[June-04-2026] Daily Cybersecurity Threat Report

Executive Summary

This report provides a detailed analysis of cyber incidents detected between June 3 and June 4, 2026. The intelligence gathered reveals a highly active cybercrime landscape characterized by massive data breaches, widespread website defacements, and a thriving underground economy for exploits, malware, and compromised credentials.

A significant portion of the data breach activity during this period was driven by a single threat actor, “Aquahack,” who executed a large-scale campaign exposing millions of records across diverse global industries. Simultaneously, the threat group “0xteam,” primarily operating through the actor “chinafans,” engaged in an extensive mass-defacement campaign targeting small to medium-sized enterprises worldwide. Furthermore, specialized threat groups such as “LunarisSec” focused their efforts on French government and legal infrastructure, exploiting vulnerabilities such as SQL injections and cross-site scripting (XSS) to exfiltrate sensitive data. The underground markets remained robust, with threat actors trading zero-day exploits, initial access brokering, and vast repositories of personally identifiable information (PII) and financial data.

Threat Actor Deep Dive: The Aquahack Operations

The threat actor known as “Aquahack” was the most prolific entity regarding data breaches during this reporting period. Aquahack’s methodology involves harvesting and monetizing structured databases from a global array of corporate, educational, and government victims. Transactions are typically conducted on cybercrime forums using escrow services or via direct Telegram contact, with asking prices ranging from $900 to $1,400 per dataset.

Global Retail and E-commerce Targets

IBS.it (Italy): Aquahack offered 458,000 records containing personal and company contact details, fiscal codes, VAT numbers, purchase history, and delivery logs.
BicCamera (Japan): The actor sold 317,000 customer records spanning names, encrypted passwords, order history, and support tickets for $1,100.
eMAG (Hungary): A dataset of 417,000 records including user PII, tracking data, and admin/developer accounts with security clearance levels was priced at $1,200.
Motonet (Finland): A database of 245,000 consumer records featuring hashed card numbers and demographics was made available.
Materiel.net (France): Two separate datasets were offered, one containing 742,000 records (including SIRET numbers and encrypted passwords) and another containing 732,000 records, priced at $11 and $1,000 respectively.
Wine&Co (France): A dataset of 586,000 customer records featuring payment metadata and billing details was listed for sale.
ATP-Autoteile (Germany): A database of 435,000 records exposed credit card types, numbers, and shipment tracking information.
Broil King (Greece): Aquahack listed 347,000 records covering product registrations, warranty details, and customer contacts for $1,000.
Marisa (Brazil): A dataset of 637,000 records from the Brazilian retailer was exposed, including IP addresses and delivery logs.
Timber Mart and Barbecues Galore (Canada): Datasets containing 428,000 and 462,000 records respectively were offered, with prices ranging from $900 to $1,200.
Made-in-China.com (China): A B2B platform dataset comprising 627,000 records of purchase orders and customer requirements was made available.
2dehands.be (Belgium): A classified ads platform breach exposed 276,000 records for $1,300.
Petz (Brazil): A dataset of 563,000 records exposed veterinarian contacts, clinic information, and pet care booking histories.

Telecommunications and Technology Sector Targets

Tiscali (Italy): Aquahack executed multiple offerings for Tiscali. One dataset contained 723,000 records including tax codes and hashed passwords, while another dataset of 627,000 records included Wi-Fi credentials and device identifiers.
OBIC Co., Ltd. (Japan): A dataset of 742,000 records exposed highly sensitive employee information including salary, tax data, pension numbers, health insurance IDs, and full bank account details.
HKBN (Hong Kong): A dataset of 563,000 customer contacts and account records was priced at $900.
Amberit (Bangladesh): Two distinct offerings for the IT organization were listed. Both contained 728,000 records spanning passwords, LinkedIn profiles, and financial totals, priced at $900 and $1,400.
Chiphell (China): A dataset of 763,000 records from the technology forum exposed activation keys and social handles.
Onward Manufacturing Co. Ltd. (Canada): A dataset of 423,000 records was offered for $1,000, exposing payment methods and support logs.

Education and Healthcare Targets

Asahi Culture Center (Japan): The actor listed 742,000 records of membership credentials and class bookings for $1,400.
Doktori.lv (Latvia): A medical portal dataset of 195,000 records including patient billing codes and professional medical license numbers was priced at $1,100.
SANDEE/ICIMOD (India): A breach of the research organization exposed 742,000 records including academic backgrounds, project applications, and reviewer decisions.
Rajasthan Rajya Madhyamik Shiksha Abhiyan (India): A government education portal dataset of 768,000 records exposed student enrollment and guardian financial information.
EduNext Technologies (India): A dataset of 682,000 records exposed student disciplinary data and marketing lead scoring.
libimseti.cz (Czech Republic): A dataset of 438,000 records exposed highly sensitive patient medical records including diagnoses, treatment plans, and insurance details for $1,300.
Egypt Knowledge Bank (Egypt): A dataset of 467,000 records exposed government ID numbers, biometric verification data, and fraud risk scores for $900.
University of Osnabrück (Germany): A dataset of 231,000 student records including scholarship statuses and majors was priced at $1,400.

Government and Civil Service Targets

Bangladesh Overseas Employment and Services Limited (BOESL): A dataset of 732,000 records exposed passport numbers and biometric verification records of expatriate workers for $1,300.
Belgian Federal Public Service Interior (ibz.rrn.fgov.be): A critical citizen registry dataset of 482,000 records exposed national ID numbers, security clearance levels, and social benefit eligibility scores.
CRMVSP (Brazil): A dataset of 738,000 records belonging to the São Paulo Regional Council of Veterinary Medicine was offered for sale.
service-public.dz (Algeria): An official public service portal dataset of 742,000 records exposed national ID numbers and service requests.
Mendoza Provincial Government (Argentina): Two separate datasets of 742,000 and 642,000 records exposed national ID numbers (DNI) and business registration data.

Professional Services and Specialized Platforms

First Class Cre8tivity (Lesotho): A creative services organization dataset of 145,000 records was priced at $1,200.
kariera.gr (Greece): A recruitment platform dataset of 184,000 records including LinkedIn profiles was priced at $1,100.
tarr.hu (Hungary): An organization dataset of 526,000 records was offered for $900.
Jogaszvilag (Hungary): A legal professionals platform dataset of 743,000 records exposed plaintiff names, case descriptions, and court details.
edb.cz (Czech Republic): A business contact dataset of 312,000 records was priced at $1,200.
Giropay (Germany): A payment service dataset of 317,000 records including IBANs and BICs was priced at $1,100.
cncn.com (China): A dataset of 736,000 records was priced at $1,400.
CALS (Czech Republic): A dataset of 327,000 records including citizenship numbers was priced at $1,200.
Golf Australia (Australia): A dataset of 712,000 records exposing tee time bookings and membership fees was priced at $1,100.
Kennel Club Argentino (Argentina): A dataset of 742,000 records exposed registered dog owners’ national IDs and a dog breeds registry.

Threat Actor Deep Dive: The 0xteam Defacement Campaign

A highly coordinated mass defacement campaign was executed on June 3, 2026, primarily by a threat actor identifying as “chinafans,” who operates under the hacking collective “0xteam”. This campaign did not focus on data exfiltration; rather, it relied on exploiting vulnerabilities to plant a text-based defacement marker, uniformly named 0x.txt, within the file structures of the targeted domains. The attacks were predominantly targeted single-site defacements across a vast array of small-to-medium businesses globally, with the evidence systematically mirrored and archived on zone-xsec.com.

Affected Industries and Victims by Geography

United States: The campaign struck legal services such as Costello Law , energy suppliers like Morrison Fuels , construction and home services including Garage Door Pro Solutions and Advanced Flooring Inc , travel entities like Indy Travel Club , and other businesses including Pawlica Janitorial , TPP Landscape Services , and the personal site bradleypthomas.com.
Australia & New Zealand: Real estate firm Beach House Realty , food services like GFree Churros , plumbing service United Plumbing , educational portal Rules of the Road Australia , and New Zealand entities NZ Wholesale and Ebb and Flow were compromised.
Brazil: Engineering firm Acumen Engenharia , regional network Rede Cidades Resendenses , travel agency Maxxima Travel , and testing site agtest.com.br.
Europe: Victims included the Austrian ornamental fish retailer Zierfisch-Shop , Belgian domain validee.be , Dutch site 44andmore.nl , Polish site Korbiel.pl , UK non-profit National Institute of Nutrition , and the Italian accounting firm Studio Commercialista Dottoressa Rosset.
Asia & Middle East: Defacements affected Indian domains Tiger4India and Indiajara , Pakistani retailer Comfort House , Indonesian site Labuhan Burung Smile , Vietnamese construction firm Nha Hau Trong Goi and media entity VOV Media , as well as the UAE NLP Academy.
Africa & Latin America: The campaign hit Mexican water treatment firm Drinking Water Solutions and inrate.mx , Nigerian entity IGI Nigeria , and Mozambican financial service FSI Mozambique.
Unspecified Jurisdictions: The group also defaced numerous sites lacking clear geographic attribution, including Haliikai Paradise , win88lose.com , SR Global Corp , 4-be.com , Sukhee Pharma , Utrac Delivery , framework101.com , 888to4l.com , insightpicz.me , dapper.black , Artisitiy , Smart Campus Plus , Baggyco , iWAF , Gelato Flos , babystukitaki.com , Motivational Mantra , InnovaIPA , thetransformationchix.com , Gifted Health , Brandlux , Wangamukulu Kingdom , Elder Productions , and VNC International.

Notably, the attacks against Brandlux, Ebb and Flow, UAE NLP Academy, Studio Commercialista Dottoressa Rosset, and VNC International were classified as redefacements, indicating a failure by these organizations to remediate underlying vulnerabilities following a previous intrusion.

Threat Actor Deep Dive: LunarisSec & French Infrastructure Targeting

The hacking group “LunarisSec” demonstrated a highly specialized focus on French governmental, legal, and educational infrastructure, utilizing sophisticated exploitation of web vulnerabilities.

digital-avocat.fr: LunarisSec breached this legal services platform via an exposed API, extracting 270,074 user records containing IBANs, SEPA banking details, and call histories.
sante.gouv.fr (French Ministry of Health): The group claimed to have discovered an undisclosed reflected XSS vulnerability, intercepting user cookies, tokens, and credentials.
campus.cnfdi.com (CNFDI): Exploiting a GraphQL API vulnerability, the actors extracted emails, event registrations, and session data from the distance-learning institution.
centre-national-droit-du-travail.fr: Using a Blind SQL Injection vulnerability against a legacy stack (PHP 5.3.3, Nginx 1.14.2, MySQL 5.x), the group exposed 41 tables of user credentials and company information.
commissaire-justice.fr: LunarisSec claimed to find three critical vulnerabilities on this domain, including a Broken Object Level Authorization (BOLA) flaw, unauthenticated convention-signing endpoints exposing SIRET data, and an unauthorized data creation flaw allowing the injection of fake entities into the official registry.

Government and State-Sponsored Incident Analysis

Government entities across the globe suffered massive data leaks and breaches during this reporting period.

Asia-Pacific

Indonesia: The Indonesian government faced severe data exposure. A threat actor named “BhayangkaraID” freely distributed a database of 341,000 records from the Indonesian National Police. Later, the actor “V0idix” leaked a similar dataset of 341,800 police records, claiming it was retaliation for a wrongful arrest. Another actor, “053o,” sold PII of Indonesian National Police officers across multiple regional commands. Beyond law enforcement, the actor “Kim1000P” shared 2 million citizen records from the government domain pkp.go.id, including national ID numbers (NIK) and family card numbers. The actor “RanzXZ” freely distributed membership records for the PKS political party , data from the DUKCAPIL civil registry , and permit records from the Sidengreng Rappang regional government. An alleged leak from the Indonesian Military (TNI) was also reported by actor “AlixploitCapung”. Additionally, the Kabupaten Jember regional entity suffered a database leak , and the actor “Mrsawit” leaked data from North and West Sumatra.
China: The threat actor “SnowSoul” leaked approximately 400 million SQL records and 11GB of financial backups from an undisclosed Chinese coal and energy company following a refused $2,000 ransom demand. In a massive claim, actor “tolerantcyber2” alleged the exfiltration of 10 petabytes of classified military and aerospace research from China’s National Supercomputing Center (NSCC), including stealth technology and satellite telemetry data. Furthermore, a breach of the Tianyancha business intelligence service allegedly exposed 2 million records.
Pakistan: The threat actor “Flipperone” claimed a breach of the Higher Education Commission (HEC) Pakistan, holding 1.5 million citizen PII records. In retaliation for HEC denying the breach, the actor freely released 150,000 records containing CNICs and blood groups, while pricing the full set at $1,000.
Taiwan: A threat actor offered an alleged internal database from Taiwan’s Psychological Warfare Unit, claiming it contained data from the PLA, Japan Self-Defense Forces, ROC Armed Forces, and US military.
Philippines: Multiple Philippine government domains were breached, including the Department of Science and Technology, the Government Assistance Bureau, and the Civil Works Council.

Americas

Mexico: The threat actor “Black0ut_Exi” offered an incredibly sensitive database from Mexico’s Instituto Nacional de Migración (INM) containing 590,000 to 1 million records of biometric data, deportation records, and digitized signatures. The actor “Z3r00” leaked 63,000 taxpayer records from the Nuevo León State Finance Secretariat. Furthermore, the group “SoulHemTeam” breached the IEEA in Campeche, leaking employee and student CURP IDs.
United States: The City of Chicago City Clerk’s Legislation API was breached by actor “cc5ab,” who distributed 271 full PII records. The threat group “APT IRAN” claimed to have executed a zero-day driven attack against US telecommunications infrastructure, escalating privileges and causing a complete disruption. In addition, a threat actor claimed to breach the Heartland Free Church NAS server via an SMB vulnerability, stealing financial records of 25 staff members. Confidential inspection photos of the Sikorsky H-60 Black Hawk military helicopter were also leaked by an actor named “mosad”.
Argentina: Aside from the Aquahack breaches in Mendoza, the actor “Kagann” leaked 11.3 million records from the 2013 Argentina Electoral Registry and distributed the National Social Works database. A database dump from the Municipalidad de Gualeguay was also shared on Telegram.
Colombia: The actor “DozerMx” distributed JSON-formatted records of students and teachers across 42 campuses of the Bogotá Secretary of Education.

Europe, Middle East, and Africa (EMEA)

France: The actor “DumpsecV2” leaked 11,000 profiles of France Services government agents sourced from the Osmose portal. The group “AplaGroup” leaked profile pictures and data of 2,637 agents from the French fire service SDIS 37. The actor “misere” distributed a database of 233,837 records from the French Regional Health Agencies portal.
Russia: The actor “loptrgod” sold a 636 GB database attributed to the Russian Ministry of Internal Affairs (MVD), allegedly containing passport scans and registration addresses for 159 million citizens spanning 2004 to 2023.
Ukraine: The pro-Russian threat actor “NoName057(16)” defaced multiple Ukrainian websites, including souvenir retailer uh-ty.com.ua and duct tape supplier rocktape.ua, posting political messages opposing European integration.
Egypt: The actor “Anonymous2090” claimed to exfiltrate a 2 GB archive of Egyptian national ID card images from an unspecified government domain.
Morocco: The actor “jabaroot0” leaked the Chemistry section of the Moroccan Baccalaureate examination via Telegram hours before the test.
Turkey: The actor “Tanaka” leaked a 2022 dataset containing 6 million records of Syrian and foreign immigrants residing in Turkey, exposing national ID numbers and residential addresses.
Serbia: An unnamed actor sold 11TB of internal documents and engineering schematics allegedly exfiltrated from a Serbian military subcontractor manufacturing howitzers and complex weapons systems. Furthermore, 220,000 Serbian citizen records were shared on Telegram.

Retail, E-commerce, and Enterprise Breaches

Beyond the scope of Aquahack’s operations, numerous high-profile corporate entities suffered severe data exposures.

Nissan Motor Co., Ltd. (Japan): The Everest ransomware group leaked 910 GB of data after a failed extortion attempt. Gaining access via an IT contractor’s compromised VPN credentials, the group exfiltrated 2,352,984 customer records spanning from 2013 to 2026 across 1,211 CSV files.
Dukaan (India): The actor “stalker8083” claimed a massive breach of mydukaan.io, selling a database of 100 million user records including encrypted payment API keys, transaction histories, and seller bank accounts.
Homzmart (Egypt): The actor “hackformetome” leaked a 4.6GB SQL dump containing 9 million records of customer addresses, payment data, and seller business information.
Krys (France): The optical retail chain Krys was heavily targeted. The actor “ChimeraZ” sold 66.6 GB of exfiltrated data containing 153,675 PDF files of medical prescriptions and health insurance cards , and freely distributed a database of 294,206 lines covering 198,517 individuals, including French social security numbers.
Carvivo (France): The actor “DumpsecV2” breached the SaaS lead management platform Carvivo, exposing 8 million lead records, 3.2 million unique emails, and 5 million vehicle license plates.
Pyszne.pl (Poland): The actor “Jeffrey Epstein” sold 430,000 records from the Polish food delivery platform, including user IDs and device information.
Glovo (Romania): The actor “realdb4U” sold a database of 430,000 Romanian Glovo users, including usernames and dates of birth.
Justeet (UK): The actor “Databroker1” sold 398,000 records from the Welsh food delivery platform, exposing loyalty IDs and account metadata.
Classima Club (Italy): A database of 43,500 customer records from the membership shopping club was leaked by the actor “2019,” exposing PayPal transaction statuses.
Fokko Juweliers (Netherlands): The actor “DarkMafiaX” sold a 1.5GB SQL database containing hashed passwords and customer records from the jewelry retailer.
carsworld.id (Indonesia): The actor “Cryptix” leaked a SQL database containing 213,303 merchant records, exposing workshop owner login session data and geolocation coordinates.
Farmex Freshia Trading LLC (UAE): The actor “blacknet00” sold full initial access and data access for the Globiro ecommerce grocery system for $100, including admin dashboard editing permissions.

Healthcare, Education, and Logistics Breaches

Eleonor (Mexico): The actor “MedData” sold the complete clinical database of Eleonor.mx, exposing 2.7 million patient records, 1.2 million prescriptions, and 184,842 CURP numbers. Crucially, the actor claimed ongoing active access via OAuth refresh tokens and Google Calendar read/write permissions.
Bolivia Ministry of Health: The actor “konata_izumi_shell” breached the Unified Health System (SUS), extracting 8.4 million records in SQL format, exposing national ID numbers and marital statuses.
Al Jalala University (Egypt): The actor “omaronsec” actively sought to purchase a deleted database belonging to the university, indicating high demand for the data.
IT Curves (United States): The threat actor “Ababil of Minab” claimed to breach IT Curves, a provider of medical transportation management software, posting photo evidence of the intrusion.
Logistics / Hardware Wallets (United States): The actor “Euphoric_Reply_5727” sold a dataset of 70,927 buyers of Ledger and Trezor hardware wallets, extracted from an undisclosed major shipping company. This targeted PII exposes cryptocurrency users to severe physical and digital security risks.

Financial Services and Cryptocurrency Threat Landscape

The financial and cryptocurrency sectors were heavily targeted, reflecting the high monetary value of user data in these industries.

Prosper Marketplace (United States): The actor “Lordracks” sold a database allegedly extracted between May 18–20, 2026, containing 890,472 user records. The highly sensitive dump included full KYC documentation, SSNs, credit card PANs with CVVs, bank details, and credit scores.
JioPayments Bank (India): The actor “NeuraSec” leaked a database of over 6,000 records from the Indian financial institution.
Sepah Bank (Iran): The actor “Yakohomot” sold a 2025 database claiming to hold 2.8 million users for $15,000 in Monero (XMR).
Volksbank (Germany): The actor “Frenshyny” sold a 2.1 million line database for $150.
Hazecash.com: The actor “Cryptix” freely leaked over 1 million records from the financial services platform, exposing usernames and IP addresses.
Cryptocurrency Portfolios: The actor “vothan” offered a massive collection of over 100 databases from crypto exchanges including Coinbase, CoinMarketCap, Celsius Network, and Crypto.com. Meanwhile, the actor “orvyn01” sold an unverified Binance database of 10,000 accounts for 7 XMR. The actor “Frenshyny” sold 292,000 Ledger records for $300 per 50,000 lines. Finally, the actor “Junix26” sold a portfolio of 27.6 million historic Bitcoin addresses generated between 2009 and 2014, actively marketing the dataset for exploiting cryptographic vulnerabilities like ECDSA nonce reuse to recover private keys.

Telecommunications and Technology Sector Breaches

Discord & Zendesk: The notorious group “ShinyHunters” sold 1.6TB of Discord user data obtained via a breach of Zendesk. The dataset contained 70,000 user records including support tickets, IP addresses, and government-issued ID photos used for age verification, with an asking price of $500,000 USD.
BCD Travel: ShinyHunters also leaked 30GB+ of compressed data from BCD Travel, including over 700,000 Salesforce records and SharePoint data, after the company refused extortion demands.
Anthropic: The actor “JVZU” distributed a leaked set of 400,000 Claude API tokens, potentially allowing massive unauthorized access to AI services.
Bouygues Telecom (France): The actor “xMetah” freely leaked a sample of 33,990 records from a larger 4.1 million record database.
Korek Telecom (Iraq): The actor “7by7” sold a database of over 750,000 records from the Iraqi provider, utilizing forum escrow.
Tianya (China): The actor “ChinaTomchent” exfiltrated over 127 million user records from tianya.net. The breach methodology was notable: the actor masked low-frequency probing behind launch-day DDoS chaos, exploiting a weak privileged account to install a memory-resident backdoor.
Bumble: The actor “Euphoric_Reply_5727” sold 32 million user records from the dating app for $999, exposing sensitive profile data such as political and religious preferences, location, and bcrypt-hashed passwords.
Instagram: The actor “tennezza” sold a 1.3GB database of 17 million US Instagram users , while the actor “Gh0s7” advertised a full 2025 Instagram database alongside premium multi-site dumps.
Stripchat: The actor “Euphoric_Reply_5727” sold a database of 62.3 million users and 408,763 models for $799.
Curious12 (UK): A supply chain compromise of the creative agency Curious12, executed by the actor “xxf,” exposed the customer data of over 60 client organizations across North East England.
SourceScrub (US): The actor “OriginalCrazyOldFart” leaked an unprotected Azure Blob Storage bucket containing structured corporate intelligence data on tens of thousands of companies.

Cyber Attack and Defacement Infrastructure (Non-0xteam)

Outside of the 0xteam campaign, the threat group “Hidden Cyber Crime” (acting via “Inside Alone7”) conducted a mass defacement campaign against a Thai academic institution (SWW), compromising Linux servers to deface multiple domains including exam.sww.ac.th, app.sww.ac.th, and cer.sww.ac.th. Furthermore, the actor “Raxor404” of the “SANTIAGO404” team defaced the Russian dental site crdent.ru , and the actor “overthrash1337” defaced an unidentified Canadian web service hosted on port 8529.

Destructive attacks were also reported. The actor “Ababil of Minab” claimed a 20 TB data wipe attack against 20 critical machines of an undisclosed organization, exfiltrating 2 TB of data and mocking the victim’s outdated 2008-era security posture.

Underground Economy: Malware, Exploits, and Carding

The criminal forums were highly active with the sale of initial access, malware variants, identity documents, and phishing infrastructure.

Malware and Exploits

Lich Stealer: The actor “Lich010203040506070809” sold an updated version of the Python-based Lich Stealer malware. The tool targets Chromium browsers, crypto wallets, VPNs, and password managers, featuring advanced capabilities like LSASS impersonation, Windows Defender evasion, clipper modules, and virtual machine detection evasion.
Mozilla SpiderMonkey 0-Day: The actor “berz0k” attempted to sell a zero-day remote code execution (RCE) exploit targeting Mozilla’s SpiderMonkey JS engine for $120,000. The exploit allegedly chained two memory corruption vulnerabilities to execute arbitrary shellcode.
FortiClient RCE (CVE-2025-31365): The actor “RedQueen” disclosed details of a code injection vulnerability in Fortinet’s FortiClient authentication window, exploitable via the fabricagent:// URL scheme. The same actor also disclosed SSRF attack vectors (CVE-2025-57822 and CVE-2024-34351) targeting Next.js applications via the Image component and Server Actions.
Collapse HVNC RAT: The actor “grover1821” distributed a sample of the Collapse HVNC RAT, allowing silent remote desktop control via Hidden Virtual Network Computing technology.
Lycron Crypter 2026: A cracked version of this payload obfuscation tool was distributed by the actor “ZamanX,” allowing users to mutate signatures and bypass Windows antivirus detection.
SilentSpy Ultimate & Unlock Tool Pro: The actor “Marqui1234” distributed cracked versions of the SilentSpy spyware suite and the Android device servicing malware Unlock Tool Pro.
CodexUI Malware: A popular developer tool, CodexUI, was compromised. The released binary version contained malicious code that exfiltrated user login credentials to attacker-controlled servers, though the public source code remained clean.

Carding, Identity Fraud, and Initial Access

The identity fraud market saw massive activity. The actor “silasclark” sold “Fullz” (SSN, DOB, DL), Track 101/202 payment card dumps, and children’s fullz spanning 2013-2025. The actor “CrazyDogg” sold bank logs with PINs for major US institutions including Bank of America and Chase for $50-$60. ATM card cloning tools targeting magnetic stripe and chip data were distributed by “Marqui1234”.

A highly prolific actor named “–•™DAXEN16™•–” ran a massive storefront distributing forged identification documents, including fake passports and driver’s licenses accompanied by selfie photographs. Their offerings covered jurisdictions including France, Germany, the United States (Florida, Texas), Israel, China, and Australia.

Initial access brokers were also highly visible. The group “Pharaohs_Team” sold verified server shell access via Telegram. The actor “PORTAL” rented RDP access to compromised Azure, AWS, and Digital Ocean infrastructure for $200 a day, while also selling discounted compromised subscriptions for ChatGPT Plus and Claude. The actor “Toton” sold Domain Admin OpenVPN access to a Malaysian municipal government network protected by Cylance AV for $978. The actor “Raphee” sold compromised X/Twitter accounts categorized by their Blue, Gold, or Grey verification badge levels for use in credential harvesting.

Phishing Infrastructure and Schemes

HeartSender V6: The actor “stroxshop_tools” sold an email campaign platform featuring SMTP rotation, proxy support, and AI-generated email templates designed to evade domain authentication checks.
P1 Bot: The actor “nicenicenice” sold the source code for a Telegram-based bot designed to conduct automated VoIP phishing (vishing) campaigns, featuring concurrent calls and custom caller IDs.
Phishing-as-a-Service: The actor “1llusion” offered custom encrypted HTML pages, SMTP services, and HQ redirects for targeted phishing operations.
Money Mule Recruitment: An actor named “Alexandr,” claiming to be from China, solicited individuals on Telegram to purchase USDT cryptocurrency in exchange for a 10%+ commission. This advance-fee fraud scheme attempts to recruit money mules for illicit fund transfers.
WhatsApp Phishing: A widespread phishing campaign was reported in Israel, where threat actors distributed fake links via WhatsApp impersonating a major domestic food industry company to harvest personal information

Detected Incidents Draft Data – 2026-06-04 (run date)

Alleged data breach of Tiscali Italy — 723K customer records including personal and subscription data
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from Tiscali, an Italian ISP, containing approximately 723,000 records. The data is structured across three sections — Contacts, Subscriptions, and Service Tickets — and includes fields such as full names, dates of birth, tax codes, email addresses, hashed passwords, phone numbers, physical addresses, contract details, and support ticket information. Sample files have been shared via Gofile links.
Date: 2026-06-04T05:20:33Z
Network: openweb
Published URL: https://breached.su/threads/723k-italy-www-tiscali-it-customer-contact-data-including-emails-phones-addresses-dates-of-birth.87914/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Italy
Victim Industry: Telecommunications
Victim Organization: Tiscali
Victim Site: tiscali.it
Alleged data breach of IBS.it with customer, order, and delivery records
Category: Data Breach
Content: A threat actor is offering a dataset allegedly sourced from ibs.it, an Italian online retailer, containing approximately 458,000 records across three sections: Customers, Orders, and Delivery Logs. The customer section includes personal and company contact details, fiscal codes, VAT numbers, purchase history, and marketing preferences. Order and delivery sections contain transaction details, shipment tracking, and delivery address information.
Date: 2026-06-04T05:19:59Z
Network: openweb
Published URL: https://breached.su/threads/458k-italy-https-www-ibs-it-customer-records-with-contact-company-and-purchase-history-details.87915/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Italy
Victim Industry: Retail
Victim Organization: IBS
Victim Site: ibs.it
Alleged data breach of OBIC Co., Ltd. with corporate contact and employment records
Category: Data Breach
Content: A threat actor is selling an alleged dataset of 742,000 records originating from OBIC Co., Ltd., a Japanese enterprise software company. The dataset reportedly includes three sections: Contacts (with PII such as full name, birth date, nationality, marital status, and financial details), Sales Orders (with employee salary and tax information), and Employee Benefits (with pension numbers, national identification numbers, health insurance IDs, and full bank account details). The seller is asking $1…
Date: 2026-06-04T05:19:23Z
Network: openweb
Published URL: https://breached.su/threads/742k-japan-https-www-obic-co-jp-corporate-contact-and-employment-records-with-personal-details.87916/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Japan
Victim Industry: Technology
Victim Organization: OBIC Co., Ltd.
Victim Site: obic.co.jp
Alleged data breach of Asahi Culture Center (asahiculture.jp)
Category: Data Breach
Content: A threat actor is offering for sale a dataset allegedly originating from asahiculture.jp, a Japanese cultural education organization. The dataset reportedly contains approximately 742,000 records spanning contacts, class bookings, and membership subscriptions, including full names, dates of birth, phone numbers, addresses, email addresses, and membership credentials. The seller is asking $1,400 and accepts forum escrow for the transaction.
Date: 2026-06-04T05:18:46Z
Network: openweb
Published URL: https://breached.su/threads/742k-japan-https-www-asahiculture-jp-personal-contact-and-address-records-from-cultural-course-participants.87917/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Japan
Victim Industry: Education
Victim Organization: Asahi Culture Center
Victim Site: asahiculture.jp
Alleged data breach of BicCamera
Category: Data Breach
Content: A threat actor is selling an alleged dataset from BicCamera, a Japanese electronics retailer, comprising approximately 317,000 customer records. The dataset reportedly includes customer contact details (names, emails, phone numbers, addresses, encrypted passwords, date of birth), order history, and customer support tickets organized across three structured sections. The seller is asking $1,100 and accepts forum escrow for the transaction.
Date: 2026-06-04T05:18:13Z
Network: openweb
Published URL: https://breached.su/threads/317k-japan-https-www-biccamera-com-customer-profiles-with-emails-names-addresses-purchase-history.87918/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Japan
Victim Industry: Retail
Victim Organization: BicCamera
Victim Site: biccamera.com
Alleged data breach of Latvian medical portal doktori.lv with patient records for sale
Category: Data Breach
Content: A threat actor is selling an alleged dataset of 195,000 records originating from doktori.lv, a Latvian medical portal. The dataset is claimed to include patient contact details, professional qualifications, and appointment history, with fields such as name, email, phone, birthdate, billing codes, and license numbers. The seller is asking $1,100 and accepts forum escrow.
Date: 2026-06-04T05:17:38Z
Network: openweb
Published URL: https://breached.su/threads/195k-latvia-patient-contacts-https-www-doktori-lv-active-medical-records-including-emails-and-phone-numbers.87919/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Latvia
Victim Industry: Healthcare
Victim Organization: Doktori.lv
Victim Site: doktori.lv
Alleged data breach of First Class Cre8tivity (firstclasscre8tivity.co.ls)
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from firstclasscre8tivity.co.ls, a creative services organization in Lesotho. The dataset reportedly contains approximately 145,000 records across three tables — Contacts, Booking History, and Customer Support Tickets — including full names, email addresses, phone numbers, mailing addresses, hashed passwords, and support ticket details. The data is offered for sale at $1,200 via Telegram contact.
Date: 2026-06-04T05:17:04Z
Network: openweb
Published URL: https://breached.su/threads/145k-lesotho-https-firstclasscre8tivity-co-ls-contact-records-with-emails-phones-personal-details.87920/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Lesotho
Victim Industry: Creative Services
Victim Organization: First Class Cre8tivity
Victim Site: firstclasscre8tivity.co.ls
Alleged data breach of kariera.gr exposing candidate and job records
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from kariera.gr, a Greek job platform, containing approximately 184,000 records across three sections: Contacts, Job Applications, and Job Postings. The Contacts section includes personally identifiable information such as full names, email addresses, phone numbers, physical addresses, LinkedIn profiles, and job titles. The dataset is priced at $1,100 and offered via Telegram or forum escrow.
Date: 2026-06-04T04:57:10Z
Network: openweb
Published URL: https://breached.su/threads/184k-greece-kariera-gr-active-candidate-and-it-job-records-database-184k-greece-kariera-gr-active-candidate-and-it-job-records-database.87905/unread
Screenshots:
2 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Greece
Victim Industry: Recruitment
Victim Organization: kariera.gr
Victim Site: kariera.gr
Alleged data breach of HKBN (Hong Kong Broadband Network)
Category: Data Breach
Content: A threat actor is selling an alleged dataset from HKBN (hkbn.net) containing approximately 563,000 records across three categories: customer contacts, orders, and support tickets. The data reportedly includes full names, email addresses, phone numbers, mailing addresses, birthdates, and other personal and account details. The seller is asking $900 and accepts forum escrow for the transaction.
Date: 2026-06-04T04:56:37Z
Network: openweb
Published URL: https://breached.su/threads/563k-hong-kong-www-hkbn-net-customer-contact-and-account-records-with-emails-and-timestamps.87906/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Hong Kong
Victim Industry: Telecommunications
Victim Organization: Hong Kong Broadband Network
Victim Site: hkbn.net
Alleged data breach of eMAG Hungary (emag.hu) exposing 417K user records
Category: Data Breach
Content: A threat actor is selling an alleged dataset from emag.hu, a Hungarian e-commerce platform, for $1,200. The dataset reportedly contains 417,000 records spanning three sections: Contacts (user PII including emails, phone numbers, registration dates, and marketing preferences), Order History (purchase records, payment methods, shipping/billing addresses, and tracking data), and Content Contributors (admin/developer accounts with permission flags, login attempts, and security clearance levels). Sam…
Date: 2026-06-04T04:56:03Z
Network: openweb
Published URL: https://breached.su/threads/417k-hungary-https-www-emag-hu-user-accounts-with-emails-registration-dates-and-activity-status-data.87907/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Hungary
Victim Industry: Retail
Victim Organization: eMAG
Victim Site: emag.hu
Alleged data breach of tarr.hu with 526K records including contacts, support tickets, and order history
Category: Data Breach
Content: A threat actor is offering for sale a dataset allegedly originating from tarr.hu, a Hungarian organization, priced at $900. The dataset reportedly contains approximately 526,000 records across three sections: Contacts (personal and professional details), Support Tickets (case handling records), and Order History (transaction and billing data). The seller is accepting contact via Telegram and offers forum escrow for the transaction.
Date: 2026-06-04T04:55:30Z
Network: openweb
Published URL: https://breached.su/threads/526k-hungary-www-tarr-hu-active-email-addresses-and-phone-contacts-database.87908/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Hungary
Victim Industry: Unknown
Victim Organization: Tarr
Victim Site: tarr.hu
Alleged data breach of Jogaszvilag (Hungarian legal professionals platform)
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from jogaszvilag.hu, a Hungarian legal professionals platform, containing approximately 743,000 records. The dataset is structured across three sections: contact details (including personal identifiers, phone numbers, and addresses), legal case records (including plaintiff names, case descriptions, and court details), and newsletter subscriber information. Sample data links were provided via Gofile to substantiate the claim.
Date: 2026-06-04T04:54:56Z
Network: openweb
Published URL: https://breached.su/threads/743k-hungary-https-www-jogaszvilag-hu-legal-professionals-contact-and-subscription-data.87909/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Hungary
Victim Industry: Legal
Victim Organization: Jogaszvilag
Victim Site: jogaszvilag.hu
Alleged data breach of SANDEE/ICIMOD with personal contacts and research records
Category: Data Breach
Content: A threat actor is offering a dataset allegedly sourced from sandee.icimod.org, containing approximately 742,000 records across three structured sections: contacts (including personal identifiers, phone numbers, email addresses, and mailing addresses), research profiles (academic background, publications, and funding sources), and project applications (research proposals, budgets, and reviewer decisions). The data appears to pertain to researchers and individuals engaged with SANDEE, a regional e…
Date: 2026-06-04T04:54:23Z
Network: openweb
Published URL: https://breached.su/threads/742k-india-https-sandee-icimod-org-detailed-personal-contacts-and-communication-records-dataset.87910/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: India
Victim Industry: Research
Victim Organization: SANDEE (South Asian Network for Development and Environmental Economics) / ICIMOD
Victim Site: sandee.icimod.org
Alleged data breach of Rajasthan Rajya Madhyamik Shiksha Abhiyan (rajrmsa.nic.in)
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from rajrmsa.nic.in, an Indian government education portal, containing approximately 768,000 records. The data includes student contact details, enrollment records, and guardian PII such as names, dates of birth, phone numbers, email addresses, password hashes, and financial information across three structured sections. Sample download links were shared publicly on the forum.
Date: 2026-06-04T04:53:49Z
Network: openweb
Published URL: https://breached.su/threads/768k-india-https-rajrmsa-nic-in-personal-and-contact-records-including-education-and-communication-preferences.87911/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: India
Victim Industry: Education
Victim Organization: Rajasthan Rajya Madhyamik Shiksha Abhiyan
Victim Site: rajrmsa.nic.in
Alleged data breach of EduNext Technologies exposing student personal and education records
Category: Data Breach
Content: A threat actor is selling a dataset allegedly sourced from EduNext Technologies, an Indian education technology platform, containing approximately 682,000 records. The data spans three structured sections: student contact details (including PII such as date of birth, phone, address, parent names, and email), student enrollment records (including academic, financial, and disciplinary data), and inquiry management records (including lead scoring and marketing data). The dataset is offered via exte…
Date: 2026-06-04T04:53:16Z
Network: openweb
Published URL: https://breached.su/threads/682k-india-https-www-edunexttechnologies-com-student-contacts-personal-info-education-records-emails.87912/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: India
Victim Industry: Education
Victim Organization: EduNext Technologies
Victim Site: edunexttechnologies.com
Alleged data breach of LocalPlace.jp
Category: Data Leak
Content: A threat actor known as Satanic allegedly breached LocalPlace.jp in May 2024, resulting in a database of approximately 840,000 records. The dataset reportedly includes client IDs, company names, full company information, phone numbers, full names, email addresses, and billing information. The data has been made available as a free download on the forum.
Date: 2026-06-04T04:52:47Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-LocalPlace-jp%C2%A0-leak-Repost
Screenshots:
1 screenshot(s) available
Threat Actors: Tanaka
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: LocalPlace
Victim Site: localplace.jp
Alleged data breach of Tiscali (Italy) — personal contacts database
Category: Data Breach
Content: A threat actor is offering for sale an alleged database originating from Tiscali, an Italian internet and media services provider, containing approximately 627,000 records. The dataset is structured across three sections — Contact, Service Contract, and Communication Preferences — and includes personally identifiable information such as names, birthdates, tax codes, email addresses, phone numbers, physical addresses, hashed passwords, Wi-Fi credentials, device identifiers, and marketing consent
Date: 2026-06-04T04:52:40Z
Network: openweb
Published URL: https://breached.su/threads/627k-italy-https-www-tiscali-it-personal-contacts-database-including-emails-phones-and-addresses.87913/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Italy
Victim Industry: Telecommunications
Victim Organization: Tiscali
Victim Site: tiscali.it
Sale of stolen credit cards with OTP bypass capability
Category: Carding
Content: A threat actor is offering stolen credit cards advertised as capable of bypassing OTP verification. The cards are marketed as having high balances and being linkable to payment platforms such as CashApp, PayPal, and Apple Pay. The seller claims a refund or replacement policy and provides Telegram and email contacts for orders.
Date: 2026-06-04T04:32:48Z
Network: openweb
Published URL: https://crackingx.com/threads/77930/
Screenshots:
1 screenshot(s) available
Threat Actors: Aaron Abrams
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of edb.cz — Czech business contacts and credential database
Category: Data Breach
Content: A threat actor is selling an alleged database dump from edb.cz, a Czech business contact platform, for $1,200. The dataset reportedly contains approximately 312,000 records spanning three tables: contact details (names, emails, phone numbers, addresses, LinkedIn/Twitter profiles), inquiry submissions, and user authentication records including hashed passwords. The seller is offering transaction via forum escrow or trusted middlemen.
Date: 2026-06-04T04:26:08Z
Network: openweb
Published URL: https://breached.su/threads/312k-czech-republic-https-www-edb-cz-business-contacts-and-professional-email-database.87891/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Czech Republic
Victim Industry: Unknown
Victim Organization: edb.cz
Victim Site: edb.cz
Alleged data breach of libimseti.cz exposing user contact, medical, and booking records
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from libimseti.cz, a Czech web platform, for $1,300. The dataset purportedly contains 438,000 records spanning three sections: contact details (emails, phone numbers, demographics), patient medical records (diagnoses, treatment plans, insurance, medications), and booking history (appointments, payment status, feedback). The inclusion of detailed medical and personal identity fields elevates the sensitivity and potential impact of this alle…
Date: 2026-06-04T04:25:35Z
Network: openweb
Published URL: https://breached.su/threads/438k-czech-republic-https-www-libimseti-cz-web-user-contact-data-including-emails-phone-numbers-and-demographics.87892/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Czech Republic
Victim Industry: Healthcare
Victim Organization: libimseti.cz
Victim Site: libimseti.cz
Alleged data breach of Egypt Knowledge Bank (ekb.eg) exposing 467K records
Category: Data Breach
Content: A threat actor is selling an alleged dataset from ekb.eg, Egypts national knowledge platform, comprising approximately 467,000 records across three sections: Contacts (personal and government ID details), Student Enrollments (academic records), and Authentication Records (identity verification logs including fraud flags and risk scores). The dataset is offered for $900 via Telegram and includes sensitive fields such as government ID numbers, biometric verification data, and device information.
Date: 2026-06-04T04:25:01Z
Network: openweb
Published URL: https://breached.su/threads/467k-egypt-https-ekb-eg-comprehensive-personal-and-contact-info-dataset.87893/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Egypt
Victim Industry: Education
Victim Organization: Egypt Knowledge Bank
Victim Site: ekb.eg
Alleged data breach of Motonet Finland with consumer contacts, orders, and payment method data
Category: Data Breach
Content: A threat actor is offering an alleged dataset from Finnish retailer Motonet (motonet.fi) containing approximately 245,000 consumer records. The data spans three structured sections — Contact, Order, and Paymentmethod — including full names, emails, phone numbers, postal addresses, demographic details, order and payment records, and hashed card numbers. The post claims the data is fresh and organized for practical use.
Date: 2026-06-04T04:24:24Z
Network: openweb
Published URL: https://breached.su/threads/245k-finland-https-www-motonet-fi-consumer-contacts-with-emails-phone-addresses-and-demographics.87894/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Finland
Victim Industry: Retail
Victim Organization: Motonet
Victim Site: motonet.fi
Alleged data breach of Materiel.net exposing 742K French user records
Category: Data Breach
Content: A threat actor is selling an alleged dataset from Materiel.net, a French electronics retailer, containing approximately 742,000 records. The dataset is structured across three sections — Contacts, Orders, and Support Tickets — and includes personally identifiable information such as full names, email addresses, encrypted passwords, birth dates, billing and delivery addresses, SIRET numbers, and order details. The seller is offering the data for $11.
Date: 2026-06-04T04:23:55Z
Network: openweb
Published URL: https://breached.su/threads/742k-france-https-www-materiel-net-user-registrations-with-activity-dates-and-subscription-details.87895/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: France
Victim Industry: Retail
Victim Organization: Materiel.net
Victim Site: materiel.net
Alleged data breach of Materiel.net exposing customer contacts, orders, and support tickets
Category: Data Breach
Content: A threat actor is selling an alleged dataset from Materiel.net, a French online retailer, containing approximately 732,000 records. The data is claimed to include customer contacts (names, emails, phone numbers, addresses), order transaction details, and support ticket information. The seller is offering the dataset for $1,000 via Telegram contact.
Date: 2026-06-04T04:23:16Z
Network: openweb
Published URL: https://breached.su/threads/732k-france-https-www-materiel-net-user-contacts-including-emails-phones-addresses-and-account-details.87897/unread
Screenshots:
None
Threat Actors: Aquahack
Victim Country: France
Victim Industry: Retail
Victim Organization: Materiel.net
Victim Site: materiel.net
Alleged data breach of Wine&Co (wineandco.com) exposing 586K customer records
Category: Data Breach
Content: A threat actor is offering a dataset allegedly sourced from wineandco.com, a French wine retailer, containing approximately 586,000 customer records. The dataset is structured across three sections — Contact, Order, and Delivery Log — and includes billing details, email addresses, phone numbers, order history, payment metadata, and delivery information. The data is being sold on a cybercrime forum and is described as fresh and organized.
Date: 2026-06-04T04:20:18Z
Network: openweb
Published URL: https://breached.su/threads/586k-france-https-www-wineandco-com-customer-contact-records-with-emails-phone-numbers-and-purchase-history.87898/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: France
Victim Industry: Retail
Victim Organization: Wine&Co
Victim Site: wineandco.com
Alleged data breach of Giropay
Category: Data Breach
Content: A threat actor is selling an alleged dataset from German payment service Giropay comprising approximately 317,000 records organized into three sections: Contacts (including names, emails, phone numbers, and communication preferences), Bank Accounts (including IBANs, BICs, and account details), and Orders (including transaction history and shipping data). The dataset is priced at $1,100 and sample files have been shared via Gofile links.
Date: 2026-06-04T04:19:45Z
Network: openweb
Published URL: https://breached.su/threads/317k-germany-https-www-giropay-de-user-contact-info-including-emails-phone-subscription-status-and-regional-data.87899/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Germany
Victim Industry: Finance
Victim Organization: Giropay
Victim Site: giropay.de
Alleged data breach of University of Osnabrück student portal
Category: Data Breach
Content: A threat actor is selling an alleged dataset of approximately 231,000 records originating from the University of Osnabrücks Stud.IP portal. The dataset reportedly includes three structured tables covering student contact details (name, email, phone, address), enrollment information (major, enrollment status, scholarship status, graduation date), and subscription preferences. The asking price is $1,400.
Date: 2026-06-04T04:19:12Z
Network: openweb
Published URL: https://breached.su/threads/231k-germany-https-studip-uni-osnabrueck-de-student-contact-data-with-emails-and-status-details.87901/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Germany
Victim Industry: Education
Victim Organization: University of Osnabrück
Victim Site: studip.uni-osnabrueck.de
Alleged data breach of ATP-Autoteile (atp-autoteile.de)
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from ATP-Autoteile, a German auto parts retailer. The dataset includes approximately 435,000 records across three tables — Contact, Order, and Deliverylog — containing customer PII (names, emails, phone numbers, addresses), order and payment details (including credit card type, owner, number, and expiration), and shipment tracking information. The data is being sold on a cybercrime forum.
Date: 2026-06-04T04:18:38Z
Network: openweb
Published URL: https://breached.su/threads/435k-germany-www-atp-autoteile-de-auto-parts-customer-contacts-with-emails-phone-and-addresses.87902/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Germany
Victim Industry: Retail
Victim Organization: ATP-Autoteile
Victim Site: atp-autoteile.de
Alleged data leak of undisclosed Chinese company (SnowSoul ransomware group)
Category: Data Leak
Content: Threat actor SnowSoul claims to have leaked data from an unnamed Chinese company after the victim refused to pay a $2,000 USD ransom. Leaked files include database backups (.MDF, .LDF, .BAK totaling approximately 11GB+), supplier and customer records from multiple branch offices, and financial spreadsheets referencing coal trading and accounts payable/receivable. Download links to the exfiltrated data were posted publicly on the forum.
Date: 2026-06-04T04:18:30Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-Chinese-data-%E4%B8%AD%E5%9B%BD%E6%95%B0%E6%8D%AE-SnowSoul-ID-1328
Screenshots:
1 screenshot(s) available
Threat Actors: SnowSoul
Victim Country: China
Victim Industry: Energy / Mining
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of undisclosed Chinese coal/energy company by SnowSoul following ransom refusal
Category: Data Leak
Content: The threat actor group SnowSoul claims to have leaked data from an unnamed Chinese company after the victim refused to pay a $2,000 USD ransom. The leaked data includes SQL Server database files (~400M records), financial spreadsheets (accounts payable, receivable, sales, trial balances), and supplier/customer records from multiple branch offices including Jincheng and Qingdao. Files reference coal and energy sector operations, suggesting the victim is active in the Chinese coal industry.
Date: 2026-06-04T04:18:19Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78870
Screenshots:
1 screenshot(s) available
Threat Actors: SnowSoul
Victim Country: China
Victim Industry: Energy
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Broil King Greece (broilking.gr) exposing 347K customer records
Category: Data Breach
Content: A threat actor is selling an alleged dataset from broilking.gr containing approximately 347,000 records across three sections: customer contacts (including names, emails, phone numbers, addresses, and dates of birth), product registrations (including serial numbers, purchase prices, and warranty details), and service request tickets. The data is priced at $1,000 and offered via Telegram.
Date: 2026-06-04T04:18:04Z
Network: openweb
Published URL: https://breached.su/threads/347k-greece-www-broilking-gr-user-contacts-including-emails-phones-addresses.87903/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Greece
Victim Industry: Retail
Victim Organization: Broil King Greece
Victim Site: broilking.gr
Alleged data leak of Bogotá Secretary of Education (SED) student and teacher records
Category: Data Leak
Content: A threat actor has freely distributed a compressed archive containing structured data from 20 institutions under the Bogotá Secretary of Education (SED), Colombia. The dataset reportedly includes student, teacher, campus, and guidance records across 42 campuses, organized per institution in JSON format. The data was made available via a public file-sharing link.
Date: 2026-06-04T04:17:24Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78868
Screenshots:
1 screenshot(s) available
Threat Actors: DozerMx
Victim Country: Colombia
Victim Industry: Government
Victim Organization: Bogotá Secretary of Education (SED)
Victim Site: educacionbogota.edu.co
Alleged data leak of Indonesian National Police database
Category: Data Leak
Content: A threat actor operating under the handle BhayangkaraID has freely distributed an alleged database attributed to the Indonesian National Police, containing approximately 341,000 records. The data was made available via two external file-sharing links. No further details regarding the data fields or method of compromise were provided in the post.
Date: 2026-06-04T04:17:09Z
Network: openweb
Published URL: https://breached.su/threads/341k-database-police-country-indonesia.87896/unread
Screenshots:
1 screenshot(s) available
Threat Actors: BhayangkaraID
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Indonesian National Police
Victim Site: Unknown
Alleged data breach of JobKorea – 127k user records leaked
Category: Data Breach
Content: 127,000 user records from jobkorea.co.kr (South Korean job search portal) have been leaked. The breach includes personally identifiable information: names, birth years, gender, phone numbers, email addresses, education details, career information, and raw CV documents.
Date: 2026-06-04T04:06:00Z
Network: telegram
Published URL: https://t.me/c/3500620464/9121
Screenshots:
1 screenshot(s) available
Threat Actors: Breach
Victim Country: South Korea
Victim Industry: Job Search/Recruitment
Victim Organization: JobKorea
Victim Site: jobkorea.co.kr
Alleged data breach of Marisa (marisa.com.br)
Category: Data Breach
Content: A threat actor is offering for sale a dataset allegedly originating from Brazilian retailer Marisa (marisa.com.br), containing approximately 637,000 records. The data is structured across three sections — Customer Contact, Order History, and Delivery Log — and includes full names, emails, phone numbers, physical addresses, IP addresses, order details, and delivery information. The seller claims the data is fresh and organized for practical use.
Date: 2026-06-04T03:45:08Z
Network: openweb
Published URL: https://breached.su/threads/637k-brazil-https-www-marisa-com-br-personal-data-including-names-emails-phones-addresses-ips.87882/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Brazil
Victim Industry: Retail
Victim Organization: Marisa
Victim Site: marisa.com.br
Alleged data breach of Timber Mart Canada
Category: Data Breach
Content: A threat actor is selling an alleged dataset of approximately 428,000 records attributed to timbermart.ca, a Canadian retail organization. The dataset reportedly includes customer contact details, order history, and authentication/security credentials such as passwords and login metadata. The seller is offering the data for $1,200 via Telegram contact.
Date: 2026-06-04T03:44:34Z
Network: openweb
Published URL: https://breached.su/threads/428k-canada-https-timbermart-ca-verified-contacts-with-business-and-communication-data.87883/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Canada
Victim Industry: Retail
Victim Organization: Timber Mart
Victim Site: timbermart.ca
Alleged data breach of Barbecues Galore Canada
Category: Data Breach
Content: A threat actor is selling an alleged dataset from barbecuesgalore.ca containing approximately 462,000 customer records. The dataset reportedly includes contact details (names, email addresses, phone numbers, physical addresses), product registration data, and customer support tickets. The seller is asking $900 and accepts forum escrow for the transaction.
Date: 2026-06-04T03:44:00Z
Network: openweb
Published URL: https://breached.su/threads/462k-canada-www-barbecuesgalore-ca-customer-contacts-with-emails-addresses-phone-numbers-and-subscription-status.87884/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Canada
Victim Industry: Retail
Victim Organization: Barbecues Galore
Victim Site: barbecuesgalore.ca
Alleged data breach of Onward Manufacturing Co. Ltd.
Category: Data Breach
Content: A threat actor is selling an alleged dataset from onwardmfg.com, a Canadian manufacturer, for $1,000. The dataset reportedly contains approximately 423,000 records across three sections — Contacts, Orders, and Support Tickets — including names, email addresses, phone numbers, physical addresses, order details, payment methods, and support ticket logs. Sample files were provided via Gofile links.
Date: 2026-06-04T03:43:25Z
Network: openweb
Published URL: https://breached.su/threads/423k-canada-https-www-onwardmfg-com-active-customer-contacts-including-emails-phone-numbers-and-addresses.87886/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Canada
Victim Industry: Manufacturing
Victim Organization: Onward Manufacturing Co. Ltd.
Victim Site: onwardmfg.com
Alleged data breach of Chiphell tech forum
Category: Data Breach
Content: A threat actor is offering an alleged dataset from Chiphell, a Chinese technology forum, containing approximately 763,000 records. The data is structured across three sections: Contacts (user profiles including names, emails, phone numbers, and social handles), Support Tickets (helpdesk records with communication logs), and User Preferences and Security (hashed passwords, activation keys, and account settings). The seller claims the data is fresh and organized for research or analysis purposes.
Date: 2026-06-04T03:42:52Z
Network: openweb
Published URL: https://breached.su/threads/763k-china-https-www-chiphell-com-user-profiles-and-contact-data-from-tech-forum-members.87887/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: China
Victim Industry: Technology
Victim Organization: Chiphell
Victim Site: chiphell.com
Alleged data breach of made-in-china.com manufacturing platform
Category: Data Breach
Content: A threat actor is offering a dataset allegedly sourced from made-in-china.com, a Chinese B2B manufacturing platform. The dataset reportedly contains 627,000 records across three sections: contacts (including full names, phone numbers, email addresses, and password hashes), purchase orders (including payment and shipping details), and customer requirements. Samples were shared via Gofile links.
Date: 2026-06-04T03:42:19Z
Network: openweb
Published URL: https://breached.su/threads/627k-china-www-made-in-china-com-manufacturing-company-contacts-and-business-profiles-database.87888/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: China
Victim Industry: Manufacturing
Victim Organization: Made-in-China
Victim Site: made-in-china.com
Alleged data breach of cncn.com exposing corporate contacts, support tickets, and order history
Category: Data Breach
Content: A threat actor is selling an alleged dataset from cncn.com comprising 736,000 records across three sections: Contacts (including full names, emails, phone numbers, and demographic data), Support Tickets, and Order History (including billing/shipping addresses and payment methods). The dataset is priced at $1,400 and is being offered via Telegram or forum private message.
Date: 2026-06-04T03:41:47Z
Network: openweb
Published URL: https://breached.su/threads/736k-china-https-www-cncn-com-corporate-contacts-with-emails-phone-numbers-and-business-details.87889/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: China
Victim Industry: Unknown
Victim Organization: CNCN
Victim Site: cncn.com
Alleged data breach of CALS (cals.cz) exposing customer contacts, orders, and newsletter subscribers
Category: Data Breach
Content: A threat actor is selling a dataset allegedly originating from cals.cz, a Czech organization, for $1,200. The dataset reportedly contains 327,000 records across three sections — customer contacts (including citizenship numbers, encrypted passwords, and personal details), order history (including payment method, billing/shipping addresses, and invoice numbers), and newsletter subscribers.
Date: 2026-06-04T03:41:14Z
Network: openweb
Published URL: https://breached.su/threads/327k-czech-republic-www-cals-cz-user-contacts-emails-phone-numbers-addresses-dataset.87890/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Czech Republic
Victim Industry: Unknown
Victim Organization: CALS
Victim Site: cals.cz
Alleged data leak of Kabupaten Jember database
Category: Data Leak
Content: A forum post on Breached claims to share a database associated with Kabupaten Jember, a regional government entity in Indonesia. No further details are available as the post content is empty.
Date: 2026-06-04T03:39:59Z
Network: openweb
Published URL: https://breached.su/threads/data-base-kabupaten-jember.87885/unread
Screenshots:
10 screenshot(s) available
Threat Actors: MatxCysec
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Kabupaten Jember
Victim Site: Unknown
Alleged data breach of Golf Australia (oneGolf)
Category: Data Breach
Content: A threat actor is selling an alleged dataset from onegolf.com.au containing approximately 712,000 records. The data reportedly includes member contact information (names, emails, phone numbers, addresses, birthdates), membership details (fees, status, club history), and tee time booking history. The seller is offering the dataset for $1,100 USD.
Date: 2026-06-04T03:19:45Z
Network: openweb
Published URL: https://breached.su/threads/712k-australia-https-www-onegolf-com-au-member-contact-data-including-emails-phones-addresses-and-membership-status.87874/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Australia
Victim Industry: Sports & Recreation
Victim Organization: Golf Australia (oneGolf)
Victim Site: onegolf.com.au
Alleged data breach of Bangladesh Overseas Employment and Services Limited (BOESL)
Category: Data Breach
Content: A threat actor is selling an alleged dataset of 732,000 records originating from boesl.gov.bd, the Bangladesh Overseas Employment and Services Limited. The dataset reportedly includes three sections: contact information for BMET-registered job applicants (including passport numbers, full names, dates of birth, mobile phones, and email addresses), biometric verification records, and job application data. The seller is asking $1,300 and accepts forum escrow for the transaction.
Date: 2026-06-04T03:19:13Z
Network: openweb
Published URL: https://breached.su/threads/732k-bangladesh-https-www-boesl-gov-bd-verified-expatriate-worker-registration-data-including-personal-and-contact-details.87875/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Bangladesh
Victim Industry: Government
Victim Organization: Bangladesh Overseas Employment and Services Limited
Victim Site: boesl.gov.bd
Alleged data breach of Amberit
Category: Data Breach
Content: A threat actor is selling an alleged dataset from amberit.com.bd, a Bangladesh-based IT organization, for $900. The dataset reportedly contains approximately 728,000 records spanning contacts (including personal details, encrypted passwords, and social media handles), orders, and support tickets. The seller is advertising the data as fresh and organized across three interconnected sections.
Date: 2026-06-04T03:18:40Z
Network: openweb
Published URL: https://breached.su/threads/728k-bangladesh-https-www-amberit-com-bd-active-it-contacts-with-emails-and-phone-numbers-database.87876/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Bangladesh
Victim Industry: Technology
Victim Organization: Amberit
Victim Site: amberit.com.bd
Alleged data breach of Amberit (amberit.com.bd) exposing 728K records
Category: Data Breach
Content: A threat actor is selling an alleged database dump from Amberit (amberit.com.bd), a Bangladeshi IT industry organization, for $1,400. The dataset reportedly contains approximately 728,000 records spanning three sections: Contacts (including email addresses, hashed passwords, phone numbers, and LinkedIn profiles), Orders (including payment methods, billing/shipping addresses, and financial totals), and Support Tickets (including ticket descriptions, resolution summaries, and customer satisfaction…
Date: 2026-06-04T03:18:06Z
Network: openweb
Published URL: https://breached.su/threads/728k-bangladesh-https-www-amberit-com-bd-emails-and-it-industry-contacts-data-dump.87877/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Bangladesh
Victim Industry: Technology
Victim Organization: Amberit
Victim Site: amberit.com.bd
Alleged data breach of Belgium Citizen Registry (ibz.rrn.fgov.be)
Category: Data Breach
Content: A threat actor is offering for sale an alleged dataset originating from the Belgian Federal Public Service Interiors National Register portal (ibz.rrn.fgov.be), purportedly containing 482,000 records. The dataset is claimed to span three sections: Contact (including national ID numbers, dates of birth, security clearance levels, and risk flags), Application For Social Benefits (including verified PII, eligibility scores, and payment account details), and Civil Registry Events (covering births,
Date: 2026-06-04T03:17:34Z
Network: openweb
Published URL: https://breached.su/threads/482k-belgium-https-www-ibz-rrn-fgov-be-citizen-registry-with-personal-ids-birth-dates-contact-details-and-validation-status.87878/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Belgium
Victim Industry: Government
Victim Organization: Belgian Federal Public Service Interior – National Register
Victim Site: ibz.rrn.fgov.be
Alleged data breach of 2dehands.be exposing user contact and listing data
Category: Data Breach
Content: A threat actor is selling an alleged dataset of approximately 276,000 records from 2dehands.be, a Belgian classified ads platform. The dataset reportedly includes contact details (email, full name, phone, address, birthdate), user listings, and customer interaction logs. The seller is asking $1,300 and accepts forum escrow for the transaction.
Date: 2026-06-04T03:17:01Z
Network: openweb
Published URL: https://breached.su/threads/276k-belgium-https-www-2dehands-be-contact-and-user-profile-data-including-emails-phones-and-locations.87879/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Belgium
Victim Industry: Retail
Victim Organization: 2dehands.be
Victim Site: 2dehands.be
Alleged data breach of CRMVSP – Brazil Veterinary Professional Records and Contact Database
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from crmvsp.gov.br, the São Paulo Regional Council of Veterinary Medicine. The dataset reportedly contains approximately 738,000 records across three sections — Contacts, Support Cases, and Ombudsman Feedback — including full names, emails, phone numbers, addresses, dates of birth, and case details. Sample download links were provided as proof.
Date: 2026-06-04T03:16:28Z
Network: openweb
Published URL: https://breached.su/threads/738k-brazil-https-crmvsp-gov-br-veterinary-professional-records-and-contact-database.87880/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Brazil
Victim Industry: Government
Victim Organization: CRMVSP
Victim Site: crmvsp.gov.br
Alleged data breach of Petz (petz.com.br) exposing veterinarian contacts and pet care records
Category: Data Breach
Content: A threat actor is offering for sale a dataset allegedly originating from Brazilian pet retail company Petz (petz.com.br), claimed to contain approximately 563,000 records. The dataset is structured across three sections: veterinarian contact details (including names, emails, phone numbers, and clinic information), pet care booking history (including client PII, payment details, and appointment records), and veterinarian continuing education records. The data appears to have been sourced from a S…
Date: 2026-06-04T03:15:55Z
Network: openweb
Published URL: https://breached.su/threads/563k-brazil-https-www-petz-com-br-vet-contacts-and-clinic-data-including-emails-and-phone-numbers.87881/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Brazil
Victim Industry: Retail
Victim Organization: Petz
Victim Site: petz.com.br
Alleged sale of internal database from Taiwan Psychological Warfare Unit including PLA, JSDF, ROC, and US military data
Category: Data Breach
Content: A threat actor is offering for sale an alleged internal database attributed to Taiwans Psychological Warfare Unit, claimed to contain data from the PLA, Japan Self-Defense Forces, ROC Armed Forces, and US military forces in the Western Pacific. The seller is offering complete SQL and CSV exports for 2.1 BTC via private message on the forum. The authenticity and origin of the data have not been verified.
Date: 2026-06-04T03:03:26Z
Network: openweb
Published URL: https://xforums.st/threads/exclusiveinternal-database-of-the-taiwan-psychological-warfare-team-under-massive-surveillance-by-china-the-us-japan-and-taiwan.618525/
Screenshots:
None
Threat Actors: simo_colvin
Victim Country: Taiwan
Victim Industry: Government
Victim Organization: Taiwan Psychological Warfare Unit
Victim Site: Unknown
Alleged data breach of Algerias official public service portal (service-public.dz)
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from service-public.dz, Algerias official public service portal. The dataset contains approximately 742,000 records organized into three sections: contacts (including national ID numbers, emails, phone numbers, and postal addresses), service requests submitted through the portal, and public information subscriptions. The seller has shared sample files via external hosting links.
Date: 2026-06-04T02:50:24Z
Network: openweb
Published URL: https://breached.su/threads/742k-algeria-https-www-service-public-dz-official-government-contacts-and-cultural-institution-data.87870/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Algeria
Victim Industry: Government
Victim Organization: service-public.dz
Victim Site: service-public.dz
Alleged data breach of Mendoza Provincial Government (mendoza.gov.ar)
Category: Data Breach
Content: A threat actor is selling an alleged dataset originating from mendoza.gov.ar, the official portal of Argentinas Mendoza provincial government, claiming approximately 742,000 records. The dataset is structured across three sections — Contacts, Business Registrations, and Citizen Service Requests — containing personally identifiable information including national ID numbers (DNI), full names, contact details, birth dates, gender, addresses, and business registration data. The post markets the dat
Date: 2026-06-04T02:49:48Z
Network: openweb
Published URL: https://breached.su/threads/742k-argentina-https-www-mendoza-gov-ar-dni-personal-data-records-including-contact-id-and-demographics.87871/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Argentina
Victim Industry: Government
Victim Organization: Government of Mendoza Province
Victim Site: mendoza.gov.ar
Alleged data breach of Kennel Club Argentino
Category: Data Breach
Content: A threat actor is offering a dataset allegedly originating from kennelclubargentino.org.ar, comprising approximately 742,000 records across three tables: member contacts (including national ID numbers, full names, emails, phone numbers, addresses, and encrypted passwords), a dog breeds registry linked to members, and event booking history. The data reportedly includes personally identifiable information for registered dog owners and breeders in Argentina.
Date: 2026-06-04T02:49:14Z
Network: openweb
Published URL: https://breached.su/threads/742k-argentina-www-kennelclubargentino-org-ar-registered-dog-owners-and-breeder-contact-data.87872/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Argentina
Victim Industry: Other
Victim Organization: Kennel Club Argentino
Victim Site: kennelclubargentino.org.ar
Alleged data leak of Syrian and foreign immigrant records in Turkey
Category: Data Leak
Content: A threat actor leaked a dataset allegedly containing records of Syrian and other foreign nationals residing in Turkey, dated September 2022. The dataset includes national ID numbers, full names, dates of birth, nationalities, and residential addresses. Approximately 6 million records are claimed, with sample entries showing individuals from Syria, Afghanistan, Iraq, Iran, Kazakhstan, and other countries.
Date: 2026-06-04T02:48:57Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Syrian-immigrants-living-in-Turkey
Screenshots:
1 screenshot(s) available
Threat Actors: [Mod] Tanaka
Victim Country: Turkey
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Mendoza Provincial Government (mendoza.gov.ar)
Category: Data Breach
Content: A threat actor is selling an alleged dataset of approximately 642,000 records originating from the Mendoza provincial government website. The dataset reportedly spans three structured tables — Contacts, PublicServiceApplications, and CitizenNotifications — containing personal data including national IDs, email addresses, phone numbers, physical addresses, dates of birth, employment status, and demographic information. Sample download links were provided via Gofile.
Date: 2026-06-04T02:48:40Z
Network: openweb
Published URL: https://breached.su/threads/642k-argentina-www-mendoza-gov-ar-personal-records-including-emails-ids-addresses-and-demographics.87873/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Aquahack
Victim Country: Argentina
Victim Industry: Government
Victim Organization: Government of Mendoza Province
Victim Site: mendoza.gov.ar
Sale of Robinhood USA leads including PII
Category: Data Breach
Content: A threat actor is selling leads attributed to Robinhood users in the United States, containing first name, last name, email, phone number, and occasionally address information. The seller explicitly claims this is not a database breach or leak from Robinhood. The data is marketed as suitable for call center operations, SMS, or email spam campaigns.
Date: 2026-06-04T02:24:27Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-Robinhood-USA-Leads-NOT-LEAK
Screenshots:
1 screenshot(s) available
Threat Actors: nest0r
Victim Country: United States
Victim Industry: Finance
Victim Organization: Robinhood
Victim Site: robinhood.com
Alleged data breach of Sepah Bank Iran
Category: Data Breach
Content: A threat actor is offering for sale an alleged database from Sepah Bank, Iran, dated 2025, claiming to contain data on 2.8 million users. The seller is asking $15,000 and accepting Monero (XMR), with a sample posted via Telegram. The post claims this is one part of the full dataset.
Date: 2026-06-04T02:24:11Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78817
Screenshots:
1 screenshot(s) available
Threat Actors: Yakohomot
Victim Country: Iran
Victim Industry: Finance
Victim Organization: Sepah Bank
Victim Site: sepahbank.ir
Sale of alleged exfiltrated data from Serbian military subcontractor
Category: Data Breach
Content: A threat actor is offering for sale 11TB of data allegedly exfiltrated from a Serbian company that serves as a military subcontractor involved in the manufacture of howitzers, ammunition, and complex weapons systems. The data purportedly includes internal documents, schematics, and engineering documents. The sellers identity and the specific victim organization have not been disclosed.
Date: 2026-06-04T02:23:35Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78833
Screenshots:
1 screenshot(s) available
Threat Actors: subz3ro
Victim Country: Serbia
Victim Industry: Defense
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Curious12 and supply chain organizations in North East England
Category: Data Leak
Content: A threat actor has freely leaked an alleged MySQL database dump attributed to Curious12.com, a creative agency managing infrastructure for organizations in North East England. The breach is claimed to be a supply chain compromise affecting over 60 client organizations spanning education, culture, and community sectors, with exposed data including customer names, phone numbers, residential addresses, email addresses, contact form records, and digital fingerprints. The actor states they attempted
Date: 2026-06-04T02:21:49Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78796
Screenshots:
2 screenshot(s) available
Threat Actors: xxf
Victim Country: United Kingdom
Victim Industry: Technology
Victim Organization: Curious12
Victim Site: curious12.com
Alleged data breach of Al Jalala University Egypt
Category: Data Breach
Content: A forum user is seeking to purchase a previously circulating database allegedly belonging to Al Jalala University in Egypt, noting that the original post or data has been deleted. The user claims to be willing to pay a high price for the dataset urgently.
Date: 2026-06-04T02:21:14Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78798
Screenshots:
1 screenshot(s) available
Threat Actors: omaronsec
Victim Country: Egypt
Victim Industry: Education
Victim Organization: Al Jalala University
Victim Site: Unknown
Alleged data breach of Hazecash.com financial services platform
Category: Data Leak
Content: A threat actor known as Cryptix has leaked an alleged database from Hazecash.com, described as a financial services and online payment platform. The dataset reportedly contains over 1 million records including usernames, email addresses, passwords, and IP addresses. The data was shared freely on a dark web forum with hidden download content accessible upon reply or account upgrade.
Date: 2026-06-04T02:20:36Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78799
Screenshots:
1 screenshot(s) available
Threat Actors: Cryptix
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Hazecash
Victim Site: hazecash.com
Alleged data leak of OGUsers.com user database
Category: Data Leak
Content: A threat actor on DarkForums has freely distributed an alleged database dump from ogusers.com, a known username-trading community forum. The leaked data reportedly includes user account identifiers, email addresses, password hashes and salts, IP logs, session metadata, and extensive forum activity records. The original file size is stated as approximately 1 GB; total record count is described as a large-scale dataset but not precisely quantified in the post.
Date: 2026-06-04T02:20:00Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78805
Screenshots:
1 screenshot(s) available
Threat Actors: Cryptix
Victim Country: Unknown
Victim Industry: Online Community / Forum
Victim Organization: OGUsers
Victim Site: ogusers.com
Alleged data leak of Indonesian bank account database
Category: Data Leak
Content: A threat actor has freely shared an alleged database of Indonesian bank account records on a dark web forum. The post provides minimal details, with no specific bank name, record count, or sample data disclosed. The database is described as fresh.
Date: 2026-06-04T02:19:23Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78813
Screenshots:
1 screenshot(s) available
Threat Actors: Anonpis
Victim Country: Indonesia
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Influentia.fr digital marketing platform database
Category: Data Leak
Content: A threat actor has freely shared an alleged SQL database dump from Influentia.fr, a French digital marketing and influencer analytics platform. The 2.2 GB dataset is claimed to contain approximately 49 million records including social media profile identifiers, follower/following metrics, biographical information, location metadata, and user attributes. Sample records reference Instagram profile data with demographic and engagement fields.
Date: 2026-06-04T02:18:44Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78846
Screenshots:
1 screenshot(s) available
Threat Actors: Cryptix
Victim Country: France
Victim Industry: Marketing
Victim Organization: Influentia
Victim Site: influentia.fr
Sale of stolen payment card dumps, fullz, and bank logs
Category: Carding
Content: A threat actor is selling stolen payment card dumps (Track 101, 201, 301), fullz for multiple countries, and bank logs with PINs for major US financial institutions including Bank of America, Chase, Capital One, USAA, Citi, and Wells Fargo. Pricing ranges from $50–$60 per fullz and $50 per card, with transactions in cryptocurrency. The seller also advertises cashing-out methods, OTP bot access, and fraud tutorials targeting US, Canadian, and UK banks.
Date: 2026-06-04T01:17:40Z
Network: openweb
Published URL: https://crackingx.com/threads/77914/
Screenshots:
2 screenshot(s) available
Threat Actors: CrazyDogg
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Lich Stealer malware with browser, crypto, and system data theft capabilities
Category: Malware
Content: A threat actor is advertising Lich Stealer, a Python-based information stealer for sale on a cybercrime forum. The malware targets Chromium-based browsers (passwords, cookies, credit cards, autofill, history), cryptocurrency wallets, FTP clients, VPNs, password managers, remote desktop tools, chat clients, and game launchers, with additional capabilities including clipboard hijacking, camera access, screenshot capture, LSASS impersonation for key extraction, Windows Defender evasion, and anti-
Date: 2026-06-04T01:02:17Z
Network: openweb
Published URL: https://breached.su/threads/lich-stealer-alien-monster.87869/unread
Screenshots:
2 screenshot(s) available
Threat Actors: Lich010203040506070809
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of 220,000 Serbian citizens
Category: Data Breach
Content: 220,000 Serbian citizen records allegedly breached and shared. Exposed data includes names, surnames, street addresses, personal identification numbers, and postal codes.
Date: 2026-06-04T00:25:46Z
Network: telegram
Published URL: https://t.me/c/3500620464/9118
Screenshots:
1 screenshot(s) available
Threat Actors: Breach
Victim Country: Serbia
Victim Industry: Government/Citizen Records
Victim Organization: Unknown
Victim Site: Unknown
Mass Website Defacement of Thai Academic Institution by Hidden Cyber Crime (Inside Alone7)
Category: Defacement
Content: On June 4, 2026, a threat actor operating under the alias Inside Alone7, affiliated with the group Hidden Cyber Crime, defaced a web page hosted on exam.sww.ac.th, a Thai academic institution domain. The incident was classified as a mass defacement, indicating multiple sites or pages were targeted as part of this campaign. The compromised server was running Linux, and a mirror of the defacement was archived at haxor.id.
Date: 2026-06-04T00:24:19Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249792
Screenshots:
1 screenshot(s) available
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Thailand
Victim Industry: Education
Victim Organization: SWW Academic Institution
Victim Site: exam.sww.ac.th
Mass Website Defacement of Thai Academic Institution by Hidden Cyber Crime (Inside Alone7)
Category: Defacement
Content: On June 4, 2026, a threat actor known as Inside Alone7, operating under the group Hidden Cyber Crime, conducted a mass defacement targeting app.sww.ac.th, a Thai academic institution. The attack targeted a Linux-based server and resulted in the defacement of the page at /as.htm. The incident was classified as a mass defacement, suggesting multiple sites or pages were simultaneously compromised.
Date: 2026-06-04T00:22:47Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249790
Screenshots:
1 screenshot(s) available
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Thailand
Victim Industry: Education
Victim Organization: SWW Academic Institution (app.sww.ac.th)
Victim Site: app.sww.ac.th
Alleged data breach of PolicyBazaar
Category: Data Breach
Content: PolicyBazaar user data has been leaked and made available. The breach includes personal information from the Indian insurance and financial services platform.
Date: 2026-06-04T00:21:45Z
Network: telegram
Published URL: https://t.me/c/3500620464/9107
Screenshots:
1 screenshot(s) available
Threat Actors: Breach
Victim Country: India
Victim Industry: Insurance/Financial Services
Victim Organization: PolicyBazaar
Victim Site: policybazaar.com
Mass defacement of Thai academic institution by Hidden Cyber Crime (Inside Alone7)
Category: Defacement
Content: On June 4, 2026, a threat actor known as Inside Alone7, operating under the group Hidden Cyber Crime, conducted a mass defacement attack targeting cer.sww.ac.th, a Thai academic institution running on a Linux server. The attack affected multiple targets as part of a coordinated mass defacement campaign, with the defaced page archived at haxor.id.
Date: 2026-06-04T00:20:57Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/249791
Screenshots:
1 screenshot(s) available
Threat Actors: Inside Alone7, Hidden Cyber Crime
Victim Country: Thailand
Victim Industry: Education
Victim Organization: SWW Academic Institution (cer.sww.ac.th)
Victim Site: cer.sww.ac.th
Alleged data breach of Philippine government agencies and private organizations
Category: Data Breach
Content: Multiple breaches affecting Philippine government domains including monitoring.region10.dost.gov.ph (Department of Science and Technology), portal.gab.gov.ph (Government Assistance Bureau – LandBank Payment API dump), and ddocts.cwc.gov.ph (Civil Works Council). Additionally, a large-scale breach of worldcitigroup.com affecting 25+ subdomains and associated entities including medical centers, educational institutions, and property management systems.
Date: 2026-06-04T00:20:40Z
Network: telegram
Published URL: https://t.me/c/3500620464/9100
Screenshots:
2 screenshot(s) available
Threat Actors: Breach
Victim Country: Philippines
Victim Industry: Government, Healthcare, Education, Financial Services
Victim Organization: Philippine Government Agencies and WorldCiti Group
Victim Site: dost.gov.ph, gab.gov.ph, cwc.gov.ph, worldcitigroup.com
Alleged data breach of Krys.com with medical and financial documents
Category: Data Breach
Content: A threat actor is selling 66.6 GB of data allegedly exfiltrated from Krys, a French optical retail chain. The dataset reportedly contains 153,675 files including medical prescriptions, health insurance cards, banking documents, and quotes in PDF format. Sample archives have been made available via multiple file-sharing platforms.
Date: 2026-06-04T00:08:05Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-FR-66-GB-of-KRYS-COM
Screenshots:
1 screenshot(s) available
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Healthcare
Victim Organization: Krys
Victim Site: krys.com
Alleged database breach of Municipalidad de Gualeguay
Category: Data Breach
Content: Database dump from municipalidad.gualeguay.gob.ar (Gualeguay Municipality government website) shared in breach channel.
Date: 2026-06-04T00:06:56Z
Network: telegram
Published URL: https://t.me/c/3500620464/9099
Screenshots:
1 screenshot(s) available
Threat Actors: Breach
Victim Country: Argentina
Victim Industry: Government
Victim Organization: Municipalidad de Gualeguay
Victim Site: municipalidad.gualeguay.gob.ar
Alleged database dump of Castello del Barro
Category: Data Breach
Content: A database dump allegedly from www.castellodelbarro.com has been shared in the breach channel. The dump appears to contain structured data from the organizations database.
Date: 2026-06-04T00:05:42Z
Network: telegram
Published URL: https://t.me/c/3500620464/9098
Screenshots:
1 screenshot(s) available
Threat Actors: Breach
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Castello del Barro
Victim Site: castellodelbarro.com
Alleged leak of Moroccan Baccalaureate Physics-Chemistry exam
Category: Data Leak
Content: A threat actor claims to have obtained the Chemistry section of Moroccos Baccalaureate examination several hours before the exam was administered. The leaked exam content was reportedly published on a Telegram channel operated by the same actor.
Date: 2026-06-04T00:03:37Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Moroccan-Bac-Physics-Chemistry-Exam-Leaked
Screenshots:
1 screenshot(s) available
Threat Actors: jabaroot0
Victim Country: Morocco
Victim Industry: Government
Victim Organization: Moroccan Ministry of Education
Victim Site: Unknown
Alleged data breach of digital-avocat.fr by LunarisSec
Category: Data Breach
Content: Threat actor group LunarisSec claims to have breached digital-avocat.fr, a French legal services platform, via an exposed API. The actors allege extraction of approximately 270,074 user records containing names, email addresses, phone numbers, physical addresses, dates of birth, IBANs, SEPA banking details, call history, invoices, and admin data. The data is being offered for sale via Telegram.
Date: 2026-06-04T00:03:19Z
Network: openweb
Published URL: https://breached.su/threads/breach-https-www-digital-avocat-fr-by-lunarissec.87867/unread
Screenshots:
5 screenshot(s) available
Threat Actors: pwn2dd
Victim Country: France
Victim Industry: Legal Services
Victim Organization: Digital Avocat
Victim Site: digital-avocat.fr
Alleged data leak of PKS party membership records (KTA PKS)
Category: Data Leak
Content: A threat actor using the handle RanzXZ has freely shared a dataset allegedly containing membership card (KTA) records of PKS (Partai Keadilan Sejahtera), an Indonesian political party. The leaked data includes national ID numbers (NIK), full names, dates of birth, addresses, religion, marital status, education level, email addresses, and phone numbers. The data appears to have been validated as recently as early 2024.
Date: 2026-06-04T00:02:40Z
Network: openweb
Published URL: https://breached.su/threads/data-leak-kta-pks.87868/unread
Screenshots:
4 screenshot(s) available
Threat Actors: RanzXZ
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Partai Keadilan Sejahtera (PKS)
Victim Site: pks.id

Detected Incidents Draft Data – 2026-06-03 (day before)

Alleged sale of server shell access by Pharaohs_Team
Category: Initial Access
Content: Threat actor offering server shell access for sale. Contact available via @phteam_1 DM for pricing. File reference: server6_shell_ok.txt suggests verified/working shell access.
Date: 2026-06-03T23:16:20Z
Network: telegram
Published URL: https://t.me/Pharaoh_e/68
Screenshots:
1 screenshot(s) available
Threat Actors: Pharaohs_Team
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Classima Club Italy
Category: Data Breach
Content: A threat actor is offering a database allegedly belonging to Classima Club, an Italian membership-based online shopping club, containing over 43,500 customer records. The exposed data includes order IDs, customer names, email addresses, phone numbers, physical addresses, order totals, PayPal transaction statuses, and product details. Sample records indicate customers from multiple countries including Italy, France, Romania, and Spain.
Date: 2026-06-03T22:58:36Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Classima-Club-Italy-43-5K-Customers
Screenshots:
1 screenshot(s) available
Threat Actors: 2019
Victim Country: Italy
Victim Industry: Retail
Victim Organization: Classima Club
Victim Site: Unknown
Alleged data leak of Krys.com customer database
Category: Data Leak
Content: A threat actor is freely distributing a partial database allegedly belonging to Krys.com, a French optical retail chain with over 1,000 stores. The leaked data reportedly contains 294,206 lines covering 198,517 individuals, including order records with full names, addresses, dates of birth, French social security numbers (NSS), and financial transaction data. Samples provided in the post reference order and quote records dated as recently as March 2025.
Date: 2026-06-03T22:31:31Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-FR-294K-KRYS-COM
Screenshots:
1 screenshot(s) available
Threat Actors: ChimeraZ
Victim Country: France
Victim Industry: Retail
Victim Organization: Krys
Victim Site: krys.com
Alleged leak of Claude API tokens
Category: Data Leak
Content: A threat actor is distributing a claimed set of 400,000 Claude API tokens via a forum post and an external site (tokies.lol). If valid, these tokens could allow unauthorized access to Anthropics Claude API services at the expense of legitimate account holders.
Date: 2026-06-03T22:18:33Z
Network: openweb
Published URL: https://patched.to/Thread-%E2%9D%A4%EF%B8%8F-claude-api-tokens-400k-ai-tokies-%E2%9D%A4%EF%B8%8F
Screenshots:
1 screenshot(s) available
Threat Actors: JVZU
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Anthropic
Victim Site: anthropic.com
Alleged data breach of Zendesk – 70,000 user records with PII and payment data for sale
Category: Data Breach
Content: Threat actor claiming to have breached Zendesk and offering to sell database containing personal information from approximately 70,000 users including email addresses, Discord usernames, phone numbers, support tickets, IP addresses, last 4 digits of credit cards, and photos of ID cards/passports for age verification. Seller is asking $500k USD and providing proof images and sample download. Contact methods provided: XMPP ([email protected]), Telegram (@shsupportsh), and email (sh1nyhunt3rs@tu…
Date: 2026-06-03T21:56:02Z
Network: telegram
Published URL: https://t.me/c/3500620464/9085
Screenshots:
1 screenshot(s) available
Threat Actors: shinyc0rpsss
Victim Country: Unknown
Victim Industry: Software/SaaS – Customer Support Platform
Victim Organization: Zendesk
Victim Site: zendesk.com
Alleged data breach of Discord via Zendesk
Category: Data Breach
Content: The threat actor ShinyHunters claims to be selling 1.6TB of Discord user data allegedly obtained through Zendesk. The dataset purportedly includes user emails, Discord usernames, phone numbers, IP addresses, support ticket contents, last four digits of credit cards, and government-issued ID photos for approximately 70,000 users. The seller is asking $500,000 USD and has provided a sample dataset containing records from users across multiple countries.
Date: 2026-06-03T21:51:36Z
Network: openweb
Published URL: https://breachforum.su/Thread-SELLING-Zendesk-Discord-Panel-Zendesk
Screenshots:
1 screenshot(s) available
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Discord
Victim Site: discord.com
Alleged sale of compromised X/Twitter accounts with verification badges
Category: Initial Access
Content: Threat actor offering to sell compromised X/Twitter accounts categorized by verification badge level (Blue, Gold, Grey). This represents initial access to legitimate social media accounts that could be used for credential harvesting, phishing, malware distribution, or account takeover attacks.
Date: 2026-06-03T21:45:26Z
Network: telegram
Published URL: https://t.me/c/2613583520/96583
Screenshots:
1 screenshot(s) available
Threat Actors: Raphee
Victim Country: Unknown
Victim Industry: Social Media
Victim Organization: X/Twitter
Victim Site: twitter.com
Alleged Cryptocurrency Money Mule Recruitment Scheme
Category: Cyber Attack
Content: User claiming to be from China offering 10%+ commission to help purchase USDT cryptocurrency due to alleged policy restrictions. Requests fund transfer and long-term partnership establishment. Classic advance fee fraud/money mule recruitment pattern.
Date: 2026-06-03T21:43:43Z
Network: telegram
Published URL: https://t.me/c/2613583520/96572
Screenshots:
1 screenshot(s) available
Threat Actors: Alexandr
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Korek Telecom database allegedly containing 750,000+ records
Category: Data Breach
Content: A threat actor on BreachForums is selling an alleged database belonging to Korek Telecom, an Iraqi telecommunications provider. The dataset reportedly contains over 750,000 rows of data, with sample screenshots provided. The seller accepts escrow and requests buyers to submit a budget and statement of interest before providing pricing details.
Date: 2026-06-03T21:27:18Z
Network: openweb
Published URL: https://breachforum.su/Thread-SELLING-Iraq-Korek-Telecom-Database
Screenshots:
1 screenshot(s) available
Threat Actors: 7by7
Victim Country: Iraq
Victim Industry: Telecommunications
Victim Organization: Korek Telecom
Victim Site: korektel.com
Alleged data leak of BCD Travel
Category: Data Leak
Content: A threat actor claiming to be ShinyHunters has leaked data allegedly stolen from BCD Travel, comprising over 700,000 Salesforce records and corporate data from various SharePoint sites totaling 30GB+ compressed. The post indicates the company declined to reach an agreement with the threat actors. The data has been made available for download on BreachForums.
Date: 2026-06-03T21:26:34Z
Network: openweb
Published URL: https://breachforum.su/Thread-DATABASE-BCD-Travel
Screenshots:
1 screenshot(s) available
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Travel
Victim Organization: BCD Travel
Victim Site: bcdtravel.com
Alleged data breach of BCD Travel – 700k Salesforce records and corporate data leaked
Category: Data Breach
Content: A threat actor claims to have compromised over 700,000 Salesforce records and various SharePoint sites belonging to BCD Travel, a corporate travel management company. The actor states that negotiations with the company failed and has made approximately 30GB+ of compressed data available for download on Breach Forum.
Date: 2026-06-03T21:06:44Z
Network: telegram
Published URL: https://t.me/c/3500620464/9073
Screenshots:
1 screenshot(s) available
Threat Actors: Unknown
Victim Country: Unknown
Victim Industry: Travel & Hospitality
Victim Organization: BCD Travel
Victim Site: bcdtravel.com
Alleged leak of confidential Sikorsky H-60 Black Hawk inspection photos and reports
Category: Data Leak
Content: A threat actor has freely distributed 110 files purportedly containing confidential inspection photos, reports, and inspection lists related to the Sikorsky H-60 Black Hawk military helicopter. The files are being made available via Telegram. The source and authenticity of the leak have not been verified.
Date: 2026-06-03T20:18:21Z
Network: openweb
Published URL: https://leakforum.io/Thread-Leak-USA-Sikorsky-H-60-Black-Hawk-Confidential-Inspection-Photos-Reports-Leaked
Screenshots:
1 screenshot(s) available
Threat Actors: mosad
Victim Country: United States
Victim Industry: Defense
Victim Organization: Sikorsky
Victim Site: sikorsky.com
Sale of SilentSpy Ultimate Version 3.0 spyware tool
Category: Malware
Content: A forum user is distributing SilentSpy Ultimate Version 3.0, described as a spyware application capable of capturing passwords, financial data, and private communications. The post includes a VirusTotal link suggesting the file has been scanned. The tool is offered via a download link on a cracking tools forum.
Date: 2026-06-03T20:17:18Z
Network: openweb
Published URL: https://leakforum.io/Thread-Cracked-SilentSpy-Ultimate-Version-3-0
Screenshots:
2 screenshot(s) available
Threat Actors: Marqui1234
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cracked ATM card cloning tools
Category: Carding
Content: A threat actor is distributing cracked ATM card cloning tools via a forum post, with download links provided and additional tools available for purchase via Telegram. The tools are described as targeting magnetic stripe and chip data from debit/credit cards, ATM users, point-of-sale systems, and online banking users.
Date: 2026-06-03T20:16:53Z
Network: openweb
Published URL: https://leakforum.io/Thread-Cracked-ATM-Card-Cloning-Tools-Cracked–22195
Screenshots:
1 screenshot(s) available
Threat Actors: Marqui1234
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cracked Unlock Tool Pro software
Category: Malware
Content: A forum post is distributing a cracked version of Unlock Tool Pro, an Android device servicing tool supporting FRP bypass, bootloader unlock, IMEI repair, and screen lock removal. A VirusTotal link is included, suggesting the file may contain malicious code. The tool supports a wide range of Android device manufacturers.
Date: 2026-06-03T20:16:07Z
Network: openweb
Published URL: https://leakforum.io/Thread-Cracked-Unlock-Tool-Pro
Screenshots:
2 screenshot(s) available
Threat Actors: Marqui1234
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of crdent.ru by Raxor404 (SANTIAGO404)
Category: Defacement
Content: On June 4, 2026, threat actor Raxor404, operating under the team SANTIAGO404, conducted a homepage defacement of crdent.ru, a Russian dental or medical-related website. The attack targeted the main index page and was not part of a mass defacement campaign. The incident has been mirrored and documented via zone-xsec.com.
Date: 2026-06-03T20:15:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931068
Screenshots:
1 screenshot(s) available
Threat Actors: Raxor404, SANTIAGO404
Victim Country: Russia
Victim Industry: Healthcare
Victim Organization: CRDent
Victim Site: crdent.ru
Sale of alleged personal data including SSN, ID cards, passports, and financial records
Category: Carding
Content: A forum user is advertising a private database allegedly containing personal identity documents including ID cards, SSNs, drivers licenses, passports, and bank card data. No specific victim organization or record count is disclosed. The post content was unavailable for further analysis.
Date: 2026-06-03T20:08:32Z
Network: openweb
Published URL: https://xforums.st/threads/fresh-private-base-data-id-cards-ssn-drivers-license-passports-bank-cards.618521/
Screenshots:
1 screenshot(s) available
Threat Actors: jannat123
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged RCE vulnerability in FortiClient via code injection in authentication window (CVE-2025-31365)
Category: Vulnerability
Content: A forum post details CVE-2025-31365, a remote code execution vulnerability in Fortinets FortiClient application. The vulnerability involves code injection through the authentication window (Local/LDAP flow) in the Electron-based client, exploitable via the fabricagent:// URL scheme. The post includes technical analysis of the custom EMS-client protocol, authentication flows, and exploitation path.
Date: 2026-06-03T19:48:38Z
Network: openweb
Published URL: https://tier1.life/thread/280
Screenshots:
4 screenshot(s) available
Threat Actors: RedQueen
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Fortinet
Victim Site: fortinet.com
Alleged data breach of Instituto Estatal para la Educación de los Adultos (IEEA) Campeche
Category: Data Leak
Content: The threat actor group SoulHemTeam claims to have breached the State Institute for Adult Education (IEEA) in Campeche, Mexico, and has freely leaked data from the organization. The leaked data allegedly includes full names, phone numbers, email addresses, CURP national ID numbers, employee and student records, and salary information. A sample of staff directory data including names, departments, and email addresses was posted publicly.
Date: 2026-06-03T19:33:35Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Leak-campeche-inea-gob-mx
Screenshots:
1 screenshot(s) available
Threat Actors: l1ghtSoulHem
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Instituto Estatal para la Educación de los Adultos (IEEA) Campeche
Victim Site: campeche.inea.gob.mx
Alleged data leak of BreachForums database
Category: Data Leak
Content: A threat actor is freely distributing an alleged SQL database dump of BreachForums via a MediaFire link. The post provides no details on record count or data fields contained within the dump.
Date: 2026-06-03T19:33:19Z
Network: openweb
Published URL: https://breached.su/threads/database-complete-breachforums.87859/unread
Screenshots:
1 screenshot(s) available
Threat Actors: BhayangkaraID
Victim Country: United States
Victim Industry: Technology
Victim Organization: BreachForums
Victim Site: breachforums.st
Alleged data leak of French fire service SDIS 37 (sdis37.fr)
Category: Data Leak
Content: AplaGroup has freely distributed a database allegedly sourced from sdis37.fr, the French departmental fire and rescue service for Indre-et-Loire. The leaked data reportedly contains personal information and profile pictures of 2,637 agents across all departments and 54 agents from private agencies. The data was shared as JSON files via a hidden download link on the forum.
Date: 2026-06-03T19:03:04Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-FR-Pompiers-SDIS-2-7K-37-AplaGroup
Screenshots:
1 screenshot(s) available
Threat Actors: AplaGroup
Victim Country: France
Victim Industry: Government
Victim Organization: SDIS 37 (Service Départemental dIncendie et de Secours dIndre-et-Loire)
Victim Site: sdis37.fr
Alleged data breach of Chicago City Clerk (chicago.gov)
Category: Data Leak
Content: A threat actor claims to have breached the Chicago City Clerks Legislation API and is distributing full PII records for free via Telegram. The post asserts the data is fresh and originates from the official legislative records system of the City of Chicago. The dataset reportedly contains 271 records with full PII.
Date: 2026-06-03T18:28:31Z
Network: openweb
Published URL: https://breached.su/threads/271-chicago-gov-full-pii-infos-exposed-for-free.87854/unread
Screenshots:
1 screenshot(s) available
Threat Actors: cc5ab
Victim Country: United States
Victim Industry: Government
Victim Organization: City of Chicago – City Clerk
Victim Site: chicago.gov
Alleged sale of INM (Instituto Nacional de Migración) database containing 590,000 records
Category: Data Breach
Content: A threat actor is offering for sale an alleged database from Mexicos Instituto Nacional de Migración (INM/SIOM) containing approximately 590,000 records. The dataset purportedly includes highly sensitive personal, biometric, and immigration data such as full names, dates of birth, CURP identifiers, passport numbers, visa types, biometric templates, digitized signatures, judicial orders, deportation records, detention history, and family member information. Contact is provided via Signal and Tel
Date: 2026-06-03T18:28:00Z
Network: openweb
Published URL: https://breached.su/threads/for-sale-inm-database-siom.87855/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Black0ut_Exi
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Instituto Nacional de Migración (INM)
Victim Site: inm.gob.mx
Alleged data leak of Bouygues Telecom (bouyguestelecom.fr) database
Category: Data Leak
Content: A threat actor known as xMetah claims to have leaked a portion of a Bouygues Telecom database allegedly dumped in early May, making approximately 33,990 raw records available to the public. The post states that the full 4.1 million record dataset is available for purchase via private message. A sample link is provided via Pastebin.
Date: 2026-06-03T18:27:47Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-bouyguestelecom-fr-4-1M-Leaked-Download
Screenshots:
1 screenshot(s) available
Threat Actors: xMetah
Victim Country: France
Victim Industry: Telecommunications
Victim Organization: Bouygues Telecom
Victim Site: bouyguestelecom.fr
Alleged data leak of France Services government agent profiles
Category: Data Leak
Content: A threat actor known as DumpsecV2 is freely distributing a dataset allegedly containing 11,000 profiles of France Services government agents. The leaked data appears to include full names, email addresses, organizational affiliations, and job titles sourced from the Osmose France Services portal. The data is shared behind a reply-gate on the forum.
Date: 2026-06-03T17:51:58Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-FR-Osmose
Screenshots:
1 screenshot(s) available
Threat Actors: DumpsecV2
Victim Country: France
Victim Industry: Government
Victim Organization: France Services
Victim Site: osmose.france-services.gouv.fr
Alleged data breach of Pyszne.pl
Category: Data Breach
Content: A threat actor is selling allegedly stolen data from Pyszne.pl, Polands largest online food ordering platform, claiming approximately 430,000 records. The dataset reportedly includes user IDs, email addresses, phone masks, language preferences, registration dates, address details, region, city, postal code, gender, and device information. The actor accepts escrow and is contactable via Telegram and Session.
Date: 2026-06-03T17:50:37Z
Network: openweb
Published URL: https://breached.su/threads/430k-poland-www-pyszne-pl-fresh-pii-data.87852/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Jeffrey Epstein
Victim Country: Poland
Victim Industry: Food Delivery
Victim Organization: Pyszne.pl
Victim Site: pyszne.pl
Alleged data leak of Osmose France Services government agent profiles
Category: Data Leak
Content: A threat actor known as DumpsecV2 is freely distributing an alleged dataset of 11,000 profiles belonging to French government France Services agents. The leaked data appears to include names, email addresses, job titles, and affiliated office locations sourced from the Osmose platform.
Date: 2026-06-03T17:18:41Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-FR-Osmose
Screenshots:
1 screenshot(s) available
Threat Actors: DumpsecV2
Victim Country: France
Victim Industry: Government
Victim Organization: France Services (Osmose)
Victim Site: osmose.france-services.gouv.fr
Alleged leak of Indonesian personal identifying information and credentials
Category: Data Leak
Content: Leaked personal data of an Indonesian individual (Grenalio Kristian Siahaan) including National ID (NIK), phone number, full address in Bekasi, Jawa Barat, associated email ([email protected]), and username. Data includes metadata timestamps and biographical information.
Date: 2026-06-03T16:45:18Z
Network: telegram
Published URL: https://t.me/c/3841736872/649
Screenshots:
2 screenshot(s) available
Threat Actors: DEWATA BLACKHAT
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Carding or fraud method service offering
Category: Carding
Content: A forum user is advertising a fraud or carding method via direct message, claiming potential gains of $5,000 to $7,000. The post directs interested parties to contact the user @JAMMYSIM with the keyword method. No specific victim, target, or technique is disclosed.
Date: 2026-06-03T16:43:12Z
Network: openweb
Published URL: https://demonforums.net/Thread-Yoo-if-you-new-here–213227
Screenshots:
1 screenshot(s) available
Threat Actors: pssp
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Centre National Privé de Formation à Distance (CNFDI)
Category: Data Breach
Content: Threat actors affiliated with LunarisSec claim to have exploited a GraphQL API vulnerability on campus.cnfdi.com, the online platform of French distance-learning institution CNFDI. The actors allege extraction of multiple data entities including user emails, event registrations, sessions, articles, and other structured records. The post indicates the extracted data, including emails and sensitive fields, is being offered for resale.
Date: 2026-06-03T16:34:07Z
Network: openweb
Published URL: https://breached.su/threads/https-campus-cnfdi-com.87851/unread
Screenshots:
1 screenshot(s) available
Threat Actors: pwn2dd
Victim Country: France
Victim Industry: Education
Victim Organization: Centre National Privé de Formation à Distance
Victim Site: campus.cnfdi.com
Alleged data breach of Carvivo
Category: Data Breach
Content: A threat actor claims to have breached Carvivo, a French SaaS lead management platform serving over 1,700 car dealerships across Europe. The alleged dataset contains approximately 8 million lead records including contact names, phone numbers, email addresses, vehicle registration numbers, and automotive transaction details, as well as over 3.2 million unique email addresses and 5 million number plates. Sample data rows were shared publicly, and a CSV export link was included in the post.
Date: 2026-06-03T16:16:49Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-FR-Carvivo
Screenshots:
1 screenshot(s) available
Threat Actors: DumpsecV2
Victim Country: France
Victim Industry: Automotive
Victim Organization: Carvivo
Victim Site: carvivo.com
Alleged XSS vulnerability and cookie theft affecting French Ministry of Health
Category: Vulnerability
Content: Threat actor group LunarisSEC claims to have discovered a reflected XSS vulnerability on sante.gouv.fr, the French Ministry of Health website. The group alleges they were able to intercept user cookies, tokens, and credentials via the flaw. The vulnerability is claimed to be undisclosed to ANSSI, the French national cybersecurity agency.
Date: 2026-06-03T16:11:10Z
Network: openweb
Published URL: https://breached.su/threads/https-sante-gouv-fr-pwned-lunarissec.87850/unread
Screenshots:
1 screenshot(s) available
Threat Actors: pwn2dd
Victim Country: France
Victim Industry: Government
Victim Organization: French Ministry of Health
Victim Site: sante.gouv.fr
Alleged defacement of uh-ty.com.ua by NoName057(16)
Category: Defacement
Content: NoName057(16) claims to have defaced the Ukrainian website uh-ty.com.ua (a souvenir/merchandise retailer). The threat actor posted a message stating they replaced the homepage with their symbol and a political message opposing Ukrainian support for European integration. The post includes threats of continued attacks against Ukrainian digital infrastructure.
Date: 2026-06-03T15:59:23Z
Network: telegram
Published URL: https://t.me/c/3087552512/2133
Screenshots:
3 screenshot(s) available
Threat Actors: NoName057(16)
Victim Country: Ukraine
Victim Industry: retail
Victim Organization: uh-ty.com.ua
Victim Site: uh-ty.com.ua
Alleged cryptocurrency money mule recruitment scam
Category: Phishing
Content: User claiming to be from China solicits assistance purchasing USDT cryptocurrency, offering 10%+ commission and promising long-term partnership. Classic money mule/advance-fee fraud scheme targeting individuals to facilitate illicit fund transfers.
Date: 2026-06-03T15:55:23Z
Network: telegram
Published URL: https://t.me/c/2613583520/96421
Screenshots:
1 screenshot(s) available
Threat Actors: Alexandr
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data exfiltration and wipe attack by Ababil of Minab – 20 TB impact
Category: Cyber Attack
Content: Ababil of Minab claims responsibility for compromising 20 critical machines, resulting in approximately 20 TB of data destruction and 2 TB of sensitive data exfiltration. The threat actor mocks the victim organizations outdated security posture (founded 2008, still using 2008-era security).
Date: 2026-06-03T15:49:28Z
Network: telegram
Published URL: https://t.me/c/3899821869/79
Screenshots:
1 screenshot(s) available
Threat Actors: Ababil of Minab
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of IT Curves
Category: Data Breach
Content: Ababil of Minab threat actor claims to have hacked IT Curves, a U.S.-based provider of AI-powered transportation management solutions for public transit and medical transportation services. The actor posted breach notification with supporting photo evidence.
Date: 2026-06-03T15:47:35Z
Network: telegram
Published URL: https://t.me/c/3899821869/71
Screenshots:
2 screenshot(s) available
Threat Actors: Ababil of Minab
Victim Country: United States
Victim Industry: Transportation Software/SaaS
Victim Organization: IT Curves
Victim Site: Unknown
Alleged data breach of S.O.S. Ltda (sosltda.com)
Category: Data Breach
Content: A threat actor is offering an alleged database dump from S.O.S. Ltda, a Colombian physical and electronic security services company established in 1957. The dataset, reportedly over 400MB in PDF/XLSX format, contains employee records including full names, national ID numbers, employment contracts, salaries, job titles, and payroll data. Sample records indicate personnel data dating back to at least 2001.
Date: 2026-06-03T15:42:57Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Colombia-2026-sosltda-com-Database
Screenshots:
2 screenshot(s) available
Threat Actors: V0idix
Victim Country: Colombia
Victim Industry: Security Services
Victim Organization: S.O.S. Ltda
Victim Site: sosltda.com
Alleged data breach of Centre National Droit du Travail via SQL Injection
Category: Data Breach
Content: The LunarisSec group claims to have exploited a Blind SQL Injection vulnerability in centre-national-droit-du-travail.fr, exposing 41 tables containing user credentials, admin accounts, and personal data including names, addresses, emails, passwords, and company information. The affected stack was identified as PHP 5.3.3, Nginx 1.14.2, and MySQL 5.x. Extracted schema details from the compte table were shared publicly in the forum post.
Date: 2026-06-03T15:42:20Z
Network: openweb
Published URL: https://breached.su/threads/breach-centre-national-droit-du-travail-fr-by-lunarissec.87849/unread
Screenshots:
1 screenshot(s) available
Threat Actors: pwn2dd
Victim Country: France
Victim Industry: Government
Victim Organization: Centre National Droit du Travail
Victim Site: centre-national-droit-du-travail.fr
Sale of cryptocurrency cashout and wallet cracking methodology
Category: Carding
Content: A forum user is offering a downloadable guide marketed as a crypto cashout method on a cracking forum, framed with SEO-friendly educational language. The post provides multiple download links for a methodology purportedly covering cryptocurrency wallet analysis, private key recovery, and seed phrase exploitation. Despite the claimed educational framing, the context and forum placement suggest the content is intended for illicit cryptocurrency theft or cashout operations.
Date: 2026-06-03T15:24:09Z
Network: openweb
Published URL: https://nulledbb.com/thread-600-Crypto-Cashout-2026-Working-Method–2303560
Screenshots:
1 screenshot(s) available
Threat Actors: ZamanX
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Secretaría de Finanzas y Tesorería del Estado de Nuevo León
Category: Data Leak
Content: A threat actor operating under the alias Z3r00 has freely released a database allegedly belonging to the Nuevo León State Finance and Treasury Secretariat, containing 63,000 records with fields including taxpayer names, RFC (Mexican Taxpayer ID), payment method, fiscal folio, and municipal data. The actor claims an additional 4 million company records linked to the Mexican Tax Administration Service (SAT) are also accessible and susceptible to phishing attacks. The data was made available via an…
Date: 2026-06-03T15:18:02Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-SECRETARIA-DE-FINANZAS-Y-TESORERIA-ESTADO-DE-NUEVO-LEON-63-000
Screenshots:
1 screenshot(s) available
Threat Actors: Z3r00
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Secretaría de Finanzas y Tesorería del Estado de Nuevo León
Victim Site: Unknown
Alleged data breach and vulnerability disclosure of commissaire-justice.fr by LunarisSec
Category: Vulnerability
Content: The LunarisSec group claims to have identified three critical vulnerabilities on commissaire-justice.fr, including a BOLA flaw enabling unauthorized access to user account data, unauthenticated convention-signing endpoints exposing sensitive business data (SIRET, addresses, signatories), and an unauthorized data creation flaw allowing injection of fake entities into the official registry. The group is offering the stolen account data and vulnerability details for sale via Telegram contacts. Samp…
Date: 2026-06-03T15:17:08Z
Network: openweb
Published URL: https://breached.su/threads/breach-commissaire-justice-fr-by-lunarissec.87848/unread
Screenshots:
3 screenshot(s) available
Threat Actors: pwn2dd
Victim Country: France
Victim Industry: Government
Victim Organization: Commissaire Justice
Victim Site: commissaire-justice.fr
Sale or distribution of Collapse HVNC RAT malware
Category: Malware
Content: A forum post on CX Forum is distributing a sample of Collapse HVNC RAT, a Remote Access Trojan leveraging Hidden Virtual Network Computing (HVNC) technology to silently operate a hidden desktop session on infected systems. A download link is provided alongside a VirusTotal hash (a8ad80f8f241eb78782f5b799509d8dc3f2cd83a8a09a406a8dc33453b7527de). The post highlights stealth capabilities, persistence techniques, and remote-control functions.
Date: 2026-06-03T15:14:26Z
Network: openweb
Published URL: https://crackingx.com/threads/77825/
Screenshots:
2 screenshot(s) available
Threat Actors: grover1821
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of cracked Lycron Crypter 2026 AV-bypass and payload obfuscation tool
Category: Malware
Content: A cracked version of Lycron Crypter 2026 is being distributed on a cracking forum. The tool offers multi-layer payload obfuscation, signature mutation, and AV-bypass capabilities for Windows executables. It is advertised as capable of generating unique builds to evade static analysis and antivirus detection.
Date: 2026-06-03T15:11:00Z
Network: openweb
Published URL: https://nulledbb.com/thread-Lycron-Crypter-Cracked-Exe-to-convert-JS-Bypass-any-AV
Screenshots:
2 screenshot(s) available
Threat Actors: ZamanX
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Bulgarian beauty retailer beautyexpert.bg
Category: Data Leak
Content: A threat actor has freely shared an alleged database dump from Bulgarian beauty retailer beautyexpert.bg. The leaked data includes customer names, physical addresses, postal codes, and city information. The dataset is hosted on an external file-sharing service and made available without charge.
Date: 2026-06-03T14:54:53Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78831
Screenshots:
1 screenshot(s) available
Threat Actors: wizard
Victim Country: Bulgaria
Victim Industry: Retail
Victim Organization: Beauty Expert
Victim Site: beautyexpert.bg
Alleged sale of mail access, credential configs, and captcha bypass tools by Engineering/DataxLogs
Category: Initial Access
Content: Threat actor operating under handles Engineering and DataxLogs advertising mail access availability with proof/live testing across multiple countries (FR, BE, AU, CA, UK, US, NL, PL, DE, JP). Offering configs, scripts, tools, hits, and combolists. Also advertising Python-based credential checking tools (Silverbullet, Openbullet 2) with APIs for web, Android, iOS, and Windows platforms, plus captcha bypass capabilities (hCaptcha, Cloudflare, Captcha V2/V3, Px, Shape, Akamai).
Date: 2026-06-03T14:42:25Z
Network: telegram
Published URL: https://t.me/c/2613583520/96369
Screenshots:
1 screenshot(s) available
Threat Actors: Engineering
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Unknown Organization at 15.223.240.231:8529 by overthrash1337
Category: Defacement
Content: On June 3, 2026, a threat actor operating under the handle overthrash1337 defaced the homepage of a web service hosted at IP address 15.223.240.231 on port 8529. The IP address geolocates to Canada, though the targeted organization and industry remain unidentified. The incident was a single targeted homepage defacement with no indication of mass defacement activity.
Date: 2026-06-03T14:35:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931067
Screenshots:
1 screenshot(s) available
Threat Actors: overthrash1337
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 15.223.240.231:8529
Alleged data breach of pkp.go.id exposing 2 million Indonesian citizen records
Category: Data Breach
Content: A threat actor is sharing an alleged database dump from pkp.go.id, an Indonesian government domain, containing approximately 2 million records. The dataset includes highly sensitive personal information such as full names, national ID numbers (NIK), family card numbers (NoKK), dates of birth, religion, ethnicity, marital status, email addresses, and social media handles. The data appears to originate from a civic/population registry system spanning multiple Indonesian provinces.
Date: 2026-06-03T14:27:40Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Indonesia-pkp-go-id-2-million-records
Screenshots:
1 screenshot(s) available
Threat Actors: Kim1000P
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: pkp.go.id
Victim Site: pkp.go.id
Alleged data leak of Argentine National Social Works database
Category: Data Leak
Content: A threat actor has freely distributed a file purportedly containing the Argentine National Social Works (Obras Sociales Nacional) database via a public download link. The post includes a VirusTotal hash reference for the archived file. No record count or additional details were provided.
Date: 2026-06-03T14:03:11Z
Network: openweb
Published URL: https://altenens.is/threads/argentine-social-works-database.2948701/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Kagann
Victim Country: Argentina
Victim Industry: Healthcare
Victim Organization: Obras Sociales Nacional Argentina
Victim Site: Unknown
Alleged data leak of India Nationwide Identity Dataset (850M Aadhaar-linked records)
Category: Data Leak
Content: A threat actor is distributing an alleged 109GB dataset containing 850 million Indian identity records described as Aadhaar-linked PII. The dataset purportedly includes full names, fathers names, Aadhaar numbers, addresses, mobile numbers, and email addresses in JSON format. The post requires a reply to access the hidden download link.
Date: 2026-06-03T14:02:44Z
Network: openweb
Published URL: https://altenens.is/threads/109gb-850m-india-nationwide-identity-dataset.2948711/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Kagann
Victim Country: India
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Argentina Electoral Registry (2013) — 11 million records
Category: Data Leak
Content: A threat actor has leaked an alleged dataset from Argentinas Electoral Registry dated 2013, containing approximately 11.3 million records. The data is distributed in CSV format and includes full names, matricula numbers, dates of birth, addresses, and gender. The post requires forum engagement to access the hidden download link.
Date: 2026-06-03T14:02:13Z
Network: openweb
Published URL: https://altenens.is/threads/11m-argentina-personal-data-electoral-registry-2013.2948706/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Kagann
Victim Country: Argentina
Victim Industry: Government
Victim Organization: Argentina Electoral Registry
Victim Site: Unknown
Alleged dox of French individual accused of animal abuse
Category: Data Leak
Content: A forum user posted personally identifiable information (PII) of a named French individual, including full name, date of birth, address, phone numbers, email, and national identification references. The post claims the individual posted animal torture videos on TikTok and explicitly invites other users to take action against them. Data is attributed to sources including CAF, ANTS, and UNSS.
Date: 2026-06-03T13:54:28Z
Network: openweb
Published URL: https://breached.su/threads/bitch-posted-videos-of-himself-torturing-cats-on-tiktok.87846/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Rasinto
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Ars.Sante.fr (French Regional Health Agencies)
Category: Data Leak
Content: A threat actor has freely distributed a database dump allegedly sourced from ars.sante.fr, the French Regional Health Agencies portal. The dataset contains 233,837 records including organization names, legal statuses, addresses, phone/fax numbers, and email addresses of healthcare entities. The post is a repost of a previously shared thread and no specific vulnerability is identified.
Date: 2026-06-03T13:54:17Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-FR-REPOST-Ars-Sante-fr-233-837
Screenshots:
1 screenshot(s) available
Threat Actors: misere
Victim Country: France
Victim Industry: Healthcare
Victim Organization: Agences Régionales de Santé (ARS)
Victim Site: ars.sante.fr
Forum inquiry seeking contact for AiLock ransomware group
Category: Data Breach
Content: A forum user is seeking contact information (Tox/Session) for the AiLock ransomware group, reporting that the groups data leak site (DLS) returns a 404 error when attempting to download leaked databases. No specific victim or dataset is identified in the post.
Date: 2026-06-03T13:53:55Z
Network: openweb
Published URL: https://breached.su/threads/anyone-know-how-to-contact-ailock-group.87847/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Yamanba
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of historic Bitcoin address portfolio with balance data and vulnerability exploitation guidance
Category: Carding
Content: A threat actor is offering for sale a collection of 27,636,519 Bitcoin addresses generated between 2009 and 2014, including balance data and output signatures. The seller claims to provide selective sets filtered by balance and explicitly markets the dataset for exploitation of cryptographic vulnerabilities such as ECDSA nonce reuse, weak RNG, and brain wallet weaknesses to recover private keys from addresses with positive balances.
Date: 2026-06-03T13:25:01Z
Network: openweb
Published URL: https://crackingx.com/threads/77798/
Screenshots:
2 screenshot(s) available
Threat Actors: Junix26
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Sale of phishing infrastructure services including encrypted HTML pages, redirects, and SMTP tools
Category: Phishing
Content: A threat actor is offering phishing-related services including custom encrypted HTML pages and letters, HQ redirects, SMTP services, private email senders, and targeted leads. The offering appears to be a phishing-as-a-service operation targeting unspecified victims. An escrow service is also advertised for transactions.
Date: 2026-06-03T13:17:00Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-Encrypted-HTML-Redirects-More
Screenshots:
1 screenshot(s) available
Threat Actors: 1llusion
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged illegal hacking services offered by CIPHERN
Category: Cyber Attack
Content: User CIPHERN is advertising illegal hacking services including Telegram, mobile phones, websites, iCloud, Snapchat, email accounts, and stolen funds recovery. Contact handle provided: @sureciphern__
Date: 2026-06-03T13:15:38Z
Network: telegram
Published URL: https://t.me/c/2613583520/96313
Screenshots:
1 screenshot(s) available
Threat Actors: CIPHERN
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged personal data leak of French individual linked to animal cruelty claims
Category: Data Leak
Content: A forum user published personally identifiable information of a named French individual, including full name, date of birth, address, phone numbers, email, and national identification number (NIR), allegedly sourced from CAF, ANTS, and UNSS databases. The post frames the release as retaliation for alleged animal cruelty videos. The data appears to constitute a doxxing action targeting a private individual.
Date: 2026-06-03T13:14:47Z
Network: openweb
Published URL: https://breached.su/threads/a-motherfucker.87845/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Heisenberg_Meth
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of stolen identity documents and personal databases
Category: Carding
Content: A threat actor is offering for sale a range of stolen identity documents and personal data, including drivers licenses, passports, SSN/SIN records, selfie scans, consumer databases, phone and email lists, and credential pairs. The seller directs interested buyers to contact via Telegram. No specific victim organization is identified.
Date: 2026-06-03T12:55:22Z
Network: openweb
Published URL: https://xforums.st/threads/drive-license-with-ssn-selfie-passport-available.618508/
Screenshots:
1 screenshot(s) available
Threat Actors: jannat123
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of HeartSender V6 email campaign and phishing infrastructure platform
Category: Phishing
Content: A threat actor is advertising HeartSender V6, an email campaign platform marketed on a cracking forum with features consistent with phishing infrastructure, including SMTP rotation, automatic failover, proxy support, AI-generated email templates, and advanced header management. The tool supports bulk email delivery with dynamic personalization and domain authentication bypass-evasion features. Contact is solicited via Telegram for pricing and details.
Date: 2026-06-03T12:49:11Z
Network: openweb
Published URL: https://crackingx.com/threads/77794/
Screenshots:
2 screenshot(s) available
Threat Actors: stroxshop_tools
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Services Australia (Centrelink)
Category: Data Breach
Content: A threat actor is selling an alleged dataset of 2,100+ Centrelink customers derived from Advice of Death forms. The data reportedly includes full names, dates of birth, Medicare card numbers, Centrelink and child support reference numbers, home addresses, relationship status, indigenous descent indicators, and details of next of kin, funeral directors, and hospitals. The actor is offering the dataset as a one-time sale accepting BTC, ETH, and XMR.
Date: 2026-06-03T12:44:29Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-Centrelink-Services-Australia-2-1K-Customers
Screenshots:
1 screenshot(s) available
Threat Actors: 2019
Victim Country: Australia
Victim Industry: Government
Victim Organization: Services Australia (Centrelink)
Victim Site: servicesaustralia.gov.au
Alleged data leak of Life360
Category: Data Leak
Content: A threat actor leaked an alleged database dump attributed to Life360, a location-sharing platform. The dataset contains email addresses, phone numbers, names, OTP lock status, and transaction IDs in CSV format. The data was made available via an external file-sharing link.
Date: 2026-06-03T12:39:24Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78800
Screenshots:
1 screenshot(s) available
Threat Actors: Liquid
Victim Country: United States
Victim Industry: Technology
Victim Organization: Life360
Victim Site: life360.com
Alleged Compromised Credentials with Suspicious URL
Category: Initial Access
Content: A single credential pair (usn:ytmaulxploit, pw:ytmaulxploit) was posted alongside a URL pointing to amsteeltrading.com. This appears to be either a compromised account, test credentials, or potential initial access offering. The forwarded message format and credential presentation suggests distribution of access or credentials.
Date: 2026-06-03T12:22:01Z
Network: telegram
Published URL: https://t.me/Maulnism1337/1859
Screenshots:
2 screenshot(s) available
Threat Actors: 💸
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: AmSteel Trading
Victim Site: amsteeltrading.com
Sale of alleged fake France identity documents
Category: Carding
Content: A threat actor is offering alleged fake French identity documents on a fraud forum. The content is hidden behind a reply gate, limiting visibility into the specific document types or volume offered. This activity is consistent with identity fraud services targeting European identity credentials.
Date: 2026-06-03T12:16:48Z
Network: openweb
Published URL: https://altenens.is/threads/france-identity-europe.2948566/unread
Screenshots:
1 screenshot(s) available
Threat Actors: –•™DAXEN16™•–
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged Germany passport forgery document
Category: Carding
Content: A forum user is offering what appears to be a Germany passport forgery or fraudulent identity document. The content is hidden behind a reply gate, limiting visibility into specific details. This type of offering is commonly associated with identity fraud and payment fraud schemes.
Date: 2026-06-03T12:16:21Z
Network: openweb
Published URL: https://altenens.is/threads/germany-passport.2948568/unread
Screenshots:
1 screenshot(s) available
Threat Actors: –•™DAXEN16™•–
Victim Country: Germany
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Sale of fraudulent French passport and selfie documents
Category: Carding
Content: A forum user is offering what appears to be a fraudulent French passport along with a selfie, likely for identity fraud or KYC bypass purposes. The content is hidden behind a reply-gate. No further details are available regarding pricing or specific use case.
Date: 2026-06-03T12:15:52Z
Network: openweb
Published URL: https://altenens.is/threads/france-passport-selfi.2948569/unread
Screenshots:
1 screenshot(s) available
Threat Actors: –•™DAXEN16™•–
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of fake French identification documents
Category: Carding
Content: A forum user is offering fake French identification documents behind a reply-gate on a fraud-focused forum. The post is categorized under Fake ID & Passport and likely contains templates or counterfeit document resources. No additional details are visible without interaction.
Date: 2026-06-03T12:15:26Z
Network: openweb
Published URL: https://altenens.is/threads/id-france.2948570/unread
Screenshots:
1 screenshot(s) available
Threat Actors: –•™DAXEN16™•–
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of US Drivers License and Selfie Data
Category: Carding
Content: A forum member is distributing US drivers license images along with selfie photographs, likely intended for identity fraud or KYC bypass purposes. The content is hidden behind a reply gate, obscuring the full scope of the data. The post appears on a forum section dedicated to fake identification documents.
Date: 2026-06-03T12:14:48Z
Network: openweb
Published URL: https://altenens.is/threads/dl-usa-selfi.2948571/unread
Screenshots:
1 screenshot(s) available
Threat Actors: –•™DAXEN16™•–
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of French ID documents with selfies
Category: Carding
Content: A forum user is sharing French national ID documents accompanied by selfie photographs, gated behind a reply requirement. The post is listed under a Fake ID and Passport forum section, suggesting the content may be used for identity fraud or account verification bypass.
Date: 2026-06-03T12:14:23Z
Network: openweb
Published URL: https://altenens.is/threads/france-id-selfi.2948572/unread
Screenshots:
1 screenshot(s) available
Threat Actors: –•™DAXEN16™•–
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Florida Drivers License and Selfie
Category: Carding
Content: A forum user is offering hidden content purportedly containing a Florida drivers license and a selfie photo, likely for use in identity fraud or account verification bypass. The content is gated behind a reply requirement on a forum specializing in fake identification documents.
Date: 2026-06-03T12:13:50Z
Network: openweb
Published URL: https://altenens.is/threads/florida-dl-selfi.2948574/unread
Screenshots:
1 screenshot(s) available
Threat Actors: –•™DAXEN16™•–
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged Israel drivers license and selfie identity documents
Category: Carding
Content: A forum user is offering what appears to be an Israeli drivers license paired with a selfie photograph, consistent with identity document fraud used for payment fraud or account verification bypass. The content is gated behind a reply requirement. No additional details about the source or quantity are provided.
Date: 2026-06-03T12:13:24Z
Network: openweb
Published URL: https://altenens.is/threads/isreal-dl-selfi.2948575/unread
Screenshots:
1 screenshot(s) available
Threat Actors: –•™DAXEN16™•–
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of global phone number database with personal and financial data — 15.2M records
Category: Data Breach
Content: A threat actor is offering for sale a database of over 15.2 million records containing phone numbers, full names, bank affiliations, and addresses. Coverage spans the USA, multiple European and Asian countries, and CIS nations, with the data purportedly fresh as of June 2026. Pricing is negotiable via direct message, with delivery through Telegram or a download link.
Date: 2026-06-03T12:13:04Z
Network: openweb
Published URL: https://demonforums.net/Thread-Phone-number-database-%E2%80%94-15-2M-entries-name-bank-address-phone-CSV-TXT
Screenshots:
1 screenshot(s) available
Threat Actors: WrokGuy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Free sharing of alleged Chinese ID and selfie documents
Category: Carding
Content: A forum user is offering alleged Chinese national ID documents paired with selfie photos, accessible after replying to the thread. The post is hosted on a forum associated with fake identity and document fraud. This type of content is typically used for identity verification bypass or account fraud.
Date: 2026-06-03T12:12:58Z
Network: openweb
Published URL: https://altenens.is/threads/china-id-selfi.2948576/unread
Screenshots:
1 screenshot(s) available
Threat Actors: –•™DAXEN16™•–
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged Germany ID and selfie documents
Category: Carding
Content: A forum user is offering alleged German ID documents along with selfie photos, gated behind a reply requirement. This type of content is commonly used for identity fraud and payment fraud schemes.
Date: 2026-06-03T12:12:30Z
Network: openweb
Published URL: https://altenens.is/threads/germany-id-selfi.2948578/unread
Screenshots:
1 screenshot(s) available
Threat Actors: –•™DAXEN16™•–
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Australian drivers licenses and selfie photos
Category: Carding
Content: A forum user is sharing Australian drivers licenses and accompanying selfie photographs, gated behind a reply requirement. The content appears intended for identity fraud or fake ID purposes.
Date: 2026-06-03T12:12:02Z
Network: openweb
Published URL: https://altenens.is/threads/dl-austrlia-selfi.2948579/unread
Screenshots:
1 screenshot(s) available
Threat Actors: –•™DAXEN16™•–
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged fake Texas drivers license with selfie
Category: Carding
Content: A forum user is offering what appears to be a fake Texas drivers license accompanied by a selfie photo, shared behind a reply gate on a fake ID and passport forum. This type of document fraud is commonly used to bypass identity verification systems for payment fraud or account creation.
Date: 2026-06-03T12:11:34Z
Network: openweb
Published URL: https://altenens.is/threads/texas-dl-selfi.2948580/unread
Screenshots:
1 screenshot(s) available
Threat Actors: –•™DAXEN16™•–
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Haliikai Paradise by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website haliikaiparadise.com was defaced by a threat actor identified as chinafans, operating under the group 0xteam. The defacement was a targeted single-site incident, with the defaced content accessible via a text file path on the domain. No specific motivation or exploitation method was disclosed.
Date: 2026-06-03T12:08:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931063
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Hospitality / Tourism
Victim Organization: Haliikai Paradise
Victim Site: haliikaiparadise.com
Sale of Lich Stealer malware with updated anti-analysis features
Category: Malware
Content: A threat actor is advertising an update to Lich Stealer, an information stealer malware. The update includes improvements to the clipper module, anti-debugger detection, and virtual machine detection evasion. The post directs interested parties to a Telegram group for further details.
Date: 2026-06-03T12:07:23Z
Network: openweb
Published URL: https://breached.su/threads/lich-stealer-alien-monster-update.87843/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Lich010203040506070809
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Acumen Engenharia by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the Brazilian engineering firm Acumen Engenharia had its website defaced by a threat actor identified as chinafans, operating under the group 0xteam. The defacement targeted a specific file path (0x.txt) rather than the site homepage, indicating a targeted file-level compromise. No specific motive or server details were disclosed in the available intelligence.
Date: 2026-06-03T12:06:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931059
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Brazil
Victim Industry: Engineering / Construction
Victim Organization: Acumen Engenharia
Victim Site: acumenengenharia.com.br
Website Defacement of Costello Law by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the threat actor chinafans, operating under the group 0xteam, defaced a page on costellolaw.com, a legal services website. The defacement targeted a specific file path (0x.txt) rather than the homepage, indicating a targeted file-level intrusion. No specific motivation or server details were disclosed in connection with this incident.
Date: 2026-06-03T12:05:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931061
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Legal Services
Victim Organization: Costello Law
Victim Site: costellolaw.com
Website Defacement of Pawlica Janitorial by chinafans (0xteam)
Category: Defacement
Content: The website pawlicajanitorial.com, belonging to Pawlica Janitorial, a cleaning and janitorial services company, was defaced by threat actor chinafans operating under the group 0xteam on June 3, 2026. The attacker placed a defacement file at the path /0x.txt on the target server. This was a targeted, non-mass defacement incident with no specific motive publicly disclosed.
Date: 2026-06-03T12:04:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931046
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Cleaning & Janitorial Services
Victim Organization: Pawlica Janitorial
Victim Site: pawlicajanitorial.com
Website Defacement of inrate.mx by chinafans (0xteam)
Category: Defacement
Content: The website inrate.mx was defaced by threat actor chinafans operating under the group 0xteam on June 3, 2026. The defacement targeted a specific file path (0x.txt) rather than the homepage, indicating a targeted file-level intrusion. No specific motive or server details were disclosed in connection with this incident.
Date: 2026-06-03T12:03:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931065
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Mexico
Victim Industry: Unknown
Victim Organization: Inrate
Victim Site: inrate.mx
Website Defacement of win88lose.com by chinafans of 0xTeam
Category: Defacement
Content: The website win88lose.com was defaced by a threat actor known as chinafans, operating under the group 0xTeam, on June 3, 2026. A defacement file (0x.txt) was planted on the target domain, indicating unauthorized access to the web server. The incident was a targeted, single-site defacement with no indication of mass or repeated defacement activity.
Date: 2026-06-03T12:02:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931057
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Gambling / Online Gaming
Victim Organization: Win88Lose
Victim Site: win88lose.com
Website Defacement of SRGlobalCorp by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website srglobalcorp.com was defaced by threat actor chinafans operating under the group 0xteam. The defacement was a targeted single-site attack, leaving a text file (0x.txt) as evidence of the intrusion. No specific motive or reason was provided for the attack.
Date: 2026-06-03T12:01:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931043
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Corporate/Business Services
Victim Organization: SR Global Corp
Victim Site: srglobalcorp.com
Website defacement of Labuhan Burung Smile by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website labuhanburungsmile.com was defaced by threat actor chinafans, operating under the group 0xteam. The defacement targeted a single page and was not part of a mass or repeat defacement campaign. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-06-03T12:00:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931053
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Labuhan Burung Smile
Victim Site: labuhanburungsmile.com
Website Defacement of Zierfisch-Shop by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the attacker known as chinafans, operating under the group 0xteam, defaced the Austrian ornamental fish retail website zierfisch-shop.at by uploading a defacement file (0x.txt). The incident was a targeted, non-mass defacement with no prior redefacement history recorded. No specific motivation or server details were disclosed.
Date: 2026-06-03T11:59:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931056
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Austria
Victim Industry: Retail / E-Commerce (Pet Supplies)
Victim Organization: Zierfisch-Shop
Victim Site: zierfisch-shop.at
Website Defacement of 4-be.com by chinafans (0xteam)
Category: Defacement
Content: The website 4-be.com was defaced by threat actor chinafans, operating under the group 0xteam, on June 3, 2026. The defacement was a targeted single-site compromise, with the attacker leaving a marker at the path /0x.txt. No specific motive, vulnerability, or organizational details were disclosed in connection with this incident.
Date: 2026-06-03T11:42:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931022
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 4-be.com
Website Defacement of gfreechurros.au by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website gfreechurros.au was defaced by threat actor chinafans operating under the group 0xteam. The defacement was a targeted single-site attack, with a mirror of the defaced page archived at zone-xsec.com. No specific motivation or technical exploitation details were disclosed.
Date: 2026-06-03T11:40:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931029
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Australia
Victim Industry: Food and Beverage
Victim Organization: GFree Churros
Victim Site: gfreechurros.au
Website Defacement of Sukhee Pharma by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans, operating under the group 0xteam, defaced a page on sukheepharma.com on June 3, 2026. The defacement targeted a pharmaceutical organization and was a targeted single-site incident rather than a mass or home page defacement. A mirror of the defaced content was archived at zone-xsec.com.
Date: 2026-06-03T11:40:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931023
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Pharmaceuticals
Victim Organization: Sukhee Pharma
Victim Site: sukheepharma.com
Website Defacement of Utrac Delivery by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website utracdelivery.com by uploading a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no mass or repeat defacement indicators. No specific motivation or exploit method was disclosed.
Date: 2026-06-03T11:39:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931028
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Logistics and Delivery
Victim Organization: Utrac Delivery
Victim Site: utracdelivery.com
Website Defacement of Morrison Fuels by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website morrisonfuels.com was defaced by threat actor chinafans operating under the group 0xteam. The attacker placed a defacement file at morrisonfuels.com/0x.txt. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity.
Date: 2026-06-03T11:38:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931025
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Energy / Fuel Supply
Victim Organization: Morrison Fuels
Victim Site: morrisonfuels.com
Website defacement of Framework101 by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website framework101.com was defaced by threat actor chinafans, operating under the group 0xteam. The defacement targeted a specific file path (0x.txt) and was neither a mass nor a home page defacement. No specific motivation or technical details regarding the server infrastructure were disclosed.
Date: 2026-06-03T11:37:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931030
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Framework101
Victim Site: framework101.com
Website Defacement of 888to4l.com by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor known as chinafans, affiliated with the hacking group 0xteam, defaced the website 888to4l.com by placing a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no additional technical details such as server software or exploitation method disclosed. A mirror of the defacement was archived at zone-xsec.com.
Date: 2026-06-03T11:35:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931018
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 888to4l.com
Alleged data leak of unknown organization employee directory
Category: Data Leak
Content: A threat actor is freely distributing a CSV file allegedly containing an employee directory database. The compromised data includes names, email addresses, roles, departments, phone numbers, and extensions. No specific source organization or record count was provided.
Date: 2026-06-03T11:34:50Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-Random-Employee-Directory-DB
Screenshots:
1 screenshot(s) available
Threat Actors: domainbreachkaduu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of exposed email addresses shared for free
Category: Data Leak
Content: A forum user is freely distributing a database file described as containing exposed email addresses. The post claims the data is useful for leads but provides no details on the source organization or record count. The dataset was shared via an external file hosting link.
Date: 2026-06-03T11:34:18Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-FREEBIES-Exposed-Email-address-Good-for-Leads
Screenshots:
1 screenshot(s) available
Threat Actors: domainbreachkaduu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
SSRF vulnerability research in Next.js applications including CVE-2025-57822 and CVE-2024-34351
Category: Vulnerability
Content: A forum post authored by blackbird-eu documents multiple SSRF attack vectors in Next.js applications, including the Image component endpoint, Middleware (CVE-2025-57822), and Server Actions (CVE-2024-34351). The article details how misconfigured wildcard remotePatterns and other components can be abused to trigger outbound HTTP requests to arbitrary hosts. No specific victim organization is identified; the post appears to be an educational or offensive research article targeting the Next.js ecos…
Date: 2026-06-03T11:18:23Z
Network: openweb
Published URL: https://tier1.life/thread/278
Screenshots:
6 screenshot(s) available
Threat Actors: RedQueen
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Probe into cyber incident ongoing, City of Thorold official says
Category: Cyber Attack
Content: The City of Thorold is currently investigating a cybersecurity incident that occurred on Monday. The incident affected certain systems on the municipal network, and the city is currently assessing its nature and scope. Municipal authorities are also examining whether any personal or confidential information has been compromised.
Date: 2026-06-03T10:43:12Z
Network: openweb
Published URL: https://www.pelhamtoday.ca/local-news/probe-into-cyber-incident-ongoing-city-of-thorold-official-says-12364097
Screenshots:
None
Threat Actors:
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Ville de Thorold
Victim Site: thorold.ca
Alleged defacement of rocktape.ua by NoName057(16)
Category: Defacement
Content: NoName057(16) claims to have defaced Ukrainian website rocktape.ua (duct tape supplier). The group claims to have taken control of the website and left a business card (defacement marker). The attack is framed as retaliation against Ukrainian suppliers supporting what the group characterizes as a Nazi regime. The group threatens continued attacks against Ukrainian websites and businesses.
Date: 2026-06-03T10:32:37Z
Network: telegram
Published URL: https://t.me/c/3087552512/2123
Screenshots:
3 screenshot(s) available
Threat Actors: NoName057(16)
Victim Country: Ukraine
Victim Industry: E-commerce/Retail (duct tape supplier)
Victim Organization: rocktape.ua
Victim Site: rocktape.ua
Alleged data leak of itasa.is
Category: Data Leak
Content: A threat actor has freely shared an alleged database dump from itasa.is containing approximately 76,000 records in CSV format. The dataset includes personal identifiable information such as full names, email addresses, phone numbers, and CRM activity fields consistent with a Pipedrive export. The data is dated March 2026.
Date: 2026-06-03T10:01:42Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-itasa-is-leak
Screenshots:
1 screenshot(s) available
Threat Actors: Tanaka2
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: itasa.is
Victim Site: itasa.is
Alleged data breach of abovedeis.shop
Category: Data Breach
Content: A threat actor claims to have hacked abovedeis.shop and is sharing the full SQL database dump. The content is hidden behind a registration/login wall on the forum.
Date: 2026-06-03T09:13:41Z
Network: openweb
Published URL: https://patched.to/Thread-abovedeis-shop-all-db-sql
Screenshots:
1 screenshot(s) available
Threat Actors: Alpraz
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: abovedeis.shop
Victim Site: abovedeis.shop
Alleged data leak of locatefamily.com — Reunion Island entries
Category: Data Leak
Content: A threat actor has freely shared a dataset of 2,294 entries scraped from locatefamily.com, a people-search directory, specifically covering Reunion Island registrants. The data includes full names, phone numbers, and postal addresses in CSV format, reportedly collected in 2022.
Date: 2026-06-03T09:00:16Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DB-Reunion-Island-France-locatefamily-com-2-294-entries-2022
Screenshots:
1 screenshot(s) available
Threat Actors: Whisix
Victim Country: France
Victim Industry: Technology
Victim Organization: locatefamily.com
Victim Site: locatefamily.com
Alleged data leak of HEC Pakistan citizen records
Category: Data Leak
Content: A threat actor claims to have breached HEC Pakistan, alleging access to over 1.5 million citizen PII records. In response to HEC officials denying the breach, the actor is freely distributing a sample of 150,000 records containing names, CNICs, father names, emails, mobile numbers, dates of birth, religion, blood group, and postal addresses. The full dataset of 1.5 million records is also being offered for sale at $1,000.
Date: 2026-06-03T08:59:39Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Pakistan-Citizen-Leak-150k-Final-Warning-to-Pakistan-Government
Screenshots:
2 screenshot(s) available
Threat Actors: Flipperone
Victim Country: Pakistan
Victim Industry: Government
Victim Organization: Higher Education Commission Pakistan
Victim Site: hec.gov.pk
Alleged data leak of JioPayments Bank
Category: Data Leak
Content: A threat actor claims to have leaked a database associated with JioPayments Bank, an Indian financial institution. The post title indicates over 6,000 records are included in the alleged leak. No further details are available from the post content.
Date: 2026-06-03T08:59:11Z
Network: openweb
Published URL: https://breached.su/threads/leaked-6000-database-indian-jiopayments-bank.87842/unread
Screenshots:
1 screenshot(s) available
Threat Actors: NeuraSec
Victim Country: India
Victim Industry: Finance
Victim Organization: JioPayments Bank
Victim Site: Unknown
Alleged sale of RDP access and compromised credentials for cloud infrastructure
Category: Initial Access
Content: Threat actor PORTAL is advertising rental of RDP access to Azure, AWS, and Digital Ocean infrastructure at $200 daily/monthly rates. Also offering domain email accounts, Gmail, Yahoo accounts, GitHub Student accounts, and subscription services (ChatGPT Plus, Claude, ElevenLabs Creator Plan). Prices range from ₹200-₹5000. Service includes escrow protection.
Date: 2026-06-03T08:43:54Z
Network: telegram
Published URL: https://t.me/c/2613583520/96236
Screenshots:
1 screenshot(s) available
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Attack on US Telecommunications Infrastructure with Privilege Escalation and 0-Day Exploits
Category: Cyber Attack
Content: Post claims video documentation of an attack against US telecommunications infrastructure involving privilege escalation from Monitor to Control level access. Attack allegedly utilized a chain of at least 3 vulnerabilities and 2 zero-day exploits, resulting in complete disruption of the infrastructure and defacement.
Date: 2026-06-03T08:39:39Z
Network: telegram
Published URL: https://t.me/c/3575098403/221
Screenshots:
1 screenshot(s) available
Threat Actors: APT IRAN
Victim Country: United States
Victim Industry: Telecommunications
Victim Organization: US Telecommunications Infrastructure
Victim Site: Unknown
Alleged data breach of HEC Pakistan with partial free leak of 150K records
Category: Data Leak
Content: A threat actor claims to have breached HEC Pakistan, alleging a database of over 1.5 million PII records belonging to Pakistani citizens. In response to HEC officials publicly denying the breach, the actor is freely distributing 150,000 records containing names, CNICs, father names, emails, mobile numbers, dates of birth, religion, blood group, and postal addresses. The full dataset of 1.5 million records is also being offered for sale at $1,000.
Date: 2026-06-03T08:24:39Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-150-K-Leak-Final-Warning-to-Pakistan-Government
Screenshots:
2 screenshot(s) available
Threat Actors: Flipperone
Victim Country: Pakistan
Victim Industry: Government
Victim Organization: Higher Education Commission Pakistan
Victim Site: hec.gov.pk
Alleged data breach of Firstclass Australia
Category: Data Breach
Content: A threat actor is offering a database allegedly obtained from Firstclass Australia, a luxury travel agency. The dataset includes over 53,300 customer records containing names, email addresses, phone numbers, IP addresses, country information, GDPR consent status, and account activity details. Sample records and a download link have been shared on the forum.
Date: 2026-06-03T07:50:35Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-DATABASE-Firstclass-Australia-53-3K-Customers
Screenshots:
1 screenshot(s) available
Threat Actors: 2019
Victim Country: Australia
Victim Industry: Travel and Tourism
Victim Organization: Firstclass Australia
Victim Site: firstclass.com.au
Alleged data leak of North and West Sumatra database
Category: Data Leak
Content: A threat actor on Breached is freely distributing a database allegedly sourced from North and West Sumatra, Indonesia. No specific organization, record count, or data fields are disclosed in the post. The actor credits several other forum members for the release.
Date: 2026-06-03T07:50:06Z
Network: openweb
Published URL: https://breached.su/threads/free-sumatra-database.87840/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Mrsawit
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Glovo (glovoapp.com) exposing 430,000 Romanian user records
Category: Data Breach
Content: A threat actor is offering for sale an alleged database containing 430,000 records attributed to Glovo (glovoapp.com) Romanian users. The dataset reportedly includes UserID, username, email, phone number, date of birth, and date registered in CSV format. A sample was posted to Pastebin and purchase is facilitated via Telegram.
Date: 2026-06-03T07:22:07Z
Network: openweb
Published URL: https://breached.su/threads/430k-romanian-data-glovoapp-com-username-email-phone-date-of-birth.87839/unread
Screenshots:
1 screenshot(s) available
Threat Actors: realdb4U
Victim Country: Romania
Victim Industry: Retail
Victim Organization: Glovo
Victim Site: glovoapp.com
Sale of gift card generator tool targeting multiple platforms
Category: Carding
Content: A threat actor is distributing a gift card generator tool attributed to Ilyxanda targeting multiple platforms including Amazon, Netflix, Steam, PayPal, Xbox, and others. The tool is shared via multiple download links with a password. This type of tool is commonly associated with payment fraud and carding activity.
Date: 2026-06-03T07:03:39Z
Network: openweb
Published URL: https://crackingx.com/threads/77772/
Screenshots:
1 screenshot(s) available
Threat Actors: Zxhuwu
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged phishing campaign targeting Israeli food company impersonation via WhatsApp
Category: Phishing
Content: A phishing campaign has been reported where threat actors are distributing fake links via WhatsApp while impersonating a major food industry company operating in Israeli territory. The campaign aims to collect personal information and facilitate wider distribution through WhatsApp.
Date: 2026-06-03T06:32:58Z
Network: telegram
Published URL: https://t.me/c/1283513914/22045
Screenshots:
2 screenshot(s) available
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Israel
Victim Industry: Food & Beverage
Victim Organization: Israeli food industry company (unnamed)
Victim Site: Unknown
Alleged Data Leak of DUKCAPIL (Indonesian Civil Registry)
Category: Data Leak
Content: A threat actor operating under the alias RanzXZ claims to be freely distributing a dataset allegedly sourced from DUKCAPIL, Indonesias Directorate General of Civil Registration. The leaked data includes full names, national identity numbers (NIK), occupation, age, gender, province, address, email, and blood type. The sample data suggests Indonesian citizens across multiple provinces are affected.
Date: 2026-06-03T06:18:43Z
Network: openweb
Published URL: https://breached.su/threads/data-leak-dukcapil.87838/unread
Screenshots:
6 screenshot(s) available
Threat Actors: RanzXZ
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: DUKCAPIL (Direktorat Jenderal Kependudukan dan Pencatatan Sipil)
Victim Site: dukcapil.kemendagri.go.id
Alleged data leak of SourceScrub company intelligence database via exposed Azure Blob Storage
Category: Data Leak
Content: A threat actor claims to have accessed and leaked files from an unprotected Azure Blob Storage bucket (prodscrubstorage.blob.core.windows.net) belonging to SourceScrub, a company intelligence platform. The leaked files reportedly contain structured company profile data including business details, revenue figures, executive contacts, LinkedIn profiles, and location information for tens of thousands of companies. The actor states the bucket remains publicly accessible and continues to grow, direct…
Date: 2026-06-03T05:51:48Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-newer-data-helps-you-find-companies-to-what-ever
Screenshots:
1 screenshot(s) available
Threat Actors: OriginalCrazyOldFart
Victim Country: United States
Victim Industry: Technology
Victim Organization: SourceScrub
Victim Site: sourcescrub.com
Alleged data breach of Prosper Marketplace with 890,000+ US financial records
Category: Data Breach
Content: A threat actor claims to be selling a full database allegedly extracted from Prosper Marketplace, a US peer-to-peer lending platform, between May 18–20, 2026. The purported dataset contains 890,472 user records including full KYC documentation, SSNs, credit card PANs with CVVs, bank account details, credit scores, and loan history. The actor markets the data for carding, identity fraud, and loan fraud operations.
Date: 2026-06-03T05:51:38Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78773
Screenshots:
2 screenshot(s) available
Threat Actors: Lordracks
Victim Country: United States
Victim Industry: Finance
Victim Organization: Prosper Marketplace
Victim Site: prosper.com
Alleged Data Leak of Sidengreng Rappang Government
Category: Data Leak
Content: A threat actor known as RanzXZ claims to be freely sharing a database dump from the Sidengreng Rappang regional government of Indonesia. The leaked data includes permit and registration records containing personal identifiers such as full names, addresses, recommendation numbers, and processing dates. The data appears to originate from a government permitting system.
Date: 2026-06-03T05:50:36Z
Network: openweb
Published URL: https://breached.su/threads/data-leak-sidengreng-rappang-government.87837/unread
Screenshots:
6 screenshot(s) available
Threat Actors: RanzXZ
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Sidengreng Rappang Government
Victim Site: Unknown
Alleged malware distribution through compromised CodexUI developer tool
Category: Malware
Content: A popular developer tool named CodexUI used by thousands for AI tool integration was found to contain malicious code that stole user credentials. The malware was present only in the released binary version and not in the public source code, allowing many users to unknowingly install the compromised version. The malicious code exfiltrated login credentials to attacker-controlled servers.
Date: 2026-06-03T05:45:42Z
Network: telegram
Published URL: https://t.me/c/1283513914/22044
Screenshots:
2 screenshot(s) available
Threat Actors: خبرگزاری سایبربان| Cyberban News
Victim Country: Unknown
Victim Industry: Software development
Victim Organization: CodexUI users
Victim Site: Unknown
Sale of alleged Instagram and multi-site database dumps
Category: Data Breach
Content: A threat actor on CX forum is advertising the sale of what they claim to be a full 2025 Instagram database along with premium databases from various unnamed websites. The post directs interested buyers to a Telegram channel. No record counts or sample data were provided in the post.
Date: 2026-06-03T04:42:18Z
Network: openweb
Published URL: https://crackingx.com/threads/77760/
Screenshots:
1 screenshot(s) available
Threat Actors: Gh0s7
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Instagram
Victim Site: instagram.com
Alleged Data Leak of Taiwan Psychological Warfare Team Internal Database
Category: Data Leak
Content: A threat actor claims to have leaked an internal database purportedly belonging to Taiwans Psychological Warfare Team, asserting it is verified and complete. The post alleges the organization is under surveillance by China, the United States, and Japan. No post content was available to confirm the nature or volume of the data.
Date: 2026-06-03T04:09:20Z
Network: openweb
Published URL: https://xforums.st/threads/exclusiveverified-and-complete-internal-database-of-the-taiwan-psychological-warfare-team-under-comprehensive-surveillance-by-china-the-us-japan.618499/
Screenshots:
None
Threat Actors: yamadat0m99
Victim Country: Taiwan
Victim Industry: Government
Victim Organization: Taiwan Psychological Warfare Team
Victim Site: Unknown
Alleged data breach of Arenateam
Category: Data Breach
Content: A threat actor claims to have had full access to the Arenateam panel, extracting all source code and SQL database files. The actor has made the data publicly available via an anonymous file-sharing link and provided a screenshot as proof of access.
Date: 2026-06-03T03:58:37Z
Network: openweb
Published URL: https://breached.su/threads/arenateam-ir.87836/unread
Screenshots:
1 screenshot(s) available
Threat Actors: nearlevrai
Victim Country: Iran
Victim Industry: Unknown
Victim Organization: Arenateam
Victim Site: arenateam.ir
Sale of initial access to Malaysian municipal government via OpenVPN with Domain Admin privileges
Category: Initial Access
Content: A threat actor is selling OpenVPN (OpenVPN) access to an unnamed Malaysian municipal government entity with Domain Admin privileges. The target network consists of approximately 50 hosts and is protected by Cylance AV/EDR. The access is listed at $978 and is available via direct message or through a darknet marketplace.
Date: 2026-06-03T03:38:25Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78666
Screenshots:
1 screenshot(s) available
Threat Actors: Toton
Victim Country: Malaysia
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Fokko Juweliers
Category: Data Breach
Content: A threat actor is selling a 1.5GB SQL and CSV database allegedly extracted from Fokko Juweliers, a Dutch online jewelry retailer. The sample data includes customer records with full names, email addresses, hashed passwords, IP addresses, and newsletter subscription details from the PrestaShop ps_customer table. The seller is advertising via Telegram under the handle @Darkmafiaxx.
Date: 2026-06-03T03:37:26Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Online-Gold-And-Jewelry-Store-Database-%E2%80%93-Fokkojuweliers-nl-Netherlands–78544
Screenshots:
1 screenshot(s) available
Threat Actors: DarkMafiaX
Victim Country: Netherlands
Victim Industry: Retail
Victim Organization: Fokko Juweliers
Victim Site: fokkojuweliers.nl
Alleged data breach of mydukaan.io exposing 100 million user records
Category: Data Breach
Content: A threat actor claims to be selling a full database dump from mydukaan.io, an Indian e-commerce platform, allegedly containing 100 million user records across multiple tables including user accounts, buyer addresses, transaction history, order costs, and encrypted payment API keys. Sample data includes phone numbers, email addresses, full names, and physical addresses consistent with Indian users. The dataset also reportedly includes purchase history and seller records.
Date: 2026-06-03T03:36:42Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78575
Screenshots:
1 screenshot(s) available
Threat Actors: stalker8083
Victim Country: India
Victim Industry: Retail
Victim Organization: Dukaan
Victim Site: mydukaan.io
Alleged data breach of Russian Ministry of Internal Affairs (MVD) passport database
Category: Data Breach
Content: A threat actor is selling an alleged database dump attributed to the Russian Ministry of Internal Affairs (MVD), covering passport and migration records from 2004 to 2023. The dataset, totaling approximately 636 GB across three tables, purportedly contains full names, passport numbers, SNILS insurance IDs, registration addresses, photos, and passport scans for an estimated 159 million citizens. The seller offers the data in SQL or CSV format and accepts escrow.
Date: 2026-06-03T03:36:03Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78614
Screenshots:
1 screenshot(s) available
Threat Actors: loptrgod
Victim Country: Russia
Victim Industry: Government
Victim Organization: Russian Ministry of Internal Affairs (MVD)
Victim Site: mvd.ru
Alleged data breach of Stripchat
Category: Data Breach
Content: A threat actor is selling an alleged database from stripchat.com containing records for approximately 62.3 million users and 408,763 models. The dataset is claimed to include full profile data and login emails. The seller is offering the data for $799 via Telegram.
Date: 2026-06-03T03:35:22Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78630
Screenshots:
1 screenshot(s) available
Threat Actors: Euphoric_Reply_5727
Victim Country: Unknown
Victim Industry: Entertainment
Victim Organization: Stripchat
Victim Site: stripchat.com
Alleged data breach of Bumble dating app
Category: Data Breach
Content: A threat actor is selling an alleged database dump from Bumble containing over 32 million user records. The dataset purportedly includes email addresses, bcrypt-hashed passwords, phone numbers, and detailed profile data such as name, date of birth, location, employment, education, political and religious preferences, and linked social accounts. The seller is offering the clean JSON dump for $999 via Telegram.
Date: 2026-06-03T03:34:40Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Bumble-dating-app-32-million-users-DB–78631
Screenshots:
1 screenshot(s) available
Threat Actors: Euphoric_Reply_5727
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Bumble
Victim Site: bumble.com
Alleged data breach of justeet.co.uk
Category: Data Breach
Content: A threat actor is selling an alleged database from justeet.co.uk, a food delivery platform based in Wales, UK. The dataset reportedly contains approximately 398,000 records with fields including user IDs, names, email addresses, phone numbers, date of birth, loyalty IDs, and account metadata. A data sample was shared via Pastebin as proof, with contact details provided for purchase inquiries.
Date: 2026-06-03T03:33:43Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78541
Screenshots:
1 screenshot(s) available
Threat Actors: Databroker1
Victim Country: United Kingdom
Victim Industry: Food Delivery
Victim Organization: Justeet
Victim Site: justeet.co.uk
Alleged data breach of German Volksbank
Category: Data Breach
Content: A threat actor is offering an alleged dataset attributed to German Volksbank for sale at $150. The listing claims 2.1 million lines of data, with samples and proof available via direct message. No further details on specific data fields were disclosed in the post.
Date: 2026-06-03T03:32:27Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78578
Screenshots:
1 screenshot(s) available
Threat Actors: Frenshyny
Victim Country: Germany
Victim Industry: Finance
Victim Organization: Volksbank
Victim Site: volksbank.de
Alleged data breach of undisclosed Japanese organization with 23 million records
Category: Data Breach
Content: A threat actor is selling an alleged database of Japanese citizens containing approximately 23 million lines. The full database is available for purchase, with half offered at $150. Samples and proof are available via direct message.
Date: 2026-06-03T03:31:49Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78579
Screenshots:
1 screenshot(s) available
Threat Actors: Frenshyny
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Ledger with 292,000 records offered for sale
Category: Data Breach
Content: A threat actor is offering for sale an alleged dataset attributed to Ledger, priced at $300 per 50,000 lines. The dataset reportedly contains 292,000 records with fields including email, full name, physical address, phone number, gender, date of birth, and identifiers. Sample records provided appear to contain US-based individuals.
Date: 2026-06-03T03:31:14Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78583
Screenshots:
1 screenshot(s) available
Threat Actors: Frenshyny
Victim Country: United States
Victim Industry: Finance
Victim Organization: Ledger
Victim Site: ledger.com
Sale of PII belonging to Indonesian National Police (POLRI) personnel
Category: Data Breach
Content: A threat actor is offering for sale personally identifiable information belonging to Indonesian National Police (POLRI) officers, including full name, rank, assignment/unit, phone number, and email address. Sample records expose personnel across multiple regional police commands (Polda) throughout Indonesia. The dataset appears to contain a significant number of records beyond the samples shown.
Date: 2026-06-03T03:29:31Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78594
Screenshots:
1 screenshot(s) available
Threat Actors: 053o
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Indonesian National Police (POLRI)
Victim Site: polri.go.id
Alleged data breach of ENOC (Emirates National Oil Company)
Category: Data Breach
Content: A threat actor is selling an alleged database from enoc.com containing up to 580,000 contacts. Sample records include full names, phone numbers, email addresses, gender, date of birth, nationality, insurance type, and account activation dates. The seller is directing interested buyers to a Telegram contact for purchase.
Date: 2026-06-03T03:28:53Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78596
Screenshots:
1 screenshot(s) available
Threat Actors: Solana0011
Victim Country: United Arab Emirates
Victim Industry: Energy
Victim Organization: Emirates National Oil Company (ENOC)
Victim Site: enoc.com
Sale of 0day RCE exploit for Mozilla SpiderMonkey JS Engine
Category: Vulnerability
Content: A threat actor is offering for sale a claimed 0day remote code execution exploit targeting Mozillas SpiderMonkey JavaScript engine. The seller states the exploit chains two memory corruption vulnerabilities to achieve arbitrary shellcode execution. The asking price is $120,000.
Date: 2026-06-03T03:27:45Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-0day-Mozilla-SpiderMonkey-JS-Engine-RCE–78628
Screenshots:
1 screenshot(s) available
Threat Actors: berz0k
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Mozilla
Victim Site: mozilla.org
Alleged data breach of Eleonor.mx — Mexicos leading ambulatory EHR platform with 2.7M patient records
Category: Data Breach
Content: A threat actor is selling the alleged complete clinical database of Eleonor.mx, described as Mexicos leading ambulatory EHR platform. The dataset purportedly includes 2,704,652 patient records with full PHI/PII, 1,246,885 prescriptions, 448,944 timestamped consultations, 264,969 minor patients, and 184,842 verified national ID (CURP) numbers spanning 2020 through May 2026. The actor also claims active access including OAuth refresh tokens and Google Calendar read/write access for thousands of p
Date: 2026-06-03T03:27:07Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78632
Screenshots:
3 screenshot(s) available
Threat Actors: MedData
Victim Country: Mexico
Victim Industry: Healthcare
Victim Organization: Eleonor
Victim Site: eleonor.mx
Alleged data breach of Binance
Category: Data Breach
Content: A threat actor is selling an alleged Binance user database containing email addresses, hashed passwords, and KYC verification status for over 10,000 accounts. The data is offered for 7 XMR and delivered as a CSV file. The claim is unverified and Binance has not publicly confirmed any such breach.
Date: 2026-06-03T03:26:22Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78641
Screenshots:
1 screenshot(s) available
Threat Actors: orvyn01
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Binance
Victim Site: binance.com
Alleged data breach of Iberdrola
Category: Data Breach
Content: A threat actor is selling an alleged database belonging to Iberdrola, Spains largest energy group, claimed to have been hacked by RP. The dataset reportedly contains over 7 million customer records with a file size of 109.79 GB. A 1,000-record sample is offered alongside the full database.
Date: 2026-06-03T03:25:44Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78656
Screenshots:
1 screenshot(s) available
Threat Actors: gang
Victim Country: Spain
Victim Industry: Energy
Victim Organization: Iberdrola
Victim Site: iberdrola.es
Sale of Multiple Crypto and Financial Organization Databases
Category: Data Breach
Content: A threat actor is offering for sale or trade a large collection of databases from numerous cryptocurrency exchanges, financial platforms, and related services, including major entities such as Coinbase, CoinMarketCap, Celsius Network, Crypto.com, and others. The post lists over 100 individual databases with record counts ranging from hundreds to tens of millions of records per organization. The combined dataset represents a significant exposure of user data across the global crypto and financial…
Date: 2026-06-03T03:25:03Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78683
Screenshots:
4 screenshot(s) available
Threat Actors: vothan
Victim Country: Unknown
Victim Industry: Finance
Victim Organization: Unknown
Victim Site: Unknown
Sale of alleged SQL injection vulnerability or exploit targeting DarkForums
Category: Vulnerability
Content: A threat actor is advertising the sale of an alleged SQL injection exploit targeting DarkForums via Telegram. The post includes an image link purportedly showing proof of the vulnerability. No further technical details or price were specified in the post.
Date: 2026-06-03T03:24:23Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-darkforum-sql-inj-ibb-co-Kx4ct5Jy-selling-randomnigabotsss1bot-TELEGRAM–78704
Screenshots:
1 screenshot(s) available
Threat Actors: lmfao_ibb_co_Kx4ct5Jy
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: DarkForums
Victim Site: darkforums.su
Alleged data breach of Egyptian government domain exposing national ID card images
Category: Data Breach
Content: A threat actor claims to have exfiltrated a 2 GB archive of Egyptian national ID card images belonging to citizens and teachers from an unspecified Egyptian government domain. The actor is offering the data for sale via Telegram and has published a sample download link. The breach is alleged to have occurred in 2026.
Date: 2026-06-03T03:23:15Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78715
Screenshots:
1 screenshot(s) available
Threat Actors: Anonymous2090
Victim Country: Egypt
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Sale of Telegram-based P1 bot with VoIP phishing campaign features
Category: Phishing
Content: A threat actor is offering for sale a Telegram-based P1 bot along with its source code, designed to conduct automated VoIP phishing (vishing) campaigns. The tool supports configurable concurrent calls, custom caller IDs, campaign modes, CSV contact uploads, and press-1 lead capture. The seller claims the source code includes a pre-configured Asterisk setup and accepts trusted escrow for transactions.
Date: 2026-06-03T03:22:38Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78721
Screenshots:
1 screenshot(s) available
Threat Actors: nicenicenice
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Bolivia Ministry of Health Unified Health System (SUS)
Category: Data Breach
Content: A threat actor claims to have breached the Bolivian Unified Health System (SUS) and extracted 8,469,080 records in SQL format. The dataset includes national ID numbers, full names, dates of birth, sex, marital status, nationality, address details, and phone numbers of enrolled individuals. The data is being offered for sale on a dark web forum.
Date: 2026-06-03T03:21:13Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78754
Screenshots:
1 screenshot(s) available
Threat Actors: konata_izumi_shell
Victim Country: Bolivia
Victim Industry: Healthcare
Victim Organization: Ministry of Health Bolivia – Unified Health System (SUS)
Victim Site: Unknown
Alleged data breach of undisclosed US shipping company exposing hardware wallet buyer records
Category: Data Breach
Content: A threat actor claims to be selling a dataset of 70,927 US-based buyers of Ledger and Trezor hardware wallets, allegedly extracted from a major shipping companys internal database. The data covers purchases made between January and May 2026 and is offered as a cleaned, deduplicated Excel file. The records likely include personally identifiable information of cryptocurrency hardware wallet purchasers, making them high-value targets for social engineering and theft.
Date: 2026-06-03T03:19:25Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78768
Screenshots:
1 screenshot(s) available
Threat Actors: Euphoric_Reply_5727
Victim Country: United States
Victim Industry: Logistics
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of 2M records from Tianyancha (Chinese technology service)
Category: Data Breach
Content: Breachforums user mr-hanz-xploit is advertising the sale of approximately 2 million records allegedly from Tianyancha.com, a Chinese technology/business intelligence service. The listing indicates a data breach with stolen records being offered for sale on underground forums.
Date: 2026-06-03T02:43:20Z
Network: telegram
Published URL: https://t.me/DeepCoreNetwork/344
Screenshots:
2 screenshot(s) available
Threat Actors: mr-hanz-xploit
Victim Country: China
Victim Industry: Technology/Business Intelligence
Victim Organization: Tianyancha
Victim Site: tianyancha.com
Sale of alleged database from Tianyancha (tianyancha.com) with 2 million records
Category: Data Breach
Content: A threat actor is offering for sale an alleged database from Tianyancha (tianyancha.com), a Chinese business intelligence and corporate data platform, claiming approximately 2 million records. The post provides minimal detail beyond a sample and contact instructions. The nature and contents of the data have not been independently verified.
Date: 2026-06-03T02:42:02Z
Network: openweb
Published URL: https://breached.su/threads/sell-technology-service-2m-china-tianyancha-com-2m.87835/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Mr. Hanz Xploit
Victim Country: China
Victim Industry: Technology
Victim Organization: Tianyancha
Victim Site: tianyancha.com
Alleged ShinyHunters Threat Actor Profile and Contact Information
Category: Cyber Attack
Content: ShinyHunters threat actor group has disclosed their official domain (shinyhunters.ru), breach forum profile, session ID, email contact ([email protected]), XMPP contact ([email protected]), and support contact handle (@shsupportsh). This represents active threat actor infrastructure and communication endpoints.
Date: 2026-06-03T02:18:26Z
Network: telegram
Published URL: https://t.me/c/3500620464/9066
Screenshots:
1 screenshot(s) available
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of Fullz, Payment Card Dumps, and Identity Documents on Criminal Forum
Category: Carding
Content: A threat actor operating under the alias silasclark is advertising a wide range of fraudulent goods and stolen personal data on a cracking forum, including fullz (SSN, DOB, DL, NIN, SIN), payment card dumps with PIN (Track 101 and 202), KYC-bypass documents (passports, IDs with selfies/video), and various lead databases spanning multiple countries. Additional offerings include tax return fullz, Medicare leads, childrens fullz (2013–2025), and fake corporate documents for LLC/LTD/EIN entities.
Date: 2026-06-03T01:57:18Z
Network: openweb
Published URL: https://crackingx.com/threads/77746/
Screenshots:
1 screenshot(s) available
Threat Actors: silasclark
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Sale of initial access to Farmex Freshia Trading LLC (Globiro) ecommerce platform
Category: Initial Access
Content: A threat actor claims to have fully compromised Globiro, an ecommerce grocery management system operated by Farmex Freshia Trading LLC in the UAE. The actor is offering full system and data access for sale at $100, including customer PII (names, addresses, phone numbers, emails), order details, invoices, and admin dashboard access with editing permissions. The post includes a claimed proof of hack.
Date: 2026-06-03T01:56:30Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-RDP-UAE-ECOMMERCE-GROCERY-STORE-HACKED
Screenshots:
1 screenshot(s) available
Threat Actors: blacknet00
Victim Country: United Arab Emirates
Victim Industry: Retail
Victim Organization: Farmex Freshia Trading LLC
Victim Site: globiro.com
Alleged Cyber Attack on Heartland Free Church NAS Server
Category: Cyber Attack
Content: A threat actor claims to have breached a NAS server belonging to Heartland Free Church in the United States by exploiting a null session vulnerability via SMB. The actor alleges exfiltration of financial records, identity documents, server credentials, network configurations, and personal files belonging to approximately 25 employees and volunteers. The post offers stolen data and access for sale and notes the presence of trojan malware on the compromised server.
Date: 2026-06-03T01:54:45Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-HEARTLAND-FREE-CHURCH-SERVERS-BREACHED
Screenshots:
1 screenshot(s) available
Threat Actors: blacknet00
Victim Country: United States
Victim Industry: Religious Institution
Victim Organization: Heartland Free Church
Victim Site: Unknown
Alleged data breach of Tianya (tianye.net) exposing 127 million user records
Category: Data Breach
Content: A threat actor claims to have exfiltrated over 127 million rows of user data from Tianya (tianya.net), a large Chinese online community, on June 1, 2026. The actor alleges the breach was conducted by exploiting launch-day DDoS chaos to mask low-frequency probing, ultimately gaining database access via a weak privileged account and exfiltrating records containing usernames, password hashes, and registration emails. A memory-resident backdoor is claimed to have been left on compromised infrastruct…
Date: 2026-06-03T01:52:04Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-SELLING-China-2026-6-1-tianye-net-Hackers-Memoir-Tianya-Twelve-Hours
Screenshots:
1 screenshot(s) available
Threat Actors: ChinaTomchent
Victim Country: China
Victim Industry: Technology
Victim Organization: Tianya
Victim Site: tianya.net
Sale of stolen payment cards, EBT cards, and card dumps with PINs
Category: Carding
Content: A threat actor is offering stolen EBT cards with PINs, debit and credit cards, and card dumps with PINs for sale via WhatsApp and TextNow. The seller claims all cards carry good balances. Contact is made through personal messaging channels.
Date: 2026-06-03T01:23:33Z
Network: openweb
Published URL: https://altenens.is/threads/whatsapp-1-681-313-5442-got-valid-ebt-pin-track-debit-cards-auto-adds-credit-cards-dumps-pin-all-coming-with-good-balances-inbox.2947992/unread
Screenshots:
1 screenshot(s) available
Threat Actors: RICHOFccS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Homzmart database
Category: Data Leak
Content: A threat actor claims to have leaked the full database of Homzmart, an e-commerce platform, including customer records, addresses, sales orders, payment data, and seller information. The dump consists of two SQL files totaling approximately 4.6GB, containing an estimated 9 million records across multiple tables including seller bank accounts and business information. The data is made available via a hidden download link on the forum.
Date: 2026-06-03T01:09:10Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78617
Screenshots:
1 screenshot(s) available
Threat Actors: hackformetome
Victim Country: Egypt
Victim Industry: Retail
Victim Organization: Homzmart
Victim Site: homzmart.com
Alleged Data Leak of Indonesian National Police Database
Category: Data Leak
Content: A threat actor known as V0idix has freely distributed an alleged database of 341,800 records from the Indonesian National Police. The dataset, provided in CSV format, contains personnel information including rank, name, unit, phone number, and email address. The actor claims the release is retaliatory, following what they allege was a wrongful arrest by Indonesian authorities.
Date: 2026-06-03T01:08:33Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78626
Screenshots:
1 screenshot(s) available
Threat Actors: V0idix
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Indonesian National Police
Victim Site: Unknown
Alleged Data Leak of CEMIG (IBM Watson AI Agent Dump)
Category: Data Leak
Content: A threat actor claims to have taken control of CEMIGs IBM Watson AI agent and exported conversation data spanning September 2022 to April 2026. A partial dump (~0.7% of the full 72GB compressed dataset) has been freely released, containing approximately 474,519 unique PII entries including CPFs, phone numbers, emails, and full customer conversation records. The released sample includes names, Brazilian tax IDs (CPF), contact details, and internal SIP/telephony infrastructure metadata.
Date: 2026-06-03T01:07:53Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78710
Screenshots:
1 screenshot(s) available
Threat Actors: V0idix
Victim Country: Brazil
Victim Industry: Energy
Victim Organization: CEMIG
Victim Site: cemig.com.br
Alleged data breach of Chinas National Supercomputing Center (NSCC) with claimed military and aerospace research leak
Category: Data Leak
Content: A threat actor claims to have exfiltrated over 10 petabytes of data from Chinas National Supercomputing Center in Tianjin and linked high-performance computing clusters associated with AVIC, COMAC, and Chinese space programs. The alleged dataset includes simulation data, design files, satellite telemetry, and classified military-aerospace research spanning stealth technology, gravitational wave sensors, and bunker-buster modeling. The actor claims proof files including directory listings and te
Date: 2026-06-03T01:07:31Z
Network: tor
Published URL: http://pwnfrm7rbf6kyerigxi677lcz5ifmoagdbqqknwdu2by27wfdst5qmqd.onion/Thread-CHINA-NSCC-SUPERCOMPUTING-BREACH-%E2%80%93-10-PETABYTES-OF-CLASSIFIED-MILITARY-HUGE-LEAK
Screenshots:
3 screenshot(s) available
Threat Actors: tolerantcyber2
Victim Country: China
Victim Industry: Government
Victim Organization: National Supercomputing Center (NSCC)
Victim Site: Unknown
Alleged data leak of Nissan Motor Co., Ltd. by Everest ransomware group
Category: Data Leak
Content: The Everest ransomware group claims to have exfiltrated approximately 910 GB of data from an IT contractors FTP servers supporting the Nissan and Infiniti dealer network in North America, after Nissan allegedly failed to meet ransom demands. The leaked dataset reportedly contains over 2,352,984 customer records spanning 2013 to January 2026, including full names, email addresses, phone numbers, physical addresses, and dealer information across 1,211 CSV files. Access was reportedly gained using
Date: 2026-06-03T01:07:15Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78737
Screenshots:
1 screenshot(s) available
Threat Actors: V0idix
Victim Country: Japan
Victim Industry: Automotive
Victim Organization: Nissan Motor Co., Ltd.
Victim Site: nissan.co.jp
Alleged data breach of Instituto Nacional de Migración (INM) Mexico
Category: Data Breach
Content: A threat actor is offering for sale an alleged database from Mexicos Instituto Nacional de Migración (INM) containing approximately 1 million records. The dataset reportedly includes highly sensitive personal, biometric, and immigration-related fields such as full name, date of birth, CURP, RFC, passport number, judicial orders, detention history, deportation resolutions, and biometric hashes. A sample has been published via an external file-sharing link.
Date: 2026-06-03T01:07:06Z
Network: openweb
Published URL: https://breached.su/threads/for-sale-inm-mx-database.87834/unread
Screenshots:
1 screenshot(s) available
Threat Actors: Black0ut_Exi
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Instituto Nacional de Migración (INM)
Victim Site: inm.gob.mx
Website Defacement of Beach House Realty by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the attacker known as chinafans, affiliated with 0xteam, defaced the Australian real estate website beachhouserealty.com.au. The defacement targeted a specific file path (0x.txt) and was not classified as a mass or home page defacement. The incident was recorded and mirrored by zone-xsec.com.
Date: 2026-06-03T00:57:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930987
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Australia
Victim Industry: Real Estate
Victim Organization: Beach House Realty
Victim Site: beachhouserealty.com.au
Website Defacement of Garage Door Pro Solutions by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, threat actor chinafans operating under the group 0xteam defaced the website of Garage Door Pro Solutions, a home services company likely based in the United States. The attack was a targeted single-site defacement with no indication of mass or repeated defacement activity. The incident was archived and mirrored via zone-xsec.com for record-keeping purposes.
Date: 2026-06-03T00:56:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931002
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Home Services / Construction
Victim Organization: Garage Door Pro Solutions
Victim Site: garagedoorprosolutions.com
Website Defacement of insightpicz.me by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website insightpicz.me, leaving a text-based defacement file at the path /0x.txt. The incident was a targeted, single-site defacement with no mass or re-defacement indicators. Limited technical details are available regarding the server environment or attack vector used.
Date: 2026-06-03T00:55:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930986
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: insightpicz.me
Website Defacement of validee.be by chinafans (0xteam)
Category: Defacement
Content: The website validee.be, a Belgian domain, was defaced by threat actor chinafans operating under the group 0xteam on June 3, 2026. The defacement was recorded as a single targeted incident, not classified as a mass or home page defacement. A mirror of the defaced content was archived by zone-xsec.com for documentation purposes.
Date: 2026-06-03T00:54:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931006
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Belgium
Victim Industry: Unknown
Victim Organization: Validee
Victim Site: validee.be
Website Defacement of Comforthouse by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans, operating under the team 0xteam, defaced the Pakistani home furnishings website comforthouse.pk on June 3, 2026. The defacement targeted a specific file path (0x.txt) rather than the homepage, indicating a targeted file drop rather than a full site takeover. The incident was recorded and mirrored by zone-xsec.com.
Date: 2026-06-03T00:54:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930989
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Pakistan
Victim Industry: Retail / Home Furnishings
Victim Organization: Comfort House
Victim Site: comforthouse.pk
Website defacement of tiger4india.com by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website tiger4india.com by uploading a defacement file at tiger4india.com/0x.txt. The attack appears to be a targeted single-site defacement, with the attacker leaving their signature on the compromised web server. The incident was archived and mirrored by zone-xsec.com for threat intelligence purposes.
Date: 2026-06-03T00:53:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931003
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: India
Victim Industry: Unknown
Victim Organization: Tiger4India
Victim Site: tiger4india.com
Website Defacement of dapper.black by chinafans (0xteam)
Category: Defacement
Content: The website dapper.black was defaced by threat actor chinafans, operating under the group 0xteam, on June 3, 2026. The attacker replaced or altered web content at the path /0x.txt as part of the defacement activity. No specific motive, server details, or proof of compromise were disclosed in the available intelligence.
Date: 2026-06-03T00:52:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931013
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Dapper Black
Victim Site: dapper.black
Website Defacement of Artisitiy by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website artisitiy.com was defaced by threat actor chinafans, operating under the group 0xteam. The defacement was a targeted single-site attack, leaving a text-based proof of compromise at the path /0x.txt. No specific motive or additional technical details were disclosed.
Date: 2026-06-03T00:51:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930994
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Arts and Entertainment
Victim Organization: Artisitiy
Victim Site: artisitiy.com
Website Defacement of TPP Landscape Services by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, threat actor chinafans operating under the group 0xteam defaced the website of TPP Landscape Services, a landscaping company likely based in the United States. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity. A mirror of the defaced page was archived at zone-xsec.com.
Date: 2026-06-03T00:51:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930990
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Landscaping / Horticulture Services
Victim Organization: TPP Landscape Services
Victim Site: tpplandscapeservices.com
Website Defacement of Smart Campus Plus by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans, operating under the group 0xteam, defaced the website smartcampusplus.com on June 3, 2026. The targeted domain suggests the victim is associated with smart campus or educational technology services. This was a targeted single-site defacement with no mass or re-defacement indicators reported.
Date: 2026-06-03T00:50:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931015
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Education Technology
Victim Organization: Smart Campus Plus
Victim Site: smartcampusplus.com
Website Defacement of Baggyco by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website baggyco.com was defaced by threat actor chinafans operating under the group 0xteam. The attacker planted a defacement file at baggyco.com/0x.txt, consistent with the teams naming convention. The incident was a targeted single-site defacement with no mass or repeated defacement indicators noted.
Date: 2026-06-03T00:49:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931017
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Retail/Fashion
Victim Organization: Baggyco
Victim Site: baggyco.com
Website Defacement of iwaf.world by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website iwaf.world by uploading a defacement file at the path /0x.txt. The incident was a targeted, non-mass defacement with no specific reason disclosed. The defacement was archived and mirrored via zone-xsec.com.
Date: 2026-06-03T00:48:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930999
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: iWAF
Victim Site: iwaf.world
Website Defacement of Drinking Water Solutions by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website of Drinking Water Solutions, a water treatment and environmental services company based in Mexico. The attack was a targeted single-site defacement, with a mirror of the defaced page archived at zone-xsec.com. No specific motive or vulnerability details were disclosed in connection with the incident.
Date: 2026-06-03T00:48:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931007
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Mexico
Victim Industry: Water Treatment / Environmental Services
Victim Organization: Drinking Water Solutions
Victim Site: drinkingwatersolutions.mx
Website Defacement of Gelato Flos by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website gelatoflos.com was defaced by threat actor chinafans operating under the group 0xteam. The attacker placed a defacement file at the path /0x.txt, a common technique used to demonstrate unauthorized access. This was not identified as a mass or home page defacement, suggesting a targeted file-level intrusion.
Date: 2026-06-03T00:47:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930982
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Food and Beverage
Victim Organization: Gelato Flos
Victim Site: gelatoflos.com
Website Defacement of United Plumbing by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the Australian plumbing services website united-plumbing.com.au was defaced by threat actor chinafans, operating under the group 0xteam. The attacker uploaded a defacement file (0x.txt) to the target web server. The incident was recorded as a singular, non-mass defacement with no prior redefacement history.
Date: 2026-06-03T00:46:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931000
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Australia
Victim Industry: Construction & Trades (Plumbing Services)
Victim Organization: United Plumbing
Victim Site: united-plumbing.com.au
Website Defacement of babystukitaki.com by chinafans (0xteam)
Category: Defacement
Content: The website babystukitaki.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement was recorded on June 3, 2026, with a mirror of the defaced content archived at zone-xsec.com. No specific motive, server details, or targeted infrastructure details were disclosed in connection with this incident.
Date: 2026-06-03T00:45:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930992
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Baby Stukitaki
Victim Site: babystukitaki.com
Alleged sale of RDP access and compromised cloud infrastructure credentials
Category: Initial Access
Content: Threat actor offering rental access to RDP servers hosted on Azure, AWS, and Digital Ocean for $200 daily/monthly rates. Also advertising compromised email accounts (domain mail, Gmail, Yahoo), GitHub Student accounts, and legitimate service subscriptions (ChatGPT Plus, Claude 20x, ElevenLabs Creator Plan) at discounted prices. Escrow service offered.
Date: 2026-06-03T00:45:46Z
Network: telegram
Published URL: https://t.me/c/2613583520/96130
Screenshots:
1 screenshot(s) available
Threat Actors: PORTAL
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website Defacement of Motivational Mantra by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website motivationalmantra.com was defaced by threat actor chinafans, operating under the group 0xteam. The attacker uploaded a defacement file at the path /0x.txt, consistent with targeted single-site defacement activity. No specific motive or technical details regarding the server environment were disclosed.
Date: 2026-06-03T00:45:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930988
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Media / Personal Development
Victim Organization: Motivational Mantra
Victim Site: motivationalmantra.com
Website Defacement of InnovaIPA by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website innovaipa.com was defaced by threat actor chinafans operating under the group 0xteam. The attacker uploaded a defacement file at the path /0x.txt, consistent with the teams naming convention. No specific motive or vulnerability details were disclosed for this targeted defacement.
Date: 2026-06-03T00:44:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931011
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: InnovaIPA
Victim Site: innovaipa.com
Website Defacement of thetransformationchix.com by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor known as chinafans, affiliated with 0xteam, defaced the website thetransformationchix.com. The incident was a targeted, single-site defacement with no mass or repeat defacement indicators. No specific motive or server details were disclosed.
Date: 2026-06-03T00:43:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930997
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Health & Wellness / Lifestyle
Victim Organization: The Transformation Chix
Victim Site: thetransformationchix.com
Website Defacement of FSI Mozambique by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, threat actor chinafans operating under the group 0xteam defaced a web resource hosted on fsi.co.mz, a domain associated with a financial services entity in Mozambique. The defacement was a targeted single-site attack, with no indication of mass or repeated defacement activity. The incident was archived and mirrored via zone-xsec.com.
Date: 2026-06-03T00:42:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/931008
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Mozambique
Victim Industry: Financial Services
Victim Organization: FSI Mozambique
Victim Site: fsi.co.mz
Website Defacement of Gifted Health by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans, operating under the group 0xteam, defaced the website giftedhealth.com on June 3, 2026. The defacement targeted a specific file path (0x.txt) rather than the homepage, indicating a targeted file-level compromise. No specific motive or technical details regarding the server infrastructure were disclosed.
Date: 2026-06-03T00:42:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930983
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Gifted Health
Victim Site: giftedhealth.com
Website Defacement of NZ Wholesale by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor operating under the alias chinafans, affiliated with 0xteam, defaced a page on nzwholesale.co.nz, a New Zealand-based wholesale business. The defacement was a targeted single-site incident, not part of a mass defacement campaign. No specific motivation or server details were disclosed in the available intelligence.
Date: 2026-06-03T00:41:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930978
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: New Zealand
Victim Industry: Wholesale/Retail
Victim Organization: NZ Wholesale
Victim Site: nzwholesale.co.nz
Website Defacement of IGI Nigeria by chinafans (0xteam)
Category: Defacement
Content: The website iginigeria.com was defaced by threat actor chinafans, operating under the group 0xteam, on June 3, 2026. The defacement was a targeted single-site attack, with the defaced content hosted at iginigeria.com/0x.txt. A mirror of the defacement was archived via zone-xsec.com.
Date: 2026-06-03T00:35:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930849
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Nigeria
Victim Industry: Unknown
Victim Organization: IGI Nigeria
Victim Site: iginigeria.com
Website Redefacement of Brandlux by chinafans (0xteam)
Category: Defacement
Content: The website brandlux.shop was redefaced by threat actor chinafans, operating under the group 0xteam, on June 3, 2026. This incident marks a redefacement, indicating the attacker had previously compromised the same target. The defacement was not classified as a mass or homepage defacement, suggesting a targeted file-level intrusion.
Date: 2026-06-03T00:34:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930852
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Retail/E-Commerce
Victim Organization: Brandlux
Victim Site: brandlux.shop
Website Redefacement of Ebb and Flow by chinafans (0xteam)
Category: Defacement
Content: The website ebbandflow.co.nz, a New Zealand-based organization, was redefaced by threat actor chinafans operating under the group 0xteam on June 3, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised by the same or a different attacker. The defacement was recorded and mirrored by zone-xsec.com under mirror ID 930828.
Date: 2026-06-03T00:33:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930828
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: New Zealand
Victim Industry: Unknown
Victim Organization: Ebb and Flow
Victim Site: ebbandflow.co.nz
Website Redefacement of UAE NLP Academy by chinafans (0xteam)
Category: Defacement
Content: The website uaenlpacademy.com was defaced by threat actor chinafans operating under the group 0xteam on June 3, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised and targeted again. The defacement was recorded and mirrored by zone-xsec.com under mirror ID 930848.
Date: 2026-06-03T00:33:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930848
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United Arab Emirates
Victim Industry: Education / Training
Victim Organization: UAE NLP Academy
Victim Site: uaenlpacademy.com
Alleged data breach of Instagram with 17M+ US user records offered for sale
Category: Data Breach
Content: A threat actor is offering for sale an alleged Instagram database containing 17M+ user records in a 1.3GB file. The dataset reportedly includes usernames, user IDs, phone numbers, emails, locations, and names. The seller claims the data was obtained via trade and states they verified its authenticity against a live account.
Date: 2026-06-03T00:32:31Z
Network: openweb
Published URL: https://cracked.st/Thread-INST4GR4M-2O26-US3R-D4T4B4SE-L3AK-17M-USERS-1-3GB-FOR-SALE
Screenshots:
1 screenshot(s) available
Threat Actors: tennezza
Victim Country: United States
Victim Industry: Technology
Victim Organization: Instagram
Victim Site: instagram.com
Website Defacement of Wangamukulu Kingdom by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans, operating under the group 0xteam, defaced the website of Wangamukulu Kingdom on June 3, 2026. The targeted file was wangamukulukingdom.org/0x.txt, indicating a direct file placement defacement rather than a full homepage takeover. The incident was a singular, non-mass defacement with no prior redefacement history recorded.
Date: 2026-06-03T00:32:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930827
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Cultural/Community Organization
Victim Organization: Wangamukulu Kingdom
Victim Site: wangamukulukingdom.org
Website Defacement of Indy Travel Club by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website indytravelclub.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement targeted a travel club website, with the defaced content accessible at the path /0x.txt. The incident was a targeted single-site defacement, not part of a mass defacement campaign.
Date: 2026-06-03T00:31:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930825
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Travel and Tourism
Victim Organization: Indy Travel Club
Victim Site: indytravelclub.com
Website Defacement of Maxxima Travel by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the Brazilian travel agency website maxximastravel.com.br. The defacement targeted a specific file path (/0x.txt) and was neither a mass nor a home page defacement, suggesting a targeted file-level compromise. The incident was archived via zone-xsec.com with mirror ID 930856.
Date: 2026-06-03T00:30:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930856
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Brazil
Victim Industry: Travel and Tourism
Victim Organization: Maxxima Travel
Victim Site: maxximastravel.com.br
Website Redefacement of Italian Accounting/Tax Professional Site by chinafans (0xteam)
Category: Defacement
Content: A threat actor using the handle chinafans, affiliated with 0xteam, conducted a redefacement of an Italian accounting professionals website on June 3, 2026. This incident is classified as a redefacement, indicating the site had been previously compromised by the same or another actor. No specific motivation or technical details regarding the server infrastructure were disclosed.
Date: 2026-06-03T00:30:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930841
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Italy
Victim Industry: Professional Services / Accounting
Victim Organization: Studio Commercialista Dottoressa Rosset
Victim Site: commercialistadottoressarosset…
Website Defacement of VOV Media by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the Vietnamese media website vovmedia.com.vn was defaced by threat actor chinafans, operating under the group 0xteam. The attacker planted a defacement file at the path /0x.txt on the target server. The incident was a targeted single-site defacement with no indication of mass or repeated compromise.
Date: 2026-06-03T00:29:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930835
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Vietnam
Victim Industry: Media & Broadcasting
Victim Organization: VOV Media
Victim Site: vovmedia.com.vn
Website Defacement of 44andmore.nl by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the Dutch website 44andmore.nl by uploading a defacement file at the path /0x.txt. The incident was a targeted, single-site defacement with no mass defacement or redefacement indicators noted.
Date: 2026-06-03T00:28:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930850
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Netherlands
Victim Industry: Unknown
Victim Organization: 44andmore
Victim Site: 44andmore.nl
Website Defacement of Elder Productions by chinafans (0xteam)
Category: Defacement
Content: The website elderproductions.com was defaced by threat actor chinafans, operating under the group 0xteam, on June 3, 2026. The defacement targeted a specific file path (0x.txt) rather than the sites homepage, suggesting a targeted file-level intrusion. The incident was recorded as a single, non-mass defacement with a mirror archived at zone-xsec.com.
Date: 2026-06-03T00:28:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930833
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Entertainment / Media Production
Victim Organization: Elder Productions
Victim Site: elderproductions.com
Website Defacement of Rede Cidades Resendenses by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor known as chinafans, operating under the group 0xteam, defaced the website redecidadesresendenses.com, a regional community network associated with Resende, Brazil. The incident was a targeted single-site defacement with no indication of mass or repeated defacement activity. Server and infrastructure details were not disclosed in the available data.
Date: 2026-06-03T00:27:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930855
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Brazil
Victim Industry: Community / Regional Network
Victim Organization: Rede Cidades Resendenses
Victim Site: redecidadesresendenses.com
Website Defacement of bradleypthomas.com by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website bradleypthomas.com was defaced by a threat actor using the handle chinafans, operating under the group 0xteam. The defacement targeted a specific file path (/0x.txt) rather than the homepage, indicating a targeted file-level compromise. The incident was recorded and mirrored by zone-xsec.com.
Date: 2026-06-03T00:26:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930836
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Bradley P. Thomas
Victim Site: bradleypthomas.com
Alleged data breach of Beach Houses Mauritius
Category: Data Breach
Content: A threat actor claims to be selling a database dump from beachhousesmauritius.com, a property rental and hospitality platform serving the Mauritius market. The alleged dataset contains approximately 2,876,619 records sourced from a Vtiger CRM deployment, including contact details, account records, email data, lead addresses, and activity-tracking information. The original SQL file is reported at approximately 44 MB compressed.
Date: 2026-06-03T00:26:05Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78680
Screenshots:
2 screenshot(s) available
Threat Actors: Cryptix
Victim Country: Mauritius
Victim Industry: Real Estate
Victim Organization: Beach Houses Mauritius
Victim Site: beachhousesmauritius.com
Website Redefacement of VNC International by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans, operating under the group 0xteam, carried out a redefacement of vnc-international.com on June 3, 2026. This incident marks a repeated compromise of the target, indicating the vulnerability was not fully remediated following a prior attack. The defacement was a targeted, non-mass attack with a mirror archived at zone-xsec.com.
Date: 2026-06-03T00:25:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930821
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: VNC International
Victim Site: vnc-international.com
Alleged data breach of carsworld.id Indonesian automotive marketplace
Category: Data Breach
Content: A threat actor known as Cryptix claims to have obtained and is sharing the carsworld.id SQL database containing approximately 213,303 merchant records from an Indonesian automotive services marketplace. The leaked data includes business names, contact details (email, phone, WhatsApp), geolocation data, operating hours, ratings, and workshop owner login session data including device, IP, and user agent information. The database is distributed as a SQL dump file of approximately 2.88 MB.
Date: 2026-06-03T00:25:22Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78686
Screenshots:
1 screenshot(s) available
Threat Actors: Cryptix
Victim Country: Indonesia
Victim Industry: Retail
Victim Organization: carsworld.id
Victim Site: carsworld.id
Website Defacement of Advanced Flooring Inc by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor known as chinafans, operating under the team 0xteam, defaced the website of Advanced Flooring Inc, a flooring services company likely based in the United States. The defacement was a targeted single-site attack, with the malicious content hosted at the path /0x.txt. No specific motive or server details were disclosed.
Date: 2026-06-03T00:25:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930854
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Construction / Home Improvement
Victim Organization: Advanced Flooring Inc
Victim Site: advancedflooringinc.com
Website Defacement of agtest.com.br by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the Brazilian website agtest.com.br was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement targeted a specific file path (0x.txt) rather than the homepage, indicating a targeted file-level intrusion. No specific motive or server details were disclosed in connection with this incident.
Date: 2026-06-03T00:24:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930840
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: AG Test
Victim Site: agtest.com.br
Alleged data breach of Instituto Tecnológico Superior de Huichapan
Category: Data Breach
Content: A threat actor is selling a 22.7 MB SQL database (16 files) allegedly stolen from Instituto Tecnológico Superior de Huichapan, a Mexican technical university. The dataset includes student records with names, majors, phone numbers, email addresses, CURP national identity numbers, blood types, and student IDs. The inclusion of CURP identifiers makes this a sensitive personal data exposure affecting students.
Date: 2026-06-03T00:24:07Z
Network: openweb
Published URL: https://darkforums.su/showthread.php?tid=78758
Screenshots:
1 screenshot(s) available
Threat Actors: DN07
Victim Country: Mexico
Victim Industry: Education
Victim Organization: Instituto Tecnológico Superior de Huichapan
Victim Site: Unknown
Alleged data leak of Indonesian Military (TNI) database
Category: Data Leak
Content: A forum post on Breached claims to leak a database associated with the Indonesian National Armed Forces (TNI), based on the thread title referencing MIL TNI MIL. No post content was available to confirm the nature, size, or authenticity of the alleged leak.
Date: 2026-06-03T00:24:01Z
Network: openweb
Published URL: https://breached.su/threads/leak-database-mil-tni-mil.87833/unread
Screenshots:
1 screenshot(s) available
Threat Actors: AlixploitCapung
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: Indonesian National Armed Forces (TNI)
Victim Site: tni.mil.id
Website Defacement of Korbiel.pl by chinafans (0xteam)
Category: Defacement
Content: The website korbiel.pl was defaced by a threat actor known as chinafans, operating under the group 0xteam, on June 3, 2026. The defacement was a targeted, single-site attack rather than a mass or repeated defacement. A mirror of the defaced page was archived at zone-xsec.com.
Date: 2026-06-03T00:23:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930820
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Korbiel
Victim Site: korbiel.pl
Website Defacement of nhathautrongoi.vn by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, a threat actor operating under the handle chinafans and affiliated with 0xteam defaced the Vietnamese website nhathautrongoi.vn, leaving a defacement file at the path /0x.txt. The incident was a targeted single-site defacement with no mass or repeat defacement indicators noted.
Date: 2026-06-03T00:22:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930847
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Vietnam
Victim Industry: Construction / Real Estate
Victim Organization: Nha Hau Trong Goi
Victim Site: nhathautrongoi.vn
Website Defacement of nin.org.uk by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website nin.org.uk was defaced by threat actor chinafans, operating under the group 0xteam. The attacker uploaded a defacement file (0x.txt) to the target domain. This was a targeted single-site defacement with no mass or redefacement indicators noted.
Date: 2026-06-03T00:22:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930858
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: United Kingdom
Victim Industry: Non-Profit / Organization
Victim Organization: National Institute of Nutrition (NIN)
Victim Site: nin.org.uk
Website Defacement of Indiajara by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the website indiajara.com was defaced by a threat actor known as chinafans, operating under the group 0xteam. The defacement was a targeted single-site incident, with a mirror of the defaced page archived at zone-xsec.com. No specific motive, server details, or proof-of-concept were disclosed in connection with this attack.
Date: 2026-06-03T00:21:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930837
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Indiajara
Victim Site: indiajara.com
Website defacement of Rules of the Road Australia by chinafans (0xteam)
Category: Defacement
Content: On June 3, 2026, the Australian road safety and driver education website rulesoftheroad.com.au was defaced by threat actor chinafans, operating under the group 0xteam. The attacker uploaded a defacement file (0x.txt) to the web server. The incident was a targeted, single-site defacement with no indication of mass or repeated compromise.
Date: 2026-06-03T00:20:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/930839
Screenshots:
1 screenshot(s) available
Threat Actors: chinafans, 0xteam
Victim Country: Australia
Victim Industry: Education / Traffic Safety
Victim Organization: Rules of the Road Australia
Victim Site: rulesoftheroad.com.au