[March-17-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This report details a concentrated surge of global cybersecurity incidents recorded on March 17, 2026. The threat landscape during this period was highly volatile, characterized by massive automated defacement campaigns, the sale of unauthorized initial access to global infrastructure, and critical data breaches impacting the healthcare, government, and defense sectors. Threat actors utilized a combination of mass server exploitation, credential leaking, and targeted exfiltration to compromise a wide array of victims across multiple continents.

2. Primary Threat Actor Profiles & Campaigns

Garuda Security: The Indonesian Mass Defacement Campaign

Garuda Security executed a widespread, highly coordinated mass defacement campaign predominantly targeting Indonesian web infrastructure.

Target Sectors: The group heavily targeted educational institutions (such as STIES Babus Salam and MIN 3 Madiun) and local media/news websites.
Technical Footprint: The campaigns largely exploited vulnerabilities on Linux-based web servers to alter web content, often affecting staging environments, subdomains, e-learning platforms, and digital libraries.
Modus Operandi: The attacks were part of a broader, automated operation rather than isolated, targeted intrusions against specific single organizations.

Z-BL4CX-H4T: Global Multi-Industry Defacement

The threat actor Z-BL4CX-H4T demonstrated a high operational tempo, defacing dozens of websites internationally on the same day.

Geographic Reach: The group successfully targeted organizations in Canada, the USA, and India.
Target Sectors: Victims spanned multiple industries, including construction (WCI Contracting Ltd., 5K Construction), healthcare (PetMedicity), legal services (Amex Immigration Services), and non-profits (Circle of Hope).

NyxarGroup: The Colombian Healthcare Extortionist

NyxarGroup focused heavily on the Colombian healthcare sector, executing multiple high-impact data breaches.

Victims & Scope: The group claimed to have breached Macromed Coop (23,000 records), IPS Especializada (160,000 records), Cooemssanar IPS (340,000 records), Hospital Regional de Moniquira (470,000 records), Colsubsidio (1.1 million records), and Clínica Panamericana (1.5 million records).
Data Compromised: The exfiltrated datasets uniformly contained highly sensitive personally identifiable information (PII) and protected health information (PHI), including names, phone numbers, identification numbers, appointment records, and detailed medical histories.

blackwinter99: The Initial Access Broker

Operating on open web forums (specifically darkforums.su), blackwinter99 acted as a prolific Initial Access Broker (IAB).

Commodity Sold: The actor specialized in selling unauthorized administrative access to various organizational platforms.
Victimology: Targets included the Engineering Institute of Technology (Australia), Car Check DOO (Serbia), Timedoor Academy (Indonesia), University of South Africa, and ButtonMakers (USA).

Rakyat Digital Crew: CMS Credential Harvester

This group focused entirely on leaking administrative credentials for content management systems.

Operation: The group leaked WordPress administrator credentials for multiple global domains via Telegram.
Victims: Targets included the Home Care Committee Covid-19 (Italy), Institut Teknologi Sepuluh Nopember (Indonesia), and Green Planet Recycling Solutions (India).

3. Geopolitical and Hacktivist Operations

The intelligence data reveals a significant concentration of cyber operations directed at the State of Israel, driven by various hacktivist and advanced threat groups.

Intelligence & Defense Breaches: The threat actor “Handala Hack” allegedly leaked 100,000 classified emails belonging to Sima Shine, a former Mossad deputy director, and 50,000 confidential emails linked to Ilan Steiner regarding Mossad’s financial and operational details. Additionally, the group “Cardinal” claimed to have accessed the Israel Defense Force (IDF) database.
Critical Infrastructure Leaks: The group “INDOHAXSEC” claimed to have leaked positional coordinates for multiple strategic Israeli sites, including power stations in Rotenberg, Ashalim, and Orot Rabin, as well as infrastructure at Ashkelon Port and an oil-related site in Haifa.
Mass PII Exposure: INDOHAXSEC also claimed to have leaked a massive 2GB dataset containing personal and demographic records for approximately 8.3 million Israeli citizens.
Financial Sector Defacements: The group “Aptisme” targeted regional financial services, defacing Arab Capital Holding and Israel Capital Holding.

4. Notable High-Impact Data Breaches

Beyond the Colombian healthcare sector and Israeli targeting, several critical global databases were allegedly breached:

Government & Military:
- France: Threat actor “HexDex” breached 60,000 records of French government agents, exposing names, regions, postal codes, and job details.
- Pakistan: Threat actor “ModernStealer” leaked data from the Pakistan Military Accounts Department (PMAD), containing organizational structure and official contact info, noting this entity was previously breached in 2025.
- Iraq: “Jondata1” offered 248,706 records of Iraqi Popular Mobilization Forces (PMF) fighters, including unit affiliations and identity details.
- Bangladesh: “Eliphas” claimed full administrative access to the Bangladesh Refugee Containment and Management System (RCMS), exposing refugee PII, biometric data, and international UN/EU linked accounts.
Corporate & Telecommunications:
- Serbia: “Zeus_kos” breached 160,000 customer records from Telekom Serbia, exposing IDs, addresses, and dates of birth.
- China: “Dedale Office” leaked 10 GB (approx. 6 million rows) of Chinese household registration data, including ID cards and credit card info.

5. Exploitation Vectors and Cyber Attacks

Several incidents highlighted the active trade of zero-day exploits and unauthorized enterprise access:

Zero-Day Malware: Threat actor “www0day” advertised a Forti VPN zero-day exploit designed to bypass security protections and grant unauthorized access.
VPN Compromises: The actor “thugstage” sold unauthorized VPN access to an unidentified US Logistics company and a US Construction Management company.
E-commerce Vulnerabilities: Actors “WOC” and “cosmodrome” sold initial access to PrestaShop and Magento 2 environments in Greece, Italy, and the USA, utilizing redirect mechanisms and payment page code injections to capture order data.
Supercomputing Access: “Jon1234” listed unauthorized access to the Beijing Super Cloud Computing Center (BSCC) for sale.

6. Conclusion

The threat landscape observed on March 17, 2026, highlights a deeply fractured security environment. Mass defacement campaigns by actors like Garuda Security and Z-BL4CX-H4T illustrate the fragility of standard Linux web hosting and the speed at which automated exploitation can deface hundreds of low-tier targets. Conversely, the high-stakes extortion conducted by NyxarGroup in the Colombian healthcare sector proves that highly sensitive medical data remains a prime target for financially motivated actors.

Furthermore, the underground economy is thriving, with Initial Access Brokers like blackwinter99 and exploit sellers like www0day successfully monetizing administrative panels and zero-day vulnerabilities (e.g., Forti VPN). Finally, geopolitical tensions continue to spill into the cyber domain, evidenced by the severe, targeted leaks of Israeli military intelligence, infrastructure coordinates, and massive citizen databases by hacktivist collectives. Organizations worldwide must prioritize patching internet-facing infrastructure (specifically CMS and VPN appliances) and tightening access controls to defend against both automated defacements and targeted Initial Access Brokers.

Detected Incidents Draft Data

Alleged data breach of Yaakov Burshtein & Co
Category: Data Breach
Content: The group claims to have deleted 1 TB of data from Yaakov Burshtein & Co
Date: 2026-03-17T23:59:22Z
Network: telegram
Published URL: https://t.me/Anon_Israel35/36
Screenshots:
None
Threat Actors: Anonymous For Justice
Victim Country: Israel
Victim Industry: Financial Services
Victim Organization: yaakov burshtein & co
Victim Site: y-b.co.il
Alleged Data Leak of Alkadi Medical Company in Saudi Arabia
Category: Data Breach
Content: Threat Actor claims to have leaked the database of Alkadi Medical Company in Saudi Arabia. The dataset reportedly includes personal information such as first name, last name, parent name, phone number, gender, and address.
Date: 2026-03-17T22:42:01Z
Network: openweb
Published URL: https://demonforums.net/Thread-database-Alkadi-Medical-Company-Saudi-Arabia
Screenshots:
None
Threat Actors: SecKittenMax
Victim Country: Saudi Arabia
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: alkadi medical company
Victim Site: alkedi-medical.com
Alleged sale of unauthorized admin access to Engineering Institute of Technology
Category: Initial Access
Content: The threat actor claims to be selling administrative access to the eit.edu.net.au platform, associated with the Engineering Institute of Technology in Australia.
Date: 2026-03-17T22:29:41Z
Network: openweb
Published URL: https://darkforums.su/Thread-Australia-eit-edu-net-au-admin-access
Screenshots:
None
Threat Actors: blackwinter99
Victim Country: Australia
Victim Industry: Higher Education/Acadamia
Victim Organization: engineering institute of technology
Victim Site: eit.edu.net.au
Mass website defacement of Indonesian news site by Garuda Security team
Category: Defacement
Content: Garuda Security team conducted a mass defacement attack targeting the Indonesian news website kupasfaktanews.web.id on March 17, 2026. The attack was part of a broader mass defacement campaign affecting multiple sites.
Date: 2026-03-17T22:27:38Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247926
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Media/News
Victim Organization: Kupas Fakta News
Victim Site: kupasfaktanews.web.id
Mass website defacement by Garuda Security targeting justicetime.web.id
Category: Defacement
Content: Garuda Security conducted a mass defacement campaign targeting multiple websites including justicetime.web.id on March 17, 2026. The attack was part of a broader mass defacement operation rather than targeting a specific organization.
Date: 2026-03-17T22:27:14Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247925
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: justicetime.web.id
Mass defacement campaign by Garuda Security targeting Indonesian websites
Category: Defacement
Content: Garuda Security conducted a mass defacement campaign targeting multiple websites including digitalrakyat.web.id on March 17, 2026. The attack was part of a broader campaign affecting numerous sites rather than a targeted attack on a single organization.
Date: 2026-03-17T22:26:49Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247924
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Digital Rakyat
Victim Site: digitalrakyat.web.id
Mass website defacement campaign by Garuda Security targeting bandungone.web.id
Category: Defacement
Content: Garuda Security conducted a mass defacement campaign targeting multiple websites including bandungone.web.id on March 17, 2026. The attack targeted a Linux-based web server as part of a broader mass defacement operation.
Date: 2026-03-17T22:26:25Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247923
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: bandungone.web.id
Mass defacement campaign by Garuda Security targeting Indonesian websites
Category: Defacement
Content: Garuda Security conducted a mass defacement campaign targeting multiple Indonesian websites on March 17, 2026. The attack affected bandung21.web.id among other sites, with defaced content archived for analysis.
Date: 2026-03-17T22:26:04Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247922
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: bandung21.web.id
Mass defacement targeting Indonesian websites by Garuda Security
Category: Defacement
Content: Garuda Security conducted a mass defacement campaign targeting multiple Indonesian websites on March 17, 2026. The attack affected aktualupdate.web.id among other sites in a coordinated defacement operation.
Date: 2026-03-17T22:25:40Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247921
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: aktualupdate.web.id
Mass website defacement by Garuda Security targeting abdiansyah.my.id
Category: Defacement
Content: Garuda Security conducted a mass defacement attack targeting multiple websites including abdiansyah.my.id on March 17, 2026. The attack was part of a broader mass defacement campaign rather than targeting a specific organization.
Date: 2026-03-17T22:25:07Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247920
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Malaysia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: abdiansyah.my.id
Mass website defacement targeting Indonesian educational institution by Garuda Security
Category: Defacement
Content: Garuda Security conducted a mass defacement attack targeting an Indonesian higher education institution. The attack was part of a broader mass defacement campaign and not limited to the homepage of the targeted site.
Date: 2026-03-17T22:24:42Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247919
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: STIES Babus Salam
Victim Site: ps.stiesbabussalam.ac.id
Mass website defacement targeting Indonesian educational institution by Garuda Security
Category: Defacement
Content: Garuda Security conducted a mass defacement attack targeting the admissions website of STIE Sbabussalam, an Indonesian educational institution. The attack was part of a broader mass defacement campaign rather than targeting this specific organization.
Date: 2026-03-17T22:24:16Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247918
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: STIE Sbabussalam
Victim Site: pmb.stiesbabussalam.ac.id
Mass defacement targeting Indonesian educational institution by Garuda Security
Category: Defacement
Content: Garuda Security conducted a mass defacement attack targeting the Indonesian educational institution STIES Babus Salam. The attack occurred on March 17, 2026, affecting the institutions early childhood education program subdomain.
Date: 2026-03-17T22:23:52Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247917
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: STIES Babus Salam
Victim Site: piaud.stiesbabussalam.ac.id
Mass website defacement by Garuda Security targeting Indonesian educational institution
Category: Defacement
Content: Garuda Security conducted a mass defacement campaign targeting multiple websites including an Indonesian Islamic economics college. The attack occurred on March 17, 2026 and affected the colleges PGMI program subdomain.
Date: 2026-03-17T22:23:28Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247916
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: STIE Sbabussalam
Victim Site: pgmi.stiesbabussalam.ac.id
Mass defacement targeting Indonesian educational institution by Garuda Security
Category: Defacement
Content: Garuda Security conducted a mass defacement attack against an Indonesian higher education institutions publishing platform. The attack targeted a Linux-based web server and was part of a larger mass defacement campaign rather than an isolated incident.
Date: 2026-03-17T22:23:04Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247915
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: STIES Babussalam
Victim Site: penerbit.stiesbabussalam.ac.id
Mass website defacement targeting Indonesian educational institution by Garuda Security
Category: Defacement
Content: Garuda Security conducted a mass defacement attack targeting an Indonesian higher education institution. The attack was part of a broader mass defacement campaign rather than a targeted single-site attack.
Date: 2026-03-17T22:22:30Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247914
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: STIE Sbabussalam
Victim Site: pai.stiesbabussalam.ac.id
Mass website defacement targeting Indonesian educational institution by Garuda Security
Category: Defacement
Content: Garuda Security conducted a mass defacement attack targeting the research and community service institute (LPPM) website of STIE Sbabussalam, an Indonesian educational institution. The attack was part of a broader mass defacement campaign rather than a targeted single-site attack.
Date: 2026-03-17T22:22:03Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247913
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: STIE Sbabussalam
Victim Site: lppm.stiesbabussalam.ac.id
Mass defacement targeting Indonesian educational institution by Garuda Security
Category: Defacement
Content: Garuda Security conducted a mass defacement attack targeting an Indonesian higher education institutions learning management portal. The attack was part of a broader mass defacement campaign affecting multiple targets simultaneously.
Date: 2026-03-17T22:21:36Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247912
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: STIE Babussalam
Victim Site: lpm.stiesbabussalam.ac.id
Mass defacement targeting Indonesian educational institution by Garuda Security
Category: Defacement
Content: Garuda Security conducted a mass defacement attack targeting the library subdomain of STIES Babus Salam, an Indonesian educational institution. The attack was part of a larger mass defacement campaign affecting multiple targets.
Date: 2026-03-17T22:21:01Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247911
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: STIES Babus Salam
Victim Site: library.stiesbabussalam.ac.id
Mass website defacement targeting Indonesian educational institution by Garuda Security
Category: Defacement
Content: Garuda Security conducted a mass defacement attack targeting the Indonesian higher education institution STIES Babussalam. The attack occurred on March 17, 2026, affecting the institutions subdomain as part of a broader mass defacement campaign.
Date: 2026-03-17T22:20:22Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247910
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: STIES Babussalam
Victim Site: es.stiesbabussalam.ac.id
Mass defacement targeting Indonesian educational institution by Garuda Security
Category: Defacement
Content: Garuda Security conducted a mass defacement attack targeting the e-journal platform of STIE Sbabussalam, an Indonesian educational institution. The attack occurred on March 17, 2026, affecting the Linux-based server hosting the academic journal website.
Date: 2026-03-17T22:19:56Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247909
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: STIE Sbabussalam
Victim Site: ejournal.stiesbabussalam.ac.id
Mass website defacement by Garuda Security targeting Indonesian educational sites
Category: Defacement
Content: Garuda Security conducted a mass defacement campaign targeting multiple websites including an Indonesian educational domain. The attack occurred on March 17, 2026 and was part of a broader mass defacement operation rather than a targeted single-site attack.
Date: 2026-03-17T22:19:30Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247938
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Unknown
Victim Site: andy.belajartss.my.id
Mass website defacement campaign by Garuda Security targeting Indonesian educational platform
Category: Defacement
Content: Garuda Security conducted a mass defacement campaign targeting multiple websites including an Indonesian educational learning platform. The attack was executed on March 17, 2026, affecting a Linux-based server hosting the belajartss educational subdomain.
Date: 2026-03-17T22:19:04Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247937
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Unknown
Victim Site: alif.belajartss.my.id
Mass website defacement campaign by Garuda Security targeting Indonesian educational sites
Category: Defacement
Content: Garuda Security conducted a mass defacement campaign targeting Indonesian educational websites on March 17, 2026. The attack affected the adhri.belajartss.my.id domain running on Linux infrastructure as part of a broader coordinated defacement operation.
Date: 2026-03-17T22:18:38Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247936
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Unknown
Victim Site: adhri.belajartss.my.id
Mass website defacement targeting Indonesian educational institution by Garuda Security
Category: Defacement
Content: Garuda Security conducted a mass defacement attack targeting the Indonesian Islamic elementary school MIN 3 Madiuns website. The attack was part of a larger mass defacement campaign rather than an isolated incident targeting this specific educational institution.
Date: 2026-03-17T22:18:13Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247935
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MIN 3 Madiun
Victim Site: web.min3madiun.sch.id
Mass website defacement targeting Indonesian educational institution by Garuda Security
Category: Defacement
Content: Garuda Security conducted a mass defacement attack targeting an Indonesian Islamic elementary school (MIN 3 Madiun) website on March 17, 2026. The attack was part of a broader mass defacement campaign rather than targeting this specific institution.
Date: 2026-03-17T22:17:51Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247934
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MIN 3 Madiun
Victim Site: surat.min3madiun.sch.id
Alleged sale of unauthorized admin access to hadiahmisteri.online Platform
Category: Initial Access
Content: The threat actor claims to be offering administrative access to the hadiahmisteri.online platform.
Date: 2026-03-17T22:17:47Z
Network: openweb
Published URL: https://darkforums.su/Thread-Indonesia-hadiahmisteri-online-admin-access
Screenshots:
None
Threat Actors: blackwinter99
Victim Country: Indonesia
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: hadiahmisteri.online
Mass defacement targeting Indonesian educational institutions by Garuda Security
Category: Defacement
Content: Garuda Security conducted a mass defacement campaign targeting educational websites in Indonesia. The attack compromised multiple sites including an Islamic elementary school in Madiun, with defaced content hosted on a Linux server.
Date: 2026-03-17T22:17:24Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247933
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MIN 3 Madiun Islamic Elementary School
Victim Site: rdm.min3madiun.sch.id
Mass website defacement targeting Indonesian educational institution by Garuda Security
Category: Defacement
Content: Garuda Security conducted a mass defacement attack targeting multiple websites including an Indonesian Islamic elementary school. The attack occurred on March 17, 2026, affecting the schools website as part of a broader defacement campaign.
Date: 2026-03-17T22:17:04Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247932
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: Madrasah Ibtidaiyah Negeri 3 Madiun
Victim Site: min3madiun.sch.id
Website defacement of MIN 3 Madiun educational institution by Garuda Security
Category: Defacement
Content: Garuda Security defaced the e-learning platform of MIN 3 Madiun, an Indonesian educational institution, on March 17, 2026. The attack targeted the schools online learning system hosted on a Linux server.
Date: 2026-03-17T22:16:37Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247931
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: MIN 3 Madiun
Victim Site: elearning.min3madiun.sch.id
Mass website defacement campaign by Garuda Security targeting Indonesian sites
Category: Defacement
Content: Garuda Security conducted a mass defacement campaign targeting multiple websites including the Indonesian news site Bandung24. The attack occurred on March 17, 2026, and was part of a broader mass defacement operation rather than targeting a single site.
Date: 2026-03-17T22:16:11Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247930
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Media/News
Victim Organization: Bandung24
Victim Site: bandung24.web.id
Website defacement by SULAWESI HACKTIVIST INDONESIA targeting gesfit2023.best.20hours.it
Category: Defacement
Content: SULAWESI HACKTIVIST INDONESIA conducted a redefacement attack against an Italian website hosted on gesfit2023.best.20hours.it on March 17, 2026. The defaced page was archived and mirrored for threat intelligence purposes.
Date: 2026-03-17T22:15:47Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247979
Screenshots:
None
Threat Actors: SULAWESI HACKTIVIST INDONESIA
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: gesfit2023.best.20hours.it
Alleged sale of unauthorized admin access to Car Check DOO
Category: Initial Access
Content: The threat actor claims to be selling administrative access to the carcheck.rs platform, operated by Car Check DOO in Novi Sad, Serbia.
Date: 2026-03-17T22:12:20Z
Network: openweb
Published URL: https://darkforums.su/Thread-Serbia-carcheck-rs-admin-access
Screenshots:
None
Threat Actors: blackwinter99
Victim Country: Serbia
Victim Industry: Automotive
Victim Organization: car check doo
Victim Site: carcheck.rs
Website defacement of tester.montera34.com by Zod
Category: Defacement
Content: Attacker Zod successfully defaced the tester.montera34.com website on March 17, 2026. The incident targeted a Linux-based server and affected a single page rather than the main site or multiple sites simultaneously.
Date: 2026-03-17T22:06:11Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247907
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Montera34
Victim Site: tester.montera34.com
Mass website defacement campaign by Ushiromiya team targeting Indonesian sofa rental service
Category: Defacement
Content: The Ushiromiya team conducted a mass defacement campaign targeting sewasofajakarta.my.id, a furniture rental service website in Indonesia. This incident was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-03-17T22:06:04Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247908
Screenshots:
None
Threat Actors: Ushiromiya
Victim Country: Indonesia
Victim Industry: Furniture Rental Services
Victim Organization: Sewa Sofa Jakarta
Victim Site: sewasofajakarta.my.id
Mass website defacement of wartarealita.web.id by Garuda Security
Category: Defacement
Content: Garuda Security conducted a mass defacement attack targeting wartarealita.web.id, an Indonesian news website. The attack occurred on March 17, 2026, affecting a Linux-based server.
Date: 2026-03-17T22:05:57Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247929
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Media/News
Victim Organization: Warta Realita
Victim Site: wartarealita.web.id
Mass website defacement attributed to Garuda Security targeting suaraantara.net
Category: Defacement
Content: Mass defacement attack conducted by Garuda Security team targeting Indonesian news website suaraantara.net on March 17, 2026. The incident was part of a broader mass defacement campaign affecting multiple websites.
Date: 2026-03-17T22:05:50Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247928
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Media/News
Victim Organization: Suara Antara
Victim Site: suaraantara.net
Mass defacement campaign by Garuda Security targeting staging.digitalrakyat.web.id
Category: Defacement
Content: Garuda Security conducted a mass defacement campaign targeting the staging environment of Digital Rakyats website on March 17, 2026. The attack was part of a broader mass defacement operation rather than a targeted single-site compromise.
Date: 2026-03-17T22:05:44Z
Network: clearnet
Published URL: https://haxor.id/archive/mirror/247927
Screenshots:
None
Threat Actors: Garuda Security
Victim Country: Indonesia
Victim Industry: Technology
Victim Organization: Digital Rakyat
Victim Site: staging.digitalrakyat.web.id
Alleged sale of unauthorized admin access to Timedoor Academy
Category: Initial Access
Content: The threat actor claims to be selling administrative access to the academy.timedoor.net platform, an Indonesia-based education service.
Date: 2026-03-17T22:02:34Z
Network: openweb
Published URL: https://darkforums.su/Thread-Indonesia-academy-timedoor-net-admin-access
Screenshots:
None
Threat Actors: blackwinter99
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: timedoor academy
Victim Site: academy.timedoor.net
Alleged sale of unauthorized admin access to University of South Africa
Category: Initial Access
Content: The threat actor claims to be selling administrative access to the University of South Africa (UNISA) platform.
Date: 2026-03-17T22:01:33Z
Network: openweb
Published URL: https://darkforums.su/Thread-South-Africa-unisa-ac-za-admin-access
Screenshots:
None
Threat Actors: blackwinter99
Victim Country: South Africa
Victim Industry: Education
Victim Organization: university of south africa
Victim Site: unisa.ac.za
Alleged sale of unauthorized admin access to school.lingshi.com Platform
Category: Initial Access
Content: The threat actor claims to be sale administrative access to the school.lingshi.com platform, an education-related system based in China.
Date: 2026-03-17T21:52:03Z
Network: openweb
Published URL: https://darkforums.su/Thread-China-school-lingshi-com-admin-access
Screenshots:
None
Threat Actors: blackwinter99
Victim Country: China
Victim Industry: Education
Victim Organization: Unknown
Victim Site: school.lingshi.com
Alleged Data Breach of Macromed Coop
Category: Data Breach
Content: Threat Actor claims to have breached the database of Macromed Coop in Colombia, which contains approximately 23,000 records. The dataset reportedly includes patient information such as names, phone numbers, email addresses, identification numbers, and additional contact details, and contains sensitive medical-related information including medical history and appointment records.
Date: 2026-03-17T21:43:21Z
Network: openweb
Published URL: https://xforums.st/threads/co-23k-macromedcoop-com.537145/
Screenshots:
None
Threat Actors: NyxarGroup
Victim Country: Colombia
Victim Industry: Hospital & Health Care
Victim Organization: macromed coop
Victim Site: macromedcoop.com
Alleged Data Breach of IPS Especializada
Category: Data Breach
Content: Threat Actor claims to have breached the database of IPS Especializada in Colombia, which contains approximately 160,000 records. The dataset reportedly includes patient information such as names, phone numbers, email addresses, identification numbers, and additional contact details, and contains sensitive medical-related information including medical history and appointment records.
Date: 2026-03-17T21:39:11Z
Network: openweb
Published URL: https://xforums.st/threads/co-160k-ipsespecializada-com-co.537116/
Screenshots:
None
Threat Actors: NyxarGroup
Victim Country: Colombia
Victim Industry: Hospital & Health Care
Victim Organization: ips especializada
Victim Site: ipsespecializada.com.co
Alleged Sale of Unauthorized Magento 2 Admin Access to an Unidentified Shop in the United States
Category: Initial Access
Content: The threat actor claims to be selling unauthorized Magento 2 admin access to an unidentified shop in the United States, stating that the admin panel provides full rights and that code is placed on the payment page, with 310 orders recorded over the last 90 days via an Authorize.Net native form.
Date: 2026-03-17T21:38:50Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/278570/
Screenshots:
None
Threat Actors: cosmodrome
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
BABAYO EROR SYSTEM targets the website of Erkins Insurance
Category: Defacement
Content: The group claims to have defaced the website of Erkins Insurance.
Date: 2026-03-17T21:27:19Z
Network: telegram
Published URL: https://t.me/BabayoErorSyteam/257
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Oman
Victim Industry: Financial Services
Victim Organization: erkins insurance
Victim Site: insurance.erkins.omcdemosites.com
Alleged data breach of Quo Vadis
Category: Data Breach
Content: A threat actor claims to have leaked confidential data belonging to Quo Vadis. the dataset contains sensitive travel and personal information associated with customers, agents, and partner agencies.The exposed data is reportedly structured and includes travel reservation details, passenger information, and contact data such as emails and phone numbers. Additionally, the leak may contain agency and agent records, including financial and operational data.
Date: 2026-03-17T21:01:37Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-AIRLINE-QUOVADIS-VENEZUELA-43K-CONFIDENTIAL-DATA-17-03-2026
Screenshots:
None
Threat Actors: malconguerra2
Victim Country: Venezuela
Victim Industry: Hospitality & Tourism
Victim Organization: quo vadis
Victim Site: quovadis.com.ve
Alleged Sale of Unauthorized PrestaShop Access to an Unidentified Clothing Shop in Italy
Category: Initial Access
Content: The threat actor claims to be selling unauthorized PrestaShop access to an unidentified clothing shop in Italy, indicating the use of a redirect mechanism and association with a PrestaShop CMS environment.
Date: 2026-03-17T20:35:45Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/278565/
Screenshots:
None
Threat Actors: WOC
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of SPECPROM
Category: Data Breach
Content: The group claims to have breached the database of SPECPROM, alleging exfiltration of sensitive user data including credentials (passwords, salts), personal information, and contact details,
Date: 2026-03-17T19:56:15Z
Network: telegram
Published URL: https://t.me/perunswaroga/1299?single
Screenshots:
None
Threat Actors: Perun Svaroga
Victim Country: Ukraine
Victim Industry: Military Industry
Victim Organization: specprom
Victim Site: specprom-kr.com.ua
Alleged data breach of ButtonMakers
Category: Data Breach
Content: The threat actor claims to be leaked the complete database of ButtonMakers.net, a U.S.-based company operating in the custom button-making and supplies sector. The dataset allegedly contains user account information, including usernames, hashed passwords, email addresses, user roles, and account timestamps.
Date: 2026-03-17T19:48:43Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-USA-buttonmakers-net-American-website-data-access
Screenshots:
None
Threat Actors: blackwinter99
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: buttonmakers
Victim Site: buttonmakers.net
Alleged Sale of Cooemssanar IPS Database
Category: Data Breach
Content: The threat actor claims to be leaked a database containing approximately 340,000 records associated with Cooemssanar IPS for sale. The dataset allegedly includes sensitive personal information such as patient names, phone numbers, email addresses, identification numbers, and additional contact details.
Date: 2026-03-17T19:18:57Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-CO-340K-COOEMSSANAR-IPS
Screenshots:
None
Threat Actors: NyxarGroup
Victim Country: Colombia
Victim Industry: Hospital & Health Care
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized PrestaShop Access to an Unidentified Shop in Greece
Category: Initial Access
Content: The threat actor claims to be selling unauthorized PrestaShop access to an unidentified shop in Greece, indicating the use of a redirect mechanism and association with a PrestaShop CMS environment.
Date: 2026-03-17T19:13:03Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/278562/
Screenshots:
None
Threat Actors: WOC
Victim Country: Greece
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of HRM.gov.co
Category: Data Breach
Content: The threat actor claims to have leaked a database containing approximately 470,000 records associated with HRM.gov.co for sale. The dataset allegedly includes sensitive personal information such as patient names, phone numbers, email addresses, and identification numbers, along with additional contact details.
Date: 2026-03-17T19:04:26Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-CO-470K-HRM-GOV-CO
Screenshots:
None
Threat Actors: NyxarGroup
Victim Country: Colombia
Victim Industry: Government & Public Sector
Victim Organization: hrm.gov.co
Victim Site: hrm.gov.co
Alleged data leak of Israeli Citizens Database
Category: Data Breach
Content: The threat actor claims to have leaked a dataset containing information on approximately 8.3 million Israeli citizens. the dataset includes millions of individual records organized across multiple files and folders, containing personal and demographic information.
Date: 2026-03-17T18:54:53Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-8-3-MILLION-2GB-DATA-FOR-ISRAELI-CITIZENS
Screenshots:
None
Threat Actors: INDOHAXSEC
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Aptisme targets the website of Arab Capital Holding
Category: Defacement
Content: The group claims to have defaced the website of Arab Capital Holding.
Date: 2026-03-17T18:26:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/810330
Screenshots:
None
Threat Actors: Aptisme
Victim Country: Kuwait
Victim Industry: Financial Services
Victim Organization: arab capital holding
Victim Site: arabcapitalholding.com
Aptisme targets the website of Israel Capital Holding
Category: Defacement
Content: The group claims to have defaced the website of Israel Capital Holding.
Date: 2026-03-17T18:15:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/810355
Screenshots:
None
Threat Actors: Aptisme
Victim Country: Israel
Victim Industry: Financial Services
Victim Organization: israel capital holding
Victim Site: israelcapitalholding.com
SaklarRusak targets the website of b.host.org.il
Category: Defacement
Content: The group claims to have defaced the website of b.host.org.il
Date: 2026-03-17T18:03:07Z
Network: openweb
Published URL: http://zone-h.org/mirror/id/36627435
Screenshots:
None
Threat Actors: SaklarRusak
Victim Country: Israel
Victim Industry: Information Technology (IT) Services
Victim Organization: b.host.org.il
Victim Site: b.host.org.il
SaklarRusak targets the subdomains of Novin Travel
Category: Defacement
Content: The group claims to defaced the Subdomains of Novin Travel.Subdomains Include:b2b.novintravel.compilot.novintravel.com
Date: 2026-03-17T17:47:55Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/36575669
Screenshots:
None
Threat Actors: SaklarRusak
Victim Country: Iran
Victim Industry: Hospitality & Tourism
Victim Organization: novin travel
Victim Site: pilot.novintravel.com
Alleged Data Breach of The Diamond Store
Category: Data Breach
Content: A threat actor claims to have breached data allegedly belonging to The Diamond Store , containing 95,021 records. The dataset reportedly includes names, phone numbers, purchase and refund amounts, with some records containing full addresses and dates of birth.
Date: 2026-03-17T17:47:30Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/278546/
Screenshots:
None
Threat Actors: cox2802
Victim Country: UK
Victim Industry: Retail Industry
Victim Organization: the diamond store
Victim Site: thediamondstore.co.uk
Aptisme targets the website of ISRAEL Capital
Category: Defacement
Content: The group claims to have defaced the website of ISRAEL Capital.
Date: 2026-03-17T17:45:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/810470
Screenshots:
None
Threat Actors: Aptisme
Victim Country: Israel
Victim Industry: Financial Services
Victim Organization: israel capital
Victim Site: yisraelcapital.com/art.txt
Alleged Data Leak of Omni Bank and M-Files
Category: Data Breach
Content: Threat Actor claims to have leaked data allegedly associated with Omni Bank and M-Files, involving approximately 300,000 records. The dataset reportedly includes customer and employee information such as names, email addresses, passwords, physical addresses, geolocation data, and banking-related details.
Date: 2026-03-17T17:19:14Z
Network: openweb
Published URL: https://darknetarmy.io/threads/omni-bank-m-files-nerasolgh-300k.98890/
Screenshots:
None
Threat Actors: DBHunter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
BABAYO EROR SYSTEM targets the website of Wellous Group Limited
Category: Defacement
Content: The group claims to have defaced the website of Wellous Group Limited.
Date: 2026-03-17T17:18:43Z
Network: telegram
Published URL: https://t.me/BabayoErorSyteam/253
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Malaysia
Victim Industry: Health & Fitness
Victim Organization: wellous group limited
Victim Site: wellous.trisquare.com.my
Alleged Data Breach of Foto Frey
Category: Data Breach
Content: Threat Actor claims to have breached the database of Foto Frey in Germany. The dataset includes customer information such as names, email addresses, hashed passwords, and registration-related details.
Date: 2026-03-17T17:04:39Z
Network: openweb
Published URL: https://darknetarmy.io/threads/fotofrey-de-free-germany.98915/
Screenshots:
None
Threat Actors: DBHunter
Victim Country: Germany
Victim Industry: Photography
Victim Organization: foto frey
Victim Site: fotofrey.de
Alleged Data Breach of Israel Defense Force
Category: Data Breach
Content: The group claims to have accessed the database of Israel Defense Force.
Date: 2026-03-17T16:38:56Z
Network: telegram
Published URL: https://t.me/c/2869875394/385
Screenshots:
None
Threat Actors: Cardinal
Victim Country: Israel
Victim Industry: Government Administration
Victim Organization: israel defense force
Victim Site: idf.il
Alleged Sale of Unauthorized Domain Admin Access to an Unidentified Agriculture Organization in Brazil
Category: Initial Access
Content: The threat actor claims to be selling unauthorized domain admin access to an unidentified agriculture organization in Brazil, indicating elevated privileges within the organization’s network environment.
Date: 2026-03-17T16:26:39Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/278542/
Screenshots:
None
Threat Actors: Big-Bro
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Hospital Regional de Moniquira
Category: Data Breach
Content: A threat actor claims to have breached data allegedly belonging to Hospital Regional de Moniquira, containing 470,000 records. The dataset reportedly includes names, phone numbers, email addresses, identification numbers, along with medical appointment and history details.
Date: 2026-03-17T16:18:52Z
Network: openweb
Published URL: https://xforums.st/threads/co-470k-hrm-gov-co.536687/
Screenshots:
None
Threat Actors: NyxarGroup
Victim Country: Colombia
Victim Industry: Hospital & Health Care
Victim Organization: hospital regional de moniquira
Victim Site: hrm.gov.co
Alleged Data Breach of Colsubsidio
Category: Data Breach
Content: A threat actor claims to have breached data allegedly belonging to Colsubsidio, containing 1.1 million records. The dataset reportedly includes names, phone numbers, email addresses, identification numbers, along with medical appointment and history details.
Date: 2026-03-17T16:16:46Z
Network: openweb
Published URL: https://xforums.st/threads/co-1-1-million-salud-colsubsidio-com.536652/
Screenshots:
None
Threat Actors: NyxarGroup
Victim Country: Colombia
Victim Industry: Hospital & Health Care
Victim Organization: colsubsidio
Victim Site: salud.colsubsidio.com
Alleged sale of unauthorized access to Bangladesh Refugee Containment and Management System (RCMS)
Category: Initial Access
Content: The threat actor claims to be selling unauthorized access to the Bangladesh Refugee Containment and Management System (RCMS), a government-linked platform associated with refugee data management. The actor alleges full administrative access to the extranet dashboard, including valid credentials, inactive accounts for persistence, and access to multiple international accounts linked to UN and EU operations. The post further claims exposure of sensitive refugee information, including personally identifiable information (PII) and biometric data.
Date: 2026-03-17T16:11:12Z
Network: telegram
Published URL: https://t.me/eliphassyndicate/220
Screenshots:
None
Threat Actors: Eliphas
Victim Country: Bangladesh
Victim Industry: Government Administration
Victim Organization: bangladesh refugee containment and management system (rcms)
Victim Site: rcms.gov.bd
Alleged unauthorized access to an unidentified Car wash Control System in Romania
Category: Initial Access
Content: The group claims to have gained access to an unidentified Car wash Control System in Romania.
Date: 2026-03-17T15:05:39Z
Network: telegram
Published URL: https://t.me/c/2787466017/2967
Screenshots:
None
Threat Actors: NoName057(16)
Victim Country: Romania
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Forti VPN 0-Day Bypass
Category: Malware
Content: The threat actor claims to be selling a Forti VPN zero-day exploit capable of bypassing security protections and enabling unauthorized access.
Date: 2026-03-17T14:40:40Z
Network: openweb
Published URL: https://forum.exploit.in/topic/278523/
Screenshots:
None
Threat Actors: www0day
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of WordPress admin credentials to drdanielguzmanaliviodador.med.br
Category: Initial Access
Content: The group claims to have leaked WordPress administrator credentials associated with drdanielguzmanaliviodador.med.br
Date: 2026-03-17T14:13:38Z
Network: telegram
Published URL: https://t.me/Rakyat_DigitalCrew/110
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: drdanielguzmanaliviodador.med.br
Alleged leak of WordPress admin credentials to mcposteprivateshop.it
Category: Initial Access
Content: The group claims to have leaked WordPress administrator credentials associated with mcposteprivateshop.it
Date: 2026-03-17T14:00:12Z
Network: telegram
Published URL: https://t.me/Rakyat_DigitalCrew/110
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: Italy
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: mcposteprivateshop.it
Alleged leak of WordPress admin credentials to Home Care Committee Covid-19
Category: Initial Access
Content: The group claims to have leaked WordPress administrator credentials associated with Home Care Committee Covid-19.
Date: 2026-03-17T13:58:27Z
Network: telegram
Published URL: https://t.me/Rakyat_DigitalCrew/110
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: Italy
Victim Industry: Non-profit & Social Organizations
Victim Organization: home care committee covid-19
Victim Site: terapiadomiciliarecovid19.it
Alleged leak of WordPress admin credentials to webapp-sin2024.myquadra.it
Category: Initial Access
Content: The group claims to have leaked WordPress administrator credentials associated with webapp-sin2024.myquadra.it.
Date: 2026-03-17T13:52:38Z
Network: telegram
Published URL: https://t.me/Rakyat_DigitalCrew/110
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: webapp-sin2024.myquadra.it
Alleged leak of WordPress admin credentials to Institut Teknologi Sepuluh Nopember
Category: Initial Access
Content: The group claims to have leaked WordPress administrator credentials associated with Institut Teknologi Sepuluh Nopember.
Date: 2026-03-17T13:50:12Z
Network: telegram
Published URL: https://t.me/Rakyat_DigitalCrew/110
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: institut teknologi sepuluh nopember
Victim Site: riset.its.ac.id
Alleged leak of WordPress admin credentials to EBG Models
Category: Initial Access
Content: The group claims to have leaked WordPress administrator credentials associated with EBG Models.
Date: 2026-03-17T13:45:14Z
Network: telegram
Published URL: https://t.me/Rakyat_DigitalCrew/110
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: Italy
Victim Industry: Other Industry
Victim Organization: ebg models
Victim Site: ebgmodels.it
Alleged leak of WordPress admin credentials to TOURBR
Category: Initial Access
Content: The group claims to have leaked WordPress administrator credentials associated with TOURBR.
Date: 2026-03-17T13:44:40Z
Network: telegram
Published URL: https://t.me/Rakyat_DigitalCrew/110
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: USA
Victim Industry: Marketing, Advertising & Sales
Victim Organization: tourbr
Victim Site: tourbr.com
Alleged leak of WordPress admin credentials to Funzpoints
Category: Initial Access
Content: The group claims to have leaked WordPress administrator credentials associated with Funzpoints.
Date: 2026-03-17T13:44:34Z
Network: telegram
Published URL: https://t.me/Rakyat_DigitalCrew/110
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: Unknown
Victim Industry: Online Publishing
Victim Organization: funzpoints
Victim Site: funzpoints.com.in
Alleged leak of WordPress admin credentials to Green planet recycling solutions Pvt Ltd
Category: Initial Access
Content: The group claims to have leaked WordPress administrator credentials associated with Green planet recycling solutions Pvt Ltd.
Date: 2026-03-17T13:41:40Z
Network: telegram
Published URL: https://t.me/Rakyat_DigitalCrew/110
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: India
Victim Industry: Renewables & Environment
Victim Organization: green planet recycling solutions pvt ltd
Victim Site: greenrecycle.in
Alleged leak of WordPress admin credentials to gopokemongo.ru
Category: Initial Access
Content: The group claims to have leaked WordPress administrator credentials associated with gopokemongo.ru.
Date: 2026-03-17T13:39:35Z
Network: telegram
Published URL: https://t.me/Rakyat_DigitalCrew/110
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: Russia
Victim Industry: Online Publishing
Victim Organization: gopokemongo.ru
Victim Site: gopokemongo.ru
Alleged leak of WordPress admin credentials to pulsz.com.in
Category: Initial Access
Content: The group claims to have leaked WordPress administrator credentials associated with pulsz.com.in
Date: 2026-03-17T13:39:25Z
Network: telegram
Published URL: https://t.me/Rakyat_DigitalCrew/110
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: pulsz.com.in
Victim Site: pulsz.com.in
Alleged leak of WordPress admin credentials to lthorses.eu
Category: Initial Access
Content: The group claims to have leaked WordPress administrator credentials associated with lthorses.eu.
Date: 2026-03-17T13:35:07Z
Network: telegram
Published URL: https://t.me/Rakyat_DigitalCrew/110
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: Unknown
Victim Industry: E-commerce & Online Stores
Victim Organization: lthorses.eu
Victim Site: lthorses.eu
Alleged Leak of Login Credentials for SMA Negeri 1 Cepu
Category: Initial Access
Content: The threat actor claims to have leaked the login credentials to SMA Negeri 1 Cepu.
Date: 2026-03-17T12:55:20Z
Network: telegram
Published URL: https://t.me/maul1337anon/1325
Screenshots:
None
Threat Actors: maulnism1337
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: sma negeri 1 cepu
Victim Site: rahayuk.sman1cepu.sch.id
Alleged data breach of Hemdat Haaretz
Category: Data Breach
Content: The group claims to have deleted data from Hemdat Haaretz.
Date: 2026-03-17T11:09:56Z
Network: telegram
Published URL: https://t.me/Anon_Israel35/35
Screenshots:
None
Threat Actors: Anonymous For Justice
Victim Country: Israel
Victim Industry: Real Estate
Victim Organization: hemdat haaretz
Victim Site: Unknown
Alleged Leak of SQL Injection Vulnerability in Chattogram Metropolitan Police
Category: Vulnerability
Content: The group claims to have leaked SQL injection vulnerability in Chattogram Metropolitan Police website.
Date: 2026-03-17T10:42:44Z
Network: telegram
Published URL: https://t.me/c/3807888281/62
Screenshots:
None
Threat Actors: konco Indonesian Team official
Victim Country: Bangladesh
Victim Industry: Government Administration
Victim Organization: cmp.gov.bd
Victim Site: cmp.gov.bd
Alleged Sale of Daily Root Access to Websites
Category: Initial Access
Content: The threat actor claims to be offering daily sales of unauthorized root-level access to multiple compromised websites.
Date: 2026-03-17T10:36:44Z
Network: openweb
Published URL: https://forum.exploit.in/topic/278500/
Screenshots:
None
Threat Actors: hope11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Kourosh Shield Hackers Claim Release of Audio Data
Category: Data Breach
Content: The hacking group Kourosh Shield Hackers announced a new phase of its campaign, stating that it intends to publish voice messages attributed to audiences of an unspecified international media network, allegedly collected through the network’s Telegram voicemail channel. The group further claimed that the full dataset will be transferred to Iranian security agencies for judicial action. Sample audio files are reportedly planned to be released shortly.
Date: 2026-03-17T10:19:27Z
Network: telegram
Published URL: https://t.me/cyberbannews_ir/20567
Screenshots:
None
Threat Actors: Unknown
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Telekom Serbia
Category: Data Breach
Content: The threat actor claims to have breached 160,000 of data from Telekom Serbia, The compromised dataset reportedly including full names, addresses, dates of birth, phone numbers, and ID numbers.
Date: 2026-03-17T10:02:35Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Telekom-Serbia-Customer-Data-160-000-records–69164
Screenshots:
None
Threat Actors: Zeus_kos
Victim Country: Serbia
Victim Industry: Network & Telecommunications
Victim Organization: telekom serbia
Victim Site: telekom.rs
Alleged data breach of French Government agents
Category: Data Breach
Content: The threat actor claims to have breached 60,000 of data from French government agents. The dataset reportedly includes full names, email addresses, phone numbers, addresses, postal codes, regions, and job-related details.
Date: 2026-03-17T09:43:28Z
Network: openweb
Published URL: https://darkforums.su/Thread-FR-60K-French-Governments-Agents
Screenshots:
None
Threat Actors: HexDex
Victim Country: France
Victim Industry: Government Administration
Victim Organization: french governments
Victim Site: info.gouv.fr
Alleged data breach of Pakistan Military Accounts Department
Category: Data Breach
Content: The threat actor claims to have breached the database of Pakistan Military Accounts Department (PMAD), The dataset reportedly includes organizational structure, controller offices names and phone numbers, CMA details, and official contact info.Note: it was previously breached by the threat actor xuii on September 22, 2025.
Date: 2026-03-17T09:16:53Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-PAKISTAN-MILITARY-ACCOUNTS-DEPARTMENT
Screenshots:
None
Threat Actors: ModernStealer
Victim Country: Pakistan
Victim Industry: Government Administration
Victim Organization: pakistan military accounts department
Victim Site: pmad.gov.pk
BL4CX-H4T targets the website of Shubh Bhagwati JagranParty
Category: Defacement
Content: The group claims to have deface the website of Shubh Bhagwati JagranParty.
Date: 2026-03-17T09:13:54Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: India
Victim Industry: Events Services
Victim Organization: shubh bhagwati jagranparty
Victim Site: jagranparty.in
BL4CX-H4T targets the website of phpdelhi.co.in
Category: Defacement
Content: The group claims to have deface the website of phpdelhi.co.in.
Date: 2026-03-17T09:09:51Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: phpdelhi.co.in
BL4CX-H4T targets the website of craftcms.co.in
Category: Defacement
Content: The group claims to have deface the website of craftcms.co.in.
Date: 2026-03-17T09:05:29Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: craftcms.co.in
Alleged data breach of vpoxod
Category: Data Breach
Content: The threat actor claims to have breached 1 million records from Vpoxod. The breach occurred in October 2025.
Date: 2026-03-17T08:31:34Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-vpoxod-ru-1m-10-2025
Screenshots:
None
Threat Actors: radio
Victim Country: Russia
Victim Industry: Leisure & Travel
Victim Organization: vpoxod
Victim Site: vpoxod.ru
Z-BL4CX-H4T targets the website of Circle of Hope
Category: Defacement
Content: The group claims to have defaced the website of Circle of Hope.
Date: 2026-03-17T08:28:25Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: Canada
Victim Industry: Non-profit & Social Organizations
Victim Organization: circle of hope
Victim Site: circleofhope.foundation
Z-BL4CX-H4T targets the website of Healthcare Study Guide
Category: Defacement
Content: The group claims to have deface the website of Healthcare Study Guide.
Date: 2026-03-17T08:25:09Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: Unknown
Victim Industry: Education
Victim Organization: healthcare study guide
Victim Site: healthcarestudyguide.com
Z-BL4CX-H4T targets the website of Harmeet Sehmby
Category: Defacement
Content: The group claims to have deface the website of Harmeet Sehmby.
Date: 2026-03-17T08:22:10Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: Canada
Victim Industry: Financial Services
Victim Organization: harmeet sehmby
Victim Site: harmeetsehmby.com
Z-BL4CX-H4T targets the website of Elite Wash Services
Category: Defacement
Content: The group claims to have defaced the website of Elite Wash Services.
Date: 2026-03-17T08:19:46Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: USA
Victim Industry: Consumer Services
Victim Organization: elite wash services
Victim Site: elitewashservice.com
Alleged leak of confidential data related to Sima Shine
Category: Data Breach
Content: Group claims to have leaked confidential emails from Sima Shine, a Senior Researcher and former Director of the research program at Institute for National Security Studies.
Date: 2026-03-17T08:06:11Z
Network: openweb
Published URL: https://handala-hack.to/shock-for-israeli-intelligence-100000-classified-emails-of-mossads-ex-deputy-director-sima-shine-leaked/
Screenshots:
None
Threat Actors: Handala Hack
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Z-BL4CX-H4T targets the website of Ideal Shopping Time
Category: Defacement
Content: The group claims to have deface the website of Ideal Shopping Time.
Date: 2026-03-17T07:47:56Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: Canada
Victim Industry: Information Services
Victim Organization: ideal shopping time
Victim Site: idealshoppingtime.com
Cyber Attack hits JEAN CO., LTD
Category: Cyber Attack
Content: JEAN CO., LTD experienced a cyberattack affecting its internal systems, leading to temporary downtime. The company quickly activated its security response team and initiated recovery measures. External cybersecurity experts are assisting with the investigation. The impact is currently assessed as minimal, with no major disruption to business operations.
Date: 2026-03-17T07:42:49Z
Network: openweb
Published URL: https://emops.twse.com.tw/server-java/t05sr01_1_e?&isNew=Y&seq_no=1&spoke_time=160149&spoke_date=20260315&co_id=2442
Screenshots:
None
Threat Actors: Unknown
Victim Country: Taiwan
Victim Industry: Manufacturing
Victim Organization: jean co., ltd
Victim Site: jean.com.tw
Z-BL4CX-H4T targets the website of Amex Immigration Services
Category: Defacement
Content: Group claims to have deface the website of Amex Immigration Services.
Date: 2026-03-17T07:42:25Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: India
Victim Industry: Legal Services
Victim Organization: amex immigration services
Victim Site: ameximmigration.com
Z-BL4CX-H4T targets the website of Stratwit Solutions Ltd.
Category: Defacement
Content: Group claims to have deface the website of Stratwit Solutions Ltd.
Date: 2026-03-17T07:38:23Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: Canada
Victim Industry: Information Services
Victim Organization: stratwit solutions ltd.
Victim Site: bot.stratwit.com
Alleged leak of confidential data related to Ilan Steiner
Category: Data Breach
Content: Group claims to have breached the email system and leaked confidential data related to Ilan Steiner, Chief Finance and Operations Officer of INSS. The compromised data reportedly includes financial and operational details related to Mossad.
Date: 2026-03-17T07:36:47Z
Network: openweb
Published URL: https://handala-hack.to/mossads-secret-treasury-exposed-50000-confidential-emails-leaked/
Screenshots:
None
Threat Actors: Handala Hack
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Z-BL4CX-H4T targets the website of GN Doctor Chip Ltd
Category: Defacement
Content: The group claims to have defaced the website of GN Doctor Chip Ltd.
Date: 2026-03-17T07:29:48Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: Canada
Victim Industry: Building and construction
Victim Organization: gn doctor chip ltd
Victim Site: gnchipdoctor.com
Z-BL4CX-H4T targets the website of PetMedicity
Category: Defacement
Content: Group claims to have deface the website of PetMedicity.
Date: 2026-03-17T07:16:17Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: India
Victim Industry: Hospital & Health Care
Victim Organization: petmedicity
Victim Site: petmedicity.com
Z-BL4CX-H4T targets the website of Journeyman Study Guide
Category: Defacement
Content: Group claims to have deface the website of Journeyman Study Guide.
Date: 2026-03-17T07:06:28Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: USA
Victim Industry: Education
Victim Organization: journeyman study guide
Victim Site: journeymanstudyguide.com
Alleged leak of Chinese household registration and personal data
Category: Data Breach
Content: The threat actor claims to have leaked approximately 10 GB of sensitive data related to individuals in China, including ID cards, credit card information, and business-related records. The dataset allegedly contains around 6 million rows of household registration data in CSV format, with fields such as names, ID numbers, dates of birth, addresses, mobile numbers, and other personal and demographic details.
Date: 2026-03-17T07:05:54Z
Network: telegram
Published URL: https://t.me/DedaleOffice/819
Screenshots:
None
Threat Actors: Dedale Office
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Z-BL4CX-H4T targets the website of Phull Heating & Cooling Ltd.
Category: Defacement
Content: Group claims to have deface the website of Phull Heating & Cooling Ltd.
Date: 2026-03-17T07:04:02Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: Canada
Victim Industry: Other Industry
Victim Organization: phull heating & cooling ltd.
Victim Site: phullheating.com
Z-BL4CX-H4T targets the website of JB Aluminum & Glass Products LTD
Category: Defacement
Content: Group claims to have deface the website of JB Aluminum & Glass Products LTD.
Date: 2026-03-17T07:03:38Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: Canada
Victim Industry: Building and construction
Victim Organization: jb aluminum & glass products ltd
Victim Site: jbglassltd.com
Z-BL4CX-H4T targets the website of Please Plant
Category: Defacement
Content: Group claims to have deface the website of Please Plant.
Date: 2026-03-17T07:03:10Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: Canada
Victim Industry: Architecture & Planning
Victim Organization: please plant
Victim Site: pleaseplant.com
Z-BL4CX-H4T targets the website of Mosswood Millwork
Category: Defacement
Content: Group claims to have deface the website of Mosswood Millwork.
Date: 2026-03-17T06:58:12Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: Canada
Victim Industry: Manufacturing
Victim Organization: mosswood millwork
Victim Site: mosswoodmillwork.com
Z-BL4CX-H4T targets the website of Ansatel Communications Inc.
Category: Defacement
Content: Group claims to have deface the website of Ansatel Communications Inc.
Date: 2026-03-17T06:54:15Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: Canada
Victim Industry: Network & Telecommunications
Victim Organization: ansatel communications inc.
Victim Site: promo.ansatel.com
Z-BL4CX-H4T targets the website of Range Freightways
Category: Defacement
Content: Group claims to have deface the website of Range Freightways.
Date: 2026-03-17T06:52:54Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: Canada
Victim Industry: E-commerce & Online Stores
Victim Organization: range freightways
Victim Site: rangefreightways.com
Alleged Sale of Clínica Panamericana Patient Database
Category: Data Breach
Content: The threat actor claims to be selling a dataset allegedly extracted from Clínica Panamericana systems. The dataset contains personal and sensitive information.
Date: 2026-03-17T06:43:57Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-CO-1-5-MILLION-CLINICAPANAMERICANA-CO
Screenshots:
None
Threat Actors: NyxarGroup
Victim Country: Colombia
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: clínica panamericana
Victim Site: clinicapanamericana.co
Z-BL4CX-H4T targets the website of The SEO Agent
Category: Defacement
Content: The group claims to have defaced the website of The SEO Agent
Date: 2026-03-17T06:36:36Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: the seo agent
Victim Site: theseoagent.com
Z-BL4CX-H4T targets the website of Unity Crest Solutions
Category: Defacement
Content: The group claims to have defaced the website of Unity Crest Solutions
Date: 2026-03-17T06:35:26Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: Unknown
Victim Industry: Information Technology (IT) Services
Victim Organization: unity crest solutions
Victim Site: unitycrestsolutions.com
Z-BL4CX-H4T targets the website of TravelCo International
Category: Defacement
Content: The group claims to have defaced the website of TravelCo International
Date: 2026-03-17T06:32:49Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: USA
Victim Industry: Leisure & Travel
Victim Organization: travelco international
Victim Site: travelcointernational.com
Z-BL4CX-H4T targets the website of Westimm
Category: Defacement
Content: The group claims to have defaced the website of Westimm
Date: 2026-03-17T06:26:47Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: USA
Victim Industry: Real Estate
Victim Organization: westimm
Victim Site: westimm.com
Alleged Data Leak of Israeli Emails
Category: Data Breach
Content: The group claims to have leaked Israeli Emails
Date: 2026-03-17T06:24:38Z
Network: telegram
Published URL: https://t.me/c/3895337347/33
Screenshots:
None
Threat Actors: SNR INTEL
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Z-BL4CX-H4T targets the website of SAPB1 Consulting
Category: Defacement
Content: The group claims to have defaced the website of SAPB1 Consulting.
Date: 2026-03-17T06:24:14Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: sapb1 consulting
Victim Site: sapb1consulting.com
Z-BL4CX-H4T targets the website of WCI Contracting Ltd.
Category: Defacement
Content: The group claims to have defaced the website of WCI Contracting Ltd.
Date: 2026-03-17T06:22:45Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: Canada
Victim Industry: Building and construction
Victim Organization: wci contracting ltd.
Victim Site: wcicontracting.com
Z-BL4CX-H4T targets the website of 22 Construction
Category: Defacement
Content: The group claims to have defaced the website of 22 Construction
Date: 2026-03-17T06:22:40Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: Canada
Victim Industry: Building and construction
Victim Organization: 22 construction
Victim Site: 22construction.ca
Z-BL4CX-H4T targets the website of 5911 Tattoos
Category: Defacement
Content: The group claims to have defaced the website of 5911 Tattoos
Date: 2026-03-17T06:16:10Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: 5911 tattoos
Victim Site: 5911tattoos.ca
Alleged Data Leak of Multiple Israeli Intelligence and Nuclear Positional Coordinates
Category: Data Breach
Content: The group claims to have leaked sensitive Israeli intelligence data, including alleged positional coordinates of multiple strategic and industrial sites. which reportedly include locations such as power stations in Rotenberg, Ashalim, and Orot Rabin, infrastructure in Ashkelon Port, an Intel-related facility, an oil-related site in Haifa, and other operational points
Date: 2026-03-17T06:13:42Z
Network: telegram
Published URL: https://t.me/IndoHaxSec3/76
Screenshots:
None
Threat Actors: INDOHAXSEC
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
BABAYO EROR SYSTEM targets the website of biztech
Category: Defacement
Content: The group claims to have defaced the website of biztech.
Date: 2026-03-17T06:12:47Z
Network: telegram
Published URL: https://t.me/BabayoErorSyteam/243
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Bangladesh
Victim Industry: Information Technology (IT) Services
Victim Organization: biztech
Victim Site: shop.biztech.com.bd
Z-BL4CX-H4T targets the website of 5K Construction
Category: Defacement
Content: The group claims to have defaced the website of 5K Construction
Date: 2026-03-17T06:09:05Z
Network: telegram
Published URL: https://t.me/c/3027611821/456
Screenshots:
None
Threat Actors: Z-BL4CX-H4T
Victim Country: Canada
Victim Industry: Building and construction
Victim Organization: 5k construction
Victim Site: 5kconstruction.ca
Alleged data leak of AI Humanizer PRO
Category: Data Breach
Content: Threat actor claims to have leaked a database of AI Humanizer PRO. The compromised data reportedly includes id, email, full name, avatar url, billing address, payment method etc.
Date: 2026-03-17T06:02:53Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-HumanizerPro-AI-Database-Leaked-Download?highlight=humanizerpro.ai
Screenshots:
None
Threat Actors: Manager
Victim Country: Unknown
Victim Industry: Writing & Editing
Victim Organization: ai humanizer pro
Victim Site: humanizerpro.ai
BABAYO EROR SYSTEM targets the website of weavenest.in.diginock.com
Category: Defacement
Content: The group claims to have defaced the website of weavenest.in.diginock.com .
Date: 2026-03-17T05:46:13Z
Network: telegram
Published URL: https://t.me/BabayoErorSyteam/243
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: weavenest.in.diginock.com
BABAYO EROR SYSTEM targets the website of shoesnepal.hamroonlinestore.com
Category: Defacement
Content: The group claims to have defaced the website of shoesnepal.hamroonlinestore.com .
Date: 2026-03-17T05:45:28Z
Network: telegram
Published URL: https://t.me/BabayoErorSyteam/243
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Nepal
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: shoesnepal.hamroonlinestore.com
Alleged Data Breach of BT Travel
Category: Data Breach
Content: The threat actor claims to have leaked a dataset allegedly belonging to BT Travel Venezuela. The dataset contains personal informations like passport details and travel booking and ticketing details.
Date: 2026-03-17T04:52:12Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-AIRLINE-BT-TRAVEL-VENEZUELA-90K-CONFIDENTIAL-DATA-16-03-2026?highlight=bt+travel
Screenshots:
None
Threat Actors: malconguerra2
Victim Country: Venezuela
Victim Industry: Hospitality & Tourism
Victim Organization: bt travel
Victim Site: tiendadeturismo-test.web.app
Mr. BDKR28 targets the website of Aharoni
Category: Defacement
Content: The group claims to have defaced the website of Aharoni
Date: 2026-03-17T04:23:53Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41606754
Screenshots:
None
Threat Actors: Mr. BDKR28
Victim Country: Israel
Victim Industry: Food & Beverages
Victim Organization: aharoni
Victim Site: aharonis.co.il
Mr. BDKR28 targets the website of Eagle Tower
Category: Defacement
Content: The group claims to have defaced the website of Eagle Tower
Date: 2026-03-17T04:10:41Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41601058
Screenshots:
None
Threat Actors: Mr. BDKR28
Victim Country: Israel
Victim Industry: Real Estate
Victim Organization: eagle tower
Victim Site: eagletower.co.il
Alleged sale of unauthorized VPN access to unidentified Construction Management company
Category: Initial Access
Content: Threat actor claims to be selling unauthorized VPN access to an unidentified Construction Management company in USA.
Date: 2026-03-17T03:30:57Z
Network: openweb
Published URL: https://forum.exploit.in/topic/278423/
Screenshots:
None
Threat Actors: thugstage
Victim Country: USA
Victim Industry: Building and construction
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized VPN access to unidentified Logistics company
Category: Initial Access
Content: Threat actor claims to be selling unauthorized VPN access to an unidentified Logistics company in USA.
Date: 2026-03-17T03:28:47Z
Network: openweb
Published URL: https://forum.exploit.in/topic/278423/
Screenshots:
None
Threat Actors: thugstage
Victim Country: USA
Victim Industry: Transportation & Logistics
Victim Organization: Unknown
Victim Site: Unknown
alleged access to Lebanese Forces
Category: Initial Access
Content: The group claims to have gained access to Lebanese Forces
Date: 2026-03-17T03:09:20Z
Network: telegram
Published URL: https://t.me/hak994/5337
Screenshots:
None
Threat Actors: Fatimion cyber team
Victim Country: Lebanon
Victim Industry: Newspapers & Journalism
Victim Organization: lebanese forces
Victim Site: lebanese-forces.com
BABAYO EROR SYSTEM targets the website of info.mca-edu.com
Category: Defacement
Content: The group claims to have defaced the website of info.mca-edu.com .
Date: 2026-03-17T02:43:25Z
Network: telegram
Published URL: https://t.me/BabayoErorSyteam/241?single
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: info.mca-edu.com
Hider_Nex claims to target Israel
Category: Alert
Content: A recent post by the group indicates that they are targeting Israel
Date: 2026-03-17T01:58:01Z
Network: telegram
Published URL: https://t.me/c/2878397916/576
Screenshots:
None
Threat Actors: Hider_Nex
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Koiride Passenger and Driver Database
Category: Data Breach
Content: The threat actor claims to be selling a database of Koiride, the dataset contains millions of records related to airport transfer services, including passenger and driver data.
Date: 2026-03-17T01:34:56Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Koiride-com-airport-transfers-1mil-passengers-data
Screenshots:
None
Threat Actors: stalker8083
Victim Country: Unknown
Victim Industry: Transportation & Logistics
Victim Organization: koiride
Victim Site: koiride.com
Alleged data leak of Israel lawyer data base
Category: Data Breach
Content: The group claims to have leaked 29,300 data from Israel lawyer data base. The compromised data reportedly includes name, city, email, phone, location, website and subfiles
Date: 2026-03-17T01:23:44Z
Network: telegram
Published URL: https://t.me/netstrikegroup/41
Screenshots:
None
Threat Actors: NetStrike
Victim Country: Israel
Victim Industry: Legal Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Iraqi Popular Mobilization Forces Fighter Database
Category: Data Breach
Content: The threat actor claims to be selling a database allegedly containing 248,706 records of Iraqi Popular Mobilization Forces (PMF) fighters, including personal information such as full names, ID numbers, dates of birth, mothers’ names, marital status, and unit affiliations.
Date: 2026-03-17T00:39:03Z
Network: openweb
Published URL: https://darkforums.su/Thread-Buying-Iraqi-Popular-Mobilization
Screenshots:
None
Threat Actors: Jondata1
Victim Country: Iraq
Victim Industry: Government Administration
Victim Organization: popular mobilization forces
Victim Site: al-hashed.gov.iq
Alleged sale of unauthorized access to Beijing Super Cloud Computing Center (BSCC)
Category: Initial Access
Content: Threat actor claims to be selling unauthorized access Beijing Super Cloud Computing Center (BSCC) .
Date: 2026-03-17T00:12:25Z
Network: openweb
Published URL: https://darkforums.su/Thread-China-Beijing-super-cloud-computing-center
Screenshots:
None
Threat Actors: Jon1234
Victim Country: China
Victim Industry: Information Technology (IT) Services
Victim Organization: beijing super cloud computing center (bscc)
Victim Site: blsc.cn