[February-1-2026] Daily Cybersecurity Threat Report

1. Executive Summary

The cyber landscape on February 1, 2026, was dominated by three primary trends:

Mass Defacement Campaigns: A concerted effort by “hacktivist” groups like HellR00ters Team and 404 CREW CYBER TEAM targeting small to medium enterprises (SMEs) across Slovenia, India, and Indonesia.+4
High-Impact Data Leaks: Significant breaches targeting government and healthcare sectors, most notably the U.S. Government Publishing Office and Woundtech, the latter involving 3.8 TB of sensitive medical data.+1
Monetization of Access: A robust underground economy on BreachForums and Exploit.biz for administrative access to e-commerce platforms and corporate Citrix environments.+2

2. Incident Classification & Statistical Overview

Based on the 93 reported incidents, the distribution of cyber activity is as follows:

Category	Primary Actors	Key Victims
Data Breach	c0mmandor, Sythe, FulcrumSec	Woundtech (USA), GPO (USA), MERNİS (Turkey)
Defacement	HellR00ters Team, 404 CREW, UNDERGROUND-NET	Various Slovenian and Indonesian entities
Initial Access	ParanoiaDe, H4JIM3, Spearr	Palantir (USA), $23B China Corp, UK/US E-commerce
Malware/Tools	OpenBullet, F4AR, The Seekers	WEEX Mobile Checker, JS Web Skimmers

3. Deep Dive: Major Cyber Incidents

3.1 Healthcare & Critical Data: The Woundtech Breach

One of the most severe incidents involved Woundtech, where the actor FulcrumSec claimed to have exfiltrated 3.8 TB of data.

Impact: Exposure of 160,000+ patients.
Data Types: 4.6 million clinical notes, EMR files, 85,000 referral documents with full PHI, and 93,000 clinical wound images.
Significance: This represents a massive violation of HIPAA standards and poses a long-term risk for medical identity theft.

3.2 Government & Defense Exploitation

Several incidents targeted national sovereignty and administrative bodies:

U.S. Government Publishing Office (GPO): Actor Sythe leaked over 1,500 records, including internal email communications and BCC/CC addresses.
MERNİS (Turkey): A breach of the Central Population Administration System was reported, exposing names, tax numbers, and residence data.
French Army (Armée de Terre): Angel_Batista claimed a leak of internal documents from the French Ministry of Defense site.

3.3 The Slovenian Defacement Wave

The HellR00ters Team executed a rapid-fire campaign in Slovenia, defacing multiple sites in a single day, including:

Kovaštvo Matjaž Vindiš (Mining/Metals).+2
MyFlightLog (Aviation).+2
Ekopool Balloon Club (Hospitality).
Barbara Celjska Foundation (Non-profit).

4. Threat Actor Profiles

4.1 The “c0mmandor” Campaigns

The actor c0mmandor was exceptionally prolific, focusing on Eastern European and Russian databases. Their activities included:

Leaking 830+ rows from an Armenian e-commerce site (Sextoys.am).
Releasing 2017-2018 Russian “mix” databases containing telecom and insurance data.
Exposing IT student data from Kazakhstan.

4.2 Initial Access Brokers (IABs)

Actors like ParanoiaDe and H4JIM3 are actively fueling the ransomware pipeline by selling administrative credentials:

ParanoiaDe listed admin access for WordPress shops in the UK, USA, and France.+2
H4JIM3 offered domain user access to a $23 Billion revenue Chinese organization via Citrix.

5. Emerging Malware Trends

The report identifies the commercialization of specialized attack tools:

JS Web Skimmers: Actor F4AR released source code for a JavaScript skimmer designed to steal payment cards at checkout.
Lethalcompany.py: A new spyware/stealer identified by “The Seekers” designed for stealthy data collection on Windows systems.
Crypto Exchange Checkers: Tools specifically targeting WEEX mobile users are being sold for $500 to generate leads for further exploitation.

6. Geographical & Industry Impact Analysis

Slovenia: High frequency of defacements targeting local businesses.+2
India: Targeted by 404 CREW CYBER TEAM and Z-BL4CX-H4T.ID, focusing on retail and education.+2
Indonesia: Heavy focus from UNDERGROUND-NET on government and provincial education offices.+1
Iran: Shadow Cyber Security claimed wide-scale access to state databases, prisons, and news agencies.+2

7. Conclusion

The events of February 1, 2026, underscore a fractured yet highly efficient cyber-criminal ecosystem. While defacements serve as “noise” for hacktivist visibility, the silent exfiltration of terabytes of medical data (Woundtech) and government records (GPO, MERNİS) represents the true high-water mark of risk.

The proliferation of “initial access” listings suggests that many of these defaced or breached organizations may face secondary attacks, such as ransomware, in the coming weeks. Organizations must prioritize the securing of WordPress administrative panels and the patching of Citrix/VPN gateways to mitigate these specific, trending threats.

Detected Incidents Draft Data

HellR00ters Team targets the website of Kovaštvo Matjaž Vindiš
Category: Defacement
Content: The group claims to have defaced the website of Kovaštvo Matjaž Vindiš
Date: 2026-02-01T23:50:19Z
Network: telegram
Published URL: https://t.me/c/2758066065/952
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/56d7bcd1-cced-4ba5-993a-e72f399d19e3.png
Threat Actors: HellR00ters Team
Victim Country: Slovenia
Victim Industry: Mining/Metals
Victim Organization: kovaštvo matjaž vindiš
Victim Site: kovastvovindis.si
HellR00ters Team targets the website of Let balonom
Category: Defacement
Content: The group claims to have defaced the website of Let balonom
Date: 2026-02-01T23:19:44Z
Network: telegram
Published URL: https://t.me/c/2758066065/952
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/033f573c-8f0c-4a87-82dd-a1fd3afb94bd.png
Threat Actors: HellR00ters Team
Victim Country: Croatia
Victim Industry: Leisure & Travel
Victim Organization: let balonom
Victim Site: letbalonom.hr
HellR00ters Team targets the website of MyFlightLog
Category: Defacement
Content: The group claims to have defaced the website of MyFlightLog
Date: 2026-02-01T23:18:32Z
Network: telegram
Published URL: https://t.me/c/2758066065/952
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cf71fc2b-9769-4273-8136-30dfb170c713.jpg
Threat Actors: HellR00ters Team
Victim Country: Slovenia
Victim Industry: Aviation & Aerospace
Victim Organization: myflightlog
Victim Site: myflightlog.net
Alleged sale of unauthorized access to an unidentified BB Market shop account
Category: Data Breach
Content: The threat actor claims to be selling unauthorized access to an unidentified BB market CC shop account.
Date: 2026-02-01T23:16:02Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275012/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ab98362a-8134-4dee-98b9-9641d4dfcdec.png
Threat Actors: Big777
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
HellR00ters Team targets the website of Ekopool Balloon Club
Category: Defacement
Content: The group claims to have defaced the website of Ekopool Balloon Club
Date: 2026-02-01T22:52:11Z
Network: telegram
Published URL: https://t.me/c/2758066065/952
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e57562fd-5bd2-40a7-837f-0c17a222ad9b.jpg
Threat Actors: HellR00ters Team
Victim Country: Slovenia
Victim Industry: Hospitality & Tourism
Victim Organization: ekopool balloon club
Victim Site: poletzbalonom.si
HellR00ters Team targets the website of VENOLEK
Category: Defacement
Content: The group claims to have defaced the website of VENOLEK
Date: 2026-02-01T22:40:15Z
Network: telegram
Published URL: https://t.me/c/2758066065/952
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/76db6eec-3edd-437b-9d57-7d69e592071a.jpg
Threat Actors: HellR00ters Team
Victim Country: Slovenia
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: venolek
Victim Site: venolek.si
HellR00ters Team targets the website of Studio Uršula
Category: Defacement
Content: The group claims to have defaced the website of Studio Uršula
Date: 2026-02-01T22:39:23Z
Network: telegram
Published URL: https://t.me/c/2758066065/952
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d7c1d88e-5000-4dff-83c5-720df63c7581.jpg
Threat Actors: HellR00ters Team
Victim Country: Slovenia
Victim Industry: Health & Fitness
Victim Organization: studio uršula
Victim Site: studio-ursula.si
HellR00ters Team targets the website of Secondhandballoons.com
Category: Defacement
Content: The group claims to have defaced the website of Secondhandballoons.com
Date: 2026-02-01T22:39:05Z
Network: telegram
Published URL: https://t.me/c/2758066065/952
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/29752e3a-81a8-4b6a-a0d6-ab5f46efb6e9.jpg
Threat Actors: HellR00ters Team
Victim Country: Slovenia
Victim Industry: Aviation & Aerospace
Victim Organization: Unknown
Victim Site: secondhandballoons.com
Alleged Leak of Flat/Land Registry Database From Poland
Category: Data Breach
Content: Threat actor claims to be selling leaked SQL database of flats/lands data from Poland. The compromised data reportedly contains over 25 million records.
Date: 2026-02-01T22:27:35Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274909/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0ebb3228-d1fb-45e5-98ae-7cde64730ba9.png
Threat Actors: matete
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
DARK 07x claims to target Tunisia
Category: Alert
Content: A recent post by the group indicates that they are targeting Tunisia
Date: 2026-02-01T22:18:32Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/1538
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a4f87b40-81a6-4124-85f0-89f31e5d68d3.jpg
Threat Actors: DARK 07x
Victim Country: Tunisia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Coinomi
Category: Data Breach
Content: A threat actor claims to have leaked a database allegedly associated with Coinomi, containing approximately 612,861 records. The exposed data appears to primarily include email addresses, as demonstrated by the provided sample list.
Date: 2026-02-01T22:12:23Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Coinomi-DB
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3ca6e5c0-4536-48d9-a570-4b6ace93bf2f.png
Threat Actors: kiura01
Victim Country: UK
Victim Industry: Financial Services
Victim Organization: coinomi
Victim Site: coinomi.com
Alleged data breach of Tutoo
Category: Data Breach
Content: A threat actor claims to have leaked a full backup of the database and web files associated with tutoo.ir.
Date: 2026-02-01T22:07:53Z
Network: openweb
Published URL: https://darkforums.io/Thread-IR%C3%81N-FULL-BACKUP-DB-WEB-OF-tutoo-ir
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/50c76cc4-75ee-40b7-81bf-51fc4f041324.png
Threat Actors: Evorax
Victim Country: Iran
Victim Industry: E-commerce & Online Stores
Victim Organization: tutoo
Victim Site: tutoo.ir
Alleged leak of Full Exploit Pack Source Code
Category: Malware
Content: A threat actor claims to have leaked the complete exploit collection associated with ExploitPack.com, covering exploits from 2020 to 2026. The alleged leak reportedly includes exploit source code, payloads, shellcodes, scripts, and related components used within the ExploitPack framework. According to the post, the data was obtained by exploiting a vulnerability on the official website, granting unauthorized access to both older and newer exploit packs.
Date: 2026-02-01T21:33:02Z
Network: openweb
Published URL: https://breachforums.bf/Thread-COLLECTION-exploitpack-com-ALL-Exploit-Leaked
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3bf284a0-cc14-43ba-8ced-cc33d55b1851.png
https://d34iuop8pidsy8.cloudfront.net/ec1dfa8a-9b8a-4ac2-8e99-af3bf3ae979c.png
Threat Actors: Spearr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
404 CREW CYBER TEAM targets the website of Narpa Spices
Category: Defacement
Content: The group claims to have defaced the website of Narpa Spices
Date: 2026-02-01T21:21:01Z
Network: telegram
Published URL: https://t.me/crewcyber/621
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7eae4460-7161-4de0-979d-f13e113be9f9.jpg
Threat Actors: 404 CREW CYBER TEAM
Victim Country: India
Victim Industry: Food & Beverages
Victim Organization: narpa spices
Victim Site: narpaspices.in
Alleged data leak of Bitcoin Balances Dataset
Category: Data Breach
Content: The threat actor claims to have leaked a dataset BTC BALS. the exposed information allegedly includes records containing email addresses, associated cryptocurrency wallet identifiers, and Bitcoin balance amounts
Date: 2026-02-01T21:20:59Z
Network: openweb
Published URL: https://breachforums.bf/Thread-BTC-BALS
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e78e644d-6231-46fc-b82f-f7af0ce668a7.png
Threat Actors: Lurk
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
404 CREW CYBER TEAM targets the website of Zaveri Bazaar
Category: Defacement
Content: The group claims to have defaced the website of Zaveri Bazaar
Date: 2026-02-01T21:15:42Z
Network: telegram
Published URL: https://t.me/crewcyber/622
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f30a7550-4609-40e3-8484-f6ee27646949.jpg
Threat Actors: 404 CREW CYBER TEAM
Victim Country: India
Victim Industry: Luxury Goods & Jewelry
Victim Organization: zaveri bazaar
Victim Site: zaveribazaar.co.in
HellR00ters Team targets the website of Barbara Celjska Foundation
Category: Defacement
Content: The group claims to have defaced the website of Barbara Celjska Foundation
Date: 2026-02-01T21:13:51Z
Network: telegram
Published URL: https://t.me/c/2758066065/952
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/61cf4b18-034f-4616-b12f-4f64888410ca.jpg
Threat Actors: HellR00ters Team
Victim Country: Slovenia
Victim Industry: Non-profit & Social Organizations
Victim Organization: barbara celjska foundation
Victim Site: fundacija-barbare-celjske.si
404 CREW CYBER TEAM targets the website of Sai Supermarket
Category: Defacement
Content: The group claims to have defaced the website of Sai Supermarket
Date: 2026-02-01T21:00:37Z
Network: telegram
Published URL: https://t.me/crewcyber/620
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a9c19e42-a8c1-4795-b993-9ac4e47484af.jpg
Threat Actors: 404 CREW CYBER TEAM
Victim Country: India
Victim Industry: Supermarkets
Victim Organization: sai supermarket
Victim Site: saisupermarket.in
Alleged data breach of InfoLegale
Category: Data Breach
Content: The threat actor group claims to have leaked part of the InfoLegale database. they are currently disclosing around 2,000 user records, with the possibility of releasing the full dataset of 14M+ records later. The exposed information allegedly includes sensitive business and personal data such as full names, dates of birth, addresses, company and executive details, administrative and mandate-related records, and identifiers linked to French business entities.
Date: 2026-02-01T20:59:21Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FR-InfoLegale-14M-HawkSec
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2489a0bf-09c8-479e-8b00-a4fb1b3572fa.png
https://d34iuop8pidsy8.cloudfront.net/2194ff63-57dd-41ab-a960-3228ed8a1c53.png
Threat Actors: L4dybug
Victim Country: France
Victim Industry: Information Services
Victim Organization: infolegale
Victim Site: infolegale.fr
Alleged sale of WEEX Crypto Exchange Mobile Checker
Category: Malware
Content: The threat actor is advertising a “WEEX Crypto Exchange Mobile Checker” tool for sale. the service is priced at $500 and is promoted as being useful for generating leads.
Date: 2026-02-01T20:49:52Z
Network: openweb
Published URL: https://breachforums.bf/Thread-WEEX-Crypto-Exchange-Mobile-Checker
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6f6cde6a-baea-4fe5-9c8d-d5fb61ba1253.png
Threat Actors: OpenBullet
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
404 CREW CYBER TEAM claims to target India
Category: Alert
Content: A recent post by the group indicates that they are targeting India.
Date: 2026-02-01T20:22:31Z
Network: telegram
Published URL: https://t.me/crewcyber/619
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/10d9491f-88a3-4e71-919e-f961b1d7a9cc.jpg
Threat Actors: 404 CREW CYBER TEAM
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Shadow Cyber Security Claims to target Iran
Category: Alert
Content: A recent post by the group claims that they have gained access to databases, confidential information, and what it describes as strategically important assets across institutions of Iran.
Date: 2026-02-01T20:04:11Z
Network: telegram
Published URL: https://t.me/shadow_cyber/261
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/45133605-74ee-44e2-a7b7-e391c4eddcf1.jpg
Threat Actors: Shadow Cyber Security
Victim Country: Iran
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of sensitive files of the Azerbaijan Institute
Category: Data Breach
Content: Threat actor claims to have leaked sensitive files of an unidentified Azerbaijan Institute.
Date: 2026-02-01T19:57:08Z
Network: openweb
Published URL: https://leakbase.la/threads/sensitive-files-of-the-azerbaijan-institute-were-leaked-by-simon111.48718/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/45746396-bc7d-4e39-8a47-12fe0696ab9e.png
Threat Actors: Simon111
Victim Country: Azerbaijan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of ShadowTech
Category: Data Breach
Content: The threat actor claims to have leaked a database associated with shadowtech.fr, containing approximately 545K lines of records. the exposed data allegedly includes sensitive user and account information such as email addresses, full names, phone numbers, billing and shipping addresses, account creation details, and subscription and transaction-related metadata
Date: 2026-02-01T19:52:47Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-shadowtech-fr
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f022568c-18bc-40b6-b41e-e950f5b9d405.png
https://d34iuop8pidsy8.cloudfront.net/19b3b50e-e359-46db-a72f-44d75ed6d062.png
Threat Actors: Yanisxratsu
Victim Country: France
Victim Industry: Computer & Network Security
Victim Organization: shadowtech
Victim Site: shadowtech.fr
Alleged sale of IP checker and brute-force tool
Category: Malware
Content: Threat actor claims to be selling rust IP checker and bruteforce tool written in GO.
Date: 2026-02-01T19:52:13Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274977/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0e651f2e-d98e-4f5c-9a1b-abc4af2cdaf6.png
Threat Actors: privisnanet
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
HaxChipper targets the website of Bergie Digital
Category: Defacement
Content: The group claims to have defaced the website of Bergie Digital.
Date: 2026-02-01T19:32:59Z
Network: telegram
Published URL: https://t.me/HaxChipper/116
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e136eb4b-4364-4103-977a-c151e039e033.png
Threat Actors: HaxChipper
Victim Country: USA
Victim Industry: Marketing, Advertising & Sales
Victim Organization: bergie digital
Victim Site: bergiedigital.com
Alleged data breach of Trezor
Category: Data Breach
Content: The threat actor claims to have leaked a dataset labeled “140K TREZOR LEAK”, allegedly containing around 140,000 user records, primarily email addresses,
Date: 2026-02-01T19:27:01Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-140K-TREZOR-LEAK
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/93221e02-fe5f-44af-92db-6d14356c8a91.png
Threat Actors: Lurk
Victim Country: Czech Republic
Victim Industry: Financial Services
Victim Organization: trezor
Victim Site: trezor.io
HaxChipper targets the website of Mongol Kosen Technology College
Category: Defacement
Content: The group claims to have defaced the website of Mongol Kosen Technology College
Date: 2026-02-01T19:03:20Z
Network: telegram
Published URL: https://t.me/HaxChipper/116
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/771887b1-7223-4666-882f-a15e88060248.jpg
Threat Actors: HaxChipper
Victim Country: Mongolia
Victim Industry: Education
Victim Organization: mongol kosen technology college
Victim Site: mk.edu.mn
Alleged data breach of Gran Quina de Nada
Category: Data Breach
Content: The threat actor claims to be uploading administrator access credentials for the portal portal.granquinnadenadal.cat. the exposed data allegedly includes portal login credentials
Date: 2026-02-01T18:46:46Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SPAIN-granquinadenadal-cat-PORTAL-CREDENTIALS
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/93c47622-aca4-43f7-a44d-497411df4f13.png
Threat Actors: IntelShadow
Victim Country: Spain
Victim Industry: Leisure & Travel
Victim Organization: gran quina de nada
Victim Site: portal.granquinnadenadal.cat
Alleged sale of unauthorized admin access to an unidentified WordPress shop in the UK
Category: Initial Access
Content: The threat actor claims to be selling unauthorized administrative access to an unidentified WordPress shop in the UK.
Date: 2026-02-01T18:44:38Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274972/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cfdac12a-cce5-44ef-b46b-b5b1aa9bb3a4.jpeg
Threat Actors: ParanoiaDe
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data sale of an unidentified organization from Australia
Category: Data Breach
Content: Threat actor claims to be selling leaked data from an unidentified organization based in Australia. The compromised data reportedly contains 65,000 rows leads, 10,000 rows of contacts 38,000 unique phone numbers and 51,000 unique emails. The organization reportedly operates in Civil Engineering Construction Retail industries with a revenue over $5 Million.
Date: 2026-02-01T18:39:51Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274984/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/69aa6955-4495-437c-ac64-bdaef7198c94.png
Threat Actors: GeeksforGeeks
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Network Management System (NMS) in Bangladesh
Category: Data Breach
Content: The group claims to have breached the database of an unidentified Network Management System (NMS) in Bangladesh
Date: 2026-02-01T18:21:30Z
Network: telegram
Published URL: https://t.me/LulzSecHackers/353
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5c7dbe2d-7d0c-480d-aa0e-c9ba3b9cbbbc.jpg
Threat Actors: LulzSec Hackers
Victim Country: Bangladesh
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to unidentified shop from USA
Category: Initial Access
Content: The threat actor claims to be selling unauthorized admin access to a US-based online shop, with alleged access to stolen credit card data collected via an iframe payment setup.
Date: 2026-02-01T18:19:04Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274988/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/027344e3-5949-4123-83df-91518e642a6a.png
Threat Actors: bot_ik2s
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Crina Bulprich
Category: Data Breach
Content: The threat actor claims to be selling a database allegedly taken from crinabulprich.com, containing about 33,238 records, including customer order and personal information, with approximately 40% of the records allegedly containing payment card details.
Date: 2026-02-01T18:13:45Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Crina-Bulprich-33-2k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ea6ca227-82e0-4e5a-acf3-9b23e4db7f6d.png
Threat Actors: temporary
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: crina bulprich
Victim Site: crinabulprich.com
Alleged sale of unauthorized access to unidentified wordpress shop from spain
Category: Initial Access
Content: Threat actor claims to be selling unauthorized administrative access to a WordPress-based e-commerce website of an unidentified organization based in Spain, including access to order management systems, payment processing features, and backend store operations.
Date: 2026-02-01T17:59:50Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274973/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c20b0d72-a516-4cf9-b957-4b199e32d526.png
Threat Actors: Shopify
Victim Country: Spain
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Concepto
Category: Data Breach
Content: The threat actor claims to be selling a leaked database from conceptoline.com, a luxury clothing brand, containing approximately 84,792 records. The exposed data allegedly includes customer details such as full names, email addresses, phone numbers, and billing/physical address information including country, city, and ZIP codes.
Date: 2026-02-01T17:30:47Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-CONCEPTO-84-7k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3e581bf4-c923-4dca-91d8-30628453ce75.png
https://d34iuop8pidsy8.cloudfront.net/a0195dd7-6a23-4038-b260-93913a9fb861.png
Threat Actors: temporary
Victim Country: Romania
Victim Industry: Fashion & Apparel
Victim Organization: concepto
Victim Site: conceptoline.com
Alleged sale of unauthorized access to unidentified WordPress shop from USA
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified WordPress shop from USA.
Date: 2026-02-01T17:29:14Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274974/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b72dc7d8-af00-487d-8879-560b57e0697e.png
Threat Actors: ParanoiaDe
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Rewardy
Category: Data Breach
Content: The threat actor claims to be selling a database allegedly taken from Rewardy.io, containing about 2.2 million user records, including hashed passwords for a portion of accounts.
Date: 2026-02-01T17:26:18Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-rewardy-io-2-2M-users
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/450be19b-7283-4570-8cc5-6daa133a91d4.png
Threat Actors: test3221
Victim Country: Colombia
Victim Industry: Gaming
Victim Organization: rewardy
Victim Site: rewardy.io
Alleged sale of unauthorized access to unidentified organization from China
Category: Initial Access
Content: Threat actor claims to be selling unauthorized domain user access to a Citrix based website of an unidentified organization based in China, reportedly having $23 billion in revenue.
Date: 2026-02-01T17:12:19Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274970/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2b3e5c84-77bf-4c9c-b78d-b71aa092d9a4.png
Threat Actors: H4JIM3
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to an unidentified organization from Turkey
Category: Initial Access
Content: Threat actor claims to be selling unauthorized domain user access to an unidentified manufacturing company based in Turkey.
Date: 2026-02-01T16:57:13Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274986/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b8580832-da14-4a92-84c9-60e78edfd421.png
Threat Actors: Big-Bro
Victim Country: Turkey
Victim Industry: Manufacturing
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to unidentified WordPress shop from USA
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified WordPress shop based in USA.
Date: 2026-02-01T16:43:37Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274983/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d50384cd-a6bb-4b24-a305-f4f8a74be5c2.png
Threat Actors: ParanoiaDe
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized WordPress Shop / Store Admin Access in france
Category: Initial Access
Content: The threat actor claims to be selling unauthorized administrative access to an France-based WordPress shop/store website.
Date: 2026-02-01T16:32:06Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274979/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b7e039b4-165e-4adb-8a29-9f9db75b9c61.png
Threat Actors: ParanoiaDe
Victim Country: France
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
TEAM BD CYBER NINJA OFFICIAL claims to target Bangladeshs banking system
Category: Malware
Content: A recent post by the group indicates that theyre targeting Bangladeshs banking system the group threatens potential destruction of databases and systems, claims persistence within targeted environments, and asserts the use of malware designed to evade detection while issuing political and ideological demands.
Date: 2026-02-01T15:27:47Z
Network: telegram
Published URL: https://t.me/tbcnofficial/210?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7467f685-ac85-4388-880f-dee4cd458e4e.jpg
Threat Actors: TEAM BD CYBER NINJA OFFICIAL
Victim Country: Bangladesh
Victim Industry: Banking & Mortgage
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of FREE JavaScript Web Skimmer Source Code Released
Category: Malware
Content: The threat actor claims to be selling a JavaScript skimmer that steals payment card details from hacked online shop checkout pages.
Date: 2026-02-01T15:21:09Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SOURCE-CODE-FREE-skimmer-web-in-js
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/66d03148-f49b-4172-b42c-36a78e5520b2.png
Threat Actors: F4AR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Z-BL4CX-H4T.ID targets the website of Usicly
Category: Defacement
Content: The group claims to have defaced the website of Usicly
Date: 2026-02-01T15:04:13Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/51
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/10d5b3a7-a076-4a81-b579-30b0afd456c2.jpg
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: India
Victim Industry: Music
Victim Organization: usicly
Victim Site: usicly.com
Alleged data breach of Woundtech
Category: Data Breach
Content: The threat actor claims to have breached 3.8 TB of data from Woundtech, impacting 160,000+ patients. The leaked data allegedly includes personal and medical information, 4.6 million clinical notes, EMR files, 85,000 referral documents with full PHI, and approximately 93,000 clinical wound images.
Date: 2026-02-01T14:49:38Z
Network: openweb
Published URL: https://darkforums.io/Thread-FRESH-BREACH-PREVIEW-WOUNDTECH-HEALTHCARE-GRAPHIC-PHOTOS-MED-HISTORY-DOC-NOTES
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f2ea2337-4d6c-4e03-893e-e5b4e02e3161.png
https://d34iuop8pidsy8.cloudfront.net/2170908a-7b5c-4c52-96aa-1897d63c7439.png
Threat Actors: FulcrumSec
Victim Country: USA
Victim Industry: Hospital & Health Care
Victim Organization: woundtech
Victim Site: woundtech.net
TEAM BD CYBER NINJA OFFICIAL claims to target all countries.
Category: Alert
Content: A recent post by the group indicates that theyre targeting all countries.
Date: 2026-02-01T14:35:00Z
Network: telegram
Published URL: https://t.me/tbcnofficial/209
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2e27c192-2ac1-4e6d-9cbc-f01d58804409.jpg
Threat Actors: TEAM BD CYBER NINJA OFFICIAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
WOLF CYBER ARMY targets the website of CommyX
Category: Defacement
Content: The group claims to have defaced the website of CommyX.
Date: 2026-02-01T14:11:30Z
Network: telegram
Published URL: https://t.me/c/2670088117/427
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/37d93e03-b11b-4f29-bfbb-fcd92231b03e.png
Threat Actors: WOLF CYBER ARMY
Victim Country: Unknown
Victim Industry: Social Media & Online Social Networking
Victim Organization: commyx
Victim Site: commyx.com
Alleged data breach of Sextoys.am
Category: Data Breach
Content: The threat actor claims to have breached 830+ rows of customer data belonging to Sextoys.am. The compromised data reportedly includes database tables such as address, customer, customer_ip, customer_login, information, and user.
Date: 2026-02-01T13:18:50Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-sextoys-am-full-dump-sql
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ad6b57bc-25c5-42f2-8106-91c5bf18c5fd.png
Threat Actors: c0mmandor
Victim Country: Armenia
Victim Industry: E-commerce & Online Stores
Victim Organization: sextoys.am
Victim Site: sectoys.am
Alleged data breach of eldorado.ua
Category: Data Breach
Content: The threat actor claims to have breached 20.3K SMTP records from eldorado.ua, allegedly containing IDs, incoming connection details, message statuses, SMS codes, Viber statuses, and more
Date: 2026-02-01T13:06:53Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-eldorado-ua-SMTP-20-3k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8d6dffeb-ded0-418a-97e6-d9e5b5a87e83.png
https://d34iuop8pidsy8.cloudfront.net/8f0b50ee-94fd-4b2f-bbd8-e58a71110cad.png
Threat Actors: CHONG
Victim Country: Ukraine
Victim Industry: E-commerce & Online Stores
Victim Organization: eldorado.ua
Victim Site: eldorado.ua
Alleged data breach of Universarium
Category: Data Breach
Content: The threat actor claims to have breached data belonging to Universarium. The compromised data reportedly includes ID, full name, email address, mobile phonenumber, username, and account status.
Date: 2026-02-01T12:50:59Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Universarium-ru-2019
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/607c0971-4865-434c-a2f0-c70fc6ea560c.png
Threat Actors: c0mmandor
Victim Country: Russia
Victim Industry: Education
Victim Organization: universarium
Victim Site: universarium.org
Alleged sale of Unauthorized access to Mall & Retail
Category: Initial Access
Content: The group claims to be selling unauthorized access to Mall & Retail.
Date: 2026-02-01T12:33:41Z
Network: telegram
Published URL: https://t.me/memek1777/85
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b4006ef4-bcfd-4bbf-bbdd-ca4179b7d475.png
Threat Actors: Gugugaga
Victim Country: Colombia
Victim Industry: Retail Industry
Victim Organization: mall & retail
Victim Site: mallyretail.com
Alleged unauthorized access to a unidentified agricultural irrigation system in Turkey
Category: Initial Access
Content: The group claims to have gained unauthorized access to a system located which is responsible for the automated control of agricultural irrigation and fertilization in Turkey. In this access they got the control over They accessed an automated agricultural irrigation and fertilization control system that monitors and manages EC/pH levels, pumps, valves, flow sensors, alarms, and allows remote control via HMI and network connectivity.
Date: 2026-02-01T12:16:41Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3538
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/90580bb6-7188-451a-9741-939cd8c67a2b.jpg
Threat Actors: Infrastructure Destruction Squad
Victim Country: Turkey
Victim Industry: Agriculture & Farming
Victim Organization: Unknown
Victim Site: Unknown
Alleged Unauthorized Access to a Café CCTV System in Denmark
Category: Initial Access
Content: The group claims to have gained unauthorized access to a CCTV System at a café in Denmark, reportedly observing customers spending time inside the establishment, including drinking beverages and engaging in leisure activities.
Date: 2026-02-01T12:06:52Z
Network: telegram
Published URL: https://t.me/zpentestalliance/1026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/04681661-d0f3-4e21-b6c9-2b42a9c69266.png
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Denmark
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Russian construction, real estate, and renovation companies
Category: Data Breach
Content: The threat actor claims to have leaked 322,258 rows of data from Russian construction, real estate, and renovation companies. The compromised data allegedly includes names, types, country, region, settlement, district, postal codes, addresses, sections, categories, and additional details.
Date: 2026-02-01T12:00:26Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Russian-Construction-real-estate-renovation-companies
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c3aebe6e-8bf3-4c02-aa3e-13c4c89d9e2d.png
Threat Actors: c0mmandor
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
STGHO3T claims to target Berlin
Category: Alert
Content: A recent post by the group indicates that theyre targeting Berlin in Germany.
Date: 2026-02-01T11:37:36Z
Network: telegram
Published URL: https://t.me/stgho3tV/171
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6f5db57d-bd08-4ddf-93a8-9baf7aadcb62.jpeg
Threat Actors: STGHO3T
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Merkezi Nüfus İdaresi Sistemi
Category: Data Breach
Content: The threat claims to have breached data of General Directorate of Civil Registration and Nationality (MERNİS).The compromised data includes Full Name, Birthplace, Tax Number, Residence etc.Note: it was previously breached by the threat actor horrormar44 on September 5, 2024.
Date: 2026-02-01T11:30:40Z
Network: openweb
Published URL: https://breachforums.bf/Thread-MERN%C4%B0S-%C4%B0L-%C4%B0L%C3%87E-KODLARI-MERN%C4%B0S-COUNTY-CODES
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e48de6ae-962a-4fe8-9b57-d2c4ef4f1dc4.png
Threat Actors: hellohihi
Victim Country: Turkey
Victim Industry: Government Administration
Victim Organization: merkezi nüfus idaresi sistemi
Victim Site: nvi.gov.tr
Alleged leak of mixed databases from Russia
Category: Data Breach
Content: The threat actor claims to have leaked mixed databases from Russia dating back to 2017–2018, allegedly comprising 17 files containing sensitive customer information related to telecommunications subscribers, WhatsApp clients, insurance customers, online food orders and more.
Date: 2026-02-01T11:28:21Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Russian-mix-databases-2017-2018
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8a2183ec-0882-4237-828b-4fd208070d8b.png
Threat Actors: c0mmandor
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of individuals who ordered theater tickets in Moscow between 2016 and 2017
Category: Data Breach
Content: The threat actor claims to have leaked a database allegedly containing over 45,000 records of individuals who ordered theater tickets in Moscow between 2016 and 2017, including full names, phone numbers, event details, seat information, booking dates and more.
Date: 2026-02-01T11:25:26Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Moscow-People-who-ordered-tickets-to-theaters-2016-2017
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bafc4470-74df-4ad9-9955-888254cfea7d.png
Threat Actors: c0mmandor
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Russian banks clients data
Category: Data Breach
Content: The threat actor claims to have leaked Russian bank client’s data dating back to 2018, allegedly comprising 18 files.
Date: 2026-02-01T11:10:07Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Clients-of-Russian-banks-2018
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e2adbee2-9502-4f2f-82c2-fe4a2e5756d6.png
Threat Actors: c0mmandor
Victim Country: Russia
Victim Industry: Banking & Mortgage
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Eden Tour Armenia
Category: Data Breach
Content: A threat actor claims to have leaked data from Eden Tour Armenia. The compromised data reportedly contains over 500 contact entries, including full names, email addresses, phone numbers, IP addresses, order details, timestamps, and message contents.
Date: 2026-02-01T11:06:58Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-edentour-am-database-contact-form-entries
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5f29affa-e009-4cf6-8ee5-cea4287bf787.png
Threat Actors: c0mmandor
Victim Country: Armenia
Victim Industry: Aviation & Aerospace
Victim Organization: eden tour armenia
Victim Site: edentour.am
Alleged Unauthorized Access to a Hair Salon CCTV System in Ukraine
Category: Initial Access
Content: The group claims to have gained unauthorized access to a CCTV system at a hair salon in Ukraine, reportedly observing empty premises with no customers and minimal staff present during operating hours.
Date: 2026-02-01T10:55:59Z
Network: telegram
Published URL: https://t.me/zpentestalliance/1025
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7346dab4-07a8-401f-9408-a4c6685d2a0c.png
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Ukraine
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of IT students data from Kazakhstan
Category: Data Breach
Content: The threat actor claims to have leaked 477 rows of IT students data from Kazakhstan, dated 2017, including full names, contact details, dates of birth, addresses, and more.
Date: 2026-02-01T10:55:33Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-IT-students-Kazakhstan-2017
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/95fd8893-9c7a-466f-8cc4-82707116f494.png
Threat Actors: c0mmandor
Victim Country: Kazakhstan
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Grupa Wirtualna Polska
Category: Data Breach
Content: The threat actor claims to have breached 42,000 records from Grupa Wirtualna Polska.
Date: 2026-02-01T10:44:31Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-41K-o2-pl-MAIL-DATABASE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4985e56e-971b-4517-80ae-05fab4bdfa8a.png
Threat Actors: psikozesnaf
Victim Country: Poland
Victim Industry: Information Services
Victim Organization: grupa wirtualna polska
Victim Site: o2.pl
Alleged sale of shell access to Ar-Rahman Islamic Boarding School
Category: Initial Access
Content: The group claims to be selling shell access to Ar-Rahman Islamic Boarding School.
Date: 2026-02-01T10:27:51Z
Network: telegram
Published URL: https://t.me/memek1777/79
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/34cb26db-e979-40f6-821f-1a1ea08260b7.png
Threat Actors: Gugugaga
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: ar-rahman islamic boarding school
Victim Site: ponpesarrahmanplg.ponpes.id
Alleged leak of SQL vulnerability in ASIMOV Robotics
Category: Vulnerability
Content: The group claims to have leaked SQL vulnerability in the website of ASIMOV Robotics.
Date: 2026-02-01T10:27:13Z
Network: telegram
Published URL: https://t.me/c/3664625363/92
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ab7cec24-e292-4f37-8a70-7190db129f07.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: India
Victim Industry: Research Industry
Victim Organization: asimov robotics
Victim Site: asimovrobotics.com
Alleged data breach of Demsoft Yazılım
Category: Data Breach
Content: The threat actor claims to have breached data from Demsoft Yazılım.
Date: 2026-02-01T10:19:16Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-demsoft-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/317c4ce1-f557-4635-8e3a-1222536e8575.png
Threat Actors: psikozesnaf
Victim Country: Turkey
Victim Industry: E-commerce & Online Stores
Victim Organization: demsoft yazılım
Victim Site: demsoft.com
Alleged leak of WordPress login access to Suara Kapuas
Category: Initial Access
Content: The group claims to have leaked WordPress login access to Suara Kapuas.
Date: 2026-02-01T09:35:11Z
Network: telegram
Published URL: https://t.me/c/3027611821/374
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b774d01d-eba6-4e6b-a2b8-232e50208b22.png
Threat Actors: Z-BL4CX-H4T
Victim Country: Indonesia
Victim Industry: Newspapers & Journalism
Victim Organization: suara kapuas
Victim Site: suarakapuas.com
Alleged leak of WordPress login access to Houston Stevenson
Category: Initial Access
Content: The group claims to have leaked WordPress login access to Houston Stevenson.
Date: 2026-02-01T08:51:43Z
Network: telegram
Published URL: https://t.me/c/3027611821/374
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a19fcb17-97ef-411c-80b9-5b63a552da3d.png
Threat Actors: Z-BL4CX-H4T
Victim Country: Canada
Victim Industry: Mental Health Care
Victim Organization: houston stevenson
Victim Site: houstonstevenson.com
Alleged data breach of U.S. Government Publishing Office
Category: Data Breach
Content: The threat actor claims to have breached over 1,500 records from the U.S. Government Publishing Office, allegedly including 518 unique email addresses, emails sent, BCC and CC addresses, and full names.
Date: 2026-02-01T08:13:59Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-GPO-Gov-Database-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3d274f48-6af6-4b21-8443-fbefe0ab1974.png
https://d34iuop8pidsy8.cloudfront.net/5bd354d0-0675-43e9-a442-74bb3827f98f.png
https://d34iuop8pidsy8.cloudfront.net/039340e0-027b-444e-a847-186b23391c78.png
https://d34iuop8pidsy8.cloudfront.net/8ece733b-d962-4683-9677-d300eda64207.png
Threat Actors: Sythe
Victim Country: USA
Victim Industry: Government Relations
Victim Organization: u.s. government publishing office
Victim Site: gpo.gov
THE GARUDA EYE claims to target Albania
Category: Alert
Content: A recent post by the group indicates that theyre targeting Albania.
Date: 2026-02-01T08:02:31Z
Network: telegram
Published URL: https://t.me/c/2312948728/1711
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f4a7a700-52bd-4bc8-8151-850e5716a369.jpg
Threat Actors: THE GARUDA EYE
Victim Country: Albania
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of unidentified Russian site
Category: Data Breach
Content: The threat actor claims to have breached over 700 credentials from an unidentified Russian website.
Date: 2026-02-01T07:55:01Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Russian-site-breached
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/24d9c371-e067-414a-b011-ce89a1149d04.png
Threat Actors: r00tUA
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of unauthorized access to FLOORX
Category: Initial Access
Content: The group claims to have leaked unauthorized word press access of FLOORX.
Date: 2026-02-01T07:49:09Z
Network: telegram
Published URL: https://t.me/c/3027611821/374
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/61a5720e-d480-458a-bc13-8ebced34e8c6.jpg
Threat Actors: Z-BL4CX-H4T
Victim Country: Bangladesh
Victim Industry: Civil Engineering
Victim Organization: floorx
Victim Site: floorxltd.com
Alleged Unauthorized Access to Control Nacional de Armas
Category: Initial Access
Content: Threat Actor claims to have leaked unauthorized admin access of Control Nacional de Armas.
Date: 2026-02-01T07:23:12Z
Network: openweb
Published URL: https://serviciosarmas.ccffaa.mil.ec/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/17dbe1c0-c0e1-4d70-8833-c8efe93aa3ea.png
https://d34iuop8pidsy8.cloudfront.net/a51169dc-c403-4856-9d95-cb6fde3efa7c.png
Threat Actors: GordonFreeman
Victim Country: Ecuador
Victim Industry: Defense & Space
Victim Organization: control nacional de armas
Victim Site: serviciosarmas.ccffaa.mil.ec
Alleged leak of unauthorized access to EventON
Category: Initial Access
Content: The group claims to have leaked unauthorized word press access of EventON.
Date: 2026-02-01T07:22:25Z
Network: telegram
Published URL: https://t.me/c/3027611821/374
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5a16050d-37bd-4b04-bb73-884fc463b28e.jpg
Threat Actors: Z-BL4CX-H4T
Victim Country: USA
Victim Industry: Software Development
Victim Organization: eventon
Victim Site: myeventon.com
Alleged Data breach of STIKes Mitra Husada Medan
Category: Data Breach
Content: The claims to have breached the database of STIKes Mitra Husada Medan; the dataset contains visible SQL dump header generated via phpMyAdmin, suggesting backend database exposure.
Date: 2026-02-01T06:26:09Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-STIKes-Mitra-Husada-Medan
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/eb7a7372-541b-439d-a349-c3cba86c9e7c.png
Threat Actors: CY8ER_N4TI0N
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: stikes mitra husada medan
Victim Site: mitrahusada.ac.id
Alleged data breach of DIF Sonora
Category: Data Breach
Content: Threat actor claims to have leaked data belonging to DIF Sonora. The compromised data includes name, phone number, residential address.
Date: 2026-02-01T06:23:18Z
Network: openweb
Published URL: https://x.com/sonoraciber/status/2017386291269099562
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b45aca2b-3440-4257-8038-a54a5367a1ea.png
Threat Actors: Sonora Cybersecure
Victim Country: Mexico
Victim Industry: Government & Public Sector
Victim Organization: dif sonora
Victim Site: difsonora.gob.mx
Alleged leak of lethalcompany.py
Category: Malware
Content: The group claims to have leaked a malicious program identified as lethalcompany.py, which is characterized as a spyware and information-stealing tool. This malware is designed to run stealthily on Windows systems, where it covertly monitors user activity and collects highly sensitive data, specifically including passwords.
Date: 2026-02-01T06:20:19Z
Network: telegram
Published URL: https://t.me/the_seeker8/660
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/21975e08-8d77-4fce-a747-e5a45026d85a.png
Threat Actors: The Seekers
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Unauthorized Webmail Access of Palantir Technologies
Category: Initial Access
Content: The threat actor claims to have leaked the Webmail Access of Palantir Technologies.
Date: 2026-02-01T04:49:41Z
Network: openweb
Published URL: https://breachforums.bf/Thread-PALANTIR-Webmail-Link
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a53be580-82aa-4428-88a8-fba982e0cf97.png
Threat Actors: Spearr
Victim Country: USA
Victim Industry: Government Relations
Victim Organization: palantir technologies
Victim Site: palantir.com
Z-BL4CX-H4T.ID targets the website of Nano Medical Clinic
Category: Defacement
Content: Group claims to have defaced the website of Nano Medical Clinic.
Date: 2026-02-01T04:47:19Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/49
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/15503057-85e4-4b8a-be58-eff79e2ec6ea.png
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: USA
Victim Industry: Hospital & Health Care
Victim Organization: nano medical clinic
Victim Site: app.nanoclinic.com
UNDERGROUND-NET targets the website of BUMN House
Category: Defacement
Content: Group claims to have defaced the website of BUMN HouseMirror link: https://defacer.id/mirror/id/235073
Date: 2026-02-01T04:06:51Z
Network: telegram
Published URL: https://t.me/c/2195292966/1264
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c745b5ce-9700-4b15-835c-1d042a22c7ac.png
Threat Actors: UNDERGROUND-NET
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: bumn house
Victim Site: rumah-bumn.id
UNDERGROUND-NET targets the website of PT Bank Perekonomi Rakyat (BPR) Swadhanamas Pakto
Category: Defacement
Content: Group claims to have defaced the website of PT Bank Perekonomi Rakyat (BPR) Swadhanamas PaktoMirror link: https://defacer.id/mirror/id/235076
Date: 2026-02-01T03:56:36Z
Network: telegram
Published URL: https://t.me/c/2195292966/1267
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f4ad4119-c4bc-444b-9e12-4a1b7da4717d.png
Threat Actors: UNDERGROUND-NET
Victim Country: Indonesia
Victim Industry: Banking & Mortgage
Victim Organization: pt bank perekonomi rakyat (bpr) swadhanamas pakto
Victim Site: bprswadhanamaspakto.co.id
UNDERGROUND-NET targets the website of PSMK Field of West Java Provincial Education Office
Category: Defacement
Content: Group claims to have defaced the website of PSMK Field of West Java Provincial Education OfficeMirror link: https://defacer.id/mirror/id/235075
Date: 2026-02-01T03:52:47Z
Network: telegram
Published URL: https://t.me/c/2195292966/1266
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/62e8048b-ad8b-4aa8-8c1e-292ecb6a6871.png
Threat Actors: UNDERGROUND-NET
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: psmk field of west java provincial education office
Victim Site: psmk.jabarprov.go.id
Alleged sale of Egyptian medical lab Patient data
Category: Data Breach
Content: Threat actor claims to be selling patient records allegedly obtained from multiple major medical laboratories in Egypt, comprising ~5,529 records with personal, contact, and diagnostic details, dated between December 2025 and January 2026.
Date: 2026-02-01T03:47:01Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-Egypt-Patients%C2%A0data-from-top-medical-labs
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/98922da0-0495-4d96-a138-527158f32341.png
Threat Actors: CrowStealer
Victim Country: Egypt
Victim Industry: Hospital & Health Care
Victim Organization: Unknown
Victim Site: results.u-carelabs.com
UNDERGROUND-NET targets the website of Online Reporting System (SLO) – IOSH Indonesia
Category: Defacement
Content: Group claims to have defaced the website of Online Reporting System (SLO) – IOSH IndonesiaMirror link: https://defacer.id/mirror/id/235074
Date: 2026-02-01T03:28:00Z
Network: telegram
Published URL: https://t.me/c/2195292966/1265
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c08d55f5-4d4d-47a8-a6c7-45cf67b9f208.png
Threat Actors: UNDERGROUND-NET
Victim Country: Indonesia
Victim Industry: Management Consulting
Victim Organization: online reporting system (slo) – iosh indonesia
Victim Site: slo-iosh.id
Alleged data leak of Apparel & Accessories retail shop Australia
Category: Data Breach
Content: Threat actor claims to be selling data from an unidentified Apparel & Accessories retail store in Australia.
Date: 2026-02-01T03:18:54Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274890/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dc03747e-b7d3-48d6-a98c-b17f47c234ea.png
https://d34iuop8pidsy8.cloudfront.net/3e58da42-54c5-4858-a5d0-71df18deeb3f.png
Threat Actors: GeeksforGeeks
Victim Country: Australia
Victim Industry: Retail Industry
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Chennai Central Co-operative Bank Ltd
Category: Data Breach
Content: Threat actor claims to have obtained data from Chennai Central Co-operative Bank Ltd.
Date: 2026-02-01T02:29:37Z
Network: telegram
Published URL: https://t.me/c/2705921599/164
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6402c60b-2801-4890-8c94-e4b2dd2e177b.png
Threat Actors: Sy-Root
Victim Country: India
Victim Industry: Banking & Mortgage
Victim Organization: chennai central co-operative bank ltd
Victim Site: chennaiccb.bank.in
Alleged Data Sale of Uganda Public Service Commission database
Category: Data Breach
Content: The threat actor claims to be selling a database of Uganda Public Service Commission portal data, the dataset contains personal and identification details of applicants.
Date: 2026-02-01T00:56:20Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-Uganda-official-government-job-application–66571
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/feab8701-ac14-4ee3-87a4-b6e80142be95.png
Threat Actors: daku
Victim Country: Uganda
Victim Industry: Government Administration
Victim Organization: uganda public service commission (psc)
Victim Site: vacancies.psc.go.ug
Alleged data breach of Fars News Agency
Category: Data Breach
Content: Group claims to have gained access and leaked data belonging to Fars News Agency. The compromised data includes personal information.NB: The organization was previously breached on January 26, 2025.
Date: 2026-02-01T00:47:57Z
Network: telegram
Published URL: https://t.me/shadow_cyber/254
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5c16386b-e770-4553-a5f3-37dce7e36da7.png
Threat Actors: Shadow Cyber Security
Victim Country: Iran
Victim Industry: Broadcast Media
Victim Organization: fars news agency
Victim Site: farsnews.ir
Alleged data breach of Peoples Mojahedin Organization of Iran
Category: Data Breach
Content: Group claims to have accessed and leaked data belonging to Peoples Mojahedin Organization of Iran. The compromised data includes several personal documents.
Date: 2026-02-01T00:36:37Z
Network: telegram
Published URL: https://t.me/shadow_cyber/257
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7fb240db-dc8e-4889-9464-9ccc72e29d90.png
Threat Actors: Shadow Cyber Security
Victim Country: Iran
Victim Industry: Political Organization
Victim Organization: peoples mojahedin organization of iran
Victim Site: mojahedin.org
Alleged unauthorized access to unidentified government agency of Russian Federation
Category: Initial Access
Content: The group claims to have gained unauthorized access to unidentified government agency of Russian Federation.
Date: 2026-02-01T00:23:50Z
Network: telegram
Published URL: https://t.me/shadow_cyber/255
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/78c6756c-53cd-4274-8a8e-d9532915db13.png
Threat Actors: Shadow Cyber Security
Victim Country: Russia
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Tehrans Prisons
Category: Data Breach
Content: Group claims to have leaked data belonging to Tehrans Prisons. The compromised data includes name, phone number and residential addresses.
Date: 2026-02-01T00:04:36Z
Network: telegram
Published URL: https://t.me/shadow_cyber/253
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/336b0946-e455-4191-8917-b6ab86020911.png
Threat Actors: Shadow Cyber Security
Victim Country: Iran
Victim Industry: Law Enforcement
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Armée de Terre Documents
Category: Data Breach
Content: The threat actor claims to have breached the database of Armée de Terre Documents.
Date: 2026-02-01T00:03:59Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DOCUMENTS-defense-gouv-fr-Arm%C3%A9e-de-Terre-docs
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9ddf11dd-6a01-4449-9e2b-3a7ca7b2c785.png
Threat Actors: Angel_Batista
Victim Country: France
Victim Industry: Defense & Space
Victim Organization: armée de terre
Victim Site: defense.gouv.fr