[January-05-2026] Daily Cybersecurity Threat Report

Posted on

1. Executive Summary

The reported timeframe indicates a high volume of cyber activity characterized by aggressive ransomware campaigns, the sale of unauthorized initial access to e-commerce platforms, and significant data breaches targeting government and defense sectors. Two ransomware groups, LYNX and Sinobi, were particularly active, while threat actors like Shopify flooded markets with administrative access to online stores.

2. Major Ransomware Campaigns

Multiple ransomware groups posted new victims, with LYNX and Sinobi accounting for the majority of the incidents.

LYNX Ransomware Group The LYNX group targeted a wide range of industries globally, including government, education, and manufacturing.

  • Government: Victims include the Ville de Dunkerque in France , the South West Development Commission in Australia , and the City of Milton Florida in the USA.+2
  • Education: Attacks were reported against St Joseph’s College Echuca in Australia and St. Charles Preparatory School in the USA.+1
  • Corporate & Industrial: LYNX claimed attacks on Regis Resources (Mining, Australia) , Tecno Electric Paraguay , and Marine Systems Corporation (Maritime, USA).+2

Sinobi Ransomware Group The Sinobi group focused heavily on US-based organizations across various sectors, threatening to publish data within 9–12 days.

  • Healthcare & Biotech: Victims include Windward Life Care , American Health , and LAMPIRE Biological Laboratories, Inc..+2
  • Engineering & Automotive: Targeted entities include Wesley Heating & Cooling , M&M Auto Parts , Harris Consulting Engineers , and Lares Corporation.+3
  • International Targets: They also targeted SVA and Mobile Technology of Spain, SL and Delko Développement in France.+1

Other Ransomware Activity

  • Akira: Claimed attacks on Purcell | Everett Architects (USA) , Gebrüder Bagusat GmbH & Co. KG (Germany) , and Posillico Inc. (USA).+2
  • Everest: Targeted Bolttech (Insurance, Singapore) and IDeaS Revenue Solutions (USA).+1
  • Nova: Claimed attacks on Triad Packaging, Inc. (USA) and Saplog Logistic and Transport (Italy).+1

3. Government and Defense Data Leaks

Several incidents involved the alleged leakage of highly sensitive military and government documents.

  • Defense Secrets:
    • Russia: A threat actor claimed to sell documents related to the Russian C70 Stealth aircraft.
    • Israel: The group Hider_Nex claimed to leak secret documents, maps, and plans from the Israel Ministry of Defence.
    • USA: Documents allegedly associated with the U.S. Navy’s Arleigh Burke-class destroyers, including torpedo blueprints, were leaked.
  • Citizen & Identity Data:
    • Thailand: The group NTSEC claimed leaks of Thailand passport information and citizen ID cards.+1
    • France: DumpSec claimed to sell databases from the Fédération Française de Handball and the Fédération Française de Cyclisme, including national identity cards.+1
    • Panama & Malaysia: Claims circulated regarding the leak of 30,000 Panamanian citizen records and Malaysian ID card data.+1

4. Initial Access & SCADA Vulnerabilities

A significant market activity was observed regarding the sale of unauthorized access, including critical infrastructure controls.

  • Industrial Control Systems (ICS/SCADA):
    • South Korea: The Infrastructure Destruction Squad claimed access to the industrial control system of Jeonnam Technopark, allowing management of factory equipment.
    • United Kingdom: NoName057(16) claimed access to an industrial boiler and screw feeder control system operated by MPAC Automation & Controls.
    • USA: Z-PENTEST ALLIANCE claimed access to high-precision gas analysis equipment at Aeris Technologies.
  • E-Commerce Access Markets:
    • The threat actor Shopify was extremely prolific, listing unauthorized admin and shell access for sale for numerous unidentified online stores in the USA, France, UK, Spain, Slovakia, and Malta.+4

5. Corporate Data Breaches

Large-scale data breaches affected major commercial entities and service providers.

  • Energy & Utilities: A database belonging to Endesa, Spain’s largest electricity company, was allegedly put up for sale.
  • Financial Services: Data leaks were reported for Bank Mandiri (Indonesia) and PayPal accounts.+1
  • Retail & Services: Alleged breaches included Lidl customer accounts , AirdropAlert b.v , and a massive 60-million-line database from Koinly.+2
  • Infrastructure: A significant leak of 340 GB of internal files from axyon.eu allegedly impacted major French organizations like Bouygues, EDF, and Engie.

Conclusion

The data from January 5, 2026, illustrates a volatile cyber threat environment. The simultaneous activity of the LYNX and Sinobi ransomware groups suggests a coordinated or highly opportunistic surge in extortion attempts targeting Western infrastructure and healthcare.

Furthermore, the exposure of military schematics (US Navy and Russian C70) and government databases (Israel and Thailand) points to a persistent espionage threat alongside financial cybercrime. Finally, the widespread availability of “initial access” to industrial control systems and e-commerce backends indicates that threat actors are successfully bypassing perimeter defenses, creating a ready-made market for secondary attacks.

Detected Incidents Draft Data

  1. Alleged Sale of Russian C70 Stealth Documents
    Category: Data Breach
    Content: Threat Actor claims to be selling documents allegedly related to the Russian C70 stealth.
    Date: 2026-01-05T22:36:40Z
    Network: openweb
    Published URL: https://leakbase.la/threads/russ1an-c70-stealth-documents-f0r-sa1e-just-dm.47976/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7534e95d-5611-4304-83c1-bf090a4d30f1.png
    Threat Actors: Frenshyny69
    Victim Country: Russia
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  2. Alleged Data Leak of Business Databases from Multiple Countries
    Category: Data Breach
    Content: Threat Actor claims to have leaked business databases from multiple countries, including Switzerland, Belgium, and Germany, containing approximately 300,000 lines of data with fields such as full names, email addresses, company descriptions, and job titles.
    Date: 2026-01-05T22:31:47Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/273214/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7a71b60e-e49d-4a8c-9647-1dcb087a327e.png
    Threat Actors: kimald
    Victim Country: Switzerland
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  3. Alleged Data Leak of 1.3 Million Mobile Numbers from Multiple Countries
    Category: Data Breach
    Content: Threat Actor claims to have leaked 1.3 million mobile numbers from multiple countries including Singapore, Sweden, Vietnam, Indonesia and Belgium.
    Date: 2026-01-05T22:25:23Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/273212/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/95b4b26d-d346-4f79-947b-9222f344055d.png
    Threat Actors: kimald
    Victim Country: Singapore
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  4. Alleged data leak of Thailand passport information
    Category: Data Breach
    Content: The group claims to have leaked multiple sets of passports from Thailand
    Date: 2026-01-05T22:23:10Z
    Network: telegram
    Published URL: https://t.me/ntsec4real/72
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1be20234-b8f7-46c8-bf53-3ba28a3d132d.png
    Threat Actors: NTSEC
    Victim Country: Thailand
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  5. Alleged data leak of Israel Ministry of Defence
    Category: Data Breach
    Content: The group claims to have leaked partnership documents, shelters, ID , passport, driving cards , secret documents, maps , plans from the Israel’s ministry of defence
    Date: 2026-01-05T22:04:42Z
    Network: telegram
    Published URL: https://t.me/c/2878397916/363
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/93949ee9-63c4-499c-973b-7568fc15ff94.jpg
    Threat Actors: Hider_Nex
    Victim Country: Israel
    Victim Industry: Government Administration
    Victim Organization: israel ministry of defence
    Victim Site: mod.gov.il
  6. Alleged Sale of Unauthorized Admin Panel Access to a Laravel-Based Online Shop in Ireland
    Category: Initial Access
    Content: Threat Actor claims to be selling unauthorized administrative access to a Laravel-Based online shop in Ireland. The access allegedly provides control over the store’s admin panel without server-level shell access.
    Date: 2026-01-05T20:27:14Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/273203/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/183bdabe-e22b-4a64-b065-e098c393cb4a.png
    https://d34iuop8pidsy8.cloudfront.net/dac783ea-089b-44cb-b16c-acbf525e54d9.png
    Threat Actors: Razvedos
    Victim Country: Ireland
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  7. Alleged data sale of Bank Mandiri
    Category: Data Breach
    Content: The threat actor leaked data from Bank Mandiri Indonesia exposed a CSV database containing approximately 18,118 records. The leaked data reportedly includes customer-related information such as full names, email addresses, phone numbers, account or user classifications, bank identifiers, and transactions.
    Date: 2026-01-05T19:41:18Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-www-bankmandiri-co-id
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/615e9819-a2ca-44a5-b892-c10cebdc09a6.png
    Threat Actors: Hoover
    Victim Country: Indonesia
    Victim Industry: Financial Services
    Victim Organization: bank mandiri
    Victim Site: bankmandiri.co.id
  8. Alleged sale of data from AirdropAlert b.v
    Category: Data Breach
    Content: The threat actor claims to have leaked data from AirdropAlert b.v . which includes user account details such as usernames, email addresses, wallet-related identifiers, IP addresses, and activity or subscription records linked to cryptocurrency airdrop participation.
    Date: 2026-01-05T19:30:48Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-Airdropalert-com
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a83cd938-2099-4076-9ef6-6d2b04cbfd63.png
    Threat Actors: Hoover
    Victim Country: Netherlands
    Victim Industry: Marketing, Advertising & Sales
    Victim Organization: airdropalert b.v
    Victim Site: airdropalert.com
  9. Alleged leak of card data from an unidentified bank in Israel
    Category: Data Breach
    Content: The group claims to have leaked holder names, bank names, SSN-equivalent identifiers, dates of birth, full residential details such as address, city, state, ZIP code, country, email addresses and phone numbers, along with payment card data including card class and type, card numbers, CVV and expiration details
    Date: 2026-01-05T18:58:09Z
    Network: telegram
    Published URL: https://t.me/AssasinCode/62
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/918c7d5e-60b0-46d9-b03c-e9bc1379ed42.jpg
    Threat Actors: AssasinCode
    Victim Country: Israel
    Victim Industry: Banking & Mortgage
    Victim Organization: Unknown
    Victim Site: Unknown
  10. Alleged Data Leak of Arleigh Burke-class DDG 52-78
    Category: Data Breach
    Content: Threat Actor claims to have leaked documents allegedly associated with the U.S. Navy’s Arleigh Burke-class guided-missile destroyers (DDG-52 to DDG-78), including torpedo blueprints.
    Date: 2026-01-05T18:43:11Z
    Network: openweb
    Published URL: https://fuckforums.lol/showthread.php?tid=80
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/53866d06-7bcf-4915-8bb9-8a5abb56f9b4.png
    https://d34iuop8pidsy8.cloudfront.net/287bcd43-19e6-41d4-ab59-8125e2877738.png
    Threat Actors: jrintel
    Victim Country: USA
    Victim Industry: Defense & Space
    Victim Organization: Unknown
    Victim Site: Unknown
  11. Alleged data leak of Thailand citizen ID cards
    Category: Data Breach
    Content: The group claims to have leaked ID card information belonging to Thailand citizens, including full name, address, phone number, ID card number, gender, and date of birth.

NB: Authenticity of the claim is yet to be verified.
Date: 2026-01-05T18:31:12Z
Network: telegram
Published URL: https://t.me/ntsec4real/71
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e2d9c829-17c3-416d-8443-dfb683a3d0cd.png
Threat Actors: NTSEC
Victim Country: Thailand
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown

  1. HellR00ters Team targets the website of Militar Plus
    Category: Defacement
    Content: The group claims to have defaced the website of Militar Plus
    Date: 2026-01-05T18:05:37Z
    Network: telegram
    Published URL: https://t.me/c/2758066065/778
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/acfbeb42-cc47-4f83-bd66-1a56aa05b102.png
    Threat Actors: HellR00ters Team
    Victim Country: Spain
    Victim Industry: Information Services
    Victim Organization: militar plus
    Victim Site: militarplus.com
  2. Alleged data breach of Lidl
    Category: Data Breach
    Content: A threat actor claims to be selling a small set of Lidl customer accounts. which include login credentials or associated email addresses.
    Date: 2026-01-05T17:56:50Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-x149-Lidl-accounts
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c0dd313e-c9a4-4050-bbb4-f6d6c0fc8f59.png
    Threat Actors: kzkz
    Victim Country: France
    Victim Industry: Retail Industry
    Victim Organization: lidl
    Victim Site: lidl.fr
  3. Alleged Sale of Unauthorized Shell and Admin Access to an Online PrestaShop Store in France
    Category: Initial Access
    Content: Threat Actor claims to be selling unauthorized shell access and admin access to an online prestashop store in France, which includes full administrative control and server-level shell access.
    Date: 2026-01-05T17:53:20Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273187/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/65666e0c-f9a5-4394-9e86-6c9a0e4a002e.png
    Threat Actors: cobenotow
    Victim Country: France
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  4. Alleged data breach of Fédération Française de Handball
    Category: Data Breach
    Content: A threat actor claims to be selling a database allegedly from the Fédération Française de Handball. The leaked data include national identity cards, photographs, signed documents, and birth certificates.
    Date: 2026-01-05T17:50:06Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-FR-FFHANDBALL-CNI-PICTURE
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/dcbeb6b5-b18b-4d7a-a30b-6dd9f2fd21c5.png
    Threat Actors: DumpSec
    Victim Country: France
    Victim Industry: Sports
    Victim Organization: fédération française de handball
    Victim Site: ffhandball.fr
  5. CEIVA Logic falls victim to CHAOS ransomware
    Category: Ransomware
    Content: Group claims to have obtained 1000 GB of organization’s data.
    Date: 2026-01-05T17:50:03Z
    Network: tor
    Published URL: http://hptqq2o2qjva7lcaaq67w36jihzivkaitkexorauw7b2yul2z6zozpqd.onion/jw9jezQtUmi035C1bsqfW5xjC1i29MMW/ceiva-logic
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/0e1828f3-872a-4b7f-a5da-3fa334e06b7b.png
    Threat Actors: CHAOS
    Victim Country: USA
    Victim Industry: Electrical & Electronic Manufacturing
    Victim Organization: ceiva logic
    Victim Site: ceiva.com
  6. Alleged Sale of Unauthorized Admin and Shell Access to an Unidentified WordPress Shop in Greece
    Category: Initial Access
    Content: Threat Actor claims to be selling unauthorized admin access and shell access to an unidentified WordPress shop in Greece.
    Date: 2026-01-05T17:48:45Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273195/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d9795a1b-4116-4987-ab7d-d3e5e041ffaf.png
    Threat Actors: Shopify
    Victim Country: Greece
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  7. Purcell | Everett Architects falls victim to Akira Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 30 GB of organisation’s data, the compromised information includes employee information, project files, financials, contracts and agreements, customers information and so on.
    Date: 2026-01-05T17:36:42Z
    Network: tor
    Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1899d3ea-4224-4d6b-b24d-de02d2b3bcda.png
    Threat Actors: akira
    Victim Country: USA
    Victim Industry: Architecture & Planning
    Victim Organization: purcell | everett architects
    Victim Site: purcelleverett.com
  8. Alleged data breach of Fédération Française de Cyclisme (FFC)
    Category: Data Breach
    Content: A threat actor claims to be selling a database allegedly from the Fédération Française de Cyclisme (FFC). The leaked data include highly sensitive personal and identity documents such as national identity cards, photographs, signed documents, birth certificates, and related records.
    Date: 2026-01-05T17:33:19Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-FR-FFC-CNI-PICTURE
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/951eefa2-ec71-4870-81cf-a8b9ab4e9dc2.png
    Threat Actors: DumpSec
    Victim Country: France
    Victim Industry: Sports
    Victim Organization: fédération française de cyclisme (ffc)
    Victim Site: ffc.fr
  9. Gebrüder Bagusat GmbH & Co. KG falls victim to Akira Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 20 GB of organisation’s data, the compromised information includes Project fiLes, financials, contracts and agreements, customers and partners information and so on.
    Date: 2026-01-05T17:18:06Z
    Network: tor
    Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/df3abe24-1c11-491b-86b0-c375da1a6102.png
    Threat Actors: akira
    Victim Country: Germany
    Victim Industry: Food & Beverages
    Victim Organization: gebrüder bagusat gmbh & co. kg
    Victim Site: bagusat.com
  10. Regis Resources falls victim to LYNX Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2026-01-05T16:59:22Z
    Network: tor
    Published URL: http://lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion/leaks/695bd5a39c439c5f45678a51
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a0e2a985-4513-48ca-b26e-f9804c6faa2d.png
    https://d34iuop8pidsy8.cloudfront.net/80340982-211c-4f61-a4bd-6f0efbf81d7b.png
    Threat Actors: LYNX
    Victim Country: Australia
    Victim Industry: Mining/Metals
    Victim Organization: regis resources
    Victim Site: mcphillamysgold.com
  11. Ville de Dunkerque falls victim to LYNX Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2026-01-05T16:50:31Z
    Network: tor
    Published URL: http://lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion/leaks/695bd8959c439c5f4567b5ec
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3824e57c-95f8-4dbc-a5d7-fe2f015a03ef.png
    Threat Actors: LYNX
    Victim Country: France
    Victim Industry: Government Administration
    Victim Organization: ville de dunkerque
    Victim Site: ville-dunkerque.fr
  12. St Joseph’s College Echuca falls victim to LYNX Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2026-01-05T16:43:23Z
    Network: tor
    Published URL: http://lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion/leaks/695bd7b69c439c5f4567a8a1
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ebe7b696-e070-45a5-a072-fdf755f964d8.png
    Threat Actors: LYNX
    Victim Country: Australia
    Victim Industry: Education
    Victim Organization: st joseph’s college echuca
    Victim Site: sje.vic.edu.au
  13. GRANOS Y CEREALES DE COLOMBIA S.A falls victim to LYNX Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2026-01-05T16:39:10Z
    Network: tor
    Published URL: http://lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion/leaks/695bd8109c439c5f4567acee
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/4a69d244-ae56-4456-928b-c37b5d42a5cf.png
    Threat Actors: LYNX
    Victim Country: Colombia
    Victim Industry: Food & Beverages
    Victim Organization: granos y cereales de colombia s.a
    Victim Site: granosycereales.com.co
  14. Alleged data breach of DCECONSEIL
    Category: Data Breach
    Content: A threat actor claims to be selling approximately 844 GB of internal data allegedly obtained from dceconseil. The exposed data consists primarily of project and client-related files organized by orders rather than individual clients.
    Date: 2026-01-05T16:38:35Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-dceconseil-fr-844GB-Hermes-Dalkia-Sodexo-Lidl-files
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b1035e43-80dc-48ea-acde-a2941326f3ee.png
    Threat Actors: Angel_Batista
    Victim Country: France
    Victim Industry: Professional Services
    Victim Organization: dceconseil
    Victim Site: dceconseil.fr
  15. Tecno Electric Paraguay falls victim to LYNX Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2026-01-05T16:35:07Z
    Network: tor
    Published URL: http://lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion/leaks/695bd7549c439c5f4567a485
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/4003384c-1ba6-4dd8-829e-a7cb513c590e.png
    Threat Actors: LYNX
    Victim Country: Paraguay
    Victim Industry: Electrical & Electronic Manufacturing
    Victim Organization: tecno electric paraguay
    Victim Site: tecnoelectric.com.py
  16. Burdette Dental Lab, Inc., CDL falls victim to LYNX Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2026-01-05T16:20:44Z
    Network: tor
    Published URL: http://lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion/leaks/695bd6b49c439c5f45679c71
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9658230e-9cb6-40a6-9d19-e8433ea0dde3.png
    Threat Actors: LYNX
    Victim Country: USA
    Victim Industry: Health & Fitness
    Victim Organization: burdette dental lab, inc., cdl
    Victim Site: burdettedental.com
  17. Marine Systems Corporation falls victim to LYNX Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2026-01-05T16:13:01Z
    Network: tor
    Published URL: http://lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion/leaks/695bd6209c439c5f45679273
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/519af51e-61b0-489c-bc76-bab3307c3d83.png
    Threat Actors: LYNX
    Victim Country: USA
    Victim Industry: Maritime
    Victim Organization: marine systems corporation
    Victim Site: mscorp.net
  18. Crawford Orthodontics falls victim to LYNX Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2026-01-05T15:58:57Z
    Network: tor
    Published URL: http://lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion/leaks/695bd4159c439c5f456773fd
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/24d1dee3-a54e-4437-8558-55355233cca2.png
    Threat Actors: LYNX
    Victim Country: USA
    Victim Industry: Hospital & Health Care
    Victim Organization: crawford orthodontics
    Victim Site: crawfordorthodontics.net
  19. St. Charles Preparatory School falls victim to LYNX Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2026-01-05T15:58:22Z
    Network: tor
    Published URL: http://lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion/leaks/695bd4bf9c439c5f45677f44
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/bc2ef97a-b2cb-4393-a7d5-22642b6ce75c.png
    Threat Actors: LYNX
    Victim Country: USA
    Victim Industry: Education
    Victim Organization: st. charles preparatory school
    Victim Site: stcharlesprep.org
  20. Black Dog Salvage falls victim to LYNX Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2026-01-05T15:44:42Z
    Network: tor
    Published URL: http://lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion/leaks/695bd3719c439c5f45676c45
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9cfea1fe-2034-4531-ac89-bfec6adcae71.png
    Threat Actors: LYNX
    Victim Country: USA
    Victim Industry: Retail Industry
    Victim Organization: black dog salvage
    Victim Site: blackdogsalvage.com
  21. Alleged data breach of Learnable
    Category: Data Breach
    Content: The threat actor claims to have leaked dataset containing approximately 187,040 Learnable.com user credentials, consisting of email and password combinations
    Date: 2026-01-05T15:32:14Z
    Network: openweb
    Published URL: https://xss.pro/threads/145190/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d9caf90e-84cd-41df-8b3a-80784cde6d46.png
    Threat Actors: moonshine
    Victim Country: Australia
    Victim Industry: Information Technology (IT) Services
    Victim Organization: learnable
    Victim Site: learnable.com
  22. Alleged admin access to University of Connecticut’s Emergency Alert System
    Category: Initial Access
    Content: The group claims to have gained unauthorized admin access to University of Connecticut’s Emergency Alert System
    Date: 2026-01-05T15:06:16Z
    Network: telegram
    Published URL: https://t.me/SIapanamaLU/649
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/00f2f9da-16d7-4f7e-8be2-db7ad653d58b.jpg
    Threat Actors: ZenXPloit
    Victim Country: USA
    Victim Industry: Higher Education/Acadamia
    Victim Organization: university of connecticut
    Victim Site: alert.uconn.edu/admin/login
  23. Lewis Bear Company falls victim to Akira Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organisation’s data, the compromised information includes Employee scanned documents, HR files, projects and more.
    Date: 2026-01-05T14:49:32Z
    Network: tor
    Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d2d45689-cceb-4132-92a9-7363b615d312.JPG
    Threat Actors: akira
    Victim Country: USA
    Victim Industry: Food & Beverages
    Victim Organization: lewis bear company
    Victim Site: lewisbearcompany.com
  24. KSL Ingenieure AG falls victim to Akira Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 17 GBof organization’s data, the compromised information includes Confidential project files, employee scanned documents (DLs, passports and other files), HR files, projects, agreements, detailed financial, customers and partners information and so on.
    Date: 2026-01-05T14:45:39Z
    Network: tor
    Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/0662deb1-6c18-4820-8c52-6ad176f7a424.png
    Threat Actors: akira
    Victim Country: Switzerland
    Victim Industry: Architecture & Planning
    Victim Organization: ksl ingenieure ag
    Victim Site: ksl-ing.ch
  25. Posillico Inc. falls victim to Akira Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 1 TB of organization’s data, the compromised information includes SQL databases containing employee personal data, project details, contracts and agreements, financial records, and insurance-related documents.
    Date: 2026-01-05T14:25:07Z
    Network: tor
    Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/22d4b20a-abc8-4396-9856-92618a8c347b.jpeg
    Threat Actors: akira
    Victim Country: USA
    Victim Industry: Building and construction
    Victim Organization: posillico inc.
    Victim Site: posillicoinc.com
  26. Alleged leak of login credentials of Ministry of Education, Youth and Sports
    Category: Data Breach
    Content: The group claims to have leaked login credentials of Ministry of Education, Youth and Sports.
    Date: 2026-01-05T14:12:38Z
    Network: telegram
    Published URL: https://t.me/thsecthailand/178
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/fc205c74-ceec-4515-a273-247d40bd0ecc.png
    https://d34iuop8pidsy8.cloudfront.net/94046523-4ab3-4a6e-a550-cdb2f36b4c49.png
    Threat Actors: THSEC
    Victim Country: Cambodia
    Victim Industry: Government Administration
    Victim Organization: ministry of education, youth and sports
    Victim Site: sis.moeys.gov.kh
  27. Alleged data breach of French Cycling Federation
    Category: Data Breach
    Content: The threat actor claims to have breached 800.000 lines of data of French Cycling Federation, Allegedly including Files ID, Surname, First name, Date_of_birth, Gender, Email, Address, Additional_address, Postcode, Town, Country and more
    Date: 2026-01-05T14:03:47Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-FR-FFC-CNI-PICTURE
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f2cb8fc9-8337-49bb-bc28-92497a35bd35.JPG
    https://d34iuop8pidsy8.cloudfront.net/eb81e09d-0aaa-4a6d-960c-7fd06eb8403d.JPG
    Threat Actors: DumpSec
    Victim Country: France
    Victim Industry: Sports
    Victim Organization: french cycling federation
    Victim Site: ffc.fr
  28. Alleged Unauthorized Access to DHIS2 Systems
    Category: Initial Access
    Content: The group claims to have accessed DHIS2 digital health systems used by multiple countries. These platforms reportedly contain sensitive national health information, including disease surveillance data, vaccination records, and maternal health statistics.

NB : The group previously attacked other countries in December 30 2025
Date: 2026-01-05T13:57:27Z
Network: telegram
Published URL: https://t.me/c/2588114907/711
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cf9fc62a-7eec-48f0-a422-89a3b25b9b1c.jpg
Threat Actors: Keymous Plus
Victim Country: Mozambique
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown

  1. Alleged Unauthorized Access to the Webareal
    Category: Initial Access
    Content: The group claims to have accessed the administrative and server infrastructure of the webareal.sk e-commerce and website-builder platform, reportedly obtaining control over the admin dashboard and live production environment.
    Date: 2026-01-05T13:50:18Z
    Network: telegram
    Published URL: https://t.me/neffex_the_blackhat/70
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d0a6aac5-e674-47a6-a570-39f43c12a24d.png
    https://d34iuop8pidsy8.cloudfront.net/5d63fcf2-173c-4dfa-ba0a-d9cce0b8c5a6.png
    Threat Actors: Neffex THe BlackHat
    Victim Country: Czech Republic
    Victim Industry: Software Development
    Victim Organization: webareal
    Victim Site: webareal.sk
  2. FastAttacker targets the website of Arian Novin
    Category: Ransomware
    Content: Proof of downtime: https://check-host.net/check-report/36465aa4k604
    Date: 2026-01-05T13:42:14Z
    Network: telegram
    Published URL: https://t.me/FastAttackerOrg/29?single
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8b9d0733-3ae9-41a8-bb63-aec1fb024ac5.png
    https://d34iuop8pidsy8.cloudfront.net/c84b8e6d-a906-49a4-96c9-4c009791e493.png
    Threat Actors: FastAttacker
    Victim Country: Iran
    Victim Industry: Software Development
    Victim Organization: arian novin
    Victim Site: arian.co.ir
  3. Alleged data sale of FFHandball
    Category: Data Breach
    Content: The threat actor claims to be selling 5 million records from FFHandball, allegedly containing names, contact details, addresses, national identity cards, and other sensitive information.
    Date: 2026-01-05T13:41:32Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-FR-FFHANDBALL-CNI-PICTURE
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/5453e097-943d-46ac-b668-7581d71fd8b7.png
    Threat Actors: DumpSec
    Victim Country: France
    Victim Industry: Sports
    Victim Organization: ffhandball
    Victim Site: ffhandball.fr
  4. Triad Packaging, Inc. falls victim to Nova Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 102 GB of the organization’s data. The compromised data reportedly includes internal documents, financial records, and customer information, and the group intends to publish the data within one day.
    Date: 2026-01-05T13:07:20Z
    Network: tor
    Published URL: http://sicarilxx2br6esqnhad4w26bcgb5j2snbbnhyo4b6t7kby2oy4x3jad.onion/blog.php
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/47c917a3-a177-4393-aede-d47077cf78f7.jpg
    Threat Actors: The Sicari Knife
    Victim Country: USA
    Victim Industry: Manufacturing
    Victim Organization: triad packaging, inc.
    Victim Site: triadpack.com
  5. Alleged data breach of Ministère de l’Agriculture et de la Souveraineté alimentaire
    Category: Data Breach
    Content: The group claims to have breached 3.4 Thousand files of data of Ministry of Agriculture and Food Sovereignty .

Note: it was previously breached by the threat actor ‘LAPSUS$ GROUP.’ on Dec 29 2025
Date: 2026-01-05T12:41:25Z
Network: openweb
Published URL: https://breachforums.bf/Thread-FR-FTP-agri-gouv-fr-3-4K-Files
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/85918fb1-15c0-4017-9796-bcf0e3fe8838.JPG
https://d34iuop8pidsy8.cloudfront.net/62dcae94-e857-49c4-b277-6f222a2d010b.JPG
Threat Actors: HexDex2
Victim Country: France
Victim Industry: Government Administration
Victim Organization: ministry of agriculture and food sovereignty
Victim Site: agriculture.gouv.fr

  1. Alleged unauthorized access to host21.server.ae
    Category: Initial Access
    Content: Threat actor claims to have leaked unauthorized Cpanel access to host21.server.ae.
    Date: 2026-01-05T12:40:03Z
    Network: openweb
    Published URL: https://xforums.st/threads/host21-server-ae-cpanel-login.458925/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a968a225-9468-4a72-a864-98b2ac10d090.png
    Threat Actors: X Forum Bot
    Victim Country: UAE
    Victim Industry: Unknown
    Victim Organization: host21.server.ae
    Victim Site: host21.server.ae
  2. Pinoy XploitSec targets the website of Provat Corporate Services
    Category: Defacement
    Content: The group claims to have defaced the website of Provat Corporate Services.
    Date: 2026-01-05T12:38:35Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/223741
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c7a76f5e-110c-470b-8163-837b4aa9099a.png
    Threat Actors: Pinoy XploitSec
    Victim Country: UAE
    Victim Industry: Financial Services
    Victim Organization: provat corporate services
    Victim Site: provatcorporates.ae
  3. Alleged unauthorized admin access to Future Empire
    Category: Initial Access
    Content: Threat actor claims to have leaked the WordPress admin access to Future Empire.
    Date: 2026-01-05T12:33:52Z
    Network: openweb
    Published URL: https://xforums.st/threads/www-futureempire-ae-admin-wp-login.459143/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3e64e809-435e-4823-9147-0dd8443c00ea.png
    Threat Actors: X Forum Bot
    Victim Country: UAE
    Victim Industry: Real Estate
    Victim Organization: future empire
    Victim Site: futureempire.ae
  4. 0xteam targets the website of Avance
    Category: Defacement
    Content: Group claims to have defaced the website of Avance.
    Date: 2026-01-05T12:24:23Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/223665
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f1ff7043-8b18-4719-a1a3-dc99dead807a.png
    Threat Actors: 0xteam
    Victim Country: UAE
    Victim Industry: Automotive
    Victim Organization: avance
    Victim Site: avance.ae
  5. Alleged unauthorized access to JEONNAM TECHNOPARK
    Category: Initial Access
    Content: The threat actor claims to have gained unauthorized access to an industrial control and monitoring system operated by Jeonnam Techno Park in South Korea, allowing real-time monitoring and management of factory production equipment. The access reportedly enabled control over operational modules, visibility into machine status, productivity data, fault logs, and production reports, as well as the ability to modify network settings and manage equipment operations.
    Date: 2026-01-05T12:16:23Z
    Network: telegram
    Published URL: https://t.me/n2LP_wVf79c2YzM0/3150
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8a7c80e5-1e96-47fc-a6ba-f582da41e74f.jpg
    https://d34iuop8pidsy8.cloudfront.net/ebe31509-d14d-47e2-8b50-c99dad226aea.jpg
    https://d34iuop8pidsy8.cloudfront.net/a4e554ff-a770-4afa-bc6b-cf507a354e5b.jpg
    https://d34iuop8pidsy8.cloudfront.net/b6fdfee1-8ae1-4543-bc93-5f3b4e27623e.jpg
    Threat Actors: Infrastructure Destruction Squad
    Victim Country: South Korea
    Victim Industry: Research Industry
    Victim Organization: jeonnam technopark
    Victim Site: jntp.or.kr
  6. Alleged leak of login access to South Korean girl’s system
    Category: Initial Access
    Content: The group claims to have gained login access to South Korean girl’s system
    Date: 2026-01-05T12:07:01Z
    Network: telegram
    Published URL: https://t.me/n2LP_wVf79c2YzM0/3160
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/123c686e-73d0-47ea-a0df-33aec012e14b.JPG
    Threat Actors: Infrastructure Destruction Squad
    Victim Country: South Korea
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  7. Alleged Unauthorized Access to the industrial boiler and screw feeder control system
    Category: Initial Access
    Content: The threat actor claims to have gained unauthorized access to the industrial boiler and screw feeder control system operated by MPAC Automation & Controls, demonstrating full visibility and control over operational parameters such as temperature, pressure, fuel supply, feed rates, scheduling, startup/shutdown functions, alarms, and emergency controls used in industrial environments in the United Kingdom.
    Date: 2026-01-05T11:39:40Z
    Network: telegram
    Published URL: https://t.me/c/2787466017/1468
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e2d932ad-1a9c-44c1-9d91-406d9c09d3ef.png
    Threat Actors: NoName057(16)
    Victim Country: UK
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  8. Saplog Logistic and Transport falls victim to Nova Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 700 GB of the organization’s data and intends to publish them within 15-16 days.
    Date: 2026-01-05T11:20:45Z
    Network: tor
    Published URL: http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a1050d6b-dc46-46fb-b648-97783148c7b0.jpg
    Threat Actors: Nova
    Victim Country: Italy
    Victim Industry: Transportation & Logistics
    Victim Organization: saplog logistic and transport
    Victim Site: saplog.eu
  9. Alleged unauthorized access to Aeris Technologies
    Category: Initial Access
    Content: The threat actor claims to have gained unauthorized access to the control and monitoring system of high-precision gas analysis equipment from Aeris Technologies, Inc, demonstrating real-time gas concentration readings, spectral analysis data, calibration controls, system parameters, and full configuration capabilities, including firmware updates and hardware control.
    Date: 2026-01-05T10:54:22Z
    Network: telegram
    Published URL: https://t.me/zpentestalliance/918
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f74ed95a-16bb-4951-bb5a-0c702fdc24e1.png
    Threat Actors: Z-PENTEST ALLIANCE
    Victim Country: USA
    Victim Industry: Manufacturing
    Victim Organization: aeris technologies
    Victim Site: aerissensors.com
  10. Alleged data breach of Basij Construction Organization
    Category: Data Breach
    Content: The group claims to have gained unauthorized access to the internal systems of the Basij Construction Organization. According to the attackers, the operation exposed structural weaknesses and significant cybersecurity vulnerabilities within government-linked digital networks and was intended as a warning, with further details to be released soon.

NB: The authenticity of the claim is yet to be verified.
Date: 2026-01-05T10:50:37Z
Network: telegram
Published URL: https://t.me/H3xV0id_Official/454
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c7c5b0c2-3357-427f-80f6-b3180fff8b86.png
https://d34iuop8pidsy8.cloudfront.net/b77faffa-8d96-457d-817d-7f30ee2637cf.png
Threat Actors: H3xV0id
Victim Country: Iran
Victim Industry: Government Administration
Victim Organization: basij construction organization
Victim Site: Unknown

  1. Alleged data breach of Council for the Development of Cambodia
    Category: Data Breach
    Content: The group claims to have defaced and breached data of Council for the Development of Cambodia
    Date: 2026-01-05T10:25:35Z
    Network: telegram
    Published URL: https://t.me/BlackEyeThai/79
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b743a70e-a445-4aeb-a8e6-24809ce78176.JPG
    Threat Actors: BlackEye-Thai
    Victim Country: Cambodia
    Victim Industry: Government Administration
    Victim Organization: council for the development of cambodia
    Victim Site: oda.cdc.gov.kh
  2. Alleged leak of Malaysian citizen’s id card data
    Category: Data Breach
    Content: The group claims to have leaked a database allegedly containing personal information of individuals in Malaysia , including names, email addresses, and phone numbers.
    Date: 2026-01-05T10:07:22Z
    Network: telegram
    Published URL: https://t.me/bjorkaspirit/228
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/dd5b0773-8742-45af-81e9-b8076b7bac12.jpg
    https://d34iuop8pidsy8.cloudfront.net/4db5bc56-8658-4dcf-94d6-f1520955e2f9.jpg
    Threat Actors: Bjorkanism
    Victim Country: Malaysia
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  3. Alleged leak of PayPal accounts
    Category: Data Breach
    Content: The group claims to have leaked data from PayPal.
    Date: 2026-01-05T10:02:32Z
    Network: telegram
    Published URL: https://t.me/c/2932498194/274
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6149de3b-3a6f-4386-a777-54c2a123c50f.png
    Threat Actors: V FOR VENDETTA CYBER TEAM
    Victim Country: USA
    Victim Industry: Financial Services
    Victim Organization: paypal
    Victim Site: paypal.com
  4. South West Development Commission falls victim to LYNX Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2026-01-05T09:58:49Z
    Network: tor
    Published URL: http://lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion/leaks/695b84049c439c5f456277f7
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/5f31b943-4ead-4469-add0-b8b64b0d63d5.jpg
    Threat Actors: LYNX
    Victim Country: Australia
    Victim Industry: Government Administration
    Victim Organization: south west development commission
    Victim Site: swdc.wa.gov.au
  5. Laurysen Kitchens Ltd. falls victim to LYNX Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2026-01-05T09:49:00Z
    Network: tor
    Published URL: http://lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion/leaks/695b84969c439c5f4562824c
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f31c8d64-42d3-4825-9a67-2dece7469e35.JPG
    Threat Actors: LYNX
    Victim Country: Canada
    Victim Industry: Design
    Victim Organization: laurysen kitchens ltd.
    Victim Site: laurysenkitchens.com
  6. Salcom (Sea Air & Land Communications Ltd) falls victim to LYNX Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2026-01-05T09:40:05Z
    Network: tor
    Published URL: http://lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion/leaks/695b82d19c439c5f45626089
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e0442ff3-507e-42a1-b6a9-10329ab2a5c9.jpg
    Threat Actors: LYNX
    Victim Country: New Zealand
    Victim Industry: Electrical & Electronic Manufacturing
    Victim Organization: salcom (sea air & land communications ltd)
    Victim Site: salcom.com
  7. Kidd’s Restoration and Cleaning Services falls victim to LYNX Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2026-01-05T09:37:11Z
    Network: tor
    Published URL: http://lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion/leaks/695b78139c439c5f4561ad1a
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d524e66b-7e9c-4a5c-9dd2-6fe014efed2b.png
    Threat Actors: LYNX
    Victim Country: USA
    Victim Industry: Consumer Services
    Victim Organization: kidd’s restoration and cleaning services
    Victim Site: kiddsservices.com
  8. Hartford falls victim to LYNX Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2026-01-05T09:32:31Z
    Network: tor
    Published URL: http://lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion/leaks/695b79289c439c5f4561be6c
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/83aa5170-6767-4688-81a4-7e5b85649c4d.jpg
    Threat Actors: LYNX
    Victim Country: France
    Victim Industry: Business Supplies & Equipment
    Victim Organization: hartford
    Victim Site: hartford.fr
  9. WILD BUNCH falls victim to LYNX Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organisations data.
    Date: 2026-01-05T09:30:40Z
    Network: tor
    Published URL: http://lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion/leaks/695b77869c439c5f4561a0b8
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e0f03fd3-2e93-49aa-aebe-69a1b5f776c0.JPG
    Threat Actors: LYNX
    Victim Country: France
    Victim Industry: Motion Pictures & Film
    Victim Organization: wild bunch
    Victim Site: wildbunchdistribution.com
  10. Braemac falls victim to LYNX Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2026-01-05T09:27:22Z
    Network: tor
    Published URL: http://lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion/leaks/695b76dd9c439c5f4561984d
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/0b04a86a-6cc8-4a7f-b43a-111dab0a0352.jpg
    Threat Actors: LYNX
    Victim Country: Australia
    Victim Industry: Electrical & Electronic Manufacturing
    Victim Organization: braemac
    Victim Site: braemac.com
  11. City of Milton Florida falls victim to LYNX Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2026-01-05T09:26:19Z
    Network: tor
    Published URL: http://lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion/leaks/695b764f9c439c5f45618e49
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/bfc6f5d9-70da-4634-89e4-9427057ce493.jpg
    Threat Actors: LYNX
    Victim Country: USA
    Victim Industry: Government Administration
    Victim Organization: city of milton florida
    Victim Site: miltonfl.org
  12. Groupecho Canada Inc. falls victim to LYNX Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2026-01-05T09:22:03Z
    Network: tor
    Published URL: http://lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion/leaks/695b79b19c439c5f4561c99b
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/98b614f7-28dc-4a70-bfdf-86a3b8534ad9.jpg
    Threat Actors: LYNX
    Victim Country: Canada
    Victim Industry: Financial Services
    Victim Organization: groupecho canada inc.
    Victim Site: groupecho.com
  13. Alleged unauthorized access to Jeonnam Technopark
    Category: Initial Access
    Content: The group claims to have gained access to Jeonnam Technopark.
    Date: 2026-01-05T08:55:38Z
    Network: telegram
    Published URL: https://t.me/n2LP_wVf79c2YzM0/3147
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6770d616-59e0-466d-84cd-e176d06670d5.png
    Threat Actors: Infrastructure Destruction Squad
    Victim Country: South Korea
    Victim Industry: Business and Economic Development
    Victim Organization: jeonnam technopark
    Victim Site: jntp.or.kr
  14. FastAttacker claims to target Iran
    Category: Alert
    Content: A recent post by the group indicates that they are targeting Iran.
    Date: 2026-01-05T08:48:16Z
    Network: telegram
    Published URL: https://t.me/FastAttackerOrg/28
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d24bc5a2-c979-4a98-bb94-413dfcab6fac.jpg
    Threat Actors: FastAttacker
    Victim Country: Iran
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  15. Wesley Heating & Cooling falls victim to Sinobi Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 30 GB of the organization’s data. The compromised data reportedly includes financial data, contracts, and customer data, and the group intends to publish the data within 9–10 days.
    Date: 2026-01-05T08:46:37Z
    Network: tor
    Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/695b68cb6387a4c9a2d37cb1
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/16098b20-073e-4691-b24a-5c39e2c21a33.jpg
    https://d34iuop8pidsy8.cloudfront.net/0ee8a025-f523-43c7-9968-317d8452ac28.jpg
    Threat Actors: Sinobi
    Victim Country: USA
    Victim Industry: Mechanical or Industrial Engineering
    Victim Organization: wesley heating & cooling
    Victim Site: wesleyheating.com
  16. Alleged data breach of Koinly
    Category: Data Breach
    Content: The threat actor claims to have breached 60 million lines of Koinly.

NB: The authenticity of the claim is yet to be verified.
Date: 2026-01-05T08:45:53Z
Network: openweb
Published URL: https://breachstars.io/topic/35-mil-koinlyio-lines-database-jjpcgnh17drv
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/78280920-fbd4-489e-a67b-18fd88a88f71.JPG
Threat Actors: goodnight
Victim Country: UK
Victim Industry: Information Technology (IT) Services
Victim Organization: koinly
Victim Site: koinly.io

  1. Windward Life Care falls victim to Sinobi Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 25 GB of the organization’s data. The compromised data reportedly includes customer data, incident records, and contracts, and the group intends to publish the data within 9–10 days.
    Date: 2026-01-05T08:40:40Z
    Network: tor
    Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/695b67fa6387a4c9a2d37735
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/01de3003-965b-4766-9530-2715b20be9e2.jpg
    https://d34iuop8pidsy8.cloudfront.net/3f1e5fd5-e62c-4a86-ad58-032a28bbec59.jpg
    Threat Actors: Sinobi
    Victim Country: USA
    Victim Industry: Individual & Family Services
    Victim Organization: windward life care
    Victim Site: windwardlifecare.com
  2. Madison Area YMCA Association falls victim to LYNX Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2026-01-05T08:34:27Z
    Network: tor
    Published URL: http://lynxblogxstgzsarfyk2pvhdv45igghb4zmthnzmsipzeoduruz3xwqd.onion/leaks/695b61e49c439c5f456034c8
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/0f6b2863-97b4-4126-96c3-9634873f3d18.jpg
    Threat Actors: LYNX
    Victim Country: USA
    Victim Industry: Non-profit & Social Organizations
    Victim Organization: madison area ymca association
    Victim Site: madisonareaymca.org
  3. Alleged leak of panama citizen’s data
    Category: Data Breach
    Content: The threat actor claims to have leaked a database allegedly containing personal information of over 30,000 individuals in Panama, including names, email addresses, and phone numbers.
    Date: 2026-01-05T08:27:00Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-DB-30000-Panama-people-Name-email-Phone
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7972f8f6-0494-4727-8dea-99b265995e36.png
    Threat Actors: Hoover
    Victim Country: Panama
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  4. M&M Auto Parts falls victim to Sinobi Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 15 GB of data of the organisations data, The exposed data allegedly include Financial data, Contracts, Incidents, and the group intends to publish the data within 9 days.
    Date: 2026-01-05T08:09:06Z
    Network: tor
    Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/695b69af6387a4c9a2d3887e
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/09a767e2-8db9-4082-aab2-c4c32c26057a.JPG
    https://d34iuop8pidsy8.cloudfront.net/3cd98b3d-001f-4033-ae5b-61f383ace6ac.JPG
    Threat Actors: Sinobi
    Victim Country: USA
    Victim Industry: Automotive
    Victim Organization: m&m auto parts
    Victim Site: mmauto.com
  5. Alleged data sale of Sirena-Travel GmbH
    Category: Data Breach
    Content: The threat actor claims to be selling data from Sirena-Travel GmbH, allegedly covering records from 2012 to 2023, including airline booking and ticketing data with passenger personal and travel details related to Russia.
    Date: 2026-01-05T08:08:11Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Sirena-Travel-2023-Russia
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/952fdaf7-9247-435b-892f-b17c60a60f9b.png
    Threat Actors: Flexx
    Victim Country: Russia
    Victim Industry: Airlines & Aviation
    Victim Organization: sirena-travel gmbh
    Victim Site: sirena-travel.com
  6. American Health falls victim to Sinobi Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 50 GB of the organisations data, The exposed data allegedly include Customer’s data, Incidents, and the group intends to publish the data within 9 days.
    Date: 2026-01-05T07:58:48Z
    Network: tor
    Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/695b597f6387a4c9a2d30177
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/951ae348-fd92-4fae-bc25-ca86a4fa2146.JPG
    Threat Actors: Sinobi
    Victim Country: USA
    Victim Industry: Hospital & Health Care
    Victim Organization: american health
    Victim Site: ah-group.us
  7. Alleged leak of Russian border service data
    Category: Data Breach
    Content: The threat actor claims to be selling a database allegedly containing Russian border crossing seat sales data from 2014 to 2023, including yearly totals and unique records, with a sample of 500,000 lines available for testing.
    Date: 2026-01-05T07:57:50Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-DATABASE-Border-crossings-in-Russia-2014-2023
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3e9bb3ba-6a1e-4e15-88a5-bfc4ee90da6a.png
    Threat Actors: Flexx
    Victim Country: Russia
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  8. Harris Consulting Engineers LLC falls victim to Sinobi Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 50 GB of organization data and intend to publish within 9 – 10 days.
    Date: 2026-01-05T07:54:08Z
    Network: tor
    Published URL: http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/695b5aa36387a4c9a2d308cc
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c9fe5ce4-30d7-4414-9e07-06479f022f1b.png
    Threat Actors: Sinobi
    Victim Country: USA
    Victim Industry: Mechanical or Industrial Engineering
    Victim Organization: harris consulting engineers llc
    Victim Site: harrisengineers.com
  9. NLFX Professional falls victim to Sinobi Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2026-01-05T07:53:45Z
    Network: tor
    Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/695b53a66387a4c9a2d2d327
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6d01c51b-7753-480c-9a7f-ab717e544f75.jpg
    Threat Actors: Sinobi
    Victim Country: USA
    Victim Industry: Events Services
    Victim Organization: nlfx professional
    Victim Site: nlfxpro.com
  10. SVA and Mobile Technology of Spain, SL falls victim to Sinobi Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 50 GB of the organization’s data. The compromised data reportedly includes financial data and customer data, and the group intends to publish the data within 3–4 days.
    Date: 2026-01-05T07:53:41Z
    Network: tor
    Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/695b572d6387a4c9a2d2f4a2
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3af772bb-632a-472a-a5f9-4a72f372c7d8.jpg
    Threat Actors: Sinobi
    Victim Country: Spain
    Victim Industry: Broadcast Media
    Victim Organization: sva and mobile technology of spain, sl
    Victim Site: svaytecnosp.com
  11. LAMPIRE Biological Laboratories, Inc. falls victim to Sinobi Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 100 GB of the organization’s data. The compromised data reportedly includes confidential information, financial data, and contracts, and the group intends to publish the data within 9–10 days.
    Date: 2026-01-05T07:48:46Z
    Network: tor
    Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/695b57e86387a4c9a2d2f7ec
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/46988c9c-68b8-4e1a-957a-018eb660f4ba.jpg
    Threat Actors: Sinobi
    Victim Country: USA
    Victim Industry: Biotechnology
    Victim Organization: lampire biological laboratories, inc.
    Victim Site: lampire.com
  12. Krenzer Marine falls victim to Sinobi Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 30 GB of organization’s data.
    Date: 2026-01-05T07:46:09Z
    Network: tor
    Published URL: http://sinobi6ftrg27d6g4sjdt65malds6cfptlnjyw52rskakqjda6uvb7yd.onion/leaks/695b5ba56387a4c9a2d31013
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/af51b335-20a4-44be-a40b-be0b0c133e45.png
    Threat Actors: Sinobi
    Victim Country: USA
    Victim Industry: Maritime
    Victim Organization: krenzer marine
    Victim Site: krenzermarine.com
  13. Boathouse on the Bay falls victim to Sinobi Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2026-01-05T07:40:11Z
    Network: tor
    Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/695b5e556387a4c9a2d324b9
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f2e730e9-ea14-4358-a81e-343db136dbdc.jpg
    Threat Actors: Sinobi
    Victim Country: USA
    Victim Industry: Restaurants
    Victim Organization: boathouse on the bay
    Victim Site: boathouseonthebay.com
  14. Pools by Bradley falls victim to Sinobi ransomware
    Category: Ransomware
    Content: The group claims to have obtained 50 GB of data of the organisations data, The exposed data allegedly include Contracts, Financial data, Customer’s data, They claim to publish it within 9 days.
    Date: 2026-01-05T07:37:46Z
    Network: tor
    Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/24580c6a-a8fb-4d54-b813-2c4f0b955eaf.JPG
    Threat Actors: Sinobi
    Victim Country: USA
    Victim Industry: Building and construction
    Victim Organization: pools by bradley
    Victim Site: poolsbybradley.com
  15. Lares Corporation falls victim to Sinobi Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 720GB of the organization data. The compromised data allegedly contains confidential data , Financial data, Contracts, Incidents and they intend to publish it within 11-12 days.
    Date: 2026-01-05T07:34:17Z
    Network: tor
    Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/695b5c596387a4c9a2d316f4
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/acd08e41-adab-41f9-bcd3-a129dabea97e.jpeg
    https://d34iuop8pidsy8.cloudfront.net/00df90f0-ac13-43ea-b039-0631352fd16b.jpeg
    Threat Actors: Sinobi
    Victim Country: USA
    Victim Industry: Automotive
    Victim Organization: lares corporation
    Victim Site: larescorp.com
  16. Delko Développement falls victim to Sinobi Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 15 GB of the organization’s data.
    Date: 2026-01-05T07:30:32Z
    Network: tor
    Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/695b55ce6387a4c9a2d2e7a3
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ebd93c06-f318-4298-b58e-a15ec2c5f165.jpg
    Threat Actors: Sinobi
    Victim Country: France
    Victim Industry: Automotive
    Victim Organization: delko développement
    Victim Site: delko.fr
  17. GreenValley International falls victim to Sinobi Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organization’s data.
    Date: 2026-01-05T06:42:47Z
    Network: tor
    Published URL: http://sinobi6ywgmmvg2gj2yygkb2hxbimaxpqkyk27wti5zjwhfcldhackid.onion/leaks/695b53356387a4c9a2d2cf20
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/08c739a5-88e5-4048-86f3-5336a895c794.png
    Threat Actors: Sinobi
    Victim Country: USA
    Victim Industry: Other Industry
    Victim Organization: greenvalley international
    Victim Site: greenvalleyintl.com
  18. Alleged data breach of Shadow
    Category: Data Breach
    Content: The threat actor claims to be leaked data from Shadow. The compromised data reportedly includes first and last names, dates of birth, email addresses, phone numbers, physical addresses, cities, postal codes.

Note: Shadow was previously breached on Jun 2025
Date: 2026-01-05T06:29:21Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FR-French-Shadow-Tech-Database-shadow-tech
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3c2bf7c1-2994-487c-87fb-2e73aa95c745.png
Threat Actors: telaviv
Victim Country: France
Victim Industry: Software Development
Victim Organization: shadow
Victim Site: shadow.tech

  1. Alleged Data Breach of Ioburo
    Category: Data Breach
    Content: A threat actor claims to have breached and shared a customer database belonging to Ioburo.
    Date: 2026-01-05T06:19:10Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-FR-Ioburo-ioburo-fr
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/fce149ab-b96e-4558-8980-5029b73d0e8d.png
    Threat Actors: telaviv
    Victim Country: France
    Victim Industry: Commercial Real Estate
    Victim Organization: loburo
    Victim Site: ioburo.fr
  2. Alleged Data Breach of Elite Auto
    Category: Data Breach
    Content: A threat actor claims to have breached and shared a customer database belonging to Elite Auto, a France-based car sales and reselling company. The exposed data contains personal and vehicle-related information linked to individuals who interacted with or purchased vehicles from the company.
    Date: 2026-01-05T06:05:00Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-FR-Elite-Auto-elite-auto-fr
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/71e20823-e3df-4ba3-ba33-03d5c1049910.png
    Threat Actors: telaviv
    Victim Country: France
    Victim Industry: Automotive
    Victim Organization: elite auto
    Victim Site: elite-auto.fr
  3. Alleged sale of admin and shell access to unidentified stores in multiple countries
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized admin and shell access to unidentified online stores in multiple countries.
    Date: 2026-01-05T05:59:02Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273091/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c80a86fa-2daa-46f4-ad18-8fd265c81d9e.png
    Threat Actors: Shopify
    Victim Country: Unknown
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: Unknown
  4. Alleged sale of admin and shell access to online store in USA
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized admin and shell access to an unidentified online store in USA.
    Date: 2026-01-05T05:58:37Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273092/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/92d654b1-c772-4097-8d2b-a76b0b5435ab.png
    Threat Actors: Shopify
    Victim Country: USA
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: Unknown
  5. Alleged Data Breach of Indonesia Internet Service Provider
    Category: Data Breach
    Content: A threat actor claims to have leaked a subscribers database associated with an Indonesia-based Internet Service Provider (ISP).The dataset include network device identifiers, firmware and chip details, service status indicators, and signal metrics related to customer connections.
    Date: 2026-01-05T05:53:54Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Document-INDONESIA-INTERNET-SERVICE-PROVIDER-Subscribers-Database
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/34db841c-a20f-4bdb-b5e1-a930dab85813.png
    Threat Actors: chillcapybara
    Victim Country: Indonesia
    Victim Industry: Network & Telecommunications
    Victim Organization: Unknown
    Victim Site: Unknown
  6. Alleged sale of admin and shell access to unidentified store in Spain
    Category: Vulnerability
    Content: Threat actor claims to be selling unauthorized admin and shell access to an unidentified online store in Spain.
    Date: 2026-01-05T05:49:35Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273094/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a4a128e0-2de7-4db7-8b5e-8a5bb5fff2d7.png
    Threat Actors: Shopify
    Victim Country: Spain
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: Unknown
  7. Alleged sale of admin and shell access to unidentified store in Spain
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized admin and shell access to an unidentified online store in Spain.
    Date: 2026-01-05T05:44:46Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273095/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/5784e19a-8167-436a-b8fd-4c46ea7164c4.png
    Threat Actors: Shopify
    Victim Country: Spain
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: Unknown
  8. Alleged data breach of PanRest
    Category: Data Breach
    Content: The threat actor claims to have leaked data from PanRest. The compromised data reportedly includes first and last names, usernames, email addresses, phone numbers, physical and delivery addresses, IP addresses, user‑agent details, dates of birth, ordered products, payment methods, pricing information, and delivery‑person identity details
    Date: 2026-01-05T05:36:51Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-Database-Panrest-pl-Poland
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6b1b1485-d31b-4107-812e-31e57d126906.png
    https://d34iuop8pidsy8.cloudfront.net/3a05b144-3611-43fb-b33f-31d7e6a2e13a.png
    Threat Actors: daghetiaw
    Victim Country: Poland
    Victim Industry: E-commerce & Online Stores
    Victim Organization: panrest
    Victim Site: panrest.pl
  9. Alleged sale of admin and shell access to unidentified store in USA
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized admin and shell access to unidentified online store in USA.
    Date: 2026-01-05T05:27:58Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273096/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/db920b4b-9884-47e9-b9e4-734acbb19e6c.png
    Threat Actors: Shopify
    Victim Country: USA
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: Unknown
  10. Alleged sale of admin and shell access to unidentified store in Slovakia
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized admin and shell access to an unidentified online store in Slovakia.
    Date: 2026-01-05T05:24:39Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273097/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/cd49d248-f666-48d6-aa8d-8ced8e5c2cc6.png
    Threat Actors: Shopify
    Victim Country: Slovakia
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: Unknown
  11. Alleged Data Breach of lshq.ca
    Category: Data Breach
    Content: A threat actor claims to have leaked a user database belonging to lshq.ca, a Canada-based platform. The dataset includes hashed passwords, email addresses, usernames, IP addresses, OAuth details, geolocation data, and internal application logs.
    Date: 2026-01-05T05:20:42Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-42k-Canada-lshq-ca-User-DB-Emails-Hashed-Passwords-Names-Usernames-IP-Addresses
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c29fc866-eacf-466c-83f0-5fa2df954272.png
    Threat Actors: gtaviispeak
    Victim Country: Canada
    Victim Industry: Gaming
    Victim Organization: ishq
    Victim Site: ishaq.ca
  12. Alleged sale of admin and shell access to unidentified store in USA
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized admin and shell access to an unidentified online store in USA.
    Date: 2026-01-05T05:14:15Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273098/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a5c14408-8a14-4961-80f0-8f1a3b409e3d.png
    Threat Actors: Shopify
    Victim Country: USA
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: Unknown
  13. Alleged sale of admin and shell access to unidentified store in Malta
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized admin and shell access to an unidentified online store in Malta.
    Date: 2026-01-05T05:09:54Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273101/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/730ba2a3-6779-4485-a539-55f5347698e2.png
    Threat Actors: Shopify
    Victim Country: Malta
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: Unknown
  14. Alleged Leak of Minecraft Stealer RAT Logs
    Category: Data Breach
    Content: The threat actor claims to have released database logs collected by a popular Minecraft stealer RAT. The leaked data includes over 6,000 Minecraft session records along with compromised PC data such as cookies, local files, screenshots, Discord tokens, IP addresses, system details, and user credentials.
    Date: 2026-01-05T05:03:31Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-ALL-Database-Logs-from-a-popular-minecraft-stealer-rat
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/0a4c639f-97ea-4ff9-be1f-fb1b46652013.png
    https://d34iuop8pidsy8.cloudfront.net/d29d22c1-f797-4e5a-bae0-a87446eb2555.png
    https://d34iuop8pidsy8.cloudfront.net/c8503b42-914b-4e71-b7ab-c622ed184e74.png
    https://d34iuop8pidsy8.cloudfront.net/b6c2bda8-1f48-494a-b647-3d9bed17cd39.png
    https://d34iuop8pidsy8.cloudfront.net/fc360ffc-5bc3-4eb6-8f8b-6e46fbe59200.png
    Threat Actors: Explorers
    Victim Country: Unknown
    Victim Industry: Gaming
    Victim Organization: Unknown
    Victim Site: Unknown
  15. Alleged sale of admin access to unidentified store in Turkey
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized admin access to unidentified online store for ladies products in Turkey.
    Date: 2026-01-05T04:49:39Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273105/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/38dc3522-09c4-4c11-a6a8-92b2502f7646.png
    Threat Actors: Fancy.Bear
    Victim Country: Turkey
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: Unknown
  16. Alleged sale of admin access to unidentified store in Poland
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized admin access to an unidentified online store in Poland.
    Date: 2026-01-05T04:35:50Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273108/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d29a546c-b9b4-42d0-9f92-c25a713e2124.png
    Threat Actors: Fancy.Bear
    Victim Country: Poland
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: Unknown
  17. Alleged sale of admin access to unidentified online store in Poland
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized admin access to an unidentified online clothing store in Poland.
    Date: 2026-01-05T04:34:20Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273107/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b4a8cbf9-68f6-4ed1-a1ee-38641155c760.png
    Threat Actors: Fancy.Bear
    Victim Country: Poland
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: Unknown
  18. Alleged sale of 313 credit card records from USA
    Category: Data Breach
    Content: Threat actor claims to be selling 313 USA credit card records. The compromised data reportedly includes credit card number, expiry month, expiry year, cvv2, first name, last name, state, city, address, zip, phone number, and email address.
    Date: 2026-01-05T04:24:24Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273119/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c5d67641-1ac7-4cfe-a0ef-fc9d58e2d83b.png
    Threat Actors: Magnez
    Victim Country: USA
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  19. Bolttech falls victim to Everest Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 186 GB of the organization internal data and they intend to publish it within 3-4 days.
    Date: 2026-01-05T04:17:00Z
    Network: tor
    Published URL: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/news/Bolttech/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/485b2b59-5b4b-45c9-a7c8-37d6cd7ec4f1.png
    Threat Actors: Everest
    Victim Country: Singapore
    Victim Industry: Insurance
    Victim Organization: bolttech
    Victim Site: bolttech.io
  20. Alleged sale of Europages Data From Multiple countries
    Category: Data Breach
    Content: The threat actor claims to be selling Europages Data From Denmark, Austria, and Belgium. The compromised data reportedly contain 548,000 records from Denmark, 210,000 records from Austria and 58,000 records from Belgium including name, Job title, Business name, Business normal name, Country, Address, City, Postcode, Region, Phone, Email, Latitude, Longitude, National Ids.
    Date: 2026-01-05T04:16:27Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-Europages-Denmark-and-Austria-databases
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8190d06c-798a-43c0-894c-09a563d7373e.png
    Threat Actors: selluk
    Victim Country: Denmark
    Victim Industry: Other Industry
    Victim Organization: europages
    Victim Site: europages.com
  21. Alleged sale of admin and shell access to unidentified store in UK
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized admin and shell access to an unidentified online store in UK.
    Date: 2026-01-05T04:15:26Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273121/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/16f281cd-684a-4e43-97e4-3af23b565db0.png
    Threat Actors: Shopify
    Victim Country: UK
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: Unknown
  22. Alleged data breach of LELO HEX
    Category: Data Breach
    Content: The threat actor claims to have released interaction data from LELO’s HEX email newsletter campaign conducted in 2016. The dataset contains newsletter recipient email addresses along with tracking metadata such as exit pages, IP addresses, locations, and campaign interaction details.
    Date: 2026-01-05T04:07:48Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-LELO-HEX-Newsletter-Campaign-Interaction-Data-2016
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/bbc25915-18fe-4337-a1db-31a94ab34f9a.png
    Threat Actors: Edric
    Victim Country: Unknown
    Victim Industry: Consumer Services
    Victim Organization: lelo
    Victim Site: lelocondoms.com
  23. IDeaS Revenue Solutions falls victim to Everest Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 603GB of the organization internal data and they intend to publish it within 4-5 days.
    Date: 2026-01-05T04:02:12Z
    Network: tor
    Published URL: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/news/IDeaS/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/357d2cf2-9d50-4a65-9039-d092532a78d7.png
    Threat Actors: Everest
    Victim Country: USA
    Victim Industry: Hospitality & Tourism
    Victim Organization: ideas revenue solutions
    Victim Site: ideas.com
  24. Alleged sale of admin and shell access to unidentified store in US / Canada
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized admin and shell access to an unidentified online store in USA / Canada.
    Date: 2026-01-05T03:54:32Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273123/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/90a31d19-82fe-4c26-a138-add1eee8d6e5.png
    Threat Actors: Shopify
    Victim Country: USA
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: Unknown
  25. Alleged sale of unauthorized admin and shell access to unidentified store in USA
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized admin and shell access to an unidentified online store in USA.
    Date: 2026-01-05T03:39:57Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273126/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2870ded8-ed9c-45dd-82f1-dcfeb69e66cd.png
    Threat Actors: Shopify
    Victim Country: USA
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: Unknown
  26. Alleged sale of unauthorized admin and shell access to unidentified online store in France
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized admin and shell access to unidentified online store in France.
    Date: 2026-01-05T03:31:38Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273128/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/834728ad-2aaa-4389-a513-3a5802f93066.png
    Threat Actors: Shopify
    Victim Country: France
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: Unknown
  27. Alleged sale of unauthorized admin and shell access to unidentified store in UK
    Category: Initial Access
    Content: Threat actor claims to be selling unauthorized admin and shell access to an unidentified online shop in UK.
    Date: 2026-01-05T03:18:11Z
    Network: openweb
    Published URL: https://forum.exploit.in/topic/273129/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7222a9c4-9b83-4359-b632-57eb2bf004cb.png
    Threat Actors: Shopify
    Victim Country: UK
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: Unknown
  28. Alleged sale of SYSTEM-level C2 access beacons
    Category: Initial Access
    Content: The threat actor claims to be selling access to a command-and-control (C2) server containing 80+ active SYSTEM-level beacons.
    Date: 2026-01-05T03:04:49Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Selling-Access-to-C2-with-a-big-number-of-SYSTEM-access-beacons
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a5116180-4bd9-4688-b8d1-4ecd0af8ae49.png
    Threat Actors: TheArchitect1
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  29. Alleged data breach of mist.com.br
    Category: Data Breach
    Content: The threat actor claims to have leaked the Mist Store (mist.com.br) database following a data breach in January 2026. The exposed dataset contains approximately 30,000 order records from the Brazilian e-commerce platform.
    Date: 2026-01-05T02:44:28Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-Brazil-mist-com-br-Leaked-Download
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/df787e4a-377d-43c6-837c-8c1a6d758f90.png
    Threat Actors: lulzintel
    Victim Country: Brazil
    Victim Industry: E-commerce & Online Stores
    Victim Organization: mist store
    Victim Site: mist.com.br
  30. Alleged data breach of League & Sports HQ
    Category: Data Breach
    Content: The threat actor claims to be selling data from LSHQ. The compromised data reportedly contain 42,000 user records including user IDs, first and last names, nicknames, email addresses, usernames, hashed passwords, OAuth provider details and access tokens, administrator flags, account status, login timestamps, IP addresses, contact email addresses.
    Date: 2026-01-05T02:29:35Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-42k-Canada-lshq-ca-User-DB-Emails-Hashed-Passwords-Names-Usernames-IP-Addresses
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7b78f04f-4c11-499f-acc7-25d14ff1ce14.png
    Threat Actors: gtaviispeak
    Victim Country: Canada
    Victim Industry: Sports
    Victim Organization: league & sports hq
    Victim Site: lshq.ca
  31. Alleged sale of internal corporate files from axyon.eu
    Category: Data Breach
    Content: The threat actor claims to be selling approximately 340 GB of internal files allegedly exfiltrated from axyon.eu, affecting multiple major French organizations. The dataset contains internal documents, engineering data, construction records, and operational files related to energy production, infrastructure, and industrial projects.
    Date: 2026-01-05T02:22:28Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-axyon-eu-340GB-Bouygues-EDF-Power-Plants-Eiffage-Engie-Files
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/cf9e965a-6034-4d8b-b770-70f911a211d3.png
    Threat Actors: Angel_Batista
    Victim Country: France
    Victim Industry: Building and construction
    Victim Organization: axyon
    Victim Site: axyon.eu
  32. Alleged data breach of accommodationforstudents.com
    Category: Data Breach
    Content: The threat actor claims to be selling a database containing 182,000 records associated with accommodationforstudents.com. The exposed data includes owner PII, such as email addresses, phone numbers, and password hashes, extracted from internal systems.
    Date: 2026-01-05T02:11:44Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-182k-United-Kingdom-accommodationforstudents-com-Owner-PII-password-hashes-em
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f8ee7241-e8f7-4c9b-af89-16dd0ff12f0f.png
    Threat Actors: Loser
    Victim Country: USA
    Victim Industry: Education
    Victim Organization: accommodation for students
    Victim Site: accommodationforstudents.com
  33. Alleged sale of Endesa Spain customer database
    Category: Data Breach
    Content: The threat actor claims to be selling a new and previously unreported database belonging to Endesa, Spain’s largest electricity and gas company.
    Date: 2026-01-05T01:40:46Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-ES-Endesa-BIGGEST-SPAIN-DATABASE-No-old-data
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/93cd15f7-2dc8-450b-a852-bd608202e4fc.png
    https://d34iuop8pidsy8.cloudfront.net/c51909ef-832d-47e3-baaf-aac77f30c41b.png
    Threat Actors: spain
    Victim Country: Spain
    Victim Industry: Energy & Utilities
    Victim Organization: endesa
    Victim Site: endesa.com
  34. Alleged data breach of Wadhefa
    Category: Data Breach
    Content: The threat actor claims to be selling data from Wadhefa. The compromised data reportedly contain 418,293 records including first, middle, and last names, dates of birth, national ID numbers, social and disability status, employment status, job titles, education institutions and fields, graduation years, training centers, skills, work experience details, email addresses, phone and WhatsApp numbers, postal addresses.
    Date: 2026-01-05T01:35:22Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Selling-418k-Saudi-Arabia-wadhefa-com-418-293-Job-Seeker-CVs-National-IDs-Emails-Pho
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b6b1ccac-b885-494f-bc1e-a0833fa5038b.png
    Threat Actors: Grubder
    Victim Country: Saudi Arabia
    Victim Industry: Other Industry
    Victim Organization: wadhefa
    Victim Site: wadhefa.com
  35. Alleged data breach of GolfLink
    Category: Data Breach
    Content: The threat actor claims to be leaked data from GolfLink. The compromised data reportedly contain 500,000 records including member IDs, first and last names, dates of birth, primary and alternate email addresses, home, mobile and work phone numbers, full postal addresses.
    Date: 2026-01-05T01:17:41Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Selling-1m-Bangladesh-https-www-bdjobs-com-Full-PII-database-including-National-IDs
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/92e5ff3e-2032-423b-926c-79ea90e1d24e.png
    Threat Actors: Grubder
    Victim Country: Australia
    Victim Industry: Sports
    Victim Organization: golflink
    Victim Site: golf.com.au
  36. Alleged Leak of Erectile Dysfunction Medication Records from United States
    Category: Data Breach
    Content: The threat actor claims to be leak Erectile Dysfunction Medication Records. The compromised data reportedly contain 916952 records including gender, dates of birth, physical addresses, city, state, ZIP code, email addresses, prescription details, medication names, dosage information, IP addresses.
    Date: 2026-01-05T00:35:51Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-US-Erectile-Dysfunction-Medication-Records-%E2%80%93-2016-Sensitive-Health-Data–183159
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f7118531-0dd4-4713-8e49-74ae953f5cc5.png
    Threat Actors: Toxic_Wolf
    Victim Country: USA
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
  37. Alleged data breach of Lions Clubs International
    Category: Data Breach
    Content: The threat actor claims to be leaked data from Lions Clubs International. The compromised data reportedly contain 135,000 records including first and last names, dates of birth, postal addresses, phone numbers, professional status, membership roles, join dates, and engagement details.
    Date: 2026-01-05T00:22:19Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-FR-LionsFrance-135K
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3a8bcc58-147d-48a8-b378-6a948b373ae7.png
    https://d34iuop8pidsy8.cloudfront.net/c80384e8-14f4-439b-ad2e-8b2845cdc98e.png
    Threat Actors: HexDex2
    Victim Country: France
    Victim Industry: Other Industry
    Victim Organization: lions clubs international
    Victim Site: lionsclubs.org
  38. Alleged Leak of French Hospital and Ophthalmologist Data
    Category: Data Breach
    Content: A threat actor claims to be leaked data from French Hospital and Ophthalmologist. The compromised data reportedly includes patient and practitioner first and last names, dates of birth, phone numbers, email addresses, physical addresses
    Date: 2026-01-05T00:05:06Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-FR-Hospital-Ophthalmologist-2025-Databases
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/28f67ce7-2e44-4768-acf2-793bdae960b3.png
    Threat Actors: host1337
    Victim Country: France
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown

Related Posts