[June-02-2026] Daily Cybersecurity Threat Report

Executive Summary

This intelligence report aggregates over 200 distinct cyber incidents, highlighting a surge in high-volume data brokerage, targeted extortion, mass defacement campaigns, and critical infrastructure compromises. The threat landscape is currently dominated by specialized initial access brokers, hacktivist operators deploying destructive payloads, and automated vulnerability scanning leading to widespread website defacements.

1. Critical Infrastructure and Advanced Exploitation

Agricultural and Industrial Control Systems (ICS)

The DDoSia Project executed a cyber attack against Maatschap Piek & Zn, a major Dutch agricultural storage facility. The group gained total control over the climate systems, temperature sensors, and cameras across chambers housing hundreds of tons of produce. The actors explicitly stated this was retaliation against NATO and anti-Russian sentiment.
Yemen-affiliated hackers infiltrated the technical control systems of a Fresenius industrial manufacturing site located in Grand Chalons, France. The attackers successfully modified operational modes and voltage settings on the control panel, while also accessing system event logs and performance reports.
The threat group Shadow ClawZ 404 claimed unauthorized access to an undisclosed European power plant network, boasting about monitoring system operations and mocking the facility’s security posture.
A massive 10.7 TB data breach impacted the Turkish food and beverage company Goknur Gıda A.Ş.. Threat actor DreamFyre priced the data at 25 BTC. The exfiltration is severe, encompassing SCADA/PLC/RTU configurations, Active Directory dumps, production recipes, and total IT infrastructure blueprints.

ICS Tooling and Malware

The Infrastructure Destruction Squad is actively distributing TRK25 ADVANCED SCADA, a comprehensive attack tool targeting industrial control systems.
The TRK25 tool enables scanning and exploitation of SCADA/PLC/HMI systems via MODBUS and PROFINET protocols.
It also features six distinct DDoS attack vectors, OPC/DNP3 exploitation specifically targeting power grids, and password-free VNC/RDP capture capabilities.

2. Mega-Breaches (10 Million+ Records)

Telecommunications and Social Platforms

Tianya (China): Threat actor ChinaTomchent executed a blind SQL injection against the TiDB cluster of the Chinese online community Tianya during high-load relaunch conditions. Over 12 hours, the actor used a webshell to exfiltrate 127,851,826 user records containing accounts and passwords.
Charter Communications (US): A ShinyHunters affiliate leaked 42,222,564 customer records following a refused ransom demand. The breach occurred via a voice phishing attack that compromised a Microsoft Entra employee account, granting access to the company’s Salesforce instance.
Grindr (US): A database containing 15 million user records was offered for sale for $400 in cryptocurrency by threat actors leakingshi and nilojeda. Due to Grindr’s status as an LGBTQ+ platform, this constitutes a highly sensitive data exposure.
Free.fr (France): Threat actor Alpraz freely distributed a database of 12 million French telecommunications users, exposing full names and physical addresses.

Government, Healthcare, and Retail

Dossier Médical Partagé (France): Threat actor Lagui advertised an unprocessed scrape of 34 million French medical records. The dataset critically includes French national social security numbers (NIR) in 85% of records and IBAN/BIC banking details in up to 40% of the entries.
SENIAT (Venezuela): A 30 GB database dump containing 24 million records from the Venezuelan tax authority was distributed freely by malconguerra2. The 2025–2026 data covers legal entities, foreigners, and passport holders, exposing fiscal addresses and tax registration numbers.
CookUnity (US): Threat actor 2019 offered 17.6 million customer records from the US meal delivery service. The data includes highly specific delivery metrics, GPS coordinates, and driver/carrier information alongside customer PII.
Myntra (India): A resale of 17 million records dated April 2026 from the Indian fashion retailer was listed for $1,500 by ItsurJoker.

3. The “Rupert” Data Broker Ecosystem

A single highly prolific threat actor, identified as Rupert, flooded underground markets with highly structured corporate databases. The actor’s datasets consistently feature three interconnected sections (Contacts, Orders/Tickets, and Financials/Logs) and are typically priced between $900 and $1,400.

European Targets

Spain: MasMovil (742,000 records; telecom data including password hashes and tax IDs); GAME España (284,000 records; retail data with VIP loyalty points); Fundación Tripartita (642,000 records; education data including tax IDs and certification details).
Portugal: Continente (576,000 records; retail data including lifetime value and consent tracking); Radio Popular (437,000 records across two listings; order and shipping histories).
Italy: Wind Tre (563,000 records; telecom data including Wi-Fi credentials and fiscal codes); Fastweb (536,000 records; telecom data including VAT numbers and contract details); Gruppo Ferrovie Italiane (492,000 records; transportation CRM metadata).
Hungary: Vatera (492,000 records; e-commerce data including seller fraud flags); Mobilfox (312,000 records; automotive leads and financial deal values) ; ugyvedek.net (187,000 records; legal consultation requests and case data).
Netherlands: Vliegershop (875,000 records; retail order transactions) ; zorgverzekerenvergelijk.nl (417,000 records; health insurance quotes and risk scores); Hotels in Nederland (287,000 records; guest booking preferences).
Russia: Wildberries (732,000 records; retail wishlist data and marketing consent) ; forum.sevcable.ru (492,000 records; user access logs); Rosmolodezh (478,000 records; government conference participation).
Other Europe: Vlachakis Systems, Greece (284,000 records); Jelgavas Veseliba, Latvia (237,000 records; patient medical education and passport numbers).

Asia-Pacific Targets

Japan: National Personnel Authority (742,000 records; government payroll and tax data); Kumon (612,000 records; student enrollments) ; au KDDI (243,000 records; telecom service orders).
South Korea: Mirae-N (745,000 records; retail purchase history and MFA settings) ; i-mall (742,000 records; vendor bank accounts and SWIFT codes); 11ST (652,000 records; e-commerce settlement amounts).
Taiwan: PCstore (487,000 records; delivery tracking); PChome EC (437,000 records; payment methods); Undisclosed Organization (237,000 records).
Thailand: Kaidee (527,000 records; shop financials and tax IDs); Pramool (483,000 records; shop CRM and 2FA details); Baan Lae Suan (413,000 records; shop capital and compliance documents).
Other APAC: OLX Philippines (623,000 records); Byjus Exam Prep, India (592,000 records; student course fees); Fortis Healthcare, India (437,000 records; hospital ward assignments and billing codes); HKT Limited, Hong Kong (482,000 records); Securities and Exchange Commission of Pakistan (387,000 records; member interests and geolocations); Yellow Pages New Zealand (237,000 records; business annual revenue).

Middle East, Africa, and Americas

Middle East: Noon, Saudi Arabia (738,000 records; KYC identity card records); Takaful Insurance, Saudi Arabia (528,000 records; insurance applications); Nitaqat Portal, Saudi Arabia (437,000 records; labor compliance).
Africa: Telkom South Africa (742,000 records; national IDs); Wanderers Club South Africa (674,000 records; sports event booking history); Mytelnet Tunisia (478,000 records; household demographics and income brackets); Standard Lesotho Bank (472,000 records; KYC risk profiles and credit checks); Midas South Africa (463,000 records; VAT numbers); Keejob Tunisia (137,000 records; resumes and salary expectations).
Americas: Gian Bo Fuegos Artificiales, Venezuela (768,000 records; distributor contacts); CSI Telecom, Mexico (732,000 records; service orders); Ministry of Tourism, Venezuela (542,000 records); CONACYT, Mexico (384,000 records; researcher peer rankings and MFA configurations).

4. Geopolitics, Hacktivism, and Retaliatory Extortion

State and Military Data Leaks

China NSCC Exfiltration: Threat actor stormbyteoverrideX alleged the theft of over 10 petabytes of data from China’s National Supercomputing Center. The highly classified dataset purportedly includes military-aerospace simulations linked to AVIC and COMAC, satellite telemetry, supersonic design files, and gravitational wave research. Proof files and technical diagrams circulated via the Tor network.
US Law Enforcement: Threat actor Edric leaked a database dump from RemoteCom, a compliance monitoring system used by US law enforcement. The records contain client and probation officer emails (hosted on .gov domains) and compliance activity metrics.
Wagner Group Doxxing: The Shamshir Alis team leaked detailed personal and banking information of Denis Radu Ivanovich, an alleged Wagner Group member from Kursk Oblast, Russia, following unauthorized device access.

Extortion and Retaliation Campaigns

SnowSoul Extortion: A threat actor named SnowSoul initiated a low-dollar extortion campaign, demanding $1,000 USD from Chinese technology companies. Following ransom refusals, the actor leaked accounting system backups, income tax data, and receivables from Shenzhen Xinchelei Technology. The actor also leaked 500 million records from Sirun Hefei Technology and Sirun Tianlang Technology , and published the national ID numbers and marital status of executives from the Integrity Technology Group.
Indonesian Police Retaliation: Threat actor V0idix freely distributed 341,800 personnel records (names, ranks, units) of the Indonesian National Police. The actor explicitly stated the leak was retaliation for the Indonesian police allegedly arresting the wrong individual in connection with the actor’s operations.

Pro-Russian Hacktivism (#OpUkraine)

The group NoName057(16) executed destructive defacement attacks against Ukrainian web infrastructure under the banners of #OpUkraine and #TimeOfRetribution.
The attacks went beyond standard defacement; the actors erased content, destroyed e-commerce storefronts, and replaced product listings with political messaging and QR codes.
Victims included smartbox.hou.com.ua (smartwatch retailer) , bortek.ua (electrothermal manufacturer) , and photo-step.com.ua (travel agency).

5. High-Volume Website Defacement Campaigns

The period observed a massive spike in automated or highly targeted website defacements, driven primarily by two independent actors: DimasHxR and Claudexxx.

The DimasHxR Campaign DimasHxR executed a prolific, single-actor campaign targeting specific subdirectories—almost exclusively media/ or customer/ upload paths—indicating the automated exploitation of a specific web application vulnerability. The actor avoided mass home-page takeovers, favoring stealthy file-level compromise.

Redefacements (Persistent Access): The actor repeatedly compromised previously patched sites, indicating failure by victims to remediate the underlying vulnerability. Redefacements hit PhotoColor (Brazil), Linkaskura, La Perle de Marie Jo (France), Helly Hansen (Chile), Creative Classrooms (New Zealand), Macihome (EU), and WellnessMark Shop.
Global Targets: Annys (Australia) , Reunion (Thailand) , scar.it (Italy) , Superior Pads (US) , partnumber-710.ru (Russia) , Fakel Freedom (Russia) , Longavita Implantacia (Russia) , Yun Berlin (Germany) , MasterMoskva (Russia) , Krames4Heart (US) , Krames4Lungs (US) , Breakthrough Clean (US) , Lemarcare (Brazil) , and RB Auto Oprema (Serbia).

The Claudexxx Campaign In stark contrast to DimasHxR, the actor Claudexxx focused entirely on highly visible, full homepage defacements, largely concentrated on Indian domains and technology services.

Indian Targets: JobSuite , MyGST Filings , Cyber Crime Academy , IND Workspace , All India Judgements , Fixit Services.
Global/Corporate Targets: Selva Legal , Redback (multiple domains including .app, .org, .eu.com, .it.com) , Nutrishyam , GraphicXS , ExonCorp , eFoodKart , Gideon Genius , LSU-UCC (Ghana) , African Review , Git Project , WelfareGH (Ghana) , Eagle Coding , AGlobe Beverages , Wits BR (Brazil) , Nabiya Qapital.

Other Defacement Activity

Zod: Executed mass cloud infrastructure defacements targeting Brazilian domains ADMSS and Santos Simon.
azraelzer0d4y (b1ohaz4rd): Targeted Australian Pipe Band Supplies, Duro Sweden, GetMeABabysitter, and protectyourboundaries.ca.
Brotherhood Capung Indonesia (CiaoxD_): Defaced Trick Fast Digital and Village Milk.
TEASER SEC TEAM: Defaced Turkish site gioyv.org.tr.

6. Government, Military, and Law Enforcement Compromises

Beyond the NSCC and SENIAT mega-breaches, numerous government entities suffered severe data exposures:

Mexico: The national geostatistical institute (INEGI) suffered a leak of 122,173 business directory records and 30,363 birth records containing medical information and polygon geometries. Separately, over 10,000 records from the Nayarit Public Property Registry were leaked freely. Data from Declaraciones Tecoman (2,716 PDF declarations with net income data) was distributed by Black0ut_Exi.
Indonesia: A threat actor named whoare agitated for the destruction of the Indonesian government’s OSS (Online Single Submission) system. Another leak exposed lecturer registration numbers and civil servant IDs from the SISTER-PT KEMENDIKBUD system. Data comprising 2.5 million Medan City resident records was shared by mr-hanz-xploit. Finally, an additional leak of 1 million Indonesian National Police personnel records was listed by 053o.
Middle East: The Iraq National Intelligence Service (INIS) suffered a breach exposing the names, ration card numbers, employment details, and family members of Baghdad residents. The North Iraq Traffic Governorate had vehicle registration records and engine details compromised.
Philippines: Threat actor 0xLei sold 500GB of Philippine National Police (PNP) data, including badge numbers and station details, for $500.
China: The China National Copyright Administration saw 47,659 records leaked by the Anka Red Team.
Europe: A threat actor sold admin panel access, alongside an SQL vulnerability, to the French fishing license authority cartedepeche.fr. Email addresses and phone numbers belonging to Spanish public figures, including the President, were leaked by catwoman following an Instagram vulnerability exploit.

7. Commercial, Retail, and Healthcare Data Leaks

Telecommunications and IT Infrastructure

AT&T (US): Threat actors RED✘ and Edric sold a database containing over 500,000 US consumer records covering 2024-2025, exposing primary/secondary phone numbers and physical addresses.
Zain Iraq Telecom & Asiacell: Both Iraqi telecom providers suffered database leaks containing subscriber PII and subscription dates.
Salesfloor (Canada): A leak attributed to LAPSUS$-GROUP exposed 5.7 million records and the proprietary source code of the retail SaaS platform used by Macy’s and Saks.
RELEX Solutions (Finland): Threat actor hh29hc9 sold the full proprietary source code of the supply chain platform for 500 XMR, noting the company’s $5 billion valuation.

Retail and E-commerce

SeLoger (France): Scattered Lapsu$ Hunter breached the French real estate platform, exposing 4.5 million records containing plaintext passwords and agency affiliations.
Mrsool (Saudi Arabia): A delivery platform database of 421,000 records, including payment preferences, was sold by Moelester.
Globiro (UAE): Infrastructure Destruction Squad sold full administrative dashboard access and the complete customer database of the Farmex Freshia Trading e-commerce system for $100.

Healthcare

Fortis Healthcare (India): (See Rupert broker section).
Jelgavas Veseliba (Latvia): (See Rupert broker section).
Zorgverzekeren Vergelijk (Netherlands): (See Rupert broker section).

8. Malware, Vulnerabilities, and Initial Access Markets

Zero-Days and Vulnerability Exploitation

Palo Alto GlobalProtect (CVE-2026-0257): Active exploitation of a critical vulnerability allowing attackers to bypass credentials by forging authentication cookies. Researchers confirm threat actors have achieved full internal network access.
Linux Kernel CIFSwitch: A new local privilege escalation bug in the CIFS protocol authentication allows attackers to gain root control, heavily impacting kernel versions 6.14 and newer alongside cifs-utils.
WP Maps Pro: Active exploitation of versions 6.1.0 and earlier allows unauthenticated attackers to create administrator accounts via a flawed temporary support feature.
Cloudflare Bypass: A browser-based Turnstile challenge bypass tool was distributed openly on darknet forums.

Initial Access Brokers (IAB) and Malware Distribution

NASA Infrastructure: A threat actor demanded $10,000 in Monero for persistent www-data level remote code execution via a web shell hosted on a physical NASA data center server. The access allegedly bypasses firewalls to reach internal CIDR ranges.
Kodex Portal Access: An account providing access to the Kodex platform was sold for $4,000, enabling the buyer to submit fraudulent EDR (Endpoint Detection and Response) data requests to over 320 corporations, including Coinbase and Discord.
Ransomware Targeting: Threat actor Simpson2 listed a $10,000 initial access pack targeting 10 unnamed companies with annual revenues between $10 million and $10 billion specifically for ransomware deployment.
RDP and Mail Access Rentals: Threat actors DataxLogs and PORTAL mass-marketed RDP server access on AWS, Azure, and DigitalOcean for $200. They concurrently sold compromised inbox credentials for major platforms across ten countries.
Malware Tools: * ClickFix Steganography: A campaign using fake Windows Update screens delivered LummaC2 and Rhadamanthys infostealers by hiding payloads within PNG image pixel data.
- Nornikovik: A fileless browser malware sold on forums, capable of running in memory, evading VMs, and extracting cookies across all major browsers before deleting itself.
- Ultima Multi-Chain Wallet Checker: An automated tool designed to bulk-check cryptocurrency wallets across 70 blockchains using stolen seed phrases and private keys, featuring real-time USD conversion and automated sweeping.
- RED C2 4.0: A cross-platform (Windows/macOS/Linux) remote access trojan with advanced crypting, mass database extraction, and credential stealing capabilities.
- RedLine Stealer v20.2: A cracked version of the premium infostealer was distributed freely, complete with Telegram bot exfiltration modules.

Financial Fraud and Forgery

Carding Operations: Threat actors Boss Shop, CC-GuRu, and Clara12 dominated the financial fraud space. Offerings included non-VBV (Verified by Visa) credit cards compatible with Apple Pay and Google Pay , and high-balance BINs guaranteed to clear transactions over $500.
Aged Bank Accounts: Actor Fsport sold self-made, aged, and verified US bank accounts from Chase, Bank of America, and Capital One with integrated cashout services linking ACH/Wire/Zelle directly to cryptocurrency.
Document Forgery: Actor Benjamin provided forged government identification, including US driver’s licenses with SSNs for $5 each, as well as ID cards and passports for over 25 countries.
Counterfeit Currency: Boss Shop managed Telegram channels recruiting distributors for premium counterfeit banknotes and fake currency.

Detected Incidents Draft Data – 2026-06-02 (run date)

Alleged data breach of Chinas National Supercomputing Center (NSCC) with classified military and aerospace research
Category: Data Leak
Content: A threat actor claims to have exfiltrated over 10 petabytes of data from Chinas National Supercomputing Center in Tianjin and linked high-performance computing clusters associated with AVIC, COMAC, and national space programs. The alleged dataset purportedly includes classified military-aerospace simulation data, satellite telemetry, stealth and supersonic design files, and gravitational wave research. Proof files including directory listings and technical diagrams are claimed to be circulating
Date: 2026-06-02T04:43:07Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-CHINA-NSCC-SUPERCOMPUTING-BREACH-%E2%80%93-10-PETABYTES-OF-CLASSIFIED-MILITARY-LEAK–190264
Screenshots:
3 screenshot(s) available
Threat Actors: stormbyteoverrideX
Victim Country: China
Victim Industry: Government
Victim Organization: National Supercomputing Center (NSCC)
Victim Site: Unknown
Alleged data breach of Myntra (India) with 17 million records for sale
Category: Data Breach
Content: A threat actor is selling an alleged database from Myntra, a leading Indian fashion e-commerce platform, claiming 17 million records dated April 2026. The listing is priced at $1,500 and noted as a resale. No further details on specific data fields were provided in the post.
Date: 2026-06-02T04:22:10Z
Network: openweb
Published URL: https://breached.su/threads/selling-indian-myntra-fashion-database.87807/unread
Screenshots:
1 screenshot(s) available
Threat Actors: ItsurJoker
Victim Country: India
Victim Industry: Retail
Victim Organization: Myntra
Victim Site: myntra.com
Sale of stolen credit cards and CVVs on forum
Category: Carding
Content: A threat actor is offering stolen credit cards and CVVs for sale at $20–$30 per card, claiming 99.9% validity and high balances with full cardholder information. The seller advertises use cases including online shopping, carding, cashout, and bookings. Free replacement is offered if cards have low balance or fail to work.
Date: 2026-06-02T04:04:21Z
Network: openweb
Published URL: https://nulledbb.com/thread-All-your-best-card-for-your-online-purchase-and-payment-here
Screenshots:
1 screenshot(s) available
Threat Actors: Bank boi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Grindr with 15 million user records for sale
Category: Data Breach
Content: A threat actor is selling what they claim to be the complete Grindr user database, containing over 15 million records of personal registration data. The post advertises a sample and lists a price of $400 payable in cryptocurrency. Grindr is an LGBTQ+ dating platform, making potential exposure of user data particularly sensitive.
Date: 2026-06-02T03:40:54Z
Network: openweb
Published URL: https://breached.su/threads/grindr-full-database-15m.87806/unread
Screenshots:
1 screenshot(s) available
Threat Actors: leakingshi
Victim Country: United States
Victim Industry: Technology
Victim Organization: Grindr
Victim Site: grindr.com
Website Defacement of Annys.com.au by DimasHxR
Category: Defacement
Content: On June 2, 2026, the Australian website annys.com.au was defaced by a threat actor operating under the alias DimasHxR. The attacker targeted a media/customer directory path on the server. The defacement was an isolated, individual attack with no team affiliation, mass defacement activity, or stated motivation recorded.
Date: 2026-06-02T03:29:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930708
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Annys
Victim Site: annys.com.au
Website Defacement of Chowaniec Design by DimasHxR
Category: Defacement
Content: On June 2, 2026, the attacker known as DimasHxR defaced a media subdirectory of chowaniec.design, a design-oriented website. The attack was a targeted, single-site defacement with no team affiliation reported. Server and infrastructure details were not disclosed in the available data.
Date: 2026-06-02T03:26:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930715
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Design / Creative Services
Victim Organization: Chowaniec Design
Victim Site: chowaniec.design
Website Defacement of Reunion (Thailand) by DimasHxR
Category: Defacement
Content: On June 2, 2026, a threat actor operating under the handle DimasHxR defaced a subdirectory of the Thai website www.reunion.co.th. The attack targeted a specific path within the sites public media directory and was carried out as a single, non-mass defacement with no attributed team affiliation. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-06-02T03:20:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930683
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Thailand
Victim Industry: Unknown
Victim Organization: Reunion
Victim Site: www.reunion.co.th
Website Defacement of Noyah by DimasHxR
Category: Defacement
Content: On June 2, 2026, a threat actor known as DimasHxR defaced a page on www.noyah.com, targeting a media/customer directory path. The attack was an individual, non-mass defacement with no stated motive or team affiliation. The incident was archived and documented via zone-xsec.com.
Date: 2026-06-02T03:20:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930678
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / E-Commerce
Victim Organization: Noyah
Victim Site: www.noyah.com
Alleged data breach of Grindr with 15 million user records for sale
Category: Data Breach
Content: A threat actor is offering for sale an alleged complete Grindr user database containing over 15 million records of personal registration data. The seller is asking $400 in cryptocurrency and references a sample as proof. The nature of the platform makes this a high-sensitivity exposure potentially affecting LGBTQ+ individuals globally.
Date: 2026-06-02T03:19:56Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-GRINDR-DATABASE-15M
Screenshots:
1 screenshot(s) available
Threat Actors: nilojeda
Victim Country: United States
Victim Industry: Technology
Victim Organization: Grindr
Victim Site: grindr.com
Website Redefacement of PhotoColor Brazil by DimasHxR
Category: Defacement
Content: On June 2, 2026, the attacker known as DimasHxR conducted a redefacement of the Brazilian photography and media services website PhotoColor (photocolor.com.br). This incident marks a repeated compromise of the target, indicating persistent access or recurring vulnerability exploitation. The attacker operated independently without an affiliated team, targeting a subdirectory path within the site rather than the homepage.
Date: 2026-06-02T03:18:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930681
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Photography / Media Services
Victim Organization: PhotoColor
Victim Site: www.photocolor.com.br
Website Redefacement of Linkaskura by Threat Actor DimasHxR
Category: Defacement
Content: Threat actor DimasHxR conducted a redefacement attack against the website linkaskura.com, targeting a subdirectory within the sites public media folder. This incident marks a repeated compromise of the same target, suggesting persistent access or recurring vulnerabilities. No team affiliation, specific motive, or server details were disclosed.
Date: 2026-06-02T03:18:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930670
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-commerce / Retail
Victim Organization: Linkaskura
Victim Site: www.linkaskura.com
Website Defacement of scar.it by DimasHxR
Category: Defacement
Content: On June 2, 2026, the attacker known as DimasHxR defaced a subpath of the Italian website scar.it, targeting the media/customer directory. The defacement was an individual, non-mass, non-home page attack with no stated motive or team affiliation. Technical details such as server software and IP address were not disclosed in the available intelligence.
Date: 2026-06-02T03:17:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930684
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: SCAR
Victim Site: www.scar.it
Alleged data leak of Declaraciones Tecoman
Category: Data Leak
Content: A threat actor known as Black0ut_Exi has freely distributed 2,716 PDF declarations allegedly belonging to Declaraciones Tecoman, a Mexican government entity. The leaked files reportedly contain personal data including general information, address, academic credentials, employment data, work experience, and net income.
Date: 2026-06-02T03:17:10Z
Network: openweb
Published URL: https://breached.su/threads/dataleak-of-declaraciones-tecoman.87805/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Black0ut_Exi
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Declaraciones Tecoman
Victim Site: Unknown
Website Redefacement of La Perle de Marie Jo by DimasHxR
Category: Defacement
Content: The website www.laperledemariejo.com was redefaced by threat actor DimasHxR on June 2, 2026, marking a repeated compromise of this target. The attacker operated independently without an affiliated team, and the defacement targeted a subdirectory of the site rather than the homepage. This incident represents a redefacement, indicating the victims site had been previously compromised and may not have been fully remediated.
Date: 2026-06-02T03:16:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930669
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: France
Victim Industry: Retail / E-Commerce
Victim Organization: La Perle de Marie Jo
Victim Site: www.laperledemariejo.com
Website Defacement of Superior Pads by DimasHxR
Category: Defacement
Content: On June 2, 2026, the attacker known as DimasHxR defaced a page on the website of Superior Pads, a US-based automotive parts retailer. The defacement targeted a media directory path and was not classified as a mass or home page defacement. No team affiliation, specific motive, or server details were disclosed.
Date: 2026-06-02T03:15:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930686
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Retail / Automotive Parts
Victim Organization: Superior Pads
Victim Site: www.superiorpads.us
Website Defacement of Superiridium by DimasHxR
Category: Defacement
Content: On June 2, 2026, a threat actor identified as DimasHxR defaced a subdirectory of www.superiridium.com, targeting a media or customer-related path on the website. The attack was a targeted single-site defacement with no team affiliation reported. Technical details regarding the server infrastructure and attack vector remain unknown.
Date: 2026-06-02T03:14:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930687
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Technology/Materials
Victim Organization: Superior Iridium
Victim Site: www.superiridium.com
Website Redefacement of Helly Hansen Chile by DimasHxR
Category: Defacement
Content: The attacker known as DimasHxR conducted a redefacement of the Helly Hansen Chile website, targeting a media directory path on the domain. This incident marks a repeated compromise of the same target, suggesting persistent access or recurring vulnerability exploitation. No specific motive or team affiliation was disclosed.
Date: 2026-06-02T03:14:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930668
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Chile
Victim Industry: Retail / Sporting Goods
Victim Organization: Helly Hansen Chile
Victim Site: www.hellyhansenchile.cl
Website Redefacement of Creative Classrooms by DimasHxR
Category: Defacement
Content: The website creativeclassrooms.co.nz, a New Zealand-based educational platform, was defaced by the threat actor DimasHxR on June 2, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised by the same or another attacker. The attacker operated independently without affiliation to a known group, and no specific motive or proof of concept was disclosed.
Date: 2026-06-02T03:13:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930662
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: New Zealand
Victim Industry: Education
Victim Organization: Creative Classrooms
Victim Site: www.creativeclassrooms.co.nz
Website Defacement of partnumber-710.ru by DimasHxR
Category: Defacement
Content: On June 2, 2026, the Russian website partnumber-710.ru was defaced by the threat actor DimasHxR. The attack targeted a subdirectory of the site and was carried out as a single, non-mass defacement. No team affiliation, specific motivation, or technical details regarding the server infrastructure were disclosed.
Date: 2026-06-02T03:12:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930680
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Automotive Parts / E-commerce
Victim Organization: Partnumber-710
Victim Site: www.partnumber-710.ru
Website Defacement of Zigtop by DimasHxR
Category: Defacement
Content: On June 2, 2026, the website zigtop.com was defaced by a threat actor operating under the alias DimasHxR, acting independently without a known team affiliation. The attack targeted a subdirectory of the site rather than the homepage and was not part of a mass defacement campaign. Technical details regarding the server environment and attacker motivation remain unknown.
Date: 2026-06-02T03:11:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930694
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Zigtop
Victim Site: zigtop.com
Website Defacement of Wonderland Shop by DimasHxR
Category: Defacement
Content: On June 2, 2026, threat actor DimasHxR defaced a media/customer-facing page on the e-commerce website wonderland.shop. The attack was a targeted single-page defacement, not classified as a mass or home page defacement. No team affiliation, specific motive, or technical details regarding the server environment were disclosed.
Date: 2026-06-02T03:11:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930691
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: E-Commerce / Retail
Victim Organization: Wonderland Shop
Victim Site: www.wonderland.shop
Website Redefacement of macihome.eu by Threat Actor DimasHxR
Category: Defacement
Content: Threat actor DimasHxR conducted a redefacement attack against macihome.eu, indicating a prior defacement of the same target had occurred. The attacker operated without affiliation to a known group or team. The incident was not categorized as a mass defacement, suggesting a targeted attack against this specific organization.
Date: 2026-06-02T03:10:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930673
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: European Union
Victim Industry: Real Estate / Home Services
Victim Organization: Macihome
Victim Site: www.macihome.eu
Website Defacement of fakelfreedom.ru by DimasHxR
Category: Defacement
Content: On June 2, 2026, threat actor DimasHxR defaced a page on www.fakelfreedom.ru, a Russian-hosted website. The attack targeted a media or customer-related subdirectory path and was a single, targeted defacement rather than a mass or home page defacement. No affiliation with a known hacking team was reported, and technical server details were not disclosed.
Date: 2026-06-02T03:09:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930666
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Fakel Freedom
Victim Site: www.fakelfreedom.ru
Website Defacement of Longavita Implantacia by DimasHxR
Category: Defacement
Content: On June 2, 2026, a threat actor identified as DimasHxR defaced a subpage of longavitaimplantacia.ru, a Russian dental implant or healthcare-related website. The attack was a targeted single-page defacement rather than a mass or home page compromise. No team affiliation, specific motive, or technical details regarding the server environment were disclosed.
Date: 2026-06-02T03:08:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930671
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Healthcare / Dental Implants
Victim Organization: Longavita Implantacia
Victim Site: www.longavitaimplantacia.ru
Website Defacement of WellnessMark Shop by DimasHxR
Category: Defacement
Content: The website wellnessmarkshop.com was defaced by threat actor DimasHxR on June 2, 2026. This incident is recorded as a redefacement, indicating the attacker had previously compromised the same target. The defacement was not classified as a mass or home page defacement, suggesting it targeted a specific subdirectory or page within the site.
Date: 2026-06-02T03:08:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930690
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / Health and Wellness
Victim Organization: WellnessMark Shop
Victim Site: www.wellnessmarkshop.com
Website Defacement of yun-berlin.com by DimasHxR
Category: Defacement
Content: On June 2, 2026, the website yun-berlin.com was defaced by a threat actor operating under the handle DimasHxR, acting without a known affiliated group. The attacker targeted a media/customer-facing directory path, suggesting exploitation of a publicly accessible web file structure. No motive or technical details were disclosed for this isolated, non-mass defacement incident.
Date: 2026-06-02T03:07:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930693
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Yun Berlin
Victim Site: yun-berlin.com
Website Defacement of MasterMoskva by DimasHxR
Category: Defacement
Content: On June 2, 2026, threat actor DimasHxR defaced a page on the Russian website mastermoskva.ru, targeting a media or customer-related directory path. The attacker operated independently without affiliation to a known team. No specific motive, exploit method, or server details were disclosed in connection with this incident.
Date: 2026-06-02T03:06:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930674
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: MasterMoskva
Victim Site: www.mastermoskva.ru
Website Defacement of Krames4Heart by DimasHxR
Category: Defacement
Content: On June 2, 2026, threat actor DimasHxR defaced a page on krames4heart.com, a health-focused web platform. The attack targeted a specific subdirectory path rather than the homepage, indicating a targeted file-level compromise. No team affiliation, stated motive, or technical server details were disclosed in connection with this incident.
Date: 2026-06-02T03:00:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930625
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Healthcare
Victim Organization: Krames4Heart
Victim Site: krames4heart.com
Website Defacement of Avinusa by DimasHxR
Category: Defacement
Content: The website avinusa.com was defaced by a threat actor identified as DimasHxR on June 2, 2026. The attack targeted a subdirectory of the site rather than the homepage, indicating a partial or targeted defacement. No team affiliation, motive, or technical details regarding the server environment were disclosed.
Date: 2026-06-02T02:59:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930614
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Avinusa
Victim Site: avinusa.com
Website Defacement of Breakthrough Clean by DimasHxR
Category: Defacement
Content: On June 2, 2026, the website breakthroughclean.com was defaced by the threat actor DimasHxR acting independently without affiliation to a known group. The attack targeted a subdirectory of the domain and was a single, targeted defacement rather than a mass or home page compromise. No specific motive or server details were disclosed.
Date: 2026-06-02T02:57:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930617
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Consumer Goods / Cleaning Products
Victim Organization: Breakthrough Clean
Victim Site: breakthroughclean.com
Website Defacement of Ruba Fashion Store by DimasHxR
Category: Defacement
Content: On June 2, 2026, the attacker known as DimasHxR defaced the website rubafashion.store, an online fashion retail store. The incident was a targeted, single-site defacement with no affiliation to a known hacking team. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-06-02T02:57:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930638
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Retail / Fashion E-commerce
Victim Organization: Ruba Fashion
Victim Site: rubafashion.store
Website Defacement of FFS Facilitator by DimasHxR
Category: Defacement
Content: On June 2, 2026, the website ffsfacilitator.com was defaced by a threat actor operating under the alias DimasHxR, acting independently without a known group affiliation. The attack targeted a specific subdirectory path within the sites public media folder, suggesting exploitation of a web application vulnerability. No specific motivation or technical details were disclosed for this incident.
Date: 2026-06-02T02:56:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930621
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Professional Services
Victim Organization: FFS Facilitator
Victim Site: ffsfacilitator.com
Website Defacement of Lemarcare by DimasHxR
Category: Defacement
Content: On June 2, 2026, the Brazilian website lemarcare.com.br was defaced by the threat actor DimasHxR operating without a team affiliation. The attacker targeted a subdirectory of the site rather than the homepage, indicating a targeted page-level defacement. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-06-02T02:55:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930627
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Lemarcare
Victim Site: lemarcare.com.br
Alleged Data Breach of US Law Enforcement RemoteCom Compliance Monitoring Database
Category: Data Breach
Content: A threat actor is offering what is claimed to be a structured database dump from RemoteCom, a compliance monitoring and communication tracking system used by US law enforcement agencies. The dataset allegedly includes account holder personal information, device/software details, client and probation officer email addresses, and compliance activity metrics. The sample records contain fields referencing officer emails hosted on .gov domains, suggesting the affected system services law enforcement
Date: 2026-06-02T02:55:09Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78572
Screenshots:
2 screenshot(s) available
Threat Actors: Edric
Victim Country: United States
Victim Industry: Government
Victim Organization: RemoteCom
Victim Site: Unknown
Website Defacement of Krames4Lungs by DimasHxR
Category: Defacement
Content: On June 2, 2026, the website krames4lungs.com was defaced by the threat actor DimasHxR acting independently without a team affiliation. The attack targeted a subdirectory of the site rather than the homepage, suggesting exploitation of a vulnerable file path within the web application. The incident was recorded and mirrored by zone-xsec.com, a known defacement tracking platform.
Date: 2026-06-02T02:54:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930626
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: United States
Victim Industry: Healthcare
Victim Organization: Krames4Lungs
Victim Site: krames4lungs.com
Sale of Outlook Business Contact Database with 250,000+ Records
Category: Data Breach
Content: A threat actor is offering a dataset of 250,000+ Outlook business contact records for sale, advertised as a B2B directory covering multiple countries. The dataset includes company names, industry, business websites, company size, location, department, job function, and business contact information in Excel, CSV, or JSON format. Sample email addresses are provided as proof.
Date: 2026-06-02T02:54:31Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78629
Screenshots:
1 screenshot(s) available
Threat Actors: Edric
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: outlook.com
Website Defacement of RB Auto Oprema by DimasHxR
Category: Defacement
Content: On June 2, 2026, threat actor DimasHxR defaced a media/customer directory page on rbautooprema.rs, a Serbian automotive parts or accessories website. The defacement was a targeted, non-mass incident and did not affect the homepage. No specific motive or team affiliation was identified for this attack.
Date: 2026-06-02T02:53:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930637
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Serbia
Victim Industry: Automotive
Victim Organization: RB Auto Oprema
Victim Site: rbautooprema.rs
Website Defacement of awds.io by DimasHxR
Category: Defacement
Content: On June 2, 2026, a threat actor identified as DimasHxR defaced a subpath of awds.io, targeting the media/customer_address directory. The incident was a targeted single-site defacement with no team affiliation reported. Technical details regarding the server environment and attack vector remain unknown.
Date: 2026-06-02T02:52:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930615
Screenshots:
1 screenshot(s) available
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: AWDS
Victim Site: awds.io
Alleged data leak of KPK database
Category: Data Leak
Content: A threat actor shared what is claimed to be a free database associated with KPK. The post expresses frustration that purportedly public data has been made accessible without authorization. No further details on record count or data fields are provided.
Date: 2026-06-02T02:28:49Z
Network: openweb
Published URL: https://breached.su/threads/besplatnaa-baza-dannyh-baza-dannyh-kpk.87803/unread
Screenshots:
3 screenshot(s) available
Threat Actors: Mrsawit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: KPK
Victim Site: Unknown
Alleged data leak of Nayarit Public Property Registry user records
Category: Data Leak
Content: A threat actor associated with Olympus_Group has freely distributed a dataset allegedly containing over 10,000 user records from the Nayarit Public Property Registry (RPP Nayarit) in Mexico. The leaked data reportedly includes full names, personal information, and property records, with up to four property owners per entry. The data was made available at no cost via a cybercrime forum.
Date: 2026-06-02T02:28:16Z
Network: openweb
Published URL: https://breached.su/threads/mx-mexico-10-000-users-of-the-nayarit-public-property-registry.87804/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Hermes_Olymp
Victim Country: Mexico
Victim Industry: Government
Victim Organization: RPP Nayarit (Public Property Registry of Nayarit)
Victim Site: Unknown
Alleged Data Leak of Facebook 2019 Database
Category: Data Leak
Content: A threat actor on a darknet forum is claiming to share the Facebook 2019 leaked database contingent on receiving more than 10 comments on the thread. The dataset is likely the well-known 2019 Facebook data scrape previously circulated in various underground communities. No records count or sample has been provided at this time.
Date: 2026-06-02T02:02:14Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-FACEBOOK-2019-LEAK
Screenshots:
1 screenshot(s) available
Threat Actors: 88819Q
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Facebook
Victim Site: facebook.com
Sale of alleged source code for RELEX Solutions F&R Platform
Category: Data Breach
Content: A threat actor is offering for sale what they claim to be the full proprietary source code of RELEX Solutions Plan platform, a supply chain and retail execution platform used by multiple companies worldwide. The seller is asking 500 XMR and notes the company is valued at approximately 5 billion USD. Proof is available upon request via private message.
Date: 2026-06-02T01:19:38Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SOURCE-CODE-RELEX-Solutions-F-R-Platform
Screenshots:
1 screenshot(s) available
Threat Actors: hh29hc9
Victim Country: Finland
Victim Industry: Technology
Victim Organization: RELEX Solutions
Victim Site: relexsolutions.com
Sale of aged self-made verified USA bank accounts across multiple financial institutions
Category: Carding
Content: A threat actor is offering for sale self-made, aged, and verified US bank accounts across dozens of financial institutions including Chase, Bank of America, Capital One, Coinbase, and others. Accounts are available on the sellers own fullz or the buyers provided fullz, with options including ACH, Wire, Zelle, VCC, and crypto capabilities. The seller also advertises cashout services for Wire, ACH, and Zelle transfers to cryptocurrency.
Date: 2026-06-02T01:18:35Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-Selling-Aged-Self-Made-Verified-USA-Bank-Accounts-on-my-or-your-fullz
Screenshots:
2 screenshot(s) available
Threat Actors: Fsport
Victim Country: United States
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Iberdrola
Category: Data Breach
Content: A threat actor is selling an alleged database dump attributed to Iberdrola, Spains largest energy group. The post claims the dataset contains records for over 7 million customers, with a file size of approximately 109.79 GB, and includes a sample. The breach is attributed to a group identified as RP.
Date: 2026-06-02T01:17:48Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-SPAIN-IBERDROLA-ELECTRICITY-DATABASE
Screenshots:
1 screenshot(s) available
Threat Actors: spain
Victim Country: Spain
Victim Industry: Energy
Victim Organization: Iberdrola
Victim Site: iberdrola.es
Sale of admin panel access to cartedepeche.fr, a French fishing license authority
Category: Initial Access
Content: A threat actor is selling administrative web panel access to cartedepeche.fr, a French organization that issues fishing licenses, with scope limited to department 67 but claimed to be expandable. The seller also indicates the presence of an SQL vulnerability on the platform, suggesting potential for broader data access.
Date: 2026-06-02T01:16:59Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-FR-cartedepeche-fr-admin-acces
Screenshots:
1 screenshot(s) available
Threat Actors: AplaGroup
Victim Country: France
Victim Industry: Government
Victim Organization: cartedepeche.fr
Victim Site: cartedepeche.fr
Alleged data breach of CA Indosuez Spain
Category: Data Breach
Content: A threat actor is offering for sale an alleged dataset of 200,000 records attributed to CA Indosuez Spain, a financial group. The data reportedly includes account holder PII such as full name, phone number, gender, email address, postal address, city, postal code, region, and date of birth. Sample records provided in the post appear to contain Spanish residential addresses and international email domains.
Date: 2026-06-02T01:16:02Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SPAIN-ca-indosuez-com-PII-200k-lines
Screenshots:
1 screenshot(s) available
Threat Actors: DogmaT3ch
Victim Country: Spain
Victim Industry: Finance
Victim Organization: CA Indosuez
Victim Site: ca-indosuez.com
Alleged data breach of Tianya (tianye.net) exposing 127 million user records
Category: Data Breach
Content: A threat actor claims to have conducted a SQL injection attack against Tianya (tianya.net), a Chinese online community platform, on June 1, 2026, exploiting high-load conditions during the sites relaunch. The actor alleges to have exfiltrated 127,851,826 rows of user data including accounts and passwords via blind injection against TiDB cluster infrastructure. The dump was reportedly staged through the victims own object storage and exfiltrated using a webshell over approximately twelve hours.
Date: 2026-06-02T00:10:07Z
Network: openweb
Published URL: https://tier1.life/thread/275
Screenshots:
2 screenshot(s) available
Threat Actors: ChinaTomchent
Victim Country: China
Victim Industry: Technology
Victim Organization: Tianya
Victim Site: tianya.net

