[March-23-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This report details a series of recent cyber incidents, providing key information for each event, strictly based on the provided data. The dataset captures a highly active 24-hour period, primarily centered around March 23 and March 24, 2026, revealing a complex threat landscape dominated by massive credential exposures, systematic website defacements, aggressive initial access brokering, and high-impact corporate and government data breaches.

The intelligence indicates a highly commoditized cybercrime ecosystem. Threat actors are leveraging clear web forums like CrackingX and encrypted messaging platforms like Telegram to distribute stolen data and sell network access at scale. Notably, the threat landscape is currently saturated with billions of leaked credentials—primarily targeting Microsoft domains—alongside targeted campaigns against critical infrastructure, such as the alleged failure of the Iron Dome system and cyberattacks on Iranian water facilities.

2. The Credential Compromise Epidemic (Combo Lists)

The most numerically significant threat identified in the dataset is the rampant distribution of “Combo Lists” (combinations of usernames/emails and passwords). These are predominantly shared on the open web forum CrackingX and via Telegram channels.

2.1 Microsoft and Hotmail Targeting

Threat actors demonstrated a massive, sustained focus on Microsoft-owned domains, particularly Hotmail, distributing millions of records for free or premium access.

Massive Volume Dumps: Threat actor ‘zod’ claimed to have leaked 3.1 million Hotmail credentials via a password-protected combolist on Telegram. Another actor, ‘BestCombo’, shared over 1.5 million Hotmail email and password combinations via a file-sharing platform, describing them as high quality. Furthermore, ‘BestCombo’ leaked 725,478 credentials associated with Microsoft domains and an immense 11.6 million Microsoft domain credentials distributed for free.
Daily and Fresh Distributions: Threat actor ‘Kokos2846q’ shared fresh Hotmail lists containing 560,000 records, claiming to add new databases daily.
Targeted and Verified Lists: Multiple actors posted smaller, verified lists. ‘ValidMail’ shared 41,000 Hotmail credentials sourced from forums , and later posted a “30k HOTMAIL DOMAIN WITH VALID 23.03.26” list. ‘UniqueCombo’ released 6,000 unique Hotmail combinations. Actor ‘BestCombo’ specifically targeted the Spanish domain hotmail.es with 10,991 lines of credentials. Other actors like ‘alphaxdd’, ‘WashingtonDC’, ‘KiwiShio’, ‘Lexser’, ‘HollowKnight07’, ‘FlashCloud2’, and ‘redcloud’ shared batches ranging from 950 to 4,200 Hotmail credentials.
Cloud Collections: Actor ‘Hotmail Cloud’ shared 459 Hotmail lists organized by country, described as premium and fresh.

2.2 Corporate and Educational Credentials

Corporate networks and educational institutions were heavily targeted for credential harvesting, creating severe risks for Business Email Compromise (BEC).

Corporate Data: Threat actor ‘CODER’ distributed combolists containing 7 million business domain accounts , 13 million mixed corporate credentials , and 9 million corporate email credentials via Telegram channels. ‘HQcomboSpace’ leaked 181,158 corporate email credentials suitable for lead generation , as well as a list of 59,122 corporate combinations. Another actor offered 24,000 fresh corporate accounts.
Educational Data: ‘CODER’ claimed to distribute a combolist containing 7 million educational email and password combinations. ‘HQcomboSpace’ shared 173,806 credential pairs targeting educational, social media, and shopping platforms.

2.3 Massive Mixed and Protocol-Specific Leaks

Several threat actors dumped unimaginably large datasets containing mixed domains or protocol-specific access.

SMTP Access: ‘CODER’ distributed a massive combolist containing 14 million SMTP credentials along with related programs for free on Telegram.
Mixed Domains: ‘CODER’ also distributed an 11 million record combolist of mixed domains (Comcast, IT, NET, COM, EA, etc.) , a 10 million list targeting Amazon, eBay, Facebook, and gaming services , and a 1.3 million record mixed country list. Threat actor ‘VitVit’ shared approximately 14.3 million lines of credentials on CrackingX. ‘TheBash1996’ shared a staggering 360GB combolist containing URL, login, and password formats in TXT format. Actor ‘Daxus’ shared 5.48 million URL:LOG:PASS credentials, described as ultra high quality.
Google/Gmail: ‘UniqueCombo’ shared multiple large Gmail lists, including one with 337,000 combinations and another with 327,873 unique combinations from 2026.
Yahoo Crypto Users: ‘HQcomboSpace’ leaked 617,759 Yahoo email and password combinations specifically targeting cryptocurrency users.

2.4 Geographically Targeted Credential Leaks

Threat actors actively filtered and leaked credentials by country:

Germany: ‘HQcomboSpace’ leaked a massive 869,036 credential pairs , 370,608 entries targeting German gaming/casinos , 239,069 mixed domain credentials , and 883,934 lines of mixed German credentials. ‘MailAccesss’ posted an “8k Germany Fresh Mail Access” thread. ‘BestCombo’ leaked 78,112 lines targeting the t-online.de domain.
France: ‘BestCombo’ leaked 15,333 lines targeting the orange.fr telecommunications domain. ‘MailAccesss’ shared 1,200 valid French email credentials.
Japan: ‘BestCombo’ shared over 1 million credentials originating from Japan. ‘MailAccesss’ shared 3,900 Japanese email credentials with full access.
Switzerland: ‘BestCombo’ leaked 6,633 lines targeting the bluewin.ch domain.
United States: ‘RandomUpload’ leaked 9,934 USA-based email/password combinations.
China: ‘MailAccesss’ shared access to 3,100 Chinese email credentials.

3. Initial Access Brokering Ecosystem

The data reveals a thriving Initial Access Broker (IAB) market, where attackers compromise systems and sell or leak the persistent access (shells, admin panels, cloud environments) to other cybercriminals.

3.1 The InDoM1nus Team Campaign

The “InDoM1nus Team” executed a highly prolific, likely automated, initial access campaign heavily focused on UK-based commercial entities and Indonesian organizations. They systematically claimed unauthorized shell-level access to the following targets on Telegram:

UK Targets: Yuana Volition Ltd (Building/Construction) , Westine Eco Tech Ltd (Building/Construction) , Westfirm Eco Traders Ltd (Building/Construction) , Waiden Consultants Ltd (Building/Construction) , trestonikretail.co.uk , hueminsons , Neotell Frixion Ltd , Repow Enteractive Ltd (Energy/Utilities) , Holmfortheit Trade Ltd (Import/Export) , RA ARCTECTURAL ECO LTD , relvintectrade.co.uk , Brittle Eco Design Ltd (Graphic Design) , commsomitrade (Import/Export) , Atech LEDs Ltd (Consumer Electronics) , and Bell & Son SecoTech Ltd.
Indonesian Targets: Purnama Tour , Zona Cakrawala (Publishing) , Yayasan Cikahuripan (Non-profit) , Tribun Maluku Tenggara Raya (Publishing) , targetbuser86.com , Segantang Lada , PersadaKita , Pantau Hukum , KabarBromo66 , inforakyat24jam.com , Bersinar News , Bernas Sharp , Cyberkriminal.id , Bongkarborneo , Batam Express , and AmphibiNews.com.

3.2 Global Initial Access Sales

Other threat actors utilized open web forums (e.g., forum.exploit.in, darkforums.su) to sell access to higher-value corporate infrastructure.

Corporate Cloud & Domains: Threat actor ‘vexin’ offered unauthorized corporate cloud access across multiple countries. Actor ‘malaria’ claimed to sell unauthorized domain user access for unidentified organizations in Brazil’s financial services sector.
E-commerce & WordPress Admins: ‘manofworld’ sold unauthorized admin access to an unidentified store in Kuwait and an unidentified website in the USA. Actor ‘cosmodrome’ sold WordPress admin access to a UK website. Actor ‘ed1n1ca’ sold access to a Spanish WordPress shop, citing transaction volumes from December to March to prove its financial value.
Physical Infrastructure (CCTV & Transit): The group ‘Z-PENTEST ALLIANCE’ claimed unauthorized access to an unidentified ETC-606i System on BUS 4613 in Spain, granting visibility into GPS telemetry, route management, ticket sales, and conductor credentials. ‘NoName057(16)’ claimed unauthorized access to an unidentified CCTV system of an MOT garage in the UK.

4. Website Defacement Campaigns

Website defacement remains a prominent tactic for hacktivism, clout-chasing, and demonstrating vulnerability. The dataset highlights both targeted single-site attacks and broad mass-defacement campaigns.

4.1 Mass Defacement Campaigns

systemdarkdenied: This actor executed a widespread mass defacement campaign heavily focused on Indian businesses. Targets included DS Aqua Tech , Essar Poly Bags , Glocolour Labs , Madhan Studios Salem , Orange Salon , Sharthika Institute of Medical Sciences , Thavamedu , and VK Jewellers. They also defaced miraypancarbons.com , sarvinskin.com , tigreenexim.com , and aquabluelife.com. These were noted as part of broader mass defacement operations rather than targeted single-site breaches, often affecting Linux-based servers.
blackhun73r – cyber warrior: This Telegram-based group systematically defaced Indian organizations, heavily impacting non-profits, education, and manufacturing. Victims included Poultry Federation of India, Govt. Industrial Training Institute , Umeed Kiran , Narpa Spices , Jay Vet Nutrition , Bawa Masala Co Pvt Ltd , Aryabhatta Education Research & Development Samiti , and Acreion Pharmaceuticals.

4.2 Targeted Defacements

NUCLIER-Y-C-C-M: This threat actor focused on Nepalese and undefined targets, conducting single-target defacements. Victims included sutput.com , SCAEF (Nepal) , and Serolab Nepal (Healthcare).
DimasHxR: Focused on European targets, this actor defaced a German site (st-komm.de) , a radio station ([suspicious link removed]) , and Russian entities including MacDolands (macdolands.ru) and 7 Nebo Hotel (7-nebo-otel.ru), specifically targeting their readme.txt files.
tirz4sec (jatengblekhet team): Targeted WordPress sites and South American domains. They exploited a WordPress plugin directory to deface an IP address (20.197.3.59) and subsequently targeted Brazilian websites Konver , DuoConect , and zayyrem.com.br , as well as hotelsolutions.shop.
Aptisme: Conducted targeted defacements against Mongolian entities abook.mn and shil.mn , alongside Brazilian transportation company LG Transporte.
BABAYO EROR SYSTEM: Claimed defacements on Telegram targeting Oxahost (Tunisia, IT Services) and NEOSTANDARD (Hungary, Publishing).
Nicotine: Defaced UAE-based corporate sites including KKM Gold Dubai , Citypark Electronics , Expert Tech Trading LLC , and Kantola Airconditioning LLC.
Other Notables: Team Hazardous Pakistan (overthrash1337) defaced Himalayan Nepal Trek. Trojan 1337 defaced the National Drought Monitoring Centre of Pakistan. Leviathan Perfect Hunter (aexdy) defaced Romanian robotics site robohub.ro. Hax.or defaced Thavam Research Foundation.

5. High-Impact Data Breaches and Leaks

A severe volume of sensitive Personally Identifiable Information (PII), corporate intellectual property, and government data was exposed or listed for sale during this reporting period.

5.1 Government and Public Sector Breaches

Vietnam: The group ‘KurdFemboys’ claimed a massive 4.7TB data breach of the Ministry of Agriculture and Rural Development in Vietnam, exposing internal files, employee records, land contracts, and sensitive personal and farm-related data.
Indonesia: Threat actor ‘Sorb’ leaked data from Kementerian Kesehatan RI (Ministry of Health), containing 1.16M phone records and 583K email records, including national ID numbers, full names, dates of birth, and healthcare-related records. Actor ‘CinCauGhast’ leaked 149,833 records from BAPENDA Jabar (a regional revenue agency) , an attack also claimed by ‘BABAYO EROR SYSTEM’, noting the data included names, ID numbers, and tax information. Actor ‘XSVSHACKER’ breached Mardika, exposing names, addresses, KTP (national ID), and NPWP (tax ID) numbers.
Chile: ‘NyxarGroup’ claimed to sell 250GB of records from Ley del Lobby (leylobby.gob.cl), containing passports, contacts, and addresses. The same actor breached Servicio Civil, leaking 110,000 records including full names and user IDs.
United Arab Emirates: Threat actor ‘rSora’ claimed to have leaked internal systems from the Department of Government Enablement (DGE) in Abu Dhabi, allegedly exposing AI infrastructure, misconfigured administrative portals, and legacy vulnerabilities.
Iran: ‘Handala Hack’ claimed to have leaked a dataset from Shin Bet, specifically targeting 50 personnel linked to Iran desk operations, exposing names and contact data.

5.2 Enterprise and Corporate Breaches

Heritage Financial Corporation (USA): The company officially disclosed (via an 8-K filing) a cybersecurity incident involving unauthorized access to an internal file share server used by employees. The investigation confirmed data exfiltration potentially containing personal information. The company activated its incident response plan, isolated systems, and engaged forensic experts, noting core banking and customer operations were not impacted.
American Airlines Group Inc (USA): The threat group ‘ShinyHunters’ claimed on Telegram to have breached the database of American Airlines.
Amazon Technologies Inc (USA): The group ‘DieNet’ claimed on Telegram to have breached Amazon.
Virta Health (USA): ‘LAPSUS-GROUP’ claimed to have leaked data from healthcare provider Virta Health, intending to publish it within 6 days.
Ledger (Cryptocurrency): Threat actor ‘Xviixi’ alleged the sale of Ledger investor data containing 270,000 records with deposit amounts and asset values from multiple countries.
Allopneus (France): Actor ‘HexDex’ claimed to sell 739,316 records from the French automotive company, including names, emails, phones, addresses, and transactions.
Gambling and Casinos: ‘Green41k’ claimed to sell a European casino payment database with 2.5 million users (primarily from France), including deposit details and contact info. ‘globalData1’ sold 1,400,000 records from an unidentified Australian gambling platform containing PII, financial data, and account balances.
Other Notable Breaches: ‘marinelepen’ leaked data from French insurance platform Assu Risk (names, emails). ‘CyberNox’ leaked data from Laboratoires des Pyrénées et des Landes (France), exposing company details, user IDs, and passwords. ‘HexDex’ offered 363,000 records from Airsoft-Entrepot (France). ‘SnowSoul’ claimed a 70GB leak from Zhejiang Guangyuan Printing and Packaging Co., Ltd (China). Data was also leaked from YouPlanet (Iran, tens of thousands of records by ‘zimablue’) , ConsultayCrecE (Spain, 24,800 records by ‘fanfan’) , Comercio do Morrazo (Spain, 15,938 records by ‘fanfan’) , and Foxhog Ventures Corp (USA, by ‘tarunpoddar’). ‘IT ARMY OF RUSSIA’ breached GKH.IN.UA (Ukraine).

6. Critical Cyber Attacks and Alerts

Beyond data theft, the dataset reveals active disruptions to critical systems and nation-state level implications.

Iron Dome Operational Failure (Israel): A critical alert was raised by threat actor ‘.regnum’, claiming that Israel’s Iron Dome system experienced a critical operational failure during a missile barrage. Internal logs allegedly show authentication bypasses, rejected overrides, loss of connection to authentication servers, and a total system offline period of 247 seconds.
Iranian Water Infrastructure: The Islamic Republic of Iran reported a cyberattack targeting its urban water and electricity infrastructure, blaming the US and allied entities. The attack affected several water transfer and treatment facilities, causing disruptions, though systems were reportedly quickly restored. Officials indicated a possible reciprocal cyber response.
San Felipe Del Rio CISD (USA): A Texas school district experienced a cyberattack involving suspicious email activity, causing disruptions to internal networks, internet, and communication services. The district engaged a Regional Security Operations Center to monitor and restore systems.

7. Malware and Cybercrime Tools

The proliferation of automated tooling lowers the barrier to entry for cybercriminals. Several advanced tools were advertised on forums like demonforums.net:

GoldenBullet: Threat actor ‘ticnico’ sold ‘GoldenBullet’, an automation and web testing tool designed for data parsing, HTTP requests, and scripting with modernized libraries to facilitate automated workflows and large-scale web activities.
Aphrobyte RAT 2026: Threat actor ‘tforest12’ offered Aphrobyte RAT 2026, a Remote Access Trojan designed for full device control, data theft, surveillance, and remote command execution.
Apple Email Checker: Actor ‘tforest12’ also sold a tool designed to verify the validity of Apple ID email addresses, facilitating targeted phishing or marketing campaigns.
Toolsx.pw Marketplace: Cybercriminal marketplace Toolsx.pw advertised illegal digital tools including RDP access, SSH credentials, compromised email accounts, and web shells, claiming 90%+ validity rates and 24/7 support.
AI Influencer Fraud: An actor named ‘amazonaged’ promoted a course on creating fake AI influencers for fraudulent social media monetization schemes.
SMS Fraud Service: Actor ‘bitly67’ advertised an SMS service capable of sending messages to any country worldwide, potentially for fraudulent purposes, via a Telegram bot.

8. Conclusion and Strategic Assessment

The intelligence derived from this 24-hour snapshot reveals an incredibly hostile cyber environment characterized by the commoditization of access and identity.

Identity is the Perimeter: The sheer volume of credential combo lists—totaling tens of millions of records distributed freely or for minimal cost—indicates that password-only authentication is functionally obsolete. The heavy targeting of Microsoft domains (Hotmail, Office365) and corporate emails provides threat actors with the raw materials needed for widespread Business Email Compromise (BEC), credential stuffing, and initial network infiltration.
The Rise of Automated Initial Access: The systematic compromise of UK and Indonesian websites by groups like the InDoM1nus Team highlights the automated scanning and exploitation of vulnerable web infrastructure (likely WordPress or exposed cPanels). These shells are subsequently monetized on the dark web, serving as the beachhead for ransomware deployments or deeper data exfiltration.
Critical Infrastructure Vulnerability: Alerts regarding the Iranian water treatment facilities and the alleged Iron Dome failure underscore the kinetic real-world impact of cyber operations. Operational Technology (OT) and critical defense systems remain highly prized targets for nation-state and ideologically motivated actors.
Data Breaches Expose Deep PII: The breaches of organizations like the Vietnamese Ministry of Agriculture, Heritage Financial Corp, and various healthcare/government entities demonstrate that attackers are successfully bypassing defenses to exfiltrate vast troves of high-value PII, including passports, national ID numbers, and financial data.

Detected Incidents Draft Data

Website defacement of sutput.com by NUCLIER-Y-C-C-M
Category: Defacement
Content: The threat actor NUCLIER-Y-C-C-M successfully defaced the website sutput.com on March 24, 2026. This appears to be a single-target home page defacement rather than a mass defacement campaign.
Date: 2026-03-23T23:57:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813284
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: sutput.com
Alleged sale of Ledger cryptocurrency wallet investor data
Category: Data Breach
Content: Threat actor Xviixi allegedly offering Ledger cryptocurrency wallet investor data containing 270,000 records with deposit amounts and asset values from multiple countries. Contact requested via private message or Telegram for premium access.
Date: 2026-03-23T23:54:45Z
Network: openweb
Published URL: https://crackingx.com/threads/69638/
Screenshots:
None
Threat Actors: Xviixi
Victim Country: Unknown
Victim Industry: Cryptocurrency
Victim Organization: Ledger
Victim Site: Unknown
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: A threat actor allegedly shared a combolist containing 41,000 Hotmail credentials on the CrackingX cybercriminal forum. The post indicates these are valid credentials sourced from forums.
Date: 2026-03-23T23:51:19Z
Network: openweb
Published URL: https://crackingx.com/threads/69637/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Orange France credentials
Category: Combo List
Content: A threat actor shared a credential list containing 15,333 lines targeting the orange.fr domain via a file sharing platform.
Date: 2026-03-23T23:40:57Z
Network: openweb
Published URL: https://crackingx.com/threads/69635/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: France
Victim Industry: Telecommunications
Victim Organization: Orange
Victim Site: orange.fr
Alleged sale of unauthorized admin access to unidentified store
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin access to an unidentified online store in Kuwait.
Date: 2026-03-23T23:29:59Z
Network: openweb
Published URL: https://forum.exploit.in/topic/278956/
Screenshots:
None
Threat Actors: manofworld
Victim Country: Kuwait
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of SCAEF by NUCLIER-Y-C-C-M
Category: Defacement
Content: The NUCLIER-Y-C-C-M group defaced the SCAEF organization website on March 24, 2026. This appears to be a targeted single-site defacement rather than a mass attack.
Date: 2026-03-23T23:09:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813277
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Nepal
Victim Industry: Unknown
Victim Organization: SCAEF
Victim Site: scaef.org.np
Website defacement of Serolab Nepal by NUCLIER-Y-C-C-M
Category: Defacement
Content: NUCLIER-Y-C-C-M threat actor defaced the Serolab Nepal website on March 24, 2026. The attack targeted a healthcare laboratory organizations web presence in Nepal.
Date: 2026-03-23T23:09:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813278
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Nepal
Victim Industry: Healthcare
Victim Organization: Serolab Nepal
Victim Site: serolabnepal.com.np
Alleged leak of German credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 869,036 credential pairs allegedly targeting German users through a file sharing platform.
Date: 2026-03-23T22:56:20Z
Network: openweb
Published URL: https://crackingx.com/threads/69634/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of jewelry & watch retail customers data in Australia
Category: Data Leak
Content: A threat actor claims to be selling a dataset containing 16,000 customer records allegedly from a Jewelry & Watch Retail business in Australia. The data reportedly includes names, phone numbers, email addresses, dates of birth, gender, and other customer-related details, with around 9,000 unique emails and 16,000 unique phone numbers.
Date: 2026-03-23T22:21:25Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279000/
Screenshots:
None
Threat Actors: betway
Victim Country: Australia
Victim Industry: Retail Industry
Victim Organization: Unknown
Victim Site: Unknown
Website defacement by tirz4sec (jatengblekhet team) targeting WordPress site
Category: Defacement
Content: WordPress site hosted on IP address 20.197.3.59 was defaced by attacker tirz4sec affiliated with the jatengblekhet team on March 24, 2026. The attack targeted a WordPress plugin directory, indicating exploitation of plugin vulnerabilities.
Date: 2026-03-23T22:18:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813275
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 20.197.3.59
Alleged data breach of Ministry of Agriculture and Rural Development Vietnam
Category: Data Breach
Content: The threat actor claims to have breached 4.7TB of data from the Ministry of Agriculture and Rural Development in Vietnam, allegedly exposing internal files, employee records, land contracts, and sensitive personal and farm-related data.
Date: 2026-03-23T21:59:08Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-Ministry-of-Agriculture-and-Rural-Development-Vietnam
Screenshots:
None
Threat Actors: KurdFemboys
Victim Country: Vietnam
Victim Industry: Government Administration
Victim Organization: ministry of agriculture and rural development vietnam
Victim Site: mard.gov.vn
Alleged Unauthorized Access to San Isidro Hydrotech Systems
Category: Initial Access
Content: A threat actor claims to have gained unauthorized access to systems associated with San Isidro Hydrotech, alleging infiltration into engineering blueprints and internal infrastructure data. The actor suggests they have visibility into pipeline systems and internal technical parameters, indicating potential compromise of operational or industrial control-related information.
Date: 2026-03-23T21:49:27Z
Network: telegram
Published URL: https://t.me/op_morningstar/595
Screenshots:
None
Threat Actors: MORNING STAR
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail and MSN credential combolist
Category: Combo List
Content: A threat actor shared a credential combolist containing 2,230 lines of Hotmail and MSN email account combinations for free download on an underground forum.
Date: 2026-03-23T21:40:53Z
Network: openweb
Published URL: https://crackingx.com/threads/69632/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail.es credentials
Category: Combo List
Content: A threat actor shared a combolist containing 10,991 lines of credentials specifically targeting the hotmail.es domain via a file hosting service.
Date: 2026-03-23T21:30:39Z
Network: openweb
Published URL: https://crackingx.com/threads/69631/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Spain
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.es
Alleged leak of Hotmail credential lists on cybercrime forum
Category: Combo List
Content: Threat actor shares fresh Hotmail credential lists containing 560,000 records through Telegram channel and file sharing platform. Actor claims to add new credential databases daily focusing on relevant and recent data.
Date: 2026-03-23T21:21:11Z
Network: openweb
Published URL: https://crackingx.com/threads/69630/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of ConsultayCrecE
Category: Data Breach
Content: A threat actor claims to have leaked the database of ConsultayCrecE. The allegedly exposed dataset contains approximately 24,800+ records, including client and mailing list information.
Date: 2026-03-23T21:20:01Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-consultaycrece-com-breached-leaked
Screenshots:
None
Threat Actors: fanfan
Victim Country: Spain
Victim Industry: Professional Services
Victim Organization: consultaycrece
Victim Site: consultaycrece.com
Alleged leak of credential logs via DAISY CLOUD
Category: Combo List
Content: Threat actor NEW_DAISYCLOUD shared 5,413 fresh credential logs via file sharing service, offering free download with password protection.
Date: 2026-03-23T21:12:28Z
Network: openweb
Published URL: https://crackingx.com/threads/69629/
Screenshots:
None
Threat Actors: NEW_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of GoldenBullet tool
Category: Malware
Content: The threat actor claims to be selling an automation and web testing tool called GoldenBullet, allegedly designed to enable advanced users to perform data parsing, HTTP requests, and scripting with updated libraries and a modernized interface, potentially facilitating automated workflows and large-scale web-based activities.
Date: 2026-03-23T20:51:40Z
Network: openweb
Published URL: https://demonforums.net/Thread-Welcome-To-GoldenBullet%C2%A0a-craking-Tools-For-Automation
Screenshots:
None
Threat Actors: ticnico
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of corporate email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 181,158 corporate email credentials via file sharing service. The credential list is described as suitable for lead generation targeting.
Date: 2026-03-23T20:44:43Z
Network: openweb
Published URL: https://crackingx.com/threads/69628/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged access to an unidentified ETC-606i System on BUS 4613 in Spain
Category: Initial Access
Content: The group claims to have gained unauthorized access to an unidentified ETC-606i System on BUS 4613 in Spain, access to visibility and control over operational features such as GPS/GPRS telemetry, route and stop management, ticket sales and cancellations, printing functions, and shift or trip controls, along with access to conductor login credentials displayed on the system.
Date: 2026-03-23T20:14:21Z
Network: telegram
Published URL: https://t.me/c/3792806777/31
Screenshots:
None
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of French email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,200 valid French email credentials dated March 23rd on a cybercriminal forum.
Date: 2026-03-23T20:07:40Z
Network: openweb
Published URL: https://crackingx.com/threads/69627/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged WordPress-related data leak by threat actor zod
Category: Combo List
Content: Threat actor zod posted WordPress-related content on CX forum in the combolists and dumps section, with access requiring sign-in and password available via Telegram channel.
Date: 2026-03-23T19:57:00Z
Network: openweb
Published URL: https://crackingx.com/threads/69624/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of personal identity documents and databases
Category: Data Breach
Content: Threat actor claims to have access to driver licenses, SSNs, passports, company databases, consumer information, phone lists, email lists, and citizen databases with contact information provided for potential buyers.
Date: 2026-03-23T19:56:33Z
Network: openweb
Published URL: https://crackingx.com/threads/69625/
Screenshots:
None
Threat Actors: jannatmirza11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of shib bet iran deek officers
Category: Data Leak
Content: The threat actor claims to have leaked a dataset associated with Shin Bet, specifically targeting personnel linked to its Iran desk operations. The exposed dataset reportedly contains information on approximately 50 individuals, including details such as names, contact information, and role-related data
Date: 2026-03-23T19:44:12Z
Network: openweb
Published URL: https://handala-team.to/behind-the-curtain-full-details-of-shin-bets-iran-desk-officers-released/
Screenshots:
None
Threat Actors: Handala Hack
Victim Country: Iran
Victim Industry: Government Administration
Victim Organization: shin bet
Victim Site: shabak.gov.il
BABAYO EROR SYSTEM targets the website of Oxahost
Category: Defacement
Content: The group claims to have defaced the website of Oxahost.
Date: 2026-03-23T19:34:48Z
Network: telegram
Published URL: https://t.me/BabayoErorSyteam/337
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Tunisia
Victim Industry: Information Technology (IT) Services
Victim Organization: oxahost
Victim Site: oxahost.tn
Alleged leak of corporate email credentials via PandaCloud service
Category: Combo List
Content: Threat actor Kokos2846q is distributing free email credential lists through a Telegram channel called PandaCloud, claiming to provide fresh corporate email databases updated daily. A specific Fresh Corp 20K credential list containing 20,000 records is being shared via file hosting service.
Date: 2026-03-23T19:34:12Z
Network: openweb
Published URL: https://crackingx.com/threads/69621/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential lists on underground forum
Category: Combo List
Content: A threat actor shared 459 Hotmail credential lists on an underground forum, organized by country with inbox access targets. The credentials are described as premium and fresh, suggesting they may be recently compromised or verified working accounts.
Date: 2026-03-23T19:33:42Z
Network: openweb
Published URL: https://crackingx.com/threads/69622/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor claims to have leaked 3.1 million Hotmail credentials on a cybercriminal forum. The data appears to be distributed as a combolist with password protection via Telegram.
Date: 2026-03-23T19:33:21Z
Network: openweb
Published URL: https://crackingx.com/threads/69623/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
BABAYO EROR SYSTEM targets the website of NEOSTANDARD
Category: Defacement
Content: The group claims to have defaced the website of NEOSTANDARD.
Date: 2026-03-23T19:23:09Z
Network: telegram
Published URL: https://t.me/BabayoErorSyteam/337
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Hungary
Victim Industry: Online Publishing
Victim Organization: neostandard
Victim Site: neostandard.hu
Alleged promotion of fraudulent AI influencer scheme
Category: Initial Access
Content: Forum post promoting a course on creating fake AI influencers for fraudulent social media monetization schemes, with free version available on external platform.
Date: 2026-03-23T19:22:02Z
Network: openweb
Published URL: https://crackingx.com/threads/69619/
Screenshots:
None
Threat Actors: amazonaged
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 4,932 Hotmail credentials via a file sharing service. The credentials appear to be targeting the hotmail.com domain specifically.
Date: 2026-03-23T19:20:13Z
Network: openweb
Published URL: https://crackingx.com/threads/69617/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of apple email checker tool
Category: Malware
Content: The threat actor claims to be offering an Apple email checker tool designed to verify the validity of Apple ID email addresses, potentially enabling targeted email harvesting and facilitating phishing or marketing campaigns.
Date: 2026-03-23T19:06:34Z
Network: openweb
Published URL: https://demonforums.net/Thread-Apple-Valid-Email-Checker-2026-%E2%80%93-Smart-Email-Verification-for-High-Quality-Marketing
Screenshots:
None
Threat Actors: tforest12
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Aphrobyte RAT tool
Category: Malware
Content: The threat actor claims to be offering Aphrobyte RAT 2026, a Remote Access Trojan designed to provide full control over compromised systems, including unauthorized access, data theft, surveillance, and remote command execution.
Date: 2026-03-23T18:51:16Z
Network: openweb
Published URL: https://demonforums.net/Thread-Aphrobyte-RAT-2026-Full-device-control
Screenshots:
None
Threat Actors: tforest12
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credentials from multiple regions
Category: Combo List
Content: A threat actor leaked a combolist containing 3,500 email credentials allegedly from users in the USA, Europe, and Asia, dated March 23rd.
Date: 2026-03-23T18:48:55Z
Network: openweb
Published URL: https://crackingx.com/threads/69616/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Chinese email credentials
Category: Combo List
Content: A threat actor shared access to 3,100 Chinese email credentials dated March 23rd on a cybercrime forum. The content appears to be hidden behind user registration requirements.
Date: 2026-03-23T18:38:25Z
Network: openweb
Published URL: https://crackingx.com/threads/69615/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to an unidentified shop in Spain
Category: Initial Access
Content: The threat actor claims to be selling unauthorized access to an unidentified WordPress shop in Spain, stating that the platform recorded 237 credit/debit card transactions in March, 176 in February, 336 in January, and 339 in December.
Date: 2026-03-23T18:36:21Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/278983/
Screenshots:
None
Threat Actors: ed1n1ca
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of YouPlanet
Category: Data Breach
Content: A threat actor claims to have leaked a database associated with YouPlanet, a social networking platform. The allegedly exposed dataset is said to contain tens of thousands of user records, including usernames, email addresses, gender, nationality, birth details, profile information, and avatar links.
Date: 2026-03-23T18:31:36Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Youplanet-app-40k-2026
Screenshots:
None
Threat Actors: zimablue
Victim Country: Iran
Victim Industry: Network & Telecommunications
Victim Organization: youplanet
Victim Site: youplanet.app
Alleged leak of educational institution credentials
Category: Combo List
Content: A threat actor shared a combolist containing 173,806 credential pairs allegedly targeting social media, shopping, and educational platforms. The data is being distributed for free via a file-sharing service.
Date: 2026-03-23T18:29:56Z
Network: openweb
Published URL: https://crackingx.com/threads/69614/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized domain user access to unidentified organizations in Brazil
Category: Initial Access
Content: The threat actor claims to be selling unauthorized domain user access associated with unidentified organizations in Brazil.
Date: 2026-03-23T18:23:10Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/278985/
Screenshots:
None
Threat Actors: malaria
Victim Country: Brazil
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of Office365 credential combolists
Category: Combo List
Content: Threat actor CODER is distributing Office365 credential combolists through Telegram channels, offering free access to compromised email and password combinations.
Date: 2026-03-23T18:18:28Z
Network: openweb
Published URL: https://crackingx.com/threads/69613/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Microsoft
Victim Site: office365.com
Alleged data breach of Department of Government Enablement Abu Dhabi
Category: Data Breach
Content: A threat actor claims to have leaked internal systems associated with the Department of Government Enablement (DGE) in Abu Dhabi. The data allegedly include exposed AI infrastructure, misconfigured administrative portals, and outdated web applications.
Date: 2026-03-23T18:18:24Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-ABU-DHABI-DGE-%E2%80%94-AI-NATIVE-RECON-GOV-GPT-FLOWISE-INSTANCES-LEGACY-HOLES
Screenshots:
None
Threat Actors: rSora
Victim Country: UAE
Victim Industry: Government & Public Sector
Victim Organization: department of government enablement abu dhabi
Victim Site: dge.gov.ae
Cyberattack hits Heritage Financial Corporation
Category: Data Breach
Content: The disclosure states that Heritage Financial Corporation identified a cybersecurity incident involving unauthorized access to an internal file share server used by employees. The investigation confirmed that files were exfiltrated, potentially containing personal information, indicating a data breach. In response, the company activated its incident response plan, isolated the affected system, and engaged external forensic and legal experts to assess and remediate the situation. While core banking systems and customer operations were not impacted, the organization continues to evaluate the scope and potential impact of the compromised data.
Date: 2026-03-23T18:10:07Z
Network: openweb
Published URL: https://www.board-cybersecurity.com/incidents/tracker/heritage-financial-cybersecurity-incident-8066881b#8-k-filed-on-2026-03-20
Screenshots:
None
Threat Actors:
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: heritage financial corporation
Victim Site: heritagebanknw.com
Alleged data breach of American Airlines Group Inc
Category: Data Breach
Content: The group claims to have breached the database of American Airlines Group Inc.
Date: 2026-03-23T18:08:36Z
Network: telegram
Published URL: https://t.me/c/3737716184/363
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: USA
Victim Industry: Airlines & Aviation
Victim Organization: american airlines group inc
Victim Site: aa.com
Alleged leak of Japan email credentials
Category: Combo List
Content: Actor shared a combolist containing 3,900 Japanese email credentials with full access, dated March 23rd.
Date: 2026-03-23T17:47:08Z
Network: openweb
Published URL: https://crackingx.com/threads/69611/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized admin access to an unidentified website in the UK
Category: Initial Access
Content: The threat actor claims to be selling unauthorized WordPress admin access to an unidentified website in the UK.
Date: 2026-03-23T17:39:37Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/278981/
Screenshots:
None
Threat Actors: cosmodrome
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized admin access to an unidentified website in the United States
Category: Initial Access
Content: The threat actor claims to be selling unauthorized WordPress admin access to an unidentified website in the United States.
Date: 2026-03-23T17:23:47Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/278977/
Screenshots:
None
Threat Actors: manofworld
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of USA credential combolist
Category: Combo List
Content: A credential combolist containing 9,934 USA-based email and password combinations was shared on a cybercriminal forum. The data is made available for registered users to download.
Date: 2026-03-23T17:17:04Z
Network: openweb
Published URL: https://crackingx.com/threads/69604/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Bluewin credentials
Category: Combo List
Content: A threat actor shared a combolist containing 6,633 credential lines targeting the bluewin.ch domain via a file hosting service.
Date: 2026-03-23T17:06:48Z
Network: openweb
Published URL: https://crackingx.com/threads/69603/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Switzerland
Victim Industry: Telecommunications
Victim Organization: Bluewin
Victim Site: bluewin.ch
Cyberattack hits San Felipe Del Rio Consolidated Independent School District
Category: Cyber Attack
Content: Reports indicate that San Felipe-Del Rio Consolidated Independent School District experienced a cyber attack involving suspicious email activity, resulting in disruptions to internal network systems, including internet and communication services. The district initiated response measures with a Regional Security Operations Center and continues to monitor and restore affected systems, while assessing the overall impact of the incident.
Date: 2026-03-23T16:54:49Z
Network: openweb
Published URL: https://dysruptionhub.com/san-felipe-del-rio-cisd-network-outage-tx/
Screenshots:
None
Threat Actors:
Victim Country: USA
Victim Industry: Education
Victim Organization: san felipe del rio consolidated independent school district
Victim Site: sfdr-cisd.org
Alleged sale of corporate email access credentials
Category: Combo List
Content: Threat actor claims to offer access to 24,000 fresh corporate email accounts dated March 23rd. The post indicates this is premium quality access being made available to registered forum users.
Date: 2026-03-23T16:43:47Z
Network: openweb
Published URL: https://crackingx.com/threads/69600/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Comercio do Morrazo
Category: Data Breach
Content: A threat actor claims to have leaked the mailing list database associated with comerciodomorrazo.com. The exposed dataset reportedly contains around 15,938 subscriber records, including email addresses, full names, phone numbers, IP addresses, subscription activity, and mailing metrics.
Date: 2026-03-23T16:43:21Z
Network: openweb
Published URL: https://darkforums.su/Thread-comerciodomorrazo-com-mailing-list-breached-leaked
Screenshots:
None
Threat Actors: fanfan
Victim Country: Spain
Victim Industry: E-commerce & Online Stores
Victim Organization: comercio do morrazo
Victim Site: comerciodomorrazo.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor allegedly leaked 1,857 premium Hotmail credentials as a free download on a cybercriminal forum.
Date: 2026-03-23T16:42:37Z
Network: openweb
Published URL: https://crackingx.com/threads/69602/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
HERITAGE FINANCIAL CORP /WA/ Cybersecurity Incident Details – Board Cybersecurity
Category: Cyber Attack
Content: Heritage Financial Corporation a révélé le 20 mars 2026 avoir détecté le 2 février 2026 une cyberattaque visant un serveur de partage de fichiers interne, entraînant lexfiltration de données potentiellement personnelles. Bien que lentreprise ait activé son plan de réponse, isolé le système affecté et notifié les autorités, elle précise que ses opérations commerciales et les comptes clients nont pas été impactés. Lincident est actuellement sous évaluation et aucune incidence matérielle sur les conditions financières de lentreprise na été déterminée à ce stade.
Date: 2026-03-23T16:38:13Z
Network: openweb
Published URL: https://www.board-cybersecurity.com/incidents/tracker/heritage-financial-cybersecurity-incident-8066881b#8-k-filed-on-2026-03-20
Screenshots:
None
Threat Actors:
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Heritage Financial Corporation
Victim Site: hf-wa.com
Alleged data breach of Mardika
Category: Data Breach
Content: A threat actor claims to have leaked a database to Mardika. The allegedly compromised records appear to contain sensitive personal information, including names, addresses, cities, phone numbers, national identification numbers (KTP), and tax identification numbers (NPWP).
Date: 2026-03-23T16:34:01Z
Network: openweb
Published URL: https://darkforums.su/Thread-INDONESIA-DATABASE-MARDIKA-CO-ID
Screenshots:
None
Threat Actors: XSVSHACKER
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: mardika
Victim Site: mardika.co.id
8k Germany Fresh Mail Access Just Valid 23.03
Category: Combo List
Content: New thread posted by MailAccesss: 8k Germany Fresh Mail Access Just Valid 23.03
Date: 2026-03-23T16:31:34Z
Network: openweb
Published URL: https://crackingx.com/threads/69598/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
♋ 30k HOTMAIL DOMAIN WITH VALID 23.03.26
Category: Combo List
Content: New thread posted by ValidMail: ♋ 30k HOTMAIL DOMAIN WITH VALID 23.03.26
Date: 2026-03-23T16:30:45Z
Network: openweb
Published URL: https://crackingx.com/threads/69599/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German gaming and casino credentials
Category: Combo List
Content: A threat actor shared a combolist containing 370,608 credential entries allegedly targeting German gaming and casino platforms. The data is being distributed for free via file sharing platform.
Date: 2026-03-23T16:18:27Z
Network: openweb
Published URL: https://crackingx.com/threads/69597/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Gaming and Entertainment
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Thread allegedly contains a combolist of 6,000 unique Hotmail email and password combinations. The content is protected behind forum registration requirements.
Date: 2026-03-23T16:05:52Z
Network: openweb
Published URL: https://crackingx.com/threads/69595/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed domain credential list
Category: Combo List
Content: A threat actor shared a credential list containing 103,000 mixed domain email and password combinations dated March 26, 2023.
Date: 2026-03-23T16:05:08Z
Network: openweb
Published URL: https://crackingx.com/threads/69596/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of European gambling users data
Category: Data Leak
Content: A threat actor claims to be selling a European casino payment database with 2.5M users, including deposit details, contact information, and transaction data, mainly from France and other EU countries.
Date: 2026-03-23T15:59:21Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/278971/
Screenshots:
None
Threat Actors: Green41k
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credential combolist
Category: Combo List
Content: Threat actor klyne05 shared a mixed email credential combolist described as private, fresh, and checked. The post offers free download of the credential list through the CrackingX forum.
Date: 2026-03-23T15:44:25Z
Network: openweb
Published URL: https://crackingx.com/threads/69594/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged cybercrime marketplace offering initial access tools and stolen credentials
Category: Initial Access
Content: Cybercriminal marketplace Toolsx.pw advertises sale of various illegal digital tools including RDP access, SSH credentials, compromised email accounts, and web shells. The platform claims 90%+ validity rates and offers 24/7 support for buyers and sellers of cybercrime tools.
Date: 2026-03-23T15:33:22Z
Network: openweb
Published URL: https://crackingx.com/threads/69592/
Screenshots:
None
Threat Actors: Toolsx
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Himalayan Nepal Trek by overthrash1337 (Team Hazardous Pakistan)
Category: Defacement
Content: Pakistani hacker group Team Hazardous Pakistan, through member overthrash1337, defaced the website of Himalayan Nepal Trek, a Nepalese tourism company. The defacement occurred on March 23, 2026 and was archived on zone-xsec.com mirror system.
Date: 2026-03-23T15:18:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813224
Screenshots:
None
Threat Actors: overthrash1337, Team Hazardous Pakistan
Victim Country: Nepal
Victim Industry: Tourism
Victim Organization: Himalayan Nepal Trek
Victim Site: www.himalayannepaltrek.com
Nicotine targets the website of KKM Gold Dubai
Category: Defacement
Content: The threat actor claims to have defaced the website of KKM Gold Dubai.
Date: 2026-03-23T15:16:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/811792
Screenshots:
None
Threat Actors: Nicotine
Victim Country: UAE
Victim Industry: Luxury Goods & Jewelry
Victim Organization: kkm gold dubai
Victim Site: kkmgolddubai.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor has made available a combolist containing 950 Hotmail credentials for free download on a cybercrime forum.
Date: 2026-03-23T15:16:11Z
Network: openweb
Published URL: https://crackingx.com/threads/69591/
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of email provider credential combolists
Category: Combo List
Content: Threat actor distributes credential combolists for major email providers including Outlook, Gmail, Hotmail, iCloud, and AOL through Telegram channels. The actor offers free access to these credential lists through multiple Telegram groups.
Date: 2026-03-23T15:12:06Z
Network: openweb
Published URL: https://crackingx.com/threads/69590/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple Email Providers
Victim Site: Unknown
Alleged leak of credential combolist containing 360GB of login data
Category: Combo List
Content: A threat actor shared a 360GB combolist containing URL-LOG-PASS (URL, login, password) credentials in TXT format on a cybercrime forum. The data is being distributed for free download without specific victim attribution.
Date: 2026-03-23T15:01:46Z
Network: openweb
Published URL: https://crackingx.com/threads/69589/
Screenshots:
None
Threat Actors: TheBash1996
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Microsoft domain credentials
Category: Combo List
Content: A threat actor shared a combolist containing 725,478 credentials allegedly associated with Microsoft domains via a file sharing platform.
Date: 2026-03-23T14:42:17Z
Network: openweb
Published URL: https://crackingx.com/threads/69585/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: Unknown
Alleged leak of mixed credential combolist containing 11 million records
Category: Combo List
Content: Threat actor CODER is distributing an 11 million record credential combolist containing mixed email domains including Comcast, IT, NET, COM, EA, AR, IT, DE, FR, CO through free Telegram channels.
Date: 2026-03-23T14:41:46Z
Network: openweb
Published URL: https://crackingx.com/threads/69586/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor leaked a combolist containing 1,200 Hotmail email credentials described as fresh and high quality.
Date: 2026-03-23T14:32:10Z
Network: openweb
Published URL: https://crackingx.com/threads/69583/
Screenshots:
None
Threat Actors: Lexser
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of Kementerian Kesehatan RI
Category: Data Breach
Content: The threat actor claims to be leaked data from Kementerian Kesehatan RI. The compromised data reportedly contains 1.16M Phone numbers records, 583K Email addresses records including personally identifiable information (PII), including national ID numbers, full names, contact details (phone numbers and email addresses), addresses, dates of birth, and healthcare-related records.
Date: 2026-03-23T14:15:08Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Indonesia-Posyandu-ayosehat-kemkes-go-id-1164000
Screenshots:
None
Threat Actors: Sorb
Victim Country: Indonesia
Victim Industry: Hospital & Health Care
Victim Organization: kementerian kesehatan ri
Victim Site: ayosehat.kemkes.go.id
Alleged leak of corporate email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 59,122 corporate email and password combinations through a file sharing service. The credentials appear to target corporate entities but specific victim organizations are not identified.
Date: 2026-03-23T14:11:58Z
Network: openweb
Published URL: https://crackingx.com/threads/69578/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Forum post allegedly contains a combolist of 6,000 Hotmail email and password combinations. The actual content requires forum registration to access, suggesting it may be freely distributed to registered users.
Date: 2026-03-23T14:11:21Z
Network: openweb
Published URL: https://crackingx.com/threads/69579/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of Marion Military Institute
Category: Data Breach
Content: The threat actor claims to have breached data from Marion Military Institute and intends to publish it within 1-2 days.
Date: 2026-03-23T13:54:55Z
Network: tor
Published URL: https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/2109793778/overview
Screenshots:
None
Threat Actors: Worldleaks
Victim Country: USA
Victim Industry: Higher Education/Acadamia
Victim Organization: marion military institute
Victim Site: marionmilitary.edu
blackhun73r – cyber warrior targets the website of Poultry Federation of India
Category: Defacement
Content: The group claims to have defaced the website of Poultry Federation of India.
Date: 2026-03-23T13:52:51Z
Network: telegram
Published URL: https://t.me/blackhun73/499
Screenshots:
None
Threat Actors: blackhun73r – cyber warrior
Victim Country: India
Victim Industry: Non-profit & Social Organizations
Victim Organization: poultry federation of india
Victim Site: poultryfederation.org
blackhun73r – cyber warrior targets the website of Govt. Industrial Training Institute
Category: Defacement
Content: The group claims to have defaced the website of Govt. Industrial Training Institute.
Date: 2026-03-23T13:50:29Z
Network: telegram
Published URL: https://t.me/blackhun73/499
Screenshots:
None
Threat Actors: blackhun73r – cyber warrior
Victim Country: India
Victim Industry: Education
Victim Organization: govt. industrial training institute
Victim Site: womenitisonipat.com
Alleged Sale of Unauthorized Cloud Access to Multiple Countries
Category: Initial Access
Content: The threat actor claims to be selling unauthorized corporate cloud access across multiple countries.
Date: 2026-03-23T13:48:35Z
Network: openweb
Published URL: https://darkforums.su/Thread-Corporate-Cloud-Accesses-50-Discount
Screenshots:
None
Threat Actors: vexin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
blackhun73r – cyber warrior targets the website of Umeed Kiran
Category: Defacement
Content: The group claims to have defaced the website of Umeed Kiran.
Date: 2026-03-23T13:46:02Z
Network: telegram
Published URL: https://t.me/blackhun73/499
Screenshots:
None
Threat Actors: blackhun73r – cyber warrior
Victim Country: India
Victim Industry: Non-profit & Social Organizations
Victim Organization: umeed kiran
Victim Site: umeedkiran.com
blackhun73r – cyber warrior targets the website of Narpa Spices
Category: Defacement
Content: The group claims to have defaced the website of Narpa Spices.
Date: 2026-03-23T13:42:22Z
Network: telegram
Published URL: https://t.me/blackhun73/499
Screenshots:
None
Threat Actors: blackhun73r – cyber warrior
Victim Country: India
Victim Industry: Food & Beverages
Victim Organization: narpa spices
Victim Site: narpaspices.in
blackhun73r – cyber warrior targets the website of Jay Vet Nutrition
Category: Defacement
Content: The group claims to have defaced the website of Jay Vet Nutrition
Date: 2026-03-23T13:38:47Z
Network: telegram
Published URL: https://t.me/blackhun73/499
Screenshots:
None
Threat Actors: blackhun73r – cyber warrior
Victim Country: India
Victim Industry: Manufacturing
Victim Organization: jay vet nutrition
Victim Site: jayvetnutrition.com
Alleged Sale of Cryptocurrency User Leads Database
Category: Data Leak
Content: The threat actor claims to be selling Cryptocurrency User Leads Database
Date: 2026-03-23T13:38:10Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Fresh-Crypto-Leads-%E2%80%93-Verified-High-Quality–70014
Screenshots:
None
Threat Actors: tan_dob11
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,600 Hotmail email credentials on a cybercrime forum. The credentials appear to be offered as a free download rather than for sale.
Date: 2026-03-23T13:33:28Z
Network: openweb
Published URL: https://crackingx.com/threads/69569/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: Threat actor Cl0ud0wner shared a combolist containing 7.2k mixed email credentials on CrackingX forum under a private cloud collection.
Date: 2026-03-23T13:33:03Z
Network: openweb
Published URL: https://crackingx.com/threads/69571/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: Threat actor Cl0ud0wner shared a combolist containing 8.6k mixed email credentials on a cybercriminal forum.
Date: 2026-03-23T13:32:44Z
Network: openweb
Published URL: https://crackingx.com/threads/69572/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of business domain credential lists via Telegram
Category: Combo List
Content: Threat actor CODER is distributing credential lists (combolists) containing 7 million business domain accounts through Telegram channels. The actor offers both free distributions and appears to provide additional content through direct contact.
Date: 2026-03-23T13:32:26Z
Network: openweb
Published URL: https://crackingx.com/threads/69574/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 140,000 records
Category: Combo List
Content: A threat actor shared a combolist containing 140,000 URL:username:password credentials on a cybercrime forum. The data is described as fresh and private, made available for registered forum users.
Date: 2026-03-23T13:32:03Z
Network: openweb
Published URL: https://crackingx.com/threads/69575/
Screenshots:
None
Threat Actors: Seaborg
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged SMS service offering on underground forum
Category: Initial Access
Content: Forum post advertising an SMS service claiming to send messages to any country worldwide, potentially for fraudulent purposes. The service is promoted through a Telegram bot handle.
Date: 2026-03-23T13:31:43Z
Network: openweb
Published URL: https://crackingx.com/threads/69570/
Screenshots:
None
Threat Actors: bitly67
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Data from an Unidentified Australian Gambling Platform
Category: Data Leak
Content: The threat actor claims to be selling data from an Unidentified Australian Gambling Platform. The compromised data reportedly contains 1,400,000 records including personally identifiable information (PII) and financial data, such as usernames, email addresses, account balances, deposit and withdrawal details, full names, and phone numbers.
Date: 2026-03-23T13:23:12Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Australian-gambling-customers-1400K
Screenshots:
None
Threat Actors: globalData1
Victim Country: Australia
Victim Industry: Gambling & Casinos
Victim Organization: Unknown
Victim Site: Unknown
blackhun73r – cyber warrior targets the website of Bawa Masala Co Pvt Ltd
Category: Defacement
Content: The group claims to have defaced the website of Bawa Masala Co Pvt Ltd.
Date: 2026-03-23T13:14:35Z
Network: telegram
Published URL: https://t.me/blackhun73/499
Screenshots:
None
Threat Actors: blackhun73r – cyber warrior
Victim Country: India
Victim Industry: Food Production
Victim Organization: bawa masala co pvt ltd
Victim Site: bmcspices.com
blackhun73r – cyber warrior targets the website of Aryabhatta Education Research & Development Samiti
Category: Defacement
Content: The group claims to have defaced the website of Aryabhatta Education Research & Development Samiti.
Date: 2026-03-23T13:09:01Z
Network: telegram
Published URL: https://t.me/blackhun73/499
Screenshots:
None
Threat Actors: blackhun73r – cyber warrior
Victim Country: India
Victim Industry: Education
Victim Organization: aryabhatta education research & development samiti
Victim Site: agoi.net
Hax.or targets the website of Thavam Research Foundation
Category: Defacement
Content: The group claims to have defaced the website of Thavam Research Foundation.
Date: 2026-03-23T13:07:10Z
Network: telegram
Published URL: https://t.me/ctifeeds/129309
Screenshots:
None
Threat Actors: Hax.or
Victim Country: India
Victim Industry: Alternative Medicine
Victim Organization: thavam research foundation
Victim Site: thavamedu.org
Alleged leak of educational institution credentials
Category: Combo List
Content: Threat actor claims to be distributing a combolist containing 7 million educational email and password combinations through Telegram channels. The credentials appear to target educational institutions and are being shared for free.
Date: 2026-03-23T13:01:04Z
Network: openweb
Published URL: https://crackingx.com/threads/69568/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of MyBar
Category: Data Breach
Content: The threat actor claims to be leaked data from MyBar. The compromised data reportedly including customer information, newsletter subscriber details, and order-related data.
Date: 2026-03-23T12:58:16Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-mybarshop-es-breached-leaked
Screenshots:
None
Threat Actors: fanfan
Victim Country: Spain
Victim Industry: Retail Industry
Victim Organization: mybar
Victim Site: mybarshop.es
blackhun73r – cyber warrior targets the website of Acreion Pharmaceuticals
Category: Defacement
Content: The group claims to have defaced the website of Acreion Pharmaceuticals.
Date: 2026-03-23T12:52:58Z
Network: telegram
Published URL: https://t.me/blackhun73/499
Screenshots:
None
Threat Actors: blackhun73r – cyber warrior
Victim Country: India
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: acreion pharmaceuticals
Victim Site: acreionpharmaceuticals.com
Alleged leak of data from Zhejiang Guangyuan Printing and Packaging Co., Ltd
Category: Data Leak
Content: The threat actor claims to be leaked 70 GB data from Zhejiang Guangyuan Printing and Packaging Co., Ltd.
Date: 2026-03-23T12:43:11Z
Network: openweb
Published URL: https://spear.cx/Thread-Chinese-data-%E4%B8%AD%E5%9B%BD%E6%95%B0%E6%8D%AE-SnowSoul-ID-1271-70g
Screenshots:
None
Threat Actors: SnowSoul
Victim Country: China
Victim Industry: Manufacturing
Victim Organization: zhejiang guangyuan printing and packaging co., ltd
Victim Site: Unknown
Alleged leak of Japanese credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 1 million credentials allegedly originating from Japan. The credential list is being distributed for free via a file sharing service.
Date: 2026-03-23T12:29:16Z
Network: openweb
Published URL: https://crackingx.com/threads/69567/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor HollowKnight07 shared a sample combolist containing 1,405 Hotmail credentials on a cybercrime forum. The credentials are offered as a free download.
Date: 2026-03-23T12:18:36Z
Network: openweb
Published URL: https://crackingx.com/threads/69565/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: Forum post claims to contain 1,108 valid Hotmail credentials described as private access valids. The content requires forum registration to access.
Date: 2026-03-23T12:17:58Z
Network: openweb
Published URL: https://crackingx.com/threads/69566/
Screenshots:
None
Threat Actors: FlashCloud2
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of private cloud combolist service with mixed credentials
Category: Combo List
Content: Threat actor misterymc02 is selling access to a private cloud service providing updated combolists including mixed credentials and Hotmail accounts. Subscription-based access is offered with pricing from $20 for one week to $110 for three months.
Date: 2026-03-23T12:06:32Z
Network: openweb
Published URL: https://crackingx.com/threads/69562/
Screenshots:
None
Threat Actors: misterymc02
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Forum post claims to contain 6,000 unique Hotmail email and password combinations in a combolist format. The actual content is hidden behind a registration wall.
Date: 2026-03-23T12:05:58Z
Network: openweb
Published URL: https://crackingx.com/threads/69563/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of st-komm.de by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the st-komm.de website on March 23, 2026. The incident was a single-site defacement with no reported team affiliation or stated motivation.
Date: 2026-03-23T12:01:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813198
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: st-komm.de
Website defacement of 659am.com by DimasHxR
Category: Defacement
Content: DimasHxR defaced a page on 659am.com, targeting what appears to be a radio station website. The attack occurred on March 23, 2026 and was documented as a single page defacement rather than a mass attack.
Date: 2026-03-23T12:00:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813199
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Media/Broadcasting
Victim Organization: 659 AM Radio
Victim Site: 659am.com
Website defacement of macdolands.ru by DimasHxR
Category: Defacement
Content: DimasHxR defaced the MacDolands website on March 23, 2026, targeting what appears to be a McDonalds-related domain in Russia. The defacement involved compromising the readme.txt file on the site.
Date: 2026-03-23T12:00:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813209
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Food Service
Victim Organization: MacDolands
Victim Site: macdolands.ru
Website defacement of 7-nebo-otel.ru by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR defaced the Russian hotel website 7-nebo-otel.ru on March 23, 2026. The attack targeted the readme.txt file of what appears to be a hospitality business website.
Date: 2026-03-23T11:59:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813215
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Hospitality
Victim Organization: 7 Nebo Hotel
Victim Site: 7-nebo-otel.ru
Website defacement of aquabluelife.com by systemdarkdenied
Category: Defacement
Content: The attacker systemdarkdenied successfully defaced the aquabluelife.com website on March 23, 2026. The defacement targeted a specific page (indexKK.html) on a Linux-based server.
Date: 2026-03-23T11:56:15Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248071
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Aqua Blue Life
Victim Site: aquabluelife.com
Alleged distribution of SMTP credential combolist
Category: Combo List
Content: Threat actor CODER is distributing a combolist containing 14 million SMTP credentials through Telegram channels, offering both the credential list and related programs for free.
Date: 2026-03-23T11:55:44Z
Network: openweb
Published URL: https://crackingx.com/threads/69560/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of social media and e-commerce credentials
Category: Combo List
Content: A threat actor shared a combolist containing 622,127 credential pairs allegedly targeting social media and shopping platforms. The data is being distributed for free via a file sharing service.
Date: 2026-03-23T11:55:10Z
Network: openweb
Published URL: https://crackingx.com/threads/69561/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement campaign by systemdarkdenied targeting dsaquatech.in
Category: Defacement
Content: Threat actor systemdarkdenied conducted a mass defacement campaign targeting dsaquatech.in on March 23, 2026. The attack was part of a broader mass defacement operation rather than a targeted single-site breach.
Date: 2026-03-23T11:54:06Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248072
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: India
Victim Industry: Technology
Victim Organization: DS Aqua Tech
Victim Site: dsaquatech.in
Nicotine targets the website of Citypark Electronics
Category: Defacement
Content: The threat actor claims to have defaced the website of Citypark Electronics.
Date: 2026-03-23T11:52:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812469
Screenshots:
None
Threat Actors: Nicotine
Victim Country: UAE
Victim Industry: Retail Industry
Victim Organization: citypark electronics
Victim Site: cityparkelectronics.ae
Mass website defacement by systemdarkdenied targeting essarpolybags.com
Category: Defacement
Content: The attacker systemdarkdenied conducted a mass defacement campaign targeting essarpolybags.com, a manufacturing companys website. The incident was part of a broader mass defacement operation affecting multiple sites simultaneously.
Date: 2026-03-23T11:51:48Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248073
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: India
Victim Industry: Manufacturing
Victim Organization: Essar Poly Bags
Victim Site: essarpolybags.com
Mass defacement targeting Indian websites by systemdarkdenied
Category: Defacement
Content: The attacker systemdarkdenied conducted a mass defacement campaign targeting multiple websites including Glocolour Labs, an Indian manufacturing company. This was part of a broader attack affecting numerous sites rather than a targeted single-site defacement.
Date: 2026-03-23T11:49:28Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248074
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: India
Victim Industry: Manufacturing
Victim Organization: Glocolour Labs
Victim Site: glocolourlabs.co.in
Nicotine targets the website of Expert Tech Trading LLC
Category: Defacement
Content: The threat actor claims to have defaced the website of Expert Tech Trading LLC.
Date: 2026-03-23T11:47:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812470
Screenshots:
None
Threat Actors: Nicotine
Victim Country: UAE
Victim Industry: Civil Engineering
Victim Organization: expert tech trading llc
Victim Site: crm.experttech.ae
Mass defacement campaign by systemdarkdenied targeting madhanstudiosalem.com
Category: Defacement
Content: Threat actor systemdarkdenied conducted a mass defacement campaign targeting madhanstudiosalem.com on March 23, 2026. The attack was part of a broader mass defacement operation affecting multiple websites simultaneously.
Date: 2026-03-23T11:47:09Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248075
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: India
Victim Industry: Media/Entertainment
Victim Organization: Madhan Studios Salem
Victim Site: madhanstudiosalem.com
Mass defacement targeting miraypancarbons.com by systemdarkdenied
Category: Defacement
Content: Mass defacement attack conducted by threat actor systemdarkdenied targeting miraypancarbons.com on March 23, 2026. The attack was part of a broader mass defacement campaign affecting multiple websites.
Date: 2026-03-23T11:44:51Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248076
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: Unknown
Victim Industry: Manufacturing
Victim Organization: Miray Pan Carbons
Victim Site: miraypancarbons.com
Alleged leak of mixed email credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 7,500 email credentials described as mixed mail access from France, Italy and other countries. The credentials are being distributed for free download on a cybercriminal forum.
Date: 2026-03-23T11:44:00Z
Network: openweb
Published URL: https://crackingx.com/threads/69559/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass website defacement by systemdarkdenied targeting orangesalon.in
Category: Defacement
Content: The attacker systemdarkdenied conducted a mass defacement campaign targeting multiple websites including orangesalon.in on March 23, 2026. This was part of a broader mass defacement operation rather than a targeted attack on the specific salon business.
Date: 2026-03-23T11:43:29Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248077
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: India
Victim Industry: Beauty and Personal Care
Victim Organization: Orange Salon
Victim Site: orangesalon.in
Mass website defacement by systemdarkdenied targeting sarvinskin.com
Category: Defacement
Content: The attacker systemdarkdenied conducted a mass defacement campaign targeting multiple websites including sarvinskin.com on March 23, 2026. The attack compromised a Linux-based server hosting what appears to be a skincare or beauty-related website.
Date: 2026-03-23T11:42:10Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248078
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: Unknown
Victim Industry: Healthcare/Beauty
Victim Organization: Sarvin Skin
Victim Site: sarvinskin.com
Nicotine targets the website of Kantola Airconditioning LLC
Category: Defacement
Content: The threat actor claims to have defaced the website of Kantola Airconditioning LLC.
Date: 2026-03-23T11:40:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/812466
Screenshots:
None
Threat Actors: Nicotine
Victim Country: UAE
Victim Industry: Professional Services
Victim Organization: kantola airconditioning llc
Victim Site: app.kantolamep.ae
Mass defacement targeting multiple websites by systemdarkdenied
Category: Defacement
Content: Threat actor systemdarkdenied conducted a mass defacement campaign targeting multiple websites including a medical institute in India. The attack was executed on March 23, 2026 and affected the institutes web presence hosted on a Linux server.
Date: 2026-03-23T11:39:51Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248079
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: India
Victim Industry: Healthcare
Victim Organization: Sharthika Institute of Medical Sciences
Victim Site: sharthikaimc.com
Mass defacement targeting educational institutions by systemdarkdenied
Category: Defacement
Content: The threat actor systemdarkdenied conducted a mass defacement campaign targeting multiple websites including thavamedu.org, an Indian educational institution. This incident was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-03-23T11:37:32Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248080
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: India
Victim Industry: Education
Victim Organization: Thavamedu
Victim Site: thavamedu.org
Mass defacement campaign by systemdarkdenied targeting tigreenexim.com
Category: Defacement
Content: The attacker systemdarkdenied conducted a mass defacement campaign targeting tigreenexim.com on March 23, 2026. This appears to be part of a broader mass defacement operation rather than a targeted attack on this specific import/export company.
Date: 2026-03-23T11:36:10Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248081
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: Unknown
Victim Industry: Import/Export
Victim Organization: Tigree Nexim
Victim Site: tigreenexim.com
Mass defacement campaign by systemdarkdenied targeting jewelry retailer
Category: Defacement
Content: The attacker systemdarkdenied conducted a mass defacement campaign targeting multiple websites including VK Jewellers site on March 23, 2026. This was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-03-23T11:34:24Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248082
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: India
Victim Industry: Retail/Jewelry
Victim Organization: VK Jewellers
Victim Site: vkjewelrs.tnslm.in
Alleged distribution of mixed corporate credential lists
Category: Combo List
Content: Threat actor CODER is distributing free credential lists containing 13 million mixed corporate credentials through Telegram channels. The actor provides contact information for obtaining additional combolists and related tools.
Date: 2026-03-23T11:07:38Z
Network: openweb
Published URL: https://crackingx.com/threads/69558/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Leak of SQL Injection Vulnerability in Bonfapel Papelaria
Category: Data Breach
Content: Group claims to have leaked SQL injection vulnerability in the website of Bonfapel Papelaria.
Date: 2026-03-23T11:07:24Z
Network: telegram
Published URL: https://t.me/c/3807888281/214
Screenshots:
None
Threat Actors: KONCO ERROR SYSTEM
Victim Country: Brazil
Victim Industry: Retail Industry
Victim Organization: bonfapel papelaria
Victim Site: bonfapel.com.br
Alleged distribution of mixed credential combolist containing 29,500 records
Category: Combo List
Content: Threat actor distributed a mixed credential combolist containing 29,500 email and password combinations through a Telegram channel and file sharing service. The actor claims to provide fresh email databases with daily updates.
Date: 2026-03-23T10:59:03Z
Network: openweb
Published URL: https://crackingx.com/threads/69556/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
InDoM1nus Team targets the website of Purnama Tour
Category: Defacement
Content: The group claims to have defaced the website of Purnama Tour.
Date: 2026-03-23T10:49:03Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/123
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: Indonesia
Victim Industry: Hospitality & Tourism
Victim Organization: purnama tour
Victim Site: purnamatour.duft.co.id
Alleged unauthorized access to unidentified CCTV system of an MOT garage in UK
Category: Initial Access
Content: The Group claims to have gained unauthorized access to unidentified CCTV system of an MOT garage in UK.
Date: 2026-03-23T10:39:37Z
Network: telegram
Published URL: https://t.me/c/3584967422/117
Screenshots:
None
Threat Actors: NoName057(16)
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed credential data via D4RKNETHUB
Category: Combo List
Content: Threat actor D4rkNetHub shared a collection of 8,376 mixed credential combinations on CrackingX forum. The post contains an image link and requires forum registration to access the full content.
Date: 2026-03-23T10:24:33Z
Network: openweb
Published URL: https://crackingx.com/threads/69555/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed domain credential combolist
Category: Combo List
Content: A combolist containing 5,058 credentials from mixed domains has been shared on a cracking forum via a Mega.nz file sharing link.
Date: 2026-03-23T10:15:57Z
Network: openweb
Published URL: https://crackingx.com/threads/69554/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Iron Dome system operational failure
Category: Alert
Content: The threat actor claims that Israel’s Iron Dome system experienced a critical operational failure during a missile barrage. According to the actor, internal logs show authentication bypasses, rejected overrides, loss of connection to authentication servers, and a total system offline period of 247 seconds.
Date: 2026-03-23T09:58:51Z
Network: telegram
Published URL: https://t.me/c/3773763112/5
Screenshots:
None
Threat Actors: .regnum
Victim Country: Israel
Victim Industry: Military Industry
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of data from Allopneus
Category: Data Breach
Content: The threat actor claims to be selling data from Allopneus. The compromised data reportedly contains 739,316 records, including personally identifiable information (PII) such as full names, email addresses, phone numbers, addresses, and transaction-related details.
Date: 2026-03-23T09:40:23Z
Network: openweb
Published URL: https://darkforums.su/Thread-FR-739K-Allopneus-com
Screenshots:
None
Threat Actors: HexDex
Victim Country: France
Victim Industry: Automotive
Victim Organization: allopneus
Victim Site: allopneus.com
Alleged leak of German mixed domain credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 239,069 credential entries from various German domains. The data is being distributed for free via a file sharing service.
Date: 2026-03-23T09:40:10Z
Network: openweb
Published URL: https://crackingx.com/threads/69552/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Laboratoires des Pyrénées et des Landes
Category: Data Breach
Content: The threat actor claims to be leaked data from Laboratoires des Pyrénées et des Landes. The compromised data reportedly contains records including full names, company details, addresses, phone numbers, email addresses, user identifiers, and passwords.
Date: 2026-03-23T09:31:54Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-FR-Laboratoire-pyr%C3%A9n%C3%A9es
Screenshots:
None
Threat Actors: CyberNox
Victim Country: France
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: laboratoires des pyrénées et des landes
Victim Site: extranet.labs-pyrenees.fr
Alleged leak of Hotmail credentials on cybercrime forum
Category: Combo List
Content: A threat actor posted a collection of 41,000 Hotmail credentials on a cybercrime forum. The post indicates these are valid credentials with forum-related context.
Date: 2026-03-23T09:31:47Z
Network: openweb
Published URL: https://crackingx.com/threads/69551/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged shell access to Yuana Volition Ltd
Category: Initial Access
Content: Group claims to be selling shell-level access to Yuana Volition Ltd
Date: 2026-03-23T09:29:00Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/122
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: UK
Victim Industry: Building and construction
Victim Organization: yuana volition ltd
Victim Site: yuanevolitionltd.co.uk
Alleged shell access to Westine Eco Tech Ltd
Category: Initial Access
Content: Group claims to be selling shell-level access to Westine Eco Tech Ltd
Date: 2026-03-23T09:27:05Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/122
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: UK
Victim Industry: Building and construction
Victim Organization: westine eco tech ltd
Victim Site: westineecotechltd.co.uk
Alleged sale of shell access to Westfirm Eco Traders Ltd
Category: Initial Access
Content: Group claims to be selling shell-level access to Westfirm Eco Traders Ltd
Date: 2026-03-23T09:22:06Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/122
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: UK
Victim Industry: Building and construction
Victim Organization: westfirm eco traders ltd
Victim Site: westfirmecotradersltd.co.uk
Alleged data breach of Assu Risk
Category: Data Breach
Content: The threat actor claims to have leaked a data from Assu Risk, a France based insurance and risk management platform, dating from October 2024. The compromised dataset reportedly contains personally identifiable information (PII), including full names, email addresses, and associated user details.
Date: 2026-03-23T09:18:08Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-FR-assu-risk-fr-Leaked-Download
Screenshots:
None
Threat Actors: marinelepen
Victim Country: France
Victim Industry: Financial Services
Victim Organization: assu risk
Victim Site: assu-risk.fr
Alleged data breach of Servicio Civil
Category: Data Breach
Content: The threat actor claims to be leaked data from Servicio Civil. The compromised data reportedly contains 110,000 records, including full names and associated user IDs.
Date: 2026-03-23T09:11:42Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-CL-110K-CAMPUS-SERVICIOCIVIL-CL
Screenshots:
None
Threat Actors: NyxarGroup
Victim Country: Chile
Victim Industry: Government Administration
Victim Organization: servicio civil
Victim Site: campus.serviciocivil.cl
Alleged sale of shell access to Waiden Consultants Ltd
Category: Initial Access
Content: Group claims to be selling shell-level access to Waiden Consultants Ltd.
Date: 2026-03-23T09:09:35Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/122
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: UK
Victim Industry: Building and construction
Victim Organization: waiden consultants ltd
Victim Site: waidenconsultantsltd.co.uk
Alleged sale of shell access to trestonikretail.co.uk
Category: Initial Access
Content: Group claims to be selling shell-level access to trestonikretail.co.uk.
Date: 2026-03-23T09:07:56Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/122
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: trestonikretail.co.uk
Alleged unauthorized access to hueminsons
Category: Initial Access
Content: The Group claims to have gained unauthorized access to hueminsons
Date: 2026-03-23T09:00:23Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/122
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: UK
Victim Industry: Unknown
Victim Organization: hueminsons
Victim Site: hueminsons.uk
Alleged unauthorized access to Neotell Frixion Ltd
Category: Initial Access
Content: The Group claims to have gained unauthorized access to Neotell Frixion Ltd
Date: 2026-03-23T08:56:06Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/122
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: UK
Victim Industry: Unknown
Victim Organization: neotell frixion ltd
Victim Site: neotellfrixionltd.co.uk
Alleged sale of shell access to Zona Cakrawala
Category: Initial Access
Content: Group claims to be selling shell-level access to Zona Cakrawala
Date: 2026-03-23T08:50:16Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/121
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: Indonesia
Victim Industry: Online Publishing
Victim Organization: zona cakrawala
Victim Site: zonacakrawala.com
Alleged sale of shell access to Repow Enteractive Ltd
Category: Initial Access
Content: Group claims to be selling shell-level access to Repow Enteractive Ltd.
Date: 2026-03-23T08:49:52Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/122
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: UK
Victim Industry: Energy & Utilities
Victim Organization: repow enteractive ltd
Victim Site: repowenteractiveltd.co.uk
Alleged unauthorized access to Holmfortheit Trade Ltd
Category: Initial Access
Content: The Group claims to have gained unauthorized access to Holmfortheit Trade Ltd
Date: 2026-03-23T08:47:50Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/122
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: UK
Victim Industry: Import & Export
Victim Organization: holmfortheit trade ltd
Victim Site: holmfortheittradeltd.co.uk
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 7,000 valid email credentials from mixed sources, described as high quality and dated March 23rd.
Date: 2026-03-23T08:45:22Z
Network: openweb
Published URL: https://crackingx.com/threads/69549/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized access to Yayasan Cikahuripan
Category: Initial Access
Content: The Group claims to have gained unauthorized access to Yayasan Cikahuripan.
Date: 2026-03-23T08:44:52Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/121
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: Indonesia
Victim Industry: Non-profit & Social Organizations
Victim Organization: yayasan cikahuripan
Victim Site: yayasancikahuripan.com
Alleged unauthorized access to Tribun Maluku Tenggara Raya
Category: Initial Access
Content: The Group claims to have gained unauthorized access to Tribun Maluku Tenggara Raya.
Date: 2026-03-23T08:33:18Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/121
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: Indonesia
Victim Industry: Online Publishing
Victim Organization: tribun maluku tenggara raya
Victim Site: tribun-malukutenggararaya.com
Alleged sale of shell access to RA ARCTECTURAL ECO LTD
Category: Initial Access
Content: Group claims to be selling shell-level access to RA ARCTECTURAL ECO LTD.
Date: 2026-03-23T08:32:46Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/122
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: UK
Victim Industry: Building and construction
Victim Organization: ra arctectural eco ltd
Victim Site: raarctecturalecoltd.co.uk
Alleged sale of shell access to relvintectrade.co.uk
Category: Initial Access
Content: Group claims to be selling shell-level access to relvintectrade.co.uk.
Date: 2026-03-23T08:27:47Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/122
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: relvintectrade.co.uk
Alleged distribution of mixed country credential combolist
Category: Combo List
Content: Threat actor CODER is distributing a credential combolist containing 1.3 million records from mixed countries through Telegram channels. The actor provides free access to combo lists and cracking tools via dedicated Telegram groups.
Date: 2026-03-23T08:27:44Z
Network: openweb
Published URL: https://crackingx.com/threads/69547/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Gmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing approximately 337,000 Gmail email and password combinations on a cybercriminal forum. The credentials are claimed to be unique and from 2026.
Date: 2026-03-23T08:17:56Z
Network: openweb
Published URL: https://crackingx.com/threads/69546/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged unauthorized access to targetbuser86.com
Category: Initial Access
Content: The Group claims to have gained unauthorized access to Target Buser 86.
Date: 2026-03-23T08:16:47Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/121
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: Indonesia
Victim Industry: Social Media & Online Social Networking
Victim Organization: targetbuser86.com
Victim Site: targetbuser86.com
Alleged unauthorized access to Segantang Lada
Category: Initial Access
Content: The Group claims to have gained unauthorized access to Segantang Lada.
Date: 2026-03-23T08:04:58Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/121
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: Indonesia
Victim Industry: Social Media & Online Social Networking
Victim Organization: segantang lada
Victim Site: segantanglada.id
Alleged Unauthorized Access to Brittle Eco Design Ltd
Category: Initial Access
Content: Group claims to have unauthorized access to Brittle Eco Design Ltd
Date: 2026-03-23T08:04:03Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/122
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: UK
Victim Industry: Graphic & Web Design
Victim Organization: brittle eco design ltd
Victim Site: brittleecodesignltd.co.uk
Alleged Unauthorized Access to commsomitrade
Category: Initial Access
Content: Group claims to have unauthorized access to commsomitrade
Date: 2026-03-23T08:02:43Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/122
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: UK
Victim Industry: Import & Export
Victim Organization: commsomitrade
Victim Site: commsomitrade.uk
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 1.5 million Hotmail email and password combinations via a file sharing platform. The credentials are described as high quality and made available for free download.
Date: 2026-03-23T08:01:13Z
Network: openweb
Published URL: https://crackingx.com/threads/69545/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of shell access to PersadaKita
Category: Initial Access
Content: Group claims to be selling shell-level access to PersadaKita.
Date: 2026-03-23T08:01:04Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/121
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: Indonesia
Victim Industry: Online Publishing
Victim Organization: persadakita
Victim Site: persadakita.id
Alleged sale of shell access to Pantau Hukum
Category: Initial Access
Content: Group claims to be selling shell-level access to Pantau Hukum.
Date: 2026-03-23T07:57:58Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/121
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: Indonesia
Victim Industry: Online Publishing
Victim Organization: pantau hukum
Victim Site: pantauhukum.com
Alleged sale of shell access to KabarBromo66
Category: Initial Access
Content: Group claims to be selling shell-level access to KabarBromo66.
Date: 2026-03-23T07:57:28Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/121
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: Indonesia
Victim Industry: Online Publishing
Victim Organization: kabarbromo66
Victim Site: kabarbromo66.com
Alleged Unauthorized Access to Atech LEDs Ltd
Category: Initial Access
Content: Group claims to have unauthorized access to Atech LEDs Ltd
Date: 2026-03-23T07:52:41Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/122
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: UK
Victim Industry: Consumer Electronics
Victim Organization: atech leds ltd
Victim Site: atechledsltd.co.uk
Alleged sale of shell access to inforakyat24jam.com
Category: Initial Access
Content: Group claims to be selling shell-level access to inforakyat24jam.com
Date: 2026-03-23T07:52:36Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/121
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: Indonesia
Victim Industry: Online Publishing
Victim Organization: inforakyat24jam.com
Victim Site: inforakyat24jam.com
Trojan 1337 targets the website of National Drought Monitoring Centre
Category: Defacement
Content: Group claims to have defaced the website of the National Drought Monitoring Centre.
Date: 2026-03-23T07:51:21Z
Network: telegram
Published URL: https://t.me/c/2805167925/122
Screenshots:
None
Threat Actors: Trojan 1337
Victim Country: Pakistan
Victim Industry: Government Administration
Victim Organization: national drought monitoring centre
Victim Site: ndmc.pmd.gov.pk
Alleged Unauthorized Access to Bell & Son SecoTech Ltd
Category: Initial Access
Content: Group claims to have unauthorized access to Bell & Son SecoTech Ltd
Date: 2026-03-23T07:50:54Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/122
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: UK
Victim Industry: Unknown
Victim Organization: bell & son secotech ltd
Victim Site: bellandsonsecotechltd.co.uk
Alleged sale of shell access to Dobrak Nusantara
Category: Initial Access
Content: Group claims to be selling shell-level access to Dobrak Nusantara.
Date: 2026-03-23T07:45:01Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/121
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: Indonesia
Victim Industry: Online Publishing
Victim Organization: dobrak nusantara
Victim Site: dobraknusantara.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor distributed a combolist containing 1,871 allegedly valid Hotmail email credentials through a forum post, claiming the credentials are premium hits from private cloud sources.
Date: 2026-03-23T07:42:48Z
Network: openweb
Published URL: https://crackingx.com/threads/69543/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a link to download approximately 1,500 Hotmail email credentials through a file hosting service. The credentials appear to be distributed as a free combolist rather than being sold.
Date: 2026-03-23T07:42:30Z
Network: openweb
Published URL: https://crackingx.com/threads/69544/
Screenshots:
None
Threat Actors: WashingtonDC
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Gmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 334,505 unique Gmail email and password combinations on a cybercrime forum.
Date: 2026-03-23T07:33:42Z
Network: openweb
Published URL: https://crackingx.com/threads/69541/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 487,439 Hotmail email and password combinations through a file sharing service. The credentials are claimed to be high quality and sourced from previous data breaches.
Date: 2026-03-23T07:33:24Z
Network: openweb
Published URL: https://crackingx.com/threads/69542/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of historical account credentials with authentication data
Category: Combo List
Content: A threat actor named abbvaes is making available historical account credentials from 2012-2020, including cookies, 2FA authentication data, email addresses, and username/password combinations via Telegram contact.
Date: 2026-03-23T07:06:40Z
Network: openweb
Published URL: https://crackingx.com/threads/69539/
Screenshots:
None
Threat Actors: abbvaes
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential combolists targeting corporate email addresses
Category: Combo List
Content: Threat actor CODER is distributing a 9 million record combolist containing corporate email credentials through Telegram channels. The actor offers free credential lists and cracking tools through multiple Telegram groups.
Date: 2026-03-23T06:39:34Z
Network: openweb
Published URL: https://crackingx.com/threads/69537/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Cyber Attack hits Cyber Attack Hits Iran’s Water Treatment and Transfer Facilities
Category: Cyber Attack
Content: The Islamic Republic of Iran reported a cyberattack targeting its urban water and electricity infrastructure, allegedly attributed to the United States and allied entities. Several water transfer and treatment facilities were affected, causing disruptions to critical services, though most systems were quickly restored. Officials have also indicated the possibility of a reciprocal cyber response.
Date: 2026-03-23T06:38:17Z
Network: telegram
Published URL: https://t.me/cyberbannews_ir/20719
Screenshots:
None
Threat Actors:
Victim Country: Iran
Victim Industry: Energy & Utilities
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Virta Health
Category: Data Breach
Content: The group claims to have leaked data from Virta Health. They intent to publish it within 6 days.
Date: 2026-03-23T06:33:07Z
Network: openweb
Published URL: https://lapsus.by/
Screenshots:
None
Threat Actors: LAPSUS-GROUP
Victim Country: USA
Victim Industry: Hospital & Health Care
Victim Organization: virta health
Victim Site: virtahealth.com
Alleged Unauthorized Access to Bersinar News
Category: Initial Access
Content: Group claims to have unauthorized access to Bersinar News website.
Date: 2026-03-23T06:30:19Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/121
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: Indonesia
Victim Industry: Online Publishing
Victim Organization: bersinar news
Victim Site: bersinarnews.com
Alleged Unauthorized Access to Bernas Sharp
Category: Initial Access
Content: Group claims to have unauthorized access to Bernas Sharp website.
Date: 2026-03-23T06:23:44Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/121
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: Unknown
Victim Industry: Online Publishing
Victim Organization: bernas sharp
Victim Site: bernassharp.com
Alleged unauthorized access to Cyberkriminal.id
Category: Initial Access
Content: The group claims to have gained unauthorized access to Cyberkriminal.id
Date: 2026-03-23T06:21:52Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/121
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: Indonesia
Victim Industry: Information Technology (IT) Services
Victim Organization: Unknown
Victim Site: cyberkriminal.id
Alleged leak of credential combolist containing 14.3 million records
Category: Combo List
Content: Threat actor VitVit shared a credential combolist containing approximately 14.3 million lines on a cybercriminal forum. The data appears to be made available for registered users to download.
Date: 2026-03-23T06:12:27Z
Network: openweb
Published URL: https://crackingx.com/threads/69536/
Screenshots:
None
Threat Actors: VitVit
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged access to Bongkarborneo
Category: Initial Access
Content: The group claims to have gained access to Bongkarborneo
Date: 2026-03-23T06:06:24Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/121
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: Indonesia
Victim Industry: Social Media & Online Social Networking
Victim Organization: bongkarborneo
Victim Site: bongkarborneo.com
Alleged leak of unauthorized admin access to venus media
Category: Initial Access
Content: Threat actor claims to have leaked unauthorized admin access to venus media.
Date: 2026-03-23T05:57:29Z
Network: openweb
Published URL: https://xforums.st/threads/venus-media-co-il-admin-wp-login.560248/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Israel
Victim Industry: Marketing, Advertising & Sales
Victim Organization: venus media
Victim Site: venus-media.co.il
Alleged Unauthorized Access to Batam Express
Category: Initial Access
Content: Group claims to have unauthorized access to Batam Express website.
Date: 2026-03-23T05:55:32Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/121
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: Indonesia
Victim Industry: Online Publishing
Victim Organization: batam express
Victim Site: batamexpress.com
Alleged Unauthorized Access to AmphibiNews.com
Category: Initial Access
Content: Group claims to have unauthorized access to AmphibiNews.com.
Date: 2026-03-23T05:48:38Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/121
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: Indonesia
Victim Industry: Online Publishing
Victim Organization: amphibinews.com
Victim Site: amphibinews.com
Alleged leak of Microsoft domain credentials
Category: Combo List
Content: A threat actor shared a combolist containing 11.6 million Microsoft domain credentials on a cybercriminal forum. The credentials are being distributed for free download via a file sharing service.
Date: 2026-03-23T05:45:57Z
Network: openweb
Published URL: https://crackingx.com/threads/69535/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: Unknown
Website defacement of robohub.ro by aexdy from Leviathan Perfect Hunter team
Category: Defacement
Content: The Leviathan Perfect Hunter team, specifically attacker aexdy, successfully defaced the robotics technology website robohub.ro on March 23, 2026. The defacement targeted a single site rather than being part of a mass attack campaign.
Date: 2026-03-23T05:39:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813196
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Romania
Victim Industry: Technology
Victim Organization: Robohub
Victim Site: robohub.ro
Alleged Unauthorized Access to AK47 News
Category: Initial Access
Content: Group claims to have unauthorized access to AK47 News website.
Date: 2026-03-23T05:32:39Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/121
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: Unknown
Victim Industry: Broadcast Media
Victim Organization: ak47 news
Victim Site: ak47news.com
Alleged Unauthorized Access to AESEN TV
Category: Initial Access
Content: Group claims to have unauthorized access to AESEN TV website.
Date: 2026-03-23T05:32:24Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/121
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: Indonesia
Victim Industry: Broadcast Media
Victim Organization: aesen tv
Victim Site: aesen-tv.com
Alleged distribution of email credential combolist targeting multiple platforms
Category: Combo List
Content: Threat actor distributing a 10 million email and password credential list through Telegram channels, targeting various platforms including Amazon, eBay, Facebook and gaming services. The combolist is being freely distributed through multiple Telegram groups.
Date: 2026-03-23T05:27:39Z
Network: openweb
Published URL: https://crackingx.com/threads/69534/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German shopping site credentials
Category: Combo List
Content: User HQcomboSpace shared a combolist containing 193,561 credential pairs allegedly targeting German shopping websites through a file hosting service.
Date: 2026-03-23T05:19:01Z
Network: openweb
Published URL: https://crackingx.com/threads/69533/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of phone number and password credentials
Category: Combo List
Content: A threat actor shared what appears to be a credential list containing phone numbers and passwords, described as high quality and private. The post provides minimal details about the source, scope, or specific content of the leaked credentials.
Date: 2026-03-23T04:58:43Z
Network: openweb
Published URL: https://crackingx.com/threads/69532/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of ATOS PAMOR BAPENDA JAWA BARAT
Category: Data Breach
Content: The group claims to have breached 149,833 data from ATOS PAMOR BAPENDA JAWA BARAT. The compromised data reportedly includes name, ID number, and Tax.
Date: 2026-03-23T04:52:25Z
Network: telegram
Published URL: https://t.me/BabayoErorSyteam/326
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: atos pamor bapenda jawa barat
Victim Site: atospamor-v2.bapenda.jabarprov.go.id
Alleged leak of WordPress credential lists
Category: Combo List
Content: A threat actor allegedly shared WordPress credential lists containing login credentials in username:password format. The post appears in a forum section dedicated to combolists and credential dumps.
Date: 2026-03-23T04:49:36Z
Network: openweb
Published URL: https://crackingx.com/threads/69531/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed USA and Europe credential combolist
Category: Combo List
Content: A threat actor shared an exclusive combolist containing mixed credential data from USA and Europe regions on a cybercriminal forum.
Date: 2026-03-23T04:40:57Z
Network: openweb
Published URL: https://crackingx.com/threads/69529/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of European and US credential combolists
Category: Combo List
Content: Threat actor claiming to distribute high quality credential combolists targeting users from Europe and USA. Post advertises the credentials as fully valid but lacks specific details about record counts or targeted services.
Date: 2026-03-23T04:40:39Z
Network: openweb
Published URL: https://crackingx.com/threads/69530/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist in URL:LOGIN:PASS format
Category: Combo List
Content: A threat actor shared a credential combolist containing login credentials in URL:LOGIN:PASS format, advertised as high quality and private. The post appears to offer free access to the credential data without mentioning any payment requirements.
Date: 2026-03-23T04:31:49Z
Network: openweb
Published URL: https://crackingx.com/threads/69528/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of serinpro.com by root-seo
Category: Defacement
Content: The root-seo group successfully defaced the serinpro.com website on March 23, 2026. The attack targeted a single page on a Linux-based server.
Date: 2026-03-23T04:21:02Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248070
Screenshots:
None
Threat Actors: root-seo, root-seo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Serinpro
Victim Site: serinpro.com
Website defacement of serinpro.com by root-seo.com
Category: Defacement
Content: The website serinpro.com was defaced by the attacker group root-seo.com on March 23, 2026. This was a targeted home page defacement rather than a mass attack.
Date: 2026-03-23T04:06:19Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813195
Screenshots:
None
Threat Actors: root-seo.com, root-seo.com
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Serinpro
Victim Site: serinpro.com
Alleged Sale of Airsoft-Entrepot
Category: Data Breach
Content: The threat actor claims to be selling 363,000 records from Airsoft-Entrepot. The dataset contains Full address, Customer details, Email, Name and much more information.
Date: 2026-03-23T04:03:43Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-FR-Airsoft-Entrepot
Screenshots:
None
Threat Actors: HexDex
Victim Country: France
Victim Industry: Machinery Manufacturing
Victim Organization: airsoft-entrepot
Victim Site: airsoft-entrepot.fr
Alleged leak of t-online.de credentials
Category: Combo List
Content: A credential list containing 78,112 lines targeting t-online.de domain has been made available for free download on a cybercrime forum.
Date: 2026-03-23T03:26:04Z
Network: openweb
Published URL: https://crackingx.com/threads/69527/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Germany
Victim Industry: Telecommunications
Victim Organization: T-Online
Victim Site: t-online.de
Alleged leak of German mixed credential combolist
Category: Combo List
Content: A threat actor shared a credential combolist containing 883,934 lines of mixed German credentials via a Mega.nz download link. The data appears to be distributed for free without any payment required.
Date: 2026-03-23T03:06:32Z
Network: openweb
Published URL: https://crackingx.com/threads/69525/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of abook.mn by Aptisme
Category: Defacement
Content: The threat actor Aptisme successfully defaced the website abook.mn on March 23, 2026. This was a targeted single-site defacement rather than a mass defacement campaign.
Date: 2026-03-23T03:04:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813182
Screenshots:
None
Threat Actors: Aptisme
Victim Country: Mongolia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: abook.mn
Website defacement of LG Transporte by Aptisme
Category: Defacement
Content: The Brazilian transportation company LG Transportes website was defaced by the attacker known as Aptisme on March 23, 2026. This was a targeted home page defacement affecting the companys main website.
Date: 2026-03-23T03:04:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813183
Screenshots:
None
Threat Actors: Aptisme
Victim Country: Brazil
Victim Industry: Transportation
Victim Organization: LG Transporte
Victim Site: lgtransporte.com.br
Website defacement of shil.mn by Aptisme
Category: Defacement
Content: The attacker Aptisme successfully defaced the homepage of shil.mn on March 23, 2026. This was a single-target home page defacement rather than a mass defacement campaign.
Date: 2026-03-23T03:03:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813186
Screenshots:
None
Threat Actors: Aptisme
Victim Country: Mongolia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: shil.mn
Alleged data leak of Foxhog Ventures Corp. USA
Category: Data Breach
Content: Threat actor claims to have leaked the database of Foxhog Ventures Corp. USA.
Date: 2026-03-23T02:38:39Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-FOXHOG-VENTURES-DATABASE-LEAKED-DOWNLOAD
Screenshots:
None
Threat Actors: tarunpoddar
Victim Country: USA
Victim Industry: Banking & Mortgage
Victim Organization: foxhog ventures corp. usa
Victim Site: foxhogbank.co.in
Alleged leak of Hotmail credentials on cybercrime forum
Category: Combo List
Content: A cybercrime forum user shared a list containing 41,000 Hotmail email credentials, claiming the credentials are valid and sourced from forums.
Date: 2026-03-23T02:22:48Z
Network: openweb
Published URL: https://crackingx.com/threads/69523/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Gmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 327,873 unique Gmail email and password combinations on a cybercrime forum. The credentials are claimed to be from 2026 and are being distributed for free to forum members.
Date: 2026-03-23T02:22:31Z
Network: openweb
Published URL: https://crackingx.com/threads/69524/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor is allegedly sharing a collection of valid Hotmail email credentials through a private cloud service via Telegram contact.
Date: 2026-03-23T02:04:09Z
Network: openweb
Published URL: https://crackingx.com/threads/69522/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of Amazon
Category: Data Breach
Content: The group claims to have breached Amazon Technologies Inc
Date: 2026-03-23T02:01:14Z
Network: telegram
Published URL: https://t.me/dienet3/534
Screenshots:
None
Threat Actors: DieNet
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: amazon technologies inc
Victim Site: amazon.com
Alleged Sale of Ley del Lobby
Category: Data Breach
Content: The threat actor claims to be selling 250GB of records from Ley del Lobby. The dataset contains Name, Passport, Contact, Address, Email and much more information.
Date: 2026-03-23T01:58:18Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-CL-250GB-LEYLOBBY-GOB-CL-2018-2026
Screenshots:
None
Threat Actors: NyxarGroup
Victim Country: Chile
Victim Industry: Government Administration
Victim Organization: ley del lobby
Victim Site: leylobby.gob.cl
Alleged data breach of GKH.IN.UA
Category: Data Breach
Content: The group claims to have breached data from GKH.IN.UA. The compromised data reportedly includes company data like populated area personal accounts, name, phone number and email.
Date: 2026-03-23T01:15:44Z
Network: telegram
Published URL: https://t.me/itarmyofrussianews/348
Screenshots:
None
Threat Actors: IT ARMY OF RUSSIA
Victim Country: Ukraine
Victim Industry: Energy & Utilities
Victim Organization: Unknown
Victim Site: gkh.in.ua
Alleged data leak of BAPENDA Jabar
Category: Data Leak
Content: The threat actor claims to have leaked a database containing approximately 149,833 records associated with BAPENDA Jabar.
Date: 2026-03-23T01:13:41Z
Network: telegram
Published URL: https://t.me/CinCauGhast405/36
Screenshots:
None
Threat Actors: CinCauGhast
Victim Country: Indonesia
Victim Industry: Government & Public Sector
Victim Organization: bapenda jaba
Victim Site: bapenda.jabarprov.go.id
Alleged leak of mixed domain credential list
Category: Combo List
Content: A credential list containing 9,437 lines targeting mixed domains was shared on a cybercriminal forum via a file hosting service.
Date: 2026-03-23T01:13:34Z
Network: openweb
Published URL: https://crackingx.com/threads/69521/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Konver by tirz4sec (jatengblekhet team)
Category: Defacement
Content: The attacker tirz4sec, affiliated with the jatengblekhet team, defaced the Brazilian website konver.com.br on March 23, 2026. The defacement targeted a specific page (in.html) rather than the main site homepage.
Date: 2026-03-23T01:08:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813181
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Konver
Victim Site: konver.com.br
Website defacement of DuoConect by tirz4sec (jatengblekhet team)
Category: Defacement
Content: The website duoconect.com.br was defaced by attacker tirz4sec, affiliated with the jatengblekhet team, on March 23, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-03-23T00:59:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813179
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: DuoConect
Victim Site: duoconect.com.br
Website defacement of zayyrem.com.br by tirz4sec/jatengblekhet team
Category: Defacement
Content: The website zayyrem.com.br was defaced by attacker tirz4sec from the jatengblekhet team on March 23, 2026. This was a single home page defacement rather than a mass defacement campaign.
Date: 2026-03-23T00:58:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813180
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: zayyrem.com.br
Alleged leak of Yahoo cryptocurrency-focused credential list
Category: Combo List
Content: A credential list containing 617,759 Yahoo email and password combinations targeting cryptocurrency users has been made available for free download on a cybercriminal forum.
Date: 2026-03-23T00:56:15Z
Network: openweb
Published URL: https://crackingx.com/threads/69520/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com
Website defacement of hotelsolutions.shop by tirz4sec (jatengblekhet team)
Category: Defacement
Content: The attacker tirz4sec, affiliated with the jatengblekhet team, successfully defaced the hotelsolutions.shop website on March 23, 2026. The defacement targeted a hospitality industry website offering hotel solutions services.
Date: 2026-03-23T00:44:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813178
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: Unknown
Victim Industry: Hospitality
Victim Organization: Hotel Solutions
Victim Site: hotelsolutions.shop
Alleged leak of Hotmail credentials
Category: Combo List
Content: User redcloud shared a combolist containing 4.2K Hotmail email credentials via a free MediaFire download link, claiming the data is valid and private.
Date: 2026-03-23T00:38:55Z
Network: openweb
Published URL: https://crackingx.com/threads/69519/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of credential combolist containing 5.48 million records
Category: Combo List
Content: Threat actor Daxus shared a combolist containing 5.48 million URL:LOG:PASS credentials on CrackingX forum. The data is described as strictly private and ultra high quality with access provided through Telegram bot and associated website.
Date: 2026-03-23T00:30:15Z
Network: openweb
Published URL: https://crackingx.com/threads/69518/
Screenshots:
None
Threat Actors: Daxus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown