files priced at $5,000 lifetime; (3) Whale private containing 3.39B+ files from CDN/RF/BF sources priced at $3,000 lifetime. Additionally references a scattered LAPSUS$ hunters part 9 chat including 3M+ Cisco source code files. An onion DLS site is also provided. The post is signed by ShinyHunters with identified Telegram handles for owner, admin, and moderator.
Date: 2026-04-09T06:16:20Z
Network: telegram
Published URL: https://t.me/c/3737716184/959
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Technology, Multiple Sectors
Victim Organization: Salesforce, Cisco (among others)
Victim Site: Unknown
Alleged Sale of ShinyHunters Cloud Data Collections Including Salesforce Databases and Ransom Files
Category: Data Breach
Content: ShinyHunters is advertising three paid Telegram-based data collections: (1) ShinyHunters Files Cloud containing 9.1M+ files from Salesforce databases (2024-2026) priced at $10,000 lifetime; (2) Pay or Leaks ransom database with ~1M files priced at $5,000 lifetime; (3) Whale Private collection of 3.39 billion files from CDN/RF/BF sources priced at $3,000 lifetime. Additionally references a scattered LAPSUS$ hunters part 9 chat and claims to possess 3M+ Cisco source code files. An onion DLS (data leak site) is also provided.
Date: 2026-04-09T06:15:34Z
Network: telegram
Published URL: https://t.me/c/3737716184/958
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Technology, Cloud Services
Victim Organization: Salesforce, Cisco (among others)
Victim Site: Unknown
Mass defacement targeting commune-ghenada.com by Zod
Category: Defacement
Content: The threat actor Zod conducted a mass defacement campaign targeting the Commune Ghenada website on April 9, 2026. This appears to be part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-04-09T06:08:07Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248352
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Commune Ghenada
Victim Site: commune-ghenada.com
Alleged leak of Indian election data by Pakistani hacktivist group
Category: Data Leak
Content: A Pakistani hacktivist group called Evil Markhors allegedly leaked over 1TB of Indian election data spanning from 1948 to 2026. The data is being distributed for free on dark web forums in document format, with samples from 2017 and 2026 currently available for download.
Date: 2026-04-09T06:06:49Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-Election-Data-Of-India
Screenshots:
None
Threat Actors: Trump_Epstein
Victim Country: India
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed forum credentials combolist
Category: Combo List
Content: A threat actor shared an 82,000 record combolist containing email and password combinations allegedly from various forums. The credentials are described as validated and mixed from multiple sources.
Date: 2026-04-09T05:44:25Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%99%8B-82k-MIX-Base-With-Valid-FORUMS-%E2%99%8B-16
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist containing 82,000 records
Category: Combo List
Content: A threat actor shared a mixed credential combolist containing 82,000 records described as valid and sourced from various forums.
Date: 2026-04-09T05:42:45Z
Network: openweb
Published URL: https://crackingx.com/threads/71550/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Indian Database Collection Spanning Multiple Organizations
Category: Data Leak
Content: A threat actor has leaked a collection of databases from 8 Indian (and one Israeli) organizations, including educational institutions (ssgmce.ac.in, manabadi.co.in, mkbhauni.edu.in, patkarvardecollege.edu.in), industrial/biomedical companies (proficientindustries.in, sdbiosensor.co.in), and the Computer Society of India (csi-india.org). The collection contains approximately 9,000 rows of personal data including email addresses, first/last names, phone numbers, and other PII. Data spans 2021–2025 and is available in SQL, CSV, and TXT formats. The archive is freely distributed via biteblob.com.
Date: 2026-04-09T05:39:23Z
Network: telegram
Published URL: https://t.me/DedaleOfficials/171
Screenshots:
None
Threat Actors: Dedale Office
Victim Country: India
Victim Industry: Education, Manufacturing, Biomedical, Information Technology
Victim Organization: Multiple Indian Organizations (SSGMCE, Manabadi, MKB Hauni, Patkar Varde College, Proficient Industries, SD Biosensor, CSI India, Copyz)
Victim Site: ssgmce.ac.in, manabadi.co.in, mkbhauni.edu.in, patkarvardecollege.edu.in, proficientindustries.in, sdbiosensor.co.in, csi-india.org, copyz.co.il
Website defacement of Nordeq Group by God Of Server
Category: Defacement
Content: The attacker God Of Server successfully defaced the Nordeq Group website on April 9, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-04-09T05:34:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831583
Screenshots:
None
Threat Actors: God Of Server, God Of Server
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Nordeq Group
Victim Site: nordeqgroup.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 45,000 unique Hotmail email and password combinations on a cybercrime forum.
Date: 2026-04-09T05:16:17Z
Network: openweb
Published URL: https://crackingx.com/threads/71549/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Alabama consumer database
Category: Data Leak
Content: A threat actor shared a 537.9 MB database containing 2021 consumer data for Alabama residents, including personal information, voter affiliations, demographics, financial indicators, and lifestyle preferences. The data appears to be comprehensive consumer profiling information with detailed personal attributes.
Date: 2026-04-09T05:15:14Z
Network: openweb
Published URL: https://pwnforums.st/Thread-2021-Consumer-Data-for-Alabama
Screenshots:
None
Threat Actors: OriginalCrazyOldFart
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged cyber attack by The Garuda Eye group postponed and rescheduled
Category: Cyber Attack
Content: The threat actor group The Garuda Eye announced via their Telegram channel that an ongoing attack has been temporarily postponed and will resume at 14:00 Jakarta, Indonesia time. No specific target or attack type was disclosed in this message.
Date: 2026-04-09T05:09:30Z
Network: telegram
Published URL: https://t.me/c/2738395378/1475
Screenshots:
None
Threat Actors: The Garuda Eye
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged cyber attack by The Garuda Eye postponed and rescheduled
Category: Cyber Attack
Content: Threat actor group The Garuda Eye announced via their Telegram channel that an ongoing attack has been temporarily postponed and will resume at 13:00 Jakarta, Indonesia time. No specific target was mentioned in this message.
Date: 2026-04-09T05:08:00Z
Network: telegram
Published URL: https://t.me/c/2738395378/1474
Screenshots:
None
Threat Actors: The Garuda Eye
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of hacking tools targeting Facebook, Instagram and Twitter accounts
Category: Initial Access
Content: Threat actor offers advanced hacking tools designed for mass compromise of social media accounts across Facebook, Instagram and Twitter platforms. The tools feature automated proxy rotation, user agent spoofing, ID collection capabilities and password combination options with escrow payment accepted.
Date: 2026-04-09T04:50:32Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SOURCE-CODE-Advanced-Tools-for-Mass-Hacking-of-Facebook-IG-and-Twitter-Accounts
Screenshots:
None
Threat Actors: sxxone
Victim Country: Unknown
Victim Industry: Social Media
Victim Organization: Facebook, Instagram, Twitter
Victim Site: facebook.com, instagram.com, twitter.com
Alleged sale of financial service access tools and methods
Category: Initial Access
Content: Threat actor offering AIO checker tools and cashout methods targeting multiple financial platforms including PaddyPower, BetFair, Bet365, and other services, requiring EU bank drops and virtual cards for execution.
Date: 2026-04-09T04:50:06Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-aio-checker-cashout-targets-with-method
Screenshots:
None
Threat Actors: AnarchyBin
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Multiple
Victim Site: Unknown
Alleged sale of Iranian VPS access for bypassing geo-restrictions
Category: Initial Access
Content: Threat actor offers Iranian VPS and VDS services from providers like ArvanCloud, Parspack, and IranServer for bypassing geo-restrictions and accessing Iranian websites. The seller warns of instability and potential blocking if malicious activity is detected.
