[February-6-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This report analyzes a significant surge in cyber threat activity observed over a 24-hour period centering on February 6, 2026. The provided intelligence details 98 distinct cybersecurity incidents, ranging from high-volume data breaches and unauthorized access sales to website defacements and malware distribution.

The threat landscape for this period is characterized by massive-scale data exposure, with threat actors claiming to sell or leak databases containing billions of records combined. Notable incidents include an alleged leak of 2.7 billion U.S. Social Security records, a 105 million record breach of Indonesia’s General Elections Commission, and significant compromises of financial and government data across multiple continents.

Key trends identified in this report include:

Mega-Breaches: The emergence of “wild” data dumps involving tens to hundreds of millions of records (PayPal, Coupang, Endesa, Peru’s RENIEC).
Targeted Credential Theft: A concentrated campaign by the threat actor “A K U L A v 2” targeting government and infrastructure entities in the Middle East, particularly Iran and Iraq.
Hactivist Defacement: Widespread defacement campaigns by groups such as “BABAYO EROR SYSTEM” and “Nicotine,” primarily targeting small-to-medium businesses in India and the UAE.
Critical Infrastructure Threats: Alarming claims of access to hydroelectric power plants in France and industrial control systems in Italy.

The following sections provide a detailed breakdown of these events, categorized by threat type, industry, and actor attribution.

2. Statistical Overview and Threat Landscape

The dataset indicates a highly active threat environment. The incidents can be broadly categorized into Data Breaches, Defacements, Initial Access Sales, and Malware/Tools.

2.1 Incident Categories

Data Breaches: Represents the majority of high-impact events. These involve the exfiltration and subsequent sale or leaking of sensitive user data (PII), financial records, and internal documents.
Defacements: High-volume, low-sophistication attacks where website content is replaced with the attacker’s messaging. These were primarily focused on the hospitality, tourism, and retail sectors.
Initial Access: A critical category involving the sale of remote access (RDP, VPN, Shell) to corporate networks. These pose the highest risk for follow-on ransomware attacks.
Malware: Sales of loaders and generators, indicating a thriving underground economy for cybercrime tools.

2.2 Geographical Distribution

The victims are distributed globally, with significant concentrations in:

Middle East: Iran (Government, Metro, Oil & Gas), Israel, UAE, Saudi Arabia, Yemen, Iraq.
Asia: Indonesia, India (heavy defacement activity), South Korea, Vietnam.
Americas: USA (massive data leaks), Argentina, Canada, Peru, Paraguay.
Europe: France (Gov, Energy), Italy, Spain, Russia, Ukraine, Switzerland, Czech Republic.

3. Major Data Breaches (“Mega-Leaks”)

This period witnessed claims of data exposure on a massive scale. These incidents represent the highest systemic risk due to the volume of Personally Identifiable Information (PII) involved.

3.1 United States

The most severe claim involves the alleged leak of 2.7 billion U.S. Social Security Number (SSN) records by threat actor Pijush510 . If verified, this would represent a catastrophic failure of data privacy, potentially affecting nearly every US citizen .

Additionally, the threat actor Wildpistol was highly active, listing a PayPal USA dataset containing approximately 89 million records . This actor also claimed to sell data on Chinese overseas individuals residing in the USA, comprising 3 million records . In the corporate sector, threat actor exo claimed a breach of Match.com affecting 196,000 users , and a breach of Yum! Brands involving thousands of lines of internal data . Flickr also disclosed a potential breach due to a third-party misconfiguration .

3.2 South America

In Peru, a massive breach of the Registro Nacional de Identificación y Estado Civil (RENIEC) was reported by threat actor Tanaka. This dataset allegedly contains 31 million records—effectively the entire national citizen registry—including ID numbers and birth dates .

Argentina faced multiple incidents, including a leak from the Undersecretariat of Public Management and Employment involving nearly 20,000 photo records , and unauthorized webmail access to the Argentine Air Force . In Paraguay, the Comptroller General of the Republic suffered a breach of 340,000 records containing sensitive ID and academic data .

3.3 Asia and Oceania

Indonesia remains a primary target. Threat actor SN1F claimed to sell a database from the Komisi Pemilihan Umum (KPU)—the General Elections Commission—containing 105 million records, including National ID (NIK) and Family Card (KK) numbers . Another actor, 1LH4MZXSEC, leaked business data related to UMK .

In South Korea, threat actor Wildpistol listed a database from e-commerce giant Coupang containing 33.1 million records, including order details and device fingerprints . In Australia, accounting firms The Kalculators and Synkli were targeted, with 70,000 consumer records exposed, including Tax File Numbers (TFN) .

3.4 Europe

Spain faced significant exposure with threat actor Wildpistol selling an Endesa database (20 million records) and a separate IBAN database containing 18 million financial records .

In France, breaches impacted local government and transport. The Préfecture d’Indre-et-Loire saw internal administrative data leaked , and the Mairie de Paris (City Hall) allegedly had 320,000 records exposed . A notable breach also targeted Air France, exposing 2 million customer records .

Russia was targeted with the sale of a food and restaurant database containing 2 million records and an alleged leak of government data .

4. Critical Infrastructure and Government Sector Analysis

A disturbing trend in this dataset is the high frequency of attacks against government bodies and critical infrastructure providers.

4.1 The “A K U L A v 2” Campaign

The threat actor A K U L A v 2 executed a pervasive campaign of credential theft targeting the Middle East. This actor leaked login credentials for:

Iran: Tehran Municipality , Tehran Metro , Research Institute of Petroleum Industry (RIPI) , and the Government of the Islamic Republic of Iran .
Saudi Arabia: Ministry of Finance .
Yemen: Central Bank of Yemen .
Iraq: Central Bank of Iraq and University of Basrah .

This coordinated effort suggests a focus on destabilizing or exposing state-run services in the region.

4.2 Industrial Control Systems (ICS) and Energy

The most operationally dangerous claims involve physical systems. The group Z-PENTEST ALLIANCE claimed unauthorized access to a hydroelectric power plant control system in France, stating they disrupted turbine controls and triggered alarms . The same group claimed access to a smart home control system in Italy, gaining control over heating and valves .

Additionally, Saturned33 offered RDP access to an industrial organization in the Czech Republic with Domain Admin privileges , and LOURS FOR OIL AND GAS SERVICES in Algeria suffered a credential leak .

4.3 Military and Law Enforcement

Beyond the Argentine Air Force breach mentioned earlier, the Russian Legion group announced targeting operations against Denmark .

5. Financial Sector and Cryptocurrency

The financial sector remains a lucrative target for data theft.

Banking: Credentials for the Central Bank of Yemen and Central Bank of Iraq were leaked. In Yemen, Tadhamon Bank was also compromised .
Cryptocurrency: Wildpistol listed massive datasets for Coinbase (16.3 million records) , KuCoin (23 million records) , and a “Big Crypto Data Bundle” including Robinhood and Gemini user data .
Credit Cards: Multiple actors sold credit card “sniffing” logs. Spacer sold 80 logs from the UK , and litem sold 200 records from Canada .

6. Website Defacement Campaigns

A wave of website defacements occurred, characterized by political or reputational vandalism.

BABAYO EROR SYSTEM: This group was highly active, targeting targets in India (Hotel Myst, Hotel Gokul Raj, Kashmir Nippon Tours) , Indonesia (Digital Pustaka) , and Canada (JSHL Cleaning Services) .
Nicotine: This actor focused on the UAE, defacing websites for real estate and service companies like Modern Working, Stone Investment, and Housemaid Dubai .
Other Groups: Team GANDU targeted UK agricultural sites (Farmers Weekly, Gardenesque) and Vietnamese media . HellR00ters Team attacked real estate in Canada and gaming in the Philippines .

7. Threat Actor Profiles

Based on the provided reports, several key threat actors have been identified:

Wildpistol: A high-level data broker dealing in massive volumes. Responsible for the PayPal (89M), Coupang (33M), Endesa (20M), KuCoin (23M), and Coinbase (16.3M) listings. This actor focuses on monetizing aggregated user data.
A K U L A v 2: A prolific credential harvester focused on the Middle East. Their operational tempo is high, leaking credentials for over a dozen government and infrastructure targets in Iran, Iraq, Yemen, and Saudi Arabia within a few hours.
GordonFreeman: A threat actor targeting South American and European government/corporate entities. Responsible for the Paraguay Comptroller breach , Argentine Air Force access , and the Air France breach .
Saturned33: Specializes in “Initial Access” sales, offering high-privilege access (Domain Admin) to industrial and transport organizations in the Czech Republic and Argentina .
Z-PENTEST ALLIANCE: A group focused on OT/ICS exploitation, claiming access to physical control systems (Hydroelectric plant, Smart Homes) .

8. Conclusion

The cybersecurity events of February 6, 2026, illustrate a critical state of global cyber vulnerability. The sheer volume of records exposed—potentially exceeding 3 billion in a single day—highlights the fragility of digital identity infrastructure.

The simultaneous targeting of Middle Eastern government infrastructure by A K U L A v 2 and the operational technology breaches in Europe by Z-PENTEST ALLIANCE suggest that beyond financial crime, there is a persistent undercurrent of geopolitical destabilization and critical infrastructure probing.

Organizations are advised to urgently review their data retention policies, secure remote access points (RDP/VPN), and monitor the “openweb” and Telegram channels for leaked credentials. The prominence of “Initial Access” markets indicates that many of today’s breaches are merely the precursor to tomorrow’s ransomware attacks.

Detected Incidents Draft Data

Alleged leak of login credentials to LOURS FOR OIL AND GAS SERVICES
Category: Data Breach
Content: The group claims to have leaked login credentials to LOURS FOR OIL AND GAS SERVICES
Date: 2026-02-06T23:51:34Z
Network: telegram
Published URL: https://t.me/c/1943303299/1058112
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a97357af-6b9a-4caa-a9dc-aaa95d79ac21.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Algeria
Victim Industry: Oil & Gas
Victim Organization: lours for oil and gas services
Victim Site: lourscorp.com
BABAYO EROR SYSTEM targets the website of Hotel Myst
Category: Defacement
Content: Group claims to have defaced the website of Hotel Myst.
Date: 2026-02-06T23:21:19Z
Network: telegram
Published URL: https://t.me/c/3664625363/174
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7fb8f66e-9caf-43e9-813b-05a2e414c16c.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: India
Victim Industry: Hospitality & Tourism
Victim Organization: hotel myst
Victim Site: hotelmystmenchukha.com
BABAYO EROR SYSTEM targets the website of Digital Pustaka
Category: Defacement
Content: Group claims to have defaced the website of Digital Pustaka.
Date: 2026-02-06T23:19:22Z
Network: telegram
Published URL: https://t.me/c/3664625363/174
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9effa2c8-c77c-4e55-9dcf-c8c75b8ef40e.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: digital pustaka
Victim Site: home.digitalpustaka.com
Alleged data breach of Match.com
Category: Data Breach
Content: The threat actor claims to have leaked a database belonging to Match.com, alleging that more than 10 million rows of data have been exposed. According to the post, the dataset reportedly includes information on approximately 196,000 users and around 84,000 unique email addresses. The allegedly compromised data includes names, email addresses, phone numbers, dates of birth, genders, geographic locations, IP addresses, usernames, and a small number of plaintext passwords.
Date: 2026-02-06T23:06:27Z
Network: openweb
Published URL: https://breachforums.cz/index.php?threads/match-com-data-breach-2026.328/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f57e65ca-172e-4481-b231-e7ca1e8bd1c7.png
Threat Actors: exo
Victim Country: USA
Victim Industry: Social Media & Online Social Networking
Victim Organization: match.com
Victim Site: match.com
Alleged leak of login credentials to the Tehran Municipality’s official email service
Category: Data Breach
Content: The group claims to have leaked login credentials to the official email service portal of Tehran Municipality.
Date: 2026-02-06T23:01:35Z
Network: telegram
Published URL: https://t.me/c/1943303299/1057540
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/29a5d449-9359-4bdb-b2c2-ffa202da3c0d.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Iran
Victim Industry: Government Administration
Victim Organization: tehran municipality
Victim Site: mail.tehran.ir
Alleged leak of login credentials to Tehran Metro
Category: Data Breach
Content: The group claims to have leaked login credentials to Tehran Metro’s official website.
Date: 2026-02-06T22:55:01Z
Network: telegram
Published URL: https://t.me/c/1943303299/1057538
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c7b909ec-a16b-40b0-ab5f-7f8d0ffb21bb.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Iran
Victim Industry: Transportation & Logistics
Victim Organization: tehran urban and suburban railway company (tusrc)
Victim Site: metro.tehran.ir
Alleged Data Leak of 406K Rich Private Leads from UAE
Category: Data Breach
Content: Threat Actor claims to be selling a database containing approximately 406,000 rich private leads from individuals in the United Arab Emirates, reportedly collected through advertising campaigns. The exposed data allegedly includes civility, full names, mobile and phone numbers, personal email addresses, and country information. Additionally, around 373,000 phone numbers and approximately 300,000 email addresses are unique.
Date: 2026-02-06T22:54:05Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275418/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4f8f00db-72f1-4b31-9116-f9f9a9482a68.png
Threat Actors: betway
Victim Country: UAE
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login credentials to Research Institute of Petroleum Industry (RIPI)
Category: Data Breach
Content: The group claims to have leaked login credentials to Research Institute of Petroleum Industry (RIPI)
Date: 2026-02-06T22:45:55Z
Network: telegram
Published URL: https://t.me/c/1943303299/1057576
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ee19f7a6-c402-4ee2-83f2-866668f9cedb.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: Iran
Victim Industry: Education
Victim Organization: research institute of petroleum industry (ripi)
Victim Site: ripi.ir
Alleged data leak of Jeffrey Epstein Client Passwords
Category: Data Breach
Content: A threat actor claims to be sharing a database allegedly containing passwords linked to individuals described as Jeffrey Epstein’s clients
Date: 2026-02-06T22:44:14Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Jeffrey-Epstein-Client-Passwords-List
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/33787e91-1420-45c4-b5d7-af792422a36d.png
Threat Actors: Jaded
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login credentials to Rubika
Category: Data Breach
Content: The group claims to have leaked login credentials to Rubika
Date: 2026-02-06T22:43:21Z
Network: telegram
Published URL: https://t.me/c/1943303299/1057818
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/53b3aea1-ad31-489a-b0e0-f1a735fd4133.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: Iran
Victim Industry: Social Media & Online Social Networking
Victim Organization: rubika
Victim Site: rubika.ir
Alleged data breach of Yum! Brands
Category: Data Breach
Content: The threat actor claims to have extracted and leaked several thousand lines of data from Yum! Brands. The exposed information reportedly originates from internal databases associated with Yum! Brands.
Date: 2026-02-06T22:42:26Z
Network: openweb
Published URL: https://breachforums.cz/index.php?threads/yum-brands-data-leak.329/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/985f2d42-ab7e-466e-8d53-728b976c17cf.png
Threat Actors: exo
Victim Country: USA
Victim Industry: Food & Beverages
Victim Organization: yum! brands
Victim Site: yum.com
Alleged data breach of Medical Genetic Center MAMA PAPA
Category: Data Breach
Content: The group claims to have breached the systems of the Medical Genetic Center MAMA PAPA, alleging full access to administrative panels and internal infrastructure. They further allege that subsequent access was gained to additional medical‑related organizations, including DNA Diagnostics Center (DDC) in Kazakhstan and a client portal associated with medical service workflows. The actors also claim that the activity involved access to MamaPapa’s dispatch center and laboratory. According to the actors, they have exfiltrated sensitive information, including identity documents, laboratory records, service results, internal correspondence, phone numbers, and addresses.
Date: 2026-02-06T22:38:08Z
Network: telegram
Published URL: https://t.me/perunswaroga/1150?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/628501f3-0d7c-4f67-9843-83fef52fa24f.png
https://d34iuop8pidsy8.cloudfront.net/4e9302e2-0af8-4a89-8014-4b8cd9c42fcc.png
https://d34iuop8pidsy8.cloudfront.net/12c902d1-acbc-4620-a657-a1f7159751a2.png
Threat Actors: Perun Svaroga
Victim Country: Ukraine
Victim Industry: Hospital & Health Care
Victim Organization: medical genetic center mama papa
Victim Site: testdnk.com.ua
Alleged sale of Discord 4I Generator
Category: Malware
Content: The threat actor claims to be distributing a “Discord 4I generator” tool, allegedly designed to generate Discord-related accounts or resources. which includes a download link to an external file-sharing platform and states that the tool is functional, with instructions for use.
Date: 2026-02-06T22:26:43Z
Network: openweb
Published URL: https://breachforums.bf/Thread-discord-4l-generator
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c823c62a-7e0d-47c8-a972-a3766db35e5c.png
Threat Actors: sux1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Lumina Loader
Category: Malware
Content: The threat actor claims to have released Lumina Loader (VETRA Project) with its full source code and documented findings. the package allegedly contains the reversed loader, technical analysis, and complete source files that could allow other threat actors to study, modify, or deploy the malware.
Date: 2026-02-06T21:48:52Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Lumina-Loader-Reversed
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/010bf298-250b-42cb-bce2-5be60e2bd3b2.png
Threat Actors: userop
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of DevilBin
Category: Data Breach
Content: The threat actor claims to have leaked the website of devilbin.site. the breach occurred on July 4, 2024, and resulted in the exposure of 53 user accounts. The leaked data reportedly includes user IDs, usernames, hashed passwords, email addresses, profile information, and account metadata.
Date: 2026-02-06T21:36:46Z
Network: openweb
Published URL: https://breachforums.bf/Thread-2024-devilbin-site-53-users
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2ce7e271-2f36-4bf7-afdc-6db0fa6a1bae.png
Threat Actors: pine
Victim Country: Unknown
Victim Industry: Online Publishing
Victim Organization: devilbin
Victim Site: devilbin.site
HellR00ters Team targets the website of The 1989 Condos
Category: Defacement
Content: The group claims to have defaced the website of The 1989 Condos
Date: 2026-02-06T21:34:03Z
Network: telegram
Published URL: https://t.me/c/2758066065/978
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/22e3510e-a96e-4d8e-858e-08fedee87bfc.png
Threat Actors: HellR00ters Team
Victim Country: Canada
Victim Industry: Real Estate
Victim Organization: the 1989 condos
Victim Site: the1989condos.ca
Alleged unauthorized access to unidentified logistics company
Category: Initial Access
Content: The threat actor claims to have obtained database access to a large logistics company. The exposed panel allegedly includes payment statistics, client management data, contract details, and internal operational dashboards.
Date: 2026-02-06T21:26:45Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Big-logistic-company-Database-access
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8d8d9fb9-c69a-4e71-82cf-6011ea942d26.png
Threat Actors: Anigma
Victim Country: Unknown
Victim Industry: Transportation & Logistics
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Komisi Pemilihan Umum (KPU)
Category: Data Breach
Content: The threat actor claims to be selling a database allegedly belonging to Indonesia’s General Elections Commission (KPU). The dataset reportedly contains approximately 105 million records from a previously disclosed breach, including sensitive personal information such as national ID numbers (NIK), family card numbers (KK), full names, addresses, dates of birth, gender, and other voter-related details.
Date: 2026-02-06T21:14:34Z
Network: openweb
Published URL: https://darkforums.me/Thread-Selling-105-MILLION-KOMISI-PEMILIHAN-UMUM-INDONESIA
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/90143462-6b07-4f4c-a8cd-e20c6d2c5f5b.png
https://d34iuop8pidsy8.cloudfront.net/82abc91f-0947-4948-b200-a35ea87acff8.png
Threat Actors: SN1F
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: komisi pemilihan umum (kpu)
Victim Site: kpu.go.id
Alleged Sale of Unauthorized RDP Access to an Industrial Organization in Czech Republic
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized RDP and shell access to an industrial-sector organization in Czech Republic. The access includes Domain Admin and SYSTEM-level privileges, with Windows Defender allegedly disabled.
Date: 2026-02-06T21:08:30Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275419/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/796a982c-2dd7-44e9-bd60-88e5063df2da.png
Threat Actors: Saturned33
Victim Country: Czech Republic
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Russian food & restaurant database
Category: Data Breach
Content: The threat actor claims to be selling a compiled database pack from multiple Russian HoReCa (food delivery and restaurant) platforms containing approximately 2,046,000 records. The allegedly exposed data includes phone numbers, full names, email addresses, loyalty magnet card details, booking dates, and customer comments.
Date: 2026-02-06T21:07:12Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Food-Restaurants-DB-Pack-RU-2-04M-Lines-PII-Phone-Name-Email-MagnetCards
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/beeea805-6198-4c01-9341-23cf1ac43bc4.png
Threat Actors: scorpion1337
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Préfecture d’Indre-et-Loire
Category: Data Breach
Content: The threat actor claims to have leaked internal administrative data allegedly belonging to the Préfecture d’Indre-et-Loire in France. The exposed information reportedly includes internal identifiers, departmental details, email addresses of government staff, office locations, and administrative records related to public service departments.
Date: 2026-02-06T20:56:27Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Leak-French-prefecture
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9ac1e866-1324-429a-a63c-2eb89b1cdd8b.png
Threat Actors: thomasvalmorin2828
Victim Country: France
Victim Industry: Government & Public Sector
Victim Organization: préfecture d’indre-et-loire
Victim Site: indre-et-loire.gouv.fr
Alleged data leak of Mairie de Paris
Category: Data Breach
Content: The threat actor claims to have leaked a database allegedly belonging to the City of Paris (paris.fr). The dataset reportedly contains approximately 320,000 records and includes personal information such as full names, dates of birth, addresses, phone numbers, and email addresses of individuals
Date: 2026-02-06T20:52:34Z
Network: openweb
Published URL: https://breachforums.bf/Thread-mairiedeparis-320K-FR
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/31a3a2c3-5adf-4eed-899b-3152ad2b2fb6.png
Threat Actors: sux1337
Victim Country: France
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized access to multiple Israeli SFTP configuration files
Category: Alert
Content: The group claims to have accessed and exposed SFTP configuration files from Shekel Group, alongside several other Israeli websites.
Date: 2026-02-06T20:31:14Z
Network: telegram
Published URL: https://t.me/SufferDimension/52
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9f34ce9b-73c4-4a67-b898-923021258802.png
https://d34iuop8pidsy8.cloudfront.net/66ec140a-7e65-4a43-904c-c76f4fcf272d.png
https://d34iuop8pidsy8.cloudfront.net/e3ab0798-2cbc-4411-851c-252930ed7255.png
https://d34iuop8pidsy8.cloudfront.net/097a7a14-425b-4ce2-9b0f-c71c91fe5fa1.png
Threat Actors: Suffer Dimension Official
Victim Country: Israel
Victim Industry: Financial Services
Victim Organization: shekel group
Victim Site: shekelgroup.co.il
Alleged Sale of Unauthorized PrestaShop Admin Access in France
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized admin access to a France-based PrestaShop e-commerce site and shell access is already established and traffic is being redirected. It includes recent transaction activity involving thousands of credit/debit card records across multiple date ranges from 2025-2026.
Date: 2026-02-06T20:13:50Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275415/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fc8e7e69-1b94-4fcd-b8a9-b9a63fa8a733.png
Threat Actors: ActWater
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
HellR00ters Team targets the website of STAXX Cards & Hobbies
Category: Defacement
Content: The group claims to have defaced the website of STAXX Cards & Hobbies
Date: 2026-02-06T20:12:20Z
Network: telegram
Published URL: https://t.me/c/2758066065/978
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/731b5d3d-4099-429b-b191-9d8334bca5da.jpg
Threat Actors: HellR00ters Team
Victim Country: Philippines
Victim Industry: Gaming
Victim Organization: staxx cards & hobbies
Victim Site: staxxph.com
Alleged Sale of 200 Credit Card Database from Canada
Category: Data Breach
Content: The threat actor claims to have leaked a database associated with credit card data obtained through sniffing activity in Canada. The exposed dataset reportedly contains approximately 200 credit card records, including payment card numbers, CVV codes, expiration dates, cardholder details, full residential addresses, phone numbers, email addresses, and associated IP information.
Date: 2026-02-06T20:05:54Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275410/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8d2c099b-d4aa-4d75-937c-dc3e775c5eb2.png
Threat Actors: litem
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Raidotaxi
Category: Data Breach
Content: The threat actor claims to have leaked a database belonging to Raidotaxi. According to the post, the allegedly exposed dataset contains personal information of approximately 5,600 individuals from India.
Date: 2026-02-06T20:05:32Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-raidotaxi-com-DATABASE-DUMP
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/049af6c1-4fc2-403b-a6a2-6c3deb0d3e87.png
Threat Actors: Raidotaxi
Victim Country: India
Victim Industry: Transportation & Logistics
Victim Organization: raidotaxi
Victim Site: raidotaxi.com
Alleged Sale of Unauthorized Windows Shell Access to Public Transport Organization in Argentina
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized Windows shell access to a public transport organization in Argentina. The access includes domain administrator–level privileges (NTLM), SYSTEM/NT access, and local administrator credentials in clear text, affecting more than 150 hosts. The environment reportedly runs Windows systems with Kaspersky antivirus marked as deactivated or expired.
Date: 2026-02-06T20:05:03Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275413/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b94085bc-1652-426e-b4cc-6e794e666ddd.png
Threat Actors: Saturned33
Victim Country: Argentina
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Betty Bossi
Category: Data Breach
Content: The threat actor claims to be selling a database belonging to BettyBossi.ch, the official website of the Swiss cooking brand Betty Bossi. the allegedly exposed dataset contains information on approximately 2,873,758 clients, including phone numbers, full names, email addresses, physical addresses, wishlists, order details, invoices, and partial payment information such as IBAN details
Date: 2026-02-06T19:56:27Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Database-BettyBossi-ch-Switzerland-2-873-758-clients
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/03a66835-961f-4b70-b41e-feae0d7082cb.png
Threat Actors: hinygo
Victim Country: Switzerland
Victim Industry: Food & Beverages
Victim Organization: betty bossi
Victim Site: bettybossi.ch
Alleged leak of Armenian phone numbers database
Category: Data Breach
Content: The threat actor claims to be selling or sharing a database containing approximately 220,000 Armenian phone number records from 2025, allegedly exposing large-scale contact information of individuals in Armenia.
Date: 2026-02-06T19:41:03Z
Network: openweb
Published URL: https://breachforums.bf/Thread-ARMENIAN-PHONE-NUMBERS-DB-2025-220-000-rows
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/282c4816-5a09-444e-822a-dc0d77b7aabf.png
Threat Actors: 641a3
Victim Country: Armenia
Victim Industry: Network & Telecommunications
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of The Kalculators
Category: Data Breach
Content: The threat actor also claims that data related to The Kalculators, an Australian accounting and advisory firm, has been exposed. The alleged leaked information includes client and business details such as names, contact information, financial identifiers, organizational structure data, and relationship records between businesses and individuals.
Date: 2026-02-06T19:36:46Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Synkli-TheKalculators-Australia-70K-Consumers
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/63c5e818-2415-454c-bf68-eebcf073a46a.png
Threat Actors: 2019
Victim Country: Australia
Victim Industry: Financial Services
Victim Organization: the kalculators
Victim Site: thekalculators.com.au
Alleged data breach of Synkli
Category: Data Breach
Content: The threat actor claims to have leaked a database belonging to Synkli, an Australian cloud-based accounting and financial workflow platform. The allegedly exposed data includes business and client IDs, full names, email addresses, phone numbers, tax file numbers (TFN), Australian Business Numbers (ABN), residential and postal addresses, and organizational records.
Date: 2026-02-06T19:30:18Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Synkli-TheKalculators-Australia-70K-Consumers
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/22c44e1e-d02d-4f86-b73f-b4226ec6e36b.png
Threat Actors: 2019
Victim Country: Australia
Victim Industry: Financial Services
Victim Organization: synkli
Victim Site: synkli.com
BABAYO EROR SYSTEM targets the website of legitinfo.in
Category: Defacement
Content: Thegroup claims to have defaced the website of legitinfo.in
Date: 2026-02-06T19:10:57Z
Network: telegram
Published URL: https://t.me/c/3664625363/173
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9cbd6238-e075-4dd5-8d83-b0ca7ddcbc5c.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: legitinfo.in
BABAYO EROR SYSTEM targets the website of Hotel Gokul Raj
Category: Defacement
Content: The group claims to have defaced the website of Hotel Gokul Raj
Date: 2026-02-06T19:01:22Z
Network: telegram
Published URL: https://t.me/c/3664625363/173
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3db3c941-307f-4bf0-8843-1b6b1b51bdba.jpg
Threat Actors: BABAYO EROR SYSTEM
Victim Country: India
Victim Industry: Restaurants
Victim Organization: hotel gokul raj
Victim Site: hotelgokulraj.in
BABAYO EROR SYSTEM targets the website of Kashmir Nippon Tours
Category: Defacement
Content: The group claims to have defaced the website of Kashmir Nippon Tours
Date: 2026-02-06T19:01:07Z
Network: telegram
Published URL: https://t.me/c/3664625363/173
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/77f8d479-9130-446e-9645-b6471aaa43db.jpg
Threat Actors: BABAYO EROR SYSTEM
Victim Country: India
Victim Industry: Hospitality & Tourism
Victim Organization: kashmir nippon tours
Victim Site: crackinghub.kashmirnippontours.in
Alleged data breach of MTK SRL
Category: Data Breach
Content: The threat actor claims to have breached and leaked the database of MTK SRL, an Italian medical and healthcare supplies company. the allegedly exposed data includes internal company records, customer information, contact details, and potentially sensitive business-related documents.
Date: 2026-02-06T18:52:11Z
Network: openweb
Published URL: https://darkforums.me/Thread-DATABASE-www-mtksrl-it-DATABREACH
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e25cbf85-22a1-4169-bb7a-ba5b32a8f448.png
Threat Actors: Disease
Victim Country: Italy
Victim Industry: Hospital & Health Care
Victim Organization: mtk srl
Victim Site: mtksrl.it
Cyb3r Drag0nz targets the website of Professor Dr. Mustafa Al-Abdullah Al-Kafri
Category: Defacement
Content: The group claims to have defaced the website of Professor Dr. Mustafa Al-Abdullah Al-Kafri
Date: 2026-02-06T18:14:03Z
Network: telegram
Published URL: https://t.me/c/3504564040/145
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/90756992-1ac7-4c75-89c9-787a3fad2514.jpg
Threat Actors: Cyb3r Drag0nz
Victim Country: Syria
Victim Industry: Online Publishing
Victim Organization: Unknown
Victim Site: almustshar.sy
Alleged leak of U.S. SSN records database
Category: Data Breach
Content: The threat actor claims to be sharing a massive database allegedly containing 2.7 billion U.S. Social Security Number (SSN) records.
Date: 2026-02-06T18:05:18Z
Network: openweb
Published URL: https://breachforums.bf/Thread-2-7-Billion-USA-SSN-Database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4d6181a8-397c-459a-9e95-42ab9fd4d981.png
Threat Actors: Pijush510
Victim Country: USA
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login credentials to Nisha Group
Category: Data Breach
Content: The group claims to have leaked login credentials to Nisha Group in Israel.
Date: 2026-02-06T18:04:24Z
Network: telegram
Published URL: https://t.me/c/1943303299/1057265
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c3190a66-0f61-4bca-b786-0dcdb25ad18b.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Israel
Victim Industry: Staffing/Recruiting
Victim Organization: nisha group
Victim Site: nisha.co.il
Alleged Sale of Unauthorized VPN, RDP, and SSH Access to Multiple Industries from USA
Category: Initial Access
Content: Threat actor claims to be selling unauthorized VPN, RDP, and SSH access to a US-based retail, software, and supply chain management environment. The access reportedly includes SonicWall VPN connectivity along with RDP and SSH access to multiple backend and development servers, domain and database user privileges, and access to systems spanning retail stores across several US states.
Date: 2026-02-06T17:46:23Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275401/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/47d666ee-79b1-40ec-93fa-cfbf2465b387.png
Threat Actors: MustF4st
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Water Research and Innovation Platform
Category: Data Breach
Content: The threat actor group claims to have compromised the wsip.mwi.gov.jo website and exfiltrated sensitive database information.the allegedly extracted data includes personal details such as names, email addresses, phone numbers, and related records from the system.
Date: 2026-02-06T17:31:29Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-wsip-mwi-gov-jo
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3c59851b-81ee-4b9a-b480-1f87e56f8637.png
Threat Actors: X-VDP-X
Victim Country: Jordan
Victim Industry: Government & Public Sector
Victim Organization: water research and innovation platform
Victim Site: wsip.mwi.gov.jo
Alleged leak of UMK & Non-UMK Business Database
Category: Data Breach
Content: The threat actor claims to be sharing a database related to UMK and Non-UMK business data for Q3 2023.
Date: 2026-02-06T16:43:40Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Data-UMK-dan-NON-UMK-Triwulan-I-2023
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/13414442-afda-45b9-99d6-a5dd700fe293.png
Threat Actors: 1LH4MZXSEC
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Registro Nacional de Identificación y Estado Civil (RENIEC)
Category: Data Breach
Content: The threat actor claims to leaked database allegedly belonging to Peru’s national citizen registry (RENIEC). The dataset is said to contain approximately 31 million records in CSV format (around 9GB).
Date: 2026-02-06T16:33:56Z
Network: openweb
Published URL: https://darkforums.me/Thread-PERU-RENIEC-NATIONAL-CITIZEN-DATABASE-31M-2023
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/92250da2-c6ef-46c4-9035-88d2d43c5658.png
Threat Actors: Tanaka
Victim Country: Peru
Victim Industry: Government & Public Sector
Victim Organization: registro nacional de identificación y estado civil (reniec)
Victim Site: reniec.gob.pe
Alleged data breach of Logility
Category: Data Breach
Content: The group claims to have exfiltrated the organizations internal data.
Date: 2026-02-06T16:30:58Z
Network: tor
Published URL: http://fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion/companies/logility
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/85d0d680-03c0-4ede-9fd4-cc9073d2aba4.png
Threat Actors: CoinbaseCartel
Victim Country: USA
Victim Industry: Software Development
Victim Organization: logility
Victim Site: logility.com
Alleged Sale of 80 Credit Card Data Logs in UK
Category: Data Breach
Content: The threat actor claims to have leaked a database associated with credit card data obtained through sniffing activity in the United Kingdom. The exposed dataset reportedly contains full sniffing logs, including payment card details, IP addresses, and user-agent information, with the actor claiming an estimated validity rate of approximately 90–100%.
Date: 2026-02-06T16:28:17Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/275390/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f4e88c54-b726-4d7c-aa6e-3e85e01f1b84.png
Threat Actors: Spacer
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
AN0M949_GHOST_TRACK targets the website of LAPAK SainsTek
Category: Defacement
Content: The group claims to have defaced the website of LAPAK SainsTek.
Date: 2026-02-06T14:35:26Z
Network: telegram
Published URL: https://t.me/CyaberGhost/593
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8b963cb8-2d8f-4ba7-993a-6b9145f5e669.png
Threat Actors: AN0M949_GHOST_TRACK
Victim Country: Indonesia
Victim Industry: E-commerce & Online Stores
Victim Organization: lapak sainstek
Victim Site: sainstek.com
Russian Legion claims to target Denmark
Category: Alert
Content: A recent post by the group indicates that they are targeting Denmark.
Date: 2026-02-06T14:33:12Z
Network: telegram
Published URL: https://t.me/ruLegionn/84
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ee4682d3-b533-432c-b8e1-704acd19a4d8.jpg
Threat Actors: Russian Legion
Victim Country: Denmark
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Patron RM Armenia
Category: Data Breach
Content: The threat actor claims to have breached data from Patron RM Armenia, allegedly containing 375 entries, including IDs, email addresses, phone numbers, dates, and other information.
Date: 2026-02-06T14:26:59Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-armenian-patron-am-database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1337746d-982c-4c6d-af0a-1ce407ca0ec5.png
Threat Actors: c0mmandor
Victim Country: Armenia
Victim Industry: Business Supplies & Equipment
Victim Organization: patron rm armenia
Victim Site: patron.am
Alleged leak of login credentials to University of Basrah
Category: Data Breach
Content: The group claims to have leaked login credentials to University of Basrah.
Date: 2026-02-06T14:12:06Z
Network: telegram
Published URL: https://t.me/c/1943303299/1057217
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/86f494b8-2894-432a-a451-ee4752a2a509.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: Iraq
Victim Industry: Education
Victim Organization: university of basrah
Victim Site: uobasrah.edu.iq
Alleged leak of login credentials to CENTRAL BANK OF YEMEN
Category: Data Breach
Content: The group claims to have leaked login credentials to CENTRAL BANK OF YEMEN.
Date: 2026-02-06T13:59:07Z
Network: telegram
Published URL: https://t.me/c/1943303299/1057203
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6c87cd99-bd5a-4410-ace2-f4d465b2ece0.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: Yemen
Victim Industry: Financial Services
Victim Organization: central bank of yemen
Victim Site: cby-ye.com
Alleged leak of login credentials to Central Bank of Iraq
Category: Data Breach
Content: The group claims to have leaked login credentials to Central Bank of Iraq.
Date: 2026-02-06T13:58:12Z
Network: telegram
Published URL: https://t.me/c/1943303299/1057187
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/916bb0d8-26f6-48ac-9c8b-2851b147b7e8.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: Iraq
Victim Industry: Financial Services
Victim Organization: central bank of iraq
Victim Site: cbi.iq
Alleged leak of login credentials to YOUNG MEDIA LTD
Category: Data Breach
Content: The group claims to have leaked login credentials to YOUNG MEDIA LTD.
Date: 2026-02-06T13:57:55Z
Network: telegram
Published URL: https://t.me/c/1943303299/1057139
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2a5393c9-26b9-4d5c-ad8a-51e5b096c69b.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Israel
Victim Industry: Marketing, Advertising & Sales
Victim Organization: young media ltd
Victim Site: youngmedia.co.il
Alleged Unauthorized Access to a Hydroelectric Power Plant Control System in France
Category: Initial Access
Content: The group claims to have accessed a hydroelectric facility control system in France, reportedly disrupting turbine and process controls, triggering alarms, and causing operational instability with potential safety and environmental risks.
Date: 2026-02-06T13:57:49Z
Network: telegram
Published URL: https://t.me/zpentestalliance/1049
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dc946e47-a1cf-4e58-aa83-cbfe66cbc120.png
https://d34iuop8pidsy8.cloudfront.net/4b676d80-ab2d-4bdb-b9c1-59b0258e74ef.png
https://d34iuop8pidsy8.cloudfront.net/e6f168be-801b-486d-8e1d-80fed9c08748.png
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login credentials to Ministry of Finance, Saudi Arabia
Category: Data Breach
Content: The group claims to have leaked login credentials to Ministry of Finance, Saudi Arabia.
Date: 2026-02-06T13:40:02Z
Network: telegram
Published URL: https://t.me/c/1943303299/1057127
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/65a3fb4a-79f7-493a-a2b5-a519cad51f0c.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: Saudi Arabia
Victim Industry: Government Administration
Victim Organization: ministry of finance, saudi arabia
Victim Site: mof.gov.sa
Alleged leak of login credentials to Alforat News
Category: Data Breach
Content: The group claims to have leaked login credentials to Alforat News.
Date: 2026-02-06T13:31:18Z
Network: telegram
Published URL: https://t.me/c/1943303299/1057109
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/edbd5dcd-a48d-42e3-bd2f-cf506eb911fe.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Iraq
Victim Industry: Newspapers & Journalism
Victim Organization: alforat news
Victim Site: alforatnews.iq
Alleged leak of login credentials to Jobmaster LTD
Category: Initial Access
Content: The group claims to have leaked login credentials to Jobmaster LTD.
Date: 2026-02-06T13:23:31Z
Network: telegram
Published URL: https://t.me/c/1943303299/1057023
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2f44b9fa-784e-4092-95e0-5bee8794f457.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Israel
Victim Industry: Software Development
Victim Organization: jobmaster ltd
Victim Site: account.jobmaster.co.il
Alleged leak of login credentials to Social Security Organization
Category: Data Breach
Content: The group claims to have leaked login credentials to Social Security Organization.
Date: 2026-02-06T13:19:09Z
Network: telegram
Published URL: https://t.me/c/2451084701/536541
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7fd771d7-7536-4946-854d-d39cea65dcf6.png
Threat Actors: Buscador
Victim Country: Iran
Victim Industry: Insurance
Victim Organization: social security organization
Victim Site: tamin.ir
Alleged leak of login credentials to Tadhamon Bank
Category: Data Breach
Content: The group claims to have leaked login credentials to Tadhamon Bank
Date: 2026-02-06T13:17:11Z
Network: telegram
Published URL: https://t.me/c/1943303299/1057107
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/25e3379c-912a-444b-b018-3c26606137f3.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: Yemen
Victim Industry: Banking & Mortgage
Victim Organization: tadhamon bank
Victim Site: omni.tadhamonbank.com
maulnism1337 targets the website of Aum Expert Manpower
Category: Defacement
Content: Group claims to have defaced the website of Aum Expert Manpower.
Date: 2026-02-06T13:16:22Z
Network: telegram
Published URL: https://t.me/maul1337anon/784
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/75101834-a715-49a5-b66b-13048ae62281.png
Threat Actors: maulnism1337
Victim Country: India
Victim Industry: Staffing/Recruiting
Victim Organization: aum expert manpower
Victim Site: aumexpertmanpower.com
BABAYO EROR SYSTEM targets the website of JSHL Cleaning Services Ltd.
Category: Defacement
Content: The group claims to have defaced the website of JSHL Cleaning Services Ltd.
Date: 2026-02-06T13:00:48Z
Network: telegram
Published URL: https://t.me/c/3664625363/163
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c2cb7c8f-bb03-4732-8024-1878eb371563.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Canada
Victim Industry: Professional Services
Victim Organization: jshl cleaning services ltd.
Victim Site: jshlcleaning.com
maulnism1337 targets the website of Visvasa International
Category: Defacement
Content: The group claims to have defaced the website of Visvasa International.
Date: 2026-02-06T12:59:41Z
Network: telegram
Published URL: https://t.me/maul1337anon/785
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3d2ba695-8b38-46b9-ba2c-f662dd248939.png
Threat Actors: maulnism1337
Victim Country: India
Victim Industry: Architecture & Planning
Victim Organization: visvasa international
Victim Site: visvasagroup.com
Flickr Suffers Data Breach
Category: Data Breach
Content: Flickr disclosed a potential data breach after discovering that a misconfiguration in a third-party customer support tool may have exposed user names and email addresses from support requests, though the company did not find evidence of unauthorized access to its own systems or broader platform compromise; Flickr notified affected users, reset support tool credentials, and stated it is working with security experts to investigate and mitigate the issue while emphasizing that no passwords or financial data were exposed.
Date: 2026-02-06T12:51:44Z
Network: openweb
Published URL: https://www.bleepingcomputer.com/news/security/flickr-discloses-potential-data-breach-exposing-users-names-emails/
Screenshots:
None
Threat Actors: Unknown
Victim Country: USA
Victim Industry: Photography
Victim Organization: flickr
Victim Site: flickr.com
maulnism1337 targets the website of SSSRK24x7
Category: Defacement
Content: The group claims to have defaced the website of SSSRK24x7.Mirror: https://zone-xsec.com/mirror/789642
Date: 2026-02-06T12:46:17Z
Network: telegram
Published URL: https://t.me/maul1337anon/783
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d3f9d992-b368-486e-a93b-e2b476cd530d.png
Threat Actors: maulnism1337
Victim Country: India
Victim Industry: Newspapers & Journalism
Victim Organization: sssrk24x7
Victim Site: sssrk24x7.com
Alleged data sale of Leora Infotech
Category: Data Breach
Content: The threat actor claims to be selling 35K records from Leora Infotech, allegedly containing usernames, email addresses, dates joined, first names, and last names.
Date: 2026-02-06T12:13:08Z
Network: openweb
Published URL: https://darkforums.me/Thread-Selling-Leora-Infotech-Private-Limited-Breach
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/39a637cb-0bb0-4785-89e9-8530b22c5f7d.png
https://d34iuop8pidsy8.cloudfront.net/cfe0cf0d-d982-4763-ab0e-459c0444fcd2.png
Threat Actors: KaruHunters
Victim Country: India
Victim Industry: Information Technology (IT) Services
Victim Organization: leora infotech
Victim Site: leorainfotech.in
maulnism1337 targets the website of Afrifin Financial Solutions
Category: Defacement
Content: The threat actor claims to have defaced the organizations website.
Date: 2026-02-06T12:05:48Z
Network: telegram
Published URL: https://t.me/maul1337anon/780
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bdf8f370-5df4-4f70-a80d-1167d836675f.png
Threat Actors: maulnism1337
Victim Country: India
Victim Industry: Financial Services
Victim Organization: afrifin financial solutions
Victim Site: afrifinsolutions.com
DEFACER INDONESIAN TEAM targets the website of Cucina Bianca Casa
Category: Defacement
Content: The group claims to have defaced the website of Cucina Bianca Casa.
Date: 2026-02-06T12:05:04Z
Network: telegram
Published URL: https://t.me/c/2433981896/856
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/36c33c92-a7de-4b22-a92f-549f663f0356.png
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: Switzerland
Victim Industry: Design
Victim Organization: cucina bianca casa
Victim Site: cucinabiancasa.ch
Nicotine targets the website of Modern Working
Category: Defacement
Content: The threat actor claims to have defaced the website of Modern Working.
Date: 2026-02-06T12:02:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/788727
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8139b59b-21ee-4915-b2e3-fcd4447a968c.png
Threat Actors: Nicotine
Victim Country: UAE
Victim Industry: Real Estate
Victim Organization: modern working
Victim Site: modern-working.ae
Nicotine targets the website of Housemaid Dubai
Category: Defacement
Content: The threat actor claims to have defaced the organizations website.
Date: 2026-02-06T12:00:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/789490
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4ab9d544-c407-43ff-99c0-cbac561859bd.png
Threat Actors: Nicotine
Victim Country: UAE
Victim Industry: Hospitality & Tourism
Victim Organization: housemaid dubai
Victim Site: housemaiddubai.ae
Alleged leak of login credentials to Government of the Islamic Republic of Iran
Category: Initial Access
Content: The group claims to have leaked login credentials to Government of the Islamic Republic of Iran.
Date: 2026-02-06T11:59:25Z
Network: telegram
Published URL: https://t.me/c/1943303299/1056832
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ce1e3a98-2e8d-4aca-bc02-a6186207a181.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Iran
Victim Industry: Government Administration
Victim Organization: government of the islamic republic of iran
Victim Site: iran.gov.ir
Nicotine targets the website of Stone Investment
Category: Defacement
Content: The threat actor claims to have defaced the website of Stone Investment.
Date: 2026-02-06T11:59:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/788735
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/15b26fc5-df40-4855-91b7-9ce16e03e136.png
Threat Actors: Nicotine
Victim Country: UAE
Victim Industry: Real Estate
Victim Organization: stone investment
Victim Site: stoneinvestment.ae
DEFACER INDONESIAN TEAM targets the website of Insecta Studios
Category: Defacement
Content: The group claims to have defaced the website of Insecta Studios.
Date: 2026-02-06T11:56:45Z
Network: telegram
Published URL: https://t.me/c/2433981896/857
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1edfc598-79db-4e08-9e69-b62f9700f430.png
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: Nigeria
Victim Industry: Design
Victim Organization: insecta studios
Victim Site: ken1.insectastudios.com
Nicotine targets the website of RFX Digital
Category: Defacement
Content: The threat actor claims to have defaced the website of RFX Digital.
Date: 2026-02-06T11:56:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/789493
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e285c5dc-cce0-4976-8e4a-821fd6cf6ceb.png
Threat Actors: Nicotine
Victim Country: UAE
Victim Industry: Marketing, Advertising & Sales
Victim Organization: rfx digital
Victim Site: rfxdigital.ae
Nicotine targets the website tadbeervisaservices.ae
Category: Defacement
Content: The threat actor claims to have defaced the organizations website.
Date: 2026-02-06T11:54:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/789494
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e5bace45-7de3-435b-bcf0-4ea319dc066c.png
Threat Actors: Nicotine
Victim Country: UAE
Victim Industry: Professional Services
Victim Organization: tadbeervisaservices
Victim Site: tadbeervisaservices.ae
Alleged leak of login credentials to Iranian Samandehi system
Category: Data Breach
Content: The group claims to have leaked login credentials to Iranian Samandehi system.
Date: 2026-02-06T11:40:57Z
Network: telegram
Published URL: https://t.me/c/1943303299/1056846
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bee3004c-fb57-4e0e-8fd6-f35001b0cfb4.jpg
Threat Actors: A K U L A v 2 . 2
Victim Country: Iran
Victim Industry: Government Administration
Victim Organization: iranian samandehi system
Victim Site: site.samandehi.ir
Alleged data breach of Comptroller General of the Republic
Category: Data Breach
Content: The threat actor claims to have breached 340,000 records from the Comptroller General of the Republic, allegedly containing IDs, academic degree IDs, user IDs, presentation reason IDs, marital status IDs, nationality IDs, last and first names, ID card numbers, birth dates and more.
Date: 2026-02-06T10:49:21Z
Network: openweb
Published URL: https://darkforums.me/Thread-DATABASE-Critical-Vuln-Paraguay-s-Contralor%C3%ADa-General-Extraction-Method-Exposes-340k-Records
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ee1e374f-34ad-4a3c-996e-8c143416cdf2.png
https://d34iuop8pidsy8.cloudfront.net/e361bd5a-97c5-415f-8b4c-c686c295a54a.png
https://d34iuop8pidsy8.cloudfront.net/37bbf22a-3784-4ba5-9643-4c103e476f4d.png
https://d34iuop8pidsy8.cloudfront.net/9f0d2187-e5d3-4f85-afc8-6333945566ea.png
https://d34iuop8pidsy8.cloudfront.net/3a36ff4f-5c4b-436f-b03a-765f10350af8.png
Threat Actors: GordonFreeman
Victim Country: Paraguay
Victim Industry: Non-profit & Social Organizations
Victim Organization: comptroller general of the republic
Victim Site: contraloria.gov.py
Alleged Unauthorized Access to a Smart Home Control System in Italy
Category: Initial Access
Content: The group claims to have accessed a smart home control system in Italy via an HMI, reportedly gaining remote visibility and control over heating, hot water, climate systems, pumps, valves, alarms, and external lighting.
Date: 2026-02-06T10:47:45Z
Network: telegram
Published URL: https://t.me/zpentestalliance/1047
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5c4ed32d-6872-4eb2-baeb-e55e796e3c03.png
https://d34iuop8pidsy8.cloudfront.net/349e5e97-5228-4524-8406-c67fed1b185b.png
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login credentials to Fan Sub Group
Category: Initial Access
Content: The group claims to have leaked login credentials to Fan Sub Group.
Date: 2026-02-06T09:42:03Z
Network: telegram
Published URL: https://t.me/c/1943303299/1056291
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8d951b94-83dd-49fe-9786-e282f370d582.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Iran
Victim Industry: Gaming
Victim Organization: fan sub group
Victim Site: fansub.ir
Alleged leak of login credentials to Media Design
Category: Data Breach
Content: The group claims to have leaked login credentials to Media Design.
Date: 2026-02-06T09:15:14Z
Network: telegram
Published URL: https://t.me/c/1943303299/1056245
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/22a55cc7-5eea-44d8-a87f-d62597eac845.png
Threat Actors: A K U L A v 2 . 2
Victim Country: Saudi Arabia
Victim Industry: Marketing, Advertising & Sales
Victim Organization: media design
Victim Site: media.sa
Alleged data leak Chinese overseas in USA
Category: Data Breach
Content: The threat actor claims to be selling a dataset allegedly containing personal information related to Chinese overseas individuals residing in the United States. The database is advertised as containing approximately 3 million records, with sample data provided to support the claim
Date: 2026-02-06T06:50:54Z
Network: openweb
Published URL: https://demonforums.net/Thread-Chinese-Overseas-in-USA
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dd3ae31d-5b9e-4d52-8f15-1e84af16e19a.png
Threat Actors: Wildpistol
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of coupang
Category: Data Breach
Content: Threat actor claims to be selling a database allegedly containing e-commerce customer order data associated with Coupang. The dataset reportedly includes approximately 33.1 million records and contains personally identifiable information such as full names, email addresses, phone numbers, physical addresses, order details, total spending amounts, and device fingerprint data.
Date: 2026-02-06T06:34:58Z
Network: openweb
Published URL: https://demonforums.net/Thread-coupang-com-33-1M-Records-South-Korea
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/56677424-398f-4714-81de-4484ba4c9c4f.png
Threat Actors: Wildpistol
Victim Country: South Korea
Victim Industry: E-commerce & Online Stores
Victim Organization: coupang
Victim Site: coupang.com
Alleged Leak of BIG CRYPTO Data from Multiple Websites
Category: Data Breach
Content: Threat actor claims to be selling a large, aggregated dataset containing cryptocurrency user data from multiple platforms. The bundle allegedly includes millions of user records associated with China-based crypto users, Robinhood, Gemini, Coinbase, and KuCoin.
Date: 2026-02-06T06:22:35Z
Network: openweb
Published URL: https://demonforums.net/Thread-BIG-CRYPTO-DATA-BUNDLE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6c7f8efb-05e4-4454-bdd6-4b44d2a5096b.png
Threat Actors: Wildpistol
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of Databases from China
Category: Data Breach
Content: threat actor claims to be selling a large bundle of databases allegedly containing sensitive personal and financial data related to Chinese individuals and institutions. The dataset is marketed as a multi-database package and includes records associated with financial services, telecommunications, education, social platforms, and government-related programs.
Date: 2026-02-06T06:21:45Z
Network: openweb
Published URL: https://demonforums.net/Thread-CHINA-Big-China-Databases
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ad49c18c-1666-454e-8355-a3476c615089.png
Threat Actors: Wildpistol
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data leak of Undersecretariat of Public Management and Employment
Category: Data Breach
Content: The threat actor claims to have leaked data allegedly associated with Argentina’s Undersecretary of Management and Public Employment in Buenos Aires. The leaked data reportedly contains 19,992 photo records and 4,740 address records.
Date: 2026-02-06T06:16:56Z
Network: openweb
Published URL: https://breachforums.jp/Thread-ARGENTINA-Undersecretary-of-Management-and-Public-Employment-Photos-Addresses
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8238a037-6431-46a5-9dcf-04f9590992b0.png
https://d34iuop8pidsy8.cloudfront.net/dd8e8c06-4dd2-41e1-970f-9e76a2ba7637.png
Threat Actors: ByteHunter
Victim Country: Argentina
Victim Industry: Government Administration
Victim Organization: undersecretary of management and public employment, buenos aires
Victim Site: portal.rrhh.gba.gob.ar
Alleged leak of PayPal Data
Category: Data Breach
Content: Threat actor claims to be selling a PayPal USA–related dataset containing approximately 89 million records. A 100K-row sample is provided, with data allegedly offered in CSV format.
Date: 2026-02-06T06:14:54Z
Network: openweb
Published URL: https://demonforums.net/Thread-PAYPAL-USA-DATA-89-MILLIONS
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8f22f540-800a-4c79-a7e7-44d197d4df18.png
Threat Actors: Wildpistol
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: paypal
Victim Site: paypal.com
Alleged Data Leak Of Government of the Russian Federation
Category: Data Breach
Content: The threat actor claims to be leaked data from Government of the Russian Federation
Date: 2026-02-06T06:13:28Z
Network: openweb
Published URL: https://breachforums.cz/index.php?threads/russian-govs.313/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/77ffe866-a4a2-47af-9b91-e3b160334012.png
Threat Actors: exo
Victim Country: Russia
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of KuCoin
Category: Data Breach
Content: Threat actor claims to be selling a KuCoin-related dataset containing approximately 23 million user records. Sample files are shared via a spreadsheet link.
Date: 2026-02-06T05:58:44Z
Network: openweb
Published URL: https://demonforums.net/Thread-KUCOIN-DATA-23-millions
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b4d43326-c69c-4eec-9c0f-b4d34d3f5438.png
Threat Actors: Wildpistol
Victim Country: Seychelles
Victim Industry: Financial Services
Victim Organization: kucoin exchange
Victim Site: kucoin.com
Alleged data breach of Endesa
Category: Data Breach
Content: Threat actor claims to be selling a Spain-based ENDEDA database containing over 20 million user records in a single SQL file. The dataset is described as fresh and previously unseen.
Date: 2026-02-06T05:45:25Z
Network: openweb
Published URL: https://demonforums.net/Thread-ENDESA-Spain-Database-20M
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ea0a0a25-0b38-49f2-8dcf-5cda1d0ac3cd.png
Threat Actors: Wildpistol
Victim Country: Spain
Victim Industry: Energy & Utilities
Victim Organization: endesa
Victim Site: endesa.com
Team GANDU targets the website of Truyền thông Phóng Viên Trẻ UFM
Category: Defacement
Content: The group claims to have defaced the website of Truyền thông Phóng Viên Trẻ UFM
Date: 2026-02-06T05:31:28Z
Network: openweb
Published URL: https://defacer.id/mirror/id/236555
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/40186511-f142-4241-9df8-804a2a65046f.png
Threat Actors: Team GANDU
Victim Country: Vietnam
Victim Industry: Newspapers & Journalism
Victim Organization: truyền thông phóng viên trẻ ufm
Victim Site: phongvientreufm.com
Alleged sale of IBAN data from Spain
Category: Data Breach
Content: Threat actor claims to be selling a Spain-based IBAN database containing up to 18 million records. The data allegedly includes names, addresses, NIF numbers, email addresses, phone numbers, and IBAN details.
Date: 2026-02-06T05:16:22Z
Network: openweb
Published URL: https://demonforums.net/Thread-SPAIN-IBAN-18-millions
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0ed6e1d9-2452-4bde-a89c-dee7a4d326ee.png
Threat Actors: Wildpistol
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Coinbase Data
Category: Data Breach
Content: Threat actor claims to be selling a Coinbase-related dataset containing approximately 16.3 million records. The data is allegedly linked to U.S.-based users and is offered for sale.
Date: 2026-02-06T05:11:33Z
Network: openweb
Published URL: https://demonforums.net/Thread-Coinbase-Data-16-3-millions
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/16a427d8-685a-422f-8be4-86163cf99755.png
Threat Actors: Wildpistol
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of AirFrance
Category: Data Breach
Content: The threat actor claims to have leaked sensitive data allegedly associated with Air France, and the leaked data reportedly contains approximately 2 million records, including account and customer IDs, first and last names, phone numbers, and login and account details.
Date: 2026-02-06T04:59:51Z
Network: openweb
Published URL: https://darkforums.me/Thread-DATABASE-AirFrance-Vulnerability-Access-to-Admin-Panel-Data-Extraction-Method
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/29af8479-1771-4657-93c7-be087e2322ae.png
https://d34iuop8pidsy8.cloudfront.net/89d5f5bf-c4ed-43e7-8c58-379c63286027.png
https://d34iuop8pidsy8.cloudfront.net/84312ea2-d74a-4b56-a02c-afdb7587a641.png
https://d34iuop8pidsy8.cloudfront.net/13e0a1ad-055b-4a26-9fcb-a869162719c9.png
Threat Actors: GordonFreeman
Victim Country: France
Victim Industry: Airlines & Aviation
Victim Organization: airfrance
Victim Site: airfrance.com
Alleged Sale of WordPress Domain Database
Category: Data Breach
Content: Threat actor claims to be selling a WordPress database containing over 25,000,000 website domains, reportedly updated for 2026 relevance, with an asking price of $100. The data and claims remain unverified.
Date: 2026-02-06T04:51:08Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275352/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e2c90367-fc11-4aa2-91f8-b965bb02f293.png
Threat Actors: WOC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Technogym
Category: Data Breach
Content: Threat actor claims to be selling data of Technogym in Egypt. The compromised data reportedly includes first name, last name, lead record type, company/ account, industry and 9,000 unique phone numbers and 13,000 unique emails.
Date: 2026-02-06T04:45:14Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275345/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ee08623a-1555-41e7-9651-803372508dfb.png
https://d34iuop8pidsy8.cloudfront.net/bb8e2bf5-f0ab-47c0-bcd5-69e9bf9c1b38.png
https://d34iuop8pidsy8.cloudfront.net/17748b4a-26de-4279-8ab8-a024afbbad9e.png
Threat Actors: GeeksforGeeks
Victim Country: Egypt
Victim Industry: Health & Fitness
Victim Organization: technogym
Victim Site: technogym.com
Alleged sale of access to unidentified shop in USA
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin and database access to an unidentified shop in USA.
Date: 2026-02-06T04:41:53Z
Network: openweb
Published URL: https://forum.exploit.in/topic/275290/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8318a4da-7b88-4544-9cf5-bf2ad9364b17.png
Threat Actors: savel987
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Team GANDU targets the website of Gardenesque
Category: Defacement
Content: The group claims to have defaced the website of Gardenesque
Date: 2026-02-06T03:59:10Z
Network: openweb
Published URL: https://defacer.id/mirror/id/236526
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/12e1d57b-6d6c-4211-8ade-ebc24739a033.png
Threat Actors: Team GANDU
Victim Country: UK
Victim Industry: Retail Industry
Victim Organization: gardenesque
Victim Site: gardenesque.uk.com
Team GANDU targets the website of Farmers Weekly
Category: Defacement
Content: The group claims to have defaced the website of Farmers Weekly
Date: 2026-02-06T03:20:54Z
Network: openweb
Published URL: https://defacer.id/mirror/id/236525
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4aeb7cf9-c4b2-4726-902d-8f456d2095d5.png
Threat Actors: Team GANDU
Victim Country: UK
Victim Industry: Agriculture & Farming
Victim Organization: farmers weekly
Victim Site: fwi.uk.com
Alleged Unauthorized Webmail Access of Argentine Air Force
Category: Initial Access
Content: Threat Actor claims to have leaked unauthorized Webmail access to Argentine Air Force.
Date: 2026-02-06T02:05:45Z
Network: openweb
Published URL: https://darkforums.me/Thread-Document-Free-Access-Credentials-For-Argentine-Air-Force-WebMail
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/15885a44-18e9-48ee-936f-615f6d65e1b2.png
https://d34iuop8pidsy8.cloudfront.net/99eed814-7078-415d-a854-219365d1769d.png
https://d34iuop8pidsy8.cloudfront.net/50ed11d1-0805-432a-b375-3d0e76b34acd.png
Threat Actors: GordonFreeman
Victim Country: Argentina
Victim Industry: Government Administration
Victim Organization: argentine air force
Victim Site: argentina.gob.ar
Alleged Data Breach of Powerlab
Category: Data Breach
Content: The threat actor claims to be leaked data from Powerlab. The compromised data reportedly includes Id, First name, Name, Email address and more
Date: 2026-02-06T01:52:46Z
Network: openweb
Published URL: https://breachforums.jp/Thread-Powerlab-fr-database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3e34b45a-5406-438f-95bd-7968882bd38b.png
Threat Actors: sux1337
Victim Country: France
Victim Industry: Business Supplies & Equipment
Victim Organization: powerlab
Victim Site: powerlab.fr