[January-14-2026] Daily Cybersecurity Threat Report

This detailed report analyzes the cyber incidents recorded on January 14, 2026, based strictly on the provided dataset. The data indicates a high volume of activity involving ransomware campaigns, government data leaks, and the sale of initial access to corporate networks.

Executive Summary

The dataset covers 143 distinct incidents, primarily occurring on January 14, 2026. The landscape is dominated by three primary threats: aggressive ransomware groups targeting the construction and financial sectors, significant data leaks affecting government bodies in Russia and Indonesia, and a thriving black market for unauthorized network access (RDP/VPN).+2

1. Major Ransomware Campaigns

Ransomware groups were highly active, utilizing “name-and-shame” tactics on Tor leak sites.

Key Threat Actors

Qilin: This group was particularly aggressive against US-based entities, claiming victims such as Lunsford Capital (Financial Services) , Pathology Associates of St. Thomas (Medical) , and Radiant Remodeling (Construction).+2
Akira: This group showed a specific focus on the construction and industrial sectors, claiming victims like Rebars & Mesh, Inc. and Fechner Pump & Supply Inc. (Oil & Gas), exposing sensitive employee and client data.+1
Payouts King: This group listed multiple “unknown” victims (identified only by initials like Ml or As) across Spain, the UK, and Germany, threatening to release hundreds of gigabytes of data within 6 days.+2

Notable Ransomware Incidents

National Auto Loan Network (USA): The Nova ransomware group claims to have obtained 600GB of data, with a threat to publish in 8-9 days.
Rogers Capital (Mauritius): The The Gentlemen ransomware group targeted this financial service firm, threatening publication within 3-4 days.
Samson Equipment, Inc. (USA): Targeted by TENGU ransomware, with 35.7 GB of data allegedly stolen.

2. Government and Critical Infrastructure Breaches

A significant portion of the data relates to the leakage of highly sensitive government and military documents.

Russian Ministry of Defence (MoD): A threat actor named jrintel claimed to leak classified documentation, including blueprints for Borei-Class Nuclear Submarines.+1
Indonesian Government: There was a massive surge in leaks targeting Indonesia.
- Ministry of Religious Affairs: Sensitive administrative data and personnel records were leaked.+1
- National Tax Data: Leaks included NPWP (Taxpayer Identification) records.
- Journalists: Data regarding 20,000 Indonesian journalists was exposed.
Indian Railways: Employee databases from the Carriage Workshop Lallaguda and South Central Railway zone were leaked, exposing HRMS IDs, Aadhaar numbers, and contact details.+1
Ukraine: Data was leaked from the Concern for Radio Broadcasting, Radio Communications and Television, including technical documentation.
US Law Enforcement: A leak allegedly contains documents detailing how US Police detect forged documents.

3. Financial and Commercial Data Leaks

Large-scale databases from banks and corporations were traded or leaked on open web forums.

Banking and Finance

First Iraqi Bank: A claim of 1 million leaked records including phone numbers and ID numbers.
Chilean Credit Cards: A leak of nearly 2,000 credit card records from PatrickStash.
Trade Republic (Germany): A data breach reportedly exposed customer names, emails, and phone numbers.
Global Bank Leak: A threat actor claimed to leak databases from banks across the USA, Japan, UAE, and UK.

Corporate and Retail

U-Haul (USA): A database containing customer PII (emails, physical addresses, driver’s licenses) is allegedly for sale.
Sinch Mailgun: A threat actor claimed to leak a CRM database containing extensive customer lead and billing information.
Asahi Shimbun (Japan): A dataset of 1.8 million rows, including registered user emails from the news organization, was offered for sale.

4. Initial Access and Malware Markets

Threat actors actively sold “keys” to corporate networks, allowing other criminals to deploy ransomware or steal data.

Access for Sale:
- Fortinet VPN Access: Unauthorized access to a US chemical manufacturing company with Domain Admin privileges.
- RDP Access: Access to a Japanese IT company (3.8 TB of data) and a Portuguese industrial equipment company.+1
- Government Access: Sales included access to the Saudi Arabia Government Postal System and Nigerian government websites.+1
Malware Tools:
- SCULPTOR v1.1: A SQL injection exploitation tool was shared for scanning vulnerable websites.
- NightSpire RaaS: A new Ransomware-as-a-Service program announced affiliate recruitment.

5. Hacktivism and Website Defacement

A high volume of website defacements was recorded, particularly targeting educational and government sites in Asia.

Targeted Countries: The majority of defacements targeted Indonesia (e.g., Universitas Negeri Surabaya ), India (e.g., Sanskarcity College ), and Bangladesh (e.g., Employees Welfare Board ).+2
Active Groups: Prominent defacement groups included CyberOprationCulture , Z-BL4CX-H4T , and GHOSTNET-X.+4

Conclusion

The intelligence from January 14, 2026, reveals a volatile cyber threat landscape. Ransomware actors like Qilin and Akira are aggressively targeting the construction and financial supply chains in Western nations. Simultaneously, state-related data is highly vulnerable, evidenced by the severe leaks of Russian military blueprints and Indonesian government records. Finally, the commoditization of access is rampant, with threat actors freely trading VPN and RDP access to critical sectors, lowering the barrier to entry for severe future attacks.

Detected Incidents Draft Data

Alleged Data leak of PatrickStash
Category: Data Breach
Content: The threat actor leaked data from the PatrickStash CL database, exposing approximately 1,980 Chilean credit card records. The dataset allegedly includes credit card numbers, expiration dates, CVV codes, cardholder names, country, state, city, ZIP code, address, email addresses, and phone numbers.
Date: 2026-01-14T23:51:07Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273814/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3a827a9a-336a-47a1-899a-ef98c211e9b7.png
Threat Actors: buzz
Victim Country: Chile
Victim Industry: Unknown
Victim Organization: patrickstash
Victim Site: Unknown
Alleged Data Breach of Money Mart
Category: Data Breach
Content: Threat actor claims to have leaked an internal database associated with National Money Mart Company. According to the post, the exposed data contains personal and internal company data from multiple countries, primarily the United States and Canada, comprising more than 80,000 internal files.
Date: 2026-01-14T23:49:58Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273821/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e75c46a9-6820-4d24-9923-2cd4969de8a9.png
Threat Actors: Everestgroup
Victim Country: Canada
Victim Industry: Financial Services
Victim Organization: money mart
Victim Site: moneymart.ca
Alleged data breach of First Iraqi Bank
Category: Data Breach
Content: The group claims to have leaked 1M records belonging to First Iraqi Bank. The compromised data reportedly includes Subscriber Name, Province, Activation Status, Phone Number, Date of Birth, ID Number.
Date: 2026-01-14T23:34:23Z
Network: telegram
Published URL: https://t.me/c/3667951656/1531
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/91de626a-5962-44eb-ad2e-19e831ca64df.png
Threat Actors: BFRepoV4Files
Victim Country: Iraq
Victim Industry: Financial Services
Victim Organization: first iraqi bank
Victim Site: fib.iq
Alleged Data Breach of Notin.es
Category: Data Breach
Content: Threat actor claims to have leaked a large database associated with Notin.es, containing approximately 145 GB of sensitive data. The dataset reportedly includes scanned national identity documents (DNI), passports, foreign identification numbers (NIE), notarial deeds, tax documents, financial records, residential addresses, property and cadastral data, IBANs, invoices, wills, and other highly sensitive personal and legal information.
Date: 2026-01-14T23:31:40Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273820/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ec442402-40a5-44bb-95f4-fa7c386a15db.png
Threat Actors: Everestgroup
Victim Country: Spain
Victim Industry: Information Technology (IT) Services
Victim Organization: notin.es
Victim Site: notin.es
Alleged sale of unauthorized admin access to an unidentified organization in Denmark
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified organization in Denmark.
Date: 2026-01-14T23:10:14Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273817/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e9e1b6be-8711-44df-b559-1213aa59e42b.png
Threat Actors: personX
Victim Country: Denmark
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data breach of Sinch Mailgun
Category: Data Breach
Content: The threat actor leaked data from a Sinch/Mailgun CRM database, exposing extensive customer and lead records. The dataset includes names, email addresses, phone numbers, company and job details, customer lifecycle and lead status information, marketing and campaign activity, engagement metrics, opt-in/opt-out preferences, billing and revenue fields, IP and location data, timestamps, and CRM automation data.

NB: Authenticity of claim is yet to be verified
Date: 2026-01-14T23:04:35Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273815/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2da42022-60ec-455a-ae2a-6be33ebe672e.png
https://d34iuop8pidsy8.cloudfront.net/99feb95d-dae8-4943-926e-549a833331f7.png
Threat Actors: iwillneverlose
Victim Country: USA
Victim Industry: Software Development
Victim Organization: sinch mailgun
Victim Site: mailgun.com

Alleged Data Breach of 3Commas Technologies
Category: Data Breach
Content: Threat Actor claims to have breached the database of 3Commas Technologies in British Virgin Islands.
Date: 2026-01-14T22:28:05Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273807/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0dd771dc-9e64-4c8e-b5fd-4dc789c818ad.png
Threat Actors: iwillneverlose
Victim Country: British Virgin Islands
Victim Industry: Financial Services
Victim Organization: 3commas technologies
Victim Site: 3commas.io
Alleged data breach of Sameday
Category: Data Breach
Content: The threat actor claims to be selling a database associated with Sameday, a Romanian courier and delivery services company. The allegedly compromised dataset reportedly contains approximately 46,000 records in TXT format. exposed data fields include full names, email addresses, phone numbers, user and internal IDs, postal codes, cities/localities, counties, full physical addresses, company names, tax identification numbers, trade registry numbers, bank names, and bank account identifiers.
Date: 2026-01-14T22:22:52Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Sameday-Leaked-46k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/04b39fb0-13c7-497e-8051-fdf7b66b4ae7.png
Threat Actors: lemonhazed
Victim Country: Romania
Victim Industry: Transportation & Logistics
Victim Organization: sameday
Victim Site: sameday.ro
Alleged data breach of Ministry of Defence of the Russian Federation (MoD)
Category: Data Breach
Content: The threat actor claims to have leaked classified documentation associated with the Ministry of Defence of the Russian Federation (MoD).The leaked The leak data containing highly sensitive national security information.
Date: 2026-01-14T22:11:08Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DOCUMENTS-RUSSIA-STATE-SECRET-MoD-Borei-Class-Nuclear-Submarine-Blueprints-Docs-Leaked
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f4ce9e3c-4e5c-4bd2-8384-c56551fbfbd8.png
Threat Actors: jrintel
Victim Country: Russia
Victim Industry: Defense & Space
Victim Organization: ministry of defence of the russian federation (mod)
Victim Site: eng.mil.ru
Alleged data breach of Rafeeg
Category: Data Breach
Content: The group claims to have leaked 40,000 records belonging to Rafeeg. The exposed data allegedly include provider names, provider phone numbers, client names, client phone numbers, service descriptions, city and address details, service types, and pricing information.
Date: 2026-01-14T22:05:54Z
Network: telegram
Published URL: https://t.me/c/3667951656/1504
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9d6d1097-ae19-4f64-ac8d-7adea2082cda.png
Threat Actors: BFRepoV4Files
Victim Country: UAE
Victim Industry: Professional Services
Victim Organization: rafeeg
Victim Site: news.rafeeg.ae
Samson Equipment, Inc. falls victim to TENGU Ransomware
Category: Ransomware
Content: The group claims to have obtained 35.7 GB of the organization’s data and they intend to publish it within 7-8 days.
Date: 2026-01-14T22:01:37Z
Network: tor
Published URL: http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/b15894372ddbb2ea10962a5ec4eaab9594a0406f9ce1d66c7db3c9e23ef52003/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f0bfaafe-0e43-46fc-bc00-9c1b4a721280.png
https://d34iuop8pidsy8.cloudfront.net/6e320669-b249-4646-a6ed-d88762a489ae.png
Threat Actors: TENGU
Victim Country: USA
Victim Industry: Sporting Goods
Victim Organization: samson equipment, inc.
Victim Site: samsonequipment.com
Alleged leak of Russian MoD Borei-Class Submarine blueprints and documents
Category: Data Breach
Content: The group claims to have leaked blueprints and documents of Borei-Class Nuclear Submarine
Date: 2026-01-14T21:58:18Z
Network: telegram
Published URL: https://t.me/topsecretdocumentsleaked/217
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2e794766-0767-4981-818d-19d30ed44b38.jpg
Threat Actors: jrintel
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Astral Hotels
Category: Data Breach
Content: The group claims to have leaked 80,000 records belonging to Astral Hotels in Israel. The exposed data allegedly include user information, hotel and room identifiers, pricing details, guest names, phone numbers, email addresses, country codes, and payment‑related fields such as credit card tokens and approval indicators.
Date: 2026-01-14T21:53:12Z
Network: telegram
Published URL: https://t.me/c/3667951656/1211
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ac7fe7f9-1118-487c-921e-9f8401a5dd02.png
Threat Actors: BFRepoV4Files
Victim Country: Israel
Victim Industry: Hospitality & Tourism
Victim Organization: astral hotels
Victim Site: astralhotels.co.il
Rogers Capital falls victim to The Gentlemen Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data and intend to publish it within 3-4 days.
Date: 2026-01-14T21:47:17Z
Network: tor
Published URL: http://tezwsse5czllksjb7cwp65rvnk4oobmzti2znn42i43bjdfd2prqqkad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/eeaa3a28-e605-4d3f-9127-451c0885232d.png
Threat Actors: The Gentlemen
Victim Country: Mauritius
Victim Industry: Financial Services
Victim Organization: rogers capital
Victim Site: rogerscapital.mu
Alleged Sale of Unauthorized Fortinet VPN Access to a Chemical Manufacturing Company in USA
Category: Initial Access
Content: Threat actor claims to be selling unauthorized Fortinet VPN access to a U.S.-based manufacturing company in the chemicals and related products sector, allegedly providing Domain Administrator privileges.
Date: 2026-01-14T21:35:33Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273804/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/266957fb-46a7-41f5-a297-47cb4c77bf7e.png
Threat Actors: glebasik
Victim Country: USA
Victim Industry: Chemical Manufacturing
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to unidentified hotel in Yusa
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to an unidentified hotel in Yusa.
Date: 2026-01-14T21:06:11Z
Network: openweb
Published URL: https://forum.duty-free.cc/threads/6281/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/afc58869-62a5-464e-8dd9-1561cbefe7a6.png
Threat Actors: Orpheus
Victim Country: Unknown
Victim Industry: Hospitality & Tourism
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Asahi Shimbun
Category: Data Breach
Content: The threat actor claims to be selling a high-quality database allegedly sourced from asahi.com, belonging to the Japanese news organization Asahi Shimbun. The dataset is described as containing approximately 1.8 million rows and includes registered user email addresses, along with metadata and internal news archive records.
Date: 2026-01-14T20:59:25Z
Network: openweb
Published URL: https://breachforums.bf/Thread-1-8m-Japan-asahi-com-News-Archive-Internal-Backend-DB-Registered-User-Emails
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9181d293-77c5-44f5-96e6-e30994cd5824.png
Threat Actors: Bestjpdata1
Victim Country: Japan
Victim Industry: Newspapers & Journalism
Victim Organization: asahi shimbun
Victim Site: asahi.com
Alleged sale of unauthorized access to unidentified food distributor and retailer company
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to an unidentified regional food production, distributor and retailer company.
Date: 2026-01-14T20:48:37Z
Network: openweb
Published URL: https://forum.duty-free.cc/threads/6281/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ed0008f8-cd55-4a0d-a48d-f6dd8afd7a49.png
Threat Actors: Orpheus
Victim Country: Unknown
Victim Industry: Food Production
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Astore
Category: Data Breach
Content: The threat actor claims to be selling a database associated with Astore an e-commerce platform. The allegedly compromised dataset reportedly contains approximately 213,000 records in TXT format. The exposed data fields include email addresses, billing first and last names, phone and mobile numbers, city, ZIP/postal codes, state or province, physical addresses, and fax numbers.
Date: 2026-01-14T20:42:39Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-ASTORE-Leaked-213k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d94ee967-a00d-4a19-bec5-fcc5195b33cb.png
Threat Actors: lemonhazed
Victim Country: Pakistan
Victim Industry: E-commerce & Online Stores
Victim Organization: astore
Victim Site: astore.pk
Alleged sale of unauthorized access to unidentified organization from Iraq
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to an unidentified non-profit organization from Iraq.
Date: 2026-01-14T20:42:02Z
Network: openweb
Published URL: https://forum.duty-free.cc/threads/6281/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1a3aa4af-58e2-4e8b-83f2-6516509cdcf6.png
Threat Actors: Orpheus
Victim Country: Iraq
Victim Industry: Non-profit & Social Organizations
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Hentairox
Category: Data Breach
Content: Threat Actor claims to have leaked the database of Hentairox, which contains 224271 lines of user, passhash and e-mails.
Date: 2026-01-14T20:38:50Z
Network: openweb
Published URL: https://leakbase.la/threads/hentairox-com-224271-lines-user-passhash-e-mail.48189/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9c46f33c-9831-4458-b909-e81bec264288.png
Threat Actors: impierator
Victim Country: Unknown
Victim Industry: Entertainment & Movie Production
Victim Organization: hentairox
Victim Site: hentairox.com
Lunsford Capital
Category: Ransomware
Content: The group claims to have obtained the organizations data.
Date: 2026-01-14T20:27:30Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=5b47567c-14d4-3f2f-9ce5-322925242ffc
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/229b8cac-3920-443d-8244-fbec83e794a5.png
https://d34iuop8pidsy8.cloudfront.net/9b02a84a-c888-4c96-9e01-80592e0e572c.png
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: lunsford capital
Victim Site: lunsfordcapital.com
Payouts King Ransomware group adds an unknown victim (Ml)
Category: Ransomware
Content: The group claims to have obtained 218 GB of organization’s data and they intend to publish it within 6 days.
Date: 2026-01-14T20:25:00Z
Network: tor
Published URL: https://payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a9dd8e24-466e-460c-b756-e4fc763821d8.png
Threat Actors: Payouts King
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: ml
Victim Site: w.es
Alleged data sale of Mundivox Communications
Category: Data Breach
Content: Threat actor claims to be selling leaked database of Mundivox Communications, Brazil. The compromised data reportedly includes Internal emails , Employees, HR, Finances data and internal documents gathered from hosts and emails.
Date: 2026-01-14T20:18:38Z
Network: openweb
Published URL: https://bhf.pro/threads/718338/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f4627706-407f-4618-84a1-87a6f22e81da.png
https://d34iuop8pidsy8.cloudfront.net/34e92bb6-3941-4451-8a54-85a414571f36.png
Threat Actors: bytetobreach
Victim Country: Brazil
Victim Industry: Network & Telecommunications
Victim Organization: mundivox communications
Victim Site: mundivox.com
Alleged Data Leak of Bank Databases from Multiple Countries
Category: Data Breach
Content: Threat Actor claims to have leaked bank databases from multiple countries such as USA, Japan, UAE, UK, Switzerland, etc.
Date: 2026-01-14T20:12:01Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273776/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0ee38c19-1a60-451a-b749-be51c1798e44.png
Threat Actors: Ric1986
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Health & Nutrition Customer Database in USA
Category: Data Breach
Content: Threat Actor claims to be selling Health & Nutrition Customer Database in USA. The dataset reportedly contains over 53,000 user records, including names, work email addresses, phone numbers, account creation details, and last activity timestamps.
Date: 2026-01-14T20:09:49Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273799/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/00224e07-4499-47a7-a6d3-2ccfcec20e1a.png
Threat Actors: GeeksforGeeks
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Payouts King Ransomware group adds an unknown victim (As)
Category: Ransomware
Content: The group claims to have obtained 2.1 TB of organization’s data and they intend to publish it within 6 days.
Date: 2026-01-14T20:00:58Z
Network: tor
Published URL: https://payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4d52fbe3-6c4e-4ae4-a235-667a88a254ad.png
Threat Actors: Payouts King
Victim Country: UK
Victim Industry: Unknown
Victim Organization: as
Victim Site: w.com
Payouts King Ransomware group adds an unknown victim (Bp)
Category: Ransomware
Content: The group claims to have obtained 832 GB of organization’s data and they intend to publish it within 6 days.
Date: 2026-01-14T19:59:12Z
Network: tor
Published URL: https://payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/03956587-ef2d-400c-8fac-8a3f90a0653b.png
Threat Actors: Payouts King
Victim Country: UK
Victim Industry: Unknown
Victim Organization: bp
Victim Site: w.uk
Payouts King Ransomware group adds an unknown victim (Ag)
Category: Ransomware
Content: The group claims to have obtained 520 GB of organization’s data and they intend to publish it within 6 days.
Date: 2026-01-14T19:56:00Z
Network: tor
Published URL: https://payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c94fd03e-c7cf-476f-a78a-a03db01e7b5e.png
Threat Actors: Payouts King
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: ag
Victim Site: w.de
Payouts King Ransomware group adds an unknown victim (VS)
Category: Ransomware
Content: The group claims to have obtained 625 GB of organization’s data and they intend to publish it within 6 days.
Date: 2026-01-14T19:55:52Z
Network: tor
Published URL: https://payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5002ee0f-51e5-4a98-856e-349bbb894fb1.png
Threat Actors: Payouts King
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: vs
Victim Site: v.com
Alleged data leak of Learniverse
Category: Data Breach
Content: The threat actor leaked a data from Learniverse an online training and education platform. The compromised dataset allegedly includes user account and profile information. Exposed data fields shown in samples include user IDs, full names, first and last names, email addresses, occupations, user roles, account creation timestamps, internal authentication identifiers, academy or organization IDs, and profile metadata.
Date: 2026-01-14T19:43:53Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-learniverse-app
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3638dcc9-7283-4255-adc9-fcf34b75a569.png
Threat Actors: p0ppin
Victim Country: Unknown
Victim Industry: E-Learning
Victim Organization: learniverse
Victim Site: learniverse.app
Alleged data leak of Multiple French Sports Federations
Category: Data Breach
Content: The threat actor claims to be sharing a database related to multiple French sports federations. The exposed data allegedly includes personal information of athletes and members, such as full names, dates of birth, email addresses, postal addresses, phone numbers, sport affiliations, federation identifiers, and discipline-specific records.
Date: 2026-01-14T19:31:00Z
Network: openweb
Published URL: https://breachforums.bf/Thread-French-Federation-of-sports
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6f3130f1-4482-4a93-b73f-0f5eadec037b.png
Threat Actors: Meower201
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data sale of Indonesian passports
Category: Data Breach
Content: The threat actor is offering to sell 45 million Indonesian passports. The exposed data is said to include passport and document identifiers, document type and status, expiration dates, full names, dates of birth, gender, and record creation and update timestamps, with sample entries shared to demonstrate structure
Date: 2026-01-14T19:28:19Z
Network: telegram
Published URL: https://t.me/CinCauGhast3/70
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/50e1ce33-431a-4865-8af5-2059ca07c7ff.jpg
Threat Actors: CinCauGhast
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Gambling Database in Thailand
Category: Data Breach
Content: Threat Actor claims to have leaked a gambling database in Thailand containing approximately 110,000 records, including source, username, last login info, name, status, contact number, email, date of birth, and country.
Date: 2026-01-14T19:27:34Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273774/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c629f1ed-d9b6-4248-8111-eaadbb4891cf.png
Threat Actors: Ric1986
Victim Country: Thailand
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Payouts King Ransomware group adds an unknown victim (Lp)
Category: Ransomware
Content: The group claims to have obtained 411 GB of organization’s data and they intend to publish it within 6 days.
Date: 2026-01-14T19:24:25Z
Network: tor
Published URL: https://payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cd725fca-608c-4751-aed8-f40b63fac205.png
Threat Actors: Payouts King
Victim Country: USA
Victim Industry: Unknown
Victim Organization: lp
Victim Site: l.com
Alleged Sale of Unauthorized WP-Admin and Shell Access to Taiwanese E-Commerce Platform
Category: Initial Access
Content: Threat actor claims to be selling unauthorized shell and WordPress administrator access to a Taiwan-based e-commerce service described as a Shopify analogue. The access allegedly allows modification of shared source code used by 46 online shops, impacting all connected stores simultaneously.
Date: 2026-01-14T19:06:36Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273791/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ca6c4f54-d54b-46de-8504-4addc2a3b5ac.png
Threat Actors: room
Victim Country: Taiwan
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Indonesian journalists data
Category: Data Breach
Content: A threat actor claims to have leaked data belonging to Indonesian journalists . The leaked dataset contains over 20,000 records and is distributed in CSV format the compromised information reportedly includes journalists’ full names, affiliated media organizations, certificate details, testing or accreditation institutions, and professional certification levels.
Date: 2026-01-14T18:58:27Z
Network: openweb
Published URL: https://breachforums.bf/Thread-20-000-Indonesian-Journalists-Data-Breached
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/00719d05-38b5-4877-a714-72c0ad24679f.png
Threat Actors: AYYUBI
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized RDP Access to IT & Software Company in Japan
Category: Initial Access
Content: Threat actor claims to be selling unauthorized RDP and shell access to an IT and software company in Japan, allegedly providing Domain Administrator and SYSTEM-level privileges across multiple hosts. The access reportedly includes control over file servers and NAS systems containing more than 3.8 TB of sensitive internal, personal, and client data.
Date: 2026-01-14T18:56:07Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273772/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5d1aa81b-bcb0-411c-98bb-498828c59dcb.png
Threat Actors: Saturned33
Victim Country: Japan
Victim Industry: Information Technology (IT) Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login credentials to Leverage Entrepreneur Program
Category: Initial Access
Content: The group claims to have leaked login credentials to the website of Leverage Entrepreneur Program in UK
Date: 2026-01-14T18:53:50Z
Network: telegram
Published URL: https://t.me/c/2433981896/681
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/445f4d42-6212-44ca-9482-baf815d00400.png
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: UK
Victim Industry: Program Development
Victim Organization: leverage entrepreneur program
Victim Site: leverage.site.uk
Alleged data breach of Dolce Care
Category: Data Breach
Content: The threat actor claims to be selling a database belonging to Dolce Care. The allegedly compromised data consists of approximately 51,000+ records and includes order and customer-related information.
Date: 2026-01-14T18:53:01Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-dolcecare-pt-51-1K-users
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f0ce3956-bca1-47dd-b3d9-814e0fc1e7f9.png
Threat Actors: rennn
Victim Country: Portugal
Victim Industry: E-commerce & Online Stores
Victim Organization: dolce care
Victim Site: dolcecare.pt
Alleged data leak of Indian Railways
Category: Data Breach
Content: A threat actor claims to have exposed data associated with cwslgds.in, a railway maintenance facility operating under Indian Railways, specifically within the South Central Railway zone. The compromised data allegedly includes employee numbers, full names, HRMS IDs, UMID numbers, ticket numbers, employment type, designations, departments, pay groups, official and personal mobile numbers, email addresses, dates of birth, dates of appointment and retirement, gender, community, blood group, disability status, father’s name, permanent and present addresses, educational qualifications, Aadhaar numbers, PAN numbers, e-card details, and record creation timestamps.
Date: 2026-01-14T18:30:50Z
Network: openweb
Published URL: https://breachforums.bf/Thread-cwslgds-in-2-7k-Indian-Railways
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c73a2279-df2d-47d8-a7a8-6314389d0551.png
Threat Actors: colin
Victim Country: Unknown
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Cordogan Clark Group
Category: Data Breach
Content: A threat actor claims to have compromised a database belonging to Cordogan Clark Group. The exposed data is reportedly available in CSV and BIN formats, with sample files provided by the actor as proof of access.
Date: 2026-01-14T18:22:06Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Cordogan-Clark-database-breach
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f2f2c82d-1e15-4009-8cee-187bc09c2014.png
Threat Actors: AYYUBI
Victim Country: USA
Victim Industry: Architecture & Planning
Victim Organization: cordogan clark group
Victim Site: cordoganclark.com
Alleged leak of login credentials to Sitenger Kabupaten Cirebon
Category: Initial Access
Content: The group claims to have leaked login credentials to the electronic signature platform of Sitenger Kabupaten Cirebon
Date: 2026-01-14T18:18:00Z
Network: telegram
Published URL: https://t.me/CinCauGhast3/41
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/23dfbff8-f26c-43ff-a389-d26db915c439.png
Threat Actors: CinCauGhast
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: sitenger kabupaten cirebon
Victim Site: sitenger.cirebonkab.go.id
Alleged data breach of Almaex
Category: Data Breach
Content: A threat actor claims to have leaked a database belonging to Almaex, an Iran-based cryptocurrency exchange platform.
Date: 2026-01-14T18:13:02Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-IRAN-almaex-net-Leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/81ca52e7-3748-44fe-839e-08b2fd424298.png
Threat Actors: lulzintel
Victim Country: Iran
Victim Industry: Financial Services
Victim Organization: almaex
Victim Site: almaex.net
Alleged leak of NPWP records from Indonesia
Category: Data Breach
Content: The group claims to have leaked multiple Indonesian NPWP (Nomor Pokok Wajib Pajak) records, containing unique taxpayer identification data tied to different regional tax offices. The exposed data also includes national identity numbers, full names, residential addresses, assigned tax offices, and registration metadata.
Date: 2026-01-14T17:48:51Z
Network: telegram
Published URL: https://t.me/CinCauGhast3/42?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ea2e1552-dbdc-439b-a7e1-f3264dd028b6.png
https://d34iuop8pidsy8.cloudfront.net/857560c3-31fd-4957-8260-7fa677721185.png
https://d34iuop8pidsy8.cloudfront.net/22f8195f-eed8-4e1f-9377-58849d9bc303.png
Threat Actors: CinCauGhast
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Nicotine targets the website of Dubai Safari Tours
Category: Defacement
Content: Group claims to have defaced the website of Dubai Safari Tours.
Date: 2026-01-14T17:41:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/780953
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e13d53c4-1aae-4ac5-816e-5cb74d641770.png
Threat Actors: Nicotine
Victim Country: UAE
Victim Industry: Hospitality & Tourism
Victim Organization: dubai safari tours
Victim Site: dubaisafaritours.ae
Alleged leak of login credentials to RicBuy
Category: Initial Access
Content: The group claims to have leaked the login credentials to RicBuy
Date: 2026-01-14T17:41:25Z
Network: telegram
Published URL: https://t.me/c/2433981896/682
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0246f26e-cd7d-4b7f-b706-cea98e9c0a27.jpg
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: Spain
Victim Industry: E-commerce & Online Stores
Victim Organization: ricbuy
Victim Site: ricbuy.com
Alleged leak of login credentials to Utrainy
Category: Initial Access
Content: The group claims to have leaked the login credentials to Utrainy
Date: 2026-01-14T17:25:20Z
Network: telegram
Published URL: https://t.me/c/2433981896/683
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fb8d9a30-c5b3-4506-863b-302c55405f1a.jpg
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: Algeria
Victim Industry: Education
Victim Organization: utrainy
Victim Site: utrainy.com
National Auto Loan Network falls victim to Nova Ransomware
Category: Ransomware
Content: The group claims to have obtained 600GB of the organization’s data and intend to publish within 8 to 9 days.
Date: 2026-01-14T17:23:47Z
Network: tor
Published URL: http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2bfeb429-6a9f-474d-ae8b-27ca6aeb9bee.png
Threat Actors: Nova
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: national auto loan network
Victim Site: naln.com
Alleged Sale of Unauthorized RDP Access to an Industrial Equipment Company in Portugal
Category: Initial Access
Content: Threat actor claims to be selling unauthorized RDP and shell access with Domain Administrator and SYSTEM-level privileges to an industrial equipment company in Portugal. The access reportedly includes control over file servers and NAS systems containing more than 8.7 TB of sensitive internal, personal, and client data.
Date: 2026-01-14T17:17:55Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/273752/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d750f45e-f513-4579-91b7-51d7fb636a73.png
Threat Actors: Saturned33
Victim Country: Portugal
Victim Industry: Manufacturing & Industrial Products
Victim Organization: Unknown
Victim Site: Unknown
DimasHxR targets the website of Bhima Jewellers, UAE
Category: Defacement
Content: Group claims to have defaced the website of Bhima Jewellers, UAE.
Date: 2026-01-14T17:12:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/777635
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/df9d40c6-870a-4544-ac0e-db86e4330846.png
Threat Actors: DimasHxR
Victim Country: UAE
Victim Industry: Luxury Goods & Jewelry
Victim Organization: bhima jewellers
Victim Site: bhima.ae
Pathology Associates of St. Thomas (PAST) falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organizations data.
Date: 2026-01-14T17:06:25Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=33fc705f-89ed-3b7b-8143-e38a6d5bb76f
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b0a3552f-7ded-4335-ad1a-93d909ed8f83.png
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Medical Practice
Victim Organization: pathology associates of st. thomas (past)
Victim Site: pastdermpath.com
Radiant Remodeling falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organizations data.
Date: 2026-01-14T17:04:58Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=ae93eb76-94ee-3540-a58b-ff790710941f
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a9f03d2b-22b8-4770-b30c-b134d8428203.png
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: radiant remodeling
Victim Site: radiantremodelingllc.com
Alleged data leak of Coinspark.cc
Category: Data Breach
Content: A threat actor has reposted a dataset allegedly originating from Coinspark.cc. The leaked information reportedly includes IP addresses and details related to coins created on the platform.
Date: 2026-01-14T17:04:23Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Repost-Coinspark-cc
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9ea5e4d2-e5a4-42a9-92c0-9b07c31c8941.png
Threat Actors: Glowie
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: coinspark.cc
Designers Mirror and Glass, Inc. falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organizations data.
Date: 2026-01-14T17:03:25Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=e7061f15-969a-3769-a59b-90829dc37afc
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ff247ca2-10b8-4220-950d-350164e29166.png
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: designers mirror and glass, inc.
Victim Site: designersmirror.com
Z-BL4CX-H4T targets the website of EXPERT MAX INDIA (EMI)
Category: Defacement
Content: The group claims to have defaced the website of EXPERT MAX INDIA (EMI)
Date: 2026-01-14T17:01:28Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/3
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/99c4066c-d6fc-4b11-bfcd-d3484187518f.png
Threat Actors: Z-BL4CX-H4T
Victim Country: India
Victim Industry: Professional Training
Victim Organization: expert max india (emi)
Victim Site: emiorg.com
Pre-Con Builders falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained 515 GB of the organizations data.
Date: 2026-01-14T16:52:49Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=4e08b6e9-f9b0-38ab-a337-306bfbaee812
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d1d31502-e310-4f33-8791-00595b55f4ab.png
Threat Actors: Qilin
Victim Country: Canada
Victim Industry: Building and construction
Victim Organization: pre-con builders
Victim Site: preconbuilders.com
Alleged data breach of Kementerian Agama Republik Indonesia
Category: Data Breach
Content: A threat actor claims to have leaked data allegedly originating from the Kementerian Agama Republik Indonesia (Ministry of Religious Affairs of Indonesia). The compromised database reportedly contains sensitive personal and administrative information related to ministry programs and services, including records associated with religious assistance programs, institutional data, educators and religious personnel, and other public religious services.
Date: 2026-01-14T16:49:16Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-DATABASE-KEMENTERIAN-AGAMA-INDONESIA
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5760e53f-bb04-4181-8f41-68c58d2010ad.png
Threat Actors: aiyewumi
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: kementerian agama republik
Victim Site: kemenag.go.id
Ernest Maier, Inc falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organizations data.
Date: 2026-01-14T16:48:06Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=11f6e466-b8c7-3359-994b-7f7fe71db139
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/885886fe-1642-4c3f-b193-a7a577277556.png
Threat Actors: Qilin
Victim Country: USA
Victim Industry: Wholesale
Victim Organization: ernest maier, inc
Victim Site: ernestmaier.com
Gtech falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organizations data.
Date: 2026-01-14T16:45:09Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=42e05b39-7cea-35c3-ba31-daddc518faae
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/eb529573-3340-4728-880b-b1571fb28b2e.png
Threat Actors: Qilin
Victim Country: UK
Victim Industry: Electrical & Electronic Manufacturing
Victim Organization: gtech
Victim Site: gtech.co.uk
Alleged data leak of Ministry of Religious Affairs of Indonesia
Category: Data Breach
Content: A threat actor claims to be selling data allegedly obtained from the Directorate of Islamic Education under the Ministry of Religious Affairs of Indonesia. The compromised data reportedly includes sensitive personal information such as National Identification Numbers (NIK), Family Card Numbers (KK), full names, residential addresses, email addresses, phone numbers, and related records associated with educators, institutions, and assistance programs.
Date: 2026-01-14T16:39:19Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-DATABASE-KEMENTRIAN-AGAMA-INDONESIA
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6e7ee4c4-4cd6-4963-b87a-faed3181b5ed.png
Threat Actors: LolForum
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown
DimasHxR targets the website of Dubai Safari Tours
Category: Defacement
Content: Group claims to have defaced the website of Dubai Safari Tours.
Date: 2026-01-14T16:39:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/780953
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e13d53c4-1aae-4ac5-816e-5cb74d641770.png
Threat Actors: DimasHxR
Victim Country: UAE
Victim Industry: Hospitality & Tourism
Victim Organization: dubai safari tours
Victim Site: dubaisafaritours.ae
Alleged unauthorized access to an unidentified chiller management system in the Czech Republic
Category: Initial Access
Content: The group claims to have gained unauthorized access to a chiller management system in the Czech Republic, allegedly used to control a central refrigeration unit supporting industrial and commercial cooling operations. According to the claim, the system (identified as a SINOP31 model) was observed operating in normal mode, with active control over cooling temperatures, load levels, compressor performance, energy consumption, pressure and temperature parameters, and operational statistics, with both local and remote control capabilities available
Date: 2026-01-14T16:36:53Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3319
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4595ce73-6438-4532-91cc-55d97935487a.jpg
Threat Actors: Infrastructure Destruction Squad
Victim Country: Czech Republic
Victim Industry: Industrial Automation
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of MOD Hospital
Category: Data Breach
Content: A threat actor claims to have leaked databases allegedly belonging to modhospital.kr, containing hospital patient and internal system records. The compromised data reportedly includes patient information, doctor records, appointment schedules, system and device logs, meal schedules, terminal data, and access logs.
Date: 2026-01-14T16:34:49Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-MODHOSPITAL-KR-%E2%80%94-45K-KOREAN-HOSPITAL-PATIENT-SYSTEM-RECORDS-14-01-2026-Solonik-BF
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2d3e64b5-a617-44cd-8ca2-dec5ce8406b9.png
Threat Actors: Solonik
Victim Country: South Korea
Victim Industry: Hospital & Health Care
Victim Organization: mod hospital
Victim Site: modhospital.kr
Z-BL4CX-H4T targets the website of RLJ Electrical Limited
Category: Defacement
Content: The group claims to have defaced the website of RLJ Electrical Limited
Date: 2026-01-14T16:33:16Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/3
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/174f36ab-3c39-4323-ae38-f0e24e990ca8.jpg
Threat Actors: Z-BL4CX-H4T
Victim Country: New Zealand
Victim Industry: Facilities Services
Victim Organization: rlj electrical limited
Victim Site: rljelectrical.co.nz
Alleged data breach of RAPY.GG
Category: Data Breach
Content: A threat actor claims to be selling data allegedly obtained from RAPY.GG, one of the largest Polish Minecraft servers. The compromised data reportedly includes player-related information such as Minecraft usernames and associated IP addresses.
Date: 2026-01-14T16:14:19Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-rapy-pl-database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0cce5fd5-e512-4753-a125-2bca6946435b.png
Threat Actors: HEXROOTGROUP
Victim Country: Poland
Victim Industry: Gaming
Victim Organization: rapy.gg
Victim Site: rapy.gg
Z-BL4CX-H4T targets the website of Advocate Deepak Aneja
Category: Defacement
Content: The group claims to have defaced the website of Advocate Deepak Aneja
Date: 2026-01-14T16:10:27Z
Network: telegram
Published URL: https://t.me/z_bl4cx_h4t_id/3
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9a42cd53-c1b6-4165-b221-1146bc857670.jpg
Threat Actors: Z-BL4CX-H4T
Victim Country: India
Victim Industry: Legal Services
Victim Organization: Unknown
Victim Site: advocatedeepakaneja.com
Z-BL4CX-H4T targets the website of The Jatayu Gurukul
Category: Defacement
Content: The group claims to have defaced the website of The Jatayu Gurukul
Date: 2026-01-14T16:06:43Z
Network: telegram
Published URL: https://t.me/c/3027611821/259
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f3ccbc2b-ef4e-41f3-a2e0-b9d0c4036340.jpg
Threat Actors: Z-BL4CX-H4T
Victim Country: India
Victim Industry: Education
Victim Organization: the jatayu gurukul
Victim Site: thejatayagurukul.com
Alleged access to DHIS2 Health Management System of Kurdistan Regional Government’s Ministry of Health
Category: Initial Access
Content: The group claims to have compromised the DHIS2 Health Management System operated by the Kurdistan Regional Government’s Ministry of Health in Iraq. According to the actor, the targeted server functions as a centralized database aggregating health data from hospitals and medical centers across the region.
Date: 2026-01-14T15:54:36Z
Network: telegram
Published URL: https://t.me/SylhetGangSG1/7309
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2555a4cf-d49b-46bd-adc6-e31efa9a2bfd.png
Threat Actors: mu6tx
Victim Country: Iraq
Victim Industry: Government Administration
Victim Organization: kurdistan regional government – ministry of health
Victim Site: dhis.moh.gov.krd
rebars & mesh, inc. falls victim to akira ransomware
Category: Ransomware
Content: The threat actor claims to have obtained 15 GB of organization’s data. The data includes employee personal information (driver’s licenses, addresses, emails), client data, financial records, agreements, and technical drawings and specifications.
Date: 2026-01-14T15:48:20Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d77439e1-a3a2-41e1-80f4-6626e7cd98a9.png
Threat Actors: akira
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: rebars & mesh, inc.
Victim Site: rebarsandmesh.com
ImageWorks Display falls victim to akira ransomware
Category: Ransomware
Content: The threat actor claims to have obtained 15 GB of organization’s data. The data includes employee personal information (W-9 forms and related records), client data, financial information, agreements and contracts, and NDAs.
Date: 2026-01-14T15:22:37Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5e613067-5417-4f70-baae-7d9861ef0b27.png
Threat Actors: akira
Victim Country: USA
Victim Industry: Marketing, Advertising & Sales
Victim Organization: imageworks display
Victim Site: imageworksdisplay.com
Alleged data breach of PT Comitrando Emporio
Category: Data Breach
Content: The group claims to have breached the databse of PT Comitrando Emporio leaking personally identifiable information of employees including full name, gender, regency or district, sub-district, village or urban ward, phone number, email address, family information, guardian or family member name, and guardian or family member phone number.
Date: 2026-01-14T15:18:56Z
Network: telegram
Published URL: https://t.me/maul1337anon/458
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0bb4f989-1efd-4bf4-af02-48de574f04a8.jpg
Threat Actors: maul1337
Victim Country: Indonesia
Victim Industry: Manufacturing & Industrial Products
Victim Organization: pt comitrando emporio
Victim Site: komitrando.com
Alleged data sale of Thailand passports
Category: Data Breach
Content: The threat actor is offering to sell 33000 Thailand passports (11 GB), allegedly mentioning possibly 60% of the passports is past its expiration date.
Date: 2026-01-14T14:30:18Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Thailand-passport-33000x-11gb
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/66d48329-7fea-477c-a071-5b750aed4fcc.JPG
Threat Actors: DocLite
Victim Country: Thailand
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of ClubDunes
Category: Data Breach
Content: The threat actor claims to have leaked data from ClubDunes, which was breached in 2023. The compromised dataset reportedly contains 292,938 records, including email addresses, usernames, photo ID status, and additional information.
Date: 2026-01-14T14:23:14Z
Network: openweb
Published URL: https://leakbase.la/threads/uae-clubdunes-com-292-938-lines.27830/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6db114c0-ec78-4b96-beea-907015598fa1.png
Threat Actors: HeartLeak
Victim Country: UAE
Victim Industry: Social Media & Online Social Networking
Victim Organization: clubdunes
Victim Site: clubdunes.com
Alleged data leak of Kurdistan E-Residency System
Category: Data Breach
Content: Group claims to have leaked data from Kurdistan E-Residency System.
Date: 2026-01-14T14:14:33Z
Network: telegram
Published URL: https://t.me/dienet3/66
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/281bf1f9-2d27-4749-a225-d70ed5d269ed.png
https://d34iuop8pidsy8.cloudfront.net/3c0179a8-f671-44f9-ae8e-9699837adae9.png
Threat Actors: DieNet
Victim Country: Iraq
Victim Industry: Government Administration
Victim Organization: kurdistan e-residency system
Victim Site: ebl.residency.gov.krd
Qassim Health Services Association falls victim to TENGU Ransomware
Category: Ransomware
Content: The group claims to have obtained organization’s data and intend to publish within 5 to 6 days.
Date: 2026-01-14T14:12:56Z
Network: tor
Published URL: http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/9194b5bee0d8552e9421cd7003d82a7861469b78856b501259d0c881519df3cf/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c05b5eef-884e-4b4f-b199-6886dc7f0f0c.png
Threat Actors: TENGU
Victim Country: Saudi Arabia
Victim Industry: Hospital & Health Care
Victim Organization: qassim health services association
Victim Site: seha.org.sa
Fechner Pump & Supply Inc. falls victim to akira ransomware
Category: Ransomware
Content: The threat actor claims to have obtained 157 GB of corporate data from the organisation, allegedly including employee personal information (SSN, address, phones, email, scans of personal documents and so on), projects, client information, financials, contracts and agreements, etc.
Date: 2026-01-14T14:10:14Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/983ad8f4-5146-40e3-a660-b13c122ef43c.JPG
Threat Actors: akira
Victim Country: USA
Victim Industry: Oil & Gas
Victim Organization: fechner pump & supply inc.
Victim Site: fechnerpump.com
H2 Builders falls victim to akira ransomware
Category: Ransomware
Content: The threat actor claims to have obtained more than 20 GB of corporate data from the organisation, allegedly including client information, financials, contracts, agreements and more.
Date: 2026-01-14T13:58:18Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/963c2df8-3072-437f-9c0e-a7b60bdea5eb.JPG
Threat Actors: akira
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: h2 builders
Victim Site: h2builders.com
TruGolf falls victim to akira Ransomware
Category: Ransomware
Content: The group claims to have obtained 37 GB of the organization’s data. The compromised data reportedly includes employee personal information such as Social Security numbers, driver’s license details, addresses, and email addresses, as well as client information, financial data, contracts, and agreements.
Date: 2026-01-14T13:55:51Z
Network: tor
Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/044d9b3d-7d4d-4b9a-ad7c-de7bb469ca15.png
Threat Actors: akira
Victim Country: USA
Victim Industry: Software Development
Victim Organization: trugolf
Victim Site: trugolf.com
Alleged leak of U.S. police documents related to forged document detection
Category: Data Breach
Content: The threat actor claims to have leaked U.S. police documents related to forged document detection
Date: 2026-01-14T13:53:29Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Leaked-documents-on-how-the-PD-finds-forged-documents
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bf9f7708-41dd-4b75-8615-2675854230c2.JPG
Threat Actors: zvezdanwastaken
Victim Country: USA
Victim Industry: Law Enforcement
Victim Organization: Unknown
Victim Site: Unknown
Advanced Construction Southwest falls victim to INC RANSOM Ransomware
Category: Ransomware
Content: The Group Claims to have Obtained 1.5 TB of the Organization’s Data.
Date: 2026-01-14T13:52:41Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/696792498f1d14b743a9d829
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a628df04-316c-49be-98d6-ed1aa46fd3cc.png
Threat Actors: INC RANSOM
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: advanced construction southwest
Victim Site: acswinc.com
Alleged access to unidentified CCTV cameras in USA
Category: Initial Access
Content: The group claims to have accessed unidentified CCTV cameras in Florida,USA.
Date: 2026-01-14T13:49:31Z
Network: telegram
Published URL: https://t.me/zpentestalliance/965
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/328cf344-04c3-4026-9d1c-9b03f882ebaf.JPG
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of data from the website of Concern for Radio Broadcasting, Radio Communications and Television
Category: Data Breach
Content: Group claims to have accessed and leaked data from the website of the Concern for Radio Broadcasting, Radio Communications and Television, an entity operating under the State Service for Special Communications and Information Protection of Ukraine, allegedly exposing technical broadcasting documentation dating from 2016 to 2026.
Date: 2026-01-14T13:42:47Z
Network: telegram
Published URL: https://t.me/perunswaroga/1036
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6d2227c7-b2fc-4ad1-ab08-a5c9d336a060.png
Threat Actors: Perun Svaroga
Victim Country: Ukraine
Victim Industry: Government & Public Sector
Victim Organization: concern for radio broadcasting, radio communications and television
Victim Site: rrt.ua
NightSpire RaaS
Category: Malware
Content: The threat actor NightSpire claims to be promoting a Ransomware-as-a-Service (RaaS) program via its dark web platform. According to the announcement, the group has opened affiliate recruitment, allowing interested parties to register and collaborate in ransomware operations. This development may lead to an increase in affiliate-driven attacks and a higher number of reported victims in the near future.
Date: 2026-01-14T13:24:16Z
Network: openweb
Published URL: https://x.com/stealthmole_iol/status/2011349161355211061?s=20
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f9d8a353-bd58-4ac2-a2ea-855c8a497ba2.png
Threat Actors: NightSpire
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Indonesian Journalists
Category: Data Breach
Content: The threat actor claims to have leaked the data of 20,000 Indonesian Journalists, allegedly including journalist name, media name, journalist certificate, testing institution, level.
Date: 2026-01-14T13:05:22Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-20-000-Indonesian-Journalists-Data-Breached
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0b40ae66-9dc1-4425-bfdd-41666e2f8db4.JPG
Threat Actors: AYYUBI
Victim Country: Indonesia
Victim Industry: Newspapers & Journalism
Victim Organization: persatuan wartawan indonesia
Victim Site: dewanpers.or.id
Alleged data breach of Textitute
Category: Data Breach
Content: The threat actor claims to have breached 2.8 million+ rows of data from the organisation, allegedly including contacts, sms leads, users, tokens, clients and more.
Date: 2026-01-14T12:25:51Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-TEXTITUTE-COM-%E2%80%94-SMS-CONTACT-PLATFORM-CLIENT-DB-13-01-2026-Solonik-BF
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/988c215b-d4b8-48e3-929d-6af22bba4d58.JPG
https://d34iuop8pidsy8.cloudfront.net/d5a1e3a9-e643-43dc-98ba-fe04c2130782.JPG
Threat Actors: Solonik
Victim Country: Canada
Victim Industry: Network & Telecommunications
Victim Organization: textitute
Victim Site: textitute.com
Alleged data breach of Horus Integrated Solutions
Category: Data Breach
Content: The threat actor claims to have breached 1.97 million rows of data from the organisation. allegedly including taxpayer records, NFSe invoices, declarations, access logs, payment guides, and more.
Date: 2026-01-14T11:55:35Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-HORUSDM-COM-BR-%E2%80%94-MUNICIPAL-TAX-SYSTEM-DATABASES-BRAZIL-2M-RECORDS-14-01-2026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e93b94c8-1d3a-4690-bce1-4740b92ecd67.JPG
https://d34iuop8pidsy8.cloudfront.net/a9feca44-ecd4-4290-8b59-a4ca2a106a4a.JPG
Threat Actors: Solonik
Victim Country: Brazil
Victim Industry: Software Development
Victim Organization: horus integrated solutions
Victim Site: horusdm.com.br
Alleged data leak of Carriage Workshop Lallaguda
Category: Data Breach
Content: The threat actor claims to have leaked an employee database linked to Carriage Workshop Lallaguda, a major railway maintenance facility under Indian Railways’ South Central Railway zone. The alleged dataset, shared as a text file containing 2,778 records, reportedly includes highly sensitive personal and employment-related information such as employee numbers, names, HRMS and UMID IDs, designations, departments, contact details, dates of birth and service, addresses, Aadhaar and PAN numbers, blood group, and other HR records.
Date: 2026-01-14T11:49:19Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-cwslgds-in-2-7k-Indian-Railways
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f6e427c3-4516-4280-81c5-ff4081c95711.png
Threat Actors: colin
Victim Country: India
Victim Industry: Government Relations
Victim Organization: carriage workshop lallaguda
Victim Site: cwslgds.in
Alleged Unauthorized Access to a Construction and Contract Management System in Libya
Category: Initial Access
Content: The group claims to have accessed a construction and contracting management system of a Libyan company, reportedly exposing project details, client and contractor records, contracts, and financial data.
Date: 2026-01-14T11:47:40Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3304
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e35959aa-394e-4818-8e63-a3a16fa5d91e.png
https://d34iuop8pidsy8.cloudfront.net/977f9ed0-2161-4059-b0ce-c575b8f14f96.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: Libya
Victim Industry: Building and construction
Victim Organization: Unknown
Victim Site: Unknown
Alleged Unauthorized Access to an Industrial Control or Management System in poland
Category: Initial Access
Content: Group claims to have gained unauthorized access to an industrial control or management system operated by an unidentified indoor snow facility in Poland, which is reportedly using TechnoAlpin Indoor Snow Division system.
Date: 2026-01-14T11:37:04Z
Network: telegram
Published URL: https://t.me/c/2787466017/1622
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/66681f04-d614-481a-b693-d9f0482bd7ef.png
Threat Actors: NoName057(16)
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Global Error System targets the website of Maria Vocational School
Category: Defacement
Content: The group claims to have defaced the website of Maria Vocational School
Date: 2026-01-14T11:22:09Z
Network: openweb
Published URL: https://defacer.id/mirror/id/227440
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c3c81a6e-9024-497b-9800-a48749dbfabe.JPG
Threat Actors: Global Error System
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: maria vocational school
Victim Site: skripsiiku.my.id
Alleged unauthorized access to Al Badr Uniforms
Category: Initial Access
Content: The group claims to have gained unauthorized access to the admin panel of Al Badr Uniforms in Syria. The compromised system allows controls full administrative access, providing complete control over the website’s frontend, backend, content, files, and internal management systems and also defaced the organizations website.
Date: 2026-01-14T11:15:13Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3298
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9baf531d-2a13-41ab-a5cb-467cf49d5c99.jpg
https://d34iuop8pidsy8.cloudfront.net/7e27a056-838d-4dd0-8c0e-4b8ff647aa64.jpg
Threat Actors: Infrastructure Destruction Squad
Victim Country: Syria
Victim Industry: Fashion & Apparel
Victim Organization: al badr uniforms
Victim Site: albadr-uniforms.com
Hazardous Cyber Team targets the website of dbcollege.ac.in
Category: Defacement
Content: The group claims to have defaced the website of dbcollege.ac.in
Date: 2026-01-14T11:12:31Z
Network: openweb
Published URL: https://defacer.id/mirror/id/227441
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/abd12c0f-8a2c-4074-98bc-3834b153da18.JPG
Threat Actors: Hazardous Cyber Team
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: dbcollege.ac.in
Alleged sale of access to Nigerian government websites
Category: Initial Access
Content: The group claims to be selling unauthorized access to Nigerian government websites.
Date: 2026-01-14T10:52:53Z
Network: telegram
Published URL: https://t.me/Team_Cy8er_N4ti0n/14
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8c6ee062-5b51-4114-af66-4ffcf15e422a.png
Threat Actors: CY8ER N4TI0N
Victim Country: Nigeria
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: gov.ng
./RAZOR targets the website of Maldives Bureau of Statistics
Category: Defacement
Content: The group claims to have defaced the website of Maldives Bureau of Statistics.
Date: 2026-01-14T10:27:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/777864
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a5d187e7-c76e-461f-a1cf-8c6d8c1adf9f.png
Threat Actors: ./RAZOR
Victim Country: Maldives
Victim Industry: Government Administration
Victim Organization: maldives bureau of statistics
Victim Site: bids.stats.gov.mv
Boss Ranzen targets the website of World Psychology
Category: Defacement
Content: Group claims to have defaced the website of World Psychology.
Date: 2026-01-14T10:19:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/782146
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/477865ae-8e60-4da6-b5eb-10972c482180.png
Threat Actors: Boss Ranzen
Victim Country: Indonesia
Victim Industry: Publishing Industry
Victim Organization: world psychology
Victim Site: ejournal.staialhikmahpariangan.ac.id
./Outsiders targets the website of Sanskarcity College of Education
Category: Defacement
Content: Group claims to have defaced the website of Sanskarcity College of Education.
Date: 2026-01-14T10:10:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/780900
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/87106e95-b512-45eb-a936-8dc3a94946ca.png
Threat Actors: ./Outsiders
Victim Country: India
Victim Industry: Education
Victim Organization: sanskarcity college of education
Victim Site: scisedu.in
Imkey7 targets the website of Federal Government Staff Housing Loans Board in Nigeria
Category: Defacement
Content: The group claims to have defaced the website of Federal Government Staff Housing Loans Board in Nigeria.
Date: 2026-01-14T10:05:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/777611
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d69df786-cadd-406d-bc60-dc2f92c405e1.png
Threat Actors: Imkey7
Victim Country: Nigeria
Victim Industry: Government Administration
Victim Organization: federal government staff housing loans board
Victim Site: fgshlb.gov.ng
MR-4PEAJE targets the website of AES’ Vanita Vinayalaya Junior College of Education
Category: Defacement
Content: The group claims to have defaced the organization’s website.
Date: 2026-01-14T09:55:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/782148
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b265631b-645b-4371-a4c6-ae879b46152a.png
Threat Actors: MR-4PEAJE
Victim Country: India
Victim Industry: Education
Victim Organization: aes’ vanita vinayalaya junior college of education
Victim Site: aesvanitadted.edu.in
Boss Ranzen targets the website of Scientax
Category: Defacement
Content: The group claims to have defaced the organization’s website.
Date: 2026-01-14T09:41:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/782145
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/670f08e2-2c47-4ac7-9181-4eccfbebab63.png
Threat Actors: Boss Ranzen
Victim Country: Indonesia
Victim Industry: Government Relations
Victim Organization: scientax
Victim Site: ejurnal.pajak.go.id
D0R4H4X0R targets the website of Bangladesh Employees Welfare Board
Category: Defacement
Content: The group claims to have defaced the website of Bangladesh Employees Welfare Board
Date: 2026-01-14T09:39:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/780906
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1139cc66-2c19-4a02-9520-0466dcd4d18f.JPG
Threat Actors: D0R4H4X0R
Victim Country: Bangladesh
Victim Industry: Government Administration
Victim Organization: bangladesh employees welfare board
Victim Site: welfare.bkkb.gov.bd
Nicotine targets the website of BookSouk
Category: Defacement
Content: Group claims to have defaced the website of BookSouk.
Date: 2026-01-14T09:29:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/781013
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2252a19c-28cf-4c84-93fe-7982f3b6cbb0.png
Threat Actors: Nicotine
Victim Country: Qatar
Victim Industry: Retail Industry
Victim Organization: booksouk
Victim Site: booksouk.qa
Boss Ranzen targets the website of Universitas Negeri Surabaya
Category: Defacement
Content: The group claims to have defaced the organization’s website.
Date: 2026-01-14T09:28:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/782141
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/40593d11-77f9-445e-aeba-7d2f2c71bdd1.png
Threat Actors: Boss Ranzen
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: universitas negeri surabaya
Victim Site: unesa.ac.id
GENESIS Ransomware group adds an unknown victim (*)
Category: Ransomware
Content: The group claims to have obtained approximately 700 GB of the organization’s data. The compromised data reportedly includes company customer data, business development data, confidential files and non-disclosure agreements, user folders, operational data, and data from the company’s file server.
Date: 2026-01-14T09:19:21Z
Network: tor
Published URL: http://genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion/a540b155da0a63b229ca/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5d10ea41-8b73-47ff-bb85-25c1323d3cdc.png
https://d34iuop8pidsy8.cloudfront.net/de2ef3f2-45f9-49ff-bbb4-1e2f9b80dfc3.png
Threat Actors: GENESIS
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
maul1337 targets the website of GRENZE Scientific Society
Category: Defacement
Content: The group claims to have defaced the website of GRENZE Scientific Society.

Mirror : https://zone-xsec.com/mirror/782152
Date: 2026-01-14T07:14:42Z
Network: telegram
Published URL: https://t.me/maul1337anon/449
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/81d02f9e-91b2-40ff-86de-948c10661d42.png
Threat Actors: maul1337
Victim Country: India
Victim Industry: Research Industry
Victim Organization: grenze scientific society
Victim Site: thegrenze.com

Alleged Database Breach of Ultramail
Category: Data Breach
Content: The threat actor claims to have successfully executed a database breach against the Brazilian email service provider, Ultramail.
The attacker asserts that they bypassed security via Remote Code Execution (RCE) to gain full access to the company’s internal infrastructure. As a result of this intrusion, the actor claims to have exfiltrated a database containing 34,733 sensitive user records. The breach reportedly includes the theft of user credentials, which the actor claims to have already cracked into plaintext format.
Date: 2026-01-14T07:09:03Z
Network: openweb
Published URL: https://darkforums.io/Thread-ultramail-com-br-Full-Infrastructure-Access-RCE-Adminer-Cracked-DB
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/10db26c6-7cd1-41f6-b92f-a10f16947ded.jpg
Threat Actors: asfkdj3229tg43ejg
Victim Country: Brazil
Victim Industry: Marketing, Advertising & Sales
Victim Organization: ultramail
Victim Site: ultramail.com.br
Alleged Data Breach of Kejaksaan Republik Indonesia
Category: Data Breach
Content: The threat actor claims an alleged data breach of Kejaksaan Republik Indonesia, the dataset reportedly includes 63 database files in SQL/CSV format originating from various Indonesian government institutions, including law enforcement and regional government systems.
Date: 2026-01-14T06:23:47Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-Big-Pack-Indonesian-Government-go-id-Databases-43-9GB-2025
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dd01e30f-b0d7-418d-bac2-fe0a9d86ed3d.png
Threat Actors: timcookapple
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: kejaksaan republik indonesia
Victim Site: Unknown
Alleged data breach of Sagolink
Category: Data Breach
Content: The threat actor claims to be leaked data from Sagolink. The compromised data reportedly contain 12k records including Full names, phone numbers, genders, Email addresses, birth dates
Date: 2026-01-14T05:59:58Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-sagolink-ai
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c93c81bd-b6bc-443a-b055-d4a6408ad3e8.png
https://d34iuop8pidsy8.cloudfront.net/6c40a9b4-5e74-4ec1-bba4-d52c9aeafc12.png
Threat Actors: p0ppin
Victim Country: South Korea
Victim Industry: Insurance
Victim Organization: sagolink
Victim Site: sagolink.ai
GHOSTNET-X targets the website of Pico
Category: Defacement
Content: The group claims to have defaced the website of Pico
Date: 2026-01-14T05:54:50Z
Network: telegram
Published URL: https://t.me/c/3560880038/113
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/64ae241b-2cda-49d1-811d-5fc5bdd0fca7.png
Threat Actors: GHOSTNET-X
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: pico
Victim Site: pico-mail.net
Alleged leak of random personally identifiable documents
Category: Data Breach
Content: The threat actor claims to have leaked a collection of random personally identifiable documents, the dataset includes a variety of government-issued identity documents, vehicle records, insurance papers, passports, visas, and social security cards from multiple countries.
Date: 2026-01-14T05:35:46Z
Network: openweb
Published URL: https://breachforums.bf/Thread-COLLECTION-RANDOM-PII-DOCUMENTS
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ae78aa74-97f9-4e52-9d90-af40a1861268.png
Threat Actors: zvezdanwastaken
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of French Job Portal Data
Category: Data Breach
Content: The threat actor claims to be leaked 600k French Job Portal Data
Date: 2026-01-14T05:31:36Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FR-Portail-emploi-600k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8372772b-54ca-4679-a916-83073f3de1cc.png
Threat Actors: MoNkEySdAnCiNiNg
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
CyberOprationCulture targets the website of Al-modina Battery House
Category: Defacement
Content: The group claims to have defaced the website of Al-modina Battery House
Date: 2026-01-14T05:26:51Z
Network: telegram
Published URL: https://t.me/c/3421269527/69
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5f99db26-b9ac-4dbd-9c36-e6d890d49b6e.png
Threat Actors: CyberOprationCulture
Victim Country: Bangladesh
Victim Industry: Electrical & Electronic Manufacturing
Victim Organization: al-modina battery house
Victim Site: almodinabatteryhouse.com
CyberOprationCulture targets the website of echofreshlife
Category: Defacement
Content: The group claims to have defaced the website of echofreshlife
Date: 2026-01-14T05:12:52Z
Network: telegram
Published URL: https://t.me/c/3421269527/69
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/94037427-3ff5-4b88-8256-2e53fc6b7509.png
Threat Actors: CyberOprationCulture
Victim Country: Japan
Victim Industry: Consumer Goods
Victim Organization: echofreshlife
Victim Site: echofreshlife.com
Alleged data leak of Iranian online medical platform
Category: Data Breach
Content: The threat actor claims an alleged data leak of Iranian online medical platform. According to the post, the exposed database contains information on 700,000+ citizens.
Date: 2026-01-14T04:54:08Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-IRAN-IRAN-ONLINE-MEDICAL-PLATFORM–183963
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/463b79b7-d315-4335-8f1d-0d506e0d14dc.png
Threat Actors: xploitleaks
Victim Country: Iran
Victim Industry: Hospital & Health Care
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Max Messenger
Category: Data Breach
Content: The threat actor claims to have fully compromised Max Messenger, the dataset allegedly includes ~154 million user records with names, usernames, phone numbers, plus auth tokens, session keys, hashed passwords, metadata logs, and internal infrastructure data.
Date: 2026-01-14T04:46:48Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-DATABASE-LEAK-Max-Messenger-Full-User-Infrastructure-SQL-Dump
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/092cd1a5-975a-40de-b46c-cf31a0d9723f.png
Threat Actors: CamelliaBtw
Victim Country: Unknown
Victim Industry: Information Technology (IT) Services
Victim Organization: max messenger
Victim Site: Unknown
GHOSTNET-X targets the website of Municipalidad de General San Martín
Category: Defacement
Content: The group claims to have defaced the website of Municipalidad de General San Martín
Date: 2026-01-14T04:28:52Z
Network: telegram
Published URL: https://t.me/c/3560880038/112
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a1b47804-3ee1-4d12-9a87-38f8cf015227.png
Threat Actors: GHOSTNET-X
Victim Country: Argentina
Victim Industry: Government Administration
Victim Organization: municipalidad de general san martín
Victim Site: sanmartinlapampa.com.ar
EIGHT-SIX ROOT targets the website of Charamchalanda Girl’s High School
Category: Defacement
Content: The group claims to have defaced the website of Charamchalanda Girl’s High School
Date: 2026-01-14T04:18:42Z
Network: telegram
Published URL: https://t.me/eightsixroot/177
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/837907cf-8541-4eab-8825-35cd56490b77.png
Threat Actors: EIGHT-SIX ROOT
Victim Country: Bangladesh
Victim Industry: Education
Victim Organization: charamchalanda girl’s high school
Victim Site: chghs.edu.bd
Alleged data sale of unidentified companies in USA
Category: Data Breach
Content: Threat actor claims to be selling a 600GB data dump allegedly sourced from four US-based companies. According to the post, the dataset mainly relates to law firms and construction companies and reportedly includes internal corporate documents and accounting files, including QuickBooks data.
Date: 2026-01-14T03:35:05Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273740/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/36fb807f-a030-4b4e-8810-5eab42578c98.png
Threat Actors: Omerta
Victim Country: USA
Victim Industry: Legal Services
Victim Organization: Unknown
Victim Site: Unknown
CyberOprationCulture targets the website of Universitas Ekasakti Padang
Category: Defacement
Content: The group claims to have defaced the website of Universitas Ekasakti Padang
Date: 2026-01-14T03:33:26Z
Network: telegram
Published URL: https://t.me/c/3421269527/68
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/00df24d4-0116-4afb-b8c5-592b5fc2ef74.png
Threat Actors: CyberOprationCulture
Victim Country: Indonesia
Victim Industry: Higher Education/Acadamia
Victim Organization: universitas ekasakti padang
Victim Site: pustaka.unespadang.ac.id
Alleged data leak of Syrian Ministry of Defense
Category: Data Breach
Content: The threat actor claims to leaked data from Syrian Ministry of Defense. The Compromised Data Reportedly Includes First name, Father name, Mother name, Date of birth, Nationality, Mobile number, Email address, Gender
Date: 2026-01-14T03:28:18Z
Network: openweb
Published URL: https://breachforums.bf/Forum-Databases?sortby=started
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fe4e55df-c385-47e5-bf01-a4a6498f915d.png
https://d34iuop8pidsy8.cloudfront.net/9088acf3-29c8-448b-8027-9f488f7b94e9.png
Threat Actors: MR3B1915KURD
Victim Country: Syria
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown
CyberOprationCulture targets the website of STIE Pembangunan
Category: Defacement
Content: The group claims to have defaced the website of STIE Pembangunan
Date: 2026-01-14T03:21:00Z
Network: telegram
Published URL: https://t.me/c/3421269527/68
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1a640bb8-9003-490c-9a6d-58318eaaa3aa.png
Threat Actors: CyberOprationCulture
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: stie pembangunan
Victim Site: pustaka.stie-pembangunan.ac.id
Alleged sale of SCULPTOR v1.1
Category: Malware
Content: The threat actor shared SCULPTOR v1.1, a SQL injection exploitation tool. The tool is advertised as a multi-module SQL injection framework used to scan vulnerable websites and extract database information.
Date: 2026-01-14T03:19:44Z
Network: openweb
Published URL: https://demonforums.net/Thread-Sculptor-v1-1-%E2%80%93-SQL-Injection
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/568050bd-32de-43f4-bc17-c30dbdf78d35.png
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
CyberOprationCulture targets the website of SMAN 2 Metro
Category: Defacement
Content: The group claims to have defaced the website of SMAN 2 Metro
Date: 2026-01-14T03:12:11Z
Network: telegram
Published URL: https://t.me/c/3421269527/68
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a6ecb6f2-9d52-468b-84de-9d5bf2744f03.png
Threat Actors: CyberOprationCulture
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: sman 2 metro
Victim Site: laboratorium.sman2metro.sch.id
CyberOprationCulture targets the website of Universitas Widya Kartika
Category: Defacement
Content: The group claims to have defaced the website of Universitas Widya Kartika
Date: 2026-01-14T03:07:03Z
Network: telegram
Published URL: https://t.me/c/3421269527/68
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4b8b3d14-6d27-4dfa-be48-c2982cef0b1e.png
Threat Actors: CyberOprationCulture
Victim Country: Indonesia
Victim Industry: Higher Education/Acadamia
Victim Organization: universitas widya kartika
Victim Site: pustaka.widyakartika.ac.id
Alleged Sale of Admin panel Access to Game Landing Page
Category: Initial Access
Content: Threat actor claims to be selling access to an admin panel for a game/software landing page platform. The panel reportedly includes features such as landing page management, traffic redirection controls, selectable software versions, regular and advanced operation modes, integrated search functionality, and management of fabricated download and review statistics.
Date: 2026-01-14T03:05:46Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273735/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cf3faa91-ffc8-455b-a753-75e40f324a9c.png
Threat Actors: Relay
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
6ickzone targets the website of Kode Tech Solutions
Category: Defacement
Content: Group claims to have defaced the website of Kode Tech Solutions
Date: 2026-01-14T03:01:01Z
Network: openweb
Published URL: https://defacer.id/mirror/id/226655
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6764e7be-6ee4-43e8-9368-9f7565ee4e64.png
Threat Actors: 6ickzone
Victim Country: India
Victim Industry: Software Development
Victim Organization: kode tech solutions
Victim Site: datingtime.kodetechsolutions.com
Alleged Data breach of U-Haul
Category: Data Breach
Content: The threat actor claims to be selling a database allegedly associated with U-Haul. The exposed data reportedly includes customer email addresses, full names, phone numbers, physical addresses, and driver’s license information. Sample records shared by the actor appear to contain personally identifiable information (PII) from multiple individuals.
Date: 2026-01-14T02:56:34Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273738/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d43ed7ea-abb1-4223-9724-72c72816c291.png
Threat Actors: iwillneverlose
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: u-haul
Victim Site: uhaul.com
CyberOprationCulture targets the website of UIN Saifuddin Zuhri Purwokerto
Category: Defacement
Content: The group claims to have defaced the website of UIN Saifuddin Zuhri Purwokerto
Date: 2026-01-14T02:56:09Z
Network: telegram
Published URL: https://t.me/c/3421269527/68
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5b8edada-310b-4d50-8217-7cfde4f77c1d.png
Threat Actors: CyberOprationCulture
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: uin saifuddin zuhri purwokerto
Victim Site: perpusfit.uinsaid.ac.id
6ickzone targets the website of Sunshine Paints
Category: Defacement
Content: Group claims to have defaced the website of Sunshine Paints
Date: 2026-01-14T02:48:40Z
Network: openweb
Published URL: https://defacer.id/mirror/id/226665
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/35ce58a6-4820-4611-b498-acf91cba8cb3.png
Threat Actors: 6ickzone
Victim Country: Pakistan
Victim Industry: Manufacturing & Industrial Products
Victim Organization: sunshine paints
Victim Site: sunshinepaints.com.pk
Alleged data breach of Trade Republic
Category: Data Breach
Content: Threat actor claims to have leaked data from Trade Republic. The compromised data reportedly includes full name, email, and phone number.
Date: 2026-01-14T02:45:11Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273729/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8c7492ad-92f1-467d-bc71-4f6e5c391393.png
Threat Actors: Michaelberg
Victim Country: Germany
Victim Industry: Banking & Mortgage
Victim Organization: trade republic
Victim Site: traderepublic.com
Merit Group plc Falls Victim for Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained 300GB of the organization’s data. They intend to publish it within 13-14 days.
Date: 2026-01-14T02:41:17Z
Network: tor
Published URL: http://sinobi6rlec6f2bgn6rd72xo7hvds4a5ajiu2if4oub2sut7fg3gomqd.onion/leaks/6963f8c26387a4c9a21c0f7a
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4aa58516-d561-4e36-a1de-99c5e50f0ab6.png
Threat Actors: Sinobi
Victim Country: UK
Victim Industry: Information Services
Victim Organization: merit group plc
Victim Site: meritgroupplc.com
404 crew cyber team targets the website of Bang189
Category: Defacement
Content: Group claims to have defaced the website of Bang189
Date: 2026-01-14T02:39:50Z
Network: openweb
Published URL: https://defacer.id/mirror/id/226666
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/365d0518-828d-4e6b-8318-bcf266aba467.png
Threat Actors: 404 crew cyber team
Victim Country: Indonesia
Victim Industry: Gambling & Casinos
Victim Organization: bang189
Victim Site: bang189.org
Alleged Data Breach of JobsGo
Category: Data Breach
Content: The threat actor claims to be leaked data from JobsGo. The compromised data reportedly contain 2.32 million user records including full names, genders, dates of birth, job titles, companies, physical addresses, education details
Date: 2026-01-14T02:27:56Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-JobsGo-jobsgo-vn-2026-2-32M-Users
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9c688adc-2234-4111-a18f-f29f4e1685c7.png
Threat Actors: thelastwhitehat
Victim Country: Vietnam
Victim Industry: Human Resources
Victim Organization: jobsgo
Victim Site: jobsgo.vn
Alleged sale of WordPress access checking tool
Category: Malware
Content: Threat actor claims to be selling a WordPress bulk access-checking tool capable of validating site credentials at scale, a functionality commonly linked to unauthorized access and credential-stuffing activity.
Date: 2026-01-14T02:06:05Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273657/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/85f561ed-66e1-4e3b-b941-5caeebe2b5b3.png
Threat Actors: toladollar
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
404 crew cyber team targets the website of Diana138
Category: Defacement
Content: Group claims to have defaced the website of Diana138
Date: 2026-01-14T02:03:04Z
Network: openweb
Published URL: https://defacer.id/mirror/id/226667
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/50f34df4-a853-421f-af6d-e6065542ac71.png
Threat Actors: 404 crew cyber team
Victim Country: Indonesia
Victim Industry: Gambling & Casinos
Victim Organization: diana138
Victim Site: diana138.com
Alleged sale of access to Tax service department in USA
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to tax service department in USA.
Date: 2026-01-14T01:43:24Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273712/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4c1f32c1-a21d-479f-b6b6-578d318255af.png
Threat Actors: budda12
Victim Country: USA
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of admin access to unidentified store in Germany
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified online store in Germany.
Date: 2026-01-14T01:37:05Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273718/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0097248f-5027-47e5-971f-3f1b6ec32db1.png
Threat Actors: Reve
Victim Country: Germany
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to unidentified store in Australia
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to an unidentified online store in Australia.
Date: 2026-01-14T01:36:24Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273724/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5c355c09-3604-4453-b4da-6e03297bfab4.png
Threat Actors: ed1n1ca
Victim Country: Australia
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to unidentified store in Denmark
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to an unidentified online store in Denmark.
Date: 2026-01-14T01:32:27Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273727/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b9887a40-25f6-4871-b612-0ac4347c1c61.png
Threat Actors: ed1n1ca
Victim Country: Denmark
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to an unidentified online store in Chile
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to an unidentified online store in Chile.
Date: 2026-01-14T01:27:09Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273726/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/91fdb7b8-ed38-4dea-b112-01e943de9010.png
Threat Actors: ed1n1ca
Victim Country: Chile
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to unidentified shop in Bangladesh
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to an unidentified online store in Bangladesh.
Date: 2026-01-14T01:22:17Z
Network: openweb
Published URL: https://forum.exploit.in/topic/273725/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0e51a766-f4de-4019-879d-3d1324aa7511.png
Threat Actors: ed1n1ca
Victim Country: Bangladesh
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized Access to Saudi Government System
Category: Initial Access
Content: The threat actor claims to be selling unauthorized Access to Saudi Arabia Government Postal System Domain Controller
Date: 2026-01-14T01:21:47Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Saudi-Arabia-Government-Postal-System-Domain-Controller
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/86e7883f-ca47-49c1-8679-0ca3942c99e3.png
Threat Actors: miya
Victim Country: Saudi Arabia
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Ligue de Football Professionnel
Category: Data Breach
Content: The group claims to have breached data from Ligue de Football Professionnel. It includes extracting the database and obtaining all the datas
Date: 2026-01-14T00:07:47Z
Network: telegram
Published URL: https://t.me/DarK07xxxxxxx/429
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/21e2cc4f-91f9-460e-ad43-a0811e41c675.png
Threat Actors: DARK 07x
Victim Country: Algeria
Victim Industry: Sports
Victim Organization: ligue de football professionnel
Victim Site: lfp.dz