This report summarizes a series of cyber incidents detected on January 7, 2026. The data indicates a global wave of cyber activity ranging from critical infrastructure targeting and massive government data leaks to ransomware campaigns and financial fraud.
1. Critical Infrastructure and Industrial Control Systems (ICS)
A significant number of alerts indicate “Infrastructure Destruction Squad” and other actors are actively targeting operational technology (OT) and physical systems. These incidents pose high risks to public safety and utility services.
- Water & Heating Systems:
- USA (Texas): Unauthorized access was claimed at a water treatment facility, specifically affecting a reverse osmosis unit used for medical purposes1.
- Greece: An actor claimed access to a central heating management system in a multi-story building, controlling boilers and water circulation pumps2.
- Thailand: The “Royal Irrigation Department” suffered an alleged data breach3.
- Energy & Power:
- Ukraine: The group “Perun Svaroga” claimed access to an electrical substation4.
- USA: A threat actor claimed access to an Oil & Gas process control system (HMI) monitoring tank levels and pressure readings5.
- Italy: Unauthorized access was reported at an industrial facility in Bari, affecting autoclave operating parameters6.
- National Targeting: The “Infrastructure Destruction Squad” issued alerts specifically targeting the Czech Republic7.
2. Major Government & National Identity Leaks
Threat actors are trading massive datasets containing the PII (Personally Identifiable Information) of citizens from multiple nations. The actor Solonik is particularly active in this sector.
- China: A massive breach of the State Council is alleged, containing approximately 1.2 billion records of citizen registry data, including ID numbers and GPS coordinates8. Additionally, the Shanghai Municipal Public Security Bureau was reportedly breached9.+1
- France: A leak of the French Civil Registry allegedly exposed records of 2 million individuals10. Another breach exposed 28 million death records (1970–2025)11.+1
- Peru: A dataset of 31 million citizens (National Citizen Database) was leaked, including DNI numbers and biometrics121212.+1
- USA: Leaks include 250,000 personal identity records 13, 200,000 records involving SSNs and driver’s licenses 14, and a dataset of 150,000 Virginia residents15.+2
- Defense & Intelligence:
- USA: Alleged leak of documents related to the National Security Agency (NSA)16.
- Israel: Claims of leaks regarding Israel Defense Forces classified documents17.
- India: The group “TBDF” claimed to target the Indian Air Force18.
3. Ransomware Campaigns
Several ransomware groups were active, publishing victims to leak sites. The most active groups observed were Akira, Qilin, and INTERLOCK.
| Victim Organization | Industry | Country | Threat Actor | Details |
| Buhlmann Group | Wholesale | Germany | Akira | 55 GB of drawings, contracts, and financial data19. |
| Labeltex Group | Fashion | Italy | Akira | Financial data and internal files20. |
| RJS Corporation | Manufacturing | USA | Akira | Agreements with major tire companies (Goodyear, Michelin)21. |
| Sortimage | Design | Canada | Qilin | Organization’s data obtained22. |
| Evergreen Printing | Printing | USA | Qilin | Organization’s data obtained23. |
| Commercial Paving | Engineering | Canada | Qilin | Organization’s data obtained24. |
| Boring IT | Retail | USA | CL0P | Organization’s data obtained25. |
| RGD Consulting | Engineering | USA | INTERLOCK | 2.2 TB of data exfiltrated26. |
| Westlake Academy | Education | USA | INTERLOCK | 604 GB of data obtained27. |
4. Financial & Corporate Sector Breaches
A high volume of attacks targeted banking institutions and investment firms, often resulting in the sale of customer leads and account details.
- Banking Leaks:
- Banamex (Mexico): Alleged database leak28.
- Qatar National Bank: Database leak claimed by “Bjorkanism”29.
- Israel: Leaks involving banking card information and specific banks (Almogim, various card dumps)30303030.+1
- India: Leak of The Kurla Nagrik Sahakari Bank Ltd31.
- Investment & Asset Management:
- Vanguard (USA): Actor Solonik claims to be selling 22.5 million records of investor clients32.
- Qazaqstan Investment Corp: Sale of 2.4 million investor records33.
- TIAA (USA): Alleged sale of the customer base database34.
- Corporate Data:
- Costco Wholesale Taiwan: Breach of 526,000 customer records including plaintext passwords35.
- SEKISUI Aerospace (USA): Breach of 53GB of engineering files, some subject to ITAR restrictions36.
5. Healthcare & Medical Sector
The healthcare sector faced both data breaches and unauthorized access to monitoring systems.
- China: A leak of a DICOM X-ray server from a large hospital, accessible without authentication37.
- France: A massive leak of 12 million records from “Ameli” (health insurance)38.
- Taiwan: Breach of Mackay Memorial Hospital internal systems, exposing daily lab results and patient records39.
- Brazil: Unauthorized access to Hospital do Olho Lagos LTDA server infrastructure via Telnet40.
- Thailand: Access gained to an unidentified patient monitoring department41.
Conclusion
The intelligence report for January 7, 2026, highlights a volatile cyber threat landscape characterized by high-volume data trafficking and targeted infrastructure attacks.
- Critical Infrastructure Risk: The “Infrastructure Destruction Squad” and affiliated actors are successfully exploiting physical control systems (water, heat, energy) across multiple continents (USA, Europe, Asia), moving beyond mere data theft to potential operational disruption.
- Scale of Data Loss: The sheer volume of compromised records—spanning over 1.2 billion in China 42, 31 million in Peru43, and tens of millions in France and the USA—indicates a systemic failure in protecting national registry and large-scale corporate databases.+1
- Active Threat Actors: The actor Solonik is responsible for a significant percentage of the high-value data sales (Vanguard, China Citizen DB, Costco Taiwan). Meanwhile, ransomware groups like Akira and Qilin continue to aggressively target the manufacturing and engineering sectors.
Detected Incidents Draft Data
- Infrastructure Destruction Squad claims to target Czech Republic
Category: Alert
Content: A recent post by the group indicates that they’re targeting Czech Republic
Date: 2026-01-07T23:59:37Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3200
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/057c256e-8483-440c-955e-82224fe29531.png
https://d34iuop8pidsy8.cloudfront.net/b1de865e-77b5-4d1f-be47-f6dc6370a90f.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: Czech Republic
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Entry.fr
Category: Data Breach
Content: Threat actor claims to have leaked data from Alleged data leak of Entry.fr. The compromised data reportedly contain 52,782 records including names, email addresses, phone numbers, and physical addresses.
Date: 2026-01-07T23:58:41Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-entry-fr
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e7f90304-d92b-4ad3-823f-2e72a5bf7069.png
Threat Actors: audiomanuhq
Victim Country: France
Victim Industry: Software
Victim Organization: entry.fr
Victim Site: entry.fr - CyberOprationCulture targets the website of Mulya Jaya
Category: Defacement
Content: The group claims to have defaced the website of Mulya Jaya
Date: 2026-01-07T23:29:53Z
Network: telegram
Published URL: https://t.me/c/3421269527/33
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/124eeae8-acc1-4d01-bfcf-cae1a059cbd7.png
Threat Actors: CyberOprationCulture
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: mulya jaya
Victim Site: mulyajayaraya.id - Alleged unauthorized access to order management system of the TOPOS AUDIO KOREA store
Category: Initial Access
Content: The group claims to have gained access to the order management system of the TOPOS AUDIO KOREA store. The compromised data reportedly includes database of orders, including order numbers, product names, quantities, unit prices, and total payment amounts.
Date: 2026-01-07T23:27:41Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3190
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/409eb133-8b07-4544-bbd5-709cef31ac0b.png
https://d34iuop8pidsy8.cloudfront.net/8d64d670-f044-456d-9a58-2a5facbaeb22.png
https://d34iuop8pidsy8.cloudfront.net/596104f8-8ab6-466c-927b-7f8fa9f11731.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: South Korea
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Boring IT And Print Solutions falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data.
Date: 2026-01-07T22:55:05Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/boring-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c1f1f38d-9e9b-4345-9b9b-b4a919247229.png
Threat Actors: CL0P
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: boring it and print solutions
Victim Site: boring.com - Alleged sale of web shell access of Isabel Fox Vazana
Category: Initial Access
Content: The group claims to be selling web shell access to Isabel Fox Vazana.
Date: 2026-01-07T22:55:01Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/578
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/399bd6e4-ba4c-4664-942f-515ac0dcb248.png
Threat Actors: Pharaoh’s Team Channel
Victim Country: Israel
Victim Industry: Legal Services
Victim Organization: isabel fox vazana
Victim Site: ifvlaw.co.il - Alleged sale of web shell access of Almogim
Category: Initial Access
Content: The group claims to be selling web shell access to Almogim, a publicly traded Israeli real estate development and construction company.
Date: 2026-01-07T22:26:46Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/577
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/08d3a7f0-24d3-48c2-9a90-8c54c28a71fc.jpg
Threat Actors: Pharaoh’s Team Channel
Victim Country: Israel
Victim Industry: Building and construction
Victim Organization: almogim
Victim Site: almogim.co.il - Alleged sale of web shell access to ARAN CUCINE
Category: Initial Access
Content: The group claims to be selling unauthorized web shell access to ARAN CUCINE in Israel
Date: 2026-01-07T22:25:28Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/579
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bc371796-7f42-4d23-b591-5250997b4a91.png
Threat Actors: Pharaoh’s Team Channel
Victim Country: Israel
Victim Industry: Furniture
Victim Organization: aran cucine
Victim Site: aranisrael.co.il - Alleged leak of Israeli banking card information
Category: Data Breach
Content: The group claims to have leaked document containing card data associated with Israeli banks.
Date: 2026-01-07T22:21:43Z
Network: telegram
Published URL: https://t.me/bjorkaspirit/296
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b2669c7c-2268-4de0-b1eb-45b608b29924.png
Threat Actors: Bjorkanism
Victim Country: Israel
Victim Industry: Banking & Mortgage
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of The Kurla Nagrik Sahakari Bank Ltd.
Category: Data Breach
Content: The group claims to have leaked the data of The Kurla Nagrik Sahakari Bank Ltd.
Date: 2026-01-07T22:14:03Z
Network: telegram
Published URL: https://t.me/bjorkaspirit/299
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8bec644c-cc6b-438b-9a4d-d774416c35bc.png
Threat Actors: Bjorkanism
Victim Country: India
Victim Industry: Banking & Mortgage
Victim Organization: the kurla nagrik sahakari bank ltd.
Victim Site: knsbl.com - Alleged data leak of Multiple website
Category: Data Breach
Content: The threat actor claims to have leaked data from multiple websites.
Date: 2026-01-07T22:11:15Z
Network: openweb
Published URL: https://breachforums.bf/Thread-WhiteDate-WhiteChild-and-WhiteDeal-fully-compromised
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cadec8ca-0c74-4108-8fbd-e641cab4f8f5.png
Threat Actors: scared1150
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Breach of Loozap
Category: Data Breach
Content: Threat Actor claims to have breached the database of Loozap in Nigeria. The allegedly exposed dataset is approximately 10GB in size, which includes sensitive user information such as phone numbers, email addresses, passwords, wallet and payment-related data, first and last names, physical addresses, schools, dates of birth, and other personal details.
Date: 2026-01-07T22:09:17Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-10Go-of-Loozap-Database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/83e1c421-d404-4ca0-8be0-6eca6303aecb.png
https://d34iuop8pidsy8.cloudfront.net/bedad9a7-ee7e-4530-9aa1-671c3b30af46.png
Threat Actors: LAPSUS-GROUP
Victim Country: Nigeria
Victim Industry: E-commerce & Online Stores
Victim Organization: loozap
Victim Site: loozap.com - Alleged unauthorised access to a central heating management and monitoring system in Greece
Category: Initial Access
Content: A threat actor claims to have gained unauthorized access to a central heating management and monitoring system in Greece used in a multi-story building. The compromised system reportedly controls a central boiler, water circulation pumps, and floor-level regulating valves, and monitors temperature across multiple zones via sensors.
Date: 2026-01-07T22:04:31Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3184
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3c064f6c-5b9d-491f-a150-b8aa16a46524.jpg
Threat Actors: Infrastructure Destruction Squad
Victim Country: Greece
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of French Civil Registry
Category: Data Breach
Content: A threat actor is claiming to have leaked a data from French Civil Registry allegedly containing personal civil registry records of approximately 2 million individuals in France. The exposed sample data includes full names and complete residential addresses, indicating a potential compromise of government-related civil status or administrative datasets.
Date: 2026-01-07T22:04:05Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-France-%C3%A9tat-civil-2-000-000
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7ea6f410-a953-44d4-956e-002a7f9802f8.png
Threat Actors: groszgeghuileux
Victim Country: France
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Qatar National Bank
Category: Data Breach
Content: The group claims to have leaked the database of Qatar National Bank
Date: 2026-01-07T22:03:22Z
Network: telegram
Published URL: https://t.me/bjorkaspirit/301
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/845b164b-558c-4f32-9fab-3ef3ecb3ed9b.png
Threat Actors: Bjorkanism
Victim Country: Qatar
Victim Industry: Banking & Mortgage
Victim Organization: qatar national bank
Victim Site: qnb.com - Alleged data leak of Banamex
Category: Data Breach
Content: The group claims to have leaked database from Banamex, the National Bank of Mexico
Date: 2026-01-07T21:50:38Z
Network: telegram
Published URL: https://t.me/bjorkaspirit/297
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d255fc3a-8703-435a-a94e-75951c0df834.png
Threat Actors: Bjorkanism
Victim Country: Mexico
Victim Industry: Banking & Mortgage
Victim Organization: banamex
Victim Site: banamex.com - Alleged Data Leak of Spanish Municipal Service
Category: Data Breach
Content: Threat Actor claims to have leaked the database of Spanish Municipal Service. The exposed dataset contains detailed vehicle registration and ownership records, including information such as license plate numbers, vehicle make and model, year, vehicle type, engine details, fuel type, transmission, owner names, residential addresses, phone numbers, tax and valuation data, and registration or inspection dates.
Date: 2026-01-07T21:43:56Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Spanish-municipal-service
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/528d0a69-22d5-4346-a99e-6494433f42a3.png
Threat Actors: lordzelephuhq1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Leak of Northern Cyprus Ministry of Health Database
Category: Data Breach
Content: Threat Actor claims to have leaked the database of Northern Cyprus Ministry of Health, resulting in the partial exposure of sensitive government records. The leaked dataset reportedly contains approximately 340,000 records, which includes full names, surnames, identification numbers, gender, place of birth, residential addresses, mother’s and father’s names, foreign ID numbers, and phone numbers.
Date: 2026-01-07T21:42:08Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-REICHLeaks-Northern-Cyprus-Ministry-of-Health-Database-partial
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2675e30c-af98-44d1-a812-1f18b1b9e060.png
Threat Actors: Elliptic
Victim Country: Cyprus
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged unauthorized access to an oil and gas process control system in the United States
Category: Initial Access
Content: The group claims to have gained unauthorized access to a process control system (HMI) used for monitoring and configuring operations at an oil and gas storage and processing facility in the United States. The exposed interface reportedly displays tank levels, pressure readings, alarm states, circulation pump controls, flare system parameters, event logs, and hydrogen sulfide (H2S) sensor data.
Date: 2026-01-07T21:33:12Z
Network: telegram
Published URL: https://t.me/zpentestalliance/928
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6dd5f649-509d-4c8b-9d85-e1be9b70cadb.png
https://d34iuop8pidsy8.cloudfront.net/cbf937db-316e-40f4-a5f7-8a6a905880d9.png
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: USA
Victim Industry: Oil & Gas
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Breach of LoftByDenisMoines
Category: Data Breach
Content: Threat Actor claims to have breached the database of LoftByDenisMoines, a France-based hairdressing and beauty services business. The alleged breach reportedly exposed approximately 5,000 client records. The compromised data includes first names, last names, email addresses, and telephone numbers.
Date: 2026-01-07T21:30:33Z
Network: openweb
Published URL: https://breachforums.bf/Thread-FR-LoftByDenisMoines-5K
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3dfad516-fd1c-4e6f-8c8a-e31e8c6d05bf.png
Threat Actors: azerty93200
Victim Country: France
Victim Industry: Consumer Services
Victim Organization: loftbydenismoines
Victim Site: loftbydenismoine.fr - Alleged Data Leak of Ameli in France
Category: Data Breach
Content: Threat Actor claims to have leaked the database of Ameli in France, reportedly containing approximately 12 million records.
Date: 2026-01-07T21:12:04Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Ameli-12M-line-FR
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d843a8b1-4573-49cc-b2c8-497552a2bad5.png
Threat Actors: Exn
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of document related to U.S National Security Agency
Category: Data Breach
Content: The group claims to have leaked document related to National Security Agency of USA
NB: Authenticity of the claim is yet to be verified
Date: 2026-01-07T21:06:45Z
Network: telegram
Published URL: https://t.me/cy8ern4ti0n_Republic_Indonesia/31
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/66695881-27fd-485c-8d8e-58fa8c617810.png
Threat Actors: CY8ER N4TI0N
Victim Country: USA
Victim Industry: Security & Investigations
Victim Organization: national security agency
Victim Site: nsa.gov
- Alleged Data Breach of SEKISUI Aerospace Corporation
Category: Data Breach
Content: The threat actor claims to have breached SEKISUI Aerospace Corporation, allegedly exposing approximately 53GB of sensitive data consisting of STEP and PDF engineering files subject to ITAR restrictions.
Date: 2026-01-07T21:04:40Z
Network: openweb
Published URL: https://forum.exploit.in/topic/270352/?tab=comments#comment-1622303
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6e3a8923-8c8e-4e9f-ae8f-a5a3fd5a95ad.png
Threat Actors: zestix
Victim Country: USA
Victim Industry: Aviation & Aerospace
Victim Organization: sekisui aerospace corporation
Victim Site: sekisuiaerospace.com - Alleged data breach of Mackay Memorial Hospital
Category: Data Breach
Content: The group claims to have breached the internal systems of Mackay Memorial Hospital exposing daily laboratory test results, patient service and test requests, medical and diagnostic reports, and temporary healthcare records used during patient treatment.
Date: 2026-01-07T21:01:51Z
Network: telegram
Published URL: https://t.me/bjorkaspirit/287
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d9545c0d-6ab2-4ff6-a2ec-1ea205c8a749.jpg
Threat Actors: Bjorkanism
Victim Country: Taiwan
Victim Industry: Hospital & Health Care
Victim Organization: mackay memorial hospital
Victim Site: mmh.org.tw - Alleged leak of document related to Gaza war
Category: Data Breach
Content: The group claims to have leaked document related to events preceding the Gaza war
Date: 2026-01-07T20:51:39Z
Network: telegram
Published URL: https://t.me/topsecretdocumentsleaked/203
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b0f224b5-c08a-48d6-ac2a-b2055656d30a.png
Threat Actors: jrintel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Breach of Velarium
Category: Data Breach
Content: Threat Actor claims to have breached the database of Velarium in USA. The exposed data contains over 18,000 records, which includes include full and partial Social Security numbers (SSNs), first and last names, middle names, join dates, registration numbers, account status, and email addresses.
Date: 2026-01-07T20:48:49Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-USA-Employee-union-database-18K-lines-with-full-and-partial-SSN-velarium-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ccc71631-c0f2-4109-89d1-b63d56504c66.png
https://d34iuop8pidsy8.cloudfront.net/ccb6940d-1dee-49ad-a9c6-2d6e594a234d.png
https://d34iuop8pidsy8.cloudfront.net/92d0d432-44a3-42d9-a0c1-fa9997f2e340.png
https://d34iuop8pidsy8.cloudfront.net/23cc9b75-10eb-4836-bb78-3561741f39da.png
Threat Actors: notangel
Victim Country: USA
Victim Industry: Software
Victim Organization: velarium
Victim Site: velarium.com - Alleged sale of French banking leads
Category: Data Breach
Content: A threat actor claims to have leaked a database containing over 6 million records of French banking leads. The compromised data reportedly includes first and last names, email addresses, phone numbers, dates of birth, physical addresses, city and postal codes, IBANs, and SWIFT information, indicating a large-scale exposure of sensitive financial and personal data.
Date: 2026-01-07T20:39:50Z
Network: openweb
Published URL: https://leakbase.la/threads/france-ba-nk-leads-with-iban-information-have-over-6m-file-header-first-name-last-name-email-phone-dob-address-city-postal-code-iban-swift.48017/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/634cead8-cd65-49c0-8347-4726f12d4cc0.png
Threat Actors: Hades66
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Leak of Israeli Top-Secret Documents Related to Israel–Hamas War
Category: Data Breach
Content: Threat Actor claims to have leaked top-secret documents allegedly associated with Israel, reportedly related to the Israel–Hamas war.
Date: 2026-01-07T20:36:03Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DOCUMENTS-ISRAEL-TOP-SECRET-Documents-Building-up-to-Israel-Hamas-War-Leaked
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/259c02be-4a69-4cca-8e68-251a1622938c.png
https://d34iuop8pidsy8.cloudfront.net/a5c50f41-cd68-400e-8c60-f5dd8733953f.png
Threat Actors: jrintel
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of U.S. mortgage loan information
Category: Data Breach
Content: The group claims to have leaked a dataset described as a 90,000‑record U.S. mortgage loan database.
Date: 2026-01-07T20:29:46Z
Network: telegram
Published URL: https://t.me/cy8ern4ti0n_Republic_Indonesia/29
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a158cfa0-5436-48f6-ac51-8244e6ddd95d.png
Threat Actors: CY8ER N4TI0N
Victim Country: USA
Victim Industry: Banking & Mortgage
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of C70 Stealth RUSS1AN Database
Category: Data Breach
Content: A threat actor claims to have leaked a large collection of stealth Russian documents (C70), categorized as a big personal database leak, with alleged proofs and details shared privately, indicating a potential large-scale exposure of sensitive personal or official documents.
Date: 2026-01-07T20:29:13Z
Network: openweb
Published URL: https://leakbase.la/threads/c70-stealth-russ1an-documents-for-sa1e.48015/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6ff364db-cacd-4157-b999-4ad294bdff51.png
Threat Actors: Hades66
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Breach of Editus Luxembourg S.A.
Category: Data Breach
Content: Threat Actor claims to have breached the database of Editus Luxembourg S.A. in Luxembourg. The exposed dataset reportedly contains approximately 49,000 records, which includes business activity details, company names, addresses, regions/provinces, business and VAT codes, phone and fax numbers, email addresses, website URLs, contact persons, registration dates, and employee information.
Date: 2026-01-07T20:21:46Z
Network: openweb
Published URL: https://breachforums.bf/Thread-EDITUS-LU-Annuaire-PRO-49k-LUXEMBOURG
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e04a51b8-16a5-480f-a97d-396e17c25fa9.png
Threat Actors: celluk
Victim Country: Luxembourg
Victim Industry: Marketing, Advertising & Sales
Victim Organization: editus luxembourg s.a.
Victim Site: editus.lu - Alleged leak of personal identity records of U.S citizens
Category: Data Breach
Content: The group claims to have leaked a dataset allegedly containing approximately 200,000 U.S. personal identity records, including full residential addresses, Social Security numbers, and driver’s license details.
Date: 2026-01-07T20:19:24Z
Network: telegram
Published URL: https://t.me/cy8ern4ti0n_Republic_Indonesia/28?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4f44fc61-6f92-4ef0-8972-fc2e8312ec43.png
Threat Actors: CY8ER N4TI0N
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Breach of TURF.FR
Category: Data Breach
Content: Threat Actor claims to have breached the database of TURF.FR in France.
Date: 2026-01-07T20:17:57Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FR-turf
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/99ebb1d7-b0e0-4076-9a68-2a0deee0852c.png
https://d34iuop8pidsy8.cloudfront.net/c4309fb0-aa25-4be0-8d31-c9322d963c2b.png
Threat Actors: closed
Victim Country: France
Victim Industry: Gambling & Casinos
Victim Organization: turf.fr
Victim Site: turf.fr - Alleged sale of Identity documents from Argentina, Colombia and Chile
Category: Data Breach
Content: The threat actor claims to be selling 100 identity documents from Argentina, 100 identity documents from Chile and 50 identity documents from Colombia.
Date: 2026-01-07T20:17:04Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273321/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c6642c48-dfd2-4f07-85f3-92afb4938799.png
Threat Actors: QwErTyYyY
Victim Country: Chile
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged unauthorized access to Allen & Sons Table Tennis Club
Category: Initial Access
Content: The group claims to have gained unauthorized CCTV access of Allen & Sons Table Tennis Club
Date: 2026-01-07T20:14:03Z
Network: telegram
Published URL: https://t.me/op_morningstar/134
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d8b2db81-8fa9-44f6-b5c4-85421dc1a9d8.jpg
Threat Actors: MORNING STAR
Victim Country: USA
Victim Industry: Sports
Victim Organization: allen & sons table tennis club
Victim Site: mypingpongclub.com - Alleged sale of unauthorized domain user access to an unidentified organization in Australia
Category: Initial Access
Content: Threat actor claims to be selling unauthorized domain user access to an unidentified organization in Australia
Date: 2026-01-07T20:09:31Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273323/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5a90b209-3cc7-44c3-ae9f-66944c1f2241.png
Threat Actors: Big-Bro
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of unauthorized domain user access to an unidentified organization in USA
Category: Initial Access
Content: Threat actor claims to be selling unauthorized domain user access to an unidentified organization in USA
Date: 2026-01-07T20:04:54Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273324/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8a8e5b7f-316e-4134-9b49-c371038027b2.png
Threat Actors: Big-Bro
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Israel Defense Forces
Category: Data Breach
Content: The threat actor claims the leak of highly classified Israeli government and military documents allegedly related to strategic planning, intelligence assessments, and operational preparations.
Date: 2026-01-07T20:01:02Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Polish-army-db
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6d11f19d-0941-48e7-9826-b482208e2bca.png
Threat Actors: Yiix074
Victim Country: Israel
Victim Industry: Military Industry
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Breach of Meetic S.A.
Category: Data Breach
Content: Threat Actor claims to have breached the database of Meetic S.A. in France, containing approximately 7,169,561 records.
Date: 2026-01-07T19:59:13Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FR-MEETIC-7M
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/54decae4-61dc-4873-b345-03e8f67f7908.png
https://d34iuop8pidsy8.cloudfront.net/02b680e4-aabe-405a-9182-16af4f5b7900.png
Threat Actors: closed
Victim Country: France
Victim Industry: Social Media & Online Social Networking
Victim Organization: meetic s.a.
Victim Site: meetic.fr - Alleged Data Breach of State Council of the People’s Republic of China
Category: Data Breach
Content: Threat Actor claims to have breached the database of State Council of the People’s Republic of China in China, allegedly resulting in the exposure of a large-scale Chinese citizen registry database. The dataset is reported to contain approximately 1.2 billion records which includes full names, gender, full residential addresses, phone numbers, national ID numbers, dates of birth, GPS or geo-coordinates, residence registration details, and file timestamps.
Date: 2026-01-07T19:51:54Z
Network: openweb
Published URL: https://breachforums.bf/Thread-COLLECTION-CHINA-CITIZEN-DATABASE-%E2%80%94-1-2-Bilion-RECORDS-WITH-NAMES-IDS-GPS-MOBILE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/654cb020-6578-451d-b967-4c6c1eed8951.png
Threat Actors: Solonik
Victim Country: China
Victim Industry: Government Administration
Victim Organization: state council of the people’s republic of china
Victim Site: china.gov.cn - Alleged Sale of Powershell Keylogger, Clipper and Screen Capture
Category: Malware
Content: The threat actor claims to be selling a PowerShell-based malware bundle that combines a keylogger, crypto clipper, and screen capture module, designed to steal keystrokes, hijack clipboard cryptocurrency addresses, record user activity, and periodically exfiltrate the collected data to a remote server.
Date: 2026-01-07T19:33:51Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273314/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/979304ec-7599-4647-90c8-c37d41602110.png
Threat Actors: UnknownUser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Breach of InstruRap
Category: Data Breach
Content: Threat Actor claims to have breached the database of InstruRap in France, a music platform for rap and hip-hop producers and artists. The breach reportedly occurred in December 2021 and involved approximately 75,292 user accounts. The compromised data includes usernames, email addresses, IP addresses, account details, and passwords.
Date: 2026-01-07T19:23:34Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-instrurap-fr-75-292-users-2021
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5eccebec-3628-4f34-a595-9b8146cd1666.png
https://d34iuop8pidsy8.cloudfront.net/46c78a97-4e10-4226-849c-975b84b1e81f.png
Threat Actors: aaa
Victim Country: France
Victim Industry: Music
Victim Organization: instrurap
Victim Site: instrurap.fr - Alleged Data Breach of Hôpital Européen de Paris GVM Care & Research
Category: Data Breach
Content: Threat Actor claims to have breached the database of Hôpital Européen de Paris GVM Care & Research in France, containing approximately 350,000 records.
Date: 2026-01-07T19:21:50Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FR-hopitaleuropeendeparis-350K
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/abd72764-3a05-4c2a-bf29-40395d2c1d16.png
https://d34iuop8pidsy8.cloudfront.net/562c9a16-42dd-43ff-be0d-0375adc7d9c9.png
Threat Actors: closed
Victim Country: France
Victim Industry: Hospital & Health Care
Victim Organization: hôpital européen de paris gvm care & research
Victim Site: hopitaleuropeendeparis.fr - Alleged Data Breach of OSBot Community
Category: Data Breach
Content: Threat Actor claims to have breached the database of the OSBot Community in the United Kingdom. The breach reportedly occurred in August 2013 and exposed approximately 32,000 user accounts. The compromised data includes usernames, email addresses, IP addresses, and hashed passwords.
Date: 2026-01-07T18:59:52Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-OSBot-org-Database-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fdb9a02b-e4c6-4e4a-953c-71dbfaa64e6e.png
Threat Actors: david-webmaster
Victim Country: UK
Victim Industry: Gaming
Victim Organization: osbot community
Victim Site: osbot.org - Alleged Data Breach of Costco Wholesale Taiwan Ltd
Category: Data Breach
Content: Threat Actor claims to have breached the database of Costco Wholesale Taiwan Ltd., exposing a large customer dataset associated with its e-commerce and membership systems. The leaked database reportedly contains approximately 526,000 customer records. The compromised data includes full names, national ID numbers, email addresses, full postal addresses, usernames, and plaintext passwords.
Date: 2026-01-07T18:51:14Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-COSTCO-COM-TW-%E2%80%94-526K-TAIWAN-CUSTOMERS-DATABASE-PII-CREDENTIALS
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/64a06eba-436c-4317-959b-83b6a2bd9136.png
Threat Actors: Solonik
Victim Country: Taiwan
Victim Industry: E-commerce & Online Stores
Victim Organization: costco wholesale taiwan ltd
Victim Site: costco.com.tw - Alleged data breach of TopHorny
Category: Data Breach
Content: Threat actor claims to have leaked data from TopHorny, an adult content platform operating on WordPress. The compromised data reportedly includes WordPress user records containing usernames, email addresses, bcrypt-MD5 password hashes, account timestamps, country and city metadata, as well as a full backend dump of the website.
Date: 2026-01-07T18:50:49Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-TOPHORNY-COM-%E2%80%94-WORDPRESS-USER-LEAK-FULL-SITE-BACKEND-SRC-SQL
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/77bde4cb-6646-4b07-b24d-0f8ce6ebe972.png
Threat Actors: Solonik
Victim Country: Taiwan
Victim Industry: Online Publishing
Victim Organization: tophorny
Victim Site: tophorny.com - Alleged data breach of PUSIN PPM Manajemen
Category: Data Breach
Content: Threat actor claims to have leaked data from PUSIN PPM Manajemen. The compromised data reportedly includes library member records containing full names, dates of birth, gender, email addresses, phone numbers, physical addresses, membership details, login metadata, circulation and loan logs, as well as extensive bibliographic data such as book titles, ISBNs, authors.
Date: 2026-01-07T18:42:22Z
Network: openweb
Published URL: https://breachforums.bf/Thread-ES-Endesa-SPAIN-Database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cc4a137f-1a24-41f0-a680-896204a540f5.png
Threat Actors: spain
Victim Country: Indonesia
Victim Industry: Higher Education/Acadamia
Victim Organization: pusin ppm manajemen
Victim Site: pusin.ppm-manajemen.ac.id - TBDF claims to target Indian Air Force
Category: Alert
Content: A recent post by the group indicates that they are targeting Indian Air Force
Date: 2026-01-07T18:40:11Z
Network: telegram
Published URL: https://t.me/c/1867326321/393
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2cac64ab-8308-47dd-bee0-8449dcb9a9de.jpg
Threat Actors: TBDF
Victim Country: India
Victim Industry: Military Industry
Victim Organization: indian air force
Victim Site: indianairforce.nic.in - Alleged sale of fitness Park database
Category: Data Breach
Content: A threat actor claims to have breached the database of Fitness Park, allegedly leaking multiple JSON databases totaling approximately 5.98 million records, containing customer personal data such as first and last names, dates of birth, gender, partial phone numbers and client information.
NB: The organization was previously breached on Jun 14 2025.
Date: 2026-01-07T18:36:14Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273317/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0dc31c8a-998d-47ec-bbfb-22ba3fbd49bc.png
https://d34iuop8pidsy8.cloudfront.net/95d886da-07e7-4406-a665-185cfda19157.png
Threat Actors: smiley_crack
Victim Country: France
Victim Industry: Health & Fitness
Victim Organization: fitness park
Victim Site: fitnesspark.fr
- Alleged Data Breach of Fitness Park
Category: Data Breach
Content: Threat Actor claims to have breached the database of Fitness Park in France, which contains tens of thousands to several million entries across different JSON files.
Date: 2026-01-07T18:28:30Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FR-FITNESSPARK
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cff8e271-010e-4662-8421-e3ee66018cd6.png
https://d34iuop8pidsy8.cloudfront.net/a1442760-c955-4bda-8f0b-116f6c10cd50.png
https://d34iuop8pidsy8.cloudfront.net/697b9d44-01a6-4529-9dc7-e45fee8e3c8e.png
Threat Actors: closed
Victim Country: France
Victim Industry: Health & Fitness
Victim Organization: fitness park
Victim Site: fitnesspark.fr - Alleged data breach of Daniel Paz Investments Ltd. (DPAZ)
Category: Data Breach
Content: The group claims to have exfiltrated the data of Daniel Paz Investments Ltd. (DPAZ)
Date: 2026-01-07T18:27:39Z
Network: telegram
Published URL: https://t.me/Gaza_Children_Hackers/444
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/59857240-1ee3-4e86-9cf3-a2f347194a85.png
Threat Actors: Gaza Children’s Group
Victim Country: Israel
Victim Industry: Real Estate
Victim Organization: daniel paz investments ltd. (dpaz)
Victim Site: Unknown - Alleged data breach of Cardinal Tours Ltd.
Category: Data Breach
Content: The group claims to have exfiltrated the data of Cardinal Tours Ltd.
Date: 2026-01-07T18:25:09Z
Network: telegram
Published URL: https://t.me/Gaza_Children_Hackers/444
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5d4c5523-8644-483a-8f17-eea358a33726.png
Threat Actors: Gaza Children’s Group
Victim Country: Israel
Victim Industry: Hospitality & Tourism
Victim Organization: cardinal tours ltd.
Victim Site: Unknown - Alleged Data Breach of psun.housing.tw
Category: Data Breach
Content: Threat Actor claims to have breached the database of psun.housing.tw, a Taiwan-based housing and real estate platform. The exposed dataset reportedly contains over 45,000 tenant records. The compromised data includes full names, residential addresses, phone numbers, billing addresses, MD5-hashed passwords, account notes, disabled account flags, and registration dates.
Date: 2026-01-07T18:24:41Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-psun-housing-tw-45K-TAIWAN-TENANTS-DATABASE-FULL-NAMES-ADDRESSES-PHONES
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/113dfbc7-1f39-4565-a73d-bfd34efc0136.png
Threat Actors: Solonik
Victim Country: Taiwan
Victim Industry: Real Estate
Victim Organization: psun.housing.tw
Victim Site: psun.housing.tw - Alleged data breach of Alain AFFLELOU
Category: Data Breach
Content: Threat Actor claims to have breached the database of Alain AFFLELOU exposing customer records containing personally identifiable and health-related information. The compromised data reportedly includes full names, addresses, contact details, government-issued identification numbers, insurance and social security details, medical and prescription information, and consent records.
NB: The organization was previously breached on Sat Aug 30 2025
Date: 2026-01-07T18:23:21Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273315/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f0e4d6af-d7c2-46bf-ac55-0715896f8be0.jpg
Threat Actors: smiley_crack
Victim Country: France
Victim Industry: Hospital & Health Care
Victim Organization: alain afflelou
Victim Site: afflelou.com
- Alleged data breach of Cardinal Tours
Category: Data Breach
Content: The group claims to have exfiltrated the data of Cardinal Tours
Date: 2026-01-07T18:16:40Z
Network: telegram
Published URL: https://t.me/Gaza_Children_Hackers/444
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1e2332b9-fca0-4428-9d47-49ae4be56524.png
Threat Actors: Gaza Children’s Group
Victim Country: Israel
Victim Industry: Hospitality & Tourism
Victim Organization: cardinal tours
Victim Site: Unknown - Alleged data breach of Skynet Cloud Computing Ltd.
Category: Data Breach
Content: The group claims to have exfiltrated the data of Skynet Cloud Computing Ltd.
Date: 2026-01-07T18:05:46Z
Network: telegram
Published URL: https://t.me/Gaza_Children_Hackers/444
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/adeed479-ddec-402e-9173-9a41556420cb.png
Threat Actors: Gaza Children’s Group
Victim Country: Israel
Victim Industry: Information Technology (IT) Services
Victim Organization: skynet cloud computing ltd.
Victim Site: skynetcom.io - Alleged data leak of 138 Greece Credit Cards
Category: Data Breach
Content: A threat actor claims to have leaked 138 Greece-based credit card records, with the compromised data reportedly including full card details (card number, expiration date, CVV) along with personally identifiable information such as names, addresses, location details, IP addresses, and related metadata.
Date: 2026-01-07T17:58:01Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273313/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fc33bf2d-c3c1-4995-bfd7-518b5c036e5a.png
Threat Actors: badop69
Victim Country: Greece
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Breach of Smaregi, Inc
Category: Data Breach
Content: Threat Actor claims to have breached the database of Smaregi, Inc. in Japan, exposing approximately 100,000 customer records. The compromised data includes names and phone numbers.
Date: 2026-01-07T17:30:37Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Japan-smaregi-jp-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/11a0de07-17c5-4ee8-a95d-23730e7e2309.png
Threat Actors: lulzintel
Victim Country: Japan
Victim Industry: Software
Victim Organization: smaregi, inc
Victim Site: smaregi.jp - Alleged Data Breach of Décès en France
Category: Data Breach
Content: Threat Actor claims to have breached the database of Décès en France in France, containing records of French citizens’ death registrations spanning from 1970 to 2025. The exposed dataset reportedly includes approximately 28,498,095 records. The compromised data contains fields such as surnames, given names, gender, date of birth, birth INSEE codes, birth municipalities, birth countries, dates of death, death INSEE codes, death record numbers, source files, and record positions.
Date: 2026-01-07T17:13:30Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FRENCH-CITIZEN-28M-base-deces-france-complet-1970-2025
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/078bb0fc-9e02-464f-948c-5b1882124ffd.png
https://d34iuop8pidsy8.cloudfront.net/0c732bda-135e-464f-8935-c7e2791a0702.png
Threat Actors: closed
Victim Country: France
Victim Industry: Information Services
Victim Organization: décès en france
Victim Site: deces-en-france.fr - Alleged leak of USA 250k people data and network data
Category: Data Breach
Content: A threat actor claims to have leaked a database containing approximately 250,000 records of U.S. individuals. The compromised data reportedly includes dates of birth, Social Security numbers (SSNs), and associated network-related data.
Date: 2026-01-07T16:41:55Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273311/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c9fe2668-7cd5-4a92-a4c3-2fd1501c4e0c.png
https://d34iuop8pidsy8.cloudfront.net/2d18f623-20b6-4de9-881b-8b305884a909.png
https://d34iuop8pidsy8.cloudfront.net/7fd17215-4df3-4aa1-b2e2-c1413d9c7fa5.png
https://d34iuop8pidsy8.cloudfront.net/df5a7782-27df-42e7-8916-d1b857547da2.png
Threat Actors: hense
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Sortimage falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2026-01-07T16:33:26Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=31697737-8a92-37b5-bbc7-d403740ef79b
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e443b29c-930a-4288-a95f-356ab3422279.png
Threat Actors: Qilin
Victim Country: Canada
Victim Industry: Graphic & Web Design
Victim Organization: sortimage
Victim Site: sortimage.com - Alleged leak of Chinese X-ray Server Database
Category: Data Breach
Content: A threat actor claims to have leaked DICOM X-ray server belonging to a large Chinese hospital that was accessible over the internet without authentication. The exposed system reportedly allowed access to patient X-ray scan data.
Date: 2026-01-07T16:18:35Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273299/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/74648f14-c6a1-4f0b-8315-4ee6450b8068.png
Threat Actors: FiveEyesSpook
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Evergreen Printing Company falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2026-01-07T16:18:33Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=844f5c86-84f7-380b-9ecf-1fc20209d35f
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/103c4015-e1d2-4d0c-9f00-55443c399c78.png
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Printing
Victim Organization: evergreen printing company
Victim Site: egpp.com - Alleged unauthorized access to unidentified electrical substation in Ukraine
Category: Initial Access
Content: The group claims to have gained unauthorized access to unidentified electrical substation in Ukraine
Date: 2026-01-07T16:08:25Z
Network: telegram
Published URL: https://t.me/perunswaroga/985
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/97c6b2de-9621-4e73-af04-d94d38649384.jpg
Threat Actors: Perun Svaroga
Victim Country: Ukraine
Victim Industry: Energy & Utilities
Victim Organization: Unknown
Victim Site: Unknown - Alleged Unauthorised Access to The Lagos Eye Hospital LTDA
Category: Initial Access
Content: The threat actor claims to have obtained unauthorized access to a server associated with Hospital do Olho Lagos LTDA, an ophthalmology and ophthalmic surgery provider, identifying the system as part of the hospital’s internal technical infrastructure used to run and monitor internal services. The exposed server reportedly relies on the Telnet protocol, which transmits credentials in clear text and is vulnerable to interception and brute-force attacks, potentially enabling lateral movement across the internal network, discovery of connected systems, and access to configuration files, credentials, and scheduled task
Date: 2026-01-07T15:44:49Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3180?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ef511877-c16b-4d5c-8e34-c7c44cbb1cfe.jpg
Threat Actors: Infrastructure Destruction Squad
Victim Country: Brazil
Victim Industry: Hospital & Health Care
Victim Organization: the lagos eye hospital ltda
Victim Site: hospitaldoolhorj.com.br - Alleged sale of unauthorized access to an unidentified shop in Denmark
Category: Initial Access
Content: Threat actor claims to be selling unauthorized shell access, WordPress admin access and databases to an unidentified shop in Denmark.
Date: 2026-01-07T15:32:42Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273297/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/00db6b05-a160-4f33-85aa-48d22d25df87.png
Threat Actors: Reve
Victim Country: Denmark
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown - BUHLMANN Group falls victim to Akira Ransomware
Category: Ransomware
Content: The group claims to have obtained 55 GB of organisation’s data, the compromised information includes lots of drawings and specifications, confidentiality agreements, employees personal documents, project files, financials, contracts and agreements, customers information and so on.
Date: 2026-01-07T15:27:13Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b01d6860-9445-403b-b1a5-fa346973cf45.png
Threat Actors: akira
Victim Country: Germany
Victim Industry: Wholesale
Victim Organization: buhlmann group
Victim Site: buhlmann-group.com - Labeltex Group falls victim to Akira Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s corporate data, compromised data includes financial data, agreements and other internal files.
Date: 2026-01-07T15:25:42Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f0bec1a1-442a-4ffe-bf26-334bb1b690d7.png
Threat Actors: akira
Victim Country: Italy
Victim Industry: Fashion & Apparel
Victim Organization: labeltex group
Victim Site: labltexgroup.it - Commercial Paving falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2026-01-07T15:08:06Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=e7ec39f6-e3af-3c0a-aa31-cfa494135ff1
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/27bc5c09-f23b-4094-8fc8-a61711b4671e.png
Threat Actors: Qilin
Victim Country: Canada
Victim Industry: Civil Engineering
Victim Organization: commercial paving
Victim Site: commercialpaving.ca - Alleged data leak of Kementerian Agama Republik
Category: Data Breach
Content: The group claims to have leaked organization data.
Date: 2026-01-07T14:50:38Z
Network: telegram
Published URL: https://t.me/cy8ern4ti0n_Republic_Indonesia/16?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b8f18b0d-2459-4bdc-a3aa-25b651b277be.png
Threat Actors: CY8ER N4TI0N
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: kementerian agama republik
Victim Site: kemenag.go.id - Alleged leak of Malaysian identity card data
Category: Data Breach
Content: The group claims to have leaked Malaysian identity card data.
Date: 2026-01-07T14:37:07Z
Network: telegram
Published URL: https://t.me/cy8ern4ti0n_Republic_Indonesia/35
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bb65f081-81e8-423a-80fc-b91d1be9fa25.png
Threat Actors: CY8ER N4TI0N
Victim Country: Malaysia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Komisi Pemberantasan Koruspi
Category: Data Breach
Content: The group claims to have obtained data from electrical4all, Inc.
Date: 2026-01-07T14:24:28Z
Network: telegram
Published URL: https://t.me/cy8ern4ti0n_Republic_Indonesia/15?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1eb0658c-6d8a-464f-8736-dc956ac50476.png
Threat Actors: CY8ER N4TI0N
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: komisi pemberantasan koruspi
Victim Site: kpk.go.id - Alleged leak of electrical4all, Inc.
Category: Data Breach
Content: The group claims to have obtained data from electrical4all, Inc.
Date: 2026-01-07T14:23:36Z
Network: telegram
Published URL: https://t.me/cy8ern4ti0n_Republic_Indonesia/35
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c7ba344b-6428-489b-b878-122d7f692cb0.png
Threat Actors: CY8ER N4TI0N
Victim Country: UK
Victim Industry: E-commerce & Online Stores
Victim Organization: electrical4all, inc.
Victim Site: electrical4all.co.uk - Alleged leak of login credentials of Royal School of Administration of Cambodia
Category: Data Breach
Content: The group claims to have leaked login credentials of Royal School of Administration of Cambodia.
Date: 2026-01-07T14:19:17Z
Network: telegram
Published URL: https://t.me/thsecthailand/191
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e752341d-e3fd-439c-86bc-b6cd2a026684.png
Threat Actors: THSEC
Victim Country: Cambodia
Victim Industry: Education
Victim Organization: royal school of administration of cambodia
Victim Site: sms.era.gov.kh - Alleged data leak of JAPAN STUDY SUPPORT
Category: Data Breach
Content: The group claims to have obtained organization data.
Date: 2026-01-07T14:18:08Z
Network: telegram
Published URL: https://t.me/cy8ern4ti0n_Republic_Indonesia/13?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4e0ee6e0-0904-488a-8460-67e7967796a5.png
Threat Actors: CY8ER N4TI0N
Victim Country: Japan
Victim Industry: Education
Victim Organization: japan study support
Victim Site: jpss.jp - Alleged leak of ICMR Aadhar data
Category: Data Breach
Content: The group claims to have obtained organization data.
Date: 2026-01-07T14:13:44Z
Network: telegram
Published URL: https://t.me/cy8ern4ti0n_Republic_Indonesia/35
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1e775986-e60f-43cb-8f96-40d8a368d985.png
Threat Actors: CY8ER N4TI0N
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - EIGHT-SIX ROOT targets the website of Florida Unidentified Decedents Database
Category: Defacement
Content: The group claims to have defaced the website of Florida Unidentified Decedents Database
Date: 2026-01-07T14:10:01Z
Network: telegram
Published URL: https://t.me/eightsixroot/62
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5eefc078-b26f-4eaf-8890-e013eb90ff11.jpg
Threat Actors: EIGHT-SIX ROOT
Victim Country: USA
Victim Industry: Information Services
Victim Organization: florida unidentified decedents database
Victim Site: fluiddb.com - RJS Corporation falls victim to Akira Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s corporate data, compromised data includes employee information, financials, agreements with Goodyear, Bridgestone, Nokia, Yokohama, Michelin, Pirelli and so on, NDAs and other files.
Date: 2026-01-07T14:06:42Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/22e153ae-bf4d-4d77-9b17-52c3a460c656.png
Threat Actors: akira
Victim Country: USA
Victim Industry: Machinery Manufacturing
Victim Organization: rjs corporation
Victim Site: rjscorp.com - Wilson Smith Cochran Dickerson falls victim to Akira Ransomware
Category: Ransomware
Content: The group claims to have obtained 120 GB of the organization’s data. The compromised information reportedly includes numerous files containing clients’ personal information, court files, police reports, court hearing records, and other confidential legal documents.
Date: 2026-01-07T14:05:38Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/919a76a3-2b54-4a6f-812f-41efbeea5102.jpg
Threat Actors: akira
Victim Country: USA
Victim Industry: Law Practice & Law Firms
Victim Organization: wilson smith cochran dickerson
Victim Site: wscd.com - RGD Consulting Engineers falls victim to INTERLOCK ransomware
Category: Ransomware
Content: The group claims to have obtained 2200 GB of the organisations data,
Date: 2026-01-07T14:05:02Z
Network: tor
Published URL: http://ebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion/leaks.php
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/570f47f6-a3c4-4857-9cbd-8222a4ea87c5.JPG
Threat Actors: INTERLOCK
Victim Country: USA
Victim Industry: Mechanical or Industrial Engineering
Victim Organization: rgd consulting engineers
Victim Site: rgdengineers.com - EIGHT-SIX ROOT targets the website of MTs Masalikil Huda Tahunan Jepara
Category: Defacement
Content: The group claims to have defaced the website of MTs Masalikil Huda Tahunan Jepara.
Date: 2026-01-07T14:04:58Z
Network: telegram
Published URL: https://t.me/eightsixroot/61
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7cf1e095-5b20-49f8-8759-dbbce1e1b846.png
Threat Actors: EIGHT-SIX ROOT
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: mts masalikil huda tahunan jepara
Victim Site: sik.mtsmasalikilhuda.sch.id - Alleged data leak of data-uinjkt.ac.id
Category: Data Breach
Content: The group claims to have leaked organization data.
Date: 2026-01-07T14:02:02Z
Network: telegram
Published URL: https://t.me/cy8ern4ti0n_Republic_Indonesia/20
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7b118b68-dfe4-4bf6-b770-a18e94ce553f.png
Threat Actors: CY8ER N4TI0N
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: data-uinjkt.ac.id - Strategic Technology falls victim to TENGU Ransomware
Category: Ransomware
Content: The group claims to have obtained 13 GB of the organization’s data and intends to publish it within 5–6 days.
Date: 2026-01-07T14:00:39Z
Network: tor
Published URL: http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/339a19b6e4ce2e9a805eae8ad4836c9078e12a96a6cd30a66e8e1b09b0410ced/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9176f6fd-e1b4-42be-a044-84cfea6b8d01.jpg
https://d34iuop8pidsy8.cloudfront.net/0d400f56-5abc-4b19-98e8-b5230e7e2bc4.jpg
https://d34iuop8pidsy8.cloudfront.net/f5ef8c23-fa8f-475b-953a-0ad2122b8acf.jpg
Threat Actors: TENGU
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: strategic technology
Victim Site: strategic-ts.com - Westlake Christian Academy falls victim to INTERLOCK Ransomware
Category: Ransomware
Content: The group claims to have obtained 604 GB of organization’s data.
Date: 2026-01-07T13:58:34Z
Network: tor
Published URL: http://ebhmkoohccl45qesdbvrjqtyro2hmhkmh6vkyfyjjzfllm3ix72aqaid.onion/leaks.php
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4bae066d-93cd-4c6c-ae16-0069b322c883.jpg
Threat Actors: INTERLOCK
Victim Country: USA
Victim Industry: Higher Education/Acadamia
Victim Organization: westlake christian academy
Victim Site: westlakechristianacademy.org - DXPLOIT (OFFICIALS) targets the website of Angkor University
Category: Defacement
Content: The group claims to have defaced the website of Angkor University.
Date: 2026-01-07T13:58:07Z
Network: telegram
Published URL: https://t.me/dxp004/17
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/db5e9843-9e4f-4a29-b417-b32dec93eccc.png
Threat Actors: DXPLOIT (OFFICIALS)
Victim Country: Cambodia
Victim Industry: Higher Education/Acadamia
Victim Organization: angkor university
Victim Site: angkor.edu.kh - Alleged data breach of dobiggpt.com
Category: Data Breach
Content: The threat actor claims to have breached a 540,000-record Indian corporate users database from dobiggpt.com, exposing user contact details, company information, OTP data, and other records and more.
Date: 2026-01-07T13:56:39Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-DOBIGGPT-COM-%E2%80%94-540K-INDIAN-CORPORATE-USERS-DATABASE-Solonik-BF
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/12fbe972-38b3-4ab4-a640-56f1cc7bcd10.png
Threat Actors: Solonik
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: dobiggpt.com - Alleged unauthorized access to unidentified medical system in Thailand
Category: Initial Access
Content: The group claims to have gained access to the unidentified patient monitoring department within the electronic medical system in Thailand. They reportedly have the ability to access complete patient records, inpatient and outpatient case details, medical case tracking, departmental coordination data, and comprehensive reports covering treatments, statistics, and patient management from admission to discharge
Date: 2026-01-07T13:55:54Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3175?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dce0759b-ea72-4843-81ce-f2561ec37e4b.jpg
https://d34iuop8pidsy8.cloudfront.net/b3dce0d9-d810-4ca5-8611-69fa4c4c5112.jpg
Threat Actors: Infrastructure Destruction Squad
Victim Country: Thailand
Victim Industry: Hospital & Health Care
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of Cambodian id card
Category: Data Breach
Content: The group claims to have leaked the data of Cambodian id card.
Date: 2026-01-07T13:54:25Z
Network: telegram
Published URL: https://t.me/thsecthailand/185
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/da4a1f4b-1f12-4fe5-b850-8b1f2a98409f.JPG
Threat Actors: THSEC
Victim Country: Cambodia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of French medical data
Category: Data Breach
Content: The group claims to have leaked French medical data.
Date: 2026-01-07T13:53:26Z
Network: telegram
Published URL: https://t.me/cy8ern4ti0n_Republic_Indonesia/20
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2e790f2e-1eb7-47e3-8ac8-c2f59497360e.png
Threat Actors: CY8ER N4TI0N
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of login access to orange.
Category: Initial Access
Content: The group claims to have leaked login credentials belonging to Orange.
Date: 2026-01-07T13:47:49Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Orange-check-customers-acces
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cb7a87d3-c624-4e90-b8af-3c07c9c4206c.JPG
Threat Actors: Tusher
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data sale of Qazaqstan Investment Corporation
Category: Data Breach
Content: The threat actor claims to be selling 2.4 million records from Qazaqstan Investment Corporation, allegedly containing last names, first names, email addresses, and phone numbers.
Date: 2026-01-07T13:39:43Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-QIC-KZ-%F0%9F%87%B0%F0%9F%87%BF-%E2%80%94-2-4M-PRIVATE-EQUITY-INVESTORS-EMAILS-PHONE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2645f2de-3cf6-4db1-aac7-d91e13ce26cd.png
Threat Actors: Solonik
Victim Country: Kazakhstan
Victim Industry: Investment Management, Hedge Fund & Private Equity
Victim Organization: qazaqstan investment corporationn
Victim Site: qic.kz - Alleged data sale of Vanguard
Category: Data Breach
Content: “The threat actor claims to be selling 22.5 million records from Vanguard, allegedly containing full names, dates of birth, cities, states, ZIP codes, email addresses, physical addresses, and phone numbers.
Date: 2026-01-07T13:39:10Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-INVESTOR-VANGUARD-COM-%F0%9F%87%BA%F0%9F%87%B8-%E2%80%94-22-5M-FULL-PII-ETF-ASSET-CLIENTS-USA
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/24f61267-f986-4c1f-9099-01acfdc9a3db.png
Threat Actors: Solonik
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: vanguard
Victim Site: investor.vanguard.com - Alleged data breach of Pak Telecom Mobile Limited
Category: Data Breach
Content: The threat actor claims to have breached a 5 million record database belonging to Pak Telecom Mobile Limited. The compromised data reportedly includes 3G site ID, cell ID, CGI, location details, longitude, latitude, and site name.
Date: 2026-01-07T13:33:02Z
Network: openweb
Published URL: https://breachforums.bf/Thread-COLLECTION-PAKISTAN%C2%A0%E2%80%94-PTML-CELL-TOWER-GEOLOCATIONS-5M-KARACHI-BTS-GRID
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8a707e41-f56a-4468-a3b4-7cd6deddb4e7.png
Threat Actors: Solonik
Victim Country: Pakistan
Victim Industry: Network & Telecommunications
Victim Organization: pak telecom mobile limited
Victim Site: ptml.com.pk - Alleged data leak of ecolenationalesecurite.fr
Category: Data Breach
Content: The threat actor claims to have leaked 29,000 French trainee identity records from ecolenationalesecurite.fr, allegedly containing names, dates of birth, addresses, phone numbers, emails, and more.
Date: 2026-01-07T13:32:22Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-ECOLENATIONALSECURITE-FR-%E2%80%94-29K-FRENCH-TRAINEE-IDENTITY-RECORDS
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b9baeec0-8e0d-4d40-b820-6dc5c522c577.png
https://d34iuop8pidsy8.cloudfront.net/910ec729-1a5c-423d-8515-4d0cafe1cac6.png
Threat Actors: Solonik
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ecolenationalesecurite.fr - Alleged Unauthorized Access to Hospital do Olho Lagos LTDA Server Infrastructure
Category: Initial Access
Content: The group claims to have accessed a server within the infrastructure of Hospital do Olho Lagos LTDA, reportedly linked to internal systems supporting hospital operations.
Date: 2026-01-07T13:31:05Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3180
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2a7868d9-f9b6-4505-9f24-65cd6d82aad1.png
https://d34iuop8pidsy8.cloudfront.net/3b58312c-4c76-4d14-8826-2c624219a908.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: Brazil
Victim Industry: Hospital & Health Care
Victim Organization: hospital do olho lagos ltda
Victim Site: hospitaldoolhorj.com.br - Alleged Unauthorised Access to the computer system associated with Mengo Hospital
Category: Initial Access
Content: The group claims to have gained alleged unauthorised access to the computer system associated with Mengo Hospital, Potential vulnerabilities include insufficient protection of the remote access service, lack of use of security certificates issued by trusted certification centers, weak user rights management policies, lack of two-factor authentication for sensitive accounts, and the possible presence of outdated or redundant systems and services operating within the network.
Date: 2026-01-07T13:28:44Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3173
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a4c10713-c64d-40ed-a2c9-3f950827c194.JPG
https://d34iuop8pidsy8.cloudfront.net/be6972ed-b5b0-4353-ae78-9106ff1495ce.JPG
Threat Actors: Infrastructure Destruction Squad
Victim Country: Uganda
Victim Industry: Hospital & Health Care
Victim Organization: mengo hospital eye complex
Victim Site: mengohospital.org - Alleged leak of peru citizen’s data
Category: Data Breach
Content: The threat actor claims to have leaked 31 million record of peru citizen’s database. The compromised data reportedly includes DNI numbers, full names, birth dates, age, addresses, location details, phone numbers, and civil status.
Date: 2026-01-07T13:18:00Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-PERU-Miru-%E2%80%94-NATIONAL-CITIZEN-DATABASE-31M-RECORDS-Solonik-BF
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/39e9f6e5-5bec-4cc0-9b59-c581bde01cc7.png
Threat Actors: Solonik
Victim Country: Peru
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged security vulnerabilities in Smart Healthcare Insurance Service Platform, China
Category: Vulnerability
Content: The group claims to have identified weaknesses in a hospital’s Smart Medical and Health Insurance Service Platform that could allow unauthorized access or disrupt critical system functions, potentially impacting sensitive areas such as medical insurance data management, financial settlement processes, and risk monitoring, and posing a significant risk to system security and service stability.
NB: The authenticity of the claim is yet to be verified.
Date: 2026-01-07T13:16:51Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3171
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e44fe60a-250d-4f7b-a660-ffba18f5bcd6.jpg
https://d34iuop8pidsy8.cloudfront.net/070c0817-4b68-4c41-aae8-dba5ca9aa7fa.jpg
Threat Actors: Infrastructure Destruction Squad
Victim Country: China
Victim Industry: Hospital & Health Care
Victim Organization: smart healthcare insurance service platform, china
Victim Site: Unknown
- BROTHERHOOD CAPUNG INDONESIA targets the website of PERUMDA Air Minum Tirta Ratu Samban
Category: Defacement
Content: The group claims to have defaced the website of PERUMDA Air Minum Tirta Ratu Samban.
Date: 2026-01-07T13:12:38Z
Network: telegram
Published URL: https://t.me/c/3054021775/289
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4b1e5c74-f081-4d7f-9aca-f3813a820ef7.jpg
Threat Actors: BROTHERHOOD CAPUNG INDONESIA
Victim Country: Indonesia
Victim Industry: Energy & Utilities
Victim Organization: perumda air minum tirta ratu samban
Victim Site: pdamratusamban.com - Alleged sale of unauthorized access to USAGov
Category: Data Breach
Content: The threat actor claims to be selling unauthorized access to a U.S. government/police portal, allegedly including search capabilities, email access, records management, and live dispatch monitoring.
Date: 2026-01-07T13:10:14Z
Network: openweb
Published URL: https://breachstars.io/topic/usa-gov-police-portal-ntw1jqmvksa5
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ddcd1fc2-2e49-4213-ab22-e21cb8c28723.png
Threat Actors: rockstar
Victim Country: USA
Victim Industry: Government Administration
Victim Organization: usagov
Victim Site: usa.gov - Alleged data leak of CORSE GSM
Category: Data Breach
Content: The threat actor claims to have leaked 65,000 domain records from CORSE GSM, allegedly containing names, phone numbers, email addresses, IBAN/BIC details, addresses, contract timestamps, and company data from 2024–2025.
Date: 2026-01-07T12:52:38Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-CORSEGSM-COM-65K-DOMAIN-RECORDS-%E2%80%94-FULL-CLIENT-CONTRACTS-IBAN-025-Solonik-BF
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bcf8252b-8ff2-432f-ad64-619e48df5156.png
Threat Actors: Solonik
Victim Country: France
Victim Industry: Network & Telecommunications
Victim Organization: corse gsm
Victim Site: corsegsm.com - Alleged data breach of BPJS Kesehatan
Category: Data Breach
Content: The group claims to have breached the data of the organisation. allegedly including name, gender, phone number and more.
Date: 2026-01-07T12:50:32Z
Network: telegram
Published URL: https://t.me/c/3537258541/64
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/47b9341a-f142-4de2-a3a6-dfeb71b7983f.JPG
Threat Actors: TEAM MR PLAX
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: bpjs kesehatan
Victim Site: bpjs-kesehatan.go.id - Alleged Data Breach of knowmycustomer.in
Category: Data Breach
Content: The threat actor claims to have breached a 3,400,000-record database belonging to knowmycustomer.in. The compromised data reportedly includes first name, last name, phone number, email address, company name, and additional information.
Date: 2026-01-07T12:26:47Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-KNOWMYCUSTOMER-IN-%E2%80%94-3-4M-CORPORATE-LEADS-%E2%80%94-TATA-TELE-B2B-INDIA
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6bfeb2bf-5765-4eb7-bae8-7d1710fc2a14.png
Threat Actors: Solonik
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: knowmycustomer.in - TEAM MR PLAX targets the website of DPRD Kota Pekalongan
Category: Defacement
Content: The group claims to have defaced the website of DPRD Kota Pekalongan.
Date: 2026-01-07T12:23:19Z
Network: telegram
Published URL: https://t.me/c/3537258541/14
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/66453727-3a7a-49d8-8bf1-f4fbe13ba55a.png
Threat Actors: TEAM MR PLAX
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: dprd kota pekalongan
Victim Site: dprd-pekalongankota.go.id - Wamtechnik falls victim to The Gentlemen Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s internal data, which it intends to publish within 9–10 days.
Date: 2026-01-07T12:20:15Z
Network: tor
Published URL: http://tezwsse5czllksjb7cwp65rvnk4oobmzti2znn42i43bjdfd2prqqkad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d6b8a9f0-e43a-4d36-941e-27c77201c404.jpg
Threat Actors: The Gentlemen
Victim Country: Poland
Victim Industry: Electrical & Electronic Manufacturing
Victim Organization: wamtechnik
Victim Site: wamtechnik.pl - Alleged data breach of Easy Cash
Category: Data Breach
Content: The threat actor claims to have breached a 14 million–record database belonging to Easy Cash.
Note: it was previously breached by the threat actor ‘Ancell’ on Apr 28, 2025.
Date: 2026-01-07T11:54:23Z
Network: openweb
Published URL: https://breachforums.bf/Thread-EASYCASH-14M-FR
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2031be2b-28ae-4751-8b75-2ddad2423d57.png
https://d34iuop8pidsy8.cloudfront.net/b9c735b3-82c7-4310-bbc5-c8595a8c3342.png
Threat Actors: closed
Victim Country: France
Victim Industry: E-commerce & Online Stores
Victim Organization: easy cash
Victim Site: easycash.fr
- Alleged leak of Indonesia e-commerce website
Category: Data Breach
Content: The threat actor claims to have leaked database access to an Indonesian e-commerce website, exposing 4.4 million customer and order records, including order codes, customer contact details, addresses, and other information.
Date: 2026-01-07T11:35:42Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Indonesia-e-commerce-4-4-million-customer-and-order-website-Database-access
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/289c0ace-393d-4db6-87ab-61249da060c0.png
Threat Actors: CaoMa
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data sale of CounosPlatform
Category: Data Breach
Content: “The threat actor claims to be selling 290 lines of data from CounosPlatform, allegedly containing email addresses, user session cookies, user data, and more.
Date: 2026-01-07T11:14:42Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-290K-CRYPTO-https-www-counos-io-counos-wallets
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9c853b70-8b9b-4781-95af-ee6837dd63f4.png
Threat Actors: Moon_WALK
Victim Country: Switzerland
Victim Industry: Financial Services
Victim Organization: counosplatform
Victim Site: counos.io - ZenXPloit targets the website of PERUMDA Air Minum Tirta Ratu Samban
Category: Defacement
Content: The group claims to have defaced the website of PERUMDA Air Minum Tirta Ratu Samban.
Date: 2026-01-07T11:14:11Z
Network: telegram
Published URL: https://t.me/httpsHwjwodnnfhdjHjkVY/697
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/26625521-0fe6-4a27-abb2-8f93bc912744.png
Threat Actors: ZenXPloit
Victim Country: Indonesia
Victim Industry: Energy & Utilities
Victim Organization: perumda air minum tirta ratu samban
Victim Site: pdamratusamban.com - Alleged data breach of Bdmorning
Category: Data Breach
Content: The threat actor claims to have breached data from Bdmorning, allegedly containing IDs, names, passwords, and more.
Date: 2026-01-07T11:03:07Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-bdmorning-com-Database-Bangladesh
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3e8cf9ed-f81b-48b2-adf2-c3f923ef5511.png
Threat Actors: LindaBF
Victim Country: Bangladesh
Victim Industry: Online Publishing
Victim Organization: bdmorning
Victim Site: bdmorning.com - Alleged Unauthorized Access to the industrial control system at a facility in Bari, Italy.
Category: Initial Access
Content: The group claims to have gained alleged unauthorized access to the industrial control system at a facility in Bari, Italy, The compromised system reportedly provides process control system that regulates autoclave operating parameters, including temperature, pressure, and stirrer operation.
Date: 2026-01-07T10:57:54Z
Network: telegram
Published URL: https://t.me/zpentestalliance/920
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3f625cdd-5c47-4ae8-b272-0be4c1b3d9bd.JPG
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of TIAA customer base.
Category: Data Breach
Content: The threat actor claims to be selling a database belonging to the TIAA customer base. The compromised data reportedly includes first name, last name, email address, and phone number.
NB: The authenticity of the claim is yet to be verified.
Date: 2026-01-07T09:52:12Z
Network: openweb
Published URL: https://breachforums.bf/Thread-COLLECTION-TIAA-CUSTOMER-BASE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e688cdce-3b9d-4809-9b07-60847b6418c4.png
Threat Actors: ParkJiSung
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: tiaa
Victim Site: tiaa.org
- Alleged Unauthorised Access to a water treatment facility in Texas.
Category: Initial Access
Content: The group claims to have gained alleged unauthorized access to a water treatment facility in Texas, The compromised system reportedly provides water treatment using a reverse osmosis (RO Unit) for medical purposes, such as operating rooms and hemodialysis procedures.
Date: 2026-01-07T09:47:38Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3169
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7fb920c6-5ba2-4974-a929-bd9ed1e1c9f4.JPG
Threat Actors: Infrastructure Destruction Squad
Victim Country: USA
Victim Industry: Hospital & Health Care
Victim Organization: Unknown
Victim Site: Unknown - Alleged unauthorized admin access to rarchitect.co.in
Category: Initial Access
Content: The group claims to have gained unauthorized admin access to rarchitect.co.in
Date: 2026-01-07T09:44:57Z
Network: telegram
Published URL: https://t.me/c/3027611821/235
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2bd8a102-0f93-417f-aefc-efe1e83ee196.png
Threat Actors: Z-BL4CX-H4T
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: rarchitect.co.in - Alleged unauthorized admin access to Pratik Computer Institute
Category: Initial Access
Content: The group claims to have gained unauthorized admin access to Pratik Computer Institute
Date: 2026-01-07T09:31:42Z
Network: telegram
Published URL: https://t.me/c/3027611821/235
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e9407dcc-b598-4ac0-8aff-f2fec8317b84.jpg
Threat Actors: Z-BL4CX-H4T
Victim Country: India
Victim Industry: Information Technology (IT) Services
Victim Organization: pratik computer institute
Victim Site: pratikcomputer.co.in - Alleged leak of Vietnamese real-time shopping data.
Category: Data Breach
Content: The threat actor claims to have leaked a Vietnamese real-time shopping database
Date: 2026-01-07T09:20:43Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-VIETNAMESE-REAL-TIME-SHOPPING-DATABASE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/77f2a6e2-7555-4c42-95ed-be86becf24d5.png
https://d34iuop8pidsy8.cloudfront.net/1ffa1e60-168e-4a21-b017-0bdab418b836.png
Threat Actors: CaoMa
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of BAMES EXCELLENT SCHOOL
Category: Data Breach
Content: The group claims to have breached data of BAMES EXCELLENT SCHOOL JALINGO.
Date: 2026-01-07T09:18:18Z
Network: telegram
Published URL: https://t.me/c/2433981896/461
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7dbb848e-251e-4b9f-8fbb-229751de638d.png
https://d34iuop8pidsy8.cloudfront.net/6f9d8546-3130-4c3b-9cfb-a79a06d5c014.png
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: Nigeria
Victim Industry: Education
Victim Organization: bames excellent school
Victim Site: bamesschool.com.ng - Alleged data breach of Shanghai Municipal Public Security Bureau
Category: Data Breach
Content: The threat actor claims to have breached the database of the Shanghai Municipal Public Security Bureau. The compromised data reportedly includes names, addresses, national ID numbers, birthdates, mobile numbers, and detailed crime or case records.
Date: 2026-01-07T08:49:07Z
Network: openweb
Published URL: https://darkforums.io/Thread-Shanghai-Gov-National-Police
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c4c7d92e-549f-4732-8f62-cc51a0bd079e.png
Threat Actors: Fox_con
Victim Country: China
Victim Industry: Government & Public Sector
Victim Organization: shanghai municipal public security bureau
Victim Site: gaj.sh.gov.cn - Alleged data breach of Attorney General’s Office of the State of Mexico
Category: Data Breach
Content: The threat actor claims to have breached 1,797 records from the Attorney General’s Office of the State of Mexico. The compromised data reportedly includes full name, job position, telephone extension, work area, region, and facility.
Date: 2026-01-07T08:23:40Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-Mexico-Fiscalia-General-de-Justicia-del-Estado-de-Mexico-FGJEM-1-797-entries
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2fb79907-9d8c-428c-8f96-516b7ce495d4.png
Threat Actors: Straightonumberone
Victim Country: Mexico
Victim Industry: Law Enforcement
Victim Organization: attorney general’s office of the state of mexico
Victim Site: fgjem.edomex.gob.mx - Alleged leak of Peru national citizen’s data
Category: Data Breach
Content: The threat actor claims to have leaked 31 million records (approximately 9 GB in CSV format) containing data of Peru national citizens. The compromised dataset reportedly includes DNI numbers, full names, birth dates, age, addresses, location details, phone numbers, and civil status.
Date: 2026-01-07T07:58:50Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-PERU-Miru-%E2%80%94-NATIONAL-CITIZEN-DATABASE-31M-RECORDS-9GB-CSV
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/94e74edd-4c47-40ff-841b-5371e8c6047f.png
Threat Actors: Solonik
Victim Country: Peru
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Saint Petersburg State University of Economics
Category: Data Breach
Content: The threat actor claims to have breached 80,000 records from Saint Petersburg State University of Economics. The compromised data reportedly includes full names, study groups, academic programs, and profile URLs.
Date: 2026-01-07T07:40:58Z
Network: openweb
Published URL: https://breachforums.bf/Thread-COLLECTION-rating-unecon-ru-%E2%80%94-FULL-STUDENT-RATING-BASE-80K-RECORDS
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/58d6c462-03c1-4cb9-91fb-f2d5ac22859b.png
Threat Actors: Solonik
Victim Country: Russia
Victim Industry: Education
Victim Organization: saint petersburg state university of economics
Victim Site: raiting.unecon.ru - Alleged data leak of Kin Teck Tong TCM
Category: Data Breach
Content: The threat actor claims to have leaked 150,000 patient records from Kin Teck Tong TCM, allegedly containing names, phone numbers, addresses, and more.
Date: 2026-01-07T07:40:15Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Singapore-kintecktong-com-sg-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/928579b9-27ff-44f9-acc5-032cf8832a5a.png
https://d34iuop8pidsy8.cloudfront.net/02180f09-5c46-47e3-84f4-9d546bd1cfc7.png
https://d34iuop8pidsy8.cloudfront.net/6a7838a6-fda3-444a-9ed1-0aa28fc4aed0.png
Threat Actors: lulzintel
Victim Country: Singapore
Victim Industry: Health & Fitness
Victim Organization: kin teck tong tcm
Victim Site: kintecktong.com.sg - Alleged data breach of Royal Irrigation Department
Category: Data Breach
Content: The group claims to have breached data of Royal Irrigation Department
Date: 2026-01-07T06:31:00Z
Network: telegram
Published URL: https://t.me/bl4cyb3r/562
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bc50988f-54bb-4c49-86b7-59419ba1d3b1.png
Threat Actors: Digit_4
Victim Country: Thailand
Victim Industry: Government & Public Sector
Victim Organization: royal irrigation department
Victim Site: rid.dpis.go.th - Alleged Leak o 150K Phone Numbers and Addresses Linked to Virginia Residents
Category: Data Breach
Content: Threat actor claims to have leaked approximately 150K phone records linked to individuals in Virginia, United States. The exposed dataset reportedly includes full names, phone numbers, physical addresses, city, state, ZIP codes, and geolocation coordinates (latitude and longitude).
Date: 2026-01-07T06:28:57Z
Network: openweb
Published URL: https://breachforums.bf/Thread-about-150K-phones-for-Virginia-hillbilly-s-the-moonshiners-turned-drug-dealers
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a05be162-21e7-4013-84b1-12ecbd29a338.png
Threat Actors: OriginalCrazyOldFart
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - diparis targets the website of Secretaría de Turismo
Category: Defacement
Content: The group claims to have defaced the website of Secretaría de Turismo
Date: 2026-01-07T05:00:35Z
Network: openweb
Published URL: https://defacer.id/mirror/id/224291
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/90476263-92e8-4972-b00c-81405fbc89d1.png
Threat Actors: diparis
Victim Country: Argentina
Victim Industry: Government Administration
Victim Organization: secretaría de turismo
Victim Site: web.turismovillaunion.gob.ar - Alleged sale of data linked to Futurize Sistemas
Category: Data Breach
Content: Threat actor claims to be selling data linked to Futurize Sistemas, with the compromised dataset reportedly totaling 1.2 GB.
Date: 2026-01-07T04:57:08Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-Brazil-1kk-Name-CPF-Email-Phone-CEP-futurizesistemas-com-br
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/97292bda-be06-4a4e-94df-b0280d5e6189.png
https://d34iuop8pidsy8.cloudfront.net/42b24435-60b6-47be-9e07-3270be731285.png
Threat Actors: AgSlowly
Victim Country: Brazil
Victim Industry: Information Technology (IT) Services
Victim Organization: futurize sistemas
Victim Site: futurizesistemas.com.br - 6ickzone targets the website of SouthSaharan
Category: Defacement
Content: Group claims to have defaced the website of SouthSaharan
Date: 2026-01-07T04:55:11Z
Network: openweb
Published URL: https://defacer.id/mirror/id/224302
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/70c2813d-f91a-4824-92e7-e46b899a1bcf.png
Threat Actors: 6ickzone
Victim Country: USA
Victim Industry: Other Industry
Victim Organization: southsaharan
Victim Site: southsaharan.org - Alleged Sale of 1.3M Australian Private Leads
Category: Data Breach
Content: The threat actor claims to be selling 1.3 million Australian private leads allegedly collected from advertising campaigns.
Date: 2026-01-07T04:51:18Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273280/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0f1e0c34-9438-4d5c-9f1e-5b8d59d50a99.jpeg
Threat Actors: betway
Victim Country: Austria
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - XmrAnonye.id targets the website of MTs Al-Amien Jember
Category: Defacement
Content: Group claims to have defaced the website of MTs Al-Amien Jember
Date: 2026-01-07T04:44:47Z
Network: openweb
Published URL: https://defacer.id/mirror/id/224305
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9b93e5a6-2a1d-4fd9-b4a3-14d0bc3f58bc.png
Threat Actors: XmrAnonye.id
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: mts al-amien jember
Victim Site: mts.alamienjember.sch.id - Alleged sale of customer data linked to Prosura
Category: Data Breach
Content: Threat actor claims to be selling a large dataset allegedly belonging to Prosura, an Australian insurance provider. The compromised data reportedly contains personal information such as full names, email addresses, phone numbers, ages, and driver’s license details.
Date: 2026-01-07T04:43:21Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-Prosura-Hiccup-Vroomvroomvroom-Insurance-Australia-500K
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5e71dc55-edff-428b-b578-cc9d87af5386.png
Threat Actors: stuckin2019
Victim Country: Australia
Victim Industry: Insurance
Victim Organization: prosura
Victim Site: prosura.com - Alleged Sale of Multiple Compromised Admin & Monitoring Panel Accesses
Category: Initial Access
Content: The threat actor claims to be sharing multiple compromised administrative and monitoring system accesses, including e-commerce admin panels, cPanel hosting access, and Grafana dashboards.
Date: 2026-01-07T04:11:25Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273279/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/96ef4a97-0b59-4d34-8c3f-35b5129259f9.jpeg
https://d34iuop8pidsy8.cloudfront.net/bd7bddbb-87f2-4eb5-83bf-53d2d6eed106.jpeg
Threat Actors: CapitalAA
Victim Country: Unknown
Victim Industry: E-commerce & Online Stores
Victim Organization: deepnow
Victim Site: deepnow.com - Alleged sale of patient database from Centre d’Imagerie Médicale de Puteaux (CIMP)
Category: Data Breach
Content: Threat actor claims to be selling the patient database from Centre d’Imagerie Médicale de Puteaux(CIMP). The compromised data reportedly includes 207,318 patient’s data.
Date: 2026-01-07T04:07:27Z
Network: openweb
Published URL: https://breachforums.bf/Thread-FR-Centre-Imagerie-Puteaux-207K
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7d9a55da-d2b5-49f2-b938-95d97efbd984.png
https://d34iuop8pidsy8.cloudfront.net/c4af7da2-8544-4c4a-b481-0d30954ca9de.png
Threat Actors: HexDex2
Victim Country: France
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: centre d’imagerie médicale de puteaux
Victim Site: imageriemedicale.fr - Hazardous Cyber Team targets the website of Jagadhri YamunaNagar Tennis Association (JYTA)
Category: Defacement
Content: Group claims to have defaced the website of Jagadhri YamunaNagar Tennis Association (JYTA)
Date: 2026-01-07T04:01:56Z
Network: openweb
Published URL: https://defacer.id/mirror/id/224283
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9a629f4a-a655-442e-b6da-aacdc4a74893.png
Threat Actors: Hazardous Cyber Team
Victim Country: India
Victim Industry: Sports
Victim Organization: jagadhri yamunanagar tennis association (jyta)
Victim Site: jyta.in - CROWNS targets the website of MAS Manbail Futuh
Category: Defacement
Content: Group claims to have defaced the website of MAS Manbail Futuh
Date: 2026-01-07T03:32:01Z
Network: telegram
Published URL: https://t.me/c/2433981896/460
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/087976ca-e6d8-43b5-ad65-f82163d4648e.png
Threat Actors: CROWNS
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: mas manbail futuh
Victim Site: kelulusan.masmanbailfutuh.sch.id - Alleged Leak of Email–Password Database
Category: Data Breach
Content: A threat actor claims to have leaked a mixed email–password database.
Date: 2026-01-07T03:15:42Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273267/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/66f85b53-9bb2-4cff-ad9b-90b6addf33de.jpeg
Threat Actors: STRADU
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Hauken Engineering Company Limited
Category: Data Breach
Content: Threat actor claims to be selling the database of Hauken Engineering Company Limited. The compromised data reportedly includes product id, product detail id, system product id, product name brand, product category etc.
Date: 2026-01-07T03:14:28Z
Network: openweb
Published URL: https://darkforums.io/Thread-106k-Hong-Kong-https-www-hauken-com-hk-Industrial-Product-DB-Brands-Contact?pid=350796#pid350796
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8f73a2cd-aba7-49ed-8778-36b2851e3c0a.png
Threat Actors: gtaviispeak
Victim Country: China
Victim Industry: Mechanical or Industrial Engineering
Victim Organization: hauken engineering company limited
Victim Site: hauken.com.hk - Alleged sale of unauthorized admin access to a Unidentified Spanish PrestaShop Store
Category: Initial Access
Content: The threat actor claims to be selling unauthorized admin and webshell access to a Unidentified Spanish PrestaShop Store
Date: 2026-01-07T02:48:59Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273273/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/34063fb3-efc1-4b87-8daf-53d33330d791.png
Threat Actors: kqu
Victim Country: Spain
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak involving 47,000+ individuals linked to Philharmonie de Paris
Category: Data Breach
Content: Threat actor claims to have leaked data of approximately 47,563 individuals associated with the Philharmonie de Paris.
Date: 2026-01-07T02:39:40Z
Network: openweb
Published URL: https://breachforums.bf/Thread-FR-47K-Philharmonie-de-Paris
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/55ad6b1e-c7ec-4561-b883-b62826419ea5.png
https://d34iuop8pidsy8.cloudfront.net/e3b8ed27-071a-4006-97dc-c5d4af4a9822.png
Threat Actors: HexDex2
Victim Country: France
Victim Industry: Music
Victim Organization: philharmonie de paris
Victim Site: philharmoniedeparis.fr - Alleged sale of unauthorized administrator and database access to a UK Magento store
Category: Initial Access
Content: The threat actor claims to be selling unauthorized administrator and database access to a UK Magento store
Date: 2026-01-07T02:33:09Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273271/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c85d5a70-909e-4ffe-b46e-80d6c29ee828.png
Threat Actors: JustAnon69
Victim Country: UK
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown - Team GANDU targets the website of Bazgadda Rabeya Memorial Girls’ High School
Category: Defacement
Content: Group claims to have defaced the website of Bazgadda Rabeya Memorial Girls’ High School
Date: 2026-01-07T02:32:03Z
Network: openweb
Published URL: https://defacer.id/mirror/id/224288
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/368de9fd-858e-4524-9bcb-d130a1d488e5.png
Threat Actors: Team GANDU
Victim Country: Bangladesh
Victim Industry: Education
Victim Organization: bazgadda rabeya memorial girls’ high school
Victim Site: bazghs.edu.bd - Alleged data breach of National Autonomous University of Mexico
Category: Data Breach
Content: The threat actor claims to have compromised multiple UNAM systems, allegedly exposing student and staff data, internal documents, email archives, and databases. Access was reportedly gained via a BigIP vulnerability and further expanded through trusted network relationships, Zimbra, and SSO weaknesses.
Date: 2026-01-07T02:20:31Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-SELLING-MX-UNAM-University-databases
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/96ebfa9c-1a01-4f4f-aac9-bc4ae7989d85.png
Threat Actors: ByteToBreach
Victim Country: Mexico
Victim Industry: Education
Victim Organization: national autonomous university of mexico
Victim Site: unam.mx - Alleged data breach at Mariano Marcos State University in Philippines
Category: Data Breach
Content: Threat actor claims to be selling 44,178 EDU email accounts allegedly sourced from Mariano Marcos State University, with each account associated with 1TB of cloud storage, suggesting a potential unauthorized exposure of institutional email data.
Date: 2026-01-07T02:10:04Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-45K-EDU-EMAIL-1TB-STORAGE-EACH
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/11d3c9a2-18c4-4fbb-9398-be4115df26ce.png
Threat Actors: kitcat
Victim Country: Philippines
Victim Industry: Higher Education/Acadamia
Victim Organization: mariano marcos state university
Victim Site: mmsu.edu.ph - Hazardous Cyber Team targets the website of Biju Patnaik Computer Academy
Category: Defacement
Content: Group claims to have defaced the website of Biju Patnaik Computer Academy.
Date: 2026-01-07T01:56:34Z
Network: openweb
Published URL: https://defacer.id/mirror/id/224285
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/98f39467-0ae7-4be2-89b8-719404529db7.png
Threat Actors: Hazardous Cyber Team
Victim Country: India
Victim Industry: Education
Victim Organization: biju patnaik computer academy
Victim Site: ims.bpcaodisha.com - Alleged leak of unauthorized access to Get Found Digitally
Category: Initial Access
Content: Threat actor claims to have leaked unauthorized WordPress admin access to Get Found Digitally.
Date: 2026-01-07T01:52:48Z
Network: openweb
Published URL: https://xforums.st/threads/getfounddigitally-com-au-admin-wp-login.464522/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/10ad8cb9-c159-4f9c-9e85-4bca3a16949d.png
Threat Actors: X Forum Bot
Victim Country: Australia
Victim Industry: Marketing, Advertising & Sales
Victim Organization: get found digitally
Victim Site: getfounddigitally.com.au - Hazardous Cyber Team targets the website of OMM Academy
Category: Defacement
Content: Group claims to have defaced the website of OMM Academy
Date: 2026-01-07T01:39:51Z
Network: openweb
Published URL: https://defacer.id/mirror/id/224287
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0afd2205-2529-4b41-96dd-6482a45de6ef.png
Threat Actors: Hazardous Cyber Team
Victim Country: India
Victim Industry: Education
Victim Organization: omm academy
Victim Site: erp.ommacademy.in - Hazardous Cyber Team targets the website of HTCE Skill Development
Category: Defacement
Content: Group claims to have defaced the website of HTCE Skill Development.
Date: 2026-01-07T00:53:31Z
Network: openweb
Published URL: https://defacer.id/mirror/id/224284
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/df07adcc-1496-43b6-b06f-f4ab8e31f61d.png
Threat Actors: Hazardous Cyber Team
Victim Country: India
Victim Industry: Education
Victim Organization: htce skill development
Victim Site: htceskillindia.com - Hazardous Cyber Team targets the website of Career Zone (IMS – Institute of Management Studies)
Category: Defacement
Content: Group claims to have defaced the website of Career Zone (IMS – Institute of Management Studies)
Date: 2026-01-07T00:49:53Z
Network: openweb
Published URL: https://defacer.id/mirror/id/224286
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/47af772e-85a8-42de-aec2-adf4e2422791.png
Threat Actors: Hazardous Cyber Team
Victim Country: India
Victim Industry: Higher Education/Acadamia
Victim Organization: career zone (ims – institute of management studies)
Victim Site: ims.careerzone.org.in - shenzyy001 targets the website of TCA LLC
Category: Defacement
Content: Group claims to have defaced the website of TCA LLC.
Date: 2026-01-07T00:45:42Z
Network: openweb
Published URL: https://defacer.id/mirror/id/224290
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d5c6909c-0edc-40ea-9fb4-52279f098403.png
Threat Actors: shenzyy001
Victim Country: Georgia
Victim Industry: Airlines & Aviation
Victim Organization: tca llc
Victim Site: tca.ge - Alleged sale of unauthorized administrative access to Microsoft Office 365
Category: Initial Access
Content: Threat actor claims to be selling 50 valid Microsoft Office 365 administrator accounts.
Date: 2026-01-07T00:20:59Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273264/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/36416a03-e62c-441f-a9c6-062eb0d7af45.png
Threat Actors: callmejerry
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown