[January-27-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This report provides an in-depth analysis of the cyber threat landscape observed on January 27, 2026. The data indicates a highly volatile environment characterized by a convergence of state-level data leaks, aggressive ransomware campaigns targeting critical infrastructure and private enterprise, and a thriving underground market for initial access credentials.

On this single day, the global cybersecurity community detected a massive volume of incidents ranging from “mega-breaches” affecting tens of millions of citizens in South America and Europe to targeted ransomware strikes against US-based manufacturing and legal firms. A total of 123 distinct threat intelligence alerts were analyzed for this report.

Key Findings:

Sovereign Data Crisis: Massive citizen databases from Venezuela (36 million records), Argentina (20 million records), and Mexico were leaked or put up for sale, exposing critical national ID and social welfare data.
Ransomware Proliferation: The CL0P, Sinobi, and TENGU ransomware gangs were exceptionally active, launching coordinated waves of attacks against the Real Estate, Legal, and Manufacturing sectors.
Corporate Mega-Breaches: High-profile corporations including SoundCloud, Panera Bread, and O’Tacos suffered significant data breaches, impacting nearly 60 million customer accounts combined.
Hacktivism Surge: Groups such as Pharaohs Team Channel and BABAYO EROR SYSTEM executed widespread website defacement campaigns, primarily targeting Turkey and Indonesia.

2. Strategic Threat Landscape Analysis

2.1. The Sovereign Data Hemorrhage

A defining feature of the threat landscape on January 27, 2026, was the catastrophic exposure of government-held citizen data. Unlike corporate breaches where credit card numbers or emails are lost, these breaches involve immutable national identity data, posing long-term national security risks.

The most significant event was the alleged leak of a massive database of Venezuelan citizens. The threat actor, identified as “malconguerra2”, claims the dataset affects approximately 36 million individuals. The gravity of this breach is underscored by the content, which reportedly includes highly sensitive national identification and civil registry information. This represents a near-total exposure of the country’s population data.+1

Simultaneously, Argentina faced a similar crisis. A threat actor known as “endiablados” claimed to have leaked a database of social welfare beneficiaries containing over 20 million records. This dataset includes personally identifiable information (PII) and demographic data, likely putting vulnerable populations at risk of fraud and exploitation.

In North America, the Government of Mexico was targeted by actor “Alz_157s”. The leak reportedly includes sensitive data related to hospitals and students in the regions of Oaxaca, Chihuahua, and Campeche. Furthermore, the Cruz Roja Mexicana I.A.P. (Mexican Red Cross) saw its donor data put up for sale by “Straightonumberone,” involving 46,770 records of donor IDs, amounts, and emails.+2

In Southeast Asia, the Ministry of Health Malaysia suffered a breach where an employee database was extracted. The actor “aleksander” exposed 3,223 records containing national IDs, salaries, and residential addresses of government health workers.+2

2.2. The Ransomware Industrial Complex

Ransomware groups continued to operate with impunity, utilizing “double extortion” tactics where data is stolen before encryption to force payment.

The CL0P Onslaught: The CL0P ransomware group was arguably the most aggressive actor of the day, launching a distinct campaign heavily focused on the United States Real Estate and Legal sectors. Their victims included:

McMullan and Brown: A law firm in the USA.
Escali: A manufacturing entity.
Arkansas Trial Lawyers Association: A non-profit legal organization.
COBU Architecture Studio: An architecture firm.+2
Sentinela Security Intelligence: An IT service firm in Brazil.
Gale International: A real estate developer.
The McKee Group: Real estate.
Island Outpost: A hospitality group in Jamaica.
Ny Asphalt Inc: Construction.
Kriegman and Smith, Inc.: Real estate.
KLM Equities Inc.: Real estate.+1

This pattern suggests CL0P has developed a specific targeting capability or purchased a batch of access credentials for the US legal and property management supply chain.

Sinobi and TENGU Operations: The Sinobi group focused on high-value data exfiltration. They struck Gallagher Transport International (USA), stealing 100 GB of financial and contract data; Morison Insurance (Canada), taking 100 GB of confidential customer data ; and Ashcraft Company (USA), where they claimed to exfiltrate a massive 750 GB of data.+4

The TENGU ransomware group demonstrated global reach, targeting:

Fruit-Goodness Agri-food (Tunisia): 6 GB of data stolen.
KSP TLM Indonesia: A financial service entity, losing 100 GB of data.
Parisian Real Estate (France): 7.83 GB stolen.
SkyEgypt Tours (Egypt): 16 GB stolen.
Lenotech Corporation (Philippines): A consumer electronics firm losing 136 GB of data.

Other Notable Ransomware Activity:

DEVMAN 2.0 attacked TWI Group Inc. (USA), threatening to release 300 GB of construction data.
INC RANSOM targeted the UK education sector via Shaw Hill Primary School and US legal firms like Newkirk Zwagerman, P.L.C. and The Trevino Group.+1
Nitrogen Ransomware compromised chemical manufacturer QualiChem Metalworking and wholesale distributor Connor Co., stealing formulas and tax documents.+1
GENESIS hit Goodmanagement (USA) for 450 GB and Global Parts & Maintenance for 400 GB.+1

2.3. Corporate Mega-Breaches

Several massive corporate databases were leaked or sold, affecting millions of consumers globally.

SoundCloud: A major breach impacted 29.8 million user accounts. The exposed data included usernames, emails, and activity details, though no financial data was lost.+1
Panera Bread: Two separate alerts pointed to this victim. One actor, “ShinyHunters,” claimed to have breached the database exposing 14 million records , while another alert mentioned a 760M record leak potentially conflating data from other sources like Edmunds.com.+1
O’Tacos: The French fast-food chain saw its customer database of 29 million records (10 million identifiable) leaked by actor “marak”.
TotalEnergies: A database of 50,079 French customers was leaked, containing banking details (IBAN/BIC) and physical addresses.
AXA: The French insurance giant had a smaller but sensitive breach of 798 files.

3. Detailed Regional Impact Report

3.1. North America (USA, Canada, Mexico)

North America remains the primary target for financially motivated cybercrime.

United States: The US bore the brunt of the ransomware activity (CL0P, Sinobi, Nitrogen). Beyond ransomware, data breaches were rampant. A database of 1 million US CEO and Business contacts was leaked by “Thesnake02”. Another leak exposed a US Customers Database from 2021 containing 16 GB of PII. Credit card data (400 records) was sold by “corptoday” , and unauthorized admin access to various US online stores was auctioned.+4
Canada: Morison Insurance was a key victim of Sinobi ransomware. Additionally, unauthorized VPN/RDP access to Canadian manufacturing organizations was marketed.+1
Mexico: As noted, the Government of Mexico and Mexican Red Cross suffered data thefts, highlighting a deterioration in public sector digital security.+1

3.2. Europe (France, UK, Germany, Spain, Italy, Slovakia)

France: France experienced a surge in targeted breaches. The O’Tacos and TotalEnergies breaches compromised millions. The CNAM (Conservatoire national des arts et métiers) saw 10,000 employee records leaked. E-commerce entities like Techni-Contact and Passage Bleu also had databases sold.+2
United Kingdom: The education sector was hit (Shaw Hill Primary School). Access brokers were active, selling admin panels for UK Magento stores and WordPress shops.+2
Germany: The automotive sector was targeted, with an unidentified association losing confidential documents. Additionally, a massive lead database of 940,000 private German individuals was put up for sale.+1
Spain: An actor “IntelShadow” leaked data on LinkedIn users in Madrid. A significant listing appeared for unauthorized RDP/Admin access to a Spanish business services organization.+1
Eastern Europe: Slovakia was targeted by AvangardSec, which claimed to encrypt MM Systems, s.r.o. and issued threats against the country generally. Lithuania also faced threats to its infrastructure from the group “Cardinal”.+2

3.3. Asia-Pacific (Taiwan, Thailand, Indonesia, Philippines, Malaysia, China)

Taiwan: High-tech industries were targeted. The AMX Residential Control System was breached, giving attackers control over smart home systems. Paragon Technologies admitted to a cyberattack. SaveCom International was breached by “RipperSec”.+2
Thailand: The education sector was under siege. Sukhothai Thammathirat Open University was hit by Qilin Ransomware. Bangkok University research centers and Huachiew Chalermprakiet University suffered data leaks. Yala Vocational College was defaced.+3
Indonesia: Hacktivism was rampant. BABAYO EROR SYSTEM defaced multiple government sites, including the Provinsi Kalimantan Tengah , Provinsi Jambi , and PPID Kemendagri. Ransomware also struck KSP TLM Indonesia.+3
China/Malaysia: TEAM BD CYBER NINJA claimed to leak banking documents from both nations.

3.4. Middle East & Africa (Israel, Egypt, Turkey, Tunisia, Algeria)

Israel: Bazelet Beer faced the sale of unauthorized web shell access. Access to WordPress shops was also sold.+1
Turkey: Turkey faced a massive wave of website defacements by Pharaohs Team Channel, targeting real estate (Malatya Emlak), automotive (Malatya Yedek), and municipal (Etimesgut) sites. The online casino Sahabet had 100,000 user records leaked.+4
Egypt: SkyEgypt Tours fell victim to TENGU ransomware. Data from a Magento Egypt store was also sold.+1
Algeria: LulzSec Hackers announced targeting of the country.

4. Sector-Specific Impact Analysis

4.1. Government and Public Sector

This sector suffered the most catastrophic data losses in terms of volume.

Venezuela: 36 million citizen records leaked.
Argentina: 20 million social welfare records leaked.
Ukraine: The National Police of Ukraine was breached, exposing data on criminal authorities. The Armed Forces candidate lists were also leaked by “Beregini”.+1
Indonesia: Multiple provincial government websites were defaced.+1

4.2. Healthcare and Pharma

Ministry of Health Malaysia: Employee database breached.
Chungnam National University Hospital (South Korea): A major breach where “Moneyistime” claimed to have encrypted systems and stolen terabytes of data.
OEC Medical Systems (USA): Hit by NightSpire ransomware, losing 1 TB of data.
APK Scientific (Thailand): Website defaced.

4.3. Financial Services and Insurance

AXA (France): Data breach.
eToro: 87,000 lines of user data (deposits, IPs) sold.
Acqua-Vero Investimentos (Brazil): Login access leaked.
IMA Diligence Services (USA): GENESIS ransomware victim, 700 GB stolen.

4.4. Education

UK: Shaw Hill Primary School (Ransomware).
France: CNAM (10k records) and UGSEL (600 students) breached.+1
Thailand: Multiple universities (Sukhothai, Bangkok University, Huachiew) compromised.+2
Indonesia: SMPN 2 Muaro Jambi student data leaked.

5. Emerging Threats and Markets

5.1. The Initial Access Broker (IAB) Market

A thriving market for “Initial Access” was observed, acting as the precursor for future ransomware attacks. Threat actors sold specialized access points:

Critical Infrastructure: Unauthorized access to an AMX Residential Control System in Taiwan and the distribution of TRK25 Advanced SCADA tools for targeting European factories.+1
Corporate Networks: Sales included Domain Admin access to a US Manufacturing firm , RDP/VPN access to US/Canada manufacturing , and RDP access to a Spanish business with backup access.+2
E-Commerce Access: Admin panels for stores in the UK , Israel , Singapore , New Zealand , and Italy were auctioned.+4

5.2. Hacktivism and Psychological Operations

Hacktivist groups were highly active, using defacement and data leaks to send political messages or cause disruption.

Pharaohs Team Channel: Conducted a high-tempo defacement campaign against over a dozen Turkish commercial websites.+2
RuskiNet: Targeted Colombian nightlife venues (Taboo Disco Club, RD Disco Club) with defacements.
NoName057(16): Claimed a DDoS attack on AutoKrAZ, a Ukrainian vehicle manufacturer.
AvangardSec: actively recruited “payload delivery specialists” for attacks on the EU, US, and Ukraine.

6. Detailed Incident Catalog (Selected Highlights)

6.1. High-Impact Data Breaches

Incident: Alleged data leak of unidentified German automotive association.
- Actor: Shadow ClawZ 404.
- Impact: Exfiltration of confidential documents from a critical industry in Germany.
Incident: Alleged Data Breach of ViewStats, Inc. (USA).
- Actor: cotopes.
- Details: 330,000 YouTube channel records including estimated revenue and subscriber counts.
Incident: Alleged data breach of TotalEnergies (France).
- Actor: iloveemogirls.
- Details: 50k records including IBANs and physical addresses.

6.2. Ransomware Case Studies

Case Study: The Manufacturing Sector Under Fire
- Target: Ashcraft Company (USA).
- Attacker: Sinobi.
- Data Lost: 750 GB (Financials, Customers, Contracts).
- Target: Escali (USA).
- Attacker: CL0P.
- Target: QualiChem Metalworking (USA).
- Attacker: Nitrogen (Formulas, Agreements).
- Analysis: Manufacturing firms are facing heavy data extortion threats, likely due to the value of their intellectual property (formulas, designs) and low tolerance for operational downtime.
Case Study: Legal Sector Vulnerability
- Target: MMD Insurance Law Advocates (USA).
- Attacker: PEAR Ransomware.
- Data Lost: 1.7 TB (Privileged Client Data, Evidence, Court Files).
- Analysis: The theft of 1.7 TB of legal data represents a catastrophic breach of attorney-client privilege and could lead to significant legal fallout for the victim firm.

6.3. Infrastructure and SCADA Threats

Incident: Sale of TRK25 Advanced SCADA Tool.
- Actor: Infrastructure Destruction Squad.
- Capabilities: Industrial network scanning, identifying Siemens/Rockwell systems, Modbus analysis.
- Implication: The proliferation of easy-to-use tools for attacking operational technology (OT) lowers the barrier to entry for saboteurs targeting energy and manufacturing grids.

7. Conclusion

The intelligence gathered on January 27, 2026, paints a picture of a cyber threat landscape that is both relentless and diversifying.

Primary Conclusions:

Nation-State Data is Unsafe: The simultaneous leakage of population-scale databases from Venezuela, Argentina, and Mexico indicates a systematic failure in the protection of government-held data in Latin America. These datasets will fuel years of identity theft, fraud, and targeted phishing.
Ransomware Specialization: Groups like CL0P are demonstrating distinct sector-based targeting (Legal/Real Estate), while groups like Sinobi and TENGU are focusing on high-volume data exfiltration (terabytes of data) across global manufacturing and logistics chains. The threat is no longer just encryption; it is the permanent loss of proprietary intelligence.
The Supply Chain Weakness: The rampant sale of admin access to e-commerce stores (Magento, WordPress) and remote access (RDP/VPN) to manufacturers highlights that supply chain vulnerabilities remain the path of least resistance for attackers.
Healthcare Under Siege: From the Malaysian Ministry of Health to South Korean hospitals and US medical manufacturers, the healthcare sector remains a prime target for both data theft and ransomware extortion.

Detected Incidents Draft Data

Alleged sale of unauthorized admin access to unidentified Manufacturing organization in USA
Category: Initial Access
Content: Threat actor claims to be selling unauthorized domain admin access to an unidentified Manufacturing organization in USA.
Date: 2026-01-27T23:14:41Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274676/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8cc40c68-910c-4cb3-917b-6e34a84376d2.png
Threat Actors: cold666
Victim Country: USA
Victim Industry: Manufacturing
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Crypto exchange accounts with IBAN
Category: Data Breach
Content: The threat actor advertises the sale of crypto exchange accounts with IBAN verification. The seller claims to offer both custom-name and random accounts across multiple cryptocurrency platforms.
Date: 2026-01-27T22:56:09Z
Network: openweb
Published URL: https://bhf.pro/threads/718876/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1f7d2130-c4ea-49f5-ae14-4f3a9ef48be7.png
Threat Actors: mshop_supp
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
TWI Group Inc. falls victim to DEVMAN 2.0 Ransomware
Category: Ransomware
Content: The Group claims to have obtained 300GB of organization data, which they intend to publish within 3 days.
Date: 2026-01-27T22:40:41Z
Network: tor
Published URL: http://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3635fe28-80e5-47ed-bd51-d53b0518057b.png
Threat Actors: DEVMAN 2.0
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: twi group inc.
Victim Site: twi-group.com
Alleged unauthorized access to AMX Residential Control System in Taiwan
Category: Initial Access
Content: The group claims to have gained unauthorized access to an AMX Residential Control System deployed in Taiwan and alleges that the platform can manage lighting, audio‑visual equipment, HVAC, security systems, and smart locks via centralized interfaces.
Date: 2026-01-27T22:35:47Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3502
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ae2c25b6-5853-4dba-b981-2f21b3b3a9ac.png
https://d34iuop8pidsy8.cloudfront.net/3aff1067-238b-4293-bd8d-49bef5f0b1ff.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: Taiwan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of an unidentified German automotive association
Category: Data Breach
Content: The group claims to have exfiltrated confidential documents from an unidentified German automotive association.
Date: 2026-01-27T22:34:48Z
Network: telegram
Published URL: https://t.me/ShadowClawZ404/13
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/51d1b1b7-36b8-4597-8972-49f8b42836c7.png
Threat Actors: Shadow ClawZ 404
Victim Country: Germany
Victim Industry: Automotive
Victim Organization: Unknown
Victim Site: Unknown
Shaw Hill Primary School falls victim to INC RANSOM Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2026-01-27T22:32:44Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/697928858f1d14b743d49db8
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5f5502da-6a20-47f1-b5a2-e7d49f658f7b.jpg
Threat Actors: INC RANSOM
Victim Country: UK
Victim Industry: Education
Victim Organization: shaw hill primary school
Victim Site: shawhillprimaryschool.org.uk
Alleged data breach of Ministry of Health Malaysia
Category: Data Breach
Content: The threat claims to have leaked the Ministry of Health Malaysia (MOH). The actor claims to have extracted an employees database table containing 3,223 records.The exposed data reportedly includes sensitive employee information such as national identification numbers, internal employee IDs, full names, dates of birth, gender, age, ethnicity, residential addresses, postal codes, cities and districts, job positions, grades, assigned facilities or units, contact phone numbers, email addresses, account creation and modification timestamps, and last login details.
Date: 2026-01-27T22:13:55Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Ministry-of-Health-Malaysia-Employees
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/71a0fc85-68cc-40c6-9b97-fa76d37bc2c3.png
Threat Actors: aleksander
Victim Country: Malaysia
Victim Industry: Government & Public Sector
Victim Organization: ministry of health malaysia
Victim Site: moh.gov.my
Fruit-Goodness Agri-food falls victim to TENGU Ransomware
Category: Ransomware
Content: The group claims to have obtained 6 GB of organizations data. They intend to publish in 1-2 days.
Date: 2026-01-27T21:39:18Z
Network: tor
Published URL: http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/4f79f41d4473a7f8988e6e4b8faad58d60cace55604e0c7b40d27f8bf55fef44/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/21994826-8431-4728-8392-66645b882d69.png
https://d34iuop8pidsy8.cloudfront.net/f3bca1b6-093a-48da-9374-8183720336b1.png
Threat Actors: TENGU
Victim Country: Tunisia
Victim Industry: Food Production
Victim Organization: fruit-goodness agri-food
Victim Site: Unknown
Alleged data breach of O’Tacos
Category: Data Breach
Content: The threat actor claims to have extracted the entire customer database of O’Tacos, affecting users across multiple countries. the leaked dataset allegedly contains approximately 29 million records, including around 10 million users with identifiable names, totaling ~9 GB of data in JSON format. The exposed information is said to relate to customer accounts and loyalty program data, including email addresses, first and last names, language and country details.
Date: 2026-01-27T21:25:57Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-EU-O-TACOS-COM-10M
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4721320a-66e0-4c4b-af07-32455ab3a0a2.png
Threat Actors: marak
Victim Country: France
Victim Industry: Food & Beverages
Victim Organization: o’tacos
Victim Site: otacos.com
Alleged data leak of Massive database of Venezuelan citizens,
Category: Data Breach
Content: The threat actor claims to have leaked a massive database of Venezuelan citizens, allegedly affecting approximately 36 million individuals. the exposed dataset reportedly contains highly sensitive national identification and civil registry informations
Date: 2026-01-27T21:24:09Z
Network: openweb
Published URL: https://breachforums.bf/Thread-SELLING-VENEZUELA-MASSIVE-LEAK-OF-CITIZEN-DATA-36-MILLIONS-27-02-2026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7b6b0b4e-c488-447b-9b93-6826bf5a02bd.png
https://d34iuop8pidsy8.cloudfront.net/6ff3d266-a126-4b6b-8f6c-d3e61dcba637.png
Threat Actors: malconguerra2
Victim Country: Venezuela
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown
KSP TLM Indonesia falls victim to TENGU Ransomware
Category: Ransomware
Content: The group claims to have obtained 100 GB of organizations data. They intend to publish in 8-9 days.
Date: 2026-01-27T21:14:04Z
Network: tor
Published URL: http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/c67e84903e2846c4ee156159fe8d168786be2d7d2c0c624739aaa9ded8bba542/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/00e20d07-993c-4cb0-855f-7276919d5c4b.png
https://d34iuop8pidsy8.cloudfront.net/efabff04-a07b-4dc7-8ce8-7557e8e8eff6.png
Threat Actors: TENGU
Victim Country: Indonesia
Victim Industry: Financial Services
Victim Organization: ksp tlm indonesia
Victim Site: tlmfoundation.or.id
Alleged Data Breach of ViewStats, Inc.
Category: Data Breach
Content: Threat Actor claims to have breached the database of ViewStats, Inc. in USA, containing over 330,000 YouTube channel records compiled using a custom parser. The exposed dataset reportedly includes channel names, categories, countries, account age, subscriber counts, total views, and linked X accounts.
Date: 2026-01-27T20:58:30Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274664/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f1cc1b0b-d627-404b-9628-89b49303941c.png
Threat Actors: cotopes
Victim Country: USA
Victim Industry: Media Production
Victim Organization: viewstats, inc.
Victim Site: viewstats.com
NEWKIRK ZWAGERMAN, P.L.C. falls victim to INC RANSOM Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data.
Date: 2026-01-27T20:51:07Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/697913908f1d14b743d3559a
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5839cf99-f54a-4df3-9366-33a32f4b7b1c.png
Threat Actors: INC RANSOM
Victim Country: USA
Victim Industry: Legal Services
Victim Organization: newkirk zwagerman, p.l.c.
Victim Site: newkirklaw.com
Gallagher Transport International Inc. falls victim to Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained 100 GB of organizations data. The compromised data includes Financial data, Incidents and Contracts. They intend to publish it within 8-9 days.
Date: 2026-01-27T20:45:18Z
Network: tor
Published URL: http://sinobi6rlec6f2bgn6rd72xo7hvds4a5ajiu2if4oub2sut7fg3gomqd.onion/leaks/6978eeaf6387a4c9a2db517a
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/48795cdd-0287-41bf-a014-b214c49cc7e0.png
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Transportation & Logistics
Victim Organization: gallagher transport international inc.
Victim Site: gallaghertransport.com
Morison Insurance falls victim to Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained 100 GB of organizations data. The compromised data includes Confidential, Customers data, Financial data and Incidents. They intend to publish it within 12 – 13 days.
Date: 2026-01-27T20:31:59Z
Network: tor
Published URL: http://sinobi6rlec6f2bgn6rd72xo7hvds4a5ajiu2if4oub2sut7fg3gomqd.onion/leaks/6978ec6f6387a4c9a2db42b5
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8b630243-55a6-45a9-ba3a-4422ea816975.png
https://d34iuop8pidsy8.cloudfront.net/55be68f4-1678-48d6-8ec3-c391b86d244b.png
https://d34iuop8pidsy8.cloudfront.net/2e864e7c-faca-4576-bf16-05aaf81aa821.png
Threat Actors: Sinobi
Victim Country: Canada
Victim Industry: Insurance
Victim Organization: morison insurance
Victim Site: morisoninsurance.ca
Ashcraft Company falls victim to Sinobi Ransomware
Category: Ransomware
Content: The group claims to have obtained 750 GB of organizations data. The compromised data includes Financial data, Customers data and Contract. They intend to publish it within 9-10 days.
Date: 2026-01-27T20:23:06Z
Network: tor
Published URL: http://sinobi6rlec6f2bgn6rd72xo7hvds4a5ajiu2if4oub2sut7fg3gomqd.onion/leaks/6978fcd36387a4c9a2dbdf4e
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f5ba6fbc-4bb5-4736-a3fc-41d911b10f1f.png
https://d34iuop8pidsy8.cloudfront.net/aee7b2ed-6bde-4131-8100-7709ff33f65f.png
Threat Actors: Sinobi
Victim Country: USA
Victim Industry: Machinery
Victim Organization: ashcraft company
Victim Site: ashcraftcompany.com
QualiChem Metalworking falls victim to Nitrogen Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data. The compromised data reportedly includes Financial statements, contracts, Commercial terms, formulas, long-term agreements.
Date: 2026-01-27T20:00:58Z
Network: tor
Published URL: http://nitrogenczslprh3xyw6lh5xyjvmsz7ciljoqxxknd7uymkfetfhgvqd.onion/posts/6978f199aa6c2f83ef8de669
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/375beb6a-aa22-49b4-bc42-d49cd0cd6291.png
Threat Actors: Nitrogen
Victim Country: USA
Victim Industry: Chemical Manufacturing
Victim Organization: qualichem metalworking
Victim Site: qualichem.com
RuskiNet targets the website of Taboo Disco Club
Category: Defacement
Content: The group claims to have defaced the website of Taboo Disco Club
Date: 2026-01-27T19:45:43Z
Network: telegram
Published URL: https://t.me/ruskinetgroup/40
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/09f87954-497d-4191-8a98-e9a552613591.jpg
Threat Actors: RuskiNet
Victim Country: Colombia
Victim Industry: Leisure & Travel
Victim Organization: taboo disco club
Victim Site: taboodiscoclub.com
RuskiNet targets the website of RD Disco Club
Category: Defacement
Content: The group claims to have defaced the website of RD Disco Club
Date: 2026-01-27T19:33:27Z
Network: telegram
Published URL: https://t.me/ruskinetgroup/40
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/42874fe4-b6a7-49c2-b310-2e8d6d10724a.jpg
Threat Actors: RuskiNet
Victim Country: Colombia
Victim Industry: Leisure & Travel
Victim Organization: rd disco club
Victim Site: rddiscoclub.com
Alleged data breach of AXA
Category: Data Breach
Content: The threat actor claims to have breached the French insurance company AXA. which reportedly contains approximately 798 files, totaling ~20 MB compressed and ~160 MB uncompressed data.
Date: 2026-01-27T19:32:03Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FR-AXA-ASSURANCE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/230aa84b-97b6-4ef5-81b2-5aba01acec2b.png
Threat Actors: nebulapwned
Victim Country: France
Victim Industry: Financial Services
Victim Organization: axa
Victim Site: axa.com
Alleged sale of unauthorized web shell access to Bazelet Beer
Category: Initial Access
Content: The group claims to be selling unauthorized web shell access to Bazelet Beer
Date: 2026-01-27T19:29:42Z
Network: telegram
Published URL: https://t.me/phteammarket/163
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/29b74346-a55b-45ad-96f7-e152b01098ac.png
Threat Actors: Pharaohs Team Channel
Victim Country: Israel
Victim Industry: Food & Beverages
Victim Organization: bazelet beer
Victim Site: bazeletbeer.co.il
Alleged data breach of MM Systems, s.r.o.
Category: Data Breach
Content: The group claims to have encrypted the systems of MM Systems, s.r.o., alleging impact to servers, client databases, managers’ personal PCs, and important documents.
Date: 2026-01-27T19:13:37Z
Network: telegram
Published URL: https://t.me/AvangardSec/23
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e9a7e3e6-eec3-4dd4-a1bd-952464092933.png
Threat Actors: AvangardSec
Victim Country: Slovakia
Victim Industry: Information Technology (IT) Services
Victim Organization: mm systems, s.r.o.
Victim Site: mmsystems.sk
Alleged data breach of SnapHub
Category: Data Breach
Content: The group claims to have breached database of SnapHub and leaked Personally identifiable information (PII), emails, phone numbers and Contextual/profile data linked to users.
Date: 2026-01-27T19:06:51Z
Network: telegram
Published URL: https://t.me/crewcyber/606
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1aadb5db-8957-491d-bba8-cea35409b0a6.jpg
Threat Actors: 404 CREW CYBER TEAM
Victim Country: India
Victim Industry: Computer Software/Engineering
Victim Organization: snaphub
Victim Site: snaphub.tech
Alleged data breach of TotalEnergies
Category: Data Breach
Content: The threat actor claims to have leaked a French customer database allegedly associated with TotalEnergies. the database was parsed into CSV format and reportedly contains approximately 50,079 records. The exposed data allegedly includes ,Last name (nom),First name (prenom),Date of birth,Email address,Phone number,Physical address,Postal code ,City ,Bank account details,Bank identifier code .
Date: 2026-01-27T18:37:46Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Totalenergies-french-database-50k
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/811bf8c7-a6da-41b7-886e-f1453da2ab8e.png
Threat Actors: iloveemogirls
Victim Country: France
Victim Industry: Oil & Gas
Victim Organization: totalenergies
Victim Site: totalenergies.com
McMullan and Brown falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-27T18:35:59Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/m-b-law
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dbfb5582-0d5e-4d7e-a624-66f4b541f371.png
Threat Actors: CL0P
Victim Country: USA
Victim Industry: Law Practice & Law Firms
Victim Organization: mcmullan and brown
Victim Site: m-b.law
Escali falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-27T18:20:48Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/escali-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/61eb5472-7177-4b0f-af02-273102c65c7f.png
Threat Actors: CL0P
Victim Country: USA
Victim Industry: Manufacturing
Victim Organization: escali
Victim Site: escali.com
Arkansas Trial Lawyers Association falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-27T18:20:13Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/arktla-org
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cc448c71-1c5a-4dfd-bf61-b58d2629a462.png
Threat Actors: CL0P
Victim Country: USA
Victim Industry: Non-profit & Social Organizations
Victim Organization: arkansas trial lawyers association
Victim Site: arktla.org
COBU Architecture Studio falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-27T18:17:35Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/cobu-arch-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6ef4bcae-8355-40d9-baa4-7b438b72bbdb.png
Threat Actors: CL0P
Victim Country: USA
Victim Industry: Architecture & Planning
Victim Organization: cobu architecture studio
Victim Site: cobu-arch.com
Alleged leak of LinkedIn users database in Multiple Countries
Category: Data Breach
Content: The threat actor claims to be exposing a dataset allegedly scraped from LinkedIn users located in Madrid, Spain. the dataset allegedly contains professional and personal profile information, including ,Full name,Gender,Location details,Job title and role,Company name and industry,Company website,Work email address,Mobile phone number,LinkedIn profile URL,Facebook and Twitter profile URLs,Company social media URLs,Inferred salary ranges
Date: 2026-01-27T18:16:03Z
Network: openweb
Published URL: https://darkforums.io/Thread-Linkedin-Spain-MADRID
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c78c82d4-b1ca-4341-9c05-0207a44700e1.png
Threat Actors: IntelShadow
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sentinela Security Intelligence falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-27T18:10:29Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/centinela-com-br
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5c6cb446-9e91-4a19-ad5c-94dd32625152.png
Threat Actors: CL0P
Victim Country: Brazil
Victim Industry: Information Technology (IT) Services
Victim Organization: sentinela security intelligence
Victim Site: sentinelasecurity.com.br
Alleged leak of Ukrainian Armed Forces candidate lists
Category: Data Breach
Content: The group claims to have published lists of candidates with personal data from Ukrainian Armed Forces training centers.
Date: 2026-01-27T17:59:46Z
Network: telegram
Published URL: https://t.me/hackberegini/3167
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1a4f8eaf-69e3-49da-8737-e2543e35ae8f.png
Threat Actors: Beregini
Victim Country: Ukraine
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Gale International falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-27T17:57:47Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/galeintl-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bfe0b359-4501-4933-a6b5-36342a19f480.png
Threat Actors: CL0P
Victim Country: USA
Victim Industry: Real Estate
Victim Organization: gale international
Victim Site: galeintl.com
The McKee Group falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-27T17:55:56Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/mckeegroup-net
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/644eb480-0e14-431a-a021-7c69e46b99f8.png
Threat Actors: CL0P
Victim Country: USA
Victim Industry: Real Estate
Victim Organization: the mckee group
Victim Site: mckeegroup.net
Island Outpost falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-27T17:51:52Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/islandoutpost-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/64e5c121-a79b-4eaf-8233-c8a5e40b588d.png
Threat Actors: CL0P
Victim Country: Jamaica
Victim Industry: Hospitality & Tourism
Victim Organization: island outpost
Victim Site: islandoutpost.com
Ny Asphalt Inc falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-27T17:40:20Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/nyasphalt-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2dab2741-2b76-4244-b85a-555db7361604.png
Threat Actors: CL0P
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: ny asphalt inc
Victim Site: nyasphalt.com
Kriegman and Smith, Inc. falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-27T17:35:00Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/kriegmanandsmith-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8eb6f0e3-43ae-468f-a281-7828e219267f.png
Threat Actors: CL0P
Victim Country: USA
Victim Industry: Real Estate
Victim Organization: kriegman and smith, inc.
Victim Site: kriegmanandsmith.com
KLM Equities Inc. falls victim to CL0P Ransomware
Category: Ransomware
Content: The group claims to have obtained organizations data.
Date: 2026-01-27T17:10:46Z
Network: tor
Published URL: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/klmequities-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2663033b-6ff1-4e17-85f0-586613c242a7.png
Threat Actors: CL0P
Victim Country: USA
Victim Industry: Real Estate
Victim Organization: klm equities inc.
Victim Site: klmequities.com
Alleged Sale of Unauthorized Admin Panel and Shell Access to a Magento Store in UK
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized admin panel access and shell access to a magento store in UK.
Date: 2026-01-27T17:06:02Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/274658/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6d7ebfa5-af4c-4be9-a3af-e88570a5c730.png
https://d34iuop8pidsy8.cloudfront.net/9f4f5f6c-3689-43e1-be28-10f11cd542db.png
Threat Actors: JustAnon69
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
EXADOS targets the website of APK Scientific Co., Ltd
Category: Defacement
Content: The group claims to have defaced the website of APK Scientific Co., Ltd
Date: 2026-01-27T17:04:58Z
Network: telegram
Published URL: https://t.me/EXA_DOS_KH/87
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/de05bfe2-52a4-4ad0-a56e-0fc713c643f7.jpg
Threat Actors: EXADOS
Victim Country: Thailand
Victim Industry: Medical Equipment Manufacturing
Victim Organization: apk scientific co., ltd
Victim Site: apkscientific.co.th
Parisian Real Estate Company falls victim to TENGU Ransomwar
Category: Ransomware
Content: The group claims to have obtained 7.83 GB of organizations data. They intend to publish in 6-7 days.
Date: 2026-01-27T16:51:51Z
Network: tor
Published URL: http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/720acf2ad8b733584750bc37aad17dfbd6accf6634e9ac4ca5348ae0e55f986c/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7cfa1e2c-f589-4bac-82c1-4307f734080c.png
https://d34iuop8pidsy8.cloudfront.net/8dcdf81b-f6b8-46dc-90bc-9066dddaa8d1.png
https://d34iuop8pidsy8.cloudfront.net/13b3cd2b-7fd8-48ef-aa83-10fb74102d25.png
https://d34iuop8pidsy8.cloudfront.net/6f4aa26f-03b4-4767-94d1-50eead64831e.png
https://d34iuop8pidsy8.cloudfront.net/f624180e-78a7-4496-bbf5-56cfcbefffcf.png
Threat Actors: TENGU
Victim Country: France
Victim Industry: Real Estate
Victim Organization: parisian real estate
Victim Site: Unknown
LulzSec Hackers claims to target Algeria
Category: Cyber Attack
Content: A recent post by the group indicates that theyre targeting Algeria
Date: 2026-01-27T16:51:18Z
Network: telegram
Published URL: https://t.me/LulzSecHackers/351
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/92c5f88b-11b2-4edb-9d6b-7de2a129dbf5.png
Threat Actors: LulzSec Hackers
Victim Country: Algeria
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Bangkok University Center of Research in Optoelectronics, Communications and Computational Systems
Category: Data Breach
Content: The group claims to have leaked the database of Bangkok University Center of Research in Optoelectronics, Communications and Computational Systems
Date: 2026-01-27T16:24:37Z
Network: telegram
Published URL: https://t.me/Zaher_infinity01/211?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e4c6d507-ab0c-427e-baed-42889df4fe70.jpg
Threat Actors: ZAHER INFINITY
Victim Country: Thailand
Victim Industry: Education
Victim Organization: bangkok university center of research in optoelectronics, communications and computational systems
Victim Site: bucroocs.bu.ac.th
SkyEgypt Tours falls victim to TENGU Ransomware
Category: Ransomware
Content: The group claims to have obtained 16 GB of organizations data. They intend to publish in 7-8 days.
Date: 2026-01-27T16:20:12Z
Network: tor
Published URL: http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/0631acce32e1e6aea1cf162256c9e33ac91992606e9e2551053f25837fea805c/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2e4fc8de-5c7e-44ae-af36-6a65a1ab9380.png
https://d34iuop8pidsy8.cloudfront.net/62f7c89a-5b00-416a-938d-40553da5ee2a.png
Threat Actors: TENGU
Victim Country: Egypt
Victim Industry: Hospitality & Tourism
Victim Organization: skyegypt tours
Victim Site: skyegtours.com
Lenotech Corporation falls victim to TENGU Ransomware
Category: Ransomware
Content: The group claims to have obtained 136 GB of organizations data. They intend to publish in 8-9 days.
Date: 2026-01-27T15:48:37Z
Network: tor
Published URL: http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/blog/99b5f21e6809fa3b3992cf6ba1ef0b3cd8850ff3910cbdd76f9dd2ecd5e68dc9/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ec0ed7fb-8475-4146-bbc0-8a5506102be2.png
https://d34iuop8pidsy8.cloudfront.net/a041bed3-ec94-429d-87c4-ec2ee3d2f830.png
Threat Actors: TENGU
Victim Country: Philippines
Victim Industry: Consumer Electronics
Victim Organization: lenotech corporation
Victim Site: lenotech.com.ph
Alleged data breach of CNAM (Conservatoire national des arts et métiers)
Category: Data Breach
Content: The threat actor claims to have compromised CNAM’s internal systems. According to the post, the leaked data allegedly extracted an internal employee database containing more than 10,000 records.
Date: 2026-01-27T15:47:37Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-CNAM-DATABASE-HawkSec
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0ed645a8-c2fa-4f5d-8602-6a470edd6a4e.png
Threat Actors: HawkSec
Victim Country: France
Victim Industry: Higher Education/Acadamia
Victim Organization: cnam (conservatoire national des arts et métiers)
Victim Site: cnam.fr
Alleged data leak of The Thai Dairy Industry Co., Ltd.
Category: Data Breach
Content: The group claims to have leaked the database of The Thai Dairy Industry Co., Ltd.
Date: 2026-01-27T15:46:33Z
Network: telegram
Published URL: https://t.me/Zaher_infinity01/212
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c79c3d1c-dba6-4499-8c64-416452de0d22.png
Threat Actors: ZAHER INFINITY
Victim Country: Thailand
Victim Industry: Dairy
Victim Organization: the thai dairy industry co., ltd.
Victim Site: thaidairy.co.th
Alleged data breach of UGSEL (Union Générale Sportive de l’Enseignement Libre)
Category: Data Breach
Content: The threat actor claims to have scraped the personal and academic data of approximately 600 students by exploiting a teacher/admin panel associated with UGSEL
Date: 2026-01-27T15:36:17Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-FR-UGSEL-as-ST-JOSEPH
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a12d63c0-1dd2-40e2-8837-3d966a2e149c.png
Threat Actors: azerty93200
Victim Country: France
Victim Industry: Education
Victim Organization: ugsel (union générale sportive de l’enseignement libre)
Victim Site: ugsel.org
Alleged data sale of Cruz Roja Mexicana I.A.P.
Category: Data Breach
Content: The threat actor claims to be selling 46,770 records from Cruz Roja Mexicana I.A.P., allegedly containing data dated from July 2025 to January 2026. The compromised data includes ID, reference, amount, email, type of donor, and more.
Date: 2026-01-27T14:28:15Z
Network: openweb
Published URL: https://darkforums.io/Thread-Selling-Mexico-Mexican-Red-Cross-donation-database-dump-46-670-entries
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/63fd5750-f853-4daf-ae70-5ecc2fe47adf.png
https://d34iuop8pidsy8.cloudfront.net/d3fc0abb-9ece-4cf4-8f01-83933742bfb5.png
Threat Actors: Straightonumberone
Victim Country: Mexico
Victim Industry: Non-profit & Social Organizations
Victim Organization: cruz roja mexicana i.a.p.
Victim Site: cruzrojamexicana.org.mx
Alleged data breach of National Police of Ukraine
Category: Data Breach
Content: The group claims to have breached the organisations data, allegedly including fragmented data on Ukrainian criminal authorities including disposal photos of such individuals, their names, nicknames, phone numbers, and additional information.
Date: 2026-01-27T14:26:53Z
Network: telegram
Published URL: https://t.me/sauron_of_eye/62
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/34f48a15-54ad-4dcb-aebd-57b67cfb9050.JPG
Threat Actors: EYE OF SAURON
Victim Country: Ukraine
Victim Industry: Government Administration
Victim Organization: national police of ukraine
Victim Site: npu.gov.ua
Cardinal claims to target Lithuanias infrastructure
Category: Alert
Content: The group claims to be targeting Lithuanias infrastructure.
Date: 2026-01-27T14:13:46Z
Network: telegram
Published URL: https://t.me/c/2182428249/5903
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4218ce51-b488-47db-abcc-81da571753f6.png
https://d34iuop8pidsy8.cloudfront.net/6ddfdb76-80b5-4545-8a7c-138f758afd3f.png
Threat Actors: Cardinal
Victim Country: Lithuania
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of unidentified banking group
Category: Data Breach
Content: The group claims to have leaked sensitive data from a major internationally recognised banking group.
Date: 2026-01-27T14:08:32Z
Network: telegram
Published URL: https://t.me/ShadowClawZ404/24
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b535a2bb-c982-4816-9fae-56e859c2cab6.JPG
Threat Actors: Shadow ClawZ 404
Victim Country: Unknown
Victim Industry: Banking & Mortgage
Victim Organization: Unknown
Victim Site: Unknown
Cyber attack hits Gady Family
Category: Cyber Attack
Content: The BMW-affiliated car dealer Gady Family in Austria reported it was hit by a cyber attack on January 25, 2026 that disrupted its IT systems, leaving the business only partially operational and forcing staff to rely on mobile phones for communication while investigations into potential exposure of employee, customer, or partner data are underway and authorities may be notified if affected information is confirmed.
Date: 2026-01-27T14:02:59Z
Network: openweb
Published URL: https://borncity.com/blog/2026/01/27/cyberangriffe-bmw-vertragshaendler-gady-staatliche-kunstsammlungen-dresden/
Screenshots:
None
Threat Actors: Unknown
Victim Country: Austria
Victim Industry: Retail Industry
Victim Organization: gady family
Victim Site: gady.at
Connor Co. falls victim to Nitrogen Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data. The compromised data reportedly includes financial statements, accounting records, tax documents, and architectural drawings.
Date: 2026-01-27T13:52:29Z
Network: tor
Published URL: http://nitrogenczslprh3xyw6lh5xyjvmsz7ciljoqxxknd7uymkfetfhgvqd.onion/posts/6978b76deb4ac6a38f8de667
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0a352c88-dd1b-4d7e-b1ca-88702cb10a7f.png
Threat Actors: NightSpire
Victim Country: USA
Victim Industry: Wholesale
Victim Organization: connor co.
Victim Site: connorco.com
Alleged data breach of SMPN 2 Muaro Jambi
Category: Data Breach
Content: The threat actor claims to have breached data from SMPN 2 Muaro Jambi, allegedly containing student data.
Date: 2026-01-27T13:35:49Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATA-SISWA-SMPN-2-MUARO-JAMBI
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9871582a-bf9f-44b6-bab2-5074c50cdc73.png
Threat Actors: ShadowNex
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: smpn 2 muaro jambi
Victim Site: smpn2muarojambi.com
SoundCloud Suffers Data Breach
Category: Cyber Attack
Content: SoundCloud disclosed a data breach that impacted approximately 29.8 million user accounts, as identified by the Have I Been Pwned platform. The exposed data reportedly includes usernames, email addresses, display names, profile information, and user activity details. SoundCloud stated that no passwords or financial information were compromised in the incident. The company confirmed it investigated the issue and took steps to secure affected systems.
Date: 2026-01-27T13:25:48Z
Network: openweb
Published URL: https://www.bleepingcomputer.com/news/security/have-i-been-pwned-soundcloud-data-breach-impacts-298-million-accounts/
Screenshots:
None
Threat Actors: Unknown
Victim Country: Germany
Victim Industry: Music
Victim Organization: soundcloud
Victim Site: soundcloud.com
Alleged leak of email and password from Japan and Europe
Category: Data Breach
Content: The threat actor claims to have leaked European and Japanese national email and password data.
Date: 2026-01-27T13:25:04Z
Network: openweb
Published URL: https://leakbase.la/threads/european-and-japanese-national-email-password-data.48564/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/08d2f852-437c-45b5-a39e-047da5fd0321.png
Threat Actors: aken
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Goodmanagement falls victim to GENESIS Ransomware
Category: Ransomware
Content: The group claims to have obtained 450 GB of the organization’s data. The compromised data reportedly includes project data, client data including sales and financial information, contracts and non-disclosure agreements, financial and tax data, property management data, network user folders, management folders, and data exfiltrated from the company’s file servers. The group intends to publish the data within 3–4 days.
Date: 2026-01-27T13:23:46Z
Network: tor
Published URL: http://genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion/e4f1965c6340950805ba/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ebc82c47-abfe-49b8-bb24-ea0e20429322.png
https://d34iuop8pidsy8.cloudfront.net/98d9f2bb-2147-40e8-900f-8a95eea361ce.png
Threat Actors: GENESIS
Victim Country: USA
Victim Industry: Hospitality & Tourism
Victim Organization: goodmanagement
Victim Site: goodmanagement.com
AvangardSec claims to target Syria
Category: Alert
Content: The group claims to be targeting Slovakia.
Date: 2026-01-27T13:08:23Z
Network: telegram
Published URL: https://t.me/AvangardSec/22
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3c46860f-0c92-4a8d-80d4-5e92294f76f7.png
Threat Actors: AvangardSec
Victim Country: Slovakia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
AvangardSec claims recruitment of payload delivery specialists for EU, US, and UA targets
Category: Ransomware
Content: The group is allegedly seeking specialists to assist with the distribution of RATs and ransomware across corporate networks and employee workstations in the European Union, United States, and Ukraine.
Date: 2026-01-27T13:03:32Z
Network: telegram
Published URL: https://t.me/AvangardSec/21
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0ca6abfd-1b22-4242-a260-3326edc4164c.png
Threat Actors: AvangardSec
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Global Parts & Maintenance falls victim to GENESIS Ransomware
Category: Ransomware
Content: The group claims to have obtained 400 GB of the organization’s data. The compromised data reportedly includes clients data, financial data, operational data, supply-chain data, users folders, data from company fileserver. The group intends to publish the data within 3–4 days.
Date: 2026-01-27T12:54:26Z
Network: tor
Published URL: http://genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion/777445ddd41c86b1fc47/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f2e2f564-9561-4d1d-a1ef-f98a6c4763a8.png
https://d34iuop8pidsy8.cloudfront.net/e68e5ded-bc5a-4bc4-8b6d-fbe0b6e8abb8.png
Threat Actors: GENESIS
Victim Country: USA
Victim Industry: Transportation & Logistics
Victim Organization: global parts & maintenance
Victim Site: globalpartsllc.com
BABAYO EROR SYSTEM targets the website of Village Public Information & Documentation Office, Jember Regency
Category: Defacement
Content: The group claims to have defaced the website of Village Public Information & Documentation Office, Jember Regency
Date: 2026-01-27T12:40:39Z
Network: telegram
Published URL: https://t.me/c/3664625363/48
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/61148405-0961-425a-8061-3559138074ee.JPG
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: village public information & documentation office, jember regency
Victim Site: jemberkab.go.id
IMA Diligence Services falls victim to GENESIS Ransomware
Category: Ransomware
Content: The group claims to have obtained 700 GB of the organizations data. The compromised data includes company customers data, business development data, confidential files, non-disclosure agreements, users folders, operational data, and data from the company file server. They intend to publish it within 4-5 days.
Date: 2026-01-27T12:40:02Z
Network: tor
Published URL: http://genesis6ixpb5mcy4kudybtw5op2wqlrkocfogbnenz3c647ibqixiad.onion/a540b155da0a63b229ca/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6f673a2c-347a-4a2e-bd32-e8d35f968dd1.png
https://d34iuop8pidsy8.cloudfront.net/6ef5d3e5-71b3-4cae-b2f0-f587c4873965.png
Threat Actors: GENESIS
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: ima diligence services
Victim Site: imadiligence.com
Alleged Distribution of TRK25 Advanced SCADA Tool
Category: Alert
Content: Threat actor claims to be distributing the TRK25 Advanced SCADA tool, designed to target SCADA and ICS environments commonly used in European factories. The tool reportedly features industrial network scanning, identification of SCADA and ICS systems (including Siemens and Rockwell), MODBUS and SCADA protocol analysis, banner extraction, data collection, and risk assessment capabilities.
Date: 2026-01-27T12:39:16Z
Network: telegram
Published URL: https://t.me/n2LP_wVf79c2YzM0/3497
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d0024c5e-7b33-4e61-a8f8-57d5c1854a3c.png
Threat Actors: Infrastructure Destruction Squad
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of credit card data from the United States
Category: Data Breach
Content: The threat actor claims to be selling 400 U.S. credit card records.
Date: 2026-01-27T12:36:04Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274631/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/781aa9ae-b86d-4f93-a84c-a55a91a245f4.png
https://d34iuop8pidsy8.cloudfront.net/22a9c5ff-d21a-4cdd-b9ec-c5e24007dcc8.png
Threat Actors: corptoday
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Cyber Attack hits Paragon Technologies Co., Ltd.
Category: Cyber Attack
Content: Paragon Technologies Co., Ltd. reported a cybersecurity incident on January 27, 2026, stating that its information systems were attacked by hackers. The company immediately activated defense mechanisms and recovery operations to protect its systems. According to the announcement, there has been no leak of personal data, confidential information, or important documents, and the incident is currently assessed as having no significant impact on business operations. Paragon also stated it will continue to strengthen network and information security monitoring to prevent future incidents.
Date: 2026-01-27T12:16:05Z
Network: openweb
Published URL: https://emops.twse.com.tw/server-java/t05sr01_1_e?&isNew=Y&seq_no=1&spoke_time=140832&spoke_date=20260127&co_id=3518
Screenshots:
None
Threat Actors: Unknown
Victim Country: Taiwan
Victim Industry: Manufacturing
Victim Organization: paragon technologies co., ltd.
Victim Site: pttech.com.tw
Sukhothai Thammathirat Open University falls victim to Qilin Ransomware
Category: Ransomware
Content: The group claims to have obtained the organizations data.
Date: 2026-01-27T11:59:50Z
Network: tor
Published URL: http://ijzn3sicrcy7guixkzjkib4ukbiilwc3xhnmby4mcbccnsd7j2rekvqd.onion/site/view?uuid=889ea8f7-6e75-3a8f-96eb-b4f2718085fb
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/05a605a4-6122-44e9-b81d-14f153a14984.png
https://d34iuop8pidsy8.cloudfront.net/4c76c421-7759-4951-95f7-d0fa3c021be4.png
https://d34iuop8pidsy8.cloudfront.net/f9af9f27-88c0-40da-97b5-78a4804d4f82.png
Threat Actors: Qilin
Victim Country: Thailand
Victim Industry: Education
Victim Organization: sukhothai thammathirat open university
Victim Site: stou.ac.th
Alleged leak of U.S. customers database
Category: Data Breach
Content: A threat actor claims to have leaked data belonging to a U.S. customers database, which was originally leaked in 2021. The compromised data is reportedly shared as a 4 GB compressed archive and approximately 16 GB uncompressed, and includes full names, dates of birth, physical addresses, ZIP codes, phone numbers, and multiple email addresses.
Date: 2026-01-27T11:54:37Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-USA-Customers-04-2021-153-986-518
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e8ffd643-45f1-4c57-8280-ffe78ef13d2c.png
Threat Actors: guanguan
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to an unidentified wordpress shop in England
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to an unidentified online shop in England
Date: 2026-01-27T11:49:22Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274625/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/98bd34eb-d47d-419f-8119-c1b7e9088c7d.png
Threat Actors: ed1n1ca
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to an unidentified wordpress shop in Israel
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to an unidentified online shop in Israel.
Date: 2026-01-27T11:47:55Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274621/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/db2a780d-47a8-447b-adcb-d406d3010e03.png
Threat Actors: ed1n1ca
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
NoName targets the website of AutoKrAZ
Category: Ransomware
Content: Proof of downtime: https://check-host.net/check-report/37da8cc4kafd
Date: 2026-01-27T11:42:04Z
Network: telegram
Published URL: https://t.me/c/2787466017/1878
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/731085a9-90c5-4e4e-9053-5b0b27f8a16f.png
Threat Actors: NoName057(16)
Victim Country: Ukraine
Victim Industry: Manufacturing & Industrial Products
Victim Organization: autokraz
Victim Site: autokraz.com.ua
Alleged sale of unauthorized access to an unidentified wordpress shop in Singapore
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access to an unidentified online shop in Singapore
Date: 2026-01-27T11:38:47Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274623/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/598bae17-00d8-44fe-85f3-21748b061fc8.png
Threat Actors: ed1n1ca
Victim Country: Singapore
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of login access to Acqua-Vero Investimentos
Category: Initial Access
Content: The group claims to have leaked login credentials belonging to Acqua-Vero Investimentos
Date: 2026-01-27T10:39:42Z
Network: telegram
Published URL: https://t.me/c/3027611821/361
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d564215b-879c-48cd-907c-a147d055400a.JPG
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: Brazil
Victim Industry: Financial Services
Victim Organization: acqua-vero investimentos
Victim Site: acquavero.com.br
MMD Insurance Law Advocates falls victim to PEAR Ransomware
Category: Ransomware
Content: The group claims to have obtained 1.7 TB of the organization’s data. The compromised data reportedly includes Financials, HR, Partners’ and Vendors’ Data, Clients’ Privileged & Confidential Data, PII & PHI Records, Police Reports & Court Files, Exhibits & Evidences, Mailboxes & Email Correspondence, etc.
Date: 2026-01-27T10:29:32Z
Network: tor
Published URL: http://pearsmob5sn44ismokiusuld34pnfwi6ctgin3qbvonpoob4lh3rmtqd.onion/Companies/mmdinsurancelawadvocate/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5d932108-b0ee-4325-ae7d-35a69edcc9ee.png
Threat Actors: PEAR
Victim Country: USA
Victim Industry: Law Practice & Law Firms
Victim Organization: mmd insurance law advocates
Victim Site: mmdinsurancelawadvocate.com
Alleged leak of login access to Air Media Tech
Category: Initial Access
Content: The group claims to have leaked login credentials belonging to airmediatech.in
Date: 2026-01-27T10:29:23Z
Network: telegram
Published URL: https://t.me/c/3027611821/360
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/602012c3-c030-4260-9779-600a8dc02b27.JPG
Threat Actors: Z-BL4CX-H4T.ID
Victim Country: India
Victim Industry: Marketing, Advertising & Sales
Victim Organization: air media tech
Victim Site: airmediatech.in
Alleged data breach of SaveCom International Inc.
Category: Data Breach
Content: The group claims to have breached data from SaveCom International Inc.
Date: 2026-01-27T10:18:08Z
Network: telegram
Published URL: https://t.me/c/2875163062/518
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d86db043-a9bf-49d7-8d00-c3e6e1870140.png
Threat Actors: RipperSec
Victim Country: Taiwan
Victim Industry: Network & Telecommunications
Victim Organization: savecom international inc.
Victim Site: savecom.net.tw
Alleged data breach of Sahabe
Category: Data Breach
Content: A threat actor claims to have leaked data belonging to Sahabet, a Turkish online casino platform. The compromised data reportedly contains 100,000 user records, including first names, last names, and email addresses.
Date: 2026-01-27T10:03:53Z
Network: openweb
Published URL: https://breachforums.bf/Thread-Sahabet-Turkish-Casino-100K
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e6317135-5fd4-4aa2-a311-ea666d4531ee.png
Threat Actors: Brazzers
Victim Country: Turkey
Victim Industry: Gambling & Casinos
Victim Organization: sahabet
Victim Site: sahabet.com
The Trevino Group, Inc. falls victim to INC RANSOM Ransomware
Category: Ransomware
Content: The group claims to have obtained the organization’s data. The compromised data reportedly includes confidential documents, client data, non-disclosure agreements, financial data, operational and corporate data, business agreements, drawings, and other highly sensitive information.
Date: 2026-01-27T09:03:57Z
Network: tor
Published URL: http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/697874008f1d14b743c7545f
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/14ec5756-5c0b-4cf6-b55a-aacc58dbb507.png
Threat Actors: INC RANSOM
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: the trevino group, inc.
Victim Site: trevinogroup.com
Alleged data leak of Marhaba Al-Harmain
Category: Data Breach
Content: The group claims to have leaked the organisations data.
Date: 2026-01-27T08:36:11Z
Network: telegram
Published URL: https://t.me/crewcyber/602
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/30d05e7a-6ec1-487b-8d31-02de17181417.JPG
Threat Actors: 404 CREW CYBER TEAM
Victim Country: Pakistan
Victim Industry: Leisure & Travel
Victim Organization: marhaba al-harmain
Victim Site: malharmain.com
Alleged data breach of Government of Mexico
Category: Data Breach
Content: A threat actor claims to have leaked data belonging to the Government of Mexico. The compromised data reportedly includes sensitive information related to hospitals and students from the regions of Oaxaca, Chihuahua, and Campeche.
Date: 2026-01-27T07:42:14Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-DATA-LEAK-OF-GOB-MEXICO
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3590c5b5-2972-41c3-8ecd-04db6ba9e70e.png
Threat Actors: Alz_157s
Victim Country: Mexico
Victim Industry: Government & Public Sector
Victim Organization: government of mexico
Victim Site: Unknown
Alleged Data Leak of Argentine Social Welfare Beneficiaries Database
Category: Data Breach
Content: The threat actor claims to have leaked Argentine social welfare affiliates database, the dataset contains over 20 million records and includes personally identifiable and demographic information.
Date: 2026-01-27T06:59:54Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-DB-OBRASOCIALES-ARG-20M-endiablados
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/54797e7a-b738-4e3a-a317-aee3023e4739.png
Threat Actors: endiablados
Victim Country: Argentina
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of CEO and Business Contact Data From Usa
Category: Data Breach
Content: The threat actor claims to be leaked CEO and Business Contact Data From Usa. The Compromised Data Reportedly contain 1 million records including Email Address, Company name, Street address, Business email address, Phone number, Fax number
Date: 2026-01-27T06:49:45Z
Network: openweb
Published URL: https://darkforums.io/Thread-DATABASE-USA-1M-CEO-BUISNESS-Database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3f0d2b42-83f6-49a3-833e-48978f26c224.png
Threat Actors: Thesnake02
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of unidentified personal data
Category: Data Breach
Content: The threat actor claims to have leaked 127K personal data from unidentified individuals
Date: 2026-01-27T06:40:38Z
Network: openweb
Published URL: https://darkforums.io/Thread-Document-127K-complete-personal-data
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/28ddfd02-c878-40c7-a789-99835fbef6f3.png
Threat Actors: Valectio
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Pharaohs Team Channel targets the website of malatyakombiservisi.com.tr
Category: Defacement
Content: The group claims to have defaced the website of malatyakombiservisi.com.tr
Date: 2026-01-27T06:37:33Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/679
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/281671d6-5b94-42c8-9239-b46c5618034c.png
Threat Actors: Pharaohs Team Channel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: malatyakombiservisi.com.tr
Alleged Sale of Shopify Store Customer Data from Multiple Countries
Category: Data Breach
Content: The threat actor claims to be selling customer data from shopify store from multiple Countries, The data includes customer contact and address information spanning several countries.
Date: 2026-01-27T06:26:06Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Shopify-shop-mix
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/edac4b45-aa97-464a-bc94-f6741749efd1.png
Threat Actors: Wadjet
Victim Country: Unknown
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Pharaohs Team Channel targets the website of MALATYA EMLAK
Category: Defacement
Content: The group claims to have defaced the website of MALATYA EMLAK
Date: 2026-01-27T06:22:04Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/679
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5138c24c-47e3-4133-b4c1-e8c59036a045.png
Threat Actors: Pharaohs Team Channel
Victim Country: Turkey
Victim Industry: Real Estate
Victim Organization: malatya emlak
Victim Site: malatyaemlak.com.tr
Alleged Data breach of Techni-Contact
Category: Data Breach
Content: The threat actor claims to be selling databases associated with Techni-Contact, the dataset includes customer account information and large contact datasets, with portions containing login credentials hashed using MD5
Date: 2026-01-27T06:08:50Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-techni-contact-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b05e53d8-6eeb-4607-aca9-5d323728ebb6.png
Threat Actors: Wadjet
Victim Country: France
Victim Industry: E-commerce & Online Stores
Victim Organization: techni-contact
Victim Site: techni-contact.com
Alleged Data Breach of delta User Database
Category: Data Breach
Content: The threat actor claims to have breached a user database associated with delta, the dataset contains 429,000 user records.
Date: 2026-01-27T05:55:30Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-delta-ru-01-2026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/92177566-ea81-4dbf-b658-b625fd7c2d9a.png
Threat Actors: Listofad
Victim Country: Russia
Victim Industry: Security & Investigations
Victim Organization: delta
Victim Site: delta.ru
Alleged Data breach of CHUNGNAM NATIONAL UNIVERSITY HOSPITAL
Category: Data Breach
Content: The threat actor claims to have encrypted systems and stolen data from Chungnam National University Hospital (South Korea), alleging possession of multiple encrypted datasets totaling dozens of terabytes. Shared links reference hospital-related data dumps, suggesting potential exposure of medical and internal systems data.
Date: 2026-01-27T05:50:59Z
Network: openweb
Published URL: https://ramp4u.io/threads/chungnam-national-university-hospital-https-www-cnuh-co-kr-intro-encrypted-data-stolen.3839/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8f084978-764e-44e9-999a-a37eb2598666.png
https://d34iuop8pidsy8.cloudfront.net/98141696-4703-4f3e-bc7a-3b76f8e34c15.png
Threat Actors: Moneyistime
Victim Country: South Korea
Victim Industry: Medical Practice
Victim Organization: chungnam national university hospital
Victim Site: cnuh.co.kr
OEC Medical Systems, Inc falls victim to NightSpire Ransomware
Category: Ransomware
Content: The group claims to have obtained 1 TB of the organizations data.
Date: 2026-01-27T05:45:19Z
Network: tor
Published URL: http://nspirebcv4sy3yydtaercuut34hwc4fsxqqv4b4ye4xmo6qp3vxhulqd.onion/database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/81ae4ec6-a2a1-4da1-a2b0-918474fb37c2.png
Threat Actors: NightSpire
Victim Country: USA
Victim Industry: Events Services
Victim Organization: oec medical systems, inc
Victim Site: oremeyeclinic.com
Pharaohs Team Channel targets the website of cilvila.com
Category: Defacement
Content: The group claims to have defaced the website of cilvila.com
Date: 2026-01-27T05:39:34Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/679
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/df5bf4ac-2e9c-4a76-aff0-973e3f82bfcb.png
Threat Actors: Pharaohs Team Channel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: cilvila
Victim Site: cilvila.com
Pharaohs Team Channel targets the website of Loria
Category: Defacement
Content: The group claims to have defaced the website of Loria
Date: 2026-01-27T05:32:33Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/679
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/540cdadf-3da1-453a-b0fd-7e8758ec4caa.png
https://d34iuop8pidsy8.cloudfront.net/fc0f9f59-3b03-4131-8d4b-b441520cca25.png
https://d34iuop8pidsy8.cloudfront.net/440d021b-c65a-4a23-b46f-5d8b00e0c246.png
Threat Actors: Pharaohs Team Channel
Victim Country: Turkey
Victim Industry: Gaming
Victim Organization: loria
Victim Site: loria.com.tr
Pharaohs Team Channel targets the website of Bodent
Category: Defacement
Content: The group claims to have defaced the website of Bodent
Date: 2026-01-27T05:27:46Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/679
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ce381bb7-b334-4e07-a045-8c284a642062.png
Threat Actors: Pharaohs Team Channel
Victim Country: Turkey
Victim Industry: Hospital & Health Care
Victim Organization: bodent
Victim Site: bodent.com.tr
Pharaohs Team Channel targets the website of zebifytech.com
Category: Defacement
Content: The group claims to have defaced the website of zebifytech.com
Date: 2026-01-27T05:22:32Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/679
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/70a6472d-211e-414c-bcbe-9090eb515fb6.png
https://d34iuop8pidsy8.cloudfront.net/5f6581b8-5533-4ac8-abf5-05b08c46e8b6.png
https://d34iuop8pidsy8.cloudfront.net/88f169d8-a774-45e6-b8db-83d318f779c7.png
Threat Actors: Pharaohs Team Channel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: zebifytech.com
Pharaohs Team Channel targets the website of Malatya Yedek Parça Depo
Category: Defacement
Content: The group claims to have defaced the website of Malatya Yedek Parça Depo
Date: 2026-01-27T05:17:54Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/679
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/97edd251-250c-4871-9560-63e0fe7ef2b2.png
Threat Actors: Pharaohs Team Channel
Victim Country: Turkey
Victim Industry: Automotive
Victim Organization: malatya yedek parça depo
Victim Site: depo.malatyayedekparca.com
Alleged Data Sale of Passage Bleu Customer Database
Category: Data Breach
Content: The threat actor claims to be selling a database associated with Passage Bleu, the dataset allegedly contains customer contact information, including email addresses and phone numbers, and is advertised for resale via escrow.
Date: 2026-01-27T05:12:33Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-passagebleu-com-FR
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7a223c13-59a2-4f2e-889c-fed3d8fdbd3f.png
Threat Actors: Wadjet
Victim Country: France
Victim Industry: Consumer Services
Victim Organization: passage bleu
Victim Site: passagebleu.com
Pharaohs Team Channel targets the website of BiletEkspres
Category: Defacement
Content: The group claims to have defaced the website of BiletEkspres
Date: 2026-01-27T05:05:45Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/679
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ca1e8dbb-6bb3-4fbd-88cc-86a879c64f9a.png
Threat Actors: Pharaohs Team Channel
Victim Country: Turkey
Victim Industry: E-commerce & Online Stores
Victim Organization: biletekspres
Victim Site: biletekspres.com
Alleged Data Sale of FootballTicketNet Customer & Order Database
Category: Data Breach
Content: The threat actor claims to be selling a database of FootballTicketNet, The dataset allegedly contains transactional, customer, and ticketing-related information.
Date: 2026-01-27T04:58:38Z
Network: openweb
Published URL: https://breachforums.bf/Thread-footballticketnet-com–185743
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/03ad971e-58bd-42cb-b55d-951884881ae9.png
Threat Actors: Wadjet
Victim Country: Unknown
Victim Industry: E-commerce & Online Stores
Victim Organization: footballticketnet
Victim Site: footballticketnet.com
Alleged Data Sale of Discogs
Category: Data Breach
Content: The threat actor claims to be selling a 2025 database dump associated with Discogs, containing approximately 1.14 million lines of data
Date: 2026-01-27T04:46:50Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-discogs-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d622e648-47ac-4b74-a622-0e3d2d3c76cd.png
https://d34iuop8pidsy8.cloudfront.net/f213f95f-9e2e-424c-a23c-64dc305e527f.png
Threat Actors: Wadjet
Victim Country: Unknown
Victim Industry: Music
Victim Organization: discogs
Victim Site: discogs.com
Alleged sale of unauthorized admin access to an unidentified organization in Italy
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified organization in Italy.
Date: 2026-01-27T04:45:00Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274606/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1665e7c7-4320-403b-be21-06b7ecee9747.png
Threat Actors: personX
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of US Magento Store
Category: Data Breach
Content: Threat actor claims to be selling access to a U.S.-based Magento store with over USD 1.06M in reported revenue, offered via auction starting at USD 50 with a USD 150 buy-now price.
Date: 2026-01-27T04:33:46Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274612/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/361e3fbb-2bb2-4de5-aabc-3cb9ff149188.png
Threat Actors: hubert
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Pharaohs Team Channel targets the website of ayselintursulari.com
Category: Defacement
Content: The group claims to have defaced the website of ayselintursulari.com.
Date: 2026-01-27T04:29:44Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/679
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a49234c7-3543-485b-8eca-cd59983415f2.png
https://d34iuop8pidsy8.cloudfront.net/5cd0b62c-1184-4c1c-8bc1-0ec641fba7de.png
https://d34iuop8pidsy8.cloudfront.net/b9a2f11b-4dc4-41b7-9741-203f6bde91b1.png
Threat Actors: Pharaohs Team Channel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized admin access to an unidentified organization in Argentina
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified organization in Argentina.
Date: 2026-01-27T04:24:24Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274605/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f0954ad4-d85c-43f5-b6cf-d9a50b33a73b.png
Threat Actors: personX
Victim Country: Argentina
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Pharaohs Team Channel targets the website of Etimesgut
Category: Defacement
Content: The group claims to have defaced the website of Etimesgut
Date: 2026-01-27T04:23:35Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/679
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d216523d-40db-4fdb-b5ad-dbaf88965b50.png
https://d34iuop8pidsy8.cloudfront.net/88d136ad-8995-4e6b-948e-ce36b85de8b2.png
https://d34iuop8pidsy8.cloudfront.net/010bab61-4d53-4907-bba1-7db1c074e482.png
Threat Actors: Pharaohs Team Channel
Victim Country: Turkey
Victim Industry: Newspapers & Journalism
Victim Organization: etimesgut
Victim Site: etimesgutuydu.com
Alleged Data Breach of HackDiscussion
Category: Data Breach
Content: The threat actor claims to have breached the data of HackDiscussion in December 2012, the dataset includes user account infoemations.
Date: 2026-01-27T04:12:13Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-HackDiscussion-hackdiscussion-com-2012-12-20-5-71K-Users
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8cc5238c-89dd-4ff9-80a2-122cb84ffaf5.png
Threat Actors: thelastwhitehat
Victim Country: Unknown
Victim Industry: Social Media & Online Social Networking
Victim Organization: hackdiscussion
Victim Site: hackdiscussion.com
Pharaohs Team Channel targets the website of Hazır Yazılım
Category: Defacement
Content: The group claims to have defaced the website of Hazır Yazılım
Date: 2026-01-27T04:10:41Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/679
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2be63093-c7aa-432a-bcbf-cae52f5e417c.png
https://d34iuop8pidsy8.cloudfront.net/1828e412-18ec-4a97-8ff0-9f1001e0ac7e.png
https://d34iuop8pidsy8.cloudfront.net/b02ed71e-647f-43e7-bada-acefa97d368b.png
Threat Actors: Pharaohs Team Channel
Victim Country: Turkey
Victim Industry: Information Technology (IT) Services
Victim Organization: hazır yazılım
Victim Site: dis.haziryazilim.tr
Alleged sale of 940K Germany Private leads
Category: Data Breach
Content: Threat actor claims to be selling a dataset of 940,000 private Germany-based leads allegedly collected from advertising campaigns. The data reportedly includes client name, phone and mobile numbers, personal email addresses, and country information. The seller states the dataset contains approximately 815,000 unique phone numbers and 837,000 unique email addresses and is offered for public sale at a price of USD 1,000.
Date: 2026-01-27T04:08:30Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274615/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/928f540b-385a-4b53-bd64-34d3b2af0ba5.png
Threat Actors: betway
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Pharaohs Team Channel targets the website of ZebifyTech
Category: Defacement
Content: The group claims to have defaced the website of ZebifyTech.
Date: 2026-01-27T04:06:14Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/679
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f9e8e2c2-e4b9-46d0-b06b-1f3ddfef1f18.png
https://d34iuop8pidsy8.cloudfront.net/c8e79a5c-5c36-4aab-b35c-cec070871b35.png
https://d34iuop8pidsy8.cloudfront.net/a0bb5747-4ddd-43d5-ad4b-743ae40b6643.png
Threat Actors: Pharaohs Team Channel
Victim Country: Turkey
Victim Industry: Software Development
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Admin access to unidentified store in New Zealand
Category: Initial Access
Content: Threat actor claims to be selling unauthorized CMS administrator access to a New Zealand–based online shop. The listing suggests the access has been used to deploy a payment redirection mechanism, potentially impacting customer transactions.
Date: 2026-01-27T03:54:01Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274614/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c97944a3-ae7d-4879-98e4-c34e3495e2ee.png
Threat Actors: markopollo
Victim Country: New Zealand
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of MAGENTO EGYPT
Category: Data Breach
Content: Threat actor claims to be selling data from an Egypt-based Magento e-commerce store.The alleged dataset includes store revenue statistics, order history, average order value, monthly sales data, and transaction metrics related to an online retailer selling musical instruments and audio equipment.NB: Authenticity of claim is yet to be verified
Date: 2026-01-27T03:33:05Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274611/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/17135858-f116-4fa7-8509-3f6a161bd74e.png
Threat Actors: hubert
Victim Country: Egypt
Victim Industry: E-commerce & Online Stores
Victim Organization: magento egypt
Victim Site: magentoegypt.com
Pharaohs Team Channel targets the website of malatyaemlak.com.tr
Category: Defacement
Content: The group claims to have defaced the website of malatyaemlak.com.tr
Date: 2026-01-27T03:30:05Z
Network: telegram
Published URL: https://t.me/Pharaohs_n/679
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a2848730-cb27-4493-8089-6997c15b9f3e.png
https://d34iuop8pidsy8.cloudfront.net/ccf34c9b-758c-48f1-ac56-dccfb2289d2c.png
https://d34iuop8pidsy8.cloudfront.net/9c773d71-a5a7-46eb-b716-2e7c415d2a7e.png
Threat Actors: Pharaohs Team Channel
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: malatyaemlak
Victim Site: admin.malatyaemlak.com.tr
BABAYO EROR SYSTEM targets the website of Provinsi Kalimantan Tengah
Category: Defacement
Content: The group claims to have defaced the website of Provinsi Kalimantan Tengah
Date: 2026-01-27T03:29:17Z
Network: telegram
Published URL: https://t.me/c/3664625363/46
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fb5f4ac8-4b06-4fd5-971b-2c82184e6f9f.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: provinsi kalimantan tengah
Victim Site: ppid.kalteng.go.id
Alleged Sale of Unauthorized RDP Access to unidentified Business organization in Spain
Category: Initial Access
Content: The threat actor claims to be selling unauthorized RDP and shell access to a Spain-based organization operating in the business services sector. The listing advertises Domain Administrator and SYSTEM-level privileges, access to multiple hosts, disabled endpoint protection, and large volumes of sensitive internal data, including backups and client information. Additional access to two internal NAS devices with full administrative control is also claimed.
Date: 2026-01-27T03:20:48Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274602/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/17ca408a-e12a-452a-bfe6-6a356a95956c.png
Threat Actors: Saturned33
Victim Country: Spain
Victim Industry: Business and Economic Development
Victim Organization: Unknown
Victim Site: Unknown
BABAYO EROR SYSTEM targets the website of Provinsi Jambi
Category: Defacement
Content: The group claims to have defaced the website of Provinsi Jambi
Date: 2026-01-27T03:20:19Z
Network: telegram
Published URL: https://t.me/c/3664625363/46
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/76b14699-2255-4b8a-9ede-0701c7a0ee22.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: provinsi jambi
Victim Site: ppid.jambiprov.go.id
BABAYO EROR SYSTEM targets the website of PPID Kemendagri
Category: Defacement
Content: The group claims to have defaced the website of PPID Kemendagri
Date: 2026-01-27T03:03:47Z
Network: telegram
Published URL: https://t.me/c/3664625363/46
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d9061477-1d85-4899-88f4-8692f647f4e2.png
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: ppid kemendagri
Victim Site: ppid.kemendagri.go.id
Alleged sale of admin access to unidentified store in USA
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified online store in USA.
Date: 2026-01-27T02:46:03Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274588/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/36aadcef-2052-493d-b25d-50c8efaf5e5c.png
Threat Actors: manofworld
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data breach of Panera Bread
Category: Data Breach
Content: The threat actor claims to have breached the database of Panera Bread, the datasets contain personally identifiable information (PII).
Date: 2026-01-27T02:37:43Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-Panera-Bread-Leaked-14-million-Records-Download-Link
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/55d8171e-e6db-4808-9a67-3445ec687a39.png
Threat Actors: ShinyHunters
Victim Country: USA
Victim Industry: Food Production
Victim Organization: panera bread
Victim Site: panerabread.com
Alleged data breach of Huachiew Chalermprakiet University
Category: Data Breach
Content: The group claims to have breached the data of Huachiew Chalermprakiet University
Date: 2026-01-27T02:30:29Z
Network: telegram
Published URL: https://t.me/EXA_DOS_KH/79
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fce739ed-4c89-412a-9aec-54317130034d.png
Threat Actors: EXADOS
Victim Country: Thailand
Victim Industry: Education
Victim Organization: huachiew chalermprakiet university
Victim Site: hcu.ac.th
Alleged data leak of eToro
Category: Data Breach
Content: Threat actor claims to be selling 87,000 lines of data from eToro. The compromised data reportedly includes name, email, country, ip, deposit amount, and deposit platform.
Date: 2026-01-27T02:19:08Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274572/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4f58b72a-dde8-4784-a514-bd500b7e8a87.png
Threat Actors: Hanto
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: etoro
Victim Site: etoro.com
Alleged Unauthorized Access to RedTigerSupport.org
Category: Initial Access
Content: The threat actor claims to have gained unauthorized administrative access to RedTigerSupport.org through a password brute-force attack targeting admin credentials.
Date: 2026-01-27T02:02:45Z
Network: openweb
Published URL: https://breachforums.bf/Thread-DATABASE-NO-LEAK-DUMP-www-redtigersupport-org-2026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cad9f9ab-296b-4785-80dc-e7d27b959d8a.png
Threat Actors: AnonymeTorNet
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: redtiger
Victim Site: redtigersupport.org
Alleged sale of VPN and RDP access to unidentified manufacturing organization
Category: Initial Access
Content: Threat actor claims to be selling unauthorized RDP and VPN access to unidentified manufacturing organization in USA and Canada.
Date: 2026-01-27T01:57:02Z
Network: openweb
Published URL: https://forum.exploit.in/topic/274555/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3dc4c552-3f55-40ae-afda-f8648f27ee3e.png
Threat Actors: MustF4st
Victim Country: USA
Victim Industry: Manufacturing
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of documents in multiple countries
Category: Data Breach
Content: The group claims to have leaked data from banks in Malaysia and China
Date: 2026-01-27T00:54:46Z
Network: telegram
Published URL: https://t.me/c/2730963017/834
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6b52eae1-20ed-4958-875a-9d97e1a9af62.png
Threat Actors: TEAM BD CYBER NINJA
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
EXADOS targets the website of Yala Vocational College
Category: Defacement
Content: The group claims to have defaced the website of Yala Vocational College
Date: 2026-01-27T00:40:50Z
Network: telegram
Published URL: https://t.me/EXA_DOS_KH/78
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ca69baa9-0151-4cbd-b383-aa05f648ca49.png
Threat Actors: EXADOS
Victim Country: Thailand
Victim Industry: Education
Victim Organization: yala vocational college
Victim Site: purchase.yvc.ac.th
Alleged data leak of Panera Bread
Category: Data Breach
Content: Threat actor claims to have leaked 760M containing Personally Identifiable Information (PII) from Edmunds.com, Inc.
Date: 2026-01-27T00:03:03Z
Network: tor
Published URL: http://toolatedhs5dtr2pv6h5kdraneak5gs3sxrecqhoufc5e45edior7mqd.onion/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cbe5e880-0ff5-4a03-9c46-0f31a03afef7.png
Threat Actors: ShinyHunters
Victim Country: USA
Victim Industry: Restaurants
Victim Organization: panera bread
Victim Site: panerabread.com