[January-04-2026] Daily Cybersecurity Threat Report

Posted on

1. Executive Summary

This report analyzes 95 distinct cyber incidents recorded on January 4, 2026. The data indicates a surge in activity across four primary categories: Data Breaches, Ransomware, Initial Access Sales, and Website Defacements.

Key observations include:

  • High-Volume Data Breaches: Massive datasets involving millions of records were exposed, notably in the telecommunications and healthcare sectors.
  • Ransomware Campaigns: The threat group Dire Wolf launched a coordinated campaign targeting multiple global industries.
  • Critical Infrastructure Targeting: The Infrastructure Destruction Squad claimed access to industrial control systems (ICS) and SCADA systems in South Korea, Spain, and Italy.
  • Geographic Spread: Victims are distributed globally, with significant concentrations in Indonesia, the USA, France, the UK, and India.

2. Major Data Breaches

The majority of reported incidents involve the sale or leakage of sensitive databases. These breaches span government, healthcare, and commercial sectors.

A. High-Impact & Large-Scale Breaches

  • Robi Axiata Limited (Bangladesh): A threat actor named int3lzO claimed to possess aggregated statistical data representing approximately 40 million subscribers1.
  • Turkey Hospital Workers: A leak allegedly exposed information on approximately 2.7 million healthcare employees, including doctors and hospital workers across Turkey2.
  • PT Matahari Department Store Tbk (Indonesia): A breach reportedly compromised 2 million customer records, including PII and card-related numbers3333.+1
  • Immobiliare.it (Italy): A database of 1.4 million records related to real estate agents, including private mobile numbers, was offered for sale4.
  • Upbit (South Korea): The Infrastructure Destruction Squad claimed to have hacked the crypto-exchange’s servers, obtaining 1.83 TB of infrastructure and operational data5.

B. Government & Public Sector

  • United Kingdom: A threat actor named Grubder leaked a “data-export.unitedkingdom” database containing 218,000 user records with cleartext passwords and physical addresses6.
  • Cherokee County Government (USA): Approximately 92,000 government employee records, including HR identifiers and office locations, were listed for sale777.+2
  • Aguascalientes (Mexico): A leak reportedly exposed government data including addresses, fines, and bank account details8.

C. Healthcare & Critical Services

  • HIDOC (Indonesia): A national-scale hospital booking and patient queue database was offered for sale, covering the end-to-end outpatient booking lifecycle9.
  • BrightSpeed (USA): The Crimson Collective claimed a breach involving customer account masters, payment histories, and masked card details10.
  • Resource Corporation of America (USA): Targeted by Medusa Ransomware, which threatens to publish internal data within 15-16 days11.

3. Ransomware Campaigns

Ransomware activity was dominated by a specific actor, though other well-known groups remain active.

The “Dire Wolf” Campaign

The threat group Dire Wolf executed a rapid series of attacks across diverse industries on the same day.

  • KwikLedgers (USA): 31 GB of data stolen, including tax filings and financial records12.
  • Hydrodiseño (Spain): 487 GB of data stolen, including employee records and legal documents13.
  • Bina Darulaman Berhad (Malaysia): 500 GB of data stolen, including design drawings and confidential documents14.
  • Laurenzano Logística (Argentina): 100 GB of logistics data obtained15.
  • Sunzen Group (Malaysia): 108 GB of biotechnology data obtained16.
  • Pernel Media (France): 500 GB of media production data obtained17.

Other Active Groups

  • Qilin: Targeted Sönmezler Metal (Turkey) 18, Cal Spas (USA) 19, and Tommotek WA Pty Ltd (Australia)20.+2
  • Dark Storm Team: Targeted the Ministry of Foreign Affairs (Venezuela), providing proof of website downtime21.

4. Industrial Control Systems (ICS) & Initial Access

A concerning trend is the sale of direct access to critical infrastructure and operational technology (OT).

Infrastructure Destruction Squad

This group focused on gaining control over physical systems:

  • South Korea: Claimed access to an industrial control system for metal thermal processing (heating, quenching, tempering)2222.+1
  • Iran (Teco Impianti s.r.l): Claimed login access to a system managing climate, feed, and water for farming2323.+1
  • Italy (Avinatura Srl SS): Claimed access to poultry house environmental controls, including temperature and ventilation systems24.
  • Spain: Claimed access to a payment and management system for dryers25.

General Access Sales

  • Fortinet: An actor is selling 1,200 unauthorized Fortinet admin access points26.
  • Opéra National de Paris: Unauthorized SFTP access exposing server credentials and internal hostnames27.
  • WordPress Shops: The actor Shopify is selling shell/admin access to shops in Iceland, Denmark, Poland, France, Italy, and Chile28282828.+1

5. Threat Actor Analysis

Threat ActorPrimary ActivityFocus / Tactics
GrubderData BrokerageHighly prolific; focused on selling UK and USA PII datasets (e.g., Mumsnet, Cherokee County, Needham Business)292929292929292929.+2
Dire WolfRansomwareHigh-volume exfiltration (100GB-500GB+) targeting global enterprises with defined countdown timers for publication30303030.+1
LoserData BrokerageFocused on e-commerce and talent profiles in Europe and Canada (e.g., VinterNet, Broil King, CastingStudio)313131313131313131.+2
LionDataMarketData BrokerageHeavily focused on Indonesian platforms (Sayurbox, Titipku, Indopaket)32323232.+1
Infrastructure Destruction SquadICS/SCADA AttacksTargets operational technology (farming, metal processing) rather than just data exfiltration33333333.+1

6. Conclusion

The intelligence gathered from January 4, 2026, highlights a volatile cyber landscape.

  1. Indonesia is a primary target for data brokers, with multiple e-commerce and logistics platforms compromised.
  2. Ransomware has become industrialized, evidenced by Dire Wolf’s simultaneous, high-volume attacks across three continents in a single day.
  3. Operational Technology is at risk, with the Infrastructure Destruction Squad demonstrating the capability to access and potentially manipulate physical control systems in the agriculture and manufacturing sectors.
  4. Credential exposure is widespread, with thousands of administrative access points (Fortinet, WordPress) available for purchase, likely serving as precursors to future ransomware or espionage attacks.

Recommendation: Organizations in the affected sectors (Healthcare, Telecommunications, Manufacturing) should immediately audit their external attack surfaces, specifically looking for exposed Fortinet appliances and unsecured database endpoints.

Detected Incidents Draft Data

  1. Alleged Data Breach of Shining Hope for Communities (SHOFCO)
    Category: Data Breach
    Content: Threat Actor claims to have breached the database of Shining Hope for Communities in Kenya, which contains 129k records of user information.
    Date: 2026-01-04T22:33:27Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273134/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/0c43092a-d3cd-49af-94a0-743610924d0b.png
    Threat Actors: betway
    Victim Country: Kenya
    Victim Industry: Non-profit & Social Organizations
    Victim Organization: shining hope for communities
    Victim Site: shofcowelfare.org
  2. Alleged data breach of Turkey Hospital Workers Database
    Category: Data Breach
    Content: A threat actor claims to have leaked data belonging to hospital workers and doctors across Turkey. The data allegedly exposed information on approximately 2.7 million healthcare employees
    Date: 2026-01-04T22:29:47Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-REICHLeaks-Turkiye-Hospital-Workers-Doctor-Database
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1e8aecf9-bb67-4870-a154-80158abd363a.png
    Threat Actors: Elliptic
    Victim Country: Turkey
    Victim Industry: Government & Public Sector
    Victim Organization: Unknown
    Victim Site: Unknown
  3. Alleged Data Breach of PT Matahari Department Store TBK
    Category: Data Breach
    Content: Threat Actor claims to have breached the database of PT Matahari Department Store Tbk in Indonesia, containing approximately 2 million customer records. The exposed data reportedly includes personally identifiable information such as customer names, email addresses, dates of birth, gender, phone numbers, and card-related numbers.
    Date: 2026-01-04T22:28:23Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273136/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9813490a-2c62-4cf4-8ad6-47985d4d6cb7.png
    Threat Actors: betway
    Victim Country: Indonesia
    Victim Industry: Retail Industry
    Victim Organization: pt matahari department store tbk
    Victim Site: matahari.com
  4. Alleged data breach of Petits-Fils
    Category: Data Breach
    Content: The threat actor claims to have exposure of an employee database belonging to Petits-Fils, a French elderly home-care services company. The leaked dataset reportedly contains around 1,000 employee records and was shared in JSON format.
    Date: 2026-01-04T22:20:32Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-FR-Petit-Fils-1K-Employees
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9d0569e9-863d-4e7c-a7e8-c1045f4f0651.png
    Threat Actors: HexDex2
    Victim Country: France
    Victim Industry: Hospital & Health Care
    Victim Organization: petits-fils
    Victim Site: petits-fils.com
  5. Alleged sale of 120x express vpn
    Category: Data Breach
    Content: The threat actor claims to have selling approximately 120 ExpressVPN-related entries, shared via an external file-hosting link.
    Date: 2026-01-04T22:09:29Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-120x-express-vpn
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f9d2b7a7-b349-42c0-bc0b-28b6aeaedf13.png
    Threat Actors: buadamcokfena
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  6. Alleged Data Leak of data-export.united kingdom
    Category: Data Breach
    Content: Threat Actor claims to have leaked a database allegedly sourced from data-export.unitedkingdom, containing approximately 218,000 user records. The exposed data reportedly includes sensitive user information such as personally identifiable information, cleartext passwords, IP addresses, and physical address details. The dataset allegedly contains extensive account-level fields, including user IDs, names, email addresses, account status, verification flags, gender, age range, contact numbers, postal addresses, signup and login metadata, reputation metrics, alerts counts, and system-related information.
    Date: 2026-01-04T22:06:08Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Selling-218k-United-Kingdom-data-export-united-kingdom-User-PII-cleartext-passwords-s
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/34d29dc6-8e0b-42ef-920c-b253e229ecc4.png
    Threat Actors: Grubder
    Victim Country: UK
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  7. Dark Storm Team targets the website of Ministry of Foreign Affairs (Venezuela)
    Category: Ransomware
    Content: Proof of Downtime: https://check-host.net/check-report/363acc6fk39e
    Date: 2026-01-04T22:00:09Z
    Network: telegram
    Published URL: https://t.me/Darkstormre/49
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/59e2ae89-1873-4c6f-a20a-79b5a60fb954.png
    Threat Actors: Dark Storm Team
    Victim Country: Venezuela
    Victim Industry: Government Administration
    Victim Organization: ministry of foreign affairs (venezuela)
    Victim Site: mppre.gob.ve
  8. Alleged data breach of BrightSpeed
    Category: Data Breach
    Content: The group claims to have breached the database of BrightSpeed. The data reportedly includes customer and account master records with names, emails, phone numbers, billing and service addresses, account and network details, address qualification data with geolocation coordinates and service eligibility, user-level account information, payment histories and payment methods with masked card details, as well as appointment and order records containing customer contact information and installation details. The group also states that a data sample will be released on Monday night
    Date: 2026-01-04T21:57:25Z
    Network: telegram
    Published URL: https://t.me/crimsonbackup/10
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/02cf77fe-680d-47f8-bbfb-fc4773630f11.jpg
    Threat Actors: Crimson Collective
    Victim Country: USA
    Victim Industry: Network & Telecommunications
    Victim Organization: brightspeed
    Victim Site: brightspeed.com.
  9. Alleged data breach of Accommodation for Students
    Category: Data Breach
    Content: A threat actor claims to be selling a database allegedly sourced from Accommodation for Students. The listing advertises approximately 182,000 records containing owner-related personally identifiable information (PII). The exposed data reportedly includes email addresses, phone numbers, password hashes, names, addresses, account metadata, and other profile attributes
    Date: 2026-01-04T21:49:51Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Selling-182k-United-Kingdom-accommodationforstudents-com-Owner-PII-password-hashes-em
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f24416ed-213b-4426-a193-277cef54216c.png
    Threat Actors: Grubder
    Victim Country: UK
    Victim Industry: Real Estate
    Victim Organization: accommodation for students
    Victim Site: httpaccommodationforstudents.com
  10. Alleged Data Breach of Mumsnet Limited
    Category: Data Breach
    Content: Threat Actor claims to have breached the database of Mumsnet Limited in the United Kingdom. The exposed data reportedly includes user personally identifiable information, password hashes, signup IP addresses, and home address details. The dataset allegedly contains extensive account-level information such as usernames, email addresses, account status, membership details, reputation metrics, login and signup metadata, location data, and contact numbers.
    Date: 2026-01-04T21:40:21Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Selling-1-4m-United-Kingdom-https-www-mumsnet-com-User-PII-password-hashes-signup-I
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b8201dff-ae1c-497a-a3fc-bb586e685d63.png
    Threat Actors: Grubder
    Victim Country: UK
    Victim Industry: Online Publishing
    Victim Organization: mumsnet limited
    Victim Site: mumsnet.com
  11. Alleged data breach of Cherokee County Government
    Category: Data Breach
    Content: The threat actor claims to be selling a database allegedly obtained from cherokeecountyga.gov, a United States local government entity. The exposed dataset reportedly contains approximately 92,000 government employee records, including employee full names, job titles, departments, work email addresses, phone numbers, office locations, HR identifiers, employment status, hire and end dates, and internal organizational details
    Date: 2026-01-04T21:23:12Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Selling-92k-United-States-cherokeecountyga-gov-Government-Employee-PII-HR-Systems-Co
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/24db3ced-e353-4314-a822-df9403689cd6.png
    Threat Actors: Grubder
    Victim Country: USA
    Victim Industry: Government & Public Sector
    Victim Organization: cherokee county government
    Victim Site: cherokeecountyga.gov
  12. Alleged data breach of Needham Business Association
    Category: Data Breach
    Content: The threat actor claims to be selling a database allegedly obtained from needhambusiness.co.uk, a United Kingdom–based business membership organization. The exposed dataset reportedly contains approximately 127,000 member records, including full names, email addresses, office and mobile phone numbers, physical addresses, membership details, login metadata, IP logs, and password hashes with associated salts.
    Date: 2026-01-04T21:15:22Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Selling-127k-United-Kingdom-needhambusiness-co-uk-Member-PII-password-hashes-mobile-n
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d1ae8e0d-6418-41f0-b6ab-4a3b21fc2701.png
    Threat Actors: Grubder
    Victim Country: UK
    Victim Industry: Non-profit & Social Organizations
    Victim Organization: needham business association
    Victim Site: needhambusiness.co.uk
  13. Alleged data breach of Buehler
    Category: Data Breach
    Content: The threat actor claims to be selling a database allegedly sourced from buehler a United States–based industrial manufacturing company. The exposed dataset reportedly contains approximately 136,000 marketing and B2B lead records, including full names, business email addresses, phone numbers, company names, physical addresses, inquiry messages, preferred response methods, and submission IP addresses.
    Date: 2026-01-04T21:07:06Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Selling-136k-United-States-https-www-buehler-com-Marketing-Leads-B2B-Emails-Phone-N
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9e5d181c-9294-4a22-8571-139c941b5222.png
    Threat Actors: Grubder
    Victim Country: USA
    Victim Industry: Manufacturing
    Victim Organization: buehler
    Victim Site: buehler.com
  14. Alleged data breach of AustinRealEstate
    Category: Data Breach
    Content: The threat actor claims to be selling a database allegedly sourced from austinrealestate a United States–based real estate platform. The exposed dataset reportedly contains approximately 182,000 real estate lead records, including full names, email addresses, phone numbers, contact preferences, property interests, budget ranges, location preferences, IP addresses, and inquiry metadata.
    Date: 2026-01-04T20:57:49Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Selling-182k-United-States-https-www-austinrealestate-com-Real-Estate-Leads-PII-Ema
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3556315c-cc9d-4346-9345-ef806e89f136.png
    Threat Actors: Grubder
    Victim Country: USA
    Victim Industry: Real Estate
    Victim Organization: austinrealestate
    Victim Site: austinrealestate.com
  15. Alleged data breach of ActiveHerb
    Category: Data Breach
    Content: The threat actor claims to be selling a database allegedly obtained from activeherb.com, a United States–based health supplement retailer. The exposed dataset reportedly contains approximately 114,000 customer records, including email addresses, phone numbers, health-related queries, product purchase information, and customer interaction metadata.
    Date: 2026-01-04T20:55:34Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Selling-114k-United-States-https-www-activeherb-com-Customer-Emails-Health-Queries
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2b665085-f390-4aff-85be-cdeb3d6fbc72.png
    Threat Actors: Grubder
    Victim Country: USA
    Victim Industry: Healthcare & Pharmaceuticals
    Victim Organization: activeherb
    Victim Site: activeherb.com
  16. Alleged data breach of Wadhifa
    Category: Data Breach
    Content: The threat actor is advertising the sale of a database allegedly from Wadhifa, a Saudi Arabia–based employment and job-seeker platform. The dataset reportedly contains 418,293 job seeker records and includes highly sensitive personal information such as full names, dates of birth, national ID numbers, email addresses, phone and WhatsApp numbers.
    Date: 2026-01-04T20:52:29Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Selling-418k-Saudi-Arabia-wadhefa-com-418-293-Job-Seeker-CVs-National-IDs-Emails-Pho
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/14a2c998-48f4-4987-b6b2-22ca94c8ced7.png
    Threat Actors: Grubder
    Victim Country: Saudi Arabia
    Victim Industry: Staffing/Recruiting
    Victim Organization: wadhifa
    Victim Site: wadhifa.com
  17. Alleged data breach of Robi Axiata Limited
    Category: Data Breach
    Content: The threat actor claims to be offering a large-scale dataset allegedly related to Robi Axiata Limited. The dataset is advertised as representing approximately 40 million Robi subscribers and is described as aggregated statistical data rather than raw customer records.
    Date: 2026-01-04T20:46:42Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-DATABASE-40-million-Robi-phone-number-dataset-%E2%80%93-Bangladesh
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/513f60e4-1b24-487e-b952-21eb5df4bf4e.png
    Threat Actors: int3lzO
    Victim Country: Bangladesh
    Victim Industry: Network & Telecommunications
    Victim Organization: robi axiata limited
    Victim Site: robi.com.bd
  18. Alleged Sale of Unauthorized Admin and Shell Access to Unidentified WordPress Shops in Multiple Countries
    Category: Initial Access
    Content: Threat Actor claims to be selling unauthorized admin and shell access to an unidentified WordPress shop in multiple countries, including Iceland, Denmark, and Poland.
    Date: 2026-01-04T20:45:36Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273127/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/aa99ed16-a5d1-4832-94e3-575f0a1abc65.png
    Threat Actors: Shopify
    Victim Country: Iceland
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  19. Alleged data breach of Schultze & Braun
    Category: Data Breach
    Content: The threat actor claims to be selling a database allegedly extracted from the website of Schultze & Braun, a German law firm. The dataset is advertised as containing approximately 106,000 records and reportedly includes legal entity names, entity types, brand and division details, postal addresses, phone and fax numbers, email addresses.
    Date: 2026-01-04T20:41:02Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Selling-106k-Germany-schultze-braun-de-Law-Firm-Records-Legal-Entities-Phone-Address
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/0255b901-e592-4db9-8875-a0321b8f01ac.png
    Threat Actors: Grubder
    Victim Country: Germany
    Victim Industry: Legal Services
    Victim Organization: schultze & braun
    Victim Site: schultze-braun.de
  20. Alleged Sale of Unauthorized Admin and Shell Access to an Unidentified WordPress Shop in France
    Category: Initial Access
    Content: Threat Actor claims to be selling unauthorized admin access and shell access to an unidentified WordPress shop in France.
    Date: 2026-01-04T20:25:25Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273125/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9df629d7-2a3a-431f-91d6-d760f08bc498.png
    Threat Actors: Shopify
    Victim Country: France
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  21. Alleged Sale of Unauthorized Admin and Shell Access to an Unidentified WordPress Shop in Italy
    Category: Initial Access
    Content: Threat Actor claims to be selling unauthorized admin access and shell access to an unidentified WordPress shop in Italy.
    Date: 2026-01-04T20:24:46Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273124/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/0db2b577-3572-44d8-8ee4-8f68b6d22a90.png
    Threat Actors: Shopify
    Victim Country: Italy
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  22. Alleged Sale of Unauthorized Admin and Shell Access to an Unidentified WordPress Shop in Chile
    Category: Initial Access
    Content: Threat Actor claims to be selling unauthorized admin access and shell access to an unidentified WordPress shop in Chile.
    Date: 2026-01-04T20:10:59Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273120/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/25e33885-0d29-46ab-97f6-e2e28523e13b.png
    Threat Actors: Shopify
    Victim Country: Chile
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  23. JavaneseTeam targets the website of Faith Victory Association
    Category: Defacement
    Content: The Group claims to have defaced the website of Faith Victory Association in Rwanda.
    Date: 2026-01-04T19:20:05Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/223269
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/04254cf0-87d2-4131-85db-447b299ee43b.png
    Threat Actors: JavaneseTeam
    Victim Country: Rwanda
    Victim Industry: Non-profit & Social Organizations
    Victim Organization: faith victory association
    Victim Site: faith-victory.org
  24. Alleged data leak of France Unofficial Database Index
    Category: Data Breach
    Content: The threat actor claims to be selling database index related to France. The exposed data may contain user information such as emails, usernames, and personal records, creating potential security and privacy risks.
    Date: 2026-01-04T19:08:40Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-Unofficial-Database-Index-French-edition–183062
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8c833de9-26c3-4885-bc07-b61b34f8d6e7.png
    Threat Actors: Addka72424
    Victim Country: France
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  25. BONDOWOSO BLACK HAT targets the website of Mediatax
    Category: Defacement
    Content: The Group claims to have defaced the website of Mediatax in Indonesia.
    Date: 2026-01-04T19:01:07Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/223267
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a5ee326c-2a59-4138-8720-a9ed07c1baee.png
    Threat Actors: BONDOWOSO BLACK HAT
    Victim Country: Indonesia
    Victim Industry: Accounting
    Victim Organization: mediatax
    Victim Site: mediatax.id
  26. Alleged data breach of HIDOC
    Category: Data Breach
    Content: The threat actor claims to be offering a national-scale hospital booking and patient queue database linked to HIDOC, a centralized healthcare appointment and queue-management platform used across Indonesia. which includes end-to-end outpatient booking lifecycle informations.
    Date: 2026-01-04T19:00:04Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-HIDOC-CO-ID-1-32m-%E2%80%94-NATIONAL-HOSPITAL-BOOKING-PATIENT-QUEUE-DATABASE-INDONESIA
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e7c3e366-345b-4597-9934-121cc240cf46.png
    Threat Actors: LionDataMarket
    Victim Country: Indonesia
    Victim Industry: Healthcare & Pharmaceuticals
    Victim Organization: hidoc
    Victim Site: hidoc.co.id
  27. Alleged data breach of Sayurbox
    Category: Data Breach
    Content: A threat actor claims to be selling a large order and payment database from Sayurbox Indonesia, an online grocery delivery platform. which include order details, pricing information, vouchers and discounts, delivery options, payment methods and transaction metadatas.
    Date: 2026-01-04T18:48:53Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-SAYURBOX-INDONESIA-8-5-Million-Records-ONLINE-GROCERY-DELIVERY
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/11911cc6-b6e2-4422-ae9e-b5d085c00e74.png
    Threat Actors: LionDataMarket
    Victim Country: Indonesia
    Victim Industry: E-commerce & Online Stores
    Victim Organization: sayurbox
    Victim Site: sayurbox.com
  28. BONDOWOSO BLACK HAT targets the website of Poris Pack
    Category: Defacement
    Content: The Group claims to have defaced the website of Poris Pack in Indonesia.
    Date: 2026-01-04T18:47:25Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/223266
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ba84ec4e-c1ba-4f6f-8f2f-81411555a224.png
    Threat Actors: BONDOWOSO BLACK HAT
    Victim Country: Indonesia
    Victim Industry: E-commerce & Online Stores
    Victim Organization: poris pack
    Victim Site: poris.id
  29. Alleged data breach of Titipku
    Category: Data Breach
    Content: The threat actor claims to be selling a full user and vendor database belonging to Titipku, an Indonesian hyperlocal shopping and delivery platform. which includes user IDs, full names, email addresses, phone numbers, gender, birth dates, account creation and update timestamps, and profile metadata.
    Date: 2026-01-04T18:46:50Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-titipku-com-DATABASE-%E2%80%94-470-000-Records-INDONESIA-Shopping-Platform
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2f68daf2-0ee2-4f7d-b9d7-d1c79f32c908.png
    Threat Actors: LionDataMarket
    Victim Country: Indonesia
    Victim Industry: E-commerce & Online Stores
    Victim Organization: titipku
    Victim Site: titipku.com
  30. Alleged data breach of Indopaket
    Category: Data Breach
    Content: The threat actor claims to be offering for sale a large-scale logistics delivery database associated with Indopaket, an Indonesian national last-mile courier service.
    Date: 2026-01-04T18:45:51Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-HIDOC-CO-ID-1-32m-%E2%80%94-NATIONAL-HOSPITAL-BOOKING-PATIENT-QUEUE-DATABASE-INDONESIA
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/767486af-ea52-419f-b67c-1915758ef935.png
    Threat Actors: LionDataMarket
    Victim Country: Indonesia
    Victim Industry: Transportation & Logistics
    Victim Organization: indopaket
    Victim Site: indopaket.co.id
  31. Dream Hack targets the website of Doctors Query Private Limited
    Category: Defacement
    Content: The Group claims to have defaced the website of Doctors Query Private Limited in India.
    Date: 2026-01-04T18:40:00Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/223282
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/5ff95629-2c94-42d0-92bc-6abb99912cce.png
    Threat Actors: Dream Hack
    Victim Country: India
    Victim Industry: Education
    Victim Organization: doctors query private limited
    Victim Site: doctorsquery.com
  32. Alleged data leak of Indonesia Trans Network
    Category: Data Breach
    Content: The group claims to have leaked employee id photo files of Indonesia Trans Network
    Date: 2026-01-04T18:33:24Z
    Network: telegram
    Published URL: https://t.me/c/3487552490/158
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b99c998f-6fa6-4d0b-814e-95da7393d23e.jpg
    https://d34iuop8pidsy8.cloudfront.net/a32f1145-f105-4708-9d3e-7ca647a372d9.jpg
    https://d34iuop8pidsy8.cloudfront.net/988e9f79-6dbe-4f97-89f8-c067e9492b7b.jpg
    Threat Actors: BABAYO EROR SYSTEM
    Victim Country: Indonesia
    Victim Industry: Network & Telecommunications
    Victim Organization: indonesia trans network
    Victim Site: itn.net.id
  33. Alleged Unauthorized Access to an Opéra national de Paris
    Category: Initial Access
    Content: A threat actor claims to be offering unauthorized SFTP access associated with Opéra national de Paris, allegedly exposing server credentials, certificate passwords, FTP/SFTP access details, internal hostnames, and service configuration information.
    Date: 2026-01-04T18:27:20Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-FR-Access-SFTP-OperaDeParis
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9f45b820-cd41-4d55-ad25-24fcdf2da0ad.png
    Threat Actors: HexDex2
    Victim Country: France
    Victim Industry: Performing Arts
    Victim Organization: opéra national de paris
    Victim Site: operadeparis.fr
  34. Alleged sale of 10M Outlook Cleaned Emails Database
    Category: Data Breach
    Content: A threat actor claims to be offering a “cleaned” database containing over 10 million Outlook email addresses.
    Date: 2026-01-04T18:26:45Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-Outlook-Cleaned-Emails-Database-10M
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f365b24a-02fd-4a01-b6df-72add908d229.png
    Threat Actors: Toxic_Wolf
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  35. Alleged sale of Massive iCloud Email Database
    Category: Data Breach
    Content: A threat actor claims to be distributing a dataset containing approximately 23 million iCloud email addresses allegedly associated with Apple iCloud users. The dataset reportedly consists solely of email addresses in CSV format.
    Date: 2026-01-04T18:25:49Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-Massive-23M-iCloud-Email-Database-at-Your-Fingertips
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/cd74970a-b0fe-4c84-aaee-9c26978657d3.png
    Threat Actors: Toxic_Wolf
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  36. Alleged data breach of VinterNet
    Category: Data Breach
    Content: A threat actor claims to be selling a database allegedly from VinterNet . containing approximately 156,000 e-commerce order records. The exposed data reportedly includes customers’ full names, email addresses, phone numbers, billing and shipping addresses, invoice details, order metadata, and payment-related status informations.
    Date: 2026-01-04T17:52:08Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-156k-France-https-www-vinternet-net-E-commerce-Orders-DB-Full-PII-Emails-P
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/59964629-d7fd-40c5-a665-8e13bdea8415.png
    Threat Actors: Loser
    Victim Country: France
    Victim Industry: E-commerce & Online Stores
    Victim Organization: vinternet
    Victim Site: vinternet.net
  37. Alleged data breach of Immobiliare.it
    Category: Data Breach
    Content: A threat actor claims to be selling a database allegedly from Immobiliare.it .containing approximately 1.4 million records related to Italian real estate agents. The exposed data reportedly includes agents’ full names, email addresses, private mobile phone numbers, office addresses, city and postal code information, and internal record metadata, posing risks of targeted phishing, harassment, and business email compromise.
    Date: 2026-01-04T17:51:14Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-1-4m-Italy-immobiliare-it-Real-Estate-Agent-PII-Private-Mobile-Numbers-Emails
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/bed34c3e-795b-4307-a3f7-3806867e9492.png
    Threat Actors: Loser
    Victim Country: Italy
    Victim Industry: Real Estate
    Victim Organization: immobiliare.it
    Victim Site: immobiliare.it
  38. Alleged data breach of Kotori Juku
    Category: Data Breach
    Content: The threat actor claims to be selling a database allegedly from Kotori Juku. containing approximately 98,000 records. The exposed data reportedly includes users’ full names, dates of birth, phone numbers, email addresses, physical addresses, account metadata, and password hashes, posing potential risks of account takeover, phishing, and identity fraud.
    Date: 2026-01-04T17:40:41Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-98k-Japan-kotori-juku-jp-Education-Portal-DB-PII-Emails-Phone-Numbers-Addre
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8995892b-b5eb-43e0-8c08-996a50cfd97f.png
    Threat Actors: Loser
    Victim Country: Japan
    Victim Industry: Education
    Victim Organization: kotori juku
    Victim Site: kotori-juku.jp
  39. Alleged data breach of Broil King
    Category: Data Breach
    Content: A threat actor claims to be selling a database allegedly from Broil King. containing approximately 267K customer records from Canada. The exposed data reportedly includes customers’ full names, email addresses, phone numbers, shipping addresses, product model and serial numbers, warranty registration details, and service case information, posing a risk of phishing, fraud, and targeted scams.
    Date: 2026-01-04T17:38:33Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-267k-Canada-broilkingbbq-com-Customer-database-personal-emails-phone-numbers
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2f7a021a-bd89-438e-b367-e8fe114c461f.png
    Threat Actors: Loser
    Victim Country: Canada
    Victim Industry: Consumer Goods
    Victim Organization: broil king
    Victim Site: broilkingbbq.com
  40. Alleged data breach of Golf
    Category: Data Breach
    Content: The threat actor claims to be selling a database from Golf. The dataset is advertised as containing approximately 500,000 member records and includes personally identifiable informations.
    Date: 2026-01-04T17:30:52Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-500k-Australia-https-www-golflink-com-au-Member-database-including-PII-Golf
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9a012180-d7d3-4f78-b547-624f8ca9dac1.png
    Threat Actors: Loser
    Victim Country: Australia
    Victim Industry: Sports
    Victim Organization: golf
    Victim Site: golf.com.au
  41. Alleged data leak of Misr Pharmacies
    Category: Data Breach
    Content: Threat actor claims to have leaked data from Misr Pharmacies The exposed data is said to include customer order and shipment records containing names, email addresses, phone numbers, billing and shipping details, payment and delivery information, as well as e-prescription records with prescription IDs, customer names and mobile numbers, image URLs, address details, and timestamps
    Date: 2026-01-04T16:50:55Z
    Network: telegram
    Published URL: https://t.me/c/3470684086/246
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/4e686910-c9ae-4c3c-9a3b-93c6ae935d93.jpg
    Threat Actors: RED EYES
    Victim Country: Egypt
    Victim Industry: Hospital & Health Care
    Victim Organization: misr pharmacies
    Victim Site: misr-online.com
  42. Alleged access to an unidentified swimming pool in Denmark
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to the CCTV system of an unidentified swimming pool in Denmark
    Date: 2026-01-04T16:06:24Z
    Network: telegram
    Published URL: https://t.me/zpentestalliance/917
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b55136e3-c671-4cd4-99e9-30f30aa44c44.jpg
    Threat Actors: Z-PENTEST ALLIANCE
    Victim Country: Denmark
    Victim Industry: Recreational Facilities & Services
    Victim Organization: Unknown
    Victim Site: Unknown
  43. Alleged data breach of Paper Deals
    Category: Data Breach
    Content: The group claims to have breached data from Paper Deals
    Date: 2026-01-04T16:05:47Z
    Network: telegram
    Published URL: https://t.me/c/3054021775/259
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/55fc06a7-cec5-4200-a1fc-120feb90d940.jpg
    Threat Actors: BROTHERHOOD CAPUNG INDONESIA
    Victim Country: India
    Victim Industry: E-commerce & Online Stores
    Victim Organization: paper deals
    Victim Site: paperdeals.in
  44. Alleged data breach of BDjobs.com
    Category: Data Breach
    Content: A threat actor claims to be selling a large-scale database extract from BDjobs.com, one of Bangladesh’s largest online job portals. The dataset is advertised as containing approximately 1 million user records and includes highly sensitive personally identifiable information.
    Date: 2026-01-04T15:44:34Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-1m-Bangladesh-https-www-bdjobs-com-Full-PII-database-including-National-IDs
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/74dc98d2-68e4-4828-a2ad-8505ae524a9c.png
    Threat Actors: Loser
    Victim Country: Bangladesh
    Victim Industry: Staffing/Recruiting
    Victim Organization: bdjobs.com
    Victim Site: bdjobs.com
  45. Alleged data breach of CastingStudio
    Category: Data Breach
    Content: A threat actor claims to be selling a database extract from CastingStudio, a Belgium-based talent casting platform. The dataset is advertised as containing approximately 100,000 professional talent profiles, including personally identifiable information, contact details, and media-related metadata.
    Date: 2026-01-04T15:40:19Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-100k-Belgium-castingstudio-com-Professional-talent-profiles-PII-contact-info–183100
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b3b3ba13-55b6-4e55-acb5-5619ac390d74.png
    Threat Actors: Loser
    Victim Country: Belgium
    Victim Industry: Entertainment & Movie Production
    Victim Organization: castingstudio
    Victim Site: castingstudio.com
  46. Alleged data leak of Chungbuk National University College of Veterinary Medicine
    Category: Data Breach
    Content: Threat actor claims to have leaked data from Chungbuk National University. The compromised data reportedly include name, email, password, etc.
    Date: 2026-01-04T14:25:26Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-DATABASE-%E2%AD%90%EF%B8%8F-South-Korea-Database-vetmed-cbnu-ac-kr-%E2%AD%90%EF%B8%8F
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/038aa9ce-3598-41cd-8c30-8bd5769917f0.png
    Threat Actors: AshleyWood2022
    Victim Country: South Korea
    Victim Industry: Education
    Victim Organization: chungbuk national university college of veterinary medicine
    Victim Site: vetmed.cbnu.ac.kr
  47. No team targets the website of Anepro
    Category: Defacement
    Content: The group claims to have defaced the website of Anepro.
    Date: 2026-01-04T14:15:55Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/223190
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/65bcb794-a984-46d3-a22c-36ce33777111.jpg
    Threat Actors: No team
    Victim Country: Mexico
    Victim Industry: Healthcare & Pharmaceuticals
    Victim Organization: anepro
    Victim Site: anepro.com.mx
  48. Resource Corporation of America falls victim to Medusa Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s internal data and intends to publish it within 15-16 days.
    Date: 2026-01-04T13:58:10Z
    Network: tor
    Published URL: http://s7lmmhlt3iwnwirxvgjidl6omcblvw2rg75txjfduy73kx5brlmiulad.onion/detail?id=20058b47f2b4df7a0402f1fc268880b9
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/bacdcf97-b194-4995-9d82-5b8715f7818d.jpg
    https://d34iuop8pidsy8.cloudfront.net/6e5231c0-6932-43d9-889f-f624db7d3423.jpg
    Threat Actors: MEDUSA
    Victim Country: USA
    Victim Industry: Hospital & Health Care
    Victim Organization: resource corporation of america
    Victim Site: resource-corp.com
  49. Alleged data breach of Doctolib
    Category: Data Breach
    Content: The threat actor claims to have breached data belonging to Doctolib.
    Date: 2026-01-04T13:23:33Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-Doctolib-2025-French-Database
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3a0fdbdb-1735-47c4-9a10-5b1aef847fed.png
    Threat Actors: host1337
    Victim Country: France
    Victim Industry: Software Development
    Victim Organization: doctolib
    Victim Site: doctolib.com
  50. Alleged Data Breach of Upbit
    Category: Data Breach
    Content: The group claims to have hacked the servers of Upbit, obtaining access to a substantial volume of confidential infrastructure and operational data. The compromised dataset is reported to include detailed information about system hardware, memory, storage capacity, and network traffic, amounting to approximately 1.83 TB of sensitive information.
    Date: 2026-01-04T13:00:55Z
    Network: telegram
    Published URL: https://t.me/n2LP_wVf79c2YzM0/3124
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2cdd48f9-3926-40a1-9944-44369d1c9699.png
    https://d34iuop8pidsy8.cloudfront.net/3331c9f8-3fc7-4959-bc66-1cf787d3c485.png
    https://d34iuop8pidsy8.cloudfront.net/7c657068-ddb1-4b3a-a4e1-c0d2763033aa.png
    https://d34iuop8pidsy8.cloudfront.net/fe68c260-1629-4cbe-a8c2-9169e31b42d0.png
    https://d34iuop8pidsy8.cloudfront.net/e90e1ec1-dbbd-4c2d-a545-30acfe54ef9f.png
    Threat Actors: Infrastructure Destruction Squad
    Victim Country: South Korea
    Victim Industry: Financial Services
    Victim Organization: upbit
    Victim Site: upbit.com
  51. Alleged data breach of H1B Metrics
    Category: Data Breach
    Content: Threat actor claims to have leaked data from H1B Metrics. The compromised data reportedly include name, address, phone number, email, pin code, etc.
    Date: 2026-01-04T12:58:37Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-USA-h1bmetrics-com-Leaked-Download
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8c430c8a-3f18-4b34-a998-322df963be63.png
    Threat Actors: lulzintel
    Victim Country: USA
    Victim Industry: Information Services
    Victim Organization: h1b metrics
    Victim Site: h1bmetrics.com
  52. Alleged data leak of gkpartner.pixelserver.ru
    Category: Data Breach
    Content: Threat actor claims to have leaked data from gkpartner.pixelserver.ru. The compromised data reportedly include name, email, password, phone number, etc.
    Date: 2026-01-04T12:55:11Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-gkpartner-pixelserver-ru-Database-Russia
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/212b9974-5994-4530-b334-d4a69d21171f.png
    Threat Actors: LindaBF
    Victim Country: Russia
    Victim Industry: Unknown
    Victim Organization: gkpartner.pixelserver.ru
    Victim Site: gkpartner.pixelserver.ru
  53. Alleged data breach of Sindicato Profesional Independiente Docente
    Category: Data Breach
    Content: The threat actor claims to have breached data belonging to Sindicato Profesional Independiente Docente. The compromised data reportedly includes ID, course information, name, and additional records.
    Date: 2026-01-04T12:45:15Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-cursos-spido-info-Database-Spain
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/41e6e234-8a4c-4d40-8cea-ec145e83ef93.png
    Threat Actors: LindaBF
    Victim Country: Spain
    Victim Industry: Education
    Victim Organization: sindicato profesional independiente docente
    Victim Site: cursos.spido.info
  54. Alleged Unauthorized Access to an industrial control and monitoring system in South Korea
    Category: Initial Access
    Content: The group claims to have gained alleged unauthorized access to an industrial control and monitoring system in South Korea. The compromised system reportedly provides managing and controlling all stages of metal thermal processing, including heating, quenching, tempering, and the use of oil as a cooling medium.
    Date: 2026-01-04T12:41:42Z
    Network: telegram
    Published URL: https://t.me/n2LP_wVf79c2YzM0/3139
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/fb0672d0-c6ff-4fa4-a82f-0d14a81cb7ce.JPG
    Threat Actors: Infrastructure Destruction Squad
    Victim Country: South Korea
    Victim Industry: Automotive
    Victim Organization: dongjin electric & precision co., ltd.
    Victim Site: dongjinco.com
  55. Alleged data breach of DKMads
    Category: Data Breach
    Content: Threat actor claims to have leaked source code from DKMads.
    Date: 2026-01-04T12:35:01Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SOURCE-CODE-DKMads-Data-Breach-Leaked-Download
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f680d003-7f57-46e4-afcb-e43ec2f8239a.png
    Threat Actors: shabanaiqbal420
    Victim Country: Myanmar
    Victim Industry: Marketing, Advertising & Sales
    Victim Organization: dkmads
    Victim Site: dkmads.com
  56. 6ickzone targets the website of binmart.shop
    Category: Defacement
    Content: The group claims to have defaced the website of binmart.shop
    Date: 2026-01-04T12:22:01Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/223179
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e3df85ba-20f4-46fd-ac3c-a46787a9585f.JPG
    Threat Actors: 6ickzone
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: binmart.shop
  57. Alpha wolf targets the website of Agence Meran
    Category: Defacement
    Content: The group claims to have defaced the website of Agence Meran

girasolnettoyage.agencemeran.fr
https://defacer.id/mirror/id/223214

hortensia.agencemeran.fr
https://defacer.id/mirror/id/223215

addicthair.agencemeran.fr
https://defacer.id/mirror/id/223219

agencemeran.fr
https://defacer.id/mirror/id/223218

hcoeurjaune.agencemeran.fr
https://defacer.id/mirror/id/223217

artvision.agencemeran.fr
https://defacer.id/mirror/id/223193

czevent.agencemeran.fr
https://defacer.id/mirror/id/223192

thonielpicktone.agencemeran.fr
https://defacer.id/mirror/id/223195

maleffilm.agencemeran.fr
https://defacer.id/mirror/id/223206

malef.agencemeran.fr
https://defacer.id/mirror/id/223200

urbansavage.agencemeran.fr
https://defacer.id/mirror/id/223199

zinews.agencemeran.fr
https://defacer.id/mirror/id/223198

media.agencemeran.fr
https://defacer.id/mirror/id/223205

eelr.agencemeran.fr
https://defacer.id/mirror/id/223196

khalifacoiffure.agencemeran.fr
https://defacer.id/mirror/id/223212

nemezyss.agencemeran.fr
https://defacer.id/mirror/id/223204

czweeding.agencemeran.fr
https://defacer.id/mirror/id/223191

czweeding2.agencemeran.fr
https://defacer.id/mirror/id/223216

imscleaning.agencemeran.fr
https://defacer.id/mirror/id/223208

arq.agencemeran.fr
https://defacer.id/mirror/id/223213

lefumoirdesyapi.agencemeran.fr
https://defacer.id/mirror/id/223209

letsgo.agencemeran.fr
https://defacer.id/mirror/id/223202
Date: 2026-01-04T12:14:21Z
Network: openweb
Published URL: https://defacer.id/archive/1
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/183364ab-9ca2-4460-adcd-ff2b95ae8ec0.png
https://d34iuop8pidsy8.cloudfront.net/b78e9721-877b-4ae6-8bae-0800f5f11998.png
https://d34iuop8pidsy8.cloudfront.net/ffc7d6e1-1f2b-4fc6-861c-32eb5a9d35ac.png
https://d34iuop8pidsy8.cloudfront.net/fae2e187-a673-4b87-93f4-67989cb958d7.jpg
https://d34iuop8pidsy8.cloudfront.net/3ee6d941-d10c-402c-880f-7fcb9e80e668.jpg
Threat Actors: Alpha wolf
Victim Country: France
Victim Industry: Information Technology (IT) Services
Victim Organization: agence meran
Victim Site: girasolnettoyage.agencemeran.fr

Alleged sale of unauthorized Fortinet admin access
Category: Initial Access
Content: Threat actor claims to be selling 1200 unauthorized Fortinet admin access.
Date: 2026-01-04T00:05:04Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273052/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4cda57be-d668-4418-b8c9-b7d91770017a.png
Threat Actors: ClientMonero
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

Sönmezler Metal falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2026-01-04T12:11:00Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=fce35e22-6243-390c-bb7e-00074eb92bf8
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b607a792-1270-476d-94a2-11b184e7918c.jpg
Threat Actors: Qilin
Victim Country: Turkey
Victim Industry: Mining/Metals
Victim Organization: sönmezler metal
Victim Site: sonmezlermetal.com.tr

6ickzone targets the website of HEXUS
Category: Defacement
Content: The group claims to have defaced the website of HEXUS
Date: 2026-01-04T12:07:11Z
Network: openweb
Published URL: https://defacer.id/mirror/id/223177
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c27d0e10-64bc-4378-8969-da7257eb369c.JPG
Threat Actors: 6ickzone
Victim Country: Bangladesh
Victim Industry: Consumer Electronics
Victim Organization: hexus
Victim Site: hexusbd.shop

Cal Spas falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2026-01-04T12:04:45Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=b32b7816-1b2c-3f86-8cfb-c05213b4ac10
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/69b5ed44-a380-4c81-8946-084b86dcdc97.jpg
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Manufacturing
Victim Organization: cal spas
Victim Site: calspas.com

6ickzone targets the website of Naeem Ali
Category: Defacement
Content: The group claims to have defaced the website of Naeem Ali.
Date: 2026-01-04T11:58:58Z
Network: openweb
Published URL: https://defacer.id/mirror/id/223178
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9fa7835a-6025-433d-89a2-438ae40bac6e.jpg
Threat Actors: 6ickzone
Victim Country: Pakistan
Victim Industry: Software Development
Victim Organization: Unknown
Victim Site: naeemali.dev

Tommotek WA Pty Ltd falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2026-01-04T11:56:15Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=14295723-fdc2-34b8-a7f3-468219a279c6
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f76114bd-2026-48c0-89b9-dd1b5030f721.jpg
Threat Actors: Qilin
Victim Country: Australia
Victim Industry: Machinery Manufacturing
Victim Organization: tommotek wa pty ltd
Victim Site: tommotek.com

6ickzone targets the website of Reubro Design
Category: Defacement
Content: The group claims to have defaced the website of Reubro Design.
Date: 2026-01-04T11:50:53Z
Network: openweb
Published URL: https://defacer.id/mirror/id/223180
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2ba0bc36-f17b-451d-839f-c57e074a1bf8.jpg
Threat Actors: 6ickzone
Victim Country: India
Victim Industry: Graphic & Web Design
Victim Organization: reubro design
Victim Site: design.reubro.com

Alleged data breach of Insightsoftware
Category: Data Breach
Content: The threat actor claims to have breached data belonging to Insightsoftware. The compromised data reportedly includes Insightsoftware Atlas source code.
Date: 2026-01-04T11:47:08Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Credera-Data-Breach
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e6b36cc8-b36e-4d35-a348-d6c92c7b7d9f.png
Threat Actors: 888
Victim Country: USA
Victim Industry: Software Development
Victim Organization: insightsoftware
Victim Site: insightsoftware.com

No team targets the website of Asim Khan Official
Category: Defacement
Content: The group claims to have defaced the website of Asim Khan Official
Date: 2026-01-04T11:41:51Z
Network: openweb
Published URL: https://defacer.id/mirror/id/223176
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e4e3fc21-fccf-498e-8af1-e345909046bd.JPG
Threat Actors: No team
Victim Country: Pakistan
Victim Industry: Unknown
Victim Organization: asim khan official
Victim Site: asimkhanofficial.com

6ickzone targets the website of Midlands Musculoskeletal Imaging
Category: Defacement
Content: The group claims to have defaced the website of Midlands Musculoskeletal Imaging.
Date: 2026-01-04T11:35:04Z
Network: openweb
Published URL: https://defacer.id/mirror/id/223181
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dfabbb48-434a-4a67-828d-f0b84cf2420a.jpg
Threat Actors: 6ickzone
Victim Country: UK
Victim Industry: Hospital & Health Care
Victim Organization: midlands musculoskeletal imaging
Victim Site: midlandsimaging.co.uk

JavaneseTeam targets the website of Projecto SIMPLIFICA
Category: Defacement
Content: The group claims to have defaced the website of Projecto SIMPLIFICA.
Date: 2026-01-04T11:32:42Z
Network: openweb
Published URL: https://defacer.id/mirror/id/223188
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9eeb73f8-0a8d-478f-8216-396af344e384.jpg
Threat Actors: JavaneseTeam
Victim Country: Angola
Victim Industry: Government Administration
Victim Organization: projecto simplifica
Victim Site: cms.qa.simplifica.gov.ao

6ickzone targets the website of MSK Radiology 4U
Category: Defacement
Content: The group claims to have defaced the website of MSK Radiology 4U.
Date: 2026-01-04T11:29:40Z
Network: openweb
Published URL: https://defacer.id/mirror/id/223182
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/640d9ee9-9c1b-4ec9-aa28-faf1b270532d.jpg
Threat Actors: 6ickzone
Victim Country: UK
Victim Industry: Hospital & Health Care
Victim Organization: msk radiology 4u
Victim Site: mskradiology4u.co.uk

No team targets the website of National Savings
Category: Defacement
Content: The group claims to have defaced the website of National Savings
Date: 2026-01-04T11:26:49Z
Network: openweb
Published URL: https://defacer.id/mirror/id/223175
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/71f7cf69-ffe5-4de2-b2dc-c2b5a4dc85c3.JPG
Threat Actors: No team
Victim Country: Pakistan
Victim Industry: Government Administration
Victim Organization: national savings
Victim Site: nationalsavings.pk

JavaneseTeam targets the website of SEPE
Category: Defacement
Content: The group claims to have defaced the website of SEPE .
Date: 2026-01-04T11:24:23Z
Network: openweb
Published URL: https://defacer.id/mirror/id/223187
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/39b9765c-63ec-40a3-93fb-3b1238a520b3.jpg
Threat Actors: JavaneseTeam
Victim Country: Angola
Victim Industry: Government Administration
Victim Organization: sepe
Victim Site: content.sepe.gov.ao

Alpha wolf targets the website of ZI’NEWS
Category: Defacement
Content: The group claims to have defaced the website of ZI’NEWS.
Date: 2026-01-04T11:23:19Z
Network: openweb
Published URL: https://defacer.id/mirror/id/223197
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f266d6ab-472f-43cd-adc1-5a267a43f56d.jpg
Threat Actors: Alpha wolf
Victim Country: France
Victim Industry: Online Publishing
Victim Organization: zi’news
Victim Site: zinews.fr

Alleged login access to TECO IMPIANTI s.r.l
Category: Initial Access
Content: The group claims to have gained login access to TECO IMPIANTI s.r.l. The compromised system reportedly provides clmate and environmental management within the farm, feed and water management, automatic maintenance and cleaning, manual control and settings, alarms and notifications.
Date: 2026-01-04T10:51:00Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3123
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b65685a1-a605-4d88-908b-479493d6ca52.JPG
Threat Actors: Infrastructure Destruction Squad
Victim Country: Iran
Victim Industry: Farming
Victim Organization: teco impianti s.r.l
Victim Site: tecoimpianti.it

Alleged unauthorized access to unidentified management system of dryers in Spain
Category: Initial Access
Content: The group claims to have gained access to the unidentified payment and management system for dryers in Spain.
Date: 2026-01-04T10:35:10Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3122
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8f0932bd-407f-434f-9189-d92d4d4397fd.jpg
Threat Actors: Infrastructure Destruction Squad
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

Alleged login access to Avinatura Srl SS
Category: Initial Access
Content: The group claims to have gained login access to Avinatura Srl SS. The compromised system reportedly provides access to the poultry house environmental control system, allowing them to monitor real-time sensor data and control temperature, humidity, ventilation, heating, and water systems across all zones.
Date: 2026-01-04T09:06:05Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3071
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b2242476-61a2-44df-bb32-a0f5df09eda2.JPG
Threat Actors: Infrastructure Destruction Squad
Victim Country: Italy
Victim Industry: Food Production
Victim Organization: avinatura srl ss
Victim Site: avinatura.it

Alleged Data leak of H1METRICS
Category: Data Breach
Content: The threat actor claims to have leaked databases belonging to H1METRICS. The compromised data reportedly includes name, slug, address, city, state, ZIP code, point-of-contact first name, point-of-contact last name, and additional information.
Date: 2026-01-04T08:58:46Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-USA-h1bmetrics-com-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5a2050dc-72a0-4acb-b178-e6a77f338824.png
https://d34iuop8pidsy8.cloudfront.net/050d6199-9fa5-4155-a139-f2f8265c7ce8.png
Threat Actors: lulzintel
Victim Country: USA
Victim Industry: Legal Services
Victim Organization: h1metrics
Victim Site: h1metrics.com

Alleged Data leak of NordVPN
Category: Data Breach
Content: The threat actor claims to have leaked databases belonging to NordVPN. The compromised data reportedly includes Salesforce API keys, Jira tokens, and additional sensitive information.
Date: 2026-01-04T08:49:39Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-SQL-nordvpn-com-SalesForce-leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7e2b0d76-67bd-4cbe-aca7-ab4f77bac13f.png
https://d34iuop8pidsy8.cloudfront.net/f779805f-e8aa-4fc4-bd7b-a070079efab1.png
https://d34iuop8pidsy8.cloudfront.net/0bc9822b-825b-421f-949f-4d8c5163ef86.png
Threat Actors: 1011
Victim Country: Panama
Victim Industry: Information Services
Victim Organization: nordvpn
Victim Site: nordvpn.com

Alleged login access to Cambodia Securities Exchange
Category: Initial Access
Content: The group claims to have gained login access to Cambodia Securities Exchange
Date: 2026-01-04T08:27:26Z
Network: telegram
Published URL: https://t.me/BlackEyeThai/72
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1bd51645-f394-429e-aaca-4211229722af.JPG
Threat Actors: BlackEye-Thai
Victim Country: Cambodia
Victim Industry: Capital Markets/Hedge Fund/Private Equity
Victim Organization: cambodia securities exchange
Victim Site: i.csx.com.kh

Alleged data breach of Indradhanush Gas Gris Limited
Category: Data Breach
Content: The threat actor claims to have leaked databases belonging to Indradhanush Gas Grid Limited. The compromised data reportedly includes candidate type, date of birth, candidate name, gender, mobile number, email address, and additional information.
Date: 2026-01-04T08:20:42Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-INDIA-iggl-co-in-Employee-Data
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5a77c8d1-b018-49bf-9bb5-34d14bbcaab3.png
Threat Actors: Tanaka
Victim Country: India
Victim Industry: Oil & Gas
Victim Organization: indradhanush gas grid limited
Victim Site: iggl.co.in

KwikLedgers falls victim to Dire Wolf Ransomware
Category: Ransomware
Content: The group claims to have obtained 31 GB of the organization’s data. The compromised data reportedly includes internal documents, insurance policy documents, financial documents, confidential documents, database backups, audit documents, internal agreements, customer data, tax filing documents, and financial records. The group intends to publish the data within 20–21 days.
Date: 2026-01-04T07:21:58Z
Network: tor
Published URL: http://direwolfcdkv5whaz2spehizdg22jsuf5aeje4asmetpbt6ri4jnd4qd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1472f7f5-2c1e-4290-8d7e-90aeb813477a.jpg
Threat Actors: Dire Wolf
Victim Country: USA
Victim Industry: Accounting
Victim Organization: kwikledgers
Victim Site: kwikledgers.com

Hydrodiseño falls victim to Dire Wolf Ransomware
Category: Ransomware
Content: The group claims to have obtained 487 GB of the organization’s data. The compromised data reportedly includes Internal Documents, Financial Documents, Legal Documents, Employee Records, Customer Data, Financial Records, Personal Information. The group intends to publish the data within 26–27 days.
Date: 2026-01-04T07:19:29Z
Network: tor
Published URL: http://direwolfcdkv5whaz2spehizdg22jsuf5aeje4asmetpbt6ri4jnd4qd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6ec8e36b-ff94-44f2-bf49-46542ee2f38b.jpg
Threat Actors: Dire Wolf
Victim Country: Spain
Victim Industry: Wholesale
Victim Organization: hydrodiseño
Victim Site: hydrodiseno.com

Bina Darulaman Berhad falls victim to Dire Wolf Ransomware
Category: Ransomware
Content: The group claims to have obtained 500 GB of the organization’s data. The compromised data reportedly includes internal documents, insurance policy documents, financial documents, email backups, legal documents, design drawings, confidential documents, supplier documents, employee records, audit documents, internal agreements, customer data, tax filing documents, financial records, and personal information. The group intends to publish the data within 28–29 days.
Date: 2026-01-04T07:12:34Z
Network: tor
Published URL: http://direwolfcdkv5whaz2spehizdg22jsuf5aeje4asmetpbt6ri4jnd4qd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/12a8f408-8542-4e5f-8431-4b4b69d0b4c6.jpg
Threat Actors: Dire Wolf
Victim Country: Malaysia
Victim Industry: Building and construction
Victim Organization: bina darulaman berhad
Victim Site: bdb.com.my

Alleged data breach of JR Creation
Category: Data Breach
Content: A threat actor claims to be breached 4.50 GB data from JR Creation. The Compromised Data Reportedly contain 85,000 records.
Date: 2026-01-04T06:31:43Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Indian-Students-rjrcreation-in-70K
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/70b0b09d-8d9d-44e9-b3a0-3aafd7685101.png
https://d34iuop8pidsy8.cloudfront.net/aff6fdc2-1374-4963-b0ee-ce296ee77c3d.png
https://d34iuop8pidsy8.cloudfront.net/f2bf24a8-821a-44c9-aaf1-bcb7158cbe2b.png
Threat Actors: notangel
Victim Country: India
Victim Industry: Education
Victim Organization: jr creation
Victim Site: jrcreation.in

Laurenzano Logística falls victim to Dire Wolf Ransomware
Category: Ransomware
Content: The group claims to have obtained 100 GB of the organization’s data and intends to publish it within 20-21 days.
Date: 2026-01-04T06:27:30Z
Network: tor
Published URL: http://direwolfcdkv5whaz2spehizdg22jsuf5aeje4asmetpbt6ri4jnd4qd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/89c26f53-41d3-4c5f-aa41-6086cb31ddd9.png
Threat Actors: Dire Wolf
Victim Country: Argentina
Victim Industry: Transportation & Logistics
Victim Organization: laurenzano logística
Victim Site: laurenzanologistica.com.ar

Sunzen Group falls victim to Dire Wolf Ransomware
Category: Ransomware
Content: The group claims to have obtained 108 GB of the organization’s data and intends to publish it within 27-28 days.
Date: 2026-01-04T06:24:57Z
Network: tor
Published URL: http://direwolfcdkv5whaz2spehizdg22jsuf5aeje4asmetpbt6ri4jnd4qd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9f407ed7-df4c-43eb-b572-68fd343a0612.png
Threat Actors: Dire Wolf
Victim Country: Malaysia
Victim Industry: Biotechnology
Victim Organization: sunzen group
Victim Site: sunzengroup.com

Varimed Medikal falls victim to Dire Wolf Ransomware
Category: Ransomware
Content: The group claims to have obtained 2GB GB of the organization’s data and intends to publish it within 31-40 days.
Date: 2026-01-04T06:18:54Z
Network: tor
Published URL: http://direwolfcdkv5whaz2spehizdg22jsuf5aeje4asmetpbt6ri4jnd4qd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6d14d5d4-efb7-443c-9a47-58d998b85948.png
Threat Actors: Dire Wolf
Victim Country: Turkey
Victim Industry: Medical Equipment Manufacturing
Victim Organization: varimed medikal
Victim Site: varimed.com.tr

Pernel Media falls victim to Dire Wolf Ransomware
Category: Ransomware
Content: The group claims to have obtained 500 GB of the organization’s data and intends to publish it within 11-12 days.
Date: 2026-01-04T05:55:37Z
Network: tor
Published URL: http://direwolfcdkv5whaz2spehizdg22jsuf5aeje4asmetpbt6ri4jnd4qd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d543532d-3680-45dc-9d79-2c0525fbe140.png
Threat Actors: Dire Wolf
Victim Country: France
Victim Industry: Media Production
Victim Organization: pernel media
Victim Site: pernelmedia.com

6ickzone targets the website of Reubro International
Category: Defacement
Content: The group claims to have defaced the website of Reubro International.
Date: 2026-01-04T05:13:23Z
Network: openweb
Published URL: https://defacer.id/mirror/id/223184
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2f14984e-ab16-4e32-be61-6209b0ddc244.png
Threat Actors: 6ickzone
Victim Country: India
Victim Industry: Information Technology (IT) Services
Victim Organization: reubro international
Victim Site: reubrotech.com

Pinoy XploitSec targets the website of The Redeemed College Of Missions
Category: Defacement
Content: The group claims to have defaced the website of The Redeemed College Of Missions
Date: 2026-01-04T04:58:50Z
Network: openweb
Published URL: https://defacer.id/mirror/id/223189
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d5f2e05b-1a6f-4476-941a-57e796c69b78.png
Threat Actors: Pinoy XploitSec
Victim Country: Nigeria
Victim Industry: Education
Victim Organization: the redeemed college of missions
Victim Site: rcm.edu.ng

diparis targets the website of Critical Infrastructure Portal Government of Manipur
Category: Defacement
Content: The group claims to have defaced the website of Critical Infrastructure Portal Government of Manipur.
Date: 2026-01-04T04:56:07Z
Network: openweb
Published URL: https://defacer.id/mirror/id/223190
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cc87308c-01de-40c5-9ea0-5aeb055617f1.png
Threat Actors: diparis
Victim Country: India
Victim Industry: Government Administration
Victim Organization: critical infrastructure portal government of manipur
Victim Site: criticalinfra.mn.gov.in

Alleged data leak of Aguascalientes
Category: Data Breach
Content: The group claims to have leaked Aguascalientes government database. The compromised data reportedly includes Name, Address, License, Fines and Bank accounts.
Date: 2026-01-04T04:30:11Z
Network: telegram
Published URL: https://t.me/c/3625792235/91
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2918c9c5-2863-4335-bea0-22a7aad45b48.png
https://d34iuop8pidsy8.cloudfront.net/02256857-2dcb-492b-ab65-2c7d1d10af65.png
Threat Actors: Chronus leaks
Victim Country: Mexico
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown

Alleged data breach of QuestCraft
Category: Data Breach
Content: The threat actor claims to be leaked data from QuestCraft. The Compromised Data Reportedly contain 741 647 records including User, IPs, Password.
Date: 2026-01-04T04:21:32Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-QuestCraft-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3518410c-5371-471a-bcdf-65249be75e4f.png
https://d34iuop8pidsy8.cloudfront.net/2f2f2fac-b05d-4762-99b9-17d084361896.png
Threat Actors: Kayo
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: questcraft
Victim Site: questcraft.org

Alleged data breach of QuestApply
Category: Data Breach
Content: The threat actor claims to be leaked data from QuestApply. The Compromised Data Reportedly include Email Addresses , names, job title.
Date: 2026-01-04T04:12:25Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-questapply-com-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/003eae5d-d393-414f-87ea-3aa5b0a11265.png
Threat Actors: lulzintel
Victim Country: USA
Victim Industry: Education
Victim Organization: questapply
Victim Site: questapply.com

Alleged data breach of AgroParisTech
Category: Data Breach
Content: A threat actor claims to be breached 211 GB of data from AgroParisTech. The Compromised Data Reportedly include Internal databases, Personally Identifiable Information, Passport data, Passport data, Student records.
Date: 2026-01-04T02:48:57Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-France-AgroParisTech-agroparistech-fr-211GB
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e9e95e7f-db8f-4746-bf31-0475ebc4278b.png
https://d34iuop8pidsy8.cloudfront.net/190b7177-7b53-4127-8019-50ae0116d740.png
Threat Actors: lulzintel
Victim Country: France
Victim Industry: Higher Education/Acadamia
Victim Organization: agroparistech
Victim Site: agroparistech.fr

Alleged data breach of Enerparc AG
Category: Data Breach
Content: Threat actor claims to have breached the internal database of Enerparc AG. The compromised data reportedly includes tenders and technical proposals for transformer stations, station requirement tables, factory acceptance test protocols, final station documentation, detailed photos of equipment, and test videos.
Date: 2026-01-04T00:18:31Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273005/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/101f30e2-80d3-4764-8470-3c7a76bd6ced.png
https://d34iuop8pidsy8.cloudfront.net/12c070d7-3f33-4b5c-b135-b81a454d4ba7.png
https://d34iuop8pidsy8.cloudfront.net/cc9d8084-da41-45a9-91fd-d99e996b22a2.png
Threat Actors: zestix
Victim Country: Germany
Victim Industry: Energy & Utilities
Victim Organization: enerparc ag
Victim Site: enerparc.de

Related Posts