Date: 2026-04-09T04:49:50Z
Network: openweb
Published URL: https://pwnforums.st/Thread-SELLING-IRANIAN-VPS-AND-VDS-FROM-ANY-PROVIDER-ARVANCLOUD-PARSPACK-IRANSERVER
Screenshots:
None
Threat Actors: infinityteam
Victim Country: Iran
Victim Industry: Technology
Victim Organization: Multiple Iranian VPS providers
Victim Site: Unknown
Alleged leak of stealer logs containing Facebook and Google credentials by Xyph0rix X CapybaraXploit
Category: Logs
Content: Threat actors Xyph0rix and CapybaraXploit shared stealer log output containing multiple plaintext credentials for Facebook, Google accounts, and several other web platforms including rr.feriaconellas.com, terranovasistemabolt.com, and conellas.app. The logs include email/password pairs for multiple accounts associated with the same individual or organization.
Date: 2026-04-09T04:25:24Z
Network: telegram
Published URL: https://t.me/Xyph0rix_CapybaraXploit/44
Screenshots:
None
Threat Actors: Xyph0rix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: facebook.com, accounts.google.com, rr.feriaconellas.com, terranovasistemabolt.com, conellas.app
Website defacement of keshan.info by 0xfansX
Category: Defacement
Content: The website keshan.info was defaced by attacker 0xfansX from the 0xfans team on April 9, 2026. The defacement targeted a specific file (a.txt) on the domain.
Date: 2026-04-09T04:22:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831578
Screenshots:
None
Threat Actors: 0xfansX, 0xfans
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: keshan.info
Website defacement of tripsntips.org by 0xfansX
Category: Defacement
Content: The travel website tripsntips.org was defaced by attacker 0xfansX, affiliated with the 0xfans team, on April 9, 2026. The defacement targeted a specific file (a.txt) rather than the main homepage.
Date: 2026-04-09T04:21:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831581
Screenshots:
None
Threat Actors: 0xfansX, 0xfans
Victim Country: Unknown
Victim Industry: Travel/Tourism
Victim Organization: Trips n Tips
Victim Site: tripsntips.org
Website defacement of epmuktakhabar.com by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL conducted a home page defacement attack against epmuktakhabar.com, a Nepalese news website. The attack was documented on April 9, 2026, targeting the main page of the media organizations website.
Date: 2026-04-09T04:21:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831582
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Nepal
Victim Industry: Media/News
Victim Organization: EPM Ukta Khabar
Victim Site: epmuktakhabar.com
Website defacement of flame.lk by 0xfansX
Category: Defacement
Content: The website flame.lk was defaced by attacker 0xfansX, associated with the 0xfans team, on April 9, 2026. This appears to be an isolated defacement incident targeting a single Sri Lankan domain.
Date: 2026-04-09T04:14:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/831577
Screenshots:
None
Threat Actors: 0xfansX, 0xfans
Victim Country: Sri Lanka
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: flame.lk
Alleged leak of IRGC and Basij member database
Category: Data Leak
Content: Actor claims to have leaked a database containing personal information of IRGC and Basij members including full names, national ID codes, addresses, ranks, and phone numbers. Sample data is provided via file sharing service and additional information is offered through Telegram contact.
Date: 2026-04-09T04:08:04Z
Network: openweb
Published URL: https://pwnforums.st/Thread-IRGC-AND-BASIJ-MEMBER-INFO-DATABASE
Screenshots:
None
Threat Actors: infinityteam
Victim Country: Iran
Victim Industry: Government
Victim Organization: IRGC and Basij
Victim Site: Unknown
Alleged distribution of mixed corporate domain credential lists
Category: Combo List
Content: Threat actor CODER is distributing free credential lists containing 9 million mixed corporate domain accounts through Telegram channels. The actor promotes both free combolists and programs through dedicated Telegram groups.
Date: 2026-04-09T03:48:12Z
Network: openweb
Published URL: https://crackingx.com/threads/71543/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 21.2 million entries
Category: Logs
Content: Threat actor StarLinkClub shared a credential combolist containing URL, login, and password combinations totaling 21.2 million lines in a 1.2GB file on cybercriminal forums.
Date: 2026-04-09T03:36:02Z
Network: openweb
Published URL: https://pwnforums.st/Thread-URL-LOGIN-PASS-Url-Log-Pass-21-242-709-M%C4%B1ll%C4%B1on-L%C4%B1nes-1-2gb
Screenshots:
None
Threat Actors: StarLinkClub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Hotel Books with sale of credit card and personal information
Category: Data Breach
Content: Threat actor sexybroker is allegedly selling stolen data from Hotel Books, including 9,000 credit card records with full payment card details and 60,000 personal information records containing names, emails, phone numbers, and addresses for $400.
Date: 2026-04-09T03:07:11Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Credit-Card-Info-Personal-Info-Hotel-Books-Data-breach
Screenshots:
None
Threat Actors: sexybroker
Victim Country: Unknown
Victim Industry: Hospitality
Victim Organization: Hotel Books
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 34,000 mixed email and password combinations through a cybercrime forum, with additional content available via Telegram channel.
Date: 2026-04-09T03:05:43Z
Network: openweb
Published URL: https://crackingx.com/threads/71542/
Screenshots:
None
Threat Actors: MarkVesto
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor leaked a combolist containing 34,000 mixed email credentials on a cybercrime forum. The credentials are being distributed for free to registered forum members.
Date: 2026-04-09T03:05:32Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-34K-Mix-Mail-Access-Combo–199887
Screenshots:
None
Threat Actors: MarkVesto
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: Threat actor MarkVesto shared a combolist containing 34,000 mixed email and password credentials on DemonForums. The credentials appear to be from various email providers and the actor also promoted their Telegram channel for additional content.
Date: 2026-04-09T03:05:16Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-34K-Mix-Mail-Access-Combo–199888
Screenshots:
None
Threat Actors: MarkVesto
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Simpcity
Category: Data Breach
Content: Forum post claims to contain a database dump from Simpcity affecting 8,173,355 users. The sample data shows SQL INSERT statements containing user information including usernames, email addresses, timestamps, and other user profile data.
Date: 2026-04-09T02:42:56Z
Network: openweb
Published URL: https://pwnforums.st/Thread-Simpcity-8-173-355-Users
Screenshots:
None
Threat Actors: Emzywemzy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Simpcity
Victim Site: Unknown
Alleged Cyber Attack on Indonesian Government Company by TheGarudaEye
Category: Cyber Attack
Content: Threat actor TheGarudaEye announced an ongoing attack against an unspecified Indonesian government-affiliated company. The actor indicated a temporary hold until 12:00 Indonesia time, after which they planned to re-attack. A media file (likely proof of attack/downtime) was shared alongside the announcement.
Date: 2026-04-09T02:37:57Z
Network: telegram
Published URL: https://t.me/c/2738395378/1462
Screenshots:
None
Threat Actors: TheGarudaEye
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of BabaCloud stealer logs
Category: Logs
Content: Threat actor C7xJB allegedly made available over 5,000 stealer logs from BabaCloud for free download on a cybercrime forum.
Date: 2026-04-09T02:12:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-BabaCloud-New-5000-Logs
Screenshots:
None
Threat Actors: C7xJB
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: BabaCloud
Victim Site: Unknown
Alleged data breach of Serasa database containing Brazilian citizen records
Category: Data Breach
Content: Threat actor Buddha is allegedly selling a complete Serasa database dump containing over 220 million Brazilian citizen records including names, emails, phone numbers, addresses, dates of birth, CPF numbers, income data, and gender information for $350. The compressed 507GB database expands to 1.8TB and is dated August 17, 2022.
Date: 2026-04-09T02:12:41Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Serasa-Full-Database-2022-223-Million-Brazil-Citizens-1-8-TB-Full-Dump
Screenshots:
None
Threat Actors: Buddha
Victim Country: Brazil
Victim Industry: Financial Services
Victim Organization: Serasa
Victim Site: Unknown
Alleged data breach of Taiwan PIDC government database
Category: Data Breach
Content: Threat actor claims to have breached the Taiwan PIDC government website and is offering to sell a database containing 482,000 records of contact information and support tickets. The data includes personal details, contact information, and customer service interactions from the organizations operations.
Date: 2026-04-09T02:12:10Z
Network: openweb
Published URL: https://darkforums.su/Thread-482k-Taiwan-www-pidc-gov-tw-Active-web-users-contact
Screenshots:
None
Threat Actors: Databroker1
Victim Country: Taiwan
Victim Industry: Government
Victim Organization: PIDC
Victim Site: pidc.gov.tw
Alleged data leak of CNOPS Morocco database
Category: Data Leak
Content: Threat actor JBT2026 leaked a database containing approximately 3 million records of CNOPS insured members. The leaked data includes names, membership numbers, registration numbers, ID card numbers, and addresses in CSV format.
Date: 2026-04-09T02:11:58Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-MOROCCO-CNOPS-FULL-USERS-DATABASE-National-Fund-for-Social-Welfare-Organizations
Screenshots:
None
Threat Actors: JBT2026
Victim Country: Morocco
Victim Industry: Government
Victim Organization: National Fund for Social Welfare Organizations (CNOPS)
Victim Site: Unknown
Alleged sale of Cisco Systems source code and database
Category: Data Breach
Content: Threat actor claims to be selling Cisco source code and database containing 3.15 million Salesforce records, allegedly stolen by UNC6040/ShinyHunters. The data reportedly includes source code for various Cisco products including IOS, ASA, and NX-OS, along with PII, GitHub repositories, and AWS buckets.
Date: 2026-04-09T02:11:53Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Cisco-All-Source-Code
Screenshots:
None
Threat Actors: lenka
Victim Country: United States
Victim Industry: Technology
Victim Organization: Cisco Systems
Victim Site: cisco.com
Alleged data breach of Argentine Air Force news portal
Category: Data Breach
Content: Threat actor claims breach of Argentine Air Forces official news portal Noticias en Vuelo and provides organizational structure details. The actor notes there is no valuable information and describes it as just a snack.
Date: 2026-04-09T02:11:43Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-State-affiliated-military-news-source-for-the-Argentine-Air-Force
Screenshots:
None
Threat Actors: wh6ami
Victim Country: Argentina
Victim Industry: Government/Military
Victim Organization: Argentine Air Force
Victim Site: noticiasenvuelo.faa.mil.ar
Alleged sale of ETrade Securities customer database Category: Data Breach Content: A threat actor is allegedly selling a database containing 1.9 million ETrade Securities customer records including email addresses, names, registration numbers, dates of birth, and trading category information. The actor is using Telegram for contact regarding pricing and additional data.
Date: 2026-04-09T02:11:38Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-E-Trade-Securities-USA-1900000
Screenshots:
None
Threat Actors: DDying
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: E*Trade Securities
Victim Site: Unknown
Alleged leak of Local Link Limerick WordPress database
Category: Data Leak
Content: A WordPress database from Irish transportation service Local Link Limerick was allegedly leaked, containing user credentials and account information for 5 users including administrators and staff members.
Date: 2026-04-09T02:11:23Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Ireland-Local-Link-Limerick-locallinklc-ie-Wordpress-Database
Screenshots:
None
Threat Actors: blackwinter99
Victim Country: Ireland
Victim Industry: Transportation
Victim Organization: Local Link Limerick
Victim Site: locallinklc.ie
Alleged leak of Hotmail credential lists
Category: Combo List
Content: Threat actor RedCloud made available a combolist containing 3.3K Hotmail email and password combinations, claiming the credentials are valid and high quality as of April 9th, 2026.
Date: 2026-04-09T01:41:19Z
Network: openweb
Published URL: https://demonforums.net/Thread-3-3K-%E2%9A%A1Hotmail%E2%9A%A1Valid-Mail-Access-09-04
Screenshots:
None
Threat Actors: RedCloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials on cybercriminal forum
Category: Combo List
Content: A threat actor shared a combolist containing 3,300 alleged Hotmail email credentials on a cybercriminal forum, distributed via a MediaFire download link.
Date: 2026-04-09T01:40:17Z
Network: openweb
Published URL: https://crackingx.com/threads/71541/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Apple Pay fraud tutorial and payment services offering
Category: Initial Access
Content: Threat actor offering step-by-step tutorial for Apple Pay fraud using BIN and credit card data, along with related services including Google Pay auto-add and non-VBV card lists for cryptocurrency payment.
Date: 2026-04-09T01:29:56Z
Network: openweb
Published URL: https://demonforums.net/Thread-ALL-YOU-NEED-FOR-THE-APPLE-PAY-CHOPS-IS-JUST-THE-BIN-CC–199869
Screenshots:
None
Threat Actors: yaxaxav
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Apple
Victim Site: Unknown
Alleged Apple Pay fraud tutorial and credit card data sales
Category: Combo List
Content: Threat actor offers Apple Pay fraud tutorial requiring only BIN and credit card data, along with state-specific BIN lists, Google Pay auto-add services, and non-VBV (Verified by Visa) card lists for cryptocurrency payment.
Date: 2026-04-09T01:29:41Z
Network: openweb
Published URL: https://demonforums.net/Thread-ALL-YOU-NEED-FOR-THE-APPLE-PAY-CHOPS-IS-JUST-THE-BIN-CC–199871
Screenshots:
None
Threat Actors: yaxaxav
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Apple Pay
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor Roronoa044 shared what appears to be a collection of valid Hotmail email and password combinations on cybercriminal forum. The actor claims the credentials are valid and high quality, distributed through their Telegram channel.
Date: 2026-04-09T01:18:50Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Pass-%E2%9A%A1%E2%9A%A1-X412-Valid-UHQ-Hotmail-%E2%9A%A1%E2%9A%A1
Screenshots:
None
Threat Actors: Roronoa044
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor noir is distributing a collection of allegedly valid Hotmail email credentials through Telegram. The post advertises X412 Valid UHQ Hotmail credentials as a private cloud mix.
Date: 2026-04-09T01:17:24Z
Network: openweb
Published URL: https://crackingx.com/threads/71540/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of Infodesk affecting multiple pharmaceutical and healthcare organizations
Category: Data Breach
Content: Threat actor claims to be selling employee data from Infodesk database breach affecting 18 major organizations including Johnson & Johnson, Moderna, GSK, and others. Data includes employee names and email addresses from pharmaceutical, healthcare, and consulting companies.
Date: 2026-04-09T01:08:38Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Infodesk-Database-employee-lists-from-JNJ-Moderna-Novonesis-and-more
Screenshots:
None
Threat Actors: art
Victim Country: Unknown
Victim Industry: Healthcare/Pharmaceutical
Victim Organization: Infodesk
Victim Site: infodesk.com
Alleged cyber attack on Indonesian government-linked company by Garuda Eye
Category: Cyber Attack
Content: Threat actor operating under the handle THE GARUDA EYE announced an imminent or ongoing cyber attack targeting an Indonesian government-affiliated company, using casual language to signal the operation is underway.
Date: 2026-04-09T01:03:57Z
Network: telegram
Published URL: https://t.me/c/2738395378/1461
Screenshots:
None
Threat Actors: THE GARUDA EYE
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed domain credential list
Category: Combo List
Content: A threat actor shared a high-quality credential list containing 46,000 mixed domain accounts through a public paste service. The combolist appears to be distributed freely without any payment requirement.
Date: 2026-04-09T00:22:18Z
Network: openweb
Published URL: https://crackingx.com/threads/71538/
Screenshots:
None
Threat Actors: Cir4d
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Vietnam flight booking system passport data
Category: Data Breach
Content: Threat actor sexybroker claims to be selling passport data from a Vietnamese flight booking system breach containing over 1.1 million records at $0.1 per passport. The data allegedly includes full passport images with contact information from travelers worldwide including China, Japan, USA, UK, Canada, Russia, and other countries.
Date: 2026-04-09T00:13:31Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-Passport-Data-breach-Vietnam-Fligh-Book-World-Wide-guests
Screenshots:
None
Threat Actors: sexybroker
Victim Country: Vietnam
Victim Industry: Transportation
Victim Organization: Unknown
Victim Site: Unknown