[February-25-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This report details a series of recent cyber incidents based strictly on the provided draft data, providing key information for each event. The dataset captures a highly active threat landscape predominantly recorded on February 25, 2026, encompassing over 90 distinct cyber events. The primary attack vectors identified are website defacements, massive data breaches, the sale of initial access (such as RDP and WordPress admin credentials), and the proliferation of malware and exploitation tools.

The incidents display a truly global reach, affecting regions including the USA, Indonesia, India, France, Israel, Brazil, and several others. Targeted sectors range widely from Government Administration and Military to Retail, Education, and Healthcare.

2. Threat Actor Profiling

The data reveals several highly active threat actors and groups operating with distinct motivations and preferred attack vectors.

2.1 BABAYO EROR SYSTEM

This group is the most prolific actor in the dataset, exclusively engaging in website defacement campaigns.

Target Scope: They target a wide array of victims across multiple countries, including Indonesia , the UAE , Bangladesh , Chile , India , the USA , Poland , Nigeria , Romania , Brazil , and Japan.+4
Target Sectors: Their victims span Government Administration , Higher Education , Health & Fitness , Accounting , IT Services , Graphic & Web Design , Wholesale , Non-profit Organizations , Logistics , and Retail.+4
Modus Operandi: The group consistently publishes their claims and proof of defacement on Telegram.+4

2.2 B F R e p o V 4 F i l e s

This actor specializes in publishing or leaking massive datasets, indicating a focus on data theft and extortion.

Target Scope: Their targets are global, including Germany , Italy , the UK , the USA , France , Ghana , Brazil , Pakistan , India , and Serbia.+4
Notable Breaches: They claimed to have leaked data from major entities like The Body Shop , Hyperledger Foundation , Wix , GateHub Limited , and allegedly hold 20 million records associated with Experian in the U.S., which includes highly sensitive profiling fields like income, net worth indicators, and credit-related attributes.+4

2.3 INDOHAXSEC and DEFACER INDONESIAN TEAM

These groups, similar to BABAYO, primarily focus on defacements.

INDOHAXSEC: Targeted subdomains of Synetal Solutions in India , Pharmaceutical exports in Mozambique , the EMAS system in Indonesia , and the Santa Clara County Office of Education in the USA.+4
DEFACER INDONESIAN TEAM: Targeted retail in Latvia and hospitality in Brazil.+4

2.4 Ashborn

This threat actor appears highly focused on government and military targets in specific geographic regions.

Target Scope: United Arab Emirates and Malaysia.
Notable Breaches: Claimed to leak 30,000 UAE Police Personnel Records , Malaysia government databases containing employee details , and 14,816 records of Malaysian Army Personnel Data including ranks and teams.+4

3. Categorical Analysis of Cyber Incidents

3.1 Data Breaches

Data breaches represent the most severe threat in this dataset in terms of potential real-world impact, exposing Personally Identifiable Information (PII), financial data, and sensitive corporate/government records.

Government & Political: * An actor named “metadata” claims to possess a database of Pemuda Pancasila in Indonesia, exposing 600,000 members and 15.4 GB of documents.
- An alleged breach of the Indonesian General Elections Commission (KPU) by actor “YUKA”.
- Actor “Evorax” claims to have leaked data from INIFAP in Mexico, exposing admin and editor accounts.
- Actor “CrowStealer” claims to have breached the General Authority for Roads and Bridges in Egypt, exposing contract details.
- HaxFrance claimed to hack French politician David Guiraud’s Telegram and Gmail. Actor “solivann667” claimed to leak data related to Éric Zemmour’s political party.+1
Retail, E-commerce & Corporate: * Videnov BG (Bulgaria) was allegedly breached by “Niphra”, exposing over 3,000,000 rows of customer data including encrypted passwords. The same actor breached Remington BG, extracting over 150,000 rows.+1
- A database of the Crypto Merchant (US) containing 2,136 records of PII was advertised by “aisdata”.
Crypto & Financial: * Actor “livingstone” is selling an alleged 4.5 million cryptocurrency-related email addresses from iCloud, mac.com, and me.com. The same actor is selling 5,000 “Crypto Forex Recovery Leads”.+2
- Actor “corptoday” claims to be selling 546 fresh US credit card records with a 70% validity rate.
Healthcare: * “Handala Hack” claimed to have breached Clalit Health Services in Israel, allegedly exfiltrating sensitive medical data of over 10,000 patients.

3.2 Website Defacement

Defacement is utilized heavily as a tool for hacktivism, digital vandalism, or demonstrating capability. As noted, groups like BABAYO EROR SYSTEM, INDOHAXSEC, and DEFACER INDONESIAN TEAM are the primary drivers here. The targets are often websites with seemingly lower security postures across various industries, from local government dashboards to photography portfolios and pet cargo services.+3

3.3 Initial Access Brokerage (IAB)

Several threat actors are monetizing cybercrime by selling initial access to compromised systems, effectively serving as enablers for subsequent ransomware or data exfiltration attacks.

Actor “sudo” is selling unauthorized RDP access to a U.S. hotel.+2
Actor “srepemis” is selling access to an EU WordPress shop generating 100-300 daily transactions.+4
Actor “Shopify” is selling unauthorized admin access to an Irish WordPress shop.
Actor “Fuck_Police” claims to sell RCE access to US and Canadian production servers with deep AWS and Stripe payment integration.+2
Actor “NoName057(16)” claimed unauthorized access to an Italian industrial climate control system, capable of manipulating refrigeration chambers.

3.4 Malware and Tools

The underground economy observed in this dataset also supports the trade of malicious software and exploitation frameworks.

Viper Malware: Actor “Nicole” is selling “Viper”, allegedly capable of destructive file deletion and EDR evasion.
G-700 RAT: Actor “rippors” is selling an Android remote access trojan capable of screen monitoring, keylogging, and crypto-stealing.
Exploitation Tools: Actor “bradwin8309” is offering an “Email Cracker Main Tool” for brute-forcing and a separate Exploit Cracking and Hacking Tool.+1
Shadow Cyber Security claimed a malware attack targeting the “Handala” website in Iran.

3.5 Alerts and Geopolitical Targeting

Certain groups use Telegram to broadcast future intentions, often aligning with geopolitical conflicts.

The group “Cardinal” published an alert indicating they are targeting Israel and Ukraine.
“404 CREW CYBER TEAM” published an alert stating their intention to target Mexico.

4. Geographic and Industry Distribution

Geographic Impact

The data highlights a borderless threat landscape. The United States is a frequent target for initial access sales and data breaches. Indonesia sees heavy targeting of its government infrastructure and political organizations. France experienced breaches in staffing agencies , sports federations , and political figures. Other significantly impacted nations include India , Brazil , and Israel.+4

Industry Impact

Government & Military: High-value targets for groups like Ashborn (Malaysia/UAE) , and various actors targeting Indonesian systems.+4
Information Technology (IT) Services: Frequently targeted for defacement and corporate data sales.+3
Retail & E-commerce: Highly targeted for customer data and financial information.+4
Healthcare & Biotechnology: Targeted by specialized groups like Handala Hack and Gaza Childrens Group.+1

5. Conclusion

The intelligence derived from this dataset paints a picture of a highly active, multi-faceted cyber threat landscape operating primarily via Telegram and open web forums.

We observe a distinct bifurcation in threat actor methodology. On one side, there is a high volume of “noisy” attacks—specifically website defacements carried out by groups like BABAYO EROR SYSTEM and INDOHAXSEC. These attacks, while damaging to reputation, often require lower technical sophistication and target vulnerabilities in web-facing infrastructure like WordPress.

On the other side, highly sophisticated and damaging operations are being conducted by Initial Access Brokers (IABs) and data brokers. The sale of deep network access (such as RCE with AWS integration) and massive, sensitive datasets (such as the alleged Experian, KPU, and military databases) poses a severe risk to national security, corporate integrity, and individual privacy. The presence of specialized malware, such as the G-700 Android RAT and Viper, further indicates a thriving underground economy supplying threat actors with the tools necessary to conduct espionage and destructive attacks. Organizations globally must prioritize securing remote access points, hardening their web infrastructure, and rigorously monitoring for data exfiltration.

Detected Incidents Draft Data

BABAYO EROR SYSTEM targets the website of Pemerintah Provinsi Jawa Timur
Category: Defacement
Content: Group claims to have defaced the website of Pemerintah Provinsi Jawa Timur.
Date: 2026-02-25T23:42:59Z
Network: telegram
Published URL: https://t.me/c/3716986899/10
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9c9143a7-b875-4b20-b1b8-6e1fb58e2935.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: pemerintah provinsi jawa timur
Victim Site: dashboard.jatimprov.go.id
BABAYO EROR SYSTEM targets the website of Institut Agama Islam Pemalang (INSIP)
Category: Defacement
Content: Group claims to have defaced the website of Institut Agama Islam Pemalang (INSIP).
Date: 2026-02-25T23:30:59Z
Network: telegram
Published URL: https://t.me/c/3716986899/31
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7199257f-4bfd-4255-a08d-6bbcc3ca12a2.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Higher Education/Acadamia
Victim Organization: institut agama islam pemalang (insip)
Victim Site: pmb.insipemalang.ac.id
BABAYO EROR SYSTEM targets the website of movinglife.ae.thunder.ae
Category: Defacement
Content: The group claims to have defaced the website of movinglife.ae.thunder.ae
Date: 2026-02-25T23:06:58Z
Network: telegram
Published URL: https://t.me/c/3716986899/31
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7aeb3dcc-6091-41e2-9b67-07907699f229.jpg
Threat Actors: BABAYO EROR SYSTEM
Victim Country: UAE
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: movinglife.ae.thunder.ae
Alleged sale of Crypto Merchant Hardware Wallet Customer Database
Category: Data Breach
Content: A threat actor is advertising the sale of an alleged customer database linked to The Crypto Merchant, a US-based authorized reseller of hardware wallets such as Ledger and Trezor. the dataset contains approximately 2,136 customer records in JSON and CSV formats. The allegedly exposed information includes personally identifiable information (PII) such as full names, email addresses, phone numbers, and shipping addresses. Additionally, transaction-related details
Date: 2026-02-25T22:54:41Z
Network: openweb
Published URL: https://xss.pro/threads/146145/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/08b24e16-aa47-48fe-9ce2-de61348c1af7.png
Threat Actors: aisdata
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
BABAYO EROR SYSTEM targets the website ofNatural Health Boost BD
Category: Defacement
Content: The group claims to have defaced the website of Natural Health Boost BD
Date: 2026-02-25T22:52:48Z
Network: telegram
Published URL: https://t.me/c/3716986899/32
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ce6f9225-f6c9-44db-9e97-9c6584aabc23.jpg
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Bangladesh
Victim Industry: Health & Fitness
Victim Organization: natural health boost bd
Victim Site: naturalhealthboostbd.xyz
BABAYO EROR SYSTEM targets the website ofRosales & Cía
Category: Defacement
Content: The group claims to have defaced the website ofRosales & Cía
Date: 2026-02-25T22:51:25Z
Network: telegram
Published URL: https://t.me/c/3716986899/32
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/669ac4bb-788e-4ebe-a88c-49ad83c3bf40.jpg
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Chile
Victim Industry: Accounting
Victim Organization: rosales & cía
Victim Site: rosales.jdsoporte.net
Alleged Sale of Unauthorized RDP Access to an Unidentified Hotel In USA
Category: Initial Access
Content: Threat actor claims to be selling Unauthorized RDP Access to an Unidentified Hotel Reservations In USA.
Date: 2026-02-25T22:30:23Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276916/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5cb9247a-e769-4914-ab3d-7648998b384a.png
Threat Actors: sudo
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of 4.5M iCloud, mac.com & me.com Crypto-Related Email Addresses
Category: Data Breach
Content: A threat actor is advertising the sale of a large cryptocurrency-related email database allegedly containing 4,579,520 email addresses from iCloud.com, mac.com, and me.com domains. The seller claims the data is “clean and fresh” with no duplicates and states that all emails are crypto-related. the dataset includes approximately 3.86 million iCloud emails, 304,476 mac.com emails, and 406,039 me.com emails.
Date: 2026-02-25T22:26:29Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-Selling-Fresh-icloud-com-mac-com-and-me-com-Crypto-email-list
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a8e53dcb-f8a5-450a-ab02-de7ab3817388.png
Threat Actors: livingstone
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of 2026 Crypto & Forex Recovery Leads
Category: Data Breach
Content: A threat actor is offering for sale a database 2026 Crypto Forex Recovery Leads . The seller claims the dataset contains 5,000 crypto and forex recovery-related leads from 2026, covering mixed countries.the leads allegedly include users associated with major cryptocurrency exchanges such as Binance, Coinbase, Kraken, KuCoin, Bybit, OKX, Huobi, Bitfinex, Gate.io, Gemini, and others.
Date: 2026-02-25T21:54:59Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-2026-Crypto-Forex-Recovery-Leads
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8b049161-0a4c-4eb5-a499-85fdcc7462b0.png
Threat Actors: livingstone
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
BABAYO EROR SYSTEM targets the website of Naya
Category: Defacement
Content: The group claims to have defaced the website of Naya
Date: 2026-02-25T21:54:10Z
Network: telegram
Published URL: https://t.me/c/3716986899/30
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fa3e2ca8-4f5a-4961-81f5-4d7d6ab777f7.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: India
Victim Industry: Information Technology (IT) Services
Victim Organization: naya
Victim Site: nayawebsite.in
BABAYO EROR SYSTEM targets the website of Linked Visuals
Category: Defacement
Content: The group claims to have defaced the website of Linked Visuals
Date: 2026-02-25T21:44:36Z
Network: telegram
Published URL: https://t.me/c/3716986899/30
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dc35b7b2-2a9e-47b2-8d65-f996e7f32746.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: linked visuals
Victim Site: samuraiyaproductions.linkedvisuals.com
Alleged data breach of Pemuda Pancasila
Category: Data Breach
Content: A Threat actor claims to be selling a database allegedly belonging to Pemuda Pancasila. The exposed data approximately 600,000 members and around 15.4 GB of documents. The compromised data allegedly includes names, email addresses, phone numbers, identity numbers (KTP ID), addresses, profile photos, and identity card images.
Date: 2026-02-25T20:58:14Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-Indonesia-Pemuda-Pancasila-Databases
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8bcfc0b2-86bd-4081-8434-3a40626f5924.png
Threat Actors: metadata
Victim Country: Indonesia
Victim Industry: Political Organization
Victim Organization: pemuda pancasila
Victim Site: pemudapancasila.or.id
Alleged data breach of MyConnect
Category: Data Breach
