Global Cyber Threat Intelligence Report: January 26, 2026

Date: January 27, 2026 Security Level: Critical Total Incidents Analyzed: 144

---

1. Executive Summary

The period of January 26, 2026, represents a volatile timeframe in the global cyber threat landscape, characterized by a simultaneous surge in high-impact ransomware operations, massive data breaches involving Personally Identifiable Information (PII), and a highly coordinated wave of hacktivist activity in South Asia.

The intelligence data reveals three primary vectors of activity. First, Ransomware-as-a-Service (RaaS) groups, specifically PLAY and TENGU, have accelerated their operational tempo, claiming numerous victims across the United States, Europe, and Asia within a 24-hour window. The victims range from critical manufacturing and telecommunications infrastructure to legal and healthcare entities.

Second, Data Breach incidents have reached a critical mass, with threat actors trading or leaking massive databases. Notable compromises include the alleged leak of 1.2 million records from zHealthEHR , the exposure of Zebra Technologies’ source code , and significant government leaks in Indonesia and Kuwait. The sale of access credentials and “initial access” to corporate networks remains a thriving underground economy, fueling future attacks.

Third, a geopolitical Hacktivist War is currently active, predominantly involving actors such as INDIAN CYBER MAFIA, Cyber Strike Force, 7 Proxies, and Trojan 1337. These groups are engaged in a tit-for-tat defacement campaign targeting educational and commercial websites in Pakistan, India, and Bangladesh. While often technically unsophisticated, the sheer volume of these attacks disrupts digital trust and operational continuity.

This report details these incidents, categorizing them by threat type, actor methodology, and victim impact to provide actionable situational awareness.

---

2. Threat Actor Profile & Campaign Analysis

The following section analyzes the primary threat actors active during this observation period, their methodologies, and their specific targets.

2.1. The “PLAY” Ransomware Group

The PLAY ransomware group has demonstrated significant aggression during this period, focusing on exfiltrating sensitive corporate data and threatening publication within short timeframes (typically 4-5 days). Their targeting is indiscriminate regarding industry but focuses heavily on organizations with critical intellectual property or sensitive client data.

• Tactics: Double extortion (encryption + data theft).
• Recent Targets:
  • Telecommunications: Tele-Plus Corporation (USA).
  • Manufacturing: F & B MFG LLC (Aerospace) and Quantum Fuel Systems (Energy).
  • Legal: Routten & Laster Law, PLLC.
  • Architecture: Christine London Ltd.
• Impact: The group routinely claims possession of payroll, taxes, client documents, and financial information. The specific mention of “Private and personal confidential data” suggests a high risk of identity theft for employees and clients of victim organizations.

2.2. TENGU Ransomware

A seemingly distinct actor, TENGU, has emerged with a global targeting profile, striking entities in Kenya, Indonesia, Colombia, and India on the same day.

• Targets:
  • National Mining Corporation (Kenya): A critical infrastructure target where 15GB of data was stolen.
  • Jakarta Nanyang School (Indonesia): Targeting the education sector.
  • Disuelas JC SAS (Colombia): A retail entity with a massive 103GB data loss.
  • Prem Motors (India): Automotive sector, 80GB exfiltrated.
• Operational Tempo: TENGU sets longer deadlines than PLAY, typically ranging from 5 to 9 days for data publication.

2.3. The South Asian Hacktivist Cluster

A significant portion of the analyzed data pertains to a cyber-skirmish involving actors identifying as INDIAN CYBER MAFIA, Cyber Strike Force, 7 Proxies, and Trojan 1337.

• Cyber Strike Force (Pro-Pakistan/Anti-India alignment): This group has focused heavily on defacing websites within Pakistan, which appears counter-intuitive unless these are “false flag” operations or internal disputes, or potentially targeting specific businesses for extortion under the guise of hacktivism. They targeted entities like Islamabad Dermatologist and Peshawar Public School. However, they also targeted a UK-based entity, Rock Himalayan Salt Ltd.
• INDIAN CYBER MAFIA: This group engaged in a rapid-fire campaign against Pakistani commercial and educational sites, including Am Soft Tech , Cosmo Group Pakistan , and ClothingRIC (USA-based but likely Pakistani-linked).
• 7 Proxies & Trojan 1337: These groups concentrated almost exclusively on the Bangladeshi education sector, defacing dozens of high school and college websites (e.g., Govt. Safar Ali College, Jarua Adarsha High School). This suggests a localized political or social motivation driving these disruptions.

2.4. Infrastructure Destruction Squad

This actor represents a higher tier of danger than standard website defacers. They claim to have breached Operational Technology (OT) and Industrial Control Systems (ICS) in Palestine.

• Critical Infrastructure Targeting: They claimed access to water pump stations and environmental control systems (ASSISTEC).
• Potential for Kinetic Damage: Their claims involve the ability to manipulate pressure levels in compressors and gas concentration monitoring. If true, this moves beyond data theft to potential physical sabotage and safety risks.

---

3. Detailed Incident Analysis by Category

3.1. Major Data Breaches

The volume of data exposed on January 26 is staggering. This section highlights the most critical breaches based on data sensitivity and volume.

A. Healthcare and Medical Data

The healthcare sector remains a prime target due to the value of medical records.

• zHealthEHR Breach: A threat actor named ‘Kazu’ claims to have leaked 15GB of data involving 1.23 million records from zHealthEHR. This includes patient info, clinical records, and scheduling data. A separate source corroborates a similar ransomware extortion attempt against zHealth EHR by the same actor.
• Lena Health: Actor ‘FulcrumSec’ claims to have exposed PII/PHI for 2,134 patients and 20,000 recorded patient calls.
• Unimed (Brazil): A massive claim by ‘ByteToBreach’ involves 70TB of data including medical imaging and government IDs.

B. Government and National Security

• U.S. ICE Agents: Actor ‘cementine’ leaked data on 1,580 ICE agents, including photographs for 337 of them, posing a significant physical security risk to federal agents.
• Kuwait Ministry of Electricity & Water: ‘0xrau1’ leaked 20,000 employee records.
• Indonesian Education (Penerimaan Siswa Baru): A breach exposed student enrollment records, including NIK numbers and birth details.
• Turkish Citizenship Database: Multiple actors (‘hizim180’) claim to be selling or leaking massive databases of Turkish citizens, with one claim citing 109 million records and another citing 80+ million addresses.

C. Corporate Intellectual Property

• Zebra Technologies: Actor ‘888’ claims to have leaked source code, SQL files, and API tokens. The theft of source code and hardcoded credentials is a “Class A” security failure that allows other actors to find vulnerabilities in Zebra products.
• Gybsaco (Mexico): Leak of full-stack source code for pricing and order management systems.

3.2. Ransomware Operations

Ransomware activity was global and high-volume.

• Industrial & Manufacturing:
  • Uniflex Technology Inc (Taiwan): INC RANSOM claims to have 430GB of technical drawings and FPC board designs.
  • Mills Products (USA): Hit by Qilin Ransomware.
  • Kreisel GmbH & Co. KG (Germany): Hit by Nova Ransomware, losing 19GB of data.
• DevMan 2.0 Campaigns: This group targeted CS Caritas Socialis (Austria), a healthcare provider, taking 120GB of data , and an unknown US entity involved in national security/biological blueprints.

3.3. The Cybercrime Economy: Initial Access & Malware

The marketplace for cybercrime tools is active, facilitating the attacks described above.

• Initial Access Sales:
  • Azure Cloud Access: Actor ‘saks’ is selling unauthorized access to a US Azure environment via service principal credentials.
  • WordPress Admin Access: Multiple listings for compromised WordPress shops in the UK , Germany, Austria, Italy , and the USA.
  • Government/Military Data: Actor ‘Jeewan’ claims to be selling data from multiple governments and militaries.
• Malware Tools:
  • AV/EDR Bypass: Source code for bypassing antivirus and Endpoint Detection and Response systems is being sold by ‘RichAsHell’.
  • Crypto Wallet Exploits: Tools for scanning and brute-forcing crypto wallets are being marketed by ‘cryptxgraph’.

---

4. Comprehensive Incident Register

A chronological detailed narrative of all 144 reported events.

1. Cryptonary Captchaless VM Sale: Threat actor ‘Sythe’ listed a “Captchaless VM” for sale related to Cryptonary.com. The tool reportedly bypasses captcha using rotating proxies, targeting the financial services sector.

2. KuCoin Exploitation Tool: The same actor, ‘Sythe’, offered a similar “Captchaless VM & Verification Nodes” tool targeting the KuCoin cryptocurrency exchange platform.

3. Global Hardware Reseller Breach: Actor ‘btcokiz’ posted a sale of customer data sourced from official hardware resellers. The data includes PII and partial card data from victims in Australia and other regions.

4. Freida Rothman Ransomware: The luxury jewelry brand Freida Rothman was hit by SAFEPAY ransomware. The attackers threatened to publish stolen data within 2-3 days.

5. Indonesian Student Database Leak: ‘RapperXploit’ leaked the ‘Penerimaan Siswa Baru’ database, exposing sensitive student PII including NIK numbers and family details.

6. Biological/Military Data Ransom: DEVMAN 2.0 claimed a victim (c*n**lta*i*.com) and 450GB of data, allegedly including US Army nitroglycerin supply chain info and biological lab blueprints.

7. US ICE Data Leak: Actor ‘cementine’ released data on 1,580 US Immigration and Customs Enforcement agents, including photos, a severe doxing incident.

8. Zebra Technologies Source Code Leak: Actor ‘888’ leaked internal data from Zebra Technologies, including source code, API tokens, and Terraform files, compromising their software integrity.

9. UK WordPress Access Sale: Unauthorized admin access to a UK-based WordPress shop was listed for sale by ‘ParanoiaDe’.

10. Algerian Education Ministry Breach: ‘DARK 07x’ claimed to have extracted 1TB of data from the Directorate of Education for El Oued Province, Algeria, including employee and student records.

11. European WordPress Access Sale: ‘ParanoiaDe’ listed access to WordPress shops in Germany, Austria, and Italy.

12. Uniflex Technology Ransomware: INC RANSOM hit Uniflex Technology (Taiwan), stealing 430GB of manufacturing designs and client data.

13. Am Soft Tech Defacement: INDIAN CYBER MAFIA defaced the website of Am Soft Tech (Pakistan).

14. Crypto Investor Database Sale: A database of US crypto investors with holdings over $300k was listed for sale by ‘medleydeigarata’.

15. Dinomars.net Defacement: INDIAN CYBER MAFIA defaced dinomars.net.

16. Cosmo Group Pakistan Defacement: INDIAN CYBER MAFIA targeted the cosmetics company Cosmo Group Pakistan.

17. Ticketnara Breach: Actor ‘Ma[x]’ dumped Korean user records (email/passwords) from Ticketnara.net.

18. TruthFinder/InfoTracer API Exposure: ‘OpenBullet’ offered an API wrapper exposing background check data from TruthFinder/InfoTracer.

19. The Sourcing Group Ransomware: PLAY ransomware hit The Sourcing Group (USA), stealing payroll and tax data. This is a repeat victimization (previously hit by DANON in 2024).

20. Tele-Plus Corporation Ransomware: PLAY ransomware compromised Tele-Plus Corp (USA), threatening to publish financial and client data.

21. Lubny Kommunal Defacement: ‘Perun Svaroga’ defaced the utility management website in Ukraine.

22. RusDosug Escort Database Leak: ‘tarrabright’ leaked data on 8,813 users of the Russian escort site [suspicious link removed].

23. Kuwait Ministry of Electricity Leak: ‘0xrau1’ leaked 20,000 employee records from the Kuwaiti Ministry (MEW).

24. F & B MFG LLC Ransomware: PLAY ransomware targeted this US aviation/aerospace manufacturer, stealing technical and financial data.

25. CS Caritas Socialis Ransomware: DEVMAN 2.0 targeted this Austrian healthcare organization, claiming 120GB of data.

26. US WordPress Access Sale: ‘manofworld’ sold unauthorized admin access to a US website.

27. ALLMAX Nutrition Ransomware: PLAY ransomware targeted ALLMAX (Canada). They were previously hit by INC RANSOM in 2025, marking another repeat victim.

28. Quantum Fuel Systems Ransomware: PLAY ransomware compromised this US oil & gas entity, stealing budget and payroll data.

29. Canada411 Breach: Actor ‘renn’ claimed a breach of 9.8 million records from Canada411, including names and addresses.

30. Routten & Laster Law Ransomware: PLAY ransomware hit this US law firm, exfiltrating client documents and sensitive legal data.

31. Joyva Corp Ransomware: PLAY ransomware targeted the US food manufacturer Joyva Corp.

32. Sea Island Shrimp House Ransomware: INC RANSOM claimed 1TB of data from this US food service company.

33. Christine London Ltd Ransomware: PLAY ransomware hit this US architecture firm.

34. Aquatic Control Inc Ransomware: PLAY ransomware compromised this US environmental services company.

35. AV/EDR Bypass Sale: ‘RichAsHell’ sold source code for malware designed to bypass endpoint security.

36. Enviro-Hub Holdings Attack: This Singaporean company publicly confirmed a ransomware attack on its servers.

37. NDTV News Interception: ‘QuietSec’ claimed to disrupt the live stream of NDTV (India).

38. Under Armour SQL Leak: ‘Meower201’ shared a compiled SQL file of email addresses from a previous Under Armour breach.

39. zHealthEHR Breach (Sale): ‘Kazu’ listed 1.23 million records from zHealthEHR (USA) for sale.

40. El Bajo Roleplay Leak: ‘ByteHunter’ leaked player IDs and IPs from this FiveM gaming server.

41. East Coast Engineering Defacement: Cyber Strike Force defaced the website of this Pakistani construction firm.

42. Palestine Environmental Control Breach: Infrastructure Destruction Squad claimed access to ASSISTEC systems managing airflow and gas in Palestinian facilities.

43. Energy Solutions Pvt Ltd Defacement: Cyber Strike Force defaced this Pakistani energy site.

44. Islamabad Dermatologist Defacement: Cyber Strike Force defaced this medical website.

45. Doctorzone Defacement: Cyber Strike Force defaced the Doctorzone website in Pakistan.

46. Palestine Water Pump Breach: Infrastructure Destruction Squad claimed to control a water pump station’s VFD panels in Palestine.

47. Rock Himalayan Salt Defacement: Cyber Strike Force defaced this UK-based food company’s site.

48. US Industrial Smoking Control Breach: ‘Z-PENTEST ALLIANCE’ claimed access to an industrial smoking control system in the USA.

49. Islamabad Dermatologist (Bonus) Defacement: Cyber Strike Force defaced a secondary site for the same victim.

50. BioZmzm Control System Breach: Infrastructure Destruction Squad accessed compressor controls at BioZmzm Plastic Industries in Palestine.

51. Paragon Education Network Defacement: Cyber Strike Force defaced this educational site in Pakistan.

52. Golden Edge Online Defacement: INDIAN CYBER MAFIA defaced this Pakistani e-commerce site.

53. zHealth EHR Ransom: ‘Kazu’ (same actor as the sale) listed zHealth EHR on a ransom leak site, threatening publication in 22 days.

54. Peshawar Public School Defacement: Cyber Strike Force targeted this educational institution.

55. Rahmat Schools Defacement: Cyber Strike Force defaced Rahmat Schools in Pakistan.

56. WebERP Defacement: INDIAN CYBER MAFIA defaced WebERP (Pakistan).

57. Advance Systems Defacement: INDIAN CYBER MAFIA targeted this Pakistani IT firm.

58. Al Habib Pharmaceuticals Defacement: INDIAN CYBER MAFIA defaced this healthcare site.

59. ClothingRIC Defacement: INDIAN CYBER MAFIA targeted this US-based (Pakistani linked) clothing store.

60. Majlis-e-Ahrar-e-Islam Defacement: INDIAN CYBER MAFIA defaced this religious institution’s site.

61. SAZ Enterprises Defacement: INDIAN CYBER MAFIA targeted this wholesale business.

62. OwnzYou Defacement: INDIAN CYBER MAFIA defaced OwnzYou (Security/Mirror site).

63. SportsInc Defacement: INDIAN CYBER MAFIA defaced this retail site.

64. Phetchaburi Rajabhat Univ Defacement: ‘EXADOS’ defaced the internal audit unit of this Thai university.

65. US CEO Database Sale: ‘TheSnake’ listed 1 million US business/CEO records for sale.

66. Meri Dharti Schools Defacement: INDIAN CYBER MAFIA targeted this Pakistani school.

67. Koranit Construction Breach: ‘EXADOS’ breached this Thai construction company.

68. Cordoba School Defacement: INDIAN CYBER MAFIA defaced the International School and College of Cordoba.

69. Sitoy Group Ransomware: Abyss Ransomware claimed 1.7TB of data from Sitoy Group (China/Retail).

70. Golden Edge Multimedia Defacement: INDIAN CYBER MAFIA targeted this media company.

71. Indian Shop SQL Injection: ‘savel987’ sold SQL injection access to an Indian shop.

72. Syngenta Vegetables Defacement: INDIAN CYBER MAFIA defaced this agriculture site.

73. Lyleoo Data Breach: ‘DumpSec’ leaked 900,000 user records from the French health platform Lyleoo.

74. Rajarambapu Sahakari Bank Access: ‘Pharaohs Team’ sold web shell access to this Indian bank.

75. Indonesian Religious Affairs Access: ‘Z-BL4CX-H4T.ID’ compromised the Ministry of Religious Affairs website.

76. National Mining Corp Ransomware: TENGU ransomware hit the National Mining Corp of Kenya.

77. Jarua Adarsha High School Defacement: ‘Trojan 1337’ defaced this Bangladeshi school.

78. LimeHD Data Breach: ‘lulzintel’ leaked 600,000 user records from Russian media site LimeHD.

79. Govt Safar Ali College Defacement: ‘7 Proxies’ defaced this Bangladeshi college.

80. Jakarta Nanyang School Ransomware: TENGU ransomware targeted this Indonesian school.

81. Hatkhala SEDSP School Defacement: ‘Trojan 1337’ defaced this Bangladeshi school.

82. Disuelas JC SAS Ransomware: TENGU hit this Colombian retailer, taking 103GB of data.

83. SMAN 8 Bandung Breach: ‘CY8ER_N4TI0N’ leaked the database of this Indonesian school.

84. Gybsaco Data Sale: ‘Straightnumberone’ sold data and source code from Mexican energy company Gybsaco.

85. Shalia High School Defacement: ‘Trojan 1337’ defaced this Bangladeshi school.

86. Prem Motors Ransomware: TENGU ransomware targeted Prem Motors (India).

87. Mokamia High School Defacement: ‘Trojan 1337’ defaced this Bangladeshi school.

88. Unimed Breach: ‘ByteToBreach’ claimed a 70TB data breach of Unimed (Brazil).

89. Lithuania Infrastructure Alert: ‘.cardinal’ claimed to target Lithuanian infrastructure.

90. Jorinyoga Defacement: ‘InDoM1nuS Team’ defaced this Dutch health site.

91. Cool Credit Data Sale: ‘Sorb’ sold 360,000 client records from Czech firm Cool Credit.

92. Triolan Attack: NoName057(16) targeted Ukrainian telecom Triolan.

93. SITV Attack: NoName057(16) targeted Ukrainian telecom SITV.

94. Bahadurpur Anjuman High Defacement: ‘7Proxies’ defaced this Bangladeshi school.

95. Tangerang City Leak: ‘AYYUBI’ leaked 6,657 employee records from Tangerang City Government (Indonesia).

96. Iran/Hezbollah Portal Access: ‘0BITS’ leaked login access to a “CyberSpace Portal”.

97. Chin-car Breach: ‘X0Frankenstein’ leaked customer data from Russian auto site Chin-car.

98. Valum Ataur Rahman College Defacement: ‘7 Proxies’ defaced this Bangladeshi college.

99. TC Pro (Turkish Citizenship) Breach: ‘hizim180’ claimed a breach of 109 million Turkish citizenship records.

100. Champaknagar College Defacement: ‘7 Proxies’ defaced this Bangladeshi college.

101. Govt/Military Data Sale: ‘Jeewan’ sold mixed government/military data.

102. Lena Health Breach: ‘FulcrumSec’ leaked patient data from US-based Lena Health.

103. Azure Cloud Access: ‘saks’ sold unauthorized access to a US Azure environment.

104. Wins School Rangpur Breach: ‘7 Proxies’ breached this Bangladeshi school.

105. Iranian Admin Access Sale: ‘Jeewan’ sold backdoor access to Iranian domains.

106. Turkish Citizenship Address Leak: ‘hizim180’ claimed another leak of 80+ million addresses.

107. Soro Municipality Defacement: ‘Team Azrael’ defaced this Indian government site.

108. ZS Study Advisors Defacement: ‘7 Proxies’ defaced this Pakistani education site.

109. Hatbangram High School Defacement: ‘7 Proxies’ defaced this Bangladeshi school.

110. Kreisel GmbH Ransomware: Nova Ransomware targeted this German manufacturer.

111. Ultra ITC Defacement: ‘7 Proxies’ defaced this US IT company.

112. Kemtali Technical High School Defacement: ‘7 Proxies’ defaced this Bangladeshi school.

113. Alpha Business Consultation Defacement: ‘InDoM1nuS Team’ defaced this UK legal site.

114. We Hire Top Defacement: ‘7 Proxies’ defaced this Pakistani business site.

115. Developercubix Defacement: ‘InDoM1nuS Team’ defaced this site.

116. Lacaris Data Leak: ‘mazer’ leaked data related to Lacaris.

117. Gilgit Baltistan Power Dept Breach: ‘HackShyen’ claimed to wipe data and shut down hydel stations in Pakistan.

118. Perpety High School Defacement: ‘7 Proxies’ defaced this Bangladeshi school.

119. Assim Bahumukhi High School Defacement: ‘7 Proxies’ defaced this Bangladeshi school.

120. Govt Janata College Defacement: ‘7 Proxies’ defaced this Bangladeshi college.

121. Genome Database Sale: ‘Bjdrlddnu7’ sold a 1.38B record Chinese genome database.

122. Situsmaster333 Defacement: ‘JavaneseTeam’ defaced this site.

123. AAIHP Breach: ‘Shenron’ leaked data from French healthcare entity AAIHP.

124. Trisquare Invoicing Defacement: ‘BABAYO EROR SYSTEM’ defaced this Malaysian invoicing site.

125. Palestine Vulnerabilities: Infrastructure Destruction Squad claimed to find vulnerabilities in 500 Palestinian orgs.

126. Toko Defacement: ‘JavaneseTeam’ defaced this Vietnamese site.

127. ExplorExperts Defacement: ‘BABAYO EROR SYSTEM’ defaced this US travel site.

128. West Java Govt Leak: ‘CinCauGhast’ leaked 37,000 civil servant records.

129. Bandartotosgp Defacement: ‘JavaneseTeam’ defaced this site.

130. RSU MEDIMAS Breach: ‘maul1337’ breached this Indonesian hospital.

131. IKIO Technologies Defacement: ‘Z-BL4CX-H4T.ID’ defaced this Indian tech company.

132. Oasis India IT Store Defacement: ‘Z-BL4CX-H4T.ID’ defaced this Indian IT store.

133. Sishu RatnaSagar Defacement: ‘Z-BL4CX-H4T.ID’ defaced this Indian publisher.

134. ATN Bangla Defacement: ‘Trojan 1337’ defaced this Bangladeshi media site.

135. Mills Products Ransomware: Qilin ransomware hit this US manufacturer.

136. Crypto Wallet Tool Sale: ‘cryptxgraph’ sold wallet exploitation tools.

137. Hong Kong Leads Sale: ‘betway’ sold 563k private leads from Hong Kong.

138. StormForum Leak: ‘sqlattacker’ leaked user data from StormForum.

139. Thai Search & Rescue Breach: ‘EXADOS’ breached the Thai SAR commission.

140. Brazilian Data Leak: ‘kowalskisp’ leaked fresh Brazilian personal data.

141. Grand Lodge of France Leak: ‘Didiplayer’ leaked documents from the Freemasons.

142. US Credit Card Leak: ‘saks’ leaked US credit/debit card data.

143. TaquillaLive Breach: ‘malconguerra2’ leaked 21,000 records from this Colombian entertainment site.

144. Zakat Fund Access: ‘Pharaohs Team’ claimed access to the Zakat Fund in Lebanon.

---

5. Regional & Sector Impact Analysis

5.1. Geographic Hotspots

South Asia (Pakistan, India, Bangladesh)

The region is currently the most active conflict zone in terms of frequency of attacks, though most are low-sophistication defacements.

• Pakistan: Heavily targeted by INDIAN CYBER MAFIA (commercial/retail sectors) and Cyber Strike Force (internal/false flag targets).
• Bangladesh: The education sector is under siege by 7 Proxies and Trojan 1337, with over 15 schools and colleges defaced in one day.
• India: Targeted by Z-BL4CX-H4T.ID and Team Azrael, affecting tech companies and municipalities.

The United States

The US remains the primary target for financially motivated ransomware and high-value data breaches.

• Ransomware: PLAY ransomware is aggressively targeting US manufacturing and legal sectors.
• Data Integrity: The leak of ICE agent data and the Zebra Technologies source code represents significant national security and commercial risks.

Southeast Asia (Indonesia, Thailand)

Indonesia is facing a crisis of government data security.

• Government Leaks: Breaches in West Java, Tangerang City, and the Ministry of Religious Affairs indicate systemic vulnerabilities in public sector digital infrastructure.
• Thailand: Facing attacks on educational and government rescue services by actor EXADOS.

5.2. Industry Analysis

Education

Educational institutions are the most frequently targeted entities by volume, particularly in Bangladesh, Indonesia, and Pakistan. These targets are likely chosen for their poor security posture, allowing hacktivists to claim “easy wins” for reputation building.

Healthcare

The healthcare sector faces the highest severity of threats. The breaches of zHealthEHR, Lena Health, Unimed, and Lyleoo expose millions of patients to medical identity theft. The involvement of ransomware groups like DEVMAN 2.0 in attacking care providers (Caritas Socialis) highlights the ruthlessness of current actors.

Critical Infrastructure & Manufacturing

Attacks on water power departments (Pakistan), mining corporations (Kenya), and environmental control systems (Palestine) demonstrate that OT/ICS systems are increasingly vulnerable. The attack on Quantum Fuel Systems and F & B MFG LLC by PLAY ransomware underlines the threat to the supply chain.

---

6. Conclusion and Strategic Recommendations

The intelligence gathered from January 26, 2026, depicts a cyber threat landscape that is both highly aggressive and regionally stratified.

Key Conclusions:

1. Ransomware Acceleration: Groups like PLAY are operating with high efficiency, hitting multiple sectors simultaneously. The emergence of TENGU as a global player adds to the threat surface.
2. Data Hemorrhage: The sheer volume of PII available for sale—ranging from medical records to government IDs and CEO databases—suggests that data breaches are now a constant environmental hazard rather than isolated incidents.
3. Hacktivism as a Smoke Screen: While the high volume of defacements in South Asia may seem like “noise,” they disrupt operations and can mask more serious intrusions. The targeting of educational institutions is widespread and coordinated.
4. Operational Technology Risk: The claims by Infrastructure Destruction Squad regarding water and air control systems in Palestine represent a potential escalation from digital disruption to physical harm.

Strategic Recommendations:

• For Manufacturing/Critical Infra: Immediate review of OT/ICS remote access security is required, specifically regarding the vulnerabilities exploited by groups like Infrastructure Destruction Squad.
• For Healthcare: Organizations must prepare for “double extortion” scenarios. The zHealthEHR incident confirms that even cloud-based EHR platforms are vulnerable targets.
• For Software Vendors: The Zebra Technologies source code leak serves as a warning. Strict secrets management (preventing hardcoded credentials) and repository monitoring are essential.
• For Government Agencies: Enhanced protection of employee personnel files is critical, as demonstrated by the doxing of US ICE agents and Kuwaiti ministry employees.

This report confirms that the velocity of cyber attacks is increasing, necessitating a shift from reactive defense to proactive threat hunting and rigorous supply chain risk management.

Detected Incidents Draft Data

1. Alleged Sale of Cryptonary Captchaless VM
   Category: Data Breach
   Content: The threat actor claims to be selling Cryptonary Captchaless VM, The service claims that only rotating proxies are required, suggesting built-in captcha bypass capability
   Date: 2026-01-26T23:59:16Z
   Network: openweb
   Published URL: https://breachforums.bf/Thread-SELLING-Cryptonary-com-Captchaless-VM
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/d47776dd-5e53-4c05-a9a1-96c9b9d07acd.png
   Threat Actors: Sythe
   Victim Country: Unknown
   Victim Industry: Financial Services
   Victim Organization: cryptonary
   Victim Site: cryptonary.com
2. Alleged Sale of KuCoin
   Category: Data Breach
   Content: The threat actor claims to be selling KuCoin Captcha-less VM & Verification Nodes.
   Date: 2026-01-26T23:28:57Z
   Network: openweb
   Published URL: https://breachforums.bf/Thread-SELLING-Kucoin-Captchaless-VM-VN
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/411cf401-4bf9-4dae-af7f-db2065d1df94.png
   Threat Actors: Sythe
   Victim Country: Unknown
   Victim Industry: Financial Services
   Victim Organization: kucoin
   Victim Site: kucoin.com
3. Alleged sale of Hardware reseller customer data
   Category: Data Breach
   Content: Threat actor claims to be selling customer data allegedly sourced from official hardware resellers, covering multiple countries. The compromised data reportedly includes personally identifiable information such as names, addresses, emails, purchase details, and partial card data.
   Date: 2026-01-26T23:19:47Z
   Network: openweb
   Published URL: https://forum.exploit.in/topic/274594/
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/0632b243-134c-4735-bb25-4f9d58a393f2.png
   Threat Actors: btcokiz
   Victim Country: Australia
   Victim Industry: Computer Hardware
   Victim Organization: Unknown
   Victim Site: Unknown
4. Freida Rothman falls victim to SAFEPAY Ransomware
   Category: Ransomware
   Content: The group claims to obtained the organizations data and they intend to publish it within 2-3 days.
   Date: 2026-01-26T22:54:10Z
   Network: tor
   Published URL: http://safepaypfxntwixwjrlcscft433ggemlhgkkdupi2ynhtcmvdgubmoyd.onion/blog/post/freidarothmancom/
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/bf083526-8728-4b7c-942c-eee5caccdae3.png
   Threat Actors: SAFEPAY
   Victim Country: USA
   Victim Industry: Luxury Goods & Jewelry
   Victim Organization: freida rothman
   Victim Site: freidarothman.com
5. Alleged data leak of Penerimaan Siswa Baru
   Category: Data Breach
   Content: The threat actor claims to have leaked an Indonesian student admission database (Penerimaan Siswa Baru), exposing school enrollment records containing student names, NIK and NISN numbers, dates and places of birth, gender, home addresses, fathers’ names, and origin schools.
   Date: 2026-01-26T22:33:07Z
   Network: openweb
   Published URL: https://breachforums.bf/Thread-DATABASE-Database-Penerimaan-Siswa-Baru
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/3ec27c07-6d78-4484-aeed-aa7b15ae9a67.png
   Threat Actors: RapperXploit
   Victim Country: Indonesia
   Victim Industry: Higher Education/Acadamia
   Victim Organization: Unknown
   Victim Site: Unknown
6. DEVMAN 2.0 ransomware group adds an unknown victim (cnltai.com)
   Category: Ransomware
   Content: The group claims to have obtained 450 GB of organizations data. The data includes national security–related materials, including biological laboratory facility blueprints and information regarding the U.S. Army’s nitroglycerin supply chain. They intend to publish the data within 10-11 days.
   Date: 2026-01-26T22:29:42Z
   Network: tor
   Published URL: http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/00e9e779-bb83-4b34-8b8b-ab5edb8f1e8a.png
   Threat Actors: DEVMAN 2.0
   Victim Country: USA
   Victim Industry: Unknown
   Victim Organization: Unknown
   Victim Site: cnltai.com
7. Alleged data leak of U.S. Immigration and Customs Enforcement (ICE)
   Category: Data Breach
   Content: The threat actor claims to have released data linked to the widely reported ICE data breach, allegedly exposing information on 1,580 ICE agents, including 337 records with associated photographs.
   Date: 2026-01-26T22:25:59Z
   Network: openweb
   Published URL: https://breachforums.bf/Thread-ICELIST-1580-Agents-337-Photos
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/10087f9f-c23d-493a-bf92-f21fe4c85006.png
   Threat Actors: cementine
   Victim Country: USA
   Victim Industry: Government & Public Sector
   Victim Organization: Unknown
   Victim Site: Unknown
8. Alleged data breach of Zebra Technologies
   Category: Data Breach
   Content: The threat actor claims to have leaked Zebra Technologies and leaked internal company data.the compromised materials allegedly include source code, SQL files, configuration files, Terraform files, API tokens, and hardcoded credentials.
   Date: 2026-01-26T22:19:38Z
   Network: openweb
   Published URL: https://darkforums.io/Thread-Source-Code-Zebra-Technologies-Data-Breach-Leaked-Download
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/3138b7df-c080-461b-a831-8de18edfd4ad.png
   Threat Actors: 888
   Victim Country: USA
   Victim Industry: Information Technology (IT) Services
   Victim Organization: zebra technologies
   Victim Site: zebra.com
9. Alleged Sale of Unauthorized Admin Access to a WordPress Shop in UK
   Category: Initial Access
   Content: Threat Actor claims to be selling unauthorized admin access to a WordPress shop in UK.
   Date: 2026-01-26T22:10:53Z
   Network: openweb
   Published URL: https://forum.exploit.biz/topic/274598/
   Screenshots:
   https://d34iuop8pidsy8.cloudfront.net/4ee9b875-1e4c-4545-a716-a5908116b975.png
   Threat Actors: ParanoiaDe
   Victim Country: UK
   Victim Industry: Unknown
   Victim Organization: Unknown
   Victim Site: Unknown
10. Alleged data breach of the Directorate of Education for El Oued Province in Algeria
    Category: Data Breach
    Content: The group claims to have breached Directorate of Education in El Oued Province and extracted more than one terabyte of data, including databases and confidential files such as government and administrative documents, employee and teacher records, phone numbers, internal emails with credentials, student data, examination materials and grading information, and scholarship-related records, as well as access to email login credentials for ministerial and affiliated institutions
    Date: 2026-01-26T21:40:38Z
    Network: telegram
    Published URL: https://t.me/DarK07xxxxxxx/1457
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b152a5e3-b948-4761-8374-196d77a1fdc6.jpg
    https://d34iuop8pidsy8.cloudfront.net/461645a0-1e39-4250-a405-66db5cdd3d6c.jpg
    https://d34iuop8pidsy8.cloudfront.net/57bfcbbe-721c-4915-933b-f77fddfa91cd.jpg
    https://d34iuop8pidsy8.cloudfront.net/72e65225-c6ee-48e3-a40d-1de794c43785.jpg
    Threat Actors: DARK 07x
    Victim Country: Algeria
    Victim Industry: Government Administration
    Victim Organization: the directorate of education for el oued province in algeria
    Victim Site: deeloued.education.dz
11. Alleged Sale of Unauthorized Admin Access to WordPress Shops in Multiple Countries
    Category: Initial Access
    Content: Threat Actor claims to be selling unauthorized admin access to WordPress shops in multiple countries including Germany, Austria and Italy.
    Date: 2026-01-26T21:40:07Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/274600/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/520ee740-74a1-486d-9bb5-92b2eb913579.png
    Threat Actors: ParanoiaDe
    Victim Country: Germany
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
12. Uniflex Technology Inc falls victim to INC RANSOM Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 430 GB of organisations data. The Compromised data includes confidential client information, Flexible printed circuit (FPC) boards, surface mount technology (SMT) services project files, technical drawings, manufacturing and design documents, contracts and agreements, quality control records, research data, and other sensitive corporate materials. They intend to publish it within 14 days.
    Date: 2026-01-26T21:26:21Z
    Network: tor
    Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/6977d2048f1d14b743bb9795
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3d92da14-26de-4e29-83c1-c68345968479.png
    Threat Actors: INC RANSOM
    Victim Country: Taiwan
    Victim Industry: Electrical & Electronic Manufacturing
    Victim Organization: uniflex technology inc
    Victim Site: uniflex.com.tw
13. INDIAN CYBER MAFIA targets the website of Am Soft Tech
    Category: Defacement
    Content: The Group claims to have defaced the website of Am Soft Tech
    Date: 2026-01-26T21:00:40Z
    Network: telegram
    Published URL: https://t.me/c/2318545663/74
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/5ff6a838-b37e-4d4c-b8c0-d1d6e68c1f79.png
    https://d34iuop8pidsy8.cloudfront.net/c496ae45-ea3d-4fba-9bd2-891f37454dcf.png
    Threat Actors: INDIAN CYBER MAFIA
    Victim Country: Pakistan
    Victim Industry: Information Services
    Victim Organization: am soft tech
    Victim Site: amsofttech.com
14. Alleged Sale of Crypto Investors Database in USA
    Category: Data Breach
    Content: Threat Actor claims to be selling the database of crypto investors with holdings exceeding $300,000 in USA.
    Date: 2026-01-26T20:59:39Z
    Network: openweb
    Published URL: https://leakbase.la/threads/serious-capital-company-all-crypto-investors-over-300k.48537/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8231fb8a-c8bd-485a-ad84-e3ca53b8ddd1.png
    Threat Actors: medleydeigarata
    Victim Country: USA
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
15. INDIAN CYBER MAFIA targets the website dinomars.net
    Category: Defacement
    Content: The Group claims to have defaced the website dinomars.net
    Date: 2026-01-26T20:53:41Z
    Network: telegram
    Published URL: https://t.me/c/2318545663/74
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/76f19785-f7db-4d14-a23f-eb49208795e5.png
    https://d34iuop8pidsy8.cloudfront.net/f670beb0-85d2-4ebe-8b59-2dcdb20def17.png
    Threat Actors: INDIAN CYBER MAFIA
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: dinomars.net
16. INDIAN CYBER MAFIA targets the website of Cosmo Group Pakistan
    Category: Defacement
    Content: The group claims to have defaced the website of Cosmo Group Pakistan.
    Date: 2026-01-26T20:32:42Z
    Network: telegram
    Published URL: https://t.me/c/2318545663/74
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e8ede70f-8b55-42eb-96e0-6310f106a0f8.png
    https://d34iuop8pidsy8.cloudfront.net/7584aa40-20a3-40a1-b6c3-82d11c69714f.png
    Threat Actors: INDIAN CYBER MAFIA
    Victim Country: Pakistan
    Victim Industry: Cosmetics
    Victim Organization: cosmo group pakistan
    Victim Site: cosmogroup.com.pk
17. Alleged data breach of Ticketnara
    Category: Data Breach
    Content: The threat actor claims to have dumped data from ticketnara.net, exposing Korean user records including email and password combinations.
    Date: 2026-01-26T20:27:58Z
    Network: openweb
    Published URL: https://bhf.pro/threads/718820/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d6af3214-2197-48da-af47-429cfb3d7d07.png
    Threat Actors: Ma[x]
    Victim Country: South Korea
    Victim Industry: E-commerce & Online Stores
    Victim Organization: ticketnara
    Victim Site: ticketnara.net
18. Alleged data leak of TruthFinder & InfoTracer API Wrapper
    Category: Data Breach
    Content: The threat actor claims to be offering an API-based service that aggregates and exposes personal and background data from TruthFinder and InfoTracer, including names, contact details, relatives, property records, business affiliations, criminal records, and legal judgments through a unified endpoint.
    Date: 2026-01-26T20:05:58Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SOURCE-CODE-TruthFinder-InfoTracer-API-Wrapper
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6e6b9d4b-a403-4a05-85a6-238aca44b78c.png
    Threat Actors: OpenBullet
    Victim Country: Unknown
    Victim Industry: Information Technology (IT) Services
    Victim Organization: Unknown
    Victim Site: Unknown
19. The Sourcing Group falls victim to PLAY Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s data. The data includes Private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and etc. They intend to publish the data within 5 days.NB: The organization previously fell victim to DANON Ransomware on Jul 22 2024
    Date: 2026-01-26T20:03:59Z
    Network: tor
    Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=9hS26dMcF51edX
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2ecbfb22-0dce-4eb8-9cf7-c83955fcfc56.png
    Threat Actors: PLAY
    Victim Country: USA
    Victim Industry: Printing
    Victim Organization: the sourcing group
    Victim Site: thesourcinggroup.com
20. Tele-Plus Corporation falls victim to PLAY Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s data. The data includes Private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and etc. They intend to publish the data within 5 days.
    Date: 2026-01-26T19:56:16Z
    Network: tor
    Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=b0Z932UKxX02Le
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/62773116-3f80-44db-81f4-f5017a7805fc.png
    Threat Actors: PLAY
    Victim Country: USA
    Victim Industry: Network & Telecommunications
    Victim Organization: tele-plus corporation
    Victim Site: telepluscorp.com
21. Perun Svaroga targets the website of Lubny Kommunal Housing and Utilities Management
    Category: Defacement
    Content: The group claims to have defaced the website of Lubny Kommunal Housing and Utilities Management
    Date: 2026-01-26T19:55:41Z
    Network: telegram
    Published URL: https://t.me/perunswaroga/1089
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/0a7ec067-e807-4400-b35a-6392ef353323.jpg
    Threat Actors: Perun Svaroga
    Victim Country: Ukraine
    Victim Industry: Facilities Services
    Victim Organization: lubny kommunal housing and utilities management
    Victim Site: lubnykju.com.ua
22. Alleged data breach of RusDosug
    Category: Data Breach
    Content: The threat actor claims to have leaked a database associated with rusdosug.com, an escort advertising platform. The exposed dataset reportedly contains information on approximately 8,813 escort users from the website.
    Date: 2026-01-26T19:49:30Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-Escort-rusdosug-com-2021
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/0c749d84-b7ed-4a6c-aff7-489bfbd185cc.png
    Threat Actors: tarrabright
    Victim Country: Russia
    Victim Industry: Consumer Services
    Victim Organization: rusdosug
    Victim Site: rusdosug.com
23. Alleged data breach of Kuwait Ministry of Electricity & Water (MEW)
    Category: Data Breach
    Content: The threat actor claims to have leaked internal employee databases of the Kuwait Ministry of Electricity, exposing approximately 20,000 records containing employee names, phone numbers, file numbers, and employment/status details.
    Date: 2026-01-26T19:38:29Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-Databases-of-employees-Kuwait-Ministry-of-Electricity
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e634634c-eac6-4f5e-a75f-eab18a51f9d9.png
    Threat Actors: 0xrau1
    Victim Country: Kuwait
    Victim Industry: Government & Public Sector
    Victim Organization: kuwait ministry of electricity & water (mew)
    Victim Site: mew.gov.kw
24. F & B MFG LLC falls victim to PLAY Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s data. The data includes Private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and etc. They intend to publish the data within 5 days.
    Date: 2026-01-26T19:35:15Z
    Network: tor
    Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=YRXvAREh8yDLPv
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d4e87cb6-a180-4fe0-be0d-672453da32cc.png
    Threat Actors: PLAY
    Victim Country: USA
    Victim Industry: Aviation & Aerospace
    Victim Organization: f & b mfg llc
    Victim Site: fbmfg.com
25. CS Caritas Socialis falls victim to DEVMAN 2.0 Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 120 GB of organizations data. Update:Initially, on January 26, 2026, the group posted about an unidentified victim (.at). On January 27, 2026, they revealed the full domain name and compromised data on their dark web portal.
    Date: 2026-01-26T19:31:55Z
    Network: tor
    Published URL: http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/42db3636-dd00-4c85-a2a9-f4d7286ba064.png
    https://d34iuop8pidsy8.cloudfront.net/2acdf428-ddf0-4149-a645-7c350b444a78.png
    Threat Actors: DEVMAN 2.0
    Victim Country: Austria
    Victim Industry: Hospital & Health Care
    Victim Organization: cs caritas socialis
    Victim Site: cs.at
26. Alleged Sale of Unauthorized WordPress Admin Access to a USA Based Website
    Category: Initial Access
    Content: Threat Actor claims to be selling unauthorized wordpress admin access to a USA based website. The access reportedly includes control over plugins and file manager functionality, with no active subscriptions present.
    Date: 2026-01-26T19:31:19Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/274588/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ed4fcad3-de05-4f96-be4a-4718561451e3.png
    Threat Actors: manofworld
    Victim Country: USA
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
27. ALLMAX Nutrition, Inc. falls victim to PLAY Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s data. The data includes Private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and etc. They intend to publish the data within 4 days.NB: The organization previously fell victim to INC RANSOM Ransomware on Aug 26 2025
    Date: 2026-01-26T19:23:26Z
    Network: tor
    Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=oReNOP4jeuqlYR
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/4ca5bf78-c008-4d1f-9f09-45d7a015b799.png
    Threat Actors: PLAY
    Victim Country: Canada
    Victim Industry: Manufacturing
    Victim Organization: allmax nutrition, inc.
    Victim Site: allmaxnutrition.com
28. Quantum Fuel Systems LLC falls victim to PLAY Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s data. The data includes Private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and etc. They intend to publish the data within 4 days.
    Date: 2026-01-26T19:16:19Z
    Network: tor
    Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=7dXzoQkG7W7gMh
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/2a2503c2-bab6-4d53-8633-a8c6dfcfa1cd.png
    Threat Actors: PLAY
    Victim Country: USA
    Victim Industry: Oil & Gas
    Victim Organization: quantum fuel systems llc
    Victim Site: qtww.com
29. Alleged Data Breach of Canada411
    Category: Data Breach
    Content: Threat Actor claims to have breached the database of Canada411 in Canada, exposing a dataset reportedly containing approximately 9,899,911 records with a total size of 574.5 MB. The leaked data allegedly includes personal information such as name, address, city, province, postal code, and phone number.
    Date: 2026-01-26T19:14:34Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/274589/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/fde4c243-985e-4d05-afe1-4fbf10e3692c.png
    Threat Actors: renn
    Victim Country: Canada
    Victim Industry: Information Services
    Victim Organization: canada411
    Victim Site: canada411.ca
30. Routten & Laster Law, PLLC falls victim to PLAY Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s data. The data includes Private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and etc. They intend to publish the data within 4 days.
    Date: 2026-01-26T19:12:24Z
    Network: tor
    Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=CRsXzC0uSp8Dmt
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b1ef66a3-cf7a-4373-9c20-913e34c838bc.png
    Threat Actors: PLAY
    Victim Country: USA
    Victim Industry: Law Practice & Law Firms
    Victim Organization: routten & laster law, pllc
    Victim Site: routtenlasterlaw.com
31. Joyva Corp falls victim to PLAY Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s data. The data includes Private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and etc. They intend to publish the data within 4 days.
    Date: 2026-01-26T19:11:33Z
    Network: tor
    Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=AvRHWxrpZZUFKJ
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/77d26ddf-ef2a-432f-8750-5cf86cbe699e.png
    Threat Actors: PLAY
    Victim Country: USA
    Victim Industry: Food & Beverages
    Victim Organization: joyva corp
    Victim Site: joyva.com
32. Sea Island Shrimp House falls victim to INC RANSOM Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 1 TB of organisations data.
    Date: 2026-01-26T19:09:36Z
    Network: tor
    Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/6977ad638f1d14b743b8d731
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e62beb0e-580e-4067-b2dc-3697f53b8c68.png
    Threat Actors: INC RANSOM
    Victim Country: USA
    Victim Industry: Food & Beverages
    Victim Organization: sea island shrimp house
    Victim Site: shrimphouse.com
33. Christine London Ltd. falls victim to PLAY Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s data. The data includes Private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and etc. They intend to publish the data within 4 days.
    Date: 2026-01-26T19:06:23Z
    Network: tor
    Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=OaIyQ4sDq3WkAj
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6c1bd9b7-6b0a-42a9-a7b7-03f017672705.png
    Threat Actors: PLAY
    Victim Country: USA
    Victim Industry: Architecture & Planning
    Victim Organization: christine london ltd.
    Victim Site: christinelondonltd.com
34. Aquatic Control, Inc. falls victim to PLAY Ransomware
    Category: Ransomware
    Content: The group claims to have obtained the organization’s data. The data includes Private and personal confidential data, clients documents, budget, payroll, IDs, taxes, finance information and etc. They intend to publish the data within 4 days.
    Date: 2026-01-26T18:53:48Z
    Network: tor
    Published URL: http://mbrlkbtq5jonaqkurjwmxftytyn2ethqvbxfu4rgjbkkknndqwae6byd.onion/topic.php?id=xuo5DJHOJgENnA
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/cb6bf207-8060-40c5-a764-38ff08a94822.png
    Threat Actors: PLAY
    Victim Country: USA
    Victim Industry: Environmental Services
    Victim Organization: aquatic control, inc.
    Victim Site: aquaticcontrol.com
35. Alleged Sale of AV/EDR Bypass Source Code
    Category: Malware
    Content: Threat Actor claims to be selling AV/EDR bypass source code allegedly designed for system compromise, including a web-based control panel and a PowerShell infection script. It reportedly enables monitoring of infected hosts and their permission levels, creation of SOCKS5 proxy or RDP access on target devices, and execution of commands against individual or multiple systems.
    Date: 2026-01-26T18:49:34Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/274585/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/5f26788a-9c71-4272-a45f-8c235573c556.png
    Threat Actors: RichAsHell
    Victim Country: Unknown
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
36. Ransomware Attack hits ENVIRO-HUB HOLDINGS LTD.
    Category: Ransomware
    Content: ENVIRO-HUB HOLDINGS LTD. has confirmed a ransomware attack on its group servers involving unauthorized access by an unknown party. The company stated that it acted quickly to contain and remediate the incident, engaged external cybersecurity experts, and has reported the matter to Singapore’s Personal Data Protection Commission (PDPC).
    Date: 2026-01-26T18:39:55Z
    Network: openweb
    Published URL: https://www.tipranks.com/news/company-announcements/enviro-hub-reports-ransomware-attack-with-no-material-operational-impact-so-far
    Screenshots:
    None
    Threat Actors: Unknown
    Victim Country: Singapore
    Victim Industry: Professional Services
    Victim Organization: enviro-hub holdings ltd.
    Victim Site: enviro-hub.com
37. QuietSec claims to target NDTV News
    Category: Alert
    Content: The group claims to have intercepted infrastructure associated with NDTV, alleging a temporary disruption of the NDTV 24×7 live television stream delivered via the NDTV Player v1 platform.
    Date: 2026-01-26T18:17:36Z
    Network: telegram
    Published URL: https://t.me/dienet3/183
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/eaca3338-5dd7-4f8c-bb43-f51e37e9353a.jpg
    Threat Actors: QuietSec
    Victim Country: India
    Victim Industry: Broadcast Media
    Victim Organization: ndtv news
    Victim Site: ndtv.com
38. Alleged data breach of Under Armour SQL File
    Category: Data Breach
    Content: The threat actor claims to have shared an SQL file extracted from the previously disclosed Under Armour data breach, containing email addresses only, compiled to save time compared to parsing multiple CSV files.
    Date: 2026-01-26T17:55:01Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-Under-Armour-SQL-File
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6b6c2294-d0c1-418b-b771-d73883bea1f1.png
    Threat Actors: Meower201
    Victim Country: USA
    Victim Industry: Fashion & Apparel
    Victim Organization: under armour
    Victim Site: underarmour.com
39. Alleged data leak of zHealthEHR California
    Category: Data Breach
    Content: The threat actor claims to have compromised zHealthEHR, a cloud-based electronic health record (EHR) and practice management platform used by chiropractic and wellness clinics, resulting in the exposure of approximately 1.23 million records totaling 15 GB of data. Allegedly exposed data includes ,Patient and clinic information,Clinical and administrative records,Appointment scheduling data.
    Date: 2026-01-26T17:50:47Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-zHealthEHR-California-Breach-1-2m
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a2eb80bd-ed35-438b-859c-13a5ac56143c.png
    Threat Actors: Kazu
    Victim Country: USA
    Victim Industry: Hospital & Health Care
    Victim Organization: Unknown
    Victim Site: Unknown
40. Alleged data leak of e El Bajo Roleplay FiveM server
    Category: Data Breach
    Content: The threat actor claims to have leaked data from the El Bajo Roleplay FiveM server, allegedly exposing player-related information including Discord IDs, Steam IDs, FiveM license identifiers, IP addresses, and other internal identifiers.
    Date: 2026-01-26T17:38:15Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-FiveM-Server-El-Bajo-Roleplay-DISCORD-ID-STEAM-ID-LICENSE-IP-and-more
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7b8eefbf-a125-4e1e-b389-4adbdee4e209.png
    https://d34iuop8pidsy8.cloudfront.net/417194cc-21c5-46c1-b682-2d1ff2d6e179.png
    Threat Actors: ByteHunter
    Victim Country: Spain
    Victim Industry: Gaming
    Victim Organization: Unknown
    Victim Site: Unknown
41. Cyber Strike Force targets the website of East Coast Engineering (Pvt) Ltd
    Category: Defacement
    Content: The group claims to have defaced the website of East Coast Engineering (Pvt) Ltd
    Date: 2026-01-26T17:29:21Z
    Network: telegram
    Published URL: https://t.me/c/2702713880/46
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/4f11339c-8f28-4111-86a3-5eb02aee65ad.jpg
    Threat Actors: Cyber Strike Force
    Victim Country: Pakistan
    Victim Industry: Building and construction
    Victim Organization: east coast engineering (pvt) ltd
    Victim Site: ece.com.pk
42. Alleged unauthorized access to ASSISTEC automated environmental control system in Palestine
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to an ASSISTEC automated , allegedly obtaining visibility into and potential control over critical facility management functions. According to the claim, the system manages ventilation, airflow, temperature and humidity regulation, gas concentration monitoring (including NH₃ and CO₂), cooling mechanisms, and sensor-based environmental monitoring, with additional capabilities for fault alerts, maintenance notifications, and resource distribution in agricultural environments
    Date: 2026-01-26T17:29:15Z
    Network: telegram
    Published URL: https://t.me/n2LP_wVf79c2YzM0/3485
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3c6636cb-f42f-4236-ba82-f3b929cb2b9d.jpg
    Threat Actors: Infrastructure Destruction Squad
    Victim Country: Palestine
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
43. Cyber Strike Force targets the website of Energy Solutions (Pvt) Ltd
    Category: Defacement
    Content: The group claims to have defaced the website of Energy Solutions (Pvt) Ltd
    Date: 2026-01-26T17:28:11Z
    Network: telegram
    Published URL: https://t.me/c/2702713880/46
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/ed4f5dec-34a0-4f8a-ab41-24ae5d0260f6.jpg
    Threat Actors: Cyber Strike Force
    Victim Country: Pakistan
    Victim Industry: Energy & Utilities
    Victim Organization: energy solutions (pvt) ltd
    Victim Site: espl.com.pk
44. Cyber Strike Force targets the website of Islamabad Dermatologist
    Category: Defacement
    Content: The group claims to have defaced the website of Islamabad Dermatologist
    Date: 2026-01-26T17:27:08Z
    Network: telegram
    Published URL: https://t.me/c/2702713880/46
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/51bbd600-67b3-4448-974e-13cdfa1736ea.png
    https://d34iuop8pidsy8.cloudfront.net/3696c0c6-001a-4cff-ab0a-d0b954058e66.png
    Threat Actors: Cyber Strike Force
    Victim Country: Pakistan
    Victim Industry: Hospital & Health Care
    Victim Organization: islamabad dermatologist
    Victim Site: islamabaddermatologist.com
45. Cyber Strike Force targets the website of Doctorzone
    Category: Defacement
    Content: The group claims to have defaced the website of Doctorzone
    Date: 2026-01-26T17:23:41Z
    Network: telegram
    Published URL: https://t.me/c/2702713880/46
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/94c2cbb5-7599-4f76-b5db-863c480a46df.jpg
    Threat Actors: Cyber Strike Force
    Victim Country: Pakistan
    Victim Industry: Hospital & Health Care
    Victim Organization: doctorzone
    Victim Site: doctorzone.pk
46. Alleged unauthorized access to a control system of an unidentified water pump station in Palestine
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to a control system of an unidentified water pump station in Palestine which includes electric pump variable frequency drive (VFD) control panels and energy monitoring components. According to the claim, the system directly affects pump operation and the safety and reliability of the water supply network.
    Date: 2026-01-26T17:21:16Z
    Network: telegram
    Published URL: https://t.me/n2LP_wVf79c2YzM0/3491
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/4c99f380-7dd3-4562-a0a0-5e2aa68795ea.jpg
    Threat Actors: Infrastructure Destruction Squad
    Victim Country: Palestine
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
47. Cyber Strike Force targets the website of Rock Himalayan Salt Ltd
    Category: Defacement
    Content: The Group claims to have defaced the website of Rock Himalayan Salt Ltd in UK.
    Date: 2026-01-26T17:13:42Z
    Network: openweb
    Published URL: https://defacer.id/mirror/id/233689
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d2888797-21fd-4dc9-87eb-8b3d95342a1e.png
    Threat Actors: Cyber Strike Force
    Victim Country: UK
    Victim Industry: Food & Beverages
    Victim Organization: rock himalayan salt ltd
    Victim Site: rockhimalayansalt.com
48. Alleged unauthorized access to the industrial smoking equipment control system in USA
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to an industrial smoking equipment control system, allegedly allowing modification of critical technological parameters of the smoking process. According to the claim, such interference could compromise equipment and personnel safety, degrade product quality, and disrupt production operations, potentially resulting in downtime and financial losses.
    Date: 2026-01-26T17:05:46Z
    Network: telegram
    Published URL: https://t.me/zpentestalliance/1009
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8581ed24-4322-4da2-a4f8-105ce8bf51e6.jpg
    Threat Actors: Z-PENTEST ALLIANCE
    Victim Country: USA
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
49. Cyber Strike Force targets the website of Islamabad Dermatologist – Bonus Site
    Category: Defacement
    Content: The group claims to have defaced the website of Islamabad Dermatologist – Bonus Site
    Date: 2026-01-26T17:04:57Z
    Network: telegram
    Published URL: https://t.me/c/2702713880/46
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a4494d04-8b06-47f8-a097-56e0eca28052.png
    https://d34iuop8pidsy8.cloudfront.net/636637f1-6f51-4e57-bec9-8855627a30c2.png
    Threat Actors: Cyber Strike Force
    Victim Country: Pakistan
    Victim Industry: Hospital & Health Care
    Victim Organization: islamabad dermatologist – bonus site
    Victim Site: bonus.islamabaddermatologist.com
50. Alleged unauthorized access to the control system of BioZmzm
    Category: Initial Access
    Content: The group gained unauthorized access to the control system of BioZmzm Plastic Industries Company in Palestine. According to the claim, the compromised system is used to monitor and regulate factory compressor pressure, displaying real-time pressure levels for both active and inactive compressors and allowing operational adjustments
    Date: 2026-01-26T17:03:36Z
    Network: telegram
    Published URL: https://t.me/n2LP_wVf79c2YzM0/3489
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a7448c29-cd62-4ca0-b127-15a7a149d83f.jpg
    Threat Actors: Infrastructure Destruction Squad
    Victim Country: Palestine
    Victim Industry: Manufacturing & Industrial Products
    Victim Organization: biozmzm
    Victim Site: biozmzm.com
51. Cyber Strike Force targets the website of Paragon Education Network
    Category: Defacement
    Content: The group claims to have defaced the website of Paragon Education Network
    Date: 2026-01-26T16:56:08Z
    Network: telegram
    Published URL: https://t.me/c/2702713880/46
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/364f0c98-3b4d-4734-9eb1-721a7108fa1d.jpg
    Threat Actors: Cyber Strike Force
    Victim Country: Pakistan
    Victim Industry: Education
    Victim Organization: paragon education network
    Victim Site: cms.paragoneducation.pk
52. INDIAN CYBER MAFIA targets the website of Golden Edge Online
    Category: Defacement
    Content: The Group claims to have defaced the website of Golden Edge Online in Pakistan.
    Date: 2026-01-26T16:54:16Z
    Network: telegram
    Published URL: https://t.me/c/2318545663/74
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/7d84a725-1039-4b23-b73e-bcd0be2f6e62.png
    https://d34iuop8pidsy8.cloudfront.net/040c29f3-7a74-4713-b20e-d8453e662d3b.png
    Threat Actors: INDIAN CYBER MAFIA
    Victim Country: Pakistan
    Victim Industry: E-commerce & Online Stores
    Victim Organization: golden edge online
    Victim Site: geonline.pk
53. Alleged data breach of zHealth EHR
    Category: Data Breach
    Content: A threat actor claims to have leaked 15 GB of organizations data from zHealth EHR. the compromised dataset reportedly containing over 1.2 million records, including patient medical information, clinical notes, appointment and intake details, and billing and payment data. They intend to publish it within 22-23 days.
    Date: 2026-01-26T16:40:39Z
    Network: tor
    Published URL: http://6czlbd2jfiy6765fbnbnzuwuqocg57ebvp3tbm35kib425k4qnmiiiqd.onion/ransom.html
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a76cd426-6e7d-4f4b-ab93-0ad33074a9ce.png
    https://d34iuop8pidsy8.cloudfront.net/6ca01353-6296-4bc9-9efd-749086422449.png
    Threat Actors: Kazu
    Victim Country: USA
    Victim Industry: Software Development
    Victim Organization: zhealth ehr
    Victim Site: zhealthehr.com
54. Cyber Strike Force targets the website of Peshawar Public School and College
    Category: Defacement
    Content: The group claims to have defaced the website of Peshawar Public School and College
    Date: 2026-01-26T16:37:44Z
    Network: telegram
    Published URL: https://t.me/c/2702713880/46
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/62d03868-1f11-4c0f-bab8-8c5a1fad04dc.jpg
    Threat Actors: Cyber Strike Force
    Victim Country: Pakistan
    Victim Industry: Education
    Victim Organization: peshawar public school and college
    Victim Site: pps.edu.pk
55. Cyber Strike Force targets the website of Rahmat Schools and Colleges
    Category: Defacement
    Content: The group claims to have defaced the website of Rahmat Schools and Colleges
    Date: 2026-01-26T16:32:31Z
    Network: telegram
    Published URL: https://t.me/c/2702713880/46
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f38ac782-7b77-4fab-ba28-c79888da8eb9.jpg
    Threat Actors: Cyber Strike Force
    Victim Country: Pakistan
    Victim Industry: Education
    Victim Organization: rahmat schools and colleges
    Victim Site: rmt.edu.pk
56. INDIAN CYBER MAFIA targets the website of WebERP
    Category: Defacement
    Content: The group claims to have defaced the website of WebERP
    Date: 2026-01-26T16:25:48Z
    Network: telegram
    Published URL: https://t.me/c/2318545663/74
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e6465331-bec4-491c-ae19-1c31d51bab01.jpg
    Threat Actors: INDIAN CYBER MAFIA
    Victim Country: Pakistan
    Victim Industry: Information Technology (IT) Services
    Victim Organization: weberp
    Victim Site: weberp.com.pk
57. INDIAN CYBER MAFIA targets the website of Advance Systems
    Category: Defacement
    Content: The group claims to have defaced the website of Advance Systems
    Date: 2026-01-26T16:25:29Z
    Network: telegram
    Published URL: https://t.me/c/2318545663/74
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/4f9e5f09-b6fc-4446-804a-01eace5a574f.png
    Threat Actors: INDIAN CYBER MAFIA
    Victim Country: Pakistan
    Victim Industry: Information Technology (IT) Services
    Victim Organization: advance systems
    Victim Site: advancesystems.com.pk
58. INDIAN CYBER MAFIA targets the website of Al Habib Pharmaceuticals
    Category: Defacement
    Content: The group claims to have defaced the website of Al Habib Pharmaceuticals
    Date: 2026-01-26T16:25:26Z
    Network: telegram
    Published URL: https://t.me/c/2318545663/74
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/5d66fd55-f426-4bcb-90ec-411e5395f1b1.jpg
    Threat Actors: INDIAN CYBER MAFIA
    Victim Country: Pakistan
    Victim Industry: Healthcare & Pharmaceuticals
    Victim Organization: al habib pharmaceuticals
    Victim Site: ahp.com.pk
59. INDIAN CYBER MAFIA targets the website of ClothingRIC
    Category: Defacement
    Content: The Group claims to have defaced the website of ClothingRIC in USA.
    Date: 2026-01-26T16:25:22Z
    Network: telegram
    Published URL: https://t.me/c/2318545663/74
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6d70df11-665b-4c71-80f3-735f88877322.png
    https://d34iuop8pidsy8.cloudfront.net/f130184f-a671-44fa-a7fb-158af7410638.png
    Threat Actors: INDIAN CYBER MAFIA
    Victim Country: USA
    Victim Industry: E-commerce & Online Stores
    Victim Organization: clothingric
    Victim Site: clothingric.com
60. INDIAN CYBER MAFIA targets the website of Majlis-e-Ahrar-e-Islam
    Category: Defacement
    Content: The group claims to have defaced the website of Majlis-e-Ahrar-e-Islam
    Date: 2026-01-26T16:16:39Z
    Network: telegram
    Published URL: https://t.me/c/2318545663/74
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/1ad126a5-3e51-4252-a1b2-fdc022784a19.jpg
    Threat Actors: INDIAN CYBER MAFIA
    Victim Country: Pakistan
    Victim Industry: Religious Institutions
    Victim Organization: majlis-e-ahrar-e-islam
    Victim Site: majlis.pk
61. INDIAN CYBER MAFIA targets the website of SAZ Enterprises
    Category: Defacement
    Content: The group claims to have defaced the website of SAZ Enterprises
    Date: 2026-01-26T16:15:59Z
    Network: telegram
    Published URL: https://t.me/c/2318545663/74
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/4af5aea2-e33b-4cbb-86a5-85ebc7b94fe2.jpg
    Threat Actors: INDIAN CYBER MAFIA
    Victim Country: Pakistan
    Victim Industry: Wholesale
    Victim Organization: saz enterprises
    Victim Site: sazent.com.pk
62. INDIAN CYBER MAFIA targets the website of OwnzYou
    Category: Defacement
    Content: The Group claims to have defaced the website of OwnzYou.
    Date: 2026-01-26T16:12:31Z
    Network: telegram
    Published URL: https://t.me/c/2318545663/74
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/69189dee-080d-4b42-8aa0-d81bc9bec8c5.png
    https://d34iuop8pidsy8.cloudfront.net/939f8028-1022-4781-908a-b3ff3c3abe3e.png
    Threat Actors: INDIAN CYBER MAFIA
    Victim Country: Unknown
    Victim Industry: Computer & Network Security
    Victim Organization: ownzyou
    Victim Site: ownzyou.com
63. INDIAN CYBER MAFIA targets the website of SportsInc
    Category: Defacement
    Content: The group claims to have defaced the website of SportsInc.
    Date: 2026-01-26T16:02:24Z
    Network: telegram
    Published URL: https://t.me/c/2318545663/74
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/dd5d47c9-f58f-4a02-a786-1005c5be5099.png
    Threat Actors: INDIAN CYBER MAFIA
    Victim Country: Pakistan
    Victim Industry: Retail Industry
    Victim Organization: sportsinc
    Victim Site: sportsinc.com.pk
64. EXADOS targets the website of Internal Audit Unit of Phetchaburi Rajabhat University (PBRU)
    Category: Defacement
    Content: The group claims to have defaced the website of Internal Audit Unit of Phetchaburi Rajabhat University (PBRU)
    Date: 2026-01-26T15:59:49Z
    Network: telegram
    Published URL: https://t.me/EXA_DOS_KH/59
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6b4140c2-ea33-4ad0-a79e-db79aba3821c.jpg
    Threat Actors: EXADOS
    Victim Country: Thailand
    Victim Industry: Education
    Victim Organization: phetchaburi rajabhat university (pbru)
    Victim Site: audit.pbru.ac.th
65. Alleged data leak of U.S. business & executive database
    Category: Data Breach
    Content: The threat actor claims to be selling a large-scale U.S. business and executive database containing approximately 1 million records related to companies and CEOs across multiple industries. Allegedly exposed data includes ,Company name,Website address,Business email addresses,Company street address,City, state, and ZIP code,Phone numbers,Fax numbers,Actual employee size,Actual sales volume,Primary SIC code,Primary SIC description.
    Date: 2026-01-26T15:57:30Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-USA-1M-CEO-BUISNESS-Database
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/daa2f8a3-c4a4-4a26-b49d-141c83f20925.png
    Threat Actors: TheSnake
    Victim Country: USA
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
66. INDIAN CYBER MAFIA targets the website of Meri Dharti Schools and Colleges
    Category: Defacement
    Content: The group claims to have defaced the website of Meri Dharti Schools and Colleges
    Date: 2026-01-26T15:50:28Z
    Network: telegram
    Published URL: https://t.me/c/2318545663/74
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/a369e264-cc55-4212-a0d3-fbb529debc22.jpg
    Threat Actors: INDIAN CYBER MAFIA
    Victim Country: Pakistan
    Victim Industry: Education
    Victim Organization: meri dharti schools and colleges
    Victim Site: meridharti.pk
67. Alleged data breach of Koranit Construction
    Category: Data Breach
    Content: The group claims to have breached the data of Koranit Construction Co., Ltd
    Date: 2026-01-26T15:49:53Z
    Network: telegram
    Published URL: https://t.me/EXA_DOS_KH/65
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/0f5d132d-cdb2-4fd3-96ae-b8a10eb6118c.jpg
    https://d34iuop8pidsy8.cloudfront.net/2cec8a9a-6e66-458a-8196-7005af4c9600.jpg
    Threat Actors: EXADOS
    Victim Country: Thailand
    Victim Industry: Building and construction
    Victim Organization: koranit construction co., ltd
    Victim Site: koranit.co.th
68. INDIAN CYBER MAFIA targets the website of International School and College of Cordoba (ISCC)
    Category: Defacement
    Content: The group claims to have defaced the website of International School and College of Cordoba (ISCC)
    Date: 2026-01-26T15:48:42Z
    Network: telegram
    Published URL: https://t.me/c/2318545663/74
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6a60a85e-aece-47c0-a548-3146cfdbff42.jpg
    Threat Actors: INDIAN CYBER MAFIA
    Victim Country: Pakistan
    Victim Industry: Education
    Victim Organization: international school and college of cordoba (iscc)
    Victim Site: ordobabatkhela.edu.pk
69. Sitoy Group falls victim to Abyss Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 1.7 TB of the organizations uncompressed data.
    Date: 2026-01-26T15:47:47Z
    Network: tor
    Published URL: http://3ev4metjirohtdpshsqlkrqcmxq6zu3d7obrdhglpy5jpbr7whmlfgqd.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8fc0075e-b356-4f89-bdce-bd27041c8677.png
    Threat Actors: Abyss
    Victim Country: China
    Victim Industry: Retail Industry
    Victim Organization: sitoy group
    Victim Site: sitoy.com
70. INDIAN CYBER MAFIA targets the website of Golden Edge Multimedia Company
    Category: Defacement
    Content: The group claims to have defaced the website of Golden Edge Multimedia Company
    Date: 2026-01-26T15:46:11Z
    Network: telegram
    Published URL: https://t.me/c/2318545663/74
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e873b3bd-a5a2-4509-8915-c2c31b6279d3.jpg
    Threat Actors: INDIAN CYBER MAFIA
    Victim Country: Pakistan
    Victim Industry: Entertainment & Movie Production
    Victim Organization: golden edge multimedia company
    Victim Site: geonline.pk
71. Alleged Sale of Unauthorized Database Access Via SQL Injection to an Unidentified Shop in India
    Category: Initial Access
    Content: Threat Actor claims to be selling unauthorized database access via SQL injection to an unidentified shop in India. The knowledge of the admin panel address is provided, along with administrator login credentials, with the password reportedly stored using bcrypt encryption.
    Date: 2026-01-26T15:44:42Z
    Network: openweb
    Published URL: https://forum.exploit.biz/topic/274578/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/4d1e3286-3ad1-42d4-8b87-070343796b87.png
    Threat Actors: savel987
    Victim Country: India
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
72. INDIAN CYBER MAFIA targets the website of Syngenta Vegetables
    Category: Defacement
    Content: The group claims to have defaced the website of Syngenta Vegetables
    Date: 2026-01-26T15:42:39Z
    Network: telegram
    Published URL: https://t.me/c/2318545663/74
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/8d4c64f3-0e90-45bd-b24e-8b82915fc6ac.png
    Threat Actors: INDIAN CYBER MAFIA
    Victim Country: Pakistan
    Victim Industry: Agriculture & Farming
    Victim Organization: syngenta vegetables
    Victim Site: syngentavegetables.pk
73. Alleged data breach of Lyleoo
    Category: Data Breach
    Content: The threat actor claims to have leaked Lyleoo, a France-based digital health platform, and leaked a database containing approximately 900,000 user records in CSV format, exposing personal and contact information including unique user IDs, full names, ages, dates of birth, phone numbers, email addresses, physical addresses, postal codes, cities, countries, and internal user assignment references.
    Date: 2026-01-26T15:34:09Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-FR-Lyleoo
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/02360501-be00-4132-9058-bb5294e590da.png
    https://d34iuop8pidsy8.cloudfront.net/171d822b-e6f0-4846-8139-415fb7290dc9.png
    Threat Actors: DumpSec
    Victim Country: France
    Victim Industry: Hospital & Health Care
    Victim Organization: lyleoo
    Victim Site: lyleoo.com
74. Alleged sale of web shell access to Rajarambapu Sahakari Bank Ltd
    Category: Initial Access
    Content: The group claims to be selling unauthorized web shell access to the official website of Rajarambapu Sahakari Bank Ltd
    Date: 2026-01-26T15:31:13Z
    Network: telegram
    Published URL: https://t.me/Pharaohs_n/674
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b2ff5b67-9e0d-409c-a253-658ff0b20e6c.jpg
    Threat Actors: Pharaohs Team Channel
    Victim Country: India
    Victim Industry: Banking & Mortgage
    Victim Organization: rajarambapu sahakari bank ltd
    Victim Site: rajarambapu.bank.in
75. Alleged access to Ministry of Religious Affairs of the Republic of Indonesia
    Category: Initial Access
    Content: The group claims to have gained unauthorized access to the website of Ministry of Religious Affairs of the Republic of Indonesia
    Date: 2026-01-26T15:01:54Z
    Network: telegram
    Published URL: https://t.me/z_bl4cx_h4t_id/41
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/0101edae-4e81-40ed-9608-4a2d58ab4310.jpg
    Threat Actors: Z-BL4CX-H4T.ID
    Victim Country: Indonesia
    Victim Industry: Government Administration
    Victim Organization: ministry of religious affairs of the republic of indonesia
    Victim Site: panel.kemenag.go.id
76. National Mining Corporation falls victim to TENGU Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 15 GB of organizations data. They intend to publish in 8-9 days.
    Date: 2026-01-26T14:52:39Z
    Network: tor
    Published URL: http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/f48b1e6bde5227d8950b8c30a544e9ba2a6694f6b9f19d8bec21f699ea1abbe8/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/fda082e2-59ee-4ce1-8a40-d0bc427c5736.png
    https://d34iuop8pidsy8.cloudfront.net/0a2b3021-8502-42c6-a0dd-b686fd6f819c.png
    Threat Actors: TENGU
    Victim Country: Kenya
    Victim Industry: Mining/Metals
    Victim Organization: national mining corporation
    Victim Site: namico.go.ke
77. Trojan 1337 targets the website of Jarua Adarsha High School
    Category: Defacement
    Content: The group claims to have defaced the website of Jarua Adarsha High SchoolMirror : https://ownzyou.com/zone/281490
    Date: 2026-01-26T14:41:51Z
    Network: telegram
    Published URL: https://t.me/c/2805167925/115
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/604ae46c-2c2d-43b2-9c93-f68b4e477ef6.jpg
    Threat Actors: Trojan 1337
    Victim Country: Bangladesh
    Victim Industry: Education
    Victim Organization: jarua adarsha high school
    Victim Site: jaruaadarshahighschool.com
78. Alleged data breach of LimeHD
    Category: Data Breach
    Content: The threat actor claims to have leaked user data from limehd. The compromised dataset reportedly includes information of over 600,000 users, primarily email addresses and hashed passwords.
    Date: 2026-01-26T14:33:48Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-russia-limehd-tv-600K-users
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f579f8bf-c6a7-4525-aef9-6beca0bb9480.png
    https://d34iuop8pidsy8.cloudfront.net/c97b03ce-6704-4202-afb3-be5bc8c30aec.png
    https://d34iuop8pidsy8.cloudfront.net/022d21f1-337e-48b6-b39c-9584fe9f2c17.png
    Threat Actors: lulzintel
    Victim Country: Russia
    Victim Industry: Media Production
    Victim Organization: limehd
    Victim Site: limehd.tv
79. 7 Proxies targets the website of Govt. Safar Ali College
    Category: Defacement
    Content: The group claims to have defaced the website of Govt. Safar Ali College.Mirror: https://ownzyou.com/zone/281493
    Date: 2026-01-26T14:30:20Z
    Network: telegram
    Published URL: https://t.me/c/2366703983/1007
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c41a4171-9d8d-4ee1-82ee-123136bde018.png
    Threat Actors: 7 Proxies
    Victim Country: Bangladesh
    Victim Industry: Higher Education/Acadamia
    Victim Organization: govt. safar ali college
    Victim Site: gsacollege.edu.bd
80. Jakarta Nanyang School falls victim to TENGU Ransomware
    Category: Defacement
    Content: The group claims to have obtained the organizations data.
    Date: 2026-01-26T14:28:04Z
    Network: tor
    Published URL: http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/868d99bb-5370-420d-bd16-cc08fab03653.png
    https://d34iuop8pidsy8.cloudfront.net/019d6152-72b3-41c2-9c27-2046a5c7c63d.png
    Threat Actors: TENGU
    Victim Country: Indonesia
    Victim Industry: Education
    Victim Organization: jakarta nanyang school
    Victim Site: jny.sch.id
81. Trojan 1337 targets the website of Hatkhala SEDSP Model High School
    Category: Defacement
    Content: The group claims to have defaced the website of Hatkhala SESDP Model High School.Mirror : https://ownzyou.com/zone/281492
    Date: 2026-01-26T14:26:44Z
    Network: telegram
    Published URL: https://t.me/c/2805167925/116
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/f6fe4943-e283-4b19-9dfa-ad756536954f.png
    https://d34iuop8pidsy8.cloudfront.net/e03e3a45-b0e3-4033-be1e-8e6df7c3865b.png
    Threat Actors: Trojan 1337
    Victim Country: Bangladesh
    Victim Industry: Education
    Victim Organization: hatkhala sedsp model high school
    Victim Site: hatkhalamodelschool.com
82. Disuelas JC SAS falls victim to TENGU Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 103 GB of organizations data. They intend to publish in 5 – 6 days.
    Date: 2026-01-26T14:16:22Z
    Network: tor
    Published URL: http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/6673701bbd9960d7ab6f9211086523dccd3ffa9c1249f6c78a7f8a8e9471acf9/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/fefcea7e-a20a-4226-a214-5cd1af41dd7f.png
    Threat Actors: TENGU
    Victim Country: Colombia
    Victim Industry: Retail Industry
    Victim Organization: disuelas jc sas
    Victim Site: Unknown
83. Alleged data breach of SMAN 8 BANDUNG
    Category: Data Breach
    Content: The threat actor claims to have leaked the source code and database of SMAN 8 Bandung.
    Date: 2026-01-26T14:15:35Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Source-Code-DB-SMAN8BDG-SCH-ID
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/128f9ea9-9a1e-4820-9fed-fe80a1b6d74b.png
    Threat Actors: CY8ER_N4TI0N
    Victim Country: Indonesia
    Victim Industry: Education
    Victim Organization: sman 8 bandung
    Victim Site: sman8bdg.sch.id
84. Alleged data sale of Gybsaco
    Category: Data Breach
    Content: The threat actor claims to be selling data from Gybsaco (G&B Petroleum Marketer). The compromised data reportedly contains 299,289 records, including pricing data, order information, regulatory data, and full-stack source code related to a mobile application, pricing management system, and order management system.
    Date: 2026-01-26T14:02:46Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-Mexico-Gybsaco-G-B-Petroleum-Marketer-databases-and-full-stack-source-codes
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/623420de-4105-4581-b253-ba054fd50214.png
    https://d34iuop8pidsy8.cloudfront.net/bfb634b1-ef86-47d3-9312-7be31a45758d.png
    Threat Actors: Straightnumberone
    Victim Country: Mexico
    Victim Industry: Energy & Utilities
    Victim Organization: gybsaco
    Victim Site: gybsaco.com
85. Trojan 1337 targets the website of Shalia High School
    Category: Defacement
    Content: The group claims to have defaced the website of Shalia High School
    Date: 2026-01-26T13:59:42Z
    Network: telegram
    Published URL: https://t.me/c/2805167925/114
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/03dd5982-aecf-4e39-b8bb-4cec11ed8bee.jpg
    Threat Actors: Trojan 1337
    Victim Country: Bangladesh
    Victim Industry: Education
    Victim Organization: shalia high school
    Victim Site: shaliahighschool.com
86. Prem Motors falls victim to TENGU Ransomware
    Category: Ransomware
    Content: The group claims to have obtained 80 GB of organizations data. They intend to publish in 5 – 6 days.
    Date: 2026-01-26T13:58:54Z
    Network: tor
    Published URL: http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/752e94e3424c7e1a707ab23360ef3ff73d7cf58cb66b2b8ef5b9c1dc5ccf7ddd/
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/76743d87-45d0-45a4-aadb-cdb599e80497.png
    Threat Actors: TENGU
    Victim Country: India
    Victim Industry: Automotive
    Victim Organization: prem motors
    Victim Site: premmotors.com
87. Trojan 1337 targets the website of Mokamia High School
    Category: Defacement
    Content: The group claims to have defaced the website of Mokamia High School.Mirror: https://ownzyou.com/zone/281488
    Date: 2026-01-26T13:53:22Z
    Network: telegram
    Published URL: https://t.me/c/2805167925/113
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/e5178451-a65a-43a8-a1f5-1579e0cc7ceb.png
    Threat Actors: Trojan 1337
    Victim Country: Bangladesh
    Victim Industry: Education
    Victim Organization: mokamia high school
    Victim Site: mokamiahighschool.edu.bd
88. Alleged data sale of Unimed
    Category: Data Breach
    Content: The threat actor claims to have breached 70 TB of data from Unimed, allegedly containing patient records, medical imaging, government and identity documents, as well as financial and insurance data.
    Date: 2026-01-26T13:36:58Z
    Network: openweb
    Published URL: https://darkforums.io/Thread-DATABASE-BR-UNIMED-Healthcare-Brasil
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/60dd2961-b48c-489e-87bb-2db1cdf40435.png
    https://d34iuop8pidsy8.cloudfront.net/e41497a9-d946-40d9-84e2-e90e48602055.png
    https://d34iuop8pidsy8.cloudfront.net/b7fc9ac4-fddc-485e-8939-45f8efff2844.png
    Threat Actors: ByteToBreach
    Victim Country: Brazil
    Victim Industry: Government Administration
    Victim Organization: unimed
    Victim Site: unimed.coop.br
89. .cardinal claims to target Infrastructure of Lithuania
    Category: Alert
    Content: The group claims target Infrastructure of Lithuania
    Date: 2026-01-26T13:17:35Z
    Network: telegram
    Published URL: https://t.me/c/2182428249/5895
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/6426cd30-451f-43e9-9f06-b96e81fb1848.png
    Threat Actors: .cardinal
    Victim Country: Lithuania
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
90. InDoM1nuS Team targets the websites of Jorinyoga
    Category: Defacement
    Content: The group claims to have defaced the websites of Jorinyoga
    Date: 2026-01-26T12:46:36Z
    Network: telegram
    Published URL: https://t.me/InDoM1nusTe4m/78
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/de69e03d-0d0d-4edd-a93a-a0e003a5ff75.png
    Threat Actors: InDoM1nuS Team
    Victim Country: Netherlands
    Victim Industry: Health & Fitness
    Victim Organization: jorinyoga
    Victim Site: jorinyoga.nl
91. Alleged data sale of Cool Credit
    Category: Data Breach
    Content: The threat actor claims to be selling data from Cool Credit . The compromised data reportedly contains approximately 360,000 client records, including personal and financial-related information.
    Date: 2026-01-26T12:33:01Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-SELLING-coolcredit-cz-363-000-clients
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/c9afac61-f6c7-4cc7-a48b-9c447fc8c892.png
    Threat Actors: Sorb
    Victim Country: Czech Republic
    Victim Industry: Financial Services
    Victim Organization: cool credit
    Victim Site: coolcredit.cz
92. NoName targets the website of Triolan
    Category: Defacement
    Content: Proof of downtime: https://check-host.net/check-report/37c39aebk643
    Date: 2026-01-26T12:15:39Z
    Network: telegram
    Published URL: https://t.me/c/2787466017/1857
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/d6d60623-5add-41d5-9d33-d7198c62a922.png
    Threat Actors: NoName057(16)
    Victim Country: Ukraine
    Victim Industry: Network & Telecommunications
    Victim Organization: triolan
    Victim Site: triolan.com
93. NoName targets the website of SITV
    Category: Defacement
    Content: Proof of downtime: https://check-host.net/check-report/37c39d29kc99
    Date: 2026-01-26T12:05:45Z
    Network: telegram
    Published URL: https://t.me/c/2787466017/1857
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b908de09-cfea-4c7d-8456-a04db830ce4b.png
    Threat Actors: NoName057(16)
    Victim Country: Ukraine
    Victim Industry: Network & Telecommunications
    Victim Organization: sitv
    Victim Site: sitv.com.ua
94. 7Proxies targets the website of Bahadurpur Anjuman High
    Category: Defacement
    Content: The group claims to have defaced the website of Bahadurpur Anjuman High
    Date: 2026-01-26T11:53:08Z
    Network: telegram
    Published URL: https://t.me/c/2366703983/980
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/b323553c-5969-4faf-adb3-27bf4ab3c81f.png
    Threat Actors: 7Proxies
    Victim Country: Bangladesh
    Victim Industry: Education
    Victim Organization: bahadurpur anjuman high
    Victim Site: bahadurpuranjumanhighschool.edu.bd
95. Alleged data leak of Tangerang City Government
    Category: Data Breach
    Content: The threat actor claims to have leaked data from Tangerang City Government. The compromised data reportedly contains 6,657 records, including national identification numbers (NIK), full names, places and dates of birth, and work unit information.
    Date: 2026-01-26T11:41:54Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DOCUMENTS-6657-non-ASN-employee-data-in-Tangerang-City-leaked-free-download
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/66cd9855-6c29-43ba-9546-b9d1f91a2e7b.png
    Threat Actors: AYYUBI
    Victim Country: Indonesia
    Victim Industry: Government Administration
    Victim Organization: tangerang city government
    Victim Site: tangerangkota.go.id
96. Alleged leak of unauthorized login access to the Iran/Hizbulla CyberSpace Portal
    Category: Initial Access
    Content: The threat actor claims to have leaked unauthorized login access to the Iran/Hizbulla CyberSpace Portal.
    Date: 2026-01-26T11:17:44Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-Iran-Hizbulla-CyberSpace-Portal
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/160b8263-f225-41c1-ade7-f5aa412f3aa2.png
    Threat Actors: 0BITS
    Victim Country: Iran
    Victim Industry: Unknown
    Victim Organization: Unknown
    Victim Site: Unknown
97. Alleged data breach of chin-car
    Category: Data Breach
    Content: The threat actor claims to have leaked data from Chin-car. The compromised data reportedly contains over 2,500 records, including customer-related information such as names, phone numbers, cities/locations, vehicle-related details, and timestamps, shared in CSV format.
    Date: 2026-01-26T11:04:58Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-DATABASE-Car-from-China-chin-car-ru
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/37a69ee2-82cb-4ea6-87b6-a504d42fd31b.png
    Threat Actors: X0Frankenstein
    Victim Country: Russia
    Victim Industry: Automotive
    Victim Organization: chin-car
    Victim Site: chin-car.ru
98. 7 Proxies targets the website of Valum Ataur Rahman Khan College
    Category: Defacement
    Content: The group claims to have defaced the website of Valum Ataur Rahman Khan College.
    Date: 2026-01-26T10:54:43Z
    Network: telegram
    Published URL: https://t.me/c/2366703983/991
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/3ec2fe58-f3a1-459c-b38c-5a5cc626a47d.png
    Threat Actors: 7 Proxies
    Victim Country: Bangladesh
    Victim Industry: Education
    Victim Organization: valum ataur rahman khan college
    Victim Site: bhalumarkhancollege.edu.bd
99. Alleged data breach of TC Pro
    Category: Data Breach
    Content: The threat actor claims to have breached a 109 million record Turkish citizenship database. The compromised data reportedly includes TC identification numbers, name, surname, date of birth, place of origin (province and district), and additional information.
    Date: 2026-01-26T10:46:10Z
    Network: openweb
    Published URL: https://breachforums.bf/Thread-109m-tcpro-turkish-citizenship
    Screenshots:
    https://d34iuop8pidsy8.cloudfront.net/480213a2-a41a-4e89-97b8-46770e43546a.png
    Threat Actors: hizim180
    Victim Country: Australia
    Victim Industry: Health & Fitness
    Victim Organization: tc pro
    Victim Site: tcprohome.com
100. 7 Proxies targets the website of CHAMPAKNAGAR OBAIDUL MUKTADIR CHOWDHURY COLLEGE
     Category: Defacement
     Content: The group claims to have defaced the website of CHAMPAKNAGAR OBAIDUL MUKTADIR CHOWDHURY COLLEGE.
     Date: 2026-01-26T10:45:46Z
     Network: telegram
     Published URL: https://t.me/c/2366703983/971
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/702edd20-51aa-4bb7-b558-2d0f7d41ccac.png
     https://d34iuop8pidsy8.cloudfront.net/d0942673-5814-4acf-a36d-f7c1832567f5.png
     Threat Actors: 7 Proxies
     Victim Country: Bangladesh
     Victim Industry: Education
     Victim Organization: champaknagar obaidul muktadir chowdhury college
     Victim Site: comcc.edu.bd
101. Alleged sale of government and military data from multiple countries
     Category: Initial Access
     Content: The threat actor claims to be selling government and military data from multiple countries.
     Date: 2026-01-26T10:44:51Z
     Network: openweb
     Published URL: https://darkforums.io/Thread-Selling-selling-multiple-countries-govt-and-military-data
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/cacd8a8f-ee34-4db9-afec-e5b2aaab4846.png
     Threat Actors: Jeewan
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
102. Alleged data breach of Lena Health
     Category: Data Breach
     Content: The threat actor claims to have breached Lena Health and leaked sensitive healthcare data, allegedly including personally identifiable and protected health information of 2,134 patients and nearly 20,000 recorded patient calls associated with a U.S.-based healthcare provider.
     Date: 2026-01-26T10:43:06Z
     Network: openweb
     Published URL: https://darkforums.io/Thread-FRESH-BREACH-LENA-HEALTH-BREACH-PREVIEW-FULL-LEAK-COMING-SOON
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/d5cff82d-96fe-4c33-ab72-f5059a81bcff.png
     https://d34iuop8pidsy8.cloudfront.net/3bdc5cad-8d44-4db4-971e-b85f7a8d9e30.png
     https://d34iuop8pidsy8.cloudfront.net/f68bea4a-4e29-4224-ba33-856828c50f84.png
     Threat Actors: FulcrumSec
     Victim Country: USA
     Victim Industry: Health & Fitness
     Victim Organization: lena health
     Victim Site: lena.io
103. Alleged unauthorized initial access to an unidentified Azure cloud environment
     Category: Initial Access
     Content: The actor claims to have obtained unauthorized initial access to an unidentified Azure cloud environment by disclosing valid service principal credentials.
     Date: 2026-01-26T10:41:40Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-Azure-cloud-access
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/ff0c850e-b7ca-45b1-b425-0fbeb7576863.png
     Threat Actors: saks
     Victim Country: USA
     Victim Industry: Software Development
     Victim Organization: microsoft azure
     Victim Site: portal.azure.com
104. Alleged data breach of Wins School and College Rangpur
     Category: Data Breach
     Content: The group claims to have breached data from Wins School and College Rangpur.
     Date: 2026-01-26T10:22:51Z
     Network: telegram
     Published URL: https://t.me/c/2366703983/986
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/a69d77e3-cbef-4cfc-8dfa-c65aa61cc437.png
     https://d34iuop8pidsy8.cloudfront.net/083ba31d-30a4-4645-8be1-e34caf3c7609.png
     Threat Actors: 7 Proxies
     Victim Country: Bangladesh
     Victim Industry: Education
     Victim Organization: wins school and college rangpur
     Victim Site: wins.edu.bd
105. Alleged sale of unauthorized admin access to multiple Iranian domains
     Category: Initial Access
     Content: The threat actor claims to be selling unauthorized admin access to multiple Iranian domains, allegedly obtained via backdoor access.
     Date: 2026-01-26T10:21:45Z
     Network: openweb
     Published URL: https://darkforums.io/Thread-Selling-access–66157
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/9e7f7374-4dc7-4b2f-885f-8cd90c0e34e5.png
     Threat Actors: Jeewan
     Victim Country: Iran
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
106. Alleged data leak of turkish citizenship addresses
     Category: Data Breach
     Content: The group claims to have leak the data of 80+ million turkish citizenship adress informations.
     Date: 2026-01-26T10:18:37Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-DATABASE-81-million-turkish-citizenship-addresses
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/a7b72ae7-9655-480a-ab13-d9da4c7d5c56.png
     Threat Actors: hizim180
     Victim Country: Turkey
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
107. Team Azrael Angel Of Death targets the website of Soro Municipality
     Category: Defacement
     Content: The group claims to have defaced the website of Soro Municipality.
     Date: 2026-01-26T09:58:13Z
     Network: telegram
     Published URL: https://t.me/anonymous_Cr02x/1275
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/a42057a8-259e-46f8-8aeb-ddc6e76eea64.png
     Threat Actors: Team Azrael Angel Of Death
     Victim Country: India
     Victim Industry: Government Administration
     Victim Organization: soro municipality
     Victim Site: soromunicipality.in
108. 7 Proxies targets the website of ZS STUDY ADVISORS
     Category: Defacement
     Content: The group claims to have defaced the website of ZS STUDY ADVISORSmirror:-https://ownzyou.com/zone/281447
     Date: 2026-01-26T09:53:21Z
     Network: telegram
     Published URL: https://t.me/c/2366703983/975
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/a6351a99-b431-4bc1-bd7a-3f500d020516.jpg
     Threat Actors: 7 Proxies
     Victim Country: Pakistan
     Victim Industry: Education
     Victim Organization: zs study advisors
     Victim Site: zsstudyadvisors.com
109. 7Proxies targets the website of Hatbangram High School
     Category: Defacement
     Content: The group claims to have defaced the website of Hatbangram High School
     Date: 2026-01-26T09:43:41Z
     Network: telegram
     Published URL: https://t.me/c/2366703983/980
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/0e8bbc4c-ac10-4657-b8d2-fd622e81890b.png
     Threat Actors: 7Proxies
     Victim Country: Bangladesh
     Victim Industry: Education
     Victim Organization: hatbangram high school
     Victim Site: hahsb.edu.bd
110. KREISEL GmbH & Co. KG falls victim to Nova Ransomware
     Category: Ransomware
     Content: The Group claims to have obtained 19 GB of organizations data, which they intend to publish within 9-10 days.
     Date: 2026-01-26T09:32:37Z
     Network: tor
     Published URL: http://novadmrkp4vbk2padk5t6pbxolndceuc7hrcq4mjaoyed6nxsqiuzyyd.onion/#
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/cc998b76-f2d2-4b70-8d5b-048eb7b1ad08.png
     Threat Actors: Nova
     Victim Country: Germany
     Victim Industry: Manufacturing & Industrial Products
     Victim Organization: kreisel gmbh & co. kg
     Victim Site: kreisel.eu
111. 7 Proxies targets the website of Ultra ITC, LLC
     Category: Defacement
     Content: The group claims to have defaced the website of Ultra ITC, LLC.Mirror: https://ownzyou.com/zone/281446
     Date: 2026-01-26T09:29:23Z
     Network: telegram
     Published URL: https://t.me/c/2366703983/975
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/b1211651-1267-463a-864e-cb705e59a859.png
     Threat Actors: 7 Proxies
     Victim Country: USA
     Victim Industry: Information Technology (IT) Services
     Victim Organization: ultra itc, llc
     Victim Site: ultraitc.com
112. 7 Proxies targets the website of Kemtali Technical High School
     Category: Defacement
     Content: The group claims to have defaced the website of Kemtali Technical High School.Mirror: https://ownzyou.com/zone/281433
     Date: 2026-01-26T09:28:36Z
     Network: telegram
     Published URL: https://t.me/c/2366703983/973
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/e125486b-467c-4c96-aa0e-da99eca7c6f8.png
     Threat Actors: 7 Proxies
     Victim Country: Bangladesh
     Victim Industry: Education
     Victim Organization: kemtali technical high school
     Victim Site: kemtaliths.edu.bd
113. InDoM1nuS Team targets the websites of Alpha Business Consultation
     Category: Defacement
     Content: The group claims to have defaced the websites of Alpha Business Consultation
     Date: 2026-01-26T09:26:21Z
     Network: telegram
     Published URL: https://t.me/InDoM1nusTe4m/73
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/d083d367-aaf0-4c5d-a9c4-d6a3fdfce960.png
     Threat Actors: InDoM1nuS Team
     Victim Country: UK
     Victim Industry: Legal Services
     Victim Organization: alpha business consultation
     Victim Site: alphabusinessconsultation.com
114. 7 Proxies targets the website of We Hire Top
     Category: Defacement
     Content: The group claims to have defaced the website of We Hire Top
     Date: 2026-01-26T09:17:04Z
     Network: telegram
     Published URL: https://t.me/c/2366703983/975
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/d26bc3fa-2191-4ab9-8b65-929718341bcb.jpg
     Threat Actors: 7 Proxies
     Victim Country: Pakistan
     Victim Industry: Business Supplies & Equipment
     Victim Organization: we hire top
     Victim Site: wehire.top
115. InDoM1nuS Team targets the websites of developercubix.com
     Category: Defacement
     Content: The group claims to have defaced the websites of developercubix.com
     Date: 2026-01-26T09:08:16Z
     Network: telegram
     Published URL: https://t.me/InDoM1nusTe4m/75
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/9b9dbf14-4970-4107-9a18-0b6683ea6aaf.png
     Threat Actors: InDoM1nuS Team
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: developercubix.com
116. Alleged leak of Lacaris data
     Category: Data Breach
     Content: The threat actor claims to have leaked data related to Lacari
     Date: 2026-01-26T08:52:40Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-Lacari-s-Notepad-PDFile-Youtuber-DOX
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/30757c0d-1d97-4e79-9425-618f5f4dba93.png
     Threat Actors: mazer
     Victim Country: USA
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
117. Alleged data breach of Water & Power Department Gilgit Baltistan
     Category: Data Breach
     Content: The threat actor claims to have accessed data from Water & Power Department Gilgit Baltistan. They claim to have gained control of the authority’s management panel, wiped consumer, grid, and smart-meter data, shut down over 20 hydel power stations, and rewrote operational logbooks.
     Date: 2026-01-26T08:29:56Z
     Network: telegram
     Published URL: https://t.me/HackShyen/27
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/777b9df7-eca6-4c35-9fb3-b0e9570ee825.jpg
     Threat Actors: HackShyen
     Victim Country: Pakistan
     Victim Industry: Energy & Utilities
     Victim Organization: water & power department gilgit baltistan
     Victim Site: wpdgb.gov.pk
118. 7 Proxies targets the website of Perpety High School
     Category: Defacement
     Content: The group claims to have defaced the website of Perpety High School.Mirror: https://ownzyou.com/zone/281426
     Date: 2026-01-26T07:54:43Z
     Network: telegram
     Published URL: https://t.me/c/2366703983/970
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/9017e849-6d4d-4729-aa06-d219f6ce9795.png
     Threat Actors: 7 Proxies
     Victim Country: Bangladesh
     Victim Industry: Education
     Victim Organization: perpety high school
     Victim Site: phsbc.edu.bd
119. 7 Proxies targets the website of Assim Bahumukhi High School
     Category: Defacement
     Content: The group claims to have defaced the website of Assim Bahumukhi High School.Mirror: https://ownzyou.com/zone/281424
     Date: 2026-01-26T07:19:19Z
     Network: telegram
     Published URL: https://t.me/c/2366703983/968
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/15f6e77b-a4c9-47dc-b1ab-53a9f4e02cda.png
     Threat Actors: 7 Proxies
     Victim Country: Bangladesh
     Victim Industry: Education
     Victim Organization: assim bahumukhi high school
     Victim Site: assimhs.edu.bd
120. 7 Proxies targets the website of Government Janata College
     Category: Defacement
     Content: The group claims to have defaced the website of Government Janata College.Mirror: https://ownzyou.com/zone/281425
     Date: 2026-01-26T07:10:09Z
     Network: telegram
     Published URL: https://t.me/c/2366703983/966
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/9d5f1135-f0a9-4d91-a468-8d7bf2a598f4.png
     Threat Actors: 7 Proxies
     Victim Country: Bangladesh
     Victim Industry: Education
     Victim Organization: government janata college
     Victim Site: gjc.edu.bd
121. Alleged Sale of Genome Research Database
     Category: Data Breach
     Content: The threat actor claims to be selling a large-scale genome research database allegedly originating from a Chinese institute. The dataset reportedly contains extensive genomic and biological research data, including genome sequences, epigenetic information, single-cell data, 3D genome structure data, and SNP information.
     Date: 2026-01-26T06:18:18Z
     Network: openweb
     Published URL: https://darkforums.io/Thread-Selling-Genome-database-of-the-Chinese-institute-1-38B
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/0d49af44-52b5-485e-84a2-80657ddeda5f.png
     Threat Actors: Bjdrlddnu7
     Victim Country: China
     Victim Industry: Biotechnology
     Victim Organization: Unknown
     Victim Site: Unknown
122. JavaneseTeam targets the website of situsmaster333.com
     Category: Defacement
     Content: The group claims to have defaced the website of situmaster333.com.
     Date: 2026-01-26T06:14:41Z
     Network: openweb
     Published URL: https://defacer.id/mirror/id/233426
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/bcab3293-85d6-4ea1-97a0-b8e20c3afac8.png
     Threat Actors: JavaneseTeam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: situsmaster333.com
123. Alleged Data Breach of AAIHP
     Category: Data Breach
     Content: The threat actor claims to be leaked data from AAIHP. The Compromised Data Reportedly including First name, Last name, Organization, Street address
     Date: 2026-01-26T06:08:08Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-DOCUMENTS-AAIHP-FR
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/684a5935-a760-4ac8-8875-34d9d0a03d32.png
     Threat Actors: Shenron
     Victim Country: France
     Victim Industry: Healthcare & Pharmaceuticals
     Victim Organization: aaihp
     Victim Site: aaihp.fr
124. BABAYO EROR SYSTEM targets the website of invoicing.trisquare.com.my
     Category: Defacement
     Content: The group claims to have defaced the website of invoicing.trisquare.com.my
     Date: 2026-01-26T06:07:49Z
     Network: telegram
     Published URL: https://t.me/c/3664625363/28
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/4985b27b-f82c-4914-bda0-1d927ce6c722.png
     Threat Actors: BABAYO EROR SYSTEM
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: invoicing.trisquare
     Victim Site: invoicing.trisquare.com.my
125. Infrastructure Destruction Squad to Have Found Vulnerability in Palestine
     Category: Vulnerability
     Content: The group claims to have found vulnerabilities in 500 organizations in Palestine.
     Date: 2026-01-26T06:07:06Z
     Network: telegram
     Published URL: https://t.me/n2LP_wVf79c2YzM0/3481
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/eff04c5f-68ad-4e04-8bd3-0b0a6e0b4dce.png
     Threat Actors: Infrastructure Destruction Squad
     Victim Country: Palestine
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
126. JavaneseTeam targets the website of Toko
     Category: Defacement
     Content: The group claims to have defaced the website of Toko.
     Date: 2026-01-26T06:02:07Z
     Network: openweb
     Published URL: https://defacer.id/mirror/id/233428
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/44944f88-0ac1-4565-8471-658509ecccc1.png
     Threat Actors: JavaneseTeam
     Victim Country: Vietnam
     Victim Industry: E-commerce & Online Stores
     Victim Organization: toko
     Victim Site: tokotech.online
127. BABAYO EROR SYSTEM targets the website of ExplorExperts LLC
     Category: Defacement
     Content: The group claims to have defaced the website of ExplorExperts LLC
     Date: 2026-01-26T06:00:39Z
     Network: telegram
     Published URL: https://t.me/c/3664625363/28
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/40efb896-bcef-4ca7-8427-2a9d1c994921.png
     Threat Actors: BABAYO EROR SYSTEM
     Victim Country: USA
     Victim Industry: Leisure & Travel
     Victim Organization: explorexperts llc
     Victim Site: vervoer.explorexpertsny.com
128. Alleged Breach Of West Java Provincial Government Data
     Category: Data Breach
     Content: The threat actor claims to leaked West Java Province Government Employee Data. The exposed data reportedly contain 37,000 records including civil servant identifiers (NIP), personal details, employment information, education records, and contact data
     Date: 2026-01-26T05:51:27Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-DATABASE-DATA-BASE-SELURUH-PEGAWAI-PROV-JABAR-37-35-K
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/c9300416-b829-47af-acb8-e4252feb5b79.png
     Threat Actors: CinCauGhast
     Victim Country: Indonesia
     Victim Industry: Government & Public Sector
     Victim Organization: west java provincial government
     Victim Site: siap.jabarprov.go.id
129. JavanesTeam targets the website of bandartotosgp.com
     Category: Defacement
     Content: The group claims to have defaced the website of bandartotosgp.com.
     Date: 2026-01-26T05:42:06Z
     Network: openweb
     Published URL: https://defacer.id/mirror/id/233409
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/828dbc13-71a1-42a1-8954-500a9fededae.png
     Threat Actors: JavaneseTeam
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: bandartotosgp.com
130. Alleged data breach of RSU MEDIMAS
     Category: Data Breach
     Content: The group claims to have breached the data of RSU MEDIMAS
     Date: 2026-01-26T05:19:15Z
     Network: telegram
     Published URL: https://t.me/maul1337anon/701
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/52d24474-fd72-4a19-a82a-e2375b6c7d7c.png
     Threat Actors: maul1337
     Victim Country: Indonesia
     Victim Industry: Hospital & Health Care
     Victim Organization: rsu medimas
     Victim Site: rsumedimas.id
131. Z-BL4CX-H4T.ID targets the website of IKIO Technologies Limited
     Category: Defacement
     Content: The group claims to have defaced the website of IKIO Technologies Limited
     Date: 2026-01-26T04:47:30Z
     Network: telegram
     Published URL: https://t.me/z_bl4cx_h4t_id/37
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/662e745b-4663-40e0-87c5-23e20de10542.png
     Threat Actors: Z-BL4CX-H4T.ID
     Victim Country: India
     Victim Industry: Electrical & Electronic Manufacturing
     Victim Organization: ikio technologies limited
     Victim Site: retails.test-ikio.com
132. Z-BL4CX-H4T.ID targets the website of OASIS INDIA IT STORE PRIVATE LIMITED
     Category: Defacement
     Content: The group claims to have defaced the website of OASIS INDIA IT STORE PRIVATE LIMITED
     Date: 2026-01-26T04:35:33Z
     Network: telegram
     Published URL: https://t.me/z_bl4cx_h4t_id/37
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/5bb62d74-ffa6-4ff6-b903-c3a6732f2f36.png
     Threat Actors: Z-BL4CX-H4T.ID
     Victim Country: India
     Victim Industry: Information Technology (IT) Services
     Victim Organization: oasis india it store private limited
     Victim Site: oasisitstore.in
133. Z-BL4CX-H4T.ID targets the website of Sishu RatnaSagar
     Category: Defacement
     Content: The group claims to have defaced the website of Sishu RatnaSagar
     Date: 2026-01-26T04:19:38Z
     Network: telegram
     Published URL: https://t.me/z_bl4cx_h4t_id/37
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/9d22a388-3a35-4676-9b81-3adf48068987.png
     Threat Actors: Z-BL4CX-H4T.ID
     Victim Country: India
     Victim Industry: Publishing Industry
     Victim Organization: sishu ratnasagar
     Victim Site: test.sishuratnasagar.in
134. Trojan 1337 targets the website of ATN Bangla
     Category: Defacement
     Content: The group claims to have defaced the website of ATN Bangla
     Date: 2026-01-26T04:12:32Z
     Network: telegram
     Published URL: https://t.me/c/2805167925/110
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/942bdf13-8660-4715-96c3-710347b07023.png
     Threat Actors: Trojan 1337
     Victim Country: Bangladesh
     Victim Industry: Media Production
     Victim Organization: atn bangla
     Victim Site: atnbangla.tv
135. Mills products falls victim to Qilin Ransomware
     Category: Ransomware
     Content: The group claims to have obtained the organizations data.
     Date: 2026-01-26T03:54:31Z
     Network: tor
     Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=d48a4ced-4368-394a-ae47-e174dcf9c24d
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/30ea875f-8a1c-47f5-8f00-d599d12c298e.png
     https://d34iuop8pidsy8.cloudfront.net/06f9b869-9bcd-4261-aa13-c6eb1cad9058.png
     Threat Actors: Qilin
     Victim Country: USA
     Victim Industry: Manufacturing
     Victim Organization: mills products
     Victim Site: millsproducts.com
136. Alleged Sale of Crypto Wallet Exploitation Tool
     Category: Malware
     Content: Threat actor claims to be selling a crypto wallet scanning and processing tool designed to analyze stealer logs and local directories to identify cryptocurrency wallets. The software allegedly extracts wallet data, checks on-chain balances, and performs CPU-based password brute-force attacks using AVX optimization
     Date: 2026-01-26T03:47:46Z
     Network: openweb
     Published URL: https://forum.exploit.in/topic/274550/
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/e6796a7c-bba4-44e1-b31d-f869a1657edf.png
     https://d34iuop8pidsy8.cloudfront.net/efe6a7f9-694d-41fd-8f7b-16833e227853.png
     https://d34iuop8pidsy8.cloudfront.net/6befe263-26ec-4464-a803-9eeea05c8ebd.png
     https://d34iuop8pidsy8.cloudfront.net/a5190a01-8adf-458b-9520-acf0100a684a.png
     https://d34iuop8pidsy8.cloudfront.net/a660b9a7-6c8d-417c-bc7f-f735781fcad6.png
     https://d34iuop8pidsy8.cloudfront.net/30d655ab-c360-44b7-95dc-74fbdbd2c7ad.png
     https://d34iuop8pidsy8.cloudfront.net/9b3193eb-33c3-46a2-ad58-a9847e9b73b1.png
     Threat Actors: cryptxgraph
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
137. Alleged sale of 563K Hong Kong Private leads
     Category: Data Breach
     Content: Threat actor claims to be selling a Hong Kong–based private leads database containing approximately 563,000 records. The dataset allegedly includes personal contact information such as full names, phone and mobile numbers, personal email addresses, and country details.
     Date: 2026-01-26T03:18:41Z
     Network: openweb
     Published URL: https://forum.exploit.in/topic/274552/
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/e03918fa-4ff3-4e36-a762-3482c28b6cf8.png
     Threat Actors: betway
     Victim Country: China
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
138. Alleged Data Leak of StormForum
     Category: Data Breach
     Content: The threat actor claims to be leaked data from StormForum. The Compromised Data Reportedly including User ID, Username, Email address, Custom title
     Date: 2026-01-26T02:35:43Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-DATABASE-StormForum
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/a6f31237-9d48-40d0-873a-6f06e10a2982.png
     Threat Actors: sqlattacker
     Victim Country: Unknown
     Victim Industry: Unknown
     Victim Organization: stormforum
     Victim Site: Unknown
139. Alleged data breach of office of search and rescue commission
     Category: Data Breach
     Content: The group claims to have breached the data of office of search and rescue commission
     Date: 2026-01-26T02:26:43Z
     Network: telegram
     Published URL: https://t.me/EXA_DOS_KH/39
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/e8ef6adb-de90-4999-9cdc-6b377202d679.png
     https://d34iuop8pidsy8.cloudfront.net/d86829e2-eedb-4f96-ad96-b9a10ca7cddc.png
     Threat Actors: EXADOS
     Victim Country: Thailand
     Victim Industry: Government Administration
     Victim Organization: office of search and rescue commission
     Victim Site: sar.mot.go.th
140. Alleged Leak of Brazilian Personal Data
     Category: Data Breach
     Content: The threat actor claims to be leaked Brazilian Personal Data
     Date: 2026-01-26T02:12:47Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-Fresh-Brazilian-data-ready-for-use–185628
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/e671fc90-efac-4d40-a0c9-358b508a5b20.png
     Threat Actors: kowalskisp
     Victim Country: Brazil
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
141. Alleged Leak of Grand Lodge of France
     Category: Data Breach
     Content: The threat actor claims to be leaked Grand Lodge of France Freemasonry Documents
     Date: 2026-01-26T01:59:28Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-DOCUMENTS-FR-Franc-Maconnerie-Papers
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/54846959-9f78-46b9-a4c3-4e4040d431c3.png
     Threat Actors: Didiplayer
     Victim Country: France
     Victim Industry: Unknown
     Victim Organization: grand lodge of france
     Victim Site: Unknown
142. Alleged Leak of Credit and Debit Card Data from Usa
     Category: Data Breach
     Content: The threat actor claims to be leaked Credit and Debit Card Data from Usa.
     Date: 2026-01-26T01:28:41Z
     Network: openweb
     Published URL: https://breachforums.bf/Thread-8x-Credit-Debit-with-name-phone-address-bank
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/d0ccb568-f2a8-4e5e-b273-90fcb1b95c64.png
     https://d34iuop8pidsy8.cloudfront.net/2ef83472-a0fa-4f8d-b22d-87f9fa41b8ee.png
     Threat Actors: saks
     Victim Country: USA
     Victim Industry: Unknown
     Victim Organization: Unknown
     Victim Site: Unknown
143. Alleged data breach of TaquillaLive
     Category: Data Breach
     Content: The threat actor claims to be leaked data from TaquillaLive. The Compromised Data Reportedly contain 21,000 records including Full name, Identification, Email address, Phone number, Full postal address, Username
     Date: 2026-01-26T01:14:36Z
     Network: openweb
     Published URL: https://darkforums.io/Thread-Document-COLOMBIA-TAQUILLALIVE-21K-RECORDS-25-01-2026
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/52bd1b17-b5fa-4156-b681-9f737d70f2b3.png
     https://d34iuop8pidsy8.cloudfront.net/9c470b53-81fc-445f-bafc-d2769dc25d5e.png
     Threat Actors: malconguerra2
     Victim Country: Colombia
     Victim Industry: Entertainment & Movie Production
     Victim Organization: taquillalive
     Victim Site: taquillalive.com
144. Alleged access to Zakat Fund
     Category: Initial Access
     Content: The group claims to have leaked access of Zakat FundNB: Authenticity of the claim is yet to be verified.
     Date: 2026-01-26T00:47:44Z
     Network: telegram
     Published URL: https://t.me/Pharaohs_n/670
     Screenshots:
     https://d34iuop8pidsy8.cloudfront.net/7c09c7b0-732e-4ca0-bdad-2ff04bfa9a4a.png
     Threat Actors: Pharaohs Team Channel
     Victim Country: Lebanon
     Victim Industry: Non-profit & Social Organizations
     Victim Organization: zakat fund
     Victim Site: zakat.org.lb