[January-21-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This report provides a comprehensive analysis of 124 distinct cybersecurity incidents observed on January 21, 2026. These incidents were sourced from various networks, including the open web, Telegram, and Tor onion sites. The data indicates a highly active threat landscape characterized by widespread data breaches, a surge in ransomware activity, and persistent initial access brokerage.

Key Findings:

• Dominant Attack Vector: Data Breaches remain the most prevalent threat, accounting for a significant portion of the observed activity.
• Ransomware Surge: A notable spike in ransomware activity was observed, with established groups like LockBit 5.0, CL0P, Payouts King, and Play actively targeting organizations across various sectors.
• Geographic Spread: Victims are distributed globally, with significant concentrations in the USA, France, India, and the UAE.
• Sector Vulnerability: The Financial Services, Building & Construction, and Retail/E-commerce sectors were heavily targeted.
• Emerging Threats: There is a continued market for “Initial Access” and specialized malware (e.g., keyloggers, 2FA bypass tools), indicating a mature service-based cybercriminal economy.

---

2. Threat Landscape Overview

The events of January 21, 2026, paint a picture of a relentless and opportunistic cybercriminal ecosystem. Threat actors range from politically motivated hacktivists to financially motivated ransomware syndicates and opportunistic data brokers.

2.1 Category Distribution

The incidents can be broadly categorized as follows:

• Data Breach: The unauthorized exfiltration and subsequent sale or leaking of sensitive data. This includes customer databases, government records, and source code.
• Ransomware: Attacks where threat actors encrypt data and demand payment, often employing “double extortion” tactics by threatening to publish stolen data.
• Initial Access: The sale of unauthorized access to corporate networks, websites, or specific systems (e.g., SCADA, CCTV).
• Malware: The distribution or sale of malicious software, including keyloggers and bypass tools.
• Defacement: The alteration of website content, primarily for political or reputational damage.
• Vulnerability: Reports of specific security weaknesses in systems.

2.2 Active Threat Actors

Several threat actor groups were highly active during this period:

• Ransomware Groups: CL0P, Payouts King, LockBit 5.0, Play, Sinobi, and DEVMAN 2.0.
• Data Brokers/Hackers: nest0r, Shopify (likely a handle for an access broker, not the company), AYYUBI, thelastwhitehat, cactus, and Yiqun data.
• Hacktivists: Handala Hack, Anonymous Morocco, Infrastructure Destruction Squad, DARK 07x, and LulzSec Hackers.

---

3. Detailed Incident Analysis by Category

3.1 Data Breaches

Data breaches continue to be the most voluminous category of incidents. Threat actors are monetizing stolen data on forums like BreachForums and Exploit.in, or leaking it on Telegram channels.

High-Impact Breaches

• Live Nation Entertainment : A threat actor named shinymontanna claimed to sell 2.6 TB of data allegedly containing 1.2 billion user records from Live Nation and Ticketmaster. The data reportedly includes PII and partial payment details. This represents a potentially massive exposure of consumer data.
• Babyvista : A database of 3.7 million records belonging to Babyvista (France) was allegedly put up for sale. The data includes extensive PII of parents and children, raising significant privacy concerns.
• Belgium Citizens Database : A dataset allegedly containing personal information of 3.1 million Belgian citizens was leaked by xmlrpc. The data includes unique identifiers and financial references.
• Facebook (Canada) : A leak of 3.4 million records affecting Canadian Facebook users, reportedly from a 2019 incident, was resurfaced by Didiplayer.
• California Courts : Threat actor Sythe claimed to leak private user records from California Courts, allegedly obtained via an exposed API in January 2026. This highlights the critical risk of API security vulnerabilities.

Financial Sector Targeting

The financial sector faced repeated targeting, particularly in the Middle East and Asia.

• Derayah Financial (Saudi Arabia) : Yiqun data claimed to leak investment data.
• Standard Chartered Bank (UAE) : Alleged leak of savings account data.
• Sharaf Finance (UAE) : Claims of 730,000 cryptocurrency accounts being compromised.
• Saxo Bank (Qatar) : Alleged leak of investment and wealth management data.
• LBLV Ltd (Seychelles) : nest0r claimed to breach 2,600 forex depositor records.

Government and Public Sector

• Algeria: Multiple incidents targeted Algerian entities. Anonymous Morocco claimed to breach the National Office for University Services. DARK 07x targeted the National People’s Assembly (APN).
• USA: A leak of 53,000 US driver’s license images was advertised.
• Indonesia: Data from Madiun city services was allegedly leaked.
• UAE: LulzSec Hackers claimed a breach of the Abu Dhabi Judicial Department.

3.2 Ransomware Activity

January 21, 2026, saw a coordinated surge in ransomware victim postings. Groups often post victims to their leak sites after negotiations fail, so these postings may reflect attacks that occurred days or weeks prior.

CL0P Ransomware Campaign

The CL0P group released a significant batch of victims on this day, targeting diverse industries:

• WorkForce Software (USA): Software sector.
• KCD, Inc. (USA): Public Relations.
• McMath Woods (USA): Legal Services.
• Trust Payments (UK): Financial Services.
• Brinks (New Zealand): Food Production.
• Integritek (USA): IT Services.
• Centaur Products Inc. (Canada): Sports.
• Korol Financial Group (USA): Financial Services.
• Bureaux Solutions (France): Retail.
• Onyx Equities, LLC (USA): Real Estate.

Payouts King Ransomware

This group was highly active, specifically targeting the construction and manufacturing sectors in Europe:

• Mausa (Spain): 218 GB of data.
• Aero-Coating GmbH (Germany): 520 GB of data. Notably, this victim was previously targeted by Qilin Ransomware.
• Caunton Engineering Limited (UK): 2.3 TB of data.
• Ash & Lacy (UK): 2.1 TB of data.
• V. FRAAS (Germany): 625 GB of data.
• Bespoke Home Interior Design Group (UK): 832 GB of data.

Other Notable Ransomware Incidents

• LockBit 5.0: Targeted US Duct Inc. (USA) , Sociedad Hipotecaria Federal (Mexico) , Frandent Group (Italy) , and Aditus Financial Consulting (Brazil).
• Akira: Claimed attacks on Clipper Petroleum (USA) and Mettler+Partner AG (Switzerland).
• Play: Targeted Midway Windows & Doors (USA) , Cemtech Corporation (USA) , and C.E. Electronics (USA).
• Sinobi: A seemingly newer or less common variant/group, targeted Modernistic Garden & Pet Supply (Bahamas) , Bayside Dental (USA) , Asian Heart Institute (India) , and ShuBee (USA).
• Qilin: Targeted Ensenada Entrepreneurial Development Center (Mexico) and Mutest (France).
• Everest: Claimed to exfiltrate 186 GB from Bolttech (Singapore).

3.3 Initial Access Brokerage

The sale of “Initial Access” is a critical precursor to ransomware and data theft. Brokers sell entry points (e.g., VPN credentials, webshells, RDP access) to other criminals.

• E-commerce Access: A threat actor using the handle Shopify (unrelated to the legitimate platform) flooded the market with shell access to online stores in Spain, USA, Argentina, Australia, and the UK.
• Telecommunications: Access to a US-based telecom company with ~10,000 employees was offered by rahduck.
• Critical Infrastructure: Z-PENTEST ALLIANCE claimed access to a hydroelectric power plant and a CCTV system in a manufacturing plant in the Czech Republic.
• SCADA Systems: Infinite International claimed unauthorized access to a SCADA system in Syria.

3.4 Hacktivism and Geopolitical Threats

Geopolitical tensions continue to manifest in cyberspace.

• Israel-Gaza Conflict:
  • Handala Hack claimed a breach of i24NEWS, framing it as a planned operation.
  • Cyber Islamic resistance-Axis claimed access to michlala.com (Israel).
  • Infrastructure Destruction Squad targeted a former Israeli officer and a US hospitality surveillance system.
• Algeria: DARK 07x and Anonymous Morocco targeted Algerian government and banking sectors.
• Russia/Ukraine Context: While less explicit in the summaries, attacks on Russian entities like Gastritis Client Forum and educational institutions by actors like 404 CREW CYBER TEAM suggest ongoing friction.

3.5 Malware and Tools

The commercialization of cybercrime tools (Cybercrime-as-a-Service) is evident.

• 2FA Bypass: A tool claiming to hijack authenticated session cookies to bypass 2FA on major platforms (Gmail, Office365) was offered by Starip.
• Keyloggers: The “Nightmare Keylogger” was advertised, boasting persistence and data exfiltration capabilities.

---

4. Sector Analysis

4.1 Financial Services

• Threat Level: Critical
• Incidents: 15+
• Key Trends: Threat actors are targeting banks, crypto platforms, and investment firms globally. The focus is on customer PII and financial records that can be used for fraud or sold.
• Notable Victims: Standard Chartered (UAE), Derayah Financial (Saudi Arabia), Saxo Bank (Qatar), Trust Payments (UK).

4.2 Building and Construction

• Threat Level: High
• Incidents: 10+
• Key Trends: This sector is currently a primary target for ransomware groups like Payouts King. These organizations often manage large sums of money and sensitive project blueprints, making them lucrative targets for extortion.
• Notable Victims: Mausa (Spain), Caunton Engineering (UK), Ash & Lacy (UK), Acamargo (Brazil).

4.3 Retail and E-commerce

• Threat Level: High
• Incidents: 20+
• Key Trends: Frequent “shell access” sales indicate widespread vulnerability in CMS platforms (Magento, WordPress). Breach data often includes customer PII and partial payment info.
• Notable Victims: Plants Online BV (Netherlands), Intersport Rent (France), Elegant Nail & Beauty Supply (USA).

4.4 Government and Critical Infrastructure

• Threat Level: High
• Key Trends: Attacks on SCADA systems and power plants (Czech Republic, Syria) are alarming. Government database leaks (Belgium, Algeria, California) erode public trust.
• Notable Victims: Belgium Citizens Database, National People’s Assembly (Algeria), SCADA System (Syria).

---

5. Regional Analysis

• North America (USA/Canada): Remains the most targeted region. Victims span all sectors, with heavy ransomware activity (CL0P, Play, LockBit). The leak of California Courts data and driver’s licenses indicates deep penetration of public sector data.
• Europe: Significant activity in France (data breaches), UK (ransomware in construction), and Germany (ransomware in manufacturing). The Czech Republic saw specific targeting of industrial systems.
• Middle East/North Africa (MENA): High volume of financial data leaks in UAE and Saudi Arabia. Algeria faced a concentrated wave of hacktivist and breach activity.
• Asia: India saw multiple breaches (ABB Power Products, Yellow Slate). South Korea (Me Too source code) and Singapore (Bolttech) also faced incidents.

---

6. Recommendations

Based on the intelligence gathered, the following actions are recommended for organizations:

1. Patch Management & CMS Hardening: Given the high volume of e-commerce access sales, retailers must prioritize patching CMS platforms (Magento, WordPress) and securing administrative interfaces.
2. Ransomware Defense:
   • Maintain offline, immutable backups.
   • Implement network segmentation to limit lateral movement.
   • Deploy EDR (Endpoint Detection and Response) solutions to detect early stages of encryption or exfiltration.
3. Credential Hygiene: The sale of “Initial Access” often relies on compromised credentials. Enforce MFA (despite bypass tools, it raises the bar), disable unused accounts, and monitor for leaked credentials.
4. API Security: The California Courts breach highlights API risks. Organizations should audit API endpoints for unauthorized access and excessive data exposure.
5. Supply Chain Monitoring: Monitor third-party vendors, as breaches in software providers (e.g., WorkForce Software) can cascade to their clients.

---

7. Conclusion

The cybersecurity events of January 21, 2026, demonstrate a volatile and aggressive threat landscape. The industrialization of cybercrime is evident in the specialized roles of access brokers, malware developers, and ransomware affiliates.

The surge in ransomware targeting the construction and financial sectors requires immediate attention. Furthermore, the targeting of critical infrastructure (SCADA, power plants) and the exposure of massive citizen databases (Belgium, Live Nation) underscore the potential for real-world disruption and harm.

Organizations must move beyond reactive measures and adopt a proactive security posture, focusing on threat intelligence, robust access controls, and resilience against extortion tactics.

Detected Incidents Draft Data

1. Alleged Sale of Babyvista Customer Database
   Category: Data Breach
   Content: The threat actor claims to be selling a large database belonging to Babyvista, the dataset contains over 3.7 million records and includes extensive personally identifiable information (PII) of parents and children.
   Date: 2026-01-21T23:51:48Z
   Network: openweb
   Published URL: https://breachforums.bf/Thread-SOLD-OUT-FR-Babyvista-3-7M-Names-Emails-Phones-Address-Child-Parents-Info
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/10eff1d3-438d-4213-a782-ab3a7bdbffe9.png
   Threat Actors: placenta
   Victim Country: France
   Victim Industry: Photography
   Victim Organization: babyvista
   Victim Site: babyvista.fr
2. Alleged access to michlala.com
   Category: Initial Access
   Content: The group claims to have leaked access to the website michlala.com. NB: Authenticity of claim is yet to be verified.
   Date: 2026-01-21T23:48:43Z
   Network: telegram
   Published URL: https://t.me/Mhwear98/1351
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/96877af7-ffca-44b6-a570-552c6ecffbea.png
   Threat Actors: Cyber Islamic resistance-Axis
   Victim Country: Israel
   Victim Industry: Education
   Victim Organization: michlala
   Victim Site: michlala.com
3. Alleged Data Breach of E-SmartTec
   Category: Data Breach
   Content: The threat actor claims to have breached data associated with E-SmartTec.
   Date: 2026-01-21T23:40:38Z
   Network: openweb
   Published URL: https://breachforums.bf/Thread-DATABASE-www-e-smarttec-com
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/dc96f1e7-2cdc-4f08-b48f-2e61f3f1ae16.png
   Threat Actors: HXH_HAYXHACKER
   Victim Country: Unknown
   Victim Industry: Electrical & Electronic Manufacturing
   Victim Organization: e-smarttec
   Victim Site: e-smarttec.com
4. Alleged Unauthorized Access to SCADA System
   Category: Initial Access
   Content: The group claims to have unauthorized Access to SCADA System in Syria.
   Date: 2026-01-21T23:35:19Z
   Network: telegram
   Published URL: https://t.me/infinitena/279
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/56ab4d70-7f4b-4231-89ca-da4f8db056f4.png
   https://d34iuop8pidsy8.cloudfront.net/bb92e576-afdf-4e57-af6e-8adda34dab92.png
   Threat Actors: Infinite International
   Victim Country: Syria
   Victim Industry: Unknown
   Victim Organization: Unknown
   Victim Site: Unknown
5. Alleged Data Breach of Acamargo
   Category: Data Breach
   Content: The threat actor claims to have leaked data associated with acamargo, exposing a dataset containing approximately 9,000 records.
   Date: 2026-01-21T23:17:53Z
   Network: openweb
   Published URL: https://breachforums.bf/Thread-DATABASE-www-acamargo-com-9k
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/921982ef-39fe-4fe0-9fb7-77de2a76ac4b.png
   Threat Actors: nest0r
   Victim Country: Brazil
   Victim Industry: Building and construction
   Victim Organization: acamargo
   Victim Site: acamargo.com
6. Alleged data leak of Gastritis Client Forum Base
   Category: Data Breach
   Content: Threat actor claims to have leaked client data extracted from a CRM system related to companies that purchased stands and advertising at the Gastritis forum held in Sochi.
   Date: 2026-01-21T23:03:07Z
   Network: openweb
   Published URL: https://leakbase.la/threads/baza-foruma-klientov-gastrit.48344/
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/49526f77-adf2-40e6-91ab-f1dc2d7af511.png
   Threat Actors: tredislav199705
   Victim Country: Russia
   Victim Industry: Unknown
   Victim Organization: Unknown
   Victim Site: Unknown
7. Alleged data breach of Plants Online BV
   Category: Data Breach
   Content: The threat actor claims to have leaked a customer database associated with haagplanten.net, an e-commerce platform for plants and gardening products. the exposed dataset allegedly contains 32,168 records, including customer names, email addresses, phone numbers, physical addresses, dates of birth, account details, company information, and VAT-related data, impacting users across multiple European countries.
   Date: 2026-01-21T22:50:46Z
   Network: openweb
   Published URL: https://breachforums.bf/Thread-DATABASE-haagplanten-net-32168-EU
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/cc09fe1a-d0f7-4999-ba75-c146770eadef.png
   Threat Actors: nest0r
   Victim Country: Netherlands
   Victim Industry: Retail Industry
   Victim Organization: plants online bv
   Victim Site: haagplanten.net
8. Alleged Data Breach of Thep-Prasit Honey Farm
   Category: Data Breach
   Content: Threat Actor claims to have breached the database of Thep-Prasit Honey Farm in Thailand, which contains approximately 15,500 customer records. The dataset reportedly includes customer names, email addresses, phone numbers, country and location details, and customer registration dates.
   Date: 2026-01-21T22:29:23Z
   Network: openweb
   Published URL: https://breachforums.bf/Thread-DATABASE-thaihoney-com-15-5k
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/060c0b39-3bcc-40d2-91ce-b78ceb25141d.png
   Threat Actors: nest0r
   Victim Country: Thailand
   Victim Industry: Food & Beverages
   Victim Organization: thep-prasit honey farm
   Victim Site: thaihoney.com
9. Clipper Petroleum falls victim to akira Ransomware
   Category: Ransomware
   Content: The group claims to have obtained 60 GB of the organization’s data. The data includes customer and employee personal documents, confidential internal files, detailed financial and accounting records, contracts and agreements, credit card information, and NDAs.
   Date: 2026-01-21T22:28:16Z
   Network: tor
   Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/31edc59d-a18e-40fb-83b4-47a555ab388f.png
   Threat Actors: akira
   Victim Country: USA
   Victim Industry: Oil & Gas
   Victim Organization: clipper petroleum
   Victim Site: clipperpetroleum.com
10. Alleged data leak of M-STAT
    Category: Data Breach
    Content: Threat actor claims to have leaked SMS database of M-STAT, Greece.
    Date: 2026-01-21T22:27:41Z
    Network: openweb
    Published URL: https://leakbase.la/threads/m-stat-database-dump-sms.48328/#post-269228
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a8ad11af-2600-4f07-ac6b-e4059ab35fd9.png
    Threat Actors: yuri2000
    Victim Country: Greece
    Victim Industry: Network & Telecommunications
    Victim Organization: m-stat
    Victim Site: mstat.com
11. Alleged sale of unauthorized access to unidentified U.S,based Telecommunications Company
    Category: Initial Access
    Content: A threat actor claims to be selling unauthorized corporate network access to a U.S.-based telecommunications organization with an estimated size of approximately 10,000 users/employees.
    Date: 2026-01-21T22:27:09Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/274274/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d79420cb-e322-479d-90de-06d7bd8a4e8e.png
    Threat Actors: rahduck
    Victim Country: USA
    Victim Industry: Network & Telecommunications
    Victim Organization: Unknown
    Victim Site: Unknown
12. Alleged sale of French Email Database
    Category: Data Breach
    Content: The threat actor claims to be selling a database containing approximately 1.2 million French email records, labeled as France Email Database .
    Date: 2026-01-21T22:25:27Z
    Network: openweb
    Published URL: https://leakbase.la/threads/1-2-million-france-email-database-2026.48346/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/5c797d26-b781-4830-8bfc-9fcaac7d214b.png
    Threat Actors: Pijush507
    Victim Country: France
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
13. Alleged Data Breach of Elegant Nail & Beauty Supply
    Category: Data Breach
    Content: Threat Actor claims to have breached the database of Elegant Nail & Beauty Supply from Australia and USA. The leaked dataset contains approximately 5,700 records, including customer names, email addresses, phone numbers, postal codes, country and state information, and customer registration dates.
    Date: 2026-01-21T22:21:12Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-elegantnailsupply-com-AU-USA
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/520f643e-4b8f-496d-8d42-115e470fad60.png
    Threat Actors: nest0r
    Victim Country: USA
    Victim Industry: Consumer Services
    Victim Organization: elegant nail & beauty supply
    Victim Site: elegantnailsupply.com
14. Alleged sale of Inbox undetected 2FA Attachment
    Category: Malware
    Content: A threat actor claims to have selling a 2FA-bypass cookie hijacking tool, claiming the ability to capture authenticated session cookies via email attachments to gain unauthorized access to accounts on platforms such as Gmail, iCloud, Office365, Yahoo, ID.me, and financial services, effectively enabling account takeover without triggering multi-factor authentication.
    Date: 2026-01-21T22:20:41Z
    Network: openweb
    Published URL: http://185.206.215.219/threads/63121/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ac7d3f7f-5c43-4882-8bfe-bb060ebc95db.png
    Threat Actors: Starip
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
15. Alleged Data Breach of ABB Power Products and Systems India Ltd
    Category: Data Breach
    Content: Threat Actor claims to have breached the database of ABB Power Products and Systems India Ltd in India. The exposed dataset contains more than 6,400 records, which includes company names, contact person names, email addresses, phone numbers, and other customer-related business details.
    Date: 2026-01-21T22:03:51Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DOCUMENTS-6400-Company-ABB-Power-Products-and-Systems-India-Ltd-customer-data-leaked
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/18dcb172-1f23-4d73-967b-39dd93779272.png
    Threat Actors: AYYUBI
    Victim Country: India
    Victim Industry: Electrical & Electronic Manufacturing
    Victim Organization: abb power products and systems india ltd
    Victim Site: abb.com
16. Alleged sale of French Leads Database
    Category: Data Breach
    Content: A threat actor claims to be selling a private database containing approximately 1.7 million French leads. The dataset is advertised for public sale and reportedly includes extensive personal contact information such as full names, email addresses, and phone numbers
    Date: 2026-01-21T21:52:05Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/274250/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/4fe6d101-7997-4e56-b98f-81a35facd69c.png
    Threat Actors: betway
    Victim Country: France
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
17. Alleged Data Breach of Menulux
    Category: Data Breach
    Content: Threat actor claims to have breached the database of Menulux in Turkey, which contains approximately 93,000 customer records. he compromised data reportedly includes full names, phone numbers, and physical addresses.
    Date: 2026-01-21T21:49:01Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-Menulux-Data-Breach-Leaked-Download–185135
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d387c8a3-7458-4353-8ba3-f37818ba955c.png
    Threat Actors: 888
    Victim Country: Turkey
    Victim Industry: Software
    Victim Organization: menulux
    Victim Site: menulux.com
18. Midway Windows & Doors, Inc. falls victim to PLAY Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s data. The data includes Private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and etc. They intend to publish the data within 5 days.
    Date: 2026-01-21T21:47:16Z
    Network: tor
    Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=FBldkNcJDDaA6E
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2dd14dd5-72bc-4de8-841d-8988264e2397.png
    Threat Actors: PLAY
    Victim Country: USA
    Victim Industry: Building and construction
    Victim Organization: midway windows & doors, inc.
    Victim Site: midwaywindows.com
19. PKT Quantity Surveyors falls victim to BlackShrantac Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 1.5 TB of the organizations data. The data include client and project records (contracts, cost estimates), financial and business documents (invoices, payments, banking details, budgets), employee and leadership information (personal and professional data), and legal and compliance records (regulatory filings, audits, insurance documents). They intend to publish the data within 4-5 days.
    Date: 2026-01-21T21:30:49Z
    Network: tor
    Published URL: http://shrantacpxim7z6m6pnszi52bb2tp23sntby3hklt36rezdja7bdjsyd.onion/leaks/wLLqVbO1WwEu
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b479051b-6c8b-4dcc-8b47-b69377ac4189.png
    https://d34iuop8pidsy8.cloudfront.net/34418c29-3568-4d57-8962-1d7ba3a03b0b.png
    https://d34iuop8pidsy8.cloudfront.net/02ce1ea5-7aa5-48a3-99bb-f4241dfe1516.png
    https://d34iuop8pidsy8.cloudfront.net/7df3192b-a3ec-4008-bb12-14f9f97110af.png
    Threat Actors: BlackShrantac
    Victim Country: Malaysia
    Victim Industry: Building and construction
    Victim Organization: pkt quantity surveyors
    Victim Site: pktqs.com
20. Cemtech Corporation falls victim to PLAY Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s data. The data includes Private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and etc. They intend to publish the data within 5 days.
    Date: 2026-01-21T21:30:27Z
    Network: tor
    Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=psRTkNPI65dlFL
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/59f134d6-41ab-4d29-9ad2-492f1676523a.png
    Threat Actors: PLAY
    Victim Country: USA
    Victim Industry: Building and construction
    Victim Organization: cemtech corporation
    Victim Site: cemtech-corp.com
21. C.E. Electronics, Inc falls victim to PLAY Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s data. The data includes Private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and so on. They intend to publish the data within 5 days.
    Date: 2026-01-21T21:27:31Z
    Network: tor
    Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=UVAYMz9FERCJCP
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6b9a8ff8-6190-44be-8613-706f963ed84d.png
    Threat Actors: PLAY
    Victim Country: USA
    Victim Industry: Electrical & Electronic Manufacturing
    Victim Organization: c.e. electronics, inc
    Victim Site: ceelectronics.com
22. Alleged unauthorized access to REPARILY
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to the systems of REPARILY in Algeria, and intends to modify user passwords and system data within a day.
    Date: 2026-01-21T21:13:30Z
    Network: telegram
    Published URL: https://t.me/firewirBackupChannel/205?single
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/59dc397d-934c-4ffb-9aec-2a3244e4f43f.png
    Threat Actors: Fire Wire
    Victim Country: Algeria
    Victim Industry: Consumer Electronics
    Victim Organization: reparily
    Victim Site: store.reparily.dz
23. Modernistic Garden & Pet Supply LTD falls victim to Sinobi Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 20 GB of the organizations data. The compromised data Financial information and Contracts. They intend to publish it within a day.
    Date: 2026-01-21T20:56:51Z
    Network: tor
    Published URL: http://sinobi6rlec6f2bgn6rd72xo7hvds4a5ajiu2if4oub2sut7fg3gomqd.onion/leaks/69712d076387a4c9a292e022
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ed9640bc-4616-4c06-afd1-12960931dd69.png
    https://d34iuop8pidsy8.cloudfront.net/a2c077c2-c6ef-4b68-b863-106563cc5348.png
    Threat Actors: Sinobi
    Victim Country: Bahamas
    Victim Industry: Retail Industry
    Victim Organization: modernistic garden & pet supply ltd
    Victim Site: modernisticgarden.com
24. Alleged data breach of Algerias National People’s Assembly (APN)
    Category: Data Breach
    Content: The group claims to have breached the digital infrastructure of Algeria’s National People’s Assembly (APN), alleging access to multiple APN‑related domains, employee accounts, internal communications, and government email systems.
    Date: 2026-01-21T20:43:23Z
    Network: telegram
    Published URL: https://t.me/DarK07xxxxxxx/1079?single
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/86518bd9-923f-4f90-937a-7d8c86d026be.png
    https://d34iuop8pidsy8.cloudfront.net/1cad5bdc-3136-461b-a518-17e861d316b4.png
    https://d34iuop8pidsy8.cloudfront.net/376a449b-df3f-4ff9-9443-7ad3d7d67b6e.png
    Threat Actors: DARK 07x
    Victim Country: Algeria
    Victim Industry: Government Administration
    Victim Organization: national people’s assembly (apn)
    Victim Site: apn.gov.dz
25. Alleged unauthorized access to the system of an former israeli officer
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to the system of an former israeli officer and they also claim that his email account has also been compromised with ransomware to be installed on the entire system.
    Date: 2026-01-21T20:42:50Z
    Network: telegram
    Published URL: https://t.me/n2LP_wVf79c2YzM0/3407
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/168eb9e1-dadb-4d56-b633-95465db77b6a.jpg
    Threat Actors: Infrastructure Destruction Squad
    Victim Country: Israel
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
26. Alleged data breach of i24NEWS
    Category: Data Breach
    Content: The hacktivist group Handala has claimed responsibility for a breach of the i24 channel, stating that the incident was a planned operation and not a random disruption. The group issued a warning message suggesting possible future actions.
    Date: 2026-01-21T20:39:18Z
    Network: openweb
    Published URL: https://handala-hack.to/ignite-chaos-at-your-own-risk-i24-channel-hacked/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c7ff1b5c-5ec3-4c37-8b3e-df6eb1df3662.jpg
    https://d34iuop8pidsy8.cloudfront.net/0af6dd6c-6403-49bb-83e4-3f47b2591bc4.jpg
    https://d34iuop8pidsy8.cloudfront.net/47101073-d7a0-40b6-92c7-2c03f9acc58b.jpg
    https://d34iuop8pidsy8.cloudfront.net/d068fbcc-a0bb-48d9-b483-af002bab8aa2.jpg
    https://d34iuop8pidsy8.cloudfront.net/57935bf4-2b41-4fb8-bd55-8cac57b0f0c1.jpg
    Threat Actors: Handala Hack
    Victim Country: Israel
    Victim Industry: Broadcast Media
    Victim Organization: i24news
    Victim Site: i24news.tv
27. Bayside Dental falls victim to Sinobi Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 580 GB of the organizations data. The compromised data includes Customers information, Contracts and Incidents. They intend to publish it within 10-11 days.
    Date: 2026-01-21T20:33:05Z
    Network: tor
    Published URL: http://sinobi6rlec6f2bgn6rd72xo7hvds4a5ajiu2if4oub2sut7fg3gomqd.onion/leaks/697125d56387a4c9a292a31c
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2f97d42e-b080-432e-a767-dca9df0bcad1.png
    https://d34iuop8pidsy8.cloudfront.net/457edb43-840b-487e-bbf4-b845d693dcab.png
    Threat Actors: Sinobi
    Victim Country: USA
    Victim Industry: Medical Practice
    Victim Organization: bayside dental
    Victim Site: baysidedentalrowlett.com
28. Asian Heart Institute falls victim to Sinobi Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 120 GB of the organizations data. The compromised data Confidential data, Financial information, Contracts, Customers information and Incidents. They intend to publish it within 13-14 days.
    Date: 2026-01-21T20:31:55Z
    Network: tor
    Published URL: http://sinobi6rlec6f2bgn6rd72xo7hvds4a5ajiu2if4oub2sut7fg3gomqd.onion/leaks/697126e26387a4c9a292ab20
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/31b0b2cb-ff44-4f4b-b8b2-c990f2b29642.png
    https://d34iuop8pidsy8.cloudfront.net/0e82675a-2635-4264-bdb6-86cf0c9197c1.png
    Threat Actors: Sinobi
    Victim Country: India
    Victim Industry: Hospital & Health Care
    Victim Organization: asian heart institute
    Victim Site: asianheartinstitute.org
29. Alleged Data Breach of Me Too Platform Source Code
    Category: Data Breach
    Content: Threat Actor claims to have breached the full source code of Me Too in South Korea. The allegedly compromised data includes backend and frontend code, configuration and deployment files, and embedded credentials. The exposed secrets include GitHub Personal Access Tokens (PATs), third-party API keys, and other sensitive authentication tokens.
    Date: 2026-01-21T20:27:42Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SOURCE-CODE-South-Korean-Me2-to-Full-source-code-Github-PAT
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/77e75d8d-61d9-453d-a366-26b381c995e1.png
    Threat Actors: hexvior
    Victim Country: South Korea
    Victim Industry: Information Technology (IT) Services
    Victim Organization: me too
    Victim Site: me2.to
30. Alleged Leak of 6M Login Credentials from Argentina
    Category: Data Breach
    Content: Threat actor claims to have leaked a dataset allegedly containing approximately 6 million login credentials in Argentina. The exposed data includes email : password and username : password combinations, reportedly sourced from multiple Argentine domains, including .com.ar, .gob.ar, and .gov.ar.
    Date: 2026-01-21T20:17:34Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-6M-LOGINS-ARGENTINA-email-pass-users-pass-2026
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7a18a921-7daa-4ba0-a4a9-ae283dc04c92.png
    Threat Actors: cae1caen2
    Victim Country: Argentina
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
31. ShuBee falls victim to Sinobi Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 350 GB of organizations data. The compromised data includes Financial information, Contracts, Customers information and Confidential information. They intend to publish it within 6-7 days.
    Date: 2026-01-21T20:14:18Z
    Network: tor
    Published URL: http://sinobi6rlec6f2bgn6rd72xo7hvds4a5ajiu2if4oub2sut7fg3gomqd.onion/leaks/697123006387a4c9a2928f29
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/342e5b2e-e02b-484e-843c-d31bdc7ab040.png
    https://d34iuop8pidsy8.cloudfront.net/b0af0ef0-c270-4c0c-8fcb-871a93f4ce52.png
    Threat Actors: Sinobi
    Victim Country: USA
    Victim Industry: Retail Industry
    Victim Organization: shubee
    Victim Site: shubee.com
32. Alleged data leak of Sepah Bank
    Category: Data Breach
    Content: The group claims to have obtained and leaked a database allegedly containing personal information of 2,000 military personnel affiliated with Sepah Bank in Iran.
    Date: 2026-01-21T20:13:38Z
    Network: telegram
    Published URL: https://t.me/shadow_cyber/168
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/863c1c9e-6453-4467-968a-0dd5b7b84231.png
    Threat Actors: Shadow SEC
    Victim Country: Iran
    Victim Industry: Banking & Mortgage
    Victim Organization: sepah bank
    Victim Site: banksepah.ir
33. Alleged Sale of Nightmare Keylogger Malware
    Category: Malware
    Content: Threat Actor claims to be selling a keylogger malware named Nightmare Keylogger, allegedly capable of logging all keystrokes, capturing clipboard data, filtering sensitive information such as passwords and card details, and automatically exfiltrating data to a remote server. The tool is also claimed to maintain persistence and operate continuously in the background.
    Date: 2026-01-21T20:02:50Z
    Network: openweb
    Published URL: https://forum.duty-free.cc/threads/6325/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/fc1a2f63-7406-47d7-809e-9f2797280f4a.png
    Threat Actors: DFGSSDFGSGSAGDFDSG
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
34. Alleged Data Leak of ABB Power Products and Systems India Ltd
    Category: Data Breach
    Content: Threat Actor claims to have leaked the database of ABB Power Products and Systems India Ltd. The exposed dataset contains more than 6,400 records, which includes company names, contact person names, email addresses, phone numbers, and other customer-related business details.
    Date: 2026-01-21T19:40:28Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DOCUMENTS-6400-Company-ABB-Power-Products-and-Systems-India-Ltd-customer-data-leaked
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/18dcb172-1f23-4d73-967b-39dd93779272.png
    Threat Actors: AYYUBI
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
35. Alleged Data Breach of Intersport Rent
    Category: Data Breach
    Content: Threat Actor claims to have breached the database of Intersport Rent in France. The alleged breach is occurred in March 2025 and reportedly resulted in the exposure of more than 1.2 million records. The compromised data includes customer names, email addresses, phone numbers, loyalty numbers, order and reservation details, location information, and customer reviews.
    Date: 2026-01-21T19:18:03Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-FR-WW-Intersport-rent-fr-Ski-renting-1-2M-Names-Emails-Phones-Loyalty
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7315a5c1-ccfd-446b-be94-5c27684847da.png
    Threat Actors: placenta
    Victim Country: France
    Victim Industry: Sports
    Victim Organization: intersport rent
    Victim Site: intersport-rent.fr
36. Alleged Data Leak of California Courts Private User Records
    Category: Data Breach
    Content: Threat Actor claims to have leaked the database of California Courts Private User Records in USA, following an incident in January 2026 involving an exposed API endpoint. The dataset contains information on approximately 25,091 users, including around 17,420 unique email addresses. The leaked data includes user IDs, GUIDs, first and last names, display names, email addresses, phone numbers, and account creation and modification timestamps.
    Date: 2026-01-21T19:05:30Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-California-Courts-Private-User-Records
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8ea16c60-73ff-4c2c-8b88-7e1c3ab76f5b.png
    Threat Actors: Sythe
    Victim Country: USA
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
37. Alleged sale of USA Driver License database
    Category: Data Breach
    Content: A threat actor claims to sellling a dataset described as “53k USA Driver License, claiming it contains approximately 53,000 front-side images or scans of U.S. driver licenses.
    Date: 2026-01-21T19:01:31Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/274253/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ac408f4d-90dd-420e-ba4a-f8294b87043a.png
    Threat Actors: SinCity
    Victim Country: USA
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
38. Alleged sale of unauthorized access to an Magento-based Sports Goods Store from Italy
    Category: Initial Access
    Content: A threat actor claims to be selling unauthorized access to an Italian Magento-1 e-commerce website specializing in sports goods.
    Date: 2026-01-21T18:58:07Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/274252/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d7ecf244-0e77-4278-accb-0f6a9a60d67d.png
    Threat Actors: Fancy.Bear
    Victim Country: Italy
    Victim Industry: Sporting Goods
    Victim Organization: Unknown
    Victim Site: Unknown
39. Alleged sale of unauthorized access to an WordPress-based online store from Brazilian
    Category: Initial Access
    Content: A threat actor claims to be selling unauthorized access to a Brazilian WordPress-based online store, claiming full administrative control along with shell access.The compromised shop reportedly has a high transaction volume, with a total of 9,096 orders recorded.
    Date: 2026-01-21T18:57:28Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/274248/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/57206d4f-baaa-4174-b4a9-c7b98c92b353.png
    Threat Actors: megabyte
    Victim Country: Brazil
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: Unknown
40. Ensenada Entrepreneurial Development Center falls victim to Qilin Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organizations data.
    Date: 2026-01-21T18:53:43Z
    Network: tor
    Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=81113187-03ee-38bd-9860-22535f53f24e
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/5fbc0369-074c-4152-8197-ae3618e77f99.png
    Threat Actors: Qilin
    Victim Country: Mexico
    Victim Industry: Accounting
    Victim Organization: ensenada entrepreneurial development center
    Victim Site: ensenada.gob.mx
41. Alleged Data Leak of Mini Data in USA
    Category: Data Breach
    Content: Threat actor claims to have leaked a small dataset in the United States. The dataset reportedly consists of 116 records, with the database quality of approximately 71%.
    Date: 2026-01-21T18:50:45Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-Mini-USA-Data-116-Records
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/4fffcd2c-ed53-4f66-a1a5-f02b4a625580.png
    Threat Actors: shawnwallah
    Victim Country: USA
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
42. Alleged Data Leak of Facebook User Data in Canada
    Category: Data Breach
    Content: Threat actor claims to have leaked a database allegedly linked to a Facebook data exposure incident from 2019, affecting users in Canada. The dataset contains approximately 3.4 million records and is around 346 MB in size. The exposed information includes phone numbers, Facebook account identifiers, full names, gender, location details, and other profile-related data.
    Date: 2026-01-21T18:37:06Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-CAN-Facebook-2019-leak
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9a9d7d42-969c-4351-83b2-ad04e529edf3.png
    Threat Actors: Didiplayer
    Victim Country: Canada
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
43. Alleged sale of unauthorized access to unidentified WordPress Shop from UAE
    Category: Initial Access
    Content: The Threat actor claims to be selling unauthorized access to unidentified WordPress Perfume store from UAE.
    Date: 2026-01-21T18:35:50Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/274251/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b7899b4b-f953-455b-ab2c-442ee1e19934.png
    Threat Actors: Fancy.Bear
    Victim Country: UAE
    Victim Industry: E-commerce & Online Stores
    Victim Organization: Unknown
    Victim Site: Unknown
44. Bolttech falls victim to Everest Ransomware
    Category: Ransomware
    Content: The group claims to have exfiltrated 186 GB of the organizations sensitive internal data and intends to publish it within a day.
    Date: 2026-01-21T18:08:04Z
    Network: tor
    Published URL: http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/news/Bolttech/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3f10589c-e21d-4ae3-95af-aba02040da0e.png
    https://d34iuop8pidsy8.cloudfront.net/a620648b-fe30-44c0-89ea-e6e6eb80f83a.png
    https://d34iuop8pidsy8.cloudfront.net/4f2c6189-0311-4951-99eb-ceec26e32882.png
    Threat Actors: Everest
    Victim Country: Singapore
    Victim Industry: Insurance
    Victim Organization: bolttech
    Victim Site: bolttech.io
45. Mutest falls victim to Qilin Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organizations data.
    Date: 2026-01-21T17:58:20Z
    Network: tor
    Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=88821dc9-ff30-3667-8b38-8f5afcb1d328
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/aab332b5-2621-41e5-aa13-fc656eb43f3d.png
    Threat Actors: Qilin
    Victim Country: France
    Victim Industry: Insurance
    Victim Organization: mutest
    Victim Site: mutest.fr
46. Alleged Data Leak of 3.1M Belgium Citizens Database
    Category: Data Breach
    Content: Threat actor claims to have leaked a database allegedly containing personal information of approximately 3.1 million Belgium citizens. The exposed data includes unique identifiers, full names, gender, location information, relationship or marital status, dates, and references to financial or insurance institutions.
    Date: 2026-01-21T17:57:38Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-Belgium-Citizens-3-1M
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8affac85-8e6f-42a6-aa58-4b095358cd8f.png
    Threat Actors: xmlrpc
    Victim Country: Belgium
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
47. Alleged Data Breach of T-Shirt Makers
    Category: Data Breach
    Content: Threat actor claims to have breached the database of T-Shirt Makers in Italy. The dataset contains approximately 13,000 records and includes details such as customer IDs, VAT numbers, email addresses, company or individual names, contact information, client registration dates, and source website references.
    Date: 2026-01-21T17:55:18Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-tshirtmakers-it-13k
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9ada1414-b04e-4d0d-913f-cbfd9113b185.png
    Threat Actors: nest0r
    Victim Country: Italy
    Victim Industry: Printing
    Victim Organization: t-shirt makers
    Victim Site: tshirtmakers.it
48. Alleged Data Breach of LBLV Ltd
    Category: Data Breach
    Content: Threat Actor claims to have breached the database of LBLV in Seychelles, allegedly exposing records of approximately 2,600 forex depositors from 2021. The compromised dataset contains sensitive personal and transactional information, including full names, email addresses, phone numbers, country details, deposit dates, broker identifiers, unique user IDs, transaction amounts, currency, and account status information.
    Date: 2026-01-21T17:33:05Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-lblv-com-2-6k-fx-depositors-2021
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6b6f8412-ef4b-4248-a28e-9756db92c731.png
    Threat Actors: nest0r
    Victim Country: Seychelles
    Victim Industry: Financial Services
    Victim Organization: lblv ltd
    Victim Site: lblv.com
49. MAUSA falls victim to Payouts King Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 218 GB of the organizations data. The data includes employee and executive PII, database exports containing customer data, confidential corporate correspondence, financial records (payrolls, budgets, invoices), employee personal information, and extensive customer information. They intend to publish the data within 6-7 days.
    Date: 2026-01-21T17:29:45Z
    Network: tor
    Published URL: https://payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion/97WDSQ-JUpkbs-a98JKd-wvWiRQ-OfInGm
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/bf1d19fd-e89a-4440-bed7-a855ee09f355.png
    https://d34iuop8pidsy8.cloudfront.net/3cc6597b-60aa-4420-b916-3832fbc70f60.png
    Threat Actors: Payouts King
    Victim Country: Spain
    Victim Industry: Building and construction
    Victim Organization: mausa
    Victim Site: mausa.es
50. Aero-Coating GmbH falls victim to Payouts King Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 520 GB of the organizations data. The data includes project information, sensitive correspondence, PII, employee and executive personal documents, production and engineering data (drawings, QA reports), and financial records (payrolls and budgets). They intend to publish the data within 6-7 days.NB: The organization previously fell victim to Qilin Ransomware on Jan 14 2026
    Date: 2026-01-21T17:27:45Z
    Network: tor
    Published URL: https://payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion/gC9LlM-hj4AU8-6bxwfv-1B8CuO-2ZQ388
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/be3e6c7f-f2cc-4a9f-b8fb-dc3d76f5ae7a.png
    https://d34iuop8pidsy8.cloudfront.net/ed725601-9df3-46b4-9550-ea639395d1b6.png
    Threat Actors: Payouts King
    Victim Country: Germany
    Victim Industry: Aviation & Aerospace
    Victim Organization: aero-coating gmbh
    Victim Site: aero-coating.de
51. CyberOprationCulture targets the website of Samagra Vikash Sansthan
    Category: Defacement
    Content: The group claims to have defaced the website of Samagra Vikash Sansthan
    Date: 2026-01-21T17:27:13Z
    Network: telegram
    Published URL: https://t.me/c/3421269527/90
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9d3e8351-a2cb-4155-a861-682a12050f4a.jpg
    Threat Actors: CyberOprationCulture
    Victim Country: India
    Victim Industry: Non-profit & Social Organizations
    Victim Organization: samagra vikash sansthan
    Victim Site: samagravikash.org
52. Caunton Engineering Limited falls victim to Payouts King Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 2.3 TB of the organizations data. The data includes Compromised data includes employee and executive PII, confidential corporate correspondence, corporate documents and contracts, customer information, financial records (including payrolls), and employee personal files and documents. They intend to publish the data within 6-7 days.
    Date: 2026-01-21T17:25:36Z
    Network: tor
    Published URL: https://payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion/eJxPPg-UMjE8T-LQRvwi-KWCu40-bxB3Im
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7df90584-5121-4d7e-9c01-7b88b8562c1e.png
    https://d34iuop8pidsy8.cloudfront.net/e517e41e-b5c0-4ab2-81bc-9aac2051f1b5.png
    Threat Actors: Payouts King
    Victim Country: UK
    Victim Industry: Building and construction
    Victim Organization: caunton engineering limited
    Victim Site: caunton.co.uk
53. Ash & Lacy falls victim to Payouts King Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 2.1 TB of the organizations data. The data includes corporate correspondence and contracts, employee and executive personal documents, PII, financial records (budgets and payrolls), customer data, and production information including technical drawings. They intend to publish the data within 6-7 days.
    Date: 2026-01-21T16:58:25Z
    Network: tor
    Published URL: https://payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion/PqVXm4-9ewwi8-tG5q6g-AxFv70-E1OkIl
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/cfdee69c-e705-43f6-9c69-5a747d73f4f5.png
    https://d34iuop8pidsy8.cloudfront.net/d1889d46-7e04-4671-9021-1fa6236024cd.png
    Threat Actors: Payouts King
    Victim Country: UK
    Victim Industry: Building and construction
    Victim Organization: ash & lacy
    Victim Site: ashandlacy.com
54. V. FRAAS falls victim to Payouts King Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 625 GB of the organizations data. database backups, corporate correspondence and confidential documents, project and partner collaboration files, PII, financial records (payrolls and budgets), customer information, production designs and drawings, and employee and executive personal documents. They intend to publish the data within 6-7 days.
    Date: 2026-01-21T16:57:00Z
    Network: tor
    Published URL: https://payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion/puEYjF-jgoNhC-VnCkb9-rMaMVE-XK5pAy
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/db957720-ceb6-4eb8-bb52-fd7d880bd75c.png
    https://d34iuop8pidsy8.cloudfront.net/f78a3e46-e88c-43f5-ba05-8a6fcf192112.png
    Threat Actors: Payouts King
    Victim Country: Germany
    Victim Industry: Textiles
    Victim Organization: v. fraas
    Victim Site: vfraas.com
55. Bespoke Home Interior Design Group falls victim to Payouts King Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 832 GB of the organizations data. The data includes corporate correspondence, PII, employee and executive personal documents, financial records (budgets and payroll), corporate documents and NDAs, customer information, and production data including technical drawings. They intend to publish the data within 6-7 days.
    Date: 2026-01-21T16:56:06Z
    Network: tor
    Published URL: https://payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion/0NGNQ4-hmdIgY-nA9hWU-Gju5sG-bUmC39
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b4ff8949-9d0e-443d-a5a4-580798dcc54a.png
    https://d34iuop8pidsy8.cloudfront.net/73a8e4ae-4df7-45c5-a1c2-c8462367a32c.png
    Threat Actors: Payouts King
    Victim Country: UK
    Victim Industry: Furniture
    Victim Organization: bespoke home interior design group
    Victim Site: bhid.co.uk
56. V. FRAAS falls victim to Payouts King Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 625 GB of the organizations data. database backups, corporate correspondence and confidential documents, project and partner collaboration files, PII, financial records (payrolls and budgets), customer information, production designs and drawings, and employee and executive personal documents. They intend to publish the data within 6-7 days.
    Date: 2026-01-21T16:54:39Z
    Network: tor
    Published URL: https://payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/db957720-ceb6-4eb8-bb52-fd7d880bd75c.png
    https://d34iuop8pidsy8.cloudfront.net/f78a3e46-e88c-43f5-ba05-8a6fcf192112.png
    Threat Actors: Payouts King
    Victim Country: Germany
    Victim Industry: Textiles
    Victim Organization: v. fraas
    Victim Site: vfraas.com
57. Alleged access to an unidentified CCTV system in the Czech Republic
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to the CCTV surveillance system of an unidentified manufacturing plant in the Czech Republic.
    Date: 2026-01-21T16:47:02Z
    Network: telegram
    Published URL: https://t.me/zpentestalliance/984
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1ef02b58-8dfe-43d9-82de-aae032a8e13f.png
    Threat Actors: Z-PENTEST ALLIANCE
    Victim Country: Czech Republic
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
58. Bespoke Home Interior Design Group falls victim to Payouts King Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 832 GB of the organizational data and they intend to publish the data within 6 days.
    Date: 2026-01-21T16:29:31Z
    Network: tor
    Published URL: https://payoutsgn7cy6uliwevdqspncjpfxpmzgirwl2au65la7rfs5x3qnbqd.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3ac11f91-ed01-46bb-bb9c-13bba8380958.png
    Threat Actors: Payouts King
    Victim Country: UK
    Victim Industry: Furniture
    Victim Organization: bespoke home interior design group
    Victim Site: bhid.co.uk
59. Mettler+Partner AG falls victim to akira Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s data. The data includes employee passport details, HR records, project files and internal corporate documents.
    Date: 2026-01-21T16:16:18Z
    Network: tor
    Published URL: https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c8fe147b-4253-4d74-bd73-e9a4bf93f564.png
    Threat Actors: akira
    Victim Country: Switzerland
    Victim Industry: Architecture & Planning
    Victim Organization: mettler+partner ag
    Victim Site: mettlerpartner.ch
60. Serometrix LLC falls victim to NightSpire Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 110 GB of the organizations data and they intend to publish it within 13-14 days.
    Date: 2026-01-21T16:00:09Z
    Network: tor
    Published URL: http://nspirebcv4sy3yydtaercuut34hwc4fsxqqv4b4ye4xmo6qp3vxhulqd.onion/database
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c2b8f212-0126-4a05-a7ce-0522d3f11a01.png
    Threat Actors: NightSpire
    Victim Country: USA
    Victim Industry: Biotechnology
    Victim Organization: serometrix llc
    Victim Site: serometrix.com
61. Alleged data breach of Algerias National Office for University Services
    Category: Data Breach
    Content: The group claims to have breached the systems and leaked the database of National Office for University Services of Algeria and defaced their website.
    Date: 2026-01-21T15:40:52Z
    Network: telegram
    Published URL: https://t.me/c/3447764000/29
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c45cbdd6-7616-479e-aa2f-c8c9c4338fc9.jpg
    Threat Actors: Anonymous Morocco
    Victim Country: Algeria
    Victim Industry: Government Administration
    Victim Organization: national office for university services of algeria
    Victim Site: onou.dz
62. Alleged access to the surveillance camera server in the United States of America
    Category: Initial Access
    Content: A group claims to have gained to the surveillance camera server in the United States of America, allegedly including 13 active cameras operating in the Night Wind version 2.0.4 system at a facility called Sea Lamp Inn in the Seaside area.
    Date: 2026-01-21T14:36:37Z
    Network: telegram
    Published URL: https://t.me/n2LP_wVf79c2YzM0/3405
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9c75a333-30e4-4bbc-8f5b-1ba62e433dda.JPG
    https://d34iuop8pidsy8.cloudfront.net/e156b0af-9f4c-4bb9-b9c8-c54b54374a80.JPG
    Threat Actors: Infrastructure Destruction Squad
    Victim Country: USA
    Victim Industry: Hospitality & Tourism
    Victim Organization: sealamp inn
    Victim Site: sealampinnseasideca.com
63. Alleged SQL database leak of Automobilus.ro customer records
    Category: Data Breach
    Content: The threat actor claims to have leaked SQL database allegedly associated with automobilus.ro. The dataset is described as consisting of approximately 2.08 GB of SQL files dated April 2024 and reportedly includes around 209,000 client-related records.
    Date: 2026-01-21T14:35:51Z
    Network: openweb
    Published URL: https://xss.pro/threads/145496/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1bedd811-22e1-40c9-894f-455d953f59ff.png
    Threat Actors: 108111118101
    Victim Country: Romania
    Victim Industry: Automotive
    Victim Organization: automobilus.ro
    Victim Site: automobilus.ro
64. US Duct Inc. falls victim to LOCKBIT 5.0 ransomware
    Category: Ransomware
    Content: The group claims to have obtained organizations data and intend to publish within 14-15 days.
    Date: 2026-01-21T14:30:45Z
    Network: tor
    Published URL: http://lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion/post/1ee0aa4f746ccf0906616cc6ba5a373e
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/35101283-f5c8-4f45-ac51-77f88caf2d62.jpeg
    Threat Actors: LOCKBIT 5.0
    Victim Country: USA
    Victim Industry: Machinery Manufacturing
    Victim Organization: us duct inc.
    Victim Site: us-duct.com
65. Sociedad Hipotecaria Federal falls victim to LOCKBIT 5.0 ransomware
    Category: Ransomware
    Content: The group claims to have obtained organizations data and intend to publish within 14-15 days.
    Date: 2026-01-21T14:28:35Z
    Network: tor
    Published URL: http://lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion/post/83bf3e0160ed719b28b0937383bf541f
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/eb80f5c0-4558-460f-ae73-01f86f086b43.png
    Threat Actors: LOCKBIT 5.0
    Victim Country: Mexico
    Victim Industry: Government Administration
    Victim Organization: sociedad hipotecaria federal
    Victim Site: gob.mx
66. Rici144 targets the website of New Faisalabad General Transport & Car Recovery
    Category: Defacement
    Content: The group claims to defaced the organizations website.
    Date: 2026-01-21T14:12:48Z
    Network: openweb
    Published URL: https://zone-xsec.com/mirror/id/783638
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3d233d19-e62c-461f-9a67-c06d3a1197df.png
    Threat Actors: Rici144
    Victim Country: UAE
    Victim Industry: Transportation & Logistics
    Victim Organization: new faisalabad general transport & car recovery
    Victim Site: newfaisalabad.ae
67. Frandent Group S.R.L. falls victim to LOCKBIT 5.0 ransomware
    Category: Ransomware
    Content: The group claims to have obtained organizations data and intend to publish within 14-15 days.
    Date: 2026-01-21T13:53:51Z
    Network: tor
    Published URL: http://lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion/post/e49b920efb8c62b78a9b7713bf7bfaa0
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ebb94242-06b2-4769-af76-b1c469377862.png
    Threat Actors: LOCKBIT 5.0
    Victim Country: Italy
    Victim Industry: Farming
    Victim Organization: frandent group s.r.l.
    Victim Site: frandent.it
68. Aditus Financial Consulting falls victim to LOCKBIT 5.0 Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organizations data and intend to publish within 14 – 15 days.
    Date: 2026-01-21T13:48:41Z
    Network: tor
    Published URL: http://lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onion/post/43c4c15e5f7ea8831354a4d760353e60
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/91b372e6-d2bc-49f2-b8a9-65f57c5d63ab.png
    Threat Actors: LOCKBIT 5.0
    Victim Country: Brazil
    Victim Industry: Financial Services
    Victim Organization: aditus financial consulting
    Victim Site: aditusbr.com
69. Saunders & Saunders, LLP falls victim to DEVMAN 2.0 Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 200 GB of the organization’s data and intends to publish it within 8–9 days.
    Date: 2026-01-21T13:17:31Z
    Network: tor
    Published URL: http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/4571e9c9-580b-4568-9d06-c4470b0ae703.png
    Threat Actors: DEVMAN 2.0
    Victim Country: USA
    Victim Industry: Legal Services
    Victim Organization: saunders & saunders, llp
    Victim Site: saundersandsaunders.com
70. Automax falls victim to DEVMAN 2.0 Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 120 GB of the organization’s data and intends to publish it within 8–9 days.
    Date: 2026-01-21T12:48:17Z
    Network: tor
    Published URL: http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2364cf35-045b-40ac-8290-08a3613a5441.png
    Threat Actors: DEVMAN 2.0
    Victim Country: USA
    Victim Industry: Automotive
    Victim Organization: automax
    Victim Site: automax.com
71. LulzSec Hackers claims to target UAE
    Category: Cyber Attack
    Content: A recent post by the group indicates that theyre targeting UAE.
    Date: 2026-01-21T12:32:31Z
    Network: telegram
    Published URL: https://t.me/LulzSecHackers/225
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/22a85e66-95d6-4f3f-aeef-4d2b6e2abf5d.jpg
    Threat Actors: LulzSec Hackers
    Victim Country: UAE
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
72. Alleged security vulnerabilities in BADR BANK, Algeria
    Category: Vulnerability
    Content: The group claims to have identified weaknesses in a bank that could allow unauthorized access or disrupt critical system functions, potentially impacting sensitive areas
    Date: 2026-01-21T12:30:34Z
    Network: telegram
    Published URL: https://t.me/DarK07xxxxxxx/1058
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/9e12636b-30cb-45a1-abf7-3677c098aacf.JPG
    Threat Actors: DARK 07x
    Victim Country: Algeria
    Victim Industry: Banking & Mortgage
    Victim Organization: badr bank
    Victim Site: badrbank.dz
73. DEVMAN 2.0 ransomware group adds an unknown victim (law.com)
    Category: Ransomware
    Content: The group claims to have obtained 386 GB of the organizations data.
    Date: 2026-01-21T12:29:35Z
    Network: tor
    Published URL: http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f362b84e-4027-4842-bc60-74d4a4d1f3c4.jpeg
    Threat Actors: DEVMAN 2.0
    Victim Country: USA
    Victim Industry: Law Enforcement
    Victim Organization: Unknown
    Victim Site: law.com
74. DEVMAN 2.0 ransomware group adds an unknown victim (msic.fi)
    Category: Ransomware
    Content: The group claims to have obtained 150 GB of the organization’s data and intends to publish it within 8–9 days.
    Date: 2026-01-21T12:27:32Z
    Network: tor
    Published URL: http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/77bde3e9-5054-45c1-bee0-1a97f65a979d.png
    Threat Actors: DEVMAN 2.0
    Victim Country: Finland
    Victim Industry: Retail Industry
    Victim Organization: Unknown
    Victim Site: msic.fi
75. DEVMAN 2.0 ransomware group adds an unknown victim (oms-.com)
    Category: Ransomware
    Content: The group claims to have obtained 300 GB of data from an unidentified organization and intends to publish it within 8–9 days.
    Date: 2026-01-21T12:19:12Z
    Network: tor
    Published URL: http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/4c620035-286e-497c-add9-79262aa340c4.png
    Threat Actors: DEVMAN 2.0
    Victim Country: USA
    Victim Industry: Financial Services
    Victim Organization: Unknown
    Victim Site: oms-.com
76. Alleged unauthorized access to an unidentified hydroelectric power plant in the Czech Republic
    Category: Initial Access
    Content: Group claims to have gained unauthorized access to an unidentified hydroelectric power plant in the Czech Republic.
    Date: 2026-01-21T11:48:34Z
    Network: telegram
    Published URL: https://t.me/zpentestalliance/983
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/21f310bd-e146-4b88-a277-94b3dc79a09f.png
    https://d34iuop8pidsy8.cloudfront.net/a7c3445d-4423-4708-8967-94760a510af1.png
    Threat Actors: Z-PENTEST ALLIANCE
    Victim Country: Czech Republic
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
77. Alleged data breach of BNP Paribas El Djazaïr
    Category: Data Breach
    Content: The group claims to have breached the organisations data, allegedly including Current Accounts, Savings Accounts, Private Accounts, Personal Finance, Personal Loans,Mortgages, Certificates of Savings and more.
    Date: 2026-01-21T11:19:34Z
    Network: telegram
    Published URL: https://t.me/DarK07xxxxxxx/1054
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/0596493f-9824-4002-872b-d08489dd2a5b.JPG
    Threat Actors: DARK 07x
    Victim Country: Algeria
    Victim Industry: Banking & Mortgage
    Victim Organization: bnp paribas el djazaïr
    Victim Site: bnpparibas.dz
78. Alleged unauthorized access to an unidentified industrial water filtration and flushing system in the Czech Republic
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to an industrial water filtration and flushing system in the Czech Republic. According to the claim, the access allows modification of key processes, air pressure regulation, filter flushing cycles, pump management, and UV disinfection system.
    Date: 2026-01-21T10:31:16Z
    Network: telegram
    Published URL: https://t.me/c/2787466017/1751
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a535b8dd-e0d0-4c96-8fe0-5d2d97e27fd3.jpg
    https://d34iuop8pidsy8.cloudfront.net/9aff3d3f-6ba6-4ff3-a9d4-98c64aa1009c.jpg
    Threat Actors: NoName057(16)
    Victim Country: Czech Republic
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
79. Alleged database leak of Singaporean Online Customer Captured on eating sit-out CRM
    Category: Data Breach
    Content: The threat actor claims to have leaked a database containing Singaporean online customer data captured through an eating sit-out CRM system.
    Date: 2026-01-21T10:26:43Z
    Network: openweb
    Published URL: https://leakbase.la/threads/giveaway-singaporean-online-customer-captured-on-eating-sit-out-crm.48336/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/16dd261c-55f4-47fb-97a0-0cafbab32c63.png
    Threat Actors: cactus
    Victim Country: Singapore
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
80. Alleged database leak of Yellow Slate.
    Category: Data Breach
    Content: Threat actor claims to have leaked a database from Yellow Slate.
    Date: 2026-01-21T10:12:45Z
    Network: openweb
    Published URL: https://leakbase.la/threads/giveaway-indians-users-captured-on-yellowslate-com-email-phone-sorted.48335/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/67be7403-aad0-44ef-87f4-2a86ba906704.png
    Threat Actors: cactus
    Victim Country: India
    Victim Industry: Unknown
    Victim Organization: yellow slate
    Victim Site: yelloslate.com
81. Alleged database leak of Online Lottery Tickets
    Category: Data Breach
    Content: Threat actor claims to have leaked a database from Online Lottery Tickets.
    Date: 2026-01-21T09:30:52Z
    Network: openweb
    Published URL: https://leakbase.la/threads/giveaway-multiple-countries-users-captured-on-buylottoonline-com.48337/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f83f3bac-ca2c-433b-ada6-7f61b318bc83.png
    Threat Actors: cactus
    Victim Country: Unknown
    Victim Industry: Gambling & Casinos
    Victim Organization: online lottery tickets
    Victim Site: buylottoonline.com
82. WorkForce Software falls victim to CL0P Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organizations data.
    Date: 2026-01-21T09:26:23Z
    Network: tor
    Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/workforcesoftware-com
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/647c26f0-8e0c-4681-9179-d8cab6407637.JPG
    Threat Actors: CL0P
    Victim Country: USA
    Victim Industry: Software
    Victim Organization: workforce software
    Victim Site: workforcesoftware.com
83. KCD, Inc. falls victim to CL0P Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organizations data.
    Date: 2026-01-21T09:18:36Z
    Network: tor
    Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/kcdworldwide-com
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/18712175-04d3-49bc-8da9-0ebe30b854d6.JPG
    Threat Actors: CL0P
    Victim Country: USA
    Victim Industry: Public Relations/PR
    Victim Organization: kcd, inc.
    Victim Site: kcdworldwide.com
84. McMath Woods falls victim to CL0P Ransomware
    Category: Ransomware
    Content: Group claims to have obtained the organizations data.
    Date: 2026-01-21T09:14:20Z
    Network: tor
    Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/mcmathlaw-com
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6695705b-4bfc-4fcf-9557-8cf8de255929.png
    Threat Actors: CL0P
    Victim Country: USA
    Victim Industry: Legal Services
    Victim Organization: mcmath woods
    Victim Site: mcmathlaw.com
85. Trust Payments falls victim to CL0P Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organizations data.
    Date: 2026-01-21T09:12:02Z
    Network: tor
    Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/trustpayments-com
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/12fd3ec2-3e74-495e-bf34-47731f0fd4b6.png
    Threat Actors: CL0P
    Victim Country: UK
    Victim Industry: Financial Services
    Victim Organization: trust payments
    Victim Site: trustpayments.com
86. Brinks falls victim to CL0P Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organizations data.
    Date: 2026-01-21T09:09:50Z
    Network: tor
    Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/brinks-co-nz
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/bed653aa-3528-4d9a-8c8e-eb8efe486504.png
    Threat Actors: CL0P
    Victim Country: New Zealand
    Victim Industry: Food Production
    Victim Organization: brinks
    Victim Site: brinks.co.nz
87. Integritek falls victim to CL0P Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organizations data.
    Date: 2026-01-21T08:57:11Z
    Network: tor
    Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/integritek-net
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/bf92beb2-1957-4ca3-a493-7d3870cde4dc.png
    Threat Actors: CL0P
    Victim Country: USA
    Victim Industry: Information Technology (IT) Services
    Victim Organization: integritek
    Victim Site: integritek.net
88. Centaur Products Inc. falls victim to CL0P Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organizations data.
    Date: 2026-01-21T08:52:16Z
    Network: tor
    Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/centaurproducts-com
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/be53ec4f-8662-4aa6-ab66-bcad642f3d40.png
    Threat Actors: CL0P
    Victim Country: Canada
    Victim Industry: Sports
    Victim Organization: centaur products inc.
    Victim Site: centaurproducts.com
89. Korol Financial Group falls victim to CL0P Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organizations data.
    Date: 2026-01-21T08:46:33Z
    Network: tor
    Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/korolfinancial-com
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/dcb06e56-ce17-434f-ad4b-08d23fd8685e.png
    Threat Actors: CL0P
    Victim Country: USA
    Victim Industry: Financial Services
    Victim Organization: korol financial group
    Victim Site: korolfinancial.com
90. Bureaux Solutions falls victim to CL0P Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organizations data.
    Date: 2026-01-21T08:44:53Z
    Network: tor
    Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/bureaux-fr
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c3a3ed4c-efd1-48e0-b901-e4e31d21784f.png
    Threat Actors: CL0P
    Victim Country: France
    Victim Industry: Retail Industry
    Victim Organization: bureaux solutions
    Victim Site: bureaux.fr
91. Onyx Equities, LLC falls victim to CL0P Ransomware
    Category: Ransomware
    Content: The group claims to have obtained organizations data.
    Date: 2026-01-21T08:40:38Z
    Network: tor
    Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/onyxequities-com
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d3b6f1fb-a9ee-4b42-8024-5d25e711c48b.png
    Threat Actors: CL0P
    Victim Country: USA
    Victim Industry: Real Estate
    Victim Organization: onyx equities, llc
    Victim Site: onyxequities.com
92. Alleged data sale of Live Nation Entertainment
    Category: Data Breach
    Content: The threat actor claims to be selling approximately 1.2 billion user records totalling 2.6 TB of data allegedly linked to Live Nation Entertainment and its subsidiary Ticketmaster. The compromised data reportedly includes names, physical addresses, email addresses, phone numbers, IP addresses, dates of birth, and partial payment card details such as card type, last four digits, and expiration dates, along with additional associated information.
    Date: 2026-01-21T07:48:43Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Selling-Live-Nation-TicketMaster-1-2B-Users-Card-Details-2-6TB
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/46b302ca-aa6e-4b64-adfc-a81dc1a53810.png
    Threat Actors: shinymontanna
    Victim Country: USA
    Victim Industry: Entertainment & Movie Production
    Victim Organization: live nation entertainment
    Victim Site: livenationentertainment.com
93. Alleged data breach of Madiun
    Category: Data Breach
    Content: The threat actor claims to be leaked data belonging to Madiun 2023. The compromised data reportedly includes Type of service, Service date, Government staff names, Residential addresses, Phone numbers, Death certificates, Marriage certificates, Police clearance, ID related administrative services
    Date: 2026-01-21T06:57:31Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DOCUMENTS-464-Madiun-city-service-database-leaked-free-download
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/18040f03-dacb-42b5-ad1b-475e642bc58c.png
    Threat Actors: AYYUBI
    Victim Country: Indonesia
    Victim Industry: Government & Public Sector
    Victim Organization: madiun
    Victim Site: madiunkota.go.id
94. Alleged Leak of French Personal Data
    Category: Data Breach
    Content: The threat actor claims to be leaked 913 MB French Personal Data. The compromised data reportedly includes names, dates of birth
    Date: 2026-01-21T06:17:05Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-A-bunch-of-French-shit-can-t-read-it-but-tons-of-files
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/568d237c-dfbc-404d-a4c8-5de348cd517a.png
    Threat Actors: OriginalCrazyOldFart
    Victim Country: France
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
95. 404 CREW CYBER TEAM targets the website of Technicum of Power Engineering and Metalworking
    Category: Defacement
    Content: The group claims to have defaced the website of Technicum of Power Engineering and Metalworking
    Date: 2026-01-21T06:05:01Z
    Network: telegram
    Published URL: https://t.me/crewcyber/585
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e421d2c1-2377-4716-9253-83cd8a58eb26.png
    Threat Actors: 404 CREW CYBER TEAM
    Victim Country: Russia
    Victim Industry: Education
    Victim Organization: technicum of power engineering and metalworking
    Victim Site: spbteim.ru
96. Alleged data breach of Fédération Française dÉquitation
    Category: Data Breach
    Content: The threat actor claims to be leaked data from Fédération Française dÉquitation. The compromised data reportedly contain 113,954 records including Internal reference IDs, Last name, First name, NRFFE (federation member identifier), Date of birth, Gender, Federation code (FRA), Email addresses
    Date: 2026-01-21T06:01:52Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-REPOST-FFE-FR
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7c006e25-41bb-41a5-99d7-938093e832e3.png
    https://d34iuop8pidsy8.cloudfront.net/abdfd39d-de5d-43de-9ed3-6656a274fc5d.png
    Threat Actors: Kayo
    Victim Country: France
    Victim Industry: Sports
    Victim Organization: fédération française déquitation
    Victim Site: ffe.com
97. Alleged data leak of French Organizations
    Category: Data Breach
    Content: The threat actor claims to have leaked data belonging to multiple French organizations, including popular e-commerce sites, sports federations, and telecom providers. The compromised data reportedly contains millions of customer records, including full names, email addresses, phone numbers, physical addresses, and payment information.
    Date: 2026-01-21T05:55:25Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-French-database–185068
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ed1d4573-f187-49c7-bc8e-99fd8af9bcbe.png
    Threat Actors: lysanaflare
    Victim Country: France
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
98. 404 CREW CYBER TEAM targets the website of cpprk-adm.ru
    Category: Defacement
    Content: The group claims to have defaced the website of cpprk-adm.ru
    Date: 2026-01-21T05:42:16Z
    Network: telegram
    Published URL: https://t.me/crewcyber/586
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/0aed129f-194a-4ba4-b2a0-6d2d5c50c9e6.png
    Threat Actors: 404 CREW CYBER TEAM
    Victim Country: Russia
    Victim Industry: Education
    Victim Organization: cpprk
    Victim Site: cpprk-adm.ru
99. Alleged data breach of Chat Mobile
    Category: Data Breach
    Content: The threat actor claims to be leaked dat belonging to Chat Mobile from 2022. The compromised data reportedly contain 3.5 million records including Full names, Usernames, Email addresses, Phone numbers, physical addresses
    Date: 2026-01-21T05:39:39Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-REQUEST-ChatrMobile-chatrwireless-com-2022-3-500-000
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3f7c93a3-20b2-43df-9e93-34735da3f184.png
    Threat Actors: thelastwhitehat
    Victim Country: USA
    Victim Industry: Network & Telecommunications
    Victim Organization: chat mobile
    Victim Site: chatwireless.com
100. Alleged leak of data from France
     Category: Data Breach
     Content: The threat actor claims to be leaked data from France. The the data reportedly includes Last name, First name, Date of birth, Phone number, Gender, Email address, Parents’ information
     Date: 2026-01-21T05:39:03Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-French-database–185067
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/4f495b7f-b3da-40e5-8672-34e246d29a92.png
     Threat Actors: lysanaflare
     Victim Country: France
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
101. Alleged data breach of Sieora
     Category: Data Breach
     Content: The threat actor claims to be leaked data belonging to Sieora from 2025.
     Date: 2026-01-21T05:29:36Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-SOURCE-CODE-Sieora-Data-Breach
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/28eff56f-cf9c-4677-b502-e929dcee2151.png
     Threat Actors: 888
     Victim Country: India
     Victim Industry: Software Development
     Victim Organization: sieora
     Victim Site: sieora.in
102. Alleged data breach of OnlineSkills
     Category: Data Breach
     Content: The threat actor claims to have leaked data belonging to OnlineSkills from 2025. The compromised data reportedly contain 1.5 million customer records including full names, email addresses, phone numbers, physical addresses, payment information
     Date: 2026-01-21T05:15:03Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-DATABASE-OnlineSkills-onlineskills-ru-onlineskills-pro-2025-07-05-1-50M-Customers
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/b92d8c9c-b3bb-4a68-b29c-1f9ea9e08fad.png
     Threat Actors: thelastwhitehat
     Victim Country: Russia
     Victim Industry: Education
     Victim Organization: onlineskills
     Victim Site: onlineskills.ru
103. Alleged data breach of BBS Radio
     Category: Data Breach
     Content: The threat actor claims to be leaked data from BBS Radio. compromised data reportedly includes User IDs, Email Addresses, Usernames
     Date: 2026-01-21T04:57:06Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-BBSRadio-com-Database-Leaked-Download–185055
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/4d66dcf1-9387-4c72-b989-ea1032e9008d.png
     Threat Actors: 888
     Victim Country: USA
     Victim Industry: Broadcast Media
     Victim Organization: bbs radio
     Victim Site: bbsradio.com
104. Alleged data breach of Abu Dhabi Judicial Department
     Category: Data Breach
     Content: The group claims to have leaked data from Abu Dhabi Judicial Department. The compromised data includes passports, valuable information and system administrator data.
     Date: 2026-01-21T04:52:55Z
     Network: telegram
     Published URL: https://t.me/LulzSecHackers/219
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/cafd5528-ab54-46ef-9d5e-d127d344e1e8.png
     https://d34iuop8pidsy8.cloudfront.net/48247a33-6faf-4bc9-b8ef-7623bc790fef.png
     Threat Actors: LulzSec Hackers
     Victim Country: UAE
     Victim Industry: Government Administration
     Victim Organization: abu dhabi judicial department
     Victim Site: adjd.gov.ae
105. Alleged data breach of Joel Car Rental
     Category: Data Breach
     Content: The group claims to have leaked data of Joel Car Rental.
     Date: 2026-01-21T04:44:42Z
     Network: telegram
     Published URL: https://t.me/c/3027611821/325
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/0ccc3240-7bd0-437f-a0a2-65012264f22a.png
     https://d34iuop8pidsy8.cloudfront.net/966cb00a-61c8-4c62-b34a-591b435c925c.png
     https://d34iuop8pidsy8.cloudfront.net/af120384-287f-4d3f-8f96-8a1cad805fd4.png
     Threat Actors: Z-BL4CX-H4T
     Victim Country: Dominican Republic
     Victim Industry: Automotive
     Victim Organization: joel car rental
     Victim Site: joelcarrental.com
106. Alleged leak of OLD Torrent Database
     Category: Data Breach
     Content: Threat actor shared a torrent containing an alleged 637–638 GB collection of leaked databases, including cracked email/password lists, forum user databases, SQL dumps, credential logs, and archived breach files from multiple websites, dating back several years.
     Date: 2026-01-21T04:20:38Z
     Network: openweb
     Published URL: https://ramp4u.io/threads/big-old-637gb-collection-of-databases-torrent.3819/
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/3a5ac272-0a89-4112-8e03-1396f4edb6b5.png
     https://d34iuop8pidsy8.cloudfront.net/f2c0ae17-52bf-4399-9702-c52b6c93ee6e.png
     https://d34iuop8pidsy8.cloudfront.net/b9133ce2-8369-4604-a9da-ad529221820e.png
     Threat Actors: 3uker
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
107. Alleged data breach of Rock Bottom Rentals
     Category: Data Breach
     Content: The threat actor claims to be leaked data from Rock Bottom Rentals. The compromised data reportedly includes documents, tax forms, internal agreements, and invoice related contact information
     Date: 2026-01-21T04:13:21Z
     Network: openweb
     Published URL: https://darkforums.io/Thread-DATABASE-Rockbottom-Rentals-Data-Breach-Leaked-Download–65209
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/0335657f-e55a-4d68-8f96-76a271138f8f.png
     Threat Actors: epic
     Victim Country: USA
     Victim Industry: Network & Telecommunications
     Victim Organization: rock bottom rentals
     Victim Site: rockbottomrentals.com
108. Alleged data leak of Pegasus Tourism & Travel LTD
     Category: Data Breach
     Content: Threat actor claims to be leaked data from Pegasus Torusim & Travel LTD. The compromised data reportedly includes member id, contact id, full name, first name, last name, phone, email etc.
     Date: 2026-01-21T03:49:09Z
     Network: openweb
     Published URL: https://leakbase.la/threads/pegasusisrael-co-il-201k-isreal-citzen.48306/
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/2a092cba-c07c-4233-8c75-fd1013e68f8e.jpeg
     Threat Actors: wayne bruce123
     Victim Country: Israel
     Victim Industry: Leisure & Travel
     Victim Organization: pegasus tours & travel ltd
     Victim Site: pegasusisrael.co.il
109. Alleged sale of shell access to unidentified store in Spain
     Category: Initial Access
     Content: Threat actor claims to be selling shell access to an unidentified online store in Spain.
     Date: 2026-01-21T03:22:32Z
     Network: openweb
     Published URL: https://forum.exploit.in/topic/274203/
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/905fd64f-9473-4980-ad60-98b648d0d1ff.png
     Threat Actors: Shopify
     Victim Country: Spain
     Victim Industry: E-commerce & Online Stores
     Victim Organization: Unknown
     Victim Site: Unknown
110. Alleged sale of shell access to unidentified store in USA
     Category: Initial Access
     Content: Threat actor claims to be selling shell access to an unidentified online store in USA.
     Date: 2026-01-21T03:19:19Z
     Network: openweb
     Published URL: https://forum.exploit.in/topic/274202/
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/67e23dcd-930e-4faf-96db-f60b14ccba76.png
     Threat Actors: Shopify
     Victim Country: USA
     Victim Industry: E-commerce & Online Stores
     Victim Organization: Unknown
     Victim Site: Unknown
111. Alleged sale of shell access to unidentified store in Argentina
     Category: Initial Access
     Content: Threat actor claims to be selling shell access to an unidentified online store in Argentina.
     Date: 2026-01-21T03:16:14Z
     Network: openweb
     Published URL: https://forum.exploit.in/topic/274201/
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/e7dcdfec-c4a0-4e15-a328-69821b3580ff.png
     Threat Actors: Shopify
     Victim Country: Argentina
     Victim Industry: E-commerce & Online Stores
     Victim Organization: Unknown
     Victim Site: Unknown
112. Alleged sale of shell access to unidentified store in Australia
     Category: Initial Access
     Content: Threat actor claims to be selling shell access to an unidentified online store in Australia.
     Date: 2026-01-21T03:12:47Z
     Network: openweb
     Published URL: https://forum.exploit.in/topic/274200/
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/c6828ff6-f159-4ef5-bc02-1dbeb902686c.png
     Threat Actors: Shopify
     Victim Country: Australia
     Victim Industry: E-commerce & Online Stores
     Victim Organization: Unknown
     Victim Site: Unknown
113. Alleged sale of admin access to unidentified store in USA
     Category: Initial Access
     Content: Threat actor claims to be selling unauthorized admin access to an unidentified online store in USA.
     Date: 2026-01-21T03:06:39Z
     Network: openweb
     Published URL: https://forum.exploit.in/topic/274199/
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/1d4ead8c-85a2-4cfe-8fcc-202d887b4338.png
     Threat Actors: Shopify
     Victim Country: USA
     Victim Industry: E-commerce & Online Stores
     Victim Organization: Unknown
     Victim Site: Unknown
114. Alleged sale of shell access to unidentified store in UK
     Category: Initial Access
     Content: Threat actor claims to be selling unauthorized shell access to an unidentified online store in UK.
     Date: 2026-01-21T02:36:10Z
     Network: openweb
     Published URL: https://forum.exploit.in/topic/274198/
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/7d7cf101-2bd7-46ad-a8c2-ee62ef67146d.png
     Threat Actors: Shopify
     Victim Country: UK
     Victim Industry: E-commerce & Online Stores
     Victim Organization: Unknown
     Victim Site: Unknown
115. Alleged data breach of Derayah Financial
     Category: Data Breach
     Content: The group claims to have leaked data of Derayah Financial of Saudi Arabia. which invested 760,000 in stocks, funds and real estate
     Date: 2026-01-21T02:34:37Z
     Network: telegram
     Published URL: https://t.me/c/2273625312/3419
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/0014167a-94f6-4387-8352-41e2fdfcb8b3.png
     Threat Actors: Yiqun data
     Victim Country: Saudi Arabia
     Victim Industry: Financial Services
     Victim Organization: derayah financial
     Victim Site: derayah.com
116. Yource Bulgaria & Greece falls victim to CRYPTO24 Ransomware
     Category: Ransomware
     Content: The group claims to have obtained 540GB of organizations data
     Date: 2026-01-21T02:34:00Z
     Network: tor
     Published URL: http://j5o5y2feotmhvr7cbcp2j2ewayv5mn5zenl3joqwx67gtfchhezjznad.onion/
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/1a585607-f6bb-47de-be10-06b35f1e65a7.png
     Threat Actors: CRYPTO24
     Victim Country: Bulgaria
     Victim Industry: Outsourcing & Offshoring
     Victim Organization: yource bulgaria & greece
     Victim Site: yourcebulgaria.cc
117. Alleged sale of Twilio verified account
     Category: Data Breach
     Content: Threat actor claims to be selling verified Twilio account with $97 credit.
     Date: 2026-01-21T02:33:04Z
     Network: openweb
     Published URL: https://forum.exploit.in/topic/274177/
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/7e518729-ec1d-4181-8717-82c18d29e6f2.png
     Threat Actors: unkpayne
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
118. Alleged data breach of Standard Chartered Bank
     Category: Data Breach
     Content: The group claims to have leaked data of Standard Chartered Bank. A user from the uae opened a CD Saving account with Standard Chartered Bank with a deposit of 790,000 yuan.
     Date: 2026-01-21T02:11:24Z
     Network: telegram
     Published URL: https://t.me/c/2273625312/3387
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/0c17fd49-c1f5-4a01-804d-66162c1a7cc6.png
     Threat Actors: Yiqun data
     Victim Country: UAE
     Victim Industry: Financial Services
     Victim Organization: standard chartered bank
     Victim Site: sc.com
119. Alleged data breach of Sharaf finance
     Category: Data Breach
     Content: The group claims to have leaked data of Sharaf finance. Which includes 730,000 cryptocurrency accounts at Sharaf financial in the UAE.
     Date: 2026-01-21T01:44:11Z
     Network: telegram
     Published URL: https://t.me/c/2273625312/3365
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/50e2e937-3fe9-4c25-a462-3dcb74677006.png
     Threat Actors: Yiqun data
     Victim Country: UAE
     Victim Industry: Financial Services
     Victim Organization: sharaf finance
     Victim Site: Unknown
120. Alleged data leak of Saxo Bank
     Category: Data Breach
     Content: The group claims to have leaked data of Saxo Bank. The compromised data reportedly includes financial investments, US stock securities and wealth management
     Date: 2026-01-21T01:17:07Z
     Network: telegram
     Published URL: https://t.me/c/2273625312/3353
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/e2ddce30-d201-460c-b09b-a063126fb703.png
     Threat Actors: Yiqun data
     Victim Country: Qatar
     Victim Industry: Financial Services
     Victim Organization: saxo bank
     Victim Site: home.saxo
121. Alleged data breach of Daryn Online
     Category: Data Breach
     Content: The threat actor claims to have leaked data belonging to Daryn Online from 2023. The compromised data reportedly contain 4.20 million records including Full names, Email addresses, Phone numbers, Dates of birth, Regions, Admission years
     Date: 2026-01-21T00:42:34Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-DATABASE-Daryn-Online-daryn-online-2023-4-20M-Users
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/995d037c-f525-4774-97b9-6277ebaebb59.png
     Threat Actors: thelastwhitehat
     Victim Country: Kazakhstan
     Victim Industry: Education
     Victim Organization: daryn online
     Victim Site: daryn.online
122. Alleged data breach of eRenterPlan
     Category: Data Breach
     Content: The threat actor claims to have leaked 890 GB data belonging to eRenterPlan from october 2025. The compromised data reportedly contain 1.8 million records including Policy numbers, Full names, Residential addresses, Mailing addresses, Phone numbers, Email addresses
     Date: 2026-01-21T00:28:59Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-1-8M-Insurance-Records-%E2%80%94-Fresh-Docs-Never-Leaked-Limited-Access
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/2b11811b-a015-40f0-997a-0c6b02d0bc25.png
     https://d34iuop8pidsy8.cloudfront.net/adef3569-295b-4793-8542-9d4361bc4283.png
     https://d34iuop8pidsy8.cloudfront.net/d34ceedd-a035-4306-9913-a17ce7850a36.png
     https://d34iuop8pidsy8.cloudfront.net/cd7c7ce4-c3e2-49ff-9ad1-6bbf0940a536.png
     Threat Actors: iProfessor
     Victim Country: USA
     Victim Industry: Financial Services
     Victim Organization: erenterplan
     Victim Site: erenterplan.com
123. Alleged Sale of Cryptocurrency User Data
     Category: Data Breach
     Content: Threat actor claims to be selling a cryptocurrency user database, advertised as a crypto leads dataset, allegedly containing data from platforms such as Stansberry, Celsius, Bitwise, Chainlink, Circle Trading, Consensys, Debank, Unchained, Zendeledger, Pantera Capital, and Ledger.
     Date: 2026-01-21T00:19:40Z
     Network: openweb
     Published URL: https://forum.exploit.in/topic/274195/
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/adbafbaa-ec3a-4ee2-bb29-160903b53f21.png
     Threat Actors: Akagi
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
124. Alleged sale of unauthorized admin access to unidentified store in Israel
     Category: Initial Access
     Content: Threat actor claims to be selling unauthorized admin access to an unidentified online store in Israel.
     Date: 2026-01-21T00:00:53Z
     Network: openweb
     Published URL: https://forum.exploit.in/topic/274192/
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/484834a3-aa7d-4803-809f-889ad2062098.png
     Threat Actors: Reve
     Victim Country: Israel
     Victim Industry: E-commerce & Online Stores
     Victim Organization: Unknown
     Victim Site: Unknown