Detected Incidents Draft Data – 2026-06-01 (day before)

Sale of stolen payment cards, bank logs, and cashout services
Category: Carding
Content: A threat actor is advertising stolen credit cards, bank logs, and cashout services including methods for converting bank logs and CCs to CashApp and cryptocurrency. The post promotes walkthroughs and direct inquiries via Telegram. No specific victim organization or record count is disclosed.
Date: 2026-06-01T23:13:54Z
Network: openweb
Published URL: https://spear.cx/Thread-Free-Linkable-Ccs-Bank-logs-Slips
Screenshots:
1 screenshot(s) available
Threat Actors: Dray
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Qi Financial Services customer database
Category: Data Leak
Content: A threat actor has shared what is claimed to be a database from Qi Financial Services, containing customer names, department of registration, dates, and mothers full names. The data is being made available via an external file-sharing link on a darknet forum. No record count was specified.
Date: 2026-06-01T23:11:58Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Qi-financial-services-database
Screenshots:
1 screenshot(s) available
Threat Actors: moxa
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Qi Financial Services
Victim Site: Unknown
Alleged data leak of Zain Iraq Telecom database
Category: Data Leak
Content: A threat actor shared an alleged database dump of Zain Iraq Telecom on a dark web forum. The post claims the dataset contains user names, phone numbers, and addresses. The data was made available via an external file-sharing link, with full access requiring forum points.
Date: 2026-06-01T23:11:10Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Zain-iraq-Telecom-database
Screenshots:
1 screenshot(s) available
Threat Actors: moxa
Victim Country: Iraq
Victim Industry: Telecommunications
Victim Organization: Zain Iraq Telecom
Victim Site: Unknown
Alleged sale of full access to hacked Globiro e-commerce system (Farmex Freshia Trading LLC)
Category: Initial Access
Content: Infrastructure Destruction Squad claims to have compromised Globiro, an electronic grocery management system operated by Farmex Freshia Trading LLC in the United Arab Emirates. The threat actor is offering full system access and complete customer database for $100 USD. The compromised system allegedly contains customer personal information (names, addresses, phone numbers, email addresses), order details, invoices, payment information, and admin dashboard access with full editing permissions. Th…
Date: 2026-06-01T23:04:10Z
Network: telegram
Published URL: https://t.me/c/2735908986/4615
Screenshots:
1 screenshot(s) available
Threat Actors: Infrastructure Destruction Squad
Victim Country: United Arab Emirates
Victim Industry: Grocery and Food Products / E-commerce
Victim Organization: Farmex Freshia Trading LLC
Victim Site: globiro.ae
Alleged sale of compromised mail access credentials across multiple countries
Category: Initial Access
Content: Threat actor offering compromised email account access (mail access) across multiple countries including France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, and Japan. Also offering configuration files, scripts, tools, and credential lists (combos). Second message references database access with inbox credentials for UK, Germany, Japan, Netherlands, Brazil, Poland, Spain, US, Italy and other countries, including specific platform accounts (eBay, Offerup, PSN, Booking, Uber,…
Date: 2026-06-01T22:55:53Z
Network: telegram
Published URL: https://t.me/c/2613583520/95320
Screenshots:
1 screenshot(s) available
Threat Actors: DataxLogs
Victim Country: Multiple (France, Belgium, Australia, Canada, United Kingdom, United States, Netherlands, Poland, Germany, Japan, Brazil, Spain, Italy)
Victim Industry: Multiple (email providers, e-commerce, payment services)
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Dossier Médical Partagé (DMP) — 34 million French medical records
Category: Data Breach
Content: A threat actor is offering for sale an alleged scrape of Frances Dossier Médical Partagé (DMP) system, claimed to contain over 34 million records collected two days prior to posting. Sample data includes full names, addresses, email addresses, phone numbers, dates of birth, NIR (French national social security numbers, present in ~85% of records), and IBAN/BIC banking details (present in ~30–40% of records). The actor claims the dataset is unprocessed and has not been previously circulated.
Date: 2026-06-01T22:48:29Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-FR-DMP-DATABASE-34M
Screenshots:
1 screenshot(s) available
Threat Actors: Lagui
Victim Country: France
Victim Industry: Healthcare
Victim Organization: Dossier Médical Partagé
Victim Site: dmp.fr
Alleged data leak of Free.fr exposing 12 million user records
Category: Data Leak
Content: A threat actor claims to be freely distributing a database allegedly belonging to Free.fr, a French telecommunications company. The dataset purportedly contains over 12 million user records including email addresses, physical addresses, first names, and last names. The content is gated behind registration or login on the forum.
Date: 2026-06-01T22:47:31Z
Network: openweb
Published URL: https://patched.to/Thread-free-fr-over-12m-users-email-adress-first-name-last-name-etc
Screenshots:
1 screenshot(s) available
Threat Actors: Alpraz
Victim Country: France
Victim Industry: Telecommunications
Victim Organization: Free
Victim Site: free.fr
Alleged data breach of Salesfloor – customer database and source code leaked by LAPSUS$
Category: Data Breach
Content: Canadian retail SaaS company Salesfloor was allegedly breached in January 2026 by LAPSUS$-GROUP. The breach exposed a customers database containing over 5.7 million unique email addresses, names, phone numbers, and physical addresses, along with source code. Salesfloor is a Montreal-based company specializing in clienteling and virtual selling for omnichannel retail, serving major brands including Saks, Bloomingdales, and Macys. Leaked data is being distributed via file sharing link.
Date: 2026-06-01T22:45:36Z
Network: telegram
Published URL: https://t.me/c/3500620464/9041
Screenshots:
1 screenshot(s) available
Threat Actors: LAPSUS$-GROUP
Victim Country: Canada
Victim Industry: SaaS/Retail Technology
Victim Organization: Salesfloor
Victim Site: salesfloor.net
Alleged data breach of Asiacell Telecommunications
Category: Data Breach
Content: A threat actor is selling an alleged database from Asiacell Telecommunications containing subscriber personal information including names, phone numbers, dates of birth, ID numbers, subscription dates, and state. The post includes a photo link as proof and requires forum points to access the data. Record count was not specified.
Date: 2026-06-01T22:43:45Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-ASIACELL-TELECOM-DATABASE
Screenshots:
1 screenshot(s) available
Threat Actors: moxa
Victim Country: Iraq
Victim Industry: Telecommunications
Victim Organization: Asiacell Telecommunications
Victim Site: asiacell.com
Alleged data leak of earthquake zone entitlement list containing personal citizenship information
Category: Data Leak
Content: A threat actor shared a Google Sheets link purportedly containing a partial earthquake zone entitlement list with personal citizenship information. The data appears to be government-related, potentially linked to disaster relief or housing entitlement programs. The post was made on a dark web forum known for data leaks.
Date: 2026-06-01T22:21:26Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-The-partial-earthquake-zone-entitlement-list-includes-personal-citizenship-informatio
Screenshots:
1 screenshot(s) available
Threat Actors: ferhatkk
Victim Country: Unknown
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Australian Centre for the Moving Image (ACMI)
Category: Data Breach
Content: A threat actor claims to have leaked a database belonging to ACMI, Australias national museum for film and digital culture. The alleged breach contains three datasets including customer account details (email, name, date of birth, gender), transaction/purchase records (invoice numbers, pricing, payment gateway tokens, promo codes), and refund records. Sample data includes names, email addresses, IP addresses, and transaction metadata for Australian customers.
Date: 2026-06-01T22:20:28Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-ACMI-Australia-25K-Customers
Screenshots:
1 screenshot(s) available
Threat Actors: 2019
Victim Country: Australia
Victim Industry: Arts and Culture
Victim Organization: Australian Centre for the Moving Image (ACMI)
Victim Site: acmi.net.au
Alleged data breach of MMJ Real Estate Australia
Category: Data Leak
Content: A threat actor has leaked a database allegedly belonging to MMJ Real Estate, an Australian property agency. The dataset contains over 17,300 customer records including names, addresses, mobile numbers, email addresses, business details, and form submission data. The data is made available via a hidden download link requiring forum interaction to access.
Date: 2026-06-01T22:19:44Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-MMJ-Real-Estate-Australia-17-3K-Customers
Screenshots:
1 screenshot(s) available
Threat Actors: 2019
Victim Country: Australia
Victim Industry: Real Estate
Victim Organization: MMJ Real Estate
Victim Site: mmj.com.au
Alleged data breach of CookUnity exposing 17.6 million customer records
Category: Data Breach
Content: A threat actor on a darknet forum is allegedly selling a database dump from CookUnity, a US-based meal delivery service, containing over 17.6 million customer records. The exposed data includes customer names, email addresses, full physical addresses, GPS coordinates, shipment and order details, and driver/carrier information. Sample records provided in the post appear consistent with real customer delivery data.
Date: 2026-06-01T22:19:00Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-CookUnity-USA-17-6M-Customers
Screenshots:
1 screenshot(s) available
Threat Actors: 2019
Victim Country: United States
Victim Industry: Food & Beverage
Victim Organization: CookUnity
Victim Site: cookunity.com
Alleged data breach of Mrsool (Saudi Arabia delivery platform)
Category: Data Breach
Content: A threat actor is selling an alleged database from mrsool.co, a Saudi Arabia-based delivery platform, containing 421,000 records. The dataset reportedly includes full names, email addresses, phone numbers, delivery addresses, payment preferences, and account metadata. The actor is accepting purchase inquiries via Telegram and Session.
Date: 2026-06-01T22:18:54Z
Network: openweb
Published URL: https://breached.su/threads/421k-saudi-arabia-https-www-mrsool-co-data.87800/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Moelester
Victim Country: Saudi Arabia
Victim Industry: Retail
Victim Organization: Mrsool
Victim Site: mrsool.co
Alleged leak of DeepSeek API key
Category: Data Leak
Content: A forum user is sharing what they claim to be a DeepSeek API key as hidden content gated behind thread replies. No further details about the keys origin or validity are provided.
Date: 2026-06-01T21:57:07Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-Deepseek-key
Screenshots:
1 screenshot(s) available
Threat Actors: Sleepy321
Victim Country: China
Victim Industry: Technology
Victim Organization: DeepSeek
Victim Site: deepseek.com
Alleged data leak of Iraq National Intelligence Service (INIS) database
Category: Data Leak
Content: A threat actor is distributing an alleged database from the Iraq National Intelligence Service (INIS) containing personal information on Baghdad residents, including full names, family members names, birth dates, ration card numbers, employment details, places of work, and full addresses. The data appears to be shared behind a points-based paywall on the forum. Sample images were provided via external file-sharing links.
Date: 2026-06-01T21:34:36Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-INIS-DATABASE
Screenshots:
1 screenshot(s) available
Threat Actors: moxa
Victim Country: Iraq
Victim Industry: Government
Victim Organization: Iraq National Intelligence Service
Victim Site: Unknown
Alleged data breach of North Iraq Traffic Governorate database
Category: Data Breach
Content: A threat actor is offering a database allegedly belonging to the North Iraq Traffic Governorate, containing vehicle registration records including owner names, license plate numbers, phone numbers, engine details, and vehicle model information. The post includes sample screenshots and requires points to access the full dataset.
Date: 2026-06-01T21:08:02Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-NORTH-IRAQ-TRAFFIC-DATABASE
Screenshots:
1 screenshot(s) available
Threat Actors: moxa
Victim Country: Iraq
Victim Industry: Government
Victim Organization: North Iraq Traffic Governorate
Victim Site: Unknown
Alleged Telegram Account Phishing Campaign via Fake Deletion Notifications
Category: Phishing
Content: Threat actors are conducting phishing attacks against Telegram users by sending fake account deletion warnings. Victims receive messages claiming their account will be deleted and are prompted to click a Cancel button. This action triggers either a malicious application or redirects to a fake login page designed to steal account credentials and grant attackers access to the compromised accounts.
Date: 2026-06-01T20:45:09Z
Network: telegram
Published URL: https://t.me/c/1397463379/11416
Screenshots:
2 screenshot(s) available
Threat Actors: LZT
Victim Country: Unknown
Victim Industry: telecommunications
Victim Organization: Unknown
Victim Site: telegram.org
Alleged Advanced SCADA Exploitation by Infrastructure Destruction Squad
Category: Vulnerability
Content: Infrastructure Destruction Squad claims to have advanced SCADA exploitation capabilities, referencing document TC-JOINT-GEO-2026-001 and exploiting loopholes in critical infrastructure systems.
Date: 2026-06-01T20:01:33Z
Network: telegram
Published URL: https://t.me/c/2735908986/4607
Screenshots:
3 screenshot(s) available
Threat Actors: Infrastructure Destruction Squad
Victim Country: Unknown
Victim Industry: Critical Infrastructure
Victim Organization: Unknown
Victim Site: Unknown
Alleged Distribution of TRK25 Advanced SCADA Exploitation Tool by Infrastructure Destruction Squad
Category: Malware
Content: Infrastructure Destruction Squad is distributing TRK25 ADVANCED SCADA, a comprehensive industrial control system (ICS) attack tool. The tool includes capabilities for scanning and exploiting SCADA/PLC/HMI systems via MODBUS and PROFINET protocols, executing six types of DDoS attacks (SYN/UDP/TCP/HTTP Flood, Slowloris, ICMP), password-free VNC/RDP/HTTP screenshot capture, SSH brute forcing, OPC/DNP3 exploitation targeting power systems, and encrypted data exfiltration. The tool features a GUI wit…
Date: 2026-06-01T19:47:00Z
Network: telegram
Published URL: https://t.me/c/2735908986/4605
Screenshots:
1 screenshot(s) available
Threat Actors: Infrastructure Destruction Squad
Victim Country: Unknown
Victim Industry: Critical Infrastructure, Industrial Control Systems, Power/Electricity
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Indonesian National Police personnel database
Category: Data Leak
Content: A threat actor claiming to be V0idix has leaked a CSV database allegedly containing 341,800 records of Indonesian National Police personnel. The dataset includes rank, name, unit assignment, phone number, and email address. The actor states the release is in retaliation for a reported arrest, claiming the individual apprehended is not them.
Date: 2026-06-01T19:44:02Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-341K-Indonesian-National-Police-Database
Screenshots:
1 screenshot(s) available
Threat Actors: V0idix
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Indonesian National Police
Victim Site: polri.go.id
Alleged data leak of Indonesian National Police database
Category: Data Leak
Content: A threat actor identifying as V0idix has freely distributed an alleged database of the Indonesian National Police containing 341,800 records in CSV format. The leaked data reportedly includes rank, name, unit, phone number, and email address of personnel. The actor claims the release is retaliatory, asserting that Indonesian police arrested the wrong individual in connection with their activities.
Date: 2026-06-01T19:43:28Z
Network: openweb
Published URL: https://breached.su/threads/341k-indonesian-national-police-database.87798/unread
Screenshots:
2 screenshot(s) available
Threat Actors: V0idix
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Indonesian National Police
Victim Site: Unknown
Alleged sale of mail access and credential materials by DataxLogs
Category: Initial Access
Content: Threat actor DataxLogs is advertising mail access availability along with configs, scripts, tools, hits, and combo lists targeting victims across France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, and Japan. Live proof and testing offered upon request.
Date: 2026-06-01T19:19:32Z
Network: telegram
Published URL: https://t.me/c/2613583520/95191
Screenshots:
2 screenshot(s) available
Threat Actors: DataxLogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of gnkdinamo.hr
Category: Data Leak
Content: A threat actor leaked data allegedly sourced from gnkdinamo.hr, the official website of Croatian football club GNK Dinamo Zagreb. The dataset contains 56,182 records in JSON format including personal identification numbers (OIB), full names, birth dates, email addresses, phone numbers, and physical addresses. The data was made available for free on a dark web forum, credited to a group identified as INF GRUPA.
Date: 2026-06-01T18:57:51Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-gnkdinamo-hr-leak
Screenshots:
1 screenshot(s) available
Threat Actors: Tanaka
Victim Country: Croatia
Victim Industry: Sports
Victim Organization: GNK Dinamo Zagreb
Victim Site: gnkdinamo.hr
Sale of personal data including SSNs, ID documents, and financial records
Category: Carding
Content: A threat actor is advertising for sale a collection of personal data including ID cards, SSNs, drivers licenses, passports, bank cards, and various database types. The seller directs interested buyers to a Telegram account. No specific victim organization or record count is disclosed.
Date: 2026-06-01T18:29:21Z
Network: openweb
Published URL: https://crackingx.com/threads/77559/
Screenshots:
1 screenshot(s) available
Threat Actors: jannatmirza11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of GNK Dinamo Zagreb (gnkdinamo.hr) — 50K records
Category: Data Leak
Content: A threat actor operating under the group INF GRUPA claims to have breached gnkdinamo.hr and is freely distributing approximately 50,000 records. The leaked data reportedly includes full names, phone numbers, email addresses, cities, birth dates, residential addresses, and OIB (Croatian personal identification numbers).
Date: 2026-06-01T18:27:16Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78601
Screenshots:
1 screenshot(s) available
Threat Actors: vvvv
Victim Country: Croatia
Victim Industry: Sports
Victim Organization: GNK Dinamo Zagreb
Victim Site: gnkdinamo.hr
Sale of Cloudflare Turnstile Challenge Bypass Tool
Category: Vulnerability
Content: A threat actor shared a browser-based Cloudflare Turnstile challenge bypass tool on a darknet forum, linking to an external hosting site. The tool is described as browser-based only, with no request-based implementation. The author also mentioned a possible future release of a reCAPTCHA v2 bypass.
Date: 2026-06-01T17:58:21Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78609
Screenshots:
1 screenshot(s) available
Threat Actors: welcometonightbrother
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Air Austral (air-austral.com)
Category: Data Leak
Content: A threat actor on DarkForums claims to have leaked a database from Air Austral, a French airline operating in the Indian Ocean region. The dataset contains approximately 1,000 records in JSON format, including employee names, email addresses, job titles, departments, and locations. The data appears to be an internal staff directory, with samples showing corporate email addresses tied to Réunion-based personnel.
Date: 2026-06-01T17:52:52Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78595
Screenshots:
1 screenshot(s) available
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Transportation
Victim Organization: Air Austral
Victim Site: air-austral.com
Alleged data leak of erp.pescadosymariscosarroyo.com
Category: Data Leak
Content: A threat actor known as MirrorShell has freely released a database dump attributed to erp.pescadosymariscosarroyo.com, an ERP platform associated with a seafood retail business. The dump contains 84 user records including usernames, emails, hashed passwords, authentication tokens, and personal details. The data was made available for free download on a dark web forum.
Date: 2026-06-01T17:29:20Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-erp-pescadosymariscosarroyo-com-Database-Leaked-Download
Screenshots:
1 screenshot(s) available
Threat Actors: MirrorShell
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Pescados y Mariscos Arroyo
Victim Site: erp.pescadosymariscosarroyo.com
Alleged data leak of Homzmart database
Category: Data Leak
Content: A threat actor has freely distributed an alleged database dump of Homzmart, an Egyptian e-commerce platform. The leaked data includes approximately 9 million records across multiple tables covering customer entities, addresses, sales orders, invoices, seller profiles, bank accounts, and user data. The dump is split into a partial customer dump (~4GB) and a sellers database (~600MB).
Date: 2026-06-01T17:28:26Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Homzmart-Database-Leaked
Screenshots:
1 screenshot(s) available
Threat Actors: hackformetome
Victim Country: Egypt
Victim Industry: Retail
Victim Organization: Homzmart
Victim Site: homzmart.com
Sale of stolen payment card data
Category: Carding
Content: A threat actor is advertising the sale of valid and legitimate credit cards (CCs) via Telegram. No specific victim organization, card count, or country is mentioned.
Date: 2026-06-01T17:10:51Z
Network: openweb
Published URL: https://altenens.is/threads/shopping-card.2947030/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Jhabsg17
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of 3pattilottery.com by AnonSec Team (./Outsiders)
Category: Defacement
Content: On June 2, 2026, the online lottery and gambling website 3pattilottery.com was defaced by threat actor ./Outsiders, affiliated with AnonSec Team. The attack targeted the homepage of the site in a single, targeted defacement. The incident has been archived and mirrored via zone-xsec.com.
Date: 2026-06-01T17:06:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930484
Screenshots:
1 screenshot(s) available
Threat Actors: ./Outsiders, AnonSec Team
Victim Country: Unknown
Victim Industry: Gambling / Lottery
Victim Organization: 3 Patti Lottery
Victim Site: 3pattilottery.com
Alleged data leak of SISTER-PT KEMENDIKBUD lecturer registry
Category: Data Leak
Content: A threat actor leaked a partial dataset purportedly sourced from the SISTER-PT KEMENDIKBUD system, Indonesias Ministry of Education lecturer registration platform. The exposed records include lecturer registration numbers, NUPTK, NIP (civil servant IDs), employment status, and certification history. The post describes this as a partial leak with 35 or more records.
Date: 2026-06-01T17:01:13Z
Network: openweb
Published URL: https://breached.su/threads/leaked-data-sister-pt-kemendikbud.87796/unread
Screenshots:
2 screenshot(s) available
Threat Actors: RanzXZ
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: SISTER-PT KEMENDIKBUD
Victim Site: kemdikbud.go.id
Sale of non-VBV credit cards for carding across multiple platforms
Category: Carding
Content: A threat actor is offering non-VBV (Verified by Visa) credit cards for sale, advertising compatibility with multiple payment platforms including Cashapp, Apple Pay, Google Pay, Amazon, and eBay. The seller claims 100% validity with a refund or replacement guarantee and directs buyers to a Telegram contact.
Date: 2026-06-01T16:54:04Z
Network: openweb
Published URL: https://crackingx.com/threads/77465/
Screenshots:
1 screenshot(s) available
Threat Actors: Clara12
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Venezuela SENIAT tax authority — 24 million records
Category: Data Leak
Content: A threat actor has freely distributed an alleged 30 GB database dump attributed to Venezuelas SENIAT tax authority, claiming 24 million unique records. The dataset purportedly includes data on legal entities, natural persons, foreigners, passport holders, and government entities, with sample records showing tax registration numbers, fiscal addresses, contact details, and business registration information. The post was made on a dark web forum and the data appears to originate from 2025–2026 tax
Date: 2026-06-01T16:33:10Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78602
Screenshots:
2 screenshot(s) available
Threat Actors: malconguerra2
Victim Country: Venezuela
Victim Industry: Government
Victim Organization: SENIAT (National Integrated Service of Customs and Tax Administration)
Victim Site: seniat.gob.ve
Alleged data leak of Universidad Tecnologica del Centro (Mexico)
Category: Data Leak
Content: A threat actor known as MagoSpeak has freely distributed an alleged database dump containing 4,361 records attributed to Universidad Tecnologica del Centro in Mexico. The dataset reportedly includes full names, phone numbers, dates of birth, Gmail addresses, CURP (national ID), school enrollment details, disability status, income, and municipality-level socioeconomic indicators. The data was made available via a public file-sharing link and promoted through a Telegram channel.
Date: 2026-06-01T16:32:57Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-M%C3%89XICO-UNIVERSIDAD-TECNOLOGICA-DEL-CENTRO-4-361
Screenshots:
1 screenshot(s) available
Threat Actors: MagoSpeak
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Universidad Tecnologica del Centro
Victim Site: Unknown
Alleged data leak of Instituto Tecnológico del Valle de Etla, Mexico
Category: Data Leak
Content: A threat actor known as MagoSpeak has freely distributed an alleged database dump attributed to Instituto Tecnológico del Valle de Etla, a Mexican technical institute. The dataset reportedly contains extensive personal information including full names, phone numbers, dates of birth, Gmail addresses, CURP (national ID numbers), gender, age, disability status, indigenous language status, financial aid details, and academic records. The data was made available via a Gofile download link.
Date: 2026-06-01T16:32:16Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-M%C3%89XICO-INSTITUTO-TECNOL%C3%93GICO-DEL-VALLE-DE-ETLA
Screenshots:
1 screenshot(s) available
Threat Actors: MagoSpeak
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Instituto Tecnológico del Valle de Etla
Victim Site: Unknown
Alleged data leak of Medan City residents database
Category: Data Leak
Content: A threat actor has freely distributed an alleged database containing personal data of 2.5 million Medan City residents. The dataset is being shared at no cost on a public breach forum. No additional details about the source or data fields are provided beyond a partial sample.
Date: 2026-06-01T16:31:48Z
Network: openweb
Published URL: https://breached.su/threads/2-5-million-database-of-medan-city.87794/unread
Screenshots:
9 screenshot(s) available
Threat Actors: Mr. Hanz Xploit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Medan City Government
Victim Site: Unknown
Website Defacement of Selva Legal by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website selvalegal.com, belonging to a legal services organization identified as Selva Legal, was defaced by a threat actor operating under the alias Claudexxx. The attack targeted the homepage and was carried out as a single, targeted defacement rather than a mass defacement campaign. The attackers motivation and technical details regarding the server infrastructure remain unknown.
Date: 2026-06-01T16:19:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930479
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Legal Services
Victim Organization: Selva Legal
Victim Site: selvalegal.com
Website Defacement of Redback App by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website redback.app was defaced by a threat actor operating under the alias Claudexxx, acting independently without a team affiliation. The attack targeted the homepage of the site in a single, targeted defacement incident. No specific motivation or technical details regarding the server infrastructure were disclosed.
Date: 2026-06-01T16:18:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930474
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Redback
Victim Site: redback.app
Website Defacement of redback.org by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website redback.org was defaced by a threat actor operating under the alias Claudexxx, acting independently without affiliation to any known group. The attack targeted the homepage of the site in a singular, non-mass defacement incident. Technical details regarding the server environment and attack vector were not disclosed.
Date: 2026-06-01T16:17:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930477
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Redback
Victim Site: redback.org
Website Defacement of JobSuite by Claudexxx
Category: Defacement
Content: On June 1, 2026, the Indian job portal website jobsuite.in was defaced by a threat actor operating under the alias Claudexxx. The attacker successfully compromised the homepage of the site, replacing its content with a defacement page. The incident was recorded as a homepage defacement and is not associated with a known hacking group or mass defacement campaign.
Date: 2026-06-01T16:17:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930471
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: India
Victim Industry: Employment and Recruitment
Victim Organization: JobSuite
Victim Site: jobsuite.in
Website Defacement of MyGSTFilings.com by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website mygstfilings.com, a GST tax filing service platform likely operating in India, was defaced by a threat actor identified as Claudexxx acting independently without a team affiliation. The attack targeted the homepage of the site in a single targeted defacement, with the incident mirrored and archived on zone-xsec.com.
Date: 2026-06-01T16:16:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930472
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: India
Victim Industry: Financial Services / Tax Compliance
Victim Organization: MyGST Filings
Victim Site: mygstfilings.com
Website Defacement of Nutrishyam by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website nutrishyam.com was defaced by a threat actor identified as Claudexxx operating without a team affiliation. The attack targeted the homepage of what appears to be a nutrition or health-related website, resulting in a full homepage defacement. The incident was a single targeted defacement with no indication of mass or repeated compromise.
Date: 2026-06-01T16:15:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930473
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Food & Nutrition / Health
Victim Organization: Nutrishyam
Victim Site: nutrishyam.com
Website Defacement of redback.eu.com by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website redback.eu.com was defaced by a threat actor operating under the alias Claudexxx, acting independently without a team affiliation. The attack resulted in a homepage defacement, replacing the sites content with the attackers messaging. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-06-01T16:15:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930475
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: European Union
Victim Industry: Unknown
Victim Organization: Redback
Victim Site: redback.eu.com
Website Defacement of Cyber Crime Academy India by Claudexxx
Category: Defacement
Content: On June 1, 2026, the attacker known as Claudexxx defaced the homepage of cybercrimeacademy.in, a cybersecurity or cyber crime awareness training platform based in India. The attack was a targeted homepage defacement carried out by a solo actor with no affiliated team. The incident was recorded and mirrored via zone-xsec.com.
Date: 2026-06-01T16:14:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930466
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: India
Victim Industry: Education / Cybersecurity Training
Victim Organization: Cyber Crime Academy
Victim Site: cybercrimeacademy.in
Website Defacement of GraphicXS by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website graphicxs.com was defaced by a threat actor operating under the alias Claudexxx, acting independently without an affiliated team. The attack targeted the homepage of the site in a single, non-mass defacement incident. Technical details such as server software, IP address, and attack vector remain unknown.
Date: 2026-06-01T16:13:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930470
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Creative Services / Graphics
Victim Organization: GraphicXS
Victim Site: graphicxs.com
Website Defacement of selvarathinam.com by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website selvarathinam.com was defaced by a threat actor operating under the alias Claudexxx, acting independently without affiliation to any known group or team. The attack targeted the homepage of the site in a singular, non-mass defacement incident. No specific motive, server details, or proof of concept were disclosed in association with the attack.
Date: 2026-06-01T16:12:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930480
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Selvarathinam
Victim Site: selvarathinam.com
Website Defacement of Rudraksham.net by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website rudraksham.net was defaced by a threat actor operating under the alias Claudexxx, acting independently without affiliation to any known group. The attack targeted the homepage of the site, which appears to be associated with religious or spiritual goods related to Rudraksha. No specific motive, exploited vulnerability, or server details were disclosed in connection with this incident.
Date: 2026-06-01T16:11:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930478
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Religion and Spirituality
Victim Organization: Rudraksham
Victim Site: rudraksham.net
Website Defacement of ExonCorp by Claudexxx
Category: Defacement
Content: The homepage of exoncorp.com was defaced by threat actor Claudexxx on June 1, 2026. The attack targeted the main page of the website and was carried out as a single targeted defacement rather than a mass campaign. No team affiliation, specific motive, or technical details regarding the server environment were disclosed.
Date: 2026-06-01T16:10:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930468
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Corporate/Business
Victim Organization: ExonCorp
Victim Site: exoncorp.com
Website Defacement of workspace.ind.in by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website workspace.ind.in was defaced by a threat actor operating under the alias Claudexxx, acting independently without affiliation to any known group. The attack targeted the homepage of the site and was not part of a mass defacement campaign. No specific motive or technical details were disclosed in the available incident data.
Date: 2026-06-01T16:10:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930481
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: India
Victim Industry: Technology / Workspace Services
Victim Organization: IND Workspace
Victim Site: workspace.ind.in
Website Defacement of eFoodKart by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website efoodkart.com, an online food ordering or delivery platform, was defaced by a threat actor known as Claudexxx operating without an affiliated team. The attack targeted the homepage of the site in a singular, non-mass defacement incident. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-06-01T16:09:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930467
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Food & Beverage / E-Commerce
Victim Organization: eFoodKart
Victim Site: efoodkart.com
Website Defacement of All India Judgements by Claudexxx
Category: Defacement
Content: On June 1, 2026, the Indian legal resource website allindiajudgements.com was defaced by a threat actor identified as Claudexxx, acting independently without a known team affiliation. The attack targeted the homepage directly and was not part of a mass defacement campaign, suggesting a single targeted intrusion against this legal information platform.
Date: 2026-06-01T16:08:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930464
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: India
Victim Industry: Legal / Judiciary
Victim Organization: All India Judgements
Victim Site: allindiajudgements.com
Website Defacement of Fixit Services by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website fixitservices.in was defaced by a threat actor operating under the alias Claudexxx, acting independently without affiliation to a known group. The attack targeted the homepage of what appears to be an Indian repair or maintenance services company. The incident was recorded as a single targeted defacement with no indication of mass or repeated defacement activity.
Date: 2026-06-01T16:07:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930469
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: India
Victim Industry: Services / Repair Services
Victim Organization: Fixit Services
Victim Site: fixitservices.in
Website Defacement of redback.it.com by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website redback.it.com was defaced by a threat actor operating under the alias Claudexxx, acting independently without affiliation to any known group. The attack targeted the homepage of the site, suggesting a direct and deliberate compromise of the web presence. No specific motivation or technical details were disclosed in connection with this incident.
Date: 2026-06-01T16:07:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930476
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Information Technology
Victim Organization: Redback IT
Victim Site: redback.it.com
Website Defacement of Analyticxs by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website analyticxs.com was defaced by a threat actor operating under the handle Claudexxx, acting independently without a team affiliation. The attack targeted the homepage of the site in a single, non-mass defacement incident. No specific motive, server details, or proof-of-concept information were disclosed in relation to this incident.
Date: 2026-06-01T16:06:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930465
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Analytics / Technology
Victim Organization: Analyticxs
Victim Site: analyticxs.com
Alleged data breach of Medan City – 2.5 million records
Category: Data Breach
Content: A threat actor using the handle mr-hanz-xploit has posted a thread on Breachforums claiming a breach of Medan City database containing 2.5 million records. The breach details are being shared on the underground forum.
Date: 2026-06-01T16:03:46Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/340
Screenshots:
2 screenshot(s) available
Threat Actors: mr-hanz-xploit
Victim Country: Indonesia
Victim Industry: Government/Municipal
Victim Organization: Medan City
Victim Site: Unknown
Alleged doxxing of Wagner Group member by Shamshir Alis team
Category: Initial Access
Content: Hacktivist group claiming cooperation with Shamshir Alis team alleges unauthorized access to devices of Wagner Group personnel. Post contains detailed personal information (phone number, address, date of birth, contacts, banking details, tax ID, email, Telegram handle) of alleged individual Denis Radu Ivanovich from Kursk Oblast, Russia, presented as a lesson warning against continued alleged security negligence.
Date: 2026-06-01T15:57:45Z
Network: telegram
Published URL: https://t.me/c/2710529294/225
Screenshots:
1 screenshot(s) available
Threat Actors: Shamshir Alis team
Victim Country: Russia
Victim Industry: Military/PMC
Victim Organization: Wagner Group
Victim Site: Unknown
Alleged sale of RDP access and compromised accounts
Category: Initial Access
Content: Threat actor offering rental of RDP access on Azure, AWS, and DigitalOcean infrastructure on daily/monthly basis for $200. Also selling domain email accounts (Gmail, Yahoo), GitHub Student accounts, ChatGPT Plus, Claude accounts, and ElevenLabs Creator Plan access. Services advertised with escrow protection.
Date: 2026-06-01T15:55:03Z
Network: telegram
Published URL: https://t.me/c/2613583520/95060
Screenshots:
1 screenshot(s) available
Threat Actors: Squad Chat Marketplace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of PII database of Indonesian National Police (POLRI) personnel
Category: Data Breach
Content: A threat actor is offering for sale a dataset purportedly containing personal information of approximately 1 million Indonesian National Police (POLRI) personnel. The data includes full names, ranks, unit assignments, phone numbers, and email addresses, as demonstrated by sample records shared in the post.
Date: 2026-06-01T15:51:25Z
Network: openweb
Published URL: https://breached.su/threads/sell-pii-polri-1m-include-name-gmail-number-rank.87793/unread
Screenshots:
2 screenshot(s) available
Threat Actors: 053o
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Indonesian National Police (POLRI)
Victim Site: polri.go.id
Alleged data leak of OSS (Online Single Submission) Indonesia
Category: Data Leak
Content: A threat actor using the handle whoare posted on a stealer logs forum referencing the Indonesian governments OSS (Online Single Submission) system. The post contains politically motivated rhetoric calling on Indonesian hackers to dismantle the rotten system rather than leak or deface. No specific data or method of compromise was disclosed.
Date: 2026-06-01T15:23:54Z
Network: openweb
Published URL: https://breached.su/threads/oss-online-single-submission.87790/unread
Screenshots:
1 screenshot(s) available
Threat Actors: whoare
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: OSS (Online Single Submission)
Victim Site: oss.go.id
Alleged data breach of Philippine National Police (PNP)
Category: Data Breach
Content: A threat actor is offering for sale approximately 500GB of data allegedly sourced from the Philippine National Police (PNP). The dataset purportedly contains personally identifiable information of police personnel including full names, badge numbers, unit assignments, mobile numbers, email addresses, and station details. The data is being sold for $500 via Telegram.
Date: 2026-06-01T15:23:09Z
Network: openweb
Published URL: https://breached.su/threads/philippines-philippine-national-police-pnp-500gb.87792/unread
Screenshots:
1 screenshot(s) available
Threat Actors: 0xLei
Victim Country: Philippines
Victim Industry: Government
Victim Organization: Philippine National Police
Victim Site: pnp.gov.ph
Alleged sale of mail access credentials and stolen payment cards across multiple countries
Category: Initial Access
Content: Threat actor Engineering (contact: @EngineeringPhantom) is advertising mail account access with live proof and testing capabilities across France, Belgium, Australia, Canada, UK, US, Netherlands, Poland, Germany, and Japan. The offering includes configuration files, scripts, tools, hits, and combolists. Simultaneously, Boss Shop is operating a stolen credit card marketplace claiming 100K+ fresh updates daily with cards validated through authentication, pricing from $0.01, and daily free giveaway…
Date: 2026-06-01T15:14:05Z
Network: telegram
Published URL: https://t.me/c/2613583520/95024
Screenshots:
1 screenshot(s) available
Threat Actors: Engineering
Victim Country: France, Belgium, Australia, Canada, United Kingdom, United States, Netherlands, Poland, Germany, Japan
Victim Industry: Multiple (financial, email services)
Victim Organization: Unknown
Victim Site: Unknown
Mass Redefacement of kampoengsinaoe.org by BULLYXPLOIT of Pasuruan Sec Team
Category: Defacement
Content: The threat actor BULLYXPLOIT, affiliated with Pasuruan Sec Team, conducted a mass redefacement targeting the admin panel of kampoengsinaoe.org, a website associated with an Indonesian community or organization. This incident is classified as both a mass defacement and a redefacement, indicating the attacker had previously compromised the site and returned to deface it again. The attack was carried out on a Linux-based server on June 1, 2026.
Date: 2026-06-01T14:47:34Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249768
Screenshots:
1 screenshot(s) available
Threat Actors: BULLYXPLOIT, Pasuruan Sec Team
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Kampung Sinaoe
Victim Site: kampoengsinaoe.org
Sale of alleged data from Goknur Gıda A.Ş. — 10.7 TB including SCADA, financial, and employee data
Category: Initial Access
Content: A threat actor is selling 10.7 TB of data allegedly exfiltrated from Goknur Gıda A.Ş., a Turkish food company, for 25 BTC. The dataset reportedly includes Active Directory and NTDS.dit dumps, SCADA/PLC/RTU configurations, financial records, employee personal and passport data, production recipes, R&D data, and full IT infrastructure details. The breadth of the data and inclusion of industrial control system configurations indicate a deep and extensive compromise.
Date: 2026-06-01T14:35:47Z
Network: openweb
Published URL: https://breachforu.ms/Thread-GOKNUR-GIDA-A-%C5%9E-TURKEY-10-7-TB
Screenshots:
3 screenshot(s) available
Threat Actors: DreamFyre
Victim Country: Turkey
Victim Industry: Food & Beverage
Victim Organization: Goknur Gıda A.Ş.
Victim Site: Unknown
Alleged cyber attack on Dutch agricultural storage facility by DDoSia Project
Category: Cyber Attack
Content: DDoSia Project claims to have gained complete control over the climate control system of Maatschap Piek & Zn, a large agricultural storage facility in Biddinghuizen, Netherlands. The threat actor claims access to temperature controls, sensors, cameras, and facility management systems across multiple storage chambers containing hundreds of tons of potatoes and onions. The attack is framed as retaliation against NATO support and anti-Russian sentiment, with threats of continued attacks against ent…
Date: 2026-06-01T14:32:25Z
Network: telegram
Published URL: https://t.me/c/3087552512/2093
Screenshots:
1 screenshot(s) available
Threat Actors: DDoSia Project
Victim Country: Netherlands
Victim Industry: Agriculture
Victim Organization: Maatschap Piek & Zn
Victim Site: Unknown
Sale of Cracked RedLine Stealer v20.2 Malware
Category: Malware
Content: A threat actor is distributing a cracked version of RedLine Stealer v20.2 with all premium modules unlocked and no licensing restrictions. The tool is capable of harvesting browser credentials, cookies, cryptocurrency wallet data, system information, and files, with exfiltration via a remote panel or Telegram bot. A VirusTotal link and screenshots are provided alongside the post.
Date: 2026-06-01T14:31:54Z
Network: openweb
Published URL: https://demonforums.net/Thread-Redline-Stealer-v20-2-Cracked
Screenshots:
1 screenshot(s) available
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Akhit Solutions by Marleng1337 of Midas Haxor Team
Category: Defacement
Content: On June 1, 2026, threat actor Marleng1337, operating under the Midas Haxor Team, defaced a page on akhitsolutions.com. The attack targeted a PHP script (mrlg.php) and was not classified as a mass or home page defacement. The incident has been mirrored and archived by zone-xsec.com for reference.
Date: 2026-06-01T14:08:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930463
Screenshots:
1 screenshot(s) available
Threat Actors: Marleng1337, Midas Haxor Team
Victim Country: Unknown
Victim Industry: Information Technology
Victim Organization: Akhit Solutions
Victim Site: akhitsolutions.com
Alleged data leak of Cyprus Airways
Category: Data Leak
Content: A threat actor has shared an alleged dataset attributed to Cyprus Airways containing over 413,000 records. The leaked data reportedly includes names, email addresses, gender, date of birth, document information, and phone numbers. The leak date is unidentified, and the content is gated behind a reply requirement on the forum.
Date: 2026-06-01T13:58:50Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-Cyprus-Airways-leak-400k
Screenshots:
1 screenshot(s) available
Threat Actors: purplepancake49
Victim Country: Cyprus
Victim Industry: Transportation
Victim Organization: Cyprus Airways
Victim Site: cyprusairways.com
Alleged data breach of Burger King Italy
Category: Data Breach
Content: A threat actor is offering for sale an alleged database from Burger King Italy, claiming to contain 5 million records. The post includes a contact method via Session messenger and notes that forum escrow is available for the transaction. No specific data fields are disclosed in the post.
Date: 2026-06-01T13:33:43Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-IT-5M-BurgerKing-it
Screenshots:
1 screenshot(s) available
Threat Actors: kvantize
Victim Country: Italy
Victim Industry: Retail
Victim Organization: Burger King Italy
Victim Site: burgerking.it
Alleged data leak of LeMediaPourTous.fr
Category: Data Leak
Content: A threat actor is freely sharing an alleged database dump from LeMediaPourTous.fr, a French independent media outlet. The dataset contains approximately 13,000 records including user login credentials, email addresses, names, and WordPress session tokens. The actor notes the database is not from the current year.
Date: 2026-06-01T13:23:44Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-FR-13K-LeMediaPourTous-fr
Screenshots:
1 screenshot(s) available
Threat Actors: kvantize
Victim Country: France
Victim Industry: Media
Victim Organization: Le Média Pour Tous
Victim Site: lemediapourtous.fr
Sale of alleged Roblox account data with credentials and profile details
Category: Data Breach
Content: A threat actor is offering for sale a dataset of 132,588 Roblox accounts in CSV format, including fields such as account ID, password, verified badge status, display name, creation date, followers, and friends count. The seller claims exclusivity and offers screen-recorded login demonstrations as proof of validity. The post does not specify the origin of the data.
Date: 2026-06-01T13:04:52Z
Network: openweb
Published URL: https://breachforu.ms/Thread-Selling-Roblox-Account-Data-CSV-Format-132-588-Accounts
Screenshots:
None
Threat Actors: grcuaiw
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Roblox
Victim Site: roblox.com
Sale of initial access pack targeting multiple organizations for ransomware deployment
Category: Initial Access
Content: A threat actor is offering a pack of 10 initial accesses to unnamed organizations for ransomware deployment, priced from $10,000. Each target is claimed to have annual revenue between $10 million and $10 billion. The seller requires escrow and is soliciting serious buyers via the forum thread.
Date: 2026-06-01T13:03:31Z
Network: openweb
Published URL: https://breachforu.ms/Thread-want-to-sell-company-access-for-ransomware
Screenshots:
1 screenshot(s) available
Threat Actors: Simpson2
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Nornikovik fileless hidden browser malware
Category: Malware
Content: A threat actor is selling Nornikovik, a fileless hidden browser malware supporting Chrome, Edge, Brave, Yandex, OperaGX, and Vivaldi. The malware runs in memory, deletes itself post-execution, and exfiltrates browser cookies and autofill data while offering persistence, anti-VM, and multiple output formats. The product is available for purchase via an autobuy storefront.
Date: 2026-06-01T13:02:40Z
Network: openweb
Published URL: https://breachforu.ms/Thread-Nornikovik-hidden-browser-Fileless-Undetected
Screenshots:
1 screenshot(s) available
Threat Actors: solitaryElite
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of RDP access and compromised email accounts
Category: Initial Access
Content: Threat actor offering RDP access for rental on major cloud platforms (Azure, AWS, DigitalOcean) at $200, along with compromised domain mail, Gmail, and Yahoo accounts. Also offering GitHub Student accounts, ChatGPT Plus, Claude subscriptions, and ElevenLabs Creator Plan access. Mail access post includes availability of combolists, configs, scripts, and tools across multiple countries (FR, BE, AU, CA, UK, US, NL, PL, DE, JP).
Date: 2026-06-01T12:56:56Z
Network: telegram
Published URL: https://t.me/c/2613583520/94957
Screenshots:
1 screenshot(s) available
Threat Actors: DataxLogs
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Gideon Genius by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website gideongenius.com was defaced by a threat actor operating under the handle Claudexxx. The attack targeted the homepage of the site in a single, non-mass defacement operation. No specific motive, exploit method, or server details were disclosed in connection with this incident.
Date: 2026-06-01T12:53:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930449
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Education/Tutoring
Victim Organization: Gideon Genius
Victim Site: gideongenius.com
Sale of multi-chain cryptocurrency wallet checker tool supporting seed phrases and private keys
Category: Malware
Content: A threat actor is offering a tool called Ultima Multi-Chain Wallet Checker capable of bulk-checking cryptocurrency wallets across 70+ blockchains using mnemonic seed phrases and private keys. The tool supports multi-threaded operation, proxy rotation, real-time USD balance conversion, and can load seed phrases or private keys from file for automated sweeping. It is designed to identify wallets with balances and save results for further exploitation.
Date: 2026-06-01T12:53:45Z
Network: openweb
Published URL: https://altenens.is/threads/ultima-multi-chain-wallet-checker-70-blockchains-seed-phrases-private-keys.2946917/unread
Screenshots:
2 screenshot(s) available
Threat Actors: ananalbzoor
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of jaupe.com by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website jaupe.com was defaced by a threat actor operating under the alias Claudexxx, acting independently without a known team affiliation. The attack targeted the homepage of the site in a single, non-mass defacement incident. No specific motivation or technical details regarding the server infrastructure were disclosed.
Date: 2026-06-01T12:53:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930454
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Jaupe
Victim Site: jaupe.com
Website Defacement of LSU-UCC Ghana by Claudexxx
Category: Defacement
Content: On June 1, 2026, a threat actor operating under the alias Claudexxx defaced the homepage of lsu-ucc.com.gh, a website associated with an educational institution in Ghana. The attack was a targeted homepage defacement performed by a solo actor with no affiliated team. No specific motivation or proof-of-concept details were disclosed.
Date: 2026-06-01T12:52:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930456
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Ghana
Victim Industry: Education
Victim Organization: LSU-UCC (University of Cape Coast affiliated institution)
Victim Site: lsu-ucc.com.gh
Website Defacement of African Review by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website african-review.com, a media and publishing platform focused on African affairs, was defaced by a threat actor operating under the alias Claudexxx. The attack targeted the homepage and was carried out as a single, targeted defacement rather than a mass campaign. No specific motive or team affiliation was disclosed in connection with the incident.
Date: 2026-06-01T12:51:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930444
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Media and Publishing
Victim Organization: African Review
Victim Site: african-review.com
Website Defacement of git-project.com by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website git-project.com was defaced by a threat actor operating under the handle Claudexxx. The attacker successfully compromised the homepage of the site, replacing its content with a defacement page. The incident was recorded as a homepage defacement with no affiliation to a known hacking team.
Date: 2026-06-01T12:50:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930452
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Technology / Software Development
Victim Organization: Git Project
Victim Site: git-project.com
Website Defacement of GIKACE Training by Claudexxx
Category: Defacement
Content: On June 1, 2026, a threat actor operating under the alias Claudexxx defaced the homepage of gikace-training.online, a training-focused website. The attack was a targeted single-site defacement with no team affiliation reported. Server and infrastructure details were not disclosed, and no specific motive was identified for the attack.
Date: 2026-06-01T12:49:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930450
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Education / Training
Victim Organization: GIKACE Training
Victim Site: gikace-training.online
Website Defacement of WelfareGH by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website welfaregh.com was defaced by a threat actor operating under the handle Claudexxx, acting independently without a known group affiliation. The attack targeted the homepage of the site, which appears to be a welfare-related organization based in Ghana. No specific motive or technical details were disclosed in association with the defacement.
Date: 2026-06-01T12:48:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930460
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Ghana
Victim Industry: Social Services / Welfare
Victim Organization: WelfareGH
Victim Site: welfaregh.com
Alleged Development of Cryptocurrency Wallet Stealing Malware by Infrastructure Destruction Squad
Category: Malware
Content: A member of the Infrastructure Destruction Squad channel claims to be developing malware designed to steal cryptocurrency wallets, written in C++.
Date: 2026-06-01T12:48:19Z
Network: telegram
Published URL: https://t.me/c/2735908986/4595
Screenshots:
1 screenshot(s) available
Threat Actors: Infrastructure Destruction Squad
Victim Country: Unknown
Victim Industry: cryptocurrency
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Eagle Coding by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website eaglecoding.com was defaced by a threat actor operating under the alias Claudexxx, acting independently without a team affiliation. The attack targeted the homepage of the site, replacing its content with unauthorized material. No mass defacement campaign was associated with this incident, and no specific motivation was publicly disclosed.
Date: 2026-06-01T12:48:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930446
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Technology / Software Development
Victim Organization: Eagle Coding
Victim Site: eaglecoding.com
Website Defacement of Portho Logos Press by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website porthologospress.com was defaced by a threat actor operating under the alias Claudexxx, acting independently without an affiliated hacking team. The attack targeted the homepage of the site in a singular, non-mass defacement incident. Technical details regarding the server infrastructure and exploitation method were not disclosed.
Date: 2026-06-01T12:47:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930459
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Publishing / Media
Victim Organization: Portho Logos Press
Victim Site: porthologospress.com
Website Defacement of irpsi.com by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website irpsi.com was defaced by a threat actor operating under the handle Claudexxx, acting independently without affiliation to any known group. The attack targeted the homepage of the site in a singular, non-mass defacement operation. No specific motive, server details, or proof of concept were disclosed in connection with this incident.
Date: 2026-06-01T12:46:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930453
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: IRPSI
Victim Site: irpsi.com
Website Defacement of AGlobe Beverages by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website aglobeverages.com was defaced by a threat actor operating under the alias Claudexxx, acting independently without a known team affiliation. The attack targeted the homepage of the beverages company, replacing its content with a defacement page. No specific motivation or technical details regarding the exploitation method were disclosed.
Date: 2026-06-01T12:45:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930445
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Food & Beverage
Victim Organization: AGlobe Beverages
Victim Site: aglobeverages.com
Website Defacement of witsbr.com by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website witsbr.com was defaced by a threat actor operating under the alias Claudexxx, acting independently without a team affiliation. The attack targeted the homepage of the site in a single targeted defacement, with the underlying server details and attack vector remaining unknown. The incident has been archived via zone-xsec.com mirror for further analysis.
Date: 2026-06-01T12:44:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930461
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Wits BR
Victim Site: witsbr.com
Website Defacement of joucon.com by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website joucon.com was defaced by a threat actor operating under the alias Claudexxx, acting independently without a team affiliation. The attack targeted the homepage of the site in a single, non-mass defacement operation. No additional technical details regarding the server infrastructure, attack vector, or motivation were disclosed.
Date: 2026-06-01T12:43:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930455
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Joucon
Victim Site: joucon.com
Website Defacement of Nabiya Qapital by Claudexxx
Category: Defacement
Content: On June 1, 2026, the website nabiyaqapital.com, associated with a financial services entity named Nabiya Qapital, was defaced by a threat actor operating under the alias Claudexxx. The attack targeted the homepage and was carried out as a singular, targeted defacement rather than a mass campaign. No team affiliation, specific motive, or technical exploitation details were disclosed in connection with this incident.
Date: 2026-06-01T12:43:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930458
Screenshots:
1 screenshot(s) available
Threat Actors: Claudexxx
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Nabiya Qapital
Victim Site: nabiyaqapital.com
Alleged website defacement of bortek.ua by NoName057(16)
Category: Defacement
Content: NoName057(16) claims to have defaced the website of bortek.ua, a Ukrainian manufacturer of electrothermal equipment. According to the post, all official information, contacts, product listings, and news from 2021-2026 have been replaced with a QR code and a message claiming responsibility. The group uses hashtags #OpUkraine and #TimeOfRetribution, indicating geopolitical motivation.
Date: 2026-06-01T12:39:24Z
Network: telegram
Published URL: https://t.me/c/3087552512/2091
Screenshots:
3 screenshot(s) available
Threat Actors: NoName057(16)
Victim Country: Ukraine
Victim Industry: Manufacturing (electrothermal equipment)
Victim Organization: bortek.ua
Victim Site: bortek.ua
Alleged Critical Vulnerability in Palo Alto Networks GlobalProtect VPN (CVE-2026-0257) with Active Exploitation
Category: Vulnerability
Content: Palo Alto Networks disclosed a critical vulnerability (CVE-2026-0257) in its GlobalProtect VPN service that allows attackers to gain network access without credentials by forging authentication cookies. According to Rapid7 security research, active exploitation began on May 17, 2026 and is ongoing. Attackers have achieved full internal network access in some cases.
Date: 2026-06-01T12:32:14Z
Network: telegram
Published URL: https://t.me/c/1283513914/22018
Screenshots:
2 screenshot(s) available
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Unknown
Victim Industry: Cybersecurity/Network Security
Victim Organization: Palo Alto Networks
Victim Site: Unknown
Sale of RED C2 4.0 Remote Access Trojan with Stealer, Loader, and Cross-Platform Support
Category: Malware
Content: A forum reseller is offering RED C2 4.0, a cross-platform (Windows/macOS/Linux) remote access trojan marketed under the RedOffsec brand. The tool includes capabilities for crypting, credential stealing, payload loading, database extraction, and mass operations. Buyers are directed to redoffsec.com for documentation and support.
Date: 2026-06-01T12:29:00Z
Network: openweb
Published URL: https://hackforums.net/showthread.php?tid=6326389
Screenshots:
5 screenshot(s) available
Threat Actors: MarlboroMan
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of AT&T Mobile consumer database with 500K+ records
Category: Data Breach
Content: A threat actor is selling an alleged AT&T Mobile consumer database containing 500,000+ records for $350. The dataset includes full names, mobile and secondary phone numbers, street addresses, and email addresses in Excel/CSV/TXT format. Sample records provided appear to contain real US consumer PII attributed to AT&T customers.
Date: 2026-06-01T12:25:16Z
Network: openweb
Published URL: https://darkpro.net/threads/today-im-offering-a-usa-at-t-mobile-consumer-database-containing-500k-records-by-redx.23316/
Screenshots:
1 screenshot(s) available
Threat Actors: ⭐ RED✘ ⭐
Victim Country: United States
Victim Industry: Telecommunications
Victim Organization: AT&T
Victim Site: att.com
Alleged Data Leak of Shenzhen Xinchelei Technology Co., Ltd. Following Ransom Non-Payment
Category: Data Leak
Content: Threat actor SnowSoul claims to have leaked financial and personnel records belonging to Shenzhen Xinchelei Technology Co., Ltd. after the company allegedly refused to pay a $1,000 USD ransom. The leaked files span 2017–2024 and include accounts receivable invoices, employee records, individual income tax data, supplier information, and accounting system backups (Kingdee KIS). Files have been made available via multiple external file-sharing links.
Date: 2026-06-01T12:19:07Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-Chinese-data-%E4%B8%AD%E5%9B%BD%E6%95%B0%E6%8D%AE-SnowSoul-ID-1321
Screenshots:
1 screenshot(s) available
Threat Actors: SnowSoul
Victim Country: China
Victim Industry: Technology
Victim Organization: Shenzhen Xinchelei Technology Co., Ltd.
Victim Site: Unknown
Alleged defacement of photo-step.com.ua by NoName057(16)
Category: Defacement
Content: NoName057(16) claims responsibility for defacing photo-step.com.ua, a Ukrainian travel website. According to the post, admin data was changed, website content (tours, articles, team photos) was erased and replaced with a defacement message stating Justice has no name along with a QR code. The group frames the action as part of #OpUkraine and #TimeOfRetribution operations.
Date: 2026-06-01T12:09:27Z
Network: telegram
Published URL: https://t.me/c/3087552512/2089
Screenshots:
None
Threat Actors: NoName057(16)
Victim Country: Ukraine
Victim Industry: Travel/Tourism
Victim Organization: photo-step.com.ua
Victim Site: photo-step.com.ua
ClickFix Steganography Campaign Delivering LummaC2 and Rhadamanthys Stealers
Category: Malware
Content: A multi-stage malware campaign leverages ClickFix social engineering lures — including fake human verification pages and a full-screen fake Windows Update screen — to trick victims into executing malicious commands via mshta.exe and PowerShell. The campaign employs steganography to conceal final-stage payloads within PNG image pixel data, reconstructing and decrypting the payload in memory at runtime. The final payloads delivered are LummaC2 or Rhadamanthys infostealers, with activity tracked by…
Date: 2026-06-01T12:00:26Z
Network: openweb
Published URL: https://tier1.life/thread/274
Screenshots:
18 screenshot(s) available
Threat Actors: RedQueen
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of RDP access and compromised accounts
Category: Initial Access
Content: Threat actor offering rental access to RDP servers hosted on Azure, AWS, and Digital Ocean for daily/monthly rates ($200 mentioned). Also advertising compromised domain email accounts, Gmail, Yahoo accounts, GitHub Student accounts, and various subscription services (ChatGPT Plus, Claude, ElevenLabs Creator Plan). Escrow service offered.
Date: 2026-06-01T11:46:00Z
Network: telegram
Published URL: https://t.me/c/2613583520/94906
Screenshots:
1 screenshot(s) available
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged dox leak of Integrity Technology Group executives
Category: Data Leak
Content: A threat actor leaked personally identifiable information for multiple executives of Integrity Technology Group (诚信科技集团), including names, national ID numbers, dates of birth, phone numbers, personal and work email addresses, WeChat handles, marital status, and corporate roles such as Chairman, Vice Chairman, CTO, and CBO. The data was freely shared on the forum with an external download link. Affected individuals are associated with both integritytech.com.cn and ichunqiu.com domains.
Date: 2026-06-01T11:45:53Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-Executives-of-Integrity-Technology-Group-Dox-Leak-%E8%AF%9A%E4%BF%A1%E7%A7%91%E6%8A%80%E9%9B%86%E5%9B%A2%E9%AB%98%E7%AE%A1
Screenshots:
1 screenshot(s) available
Threat Actors: SnowSoul
Victim Country: China
Victim Industry: Technology
Victim Organization: Integrity Technology Group
Victim Site: integritytech.com.cn
Alleged data leak of Sirun (斯润) Technology companies following failed ransom demand
Category: Data Leak
Content: A threat actor identified as SnowSoul claims to have leaked approximately 500 million records (2GB backup, MDF/LDF database files) belonging to two Chinese technology firms — Sirun Hefei Technology and Sirun Tianlang (Beijing) Technology — after a reported ransom demand of $1,000 USD was refused. The leaked data reportedly includes bill-of-materials records, personnel lists, production orders, procurement statistics, and financial invoices spanning 2021–2024, with download links posted publicly
Date: 2026-06-01T11:44:32Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-Chinese-data-%E4%B8%AD%E5%9B%BD%E6%95%B0%E6%8D%AE-SnowSoul-ID-1314
Screenshots:
1 screenshot(s) available
Threat Actors: SnowSoul
Victim Country: China
Victim Industry: Technology
Victim Organization: Sirun Hefei Technology Co., Ltd. / Sirun Tianlang (Beijing) Technology Co., Ltd.
Victim Site: Unknown
Alleged Data Leak of Shenzhen Xinchelei Technology Co., Ltd. Following Ransom Refusal
Category: Data Leak
Content: A threat actor operating under the name SnowSoul has leaked financial and employee data allegedly belonging to Shenzhen Xinchelei Technology Co., Ltd. after the company reportedly refused to pay a $1,000 USD ransom. The leaked data spans 2017–2024 and includes accounts receivable invoices, employee records, individual income tax files, supplier information, and accounting system backups (Kingdee KIS).
Date: 2026-06-01T11:42:41Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78563
Screenshots:
1 screenshot(s) available
Threat Actors: SnowSoul
Victim Country: China
Victim Industry: Technology
Victim Organization: Shenzhen Xinchelei Technology Co., Ltd.
Victim Site: Unknown
Alleged data leak of TermoBud clients
Category: Data Leak
Content: A threat actor shared what appears to be client data associated with TermoBud, a Ukrainian company, via an anonymous file hosting link. The post describes the dataset as manually compiled work. No further details on record count or data fields were provided.
Date: 2026-06-01T11:41:04Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78562
Screenshots:
1 screenshot(s) available
Threat Actors: lifepo4
Victim Country: Ukraine
Victim Industry: Unknown
Victim Organization: TermoBud
Victim Site: Unknown
Alleged defacement of smartbox.hou.com.ua by NoName057(16)
Category: Defacement
Content: NoName057(16) claimed responsibility for defacing smartbox.hou.com.ua, a Ukrainian e-commerce platform selling smartwatches and fitness trackers. The threat actor claims to have destroyed the storefront, products, orders, and replaced content with a QR code. The defacement includes political messaging with hashtags referencing Ukraine-related operations (#OpUkraine, #ЗаСтаробельськ).
Date: 2026-06-01T11:39:59Z
Network: telegram
Published URL: https://t.me/c/3087552512/2087
Screenshots:
3 screenshot(s) available
Threat Actors: NoName057(16)
Victim Country: Ukraine
Victim Industry: E-commerce/Retail
Victim Organization: smartbox.hou.com.ua
Victim Site: smartbox.hou.com.ua
Alleged website defacement of smartbox.hou.com.ua by NoName057(16)
Category: Defacement
Content: NoName057(16) claims to have defaced and taken control of smartbox.hou.com.ua, a Ukrainian e-commerce site selling smartwatches and fitness trackers. The group claims to have destroyed the storefront, products, orders, and replaced the site with their own content including a QR code. The defacement is attributed to their #OpUkraine campaign.
Date: 2026-06-01T11:39:14Z
Network: telegram
Published URL: https://t.me/c/3087552512/2085
Screenshots:
3 screenshot(s) available
Threat Actors: NoName057(16)
Victim Country: Ukraine
Victim Industry: e-commerce
Victim Organization: smartbox.hou.com.ua
Victim Site: smartbox.hou.com.ua
Alleged data breach of SeLoger.com
Category: Data Breach
Content: A threat actor operating under the name Scattered Lapsu$ Hunter claims to have breached seloger.com, a French real estate platform, allegedly obtaining 4.5 million records. The data is being shared via Telegram channels linked to the group.
Date: 2026-06-01T10:52:16Z
Network: openweb
Published URL: https://breachforu.ms/Thread-FR-SELOGER-COM-4-5M–189845
Screenshots:
1 screenshot(s) available
Threat Actors: scattered_lapsus_hunter
Victim Country: France
Victim Industry: Real Estate
Victim Organization: SeLoger
Victim Site: seloger.com
Alleged data breach of SeLoger.com
Category: Data Breach
Content: The group Scattered Lapsu$ Hunter claims to have breached seloger.com, a French real estate platform. A sample dataset was shared containing user records with fields including names, email addresses, plaintext passwords, phone numbers, and agency affiliations. The post was made on a dark web forum with links to Telegram channels for contact.
Date: 2026-06-01T10:40:31Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-COLLECTION-FR-SELOGER-COM
Screenshots:
1 screenshot(s) available
Threat Actors: xmrcat
Victim Country: France
Victim Industry: Real Estate
Victim Organization: SeLoger
Victim Site: seloger.com
Alleged data leak of beutel24.com database
Category: Data Leak
Content: A threat actor known as DarkMafiaX has leaked an SQL database allegedly belonging to beutel24.com, a German website. The database is approximately 4MB in size and is available via a hidden download link on the forum.
Date: 2026-06-01T10:39:06Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78549
Screenshots:
1 screenshot(s) available
Threat Actors: DarkMafiaX
Victim Country: Germany
Victim Industry: Retail
Victim Organization: Beutel24
Victim Site: beutel24.com
Alleged data leak of biko.ua (Ukraine)
Category: Data Leak
Content: A threat actor on a darknet forum has made available an alleged SQL database dump from biko.ua, a Ukrainian website. The file is approximately 9MB in size and is being distributed freely to forum members who reply to the thread.
Date: 2026-06-01T10:38:02Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78553
Screenshots:
1 screenshot(s) available
Threat Actors: DarkMafiaX
Victim Country: Ukraine
Victim Industry: Unknown
Victim Organization: Biko
Victim Site: biko.ua
Alleged data breach of kosmetikschule-schaefer.de
Category: Data Leak
Content: A threat actor known as DarkMafiaX has leaked an alleged SQL database dump of the German cosmetics school website kosmetikschule-schaefer.de. The database is approximately 34MB in size and is being distributed for free via a hidden download link on the forum.
Date: 2026-06-01T10:36:57Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78555
Screenshots:
1 screenshot(s) available
Threat Actors: DarkMafiaX
Victim Country: Germany
Victim Industry: Education
Victim Organization: Kosmetikschule Schaefer
Victim Site: kosmetikschule-schaefer.de
Alleged sale of access to Peruvian government website by Pharaohs_Team
Category: Initial Access
Content: Pharaohs_Team is offering access to munisanantonio-mariscalnieto.gob.pe (Peruvian municipal government domain) with proof provided via photo. Seller requests direct message contact (@phteam_1) for purchase negotiations.
Date: 2026-06-01T10:20:55Z
Network: telegram
Published URL: https://t.me/Pharaoh_e/59
Screenshots:
2 screenshot(s) available
Threat Actors: Pharaohs_Team
Victim Country: Peru
Victim Industry: Government
Victim Organization: Municipalidad de San Antonio
Victim Site: munisanantonio-mariscalnieto.gob.pe
Alleged Unification of maul1337 and Keymous Plus Threat Groups
Category: Cyber Attack
Content: maul1337 (Indonesia-based defacer and leaker with webshell capabilities) and Keymous Plus (data breach and hacktivist group) have announced an official operational consolidation. The unified group claims to operate in data breaches, silent operations, hacktivism, defacement, and webshell distribution. They position themselves as operating ahead of patch cycles and beyond standard detection capabilities.
Date: 2026-06-01T10:12:12Z
Network: telegram
Published URL: https://t.me/Maulnism1337/1850
Screenshots:
2 screenshot(s) available
Threat Actors: maul1337
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass Defacement of Brazilian Website by Threat Actor Zod
Category: Defacement
Content: Threat actor Zod conducted a mass defacement campaign targeting www.admss.com.br, a Brazilian website hosted on cloud infrastructure. The defacement was recorded on June 1, 2026, with a mirror archived at haxor.id. This incident is part of a broader mass defacement operation carried out by the Zod team.
Date: 2026-06-01T09:44:26Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249764
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: ADMSS
Victim Site: www.admss.com.br
Website Defacement of santossimon.com.br by Threat Actor Zod
Category: Defacement
Content: On June 1, 2026, a threat actor operating under the alias Zod defaced a page on the Brazilian website santossimon.com.br, targeting the file zod.html. The attack was conducted on a Linux-based server and was a single targeted defacement rather than a mass or home page defacement. The incident has been archived and mirrored via haxor.id.
Date: 2026-06-01T09:42:41Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249765
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Santos Simon
Victim Site: santossimon.com.br
Mass defacement of Brazilian platform site by threat actor Zod
Category: Defacement
Content: On June 1, 2026, threat actor Zod conducted a mass defacement campaign targeting plataforma.santossimon.com.br, a Brazilian web platform associated with Santos Simon. The defacement was deployed on a Linux-based server and archived via haxor.id. This incident is part of a broader mass defacement operation attributed to the same actor.
Date: 2026-06-01T09:40:30Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249766
Screenshots:
1 screenshot(s) available
Threat Actors: Zod, Zod
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Santos Simon
Victim Site: plataforma.santossimon.com.br
Alleged data leak of anhsangsoiduong.vn
Category: Data Leak
Content: A threat actor has freely shared an alleged SQL database dump of the Vietnamese website anhsangsoiduong.vn, sized approximately 750MB. The sample data includes user login names, hashed passwords, email addresses, and registration details. The database appears to follow a WordPress user table structure.
Date: 2026-06-01T09:35:33Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78545
Screenshots:
1 screenshot(s) available
Threat Actors: DarkMafiaX
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Anh Sang Soi Duong
Victim Site: anhsangsoiduong.vn
Alleged cyber attack on Fresenius industrial facility in France by Yemen-affiliated hackers
Category: Cyber Attack
Content: Yemen-affiliated hackers allegedly gained unauthorized access to the technical control systems of a Fresenius industrial site in Grand Chalons, France. According to reports, the threat actors accessed the control panel and modified equipment settings including voltage and operational modes. They also reportedly accessed administrative sections, performance reports, and system event logs.
Date: 2026-06-01T09:17:52Z
Network: telegram
Published URL: https://t.me/c/1283513914/22016
Screenshots:
1 screenshot(s) available
Threat Actors: Yemen-affiliated hackers
Victim Country: France
Victim Industry: Industrial/Manufacturing
Victim Organization: Fresenius
Victim Site: Unknown
Alleged sale of forged government identification documents and SSNs across multiple countries
Category: Initial Access
Content: User Benjamin (@benjahminzzzz) is offering forged USA drivers licenses (front and back with or without SSNs) at $5 per document with minimum 10-piece orders, claiming ability to provide bulk quantities. Additionally advertises forged identification documents from 25+ countries including UK, Netherlands, Brazil, Australia, Canada, France, Germany, India, Ireland, Sweden, Vietnam, Philippines, Spain, and others. Services include drivers licenses, ID cards, SSNs, passports, proof of address, and ut…
Date: 2026-06-01T08:50:30Z
Network: telegram
Published URL: https://t.me/c/2613583520/94798
Screenshots:
3 screenshot(s) available
Threat Actors: Benjamin (@benjahminzzzz)
Victim Country: United States
Victim Industry: Government/Identity Verification
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of gioyv.org.tr by Y4NZ404 (TEASER SEC TEAM & CAPUNG)
Category: Defacement
Content: On June 1, 2026, threat actor Y4NZ404, operating under the group TEASER SEC TEAM & CAPUNG, defaced the homepage of gioyv.org.tr, a Turkish-registered website. The attack was a targeted single-site homepage defacement, with no indication of mass defacement activity. The mirror of the defacement was archived at zone-xsec.com.
Date: 2026-06-01T08:50:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930442
Screenshots:
1 screenshot(s) available
Threat Actors: Y4NZ404, TEASER SEC TEAM & CAPUNG
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: GIOYV
Victim Site: gioyv.org.tr
Alleged CIFSwitch Vulnerability in Linux Kernel Enables Privilege Escalation to Root
Category: Vulnerability
Content: A newly discovered vulnerability named CIFSwitch in the Linux kernel allows local attackers to exploit CIFS protocol authentication mechanisms to escalate privileges to root level and gain complete system control. The vulnerability affects multiple Linux distributions, particularly systems running vulnerable Linux kernel versions and cifs-utils packages, with versions 6.14 and newer being most impacted. This is part of a recent series of Linux privilege escalation vulnerabilities including Copy …
Date: 2026-06-01T08:34:55Z
Network: telegram
Published URL: https://t.me/c/1283513914/22014
Screenshots:
2 screenshot(s) available
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Unknown
Victim Industry: Technology/Infrastructure
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Charter Communications (Spectrum) exposing 42 million customer records
Category: Data Leak
Content: A threat actor affiliated with the ShinyHunters group reportedly breached Charter Communications (parent of Spectrum) on April 1, 2026, via a voice phishing attack that compromised a Microsoft Entra employee account, enabling access to the companys Salesforce instance. After Charter refused to pay a ransom, the stolen data — estimated at 42,222,564 records across 16 files — was publicly released on May 27, 2026. The exposed data includes full names, email addresses, phone numbers, service plan
Date: 2026-06-01T08:32:04Z
Network: openweb
Published URL: https://spear.cx/Thread-Charter-Communications-Inc-42M
Screenshots:
1 screenshot(s) available
Threat Actors: [Mod] Tanaka
Victim Country: United States
Victim Industry: Telecommunications
Victim Organization: Charter Communications
Victim Site: charter.com
Alleged unauthorized access to Citex Systems databases and employee data leak
Category: Data Breach
Content: A threat actor named Keymous claimed to have gained unauthorized access to multiple databases belonging to Citex Systems, an Egyptian company. According to the claim, the compromised data includes employee information (approximately 800 individuals), project details (responsible persons, execution dates and locations), email data, and contact information. The files have been made available for download, with some accessible freely and others requiring forum registration.
Date: 2026-06-01T08:25:32Z
Network: telegram
Published URL: https://t.me/c/1283513914/22013
Screenshots:
2 screenshot(s) available
Threat Actors: Keymous
Victim Country: Egypt
Victim Industry: Unknown
Victim Organization: Citex Systems
Victim Site: Unknown
Sale of US high-balance BINs claimed to work for $500+ transactions
Category: Carding
Content: A threat actor operating under the alias CC-GuRu is offering 100 US-based BINs advertised as suitable for high-balance transactions of $500 or more. The full content is gated behind forum registration. No specific issuing bank or card network is identified in the visible post.
Date: 2026-06-01T08:16:48Z
Network: openweb
Published URL: https://darkpro.net/threads/us-high-balance-bin-work-for-500-by-cc-guru-%F0%9F%98%A1.23310/
Screenshots:
1 screenshot(s) available
Threat Actors: CC-GuRu
Victim Country: United States
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged US Gambler Database containing 9 million records
Category: Data Breach
Content: A threat actor is offering for sale an alleged database of US gamblers containing 9 million records. The dataset includes personally identifiable information such as full name, address, phone, email, IP address, and source URL. The seller is offering the database for $300 via Telegram.
Date: 2026-06-01T08:16:21Z
Network: openweb
Published URL: https://darkpro.net/threads/us-gambler-database-total-9m-by-redx.23313/
Screenshots:
1 screenshot(s) available
Threat Actors: ⭐ RED✘ ⭐
Victim Country: United States
Victim Industry: Gambling
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized access to European power plant by Shadow ClawZ 404
Category: Cyber Attack
Content: Shadow ClawZ 404 claims to have breached or gained access to European power plant infrastructure. The group boasts about monitoring system operations and mocks security measures, with an implicit threat of future attacks against critical infrastructure.
Date: 2026-06-01T08:15:31Z
Network: telegram
Published URL: https://t.me/c/3251820623/75
Screenshots:
2 screenshot(s) available
Threat Actors: Shadow ClawZ 404
Victim Country: Multiple European countries
Victim Industry: Energy/Critical Infrastructure
Victim Organization: European power plant(s)
Victim Site: Unknown
Alleged data leak of French Discord users scraped from major servers
Category: Data Leak
Content: A threat actor is distributing a scraped dataset of approximately 1.475 million French Discord users collected from the 100 largest French Discord servers. The dataset includes user IDs, pseudonyms, account creation dates, profile photos, connected accounts, and other profile metadata. The data is offered for free to forum members who meet a point threshold.
Date: 2026-06-01T07:29:23Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-FR-Discord-French-People-Scrap-1-5M-05-26
Screenshots:
1 screenshot(s) available
Threat Actors: DataReaper
Victim Country: France
Victim Industry: Technology
Victim Organization: Discord
Victim Site: discord.com
Alleged critical vulnerability exploitation in WP Maps Pro WordPress plugin
Category: Vulnerability
Content: Cybersecurity researchers report active exploitation of a critical vulnerability in the WP Maps Pro WordPress plugin (versions 6.1.0 and earlier) that allows unauthenticated attackers to create administrator accounts on affected WordPress sites. The vulnerability is exploitable through a temporary support feature in the plugin. Security firms have identified and blocked thousands of exploitation attempts within the past 24 hours. Website administrators are advised to update to the patched versio…
Date: 2026-06-01T06:07:22Z
Network: telegram
Published URL: https://t.me/c/1283513914/22006
Screenshots:
2 screenshot(s) available
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Unknown
Victim Industry: Web hosting / WordPress sites
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of CECYTE Aguascalientes
Category: Data Leak
Content: A threat actor leaked a CSV file allegedly containing personal data of 15,485 students from CECYTE Aguascalientes, a Mexican state-level high school system. Exposed fields include full name, student ID (matrícula), and CURP (Mexican national identity number). The data was made available via a public file-sharing link.
Date: 2026-06-01T05:56:39Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Data-leak-CECYTE-AGUASCALIENTES-MX–78526
Screenshots:
1 screenshot(s) available
Threat Actors: Salmoncoltmx
Victim Country: Mexico
Victim Industry: Education
Victim Organization: CECYTE Aguascalientes
Victim Site: Unknown
Alleged defacement of White House Instagram account during Obama administration
Category: Defacement
Content: The Instagram account of the White House during the Obama administration was compromised. The attackers posted images of Qasem Soleimani and a message stating The White House is under the control of Shiites. Meta confirmed the security incident, secured the account, and removed all content posted by the attackers. US authorities have not yet provided official statements regarding the attack details or suspected perpetrators.
Date: 2026-06-01T05:38:43Z
Network: telegram
Published URL: https://t.me/c/1283513914/22005
Screenshots:
2 screenshot(s) available
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: United States
Victim Industry: Government
Victim Organization: White House
Victim Site: instagram.com
Website Defacement of Australian Pipe Band Supplies by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On June 1, 2026, a threat actor operating under the handle azraelzer0d4y, affiliated with the group b1ohaz4rd, defaced the website of Australian Pipe Band Supplies. The incident was a targeted single-site defacement with no mass or redefacement indicators. No specific motivation or server details were disclosed.
Date: 2026-06-01T05:28:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930437
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Australia
Victim Industry: Retail / Music & Specialty Supplies
Victim Organization: Australian Pipe Band Supplies
Victim Site: www.australianpipebandsupplies…
Website Redefacement of Duro Sweden by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: The website of Duro Sweden, a Swedish company, was defaced by threat actor azraelzer0d4y operating under the team b1ohaz4rd on June 1, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised by the same or another attacker. The defacement targeted a media/custom directory path rather than the homepage, suggesting partial or subdirectory-level compromise.
Date: 2026-06-01T05:27:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930436
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Sweden
Victim Industry: Retail / Manufacturing
Victim Organization: Duro Sweden
Victim Site: www.durosweden.se
Website Defacement of GetMeABabysitter.com by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: On June 1, 2026, the website getmeababysitter.com was defaced by threat actor azraelzer0d4y, affiliated with the group b1ohaz4rd. The attack targeted a subdirectory of the childcare services platform and was a standalone, targeted defacement rather than a mass or redefacement incident. No specific motive or server details were disclosed.
Date: 2026-06-01T05:25:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930440
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Unknown
Victim Industry: Childcare Services
Victim Organization: Get Me A Babysitter
Victim Site: getmeababysitter.com
Alleged data leak of INEGI Mexico database including business directory and birth records
Category: Data Leak
Content: A threat actor known as Sativa claims to have leaked an internal database from INEGI (Mexicos national geostatistical institute), sourced from gob.mx infrastructure. The dataset allegedly includes 122,173 business directory records with contact and geolocation data, 30,363 birth records containing personal and medical information, and full cartographic data with polygon geometries. Sample records consistent with the claimed schema were shared publicly in the forum post.
Date: 2026-06-01T05:24:13Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-INEGI-Mexico-Database-Dump-122K-Businesses-30K-PII-Records
Screenshots:
2 screenshot(s) available
Threat Actors: sativa
Victim Country: Mexico
Victim Industry: Government
Victim Organization: INEGI
Victim Site: gob.mx
Website Redefacement of protectyourboundaries.ca by azraelzer0d4y (b1ohaz4rd)
Category: Defacement
Content: The website protectyourboundaries.ca, a Canadian domain, was defaced by threat actor azraelzer0d4y operating under the team b1ohaz4rd on June 1, 2026. This incident is recorded as a redefacement, indicating the site had been previously compromised by the same or a different attacker. The defacement was not part of a mass defacement campaign and did not target the sites homepage.
Date: 2026-06-01T05:23:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930439
Screenshots:
1 screenshot(s) available
Threat Actors: azraelzer0d4y, b1ohaz4rd
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Protect Your Boundaries
Victim Site: www.protectyourboundaries.ca
Website Defacement of Trick Fast Digital by CiaoxD_ of Brotherhood Capung Indonesia
Category: Defacement
Content: On June 1, 2026, the website trickfastdigital.com was defaced by threat actor CiaoxD_, operating under the hacktivist group Brotherhood Capung Indonesia. The attack resulted in a homepage defacement, replacing the original content with the attackers message. No mass defacement campaign was associated with this incident, and no specific motive was publicly stated.
Date: 2026-06-01T05:00:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930435
Screenshots:
1 screenshot(s) available
Threat Actors: CiaoxD_, Brotherhood Capung Indonesia
Victim Country: Unknown
Victim Industry: Digital Services / Technology
Victim Organization: Trick Fast Digital
Victim Site: trickfastdigital.com
Alleged sale of RDP access and compromised cloud platform credentials
Category: Initial Access
Content: Threat actor offering rental of RDP access to Azure, AWS, and DigitalOcean infrastructure for $200 daily/monthly rates. Also advertising compromised domain mail accounts, Gmail, Yahoo accounts, GitHub Student accounts, and stolen ChatGPT Plus and Claude subscriptions. Services offered with escrow protection.
Date: 2026-06-01T04:35:30Z
Network: telegram
Published URL: https://t.me/c/2613583520/94659
Screenshots:
1 screenshot(s) available
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Technology/Cloud Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Komdanas Mahkamah Agung
Category: Data Breach
Content: A threat actor on a breach forum claims to be selling or leaking a database belonging to Komdanas Mahkamah Agung, the integrated data network system of the Indonesian Supreme Court. The post includes an attachment, but no further details on record count or data fields are visible in the extracted content.
Date: 2026-06-01T04:20:03Z
Network: openweb
Published URL: https://breached.su/threads/database-pegawai-komdanas-mahkaman-agung.87787/unread
Screenshots:
1 screenshot(s) available
Threat Actors: JAX7
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Mahkamah Agung (Supreme Court of Indonesia)
Victim Site: mahkamahagung.go.id
Alleged data leak of US gun owners database
Category: Data Leak
Content: A threat actor has freely shared an alleged database of approximately 16,000 US gun owners, containing full names, email addresses, physical addresses, and weapon of choice. The origin of the data is unattributed. The dataset is gated behind forum registration.
Date: 2026-06-01T04:04:08Z
Network: openweb
Published URL: https://breachforu.ms/Thread-REPOST-GUN-OWNERS-USA-16K
Screenshots:
1 screenshot(s) available
Threat Actors: N3tw0rkSh4d0w
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of US job seekers personal data from getofficejobs.net
Category: Data Leak
Content: A threat actor has shared an alleged dataset of approximately 3 million US job seekers sourced from getofficejobs.net. The sample includes first name, last name, email address, and IP address fields. The data is being distributed freely on a breach forum.
Date: 2026-06-01T04:03:26Z
Network: openweb
Published URL: https://breachforu.ms/Thread-REPOST-JOB-SEEKERS-USA-3M
Screenshots:
1 screenshot(s) available
Threat Actors: N3tw0rkSh4d0w
Victim Country: United States
Victim Industry: Recruitment
Victim Organization: Get Office Jobs
Victim Site: getofficejobs.net
Sale of persistent web shell and RCE exploit on NASA (nasa.gov) infrastructure
Category: Initial Access
Content: A threat actor is offering for sale persistent web shell access and an associated exploit targeting a live nasa.gov web application host, claimed to be physically located within a NASA data center. The access provides www-data level remote code execution via HTTP/S and is described as capable of reaching broad internal NASA network ranges including multiple internal CIDRs behind firewalls. The seller is asking $10,000 in Monero with escrow and claims persistence survives reboots.
Date: 2026-06-01T04:00:00Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-RDP-SELLING-nasa-gov-Persistent-Web-Shell-Exploit
Screenshots:
1 screenshot(s) available
Threat Actors: hackformetome
Victim Country: United States
Victim Industry: Government
Victim Organization: NASA
Victim Site: nasa.gov
Alleged data breach of undisclosed Spanish gas company exposing IBAN and personal records
Category: Data Breach
Content: A threat actor is offering for sale a database allegedly obtained from a Spanish gas company via exploitation of a vulnerability. The dataset contains approximately 555,000 unique records including full names, phone numbers, email addresses, IBAN banking details, and location data. The seller claims the data is previously unpublished and has never been sold.
Date: 2026-06-01T03:53:37Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-Spanish-Gas-Company-Database-IBAN-Phones
Screenshots:
1 screenshot(s) available
Threat Actors: jordanbelfortwolf
Victim Country: Spain
Victim Industry: Energy
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of DIRANDRO — Peruvian National Police Anti-Drug Unit
Category: Data Breach
Content: A threat actor operating under the group L4TAMFUCK3RS claims to be selling approximately 300,000 records (~7.8GB) allegedly stolen from DIRANDRO, the Peruvian National Polices specialized anti-drug trafficking unit. The dataset purportedly contains highly sensitive personnel and operational data including full names, national ID numbers (DNI), police identification codes (CIP), residential addresses, family information, police intervention records, geographic coordinates, seized substance det
Date: 2026-06-01T03:48:40Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78522
Screenshots:
3 screenshot(s) available
Threat Actors: cantpwn
Victim Country: Peru
Victim Industry: Government
Victim Organization: DIRANDRO – Policía Nacional del Peru
Victim Site: Unknown
Sale of Business Intelligence Dataset Containing 50,000+ Executive and Company Records
Category: Data Leak
Content: A threat actor is offering a dataset of 50,000+ records purportedly containing executive and company information including names, job titles, company names, locations, and business attributes. The data spans multiple regions and industries, with sample records showing individuals in CEO and executive-adjacent roles across various organizations. The seller is directing buyers to a Telegram channel for purchase.
Date: 2026-06-01T03:17:48Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78453
Screenshots:
1 screenshot(s) available
Threat Actors: Edric
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Stansberry Research — 100,000 US consumer records
Category: Data Breach
Content: A threat actor is offering for sale an alleged database attributed to Stansberry Research and its TradeSmith platform, containing approximately 100,000 U.S. consumer records. The dataset reportedly includes full name, email, phone, mailing address, TradeSmith user IDs, account creation dates, customer status flags, and deposit references. The seller is advertising the database via Telegram and a channel marketed as a premium leads source.
Date: 2026-06-01T03:17:09Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78462
Screenshots:
1 screenshot(s) available
Threat Actors: Edric
Victim Country: United States
Victim Industry: Finance
Victim Organization: Stansberry Research
Victim Site: stansberry.com
Website Defacement of VillageMilk by CiaoxD_ of Brotherhood Capung Indonesia
Category: Defacement
Content: On June 1, 2026, the website villagemilk.com was defaced by threat actor CiaoxD_, operating under the hacktivist group Brotherhood Capung Indonesia. The attack resulted in a homepage defacement, replacing the sites content with the attackers messaging. No specific motive or reason was provided for the attack.
Date: 2026-06-01T03:08:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930434
Screenshots:
1 screenshot(s) available
Threat Actors: CiaoxD_, Brotherhood Capung Indonesia
Victim Country: Unknown
Victim Industry: Food and Beverage
Victim Organization: Village Milk
Victim Site: villagemilk.com
Sale of streaming, VPN, and gaming accounts on cracking forum
Category: Carding
Content: A forum seller is advertising an account store offering streaming, VPN, and gaming accounts for sale at low prices via an external shop. The accounts are likely obtained through credential stuffing or account takeover methods. No specific victim organization or record count is disclosed.
Date: 2026-06-01T03:00:52Z
Network: openweb
Published URL: https://cracked.st/Thread-%E2%9A%A1-THE-ULTIMATE-ACCOUNTS-STORE-%E2%AD%90-Streaming-VPNs-Gaming-Cheap-Reliable-%E2%9A%A1
Screenshots:
2 screenshot(s) available
Threat Actors: Rayie
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: genmarket.us
Alleged data breach of Gian Bo Fuegos Artificiales (Venezuelan fireworks distributor)
Category: Data Breach
Content: A threat actor is selling an alleged database dump from gianbofuegosartificiales.com, a Venezuelan fireworks distributor, for $1,300. The dataset reportedly contains approximately 768,000 records spanning three sections: customer and distributor contacts (including full names, emails, phone numbers, and addresses), fireworks order history, and distributor location data. The seller claims the data is fresh and organized, and is accepting forum escrow for the transaction.
Date: 2026-06-01T02:49:38Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78515
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Venezuela
Victim Industry: Retail
Victim Organization: Gian Bo Fuegos Artificiales
Victim Site: gianbofuegosartificiales.com
Alleged data breach of Venezuelas Ministry of Tourism (mintur.gob.ve)
Category: Data Breach
Content: A threat actor is selling an alleged dataset of 542,000 records attributed to Venezuelas Ministry of Tourism (mintur.gob.ve), priced at $1,200. The dataset reportedly includes three sections: Contacts (names, emails, phone numbers, login history, marketing data), Tourism Inquiries, and Booking History. The seller is accepting forum escrow and can be contacted via Telegram.
Date: 2026-06-01T02:49:00Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78517
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Venezuela
Victim Industry: Government
Victim Organization: Ministry of Tourism of Venezuela
Victim Site: mintur.gob.ve
Alleged data breach of MasMovil (masmovil.es) exposing 742K customer records
Category: Data Breach
Content: A threat actor is selling an alleged dataset from Spanish telecom provider MasMovil (masmovil.es) for $1,200, claiming it contains approximately 742,000 records. The dataset is structured across three tables — Contacts, Orders, and Support Tickets — and reportedly includes full customer PII (name, address, email, phone, date of birth, tax ID, password hashes), order and billing details, and support ticket contents. Sample files are provided via Gofile links.
Date: 2026-06-01T02:25:05Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78493
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Spain
Victim Industry: Telecommunications
Victim Organization: MasMovil
Victim Site: masmovil.es
Alleged data breach of GAME España (game.es)
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from the Spanish video game retailer GAME (game.es), purportedly containing approximately 284,000 records. The data is structured across three sections covering customer contacts (including names, emails, phone numbers, addresses, Tax IDs, and encrypted passwords), order history, and loyalty/membership information including VIP status and points balances. The seller is asking $1,200 and directing buyers to contact via Telegram.
Date: 2026-06-01T02:24:20Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78494
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Spain
Victim Industry: Retail
Victim Organization: GAME España
Victim Site: game.es
Alleged data breach of PChome EC (pchomeec.com.tw) exposing 437K records
Category: Data Breach
Content: A threat actor is selling an alleged dataset from pchomeec.com.tw containing approximately 437,000 records across three sections: customer contacts (including names, emails, phone numbers, IP addresses, and physical addresses), support tickets, and order transactions (including payment method, shipping/billing addresses, and order details). The data is priced at $1,200 and the seller accepts forum escrow for transactions.
Date: 2026-06-01T02:23:36Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78495
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Taiwan
Victim Industry: Retail
Victim Organization: PChome EC
Victim Site: pchomeec.com.tw
Alleged data breach of PCstore Taiwan (pcstore.com.tw)
Category: Data Breach
Content: A threat actor is offering for sale an alleged dataset of approximately 487,000 records originating from pcstore.com.tw, a Taiwanese e-commerce platform. The dataset is structured across three sections — Contact, Order, and Deliverytracking — containing customer personal information, order and payment details, and shipment tracking data. The data includes names, email addresses, phone numbers, physical addresses, payment methods, and delivery tracking information.
Date: 2026-06-01T02:22:57Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78496
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Taiwan
Victim Industry: Retail
Victim Organization: PCstore
Victim Site: pcstore.com.tw
Alleged data breach of undisclosed Taiwanese organization exposing personal and contact records
Category: Data Breach
Content: A threat actor is selling a dataset allegedly originating from an undisclosed Taiwanese organization, comprising approximately 237,000 records across three structured sections: Contacts, Support Tickets, and Booking History. The exposed data includes full names, email addresses, phone numbers, physical addresses, payment details, and service history. Sample files were shared via Gofile links.
Date: 2026-06-01T02:22:20Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78497
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Taiwan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Baan Lae Suan (baanlaesuan.com) exposing 413K Thai business contacts and financials
Category: Data Breach
Content: A threat actor is selling a dataset allegedly originating from baanlaesuan.com, a Thai home improvement platform, for $1,300. The dataset reportedly contains 413,000 records across three sections: business contacts (including names, emails, phone numbers, and addresses), shop financials (capital amounts, annual revenue, net profit), and shop documents (file paths, document passwords, and compliance records). Sample download links are provided via Gofile.
Date: 2026-06-01T02:21:56Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78498
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Thailand
Victim Industry: Retail
Victim Organization: Baan Lae Suan
Victim Site: baanlaesuan.com
Alleged data breach of Pramool (pramool.com) exposing contact, transaction, and login records
Category: Data Breach
Content: A threat actor is offering an alleged database dump from pramool.com containing approximately 483,000 records organized across three sections: Contacts (including names, emails, phone numbers, and CRM data), Transaction Histories (including payment methods, revenue amounts, and billing addresses), and Shop Logins and Security (including login credentials, password hashes, session tokens, and two-factor authentication details). Sample files have been shared via Gofile links as proof.
Date: 2026-06-01T02:21:05Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78499
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Thailand
Victim Industry: Retail
Victim Organization: Pramool
Victim Site: pramool.com
Alleged data breach of Kaidee (kaidee.com) exposing user contacts, shop financials, and registrations
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from kaidee.com, a Thai online marketplace, comprising approximately 527,000 records across three sections: Contacts (user and shop owner personal details including names, emails, phone numbers, and addresses), Shopfinancials (business metrics such as revenue, profit margins, and tax IDs), and Shopregistrations (account credentials including password hashes, registration documents, and operational details). The dataset contains a broad r…
Date: 2026-06-01T02:20:28Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78500
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Thailand
Victim Industry: Retail
Victim Organization: Kaidee
Victim Site: kaidee.com
Alleged data breach of Keejob Tunisia employment platform
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from keejob.com, a Tunisian employment platform, containing approximately 137,000 records across three sections: contacts with personal and communication details, email campaign logs, and job applications including applicant PII, résumé references, salary expectations, and application statuses. The data is being sold and described as fresh and organized.
Date: 2026-06-01T02:19:41Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78501
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Tunisia
Victim Industry: Recruitment
Victim Organization: Keejob
Victim Site: keejob.com
Alleged data breach of Mytelnet (Tunisia) exposing 478K customer records
Category: Data Breach
Content: A threat actor is selling an alleged dataset from Mytelnet (mytelnet.tn), a Tunisian telecommunications provider, for $1,000. The dataset purportedly contains 478,000 records across three sections: customer contacts (including names, emails, phone numbers, addresses, password hashes), product usage profiles, and household demographic data. The data includes sensitive personal and marketing information such as income brackets, marital status, and employment status.
Date: 2026-06-01T02:19:05Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78502
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Tunisia
Victim Industry: Telecommunications
Victim Organization: Mytelnet
Victim Site: mytelnet.tn
Alleged Sale of Counterfeit Currency (Fake Banknotes)
Category: Cyber Attack
Content: Multiple users promoting the sale of counterfeit banknotes through Telegram channels with links to dedicated marketplaces. Posts reference premium counterfeit currency and top-tier fake banknotes with active recruitment and distribution channels.
Date: 2026-06-01T02:12:22Z
Network: telegram
Published URL: https://t.me/c/2613583520/94567
Screenshots:
1 screenshot(s) available
Threat Actors: Boss Shop
Victim Country: Unknown
Victim Industry: Financial/Currency
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of fresh database dumps across multiple countries and platforms
Category: Data Breach
Content: Threat actor offering fresh database access covering multiple countries (UK, DE, JP, NL, BR, PL, ES, US, IT) with specific platform targets including Roblox, eBay, OfferUp, PSN, Booking, Uber, Poshmark, Alibaba, Walmart, Amazon, Mercari, Kleinanzeigen, and neosurf. Seller claims to own private cloud infrastructure and offers inbox access. Contact via Telegram DM.
Date: 2026-06-01T01:57:48Z
Network: telegram
Published URL: https://t.me/c/2613583520/94584
Screenshots:
1 screenshot(s) available
Threat Actors: Num
Victim Country: United Kingdom, Germany, Japan, Netherlands, Brazil, Poland, Spain, United States, Italy
Victim Industry: Multiple (e-commerce, gaming, travel, payment services)
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of AT&T Mobile consumer database with 500K+ records
Category: Data Breach
Content: A threat actor is selling an alleged AT&T Mobile consumer database containing 500,000+ records dated 2024-2025. The dataset includes full names, primary and secondary phone numbers, street addresses, and email addresses for US-based consumers. Sample records are provided in the post to substantiate the claim.
Date: 2026-06-01T01:56:22Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78472
Screenshots:
1 screenshot(s) available
Threat Actors: Edric
Victim Country: United States
Victim Industry: Telecommunications
Victim Organization: AT&T
Victim Site: att.com
Alleged data breach of Noon.com exposing customer contact and identity records
Category: Data Breach
Content: A threat actor is selling an alleged dataset from noon.com, a Saudi Arabia-based e-commerce platform, for $1,400. The dataset reportedly contains approximately 738,000 records spanning customer contact details (name, DOB, email, phone, address, social profiles), KYC identity card records, and branch store profiles. The data includes sensitive personal and identity verification fields potentially usable for fraud or targeted attacks.
Date: 2026-06-01T01:55:37Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78481
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Saudi Arabia
Victim Industry: Retail
Victim Organization: Noon
Victim Site: noon.com
Alleged data breach of Saudi Arabia Nitaqat Portal (nitaqat.com.sa)
Category: Data Breach
Content: A threat actor is selling an alleged dataset from nitaqat.com.sa, Saudi Arabias Nitaqat labor compliance portal, for $900. The dataset reportedly contains 437,000 records spanning contacts (names, emails, phone numbers, job titles, addresses), support tickets, and booking history. The seller claims the data is fresh and organized across three interconnected sections.
Date: 2026-06-01T01:54:48Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78483
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Saudi Arabia
Victim Industry: Government
Victim Organization: Nitaqat Portal
Victim Site: nitaqat.com.sa
Alleged data breach of Takaful Insurance (takaful.org.sa) exposing customer contacts, insurance applications, and support tickets
Category: Data Breach
Content: A threat actor is selling an alleged dataset from takaful.org.sa, a Saudi Arabian Takaful insurance provider, for $1,100. The dataset reportedly contains approximately 528,000 records across three sections: customer contacts (including full names, emails, phone numbers, addresses, and access levels), insurance applications, and support tickets. The data includes personally identifiable information such as birthdates, mailing addresses, and secondary emails.
Date: 2026-06-01T01:54:10Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78484
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Saudi Arabia
Victim Industry: Finance
Victim Organization: Takaful Insurance
Victim Site: takaful.org.sa
Alleged data breach of Telkom South Africa with 742K customer records
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from Telkom South Africa (telkom.co.za) containing approximately 742,000 records. The dataset is structured across three sections — Contacts, Subscription Contracts, and Support Tickets — and includes personally identifiable information such as national ID numbers, dates of birth, contact details, billing information, and support interaction logs. Sample download links are provided via Gofile.
Date: 2026-06-01T01:53:26Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78485
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: South Africa
Victim Industry: Telecommunications
Victim Organization: Telkom
Victim Site: telkom.co.za
Sale of Canada B2B Business Dataset with 13,000+ Records
Category: Data Breach
Content: A threat actor is offering a Canada-wide B2B dataset containing 13,000+ business contact records including names, cities, provinces, postal codes, email domains, and phone availability flags. The dataset is advertised for sale via Telegram and covers all Canadian provinces. The origin and source of the data are not disclosed.
Date: 2026-06-01T01:53:05Z
Network: openweb
Published URL: https://breachforu.ms/Thread-International-Canada-Business-Dataset-B2B-Directory
Screenshots:
1 screenshot(s) available
Threat Actors: Vyntra
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Midas South Africa (midas.co.za)
Category: Data Breach
Content: A threat actor is selling an alleged database originating from midas.co.za, a South African retail organization. The dataset reportedly contains approximately 463,000 customer records spanning three tables: customer contact information, delivery addresses, and sales orders, including fields such as email addresses, phone numbers, VAT numbers, order totals, and payment status. Sample files were shared via Gofile links as proof.
Date: 2026-06-01T01:52:45Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78486
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: South Africa
Victim Industry: Retail
Victim Organization: Midas
Victim Site: midas.co.za
Alleged data breach of Wanderers Club South Africa with member profiles and event booking records
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from wanderers.co.za, a South African sports club, for $1,200. The dataset reportedly contains approximately 674,000 records spanning three sections: member contact profiles (including name, email, phone, gender, age range), sports membership details (payment status, membership type, sport preferences), and event booking history (payment amounts, cancellations, check-in status). Sample files were shared via Gofile links as proof.
Date: 2026-06-01T01:51:58Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78487
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: South Africa
Victim Industry: Sports & Recreation
Victim Organization: Wanderers Club
Victim Site: wanderers.co.za
Alleged data breach of 11ST (11st.co.kr) exposing 652K customer records
Category: Data Breach
Content: A threat actor is selling an alleged database originating from South Korean e-commerce platform 11st.co.kr, claiming 652,000 records organized across three sections: Contacts, Orders, and Referrals. The dataset purportedly includes customer personal details (name, email, phone, address, birthday, gender), order and payment transaction data (settlement amounts, bank info, delivery details), and marketing/referral attribution data.
Date: 2026-06-01T01:51:20Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78488
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: South Korea
Victim Industry: Retail
Victim Organization: 11ST
Victim Site: 11st.co.kr
Alleged data breach of i-mall.co.kr with vendor bank accounts, contacts, and sales orders
Category: Data Breach
Content: A threat actor is offering for sale a dataset allegedly originating from i-mall.co.kr, a South Korean e-commerce platform, priced at $1,400. The dataset reportedly contains approximately 742,000 records spanning three sections: contacts (including emails, phone numbers, company details, and financial metadata), vendor bank accounts (including bank account numbers, SWIFT codes, and payment terms), and sales orders (including order totals, payment status, and shipping details). The seller is accep…
Date: 2026-06-01T01:50:38Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78489
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: South Korea
Victim Industry: Retail
Victim Organization: i-mall
Victim Site: i-mall.co.kr
Alleged data breach of Mirae-N (mirae-n.com) exposing 745,000 South Korean customer records
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from mirae-n.com, a South Korean organization, containing approximately 745,000 records across three sections: Contact (personal and demographic data including names, addresses, emails, phone numbers, and child information), Purchase History (transactional and payment data), and Login and Security (encrypted passwords, session tokens, MFA settings, and IP addresses). Sample files were shared via external hosting links.
Date: 2026-06-01T01:49:55Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78491
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: South Korea
Victim Industry: Retail
Victim Organization: Mirae-N
Victim Site: mirae-n.com
Alleged data breach of Fundación Tripartita with 642,000 records
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from fundaciontripartita.org, a Spanish professional training organization. The dataset reportedly contains 642,000 records across three sections — Contacts, Companies, and Course Enrollments — including personally identifiable information such as names, tax ID numbers, email addresses, phone numbers, dates of birth, and certification details. Sample data is linked via a file-sharing service.
Date: 2026-06-01T01:49:17Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78492
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Spain
Victim Industry: Education
Victim Organization: Fundación Tripartita
Victim Site: fundaciontripartita.org
Alleged sale of compromised Kodex account with access to 320+ companies
Category: Initial Access
Content: Threat actor offering sale of a Kodex account claimed to provide access to 320+ companies and platforms including Discord, Coinbase, and Roblox. Account is marketed as suitable for submitting EDR (Endpoint Detection and Response) requests to major companies. Price listed at $4,000 with escrow payment required. Full company list available via Pastebin link.
Date: 2026-06-01T01:34:16Z
Network: telegram
Published URL: https://t.me/c/3468046329/1551
Screenshots:
2 screenshot(s) available
Threat Actors: prodesp
Victim Country: Unknown
Victim Industry: Multiple
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of compromised Kodex account with access to 320+ companies
Category: Initial Access
Content: Threat actor offering sale of a compromised Kodex account for $4,000 USD via escrow. The account allegedly provides access to 320+ ready-to-use companies and is marketed as suitable for submitting EDR (Endpoint Detection and Response) requests to major companies and platforms including Discord, Coinbase, and Roblox. Full company list referenced on Pastebin.
Date: 2026-06-01T01:33:53Z
Network: telegram
Published URL: https://t.me/c/3468046329/1550
Screenshots:
2 screenshot(s) available
Threat Actors: operador
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of hotelsinnederland.nl exposing contact and booking records
Category: Data Breach
Content: A threat actor is selling a dataset allegedly originating from hotelsinnederland.nl containing approximately 287,000 records across three sections: customer contacts (including names, emails, phone numbers, addresses, and birthdates), hotel property details, and booking transaction history. The data includes personally identifiable information such as guest preferences, booking financials, and contact details.
Date: 2026-06-01T01:25:27Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78469
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Netherlands
Victim Industry: Hospitality
Victim Organization: Hotels in Nederland
Victim Site: hotelsinnederland.nl
Alleged data breach of Yellow Pages New Zealand (yellow.co.nz)
Category: Data Breach
Content: A threat actor is selling an alleged database dump from yellow.co.nz containing approximately 237,000 records spanning three tables: Contacts (including names, emails, phone numbers, hashed passwords, and marketing data), Businesses (including payment information, annual revenue, and contract details), and Accesslogs (including IP addresses, login methods, and session data). The dataset is priced at $900 and offered via Telegram contact with forum escrow accepted.
Date: 2026-06-01T01:24:40Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78471
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: New Zealand
Victim Industry: Business Services
Victim Organization: Yellow New Zealand
Victim Site: yellow.co.nz
Alleged data breach of Pakistan Securities and Exchange Commission (SECP)
Category: Data Breach
Content: A threat actor is selling an alleged database dump originating from secp.gov.pk, the Securities and Exchange Commission of Pakistan, for $1,000. The dataset reportedly contains approximately 387,000 records across three sections: Contacts (including usernames, password hashes, emails, phone numbers, and job titles), Member Interests, and Member Offices with geolocation data. The actor claims the data is fresh and organized for research or outreach purposes.
Date: 2026-06-01T01:24:03Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78473
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Pakistan
Victim Industry: Government
Victim Organization: Securities and Exchange Commission of Pakistan
Victim Site: secp.gov.pk
Alleged data breach of OLX Philippines
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from olx.com.ph containing approximately 623,000 records. The dataset includes personal contact details (full name, email, phone, address), distributor account information, and order transaction records organized across three sections. The seller is asking $1,200 and accepts forum escrow for the transaction.
Date: 2026-06-01T01:23:13Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78474
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Philippines
Victim Industry: Retail
Victim Organization: OLX Philippines
Victim Site: olx.com.ph
Alleged data breach of Radio Popular (radiopopular.pt) exposing customer contacts, orders, and shipping data
Category: Data Breach
Content: A threat actor is selling an alleged dataset from radiopopular.pt, a Portuguese consumer electronics retailer, priced at $900. The dataset reportedly contains 437,000 records spanning three sections: customer contacts (including full name, email, phone, tax ID, and marketing data), orders (including payment method, amounts, and invoice details), and shipping deliveries (including addresses, tracking details, and delivery status).
Date: 2026-06-01T01:22:37Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78475
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Portugal
Victim Industry: Retail
Victim Organization: Radio Popular
Victim Site: radiopopular.pt
Alleged data breach of Radio Popular (radiopopular.pt)
Category: Data Breach
Content: A threat actor is selling an alleged dataset from radiopopular.pt, a Portuguese electronics retailer, containing approximately 237,000 records. The dataset reportedly includes customer contact details (names, emails, phone numbers, tax IDs, addresses), order history, and support ticket records. The seller is asking $1,000 and accepting forum escrow.
Date: 2026-06-01T01:22:01Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78476
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Portugal
Victim Industry: Retail
Victim Organization: Radio Popular
Victim Site: radiopopular.pt
Alleged data breach of Continente (continente.pt) exposing ~576K customer records
Category: Data Breach
Content: A threat actor is offering an alleged dataset of approximately 576,000 customer records from Portuguese retail platform continente.pt. The dataset is structured across three sections covering customer contact details (including full name, Tax ID, email, phone, address), order history (including payment method, amounts, and delivery data), and notification preferences with consent tracking. The data includes sensitive fields such as Tax ID numbers, lifetime value, loyalty program enrollment, and
Date: 2026-06-01T01:21:20Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78477
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Portugal
Victim Industry: Retail
Victim Organization: Continente
Victim Site: continente.pt
Alleged data breach of Wildberries (wildberries.ru) with 732K customer records
Category: Data Breach
Content: A threat actor is selling an alleged dataset from Russian retail platform Wildberries (wildberries.ru) for $900, claiming approximately 732,000 records. The dataset purportedly includes customer contact details (emails, phone numbers, encrypted passwords, last login IPs, marketing consent flags), wishlist data, and store address metadata organized across three structured sections. Sample files are hosted on Gofile for prospective buyers to verify.
Date: 2026-06-01T01:20:35Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78478
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Russia
Victim Industry: Retail
Victim Organization: Wildberries
Victim Site: wildberries.ru
Alleged data breach of forum.sevcable.ru
Category: Data Breach
Content: A threat actor is offering for sale a dataset allegedly originating from forum.sevcable.ru, a Russian online forum. The dataset purportedly contains 492,000 records spanning user contact profiles, support tickets, and authentication data including hashed passwords, IP addresses, and login history. The seller is asking $1,200 and accepting forum escrow for the transaction.
Date: 2026-06-01T01:19:50Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78479
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Russia
Victim Industry: Technology
Victim Organization: Sevcable Forum
Victim Site: forum.sevcable.ru
Alleged data breach of Rosmolodezh (Russian Federal Agency for Youth Affairs)
Category: Data Breach
Content: A threat actor is selling an alleged dataset from rosmolodezh.ru, the Russian Federal Agency for Youth Affairs, comprising approximately 478,000 records across three sections: personal contacts (including full names, emails, phone numbers, and postal addresses), conference participation records, and university profiles with rector contact details. The dataset is offered for $1,100 via Telegram.
Date: 2026-06-01T01:19:14Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78480
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Russia
Victim Industry: Government
Victim Organization: Rosmolodezh
Victim Site: rosmolodezh.ru
Alleged data leak of China National Copyright Administration (xinda-pt.cn)
Category: Data Leak
Content: A threat actor affiliated with Anka Red Team claims to have leaked a database of 47,659 records from xinda-pt.cn, associated with the China National Copyright Administration. The leaked data reportedly includes full names, gender, email addresses, mobile phone numbers, ID numbers, student/employee IDs, and regional/institutional information. The data was made available on a Turkish hacking forum.
Date: 2026-06-01T00:59:34Z
Network: openweb
Published URL: https://www.turkhackteam.org/konular/cin-ulusal-telif-hakki-idaresi-47k-database-leak-ankateam.2083069/
Screenshots:
2 screenshot(s) available
Threat Actors: ‘SALDIRGAN
Victim Country: China
Victim Industry: Government
Victim Organization: China National Copyright Administration
Victim Site: xinda-pt.cn
Alleged data breach of Fastweb Italy with consumer contact and subscription data
Category: Data Breach
Content: A threat actor is offering an alleged dataset purportedly originating from Fastweb, an Italian telecommunications provider, comprising approximately 536,000 records. The dataset is structured across three sections — Contacts, Subscriptions, and Support Requests — and includes highly sensitive fields such as full names, birth dates, tax codes, VAT numbers, hashed passwords, phone numbers, physical addresses, contract details, payment methods, and support ticket logs. Sample download links were sh…
Date: 2026-06-01T00:54:22Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78457
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Italy
Victim Industry: Telecommunications
Victim Organization: Fastweb
Victim Site: fastweb.it
Alleged data breach of Japans National Personnel Authority (jinji.go.jp)
Category: Data Breach
Content: A threat actor is selling an alleged dataset of 742,000 records originating from jinji.go.jp, the website of Japans National Personnel Authority. The dataset reportedly includes personal contact information, payroll records (including bank account details and tax data), and departmental assignments for Japanese government staff. The seller is asking $900 and accepts forum escrow.
Date: 2026-06-01T00:53:45Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78458
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Japan
Victim Industry: Government
Victim Organization: National Personnel Authority of Japan
Victim Site: jinji.go.jp
Alleged data breach of Kumon Japan (kumon.ne.jp) — 612K personal contact records
Category: Data Breach
Content: A threat actor is selling an alleged dataset from kumon.ne.jp, a Japanese educational services provider, comprising approximately 612,000 records across three sections: Contacts, Student Enrollments, and Support Tickets. The Contacts section includes full names, dates of birth, phone numbers, addresses, email addresses, and marketing preferences. The dataset is priced at $1,100 and offered via Telegram or forum private message.
Date: 2026-06-01T00:53:08Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78459
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Japan
Victim Industry: Education
Victim Organization: Kumon
Victim Site: kumon.ne.jp
Alleged data breach of au.com (KDDI) exposing customer contact and account data
Category: Data Breach
Content: A threat actor is selling an alleged dataset from my.au.com, the customer portal of Japanese telecommunications provider au (KDDI), for $1,200. The dataset reportedly contains approximately 243,000 records spanning three tables: Contacts (including full names, email addresses, phone numbers, and encrypted passwords), Serviceorders (subscription and billing details), and Supporttickets. Sample files were shared via Gofile links as proof.
Date: 2026-06-01T00:52:31Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78460
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Japan
Victim Industry: Telecommunications
Victim Organization: au (KDDI)
Victim Site: my.au.com
Alleged data leak of email addresses and phone numbers of Spanish public figures
Category: Data Leak
Content: A threat actor known as catwoman (with fuzy) has leaked email addresses and phone numbers of notable Spanish public figures, including the President of the Government of Spain. The data was reportedly obtained via an Instagram vulnerability and OSINT techniques. The leak was shared freely on PwnForums as hidden content requiring a reply to access.
Date: 2026-06-01T00:52:08Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-Email-Phone-Famous-People-From-Spain-Leak
Screenshots:
1 screenshot(s) available
Threat Actors: catwoman
Victim Country: Spain
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Jelgavas Veseliba (Latvia healthcare provider) exposing patient records
Category: Data Breach
Content: A threat actor is selling an alleged dataset of 237,000 records from Latvian healthcare provider Jelgavas Veseliba for $1,100. The dataset reportedly contains patient personal identifiers (personal ID, passport number, date of birth, contact details), appointment booking history, and medical education records. The data is structured across three interconnected tables and is offered via Telegram contact with forum escrow accepted.
Date: 2026-06-01T00:51:54Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78461
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Latvia
Victim Industry: Healthcare
Victim Organization: Jelgavas Veseliba
Victim Site: jelgavasveseliba.lv
Alleged data breach of Standard Lesotho Bank
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from Standard Lesotho Bank, containing approximately 472,000 records across three sections: customer personal information (including national IDs, hashed passwords, KYC status, and risk profiles), loan application records, and customer support tickets. The data includes highly sensitive financial and identity fields such as national IDs, loan amounts, credit check results, and relationship manager assignments.
Date: 2026-06-01T00:50:58Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78463
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Lesotho
Victim Industry: Finance
Victim Organization: Standard Lesotho Bank
Victim Site: standardlesothobank.co.ls
Alleged data breach of Mexicos National Council of Science and Technology (CONACYT)
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from Mexicos CONACYT (conacyt.gob.mx), containing approximately 384,000 records across three tables: Contacts (researcher and reviewer PII including names, emails, phone numbers, and LinkedIn profiles), Reviewassignments (scientific review committee details and peer rankings), and Usercredentials (hashed passwords, session tokens, security question hashes, and MFA configuration). Sample download links are provided via Gofile.
Date: 2026-06-01T00:50:07Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78464
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Mexico
Victim Industry: Government
Victim Organization: National Council of Science and Technology (CONACYT)
Victim Site: conacyt.gob.mx
Alleged data breach of CSI Telecom Mexico
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from CSI Telecom (csitelecom.com.mx), a Mexican telecommunications provider. The data encompasses approximately 732,000 records across three structured sections: Contacts (including full name, email, phone, address, birth date, and gender), Support Tickets, and Service Orders (including payment method, billing account, and installation address). Sample download links were provided via Gofile.
Date: 2026-06-01T00:49:29Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78465
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Mexico
Victim Industry: Telecommunications
Victim Organization: CSI Telecom
Victim Site: csitelecom.com.mx
Alleged data breach of zorgverzekerenvergelijk.nl exposing health insurance customer data
Category: Data Breach
Content: A threat actor is selling an alleged dataset from Dutch health insurance comparison platform zorgverzekerenvergelijk.nl, comprising approximately 417,000 records. The dataset includes three sections: customer contact details (name, email, phone, address), insurance quote request data (coverage amounts, premium estimates, risk scores), and user access logs (IP addresses, password hashes, session IDs, MFA status). The data is offered with sample download links on an external file-sharing service.
Date: 2026-06-01T00:48:54Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78467
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Netherlands
Victim Industry: Healthcare
Victim Organization: Zorgverzekeren Vergelijk
Victim Site: zorgverzekerenvergelijk.nl
Alleged data breach of Vliegershop (vliegershop.nl)
Category: Data Breach
Content: A threat actor is selling an alleged database dump from vliegershop.nl, a Netherlands-based retail site, containing approximately 875,000 records. The dataset includes customer contact details (names, emails, phones, IP addresses, social media handles), order transaction records, and shipping addresses organized across three interconnected tables. Sample download links were provided via Gofile.
Date: 2026-06-01T00:48:11Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78468
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Netherlands
Victim Industry: Retail
Victim Organization: Vliegershop
Victim Site: vliegershop.nl
Sale of stolen credit cards for multiple countries
Category: Carding
Content: A threat actor is offering stolen credit cards purportedly covering multiple countries including the USA, UK, EU, Canada, and others. The seller advertises the cards as legitimate and affordable, directing interested buyers to a Telegram contact. No specific victim organization or record count is disclosed.
Date: 2026-06-01T00:35:32Z
Network: openweb
Published URL: https://demonforums.net/Thread-Ccs-For-All-Countries-%E2%9A%A1%EF%B8%8FOUT-ON-DISCOUNT–206372
Screenshots:
1 screenshot(s) available
Threat Actors: Trewgoree
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of discounted gift cards and verified financial accounts on cybercrime forum
Category: Carding
Content: A threat actor is offering discounted gift cards (including Visa, Amazon, Steam, and others) and verified financial accounts (PayPal, Coinbase, Binance, Cashapp, Stripe, and more) for sale on a cybercrime forum. Payment is accepted via cryptocurrency, PayPal, Steam trades, or gift cards. The seller references a Telegram handle (@StyleCarding) and claims 200+ reputation points on a cracking site.
Date: 2026-06-01T00:34:33Z
Network: openweb
Published URL: https://demonforums.net/Thread-Selling-Cheapest-Giftcard-50-for-100-and-Verified-Accounts–206377
Screenshots:
1 screenshot(s) available
Threat Actors: Resddyggyy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Vlachakis Systems (vlachakis-systems.gr)
Category: Data Breach
Content: A threat actor is selling a dataset allegedly originating from vlachakis-systems.gr, a Greek organization. The dataset contains approximately 284,000 records spanning contacts (including full names, emails, phone numbers, addresses, LinkedIn/Facebook profiles), support tickets, and a product catalogue, priced at $1,300.
Date: 2026-06-01T00:23:06Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78447
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Greece
Victim Industry: Technology
Victim Organization: Vlachakis Systems
Victim Site: vlachakis-systems.gr
Alleged data breach of HKT Limited (hkt.com) exposing telecom customer database
Category: Data Breach
Content: A threat actor is selling an alleged database dump from HKT Limited, a Hong Kong telecom provider, containing approximately 482,000 records. The dataset includes customer contact information (names, emails, phone numbers, mailing addresses), service orders, and support tickets with verified email and phone fields. The seller is asking $900 and accepts forum escrow for the transaction.
Date: 2026-06-01T00:22:21Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78448
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Hong Kong
Victim Industry: Telecommunications
Victim Organization: HKT Limited
Victim Site: hkt.com
Alleged data breach of Vatera.hu Hungarian e-commerce platform
Category: Data Breach
Content: A threat actor is selling an alleged dataset obtained from vatera.hu, a Hungarian e-commerce marketplace, for $900. The dataset reportedly contains approximately 492,000 records spanning three sections: Contacts (user PII including email, phone, full name, and login data), SellerProfiles (seller account details, tax IDs, business license numbers, and fraud/compliance flags), and SupportTickets (case management data including chat transcripts and customer satisfaction scores).
Date: 2026-06-01T00:21:44Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78449
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Hungary
Victim Industry: Retail
Victim Organization: Vatera
Victim Site: vatera.hu
Alleged data breach of Mobilfox (mobilfox.hu) exposing customer contacts, vehicle leads, and service appointments
Category: Data Breach
Content: A threat actor is selling an alleged database dump from Mobilfox, a Hungarian vehicle/telecom retailer, comprising approximately 312,000 records across three datasets: customer contacts, vehicle leads, and service appointments. Exposed fields include names, email addresses, phone numbers, addresses, vehicle details, financial deal values, and appointment records. The dataset is being offered for $1,100 with sample files hosted on Gofile.
Date: 2026-06-01T00:21:07Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78450
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Hungary
Victim Industry: Retail
Victim Organization: Mobilfox
Victim Site: mobilfox.hu
Alleged data breach of ugyvedek.net — Hungarian legal professionals contact database
Category: Data Breach
Content: A threat actor is selling a dataset allegedly sourced from ugyvedek.net, a Hungarian legal professionals platform, for $1,200. The dataset contains approximately 187,000 records spanning three sections: contacts (names, emails, phone numbers, addresses), consultation requests (legal inquiry details, assigned lawyer IDs, case data), and subscription management records. The data includes personally identifiable information and legal consultation details of clients and legal professionals.
Date: 2026-06-01T00:20:30Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78451
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Hungary
Victim Industry: Legal
Victim Organization: ugyvedek.net
Victim Site: ugyvedek.net
Sale of alleged database from Byjus Exam Prep containing student and guardian contact data
Category: Data Breach
Content: A threat actor is selling an alleged database originating from byjusexamprep.com, an Indian online education platform. The dataset reportedly contains approximately 592,000 records across three sections: student and guardian contact details (including names, addresses, phone numbers, password hashes, and social profiles), student enrollment records (including course fees, payment status, and academic session data), and user login session data (including IP addresses, device info, and MFA status)…
Date: 2026-06-01T00:19:48Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78452
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: India
Victim Industry: Education
Victim Organization: Byjus Exam Prep
Victim Site: byjusexamprep.com
Alleged data leak of French B2B company database scraped from public sources
Category: Data Leak
Content: A threat actor is sharing a database of companies registered in France, reportedly generated using IQUALIF, a tool that scrapes Yellow Pages and cross-references the SIREN business registry. The dataset allegedly includes landline and mobile phone numbers for French businesses, with the record count estimated at hundreds of thousands to potentially millions of entries. The data is made available behind a forum point-paywall.
Date: 2026-06-01T00:19:32Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-FRANCE-DATABASE-B2B-ALL-OF-THE-COMPANIES-REGISTERED-IN-FRANCE
Screenshots:
1 screenshot(s) available
Threat Actors: MartySupereme
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Fortis Healthcare exposing patient contact and admission records
Category: Data Breach
Content: A threat actor is selling an alleged dataset of 437,000 records originating from Fortis Healthcare, a major Indian hospital network. The dataset reportedly includes three interconnected sections: patient/contact personal information (name, DOB, phone, email, address), hospital admission records (ward assignments, physician details, billing codes, insurance policy IDs), and prospective patient inquiry leads. The data is being offered for $1,000 via Telegram.
Date: 2026-06-01T00:19:11Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78454
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: India
Victim Industry: Healthcare
Victim Organization: Fortis Healthcare
Victim Site: fortishealthcare.com
Alleged data breach of Wind Tre (windtre.it) exposing 563K Italian telecom customer profiles
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from Wind Tre (windtre.it), an Italian telecommunications provider, containing approximately 563,000 customer records. The dataset is structured across three sections — Contacts, Device Registrations, and Contract Subscriptions — and includes personal identifiers (name, date of birth, fiscal code, VAT number), contact details, hashed passwords, Wi-Fi credentials, device registration data, and contract/subscription information. Sample files…
Date: 2026-06-01T00:18:27Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78455
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Italy
Victim Industry: Telecommunications
Victim Organization: Wind Tre
Victim Site: windtre.it
Alleged data breach of Gruppo Ferrovie Italiane
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from Gruppo Ferrovie Italiane, Italys railway group, containing approximately 492,000 records. The dataset spans three sections — Contacts, Ticketing Support Requests, and Order History — and includes personally identifiable information such as names, addresses, email addresses, phone numbers, dates of birth, encrypted passwords, and CRM metadata. The data is being offered for sale on a dark web forum.
Date: 2026-06-01T00:17:49Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78456
Screenshots:
1 screenshot(s) available
Threat Actors: Rupert
Victim Country: Italy
Victim Industry: Transportation
Victim Organization: Gruppo Ferrovie Italiane
Victim Site: gruppoferrovieitaliane.it

Executive Summary

1. Critical Infrastructure and Advanced Exploitation

2. Mega-Breaches (10 Million+ Records)

3. The “Rupert” Data Broker Ecosystem

4. Geopolitics, Hacktivism, and Retaliatory Extortion

5. High-Volume Website Defacement Campaigns

6. Government, Military, and Law Enforcement Compromises

7. Commercial, Retail, and Healthcare Data Leaks

8. Malware, Vulnerabilities, and Initial Access Markets

Related Posts

[October-30-2025] Daily Cybersecurity Threat Report

[March-17-2026] Daily Cybersecurity Threat Report

[April-29-2026] Daily Cybersecurity Threat Report