[February-4-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This report provides an in-depth analysis of 109 distinct cyber incidents recorded on February 4, 2026. The intelligence data indicates a highly volatile threat landscape characterized by a surge in high-impact data breaches, widespread trading of initial network access, and aggressive hacktivist campaigns targeting critical infrastructure.

Key Findings:

Critical Infrastructure Under Siege: Multiple attacks targeted Operational Technology (OT) and SCADA systems, specifically in the water and energy sectors in Italy and Ukraine. This represents a significant escalation in physical-cyber threats.
Massive Public Sector Data Hemorrhage: Government agencies in Indonesia, Iran, Algeria, and Israel faced severe data exfiltration. The exposure of millions of citizen records—including health data and civil servant credentials—poses a long-term national security risk for these nations.
Education Sector Vulnerability: A coordinated wave of attacks struck major global universities, including prestigious institutions like Harvard and the University of Pennsylvania, highlighting the education sector as a prime target for data theft.
The “Access Economy” is Booming: Threat actors are actively commercializing unauthorized access (VPN, RDP, Shell) to corporate networks, creating a robust supply chain for ransomware operators and espionage groups.
High-Volume Hacktivism: Groups such as Z-BL4CX-H4T.ID and Z-SH4D0WSPEECH executed widespread defacement campaigns, primarily targeting Indian and Asian digital infrastructure, signaling a rise in low-sophistication but high-visibility disruptions.

This report details these incidents, analyzes the threat actors involved, and assesses the implications for global cybersecurity posture.

2. Critical Infrastructure and Industrial Control Systems (ICS)

The most alarming trend in the reported data is the direct targeting of Industrial Control Systems (ICS) and SCADA (Supervisory Control and Data Acquisition) networks. Unlike standard IT breaches, these attacks have the potential to cause physical disruption and endanger public safety.

2.1. Water Sector Targeting in Italy and Australia

A coordinated effort to compromise water treatment facilities was observed, with the threat group NoName057(16) playing a central role.

Italian Automation Systems: NoName057(16) claimed full control over water supply and treatment automation systems at multiple facilities in Italy. The group alleged they had unrestricted access to ICS managing reservoirs, pumping stations, and pipelines. This level of access purportedly allowed them to monitor water levels in real-time, modify pump parameters, and even alter alarm logs to hide their activities. The capability to manipulate flow volumes and chemical dosing represents a critical safety risk.+1
Villa Lara (Capri, Italy): The same group, NoName057(16), claimed remote access to the automated control systems of Villa L’Erta. While a smaller target, the breach allegedly enabled control over ventilation, lighting, and specifically irrigation and water supply infrastructure via a SCADA-based platform.
Australian Wastewater Plants: Another group, Z-PENTEST ALLIANCE, claimed unauthorized access to the dosing control system of a wastewater treatment plant in Australia. The compromise of “dosing” controls is particularly dangerous as it implies the ability to alter the chemical balance of treated water, potentially leading to environmental contamination or public health hazards.

2.2. Energy and Agriculture in Conflict Zones

The intersection of cyber warfare and physical conflict continues to be visible, particularly involving assets in Ukraine and the energy sector.

Ukrainian Agriculture SCADA: The IT ARMY OF RUSSIA claimed to have breached the SCADA management system of a large hydroponic greenhouse complex in Ukraine. The facility, described as covering 20,000 m², reportedly saw its processes disrupted via the Node-RED platform. Disrupting food production infrastructure is a strategic tactic intended to strain the victim nation’s resources.
Phonesack Xekong Power Station (Laos): In the energy sector, a threat actor named zestix leaked internal documents related to the Xekong 1800 MW power plant. The 4GB leak included EPC contracts, engineering drawings, and transmission line studies. While this is an espionage and data theft event rather than a disruption, the exposure of technical specifications for critical power infrastructure facilitates future sabotage or kinetic attacks.+1

2.3. Conclusion on Critical Infrastructure

The successful penetration of SCADA systems in Italy, Ukraine, and Australia indicates that operational technology remains dangerously exposed. The use of platforms like Node-RED and standard remote access protocols suggests that many of these critical systems are internet-facing without adequate segmentation or authentication controls.

3. Government and Public Sector Data Breaches

The public sector was the most heavily victimized vertical, with massive datasets containing sensitive citizen information being leaked or sold.

3.1. The Indonesian Data Crisis

Indonesia faced a relentless barrage of data breaches targeting its most sensitive government ministries.

Ministry of Health (Kemenkes): Multiple threat actors, including petrus and Petrusnism, leaked a database containing over 4 million healthcare worker and user records. The data included National ID numbers (NIK), birth dates, and professional registration IDs. This breach exposes millions of medical professionals and citizens to identity theft.+3
Directorate General of Intellectual Property (DJKI/DGIP): Two separate incidents targeted this agency. Actor CinCauGhas leaked 1.3 million government employee records from the e-SAKI system, exposing bank account numbers, civil servant IDs (NIP), and salaries. Separately, BABAYO EROR SYSTEM leaked advance payment and activity reports from the same directorate.+1
Land Authority: Actor miyako sold unauthorized root-level access to the firewall of an Indonesian Government Land Authority. This allows for potential deep infiltration into land ownership databases.

3.2. Middle East and North Africa (MENA) Instability

Government bodies in the MENA region were heavily targeted by groups utilizing data leaks as a tool for political leverage and disruption.

Algerian General Directorate of Public Service (DGFPRA): The group DARK 07x claimed to have breached the HR and employment management platforms of this agency. This breach likely impacts a significant portion of the public sector workforce in Algeria.
Iranian Government Leaks: Several Iranian agencies were compromised. Buscador leaked credentials for the Basij News Agency , while A K U L A v 2 . targeted the Police Command of the Islamic Republic of Iran and the Ministry of Foreign Affairs. These leaks often serve to dox officials and expose internal communications.+2
Palestinian and Israeli Targets: miyako sold access to a Palestinian government foreign aid portal. Conversely, Israeli entities like the Enforcement and Collection Authority and various municipalities saw credential leaks, highlighting the ongoing cyber dimension of the regional conflict.+1

3.3. African Government Data Sales

Tanzania (BRELA): A massive breach of the Business Registrations and Licensing Agency (BRELA) was advertised by Spirigatito. The dataset allegedly contains 10.2 million records, including National IDs, Passport numbers, and Tax Identification Numbers (TIN). This is a catastrophic breach for Tanzania’s corporate and civil registry integrity.

4. The “Access-as-a-Service” Economy

A significant portion of the intelligence relates to “Initial Access Brokers” (IABs). These actors do not necessarily steal data themselves; instead, they compromise networks and sell the “keys” (VPNs, RDPs, Shells) to other criminals, such as ransomware gangs.

4.1. Corporate Network Access

Mexico Retail Chain: Grandmaster74 auctioned VPN access to a Mexican retail chain with over 3,000 users and 700 hosts. The listing noted that endpoint protection was active, suggesting a high value target for sophisticated ransomware deployment.
Asian Real Estate Developer: miyako sold root-level remote code execution (RCE) and firewall access to a major Asian real estate developer for a mere USD 300. This low price point for high-level access demonstrates the commoditization of cyber intrusion.
Energy Sector VPNs: Access to a Fortinet VPN for an energy-sector organization was sold by boost. The network included 2,200 devices, providing a massive attack surface for disrupting energy operations.

4.2. Bulk Credential Sales

Fortinet and RDWeb Logs: Actor Tamburino listed valid credentials for 500 Fortinet VPNs and 150 RDWeb servers. These “logs” are typically harvested via infostealer malware and allow attackers to bypass perimeter defenses effortlessly.+1
WebVPN in China: A staggering claim by Benneton involved the sale of WebVPN access allegedly linked to 8.9 billion CSCOE-related records in China. While the record count may be exaggerated, the access to Chinese infrastructure is highly sought after.

4.3. Implications of IAB Activity

The prevalence of these sales indicates that the “perimeter” for many organizations is already breached. The time between initial access sale and a ransomware detonation is often short. Organizations in the Retail, Energy, and Real Estate sectors appear to be the current “flavor of the month” for these brokers.

5. High-Profile Corporate and Commercial Data Breaches

Beyond the public sector, private enterprises faced significant data theft incidents, driven by financial motives.

5.1. Gambling and E-Commerce

Gamdom (Curaçao): A major breach of the gambling platform Gamdom was reported by Wadjet. The leak contained 460,000 email records. For gambling users, privacy is paramount; this leak exposes them to targeted phishing and extortion attempts.
GiftOnCard (Serbia): Wadjet also claimed a breach of GiftOnCard, exposing 152,000 user records and 2.7 million gift card records. The data included password hashes and gift card serial numbers, likely leading to immediate financial fraud and gift card draining.+1

5.2. Telecommunications and Logistics

Brazilian Telecom: CaoMa shared a dataset of Brazilian telecom subscribers, including CPF numbers and physical addresses. Telecom data is highly valuable for “SIM swapping” attacks, which can bypass Two-Factor Authentication (2FA).+1
Loxam (France): A breach of Loxam’s delivery operations exposed 94,735 delivery routes and driver details. This supply chain data serves as intelligence for cargo theft and physical security breaches.

5.3. Financial Services

China UnionPay: One of the largest alleged breaches involved China UnionPay, with hulky claiming to sell 171 million rows of user data. The data included banking details, National IDs, and mobile numbers. If verified, this is a top-tier financial breach affecting a significant portion of the Chinese population.+1

6. Education and Research Sector Targeting

Academic institutions are traditional “soft targets” due to their open networks and valuable intellectual property. February 4th saw a spike in high-profile university breaches.

6.1. Ivy League Compromises

Harvard & UPenn: The notorious group ShinyHunters claimed responsibility for breaches at Harvard University (1.1 GB of PII/Donation data) and the University of Pennsylvania (483 GB of data). The theft of donation data is particularly damaging as it exposes high-net-worth individuals to fraud and damages donor trust.+1

6.2. Global Academic Targets

Zefat Academic College (Israel): A K U L A v 2 . leaked login credentials for this institution.
Damascus University (Syria): The website was defaced by Cyb3r Drag0nz.
Lebanese University: vexin shared database files from the Faculty of Law, containing student PII.
Universidad Autónoma de Sinaloa (Mexico): A breach of 67,984 records including student and professor IDs was posted by Straightonumberone.

The education sector is currently facing a dual threat: ransomware groups seeking financial payouts (noted in the sheer volume of data exfiltrated from UPenn) and hacktivists seeking to disrupt operations for political reasons.

7. Hacktivism and Defacement Campaigns

A large volume of the reported incidents (over 20%) were web defacements. These attacks are technically unsophisticated but serve as a barometer for geopolitical tension and social unrest.

7.1. The “Z-BL4CX-H4T.ID” Campaign

This group was the most active defacement actor on this date. They targeted a wide array of small-to-medium businesses in India and Vietnam.

Targets: Their victims included Hung Thinh Mechanical , Harlequin Infrastructures , Hotel Palm Beach Pride, and various other local businesses.+2
Modus Operandi: The attacks appear to be opportunistic, likely exploiting common CMS vulnerabilities (like WordPress plugins) to replace homepages with their own imagery. The lack of a specific industry focus suggests a “spray and pray” approach to gain notoriety.

7.2. Anti-India and Political Defacements

Z-SH4D0WSPEECH: This group focused heavily on Indian targets, including political entities like the Swatantra Congress Party and businesses like TeenX India. The targeting of political parties indicates an ideological motivation.+1
Defacer Indonesian Team: Targeted US software companies and Indonesian local government sites, showing a mix of nationalist and anti-western sentiment.+1

8. Threat Actor Profile Analysis

Based on the February 4th activity, the following threat actors are of high concern:

8.1. A K U L A v 2 .

Role: Prolific Credential Leaker.
Targets: Government, Law Enforcement, Education, and Finance.
Region: Heavily focused on the Middle East (Iran, Israel, UAE, Iraq, Saudi Arabia).
Assessment: This actor specializes in harvesting and dumping credentials from high-value targets. The volume of their activity suggests automated harvesting or access to a large botnet of infected devices within these specific regions.

8.2. ShinyHunters

Role: Top-Tier Data Broker.
Targets: Elite US Universities (Harvard, UPenn).
Assessment: A well-known and sophisticated group. Their return to visibility with high-profile university breaches suggests they are actively monetizing academic data. They prefer large datasets with PII and financial info.

8.3. NoName057(16)

Role: Sabotage and Critical Infrastructure Attackers.
Targets: Italy (Water Systems, SCADA).
Assessment: This group poses a kinetic threat. Their focus on OT/ICS systems indicates a desire to cause physical disruption rather than just data theft. They are likely politically motivated, aligning with anti-European narratives.

8.4. Miyako

Role: Initial Access Broker (IAB).
Targets: Global Government and Commercial entities.
Assessment: miyako sells deep network access (root, shell, firewall admin) rather than just user credentials. This makes them a critical enabler for ransomware groups. Their ability to compromise firewalls in Palestine, Indonesia, and Asia indicates advanced technical capabilities.

9. Conclusions and Strategic Outlook

The events of February 4, 2026, illustrate a cybersecurity landscape that is deteriorating across multiple fronts. The barriers to entry for cybercrime are lowering, as evidenced by the widespread availability of “ready-to-use” network access for as little as $300. Simultaneously, the sophistication of attacks on critical infrastructure is rising, moving from theoretical risks to actual compromises of water and energy systems.

9.1. Key Trends

OT/ICS Systems are the New Frontline: The attacks in Italy and Ukraine prove that water and energy grids are active battlegrounds. The psychological impact of compromising a water supply is far greater than that of a data breach.
Sovereign Data Loss: Nations like Indonesia and Tanzania are experiencing “sovereign data loss”—where massive chunks of their population’s identity data are now in criminal hands. This will likely fuel a decade of fraud and cybercrime within those borders.
The Commoditization of Breaches: The Initial Access Broker market is highly efficient. Identifying a vulnerability and selling the access happens rapidly. Organizations must assume that if they have an unpatched edge device, access to it is likely already for sale.

9.2. Recommendations

For Critical Infrastructure: Immediate isolation of OT networks from the public internet is mandatory. Organizations must audit all remote access points to SCADA systems and enforce strict multi-factor authentication (MFA).
For Government Agencies: A comprehensive review of third-party access and internal database security is urgently needed. The high rate of credential leaks suggests that endpoint hygiene (preventing infostealers) is poor.
For Academic Institutions: Universities must segregate donor and financial data from open research networks. The targeting of alumni/donor data requires a higher standard of protection similar to the financial sector.
Global Threat Intelligence: Organizations should monitor the “Dark Web” markets mentioned (BreachForums, Exploit.in) for mentions of their own domains. Early detection of a “VPN access” sale can allow a company to close the door before a ransomware actor walks in.

Detected Incidents Draft Data

Alleged Sale of unauthorized admin access to unidentified shop in Uk
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified online shop in Uk
Date: 2026-02-04T23:58:48Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275259/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1c53d5fe-ec4d-439b-8ca4-6df246bb5347.png
Threat Actors: Reve
Victim Country: UK
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login credentials to Sahab System
Category: Data Breach
Content: The group claims to have leaked login credentials to Sahab System in Iran
Date: 2026-02-04T22:50:29Z
Network: telegram
Published URL: https://t.me/c/1943303299/1050880
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/de8f08f9-2dbd-4991-a5f1-58f2901d4e0d.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: Iraq
Victim Industry: Government & Public Sector
Victim Organization: sahab system
Victim Site: sahabcard.ir
Alleged leak of login credentials to Basij News Agency
Category: Data Breach
Content: The group claims to have leaked login credentials to Basij News Agency
Date: 2026-02-04T22:46:40Z
Network: telegram
Published URL: https://t.me/c/2451084701/536136
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d7050c3f-a2dd-420f-9b3e-afacf22c915c.jpg
https://d34iuop8pidsy8.cloudfront.net/bd00ab53-550d-4bd0-97c6-f78e99326254.jpg
https://d34iuop8pidsy8.cloudfront.net/cc7d8676-70b1-40b9-83dd-be2f4a8bf853.jpg
https://d34iuop8pidsy8.cloudfront.net/a7d1a350-5901-4973-96c7-8c9477f009dc.jpg
Threat Actors: Buscador
Victim Country: Iran
Victim Industry: Newspapers & Journalism
Victim Organization: basij news agency
Victim Site: basijnews.ir
Alleged leak of login credentials to the Police Command of the Islamic Republic of Iran
Category: Data Breach
Content: The group claims to have leaked login credentials to the Police Command of the Islamic Republic of Iran.
Date: 2026-02-04T22:42:18Z
Network: telegram
Published URL: https://t.me/c/1943303299/1050907
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2cf3482f-7554-42e2-8ffe-6a4d5444e450.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Iran
Victim Industry: Law Enforcement
Victim Organization: the police command of the islamic republic of iran
Victim Site: police.ir
Alleged Sale of Unauthorized Fortinet VPN Access to an Unidentified Energy-Sector Organization
Category: Initial Access
Content: Threat actor claims to be selling unauthorized Fortinet VPN access to an unidentified energy-sector organization, offering validated network entry with approximately 2,200 registered devices, active Sentinel security monitoring, and full VPN access.
Date: 2026-02-04T22:33:54Z
Network: openweb
Published URL: https://xss.pro/threads/145713/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/43c6831f-0e3f-4a7e-a2c2-df797d6011a4.png
Threat Actors: boost
Victim Country: Unknown
Victim Industry: Energy & Utilities
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized VPN Access to an Unidentified Mexico-Based Retail Chain
Category: Initial Access
Content: Threat actor claims to be selling unauthorized VPN access to an unidentified Mexico-based retail chain, offering corporate network entry with access to over 700 hosts and approximately 3,000 users, potential access to a second domain, active endpoint protection in place, and availability via auction with listed pricing tiers requiring a guarantor.
Date: 2026-02-04T22:30:31Z
Network: openweb
Published URL: https://xss.pro/threads/145708/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/64b55d0c-bc43-4e9d-a9ac-62d4c633b101.png
Threat Actors: Grandmaster74
Victim Country: Mexico
Victim Industry: Retail Industry
Victim Organization: Unknown
Victim Site: Unknown
Alleged access to Kafil El Yatim
Category: Initial Access
Content: The group claims to have gained access to the website of Kafil El Yatim
Date: 2026-02-04T22:16:36Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/1572
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2219949b-a87b-435d-b592-e2f3daea4b2c.jpg
Threat Actors: DARK 07x
Victim Country: Algeria
Victim Industry: Non-profit & Social Organizations
Victim Organization: kafil el yatim
Victim Site: kafilelyatim.dz
Alleged data breach of Algerias General Directorate of Public Service and Administrative Reform (DGFPRA)
Category: Data Breach
Content: The group claims to have breached the systems of Algeria’s General Directorate of Public Service and Administrative Reform (DGFPRA), including subdomains hosting HR management, electronic services, communication and messaging, and employment management platforms.
Date: 2026-02-04T21:49:43Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/1570
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2c78aaa1-39d0-426c-921e-ec8830b9c0f0.png
Threat Actors: DARK 07x
Victim Country: Algeria
Victim Industry: Government Administration
Victim Organization: general directorate of public service and administrative reform (dgfpra)
Victim Site: dgfp.gov.dz
Alleged Sale of Unauthorized Access to Large Asia-Based Real Estate Developer
Category: Initial Access
Content: Threat actor claims to be selling unauthorized administrative access to large Asia-based real estate developer, offering access to a Linux-based firewall system with network administration panel control, root-level remote code execution (RCE), and shell access, advertised as enabling full firewall and network management capabilities, with the access listed for sale at USD 300.
Date: 2026-02-04T21:46:44Z
Network: openweb
Published URL: https://breachforums.jp/Thread-300-Largest-Real-Estate-Developer-in-Asia-Firewall-Network-Admin-Panel
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e320b7a2-c488-420f-b2d8-e60fd2b7e3d0.png
Threat Actors: miyako
Victim Country: Unknown
Victim Industry: Commercial Real Estate
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to a Palestinian Government Agency
Category: Initial Access
Content: A threat actor claims to be selling unauthorized access to a Palestinian government agency foreign aid portal. the alleged leaked data involves a Linux-based firewall system with root-level remote code execution (RCE), shell access, and administrative control over the network management panel.
Date: 2026-02-04T21:38:36Z
Network: openweb
Published URL: https://breachforums.jp/Thread-400-Palestinian-Government-Agency-Foreign-Aid-Portal-Firewall-Network-Admin
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d3cfe33e-a512-4437-bcad-ef1d3b48ef1e.png
Threat Actors: miyako
Victim Country: Palestine
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to an Indonesian Government Land Authority
Category: Initial Access
Content: A threat actor claims to be selling unauthorized access to infrastructure associated with the Indonesian Government Land Authority. the alleged access involves a Linux-based firewall system with root-level remote code execution (RCE), shell access, and administrative control over the network management panel.
Date: 2026-02-04T21:34:21Z
Network: openweb
Published URL: https://breachforums.jp/Thread-300-Indonesian-Government-Land-Authority-Firewall-Network-Admin
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4e6a7585-f51b-448d-9ea2-0fb1d1d04334.png
Threat Actors: miyako
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data leak of Gamdom
Category: Data Breach
Content: The threat actor claims to have leaked a database associated with Gamdom from Curaçao. The exposed dataset reportedly contains approximately 460,000 email records, consisting solely of user email addresses. The actor states that the data originates from multiple countries.
Date: 2026-02-04T21:24:22Z
Network: openweb
Published URL: https://breachforums.jp/Thread-SELLING-gamdom-com-casino
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3dfb1dce-8659-4fa5-9944-3f004eb5695a.png
Threat Actors: Wadjet
Victim Country: Curaçao
Victim Industry: Gambling & Casinos
Victim Organization: gamdom
Victim Site: gamdom.com
Alleged data breach of Lycée Saint-Charles
Category: Data Breach
Content: A threat actor claims to have leaked data associated with Lycée Saint-Charles, a public secondary educational institution located in Marseille, France. the alleged leaked data involves school-related information connected to academic and administrative systems supporting general and technological education programs
Date: 2026-02-04T21:09:15Z
Network: openweb
Published URL: https://breachforums.jp/Thread-Lyc%C3%A9e-ND-Des-DUNES-Saint-Charles-2026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/57c856d9-beb7-4019-927f-4bc32a3f8a47.png
Threat Actors: kzh1337
Victim Country: France
Victim Industry: Education
Victim Organization: lycée saint-charles
Victim Site: lyc-stcharles.ac-aix-marseille.fr
Alleged Data Breach of Unidentified Gamdom User Database
Category: Data Breach
Content: The threat actor claims to have breached a database associated with Gamdom from Curaçao-based online gambling platform. The exposed dataset reportedly contains approximately 460,000 email records, consisting solely of user email addresses. The actor states that the data originates from multiple countries,
Date: 2026-02-04T21:03:40Z
Network: openweb
Published URL: https://breachforums.jp/Thread-SELLING-gamdom-com-casino
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3dfb1dce-8659-4fa5-9944-3f004eb5695a.png
Threat Actors: Wadjet
Victim Country: Curaçao
Victim Industry: Gambling & Casinos
Victim Organization: gamdom
Victim Site: gamdom.com
Alleged leak of login credentials to Zefat Academic College
Category: Data Breach
Content: The group claims to have leaked login credentials to Zefat Academic College in Israel.
Date: 2026-02-04T20:56:19Z
Network: telegram
Published URL: https://t.me/c/1943303299/1051236
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3489a9ad-3fbd-44b8-b92d-db424b04c4e7.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Israel
Victim Industry: Education
Victim Organization: zefat academic college
Victim Site: zefat.ac.il
Alleged leak of login credentials to Israels Enforcement and Collection Authority
Category: Data Breach
Content: The group claims to have leaked login credentials to the Enforcement and Collection Authority in Israel.
Date: 2026-02-04T20:54:58Z
Network: telegram
Published URL: https://t.me/c/1943303299/1050930
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c618b948-1fad-488e-8d57-bd43cb02faa3.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Israel
Victim Industry: Government Administration
Victim Organization: enforcement and collection authority
Victim Site: eca.gov.il
Alleged Data Breach of GiftOnCard
Category: Data Breach
Content: A threat actor claims to have breached the database of GiftOnCard. The leaked data reportedly includes user account information, card registration records, and gift card transaction data, comprising approximately 152,000 user records, 130,000 card registration entries, and 2.7 million gift card records. The exposed information includes usernames, password hashes, personal and contact details, email verification data, gift card serial numbers, expiration dates, transaction values, balances, partner identifiers, and related internal metadata.
Date: 2026-02-04T20:42:09Z
Network: openweb
Published URL: https://breachforums.jp/Thread-DATABASE-giftoncard-eu
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fd951774-a1b8-4755-8013-80def39eddf5.png
Threat Actors: Wadjet
Victim Country: Serbia
Victim Industry: E-commerce & Online Stores
Victim Organization: giftoncard
Victim Site: giftoncard.eu
Alleged data breach of e-SAKI DJKI
Category: Data Breach
Content: A threat actor claims to be sharing a database containing approximately 1.301 million Indonesian government employee records allegedly sourced from the e-SAKI system of the Directorate General of Intellectual Property (DJKI). The leaked data reportedly includes employee names, NIP (civil servant ID), directorate, rank/class (golongan), structural and functional job titles, supervisor information, date of birth, bank account numbers, and NPWP.
Date: 2026-02-04T20:21:24Z
Network: openweb
Published URL: https://breachforums.jp/Thread-DATABASE-1301-K-Daftar-Pegawai-e-saki-dgip-go-id
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cd8168c5-653e-40ea-96ed-60e4b667d6a8.png
Threat Actors: CinCauGhas
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: e-saki djki
Victim Site: e-saki.dgip.go.id
Alleged Sale of Unauthorized WebVPN Access in China
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized WebVPN access in China, allegedly associated with approximately 8.9 billion CSCOE-related records.
Date: 2026-02-04T20:11:30Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275244/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4f2ad562-2fb7-4eef-95ca-cab836ed3b97.png
Threat Actors: Benneton
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of unidentified Indian customer records
Category: Data Breach
Content: The threat actor claims to have leaked a database associated with unidentified Indian individuals and organizations. The exposed dataset reportedly contains approximately 10,054 records in CSV format, including company names, full names, phone numbers, contact persons, and email addresses.
Date: 2026-02-04T20:04:12Z
Network: openweb
Published URL: https://breachforums.jp/Thread-10054-Indian-Customer-Data-Leaked-by-Ayyubi%C2%A0free-download-sample
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e9e84ddb-d2dd-4a1a-86d0-e8ed7489234e.png
Threat Actors: AYYUBI
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of unidentified cryptocurrency-related email databases
Category: Data Breach
Content: The threat actor claims to have leaked a large collection of unidentified cryptocurrency-related databases. The exposed dataset reportedly contains email address records only and is described as a mixed geographic dataset, including United States–based data. According to the listing, the leaked information spans multiple unidentified sources and covers the period from 2021 to 2026.
Date: 2026-02-04T19:20:07Z
Network: openweb
Published URL: https://breachforums.jp/Thread-SELLING-Crypto-Databases-e-mail-only-huge-collection
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7126be32-735c-4a95-9f6c-400c3d142851.png
Threat Actors: kaykaykay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Cyb3r Drag0nz targets the website of Damascus University
Category: Defacement
Content: The group claims to have defaced the website of Damascus University in Syria.
Date: 2026-02-04T19:15:15Z
Network: telegram
Published URL: https://t.me/c/3504564040/140
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f1282c50-59ad-4248-bd75-4dfd9df25966.png
Threat Actors: Cyb3r Drag0nz
Victim Country: Syria
Victim Industry: Education
Victim Organization: damascus university
Victim Site: damascusuniversity.edu.sy
Alleged Sale of Unauthorized SQL Injection Access to a Korean News Website
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized SQL injection–based access to a Korea-focused news website, reportedly obtained using an error-based SQLi technique.
Date: 2026-02-04T19:12:54Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275230/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/65cce7bc-b251-43f5-a7d6-a4c0c22408b6.png
Threat Actors: pollins05
Victim Country: Unknown
Victim Industry: Newspapers & Journalism
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of French secondary educational institutions
Category: Data Breach
Content: A threat actor claims responsibility for breaching two French secondary educational institutions: Lycée Notre-Dame des Dunes and Lycée Saint-Charles.
Date: 2026-02-04T18:35:13Z
Network: openweb
Published URL: https://breachforums.jp/Thread-Lyc%C3%A9e-ND-Des-DUNES-Saint-Charles-2026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0c4cc735-8afa-4e40-9729-6e90a2b90d51.png
Threat Actors: kzh1337
Victim Country: France
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Lebanese University
Category: Data Breach
Content: A threat actor claims to be sharing database files allegedly belonging to the Lebanese University’s Faculty of Law, Political and Administrative Sciences. The leaked data reportedly contains email addresses, personal names, dates, room numbers, and other academic or administrative information.
Date: 2026-02-04T18:32:37Z
Network: openweb
Published URL: https://breachforums.cz/index.php?threads/lebanese-university-faculty-of-law-political-and-administrative-sciences.279/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a153610a-6736-48de-b0a6-ff8a39991d69.png
Threat Actors: vexin
Victim Country: Lebanon
Victim Industry: Education
Victim Organization: lebanese university
Victim Site: ul.edu.lb
Alleged Data Breach of Lamma Fisher
Category: Data Breach
Content: The threat actor claims to have breached the database of Lamma Fisher, a China-based local tour and services company operating via lfv.com.hk. The leaked data reportedly includes approximately 753,000 unique records containing customer names (in English and Chinese), gender, birth year, mobile phone numbers, order dates, order details in JSON format, and order total values.
Date: 2026-02-04T18:12:22Z
Network: openweb
Published URL: https://breachforums.jp/Thread-DATABASE-Selling-Hong-Kong-Lantou-Local-Tour-lfv-com-hk-Database-753K-unique-rows-2025-4
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fa07bc3a-d0ea-46d8-9bbb-5c28fd58f23c.png
Threat Actors: hulky
Victim Country: China
Victim Industry: Hospitality & Tourism
Victim Organization: lamma fisher
Victim Site: lfv.com.hk
Alleged unauthorized access to SCADA system of an unidentified agricultural complex in Ukraine
Category: Initial Access
Content: The group claims to have gained unauthorized access to the SCADA management system of a hydroponic greenhouse complex in Ukraine, disrupting processes via the Node‑RED platform and controllers. The facility is described as an automated greenhouse of about 20,000 m².
Date: 2026-02-04T18:08:44Z
Network: telegram
Published URL: https://t.me/itarmy_ru/278
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6f3d57e8-8900-4a57-b8d9-97a8db0a750d.png
Threat Actors: IT ARMY OF RUSSIA
Victim Country: Ukraine
Victim Industry: Agriculture & Farming
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to an unidentified shop from UK
Category: Initial Access
Content: Threat actor claims to be selling unauthorized administrative access to an unidentified UK-based online shop, offering control through an admin panel with redirect-based payment processing enabled and supported by recent order activity statistics, including last 30 days and monthly volume figure.
Date: 2026-02-04T18:03:58Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275233/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0c517e1f-305a-4b9e-a0f9-63e2823bc621.png
Threat Actors: CMPunk
Victim Country: UK
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Brazilian Telecom Company
Category: Data Breach
Content: A threat actor claims to be sharing a Brazilian telecommunications customer dataset allegedly originating from a telecom provider in Brazil. The dataset reportedly contains subscriber and service account records linked to physical addresses. Exposed data fields allegedly include primary and secondary phone numbers, Brazilian identification numbers (CPF), ID types, full street and apartment addresses, postal codes (CEP), email addresses, city, state, region, and neighborhood information.
Date: 2026-02-04T18:02:36Z
Network: openweb
Published URL: https://breachforums.jp/Thread-DATABASE-Brazilian-Telecom-Telecommunications-Customer-Dataset
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b09c07f4-1f89-44c4-8206-77ff8e8f5730.png
Threat Actors: CaoMa
Victim Country: Brazil
Victim Industry: Network & Telecommunications
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of KGI
Category: Data Breach
Content: A threat actor claims to have breached the database of KGI, a China-based stock investment and financial services platform operating via kgi.com.hk. The leaked data reportedly includes approximately 920,000 unique records containing email addresses, phone numbers, stock names, price movements (rise and fall values), daily highs and lows, trade volumes, trade amounts, and stock codes.
Date: 2026-02-04T17:47:07Z
Network: openweb
Published URL: https://breachforums.jp/Thread-DATABASE-Selling-Hong-Kong-Stock-Investment-kgi-com-hk-Database-940K-unique-rows-2025-2
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fa951011-ef32-464b-b848-ecc8c6826cc4.png
Threat Actors: hulky
Victim Country: China
Victim Industry: Financial Services
Victim Organization: kgi
Victim Site: kgi.com.hk
Allleged data leak of Indonesias Directorate General of Intellectual Property (DGIP)
Category: Data Breach
Content: The group claims to have leaked data linked to Directorate General of Intellectual Property (DGIP), the files reportedly include advance payment reports, activity reports, advance payment settlement reports
Date: 2026-02-04T17:45:57Z
Network: telegram
Published URL: https://t.me/c/3664625363/138
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6bf710f5-1683-493e-bac9-866db639223a.jpg
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: directorate general of intellectual property (dgip)
Victim Site: dgip.go.id
Alleged data leak of DoD-Contracted CMMC Cybersecurity Training Materials
Category: Data Breach
Content: A threat actor claims to be leaking confidential Cybersecurity Maturity Model Certification (CMMC) training materials allegedly associated with DoD-contracted cybersecurity programs. The leaked content is described as a ZIP archive and reportedly includes training documents, certification materials, templates, and instructional resources related to CMMC compliance.
Date: 2026-02-04T17:36:47Z
Network: openweb
Published URL: https://breachforums.jp/Thread-COLLECTION-USA-CONFIDENTIAL-DoD-Contracted-Cyber-Security-CMMC-Training-Materials-LEAKED
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/151c63e5-4b9d-41fe-b2d4-60f01192e03b.png
https://d34iuop8pidsy8.cloudfront.net/5c2a41c8-fee9-4e48-ac73-6cf309bb1d39.png
Threat Actors: jrintel
Victim Country: USA
Victim Industry: Defense & Space
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Multiple Cryptocurrency Platforms
Category: Data Breach
Content: A threat actor claims to be offering a large cryptocurrency-related database leak bundle containing approximately 21.2 million records. The data allegedly includes email and password combinations, unhashed credentials, customer leads, phone numbers, and opt-in marketing data associated with numerous cryptocurrency exchanges, trading platforms, and crypto services.
Date: 2026-02-04T17:33:22Z
Network: openweb
Published URL: https://breachforums.jp/Thread-DATABASE-Crypto-Currency-Database-Leak-Bundle-Pack-21-2-Million-Lines
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0469d65d-0e5b-4420-9711-42c0fb0dc1b4.png
Threat Actors: hulky
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of China UnionPay
Category: Data Breach
Content: The threat actor claims to be selling a massive leak allegedly linked to China UnionPay, containing around 171 million rows of user data. The exposed information reportedly includes phone numbers, names, account details, national ID numbers, province/city location data, mobile carrier, gender, and birthdates.
Date: 2026-02-04T17:29:59Z
Network: openweb
Published URL: https://breachforums.jp/Thread-DATABASE-China-Union-Pay-Chinese-Leak-170M-rows
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cb71bfad-0111-47f6-9566-6afafdc6f77e.png
Threat Actors: hulky
Victim Country: China
Victim Industry: Financial Services
Victim Organization: china unionpay
Victim Site: unionpayintl.com
BABAYO EROR SYSTEM targets the website of Flag Express.
Category: Defacement
Content: Group claims to have defaced the website of Flag Express.
Date: 2026-02-04T17:21:41Z
Network: telegram
Published URL: https://t.me/c/3664625363/137
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/01b3368f-9033-434d-b9d7-b8421cb4a92b.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Morocco
Victim Industry: Transportation & Logistics
Victim Organization: flag express
Victim Site: gym2.flagexpress.ma
TEAM MR PLAX targets the website of South Tapanuli Regency Fisheries Department
Category: Defacement
Content: The group claims to have defaced the website of South Tapanuli Regency Fisheries Department
Date: 2026-02-04T17:08:30Z
Network: telegram
Published URL: https://t.me/mrplaxx/114
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/906cf3fe-8011-4b85-bea0-f3e5ea873fed.png
Threat Actors: TEAM MR PLAX
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: south tapanuli regency fisheries department
Victim Site: sibola.perikanan.tapselkab.go.id
Alleged data leak of Indonesian Ministry of Health (Kemenkes)
Category: Data Breach
Content: The threat actor claims to have hacked the Indonesian Ministry of Health website and leaked a fresh database dump containing over 4 million healthcare worker and user records. The exposed data allegedly includes personal and professional details such as names, national ID numbers (NIK), birth information, registration IDs, provinces, professions, and other sensitive health workforce records.
Date: 2026-02-04T17:02:29Z
Network: openweb
Published URL: https://breachforums.jp/Thread-DATABASE-Free-4M-Workers-and-User-Database-Ministry-Of-Health-fresh-dump
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0b780518-953e-4ed0-b0aa-7539deba1ff0.png
https://d34iuop8pidsy8.cloudfront.net/360f85a1-4389-40cf-8000-7aeee45ccbaf.png
Threat Actors: petrus
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: indonesian ministry of health (kemenkes)
Victim Site: kemkes.go.id
Alleged data breach of Loxam
Category: Data Breach
Content: The threat actor claims to be selling a massive dataset related to Loxam delivery operations, containing around 94,735 delivery routes and 828,000 stop points from January 2020 to February 2026. The exposed data allegedly includes delivery driver information, phone numbers, shipping addresses, vehicle license plates, delivery dates, delivery hours, and detailed stop-point records, impacting multiple companies and locations across France and Europe.
Date: 2026-02-04T16:47:35Z
Network: openweb
Published URL: https://breachforums.jp/Thread-SELLING-FR-Loxam-fr-828K-Deliverys-2020-To-2026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/70ed5cde-3152-4bac-927e-26d65f4930ae.png
https://d34iuop8pidsy8.cloudfront.net/bd36c106-d58a-4867-b53d-ed117715d166.png
https://d34iuop8pidsy8.cloudfront.net/1a18f289-7d16-44cc-b99d-4e04edf19e44.png
Threat Actors: HexDex
Victim Country: France
Victim Industry: Building and construction
Victim Organization: loxam
Victim Site: loxam.fr
Alleged Sale of 2.1 Million Netherlands Private Leads
Category: Data Breach
Content: Threat Actor claims to be selling a database containing approximately 2.1 million private leads from the Netherlands, allegedly collected through advertising campaigns. The exposed data reportedly includes personal contact details such as full names, mobile phone numbers, personal email addresses, and country information. Also around 669,000 phone numbers are unique and approximately 2 million email addresses are unique.
Date: 2026-02-04T16:46:58Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275215/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/47036b9d-9c54-4bac-aeab-765b5563a5a2.png
Threat Actors: betway
Victim Country: Netherlands
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized access to unidentified ter supply and water treatment automation systems in Italy
Category: Initial Access
Content: The group claims to have gained full control over water supply and water treatment automation systems at multiple key facilities in Italy. The group alleges unrestricted access to industrial control systems (ICS) managing reservoirs, pumping stations, pipelines, and distribution networks, including real-time water level monitoring and modification, pump and equipment scheduling, adjustment of flow volumes and operating modes, fine-tuning of pump parameters, and full access to alarm and incident logs with the ability to alter records
Date: 2026-02-04T16:38:24Z
Network: telegram
Published URL: https://t.me/c/2787466017/2036
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/eed9d4e4-4518-480e-b21e-0bc468c8727d.jpg
Threat Actors: NoName057(16)
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Z-SH4D0WSPEECH targets the website of Swatantra Congress Party
Category: Defacement
Content: The group claims to have defaced the website of Swatantra Congress Party.
Date: 2026-02-04T16:26:34Z
Network: telegram
Published URL: https://t.me/c/2552217515/216
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9b9fc7fc-b0f9-42fc-b3d9-35ae44a3bb39.png
Threat Actors: Z-SH4D0WSPEECH
Victim Country: India
Victim Industry: Political Organization
Victim Organization: swatantra congress party
Victim Site: swatantracongressparty.com
Z-SH4DOWSPEECH targets the website of TeenX India
Category: Defacement
Content: Group claims to have defaced the website of Teenx India.
Date: 2026-02-04T16:23:57Z
Network: telegram
Published URL: https://t.me/c/2552217515/216
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/30c12aa3-bf59-4d91-81ca-8e7a8d65eb57.png
Threat Actors: Z-SH4DOWSPEECH
Victim Country: India
Victim Industry: E-commerce & Online Stores
Victim Organization: teenx india
Victim Site: teenxindia.com
Alleged data breach of Sony Pictures International
Category: Data Breach
Content: The threat actor claims to have leaked a database of Sony Pictures International Autotrader users, exposing sensitive information including dates of birth, phone numbers, addresses, emails, user IDs, and passwords.
Date: 2026-02-04T15:51:16Z
Network: openweb
Published URL: https://breachforums.cz/index.php?threads/sony-pictures-international-autotrader-users.278/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3acc39b1-3925-40f4-a838-1919c29a2b2a.png
Threat Actors: Smoke
Victim Country: USA
Victim Industry: Entertainment & Movie Production
Victim Organization: sony pictures international
Victim Site: sonypictures.com
Alleged leak of login credentials to ADNOC Group
Category: Data Breach
Content: The group claims to have leaked login credentials to ADNOC Group.
Date: 2026-02-04T15:47:45Z
Network: telegram
Published URL: https://t.me/c/1943303299/1050220
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9cd2a877-3960-4bbd-87c1-28ddb909fa66.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: UAE
Victim Industry: Oil & Gas
Victim Organization: adnoc group
Victim Site: v
Alleged data leak of UNIVERSAL LUBRICANTS
Category: Data Breach
Content: The group claims to have leaked the organisations data.
Date: 2026-02-04T15:38:38Z
Network: telegram
Published URL: https://t.me/c/1943303299/1050183
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7e5c5fd9-cf99-4f21-bcb5-519cc1666fac.JPG
Threat Actors: A K U L A v 2 . 2
Victim Country: UAE
Victim Industry: Manufacturing
Victim Organization: universal lubricants
Victim Site: unilube.ae
Alleged leak of login credentials to host33.server.ae
Category: Data Breach
Content: The group claims to have leaked login credentials to host33.server.ae
Date: 2026-02-04T15:37:57Z
Network: telegram
Published URL: https://t.me/c/1943303299/1049806
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1add9fd7-d2c2-4897-99dc-a342242aad12.png
Threat Actors: A K U L A v 2 . 2
Victim Country: UAE
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: host33.server.ae
Alleged leak of login credentials to Al Madina Hypermarket
Category: Data Breach
Content: The group claims to have leaked login credentials to Al Madina Hypermarket
Date: 2026-02-04T15:34:44Z
Network: telegram
Published URL: https://t.me/c/1943303299/1050214
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6d2b94eb-35ff-4f62-b669-ebe5a27c64ce.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: UAE
Victim Industry: Supermarkets
Victim Organization: al madina hypermarket
Victim Site: almadinahypermarket.ae
Alleged sale of U.S. driver’s license and insurance data
Category: Data Breach
Content: The threat actor claims to be selling U.S. driver’s license and insurance data.
Date: 2026-02-04T14:58:28Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-SELLING-USA-DL-INSURANCE-DOCS
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8617df6a-df54-4d43-aa76-0ba828f5435f.png
Threat Actors: Dumbledorre
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of WordPress admin access to an unidentified website in Spain
Category: Initial Access
Content: The threat actor claims to be selling WordPress admin access to an unidentified Spain-based website. The offering allegedly includes full administrative privileges and claims the site processed approximately 17,612 credit card orders in the past 90 days.
Date: 2026-02-04T14:36:45Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275207/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a437a8d6-792c-452b-894b-3400d628c43b.png
Threat Actors: cosmodrome
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of BRELA Tanzania
Category: Data Breach
Content: The threat actor claims to be selling 10.2 million BRELA Tanzania records, allegedly containing IDs, TIN numbers, full names, TIN types, national IDs, incorporation numbers, mobile phone numbers, email addresses, passport numbers, PO boxes, tracking numbers, postal cities, and more.
Date: 2026-02-04T14:30:35Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-SELLING-Brela-go-tz-10-2M
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6127d9dd-65c8-4bd2-8554-24945b572f53.png
https://d34iuop8pidsy8.cloudfront.net/c32fe414-f618-4723-9708-515b804c8717.png
https://d34iuop8pidsy8.cloudfront.net/c5bec353-a507-49b8-bc2c-32594093fdf3.png
https://d34iuop8pidsy8.cloudfront.net/6dc007b8-e364-4c15-b1a1-511bbd50494b.png
https://d34iuop8pidsy8.cloudfront.net/253a68f0-2d68-4b37-acb2-c94ced2be7ec.png
https://d34iuop8pidsy8.cloudfront.net/aa80e8aa-72c5-4840-a560-47fb877dd26c.png
Threat Actors: Spirigatito
Victim Country: Tanzania
Victim Industry: Government Administration
Victim Organization: brela tanzania
Victim Site: brela.go.tz
Alleged leak of login credentials to Tuwaiq Academy
Category: Data Breach
Content: The group claims to have leaked login credentials to Tuwaiq Academy
Date: 2026-02-04T14:29:42Z
Network: telegram
Published URL: https://t.me/c/1943303299/1048481
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4718d6e6-233e-46db-b4ac-4bc72bf8dfcc.JPG
Threat Actors: A K U L A v 2 . 2
Victim Country: Saudi Arabia
Victim Industry: Education
Victim Organization: tuwaiq academy
Victim Site: tuwaiq.edu.sa
Alleged leak of login credentials from gob.ve
Category: Data Breach
Content: Group claims to have leaked login credentials from gob.ve.
Date: 2026-02-04T14:20:43Z
Network: telegram
Published URL: https://t.me/c/2451084701/534461
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8977d636-ca9c-4d77-bfb5-e5a6caa37cb6.png
Threat Actors: Buscador
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: gob.ve
Alleged data breach of U.S. Navy
Category: Data Breach
Content: The threat actor claims to have breached data from the U.S. Navy, allegedly containing USN naval work center designs, electrical designs, runway designs, lighting installation details, and more.
Date: 2026-02-04T14:20:30Z
Network: tor
Published URL: https://breachedmw4otc2lhx7nqe4wyxfhpvy32ooz26opvqkmmrbg73c7ooad.onion//Thread-USN-NAVY-DEISGNPRINT-Electrical-installation-blue-print-etc–186773
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a3172aaf-c132-42d2-a501-8736e83ea4f6.png
Threat Actors: chris321
Victim Country: USA
Victim Industry: Government Administration
Victim Organization: u.s. navy
Victim Site: navy.mil
Alleged leak of login credentials from h-erp.co.il
Category: Data Breach
Content: Group claims to have leaked login credentials from h-erp.co.il.
Date: 2026-02-04T14:10:19Z
Network: telegram
Published URL: https://t.me/c/2451084701/535075
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/92ade1ac-e6da-44aa-b360-a014a2e76ea5.png
Threat Actors: Buscador
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: h-erp.co.il
Alleged Unauthorized Access to an unidentified wastewater treatment plant in Australia
Category: Initial Access
Content: The group claims to have gained alleged unauthorized access to the water treatment and dosing control system at a small wastewater treatment plant in Australia
Date: 2026-02-04T14:07:22Z
Network: telegram
Published URL: https://t.me/zpentestalliance/1043
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e6df6479-9992-42c2-8880-e190e896f123.JPG
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged service disruption affecting NOVLINE
Category: Cyber Attack
Content: The group claims responsibility for disrupting services at Eurocontact VN LLC (NOVLINE).
Date: 2026-02-04T13:29:46Z
Network: telegram
Published URL: https://t.me/itarmyofukraine2022/3601
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/eb45269a-56d3-4ff9-b155-1af811313d6a.png
https://d34iuop8pidsy8.cloudfront.net/102c0a22-679d-46cd-aaf5-dc697fbe1e82.png
Threat Actors: IT ARMY of Ukraine
Victim Country: Russia
Victim Industry: Network & Telecommunications
Victim Organization: novline
Victim Site: novline.ru
Z-SH4D0WSPEECH targets the website of Age Concepts International Private Limited
Category: Defacement
Content: The group claims to have defaced the website of Age Concepts International Private Limited.
Date: 2026-02-04T13:25:10Z
Network: telegram
Published URL: https://t.me/c/2552217515/216
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/efde89f0-bd6b-4c47-9b1e-a430116f3eb7.png
Threat Actors: Z-SH4D0WSPEECH
Victim Country: India
Victim Industry: Hospital & Health Care
Victim Organization: age concepts international private limited
Victim Site: ageconceptsinternationale.com
Z-SH4DOWSPEECH targets the website of Love Beri
Category: Defacement
Content: The group claims to have defaced the website of Love Beri
Date: 2026-02-04T13:07:42Z
Network: telegram
Published URL: https://t.me/c/2552217515/216
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/452beb02-a183-43f8-b269-a98fcd12d941.png
Threat Actors: Z-SH4DOWSPEECH
Victim Country: India
Victim Industry: Food Production
Victim Organization: love beri
Victim Site: loveberi.com
Z-SH4D0WSPEECH targets the website of Age Concepts Internationale Private Limited
Category: Defacement
Content: The group claims to have defaced the website of Age Concepts Internationale Private Limited.
Date: 2026-02-04T13:01:51Z
Network: telegram
Published URL: https://t.me/c/2552217515/216
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bf5c92fd-0536-426b-8350-e17232b0243f.png
Threat Actors: Z-SH4D0WSPEECH
Victim Country: India
Victim Industry: E-commerce & Online Stores
Victim Organization: age concepts internationale private limited
Victim Site: ageconceptshop.com
Z-SH4DOWSPEECH targets the website of HS Events and Entertainment
Category: Defacement
Content: The group claims to have defaced the website of HS Events and Entertainment
Date: 2026-02-04T13:01:34Z
Network: telegram
Published URL: https://t.me/c/2552217515/216
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/361c904e-3ddd-467a-8af1-163c88006134.png
Threat Actors: Z-SH4DOWSPEECH
Victim Country: India
Victim Industry: Events Services
Victim Organization: hs events and entertainment
Victim Site: hseventsandentertainment.com
Z-SH4DOWSPEECH targets the website of thepanditjee.com
Category: Defacement
Content: The group claims to have defaced the website of ageconceptshop.com
Date: 2026-02-04T13:00:45Z
Network: telegram
Published URL: https://t.me/c/2552217515/216
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8f0b984c-5ea1-48e9-a6e0-156613adcdc7.png
Threat Actors: Z-SH4DOWSPEECH
Victim Country: India
Victim Industry: Individual & Family Services
Victim Organization: thepanditjee.com
Victim Site: thepanditjee.com
Alleged leak of twitter account affiliated with the Iranian terrorist organization
Category: Data Breach
Content: The group claims to have leaked 4K Twitter accounts affiliated with the Iranian Mojahedin-e Khalq terrorist organization along with some information.
Date: 2026-02-04T12:49:37Z
Network: telegram
Published URL: https://t.me/stgho3tV/186
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e503cda4-2021-421a-ad5b-a4ce09ff9714.jpg
Threat Actors: STGHO3T
Victim Country: Iran
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Z-SH4DOWSPEECH targets the website of Morse Code Films
Category: Defacement
Content: The group claims to have defaced the website of Morse Code Films
Date: 2026-02-04T12:46:21Z
Network: telegram
Published URL: https://t.me/c/2552217515/216
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5199ba74-a1d9-4e86-aa18-265505ed5f8e.png
Threat Actors: Z-SH4DOWSPEECH
Victim Country: India
Victim Industry: Motion Pictures & Film
Victim Organization: morse code films
Victim Site: morsecodefilms.com
Alleged sale of access to 150 unidentified PrestaShop systems.
Category: Data Breach
Content: The threat actor claims to be selling access to 149 PrestaShop sites allegedly vulnerable to SQL injection, primarily affecting domains in Spain, Poland, and other European countries.
Date: 2026-02-04T12:41:30Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275193/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1863c879-0704-4181-8d80-781c6bcc13d1.png
Threat Actors: duffyduck11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Rici144 targets the website of Sharjah Education Academy
Category: Defacement
Content: The group claims to have defaced the organizations website.
Date: 2026-02-04T12:34:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/787541
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/081953f5-f2b3-4ca6-94df-4d5283ec6acf.png
Threat Actors: Rici144
Victim Country: UAE
Victim Industry: Education
Victim Organization: sharjah education academy
Victim Site: review.sis.sea.ac.ae
Alleged sale of unauthorized access to an unidentified shop in USA
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified shop in USA.
Date: 2026-02-04T12:34:24Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275187/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bff9973c-257f-4990-a05d-764d70ca3d48.png
Threat Actors: CMPunk
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Cyber Attack hits Powertech Industrial Co., Ltd.
Category: Cyber Attack
Content: POWERTECH Industrial Co., Ltd., a Taiwan-based company, disclosed on 3 February 2026 that it experienced a cyberattack impacting part of its information systems. According to the company’s announcement, the incident did not result in any material impact on business operations or personal data. Upon detection, the company activated its cybersecurity defense and recovery mechanisms, engaged external cybersecurity firms to assist with investigation and remediation, and reported the incident to relevant authorities in accordance with regulatory requirements. At the time of reporting, system restoration efforts were ongoing, and the company stated it would continue strengthening its network and information security controls to enhance resilience against future threats.
Date: 2026-02-04T12:18:31Z
Network: openweb
Published URL: https://emops.twse.com.tw/server-java/t05sr01_1_e?&isNew=Y&seq_no=1&spoke_time=164117&spoke_date=20260203&co_id=3296
Screenshots:
None
Threat Actors: Unknown
Victim Country: Taiwan
Victim Industry: Electrical & Electronic Manufacturing
Victim Organization: powertech industrial co., ltd.
Victim Site: power-tech.com.tw
Alleged Sale of 100K United Kingdom MailPass Combo List
Category: Combo List
Content: The threat actor claims to be selling a database containing 100,000 United Kingdom email and password combinations.
Date: 2026-02-04T12:17:31Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275194/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0f4df03e-dcb5-4309-828f-f46762cac7a8.png
Threat Actors: Domainstore
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Salahaddin University-Erbil
Category: Data Breach
Content: The group claims to be defaced and leaked data belongs to Salahaddin University-Erbil. The compromised dataset includes administrator accounts, faculty accounts, student information from 2011 to 2025, and other data.
Date: 2026-02-04T11:35:20Z
Network: telegram
Published URL: https://t.me/infinitena/288
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d8ace735-2000-4d68-9953-6ffc0d1e86ae.jpg
https://d34iuop8pidsy8.cloudfront.net/d951f9c4-518d-49ce-843d-cbadc9d490c0.jpg
Threat Actors: Infinite International
Victim Country: Iraq
Victim Industry: Education
Victim Organization: salahaddin university-erbil
Victim Site: academics.su.edu.krd
Alleged unauthorized access to an unidentified cctv cameras in Italy
Category: Initial Access
Content: The group claims to have gained unauthorized access to an unidentified cctv cameras in Italy.
Date: 2026-02-04T11:30:48Z
Network: telegram
Published URL: https://t.me/c/2787466017/2011
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f4654bf1-8e46-47ec-a67e-86f9d539391b.jpg
Threat Actors: NoName057(16)
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
DEFACER INDONESIAN TEAM targets the website of Reprise Software
Category: Defacement
Content: The group claims to have defaced the website of Reprise Software
Date: 2026-02-04T11:03:58Z
Network: telegram
Published URL: https://t.me/c/2433981896/851
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6253603a-1877-402c-97b1-59831f99acf2.JPG
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: USA
Victim Industry: Software
Victim Organization: reprise software
Victim Site: new.reprisesoftware.com
Alleged unauthorized access to Villa Lara
Category: Initial Access
Content: The threat actor claims to have gained full remote access to the automated control systems of Villa L’Erta in Capri, Italy, allegedly enabling control over ventilation, lighting, irrigation, and water supply infrastructure through a SCADA-based platform.
Date: 2026-02-04T10:39:32Z
Network: telegram
Published URL: https://t.me/c/2787466017/2009
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c831d081-d941-44a5-8f52-b95ef7cc7837.png
https://d34iuop8pidsy8.cloudfront.net/86c7e692-a0b5-42be-b991-894492cdc6f7.png
Threat Actors: NoName057(16)
Victim Country: Italy
Victim Industry: Hospitality & Tourism
Victim Organization: villa lara
Victim Site: villalaracapri.com
Alleged data leak of Phonesack Xekong Power Station
Category: Data Breach
Content: The threat actor claims to be selling internal project documents related to the Xekong 1800 MW power plant, allegedly originating from Phonesack Group. The dataset is approximately 4 GB across 81 files and includes EPC contracts, technical specifications, progress reports (2020–2021), transmission line studies, engineering drawings, and official correspondence with EDC.
Date: 2026-02-04T10:10:33Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275184/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c7eeb752-4d95-43f4-b38e-d9e31a110515.png
Threat Actors: zestix
Victim Country: Laos
Victim Industry: Energy & Utilities
Victim Organization: phonesack group
Victim Site: phonesackgroup.com
Suffer Dimension Official claims to target Nebius Israel Ltd
Category: Cyber Attack
Content: A recent post by the group indicates that they hacked the website of Nebius Israel Ltd.
Date: 2026-02-04T08:24:14Z
Network: telegram
Published URL: https://t.me/SufferDimension/50
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/67640021-ca7c-4b9b-88f1-dcf0aacb9ed6.jpg
Threat Actors: Suffer Dimension Official
Victim Country: Israel
Victim Industry: Information Technology (IT) Services
Victim Organization: nebius israel ltd
Victim Site: Unknown
Z-BL4CX-H4T.ID targets the website of Hung Thinh Mechanical
Category: Defacement
Content: The group claims to have defaced the website of Hung Thinh Mechanical
Date: 2026-02-04T07:38:54Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/57
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/62b5c0e2-0162-4925-80e0-bb5422692630.JPG
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: Vietnam
Victim Industry: Manufacturing
Victim Organization: hung thinh mechanical
Victim Site: cokhihungthinh.vn
Z-BL4CX-H4T.ID targets the website of Harlequin Infrastructures Developers
Category: Defacement
Content: The group claims to have defaced the website of Harlequin Infrastructures Developers
Date: 2026-02-04T05:48:32Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/56
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/41bb41fe-c89d-4f10-8697-eb6579588e36.png
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: India
Victim Industry: Real Estate
Victim Organization: harlequin infrastructures developers
Victim Site: harlequindevelopers.com
Z-BL4CX-H4T.ID targets the website of Hotel Palm Beach Pride
Category: Defacement
Content: The group claims to have defaced the website of Hotel Palm Beach Pride
Date: 2026-02-04T05:43:28Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/56
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cf83e169-ffc1-4a75-b9a0-b586cfffc770.png
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: India
Victim Industry: Hospitality & Tourism
Victim Organization: hotel palm beach pride
Victim Site: hotelpalmbeachpride.com
Alleged leak of login credentials to Kirkuk Governorate
Category: Data Breach
Content: The group claims to have leaked login credentials to Kirkuk Governorate
Date: 2026-02-04T05:42:39Z
Network: telegram
Published URL: https://t.me/c/1943303299/1049168
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/770c576b-c3a9-4053-886a-2b8677e8c36f.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Iraq
Victim Industry: Government Administration
Victim Organization: kirkuk governorate
Victim Site: kirkuk.gov.iq
Alleged Data Breach of Targa Resources
Category: Data Breach
Content: A threat actor claims to have breached an estate planning–related database containing 82,000 US records. The exposed data allegedly includes full names, emails, phone numbers, addresses, and detailed financial, banking, and cryptocurrency asset information.NB: Authenticity of claim is yet to be verified
Date: 2026-02-04T05:37:46Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275174/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b7c60862-7e5f-46d6-8807-3d6ae56673d8.png
Threat Actors: fastuser123
Victim Country: USA
Victim Industry: Oil & Gas
Victim Organization: targa resources
Victim Site: targaresources.com
Z-BL4CX-H4T.ID targets the website of Hs buy and sell
Category: Defacement
Content: The group claims to have defaced the website of Hs buy and sell.
Date: 2026-02-04T05:36:51Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/56
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/aa62beae-4fe9-412c-8139-311590188c23.png
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: India
Victim Industry: Real Estate
Victim Organization: hs buy and sell
Victim Site: hsbuyandsell.com
Alleged data breach of Suno
Category: Data Breach
Content: The threat actor claims to have leaked data of 60M from Suno, allegedly Users data includes ID, phone numbers, emails, and registration dates information.
Date: 2026-02-04T05:33:55Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-Suno-com-database-60M-source-code
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1916bbbd-2a6c-4d53-b66b-917bf5a185b2.png
Threat Actors: sumosumo
Victim Country: USA
Victim Industry: Music
Victim Organization: suno
Victim Site: suno.com
Alleged sale of RustDesk ID checker and brute-force tool
Category: Malware
Content: Threat actor claims to be selling a Rustdesk ID checker and brute-force tool.
Date: 2026-02-04T05:33:40Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275173/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/01805f32-7182-4f4e-8480-f4f9c17e8796.png
Threat Actors: privisnanet
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Z-BL4CX-H4T.ID targets the website of mehulatha
Category: Defacement
Content: The group claims to have defaced the website of mehulatha
Date: 2026-02-04T05:26:30Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/56
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4592ce10-63da-43dc-b5a1-f8d8caf1f061.png
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: mehulatha
Victim Site: mehulatha.com
Z-BL4CX-H4T.ID targets the website of Hs profix
Category: Defacement
Content: The group claims to have defaced the website of Hs profix.
Date: 2026-02-04T05:18:53Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/56
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/51774272-22d3-4ef4-b0d4-fd0230a4d1b2.png
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: India
Victim Industry: Facilities Services
Victim Organization: hs profix
Victim Site: hsprofix.com
Alleged Data Breach of TEXAS REALTORS
Category: Data Breach
Content: Threat actor claims to have breached a database containing approximately 95,000 Texas-based realtors. The exposed data allegedly includes full names, email addresses, and mobile phone numbers. The breach is linked to texasrealestate.com and is based solely on the actor’s claims, with no independent verification.
Date: 2026-02-04T05:14:47Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275175/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8686e458-3a89-4d7a-88aa-8080fe476d3d.png
Threat Actors: fastuser123
Victim Country: USA
Victim Industry: Real Estate
Victim Organization: texas realtors
Victim Site: texasrealestate.com
Alleged sale of 340 CC from USA
Category: Data Breach
Content: Threat actor claims to be selling 340 USA credit card records (CC, CVV). The seller states a 70% live rate based on random checks. Sample data includes card details with associated personal information.
Date: 2026-02-04T05:11:40Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275177/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/75576223-49ee-4a45-9d55-a0ecbdd94490.png
https://d34iuop8pidsy8.cloudfront.net/6a290f36-a6dc-4191-97f4-cfee8cdf2d07.png
Threat Actors: cryptoday
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of valid RDWeb access credentials
Category: Initial Access
Content: Threat actor claims to be selling a dataset of 150 valid RDWeb access credentials allegedly collected from log files. The credentials are advertised as checked and validated, with duplicates removed, and reportedly span multiple countries.
Date: 2026-02-04T05:09:02Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275167/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e6d8276d-b3fb-47f0-af96-09507d52754d.png
Threat Actors: Tamburino
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Sklep Naturalna Medycyna
Category: Data Breach
Content: The threat actor claims to have leaked data of 100K from Sklep Naturalna Medycyna, allegedly Customer data includes Customer Identification (ID), Name, Email, Phone, Password, Country , Website, Address and City information.
Date: 2026-02-04T05:04:54Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-Poland-Database-sklep-naturalna-medycyna-com-pl-100K
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/281064e0-de5f-4e54-bf2b-a13429543808.png
Threat Actors: Robert2025
Victim Country: Poland
Victim Industry: E-commerce & Online Stores
Victim Organization: sklep naturalna medycyna
Victim Site: sklep-naturalna-medycyna.com.pl
Alleged sale of 24 million Indian private leads
Category: Data Breach
Content: Threat actor claims to be selling 24 million private leads from India allegedly collected from advertising campaigns. The compromised data reportedly includes client name, phone number, personal email, and country.
Date: 2026-02-04T05:03:27Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275118/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9215f46e-9671-4109-9327-c043b2425b4c.png
Threat Actors: betway
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Z-BL4CX-H4T.ID targets the website of lilashiping
Category: Defacement
Content: The group claims to have defaced the website of lilashiping
Date: 2026-02-04T05:00:07Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/56
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8d574606-52f3-40ae-a108-bcb80270ef7b.png
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: lilashiping
Victim Site: lilashiping.com
Alleged sale of valid Fortinet VPN credentials
Category: Initial Access
Content: Threat actor claims to be selling a dataset of 500 valid Fortinet (FortiGate) remote access credentials allegedly collected from log files. The credentials are advertised as checked and validated, with duplicates removed, and reportedly cover multiple countries.
Date: 2026-02-04T04:59:27Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275166/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/38bbfd86-86df-423a-8e90-06b4c8474c6d.png
Threat Actors: Tamburino
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Z-BL4CX-H4T.ID targets the website of Mandar Garden Banquets
Category: Defacement
Content: The group claims to have defaced the website of Mandar Garden Banquets
Date: 2026-02-04T04:55:04Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/56
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/be90a6a1-15b0-44ad-997e-2e0698425232.png
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: India
Victim Industry: Events Services
Victim Organization: mandar garden banquets
Victim Site: mandargardenbanquets.com
Z-BL4CX-H4T.ID targets the website of mhiapsmiphacon2026
Category: Defacement
Content: The group claims to have defaced the website of mhiapsmiphacon2026
Date: 2026-02-04T04:34:03Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/56
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5f65a77c-f203-4e37-beee-48f8d190d48e.png
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: mhiapsmiphacon2026
Victim Site: mhiapsmiphacon2026.com
Alleged sale of 300 credit card records
Category: Data Breach
Content: Threat actor claims to be selling 300 credit card records from USA.
Date: 2026-02-04T04:14:48Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275102/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3cf72dc8-d0a7-45df-8837-09e8019b97b1.png
https://d34iuop8pidsy8.cloudfront.net/a87f0c77-7991-4fdc-bea8-7176892b9b8e.png
Threat Actors: corptoday
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Z-BL4CX-H4T.ID targets the website of Panditvbhattastrocenter
Category: Defacement
Content: The group claims to have defaced the website of Panditvbhattastrocenter.
Date: 2026-02-04T04:14:21Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/56
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/58461518-ad38-4070-a363-6b2ddd9fce15.png
https://d34iuop8pidsy8.cloudfront.net/99bfdc96-edcb-47e0-af84-f14b73a68875.png
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: India
Victim Industry: Other Industry
Victim Organization: panditvbhattastrocenter
Victim Site: panditvbhattastrocenter.com
Alleged data breach of Harvard University
Category: Data Breach
Content: Threat actor claims to have leaked 1.1 GB containing Personally Identifiable Information (PII) and Donation Data from Harvard University.
Date: 2026-02-04T03:59:29Z
Network: tor
Published URL: http://toolatedhs5dtr2pv6h5kdraneak5gs3sxrecqhoufc5e45edior7mqd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/603ea1b5-8540-410e-bf1c-42bb8ec50c44.png
Threat Actors: ShinyHunters
Victim Country: USA
Victim Industry: Education
Victim Organization: harvard university
Victim Site: harvard.edu
Alleged data breach of University of Pennsylvania
Category: Data Breach
Content: Threat actor claims to have leaked 483M GB containing Personally Identifiable Information (PII) and Donation Data from University of Pennsylvania.
Date: 2026-02-04T03:48:23Z
Network: tor
Published URL: http://toolatedhs5dtr2pv6h5kdraneak5gs3sxrecqhoufc5e45edior7mqd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e8b30d2b-8847-4ed3-8b5b-a59cb08ae852.png
Threat Actors: ShinyHunters
Victim Country: USA
Victim Industry: Education
Victim Organization: university of pennsylvania
Victim Site: upenn.edu
Alleged Data Breach of Kementerian Kesehatan Republik Indonesia
Category: Data Breach
Content: The threat actor claims to have leaked data from Kementerian Kesehatan Republik Indonesia. The Compromised data reportedly contain 4 million Workers and User records including Full name, Date and place of birth, NIK (national ID number), Registration and professional IDs, STR number and registration sequence numberNote: This Organization was previously breached on June 2025
Date: 2026-02-04T03:40:39Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-Free-4M-Workers-and-User-Database-Ministry-Of-Health-fresh-dump
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/317b46a1-2b99-4b52-95d1-a7b97e25ca30.png
https://d34iuop8pidsy8.cloudfront.net/57ef091f-4edf-4a2f-b059-c0ab75cce440.png
Threat Actors: Petrusnism
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: kementerian kesehatan republik indonesia
Victim Site: kemkes.go.id
Z-BL4CX-H4T.ID targets the website of neelamdental.com
Category: Defacement
Content: The group claims to have defaced the website of neelamdental.com.
Date: 2026-02-04T03:38:04Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/56
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ead87199-9b55-4046-b7d5-b82a60f25a5d.png
https://d34iuop8pidsy8.cloudfront.net/156e57f9-902e-493a-b44a-f000eba6aee4.png
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: neelamdental
Victim Site: neelamdental.com
Z-BL4CX-H4T.ID targets the website of novolightae.com
Category: Defacement
Content: The group claims to have defaced the website of novolightae.com.
Date: 2026-02-04T03:30:06Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/56
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/78cff38e-875c-4b00-9f66-f42b1690c279.png
https://d34iuop8pidsy8.cloudfront.net/437130c9-a3c8-4b07-8031-7b7373f4a48b.png
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: novolightae
Victim Site: novolightae.com
Alleged leak of login credentials to The Administrative Court
Category: Initial Access
Content: The group claims to have gained login credential to The Administrative Court
Date: 2026-02-04T03:22:08Z
Network: telegram
Published URL: https://t.me/nxbbsec/4953
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8c503423-1dc5-41e3-917a-d8f1984f7fc5.png
Threat Actors: NXBB.SEC
Victim Country: Thailand
Victim Industry: Judiciary
Victim Organization: the administrative court
Victim Site: livenews.admincourt.go.th
Alleged Data Breach of Universidad Autónoma de Sinaloa
Category: Data Breach
Content: The threat actor claims to be leaked data from Universidad Autónoma de Sinaloa. The compromised data reportedly contain 55,566 students records and 12,418 professors records including student and professor information such as names, Mexican national ID (CURP), email addresses, phone numbers, academic terms, campus and program details, home addresses
Date: 2026-02-04T03:19:39Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-Mexico-Universidad-Autonoma-de-Sinaloa-UAS-67-984-entries
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/80711e04-4bc1-48b0-8125-b1b5fe1ec3f2.png
https://d34iuop8pidsy8.cloudfront.net/83002f2a-f289-4970-88ec-286cbee04518.png
Threat Actors: Straightonumberone
Victim Country: Mexico
Victim Industry: Higher Education/Acadamia
Victim Organization: universidad autónoma de sinaloa
Victim Site: uas.edu.mx
Alleged leak of login credentials to Ministry of Foreign Affairs
Category: Data Breach
Content: The group claims to have leaked login credentials to Ministry of Foreign Affairs
Date: 2026-02-04T02:48:58Z
Network: telegram
Published URL: https://t.me/c/1943303299/1049341
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1fa7984d-4ef6-4a11-9c02-f2456b6994b5.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Iran
Victim Industry: Government Administration
Victim Organization: ministry of foreign affairs
Victim Site: mfa.gov.ir
Alleged data breach of Productos QP
Category: Data Breach
Content: The threat actor claims to have leaked data from Productos QP, allegedly user data includes Identification Number (ID), Name, Email, Phone, Postal Code, Country State/Province, Address and City information.
Date: 2026-02-04T02:43:05Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-%E2%AD%90SPAIN%E2%AD%90-productosqp-com-DATABASE-FULL-ACCESS
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/65aa8a4a-bece-4abc-b09f-20ead8d1c333.png
Threat Actors: blackhunter1
Victim Country: Spain
Victim Industry: Manufacturing
Victim Organization: productos qp
Victim Site: productosqp.com
Alleged data breach of Agilent Technologies
Category: Data Breach
Content: The group claims to have breached 30GB of data from Agilent Technologies.
Date: 2026-02-04T02:40:13Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3565
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/66d6d42c-01c6-4615-a5e6-efa3a1276fbb.png
https://d34iuop8pidsy8.cloudfront.net/8b899578-6e80-4e0f-a532-e42e9e5d3ba8.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: USA
Victim Industry: Biotechnology
Victim Organization: agilent technologies
Victim Site: agilent.com
HMEI7 targets the website of Transportes Mina
Category: Defacement
Content: The group claims to have defaced the website of Transportes Mina
Date: 2026-02-04T02:07:57Z
Network: telegram
Published URL: https://t.me/c/2412030007/2090
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/66839886-a702-4cbe-ab26-4ae7d2e76d4e.png
Threat Actors: HMEI7
Victim Country: Mexico
Victim Industry: Transportation & Logistics
Victim Organization: transportes mina
Victim Site: transportesmina.com.mx
HMEI7 targets the website of Kennwei
Category: Defacement
Content: The group claims to have defaced the website of Kennwei
Date: 2026-02-04T01:23:13Z
Network: telegram
Published URL: https://t.me/c/2412030007/2088
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f0a49354-4a8e-4809-a9c6-7a9fed3db749.png
Threat Actors: HMEI7
Victim Country: China
Victim Industry: Unknown
Victim Organization: kennwei
Victim Site: kennwei.com
DEFACER INDONESIAN TEAM targets the website of Dinas Perikanan Daerah Kabupaten Tapanuli Selatan
Category: Defacement
Content: The group claims to have defaced the website of Dinas Perikanan Daerah Kabupaten Tapanuli Selatan
Date: 2026-02-04T01:21:36Z
Network: telegram
Published URL: https://t.me/c/2433981896/841
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e5351713-b206-4f11-9711-7486716d6381.png
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: dinas perikanan daerah kabupaten tapanuli selatan
Victim Site: sibiola.perikanan.tapselkab.go.id
Alleged leak of login credentials to International Islamic Bank
Category: Data Breach
Content: The group claims to have leaked login credentials to International Islamic Bank
Date: 2026-02-04T00:06:34Z
Network: telegram
Published URL: https://t.me/c/1943303299/1048879
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a4e10c9c-50eb-454d-8fa8-2f279b54f495.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Iraq
Victim Industry: Financial Services
Victim Organization: international islamic bank
Victim Site: imtb.iq