Content: A threat actor claims to be selling data allegedly obtained from MyConnect, described as a digital temporary employment agency. The data approximately 125,000 records were affected and references extracted data including personal identification details, contact information, national ID documents (CNI), bank details (RIB/IBAN), birth certificates, and signed documents.
Date: 2026-02-25T20:53:53Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-FR-18GO-Myconnect-CNI-RIB
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/73cc39f2-2314-4409-8cfb-023204ec4d2a.png
Threat Actors: DumpSec
Victim Country: France
Victim Industry: Staffing/Recruiting
Victim Organization: myconnect
Victim Site: myconnect.fr
Alleged Sale of IT Companies Corporate Data in UK
Category: Data Breach
Content: Threat Actor claims to be selling a dataset containing approximately 4,000 records related to United Kingdom IT industry companies. The data includes supplier details, DUNS numbers, registration numbers, legal company names, contact information, email addresses, phone numbers, physical addresses, and city-level location data,
Date: 2026-02-25T20:16:26Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276886/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6a520349-6b94-4f56-a951-4d59479758ed.png
Threat Actors: VipCode212
Victim Country: UK
Victim Industry: Information Technology (IT) Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of French politician David Guiraud
Category: Data Breach
Content: A threat actor claims to have hacked the accounts of French politician David Guiraud. The data alleges access to his Telegram conversations and Gmail account and claims to have obtained confidential documents.
Date: 2026-02-25T20:11:10Z
Network: openweb
Published URL: https://breachforums.as/Thread-French-Politician-Hacked-David-Guiraud
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4d74ecd7-57db-4588-a1e8-f7ee057b3abb.png
Threat Actors: HaxFrance
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized Access to an Unidentified WordPress Shop in EU
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized access to a large unidentified WordPress shop in EU, alleging daily order volumes of approximately 100–300 transactions with a significant proportion of card payments.
Date: 2026-02-25T20:04:58Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276892/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/349849f5-3597-4ee3-81ab-07f5a6d07f53.png
Threat Actors: srepemis
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
INDOHAXSEC targets the subdomains of Synetal Solutions Private Limited
Category: Defacement
Content: The group claims to have defaced the subdomains of Synetal Solutions Private Limited which includes: https://ali.synetalsolutions.cohttps://imran.synetalsolutions.cohttps://mehndidesigns.syali.synetalsolutions.cohttps://safi4.synetalsolutions.cohttps://site2.synetalsolutions.cohttps://site10.synetalsolutions.cohttps://site12.synetalsolutions.cohttps://site14.synetalsolutions.cohttps://site15.synetalsolutions.co
Date: 2026-02-25T20:04:30Z
Network: telegram
Published URL: https://t.me/IndoHaxSec3/49
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/da1074b7-22b4-44bb-901f-15f58a8d39f4.png
Threat Actors: INDOHAXSEC
Victim Country: India
Victim Industry: Information Technology (IT) Services
Victim Organization: synetal solutions private limited
Victim Site: ali.synetalsolutions.co
INDOHAXSEC targets the website of Pharmaceutical exports
Category: Defacement
Content: The group claims to have defaced the website of Pharmaceutical exports.
Date: 2026-02-25T19:48:45Z
Network: telegram
Published URL: https://t.me/IndoHaxSec3/49
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/59a87afe-63c5-43dc-9e2f-bf4209b22e0e.png
Threat Actors: INDOHAXSEC
Victim Country: Mozambique
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: pharmaceutical exports
Victim Site: starpharma.com
Alleged Sale of Unauthorized Admin Access to a WordPress Shop in Ireland
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized full admin access to a WordPress shop in Ireland.
Date: 2026-02-25T19:45:49Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276895/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8081801b-a53b-4d33-9c32-86e03d139091.png
Threat Actors: Shopify
Victim Country: Ireland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
DEFACER INDONESIAN TEAM targets the website of Tavacena.lv
Category: Defacement
Content: The group claims to have defaced the website of Tavacena.lv
Date: 2026-02-25T19:41:06Z
Network: telegram
Published URL: https://t.me/c/2433981896/1055
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5310096d-0626-455d-86c6-57314746457c.jpg
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: Latvia
Victim Industry: Retail Industry
Victim Organization: tavacena.lv
Victim Site: tavacena.lv
Cardinal claims to target Israel and Ukraine
Category: Alert
Content: A recent post by the group indicates that theyre targeting Israel and Ukraine
Date: 2026-02-25T19:23:17Z
Network: telegram
Published URL: https://t.me/c/2182428249/6034
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/279240e9-59be-4532-9206-7ddc1f587198.jpg
Threat Actors: Cardinal
Victim Country: Ukraine
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Shadow Cyber Security targets the website of Handala
Category: Malware
Content: Proof of Downtime: https://check-host.net/check-report/3a6fa2efkbd
Date: 2026-02-25T19:19:22Z
Network: telegram
Published URL: https://t.me/Shadow01Cyber/1083
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4aa4c372-fec4-416d-934e-00bde9248013.jpg
Threat Actors: Shadow Cyber Security
Victim Country: Iran
Victim Industry: Other Industry
Victim Organization: handala
Victim Site: handala-hack.to
404 CREW CYBER TEAM claims to target Mexico
Category: Alert
Content: A recent post by the group indicates that they are targeting Mexico
Date: 2026-02-25T19:17:30Z
Network: telegram
Published URL: https://t.me/crewcyber/785
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/08d3ce95-881a-4a5e-8a6a-f25b5e11cf2f.jpg
Threat Actors: 404 CREW CYBER TEAM
Victim Country: Mexico
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
BABAYO EROR SYSTEM targets the website of HAWK DESIGNS
Category: Defacement
Content: The group claims to have defaced the domains of hawkwebstudio.com
Date: 2026-02-25T19:12:27Z
Network: telegram
Published URL: https://t.me/c/3716986899/24
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/db3dc686-b022-4811-91a6-c7eed74076a4.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: USA
Victim Industry: Graphic & Web Design
Victim Organization: hawk designs
Victim Site: hawkwebstudio.com
BABAYO EROR SYSTEM targets the website of Fortis Plus Sp. z o.o.
Category: Defacement
Content: The group claims to have defaced the website of Fortis Plus Sp. z o.o.
Date: 2026-02-25T19:10:40Z
Network: telegram
Published URL: https://t.me/c/3716986899/24
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3214aa42-f169-4ade-8507-297d506e69be.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Poland
Victim Industry: Wholesale
Victim Organization: fortis plus sp. z o.o.
Victim Site: fortisplusspzoo.com
INDOHAXSEC targets the website of Electronisasi – Pemanfaatan Asset (EMAS) system
Category: Defacement
Content: The Group claims to have defaced the website of Electronisasi – Pemanfaatan Asset (EMAS) system
Date: 2026-02-25T19:03:04Z
Network: telegram
Published URL: https://t.me/IndoHaxSec3/48
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/076b65e3-30c5-489c-9244-1c5f68867be6.jpg
Threat Actors: INDOHAXSEC
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: electronisasi – pemanfaatan asset (emas) system
Victim Site: emas.uin-suska.ac.id
NDOHAXSEC targets the website of Santa Clara County Office of Education
Category: Defacement
Content: The Group claims to have defaced the website of Santa Clara County Office of Education
Date: 2026-02-25T18:53:55Z
Network: telegram
Published URL: https://t.me/IndoHaxSec3/49
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/65d6f4fc-d6ae-4c17-aee9-2048471775a3.jpg
Threat Actors: INDOHAXSEC
Victim Country: USA
Victim Industry: Education
Victim Organization: santa clara county office of education
Victim Site: sccoe.org
BABAYO EROR SYSTEM targets the website of Designs Funnel LLC
Category: Defacement
Content: The group claims to have defaced the website of Designs Funnel LLC.
Date: 2026-02-25T18:50:18Z
Network: telegram
Published URL: https://t.me/c/3716986899/24
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1326ca51-49d0-44c4-be5c-dc5a79339469.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: designs funnel llc
Victim Site: camerongardens.designsfunnelserver.com/test.html
BABAYO EROR SYSTEM targets the website of New Methods Academy Zaria – Education For Service
Category: Defacement
Content: The group claims to have defaced the website of New Methods Academy Zaria – Education For Service.
Date: 2026-02-25T18:41:23Z
Network: telegram
Published URL: https://t.me/c/3716986899/24
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2b88e665-2b4d-4561-b232-66ef5a7cfe4f.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Nigeria
Victim Industry: Education
Victim Organization: new methods academy zaria – education for service
Victim Site: newmethodsacademyzaria.com.ng
BABAYO EROR SYSTEM targets the website of ID.me
Category: Defacement
Content: The group claims to have defaced the website of ID.me
Date: 2026-02-25T18:25:02Z
Network: telegram
Published URL: https://t.me/c/3716986899/24
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6cd60685-0a3f-4e20-a56c-389db33be00b.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: id.me
Victim Site: idme.bdzholyar.info
Alleged data leak of Éric Zemmour’s political party
Category: Data Breach
Content: The threat actor claims to have leaked dataset allegedly related to supporters or members of Éric Zemmour’s political party.
Date: 2026-02-25T18:20:35Z
Network: openweb
Published URL: https://breachforums.as/Thread-RE-eric-zemmour-political-party-phone-leaks-pt2
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a6286307-670d-49d4-a285-d9515e65309f.png
Threat Actors: solivann667
Victim Country: France
Victim Industry: Political Organization
Victim Organization: Unknown
Victim Site: Unknown
BABAYO EROR SYSTEM targets the subdomains of Mass Global Logistics
Category: Defacement
Content: The group claims to have defaced the subdomains of Mass Global Logistics.
Date: 2026-02-25T18:16:06Z
Network: telegram
Published URL: https://t.me/c/3664625363/506
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bed5cdc6-5988-4f71-a3fa-c41106922023.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: USA
Victim Industry: Transportation & Logistics
Victim Organization: mass global logistics
Victim Site: fortisplusspzoo.com.massgloballogistics.com
BABAYO EROR SYSTEM targets the website ofDigital Webars
Category: Defacement
Content: The group claims to have defaced the website of Digital Webars
Date: 2026-02-25T18:14:46Z
Network: telegram
Published URL: https://t.me/c/3716986899/24
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ef9a5db2-a1a9-4978-be1e-8f932d240a57.jpg
Threat Actors: BABAYO EROR SYSTEM
Victim Country: India
Victim Industry: Information Technology (IT) Services
Victim Organization: digital webars
Victim Site: store1.digitalwebars.xyz
BABAYO EROR SYSTEM targets the website ofYonathan Photography
Category: Defacement
Content: The group claims to have defaced the website of Yonathan Photography
Date: 2026-02-25T18:14:14Z
Network: telegram
Published URL: https://t.me/c/3716986899/24
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5976cce3-9586-4ab1-9b20-06d8a137ad46.jpg
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Romania
Victim Industry: Photography
Victim Organization: yonathan photography
Victim Site: preturi.yonathan.ro
BABAYO EROR SYSTEM targets the Subdomains of Globalgood Corporation
Category: Defacement
Content: The group claims to have defaced the Subdomains of Globalgood Corporation which include:https://www.celebrate.globalgoodcorp.org/https://www.partners.globalgoodcorp.org/https://www.primarymissions.globalgoodcorp.org/
Date: 2026-02-25T18:07:44Z
Network: telegram
Published URL: https://t.me/c/3716986899/24
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ec234026-414a-4b7d-b582-18c86a0e210e.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: USA
Victim Industry: Non-profit & Social Organizations
Victim Organization: globalgood corporation
Victim Site: celebrate.globalgoodcorp.org
Alleged data leak of WhatsApp, Email, Phone & Crypto Databases
Category: Data Breach
Content: The threat actor claims to have a large-volume databases allegedly containing WhatsApp numbers, email addresses, phone numbers, and cryptocurrency-related data.
Date: 2026-02-25T18:02:34Z
Network: openweb
Published URL: https://breachforums.as/Thread-WhatsApp-Email-Phone-Crypto-High-Volume-Databases-Available
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4d77baf9-97e5-4329-b7b3-8760be7020ca.png
Threat Actors: jigepel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
BABAYO EROR SYSTEM targets the website ofD Lifestyles
Category: Defacement
Content: The group claims to have defaced the website of D Lifestyles
Date: 2026-02-25T17:56:24Z
Network: telegram
Published URL: https://t.me/c/3716986899/24
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5f104e9a-b04f-4a72-ad5b-f05c77ffa25a.jpg
Threat Actors: BABAYO EROR SYSTEM
Victim Country: India
Victim Industry: Retail Industry
Victim Organization: d lifestyles
Victim Site: demo.dajolifestyle.com
BABAYO EROR SYSTEM targets the website of Pet Cargo Care
Category: Defacement
Content: The group claims to have defaced the website of Pet Cargo Care.
Date: 2026-02-25T17:52:54Z
Network: telegram
Published URL: https://t.me/c/3716986899/24
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/549b60df-bec4-4fc0-aaee-d09bb2f83b48.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Brazil
Victim Industry: Transportation & Logistics
Victim Organization: pet cargo care
Victim Site: petcargocare.com
BABAYO EROR SYSTEM targets the website of BILLY’S ENT
Category: Defacement
Content: The group claims to have defaced the website of BILLY’S ENT.
Date: 2026-02-25T17:48:45Z
Network: telegram
Published URL: https://t.me/c/3716986899/24
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/702dc5aa-f8b8-4a21-8496-8c2b5985ae0d.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Japan
Victim Industry: E-commerce & Online Stores
Victim Organization: billy’s ent
Victim Site: autoklar.billysnetshop.com
BABAYO EROR SYSTEM targets the websites of Kampusguide
Category: Defacement
Content: The group claims to have defaced the websites of Kampusguide.
Date: 2026-02-25T17:42:54Z
Network: telegram
Published URL: https://t.me/c/3716986899/24
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e9d8f1df-f06d-42b0-b343-bb05ac441184.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: India
Victim Industry: Writing & Editing
Victim Organization: kampusguide
Victim Site: essayhelp.kampusguide.com
Alleged sale of Email Cracker Main Tool
Category: Malware
Content: The threat actor claims to be selling a tool named Email Cracker Main Tool, a Python-based brute-force utility designed to gain unauthorized access to email accounts by attempting multiple password combinations using supplied password lists. The tool allows users to input a victim’s email address and automate credential-guessing attacks.
Date: 2026-02-25T17:16:27Z
Network: openweb
Published URL: https://demonforums.net/Thread-Email-Cracker-main-Free-Tool
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8f11da1d-25e8-40d4-acfa-69736487f3d6.png
Threat Actors: bradwin8309
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Fédération Française dAïkido, Aïkibudo et Affinitaires (FFAAA)
Category: Data Breach
Content: A threat actor claims to be selling a database allegedly belonging to the French Aikido federation, containing information on approximately 352,502 members. The data including full names, addresses, phone numbers, email addresses, birth details, and family informations.
Date: 2026-02-25T17:04:27Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-FR-350K-F%C3%A9d%C3%A9ration-Fran%C3%A7aise-d-Aikido
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/29e43da2-9a85-4309-b132-7808ee609eef.png
Threat Actors: HexDex
Victim Country: France
Victim Industry: Sports
Victim Organization: fédération française daïkido, aïkibudo et affinitaires (ffaaa)
Victim Site: ffaaa.com
Alleged Data Leak of ThoMar
Category: Data Breach
Content: The group claims to have leaked the data from ThoMar.
Date: 2026-02-25T17:02:26Z
Network: telegram
Published URL: https://t.me/c/3667951656/3010
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/49eedc4f-b2dc-45f6-9a64-afaa5f196cbb.png
Threat Actors: B F R e p o V 4 F i l e s
Victim Country: Germany
Victim Industry: Manufacturing
Victim Organization: thomar
Victim Site: thomar.de
Alleged data breach of Videnov BG
Category: Data Breach
Content: A threat actor claims to have breached Videnov BG, described as one of the largest furniture retailers in Bulgaria. The data alleges that over 3,000,000+ rows of data were obtained, with an additional mention of 2,000,000+ custom rows. which includes ,Customer full names,Email addresses ,Phone numbers,Physical addresses,Order details,IP addresses,Account-related fields,Timestamps (order and account dates),Encrypted or hashed password strings.
Date: 2026-02-25T16:53:16Z
Network: openweb
Published URL: https://breachforums.as/Thread-VERIFIED-Bulgaria-Videnov-BG-3-000-000-Rows
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ee8c8eae-bdc1-4678-baf2-fa6bd1105821.png
https://d34iuop8pidsy8.cloudfront.net/86e8466a-ba6e-4759-b451-7a59fb2c178a.png
Threat Actors: Niphra
Victim Country: Bulgaria
Victim Industry: Furniture
Victim Organization: videnov bg
Victim Site: videnov.bg
Alleged data breach of Remington BG
Category: Data Breach
Content: A threat actor claims to have breached Remington.bg in early 2026. The database containing 150,000+ rows, with 140,000+ order records mentioned. which includes,Customer full names,Email addresses,Phone numbers,Delivery addresses,Order status,Payment amounts (in BGN),IP addresses,Order timestamps,Account indicators .
Date: 2026-02-25T16:51:32Z
Network: openweb
Published URL: https://breachforums.as/Thread-VERIFIED-Bulgaria-Remington-BG-150-000-Rows
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3789fe47-c71b-4ee7-8020-cdbd43559a4a.png
https://d34iuop8pidsy8.cloudfront.net/5970db51-5c65-479b-b6a3-983db16769ad.png
Threat Actors: Niphra
Victim Country: Bulgaria
Victim Industry: Furniture
Victim Organization: remington bg
Victim Site: remington.bg
Alleged sale of Exploit cracking and hacking tool
Category: Malware
Content: Threat actor claims to be selling a Exploit Cracking and Hacking Tool, described as an offensive hacking tool coded and built to assist a hacker with hacking and executing exploits.
Date: 2026-02-25T16:48:55Z
Network: openweb
Published URL: https://demonforums.net/Thread-Free-Exploit-Cracking-And-Hacking-Tool
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bfaf27aa-fd11-4284-8be9-83583aaeae0b.png
Threat Actors: bradwin8309
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of T-shirtmakers Shop
Category: Data Breach
Content: The group claims to have leaked the data from T-shirtmakers Shop.
Date: 2026-02-25T16:45:20Z
Network: telegram
Published URL: https://t.me/c/3667951656/3010
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/566fad59-1cd6-42f5-b579-30468206ccf2.png
Threat Actors: B F R e p o V 4 F i l e s
Victim Country: Italy
Victim Industry: Wholesale
Victim Organization: t-shirtmakers shop
Victim Site: shirtmakers.it
Alleged Sale of Unauthorized RCE Access to Production Servers in USA and Canada
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized remote code execution (RCE) access to a production server associated with a USA and Canada–based environment, alleging extensive control over the system including shell upload capabilities, database extraction of approximately 15 GB, and access to integrated services such as AWS resources, email services, merchant payment keys, and Stripe-related payment infrastructure.
Date: 2026-02-25T16:40:03Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/276876/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/91117de2-43bb-4a59-898b-2aecf8d0d392.png
Threat Actors: Fuck_Police
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of The Body Shop
Category: Data Breach
Content: The group claims to have leaked the data from The Body Shop
Date: 2026-02-25T16:30:10Z
Network: telegram
Published URL: https://t.me/c/3667951656/3010
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ce35d0a2-6ba6-4ed0-99e7-0c099ed07d6d.png
Threat Actors: B F R e p o V 4 F i l e s
Victim Country: UK
Victim Industry: E-commerce & Online Stores
Victim Organization: the body shop
Victim Site: thebodyshop.com
Alleged Unauthorized Access to unidentified Italian Industrial Climate Control System
Category: Initial Access
Content: The group claims to have gained unauthorized access to an unidentified Italian industrial facility’s climate control system, including full remote management of five refrigeration chambers (CELLA 1–5) and a separate anti-chamber, with the ability to adjust temperature and humidity settings, control defrost cycle timing, monitor compressor and auxiliary equipment performance, and conduct real-time system monitoring and intervention.
Date: 2026-02-25T16:18:43Z
Network: telegram
Published URL: https://t.me/c/2787466017/2510
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/35b92bfd-7c2d-46e1-83c7-fee0e2646579.png
Threat Actors: NoName057(16)
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Freemasons
Category: Data Breach
Content: A threat actor claims to have leaked a database related to a U.S.-based Freemasons lodge. The exposed data appears to include officer details (such as Worshipful Master, Wardens, Treasurer, Secretary, etc.) along with their email addresses.
Date: 2026-02-25T15:50:04Z
Network: openweb
Published URL: https://breachforums.in/threads/usa-freemasons-database.916/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/44fca9d9-cf21-4e31-aaeb-0ed6f07d8d83.png
Threat Actors: lilian2026
Victim Country: USA
Victim Industry: Non-profit & Social Organizations
Victim Organization: freemasons
Victim Site: freemason.com
DEFACER INDONESIAN TEAM targets the website of Jardins Plaza Hotel
Category: Defacement
Content: The group claims to have defaced the website of Jardins Plaza Hotel.
Date: 2026-02-25T14:47:59Z
Network: telegram
Published URL: https://t.me/c/2433981896/1048
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/23c01ff3-7f37-43fc-b0fb-79f98a40aff8.png
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: Brazil
Victim Industry: Hospitality & Tourism
Victim Organization: jardins plaza hotel
Victim Site: jardinsplazahotel.com.br
Alleged data breach of BullRush
Category: Data Breach
Content: The threat actor claims to have breached approximately 180,000 records from bullrush. the exposed PII includes personal identity, contact details, demographics, and platform activity.
Date: 2026-02-25T14:22:08Z
Network: openweb
Published URL: https://breachforums.as/Thread-FRESH-bullrush-com-CLIENT-DATA
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/19c77083-bad6-4e21-bd70-49da365d1231.png
Threat Actors: ArendiuuzzXSinister
Victim Country: Unknown
Victim Industry: International Trade & Development
Victim Organization: bullrush
Victim Site: bullrush.com
CYKOMNEPAL targets the website of Advinges Consulting and Solutions
Category: Defacement
Content: The threat actor claims to have defaced the website of Advinges Consulting and Solutions.
Date: 2026-02-25T14:04:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/793499
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ee16fabb-00f7-4af2-86fd-762c61197e10.png
Threat Actors: CYKOMNEPAL
Victim Country: UAE
Victim Industry: Management Consulting
Victim Organization: advinges consulting and solutions
Victim Site: advinges.ae
Alleged sale of low-authority websites list
Category: Cyber Attack
Content: The group claims to be selling a list of low-authority websites likely intended for use in future cyberattacks.
Date: 2026-02-25T13:54:18Z
Network: telegram
Published URL: https://t.me/phteammarket/288
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/602b9843-ec89-4f3d-b845-2fc922e848bc.jpg
Threat Actors: Pharaohs Team market
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized admin access to unidentified IT support in USA
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified IT support in USA.
Date: 2026-02-25T13:37:00Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276869/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b777c705-3ccb-47de-9f3c-d82a8bd72341.png
Threat Actors: Asian_Baddie
Victim Country: USA
Victim Industry: Information Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Hyperledger Foundation
Category: Data Breach
Content: The threat actor claims to have breached the database of Hyperledger Foundation.
Date: 2026-02-25T13:34:26Z
Network: telegram
Published URL: https://t.me/c/3667951656/3016
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2432dff4-08aa-4dcb-945b-6d959fabba7b.png
Threat Actors: B F R e p o V 4 F i l e s
Victim Country: USA
Victim Industry: Software Development
Victim Organization: hyperledger foundation
Victim Site: hyperledger.org
Alleged Data leak of Cybers.world
Category: Data Breach
Content: The threat actor claims to have breached the database of Cybers.world
Date: 2026-02-25T13:07:36Z
Network: telegram
Published URL: https://t.me/c/3667951656/3016
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/65d6e060-b1d7-4804-b7ee-08bba4cd8362.png
Threat Actors: B F R e p o V 4 F i l e s
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: cybers.world
Alleged Data Breach of Wix
Category: Data Breach
Content: The threat actor claims to have breached the database of Wix.
Date: 2026-02-25T12:49:12Z
Network: telegram
Published URL: https://t.me/c/3667951656/3016
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5f605f28-3612-49ca-8071-15434920111c.png
Threat Actors: B F R e p o V 4 F i l e s
Victim Country: Israel
Victim Industry: Software Development
Victim Organization: wix
Victim Site: wix.com
Alleged data breach of Gamida Cell Ltd.
Category: Data Breach
Content: The group claims to have gained unauthorized access to systems allegedly linked to Gamida Ltd, an Israeli biotechnology company. According to the post, it includes screenshots of internal systems and technical environments as proof of access.NB : The authenticity of these claims has yet to be verified.
Date: 2026-02-25T12:46:33Z
Network: telegram
Published URL: https://t.me/Gaza_Children_Hackers/459#
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0a74fc4a-dc4e-4311-8c5f-163130f5cbde.png
Threat Actors: Gaza Childrens Group
Victim Country: Israel
Victim Industry: Biotechnology
Victim Organization: gamida cell ltd.
Victim Site: gamida-cell.com
Alleged sale of Experian U.S. personal data records
Category: Data Breach
Content: The group claims to be selling 20 million records of Experian across multiple U.S. regions, including Georgia, Florida, Washington, D.C., Connecticut, Delaware, Colorado, California, and Arizona. The compromised data includes names, addresses, phone numbers, dates of birth, age, income and net worth indicators, credit-related attributes, household composition data, ethnicity markers, donation patterns, property details, email addresses, IP data, and other profiling fields.
Date: 2026-02-25T12:14:47Z
Network: telegram
Published URL: https://t.me/c/3667951656/4910
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a3636063-1369-41db-a983-0dfd9e253001.png
https://d34iuop8pidsy8.cloudfront.net/b0b3524c-d322-4d86-b0d8-7b2b7ea9ab01.png
Threat Actors: B F R e p o V 4 F i l e s
Victim Country: USA
Victim Industry: Information Services
Victim Organization: experian
Victim Site: experianplc.com
Alleged Sale of 100K USA User Password Collection
Category: Combo List
Content: The threat actor claims to be in possession of a database containing approximately 100,000 USA-based user password combinations.
Date: 2026-02-25T10:57:25Z
Network: openweb
Published URL: https://leakbase.la/threads/100k-usa-user-pass-uhq-collection.49106/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a7301763-8aef-40a9-b411-60622e7ea975.png
Threat Actors: nightsploit
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Viper
Category: Malware
Content: Threat actor claims to be selling malware tool named Viper, reportedly capable of destructive file deletion, system disruption across multiple Windows versions, and evasion of common antivirus and EDR solutions.
Date: 2026-02-25T10:26:39Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276852/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/770adbe7-244e-4a68-9bb3-06ea358258b1.png
Threat Actors: Nicole
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Clalit Health Services
Category: Data Breach
Content: The group claims to have breached the systems of Clalit Health Services and exfiltrated sensitive medical data of more than 10,000 patients.
Date: 2026-02-25T09:53:00Z
Network: openweb
Published URL: https://handala-hack.to/clalit-hacked-israels-largest-healthcare-organization-falls-to-cyber-resistance/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9335b57a-3cd1-4f3e-8683-153899843524.png
https://d34iuop8pidsy8.cloudfront.net/1fe15772-74d5-4dc3-bd97-fc9388b66c9a.png
https://d34iuop8pidsy8.cloudfront.net/2c43a4f3-0c1d-44be-895d-726e6ab0ac4e.png
https://d34iuop8pidsy8.cloudfront.net/d09914b9-9071-4b82-aadd-ca14c030c414.png
Threat Actors: Handala Hack
Victim Country: Israel
Victim Industry: Hospital & Health Care
Victim Organization: clalit health services
Victim Site: clalit.co.il
Alleged unauthorized access to Riniki Bhuyan Sharma website
Category: Initial Access
Content: The group claims to have gained unauthorized access to the website of Riniki Bhuyan Sharma.
Date: 2026-02-25T09:35:50Z
Network: telegram
Published URL: https://t.me/c/3786117030/169
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/25bd827f-3db9-45cc-8c79-6a5f7fe4dbe9.png
Threat Actors: hexa-anonymous
Victim Country: India
Victim Industry: Government Administration
Victim Organization: riniki bhuyan sharma
Victim Site: rinikibhuyansharma.com
Alleged leak of debounced emails from telenet and skynet
Category: Data Breach
Content: Threat actor clams to have selling 1.5 million collected bounced emails from Telenet and Skynet.
Date: 2026-02-25T09:26:30Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276853/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8c7bd8ba-3e61-4216-83d7-37171b1e158c.png
Threat Actors: letchik
Victim Country: Belgium
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized access to Himanta Biswa Sarma Campaign
Category: Initial Access
Content: The group claims to have gained unauthorized access to Himanta Biswa Sarma Campaign.
Date: 2026-02-25T09:08:17Z
Network: telegram
Published URL: https://t.me/c/3786117030/169
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6cde6cc7-4df6-4a97-8310-ecc47314102b.png
Threat Actors: hexa-anonymous
Victim Country: India
Victim Industry: Government Administration
Victim Organization: himanta biswa sarma campaign
Victim Site: himantaforassam.com
Alleged Data Breach of Itekcom
Category: Data Breach
Content: The group claims to have breached the database of Itekcom.
Date: 2026-02-25T08:51:41Z
Network: telegram
Published URL: https://t.me/c/3667951656/3026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e1855eda-dc7f-43c8-b199-1a1cd28208ee.png
Threat Actors: B F R e p o V 4 F i l e s
Victim Country: France
Victim Industry: Marketing, Advertising & Sales
Victim Organization: itekcom
Victim Site: itekcom.com
Alleged data leak of Lema Press
Category: Data Breach
Content: The group claims to have leaked data from Lema Press.
Date: 2026-02-25T08:41:47Z
Network: telegram
Published URL: https://t.me/c/3667951656/3030
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d4868ae2-51ad-4e81-a4a5-817db67f9198.png
Threat Actors: B F R e p o V 4 F i l e s
Victim Country: Ghana
Victim Industry: Printing
Victim Organization: lema press
Victim Site: lemapress.com
Alleged Data Breach of VETO SPORTS
Category: Data Breach
Content: The group claims to have breached the database of VETO SPORTS.
Date: 2026-02-25T08:25:29Z
Network: telegram
Published URL: https://t.me/c/3667951656/3026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c9cc4aa6-2578-4a94-b7fd-318b18036241.png
Threat Actors: B F R e p o V 4 F i l e s
Victim Country: Brazil
Victim Industry: Sporting Goods
Victim Organization: veto sports
Victim Site: vetosports.com
Alleged data leak of FocusMarketing.pk
Category: Data Breach
Content: The group claims to have leaked data from FocusMarketing.pk
Date: 2026-02-25T08:08:19Z
Network: telegram
Published URL: https://t.me/c/3667951656/3029
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b48b197d-f496-49e9-9f30-35180e565f31.png
Threat Actors: B F R e p o V 4 F i l e s
Victim Country: Pakistan
Victim Industry: Marketing, Advertising & Sales
Victim Organization: focusmarketing.pk
Victim Site: focusmarketing.pk
Alleged Data Breach of Moveis3M
Category: Data Breach
Content: The group claims to have breached the database of Moveis3M.
Date: 2026-02-25T08:02:51Z
Network: telegram
Published URL: https://t.me/c/3667951656/3026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b9e5cd29-d55f-4190-8db8-e6f7b0765de4.png
Threat Actors: B F R e p o V 4 F i l e s
Victim Country: Brazil
Victim Industry: Manufacturing & Industrial Products
Victim Organization: moveis3m
Victim Site: moveis3m.com.br
Alleged data leak of o2omode
Category: Data Breach
Content: The group claims to have leaked data from o2omode.
Date: 2026-02-25T07:45:42Z
Network: telegram
Published URL: https://t.me/c/3667951656/3031
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6ba56db6-2703-4ec7-b97a-8edf576e1cc4.png
Threat Actors: B F R e p o V 4 F i l e s
Victim Country: India
Victim Industry: Fashion & Apparel
Victim Organization: o2omode
Victim Site: o2omode.com
Alleged data leak of VARANDA FRUTAS E MERCEARIA LTDA
Category: Data Breach
Content: The group claims to have leaked data from VARANDA FRUTAS E MERCEARIA LTDA.
Date: 2026-02-25T07:34:42Z
Network: telegram
Published URL: https://t.me/c/3667951656/3032
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/56634152-26ed-4b3b-8561-90c5da2e959e.png
Threat Actors: B F R e p o V 4 F i l e s
Victim Country: Brazil
Victim Industry: Consumer Goods
Victim Organization: varanda frutas e mercearia ltda
Victim Site: varanda.com.br
Alleged Data Breach of Universidad Santiago de Cali
Category: Data Breach
Content: The threat actor claims to have breached the database of Universidad Santiago de Cali(USC), the dataset contains student identifiers, names, surnames, and institutional email addresses.
Date: 2026-02-25T06:36:06Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-CO-USC-EDU-CO
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1f388647-4bb3-4495-aa86-fc254911eea6.png
Threat Actors: NyxarGroup
Victim Country: Colombia
Victim Industry: Education
Victim Organization: universidad santiago de cali (usc)
Victim Site: usc.edu.co
Alleged sale of Credit card Data from USA
Category: Data Breach
Content: Threat actor claims to be selling 546 allegedly fresh US credit card records with a 70% validity rate. The data reportedly includes card details, CVV2, full name, contact and address information, and email, with bidding starting at $2.7K and a $4.5K blitz price.
Date: 2026-02-25T06:24:28Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276842/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/addf94be-fa3f-4467-b534-5ac742e9e03d.png
https://d34iuop8pidsy8.cloudfront.net/30275f13-aa6c-4ac4-add5-aa3761902c88.png
Threat Actors: corptoday
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of UAE Police Personnel Records
Category: Data Breach
Content: The threat actor claims to be leaked 30,000 UAE Police Personnel Records
Date: 2026-02-25T06:10:38Z
Network: openweb
Published URL: https://darkforums.me/Thread-Selling-UAE-30-000-Police-Personnel-Information-Full-Details–68219
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e90e4ef6-2238-4ff2-83b3-5cf991dbdfed.png
Threat Actors: Ashborn
Victim Country: UAE
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of G 700 RAT
Category: Malware
Content: Threat actor claims to be selling G-700 RAT, an Android remote access trojan allegedly capable of unauthorized device control. Promoted features include client management, file access, screen monitoring, keylogging, crypto-stealing functions, and APK building, enabling attackers to monitor and manipulate infected devices remotely.
Date: 2026-02-25T05:53:53Z
Network: openweb
Published URL: https://demonforums.net/Thread-Leak-G-700-RAT
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a450be30-f18c-4872-9c7f-fc2fc2de31a3.png
https://d34iuop8pidsy8.cloudfront.net/26c27a46-a4ed-474a-b968-ded2b5333c33.png
Threat Actors: rippors
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Indonesian General Elections Commission
Category: Data Breach
Content: The threat actor claims to have breached the database of Indonesian General Elections Commission.
Date: 2026-02-25T05:30:10Z
Network: openweb
Published URL: https://darkforums.me/Thread-DATABASE-240-MILLION-POPULATION-DATABASE-INDONESIA–68286
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/af460e07-3e91-489f-afd8-34625588ab15.png
Threat Actors: YUKA
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: komisi pemilihan umum (kpu)
Victim Site: helpdesk.kpu.go.id
Alleged data leak of GateHub Limited
Category: Data Breach
Content: The group claims to have leaked data from GateHub Limited
Date: 2026-02-25T04:59:08Z
Network: telegram
Published URL: https://t.me/c/3667951656/3038
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a8df2cd4-7777-42f8-95ad-f226816485d6.png
Threat Actors: B F R e p o V 4 F i l e s
Victim Country: UK
Victim Industry: Financial Services
Victim Organization: gatehub limited
Victim Site: gatehub.com
Alleged Data Sale of Chezpara
Category: Data Breach
Content: The threat actor claims to be selling data from Chezpara. The compromised data reportedly contain 400,000 records includes Name, User ID, Account ID numbers, Country, Phone number and Address information.
Date: 2026-02-25T04:52:02Z
Network: openweb
Published URL: https://darkforums.me/Thread-Selling-chezpara-ma-400K-Full-lines-pharmacy
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dd1a7176-e57c-4c8d-991a-7ffd48ec02c8.png
Threat Actors: Richard2002
Victim Country: Morocco
Victim Industry: E-commerce & Online Stores
Victim Organization: chezpara
Victim Site: chezpara.ma
Alleged data leak of i0jxx
Category: Data Breach
Content: The group claims to have leaked data from i0jxx
Date: 2026-02-25T04:46:18Z
Network: telegram
Published URL: https://t.me/c/3667951656/3037
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ac3517a1-2ac8-4f8c-b426-06d942b3dae2.png
Threat Actors: B F R e p o V 4 F i l e s
Victim Country: Italy
Victim Industry: Electrical & Electronic Manufacturing
Victim Organization: i0jxx
Victim Site: i0jxx.com
Alleged Sale of Malaysia government databases
Category: Data Breach
Content: The threat actor claims to be selling data from Malaysia government databases. The compromised data includes Employee No, Name, Positions, Department, Category and Status information.
Date: 2026-02-25T04:37:49Z
Network: openweb
Published URL: https://darkforums.me/Thread-Selling-Malaysia-GOV-DBs-for-sale-2025
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cc928c15-c70e-4b80-9194-fb0d93f30376.png
Threat Actors: Ashborn
Victim Country: Malaysia
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Malaysian Army Personnel Data
Category: Data Breach
Content: The threat actor claims to be selling Malaysian Army Personnel Data. The compromised data reportedly contain 14,816 records includes Full Names, Emails, Mobile Numbers, Ranks, Teams, UserId, Phone number and more
Date: 2026-02-25T04:27:29Z
Network: openweb
Published URL: https://darkforums.me/Thread-Selling-Malaysia-Army-Personnel-Data-PII
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a770f282-bee4-4f35-a777-7fb39a9227dd.png
Threat Actors: Ashborn
Victim Country: Malaysia
Victim Industry: Military Industry
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Corporación Universitaria Adventista
Category: Data Breach
Content: The threat actor claims to have breached the database of Corporación Universitaria Adventista(UNAC), the dataset contains student identifiers, names, surnames, and institutional email addresses.
Date: 2026-02-25T03:48:01Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-CO-UNAC-EDU-CO
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/30e04aac-68b8-4ad1-935d-cc599bd244a6.png
Threat Actors: NyxarGroup
Victim Country: Colombia
Victim Industry: Higher Education/Acadamia
Victim Organization: corporación universitaria adventista (unac)
Victim Site: unac.edu.co
Alleged Data Breach of 6000K.ru
Category: Data Breach
Content: The threat actor claims to have breached the database of 6000K.ru, the dataset contains approximately 1,300 records.
Date: 2026-02-25T03:31:53Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-6000k-ru
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/da9b6a5c-64c1-4260-8192-90ab2025af03.png
Threat Actors: X0Frankenstein
Victim Country: Russia
Victim Industry: Automotive
Victim Organization: 6000k
Victim Site: 6000k.ru
Alleged Data Breach of PosudaPlanet
Category: Data Breach
Content: The threat claims to have breached the database of PosudaPlanet, the dataset contains more than 12,000 records.
Date: 2026-02-25T03:30:17Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-Online-Shop-posudaplanet-ru
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f3ebe927-94ed-4eff-8163-b2f3ee67f0cc.png
Threat Actors: X0Frankenstein
Victim Country: France
Victim Industry: E-commerce & Online Stores
Victim Organization: posudaplanet
Victim Site: posudaplanet.ru
Alleged Data Breach of General Authority for Roads and Bridges
Category: Data Breach
Content: The threat actor claims to have breached the database of the General Authority for Roads and Bridges, the dataset contains details about contracts.
Date: 2026-02-25T03:25:17Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-Egypt-General-Authority-for-Roads-and-Bridges-garb-gov-eg
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5d1513a7-52e4-41d7-8dd0-b51c1a832684.png
Threat Actors: CrowStealer
Victim Country: Egypt
Victim Industry: Government Administration
Victim Organization: general authority for roads and bridges (garb)
Victim Site: garb.gov.eg
Alleged data breach of Instituto Nacional de Investigaciones Forestales, Agrícolas y Pecuarias (INIFAP)
Category: Data Breach
Content: The threat actor claims to be leaked data from Instituto Nacional de Investigaciones Forestales, Agrícolas y Pecuarias (INIFAP). The compromised data reportedly includes User accounts, emails, password, Personal contacts, phone numbers, addresses, System administrators and editor accounts, Office contact phone numbers, Sensitive content notifications and more
Date: 2026-02-25T02:57:06Z
Network: openweb
Published URL: https://darkforums.me/Thread-MEXICO-GOV-INFAP-REGI%C3%93N-NORTE-CENTRO-DB-DUMP–68041
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f2433d24-f73e-4deb-8a1f-f7c2e564adb1.png
Threat Actors: Evorax
Victim Country: Mexico
Victim Industry: Government & Public Sector
Victim Organization: instituto nacional de investigaciones forestales, agrícolas y pecuarias (inifap)
Victim Site: inifap.gob.mx
Alleged data breach of Universidad Autónoma de Guerrero
Category: Data Breach
Content: The threat actor claims to be leaked data from Universidad Autónoma de Guerrero. The compromised data reportedly includes Full name, Paternal surname, Maternal surname, Phone number, Personal Gmail address, Residential address
Date: 2026-02-25T02:52:02Z
Network: openweb
Published URL: https://darkforums.me/Thread-DATABASE-M%C3%89XICO-UNIVERSIDAD-AUTONOMA-DE-GUERRERO-6-201–68213
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f5cd62d6-03f0-4329-9b27-d10034656175.png
Threat Actors: SpeakTeam
Victim Country: Mexico
Victim Industry: Higher Education/Acadamia
Victim Organization: universidad autónoma de guerrero
Victim Site: uagro.mx
Alleged Sale of WordPress Admin Access to Unidentified WordPress website
Category: Initial Access
Content: Threat actor claims to be selling admin access to a WordPress-based website operating under a .ai domain, reportedly generating approximately 18.9K organic monthly traffic with a Domain Rating (DR) of 46.
Date: 2026-02-25T02:42:38Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276833/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/83dcbfce-0732-4a48-a172-4bc3af37511f.png
https://d34iuop8pidsy8.cloudfront.net/60f65ce7-9fca-4162-a82c-ea3cfd6b3313.png
Threat Actors: MrProfessor
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of EK Online essential electronics
Category: Data Breach
Content: Threat actor claims to be selling a database allegedly belonging to EK-OnlineShop.at, an Austrian retail website operated by Kammerhofer & Co. GmbH. According to the post, the dataset contains approximately 142,180 total user records, including customer data, addresses, and order information.
Date: 2026-02-25T02:27:37Z
Network: openweb
Published URL: https://forum.exploit.in/topic/276826/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4c3010e9-7d06-4ced-8668-6e80ca364da2.png
https://d34iuop8pidsy8.cloudfront.net/7bea8024-8c6c-4aa8-b36a-20383b20edf7.png
Threat Actors: hubert
Victim Country: Austria
Victim Industry: Retail Industry
Victim Organization: ek online essential electronics
Victim Site: ek-onlineshop.at
Alleged Data Breach of Cubi mc
Category: Data Breach
Content: The threat actor claims to have breached the data base of Cubi mc; the dataset contains session identifiers, user IDs, hashed session tokens, login methods, IP addresses, timestamps, and user-agent strings.
Date: 2026-02-25T01:54:39Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-Cubi-Mc-fr
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/18518c41-294a-4ffa-8bf3-167091f70dcd.png
Threat Actors: Explorers
Victim Country: France
Victim Industry: Gaming
Victim Organization: cubi mc
Victim Site: cubi-mc.fr
Alleged leak of login credentials to LoveMel
Category: Data Breach
Content: The group claims to have leaked the login credentials to LoveMel
Date: 2026-02-25T01:42:11Z
Network: telegram
Published URL: https://t.me/c/3667951656/3038
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8738a96d-5b18-4c8f-8280-ea4be17ef0b1.png
Threat Actors: B F R e p o V 4 F i l e s
Victim Country: Serbia
Victim Industry: Unknown
Victim Organization: lovemel
Victim Site: lovemel.rs
Alleged access to system in Turkey
Category: Initial Access
Content: The group claims to have gained access to system in Turkey
Date: 2026-02-25T01:39:27Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3814
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d771ed81-5ce7-4a61-9134-91c3e4cf8195.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown