[February-15-2026] Daily Cybersecurity Threat Report

Executive Summary

This comprehensive threat intelligence report analyzes a dataset of 117 detected cyber incidents recorded on February 15, 2026. The cyber landscape depicted in this data is highly active, characterized by a massive volume of data breaches, widespread sales of initial access to corporate networks, and numerous website defacements.+2

The incidents span across the globe, impacting nations such as the USA, Indonesia, France, India, Russia, and the UK, among others. A diverse array of industries has been targeted, including Education, Government Administration, Financial Services, E-commerce, Manufacturing, Healthcare, and Information Technology.+4

Prominent threat actors driving these campaigns include Pharaohs Team market/Channel, which heavily monopolizes the sale of initial access; Kirigaya, a prolific actor responsible for numerous large-scale data breaches ; and the BABAYO EROR SYSTEM, which conducts widespread defacement campaigns, primarily targeting Indonesian infrastructure.+4

Note: While a 5000-6000 word length was requested, this report maximizes the detailed expansion of the provided 3500-word dataset. Generating additional volume beyond this exhaustive analysis would require fabricating information, which strictly violates the analytical guidelines. Every factual detail from the source text has been included and analyzed.

1. Threat Actor Profiling

Based on the provided dataset, several threat actors exhibit distinct patterns in their operational focus, target selection, and preferred attack vectors.

1.1 Pharaohs Team (Market / Channel)

This actor is almost exclusively focused on acquiring and brokering Initial Access.+4

Target Geography: Their targets are highly globalized, including the UK , Netherlands , Poland , USA , Australia , India , Argentina , Japan , Germany , Brazil , Chile , Malaysia , Bangladesh , Peru , and the UAE.+4
Target Industries: They are industry-agnostic, targeting Building and Construction , Accounting , Fashion & Apparel , IT Services , Veterinary , Events Services , Security , Food Production/Beverages , Marketing , Luxury Goods , Retail , Consumer Electronics , Healthcare/Dental , Education , Graphic Design , and Environmental Services.+4
Methodology: They advertise their unauthorized access on the Telegram network. In specific instances, they explicitly claim to be selling web shell access to corporate domains.+4

1.2 Kirigaya

Kirigaya is a dominant actor in the Data Breach category, frequently exfiltrating massive SQL databases.+4

Target Geography: They have successfully breached targets in Colombia , India , China , Germany , Pakistan , USA , Australia , Canada , Indonesia , Brazil , and the UK.+4
Target Industries: Their victims include Agriculture , E-Learning/Education , IT/Software , Healthcare & Pharmaceuticals , Manufacturing , Marketing , Wholesale , Transportation , and Government/Public Sector.+4
Methodology: They publish their leaks on the open web, specifically utilizing the “darkforums.me” platform. The data stolen is often extensive; for example, they leaked 1.06 GB (14,879 records) from SimpleAgri , over 5.5 million records from Rolladenplanet , over 38.8 million records from CMR Green Technologies , and over 5.8 million GPS records from Suplemedics.+4

1.3 BABAYO EROR SYSTEM

This group specializes in website Defacement.+1

Target Geography: They heavily target Indonesia , alongside scattered targets in Romania and the USA.+4
Target Industries: Their primary focus appears to be Government Administration in Indonesia (e.g., Ministry of Home Affairs, Pakpak Bharat Regency, Palangka Raya City Government, KOMINFO of Deli Serdang Regency). They also target Manufacturing , Publishing , IT Services , and E-commerce.+4
Methodology: They announce their defacements via the Telegram network.+1

1.4 CyberUnknown

This actor focuses on Data Breaches specifically targeting Russian institutions.+3

Targets: State Duma of the Russian Federation (Government Administration) , National Research Tomsk Polytechnic University (Education) , Anapa Institute of Law and Information Technology (Education) , and Kerch Polytechnic College (Education).+3
Methodology: They publish their breach announcements on the open web via the social media platform X (formerly Twitter) under the handle CyberUnknown45.+3

1.5 MrProfessor

This actor specializes in the Initial Access category, specifically dealing with the theft and sale of high-value source code repositories.+3

Targets: They sell unauthorized GitLab access with owner-level or maintainer-level privileges. Targets include game development companies in Vietnam.+4
Assets Compromised: They have offered access to 80 repositories containing Unreal Engine 5 (UE5) projects , repositories for four Unity-based mobile games (Android/iOS builds with over 1 million downloads) , 120 repositories of Java-based astrology software , and three highly active, mature software projects.+4
Methodology: They utilize the open web, specifically the “forum.exploit.in” platform, to sell this access, which could lead to source code theft, backdoor insertion, or supply-chain compromises.+1

1.6 XZeeoneOfc

This actor is involved in Data Breaches, leaking diverse and sensitive datasets.+3

Leaked Data: A job vacancy career portal database , an Aviation Datalink System database detailing FANS and CPDLC operational issues for 43 aircraft in the North Atlantic region , donor data from the USA-based LaRouche Political Action Committee , and highly sensitive election system issue reports (Problem Reports to EAC) detailing vendor names, certification numbers, and firmware details.+3
Methodology: They publish their data leaks on the Tor network.+3

2. Sector and Critical Infrastructure Impact

A notable aspect of the threat landscape is the unauthorized access to operational technology (OT) and physical security infrastructure.

SCADA and Control Systems: The “404 CREW CYBER TEAM” claims to have gained unauthorized access to an unidentified SCADA infrastructure in France. The “MORNING STAR” group claims full visibility and control over a reverse osmosis (RO) control panel system in Spain, allowing them to start/stop the system and adjust frequencies and valves. Additionally, the “AL-MUJAHIDEEN FORCE 313” gained access to an industrial heat treatment furnace control system in South Korea.+2
Surveillance Systems: Various actors breached CCTV systems. “Z-PENTEST ALLIANCE” accessed an unidentified CCTV system in Japan. “Team Bangladesh cyber squad” leaked login credentials to a CCTV system in Israel. Notably, “NoName057(16)” claimed unauthorized access to surveillance camera systems across multiple organizations in Germany during the 62nd Munich Security Conference (MSC).+4

3. Comprehensive Incident Catalog

The following is an exhaustive categorization and detailed breakdown of every incident recorded on February 15, 2026, based strictly on the provided data.

3.1 Data Breaches

Data breaches constitute a massive portion of the reported incidents, resulting in the exposure of millions of records containing Personally Identifiable Information (PII), corporate data, financial records, and operational logs.

Government & Public Sector

Ministry of Education, Science and Technology of Catamarca: The 404 CREW CYBER TEAM breached this Argentine education ministry (web.catamarca.edu.ar), exposing full names, addresses, emails, DNIs, dates of birth, genders, and marital statuses on Telegram.
Ministry of Health and Population (Egypt): CrowStealer advertised a 3.8 million record database (2019-2026) from mohp.gov.eg on the open web, potentially containing national IDs, diagnoses, medical decisions, and patient contact details.
Desa Karanrejo: CY8ER_N4TI0N leaked a resident database from this Indonesian village on the open web.
State Duma of the Russian Federation: Breached by CyberUnknown (duma.gov.ru) and published on the open web via X.
Kecamatan Tanjung Palas Utara: Kirigaya leaked 175,729 citizen records (names, NIKs, dates of birth) from this Indonesian government entity on the open web.
Embassy of Albania in Skopje: HaxChipper leaked 1.24 GB of email documents, including ID cards and passport images, on the open web.
Indonesian Presidential Election: ShadowNex leaked a voter list containing 463,000 Indonesian voters on the Tor network.
Election Assistance Commission (EAC) Problem Reports: XZeeoneOfc leaked detailed election system hardware/software issue reports on the Tor network.

Financial Services & Insurance

Beacon Pointe: ShinyHunters compromised over 100k+ PII and corporate records from the US financial services firm, published on the Tor network.
Mercer Advisors: ShinyHunters compromised over 5 million PII and corporate records from this US firm, published on the Tor network.
SVI Assurances: Actor wwxxcc published data from a 2021 Avaddon ransomware breach of this French insurance broker on the open web, exposing insurance policies, client records, and legal files.

Education & E-Learning

MyLearningPlus: Kirigaya breached this Indian e-learning platform, leaking sensitive student academic records, exam results, and internal school communications on the open web.
National Research Tomsk Polytechnic University: Breached by CyberUnknown in Russia, published on the open web.
Anapa Institute of Law and Information Technology: Breached by CyberUnknown in Russia, published on the open web.
Kerch Polytechnic College: Breached by CyberUnknown in Russia, published on the open web.
Ecole dIngénieurs en Informatique (EPITA): Actor yneov18 leaked 14,753 student records (names, emails, graduation years) from this French school on the Tor network.
CITOC: Kirigaya leaked 13,922,772 education/internship records (student names, training references) on the open web.
Poltekkes Adisutjipto Yogyakarta: Kirigaya leaked 153,998 journal/article metadata records from this Indonesian institution on the open web.
Colégio Ábaco: Kirigaya leaked 1.37 million WordPress comment records (contact details, IPs) from this Brazilian school on the open web.

Retail, Fashion, & E-Commerce

Canada Goose: Actor cysc breached canadagoose.com (Canada), leaking over 920k records with customer contact info, payment/shipping details, and order histories on the open web.
Lamaisonducitron: Actor wwxxcc leaked a 19,800-record CSV database from this French food/beverage store (following an APT73 attack in Nov 2024) on the open web.
DolceVee: Kirigaya leaked 2,870,964 records (UUIDs, payload data, system metadata) from dolcevee.com on the open web.
Find‑Clever: Kirigaya leaked 172,569 product records (names, descriptions, pricing) on the open web.
Unidentified Grocery Retail Entity (Spain): Actor betway sold a database of over 621,000 customer records (including 476k unique phone numbers and 566k unique emails) on the open web.

Healthcare & Pharmaceuticals

Biocytogen: Kirigaya leaked a 126 MB SQL database containing backend data, internal content, and media paths from this Chinese healthcare organization on the open web.
Suplemedics: Kirigaya leaked 5,818,903 GPS tracking records (geolocation, motion status) from this USA organization on the open web.

Information Technology, Software, & Online Services

HMSCTL: Kirigaya leaked names, emails, hashed passwords, and security questions from this Indian IT services firm on the open web.
Snapchat: Actor xpl0itrs sold Snapchat ATO data and a full account dump (PII, auth tokens, partial card details, API responses) from the USA on the open web.
Vendi: Kirigaya leaked database records (user IDs, category info, tax statuses, contact info) from this Pakistani software developer on the open web.
Link3 Technologies Limited: Kirigaya leaked 1,807,859 email server log records (sender/recipient addresses, message metadata) from this Indian IT firm on the open web.
godaddy.style4sure.com: Kirigaya leaked 67.5 MB of SQL data (3,772,622 rows of addresses, zips, mobiles) on the open web.

Manufacturing, Agriculture & Logistics

SimpleAgri: Kirigaya leaked a 1.06 GB SQL database (14,879 records) from this Colombian agriculture firm’s codex migration system, exposing internal document management info and file paths on the open web.
Baizid Steel: CY8ER_N4TI0N leaked a database containing user/internal data from this Bangladeshi manufacturing company on the open web.
Rolladenplanet: Kirigaya leaked 5,504,335 records (names, addresses, phones, emails) from this German manufacturing entity on the open web.
CMR Green Technologies Limited: Kirigaya leaked 38,835,489 messaging and transaction records from this Indian manufacturing firm on the open web.
RouteBox: Kirigaya leaked 446,886 records (names, business names, passwords) from this Canadian logistics firm on the open web.

Newspapers, Journalism & Publishing

Society of Professional Journalists: CY8ER_N4TI0N leaked a database from this USA organization on the open web.

Sports, Events & Miscellaneous Sectors

Les Châtaigniers Residence: Actor wwxxcc published data on the open web indicating this Swiss real estate property was hit by Hive ransomware in 2021, exposing tenant and financial details.
French Handball Federation: Actor uhqqqqqqqqqqqqqqqqqq breached names, dates of birth, and emails from this sports organization, publishing them on the Tor network.
Festivity: Actor decipher sold 25,000 records (names, DOBs, keys/tokens) from this Kuwaiti events service on the open web.
Aviation Datalink System: XZeeoneOfc leaked a database of operational problems for FANS and CPDLC systems on the Tor network.
LaRouche Political Action Committee: XZeeoneOfc leaked donor records (names, amounts, employers) from this USA political organization on the Tor network.
Speakeasy Marketing Inc: Kirigaya leaked 73,000 records (names, emails, phones) from this USA marketing firm on the open web.
Sharp: Kirigaya leaked 100,932 user account records (emails, hashed passwords) from this Australian wholesale entity on the open web.
jain vadhu-var sanstha pune: Kirigaya leaked 50,883 member records (demographics, income) from this Indian organization on the open web.
khamamspa: Kirigaya leaked 85,680 booking records from this UK entity on the open web.
Towny: Kirigaya leaked 80,875 property and contact records (names, geolocations) from this Indian food & beverage entity on the open web.

Mass Datasets (Unknown/Multiple Origins)

100B Credential Database: MuddyWater advertised a search service for over 100 billion leaked username and password combinations on the open web.
Colombian Businesspeople Dataset: CryptoDead sold personal info, tax records, and passports of Colombian businesspeople with assets over USD 1 million on the open web.
50K B2B Records in Luxembourg: Actor courtika sold a 50,000-record B2B database on the open web.
500K French B2B Business Database: ANONIMOS48 sold detailed corporate info (SIRET/SIREN numbers, revenue, exec info) of 500,000 French businesses on the open web.
300K French Citizens Database: ANONIMOS48 sold 300,000 citizen records containing highly sensitive IBAN banking data, DOBs, and spouse details on the open web.
Job Vacancy Data: XZeeoneOfc leaked data from an unidentified career portal on the Tor network.

3.2 Initial Access

This category is dominated by the sale of network access, web shells, and highly sensitive developer environments.

Corporate Network & Web Shell Access (Brokered primarily by Pharaohs Team) The Pharaohs Team (Market/Channel) advertised unauthorized access to the following organizations on Telegram:

DK General Building Ltd (UK, Building and construction).+1
afs-insurance.co.uk (Unknown country, Insurance).
Julka Advies (Netherlands, Accounting).
GoodMani.pl (Poland, Other Industry).
Royal Studio (USA, Fashion & Apparel).
Joanna Stefankos Aesthetic Physiotherapy… (Poland, Other Industry).
Expert System Solution (USA, IT Services).
barflize.com (Unknown country, Social Media).
Ritz Pawz Salon & Spa (USA, Veterinary).
The Palace At Cordova (USA, Events Services).
Waveney Cakes (UK, Food Production).
D&S; SECURITY SERVICES, LLC (USA, Security).
CelebWorld (India, Online Publishing).
Otro Loco Mas Wines (Argentina, Food & Beverages).
ACED Asia (Japan, Other Industry).
satireklappe.de (Germany, Online Publishing).
Gen10vavoom (Unknown country, Consumer Services).
Pen Pundit (Australia, Marketing).
Grace Builders (Australia, Construction).
Paul Merchants Jewels and Metals LLP (India, Luxury Goods).
Leglobe.cd (Unknown country, Online Publishing).
Optimal Moving (USA, Consumer Services).
41 Contábil (Brazil, Accounting).
Lily Boutique (Chile, Retail).
egpl.befikry.com (Unknown).
My Gadget (Malaysia, Consumer Electronics).
Historic Core Dental Care (USA, Healthcare).
High Speed IPTV (Indonesia, Entertainment).
Kader Family Mart (Bangladesh, Consumer Goods).
Little Harvard Preschool (India, Education).
BPES Fresh Fruits Food Industries LLC (UAE, Retail).
Abdul Rafy Siddiqui (UAE, Graphic Design).
Regional (UAE, Environmental Services) – Web shell access.
Capybara SEO (Peru, IT Services).
66 Group (UAE, Leisure & Travel) – Web shell access.+2

Other Initial Access Providers:

Unidentified USA Shop: Actor ed1n1ca sold WordPress access to an e-commerce shop using a credit card iframe integration on the open web.
Multiple Companies: Actor privisnanet sold unauthorized access to PCs, emails, FTPs, and databases of various global companies on the open web.

Source Code and Developer Environments (Brokered by MrProfessor)

80 Repositories (Vietnam): Owner-level GitLab access sold on the open web for Unreal Engine 5 (UE5) game development projects.
Mobile Games (Vietnam): Owner-level GitLab access sold for four Unity-based mobile games (Android/iOS) with over 1M downloads.
120 Repositories: Owner-level GitLab access sold for Java-based astrology software projects.
Active Software Projects: Maintainer-level GitLab access sold for three actively developed software projects with high commit counts.+1

3.3 Defacements

Website defacements were highly prevalent, often functioning as digital vandalism or hacktivism.

Incidents driven by BABAYO EROR SYSTEM (via Telegram):

Saudara Teknik (Indonesia, Manufacturing).
Dr. Bani Real Alalaye Publications (Indonesia, Publishing).
GMG Webcare (Romania, IT Services).
Meteorstore subdomains (Indonesia, E-commerce).
Ministry of Home Affairs public information portal (Indonesia, Government).
Pakpak Bharat Regency portal (Indonesia, Government).
Palangka Raya City Government portal (Indonesia, Government).
WP Engine (USA, IT Services).
KOMINFO of Deli Serdang Regency (Indonesia, Government).
tctq7254.odns.fr (Unknown).

Other Defacement Incidents:

TrickBD.com (Bangladesh, Online Publishing) defaced by DEFACER INDONESIAN TEAM on Telegram.
Advanced Business Solutions Corporation Limited (Thailand, IT Services) defaced by EXADOS on Telegram.
Physicians Immigration (Unknown country, Professional Services) defaced by DEFACER INDONESIAN TEAM on Telegram.
Prisoner Rehabilitation Authority (Israel, Government) defaced by Conquerors Electronic Army on Telegram.
CROAMS (Morocco, Professional Services) defaced by Dz-Al-Qaqa on Telegram.

3.4 Cyber Attacks & Alerts

IFMNoticias Cyber Attack: This Colombian journalism outlet suffered a cyberattack disrupting its online news platform and content distribution. Emergency protocols were activated. While no data theft was disclosed, services were halted pending system integrity verification.+2
Target Alert – Maryam Rajavi: The threat actor “Shadow Cyber Security” posted an alert on Telegram indicating they are targeting Maryam Rajavi, associated with an Iranian Political Organization.

Conclusion

The cyber threat landscape on February 15, 2026, as analyzed through these 117 distinct incidents, reveals a highly industrialized and specialized underground economy. Threat actors are clearly dividing labor: groups like the Pharaohs Team specialize heavily in penetrating networks and reselling that initial access to downstream buyers, while actors like Kirigaya specialize in bulk data extraction and dissemination.+4

The targeting of critical infrastructure—ranging from SCADA systems in France and Spain to municipal surveillance systems in Germany and Israel—highlights a concerning vulnerability in operational technology connected to the internet. Furthermore, the exposure of highly sensitive datasets, such as the 300,000 French citizens’ IBAN records and the USA EAC problem reports, poses severe risks for widespread financial fraud and institutional disruption. Organizations must prioritize securing remote access, heavily monitoring developer environments (as evidenced by MrProfessor’s sales of GitLab admin rights), and hardening CMS platforms against defacement to defend against these prevailing trends.+4

Detected Incidents Draft Data

Alleged sale of unauthorized WordPress access to an unidentified Shop in USA
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to a WordPress-based e-commerce shop located in the United States (US). The listing indicates the store processes payments via a credit card iframe integration.
Date: 2026-02-15T23:58:26Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276160/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8d8d31d2-803d-4d7c-aa22-f56b99afa316.png
Threat Actors: ed1n1ca
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Ministry of Education, Science and Technology of Catamarca
Category: Data Breach
Content: The group claims to have breached data of Ministry of Education, Science and Technology of Catamarca. The compromised data reportedly includes Full name, address, email, DNI, date of birth, gender and marital status.
Date: 2026-02-15T23:54:05Z
Network: telegram
Published URL: https://t.me/crewcyber/708
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/83ba0562-0f93-4d53-a5bd-bcaf7bcd8d7a.png
https://d34iuop8pidsy8.cloudfront.net/0296f655-0c99-4786-aacf-46b7e1fc3ee1.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: Argentina
Victim Industry: Education
Victim Organization: ministry of education, science and technology of catamarca
Victim Site: web.catamarca.edu.ar
Alleged sale of various unauthorized accesses from multiple companies
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to multiple corporate and organizational entities across different countries. The actor advertises access to internal systems, including main PCs, emails, invoices, FTP, shells, databases, and other corporate infrastructure components.
Date: 2026-02-15T23:17:58Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276153/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9b751246-27e2-42b7-9b5b-b67fab1e1dcb.png
Threat Actors: privisnanet
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Ministry of Health and Population
Category: Data Breach
Content: The threat actor claims to be selling a database allegedly belonging to Egypt’s Ministry of Health e-portal, containing approximately 3.8 million records from 2019–2026. The listing suggests the dataset may include national ID numbers, patient names, phone numbers, addresses, medical decisions, diagnoses, procedures, treatment providers, and administrative case details.
Date: 2026-02-15T23:16:48Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-Egypt-Ministry-of-health-e-portal-3-8-million-record
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bd0abfe3-147c-473c-b68f-ea940f7f9b60.png
https://d34iuop8pidsy8.cloudfront.net/437a021c-4958-4245-98ea-d525329ef38a.png
Threat Actors: CrowStealer
Victim Country: Egypt
Victim Industry: Government & Public Sector
Victim Organization: ministry of health and population
Victim Site: mohp.gov.eg
Alleged leak of Colombian Businesspeople Dataset
Category: Data Breach
Content: The threat actor claims to be selling personal information allegedly leaked with Colombian businesspeople with assets exceeding USD 1 million. The listing suggests the dataset may include identification documents, tax records, chamber of commerce files, and legal representative IDs tied to multiple companies.
Date: 2026-02-15T23:09:40Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-Busines-Ppl-Colombia-CC-RUT-Dian-Passport-CE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1634662b-be22-4479-8b94-71fcad7a8e1e.png
https://d34iuop8pidsy8.cloudfront.net/5c36e64f-7171-470f-b167-60d3c9745fb5.png
Threat Actors: CryptoDead
Victim Country: Colombia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Les Châtaigniers Residence
Category: Data Breach
Content: The threat actor claims that Les Châtaigniers Residence was impacted by a Hive ransomware attack in 2021. attackers allegedly gained access to the property management systems, encrypted servers, and exfiltrated tenant data, including personal and financial details.
Date: 2026-02-15T22:59:58Z
Network: openweb
Published URL: https://breachforums.as/Thread-Les%E2%80%AFCh%C3%A2taigniers-Residence-CH-hit-by-Hive-ransomware-2021
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/945d4c41-29c0-4124-8a5b-f75f63e79b30.png
https://d34iuop8pidsy8.cloudfront.net/a296a6bb-c0b9-4f30-a171-4b7aefe324f2.png
Threat Actors: wwxxcc
Victim Country: Switzerland
Victim Industry: Real Estate
Victim Organization: les châtaigniers residence
Victim Site: chataigniers.ch
Alleged data breach of Beacon Pointe.
Category: Data Breach
Content: A threat actor claims to have compromised over 100k+ records associated with Beacon Pointe. The allegedly exposed data is said to include PII and other internal corporate data.
Date: 2026-02-15T21:38:11Z
Network: tor
Published URL: http://toolatedhs5dtr2pv6h5kdraneak5gs3sxrecqhoufc5e45edior7mqd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9a13463b-0c87-42b3-bc38-bea729251ae0.png
Threat Actors: ShinyHunters
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: beacon pointe
Victim Site: beaconpointe.com
BABAYO EROR SYSTEM targets the website of Saudara Teknik
Category: Defacement
Content: Group claims to have defaced the website of Saudara Teknik.
Date: 2026-02-15T21:16:55Z
Network: telegram
Published URL: https://t.me/c/3664625363/511
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/efef9ef6-dc9f-4e53-8897-9a4f0c3281f7.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Manufacturing & Industrial Products
Victim Organization: saudara teknik
Victim Site: saudareteknikbackup.viewtekno.com
Alleged data breach of Mercer Advisors
Category: Data Breach
Content: A threat actor claims to have compromised over 5 million records associated with Mercer Advisors. The allegedly exposed data is said to include PII and other internal corporate data.
Date: 2026-02-15T21:12:16Z
Network: tor
Published URL: http://toolatedhs5dtr2pv6h5kdraneak5gs3sxrecqhoufc5e45edior7mqd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1c838451-9920-4008-a8d1-d25b0cc45bb5.png
Threat Actors: ShinyHunters
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: mercer advisors
Victim Site: merceradvisors.com
BABAYO EROR SYSTEM targets the website of Dr. Bani Real Alalaye Publications
Category: Defacement
Content: Group claims to have defaced the website of Dr. Bani Real Alalaye Publications.
Date: 2026-02-15T21:04:24Z
Network: telegram
Published URL: https://t.me/c/3664625363/510
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9b432278-12c5-4430-b415-37c0a5e5ad79.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Publishing Industry
Victim Organization: dr. bani real alalaye publications
Victim Site: publications.drbanirealalaye.com
BABAYO EROR SYSTEM targets the website of GMG Webcare
Category: Defacement
Content: The group claims to have defaced the website of GMG Webcare
Date: 2026-02-15T20:43:55Z
Network: telegram
Published URL: https://t.me/c/3664625363/510
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0309210a-f458-42ad-b69c-db0c40757e49.jpg
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Romania
Victim Industry: Information Technology (IT) Services
Victim Organization: gmg webcare
Victim Site: ilova.gmgwebcare.ro
DEFACER INDONESIAN TEAM targets the website of TrickBD.com
Category: Defacement
Content: The group claims to have defaced the website of TrickBD.com
Date: 2026-02-15T20:41:52Z
Network: telegram
Published URL: https://t.me/c/2433981896/877
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/03e73ce4-2bbf-458a-a365-17d07d1cae04.jpg
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: Bangladesh
Victim Industry: Online Publishing
Victim Organization: trickbd.com
Victim Site: trickbd.com
Alleged data breach of SVI Assurances
Category: Data Breach
Content: The threat actor claims to be publishing data from a 2021 ransomware breach allegedly linked to the Avaddon group. The leaked data reportedly includes internal company documents, insurance contracts and policies, client account records, invoices, claims and complaints files, administrative and legal documents, correspondence, fleet management data, and various corporate files related to employees, customers, and business operations.
Date: 2026-02-15T20:24:23Z
Network: openweb
Published URL: https://breachforums.as/Thread-SVI-Assurances-%E2%80%93-French-insurance-broker-hit-by-Avaddon-ransomware-2021
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/39262d2b-f096-4f2e-bbb8-ade68712dc73.png
https://d34iuop8pidsy8.cloudfront.net/214d8d33-5c4a-4e1b-83b8-670c5e75b3ad.png
Threat Actors: wwxxcc
Victim Country: France
Victim Industry: Financial Services
Victim Organization: svi assurances
Victim Site: svi-assurances.com
EXADOS targets the website of Advanced Business Solutions Corporation Limited
Category: Defacement
Content: The group claims to have defaced the website of Advanced Business Solutions Corporation Limited
Date: 2026-02-15T20:11:04Z
Network: telegram
Published URL: https://t.me/EXA_DOS_KH/145
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1f98e49f-76ff-4267-b927-8562e7ab1c63.jpg
Threat Actors: EXADOS
Victim Country: Thailand
Victim Industry: Information Technology (IT) Services
Victim Organization: advanced business solutions corporation limited
Victim Site: absc.co.th
Alleged Sale of 50K B2B Records in Luxembourg
Category: Data Breach
Content: Threat Actor claims to be selling a database containing approximately 50,000 B2B records allegedly in Luxembourg.
Date: 2026-02-15T19:52:05Z
Network: openweb
Published URL: https://leakbase.la/threads/b2b-50k.48848/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/28b47372-d490-4102-b9bf-fc9ff46979be.png
Threat Actors: courtika
Victim Country: Luxembourg
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized access to an unidentified SCADA infrastructure in France
Category: Initial Access
Content: The group claims to have gained unauthorized access to an unidentified SCADA infrastructure in France.
Date: 2026-02-15T19:43:08Z
Network: telegram
Published URL: https://t.me/crewcyber/707
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/aec409c3-66cf-4cbf-9ac0-fe910a8ee12c.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Canada Goose
Category: Data Breach
Content: The threat actor claims they breached Canada Goose systems.which including customer contact information, payment and shipping details, billing/delivery addresses, purchased items, discounts, order notes, total orders, and email verification status. The dataset reportedly includes over 920k records linked to customers and transactions.
Date: 2026-02-15T18:44:23Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-Canada-Goose-Database-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/050133ae-3d7e-47f1-aac9-7e7b9aca3448.png
Threat Actors: cysc
Victim Country: Canada
Victim Industry: Fashion & Apparel
Victim Organization: canada goose
Victim Site: canadagoose.com
Alleged data breach of SimpleAgri
Category: Data Breach
Content: The threat actor claims to be Leaking a SQL database allegedly from SimpleAgri’s codex migration system. The leaked data is said to be around 1.06 GB and contains approximately 14,879 records. The database reportedly includes internal document management information such as user names, email addresses, document titles, categories, security classifications, file paths, document locations, creation dates, and related administrative records.
Date: 2026-02-15T18:40:52Z
Network: openweb
Published URL: https://darkforums.me/Thread-codex-migracion-simpleagri-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/92c528ea-b2e0-4a59-b5fb-189419c11edd.png
Threat Actors: Kirigaya
Victim Country: Colombia
Victim Industry: Agriculture & Farming
Victim Organization: simpleagri
Victim Site: simpleagri.com
Alleged Sale of Grocery Retail Customer Records in Spain
Category: Data Breach
Content: Threat Actor claims to be selling a database containing over 621,000 customer records allegedly linked to a grocery retail entity in Spain. The dataset includes customer names, email addresses, phone numbers, street addresses, postal codes, cities, states, and country details. The database contains approximately 476,000 unique phone numbers and 566,000 unique email addresses.
Date: 2026-02-15T18:39:06Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276132/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d3256b32-d35b-4a60-a0cd-b5722cefa9a5.png
Threat Actors: betway
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of MyLearningPlus
Category: Data Breach
Content: The threat actor claims to have obtained and leaked a database containing sensitive student academic records and internal school communication data, including exam results, student identities, parent notifications, and academic reminder messages from the educational platform.
Date: 2026-02-15T18:13:05Z
Network: openweb
Published URL: https://darkforums.me/Thread-mylearningplus-in
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/17620cb5-8acd-4ac4-aa61-a893ac059f68.png
Threat Actors: Kirigaya
Victim Country: India
Victim Industry: E-Learning
Victim Organization: mylearningplus
Victim Site: mylearningplus.in
Alleged unauthorized access to an unidentified reverse osmosis control panel system in Spain
Category: Initial Access
Content: The group claims to have gained unauthorized access to a reverse osmosis (RO) control panel system in Spain, alleging full visibility and control over connected operational components. The compromised interface reportedly displays channel selections, solenoid valve status, system runtime metrics, and detailed frequency drive parameters including voltage, frequency, current, and pressure readings also the ability to remotely start and stop the system, adjust acceleration and deceleration settings, and monitor or manage alarm conditions.
Date: 2026-02-15T18:03:34Z
Network: telegram
Published URL: https://t.me/op_morningstar/404
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3530569a-9f6c-421b-ae28-7b0251a66df0.jpg
Threat Actors: MORNING STAR
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of HMSCTL
Category: Data Breach
Content: The threat actor claims to have leaked the website of HMSCTL. The exposed data appears to include names, email addresses, hashed passwords, security questions and answers, account verification tokens, newsletter status, and account activity fields.
Date: 2026-02-15T17:12:44Z
Network: openweb
Published URL: https://darkforums.me/Thread-hmsctl-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b9b34019-e5a4-4b05-aa2f-b14fca667816.png
Threat Actors: Kirigaya
Victim Country: India
Victim Industry: Information Technology (IT) Services
Victim Organization: hmsctl
Victim Site: hmsctl.com
Alleged access to an unidentified CCTV system in Japan
Category: Initial Access
Content: The group claims to have gained unauthorized access to the CCTV system in Japan.
Date: 2026-02-15T16:52:38Z
Network: telegram
Published URL: https://t.me/zpentestalliance/1078
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e745b20c-ccb9-4189-b920-2b5154336a72.png
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Desa Karanrejo
Category: Data Breach
Content: A threat actor claims to have leaked a database allegedly containing resident data from Karanrejo village.
Date: 2026-02-15T16:43:47Z
Network: openweb
Published URL: https://darkforums.me/Thread-DATABASE-PENDUDUK-DESA-KARANREJO
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5b253e1b-062b-469c-9f5f-8da83929e492.png
Threat Actors: CY8ER_N4TI0N
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown
Alleegd data breach of Biocytogen
Category: Data Breach
Content: The threat actor alleged database leak involving Biocytogen. The leaked SQL database (approx. 126 MB) reportedly contains website backend data, including blog entries, internal content, media paths, and possible administrative or research-related records
Date: 2026-02-15T16:35:46Z
Network: openweb
Published URL: https://darkforums.me/Thread-biocytogen-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a906a7a8-f52c-479b-bc47-1222d1371dda.png
Threat Actors: Kirigaya
Victim Country: China
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: biocytogen
Victim Site: biocytogen.com
Alleged data breach of Baizid Steel
Category: Data Breach
Content: A threat actor claims to have leaked a database allegedly containing user or internal data related to Baizid Steel.
Date: 2026-02-15T16:13:40Z
Network: openweb
Published URL: https://darkforums.me/Thread-DATABASE-DATA-USER-BAIZID-STEEL
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fb204731-c1a7-40dd-a271-bef11f31697b.png
Threat Actors: CY8ER_N4TI0N
Victim Country: Bangladesh
Victim Industry: Manufacturing
Victim Organization: baizid steel
Victim Site: baizidsteel.com
Alleged leak of login credentials to an unidentified CCTV system in Israel
Category: Data Breach
Content: The group claims to have leaked login credentials to an unidentified CCTV system in Israel
Date: 2026-02-15T16:06:11Z
Network: telegram
Published URL: https://t.me/teambcs404/307
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/88436066-ee18-436b-b540-49dcb00f6c86.jpg
Threat Actors: Team Bangladesh cyber squad
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
BABAYO EROR SYSTEM targets the subdomains of Meteorstore
Category: Defacement
Content: The group claims to have defaced the website of Meterostore and its subdomains.The subdomains include: meteorstore.idtes.meteorstore.id
Date: 2026-02-15T16:02:32Z
Network: telegram
Published URL: https://t.me/c/3664625363/506
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f4ee6bb9-871c-4a9a-9ce9-dd8a04d1b0c4.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: E-commerce & Online Stores
Victim Organization: meteorstore
Victim Site: meteorstore.id
Alleged leak of 500K French B2B Business Database
Category: Data Breach
Content: A threat actor is offering a database allegedly containing 500,000 French B2B company records from France. The dataset including detailed corporate information such as company names, addresses, postal codes, SIRET/SIREN numbers, VAT details, business activity codes, legal structure, revenue, employee counts, and executive informations.
Date: 2026-02-15T15:57:02Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-FRENCH-B2B-500-K
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4307e8c5-2a3c-4e3e-b5d7-ff1d85cb5d86.png
Threat Actors: ANONIMOS48
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of 300K French Citizens Database
Category: Data Breach
Content: A threat actor is offering a database allegedly containing 300,000 French citizen records with sensitive personal and financial information. The dataset including names, surnames, dates of birth, addresses, phone numbers, spouse details, and IBAN banking information, suggesting potential use for identity theft, fraud, or financial scams.
Date: 2026-02-15T15:52:19Z
Network: openweb
Published URL: https://breachforums.as/Thread-french-300k-with-iban-and-dob-france
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6f3cf291-6379-4531-8109-40189d26ffe1.png
Threat Actors: ANONIMOS48
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 100B Credential Database
Category: Data Breach
Content: A threat actor is advertising a credential search service claiming access to over 100 billion leaked username and password combinations.
Date: 2026-02-15T15:36:14Z
Network: openweb
Published URL: https://breachforums.as/Thread-100b-domain-usernmae-password-in-free-search-%E7%99%BB%E5%BD%95%E5%87%AD%E8%AF%81-%E8%B4%A6%E6%88%B7%E5%AF%86%E7%A0%81
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/86245176-3abf-4479-847f-70a2bc0ecf1e.png
https://d34iuop8pidsy8.cloudfront.net/e60e8be7-b906-4abf-a1a8-753def67b56f.png
https://d34iuop8pidsy8.cloudfront.net/651efabf-7009-4b01-9813-abc6a7f29ca9.png
Threat Actors: MuddyWater
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of State Duma of the Russian Federation
Category: Data Breach
Content: The threat actor claims to have breached data from State Duma of the Russian Federation.
Date: 2026-02-15T15:33:22Z
Network: openweb
Published URL: https://x.com/CyberUnknown45/status/2022938926294667447
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/00480c1f-3e5c-4d6c-83b4-1d59740d5cbb.png
https://d34iuop8pidsy8.cloudfront.net/759793af-5e01-4a1d-ab3e-ec9a3ed5b1f2.png
Threat Actors: CyberUnknown
Victim Country: Russia
Victim Industry: Government Administration
Victim Organization: state duma of the russian federation
Victim Site: duma.gov.ru
BABAYO EROR SYSTEM targets the public information portal of Indonesias Ministry of Home Affairs
Category: Defacement
Content: The group claims to have defaced the website of public information portal of the Ministry of Home Affairs
Date: 2026-02-15T15:33:04Z
Network: telegram
Published URL: https://t.me/c/3664625363/507
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c9ab1bf1-b23e-445f-b6c9-98ade8e1caa6.jpg
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: ministry of home affairs of indonesia
Victim Site: ppid.kemendagri.go.id
Alleged data breach of Lamaisonducitron
Category: Data Breach
Content: The threat actor claims to have exfiltrated company data and published a leaked CSV database containing around 19,800 records, including customer and order-related information, on its leak site after the attack.
Date: 2026-02-15T15:27:58Z
Network: openweb
Published URL: https://breachforums.as/Thread-Lamaisonducitron-com-%E2%80%93-French-online-store-APT73-Nov-2024
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2d5af2b2-f932-4804-923f-7d7bcc786c0e.png
https://d34iuop8pidsy8.cloudfront.net/d60e9dcf-7fea-42e8-98de-c21ec298be92.png
Threat Actors: wwxxcc
Victim Country: France
Victim Industry: Food & Beverages
Victim Organization: lamaisonducitron
Victim Site: lamaisonducitron.com
Alleged data breach of National Research Tomsk Polytechnic University
Category: Data Breach
Content: The threat actor claims to have breached data from National Research Tomsk Polytechnic University.
Date: 2026-02-15T15:24:53Z
Network: openweb
Published URL: https://x.com/CyberUnknown45/status/2022938926294667447
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b02ea1e9-d711-4b69-aea4-88121d44097f.png
https://d34iuop8pidsy8.cloudfront.net/7ee63144-7df2-4a56-bd1f-c716249220ab.png
Threat Actors: CyberUnknown
Victim Country: Russia
Victim Industry: Education
Victim Organization: national research tomsk polytechnic university
Victim Site: tpu.ru
BABAYO EROR SYSTEM targets the website of Pakpak Bharat Regency
Category: Defacement
Content: The group claims to have defaced the website of Indonesian Regional portal of the Pakpak Bharat Regency
Date: 2026-02-15T15:23:38Z
Network: telegram
Published URL: https://t.me/c/3664625363/505
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b1d5e2ce-8163-4be0-b927-dfe7308d0809.jpg
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: indonesian regional portal of the pakpak bharat regency
Victim Site: ppid.pakpakbharatkab.go.id
Alleged data breach of the Anapa Institute of Law and Information Technology
Category: Data Breach
Content: The threat actor claims to have breached data from the Anapa Institute of Law and Information Technology.
Date: 2026-02-15T15:12:32Z
Network: openweb
Published URL: https://x.com/CyberUnknown45/status/2022938926294667447
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b6c368b5-9ab7-4195-9682-5adec3f2341d.png
https://d34iuop8pidsy8.cloudfront.net/82d7ace6-7a21-4f62-8bfd-1264f0723084.png
Threat Actors: CyberUnknown
Victim Country: Russia
Victim Industry: Education
Victim Organization: anapa institute of law and information technology
Victim Site: aitanapa.ru
BABAYO EROR SYSTEM targets the website of Indonesian Regional portals of the Palangka Raya City Government
Category: Defacement
Content: The group claims to have defaced the website of Indonesian Regional portals of the Palangka Raya City Government
Date: 2026-02-15T15:00:29Z
Network: telegram
Published URL: https://t.me/c/3664625363/505
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b429ed1f-0f90-4dc7-96a8-16e974ce9572.jpg
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: indonesian regional portals of the palangka raya city government
Victim Site: ppid.palangkaraya.go.id
Alleged unauthorized access to an unidentified industrial heat treatment furnace in South korea.
Category: Initial Access
Content: The Group claims to have gained unauthorized access to an industrial heat treatment furnace control system.
Date: 2026-02-15T14:58:14Z
Network: telegram
Published URL: https://t.me/c/3041653742/132
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/00921611-3060-4bba-a065-30f9aa2f1f31.png
Threat Actors: AL-MUJAHIDEEN FORCE 313
Victim Country: South Korea
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
DEFACER INDONESIAN TEAM targets the website of Physicians Immigration
Category: Defacement
Content: Group claims to have defaced the website of Physicians Immigration.
Date: 2026-02-15T14:55:34Z
Network: telegram
Published URL: https://t.me/c/2433981896/875
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e7a247e0-a165-4ca0-992d-62101e9d15b1.png
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: Unknown
Victim Industry: Professional Services
Victim Organization: physicians immigration
Victim Site: physiciansimmigration.com
Cyber Attack Hits IFMNoticias
Category: Cyber Attack
Content: IFMNOTICIAS reported a cyberattack that affected its digital infrastructure, resulting in the temporary disruption of its online news platform and related services. The incident impacted the outlet’s ability to publish and distribute content through its website, prompting immediate response measures by its technical team. Emergency security protocols were activated to contain the situation, and specialists were engaged to assess the scope and origin of the attack. While the organization did not disclose evidence of data theft, precautionary steps were taken to safeguard systems and user information during the review process. Investigations remain ongoing, and services are expected to be fully restored once system integrity and security are verified.
Date: 2026-02-15T14:54:34Z
Network: openweb
Published URL: https://juanpaz.net/vil-ataque-cibernetico-contra-ifmnoticias/
Screenshots:
None
Threat Actors: Unknown
Victim Country: Colombia
Victim Industry: Newspapers & Journalism
Victim Organization: ifmnoticias
Victim Site: ifmnoticias.com
Alleged data breach of Kerch Polytechnic College
Category: Data Breach
Content: The threat actor claims to have breached data from Kerch Polytechnic College.
Date: 2026-02-15T14:46:33Z
Network: openweb
Published URL: https://x.com/CyberUnknown45/status/2022938926294667447
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/95538e41-0dbb-4f06-9499-7d410390ce66.png
https://d34iuop8pidsy8.cloudfront.net/1813cedf-c0c1-4cdf-a948-d3404cb4d05b.png
Threat Actors: CyberUnknown
Victim Country: Russia
Victim Industry: Education
Victim Organization: kerch polytechnic college
Victim Site: kerchpoliteh.ru
Alleged data breach of Society of Professional Journalists
Category: Data Breach
Content: The threat actor claims to have breached data from Society of Professional Journalists.
Date: 2026-02-15T14:40:54Z
Network: openweb
Published URL: https://darkforums.me/Thread-DATABASE-SPJ
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8c90fb99-7ae0-41a4-8326-357aab24230f.png
Threat Actors: CY8ER_N4TI0N
Victim Country: USA
Victim Industry: Newspapers & Journalism
Victim Organization: society of professional journalists
Victim Site: spj.org
Alleged unauthorized access to DK General Building Ltd
Category: Initial Access
Content: Group claims to have gained unauthorized access to DK General Building Ltd.
Date: 2026-02-15T14:40:35Z
Network: telegram
Published URL: https://t.me/phteammarket/257
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/eef1da4b-678c-4cbc-81d4-0de20510dc98.png
Threat Actors: Pharaohs Team market
Victim Country: UK
Victim Industry: Building and construction
Victim Organization: dk general building ltd
Victim Site: dkgeneralbuildingltd.com
Alleged data breach of French Handball Federation
Category: Data Breach
Content: The threat claims to have breached data from French Handball Federation. The compromised data reportedly contains records including names, dates of birth, and email addresses.
Date: 2026-02-15T14:39:15Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-FR-FFHandbal-F%C3%A9d%C3%A9ration-Fran%C3%A7aise-de-Handball
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f4bb0600-3514-4045-8ee5-1c3bf7e53ac2.png
https://d34iuop8pidsy8.cloudfront.net/4391213c-dc39-434e-8a62-7aa679a17fe4.png
Threat Actors: uhqqqqqqqqqqqqqqqqqq
Victim Country: France
Victim Industry: Sports
Victim Organization: french handball federation
Victim Site: ffhandball.fr
Alleged unauthorized access to afs-insurance.co.uk
Category: Initial Access
Content: Group claims to have gained unauthorized access to afs-insurance.co.uk
Date: 2026-02-15T14:33:30Z
Network: telegram
Published URL: https://t.me/phteammarket/257
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1cef90f5-d8a8-467c-9ef5-6ca165a2779a.png
Threat Actors: Pharaohs Team market
Victim Country: Unknown
Victim Industry: Insurance
Victim Organization: Unknown
Victim Site: afs-insurance.co.uk
Alleged Unauthorized Access to German Surveillance Systems
Category: Initial Access
Content: The group claims to have gained unauthorized access to surveillance camera systems across multiple organizations in Germany during the 62nd Munich Security Conference (MSC), allegedly exposing weak security controls.
Date: 2026-02-15T14:25:56Z
Network: telegram
Published URL: https://t.me/c/2787466017/2287
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1bb2db8b-14a0-4a8c-bded-e0169c4cc647.png
Threat Actors: NoName057(16)
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized access to Julka Advies
Category: Initial Access
Content: Group claims to have gained unauthorized access to Julka Advies.
Date: 2026-02-15T14:24:42Z
Network: telegram
Published URL: https://t.me/phteammarket/257
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e4f589f6-2a0c-41fc-abef-035008d90487.png
Threat Actors: Pharaohs Team market
Victim Country: Netherlands
Victim Industry: Accounting
Victim Organization: julka advies
Victim Site: julkaadvies.nl
Alleged unauthorized access to GoodMani.pl
Category: Initial Access
Content: Group claims to have gained unauthorized access to GoodMani.pl.
Date: 2026-02-15T14:21:16Z
Network: telegram
Published URL: https://t.me/phteammarket/257
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d09d97d4-bf70-4166-acf9-9bad15c7799f.png
Threat Actors: Pharaohs Team market
Victim Country: Poland
Victim Industry: Other Industry
Victim Organization: goodmani.pl
Victim Site: goodmani.pl
Alleged unauthorized access to Royal Studio
Category: Initial Access
Content: Group claims to have gained unauthorized access to Royal Studio.
Date: 2026-02-15T14:18:07Z
Network: telegram
Published URL: https://t.me/phteammarket/257
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/82959bae-30cb-4892-ac7a-b11e4b89d451.png
Threat Actors: Pharaohs Team market
Victim Country: USA
Victim Industry: Fashion & Apparel
Victim Organization: royal studio
Victim Site: royalstudio.uk
Alleged unauthorized access to Joanna Stefankos Aesthetic Physiotherapy and Massage Office
Category: Initial Access
Content: Group claims to have gained unauthorized access to Joanna Stefankos Aesthetic Physiotherapy and Massage Office.
Date: 2026-02-15T14:17:19Z
Network: telegram
Published URL: https://t.me/phteammarket/257
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ac01293e-91c1-47fe-98ac-2306dea5e565.png
Threat Actors: Pharaohs Team market
Victim Country: Poland
Victim Industry: Other Industry
Victim Organization: joanna stefankos aesthetic physiotherapy and massage office
Victim Site: fjstefanko.pl
Alleged unauthorized access to Expert System Solution
Category: Initial Access
Content: Group claims to have gained unauthorized access to Expert System Solution.
Date: 2026-02-15T14:15:38Z
Network: telegram
Published URL: https://t.me/phteammarket/256
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3f821f5e-91ee-4f2b-bab1-f4270635f471.png
Threat Actors: Pharaohs Team market
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: expert system solution
Victim Site: esspk.com
Alleged unauthorized access to barflize.com
Category: Initial Access
Content: Group claims to have gained unauthorized access to barflize.com.
Date: 2026-02-15T14:14:15Z
Network: telegram
Published URL: https://t.me/phteammarket/256
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/42e46b05-709f-464e-826c-95b9b398f05f.png
Threat Actors: Pharaohs Team market
Victim Country: Unknown
Victim Industry: Social Media & Online Social Networking
Victim Organization: barflize.com
Victim Site: barflize.com
Alleged unauthorized access to Ritz Pawz Salon & Spa
Category: Initial Access
Content: Group claims to have gained unauthorized access to Ritz Pawz Salon & Spa.
Date: 2026-02-15T14:04:47Z
Network: telegram
Published URL: https://t.me/phteammarket/256
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/922d002a-8e06-45e3-8388-7b392ad2ce47.png
Threat Actors: Pharaohs Team Channel
Victim Country: USA
Victim Industry: Veterinary
Victim Organization: ritz pawz salon & spa
Victim Site: ritzpawzsalonandspa.com
Shadow Cyber Security claims to target Maryam Rajavi
Category: Alert
Content: A recent post by the group indicates that they are targeting Maryam Rajavi.
Date: 2026-02-15T13:56:06Z
Network: telegram
Published URL: https://t.me/Shadow01Cyber/337
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2f819983-9317-44ef-a3ba-4be22f9b902f.png
Threat Actors: Shadow Cyber Security
Victim Country: Iran
Victim Industry: Political Organization
Victim Organization: maryam rajavi
Victim Site: maryam-rajavi.com
Alleged unauthorized access to The Palace At Cordova
Category: Initial Access
Content: Group claims to have gained unauthorized access to The Palace At Cordova.
Date: 2026-02-15T13:51:47Z
Network: telegram
Published URL: https://t.me/phteammarket/256
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/34f749f9-0fb2-46b2-a705-91795afbb242.png
Threat Actors: Pharaohs Team market
Victim Country: USA
Victim Industry: Events Services
Victim Organization: the palace at cordova
Victim Site: thepalaceatcordova.com
Alleged unauthorized access to Waveney Cakes
Category: Initial Access
Content: Group claims to have gained unauthorized access to Waveney Cakes.
Date: 2026-02-15T13:48:21Z
Network: telegram
Published URL: https://t.me/phteammarket/257
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/91f851bf-87f8-4adf-8445-370de64499ca.png
Threat Actors: Pharaohs Team market
Victim Country: UK
Victim Industry: Food Production
Victim Organization: waveney cakes
Victim Site: waveneycakes.com
Alleged unauthorized access to D&S; SECURITY SERVICES, LLC
Category: Initial Access
Content: Group claims to have gained unauthorized access to D&S; SECURITY SERVICES, LLC.
Date: 2026-02-15T13:47:48Z
Network: telegram
Published URL: https://t.me/phteammarket/256
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cdd8056b-d7ec-43af-8ead-99a3a2f5445b.png
Threat Actors: Pharaohs Team market
Victim Country: USA
Victim Industry: Security & Investigations
Victim Organization: d&s; security services, llc
Victim Site: dssecurityllc.com
Alleged unauthorized access to CelebWorld
Category: Initial Access
Content: Group claims to have gained unauthorized access to CelebWorld.
Date: 2026-02-15T13:47:15Z
Network: telegram
Published URL: https://t.me/phteammarket/256
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ad54411d-4715-497a-8cd2-f13f32623bb3.png
Threat Actors: Pharaohs Team market
Victim Country: India
Victim Industry: Online Publishing
Victim Organization: celebworld
Victim Site: celebworld.co
Conquerors Electronic Army targets the website of Prisoner Rehabilitation Authority
Category: Defacement
Content: Group claims to have defaced the website of Prisoner Rehabilitation Authority.
Date: 2026-02-15T13:20:05Z
Network: telegram
Published URL: https://t.me/CEArmy/4747
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/61752030-c257-4b2d-bb89-f4a77b5d7b42.png
Threat Actors: ‏Conquerors Electronic Army
Victim Country: Israel
Victim Industry: Government Administration
Victim Organization: prisoner rehabilitation authority
Victim Site: worker.pra.co.il
Alleged unauthorized access to Otro Loco Mas Wines
Category: Initial Access
Content: Group claims to have gained unauthorized access to Otro Loco Mas Wines.
Date: 2026-02-15T13:12:23Z
Network: telegram
Published URL: https://t.me/phteammarket/256
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f92c1e26-9ea3-41c4-9621-5243d4b1e6f6.png
Threat Actors: Pharaohs Team market
Victim Country: Argentina
Victim Industry: Food & Beverages
Victim Organization: otro loco mas wines
Victim Site: otrolocomaswines.com
Alleged unauthorized access to ACED Asia
Category: Initial Access
Content: Group claims to have gained unauthorized access to ACED Asia.
Date: 2026-02-15T13:03:02Z
Network: telegram
Published URL: https://t.me/phteammarket/256
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c9afc669-2cb7-46a6-a5d4-09823f49d403.png
Threat Actors: Pharaohs Team market
Victim Country: Japan
Victim Industry: Other Industry
Victim Organization: aced asia
Victim Site: aced.asia
Alleged data sale of Snapchat
Category: Data Breach
Content: The threat actor claims to be selling data from Snapchat, allegedly containing Snapchat ATO and a full account dump with PII, including authentication tokens, nonces, API responses, partial card details, client and session information, and more.
Date: 2026-02-15T13:02:49Z
Network: openweb
Published URL: https://darkforums.me/Thread-Selling-Snapchat-ATO-Full-Account-Dump-With-PII
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/69935db3-30a8-4410-a822-8ba300d9a8fd.png
https://d34iuop8pidsy8.cloudfront.net/ffb9b294-246b-4f6f-8790-4ca7a1d0b0a6.png
https://d34iuop8pidsy8.cloudfront.net/62a3450f-10f8-4106-80a5-c7e69105adbc.png
Threat Actors: xpl0itrs
Victim Country: USA
Victim Industry: Social Media & Online Social Networking
Victim Organization: snapchat
Victim Site: snapchat.com
Alleged unauthorized access to satireklappe.de
Category: Initial Access
Content: Group claims to have gained unauthorized access to satireklappe.de
Date: 2026-02-15T13:00:45Z
Network: telegram
Published URL: https://t.me/phteammarket/256
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e7c67681-519e-4173-9dbe-f7117da05a0f.png
Threat Actors: Pharaohs Team market
Victim Country: Germany
Victim Industry: Online Publishing
Victim Organization: satireklappe.de
Victim Site: satireklappe.de
BABAYO EROR SYSTEM targets the website of an tctq7254.odns.fr
Category: Defacement
Content: Group claims to have defaced the website of an tctq7254.odns.fr.
Date: 2026-02-15T12:44:13Z
Network: telegram
Published URL: https://t.me/c/3664625363/503
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dbd89f54-56a5-4d7f-aa8e-0973f2157a2d.png
https://d34iuop8pidsy8.cloudfront.net/80f56e41-282d-475a-adb7-98fa832fb41f.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: tctq7254.odns.fr
Alleged unauthorized access to Gen10vavoom
Category: Initial Access
Content: Group claims to have gained unauthorized access to Gen10vavoom.
Date: 2026-02-15T12:14:01Z
Network: telegram
Published URL: https://t.me/phteammarket/255
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/74857aee-335e-416e-9b53-1f569e7fb8a6.png
Threat Actors: Pharaohs Team market
Victim Country: Unknown
Victim Industry: Consumer Services
Victim Organization: gen10vavoom
Victim Site: gen10vavoom.com
Alleged data breach of Rolladenplanet
Category: Data Breach
Content: The threat actor claims to have breached data from Rolladenplanet. The compromised data reportedly contains 5,504,335 records including names, addresses, postal codes, cities, phone numbers, and email addresses.
Date: 2026-02-15T11:18:53Z
Network: openweb
Published URL: https://darkforums.me/Thread-devrus-rolladenplanet-tv
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c1606d83-c253-4a0b-95eb-6c7fb25bac01.png
Threat Actors: Kirigaya
Victim Country: Germany
Victim Industry: Manufacturing
Victim Organization: rolladenplanet
Victim Site: devrus.rolladenplanet.tv
Alleged data sale of Festivity
Category: Data Breach
Content: The threat actor claims to be selling 25,000 records from Festivity, allegedly containing customers’ full names, dates of birth, email addresses, phone numbers, and keys/tokens.
Date: 2026-02-15T10:52:51Z
Network: openweb
Published URL: https://breachforums.cz/index.php?threads/festivity-com-kw-database.583/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c25c33f3-74b7-45ec-b1d0-e0916d906e18.png
Threat Actors: decipher
Victim Country: Kuwait
Victim Industry: Events Services
Victim Organization: festivity
Victim Site: festivity.com.kw
Alleged unauthorized access to Pen Pundit
Category: Initial Access
Content: Group claims to have gained unauthorized access to Pen Pundit.
Date: 2026-02-15T10:44:35Z
Network: telegram
Published URL: https://t.me/phteammarket/255
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fc57bc1b-066f-4c63-9c60-88eed687ec55.png
Threat Actors: Pharaohs Team market
Victim Country: Australia
Victim Industry: Marketing, Advertising & Sales
Victim Organization: pen pundit
Victim Site: penpundit.com
Alleged unauthorized access to Grace Builders
Category: Initial Access
Content: Group claims to have gained unauthorized access to Grace Builders.
Date: 2026-02-15T10:38:19Z
Network: telegram
Published URL: https://t.me/phteammarket/255
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2d1afa68-5838-48cc-a9b7-083852c320ed.png
Threat Actors: Pharaohs Team Channel
Victim Country: Australia
Victim Industry: Building and construction
Victim Organization: grace builders
Victim Site: gracebuilders.com.au
Alleged unauthorized access to Paul Merchants Jewels and Metals LLP
Category: Initial Access
Content: Group claims to have gained unauthorized access to Paul Merchants Jewels and Metals LLP.
Date: 2026-02-15T10:35:15Z
Network: telegram
Published URL: https://t.me/phteammarket/255
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/408f101c-399c-4fa9-9c53-f1bdcde24785.png
Threat Actors: Pharaohs Team Channel
Victim Country: India
Victim Industry: Luxury Goods & Jewelry
Victim Organization: paul merchants jewels and metals llp
Victim Site: paulgold.in
Alleged unauthorized access to Leglobe.cd
Category: Initial Access
Content: Group claims to have gained unauthorized access to Leglobe.cd
Date: 2026-02-15T10:24:58Z
Network: telegram
Published URL: https://t.me/phteammarket/255
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8bac59c3-0243-4aa4-9b62-61d12de8b335.png
Threat Actors: Pharaohs Team Channel
Victim Country: Unknown
Victim Industry: Online Publishing
Victim Organization: leglobe.cd
Victim Site: leglobe.cd
BABAYO EROR SYSTEM targets the website of Department of Communication and Informatics (KOMINFO) of Deli Serdang Regency
Category: Defacement
Content: Department of Communication and Informatics (KOMINFO) of Deli Serdang Regency.
Date: 2026-02-15T10:24:14Z
Network: telegram
Published URL: https://t.me/c/3664625363/496
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/127a9ba9-bb54-49ce-9096-a16f43fd336b.jpg
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: department of communication and informatics (kominfo) of deli serdang regency
Victim Site: ppid.deliserdangkab.go.id
Alleged unauthorized access to Optimal Moving
Category: Initial Access
Content: Group claims to have gained unauthorized access to Optimal Moving.
Date: 2026-02-15T10:16:25Z
Network: telegram
Published URL: https://t.me/phteammarket/255
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f7e0ba57-9de8-4133-befb-e216e968bed0.png
Threat Actors: Pharaohs Team market
Victim Country: USA
Victim Industry: Consumer Services
Victim Organization: optimal moving
Victim Site: optimal-moving.com
Alleged unauthorized access to 41 Contábil
Category: Initial Access
Content: Group claims to have gained unauthorized access to 41 Contábil.
Date: 2026-02-15T10:07:55Z
Network: telegram
Published URL: https://t.me/phteammarket/255
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/25d1410f-38fd-48df-b7e0-780abda661a9.png
Threat Actors: Pharaohs Team Channel
Victim Country: Brazil
Victim Industry: Accounting
Victim Organization: 41 contábil
Victim Site: 41contabil.com.br
Alleged unauthorized access to Lily Boutique
Category: Initial Access
Content: Group claims to have gained unauthorized access to Lily Boutique.
Date: 2026-02-15T10:04:25Z
Network: telegram
Published URL: https://t.me/phteammarket/255
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f968f06e-d087-446c-aa11-86c6da8491d1.png
Threat Actors: Pharaohs Team Channel
Victim Country: Chile
Victim Industry: Retail Industry
Victim Organization: lily boutique
Victim Site: lilyboutiquevillarrica.skywebsd.cl
Alleged unauthorized access to egpl.befikry.com
Category: Initial Access
Content: Group claims to have gained unauthorized access to egpl.befikry.com.
Date: 2026-02-15T10:03:23Z
Network: telegram
Published URL: https://t.me/phteammarket/255
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/27e0310b-881d-4cb3-b28c-594c5121f0af.png
Threat Actors: Pharaohs Team market
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: egpl.befikry.com
Alleged unauthorized access to My Gadget
Category: Initial Access
Content: Group claims to have gained unauthorized access to My Gadget.
Date: 2026-02-15T10:01:10Z
Network: telegram
Published URL: https://t.me/phteammarket/255
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1db438e0-fd95-46cc-b64c-7ac2b33e83e4.png
Threat Actors: Pharaohs Team market
Victim Country: Malaysia
Victim Industry: Consumer Electronics
Victim Organization: my gadget
Victim Site: gadget.my
Alleged unauthorized access to Historic Core Dental Care
Category: Initial Access
Content: Group claims to have gained unauthorized access to Historic Core Dental Care.
Date: 2026-02-15T09:57:40Z
Network: telegram
Published URL: https://t.me/phteammarket/255
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4a4ffbab-6f91-4c53-b087-467043964e77.png
Threat Actors: Pharaohs Team market
Victim Country: USA
Victim Industry: Hospital & Health Care
Victim Organization: historic core dental care
Victim Site: downtownladentalcare.webmasterindia.net
Alleged unauthorized access to High Speed IPTV
Category: Initial Access
Content: Group claims to have gained unauthorized access to High Speed IPTV.
Date: 2026-02-15T09:56:49Z
Network: telegram
Published URL: https://t.me/phteammarket/255
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bbac60d2-11ab-4158-8e8b-7c50b48b67ad.png
Threat Actors: Pharaohs Team market
Victim Country: Indonesia
Victim Industry: Entertainment & Movie Production
Victim Organization: high speed iptv
Victim Site: highspeediptv.com
Alleged unauthorized access to Kader Family Mart
Category: Initial Access
Content: Group claims to have gained unauthorized access to Kader Family Mart.
Date: 2026-02-15T09:56:05Z
Network: telegram
Published URL: https://t.me/phteammarket/255
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c8649579-5bdd-457e-85e3-e40735c16983.png
Threat Actors: Pharaohs Team market
Victim Country: Bangladesh
Victim Industry: Consumer Goods
Victim Organization: kader family mart
Victim Site: kfmbd.com
Alleged unauthorized access to Little Harvard Preschool
Category: Initial Access
Content: Group claims to have gained unauthorized access to Little Harvard Preschool.
Date: 2026-02-15T09:45:57Z
Network: telegram
Published URL: https://t.me/phteammarket/255
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4a4da2ce-86c0-4127-80a2-4d91dda3b51a.png
Threat Actors: Pharaohs Team market
Victim Country: India
Victim Industry: Education
Victim Organization: little harvard preschool
Victim Site: littleharvardpreschool.com
Alleged leak of Job Vacancy data
Category: Data Breach
Content: The threat actor claims to have leaked data from a job vacancy career portal.
Date: 2026-02-15T09:04:03Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-Job-Vacancy-Database-Career-Portal
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c9fbd367-daff-4116-889e-9e1fa58325ac.png
https://d34iuop8pidsy8.cloudfront.net/dd0487f4-b1d2-4b58-8e3e-ebc1bde25bbb.png
Threat Actors: XZeeoneOfc
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Aviation Datalink System
Category: Data Breach
Content: Threat actor claims to have leaked database of operational issues with the Aviation Datalink System, containing 43 aircraft and 9 ground system problems related to FANS and CPDLC systems in the North Atlantic region.
Date: 2026-02-15T09:03:46Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-Aviation-Datalink-System-Problem-Database-FANS-CPDLC
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9eb9628d-2a7a-4063-83a3-be5e58ef8e3d.png
Threat Actors: XZeeoneOfc
Victim Country: Unknown
Victim Industry: Airlines & Aviation
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of godaddy.style4sure.com
Category: Data Breach
Content: The threat actor claims to have leaked 67.5 MB of SQL data from godaddy.style4sure.com, allegedly containing 3,772,622 rows of data, including addresses, country, ZIP codes, mobile numbers, user IDs, and more.
Date: 2026-02-15T08:55:06Z
Network: openweb
Published URL: https://darkforums.me/Thread-godaddy-style4sure-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f02f35af-0ad4-4642-908b-2ceaa21e7c66.png
Threat Actors: Kirigaya
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: godaddy.style4sure.com
Alleged data breach of LaRouche Political Action Committee
Category: Data Breach
Content: The threat actor claims to have breached data from the LaRouche Political Action Committee, allegedly containing names, donation amounts, employer names, and more.
Date: 2026-02-15T08:30:05Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-Database-Donasi-Politik-Larouche-Political-Action-Committee
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c432ea77-4fe8-445e-b66f-a0d63450e289.png
Threat Actors: XZeeoneOfc
Victim Country: USA
Victim Industry: Political Organization
Victim Organization: larouche political action committee
Victim Site: larouchepac.com
Babayo Error System targets the website of WP Engine
Category: Defacement
Content: The group claims to have defaced the website of WP Engine.
Date: 2026-02-15T08:24:06Z
Network: telegram
Published URL: https://t.me/c/3664625363/499
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bb43f205-a486-41e4-b861-1f69a77b1710.png
Threat Actors: Babayo Error System
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: wp engine
Victim Site: wpengine.com
Alleged data breach of Problem Reports to EAC
Category: Data Breach
Content: The threat actor claims to have leaked data allegedly containing detailed election system issue reports, including vendor names, system names, certification numbers, approval dates, hardware and software versions, firmware details, and more.
Date: 2026-02-15T08:20:50Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DOCUMENTS-Problem-Reports-to-EAC-4-22-11
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a1f89331-b88c-4b1f-b797-0c1a4eb4ef54.png
Threat Actors: XZeeoneOfc
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of Indonesian Presidential Election Voters List
Category: Data Breach
Content: Threat actor claims to have leaked the voter list of 463,000 Indonesian presidential and vice presidential general election voters.
Date: 2026-02-15T08:18:34Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-DATABASE-463DAFTAR-PEMILIH-TETAP-PEMILIHAN-UMUM-PRESIDEN-DAN-WAKIL-PRESIDEN
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/91e1c0ed-38e1-41aa-9330-dcbc64ee22d0.png
Threat Actors: ShadowNex
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Ecole dIngénieurs en Informatique (EPITA)
Category: Data Breach
Content: The threat actor claims to be leaked data from Ecole dIngénieurs en Informatique (EPITA). The compromised data reportedly contains approximately 14,753 student records, including names, usernames, email addresses, graduation year information
Date: 2026-02-15T07:12:37Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-FR-Epita-cyber-school
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5db41a2d-d586-4bf8-a600-838100e0636a.png
Threat Actors: yneov18
Victim Country: France
Victim Industry: Education
Victim Organization: ecole dingénieurs en informatique (epita)
Victim Site: epita.fr
Alleged data breach of Vendi
Category: Data Breach
Content: The threat actor claims to be leaked data from Vendi . The compromised data reportedly contains id, user id, user name, category id, category name, channel name, tax status id, channel id, tax status code, name, address, register number, email and phone number
Date: 2026-02-15T06:35:47Z
Network: openweb
Published URL: https://darkforums.me/Thread-vendi-pk
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e26e00ba-7a7d-4350-937b-48d6c5ae2cd6.png
Threat Actors: Kirigaya
Victim Country: Pakistan
Victim Industry: Software Development
Victim Organization: vendi
Victim Site: vendi.pk
Alleged data leak of CITOC
Category: Data Breach
Content: The threat actor claims to be leaked data from CITOC. The compromised data reportedly contains approximately 13,922,772 education and internship-related records, including student names, location details, and training/class references.
Date: 2026-02-15T06:27:40Z
Network: openweb
Published URL: https://darkforums.me/Thread-citoc-dscloud-biz
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5fad7b89-f9af-4b9f-a27b-649c44369741.png
Threat Actors: Kirigaya
Victim Country: Unknown
Victim Industry: Education
Victim Organization: citoc
Victim Site: citoc.dscloud.biz
Alleged data breach of CMR Green Technologies Limited
Category: Data Breach
Content: The threat actor claims to be leaked data from CMR Green Technologies Limited. The compromised data reportedly contain 38,835,489 messaging and transaction related records, including customer contact details, order references, and message delivery metadata.
Date: 2026-02-15T06:16:32Z
Network: openweb
Published URL: https://darkforums.me/Thread-cmr-co-in
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6cfbd150-9a61-4b52-bc57-b60e082d5b6b.png
Threat Actors: Kirigaya
Victim Country: India
Victim Industry: Manufacturing
Victim Organization: cmr green technologies limited
Victim Site: cmr.co.in
Alleged data breach of Suplemedics
Category: Data Breach
Content: The threat actor claims to be leaked data from Suplemedics. The compromised data reportedly contain 5,818,903 GPS tracking records, including geolocation coordinates, motion status, and distance metrics.
Date: 2026-02-15T06:08:13Z
Network: openweb
Published URL: https://darkforums.me/Thread-suplimedics-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0ff62062-dba4-4a70-aced-1c0e23303115.png
Threat Actors: Kirigaya
Victim Country: USA
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: suplemedics
Victim Site: suplimedics.com
Alleged data breach of Speakeasy Marketing Inc
Category: Data Breach
Content: The threat actor claims to be leaked data from Speakeasy Marketing Inc. The compromised data reportedly contain 73,000 records includes Company name, First and last name, Full name, Email address, Phone number, Country and more
Date: 2026-02-15T05:44:41Z
Network: openweb
Published URL: https://darkforums.me/Thread-speakeasymarketinginc-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e6cdcc86-855b-4869-adb4-d5724292be26.png
Threat Actors: Kirigaya
Victim Country: USA
Victim Industry: Marketing, Advertising & Sales
Victim Organization: speakeasy marketing inc
Victim Site: speakeasymarketinginc.com
Alleged data breach of Sharp
Category: Data Breach
Content: The threat actor claims to be leaked data from Sharp. The compromised data reportedly contain 100,932 user account records, including email addresses, hashed passwords, and administrative configuration metadata.
Date: 2026-02-15T05:36:48Z
Network: openweb
Published URL: https://darkforums.me/Thread-sharp-net-au
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/377dacc7-46a4-4400-a399-3cebdc9c7b81.png
Threat Actors: Kirigaya
Victim Country: Australia
Victim Industry: Wholesale
Victim Organization: sharp
Victim Site: sharp.net.au
Alleged data breach of RouteBox
Category: Data Breach
Content: The threat actor claims to be leaked data from RouteBox. The compromised data reportedly contains 446,886 records including First and last names, Business name, Phone number, Email address, Password and more
Date: 2026-02-15T05:25:20Z
Network: openweb
Published URL: https://darkforums.me/Thread-routebox-ca
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/db8dcace-737d-4792-b246-d7f0d1456414.png
Threat Actors: Kirigaya
Victim Country: Canada
Victim Industry: Transportation & Logistics
Victim Organization: routebox
Victim Site: routebox.ca
Alleged data breach of Link3 Technologies Limited
Category: Data Breach
Content: The threat actor claims to be leaked data from Link3 Technologies Limited. The compromised data reportedly contain 1,807,859 email server log records, including sender/recipient addresses, delivery responses, message metadata, and mail routing information.
Date: 2026-02-15T05:22:02Z
Network: openweb
Published URL: https://darkforums.me/Thread-link3-net
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/53ea7473-9af6-4b43-a017-99d57c338d22.png
Threat Actors: Kirigaya
Victim Country: India
Victim Industry: Information Technology (IT) Services
Victim Organization: link3 technologies limited
Victim Site: link3.net
Alleged data breach of Poltekkes Adisutjipto Yogyakarta
Category: Data Breach
Content: The threat actor claims to be leaked data from Poltekkes Adisutjipto Yogyakarta. The compromised data reportedly contains 153,998 records includes article metadata, publication timestamps, DOIs, and journal related information.
Date: 2026-02-15T05:08:56Z
Network: openweb
Published URL: https://darkforums.me/Thread-ejournals-poltekkesadisutjipto-ac-id
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/97b270ce-6a2b-4ad3-aed9-a857ad90a6b3.png
Threat Actors: Kirigaya
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: poltekkes adisutjipto yogyakarta
Victim Site: ejournals.poltekkesadisutjipto.ac.id
Alleged data breach of Kecamatan Tanjung Palas Utara
Category: Data Breach
Content: The threat actor claims to be leaked data from Kecamatan Tanjung Palas Utara. The compromised data reportedly contains 175,729 citizen related records includes Full names, National identification numbers (NIK), Gender indicators, Place and date of birth and more
Date: 2026-02-15T04:50:49Z
Network: openweb
Published URL: https://darkforums.me/Thread-kectgpalasutara-bulungan-go-id
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5b24c2b2-1cab-474e-b4a8-c76ca915b24b.png
Threat Actors: Kirigaya
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: kecamatan tanjung palas utara
Victim Site: kectgpalasutara.bulungan.go.id
Alleged data breach of jain vadhu-var sanstha pune
Category: Data Breach
Content: The threat actor claims to be leaked data from jain vadhu-var sanstha pune. The compromised data reportedly contains 50,883 member records, including personal contact information, demographic details, education, occupation, and income-related fields.
Date: 2026-02-15T04:32:09Z
Network: openweb
Published URL: https://darkforums.me/Thread-jainvadhuvarsansthapune-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/521d3993-0c93-47b7-9e46-fd4db0cd5006.png
Threat Actors: Kirigaya
Victim Country: India
Victim Industry: Other Industry
Victim Organization: jain vadhu-var sanstha pune
Victim Site: jainvadhuvarsansthapune.com
alleged data leak of DolceVee
Category: Data Breach
Content: The threat actor claims to be leaked data from DolceVee. The compromised data reportedly contain 2,870,964 records includes UUID identifiers, payload data, exception traces, and system-generated metadata.
Date: 2026-02-15T04:26:54Z
Network: openweb
Published URL: https://darkforums.me/Thread-dolcevee-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ad9e9cc9-1e28-4bd3-ba87-0cecf2641aab.png
Threat Actors: Kirigaya
Victim Country: Unknown
Victim Industry: E-commerce & Online Stores
Victim Organization: dolcevee
Victim Site: dolcevee.com
Alleged data breach of Colégio Ábaco
Category: Data Breach
Content: The threat actor claims to be leaked data from Colégio Ábaco. The compromised data reportedly contain 1.37 million WordPress comment records, including personal contact details and IP information.
Date: 2026-02-15T04:25:00Z
Network: openweb
Published URL: https://darkforums.me/Thread-colegioabaco-com-br
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3f081df4-c3a5-4e1c-9623-e056a09b13e0.png
Threat Actors: Kirigaya
Victim Country: Brazil
Victim Industry: Education
Victim Organization: colégio ábaco
Victim Site: colegioabaco.com.br
Alleged data breach of khamamspa
Category: Data Breach
Content: The threat actor claims to be leaked data from khamamspa. The compromised data reportedly contains approximately 85,680 booking and customer-related records, including personal names and appointment details.
Date: 2026-02-15T04:17:36Z
Network: openweb
Published URL: https://darkforums.me/Thread-khamamspa-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/052486b8-34be-4aa3-bc96-b3512ff20b95.png
Threat Actors: Kirigaya
Victim Country: UK
Victim Industry: Other Industry
Victim Organization: khamamspa
Victim Site: khamamspa.com
Alleged data breach of Towny
Category: Data Breach
Content: The threat actor claims to be leaked data from Towny. The compromised data reportedly contains approximately 80,875 property and contact-related records, including personal names, phone numbers, and geolocation details.
Date: 2026-02-15T04:12:23Z
Network: openweb
Published URL: https://darkforums.me/Thread-towny-co-in
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/03c00bef-12f9-478c-8a28-b821e4743bc5.png
Threat Actors: Kirigaya
Victim Country: India
Victim Industry: Food & Beverages
Victim Organization: towny
Victim Site: towny.co.in
Alleged data leak of Find‑Clever
Category: Data Breach
Content: The threat actor claims to be leaked data from Find‑Clever. The compromised data reportedly contains approximately 172,569 product records includes Product names, Product descriptions, Pricing information and more
Date: 2026-02-15T04:06:21Z
Network: openweb
Published URL: https://darkforums.me/Thread-find-clever-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dc5caa81-9283-49d1-8551-c059fe75296a.png
Threat Actors: Kirigaya
Victim Country: Unknown
Victim Industry: E-commerce & Online Stores
Victim Organization: find‑clever
Victim Site: find-clever.com
Alleged Leak of Email Documents from Albanian Embassy in Skopje
Category: Data Breach
Content: The threat actor claims to be leaked 1.24 GB of Email Documents from Albanian Embassy in Skopje. The compromised data reportedly includes Identity card images, Passport/ID document
Date: 2026-02-15T02:00:36Z
Network: openweb
Published URL: https://darkforums.me/Thread-1-24GB-DOCUMENT-FROM-EMAIL-OF-ALBANIAN-EMBASSY-IN-SKOPJE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/805d83c5-02e7-4686-8923-9c2b710b69aa.png
Threat Actors: HaxChipper
Victim Country: Albania
Victim Industry: Government & Public Sector
Victim Organization: embassy of albania in skopje
Victim Site: ambasadat.gov.al
Alleged unauthorized access to BPES Fresh Fruits Food Industries LLC
Category: Initial Access
Content: The group claims to have gained unauthorized access to BPES Fresh Fruits Food Industries LLC.
Date: 2026-02-15T01:35:49Z
Network: telegram
Published URL: https://t.me/phteammarket/254
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/082e3a0a-498e-4d72-86e5-a195e9a414bb.png
Threat Actors: Pharaohs Team market
Victim Country: UAE
Victim Industry: Retail Industry
Victim Organization: bpes fresh fruits food industries llc
Victim Site: b-pes.com
Alleged unauthorized access to Abdul Rafy Siddiqui
Category: Initial Access
Content: The group claims to have gained unauthorized access to Abdul Rafy Siddiqui
Date: 2026-02-15T01:13:13Z
Network: telegram
Published URL: https://t.me/phteammarket/254
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c072c986-8b45-4ce4-a9c7-9d45d66156b1.png
Threat Actors: Pharaohs Team market
Victim Country: UAE
Victim Industry: Graphic & Web Design
Victim Organization: abdul rafy siddiqui
Victim Site: arafys.com
Alleged Sale of Unauthorized GitLab Access to 80 Repos
Category: Initial Access
Content: Threat actor claims to be selling unauthorized GitLab access with owner-level privileges to an account containing 80 repositories. The repositories are described as Unreal Engine 5 (UE5)–based projects related to game development, indicating potential access to proprietary game source code and development assets.
Date: 2026-02-15T00:54:07Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276068/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c7fd5f40-2dd1-423a-b01f-4a2aeeb54254.png
Threat Actors: MrProfessor
Victim Country: Vietnam
Victim Industry: Gaming
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of web shell access to Regional
Category: Initial Access
Content: The group claims to be selling unauthorized web shell access to the website of Regional
Date: 2026-02-15T00:49:11Z
Network: telegram
Published URL: https://t.me/phteammarket/254
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ce66b993-80a2-42a5-bed2-f826c6f2a5fd.png
Threat Actors: Pharaohs Team market
Victim Country: UAE
Victim Industry: Environmental Services
Victim Organization: regional
Victim Site: regional-uae.com
Alleged Sale of Unauthorized GitLab Access to Mobile Games
Category: Initial Access
Content: Threat actor claims to be selling unauthorized GitLab access with owner-level privileges to repositories associated with four mobile games developed using Unity. The projects reportedly include Android and iOS builds, with at least one game exceeding 1 million downloads on the Google Play Store
Date: 2026-02-15T00:36:01Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276069/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7ae87413-32ba-477e-a4f9-77b8058d7944.png
Threat Actors: MrProfessor
Victim Country: Vietnam
Victim Industry: Gaming
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized access to Capybara SEO
Category: Initial Access
Content: The group claims to have gained unauthorized access to Capybara SEO
Date: 2026-02-15T00:31:48Z
Network: telegram
Published URL: https://t.me/phteammarket/254
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/724913f1-ebf2-4aad-b875-bb0d31f60b12.png
Threat Actors: Pharaohs Team market
Victim Country: Peru
Victim Industry: Information Technology (IT) Services
Victim Organization: capybara seo
Victim Site: ilmaistro.pe
Alleged sale of unauthorized GitLab access to 120 Repos
Category: Initial Access
Content: Threat actor claims to be selling unauthorized GitLab access with owner-level privileges to an account containing 120 repositories. The repositories are described as Java-based projects associated with astrology-related software, suggesting control over a sizeable and potentially commercial codebase.
Date: 2026-02-15T00:24:25Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276067/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/78611096-c9c8-4b92-81c3-9a7be676e4dc.png
Threat Actors: MrProfessor
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of GitLab Projects Access
Category: Initial Access
Content: The threat actor claims to be selling unauthorized GitLab access with maintainer-level privileges to three active software projects. The listing advertises control over repositories with a high number of commits, indicating mature and actively developed codebases. Such access could allow source code theft, backdoor insertion, supply-chain compromise, or CI/CD abuse.
Date: 2026-02-15T00:16:43Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276063/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8708afc2-fecd-45c1-8583-7a8939acef63.png
Threat Actors: MrProfessor
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Dz-Al-Qaqa targets the website of CROAMS
Category: Defacement
Content: The group claims to have defaced the website of CROAMS
Date: 2026-02-15T00:15:18Z
Network: telegram
Published URL: https://t.me/Abu_Alqe3Qa3/7
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/11e2a4be-8fd5-4ac9-a7f3-b15a57d1f105.png
Threat Actors: Dz-Al-Qaqa
Victim Country: Morocco
Victim Industry: Professional Services
Victim Organization: croams
Victim Site: croams.ma
Alleged sale of web shell access to 66 Group
Category: Initial Access
Content: The group claims to be selling unauthorized web shell access to the website of 66 Group
Date: 2026-02-15T00:00:16Z
Network: telegram
Published URL: https://t.me/phteammarket/254
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/58359635-d19e-4a95-a564-0d3a92d75746.jpg
Threat Actors: Pharaohs Team market
Victim Country: UAE
Victim Industry: Leisure & Travel
Victim Organization: 66 group
Victim Site: 66group.ae