Executive Summary
This report details a significant surge in cyber threat activity recorded between March 22 and March 23, 2026. The analyzed dataset encompasses over 200 distinct cybersecurity incidents across multiple vectors, including website defacements, massive credential leaks, corporate data breaches, initial access brokering, and critical infrastructure threats. The threat landscape during this period was dominated by highly active hacktivist groups, prolific credential brokers, and financially motivated ransomware/extortion actors targeting a global attack surface.
Threat Actor Profiling
The data reveals several highly active threat actors and syndicates operating simultaneously.
- Umbra Community (Nicotine & L4663R666H05T): This group, primarily driven by the actor “Nicotine,” was responsible for the vast majority of website defacements. Nicotine executed dozens of single-target defacements and redefacements across diverse sectors, including education, healthcare, and transportation.
- Botak Blocker: Operating as an individual actor, Botak Blocker focused heavily on isolated subdirectory defacements. Targets primarily included retail, e-commerce, and manufacturing sites.
- Idiot Crew (maw3six): This actor engaged in coordinated mass defacement campaigns. They specifically targeted Linux-based servers hosting gaming and gambling domains, such as the “ninja388” network.
- ShinyHunters: This high-profile threat actor claimed responsibility for significant corporate data breaches, specifically targeting Salesforce records and internal SharePoint data.
- Credential Brokers (CODER, BestCombo, HQcomboSpace, MailAccesss): A massive ecosystem of credential sharing was observed on cybercriminal forums. These actors freely distributed combo lists containing millions of credentials.
Incident Category Analysis
1. Website Defacements
Defacement was the most frequently recorded incident type.
- Targeted Defacements: Actors like Nicotine and Botak Blocker generally targeted specific index files or subdirectories of individual organizations. For example, Botak Blocker compromised the media directory of viverecollection.com.
- Mass Campaigns: The Idiot Crew demonstrated the capability to compromise multiple sites simultaneously, hitting various domains related to online gambling and entertainment in rapid succession.
- Redefacements: A notable trend was the “redefacement” of previously compromised homepages, indicating a failure by victim organizations to properly secure their infrastructure after an initial breach.
2. Credential Leaks and Combo Lists
The sheer volume of compromised credentials distributed during this period represents a severe risk for credential stuffing attacks.
| Threat Actor | Target Platform/Region | Estimated Record Volume |
| Daxus | Mixed URLs | 43.2 Million |
| CODER | Argentina | 31 Million |
| CODER | UK / Canada | 15 Million / 11 Million |
| CODER | PSN, LinkedIn, TikTok | 13 Million |
| BestCombo | Crypto-banking Services | 1.96 Million |
| HQcomboSpace | Hotmail (Gaming/Shopping) | 925,661 |
- Platform Focus: Hotmail and Gmail were heavily targeted, with threat actors advertising lists specifically curated for gaming, shopping, and cryptocurrency platforms.
- Geographic Focus: Threat actors advertised localized combo lists targeting users in Germany, Japan, Russia, France, and Taiwan.
3. Corporate Data Breaches
Several high-impact data breaches involving sensitive corporate and government data were claimed.
- Infinite Campus: ShinyHunters claimed to have compromised Salesforce records containing personally identifiable information (PII).
- Ameriprise Financial Services, LLC: ShinyHunters alleged the exfiltration of over 200GB of compressed internal SharePoint data and PII.
- Iraqi Ministry of Commerce: Threat actor ShadaKurdistani claimed to leak a database containing approximately 43 million records, including detailed family, employment, and residential data.
- Prefeitura Municipal de Caieiras (Brazil): A breach allegedly exposed 363,519 records containing national IDs, health system identifiers, and medical records.
4. Initial Access and Malware
The underground market for initial access and specialized malware was highly active.
- Wallet Sniffers: The actor “kalashnikov” advertised Windows desktop malware targeting Ledger and Trezor cryptocurrency wallets. The malware includes Telegram notifications, startup persistence, and fake application deployment.
- Initial Access Brokering: Threat actors sold unauthorized RDP, WordPress Admin, FTP, and SSH access to organizations globally, including a software company in Australia and finance organizations in the USA.
- Surveillance Systems: Multiple actors claimed unauthorized access to CCTV and surveillance camera systems in Poland and other unidentified countries.
5. Geopolitical Threats and Alerts
Hacktivism with geopolitical motives was explicitly observed.
- Handala Hack: This group issued a severe escalation warning, stating that any attacks on national power infrastructure would trigger a disproportionate retaliatory response. They claimed to possess detailed intelligence and operational data on adversary infrastructure.
- Fatimion Cyber Team: This group announced active targeting of government websites in Israel.
Conclusion
The intelligence gathered from the events of March 22–23, 2026, paints a picture of a highly volatile and multifaceted cyber threat environment. The most immediate and widespread threat comes from the massive proliferation of credential combo lists. With tens of millions of records distributed freely on underground forums, organizations face an imminent risk of large-scale credential stuffing and account takeover attacks, particularly in the gaming, e-commerce, and cryptocurrency sectors.
Furthermore, the continuous defacement campaigns by groups like the Umbra Community highlight persistent vulnerabilities in standard web hosting infrastructure. Meanwhile, advanced actors like ShinyHunters are successfully targeting deep corporate data repositories, such as Salesforce and SharePoint, leading to severe PII exposure. Finally, the explicit threats against critical infrastructure and government entities by groups like Handala Hack indicate that cyberspace remains a primary domain for geopolitical posturing and conflict.
Detected Incidents Draft Data
- Website defacement of Vivere Collection by Botak Blocker
Category: Defacement
Content: The attacker Botak Blocker defaced a subdirectory of viverecollection.com on March 23, 2026. This was an isolated defacement targeting a specific media directory rather than the main homepage.
Date: 2026-03-22T23:46:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813152
Screenshots:
None
Threat Actors: Botak Blocker
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Vivere Collection
Victim Site: viverecollection.com - Website defacement of grantedu.tech by Nicotine/Umbra Community
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team successfully defaced the grantedu.tech educational website on March 23, 2026. The defacement targeted the index.txt file on the education sector domain.
Date: 2026-03-22T23:41:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813125
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: grantedu.tech - Website defacement of Baggage Collection USA by Botak Blocker
Category: Defacement
Content: Individual attacker Botak Blocker successfully defaced the Baggage Collection USA e-commerce website on March 23, 2026. The incident targeted a specific subdirectory rather than the main homepage and appears to be an isolated attack rather than part of a mass defacement campaign.
Date: 2026-03-22T23:40:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813126
Screenshots:
None
Threat Actors: Botak Blocker
Victim Country: United States
Victim Industry: Retail/E-commerce
Victim Organization: Baggage Collection USA
Victim Site: baggagecollectionusa.com - Website defacement of mywhiteboards.com by Botak Blocker
Category: Defacement
Content: Botak Blocker defaced the MyWhiteboards website on March 23, 2026. The attack targeted the media/custom section of the site and was documented with a mirror URL on zone-xsec.com.
Date: 2026-03-22T23:40:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813130
Screenshots:
None
Threat Actors: Botak Blocker
Victim Country: Unknown
Victim Industry: Technology/Software
Victim Organization: MyWhiteboards
Victim Site: mywhiteboards.com - Website defacement of historicalworld.site by Nicotine from Umbra Community
Category: Defacement
Content: The attacker Nicotine, affiliated with Umbra Community, defaced the historicalworld.site website on March 23, 2026. The defacement targeted what appears to be an educational or historical content website.
Date: 2026-03-22T23:39:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813131
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: historicalworld.site - Website defacement of glasseyesonline.com by Botak Blocker
Category: Defacement
Content: The attacker Botak Blocker defaced a subdirectory of glasseyesonline.com on March 23, 2026. The incident appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-03-22T23:39:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813132
Screenshots:
None
Threat Actors: Botak Blocker
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Glass Eyes Online
Victim Site: glasseyesonline.com - Website defacement of Hoffmaster by Botak Blocker
Category: Defacement
Content: Botak Blocker defaced a customer media section of Hoffmasters website on March 23, 2026. The incident targeted a specific subdirectory rather than the main homepage.
Date: 2026-03-22T23:38:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813134
Screenshots:
None
Threat Actors: Botak Blocker
Victim Country: United States
Victim Industry: Manufacturing
Victim Organization: Hoffmaster
Victim Site: hoffmaster.com - Website defacement of shoplinuxonline.com by Botak Blocker
Category: Defacement
Content: The attacker Botak Blocker defaced shoplinuxonline.com on March 23, 2026. This was an isolated defacement targeting a Linux-focused e-commerce platform.
Date: 2026-03-22T23:38:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813137
Screenshots:
None
Threat Actors: Botak Blocker
Victim Country: Unknown
Victim Industry: Technology/E-commerce
Victim Organization: Shop Linux Online
Victim Site: shoplinuxonline.com - Website defacement of eTradeSupply by Botak Blocker
Category: Defacement
Content: The attacker Botak Blocker defaced a subdirectory of etradesupply.com, an electronics retail website, on March 23, 2026. This was an isolated defacement incident targeting a single page rather than a mass defacement campaign.
Date: 2026-03-22T23:37:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813138
Screenshots:
None
Threat Actors: Botak Blocker
Victim Country: Unknown
Victim Industry: E-commerce/Electronics retail
Victim Organization: eTradeSupply
Victim Site: etradesupply.com - Website defacement of Power4Laptops by Botak Blocker
Category: Defacement
Content: Botak Blocker defaced the Power4Laptops e-commerce website on March 23, 2026. The attack targeted the companys media directory, compromising their online retail platform.
Date: 2026-03-22T23:37:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813140
Screenshots:
None
Threat Actors: Botak Blocker
Victim Country: Unknown
Victim Industry: Retail/Technology
Victim Organization: Power4Laptops
Victim Site: power4laptops.com - Website defacement of wellcarehub.online by Nicotine (Umbra Community)
Category: Defacement
Content: The healthcare website wellcarehub.online was defaced by attacker Nicotine affiliated with the Umbra Community group on March 23, 2026. The defacement targeted the main index page of the healthcare platform.
Date: 2026-03-22T23:36:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813144
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: WellCare Hub
Victim Site: wellcarehub.online - Website defacement of wildora.space by Nicotine (Umbra Community)
Category: Defacement
Content: The website wildora.space was defaced by attacker Nicotine affiliated with the Umbra Community group on March 23, 2026. The defacement targeted the sites index page without being classified as a mass or home page defacement.
Date: 2026-03-22T23:35:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813145
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: wildora.space - Website defacement of zenthrive.tech by Nicotine (Umbra Community)
Category: Defacement
Content: The website zenthrive.tech was defaced on March 23, 2026 by attacker Nicotine affiliated with the Umbra Community team. This appears to be a single-target defacement incident rather than a mass or repeat attack.
Date: 2026-03-22T23:35:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813146
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: ZenThrive
Victim Site: zenthrive.tech - Website defacement of hootjudkins.com by L4663R666H05T (Umbra Community)
Category: Defacement
Content: The website hootjudkins.com was defaced by attacker L4663R666H05T, affiliated with the Umbra Community group, on March 23, 2026. This appears to be an isolated defacement incident targeting a specific organizations website.
Date: 2026-03-22T23:34:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813147
Screenshots:
None
Threat Actors: L4663R666H05T, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Hoot Judkins
Victim Site: hootjudkins.com - Alleged Unauthorized Access to Surveillance Camera Systems in Poland
Category: Initial Access
Content: The group claims to have gained Unauthorized Access to Surveillance Camera Systems in Poland
Date: 2026-03-22T23:27:34Z
Network: telegram
Published URL: https://t.me/op_morningstar/586
Screenshots:
None
Threat Actors: MORNING STAR
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement of blixtsoft.com by Nicotine from Umbra Community
Category: Defacement
Content: The attacker Nicotine, affiliated with Umbra Community, successfully defaced the blixtsoft.com website on March 23, 2026. This appears to be an isolated defacement incident targeting a technology companys web presence.
Date: 2026-03-22T23:25:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812901
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Blixtsoft
Victim Site: blixtsoft.com - Website defacement of boomboommart.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website boomboommart.com was defaced by attacker Nicotine affiliated with the Umbra Community group on March 23, 2026. The defacement targeted what appears to be an e-commerce retail website.
Date: 2026-03-22T23:24:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812902
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: E-commerce/Retail
Victim Organization: Boom Boom Mart
Victim Site: boomboommart.com - Website defacement of Lilis Apparels by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team defaced the lilisapparels.com website on March 23, 2026. The defacement targeted an apparel retail companys website, modifying the index page content.
Date: 2026-03-22T23:23:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812916
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Retail/Apparel
Victim Organization: Lilis Apparels
Victim Site: lilisapparels.com - Alleged data breach of Infinite Campus
Category: Data Breach
Content: The threat actor claims to have obtained and compromised Salesforce records containing personally identifiable information (PII) along with other internal corporate data.
Date: 2026-03-22T23:23:11Z
Network: tor
Published URL: http://toolatedhs5dtr2pv6h5kdraneak5gs3sxrecqhoufc5e45edior7mqd.onion/
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: USA
Victim Industry: Software Development
Victim Organization: infinite campus
Victim Site: infinitecampus.com - Website defacement of Hola Physio by Nicotine (Umbra Community)
Category: Defacement
Content: Healthcare website holaphysio.hk was defaced by attacker Nicotine affiliated with the Umbra Community group on March 23, 2026. The defacement targeted a physiotherapy clinics website in Hong Kong.
Date: 2026-03-22T23:19:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812853
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Hong Kong
Victim Industry: Healthcare
Victim Organization: Hola Physio
Victim Site: holaphysio.hk - Website defacement of intromoment.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website intromoment.com was defaced by attacker Nicotine associated with the Umbra Community group on March 23, 2026. The defacement targeted the index.txt file of the domain.
Date: 2026-03-22T23:18:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812854
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: intromoment.com - Website defacement of dibbaexpress.com by Nicotine from Umbra Community
Category: Defacement
Content: On March 23, 2026, the website dibbaexpress.com was defaced by an attacker known as Nicotine associated with the Umbra Community group. The defacement targeted the index.txt file of what appears to be a transportation or express delivery service.
Date: 2026-03-22T23:18:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812855
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United Arab Emirates
Victim Industry: Transportation/Logistics
Victim Organization: Dibba Express
Victim Site: dibbaexpress.com - Website defacement of kaydyachbola.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website kaydyachbola.com was defaced by the attacker Nicotine affiliated with the Umbra Community group on March 23, 2026. This was a targeted single-site defacement with no indication of mass compromise or previous attacks on the same target.
Date: 2026-03-22T23:17:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812858
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: kaydyachbola.com - Website defacement of Aqualuna Scapes by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community group conducted a redefacement of aqualunascapes.com on March 23, 2026. This appears to be a targeted attack against a landscaping or aquatic services company.
Date: 2026-03-22T23:17:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812865
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Landscaping/Aquatic Services
Victim Organization: Aqualuna Scapes
Victim Site: aqualunascapes.com - Alleged data breach of Ameriprise Financial Services, LLC
Category: Data Breach
Content: The threat actor claims to have compromised and exfiltrated sensitive corporate data, including Salesforce records containing personally identifiable information (PII) and over 200GB of compressed internal SharePoint data.
Date: 2026-03-22T23:13:00Z
Network: tor
Published URL: http://toolatedhs5dtr2pv6h5kdraneak5gs3sxrecqhoufc5e45edior7mqd.onion/
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: ameriprise financial services, llc
Victim Site: ameriprise.com - Website defacement of altmascab3.space by Nicotine/Umbra Community
Category: Defacement
Content: The Umbra Community threat group, specifically attacker Nicotine, successfully defaced the altmascab3.space website on March 23, 2026. This appears to be an individual defacement targeting a single site rather than part of a mass campaign.
Date: 2026-03-22T23:00:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812572
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: altmascab3.space - Website defacement of anacabs4.space by Nicotine (Umbra Community)
Category: Defacement
Content: The website anacabs4.space was defaced by attacker Nicotine affiliated with Umbra Community on March 23, 2026. The incident targeted what appears to be a taxi or transportation service website.
Date: 2026-03-22T22:59:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812577
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Transportation/Taxi Services
Victim Organization: Ana Cabs
Victim Site: anacabs4.space - Website defacement of anacabs7.space by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community team defaced the Ana Cabs transportation website on March 23, 2026. The defacement targeted the main index page of the anacabs7.space domain.
Date: 2026-03-22T22:58:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812579
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Transportation
Victim Organization: Ana Cabs
Victim Site: anacabs7.space - Website defacement of classonline.space by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team successfully defaced the classonline.space website on March 23, 2026. The targeted site appears to be an online education platform based on its domain name.
Date: 2026-03-22T22:58:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812582
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: classonline.space - Website defacement of flyingcab4.space by Nicotine (Umbra Community)
Category: Defacement
Content: Cybercriminal Nicotine from the Umbra Community group defaced the flyingcab4.space website on March 23, 2026. The attack targeted what appears to be a transportation-related service based on the domain name.
Date: 2026-03-22T22:57:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812587
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Transportation
Victim Organization: Unknown
Victim Site: flyingcab4.space - Website defacement of glassgame.space by Nicotine (Umbra Community)
Category: Defacement
Content: The gaming website glassgame.space was defaced by an attacker known as Nicotine affiliated with the Umbra Community group on March 23, 2026. This appears to be an isolated defacement targeting a single gaming-related domain.
Date: 2026-03-22T22:57:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812590
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Unknown
Victim Site: glassgame.space - Alleged leak of mixed domain credential list
Category: Combo List
Content: A credential list containing 4,715 lines targeting mixed domains has been made available for free download on a cybercriminal forum.
Date: 2026-03-22T22:56:23Z
Network: openweb
Published URL: https://crackingx.com/threads/69515/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement of johnads.site by Nicotine (Umbra Community)
Category: Defacement
Content: The website johnads.site was defaced by threat actor Nicotine affiliated with the Umbra Community group on March 23, 2026. The incident targeted the sites index page and was archived on zone-xsec.com mirror.
Date: 2026-03-22T22:56:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812592
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: johnads.site - Website defacement of kingonlinebook.space by Nicotine (Umbra Community)
Category: Defacement
Content: The website kingonlinebook.space was defaced on March 23, 2026 by an attacker identified as Nicotine affiliated with the Umbra Community group. This appears to be an individual defacement targeting an online book service platform.
Date: 2026-03-22T22:55:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812593
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Online Services
Victim Organization: King Online Book
Victim Site: kingonlinebook.space - Website defacement of madhurcab.space by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community threat actor Nicotine defaced the Madhur Cab website on March 23, 2026. The incident targeted what appears to be a transportation/taxi service companys website.
Date: 2026-03-22T22:55:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812594
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Transportation
Victim Organization: Madhur Cab
Victim Site: madhurcab.space - Website defacement of madhurcab9.space by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community team defaced the website madhurcab9.space on March 23, 2026. The incident was documented and archived with mirror evidence available.
Date: 2026-03-22T22:54:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812599
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: madhurcab9.space - Website defacement of manyads.space by Nicotine (Umbra Community)
Category: Defacement
Content: The website manyads.space was defaced by threat actor Nicotine affiliated with the Umbra Community group on March 23, 2026. This appears to be a single-target defacement incident affecting what appears to be an advertising-related website.
Date: 2026-03-22T22:54:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812603
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Advertising/Marketing
Victim Organization: Unknown
Victim Site: manyads.space - Website defacement of currybox.in by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from Umbra Community defaced the CurryBox website on March 23, 2026. This appears to be a single-target defacement attack against an Indian food service companys website.
Date: 2026-03-22T22:47:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812521
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Food Services
Victim Organization: CurryBox
Victim Site: currybox.in - Website defacement of dgiworx.ca by Nicotine (Umbra Community)
Category: Defacement
Content: On March 23, 2026, the website dgiworx.ca was defaced by an attacker identified as Nicotine affiliated with the Umbra Community group. The defacement targeted the index page of the Canadian organizations website.
Date: 2026-03-22T22:47:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812523
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: DGI Worx
Victim Site: dgiworx.ca - Website defacement of dgiworx.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website dgiworx.com was defaced by an attacker identified as Nicotine affiliated with the Umbra Community team on March 23, 2026. This appears to be an isolated defacement incident rather than part of a mass attack campaign.
Date: 2026-03-22T22:46:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812524
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: DGI Worx
Victim Site: dgiworx.com - Website defacement of Expert Tax Services LLC by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community member Nicotine successfully defaced the website of Expert Tax Services LLC on March 23, 2026. The attack targeted a tax preparation and financial services companys web presence.
Date: 2026-03-22T22:46:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812527
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United States
Victim Industry: Financial Services
Victim Organization: Expert Tax Services LLC
Victim Site: experttaxservicesllc.com - Website defacement of Kamakshi Ambal Trust by Nicotine/Umbra Community
Category: Defacement
Content: The Kamakshi Ambal Trust website was defaced by attacker Nicotine from the Umbra Community group on March 23, 2026. This appears to be a targeted single-site defacement of a religious trust organizations web presence.
Date: 2026-03-22T22:45:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812534
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Religious/Non-profit
Victim Organization: Kamakshi Ambal Trust
Victim Site: kamakshiambaltrust.org - Website defacement of rrand.co by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community group defaced the rrand.co website on March 23, 2026. The defacement targeted the index page of the site.
Date: 2026-03-22T22:44:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812542
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: rrand.co - Website defacement of RR Trading Agency by Nicotine/Umbra Community
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team defaced the RR Trading Agency website on March 23, 2026. The defacement targeted the index.txt file of the commercial trading companys website.
Date: 2026-03-22T22:44:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812545
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Trading/Commerce
Victim Organization: RR Trading Agency
Victim Site: rrtradingagency.com - Website defacement of Selvam Trader by Nicotine (Umbra Community)
Category: Defacement
Content: The trading company website selvamtrader.com was defaced by threat actor Nicotine affiliated with the Umbra Community group on March 23, 2026. The defacement targeted the sites index page, compromising the organizations web presence.
Date: 2026-03-22T22:43:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812546
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Trading/Commerce
Victim Organization: Selvam Trader
Victim Site: selvamtrader.com - Alleged leak of mixed email and password credentials
Category: Combo List
Content: A threat actor shared a combolist containing 160,000 email and password credentials described as fresh and high quality. The credentials appear to be from mixed sources and are being distributed for free download.
Date: 2026-03-22T22:41:09Z
Network: openweb
Published URL: https://crackingx.com/threads/69512/
Screenshots:
None
Threat Actors: steeve75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Hotmail credentials targeting gaming and shopping platforms
Category: Combo List
Content: A threat actor shared a combolist containing 925,661 credential pairs targeting Hotmail accounts, specifically curated for gaming and shopping platforms. The credentials were distributed via a file sharing service as a free download.
Date: 2026-03-22T22:40:52Z
Network: openweb
Published URL: https://crackingx.com/threads/69513/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology Services
Victim Organization: Hotmail
Victim Site: hotmail.com - Shadow Cyber Indonesia targets the website of Excel
Category: Defacement
Content: The group claims to have defaced the website of Excel.
Date: 2026-03-22T22:39:53Z
Network: telegram
Published URL: https://t.me/Shadow_Cyber_Indonesia/13
Screenshots:
None
Threat Actors: Shadow Cyber Indonesia
Victim Country: India
Victim Industry: Manufacturing & Industrial Products
Victim Organization: excel
Victim Site: xlr.co.in - Alleged leak of Hotmail credentials
Category: Combo List
Content: Actor karaokecloud shared a combolist containing 2,000 Hotmail email and password combinations on a cybercriminal forum. The credentials are claimed to be valid and suitable for various targets.
Date: 2026-03-22T22:08:03Z
Network: openweb
Published URL: https://crackingx.com/threads/69511/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - chinafans targets the website of buildsaudi.co
Category: Defacement
Content: The group claims to have defaced the website of buildsaudi.co
Date: 2026-03-22T22:04:32Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41640070?hz=1
Screenshots:
None
Threat Actors: chinafans
Victim Country: Saudi Arabia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: buildsaudi.co - Alleged data breach of Toomics
Category: Data Breach
Content: A threat actor claims to have leaked source code data allegedly belonging to Toomics.The data exposed internal platform files and proprietary code from the company.
Date: 2026-03-22T21:34:06Z
Network: openweb
Published URL: https://darkforums.su/Thread-Source-Code-Toomics-Data-Breach-Leaked-Download
Screenshots:
None
Threat Actors: 888
Victim Country: South Korea
Victim Industry: Entertainment & Movie Production
Victim Organization: toomics
Victim Site: toomics.com - Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,274 Hotmail email credentials described as premium and fresh. The data was made available for free download on a criminal forum.
Date: 2026-03-22T21:23:23Z
Network: openweb
Published URL: https://crackingx.com/threads/69510/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged Sale of Windows Desktop Wallet Sniffer Malware Targeting Ledger and Trezor
Category: Malware
Content: The threat actor claims to be selling Windows-based wallet sniffer malware targeting Ledger and Trezor desktop applications. The malware reportedly includes features such as process termination of legitimate applications, deployment of fake applications, Telegram notifications, startup persistence, and self-removal if target installations are not found. It is designed for Windows 10/11 systems and supports delivery via methods such as RDP, VNC, and loaders, enabling credential interception and unauthorized access to cryptocurrency wallets.
Date: 2026-03-22T21:20:45Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/278931/
Screenshots:
None
Threat Actors: kalashnikov
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - chinafans targets the website of INCHI
Category: Defacement
Content: The group claims to have defaced the website of INCHI.
Date: 2026-03-22T21:19:17Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41629794?hz=1
Screenshots:
None
Threat Actors: chinafans
Victim Country: Iran
Victim Industry: Information Technology (IT) Services
Victim Organization: inchi
Victim Site: inchi.ir - Alleged leak of Gmail credentials combolist
Category: Combo List
Content: Threat actor UniqueCombo allegedly shared a combolist containing 327,788 unique Gmail email and password combinations on a cybercriminal forum. The post appears to offer free access to the credential list for registered forum members.
Date: 2026-03-22T21:12:53Z
Network: openweb
Published URL: https://crackingx.com/threads/69509/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com - chinafans targets the website of Sekeh Zargar
Category: Defacement
Content: The group claims to have defaced the website of Sekeh Zargar
Date: 2026-03-22T21:06:14Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41626997?hz=1
Screenshots:
None
Threat Actors: chinafans
Victim Country: Iran
Victim Industry: Retail Industry
Victim Organization: sekeh zargar
Victim Site: sekezargar.ir - Alleged leak of Hotmail credential list
Category: Combo List
Content: A threat actor shared a list of 1,600 allegedly valid Hotmail email credentials dated March 22, 2022. The credentials are being distributed for free to registered forum users.
Date: 2026-03-22T20:55:47Z
Network: openweb
Published URL: https://crackingx.com/threads/69508/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged leak of gaming and streaming platform credentials
Category: Combo List
Content: A threat actor shared a combolist containing approximately 4.3 million gaming and streaming platform credentials via a file sharing service.
Date: 2026-03-22T20:38:25Z
Network: openweb
Published URL: https://crackingx.com/threads/69507/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Gaming and Entertainment
Victim Organization: Unknown
Victim Site: Unknown - Alleged DDoS service offering on CrackingX forum
Category: DDoS
Content: User anubisddos advertises DDoS services on CrackingX forum, providing contact information via Telegram, Jabber, and Tox for potential clients.
Date: 2026-03-22T20:37:44Z
Network: openweb
Published URL: https://crackingx.com/threads/69506/
Screenshots:
None
Threat Actors: anubisddos
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of European and Asian email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 44,000 email credentials allegedly from European and Asian regions. The credentials are being distributed for free download on an underground forum.
Date: 2026-03-22T20:29:12Z
Network: openweb
Published URL: https://crackingx.com/threads/69504/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of corporate credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 76,085 credential pairs specifically labeled as suitable for targeting corporate and business shopping platforms. The credentials are being distributed for free via cloud storage.
Date: 2026-03-22T20:28:38Z
Network: openweb
Published URL: https://crackingx.com/threads/69505/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement of derosta.in by Nicotine (Umbra Community)
Category: Defacement
Content: The website derosta.in was defaced by attacker Nicotine affiliated with Umbra Community on March 23, 2026. The defacement targeted the sites index page and was archived as a mirror for threat intelligence purposes.
Date: 2026-03-22T20:23:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812349
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: derosta.in - Website defacement of digidaftar.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website digidaftar.com was defaced by attacker Nicotine affiliated with Umbra Community on March 23, 2026. The defacement targeted the index.txt file of the website.
Date: 2026-03-22T20:22:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812351
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: digidaftar.com - Website defacement of Pleasant Spaces by Nicotine (Umbra Community)
Category: Defacement
Content: The website pleasantspaces.in was defaced by attacker Nicotine affiliated with the Umbra Community group on March 23, 2026. The defacement targeted the main index page of the site.
Date: 2026-03-22T20:22:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812355
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Unknown
Victim Organization: Pleasant Spaces
Victim Site: pleasantspaces.in - Website defacement of yarunaratech.com by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine, affiliated with Umbra Community, successfully defaced yarunaratech.com on March 23, 2026. The incident targeted what appears to be a technology companys website.
Date: 2026-03-22T20:21:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812359
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Yaruna Technology
Victim Site: yarunaratech.com - Website defacement of Expert Education Network by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from Umbra Community defaced the Expert Education Network website on March 23, 2026. This was an isolated defacement targeting an educational organizations web presence.
Date: 2026-03-22T20:21:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812360
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Expert Education Network
Victim Site: experteducationnetwork.com - Website defacement of hubet88.online by Nicotine from Umbra Community
Category: Defacement
Content: On March 23, 2026, the gambling website hubet88.online was defaced by an attacker named Nicotine, affiliated with the Umbra Community group. The defacement targeted the sites index page, compromising the main landing page of the online gaming platform.
Date: 2026-03-22T20:19:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812364
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Gambling/Gaming
Victim Organization: Hubet88
Victim Site: hubet88.online - Website defacement of fire-safetyadvisor.com by Nicotine (Umbra Community)
Category: Defacement
Content: The fire safety advisory website fire-safetyadvisor.com was defaced by attacker Nicotine affiliated with the Umbra Community group on March 23, 2026. This appears to be an isolated single-site defacement targeting a fire safety services organization.
Date: 2026-03-22T20:18:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812367
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Fire Safety Services
Victim Organization: Fire Safety Advisor
Victim Site: fire-safetyadvisor.com - Website defacement of Profax Trader by Nicotine (Umbra Community)
Category: Defacement
Content: The trading platform Profax Trader was defaced by the attacker Nicotine from the Umbra Community group on March 23, 2026. The defacement targeted the index.txt file of the profaxtrader.com domain.
Date: 2026-03-22T20:18:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812375
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Profax Trader
Victim Site: profaxtrader.com - Website defacement of promobox.pk by Nicotine (Umbra Community)
Category: Defacement
Content: The website promobox.pk was defaced by attacker Nicotine from the Umbra Community group on March 23, 2026. The defacement targeted the index.txt file of the Pakistani website.
Date: 2026-03-22T20:17:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812376
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Pakistan
Victim Industry: Unknown
Victim Organization: Promobox
Victim Site: promobox.pk - Website defacement of Ruchi Gem and Jewels by Nicotine (Umbra Community)
Category: Defacement
Content: The website of Ruchi Gem and Jewels was defaced by an attacker using the handle Nicotine associated with the Umbra Community group on March 23, 2026. This appears to be an isolated defacement targeting a jewelry retailers website.
Date: 2026-03-22T20:17:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812378
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Jewelry/Retail
Victim Organization: Ruchi Gem and Jewels
Victim Site: ruchigemandjewels.com - Website defacement of Kaari Planters by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community threat group, specifically attacker Nicotine, successfully defaced the Kaari Planters website on March 23, 2026. The defacement targeted what appears to be an agricultural or gardening business website.
Date: 2026-03-22T20:08:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812296
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Agriculture/Gardening
Victim Organization: Kaari Planters
Victim Site: kaariplanters.com - Website defacement of Odhav Plast by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team defaced the website of Odhav Plast, a manufacturing company, on March 23, 2026. The defacement targeted the companys main website domain.
Date: 2026-03-22T20:07:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812308
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Manufacturing
Victim Organization: Odhav Plast
Victim Site: odhavplast.com - Website defacement of PS Construction by Nicotine (Umbra Community)
Category: Defacement
Content: The construction company PS Constructions website was defaced by attacker Nicotine from the Umbra Community group on March 23, 2026. This was an isolated defacement incident targeting the companys main website.
Date: 2026-03-22T20:07:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812310
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Construction
Victim Organization: PS Construction
Victim Site: psconstruction.info - Website defacement of shrishivshaktipanel.com by Nicotine from Umbra Community
Category: Defacement
Content: On March 23, 2026, the website shrishivshaktipanel.com was defaced by an attacker known as Nicotine associated with the Umbra Community group. This was a single-target defacement attack against what appears to be an Indian organizations website.
Date: 2026-03-22T20:06:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812322
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Unknown
Victim Organization: Shri Shiv Shakti Panel
Victim Site: shrishivshaktipanel.com - Website defacement of topautomaticos.com.br by Nicotine (Umbra Community)
Category: Defacement
Content: The Brazilian automotive website topautomaticos.com.br was defaced by attacker Nicotine affiliated with Umbra Community on March 23, 2026. This appears to be a single-target defacement incident rather than part of a mass campaign.
Date: 2026-03-22T20:04:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812264
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Brazil
Victim Industry: Automotive
Victim Organization: Top Automaticos
Victim Site: topautomaticos.com.br - Website defacement of Bark Blossom Puppies by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community threat actor Nicotine defaced the Bark Blossom Puppies website on March 23, 2026. This appears to be an isolated defacement targeting a pet services business.
Date: 2026-03-22T20:03:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812266
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Pet Services
Victim Organization: Bark Blossom Puppies
Victim Site: barkblossompuppies.com - Website defacement of aklgames.com by Nicotine (Umbra Community)
Category: Defacement
Content: The gaming website aklgames.com was defaced by attacker Nicotine affiliated with the Umbra Community group on March 23, 2026. The defacement targeted the sites index page, compromising the main entry point of the gaming platform.
Date: 2026-03-22T20:03:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812274
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: AKL Games
Victim Site: aklgames.com - Website defacement of Arkray Senergies by Nicotine from Umbra Community
Category: Defacement
Content: The attacker Nicotine from the Umbra Community group defaced the website of Arkray Senergies, an Indian energy company, on March 23, 2026. The defacement targeted the index.txt file of the companys website.
Date: 2026-03-22T20:02:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812281
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Energy
Victim Organization: Arkray Senergies
Victim Site: arkaraysenergies.in - Website defacement of Balaji Kitchen King LLP by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community threat actor Nicotine defaced the website of Balaji Kitchen King LLP on March 23, 2026. This appears to be a single-target defacement incident affecting a food service business website.
Date: 2026-03-22T20:02:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812282
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Food Service/Restaurant
Victim Organization: Balaji Kitchen King LLP
Victim Site: balajikitchenkingllp.com - Website defacement of mycarbazar.shop by Nicotine (Umbra Community)
Category: Defacement
Content: The automotive e-commerce website mycarbazar.shop was defaced by attacker Nicotine from the Umbra Community group on March 23, 2026. The defacement targeted the index.txt file of the online car marketplace.
Date: 2026-03-22T19:55:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812120
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Automotive/E-commerce
Victim Organization: MyCarBazar
Victim Site: mycarbazar.shop - Website defacement of pattiblue.fun by Nicotine (Umbra Community)
Category: Defacement
Content: The website pattiblue.fun was defaced by attacker Nicotine associated with the Umbra Community group on March 23, 2026. The defacement targeted the sites index page, with technical details remaining largely unknown.
Date: 2026-03-22T19:54:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812125
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: pattiblue.fun - Website defacement of play3patti.fun by Nicotine from Umbra Community
Category: Defacement
Content: On March 23, 2026, the gaming website play3patti.fun was defaced by attacker Nicotine affiliated with the Umbra Community group. The defacement targeted what appears to be an online card game platform.
Date: 2026-03-22T19:54:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812126
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Gaming/Entertainment
Victim Organization: Unknown
Victim Site: play3patti.fun - Website defacement of playpattiblue.fun by Nicotine (Umbra Community)
Category: Defacement
Content: Website defacement attack carried out by attacker Nicotine affiliated with Umbra Community targeting playpattiblue.fun on March 23, 2026. The incident was documented and mirrored on zone-xsec.com defacement archive.
Date: 2026-03-22T19:53:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812127
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: playpattiblue.fun - Website defacement of teenpattiblue.fun by Nicotine from Umbra Community
Category: Defacement
Content: Attacker Nicotine from the Umbra Community team defaced the gaming website teenpattiblue.fun on March 23, 2026. The target appears to be a Teen Patti gaming platform, with the defacement archived on zone-xsec.com.
Date: 2026-03-22T19:53:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812131
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Gaming/Entertainment
Victim Organization: Unknown
Victim Site: teenpattiblue.fun - Website defacement of thetechnology.io by Nicotine (Umbra Community)
Category: Defacement
Content: The technology website thetechnology.io was defaced by attacker Nicotine affiliated with the Umbra Community group on March 23, 2026. The defacement targeted the index.txt file of the technology-focused website.
Date: 2026-03-22T19:52:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812132
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: The Technology
Victim Site: thetechnology.io - Website defacement of snorion.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website snorion.com was defaced by an attacker identified as Nicotine affiliated with the Umbra Community group on March 23, 2026. This appears to be a single-target defacement incident rather than a mass or repeated attack.
Date: 2026-03-22T19:51:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812134
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: snorion.com - Website defacement of ashbinkoirala.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website ashbinkoirala.com was defaced by an attacker known as Nicotine affiliated with the Umbra Community group on March 23, 2026. The incident targeted the sites index.txt file and appears to be an isolated defacement rather than part of a mass campaign.
Date: 2026-03-22T19:51:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812140
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ashbinkoirala.com - Website defacement of Empirical Development by Nicotine/Umbra Community
Category: Defacement
Content: The website empiricaldev.com.au was defaced by attacker Nicotine affiliated with the Umbra Community team on March 23, 2026. The defacement targeted what appears to be a technology/development company based in Australia.
Date: 2026-03-22T19:50:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812144
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Australia
Victim Industry: Technology/Software Development
Victim Organization: Empirical Development
Victim Site: empiricaldev.com.au - Website defacement of Excellent Care by Nicotine (Umbra Community)
Category: Defacement
Content: The healthcare website excellentcare.com.au was defaced by attacker Nicotine affiliated with Umbra Community on March 23, 2026. The defacement targeted the index page of the Australian healthcare organizations website.
Date: 2026-03-22T19:49:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812145
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Australia
Victim Industry: Healthcare
Victim Organization: Excellent Care
Victim Site: excellentcare.com.au - Website defacement of avijovo.com by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine affiliated with Umbra Community defaced the avijovo.com website on March 23, 2026. The defacement targeted the index.txt file and was archived on zone-xsec mirror platform.
Date: 2026-03-22T19:42:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812045
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: avijovo.com - Website defacement of gmcct.org by Nicotine from Umbra Community
Category: Defacement
Content: The attacker Nicotine from Umbra Community defaced gmcct.org on March 23, 2026. This was an isolated defacement incident affecting the index.txt file of the target website.
Date: 2026-03-22T19:42:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812083
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: gmcct.org - Website defacement of Triton Interior by Nicotine (Umbra Community)
Category: Defacement
Content: The interior design company Triton Interiors website was defaced by attacker Nicotine affiliated with the Umbra Community on March 23, 2026. The defacement targeted the sites index page and was documented in threat intelligence archives.
Date: 2026-03-22T19:29:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/811990
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Interior Design
Victim Organization: Triton Interior
Victim Site: tritoninterior.com - Website defacement by Nicotine (Umbra Community)
Category: Defacement
Content: Website defacement conducted by attacker Nicotine affiliated with Umbra Community on March 23, 2026. This was identified as a redefacement of the homepage rather than an initial attack.
Date: 2026-03-22T19:26:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/811945
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement by Nicotine of Umbra Community
Category: Defacement
Content: Umbra Community member Nicotine conducted a redefacement attack on March 23, 2026. This was a targeted home page defacement rather than a mass attack.
Date: 2026-03-22T19:25:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/811946
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement by Nicotine (Umbra Community)
Category: Defacement
Content: Umbra Community member Nicotine conducted a redefacement attack on an unspecified target website on March 23, 2026. This represents a follow-up attack on a previously compromised site rather than an initial breach.
Date: 2026-03-22T19:23:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/811883
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement by Nicotine from Umbra Community
Category: Defacement
Content: A redefacement attack was conducted by attacker Nicotine, affiliated with Umbra Community, targeting a websites homepage on March 23, 2026.
Date: 2026-03-22T19:23:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/811884
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement by Nicotine (Umbra Community)
Category: Defacement
Content: Home page defacement conducted by attacker Nicotine affiliated with Umbra Community team on March 23, 2026. This appears to be a redefacement of a previously compromised target.
Date: 2026-03-22T19:22:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/811885
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement by Nicotine (Umbra Community)
Category: Defacement
Content: Umbra Community member Nicotine conducted a redefacement attack on March 23, 2026. This was a targeted home page defacement rather than a mass defacement campaign.
Date: 2026-03-22T19:22:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/811886
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement by Nicotine (Umbra Community)
Category: Defacement
Content: Umbra Community member Nicotine conducted a redefacement attack on an unknown target website on March 23, 2026. This appears to be a targeted single-site defacement rather than a mass attack.
Date: 2026-03-22T19:21:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/811888
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement by Nicotine (Umbra Community)
Category: Defacement
Content: Home page defacement conducted by threat actor Nicotine affiliated with the Umbra Community team on March 23, 2026. The incident involved a single-target attack rather than mass defacement.
Date: 2026-03-22T19:17:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/811768
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement by Nicotine from Umbra Community
Category: Defacement
Content: Nicotine, affiliated with Umbra Community, conducted a home page defacement on March 23, 2026. The attack targeted a single website rather than multiple sites in a mass defacement campaign.
Date: 2026-03-22T19:17:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/811769
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement by Nicotine (Umbra Community)
Category: Defacement
Content: Home page defacement carried out by attacker Nicotine affiliated with Umbra Community team on March 23, 2026. This was identified as a redefacement incident targeting a single website.
Date: 2026-03-22T19:16:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/811770
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement by Nicotine (Umbra Community)
Category: Defacement
Content: Website defacement conducted by attacker Nicotine affiliated with Umbra Community team on March 23, 2026. This appears to be a redefacement of a previously compromised site.
Date: 2026-03-22T19:16:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/811771
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement by Nicotine (Umbra Community)
Category: Defacement
Content: Home page defacement conducted by attacker Nicotine affiliated with Umbra Community team on March 23, 2026. This was a single-target attack rather than a mass defacement campaign.
Date: 2026-03-22T19:15:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/811772
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement by Nicotine (Umbra Community)
Category: Defacement
Content: Nicotine, associated with Umbra Community, conducted a redefacement attack on an unspecified target website on March 23, 2026. This appears to be a targeted single-site defacement rather than a mass attack campaign.
Date: 2026-03-22T19:14:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/811773
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement by Nicotine of Umbra Community
Category: Defacement
Content: Nicotine from Umbra Community conducted a website defacement on March 23, 2026. This appears to be a redefacement of a previously compromised site targeting the homepage.
Date: 2026-03-22T19:14:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/811774
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement by Nicotine from Umbra Community
Category: Defacement
Content: Home page defacement carried out by attacker Nicotine affiliated with Umbra Community on March 23, 2026. This incident represents a redefacement of a previously compromised target.
Date: 2026-03-22T19:13:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/811775
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community team conducted a single website defacement on March 23, 2026. This was a targeted home page defacement rather than a mass attack.
Date: 2026-03-22T19:13:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/811776
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from Umbra Community conducted a home page defacement on March 23, 2026. This was an isolated attack targeting a single website rather than a mass defacement campaign.
Date: 2026-03-22T19:12:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/811777
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement by Nicotine (Umbra Community)
Category: Defacement
Content: Home page defacement conducted by attacker Nicotine affiliated with Umbra Community team on March 23, 2026. This was a single-target attack rather than a mass defacement campaign.
Date: 2026-03-22T19:12:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/811778
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement by Nicotine from Umbra Community
Category: Defacement
Content: A website defacement was conducted by the attacker Nicotine affiliated with Umbra Community on March 23, 2026. This was identified as a home page defacement affecting a single target.
Date: 2026-03-22T19:11:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/811779
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor shared a combolist containing 1.4K Hotmail email credentials through a Telegram channel and file sharing service, claiming to provide fresh email databases daily.
Date: 2026-03-22T19:03:20Z
Network: openweb
Published URL: https://crackingx.com/threads/69500/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged leak of Hotmail credentials on cybercriminal forum
Category: Combo List
Content: A cybercriminal forum user claims to have leaked 41,000 Hotmail credentials described as valid forum accounts. The post appears to offer free access to the credential list rather than selling it.
Date: 2026-03-22T19:02:41Z
Network: openweb
Published URL: https://crackingx.com/threads/69501/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Handala Hack Signals Escalation Over Critical Infrastructure Targeting
Category: Alert
Content: The group has issued an escalation warning stating that any targeting of national power or electricity infrastructure will trigger a disproportionate retaliatory response, claiming that detailed intelligence on adversary infrastructure including precise coordinates and operational data is already compiled for rapid action; the messaging reflects a shift toward deterrence through threat amplification, positioning energy assets as a high-risk trigger point where even limited aggression could result in large-scale disruption across critical infrastructure domains.
Date: 2026-03-22T18:49:58Z
Network: openweb
Published URL: https://handala-team.to/the-slightest-aggression-enemy-infrastructure-reduced-to-ashes/
Screenshots:
None
Threat Actors: Handala Hack
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of email credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 65,000 email credentials described as high quality mail access combinations. The credentials were made available for free download through a paste service.
Date: 2026-03-22T18:43:19Z
Network: openweb
Published URL: https://crackingx.com/threads/69499/
Screenshots:
None
Threat Actors: Cir4d
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of crypto-banking combolist containing 1.96 million credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,961,076 credentials allegedly targeting crypto-banking services. The credential list was made available for free download via a file hosting service.
Date: 2026-03-22T18:33:38Z
Network: openweb
Published URL: https://crackingx.com/threads/69497/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of email credentials combolist
Category: Combo List
Content: Threat actor TeraCloud1 shared a combolist containing 45,000 valid email credentials on a cybercriminal forum. The actor also advertises additional services through a private Telegram cloud.
Date: 2026-03-22T18:32:50Z
Network: openweb
Published URL: https://crackingx.com/threads/69498/
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of 8kun
Category: Data Breach
Content: A threat actor claims to have leaked data from 8kun (formerly 8chan).
Date: 2026-03-22T18:27:30Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-8chan-now-8kun-top
Screenshots:
None
Threat Actors: fanfan
Victim Country: USA
Victim Industry: Social Media & Online Social Networking
Victim Organization: 8kun
Victim Site: 8kun.top - Alleged leak of German mixed credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 718,074 credential pairs allegedly from German sources through a file hosting service. The combolist is described as mixed, indicating credentials from various sources or platforms.
Date: 2026-03-22T18:23:26Z
Network: openweb
Published URL: https://crackingx.com/threads/69493/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of mixed email credentials
Category: Combo List
Content: A threat actor leaked a collection of 30,000 valid email credentials from mixed sources dated March 22nd. The credentials are being distributed through a cybercriminal forum.
Date: 2026-03-22T18:22:30Z
Network: openweb
Published URL: https://crackingx.com/threads/69494/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of multi-platform credential combolists
Category: Combo List
Content: A threat actor is distributing credential combolists containing 13 million records allegedly from PlayStation Network, LinkedIn, TikTok, and forum platforms through Telegram channels.
Date: 2026-03-22T18:21:38Z
Network: openweb
Published URL: https://crackingx.com/threads/69495/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple platforms
Victim Site: Unknown - Alleged data leak of Pinbuz
Category: Data Leak
Content: The group claims to have leaked data from Pinbuz.
Date: 2026-03-22T18:21:11Z
Network: telegram
Published URL: https://t.me/c/3731684343/3801
Screenshots:
None
Threat Actors: Escanors Files
Victim Country: USA
Victim Industry: Information Services
Victim Organization: pinbuz
Victim Site: pinbuz.com - Alleged data breach of 7k7k
Category: Data Breach
Content: A threat actor claims to have leaked data related to 7k7k, a China-based online gaming website. the leaked data approximately 9.1 million users and includes a dataset containing usernames, email addresses, and plaintext passwords.
Date: 2026-03-22T18:07:16Z
Network: openweb
Published URL: https://darkforums.su/Thread-7k7k-com-leak
Screenshots:
None
Threat Actors: fanfan
Victim Country: China
Victim Industry: Gaming
Victim Organization: 7k7k
Victim Site: 7k7k.com - Alleged data sale of Deutsche Kreditbank AG
Category: Data Breach
Content: A threat actor claims to have obtained data from Deutsche Kreditbank AG. The exposed data is allegedly being offered for sale and is said to include accounts registered under German identities.
Date: 2026-03-22T18:02:04Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/278923/
Screenshots:
None
Threat Actors: Capita
Victim Country: Germany
Victim Industry: Financial Services
Victim Organization: deutsche kreditbank ag
Victim Site: dkb.de - Alleged data sale of 1822direkt
Category: Data Breach
Content: A threat actor claims to have obtained data from 1822direkt. The exposed data is allegedly being offered for sale and is said to include accounts registered under German identities.
Date: 2026-03-22T17:52:23Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/278923/
Screenshots:
None
Threat Actors: Capita
Victim Country: Germany
Victim Industry: Financial Services
Victim Organization: 1822direkt
Victim Site: 1822direkt.de - Alleged leak of Japan and Taiwan credential data
Category: Combo List
Content: Threat actor shared download links for credential data allegedly containing 151,000 records from Japan and Taiwan users on an underground forum.
Date: 2026-03-22T17:44:52Z
Network: openweb
Published URL: https://crackingx.com/threads/69491/
Screenshots:
None
Threat Actors: Immanuel_Kant
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of US email credentials combolist
Category: Combo List
Content: A threat actor leaked a combolist containing 104,000 US email and password credentials on a cybercriminal forum. The credentials are being distributed for free to registered forum users.
Date: 2026-03-22T17:44:09Z
Network: openweb
Published URL: https://crackingx.com/threads/69492/
Screenshots:
None
Threat Actors: Immanuel_Kant
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of 1.3TB credential combolist
Category: Combo List
Content: A threat actor shared a 1.3TB collection of URL:LOG:PASS format credentials described as UHQ (ultra high quality) on a cybercriminal forum. The combolist is being distributed as a free download.
Date: 2026-03-22T17:34:49Z
Network: openweb
Published URL: https://crackingx.com/threads/69490/
Screenshots:
None
Threat Actors: TheBash1996
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of USA tax database
Category: Data Leak
Content: A threat actor claims to be selling a USA tax-related database containing over 300,000 users. The dataset reportedly includes sensitive personal and financial information, such as names, addresses, phone numbers, emails, SSNs, bank account details, routing numbers, and tax forms including W-2s. The data is said to span 2022–2025 and includes information linked to multiple financial institutions.
Date: 2026-03-22T17:31:23Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/278924/
Screenshots:
None
Threat Actors: Pozetiv44ik
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Nullsec Philippines targets the subdomains of Bangladesh Navy
Category: Defacement
Content: The group claims to defaced the subdomains of Bangladesh Navy
Date: 2026-03-22T17:28:39Z
Network: telegram
Published URL: https://t.me/nullsechackers/867
Screenshots:
None
Threat Actors: Nullsec Philippines
Victim Country: Bangladesh
Victim Industry: Government Administration
Victim Organization: bangladesh navy
Victim Site: navy.mil.bd - Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 3,608 mixed email credentials including Hotmail accounts for free download on a cybercriminal forum.
Date: 2026-03-22T17:24:59Z
Network: openweb
Published URL: https://crackingx.com/threads/69488/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Canadian credential combolist
Category: Combo List
Content: Threat actor CODER is distributing an 11 million record Canadian credential combolist for free through Telegram channels. The actor provides both the combolist and associated cracking programs through separate Telegram groups.
Date: 2026-03-22T17:24:11Z
Network: openweb
Published URL: https://crackingx.com/threads/69489/
Screenshots:
None
Threat Actors: CODER
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of facebook brute checker
Category: Malware
Content: The threat actor claims to be selling a Facebook Brute Checker tool , designed to automate brute-force attacks on Facebook accounts. The tool reportedly includes features such as advanced cracking algorithms, proxy support for anonymity, customizable thread and timeout settings, real-time logging, and support for bulk username and password lists, enabling efficient and large-scale credential cracking attempts.
Date: 2026-03-22T17:14:14Z
Network: openweb
Published URL: https://demonforums.net/Thread-Facebook-Brute-Checker-by-ilya2012
Screenshots:
None
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Breach of Axcera
Category: Data Breach
Content: The group claims to have accessed the data of Axcera.
Date: 2026-03-22T16:56:57Z
Network: telegram
Published URL: https://t.me/lapsus_groupo/13
Screenshots:
None
Threat Actors: LAPSUS
Victim Country: UAE
Victim Industry: Information Technology (IT) Services
Victim Organization: axcera
Victim Site: axcera.io - Alleged data breach of Trio-Tech International
Category: Data Breach
Content: A threat actor claims to be selling a large dataset allegedly obtained from Trio-Tech, a semiconductor-related company.
Date: 2026-03-22T16:55:24Z
Network: openweb
Published URL: https://darkforums.su/Thread-triotech-com-506GB
Screenshots:
None
Threat Actors: Gunra
Victim Country: USA
Victim Industry: Electrical & Electronic Manufacturing
Victim Organization: trio-tech international
Victim Site: triotech.com - Alleged data breach of Iraqi Ministry of Commerce
Category: Data Breach
Content: A threat actor claims to have leaked the data from Iraqi Ministry of Commerce. the compromised database contains approximately 43 million records. The exposed data reportedly includes full names, family counts, names of family members, residential location details, employment status, birth dates, and additional structured records extracted from internal systems.
Date: 2026-03-22T16:44:36Z
Network: openweb
Published URL: https://darkforums.su/Thread-The-Iraqi-Ministry-of-Commerce-was-hacked
Screenshots:
None
Threat Actors: ShadaKurdistani
Victim Country: Iraq
Victim Industry: Government & Public Sector
Victim Organization: iraqi ministry of commerce
Victim Site: moc.gov.iq - Alleged leak of Hotmail credential lists
Category: Combo List
Content: A threat actor is distributing a collection of 2,007 alleged valid Hotmail email and password combinations through a free download link.
Date: 2026-03-22T16:35:40Z
Network: openweb
Published URL: https://crackingx.com/threads/69485/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged sale of unauthorized access to an unidentified shop in France
Category: Initial Access
Content: The threat actor claims to be selling unauthorized access to an unidentified WordPress shop in France.
Date: 2026-03-22T16:32:21Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/278920/
Screenshots:
None
Threat Actors: ed1n1ca
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor allegedly leaked 1,050 fresh high-quality Hotmail credentials on a cybercriminal forum as a free download.
Date: 2026-03-22T16:25:31Z
Network: openweb
Published URL: https://crackingx.com/threads/69482/
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged leak of mixed email credentials
Category: Combo List
Content: A threat actor shared a free download link to a combolist containing 6,010 mixed email credentials on a cybercriminal forum.
Date: 2026-03-22T16:24:51Z
Network: openweb
Published URL: https://crackingx.com/threads/69483/
Screenshots:
None
Threat Actors: NotSellerxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of unauthorized access to an unidentified shop in Oman
Category: Initial Access
Content: The threat actor claims to be selling unauthorized access to an unidentified WordPress shop in Oman.
Date: 2026-03-22T16:24:48Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/278919/
Screenshots:
None
Threat Actors: ed1n1ca
Victim Country: Oman
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged distribution of gaming and antivirus credential combolists
Category: Combo List
Content: Threat actor distributes credential combolists containing 13 million entries targeting gaming shops, antivirus services, and SMTP services through Telegram channels. The actor offers free access to these credential lists and associated programs through multiple Telegram groups.
Date: 2026-03-22T16:15:27Z
Network: openweb
Published URL: https://crackingx.com/threads/69481/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Gaming and Technology
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Gmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 316,603 unique Gmail email and password combinations on a cybercrime forum.
Date: 2026-03-22T16:06:02Z
Network: openweb
Published URL: https://crackingx.com/threads/69477/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com - Alleged leak of educational domain credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 126,291 credential pairs specifically targeting educational domain users. The data was made available as a free download via file sharing platform.
Date: 2026-03-22T16:05:25Z
Network: openweb
Published URL: https://crackingx.com/threads/69478/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of mixed domain credential list
Category: Combo List
Content: A credential list containing 103,322 lines targeting mixed domains has been made available for free download on a cybercriminal forum.
Date: 2026-03-22T16:04:47Z
Network: openweb
Published URL: https://crackingx.com/threads/69479/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of US consumer marketing database
Category: Data Breach
Content: Threat actor claims to be selling 70 million US consumer marketing records containing demographic details, financial profiles, and personal information for $25,000. The data allegedly includes names, addresses, income ranges, credit scores, and contact information.
Date: 2026-03-22T16:04:04Z
Network: openweb
Published URL: https://crackingx.com/threads/69480/
Screenshots:
None
Threat Actors: Retrogade
Victim Country: United States
Victim Industry: Marketing
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of unauthorized access to an unidentified shop in Ecuador
Category: Initial Access
Content: The threat actor claims to be selling unauthorized access to an unidentified WordPress shop in Ecuador.
Date: 2026-03-22T15:42:26Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/278916/
Screenshots:
None
Threat Actors: ed1n1ca
Victim Country: Ecuador
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: Actor noir allegedly shared a collection of valid Hotmail credentials on CrackingX forum, promoting the data as high-quality and private cloud sourced. Access details provided via Telegram contact.
Date: 2026-03-22T15:36:17Z
Network: openweb
Published URL: https://crackingx.com/threads/69475/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged sale of unauthorized admin access to an unidentified website in the Dominican Republic
Category: Initial Access
Content: The threat actor claims to be selling unauthorized WordPress admin panel access to an unidentified website in the Dominican Republic.
Date: 2026-03-22T15:31:53Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/278917/
Screenshots:
None
Threat Actors: manofworld
Victim Country: Dominican Republic
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor shared a combolist containing 2,100 Hotmail email and password combinations described as fresh UQH on an underground forum.
Date: 2026-03-22T14:41:03Z
Network: openweb
Published URL: https://crackingx.com/threads/69473/
Screenshots:
None
Threat Actors: Lexser
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged sale of Spain database
Category: Initial Access
Content: The threat actor is seeking to purchase business lead databases related to Spain. They specify that the data should include company leads filtered by banking information and contain details such as DNI, full name, phone number, and IBAN, with additional personal information preferred.
Date: 2026-03-22T14:37:38Z
Network: openweb
Published URL: https://forum.exploit.in/topic/278910/
Screenshots:
None
Threat Actors: kingpin000
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged access to an unidentified CCTV camera in Poland
Category: Initial Access
Content: Group claims to have unauthorized access to CCTV cameras in Poland.
Date: 2026-03-22T14:32:33Z
Network: telegram
Published URL: https://t.me/c/3792806777/29
Screenshots:
None
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a sample containing 995 Hotmail credentials on a cybercrime forum. The post offers free download access to the credential list.
Date: 2026-03-22T14:21:10Z
Network: openweb
Published URL: https://crackingx.com/threads/69471/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged sale of fraudulent identity documents
Category: Data Breach
Content: Threat actor Target777 advertising the sale of physical identity documents and scans including driver licenses and passport cards on underground forum.
Date: 2026-03-22T14:20:31Z
Network: openweb
Published URL: https://crackingx.com/threads/69472/
Screenshots:
None
Threat Actors: Target777
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of iitjobs, Inc.
Category: Data Breach
Content: Group claims to have leaked a database from iitjobs, Inc.The compromised data reportedly includes ID, candidate ID, IP address, city, phone number, state, Facebook URL, gender, address, country, account creation and update details, ZIP code, address fields, job type, Instagram URL, resume data, Twitter URL, LinkedIn URL, description, join community information, and primary skills.
Date: 2026-03-22T14:13:14Z
Network: telegram
Published URL: https://t.me/c/3816027580/3588
Screenshots:
None
Threat Actors: Whale Market
Victim Country: Bangladesh
Victim Industry: Information Technology (IT) Services
Victim Organization: iitjobs, inc.
Victim Site: iitjobs.com - Alleged data breach of Geophysical Service of the Russian Academy of Sciences
Category: Data Breach
Content: The group claims to have breached data from Geophysical Service of the Russian Academy of Sciences.
Date: 2026-03-22T14:05:05Z
Network: telegram
Published URL: https://t.me/c/3816027580/3557
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Russia
Victim Industry: Research Industry
Victim Organization: geophysical service of the russian academy of sciences
Victim Site: gsras.ru - Alleged data leak from Arc Cardinal
Category: Data Breach
Content: Group claims to have leaked a database from Arc Cardinal. The compromised data includes ID, Purchase Point, Purchase Date, Ship-to Name, Grand Total (Base), Grand Total (Purchased), Status, Billing Address, Shipping Address, Shipping Information, Customer Email, Customer Group, Subtotal, and Shipping and Handling.
Date: 2026-03-22T14:02:20Z
Network: telegram
Published URL: https://t.me/c/3816027580/3556
Screenshots:
None
Threat Actors: Whale Market
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: arccardinal
Victim Site: arccardinal.com - Alleged Sale of Microsoft Office Cookie Scam Tool
Category: Alert
Content: The threat actor claims to be selling a tool designed to harvest Microsoft Office session cookies, including accounts protected with 2FA, and support related hosting and evasion features.
Date: 2026-03-22T14:02:16Z
Network: openweb
Published URL: https://forum.exploit.in/topic/278907/
Screenshots:
None
Threat Actors: Ferociouz_Reborn
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of VM STYLE
Category: Data Breach
Content: Group claims to have leaked 10K database from VM STYLE. The compromised data set contains id, name, phone number, email, date of birth etc.
Date: 2026-03-22T13:59:14Z
Network: telegram
Published URL: https://t.me/c/3816027580/3587
Screenshots:
None
Threat Actors: Whale Market
Victim Country: Vietnam
Victim Industry: E-commerce & Online Stores
Victim Organization: vm style
Victim Site: vmstyle.vn - Alleged leak of Azadi Jobs database
Category: Data Leak
Content: The group claims to have leaked data from Azadi Jobs, compromised data includes individual CVs.
Date: 2026-03-22T13:57:36Z
Network: telegram
Published URL: https://t.me/c/3816027580/3570
Screenshots:
None
Threat Actors: Scattered LAPSUS$ Hunters
Victim Country: Bangladesh
Victim Industry: Staffing/Recruiting
Victim Organization: azadi jobs
Victim Site: azadijobs.com - Alleged leak of crypto-banking credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing approximately 1.5 million credentials allegedly targeting crypto-banking services. The data is being distributed via a file hosting service.
Date: 2026-03-22T13:51:21Z
Network: openweb
Published URL: https://crackingx.com/threads/69469/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Hotmail credential combolist targeting gaming and shopping platforms
Category: Combo List
Content: A threat actor has made available a credential combolist containing 636,598 lines of Hotmail accounts specifically targeting gaming and shopping platforms. The data is being distributed through a file sharing service.
Date: 2026-03-22T13:50:44Z
Network: openweb
Published URL: https://crackingx.com/threads/69470/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged sale of payment card dumps with PINs from multiple countries
Category: Combo List
Content: Threat actor cozyduke1 is selling payment card dumps with PINs and track data from multiple countries including US, UK, Canada, Australia, and EU, with prices ranging from $70-90 per card. The post includes sample track data from various banks including Barclays, Natixis, and Commonwealth Bank.
Date: 2026-03-22T12:52:52Z
Network: openweb
Published URL: https://crackingx.com/threads/69467/
Screenshots:
None
Threat Actors: cozyduke1
Victim Country: Multiple
Victim Industry: Financial Services
Victim Organization: Multiple Banks
Victim Site: Unknown - Alleged breach of Tirta Jaya Mandiri Regional Water Company
Category: Data Breach
Content: The threat actor claims to have compromised systems belonging to Tirta Jaya Mandiri Regional Water Company. The actor alleges unauthorized access to internal infrastructure and sensitive operational data affecting regional water management services.
Date: 2026-03-22T12:49:21Z
Network: telegram
Published URL: https://t.me/teamRcs/167
Screenshots:
None
Threat Actors: RASHTRIYA CYBER SENA
Victim Country: Indonesia
Victim Industry: Energy & Utilities
Victim Organization: tirta jaya mandiri regional water company
Victim Site: Unknown - Alleged data leak of BANASTHALI PUBLIC SCHOOL
Category: Data Breach
Content: Group claims to have leaked database from Banasthali Public School.
Date: 2026-03-22T12:34:03Z
Network: telegram
Published URL: https://t.me/Shadow_Cyber_Indonesia/10
Screenshots:
None
Threat Actors: Shadow Cyber Indonesia
Victim Country: India
Victim Industry: Education
Victim Organization: banasthali public school
Victim Site: banasthalipublicschool.com - Alleged access to unidentified surveillance system
Category: Initial Access
Content: The group claims to have accessed 700 unidentified surveillance system in unidentified country.
Date: 2026-03-22T11:59:38Z
Network: telegram
Published URL: https://t.me/c/2689820789/1035
Screenshots:
None
Threat Actors: palachpro
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - RASHTRIYA CYBER SENA targets the website of MeekaGo
Category: Defacement
Content: The group claims to have defaced the website of MeekaGo.Mirror Link :https://ownzyou.com/zone/283980Mirror Link: https://ownzyou.com/zone/283981Mirror Link: https://ownzyou.com/zone/283982
Date: 2026-03-22T11:59:05Z
Network: telegram
Published URL: https://t.me/teamRcs/166
Screenshots:
None
Threat Actors: RASHTRIYA CYBER SENA
Victim Country: Bangladesh
Victim Industry: E-commerce & Online Stores
Victim Organization: meekago
Victim Site: meekago.com - Alleged sale of WP admin access to an unidentified shop
Category: Initial Access
Content: Threat actor claims to be selling unauthorized WordPress admin access to an unidentified shop.
Date: 2026-03-22T11:48:18Z
Network: openweb
Published URL: https://forum.exploit.in/topic/278903/
Screenshots:
None
Threat Actors: Zimmer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: A threat actor named ValidMail allegedly shared a combolist containing 41,000 Hotmail credentials on the CrackingX forum. The post indicates these are valid credentials sourced from forums.
Date: 2026-03-22T11:47:59Z
Network: openweb
Published URL: https://crackingx.com/threads/69464/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged Sale of Unauthorized Admin and Shell Access to EU Online Shop
Category: Initial Access
Content: The threat actor claims to be selling unauthorized admin and shell access to an unidentified EU-based online shop.
Date: 2026-03-22T11:44:02Z
Network: openweb
Published URL: https://forum.exploit.in/topic/278904/
Screenshots:
None
Threat Actors: Zimmer
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Gmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 27,857 Gmail email and password combinations through a file sharing service. The credentials are being distributed for free on a cybercrime forum.
Date: 2026-03-22T11:31:42Z
Network: openweb
Published URL: https://crackingx.com/threads/69462/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com - Alleged leak of Hotmail credentials targeting cryptocurrency users
Category: Combo List
Content: A threat actor shared a combolist containing approximately 1.3 million Hotmail credentials specifically targeting cryptocurrency users. The credentials are being distributed for free via a file sharing platform.
Date: 2026-03-22T11:31:22Z
Network: openweb
Published URL: https://crackingx.com/threads/69463/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - BABAYO EROR SYSTEM targets the website of Judiciary of Bangladesh
Category: Defacement
Content: The group claims to have defaced the website of Judiciary of Bangladesh.
Date: 2026-03-22T11:08:55Z
Network: telegram
Published URL: https://t.me/BabayoErorSyteam/318
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Bangladesh
Victim Industry: Government Administration
Victim Organization: judiciary of bangladesh
Victim Site: judiciary.gov.bd - Alleged distribution of email credential combolists via PandaCloud service
Category: Combo List
Content: Threat actor advertising a free service called PandaCloud that provides fresh email credential databases with daily updates. The service is promoted via Telegram channel and claims to offer only the latest and most relevant credential data.
Date: 2026-03-22T11:07:13Z
Network: openweb
Published URL: https://crackingx.com/threads/69460/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Dark Storm Team claims to target multiple countries
Category: Alert
Content: A recent post by the group indicates that they are targeting multiple countries in Europe and Asia.
Date: 2026-03-22T10:56:29Z
Network: telegram
Published URL: https://t.me/Dark_StormTeam/135
Screenshots:
None
Threat Actors: Dark Storm Team
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of unidentified Israel-based media outlet
Category: Data Leak
Content: The threat actor claims to have compromised the mobile device of a journalist associated with an Israel-based international media outlet. According to the actor, the intrusion allegedly provided access to sensitive information linked to the outlet’s Instagram account, including direct messages, private correspondence, and data related to individuals who interacted with posts. They further assert that identity details and phone numbers of users who liked or commented on the outlet’s content were extracted.
Date: 2026-03-22T10:56:04Z
Network: telegram
Published URL: https://t.me/Separekorosh/12
Screenshots:
None
Threat Actors: Separekorosh
Victim Country: Israel
Victim Industry: Newspapers & Journalism
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Gmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 313,780 unique Gmail email and password combinations on a cybercrime forum.
Date: 2026-03-22T10:50:35Z
Network: openweb
Published URL: https://crackingx.com/threads/69457/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com - Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 8,200 mixed email credentials with access information on an underground forum.
Date: 2026-03-22T10:50:16Z
Network: openweb
Published URL: https://crackingx.com/threads/69458/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor Cl0ud0wner allegedly shared Hotmail credentials on a cybercriminal forum. The post indicates access to Hotmail accounts but provides minimal details about the scope or nature of the compromised credentials.
Date: 2026-03-22T10:49:57Z
Network: openweb
Published URL: https://crackingx.com/threads/69459/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor Cl0ud0wner allegedly leaked 1,500 Hotmail email credentials on CrackingX forum. The credentials appear to be distributed as part of a private cloud collection.
Date: 2026-03-22T10:42:27Z
Network: openweb
Published URL: https://crackingx.com/threads/69456/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged leak of Hotmail credentials
Category: Combo List
Content: Actor snowstormxd shared what appears to be valid Hotmail credentials through free download links on a cracking forum. The credentials are distributed via a paste site and Telegram channel at no cost.
Date: 2026-03-22T10:16:12Z
Network: openweb
Published URL: https://crackingx.com/threads/69454/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged data breach of unidentified Iranian nuclear infrastructure
Category: Data Leak
Content: The actor claims to have exfiltrated approximately 1 TB of data from an unidentified Iranian nuclear infrastructure.
Date: 2026-03-22T10:08:56Z
Network: telegram
Published URL: https://t.me/c/2156569801/2999
Screenshots:
None
Threat Actors: The Red Eagle
Victim Country: Iran
Victim Industry: Energy & Utilities
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Meituan
Category: Data Breach
Content: The threat actor claims to be leaked data from Meituan. The compromised data reportedly contains 752,000 records including user profiles, including full names, email addresses, phone numbers, addresses, account details, subscription status, booking history, transaction records, and merchant-related information.
Date: 2026-03-22T10:07:25Z
Network: openweb
Published URL: https://darkforums.su/Thread-752k-China-https-www-meituan-com-User-profiles-with-emails-subscription-status
Screenshots:
None
Threat Actors: EpicNigger
Victim Country: China
Victim Industry: E-commerce & Online Stores
Victim Organization: meituan
Victim Site: meituan.com - Alleged data leak of Verbum Networks Ltd
Category: Data Breach
Content: Group claims to have leaked database from Verbum Networks Ltd.
Date: 2026-03-22T09:55:26Z
Network: telegram
Published URL: https://t.me/c/3807888281/193
Screenshots:
None
Threat Actors: KONCO ERROR SYSTEM
Victim Country: Nigeria
Victim Industry: Information Technology (IT) Services
Victim Organization: verbum networks ltd
Victim Site: verbumnetworks.net - Alleged leak of German domain credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 769,574 credential entries allegedly targeting German domains through a free download link on a cybercrime forum.
Date: 2026-03-22T09:26:05Z
Network: openweb
Published URL: https://crackingx.com/threads/69451/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Argentina credential combolist
Category: Combo List
Content: Threat actor distributing a combolist containing 31 million credentials allegedly from Argentina through Telegram channels. The actor is offering free access to the credential list and related programs through multiple Telegram groups.
Date: 2026-03-22T09:25:46Z
Network: openweb
Published URL: https://crackingx.com/threads/69452/
Screenshots:
None
Threat Actors: CODER
Victim Country: Argentina
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of T-Online credentials
Category: Combo List
Content: A threat actor shared a combolist containing 10,088 credentials targeting T-Online users via a file sharing service.
Date: 2026-03-22T09:16:33Z
Network: openweb
Published URL: https://crackingx.com/threads/69450/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Germany
Victim Industry: Telecommunications
Victim Organization: T-Online
Victim Site: t-online.de - Alleged data breach of John XXIII School
Category: Data Breach
Content: A group claims to have leaked data from John XXIII School. The compromised data includes student IDs, full names, addresses, email addresses, passwords, gender, and usernames.
Date: 2026-03-22T09:15:41Z
Network: telegram
Published URL: https://t.me/Shadow_Cyber_Indonesia/8
Screenshots:
None
Threat Actors: Shadow Cyber Indonesia
Victim Country: India
Victim Industry: Education
Victim Organization: john xxiii school
Victim Site: johnxxiii.co.in - Alleged data leak of Sukabumi Regency Population and Civil Registration Office
Category: Data Breach
Content: Group claims to have leaked the website of Sukabumi Regency Population and Civil Registration Office.
Date: 2026-03-22T09:08:47Z
Network: telegram
Published URL: https://t.me/c/3895337347/37
Screenshots:
None
Threat Actors: SNR INTEL
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: sukabumi regency population and civil registration office
Victim Site: disdukcapil.sukabumikab.go.id - Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a sample of 850 Hotmail credentials on a cybercriminal forum. The credentials appear to be distributed as a free download sample.
Date: 2026-03-22T08:46:56Z
Network: openweb
Published URL: https://crackingx.com/threads/69448/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,151 allegedly valid Hotmail email and password combinations for free download.
Date: 2026-03-22T08:46:35Z
Network: openweb
Published URL: https://crackingx.com/threads/69449/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Mass defacement campaign by Idiot Crew member maw3six targeting ninja388.biz
Category: Defacement
Content: Mass defacement attack conducted by attacker maw3six from the Idiot Crew team targeting ninja388.biz on March 22, 2026. The attack was part of a broader mass defacement campaign rather than a targeted single-site attack.
Date: 2026-03-22T08:34:01Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248062
Screenshots:
None
Threat Actors: maw3six, Idiot Crew
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ninja388.biz - Website defacement of ninja388.club by maw3six (Idiot Crew)
Category: Defacement
Content: Website defacement attack conducted by attacker maw3six affiliated with Idiot Crew against ninja388.club on March 22, 2026. The attack targeted a Linux-based server and was archived as a single defacement incident.
Date: 2026-03-22T08:32:19Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248063
Screenshots:
None
Threat Actors: maw3six, Idiot Crew
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ninja388.club - Mass defacement campaign by Idiot Crew member maw3six targeting ninja388.online
Category: Defacement
Content: Mass defacement attack conducted by maw3six from the Idiot Crew group targeting ninja388.online on March 22, 2026. The attack was part of a broader mass defacement campaign rather than targeting a specific organization.
Date: 2026-03-22T08:30:24Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248064
Screenshots:
None
Threat Actors: maw3six, Idiot Crew
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ninja388.online - Mass defacement campaign by Idiot Crew member maw3six targeting ninja388.store
Category: Defacement
Content: A mass defacement attack was conducted by maw3six from the Idiot Crew group targeting ninja388.store on March 22, 2026. The incident involved defacing multiple pages rather than just the homepage, indicating a broader compromise of the target website.
Date: 2026-03-22T08:29:53Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248065
Screenshots:
None
Threat Actors: maw3six, Idiot Crew
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ninja388.store - Mass website defacement campaign by maw3six (Idiot Crew) targeting ninja388.vip
Category: Defacement
Content: Mass defacement attack conducted by threat actor maw3six affiliated with Idiot Crew group targeting ninja388.vip domain. The incident was part of a broader mass defacement campaign rather than a targeted single-site attack.
Date: 2026-03-22T08:29:09Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248066
Screenshots:
None
Threat Actors: maw3six, Idiot Crew
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ninja388.vip - Mass defacement campaign by Idiot Crew targeting ninja388slot.net
Category: Defacement
Content: The Idiot Crew threat group conducted a mass defacement campaign targeting the ninja388slot.net gambling website on March 22, 2026. The attack was executed by threat actor maw3six against a Linux-based server hosting the gambling platform.
Date: 2026-03-22T08:27:27Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248067
Screenshots:
None
Threat Actors: maw3six, Idiot Crew
Victim Country: Unknown
Victim Industry: Gaming/Gambling
Victim Organization: Unknown
Victim Site: ninja388slot.net - Mass website defacement by Idiot Crew targeting playsandboxkids.com
Category: Defacement
Content: The hacker group Idiot Crew, specifically member maw3six, conducted a mass defacement campaign targeting multiple websites including playsandboxkids.com. The attack occurred on March 22, 2026 and affected a childrens entertainment/playground website hosted on a Linux server.
Date: 2026-03-22T08:25:09Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248068
Screenshots:
None
Threat Actors: maw3six, Idiot Crew
Victim Country: Unknown
Victim Industry: Entertainment/Recreation
Victim Organization: Play Sandbox Kids
Victim Site: playsandboxkids.com - Alleged data leak of Sukabumi Regency Population and Civil Registration Office
Category: Data Breach
Content: Group claims to have leaked website of Sukabumi Regency Population and Civil Registration Office.
Date: 2026-03-22T08:16:06Z
Network: telegram
Published URL: https://t.me/c/3895337347/37
Screenshots:
None
Threat Actors: SNR INTEL
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: sukabumi regency population and civil registration office
Victim Site: disdukcapil.sukabumikab.go.id - Alleged leak of Japanese email credentials
Category: Combo List
Content: A threat actor shared a collection of 3,000 allegedly valid Japanese email credentials from March 22nd via a file hosting service. The credentials are described as fresh and targeting Japanese users specifically.
Date: 2026-03-22T08:11:22Z
Network: openweb
Published URL: https://crackingx.com/threads/69446/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Russian email credentials
Category: Combo List
Content: A threat actor shared a collection of 2,600 Russian email credentials with full access, dated March 22nd. The credentials are distributed as a free download via a file sharing service.
Date: 2026-03-22T08:11:04Z
Network: openweb
Published URL: https://crackingx.com/threads/69447/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of credential combolist containing 24,000 records
Category: Combo List
Content: A threat actor allegedly made available a credential combolist containing 24,000 records on a cybercriminal forum specializing in compromised credentials and database dumps.
Date: 2026-03-22T07:59:39Z
Network: openweb
Published URL: https://crackingx.com/threads/69445/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Institute of Mechanics
Category: Data Breach
Content: The threat actor claims to be leaked data from institute of Mechanics (National Academy of Sciences of Ukraine). The compromised data reportedly includes personally identifiable information (PII), Phone numbers, Email addresses
Date: 2026-03-22T07:40:31Z
Network: openweb
Published URL: https://spear.cx/Thread-Free-INSTITUTE-of-MECHANICS-of-Ukraine-leaked-download
Screenshots:
None
Threat Actors: Panzerkampf88
Victim Country: Ukraine
Victim Industry: Research Industry
Victim Organization: institute of mechanics
Victim Site: nas.gov.ua - Alleged leak of Chinese email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 2,500 valid Chinese email credentials dated March 22nd on an underground forum.
Date: 2026-03-22T07:35:13Z
Network: openweb
Published URL: https://crackingx.com/threads/69443/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - The Red Eagle claims to target Iran
Category: Alert
Content: A recent post by the group indicates that they are targeting Iran.
Date: 2026-03-22T07:29:11Z
Network: telegram
Published URL: https://t.me/c/2156569801/2998
Screenshots:
None
Threat Actors: The Red Eagle
Victim Country: Iran
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Aigner Immobilien
Category: Data Breach
Content: The threat actor claims to be leaked data from Aigner Immobilien. The compromised data reportedly contain 200-300k customers records including customer records containing full names, email addresses, phone numbers, residential addresses, and property related information.
Date: 2026-03-22T07:28:13Z
Network: openweb
Published URL: https://spear.cx/Thread-DE-Aigner-Immobilien
Screenshots:
None
Threat Actors: vodka
Victim Country: Germany
Victim Industry: Real Estate
Victim Organization: aigner immobilien
Victim Site: aigner-immobilien.de - Alleged leak of French email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,200 French email credentials, claiming they are fresh and valid as of March 23rd.
Date: 2026-03-22T07:26:27Z
Network: openweb
Published URL: https://crackingx.com/threads/69442/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Yahoo gaming and shopping credentials
Category: Combo List
Content: A threat actor shared a combolist containing 863,591 credentials allegedly targeting Yahoo users with focus on gaming and shopping accounts. The data is being distributed for free via file sharing service.
Date: 2026-03-22T07:09:24Z
Network: openweb
Published URL: https://crackingx.com/threads/69441/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com - Alleged data breach of Prefeitura Municipal de Caieiras
Category: Data Breach
Content: The threat actor claims to be leaked data from Prefeitura Municipal de Caieiras. The compromased data reaportdely contains 363,519 records across 90 files, including Full name, social name, Mother’s and father’s names, Date of birth, CPF number (Brazilian national ID), CNS code (health system identifier), Email and phone number, Gender, nationality, Registration ID, Medical record numbers and more
Date: 2026-03-22T07:02:48Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Government-of-Brazil-Prefeitura-Municipal-de-Caieiras
Screenshots:
None
Threat Actors: Spirigatito
Victim Country: Brazil
Victim Industry: Government Administration
Victim Organization: prefeitura municipal de caieiras
Victim Site: caieiras.sp.gov.br - Alleged leak of mixed email credentials
Category: Combo List
Content: A threat actor shared a collection of 20,000 allegedly fresh and valid email credentials from mixed sources dated March 22nd. The credentials are made available to registered forum users.
Date: 2026-03-22T07:01:48Z
Network: openweb
Published URL: https://crackingx.com/threads/69438/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Microsoft credential leak combolist
Category: Combo List
Content: A combolist containing 1.3 million Microsoft domain credentials is being shared for free download on underground forums. The threat actor claims the credentials are high quality and domain-specific.
Date: 2026-03-22T07:01:29Z
Network: openweb
Published URL: https://crackingx.com/threads/69439/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: Unknown - Alleged leak of German email credentials
Category: Combo List
Content: A threat actor shared access to approximately 6,000 German email credentials with full mailbox access, dated March 22nd. The credentials appear to be distributed freely to registered forum users.
Date: 2026-03-22T07:01:09Z
Network: openweb
Published URL: https://crackingx.com/threads/69440/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged distribution of email credential combolists from multiple countries
Category: Combo List
Content: Threat actor distributes email credential combolists containing approximately 11 million entries from multiple countries including Germany, France, Russia, Japan, and United Kingdom through Telegram channels.
Date: 2026-03-22T06:51:15Z
Network: openweb
Published URL: https://crackingx.com/threads/69437/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Sale of ScrapMarket.in User Database
Category: Data Breach
Content: The threat actor claims to be selling a dataset allegedly associated with the ScrapMarket platform.
Date: 2026-03-22T06:29:37Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-scrapmarket-in-india-125-000
Screenshots:
None
Threat Actors: Sorb
Victim Country: India
Victim Industry: Other Industry
Victim Organization: scrapmarket
Victim Site: scrapmarket.in - Alleged Data leak of EditGPT.App
Category: Data Leak
Content: The threat actor claims to have leaked the database associated with EditGPT.App.
Date: 2026-03-22T06:28:00Z
Network: openweb
Published URL: http://spear.cx/Thread-Database-EditGPT-App-Database-Leaked-Download
Screenshots:
None
Threat Actors: punk
Victim Country: Unknown
Victim Industry: Information Technology (IT) Services
Victim Organization: editgpt
Victim Site: editgpt.app - Alleged leak of login access to SIPPELA KOTA BANDUNG
Category: Initial Access
Content: The group claims to have leak login credentials belonging to SIPPELA KOTA BANDUNG.
Date: 2026-03-22T06:17:56Z
Network: telegram
Published URL: https://t.me/tegalcyberteamch/281
Screenshots:
None
Threat Actors: TEGAL CYBER TEAM
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: sippela kota bandung
Victim Site: sippela.bandung.go.id - Alleged leak of United Kingdom credential combolist
Category: Combo List
Content: Threat actor CODER is distributing a 15 million record credential combolist allegedly containing United Kingdom user data through Telegram channels. The combolist is being shared for free through specified Telegram groups.
Date: 2026-03-22T06:04:13Z
Network: openweb
Published URL: https://crackingx.com/threads/69435/
Screenshots:
None
Threat Actors: CODER
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Sale of Biznis Database
Category: Data Breach
Content: The threat actor claims to be selling the database of Biznis, the dataset contains business user details and other valuable informations.
Date: 2026-03-22T06:04:08Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-biznis-in-india-759-000
Screenshots:
None
Threat Actors: Sorb
Victim Country: India
Victim Industry: Business and Economic Development
Victim Organization: biznis
Victim Site: biznis.in - Alleged Sale of Visko HR Database
Category: Data Breach
Content: The threat actor claims to be selling the database of Visko HR platform. The database contains candidate personal details and contact informations.
Date: 2026-03-22T06:02:23Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-viskohr-com-india-113-000
Screenshots:
None
Threat Actors: Sorb
Victim Country: India
Victim Industry: Human Resources
Victim Organization: visko hr private limited
Victim Site: viskohr.com - Alleged sale of Rave Watch Party database
Category: Data Breach
Content: The threat actor claims to be selling the database of Rave Inc.
Date: 2026-03-22T05:44:56Z
Network: openweb
Published URL: https://darkforums.su/Thread-RAVE-WATCH-PARTY–69900
Screenshots:
None
Threat Actors: wannacrawl
Victim Country: Canada
Victim Industry: Entertainment & Movie Production
Victim Organization: rave inc
Victim Site: rave.io - Alleged leak of Gmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 310,931 unique Gmail email and password combinations on a cybercrime forum. The credentials are claimed to be from 2026, though this likely refers to a collection identifier rather than the actual date.
Date: 2026-03-22T05:40:06Z
Network: openweb
Published URL: https://crackingx.com/threads/69434/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com - Alleged Sale of NGA Forum User Database
Category: Data Breach
Content: The threat actor claims to be selling a dataset allegedly associated with NGA’s community platform. The dataset contains personal details of users.
Date: 2026-03-22T05:32:00Z
Network: openweb
Published URL: https://darkforums.su/Thread-784k-China-https-bbs-nga-cn-User-accounts-with-registration-and-activity-logs
Screenshots:
None
Threat Actors: gtaviispeak
Victim Country: China
Victim Industry: Online Publishing
Victim Organization: national geographic of azeroth forum
Victim Site: bbs.nga.cn - Alleged Data Breach of Amplify Technology Ltd
Category: Data Breach
Content: The threat actor claims to have hacked the website of Amplify Technology Ltd; the dataset contains sensitive corporate, personal and project intelligence datas.
Date: 2026-03-22T05:17:55Z
Network: openweb
Published URL: https://darkforums.su/Thread-ShadowByt3-Hacks-Amplify-Technology-Uk-Company
Screenshots:
None
Threat Actors: BlackVortex1
Victim Country: UK
Victim Industry: Information Technology (IT) Services
Victim Organization: amplify technology ltd
Victim Site: amplifytechnology.co.uk - Alleged leak of German social media and e-commerce credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 446,680 credential pairs allegedly targeting German social media and shopping platforms. The data is being distributed for free via a file sharing service.
Date: 2026-03-22T04:59:47Z
Network: openweb
Published URL: https://crackingx.com/threads/69433/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged distribution of crypto-banking credential combolist
Category: Combo List
Content: Threat actor BestCombo has made available a combolist containing 1,970,736 credentials allegedly targeting crypto-banking platforms. The credential list is being distributed via a Mega.nz file sharing link.
Date: 2026-03-22T04:43:54Z
Network: openweb
Published URL: https://crackingx.com/threads/69431/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Hotmail credentials on cybercrime forum
Category: Combo List
Content: A threat actor named ValidMail allegedly shared a combolist containing 41,000 Hotmail credentials on the CrackingX forum. The post indicates these are valid credentials sourced from forums.
Date: 2026-03-22T04:35:39Z
Network: openweb
Published URL: https://crackingx.com/threads/69430/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged leak of credentials combolist containing 43.2 million records
Category: Combo List
Content: A threat actor named Daxus shared a combolist containing 43.2 million URL:LOG:PASS credential combinations on a cybercrime forum. The actor promotes the data as strictly private and ultra high quality while providing contact information for additional services.
Date: 2026-03-22T03:01:42Z
Network: openweb
Published URL: https://crackingx.com/threads/69429/
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing approximately 1.28 million Hotmail credentials from mixed countries. The credentials are being distributed for free download via a file sharing service.
Date: 2026-03-22T02:50:47Z
Network: openweb
Published URL: https://crackingx.com/threads/69428/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged leak of MSN credentials
Category: Combo List
Content: A threat actor shared a credential list containing 11,336 lines targeting MSN.com domain users via a file hosting service.
Date: 2026-03-22T02:26:15Z
Network: openweb
Published URL: https://crackingx.com/threads/69427/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: msn.com - Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 3,800 allegedly valid Hotmail email credentials dated March 22, 2026, distributed through a free download link.
Date: 2026-03-22T02:00:22Z
Network: openweb
Published URL: https://crackingx.com/threads/69426/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Hax.or targets the website of patrimonio.fatecsp.br
Category: Defacement
Content: The group claims to have defaced the website of patrimonio.fatecsp.br.
Date: 2026-03-22T01:56:23Z
Network: telegram
Published URL: https://t.me/ctifeeds/129294
Screenshots:
None
Threat Actors: Hax.or
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: patrimonio.fatecsp.br - Alleged data breach of Purein Saudi
Category: Data Breach
Content: The threat actor claims to have breached the internal data from Purein Saudi, reportedly including oil deals, secret correspondence, and details concerning fuel stations across the Kingdom of Saudi Arabia..
Date: 2026-03-22T01:18:30Z
Network: openweb
Published URL: http://nasir.cc/pages/pure-in.html
Screenshots:
None
Threat Actors: Nasir Security
Victim Country: Saudi Arabia
Victim Industry: Oil & Gas
Victim Organization: purein saudi
Victim Site: purein-sa.com - Fatimion cyber team claims to target government websites in israel
Category: Alert
Content: A recent post by the group indicates that theyre targeting government websites in israel.
Date: 2026-03-22T01:12:45Z
Network: telegram
Published URL: https://t.me/hak994/5437
Screenshots:
None
Threat Actors: Fatimion cyber team
Victim Country: Israel
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of unauthorized admin access to unidentified software company
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified Software company in Australia.
Date: 2026-03-22T00:50:48Z
Network: openweb
Published URL: https://forum.exploit.in/topic/278881/
Screenshots:
None
Threat Actors: H4JIM3
Victim Country: Australia
Victim Industry: Software
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of unauthorized accesses to unidentified finance and Human Resource organizations
Category: Initial Access
Content: Threat actor claims to be selling unauthorized RDP, webshell, ssh, ftp, and api accesses to unidentified finance and human resources organizations in USA.
Date: 2026-03-22T00:36:05Z
Network: openweb
Published URL: https://forum.exploit.in/topic/278879/
Screenshots:
None
Threat Actors: shadowwss
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of unauthorized RDP access to unidentified organization
Category: Initial Access
Content: Threat actor claims to be selling unauthorized RDP access with administrator privilege to an unidentified organization in USA.
Date: 2026-03-22T00:33:39Z
Network: openweb
Published URL: https://forum.exploit.in/topic/278876/
Screenshots:
None
Threat Actors: hubert
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Gmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 127,956 Gmail credentials described as fresh leaks targeting shopping sites. The credentials were distributed via a file hosting service.
Date: 2026-03-22T00:32:55Z
Network: openweb
Published URL: https://crackingx.com/threads/69424/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Gmail
Victim Site: gmail.com - Alleged leak of Gmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 309,444 unique Gmail email and password combinations on a cybercrime forum. The credentials are claimed to be from 2026 and available for download.
Date: 2026-03-22T00:24:14Z
Network: openweb
Published URL: https://crackingx.com/threads/69423/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com - Alleged leak of mixed country credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 1.3 million credentials from mixed countries through a file sharing platform. The credentials are described as high quality and from various geographic locations.
Date: 2026-03-22T00:08:19Z
Network: openweb
Published URL: https://crackingx.com/threads/69422/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown