1. Executive Summary & Methodological Overview
This report provides a granular analysis of a series of recent cyber incidents, relying strictly on the provided draft data detailing 95 distinct cybersecurity events. The dataset represents a critical cross-section of global cybercriminal activity, capturing a snapshot of operations across various networks, including the openweb, Telegram, and the Tor network.
The incidents are fundamentally categorized into three primary vectors: Data Breaches, which involve the unauthorized extraction and exposure of sensitive organizational or personal data; Initial Access, encompassing the brokering and sale of unauthorized entry points (such as webshells, WordPress admin panels, and SCADA systems) to corporate or government networks; and Defacements, representing digital vandalism aimed at altering the visual appearance of target websites.
The scale of these attacks is global, impacting nations ranging from the United States, India, and France to Japan, Brazil, and Denmark. The targeted sectors are equally diverse, including critical military infrastructure, government administration, education, financial services, retail, and manufacturing.
2. High-Impact Threats: National Security & Critical Infrastructure
The most alarming subset of the provided data involves direct compromises of national security apparatuses and operational technology (OT) systems managing physical infrastructure.
2.1 Military and Government Intelligence Breaches
The dataset reveals severe breaches targeting state-level military and administrative entities.
- A threat actor known as Cardinal claimed a massive data breach against the Danish Ministry of Defence.
- The leaked materials are allegedly classified as “TOP SECRET” Danish military documents.
- The compromised data includes highly sensitive operational details, such as materials referencing covert deployments to Ukraine.
- Furthermore, the leak exposes state‑level information‑operations planning.
- Crucially, the actor leaked a directive labeled “Operation Northwind,” which allegedly details offensive cyber measures targeting foreign critical infrastructure.
- Similarly, the Shamsheer Ali Team claimed a severe data breach affecting the US Air Force and Navy.
- This breach reportedly exposed data related to US military placements specifically within the Asia-Pacific region.
- The compromised information includes highly sensitive operational blueprints.
- The exposed personnel records are extensive, allegedly containing IDs, Social Security Numbers (SSNs), names, ranks, units, and specific roles.
- Additionally, the leak includes status updates, base locations, and specific security clearance levels.
- Highly personal and operational data such as blood types, join dates, last deployment details, medical statuses, weapon qualifications, and internal notes were also compromised.
- In Argentina, a threat actor named USDT claimed a data breach targeting the Chief of Cabinet via the site tramitesadistancia.gob.ar.
- This threat actor is actively selling a dataset allegedly containing 58,680 identified photos.
- These photos are in PNG format and correspond directly to national identity document (DNI) numbers.
2.2 SCADA and Operational Technology (OT) Compromises
Beyond data theft, threat actors have actively targeted systems that control physical environments.
- The group 404 CREW CYBER TEAM claimed an initial access compromise targeting a German manufacturing entity, ASSISTEC Schaltanlagen GmbH & Co. KG.
- This group successfully gained unauthorized access directly to the organization’s Supervisory Control and Data Acquisition (SCADA) system.
- In a deeply concerning incident in Japan, the threat actor NoName057(16) claimed initial access to an unidentified greenhouse management system.
- This access reportedly grants the threat actors the ability to manipulate critical climate conditions.
- The compromised controls include ventilation systems, heating mechanisms, window operations, and various environmental sensors.
- The threat actors explicitly stated that manipulating these systems could be done in ways that would directly damage crops and severely impact agricultural yields.
3. Extensive Analysis of Data Breach Incidents
Data breaches constitute a significant portion of the threat landscape in the provided report, characterized by the mass exfiltration of Personally Identifiable Information (PII), financial records, and corporate data.
3.1 Corporate and IT Services Breaches
- The threat actor minielepent claimed a massive data breach against Hansa Solutions in India.
- This breach allegedly followed a network-wide compromise that occurred earlier in January 2026.
- The initial dataset includes an 88GB Microsoft Exchange EDB file.
- This file contains executive and employee emails, internal calendars, contact lists, email attachments, and internal communications.
- It also contains extensive customer information and general mailbox data.
- The threat actor claims to have accessed five additional servers, acquiring approximately 404GB of further data.
- These servers included both development and operational/internal environments.
- This brings the total size of the compromised dataset to roughly 494GB.
- The comprehensive data includes customer records, transaction histories, and internal communications that specifically reference system errors.
- It also exposes partner-related information and sensitive organizational structure details.
- In France, the actor p0ppin claimed a data breach against Gustave, an automotive fleet management company.
- The compromised data reportedly includes user IDs, account creation dates, names, industry classifications, and specific invoice details.
- The leak also exposes location data including city, country, ZIP code, and specific address lines.
- Another threat actor, Z-SH4DOWSPEECH, claimed a data breach targeting EDI by DESIGN in the USA.
- The compromised data for this IT services firm reportedly includes information schema, MySQL databases, and performance schema details.
- The actor IntelShadow claimed a data breach of Consiga, an IT services firm in Spain.
- The threat actor claimed to have leaked the complete database of the company.
- This exposed client and business records, including names, emails, phone numbers, invoices, orders, and specific sales data.
- The dataset allegedly contains highly sensitive customer and transaction information directly related to the company’s digitalization services.
3.2 Consumer Data and Lead Generation Breaches
- The threat actor betway claimed to be selling a massive dataset of 507,000 private consumer leads from Spain.
- These leads were allegedly collected from specific advertising campaigns targeting individuals with luxury interests.
- The dataset includes names, phone/mobile numbers, personal emails, and country details.
- The data is currently listed for $2,000.
- The actor claims the data is highly unique, containing 400k distinct phone numbers and 422k unique emails.
- Another actor, rassvettt, claimed a data leak involving a 687k phone leads database.
- This database was allegedly obtained from a flower delivery service operating in Spain.
- The dataset includes full names, specific addresses, cities, ZIP codes, and phone numbers.
- The threat actor 13lula13 claimed a data breach targeting LeBillet, an event services company in Brazil.
- The compromised data includes detailed customer information such as user IDs, names, passwords, emails, identification numbers, and cell phone numbers.
- It also contains dates of birth, physical addresses, and highly sensitive picture data, including face pictures and document pictures.
- The threat actor explicitly noted that this data was extracted previously on December 12, 2023.
- The actor cry1ngb1tch6x6 claimed to be selling the database of Chez Switch, a consumer services operator in France.
- The compromised data includes extensive personal details such as titles, names, phone numbers, emails, passwords, birth details, and physical addresses.
- Crucially, it includes sensitive financial information, specifically IBAN and BIC numbers.
- The leak also exposes personal documents, including IDs, passports, and address proofs complete with pictures of the individuals.
- The prominent threat actor ShinyHunters claimed a massive data breach of Figure Technology Solutions, Inc. in the USA.
- The actor claimed to have leaked 2.5 GB of data containing Personally Identifiable Information (PII).
- This specific incident was published on the Tor network.
3.3 Financial, Educational, and Government Breaches
- The threat actor agent7001 claimed the sale of a database belonging to Dinar Investment in Saudi Arabia.
- The compromised data explicitly includes investor numbers, their personal IDs, and their legal registrations.
- This breach is reported to affect approximately 7,000 distinct investors.
- In the education sector, Z-SH4DOWSPEECH claimed a data breach of Edubrate Academy in India.
- The compromised data includes user IDs, usernames, emails, confirmed external service IDs, and full names.
- The same actor, Z-SH4DOWSPEECH, claimed a breach of Universidad de Sonora in Mexico.
- This compromised dataset reportedly includes usernames, email addresses, and passwords.
- At the government level, the actor MrLolzzz claimed a data breach affecting multiple regional districts in Indonesia.
- The targeted districts explicitly include Kabupaten Gorontalo, Kabupaten Bone Bolango, Kabupaten Pohuwato, Kabupaten Gorut, and Kabupaten Boalemo.
- Similarly, IntelShadow claimed a data breach of Municipalidad Distrital de Mejía in Peru.
- The compromised data includes ID and case numbers, full names, and National Identity Document (DNI) numbers.
- It also exposes specific addresses (including department, province, and district), email addresses, and phone numbers.
- The threat actor anim3 claimed a data leak involving Medan City Vehicles in Indonesia.
- This leak involves 2,000 periodic test application receipts.
- The exposed data contains registration numbers, vehicle numbers, engine numbers, vehicle brands, vehicle types, owners’ names, and owners’ addresses.
4. Extensive Analysis of Defacement Campaigns
Defacement represents a highly visible form of cyberattack where actors alter the visual appearance of a website, often for notoriety, hacktivism, or to demonstrate capability. The dataset highlights several highly active defacement groups operating primarily on Telegram.
4.1 The HaxChipper Campaign
The group HaxChipper emerges as the most prolific defacement actor in this dataset, executing a wide-ranging campaign across multiple countries and industries.
- In the UAE, HaxChipper defaced the website of Total Industrial Solutions Trading (TIST Gulf), an organization in the Manufacturing & Industrial Products sector.
- They also targeted the UAE-based Servigens Business Group, an entity operating in Management Consulting.
- In Saudi Arabia, they defaced Zaha Al Aliya, an Information Technology (IT) Services firm.
- The vast majority of HaxChipper’s targets were located in India, spanning numerous sectors.
- Political organizations were targeted, specifically the website of T V Ibrahim.
- The Leisure, Hospitality, and Tourism industries were heavily targeted, with defacements of Travel Zona Holidays and Yathrawala Holidays.
- The Education sector saw the defacement of Skilshore Education.
- In the Airlines & Aviation sector, they compromised PAM Airport Services LLP.
- IT Services were targeted again with the defacement of ONFLAP TECHNOLOGIES PRIVATE LIMITED.
- Retail, E-commerce, and Consumer Goods were impacted through the defacements of Rahman World Pvt Ltd (Furniture), Right Agencies, and NESMEE Foods & Exports.
- Media and Publishing sites were defaced, including Odadoz and Nayel.
- Graphic & Web Design firm Pixel Street was also successfully defaced.
- In Europe, HaxChipper targeted a Polish website, nika.pure.color.media.
4.2 The BROTHERHOOD CAPUNG INDONESIA Campaign
This group executed a highly focused and systemic defacement campaign specifically targeting multiple subdomains of a single primary infrastructure, https://www.google.com/search?q=razortechtraining.com.
- They claimed defacements on the subdomain asalhttps://www.google.com/search?q=razortechtraining.com.
- They targeted francys.https://www.google.com/search?q=razortechtraining.com.
- They compromised groupd.https://www.google.com/search?q=razortechtraining.com.
- They defaced rashad.https://www.google.com/search?q=razortechtraining.com.
- They successfully targeted sitygym.https://www.google.com/search?q=razortechtraining.com.
- The subdomain calebu.https://www.google.com/search?q=razortechtraining.com was defaced.
- They compromised askydeal.https://www.google.com/search?q=razortechtraining.com.
- The subdomain francy.https://www.google.com/search?q=razortechtraining.com was targeted.
- They defaced riyadh.https://www.google.com/search?q=razortechtraining.com, which is associated with Saudi Arabia.
- They compromised mumbere.https://www.google.com/search?q=razortechtraining.com.
- Finally, they defaced zamzam.https://www.google.com/search?q=razortechtraining.com.
4.3 BABAYO EROR SYSTEM, DEFACER INDONESIAN TEAM, and Other Actors
- The group BABAYO EROR SYSTEM claimed multiple defacements across various regions.
- In India, they defaced consistent-teal-otter.upfoxxmedia.com, a subdomain of Upfoxx Media operating in Marketing, Advertising & Sales.
- They also defaced the website of WeBFooT, a retail industry organization in India.
- In Armenia, they targeted wave.blumix.net, a subdomain of the software development firm Blumix.
- They also claimed the defacement of the unidentified site ordering.adroisites.com.
- The DEFACER INDONESIAN TEAM targeted dd1.insectastudios.com.
- They also claimed the defacement of thecobweb.insectastudios.com, associated with Insecta Studios in Nigeria, a marketing and advertising firm.
- The group 7 Proxies focused on the education sector, claiming the defacement of the website belonging to Govt. Safar Ali College in Bangladesh.
- The HellR00ters Team targeted the financial sector, claiming the defacement of Mainstreet Microfinance Bank Limited in Nigeria.
5. Extensive Analysis of Initial Access and Webshell Brokering
The brokering of Initial Access—selling the “keys to the kingdom” to other threat actors—is a critical threat vector documented heavily in this dataset.
5.1 Content Management System (CMS) Admin Access Sales
- The threat actor TreeWater is highly active in selling unauthorized administrative access, primarily to WordPress-based online stores.
- They claimed to be selling unauthorized administrative access to a UAE-based WordPress online store.
- They offered unauthorized WordPress admin access to an Australia-based shop, explicitly stating that shell access was already deployed.
- They also claimed to be selling unauthorized administrative access to a USA-based WordPress online store.
- Similarly, ParanoiaDe claimed the sale of unauthorized admin access to a WordPress shop in the USA.
- The actor Reve focused on European targets, claiming to sell unauthorized WordPress admin access to a Denmark-based online shop.
- Reve also claimed the sale of unauthorized admin access to an unidentified online shop in the UK.
- Furthermore, Reve offered unauthorized admin access to an unidentified online shop in Germany.
- Targeting a different CMS, the actor ed1n1ca claimed to be selling unauthorized access to a PrestaShop-based online store located in Italy.
- The actor Emperorcvv claimed to be selling unauthorized access related to PrestaShop based e-commerce platforms operating in Portugal and other EU regions.
5.2 Enterprise Server and Domain Access Compromises
- The threat actor Anon-WMG claimed the highly lucrative sale of unauthorized FTP server access.
- This access targets a France-based corporation operating in the Content & Collaboration Software industry.
- The targeted company allegedly generates approximately $87 million in annual revenue.
- The actor advertises access to over 2,000 sensitive files, totaling around 150GB of raw data.
- This data explicitly includes critical infrastructure components such as VPN files, server files, database files, system backups, and corporate contracts.
- The actor malaria claimed to be selling unauthorized access directly to a production environment associated with a USA-based organization.
- In South America, the threat actor Big-Bro claimed to be selling unauthorized domain user access to a law firm based in Brazil.
- The group 404 CREW CYBER TEAM claimed to have leaked the administrative credentials to Cambridge City Square, a retail industry entity in Indonesia.
- The group Infrastructure Destruction Squad claimed to have gained direct access to Arizon Companies, a machinery manufacturing firm in the USA.
- The group RipperSec claimed to have taken down the website of Woori Bank, a major financial services organization in South Korea. (While categorized as Initial Access in the data, the action described is a takedown) .
5.3 Mass Webshell Distribution via Telegram
Two threat actors, Gugugaga and Z-SH4DOWSPEECH, dominated the distribution of webshells via Telegram channels, effectively offering immediate backdoor access to compromised servers.
- Gugugaga’s Operations:
- Leaked webshell access to Madina Bright Academy (Education) in Indonesia.
- Leaked webshell access to Marhaba Technical (Consumer Services) in the UAE.
- Leaked webshell access to Saleemi Expert (Marketing/Advertising) in Pakistan.
- Leaked webshell access to Mevo italia (Consumer Goods) in Italy.
- Leaked webshell access to MEVO (Consumer Goods) in Italy.
- Leaked webshell access to Hbrheinentwicklers (Consumer Electronics) in Germany.
- Leaked webshell access to Excellent Abrasive (Machinery Manufacturing) in India.
- Leaked webshell access to Bisirim (E-commerce) in Antigua and Barbuda.
- Leaked webshell access to AbhTraders (International Trade) in Pakistan.
- Leaked webshell access to eljefeps.com (Food & Beverages) in Antigua and Barbuda.
- Leaked webshell access to DadliCode.
- Additionally, Gugugaga leaked the login credentials to Hanger28 (Retail) in Italy.
- Leaked login credentials to CBDITALY (E-commerce) in Latvia.
- Leaked login credentials to the Universitas Gunadarma Student Site in Indonesia.
- Z-SH4DOWSPEECH’s Operations (Focus on Indian Education):
- This actor executed a highly targeted campaign against the Indian education and non-profit sectors.
- They claimed to have leaked web shell access to Pansare Mahavidyalaya, Arjapur.
- They leaked web shell access to Samata Shikshan Sanstha.
- They gained unauthorized web shell access to Loknete Gopinathji Munde Arts, Commerce & Science College.
- They gained unauthorized web shell access to Bhagwan Mahavidyalaya.
- They gained unauthorized web shell access to Mahatma Phule Nutan Mahavidyalaya, Mirajgaon.
- They leaked web shell access to Shrimant Bhaiyyasaheb Rajemane Mahavidyalaya Mhaswad.
5.4 Physical Surveillance (CCTV) Compromises
A deeply concerning trend within the Initial Access category is the unauthorized access and sale of physical surveillance camera feeds.
- The threat actor dosifey claimed to be selling unauthorized access to an astounding 70,000 surveillance cameras across Brazil.
- These compromised devices reportedly include cameras installed in private residential properties and large condominium complexes.
- In Europe, the group Z-PENTEST ALLIANCE claimed to have accessed a live CCTV system from a bakery in Spain.
- The group reportedly observed highly sensitive physical operations, including staff activity, customer presence, and the shop’s specific closing procedures.
6. Strategic Conclusion and Mitigation Recommendations
The 95 incidents analyzed in this report, strictly derived from the provided dataset, paint a grim picture of a highly active, geographically diverse, and technologically varied cyber threat landscape.
Threat actors are not monolithic; they range from dedicated Initial Access Brokers (IABs) like TreeWater and Reve, who commoditize entry into corporate environments, to highly disruptive defacement groups like HaxChipper and BROTHERHOOD CAPUNG INDONESIA, who operate with impunity across specific regions and digital infrastructures. Furthermore, the mass distribution of webshells via Telegram by actors like Gugugaga and Z-SH4DOWSPEECH represents a severe escalation in the speed at which backdoors are proliferated on the open market.
Most critically, the targeting of national defense apparatuses (such as the Danish Ministry of Defence and the US Air Force/Navy) and Operational Technology systems (such as the Japanese greenhouse SCADA systems and the German ASSISTEC SCADA systems) elevates these cyber incidents from corporate data loss to matters of direct physical and national security.
Based strictly on the threat vectors identified in the draft data, organizations must adopt the following critical mitigation strategies:
- Aggressive CMS and Plugin Patching: The vast number of WordPress and PrestaShop admin access sales indicates systemic failures in web application patching and credential management. Multi-factor authentication (MFA) must be enforced on all administrative panels.
- SCADA and OT Isolation: Industrial control systems and environmental management systems must be air-gapped or placed behind strict, Zero-Trust architectural boundaries to prevent the catastrophic physical manipulation demonstrated by the NoName057(16) claims.
- Proactive Webshell Sweeping: Given the prolific distribution of webshells by actors on Telegram, organizations—particularly in the targeted Education and IT sectors—must conduct immediate, deep-level file integrity monitoring and proactive sweeping of their public-facing web directories.
- IoT and CCTV Hardening: The compromise of 70,000 cameras in Brazil highlights the severe risk of default credentials and unpatched firmware in Internet of Things (IoT) devices. Strict network segmentation for surveillance systems is mandatory.
Detected Incidents Draft Data
- Alleged sale of 507K private leads from Spain
Category: Data Breach
Content: Threat actor claims to be selling 507,000 private Spain consumer leads, allegedly collected from advertising campaigns targeting luxury interests. The dataset reportedly includes names, phone/mobile numbers, personal emails, and country details. The data is listed for $2,000 with claimed uniqueness of 400k phones and 422k emails.
Date: 2026-02-13T23:36:31Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275976/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dee87b25-bdad-4254-b312-f237ed050a85.png
Threat Actors: betway
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - HaxChipper targets the website of Total Industrial Solutions Trading (TIST Gulf)
Category: Defacement
Content: The group claims to have defaced the website of Total Industrial Solutions Trading (TIST Gulf)
Date: 2026-02-13T22:37:23Z
Network: telegram
Published URL: https://t.me/HaxChipper/118
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4117200b-47b5-4a76-9425-d1059ed85a55.png
Threat Actors: HaxChipper
Victim Country: UAE
Victim Industry: Manufacturing & Industrial Products
Victim Organization: total industrial solutions trading (tist gulf)
Victim Site: tistgulf.com - Alleged sale of unauthorized WordPress admin access to UAE-based website
Category: Initial Access
Content: The threat actor claims to be selling unauthorized administrative access to a UAE-based WordPress online store.
Date: 2026-02-13T22:33:44Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275970/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c85eb7f5-325f-44cd-b8b7-2311e90468bc.png
Threat Actors: TreeWater
Victim Country: UAE
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Breach of Hansa Solutions
Category: Data Breach
Content: Threat Actor claims to have breached the database of Hansa Solutions in India following a reported network-wide breach in January 2026. The dataset includes an 88GB Microsoft Exchange EDB file containing executive and employee emails, calendars, contacts, attachments, internal communications, customer information, and mailbox data. It further claims access to five servers totaling approximately 404GB, including development and operational/internal servers, bringing the total dataset size to around 494GB. The data allegedly includes customer records, transaction histories, internal communications referencing system errors, partner-related information, and organizational structure details.
Date: 2026-02-13T21:44:21Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275972/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/905da5b4-b65f-4548-8433-9c82441e4f6c.png
https://d34iuop8pidsy8.cloudfront.net/df6daf99-d1cf-4882-a76d-31f610040095.png
https://d34iuop8pidsy8.cloudfront.net/7ffe2761-67f2-4c26-8e1a-9d58f726dd49.png
https://d34iuop8pidsy8.cloudfront.net/1f051eaf-4b9e-46aa-b7cf-ce56636f771a.png
Threat Actors: minielepent
Victim Country: India
Victim Industry: Information Technology (IT) Services
Victim Organization: hansa solutions
Victim Site: hansasolutions.com - HaxChipper targets the website of T V Ibrahim
Category: Defacement
Content: The group claims to have defaced the website of T V Ibrahim
Date: 2026-02-13T21:22:56Z
Network: telegram
Published URL: https://t.me/HaxChipper/118
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cbef5ecc-fbba-4de2-9e25-e08010bfffb0.png
Threat Actors: HaxChipper
Victim Country: India
Victim Industry: Political Organization
Victim Organization: t v ibrahim
Victim Site: tvibrahim.com - Alleged Sale of Unauthorized Admin Access to a WordPress Shop in Australia
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized WordPress admin access to an Australia-based shop, stating that shell access is already deployed.
Date: 2026-02-13T21:16:17Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275971/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/df3031f8-124f-4986-828d-64338560c5bf.png
Threat Actors: TreeWater
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - HaxChipper targets the website of Travel Zona Holidays
Category: Defacement
Content: The group claims to have defaced the website of Travel Zona Holidays
Date: 2026-02-13T21:05:10Z
Network: telegram
Published URL: https://t.me/HaxChipper/118
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/84deb74c-14bf-47a2-bfa7-9081b62b0b74.png
Threat Actors: HaxChipper
Victim Country: India
Victim Industry: Leisure & Travel
Victim Organization: travel zona holidays
Victim Site: travelzona.in - HaxChipper targets the website of Skilshore Education
Category: Defacement
Content: The group claims to have defaced the website of Skilshore Education
Date: 2026-02-13T21:02:03Z
Network: telegram
Published URL: https://t.me/HaxChipper/118
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ed3f5f82-adad-4e60-807a-9d1b7fa4a5ab.png
Threat Actors: HaxChipper
Victim Country: India
Victim Industry: Education
Victim Organization: skilshore education
Victim Site: skilshore.com - HaxChipper targets the website of Servigens Business Group
Category: Defacement
Content: The Group claims to have defaced the website of Servigens Business Group.
Date: 2026-02-13T20:42:18Z
Network: telegram
Published URL: https://t.me/HaxChipper/118
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5f6f15f9-56db-4e4c-ae97-12c2fd9fc92f.png
Threat Actors: HaxChipper
Victim Country: UAE
Victim Industry: Management Consulting
Victim Organization: servigens business group
Victim Site: servigens.com - HaxChipper targets the website of Zaha Al Aliya
Category: Defacement
Content: The Group claims to have defaced the website of Zaha Al Aliya
Date: 2026-02-13T20:34:02Z
Network: telegram
Published URL: https://t.me/HaxChipper/118
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/04ac2c6e-dadb-41bd-8a04-f86c3d32c6cd.jpg
Threat Actors: HaxChipper
Victim Country: Saudi Arabia
Victim Industry: Information Technology (IT) Services
Victim Organization: zaha al aliya
Victim Site: zahaalaliya.com - Alleged data leak of Danish Ministry of Defence
Category: Data Breach
Content: The group claims to have leaked TOP SECRET Danish military documents, including materials referencing covert deployments to Ukraine, state‑level information‑operations planning, and a directive called Operation Northwind that allegedly describes offensive cyber measures targeting foreign critical infrastructure.
Date: 2026-02-13T20:31:58Z
Network: telegram
Published URL: https://t.me/c/2182428249/6007
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/01fbd8e1-c538-42cc-bd99-6a0f45cafe6a.png
https://d34iuop8pidsy8.cloudfront.net/d07d0e25-304c-4aaf-a7c7-32da0bb82996.png
https://d34iuop8pidsy8.cloudfront.net/02bc98b8-d12b-426e-8e7a-dd92394345d6.png
Threat Actors: Cardinal
Victim Country: Denmark
Victim Industry: Government Administration
Victim Organization: ministry of defence
Victim Site: fmn.dk - Alleged sale of unauthorized WordPress admin access to USA-based website
Category: Initial Access
Content: The threat actor claims to be selling unauthorized administrative access to a USA-based WordPress online store.
Date: 2026-02-13T20:28:43Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275967/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/76149e75-f21e-4aaa-9c21-1a7b4b223609.png
Threat Actors: TreeWater
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Sale of Unauthorized Admin Access to a WordPress Shop in USA
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized admin access to a WordPress shop in USA.
Date: 2026-02-13T20:25:18Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275960/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c0010b12-d655-40f8-9771-ef450328e0b2.png
Threat Actors: ParanoiaDe
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - HaxChipper targets the website of Rahman World Pvt Ltd
Category: Defacement
Content: The Group claims to have defaced the website of Rahman World Pvt Ltd in India.
Date: 2026-02-13T20:18:44Z
Network: telegram
Published URL: https://t.me/HaxChipper/118
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/19721e61-9e33-46a4-946b-d948ce7488d3.png
Threat Actors: HaxChipper
Victim Country: India
Victim Industry: Furniture
Victim Organization: rahman world pvt ltd
Victim Site: rahmanworld.in - HaxChipper targets the website of Yathrawala Holidays
Category: Defacement
Content: The Group claims to have defaced the website of Yathrawala Holidays
Date: 2026-02-13T20:12:53Z
Network: telegram
Published URL: https://t.me/HaxChipper/118
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b8f5fb57-dce0-4b5b-a2f8-477329cb4ae8.jpg
Threat Actors: HaxChipper
Victim Country: India
Victim Industry: Hospitality & Tourism
Victim Organization: yathrawala holidays
Victim Site: yathrawala.com - HaxChipper targets the website of PAM Airport Services LLP
Category: Defacement
Content: The Group claims to have defaced the website of PAM Airport Services LLP in India.
Date: 2026-02-13T20:10:17Z
Network: telegram
Published URL: https://t.me/HaxChipper/118
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c3e488b4-8920-423e-b159-41ec5e0c3544.png
Threat Actors: HaxChipper
Victim Country: India
Victim Industry: Airlines & Aviation
Victim Organization: pam airport services llp
Victim Site: pamairportservices.com - Alleged unauthorized access to the SCADA system of ASSISTEC Schaltanlagen GmbH & Co. KG
Category: Initial Access
Content: The group claims to have gained unauthorized access to the SCADA system of ASSISTEC Schaltanlagen GmbH & Co. KG.
Date: 2026-02-13T20:00:46Z
Network: telegram
Published URL: https://t.me/crewcyber/685
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d8cf5407-0ad0-4cf7-b141-a9e2638a531e.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: Germany
Victim Industry: Electrical & Electronic Manufacturing
Victim Organization: assistec schaltanlagen gmbh & co. kg
Victim Site: assistec.de - Alleged sale of unauthorized production server access to USA-based organization
Category: Initial Access
Content: The threat actor claims to be selling unauthorized access to a production environment associated with a USA-based organization.
Date: 2026-02-13T19:59:06Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275963/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b8a3de07-3a21-48bf-8a82-eec63c23ec04.png
Threat Actors: malaria
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - HaxChipper targets the website of ONFLAP TECHNOLOGIES PRIVATE LIMITED
Category: Defacement
Content: The Group claims to have defaced the website of ONFLAP TECHNOLOGIES PRIVATE LIMITED in India.
Date: 2026-02-13T19:43:11Z
Network: telegram
Published URL: https://t.me/HaxChipper/118
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3ee92950-e7dd-4495-a2f0-0198de11a0cc.png
Threat Actors: HaxChipper
Victim Country: India
Victim Industry: Information Technology (IT) Services
Victim Organization: onflap technologies private limited
Victim Site: onflap.com - 7 Proxies targets the website of Govt. Safar Ali College
Category: Defacement
Content: The group claims to have defaced the website of Govt. Safar Ali College
Date: 2026-02-13T19:37:39Z
Network: telegram
Published URL: https://t.me/c/2366703983/1030
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/08d42086-91fa-4efb-a450-ba497a31b5c7.jpg
Threat Actors: 7 Proxies
Victim Country: Bangladesh
Victim Industry: Education
Victim Organization: govt. safar ali college
Victim Site: gsacollege.edu.bd - HaxChipper targets the website of Right Agencies
Category: Defacement
Content: The Group claims to have defaced the website of Right Agencies.
Date: 2026-02-13T19:10:33Z
Network: telegram
Published URL: https://t.me/HaxChipper/118
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/38dc6ea1-6d85-42b9-bfab-e105e5eaea5b.png
Threat Actors: HaxChipper
Victim Country: India
Victim Industry: E-commerce & Online Stores
Victim Organization: right agencies
Victim Site: rightagencies.com - HaxChipper targets the website of Odadoz
Category: Defacement
Content: The Group claims to have defaced the website of Odadoz
Date: 2026-02-13T18:48:07Z
Network: telegram
Published URL: https://t.me/HaxChipper/118
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bfc61be6-6365-4ce7-917e-d21f6b509191.png
Threat Actors: HaxChipper
Victim Country: India
Victim Industry: Media Production
Victim Organization: odadoz
Victim Site: odadoz.in - HaxChipper targets the website of Nayel
Category: Defacement
Content: The Group claims to have defaced the website of Nayel
Date: 2026-02-13T18:47:19Z
Network: telegram
Published URL: https://t.me/HaxChipper/118
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/55d5fd14-c971-43e4-8003-db4f32959120.png
Threat Actors: HaxChipper
Victim Country: India
Victim Industry: Online Publishing
Victim Organization: nayel
Victim Site: nayel.in - HaxChipper targets the website of NESMEE Foods & Exports
Category: Defacement
Content: The Group claims to have defaced the website of NESMEE Foods & Exports
Date: 2026-02-13T18:30:24Z
Network: telegram
Published URL: https://t.me/HaxChipper/118
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a3491f98-c335-4681-8dd3-1dada9839081.png
Threat Actors: HaxChipper
Victim Country: India
Victim Industry: Food & Beverages
Victim Organization: nesmee foods & exports
Victim Site: nesmee.in - Alleged leak of admin credentials to Cambridge City Square
Category: Initial Access
Content: The group claims to have leaked admin credentials to Cambridge City Square
Date: 2026-02-13T18:25:05Z
Network: telegram
Published URL: https://t.me/crewcyber/684
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ced069df-798b-4f16-bd8c-058e31fb7164.jpg
Threat Actors: 404 CREW CYBER TEAM
Victim Country: Indonesia
Victim Industry: Retail Industry
Victim Organization: cambridge city square
Victim Site: cambridge.co.id - Alleged data breach of Consiga
Category: Data Breach
Content: The Threat actor claims to have leaked the complete database of Consiga, exposing client and business records including names, emails, phone numbers, invoices, orders, and sales data. The dataset allegedly contains sensitive customer and transaction information related to the company’s digitalization services.
Date: 2026-02-13T17:31:14Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-SPAIN-consiga-es-Digitalizacion-De-Empresas-En-Vigo
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8158fced-2a41-4404-858d-0f809cd3cf0d.png
https://d34iuop8pidsy8.cloudfront.net/85b7360c-6163-4360-b1d4-087ecec2e9e2.png
Threat Actors: IntelShadow
Victim Country: Spain
Victim Industry: Information Technology (IT) Services
Victim Organization: consiga
Victim Site: consiga.es - BABAYO EROR SYSTEM targets the subdomain of Upfoxx Media
Category: Defacement
Content: The group claims to have defaced the subdomain consistent-teal-otter.upfoxxmedia.com of Upfoxx Media
Date: 2026-02-13T17:19:17Z
Network: telegram
Published URL: https://t.me/c/3664625363/350
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/66450071-cd92-4118-bb3e-7c694e7f5c9b.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: India
Victim Industry: Marketing, Advertising & Sales
Victim Organization: upfoxx media
Victim Site: consistent-teal-otter.upfoxxmedia.com - BABAYO EROR SYSTEM targets the subdomain of Blumix
Category: Defacement
Content: The group claims to have defaced the subdomain wave.blumix.net of Blumix.
Date: 2026-02-13T17:06:50Z
Network: telegram
Published URL: https://t.me/c/3664625363/350
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/756dc389-54ec-48ef-8157-98b2cfb765f7.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Armenia
Victim Industry: Software Development
Victim Organization: blumix
Victim Site: wave.blumix.net - Alleged sale of unauthorized FTP server access to France-based Software Company
Category: Initial Access
Content: The threat actor claims to be selling unauthorized FTP server access to a France-based corporation operating in the Content & Collaboration Software & Software industry. The company is allegedly generating approximately $87 million in revenue. The actor advertises access to over 2,000 files totaling around 150GB of data, including VPN files, server files, database files, backups, and contracts.
Date: 2026-02-13T16:35:25Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275946/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e955c7d7-d310-4a90-8027-e58d7fd5c868.png
Threat Actors: Anon-WMG
Victim Country: France
Victim Industry: Software
Victim Organization: Unknown
Victim Site: Unknown - HaxChipper targets the website of nika.pure.color.media
Category: Defacement
Content: The group claims to have defaced the website of nika.pure.color.media
Date: 2026-02-13T16:22:53Z
Network: telegram
Published URL: https://t.me/HaxChipper/119
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ca2c77bd-f108-4c28-9a6e-cd8270f02935.png
Threat Actors: HaxChipper
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: nika.pure.color.media - HaxChipper targets the website of Pixel Street
Category: Defacement
Content: The group claims to have defaced the website of Pixel Street
Date: 2026-02-13T15:35:39Z
Network: telegram
Published URL: https://t.me/HaxChipper/119
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0f22ee41-2c8b-41b1-b10a-3e04a80c84ba.jpg
Threat Actors: HaxChipper
Victim Country: India
Victim Industry: Graphic & Web Design
Victim Organization: pixel street
Victim Site: pixelstreet.xyz - BABAYO EROR SYSTEM targets the website of WeBFooT
Category: Defacement
Content: The group claims to have defaced the website of WeBFooT
Date: 2026-02-13T15:22:42Z
Network: telegram
Published URL: https://t.me/c/3664625363/350
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/50a5dec4-f3d4-47f0-a4e1-34d4369588f7.jpg
Threat Actors: BABAYO EROR SYSTEM
Victim Country: India
Victim Industry: Retail Industry
Victim Organization: webfoot
Victim Site: webfoot.in - Alleged data leak of 687k phone leads database from flower delivery service in Spain
Category: Data Breach
Content: The threat actor claims to be selling a phone leads database allegedly obtained from a flower delivery service in Spain, containing approximately 687k records. The dataset reportedly includes full names, addresses, cities, ZIP codes, and phone numbers.
Date: 2026-02-13T15:11:03Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275942/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b431a233-e797-4dcb-aaeb-df0a957d3a4d.png
Threat Actors: rassvettt
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Kimsufi
Category: Data Breach
Content: The group claims to have breach data of Kimsufi. The compromised data reportedly includes data from homes, universities, mysql, bio apply , photos and more.
Date: 2026-02-13T14:55:43Z
Network: telegram
Published URL: https://t.me/c/2552217515/319
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/06aa60c9-935d-466b-ae11-d94250add68d.jpg
https://d34iuop8pidsy8.cloudfront.net/4f1cb33b-42fd-46ab-98eb-b60d2df83790.jpg
Threat Actors: Z-SH4DOWSPEECH
Victim Country: France
Victim Industry: Information Technology (IT) Services
Victim Organization: kimsufi
Victim Site: kimsufi.com - BROTHERHOOD CAPUNG INDONESIA targets the website of asalrazortechtraining.com
Category: Defacement
Content: The group claims to have defaced the website of asalrazortechtraining.com.
Date: 2026-02-13T14:53:38Z
Network: telegram
Published URL: https://t.me/c/3054021775/418
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/53e17069-df9f-4c67-8af9-3ad9cca14426.png
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: asalrazortechtraining.com - BROTHERHOOD CAPUNG INDONESIA targets the website of francys.razortechtraining.com
Category: Defacement
Content: The group claims to have defaced the website of francys.razortechtraining.com
Date: 2026-02-13T14:46:30Z
Network: telegram
Published URL: https://t.me/c/3054021775/418
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9fef2249-7418-408a-bcae-5a1f0261a3eb.png
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: francys.razortechtraining.com - BROTHERHOOD CAPUNG INDONESIA targets the website of groupd.razortechtraining.com
Category: Defacement
Content: The group claims to have defaced the website of groupd.razortechtraining.com
Date: 2026-02-13T14:45:23Z
Network: telegram
Published URL: https://t.me/c/3054021775/418
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/97946fe7-de56-46ac-87ab-cf1a6f102bd4.png
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: groupd.razortechtraining.com - BROTHERHOOD CAPUNG INDONESIA targets the website of rashad.razortechtraining.com
Category: Defacement
Content: The group claims to have defaced the website of rashad.razortechtraining.com
Date: 2026-02-13T14:45:02Z
Network: telegram
Published URL: https://t.me/c/3054021775/418
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/662db3ab-afa2-4022-aaec-74eae32bb771.png
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: rashad.razortechtraining.com - BROTHERHOOD CAPUNG INDONESIA targets the website of sitygym.razortechtraining.com
Category: Defacement
Content: The group claims to have defaced the website of sitygym.razortechtraining.com.
Date: 2026-02-13T14:43:29Z
Network: telegram
Published URL: https://t.me/c/3054021775/418
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bc164bb9-ca89-495c-8bdd-ed8ae66dbbad.png
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: sitygym.razortechtraining.com - Alleged data breach of LeBillet
Category: Data Breach
Content: Threat actor claims to have breached data from LeBillet, compromised data includes customer details such as id, name, password, email, id_number, cell_number, dob, address, and pictures (face_picture, doc_picture). The data was extracted on December 12, 2023.
Date: 2026-02-13T14:42:45Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-BRAZIL-312-078-LEBILLET-COM-BR-CUSTOMERS
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/07083d00-9690-4af0-8a26-9505e2c50978.png
Threat Actors: 13lula13
Victim Country: Brazil
Victim Industry: Events Services
Victim Organization: lebillet
Victim Site: lebillet.com.br - Alleged Sale of Unauthorized Access to PrestaShop Store in Italy
Category: Initial Access
Content: The threat actor claims to be selling unauthorized access to a PrestaShop-based online store in Italy
Date: 2026-02-13T14:41:06Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275936/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c01635a5-bc99-417c-8b58-ced86939a1d8.png
Threat Actors: ed1n1ca
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of EDI by DESIGN
Category: Data Breach
Content: The group claims to have breach data of EDI by DESIGN. The compromised data reportedly includes information scheme, my sql ,performance schema etc.
Date: 2026-02-13T14:37:26Z
Network: telegram
Published URL: https://t.me/c/2552217515/318
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/68c8fc58-5b85-45d9-84eb-3cc6bd36a8d7.jpg
https://d34iuop8pidsy8.cloudfront.net/5ef07d83-aa5f-450c-a106-85a02812600c.jpg
Threat Actors: Z-SH4DOWSPEECH
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: edi by design
Victim Site: edibydesign.com - Alleged Sale of Unauthorized Admin Access to Online Shop in Denmark
Category: Initial Access
Content: The threat actor claims to be selling unauthorized WordPress admin access to a Denmark-based online shop.
Date: 2026-02-13T14:29:00Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275926/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/64b0d58a-9f85-4fac-a9a0-f245ab52a103.png
Threat Actors: Reve
Victim Country: Denmark
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - BROTHERHOOD CAPUNG INDONESIA targets the website of calebu.razortechtraining.com
Category: Defacement
Content: The group claims to have defaced the website of calebu.razortechtraining.com
Date: 2026-02-13T14:27:41Z
Network: telegram
Published URL: https://t.me/c/3054021775/418
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c5269145-cbf5-4b62-8142-713a8d3ac298.png
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: calebu.razortechtraining.com - RipperSec targets the website of Woori Bank
Category: Initial Access
Content: The group claims to have taken down the website of Woori Bank
Date: 2026-02-13T14:26:04Z
Network: telegram
Published URL: https://t.me/c/2875163062/606
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/151bc541-50f5-4c47-873a-50f95a9006f9.png
Threat Actors: RipperSec
Victim Country: South Korea
Victim Industry: Financial Services
Victim Organization: woori bank
Victim Site: wooribank.com - BROTHERHOOD CAPUNG INDONESIA targets the website of askydeal.razortechtraining.com
Category: Defacement
Content: The group claims to have defaced the website of askydeal.razortechtraining.com.
Date: 2026-02-13T14:22:11Z
Network: telegram
Published URL: https://t.me/c/3054021775/418
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/487e84ad-e59d-45d1-bb6d-1fadf018989f.png
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: askydeal.razortechtraining.com - BROTHERHOOD CAPUNG INDONESIA targets the website of francy.razortechtraining.com
Category: Defacement
Content: The group claims to have defaced the website of francy.razortechtraining.com
Date: 2026-02-13T14:20:22Z
Network: telegram
Published URL: https://t.me/c/3054021775/418
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/27040ec7-8257-47a2-83c9-29f1db4cbb52.png
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: francy.razortechtraining.com - BROTHERHOOD CAPUNG INDONESIA targets the website of riyadh.razortechtraining.com
Category: Defacement
Content: The group claims to have defaced the website of riyadh.razortechtraining.com.
Date: 2026-02-13T14:19:00Z
Network: telegram
Published URL: https://t.me/c/3054021775/418
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7c18cea1-0d96-45c6-b590-5b9b94ce7d93.png
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Saudi Arabia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: riyadh.razortechtraining.com - BROTHERHOOD CAPUNG INDONESIA targets the website of mumbere.razortechtraining.com
Category: Defacement
Content: The group claims to have defaced the website of mumbere.razortechtraining.com
Date: 2026-02-13T14:18:24Z
Network: telegram
Published URL: https://t.me/c/3054021775/418
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bf97a232-ccd1-4fe3-a4e9-ff3d6a3b63ef.png
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: mumbere.razortechtraining.com - Alleged Sale of unauthorized admin access to unidentified shop in Uk
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified online shop in Uk.
Date: 2026-02-13T14:13:11Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275918/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b8c68591-9a85-414e-8d6d-dd4a856c38af.png
Threat Actors: Reve
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - BROTHERHOOD CAPUNG INDONESIA targets the website of zamzam.razortechtraining.com
Category: Defacement
Content: The group claims to have defaced the website of zamzam.razortechtraining.com
Date: 2026-02-13T14:08:29Z
Network: telegram
Published URL: https://t.me/c/3054021775/418
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/842aad12-7b55-4873-9afe-c7f97c972ceb.jpg
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: zamzam.razortechtraining.com - Alleged sale of webshell access to Madina Bright Academy
Category: Initial Access
Content: The group claims to have leaked webshell access to Madina Bright Academy.
Date: 2026-02-13T14:06:18Z
Network: telegram
Published URL: https://t.me/memek1777/273
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2e201bac-1401-461b-9968-abf117675698.png
Threat Actors: Gugugaga
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: madina bright academy
Victim Site: fin.brightacademy.sch.id - Alleged Sale of unauthorized admin access to unidentified shop in Germany
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified online shop in Germany
Date: 2026-02-13T13:59:35Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275924/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/88302ae7-7ee6-4ba3-b23a-c896e6909b15.png
Threat Actors: Reve
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of webshell access to Marhaba Technical
Category: Initial Access
Content: The group claims to have leaked webshell access to Marhaba Technical.
Date: 2026-02-13T13:48:20Z
Network: telegram
Published URL: https://t.me/memek1777/237
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1526eb23-92cb-464c-a182-0e79885fc5e6.jpg
Threat Actors: Gugugaga
Victim Country: UAE
Victim Industry: Consumer Services
Victim Organization: marhaba technical
Victim Site: marhabatechnical.com - Alleged Sale of Access to Surveillance Cameras in Brazil
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to more than 70,000 surveillance cameras across Brazil, reportedly including devices installed in residential properties and condominium complexes.
Date: 2026-02-13T13:39:03Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-70000-Cameras-Access-Brazil
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2273ee91-57c2-4670-b46b-96352b23ac4f.png
Threat Actors: dosifey
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Sale of Unauthorized Domain Access to Brazilian Law Firm
Category: Initial Access
Content: The threat actor claims to be selling unauthorized domain user access to a Brazil-based law firm
Date: 2026-02-13T13:24:18Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275915/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/acb25090-322a-4963-b93a-d9ed3e856ae3.png
Threat Actors: Big-Bro
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of webshell access to Saleemi Expert
Category: Initial Access
Content: The group claims to have leaked webshell access to Saleemi Expert.
Date: 2026-02-13T13:08:47Z
Network: telegram
Published URL: https://t.me/memek1777/237
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/25e1add4-c229-44dc-b477-a5e8be35d2b3.jpg
Threat Actors: Gugugaga
Victim Country: Pakistan
Victim Industry: Marketing, Advertising & Sales
Victim Organization: saleemi expert
Victim Site: saleemiexpert.com - Alleged sale of webshell access to Mevo italia
Category: Initial Access
Content: The group claims to have leaked webshell access to Mevo italia.
Date: 2026-02-13T12:45:33Z
Network: telegram
Published URL: https://t.me/memek1777/237
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3ca8c8ff-9df2-4998-afba-3a9bd96f179f.jpg
Threat Actors: Gugugaga
Victim Country: Italy
Victim Industry: Consumer Goods
Victim Organization: mevo italia
Victim Site: mevo-italia.eu - Alleged sale of webshell access to MEVO
Category: Initial Access
Content: The group claims to have leaked webshell access to MEVO.
Date: 2026-02-13T12:20:21Z
Network: telegram
Published URL: https://t.me/memek1777/237
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0c1c0711-8700-4f48-87f6-62e921d8703a.jpg
Threat Actors: Gugugaga
Victim Country: Italy
Victim Industry: Consumer Goods
Victim Organization: mevo
Victim Site: mevo-italia.com - Alleged sale of webshell access to Hbrheinentwicklers
Category: Initial Access
Content: The group claims to have leaked webshell access to Hbrheinentwicklers
Date: 2026-02-13T12:13:39Z
Network: telegram
Published URL: https://t.me/memek1777/237
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/af2ee0c8-ab64-4f50-9b1d-a28c389628a7.jpg
Threat Actors: Gugugaga
Victim Country: Germany
Victim Industry: Consumer Electronics
Victim Organization: hbrheinentwicklers
Victim Site: hbrheinentwicklers.de - Alleged sale of webshell access to Excellent Abrasive
Category: Initial Access
Content: The group claims to have leaked webshell access to Excellent Abrasive
Date: 2026-02-13T12:05:57Z
Network: telegram
Published URL: https://t.me/memek1777/237
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/04086bd8-4642-4c33-aaa4-08dd5916f171.jpg
Threat Actors: Gugugaga
Victim Country: India
Victim Industry: Machinery Manufacturing
Victim Organization: excellent abrasive
Victim Site: excellentabrasive.com - Alleged data leak of US Air Force & Navy
Category: Data Breach
Content: The group claims to have leaked data related to US Air Force and Navy placements in the Asia-Pacific region, including blueprints. The compromised data reportedly includes IDs, SSNs, names, ranks, units, roles, status, base locations, security clearance levels, blood types, join dates, last deployment details, medical status, weapon qualifications, and internal notes.
Date: 2026-02-13T11:58:50Z
Network: telegram
Published URL: https://t.me/shamshireali313/94
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7d60e346-a9fe-4ce5-a6b8-5b36abf22ff8.png
https://d34iuop8pidsy8.cloudfront.net/f1d56512-ff28-4911-94b7-101763fb3063.png
Threat Actors: Shamsheer Ali Team
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - BABAYO EROR SYSTEM targets the website of ordering.adroisites.com
Category: Defacement
Content: The group claims to have defaced the website of ordering.adroisites.com
Date: 2026-02-13T11:52:35Z
Network: telegram
Published URL: https://t.me/c/3664625363/332
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b17891ed-4cd6-4f00-8c57-7ced574ffda0.jpeg
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ordering.adroisites.com - Alleged sale of Chez Switch database
Category: Data Breach
Content: Threat actor claims to be selling database of Chez Switch, compromised data includes personal details (title, name, phone, email, password, birth details, address), financial info (iban, bic), and documents (IDs, passports, address proofs with pictures) of individuals.
Date: 2026-02-13T11:31:41Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FR-19-313-chezswitch-fr-Energy-Mobile-Operator
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fb0de1d8-f954-4b8b-8e98-a55c46956c8c.png
Threat Actors: cry1ngb1tch6x6
Victim Country: France
Victim Industry: Consumer Services
Victim Organization: chez switch
Victim Site: chezswitch.fr - Alleged Unauthorized Access to a Bakery CCTV System in Spain
Category: Initial Access
Content: The group claims to have accessed a CCTV system from a bakery in Spain, reportedly observing staff activity, customer presence, and the shop’s closing procedures.
Date: 2026-02-13T11:04:27Z
Network: telegram
Published URL: https://t.me/zpentestalliance/1071
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f820d56f-d878-4730-a6a0-d3014af8ba75.png
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of webshell access to Bisirim
Category: Initial Access
Content: The group claims to have leaked webshell access to Bisirim.
Date: 2026-02-13T10:54:18Z
Network: telegram
Published URL: https://t.me/memek1777/237
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3b58bf9b-2c07-41cd-81ef-ceefb1a338af.jpg
Threat Actors: Gugugaga
Victim Country: Antigua and Barbuda
Victim Industry: E-commerce & Online Stores
Victim Organization: bisirim
Victim Site: bisirim.com - Alleged sale of webshell access to AbhTraders
Category: Initial Access
Content: The group claims to have leaked webshell access to AbhTraders.
Date: 2026-02-13T10:51:07Z
Network: telegram
Published URL: https://t.me/memek1777/237
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/75f9ad43-11f1-47e2-9035-be6a2db91ef0.jpg
Threat Actors: Gugugaga
Victim Country: Pakistan
Victim Industry: International Trade & Development
Victim Organization: abhtraders
Victim Site: abhtraders.com - Alleged leak of web shell access to Pansare Mahavidyalaya, Arjapur
Category: Initial Access
Content: The group claims to have leaked web shell access to Pansare Mahavidyalaya, Arjapur.
Date: 2026-02-13T10:48:31Z
Network: telegram
Published URL: https://t.me/c/2552217515/317
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fddc28a5-5b73-438f-8631-2cbf74caefd8.png
Threat Actors: Z-SH4DOWSPEECH
Victim Country: India
Victim Industry: Education
Victim Organization: pansare mahavidyalaya, arjapur
Victim Site: pmarjapur.ac.in - Alleged sale of webshell access to eljefeps.com
Category: Initial Access
Content: The group claims to have leaked webshell access to eljefeps.com.
Date: 2026-02-13T10:47:16Z
Network: telegram
Published URL: https://t.me/memek1777/237
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1073fe59-8a01-4f8f-b27b-df3ab0e01c73.jpg
Threat Actors: Gugugaga
Victim Country: Antigua and Barbuda
Victim Industry: Food & Beverages
Victim Organization: eljefeps.com
Victim Site: eljefeps.com - Alleged leak of web shell access to Samata Shikshan Sanstha
Category: Initial Access
Content: The group claims to have leaked web shell access to Samata Shikshan Sanstha.
Date: 2026-02-13T10:46:19Z
Network: telegram
Published URL: https://t.me/c/2552217515/317
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1d8ecabf-29fd-4974-9d5a-7010c0009150.png
Threat Actors: Z-SH4DOWSPEECH
Victim Country: India
Victim Industry: Non-profit & Social Organizations
Victim Organization: samata shikshan sanstha
Victim Site: samatashikshansanstha.org - Alleged leak of web shell access to Loknete Gopinathji Munde Arts, Commerce & Science College
Category: Initial Access
Content: The group claims to have gained unauthorized web shell access to Loknete Gopinathji Munde Arts, Commerce & Science College.
Date: 2026-02-13T10:43:22Z
Network: telegram
Published URL: https://t.me/c/2552217515/317
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/aa6846b2-b7f1-4f9a-bf53-5297628cce94.png
Threat Actors: Z-SH4DOWSPEECH
Victim Country: India
Victim Industry: Education
Victim Organization: loknete gopinathji munde arts, commerce & science college
Victim Site: lgmacs.edu.in - Alleged leak of web shell access to
Category: Initial Access
Content: The group claims to have gained unauthorized web shell access to Bhagwan Mahavidyalaya.
Date: 2026-02-13T10:41:54Z
Network: telegram
Published URL: https://t.me/c/2552217515/317
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3e7b2ed1-b3c7-4ff7-bff3-b6a6f19cc954.png
Threat Actors: Z-SH4DOWSPEECH
Victim Country: India
Victim Industry: Education
Victim Organization: bhagwan mahavidyalaya
Victim Site: bhagwanmahavidyalaya.ac.in - Alleged sale of webshell access to DadliCode
Category: Initial Access
Content: The group claims to have leaked webshell access to DadliCode.
Date: 2026-02-13T10:41:20Z
Network: telegram
Published URL: https://t.me/memek1777/237
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2a4899c8-2376-4b0f-a1c3-58c8f41a02ed.jpg
Threat Actors: Gugugaga
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: dadlicode
Victim Site: dadlicode.com - Alleged leak of web shell access to Mahatma Phule Nutan Mahavidyalaya, Mirajgaon
Category: Initial Access
Content: The group claims to have gained unauthorized web shell access to Mahatma Phule Nutan Mahavidyalaya,Mirajgaon
Date: 2026-02-13T10:35:47Z
Network: telegram
Published URL: https://t.me/c/2552217515/317
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ac4459f3-9fdd-4c8b-9a35-d382769690c5.png
Threat Actors: Z-SH4DOWSPEECH
Victim Country: India
Victim Industry: Education
Victim Organization: mahatma phule nutan mahavidyalaya, mirajgaon
Victim Site: mpnm.ac.in - Alleged leak of web shell access to Shrimant Bhaiyyasaheb Rajemane Mahavidyalaya Mhaswad
Category: Initial Access
Content: The group claims to have leaked web shell access to Shrimant Bhaiyyasaheb Rajemane Mahavidyalaya Mhaswad.
Date: 2026-02-13T10:30:49Z
Network: telegram
Published URL: https://t.me/c/2552217515/317
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f701da1d-4100-4caa-b01d-7bcb90b493c2.png
Threat Actors: Z-SH4DOWSPEECH
Victim Country: India
Victim Industry: Education
Victim Organization: shrimant bhaiyyasaheb rajemane mahavidyalaya mhaswad
Victim Site: sbrcollege.edu.in - Alleged unauthorized access to unidentified greenhouse management system in Japan
Category: Initial Access
Content: The group claims to have gained unauthorized access to unidentified greenhouse management system in Japan. They have reportedly obtained access to allowing them to manipulate climate conditions (ventilation, heating, windows, and sensors) in ways that could directly damage crops and yields.
Date: 2026-02-13T10:18:19Z
Network: telegram
Published URL: https://t.me/c/2787466017/2231
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/29c45e6d-26f1-4842-b399-4a4d6873223e.jpg
https://d34iuop8pidsy8.cloudfront.net/3b869f2d-0e96-4693-83d8-02f3d844fa7a.jpg
Threat Actors: NoName057(16)
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - HellR00ters Team targets the website of Mainstreet Microfinance Bank Limited
Category: Defacement
Content: The threat actor claims to have defaced the website of Mainstreet Microfinance Bank Limited.
Date: 2026-02-13T10:02:38Z
Network: telegram
Published URL: https://t.me/c/2758066065/1001
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a2bde3ba-1590-4613-8695-0010a9bd6ba8.png
Threat Actors: HellR00ters Team
Victim Country: Nigeria
Victim Industry: Banking & Mortgage
Victim Organization: mainstreet microfinance bank limited
Victim Site: mainstreetmfb.com - Alleged leak of login credentials to Hanger28
Category: Initial Access
Content: The group claims to have leaked the login credentials to Hanger28
Date: 2026-02-13T10:01:32Z
Network: telegram
Published URL: https://t.me/memek1777/231
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fe0313ad-9590-4658-946e-839771d7cf85.png
Threat Actors: Gugugaga
Victim Country: Italy
Victim Industry: Retail Industry
Victim Organization: hanger28
Victim Site: hanger28.it - Alleged leak of login credentials to CBDITALY
Category: Initial Access
Content: The group claims to have leaked the login credentials to CBDITALY
Date: 2026-02-13T09:28:08Z
Network: telegram
Published URL: https://t.me/memek1777/231
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0d9d4889-9434-433c-8a45-7c2be0f3b9f3.png
Threat Actors: Gugugaga
Victim Country: Latvia
Victim Industry: E-commerce & Online Stores
Victim Organization: cbditaly
Victim Site: cbditaly.lv - Alleged Sale of KYC Documents from Multiple Countries
Category: Data Breach
Content: Threat actor claims to be selling KYC documents from more than hundred countries.
Date: 2026-02-13T09:25:23Z
Network: openweb
Published URL: https://xss.pro/threads/145895/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0e3b8829-0c7e-4929-a4e6-72dd77adaab9.png
Threat Actors: Sosyopat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of Dinar Investment database
Category: Data Breach
Content: Threat actor claims to be selling database of Dinar Investment, compromised data includes investors numbers, their IDs, and their legal registrations, affecting around 7k investors.
Date: 2026-02-13T09:02:40Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-dinar-sa-database-for-sell
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fcb8f06f-4a66-4024-8bae-6fad5f2939af.png
Threat Actors: agent7001
Victim Country: Saudi Arabia
Victim Industry: Financial Services
Victim Organization: dinar investment
Victim Site: dinar.sa - Alleged leak of login credentials to Universitas Gunadarma Student Site
Category: Initial Access
Content: The group claims to have leaked the login credentials to Universitas Gunadarma Student Site.
Date: 2026-02-13T08:57:18Z
Network: telegram
Published URL: https://t.me/memek1777/230
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4a6146e6-92c8-4a26-821f-eef5cffc8e0a.png
Threat Actors: Gugugaga
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: universitas gunadarma student site
Victim Site: studentsite.gunadarma.ac.id - Alleged data breach of Multiple Districts from Indonesia
Category: Data Breach
Content: The threat actor claims to have a breached database of the following Districts from Indonesia: Kabupaten Gorontalo, Kabupaten Bone Bolango, Kabupaten Pohuwato, Kabupaten Gorut, Kabupaten Boalemo.
Date: 2026-02-13T08:33:30Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-DATABASE-PELAKU-EKONOMI-INDONESIA
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/801d1655-f6d9-4972-b5dc-3cd8e5e7eb42.png
Threat Actors: MrLolzzz
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: gorontalo regency communication and information service
Victim Site: gorontalokab.go.id - Alleged Data Breach Of Gustave
Category: Data Breach
Content: The threat actor claims to be leaked data from Gustave. The compromised data reportedly including id, created at, name, industry, invoice details, city, country, zip code, address line etc.
Date: 2026-02-13T07:33:13Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FR-Fleet-Management-Company
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2649c4f8-a9ba-42ae-b146-7fbab09e71a7.jpg
https://d34iuop8pidsy8.cloudfront.net/78768a78-caf3-45a3-bab9-c936362ce583.jpg
https://d34iuop8pidsy8.cloudfront.net/6f9b386d-cf54-4f99-af7b-7f966afa7ca7.jpg
Threat Actors: p0ppin
Victim Country: France
Victim Industry: Automotive
Victim Organization: gustave
Victim Site: gustave-auto.com - DEFACER INDONESIAN TEAM targets the website of dd1.insectastudios.com
Category: Defacement
Content: The group claims to have defaced the website of dd1.insectastudios.com.
Date: 2026-02-13T07:19:35Z
Network: telegram
Published URL: https://t.me/c/2433981896/868
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/20b50fbe-ea93-4bba-8e21-95c75baf916e.jpg
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: dd1.insectastudios.com - Alleged sale of unauthorized access to an unidentified shop in Portugal
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access related to PrestaShop based e-commerce platforms operating in Portugal and other EU regions.
Date: 2026-02-13T06:16:31Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275906/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d610cf63-7e27-4a25-9ee9-686d3c108d49.png
Threat Actors: Emperorcvv
Victim Country: Portugal
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown - Alleged Leak of French Private Email and Password Combolist
Category: Data Breach
Content: The threat actor claims to have leaked 846,000 French email and password Combolist.
Date: 2026-02-13T05:54:34Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-FRENCH-FR-PRIVATE-COMBOLIST-EMAIL-PASS-846K
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a4704d5e-e258-4576-8eb7-99749d676ef7.png
Threat Actors: OpenBullet
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Leak of Medan City Vehicles
Category: Data Breach
Content: The threat actor claims to be leaked 2k periodic test application receipt of medan city vehicles, the data contain Registration Number, Vehicle Number, Engine Number, Vehicle Brand, Vehicle Type, Owners Name and Owners Address information.
Date: 2026-02-13T05:38:02Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DOCUMENTS-2k-periodic-test-application-receipt-for-medan-city-vehicles
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/27a244d8-7ba5-4b17-aa60-bfb5e7447e69.png
Threat Actors: anim3
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Breach of Municipalidad Distrital de Mejía
Category: Data Breach
Content: The threat actor claims to be leaked data from Municipalidad Distrital de Mejía. The compromised data reportedly including ID and case number, Full names, National identity document numbers (DNI), Addresses (department, province, district), Email addresses, phone numbers
Date: 2026-02-13T05:06:23Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-PERU-facilita-gob-pe-Formularios-Municipalidad-Distrital-de-Mejia
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/33c14e6c-d186-4b01-b21c-47ea3a7a2ac4.png
Threat Actors: IntelShadow
Victim Country: Peru
Victim Industry: Government & Public Sector
Victim Organization: municipalidad distrital de mejía
Victim Site: facilita.gob.pe - Alleged data breach of Edubrate Academy
Category: Data Breach
Content: The group claims to have breached data of Edubrate Academy. The compromised data reportedly includes user id, username, email, confirm external service id, and name
Date: 2026-02-13T04:55:57Z
Network: telegram
Published URL: https://t.me/c/2552217515/316
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/48eeeffc-504a-41c2-b9d3-2f0b2cdcc805.png
Threat Actors: Z-SH4DOWSPEECH
Victim Country: India
Victim Industry: Education
Victim Organization: edubrate academy
Victim Site: edubrate.in - Alleged Data Leak of tramitesadistancia.gob.ar
Category: Data Breach
Content: Threat actor claims to be selling a dataset linked to Argentina’s Chief of Cabinet, allegedly containing 58,680 identified photos in PNG format, with filenames corresponding to DNI numbers.
Date: 2026-02-13T03:37:05Z
Network: openweb
Published URL: https://leakbase.la/threads/argentina-chief-of-cabinet-dni-photos.48771/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/17b1635a-b69b-447f-9530-2b9e25abd1e4.png
Threat Actors: USDT
Victim Country: Argentina
Victim Industry: Government Relations
Victim Organization: tramitesadistancia.gob.ar
Victim Site: tramitesadistancia.gob.ar - Alleged data breach of Universidad de Sonora
Category: Data Breach
Content: The group claims to have breach data of Universidad de Sonora. The compromised data reportedly includes username, email and password.
Date: 2026-02-13T03:23:50Z
Network: telegram
Published URL: https://t.me/c/2552217515/315
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b854a23e-bd4c-4e79-84c2-b60e52b7a91c.png
Threat Actors: Z-SH4DOWSPEECH
Victim Country: Mexico
Victim Industry: Education
Victim Organization: universidad de sonora
Victim Site: movilidad.unison.mx - Alleged Unauthorized Access to Arizon Companies
Category: Initial Access
Content: The group claims to have gained access to Arizon Companies.
Date: 2026-02-13T01:54:28Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3703
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/aec8db56-3931-40cf-b58d-48293eb683a8.png
https://d34iuop8pidsy8.cloudfront.net/6f96ad91-7072-476c-b823-6af64edc9d43.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: USA
Victim Industry: Machinery Manufacturing
Victim Organization: arizon companies
Victim Site: arizoncompanies.com - Alleged data breach of Figure Technology Solutions, Inc.
Category: Data Breach
Content: Threat actor claims to have leaked 2.5 GB containing Personally Identifiable Information (PII) from Figure Technology Solutions, Inc.
Date: 2026-02-13T01:25:28Z
Network: tor
Published URL: http://toolatedhs5dtr2pv6h5kdraneak5gs3sxrecqhoufc5e45edior7mqd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a40fad5e-ea7e-46a9-92a0-59f86ec3233c.png
Threat Actors: ShinyHunters
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: figure technology solutions, inc.
Victim Site: figure.com - DEFACER INDONESIAN TEAM targeta the website of Insecta Studios
Category: Defacement
Content: The group claims to have defaced the website of Insecta Studios
Date: 2026-02-13T01:10:07Z
Network: telegram
Published URL: https://t.me/c/2433981896/866
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dc281b9b-975a-4126-bbb8-af4714e6d708.png
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: Nigeria
Victim Industry: Marketing, Advertising & Sales
Victim Organization: insecta studios
Victim Site: thecobweb.insectastudios.com