[January-11-2026] Daily Cybersecurity Threat Report

This detailed report provides an analysis of the cyber incidents recorded on January 10, 2026. The dataset covers 133 distinct entries, revealing a diverse landscape of threats ranging from high-level state-sponsored espionage and critical infrastructure attacks to opportunistic data peddling and website defacements.

1. Executive Summary

The reporting period is characterized by significant Data Breaches and Initial Access sales, which dominate the threat landscape. A critical trend observed is the simultaneous targeting of defense sectors in multiple nations (Israel, USA, Poland, Pakistan) and a high volume of attacks against educational and government institutions in South and Southeast Asia.

2. Critical Security Incidents: Defense & Government

The most alarming incidents involve the leak of sensitive military and classified government documents.

Defense & Space:
- India-Israel: A threat actor named jrintel claims to have leaked “Top Secret” technical documentation regarding a joint Surface-to-Air Missile system involving Israel Aerospace Industries¹.
- USA: The same actor, jrintel, allegedly leaked U.S. Department of Defense CAT torpedo manuals²².+1
- Poland: Actor Yiix074 claims to have leaked a database belonging to the Polish Army³.
- Pakistan: Actor SunnyDeoll claims to have leaked restricted and secret military documents from the Pakistan Armed Forces⁴.
Government Administration:
- Indonesia: The group TEAM MR PLAX has claimed responsibility for leaking data from the Ministry of Law and Human Rights ⁵⁵, regional APBD data ⁶, and data regarding members of parliament⁷⁷.+2
- Ukraine: The Perun Svaroga group leaked data from the Konstantinovsk City Military Administration ⁸and the Health Protection Department of the Cherkasy Regional State Administration⁹.+1
- Syria: Actor Solonik is selling a database allegedly containing 7 million records of Syrian government data, including home locations and mobile numbers¹⁰.

3. Critical Infrastructure & Industrial Control Systems (ICS)

Several incidents indicate unauthorized access to physical control systems, posing direct risks to operational safety and physical processes.

Ukraine: The Z-PENTEST ALLIANCE claims access to a wood drying kiln control system, allegedly altering drying parameters and equipment settings to cause product damage and equipment shutdown¹¹.
Armenia: The group MORNING STAR claims access to an automated irrigation and fertigation control system in the agro-industrial sector, capable of manipulating nutrient delivery and pH levels¹².
Japan: Z-PENTEST ALLIANCE also claims access to a HYBRID NVR surveillance system monitoring a parking area¹³¹³¹³.+2
USA: The Infrastructure Destruction Squad claims to have accessed a building management system operated by Innovative Construction & Design Solutions, LLC, managing HVAC systems¹⁴.
Hungary: The same squad claims access to DIBO CLEANING SYSTEMS, controlling automated car wash water pumps and chemical agents¹⁵.

4. Ransomware & Extortion Activities

Ransomware groups continue to target major commercial entities, threatening data publication if demands are not met.

Major Victims:
- Nissan Motor Corporation: The Everest group claims to have obtained 900 GB of internal data¹⁶.
- Bouygues Energies & Services (UK): Qilin ransomware claims to have exfiltrated 80 GB of data¹⁷.
- US Retail & Food: PLAY ransomware has targeted Denny’s 5th Avenue Bakery ¹⁸and WiZiX Technology Group, Inc¹⁹.+1
- Government (USA): Kill Security claims to have targeted the Ohio Department of Public Safety²⁰.

5. Regional Analysis: High-Volume Targets

A. South & Southeast Asia (India, Indonesia, Thailand)

This region experienced the highest frequency of incidents, primarily focused on education and government data.

Indonesia: A primary target for TEAM MR PLAX, impacting hospitals (RSUD Kabupaten Klungkung) ²¹and schools²². Solonik also leaked data from the national procurement agency (LPSE), affecting 735,000 tender records²³.+2
India: The education sector is under heavy fire. Solonik leaked data from Rizee (E-Learning), exposing 28.7 million records²⁴. 404 CREW CYBER TEAM targeted multiple colleges and hospitals, including St. John’s Medical College ²⁵and KPC Medical College²⁶.+2
Thailand: Leaks involve citizen data (538k records) ²⁷and technical colleges²⁸²⁸²⁸²⁸.+2

B. Europe (France, Italy, UK)

France: Significant activity in e-commerce and healthcare. Incidents include breaches at Audiophonics (115k records) ²⁹, SOS Oxygen (149k records) ³⁰, and Cegedim Santé (27 million records allegedly)³¹.+2
Italy: E-commerce data leaks, such as ePRICE IT Srl (229k records)³².

6. Threat Actor Spotlight

Threat Actor	Primary Activity	Notable Targets
Solonik	High-volume Data Sales	Rizee (India), KCAA (Pakistan), LPSE (Indonesia), Syrian Govt³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³³.+3
jrintel	Military/Intel Leaks	India-Israel Missile Systems, US DoD Torpedo Manuals³⁴³⁴³⁴³⁴.+1
TEAM MR PLAX	Polictical/Gov Leaks	Indonesian Parliament, Ministry of Law, Hospitals³⁵³⁵³⁵³⁵.+1
Z-PENTEST ALLIANCE	ICS/Infrastructure Access	Danish surveillance, Ukraine Kiln, Japan NVR³⁶³⁶³⁶³⁶³⁶³⁶³⁶³⁶³⁶.+2
Shopify (Actor Alias)	Selling Initial Access	Selling shell/admin access to unidentified stores in USA, Italy, Sweden, Romania³⁷³⁷³⁷³⁷³⁷³⁷³⁷³⁷³⁷³⁷³⁷³⁷³⁷³⁷³⁷³⁷.+3
chinafans	Website Defacement	Educational sites in Nepal, India, Thailand³⁸³⁸³⁸³⁸³⁸³⁸³⁸³⁸³⁸.+2

7. Trends in Access-as-a-Service

A distinct market trend is the sale of “Initial Access” rather than data dumps.

Anonymized Access Sales: Multiple listings by actors like Shopify, thugstage, and Big-Bro offer administrative, VPN, or shell access to unidentified companies (e.g., “unidentified Construction company in USA” ³⁹, “unidentified Hospital organization in USA” ⁴⁰).+1
Cloud & Botnets: Sales include 33.25 million private cloud credential logs ⁴¹and the Aeternum C2 Botnet Loader which uses blockchain for command and control⁴².+1

Conclusion

The January 10 report highlights a volatile cyber environment. First, the commodification of state secrets is evident with the leaks of high-profile defense documents from four different nations. Second, the “Barrier to Entry” for cybercrime continues to lower, evidenced by the rampant sale of “Initial Access” to unidentified web stores and corporate VPNs, allowing less sophisticated actors to execute attacks. Finally, Critical Infrastructure in conflict zones (Ukraine) and stable regions (Japan, USA) remains highly vulnerable to remote manipulation, moving threats from digital espionage to physical sabotage.

Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown

Alleged data breach of ACRV
Category: Data Breach
Content: The threat actor claims to be leaked data from ACRV. The compromised data reportedly Includes Internal service identifiers, Protocol details, Connection metadata.
Date: 2026-01-10T00:54:32Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FR-acrv-fr
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/621e6a31-17c2-45be-9639-073dc0ee8062.png
Threat Actors: TanaDeMerde
Victim Country: France
Victim Industry: Other Industry
Victim Organization: acrv
Victim Site: acrv.fr
Alleged leak of shell access to the website of My dear Sun Xiunan
Category: Initial Access
Content: The group claims to have gained unauthorized access to the website of My dear Sun Xiunan.
Date: 2026-01-10T00:53:18Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/591
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a23e07cc-8181-41d8-b006-179761532b16.png
Threat Actors: Pharaoh’s Team Channel
Victim Country: China
Victim Industry: Writing & Editing
Victim Organization: my dear sun xiunan
Victim Site: sunxiunan.com
Alleged data leak of St. John’s Medical College and Hospital
Category: Data Breach
Content: The group claims to have leaked data from St. John’s Medical College and Hospital
Date: 2026-01-10T00:43:41Z
Network: telegram
Published URL: https://t.me/crewcyber/522
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c666f89f-ee98-44b1-aca3-d830c6a4f279.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: India
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: st. john’s medical college and hospital
Victim Site: stjohns.in
Alleged data breach of FEMARH
Category: Data Breach
Content: The threat actors claim to have compromised the servers of FEMARH (State Foundation for the Environment and Water Resources of Roraima, Brazil), allegedly exfiltrating approximately 8.6 GB of confidential data. sensitive employee information and that the official website became inaccessible following a denial-of-service attack.
Date: 2026-01-10T00:40:13Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-BRAZIL-HTTPS-FEMARH-RR-GOV-BR-DATA-BREACH
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/aa54bbb4-f932-4df3-acab-39956a981a91.png
https://d34iuop8pidsy8.cloudfront.net/be677778-be35-416b-ae2a-ec6d7d0e9d7b.png
https://d34iuop8pidsy8.cloudfront.net/5c8f006f-4e38-4fd6-8fad-6d21da2fb3fe.png
Threat Actors: P4R4ZYT3
Victim Country: Brazil
Victim Industry: Government Administration
Victim Organization: femarh
Victim Site: femarh.rr.gov.br
Alleged data leak of KPC Medical College and Hospital
Category: Data Breach
Content: The group claims to have leaked data from KPC Medical College and Hospital.
Date: 2026-01-10T00:36:25Z
Network: telegram
Published URL: https://t.me/crewcyber/521
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a066f801-be9a-4a0e-b02a-3b7a480cd0e0.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: India
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: kpc medical college and hospital
Victim Site: kpcmedicalcollege.in
Alleged leak of shell access to the website of BIRDY’S
Category: Initial Access
Content: The group claims to have gained unauthorized access to the website of BIRDY’S.
Date: 2026-01-10T00:33:18Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/590
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fe7e73bc-1114-45b2-94f2-24fe3aa40092.png
Threat Actors: Pharaoh’s Team Channel
Victim Country: India
Victim Industry: Food & Beverages
Victim Organization: birdy’s
Victim Site: birdys.in
Alleged leak of shell access to Nelly Jelly
Category: Initial Access
Content: The group claims to have gained unauthorized access to the website of Nelly Jelly
Date: 2026-01-10T00:32:11Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/592
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bb51a362-8a31-444b-b339-af00d91de6dd.png
Threat Actors: Pharaoh’s Team Channel
Victim Country: Lithuania
Victim Industry: Entertainment & Movie Production
Victim Organization: nelly jelly
Victim Site: kakemake.lt
Alleged sale of admin and shell access to unidentified store in Italy
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin and shell access to an unidentified online store in Italy.
Date: 2026-01-10T00:26:16Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273480/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b8669689-6d91-4fae-9889-45179256bd72.png
Threat Actors: Shopify
Victim Country: Italy
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of SQL injection vulnerability in Government Post Graduate College
Category: Vulnerability
Content: Group claims to leaked a SQL injection vulnerability in the website of Government Post Graduate College
Date: 2026-01-10T00:19:40Z
Network: telegram
Published URL: https://t.me/crewcyber/524
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8c2e50dd-6bce-4d7f-9901-cabcc006c4a9.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: India
Victim Industry: Education
Victim Organization: government post graduate college
Victim Site: thalisaingdc.ac.in
Alleged sale of admin and shell access to unidentified store in Italy
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin and shell access to an unidentified online store in Italy.
Date: 2026-01-10T00:14:11Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273479/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c8042663-1264-4634-9b8e-6de201dbd7cb.png
Threat Actors: Shopify
Victim Country: Italy
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of SQL injection vulnerability in MRG School
Category: Vulnerability
Content: Group claims to leaked a SQL injection vulnerability in the website of MRG School
Date: 2026-01-10T00:08:21Z
Network: telegram
Published URL: https://t.me/crewcyber/524
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b22ef9b5-92d9-4d4d-a7ec-c8b92a929a92.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: India
Victim Industry: Education
Victim Organization: mrg school
Victim Site: mrgschool.edu.in
Alleged sale of admin and shell access to unidentified store in Australia
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin and shell access to an unidentified online store in Australia.
Date: 2026-01-10T00:06:10Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273477/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/84f1edbb-f148-48a6-b4d8-ca7331bdfb98.png
Threat Actors: Shopify
Victim Country: Australia
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown