[March-24-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This report provides a comprehensive analysis of 302 documented cybersecurity incidents that occurred primarily on March 24, 2026. The threat landscape captured in this dataset is characterized by a massive volume of compromised credential distribution (combo lists), extensive website defacement campaigns, high-profile corporate and government data breaches, and the active trading of initial access to corporate networks. Threat actors leveraged both open web forums (such as crackingx.com, exploit.biz, and darkforums.su) and Telegram channels to distribute, sell, and boast about compromised data.

The data reveals a highly active cybercriminal ecosystem where initial access brokers, database leakers, and hacktivists operate simultaneously, affecting diverse sectors globally, including government administration, telecommunications, retail, and healthcare.

2. Mega Breaches and Critical Data Leaks

A significant portion of the data revolves around massive databases leaked or sold on underground forums, often involving millions of user records.

2.1 Technology and Telecommunications Breaches

OVHcloud: A threat actor named “Leaks Market” (and later “contactbreachforums”) claimed to have breached OVHcloud, exposing data from approximately 1.6 million customers and 5.9 million hosted websites. The compromised data allegedly includes customer details, source code, databases, and server configurations.
Telegram: Multiple actors claimed breaches related to Telegram. “Databroque” claimed to leak over 71 million user records (including account IDs and phone numbers) , while another actor, “hexvior,” claimed to possess a dataset of over 200 million records.
HBX Group (Hotelbeds): Threat actor “nikifffi” alleged a complete infrastructure compromise of HBX Group, extracting over 500 million records, including booking data, VCC cards, and hotel bank accounts from Oracle and PostgreSQL databases.
Checkmarx: A supply-chain breach occurred when threat actor “TeamPCP” used stolen CI/CD credentials to compromise GitHub Actions workflows, harvesting sensitive secrets including SSH keys and cloud credentials for AWS, Google Cloud, and Azure.
HackerOne: The platform suffered a breach affecting 287 employees after attackers compromised its third-party benefits provider, Navia, exposing Social Security numbers and contact details. HackerOne’s internal systems were not breached.

2.2 Government and Public Sector Leaks

French Weapons Information System (SIA): Multiple actors (“HexDex” and “Leaks Market”) claimed to have breached the SIA database, exposing records on over 62,000 weapons, including owner details, transaction histories, and registration numbers.
Instituto Nacional de Estadística de Bolivia (INE): Actors “marshallmonr” and “Solonik” leaked internal data, including over 1TB of internal documents.
Government of Thailand: Threat actor “Solonik” claimed to have leaked sensitive documents from the Thailand Ministry of Defence.
Government of Iran: The group “scattered LAPSUS$ hunters 7.0” claimed a data breach of the Atomic Energy Organization of Iran.
Dutch Ministry of Finance: A cyberattack involving unauthorized access to internal systems within the policy department was disclosed, though critical public services remained unaffected.
Indonesian Directorate General of Taxes: “BABAYO EROR SYSTEM” claimed to have leaked employee ID cards.
U.S. Law Enforcement: Threat actor “Alz_157s” claimed a breach of the Commission on Accreditation for Law Enforcement Agencies (CALEA), leaking employee information and protocols.

3. The Combolist Ecosystem

The dataset highlights an epidemic of credential stuffing material. “Combo lists” (combinations of usernames/emails and passwords) were distributed at an industrial scale, primarily hosted on file-sharing platforms and advertised on crackingx.com and Telegram.

3.1 Prolific Threat Actors in Credential Distribution

CODER: This actor is responsible for distributing tens of millions of records for free via Telegram channels to solicit users for related hacking tools. Distributions included 15 million e-commerce records (Target, eBay, Alibaba, Temu) , 10.3 million corporate SMTP credentials , 15 million social network credentials , 8 million Microsoft Office credentials , and 11 million Walmart credentials.
HQcomboSpace: Focused heavily on regional and platform-specific lists, including 764,292 German domain credentials , 484,362 German shopping credentials , over 1.1 million German social media/e-commerce pairs , and 135,102 Target Corp business accounts.
MailAccesss: Specialized in distributing fresh, region-specific email credentials, including accounts from Japan , Brazil , China , Germany , and Russia.

3.2 Targeted Platforms

Microsoft/Hotmail: Hotmail accounts were heavily targeted, with dozens of separate leaks distributed by actors like “BestCombo,” “UniqueCombo,” “KiwiShio,” and “D4rkNetHub”. One specific leak by “HQcomboSpace” targeted 470,212 Hotmail accounts associated specifically with cryptocurrency users.
Google/Gmail: Gmail credentials were also leaked in massive quantities, including a list of 104,000 combinations and a highly specific list of 1.7 million Gmail credentials targeting cryptocurrency accounts.
Regional Domains: Actors specifically targeted national domains, such as t-online.de (Germany) , absamail.co.za (South Africa) , and softbank.ne.jp (Japan).

4. Widespread Defacement Campaigns

Website defacement remains a highly visible tactic, executed by organized hacktivist or vandalism groups targeting specific pages (often naming the file 0x.txt or a variant of the attacker’s name).

4.1 The “chinafans” and “0xteam” Campaign

The actor “chinafans,” operating under the banner of “0xteam,” conducted a massive, indiscriminate defacement campaign. Targets spanned the globe and various industries:

Media and News: newsburners.com, newsmaniaweb.com, newsninjapro.com, and scootynews.com.
Healthcare: Prosser Eye Care (USA), Agente de Salud y Vida, and Mowelfund (Philippines).
Religious Organizations: Santuario Madonna del Bosco (Italy) and Kaduvettoor Church (India).
Other Targets: Included real estate (propertyhome.net ), adult entertainment (xvideos-th.com ), logistics (parcelnexa.com ), and emergency services (1st Rescue and Recovery, UK ).

4.2 The “VinzXploit” and “CYBER ERROR SYSTEM” Campaign

This group heavily targeted India and Brazil, often replacing index pages with a file named Vinz.html.

India: Targeted entities included American Vitamins , Gargi Group , JMD Steels Infrastructure , Raj Darbar Spaces , and Victor School.
Brazil: Defacements included multiple healthcare providers, such as Dr. Carla Montanha Dentista , Duarte Veterinary , and Quiropraxia Massoterapia.

4.3 Other Notable Defacements

Boss Ranzen (D704T team): Defaced government and utility infrastructure, including the Solano County GIS website (USA) and a Colombian water utility (Acueducto).
Leviathan Perfect Hunter (aexdy): Targeted international sites including Binder International (China) and deepsleep.wales (UK).

5. Initial Access Brokerage (IAB)

Threat actors actively monetized unauthorized access to corporate and government networks, facilitating potential ransomware deployments or deeper espionage.

Corporate Shell & RDP Access: Actor “Saturned33” sold Windows shell access with SYSTEM privileges to a Lebanese manufacturing company (90+ hosts) , a UK scientific research organization (40+ hosts) , and a German industrial manufacturer (10+ hosts). “UNIT_PEGASUS” sold GlobalProtect VPN and RDP access to a Cambodian telecommunications company spanning over 200 systems.
Government & Law Enforcement: Actor “Solonik” sold access to Brazil’s National Police-level database panel, claiming OTP/2FA support and full dashboard control.
Education Sector: Actor “malaria” sold Kerberos TGS credentials providing domain user access to multiple South African higher education institutions, covering approximately 1,239 active hosts.
E-commerce & Web Admin: Multiple actors sold WordPress admin access, including to shops in Poland , the USA (with a persistent SQL injection vulnerability) , and Israel. Actor “Kitty Search” provided unauthorized access to numerous businesses, including Mail Boy Sdn. Bhd. and Centive.

6. Targeted Regional and Sector Analysis

6.1 Notable Regional Impact

Brazil: Suffered heavy targeting by the actor “Escanors Official,” who claimed data breaches against numerous Brazilian businesses, including PERFATTA , Nutrasix , Foco Fiscal , Revest Paper , and Infocards Tecnologia Ltda.
United States: Faced high-profile breaches (UnitedHealth Group , HackerOne , Checkmarx ) and extensive initial access brokerage.
France: Impacted by mega-breaches at OVHcloud , the Weapons Information System , LES CROUS (1.9 million student records) , and directory service 118000.fr (11.4 million individuals).

6.2 Notable Industry Impact

Financial Services: Austrian bank accounts were allegedly sold by “naroda88”. “Investigation Anonymous” claimed a breach of Bank of America. Payment card dumps were widely sold by actors like “dillonbaleti” and “mesin” (US credit cards).
Healthcare: Beyond the UnitedHealth Group breach , numerous healthcare clinics globally suffered defacements.
Retail & E-commerce: Highly targeted via combo lists (Target, Walmart, eBay) and Initial Access sales for e-commerce backends (Custom CMS and WordPress shops).

7. Malware, Tools, and Cyber Services

The underground economy also featured the sale of specialized tools to facilitate further attacks:

Threat Packer V1.0: Actor “THREAT MARKET” sold an advanced Windows crypter/packer tool.
AV/EDR Killer: Actor “secretsdump” sold a kernel-level exploit designed to bypass AV/EDR protections, terminate protected processes, and remove system traces using a zero-day driver.
Account Checkers: “Starip” offered a Valorant account checker tool to validate credentials, extract details, and categorize skins/ranks for large-scale abuse.
Fraud Services: “dillonbaleti” advertised financial fraud services, non-VBV credit cards, verified PayPal accounts, and cloned cards via Telegram.

8. Conclusion

The cyber incidents logged on March 24, 2026, illustrate a mature, multi-tiered cybercriminal ecosystem. Telegram has become an indispensable hub for threat actors (like CODER and Solonik) to distribute data, advertise services, and funnel traffic to private channels.

The data reveals two parallel threat environments:

High-Sophistication Attacks: Initial access brokers are actively compromising critical infrastructure, telecommunications, and manufacturing networks, securing SYSTEM-level privileges and bypassing enterprise defenses (like Windows Defender). Concurrently, supply-chain attacks (e.g., Checkmarx) demonstrate the capability of actors to harvest deep infrastructural secrets.
High-Volume/Low-Sophistication Attacks: The internet is flooded with millions of recycled and fresh credential pairs (combo lists), enabling widespread credential stuffing against platforms like Microsoft, Google, and major retailers. Simultaneously, hacktivist groups (like 0xteam and CYBER ERROR SYSTEM) are running automated or semi-automated mass defacement campaigns targeting vulnerable web hosting configurations.

Organizations must prioritize robust credential management (combating combo lists), strict securing of CI/CD pipelines and VPN endpoints (combating initial access brokers), and hardening of public-facing web assets to mitigate these pervasive threats.

Detected Incidents Draft Data

Alleged Sale of Austrian Bank Accounts
Category: Data Leak
Content: Threat Actor claims to be selling Austrian bank accounts for both business and private use.
Date: 2026-03-24T23:52:25Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279102/
Screenshots:
None
Threat Actors: naroda88
Victim Country: Austria
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of payment card dumps with PINs from multiple countries
Category: Combo List
Content: Threat actor is selling freshly skimmed payment card dumps with PINs for tracks 101 and 201 from multiple countries including US, UK, Canada, Australia, and EU at prices ranging from $70-90 per card. Contact is provided via Telegram for transactions.
Date: 2026-03-24T23:47:38Z
Network: openweb
Published URL: https://crackingx.com/threads/69755/
Screenshots:
None
Threat Actors: dillonbaleti
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of financial fraud services and cloned payment cards
Category: Initial Access
Content: Threat actor advertising sale of non-VBV credit cards, verified PayPal accounts with funds, credit card dumps with PINs, and cloned cards with delivery services via Telegram contact.
Date: 2026-03-24T23:47:26Z
Network: openweb
Published URL: https://crackingx.com/threads/69756/
Screenshots:
None
Threat Actors: dillonbaleti
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized WordPress Admin Access to an Unidentified Shop in Poland
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized WordPress admin access to an unidentified shop in Poland.
Date: 2026-03-24T23:40:40Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279105/
Screenshots:
None
Threat Actors: Reve
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Driver’s License Documents and Personal Records in Colombia
Category: Data Leak
Content: Threat Actor claims to be selling a dataset of approximately 1,150 Colombian driver-related documents, including selfies, driver’s licenses, security forms, resumes, and structured personal data files. The dataset contains individual folders with multiple document types and supporting data such as text and JSON records.
Date: 2026-03-24T23:38:31Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279101/
Screenshots:
None
Threat Actors: loznoB
Victim Country: Colombia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized Admin Access to an Unidentified Shop in USA
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized admin access to an unidentified shop in USA. The access is obtained through an admin panel of a custom CMS and allegedly includes working payment scripts and codes, along with a persistent SQL injection vulnerability.
Date: 2026-03-24T23:28:01Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279100/
Screenshots:
None
Threat Actors: Fucksleep
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of access to Tigo Honduras portal
Category: Initial Access
Content: Threat actor claims to be selling access to a Tigo telecommunications portal in Honduras containing emails, salesperson phone numbers, and auditing data for $150.
Date: 2026-03-24T22:33:41Z
Network: openweb
Published URL: https://breachforums.ac/showthread.php?tid=45612
Screenshots:
None
Threat Actors: Worrysec
Victim Country: Honduras
Victim Industry: Telecommunications
Victim Organization: Tigo
Victim Site: Unknown
Alleged leak of mixed email and password combolist
Category: Combo List
Content: A threat actor shared a combolist containing 140,000 email and password combinations described as fresh and high quality. The credentials appear to be from mixed sources and are being distributed for free download to registered forum users.
Date: 2026-03-24T22:32:20Z
Network: openweb
Published URL: https://crackingx.com/threads/69752/
Screenshots:
None
Threat Actors: steeve75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Thailand Ministry of Defence
Category: Data Leak
Content: The threat actor claims to have leaked sensitive documents associated with the Thailand Ministry of Defence.
Date: 2026-03-24T22:30:03Z
Network: telegram
Published URL: https://t.me/SolonikChannels/228
Screenshots:
None
Threat Actors: Solonik
Victim Country: Thailand
Victim Industry: Government Administration
Victim Organization: ministry of defence
Victim Site: mod.go.th
Alleged data breach of Atomic Energy Organization of Iran
Category: Data Breach
Content: The group claims to have breached the database of Atomic Energy Organization of Iran
Date: 2026-03-24T22:27:53Z
Network: telegram
Published URL: https://t.me/c/3816027580/4303
Screenshots:
None
Threat Actors: scattered LAPSUS$ hunters 7.0
Victim Country: Iran
Victim Industry: Government Administration
Victim Organization: atomic energy organization of iran
Victim Site: aeoi.org.ir
Alleged leak of T-Online credentials
Category: Combo List
Content: A threat actor leaked a credential list containing 16,123 lines targeting the T-Online domain via a file sharing service.
Date: 2026-03-24T22:20:39Z
Network: openweb
Published URL: https://crackingx.com/threads/69751/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Germany
Victim Industry: Telecommunications
Victim Organization: T-Online
Victim Site: t-online.de
Alleged data leak of Telegram users database
Category: Data Leak
Content: The threat actor claims to have leaked 71,813,577 data from Telegram users. The dataset reportedly includes user-related information such as account IDs, phone numbers, usernames, and names.
Date: 2026-03-24T22:15:21Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-TELEGRAM-USER-DATABASE-70-MILLION-RECORDS
Screenshots:
None
Threat Actors: Databroque
Victim Country: Unknown
Victim Industry: Information Technology (IT) Services
Victim Organization: telegram (users)
Victim Site: Unknown
Website defacement of Solano County GIS by Boss Ranzen (D704T team)
Category: Defacement
Content: The Solano County GIS website was defaced by attacker Boss Ranzen from the D704T team on March 25, 2026. The incident targeted a government geographic information system portal serving Solano County, California.
Date: 2026-03-24T22:14:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813636
Screenshots:
None
Threat Actors: Boss Ranzen, D704T
Victim Country: United States
Victim Industry: Government
Victim Organization: Solano County
Victim Site: solanocountygis.com
Website defacement of Colombian water utility by D704T group member Boss Ranzen
Category: Defacement
Content: The D704T group, through member Boss Ranzen, defaced a Colombian water utility website on March 25, 2026. This appears to be a targeted single-site defacement of municipal water infrastructure services.
Date: 2026-03-24T22:13:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813637
Screenshots:
None
Threat Actors: Boss Ranzen, D704T
Victim Country: Colombia
Victim Industry: Utilities
Victim Organization: Acueducto (Water Utility Company)
Victim Site: www.acueducto.com.co
Alleged data breach of Instituto Nacional de Estadística de Bolivia
Category: Data Breach
Content: A threat actor claims to have leaked to over 1TB of internal data allegedly belonging to the Instituto Nacional de Estadística (INE) of Bolivia. the data includes internal documents and records, with sample PDF files.
Date: 2026-03-24T22:12:10Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-ine-gob-bo-National-Institute-of-Statistics-of-Bolivia
Screenshots:
None
Threat Actors: marshallmonr
Victim Country: Bolivia
Victim Industry: Government Administration
Victim Organization: instituto nacional de estadística de bolivia
Victim Site: ine.gob.bo
Alleged sale of Taiwan Buisness Owners Database
Category: Data Leak
Content: Threat actor claims to be selling leaked Taiwan Buisness Owners database.
Date: 2026-03-24T22:05:10Z
Network: telegram
Published URL: https://t.me/SolonikChannels/220
Screenshots:
None
Threat Actors: Solonik
Victim Country: Taiwan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Weapons Information System (SIA)
Category: Data Breach
Content: The threat actor claims to be have breached 62,511 weapons from the Weapons Information System (SIA). The dataset reportedly includes,(names, dates of birth, addresses, emails, phone numbers), weapon specifications (type, model, serial/frame numbers, classification), transaction history, and ownership records.
Date: 2026-03-24T22:02:14Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-FR-60K-Weapons-Weapons-Information-System
Screenshots:
None
Threat Actors: HexDex
Victim Country: France
Victim Industry: Law Enforcement
Victim Organization: weapons information system (sia)
Victim Site: Unknown
Alleged data breach of 118000.fr
Category: Data Breach
Content: A threat actor claims to have leaked a dataset allegedly sourced from 118000.fr, a French online directory service. The exposed data reportedly contains information on approximately 11.4 million individuals, including full names, addresses, phone numbers (mobile and landline), postal codes, geographic coordinates, and demographic indicators.
Date: 2026-03-24T21:59:29Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-FR-118000-fr-Scraped
Screenshots:
None
Threat Actors: marinelepen
Victim Country: France
Victim Industry: Network & Telecommunications
Victim Organization: 118000.fr
Victim Site: 118000.fr
Alleged data breach of HBX Group (Hotelbeds) with infrastructure compromise
Category: Data Breach
Content: Threat actor claims to have compromised HBX Groups complete infrastructure through multiple vulnerabilities, extracting over 500 million records including booking data, passenger information, client data, VCC cards, and hotel bank accounts. The breach allegedly involved Oracle and PostgreSQL databases containing personal data and financial information from the global B2B travel service provider.
Date: 2026-03-24T21:59:19Z
Network: openweb
Published URL: https://breachforums.ac/showthread.php?tid=45611
Screenshots:
None
Threat Actors: nikifffi
Victim Country: Unknown
Victim Industry: Travel and Hospitality
Victim Organization: HBX Group
Victim Site: Unknown
Alleged leak of German domain credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 764,292 credential pairs allegedly targeting German domains through a file-sharing platform.
Date: 2026-03-24T21:58:08Z
Network: openweb
Published URL: https://crackingx.com/threads/69749/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 3,659 mixed credential combinations specifically for Hotmail accounts as a free download on a cybercrime forum.
Date: 2026-03-24T21:57:48Z
Network: openweb
Published URL: https://crackingx.com/threads/69750/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Sale of Brazilian National Police Panel Access
Category: Initial Access
Content: A threat actor claims to be selling unauthorized access to Brazil’s National Police-level database panel, which is reportedly used by federal and law enforcement agencies. The access allegedly includes login credentials with OTP/2FA support, enabling full dashboard control and high-level query capabilities.
Date: 2026-03-24T21:51:24Z
Network: telegram
Published URL: https://t.me/SolonikChannels/214
Screenshots:
None
Threat Actors: Solonik
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of National Institute of Statistics in Bolivia
Category: Data Leak
Content: The group claims to have leaked internal data from National Institute of Statistics in Bolivia.
Date: 2026-03-24T21:46:32Z
Network: telegram
Published URL: https://t.me/c/3398932380/1791
Screenshots:
None
Threat Actors: Solonik
Victim Country: Bolivia
Victim Industry: Government & Public Sector
Victim Organization: national institute of statistics in bolivia
Victim Site: ine.gob.bo
Alleged sale of AWS SES access keys
Category: Initial Access
Content: The threat actor claims to be selling compromised AWS keys with SES access in KEY:SECRET format, stating that multiple regions and sending limits are available and that no messages have been sent using the keys so far.
Date: 2026-03-24T21:45:59Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279091/
Screenshots:
None
Threat Actors: dver_zapili
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Bax 026 of iran targets the website of Webix
Category: Defacement
Content: The group claims to have defaced the website of Webix.
Date: 2026-03-24T21:42:50Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41646461
Screenshots:
None
Threat Actors: Bax 026 of iran
Victim Country: Israel
Victim Industry: Software Development
Victim Organization: webix
Victim Site: webix.co.il
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor allegedly leaked 1,400 fresh Hotmail email credentials dated March 24th on a cybercrime forum. The credentials are being distributed as hidden content requiring forum registration to access.
Date: 2026-03-24T21:42:22Z
Network: openweb
Published URL: https://crackingx.com/threads/69748/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of OVHcloud
Category: Data Leak
Content: The threat actor claims to have leaked a large database associated with OVHcloud. The exposed dataset reportedly contains information on approximately 1.6 million OVH Fresh customers and 5.9 million websites hosted on OVH infrastructure. The dataset allegedly includes sensitive data such as customer details (names, email addresses, contact information), as well as website-related data including source code, databases, and server configuration information.
Date: 2026-03-24T21:39:36Z
Network: telegram
Published URL: https://t.me/c/3660298480/314
Screenshots:
None
Threat Actors: Leaks Market
Victim Country: France
Victim Industry: Information Technology (IT) Services
Victim Organization: ovhcloud
Victim Site: ovhcloud.com
Alleged leak of mixed forum credentials
Category: Combo List
Content: A threat actor shared a collection of 81,000 mixed forum credentials described as valid. The post indicates registration is required to view the actual content.
Date: 2026-03-24T21:33:00Z
Network: openweb
Published URL: https://crackingx.com/threads/69747/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
VandaTheGod targets the website of 2 ALL SYSTEMS LTD
Category: Defacement
Content: The group claims to have defaced the website of 2 ALL SYSTEMS LTD.
Date: 2026-03-24T21:18:26Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41646460
Screenshots:
None
Threat Actors: VandaTheGod
Victim Country: Israel
Victim Industry: Information Technology (IT) Services
Victim Organization: 2 all systems ltd
Victim Site: 2all.co.il
Alleged leak of LES CROUS France
Category: Data Leak
Content: The threat actor claims to have leaked a large database associated with LES CROUS, a French public student services organization. The exposed dataset reportedly contains approximately 1.9 million records and 329,000 documents, with a total size of around 198GB.The dataset allegedly includes sensitive information such as student-related records, housing and scholarship data, booking details, and personal information including names, email addresses, and other associated details.
Date: 2026-03-24T21:15:33Z
Network: telegram
Published URL: https://t.me/c/3660298480/340
Screenshots:
None
Threat Actors: Leaks Market
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of French Weapons Information System
Category: Data Leak
Content: The threat actor claims to have leaked a large database associated with a French Weapons Information System. The exposed dataset reportedly contains records on over 62,000 weapons, including detailed weapon information such as type, make, model, legal classification, and registration numbers.
Date: 2026-03-24T21:12:34Z
Network: telegram
Published URL: https://t.me/c/3660298480/330
Screenshots:
None
Threat Actors: Leaks Market
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of queenzca.my.id by Boss Ranzen (D704T team)
Category: Defacement
Content: Boss Ranzen from the D704T team successfully defaced queenzca.my.id on March 25, 2026. The attack targeted a specific page (403.php) on the Indonesian domain.
Date: 2026-03-24T21:05:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813631
Screenshots:
None
Threat Actors: Boss Ranzen, D704T
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: queenzca.my.id
Alleged leak of Hotmail credentials via SakuraCloud
Category: Combo List
Content: Threat actor RoushaanOP shared links to SakuraCloud store allegedly containing fresh high-quality valid Hotmail credentials. The post repeatedly promotes the same URL suggesting distribution of email credential lists.
Date: 2026-03-24T21:01:50Z
Network: openweb
Published URL: https://crackingx.com/threads/69746/
Screenshots:
None
Threat Actors: RoushaanOP
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged sale of unauthorized access to an unidentified Construction Organizations in the United Kingdom
Category: Initial Access
Content: The threat actor claims to be selling unauthorized domain user access associated with unidentified organizations in the United Kingdom, indicating access within the civil engineering and construction sector.
Date: 2026-03-24T20:55:03Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279088/
Screenshots:
None
Threat Actors: malaria
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential logs via DAISY CLOUD service
Category: Combo List
Content: Threat actor NEW_DAISYCLOUD shared 5,352 credential logs through a cloud service called DAISY CLOUD, made available as a free download via pixeldrain file hosting service.
Date: 2026-03-24T20:37:54Z
Network: openweb
Published URL: https://crackingx.com/threads/69744/
Screenshots:
None
Threat Actors: NEW_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of USA credential combolist
Category: Combo List
Content: A threat actor leaked a combolist containing 10,000 credentials allegedly associated with USA users on a cybercriminal forum. The content is hidden and only accessible to registered forum users.
Date: 2026-03-24T20:37:14Z
Network: openweb
Published URL: https://crackingx.com/threads/69745/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of PERFATTA COMERCIO DE ARTIGOS DE OPTICA EIRELI
Category: Data Breach
Content: The group claims to have breached data from PERFATTA COMERCIO DE ARTIGOS DE OPTICA EIRELI.
Date: 2026-03-24T20:35:26Z
Network: telegram
Published URL: https://t.me/c/3398932380/1797
Screenshots:
None
Threat Actors: Escanors Official
Victim Country: Brazil
Victim Industry: Retail Industry
Victim Organization: perfatta comercio de artigos de optica eireli
Victim Site: perfatta.com.br
Alleged data leak of Indonesias Directorate General of Taxes.
Category: Data Leak
Content: The group claims to have leaked employee ID cards of Indonesias Directorate General of Taxes.
Date: 2026-03-24T20:30:45Z
Network: telegram
Published URL: https://t.me/BabayoErorSyteam/344
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: directorate general of taxes
Victim Site: pajak.go.id
Alleged data breach of Nutrasix
Category: Data Breach
Content: The group claims to have breached data from Nutrasix.
Date: 2026-03-24T20:28:55Z
Network: telegram
Published URL: https://t.me/c/3398932380/1796
Screenshots:
None
Threat Actors: Escanors Official
Victim Country: Brazil
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: nutrasix
Victim Site: nutrasix.com.br
Alleged Data Breach of Foco Fiscal
Category: Data Leak
Content: The group claims to have leaked login credentials to Foco Fiscal.
Date: 2026-03-24T20:27:55Z
Network: telegram
Published URL: https://t.me/c/3398932380/1791
Screenshots:
None
Threat Actors: Escanors Official
Victim Country: Brazil
Victim Industry: Education
Victim Organization: foco fiscal
Victim Site: focofiscal.com.br
Alleged data breach of Revest Paper
Category: Data Breach
Content: A group claims to have leaked a database allegedly belonging to revest paper, containing user information such as ID, names, email addresses, phone numbers, postal codes (CEP), country, state, and customer-related details.
Date: 2026-03-24T20:22:57Z
Network: telegram
Published URL: https://t.me/c/3398932380/1801
Screenshots:
None
Threat Actors: Escanors Official
Victim Country: Brazil
Victim Industry: Manufacturing & Industrial Products
Victim Organization: revest paper
Victim Site: revestpaper.com.br
Alleged data leak of Telegram Messenger
Category: Data Leak
Content: A threat actor claims to have leaked a dataset allegedly sourced from Telegram Messenger, containing over 200 million records. The leaked data reportedly includes user IDs, usernames, phone numbers, first and last names, and linked account details.
Date: 2026-03-24T20:19:12Z
Network: openweb
Published URL: https://breached.st/threads/200m-telegram-databases-including-username-phone-hexvior.85678/
Screenshots:
None
Threat Actors: hexvior
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Green Hill Brasil
Category: Data Breach
Content: The group claims to have breached data from Green Hill Brasil.
Date: 2026-03-24T20:19:07Z
Network: telegram
Published URL: https://t.me/c/3398932380/1799
Screenshots:
None
Threat Actors: Escanors Official
Victim Country: Brazil
Victim Industry: Sports
Victim Organization: green hill brasil
Victim Site: greenhillbrasil.com.br
Alleged data breach of VLP Comercial
Category: Data Breach
Content: A group claims to have leaked a database allegedly belonging to vlp comercial, containing user information such as ID, names, email addresses, phone numbers, postal codes (CEP), country, state, and customer-related details.
Date: 2026-03-24T20:18:40Z
Network: telegram
Published URL: https://t.me/c/3398932380/1802
Screenshots:
None
Threat Actors: Escanors Official
Victim Country: Brazil
Victim Industry: Wholesale
Victim Organization: vlp comercial
Victim Site: vlpcomercial.com.br
Alleged data breach of Studio Classic
Category: Data Breach
Content: The group claims to have breached data from Studio Classic.
Date: 2026-03-24T20:16:29Z
Network: telegram
Published URL: https://t.me/c/3398932380/1789
Screenshots:
None
Threat Actors: Escanors Official
Victim Country: Brazil
Victim Industry: Information Technology (IT) Services
Victim Organization: studio classic
Victim Site: studioclassics.br
Alleged data breach of Pochteca
Category: Data Breach
Content: The group claims to have breached data from Pochteca.
Date: 2026-03-24T20:08:10Z
Network: telegram
Published URL: https://t.me/c/3398932380/1793
Screenshots:
None
Threat Actors: Escanors Official
Victim Country: Brazil
Victim Industry: Chemicals
Victim Organization: pochteca
Victim Site: pochteca.net.br
Alleged data breach of AVSL
Category: Data Breach
Content: The group claims to have breached data from AVSL.
Date: 2026-03-24T20:02:47Z
Network: telegram
Published URL: https://t.me/c/3398932380/1790
Screenshots:
None
Threat Actors: Escanors Official
Victim Country: Brazil
Victim Industry: Transportation & Logistics
Victim Organization: avsl
Victim Site: avsl.com.br
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a credential list containing 5,839 entries targeting Hotmail.com accounts through a file sharing service.
Date: 2026-03-24T20:01:18Z
Network: openweb
Published URL: https://crackingx.com/threads/69742/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of Text My Guests
Category: Data Breach
Content: The threat actor claims to have breached data from TextMyGuests, allegedly containing sensitive information on 17,464 unique emails and 706,892 unique phone numbers, including first names, last names, guest phone numbers, guest emails, and more.
Date: 2026-03-24T19:59:55Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279086/
Screenshots:
None
Threat Actors: Datavortex
Victim Country: USA
Victim Industry: Other Industry
Victim Organization: text my guests
Victim Site: textmyguests.com
Alleged data breach of Europlus
Category: Data Breach
Content: A threat actor claims to have breached the database of Europlus
Date: 2026-03-24T19:54:40Z
Network: telegram
Published URL: https://t.me/c/3398932380/1788
Screenshots:
None
Threat Actors: Escanors Official
Victim Country: Brazil
Victim Industry: Transportation & Logistics
Victim Organization: europlus
Victim Site: europlus.com.br
Alleged data breach of foodplus
Category: Data Breach
Content: A threat actor claims to have breached FoodPlus and leaked a database containing approximately 797,772 users, including names, phone numbers, email addresses, and document numbers.
Date: 2026-03-24T19:54:03Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279085/
Screenshots:
None
Threat Actors: Datavortex
Victim Country: Brazil
Victim Industry: Food & Beverages
Victim Organization: foodplus
Victim Site: foodplus.com.br
Alleged leak of German shopping website credentials
Category: Combo List
Content: A threat actor shared a combolist containing 484,362 credential pairs allegedly targeting German shopping websites. The data was made available as a free download via a file sharing platform.
Date: 2026-03-24T19:50:03Z
Network: openweb
Published URL: https://crackingx.com/threads/69741/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Infocards Tecnologia Ltda
Category: Data Breach
Content: A threat actor claims to have breached the database of Infocards Tecnologia Ltda. The leaked data reportedly includes account and card details, login credentials, personal identification information, customer names, email addresses, phone numbers, transaction data, credit limits, billing information, and residential address details.
Date: 2026-03-24T19:48:29Z
Network: telegram
Published URL: https://t.me/c/3398932380/1787
Screenshots:
None
Threat Actors: Escanors Official
Victim Country: Brazil
Victim Industry: Financial Services
Victim Organization: infocards tecnologia ltda
Victim Site: infocards.com.br
Alleged distribution of Target, eBay, Alibaba, and Temu credential combolist
Category: Combo List
Content: Threat actor allegedly distributing a 15 million record credential combolist containing accounts from major e-commerce platforms including Target, eBay, Alibaba, and Temu through Telegram channels offering free access to credential lists and programs.
Date: 2026-03-24T19:39:08Z
Network: openweb
Published URL: https://crackingx.com/threads/69740/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: E-commerce
Victim Organization: Target, eBay, Alibaba, Temu
Victim Site: target.com, ebay.com, alibaba.com, temu.com
Alleged data leak of capital university
Category: Data Breach
Content: A threat actor claims to have leaked student data from Capital University in Egypt, including full names, birth dates, IDs, and academic records, with potential access to modify or delete the data.
Date: 2026-03-24T19:36:33Z
Network: openweb
Published URL: https://xforums.st/threads/egypt-capital-university-formerly-helwan-university.570251/
Screenshots:
None
Threat Actors: Keymous Plus
Victim Country: Egypt
Victim Industry: Education
Victim Organization: capital university
Victim Site: capu.edu.eg
Alleged data leak of Egypts National Authority for Social Insurance
Category: Data Leak
Content: The threat actor claims to have leaked login credentials and access logs allegedly belonging to the Egypt National Organization for Social Insurance (NOSI).
Date: 2026-03-24T19:33:07Z
Network: openweb
Published URL: https://xforums.st/threads/egypt-national-organization-for-social-insurance-nosi.570372/
Screenshots:
None
Threat Actors: Keymous Plus
Victim Country: Egypt
Victim Industry: Government Administration
Victim Organization: egypts national authority for social insurance
Victim Site: nosi.gov.eg
Alleged leak of admin access to Mail Boy Sdn. Bhd.
Category: Initial Access
Content: The group claims to have leaked unauthorized admin access to the website of Mail Boy Sdn. Bhd.
Date: 2026-03-24T19:17:39Z
Network: telegram
Published URL: https://t.me/kittysearchnews/241
Screenshots:
None
Threat Actors: Kitty Search
Victim Country: USA
Victim Industry: Transportation & Logistics
Victim Organization: mail boy sdn. bhd.
Victim Site: staging.mail-boy.com
Alleged leak of mixed email credential combolist
Category: Combo List
Content: Threat actor shared a free download link to a mixed email credential combolist containing valid email and password combinations through file sharing services and Telegram.
Date: 2026-03-24T19:15:45Z
Network: openweb
Published URL: https://crackingx.com/threads/69738/
Screenshots:
None
Threat Actors: snowstormxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of unauthorized access to Tony Rao
Category: Initial Access
Content: The group claims to have leaked unauthorized access to the website of Tony Rao.
Date: 2026-03-24T19:05:58Z
Network: telegram
Published URL: https://t.me/kittysearchnews/243
Screenshots:
None
Threat Actors: Kitty Search
Victim Country: UK
Victim Industry: Publishing Industry
Victim Organization: tony rao
Victim Site: tonyrao.ampbk.com
Alleged Data Breach of Lemon Design 360
Category: Data Breach
Content: The group claims to have leaked the login credentials to Lemon Design 360.
Date: 2026-03-24T19:04:35Z
Network: telegram
Published URL: https://t.me/kittysearchnews/240
Screenshots:
None
Threat Actors: Kitty Search
Victim Country: Germany
Victim Industry: Management Consulting
Victim Organization: lemon design 360
Victim Site: lemondesign360.ipzmarketing.com
Alleged unauthorized access to Repcard
Category: Initial Access
Content: The group claims to have leaked unauthorized access to the website of Repcard.
Date: 2026-03-24T19:00:44Z
Network: telegram
Published URL: https://t.me/kittysearchnews/246
Screenshots:
None
Threat Actors: Kitty Search
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: repcard
Victim Site: app.repcard.com
Alleged unauthorized access to Centive
Category: Initial Access
Content: The group claims to have leaked unauthorized access to the website of Centive.
Date: 2026-03-24T18:57:55Z
Network: telegram
Published URL: https://t.me/kittysearchnews/245
Screenshots:
None
Threat Actors: Kitty Search
Victim Country: Brazil
Victim Industry: E-commerce & Online Stores
Victim Organization: centive
Victim Site: centive.com.br
Alleged Data Breach of Leicester Ghost Hunters
Category: Data Breach
Content: The group claims to have leaked the login credentials of Leicester Ghost Hunters.
Date: 2026-03-24T18:57:48Z
Network: telegram
Published URL: https://t.me/kittysearchnews/239
Screenshots:
None
Threat Actors: Kitty Search
Victim Country: UK
Victim Industry: Non-profit & Social Organizations
Victim Organization: leicester ghost hunters
Victim Site: leicesterghosthunters.co.uk
Alleged leak of admin access to Mazovian Table Tennis Association
Category: Initial Access
Content: The group claims to have leaked unauthorized admin access to the website of Mazovian Table Tennis Association.
Date: 2026-03-24T18:55:40Z
Network: telegram
Published URL: https://t.me/kittysearchnews/244
Screenshots:
None
Threat Actors: Kitty Search
Victim Country: Poland
Victim Industry: Sports
Victim Organization: mazovian table tennis association
Victim Site: ligi.mzts.pl/admin/
Alleged sale of unauthorized access to unidentified WordPress websites
Category: Initial Access
Content: The threat actor claims to be selling unauthorized access to unidentified WordPress websites. The post includes links as proof of SEO and traffic metrics and provides a Telegram contact for purchase.
Date: 2026-03-24T18:55:08Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-WP-Access-For-SEO-HIGH-All
Screenshots:
None
Threat Actors: Messi_Trump
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged login access to Fratii Oprean Com SRL
Category: Initial Access
Content: The group claims to have login access to Fratii Oprean Com SRL
Date: 2026-03-24T18:53:06Z
Network: telegram
Published URL: https://t.me/kittysearchnews/242
Screenshots:
None
Threat Actors: Kitty Search
Victim Country: Romania
Victim Industry: Automotive
Victim Organization: fratii oprean com srl
Victim Site: fratiioprean.ro
Alleged leak of email credentials combolist
Category: Combo List
Content: A threat actor leaked a combolist containing 43,000 valid email access credentials on a cybercriminal forum. The content is available for registered users with additional private cloud access offered via Telegram contact.
Date: 2026-03-24T18:47:58Z
Network: openweb
Published URL: https://crackingx.com/threads/69737/
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Lynsey Schroeder Photography
Category: Data Breach
Content: The group claims to have breached the database of Lynsey Schroeder Photography.
Date: 2026-03-24T18:11:08Z
Network: telegram
Published URL: https://t.me/c/3807888281/230
Screenshots:
None
Threat Actors: KONCO ERROR SYSTEM
Victim Country: USA
Victim Industry: Photography
Victim Organization: lynsey schroeder photography
Victim Site: lschroederphoto.com
Alleged data breach of EditGPT
Category: Data Breach
Content: The threat actor claims to have breached 284,000 of data from EditGPT. The compromised dataset reportedly includes user IDs, names, email addresses, email verification status, profile images, account creation and update timestamps.
Date: 2026-03-24T18:07:12Z
Network: openweb
Published URL: https://darkforums.su/Thread-EditGPT-App-Database-leak-as-request
Screenshots:
None
Threat Actors: Tanaka
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: editgpt
Victim Site: editgpt.app
Alleged data breach of SMK Mudita Singkawang
Category: Data Breach
Content: The threat actor claims to be leaked data from SMK Mudita Singkawang.
Date: 2026-03-24T17:59:21Z
Network: telegram
Published URL: https://t.me/c/3807888281/232
Screenshots:
None
Threat Actors: KONCO ERROR SYSTEM
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: smk mudita singkawang
Victim Site: smkmudita.sch.id
Alleged sale of unauthorized access to an unidentified shop in Israel
Category: Initial Access
Content: The threat actor claims to be selling unauthorized access to an unidentified WordPress shop in Israel, stating that the platform recorded 248 credit card redirects in February, 262 in January, and 246 in December.
Date: 2026-03-24T17:54:53Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279073/
Screenshots:
None
Threat Actors: ed1n1ca
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Gmail credential combolist
Category: Combo List
Content: A threat actor shared a credential combolist containing over 104,000 Gmail email and password combinations through a file sharing service. The credentials are being distributed for free on a cybercriminal forum.
Date: 2026-03-24T17:53:23Z
Network: openweb
Published URL: https://crackingx.com/threads/69735/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged sale of identity documents and personal data in UK
Category: Data Leak
Content: A threat actor claims to be selling UK identity documents and related personal data, including document photos , selfies, and text files.
Date: 2026-03-24T17:52:36Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279074/
Screenshots:
None
Threat Actors: My_World
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Threat Packer V1.0
Category: Malware
Content: The threat actor claims to be selling an advanced Windows crypter/packer tool called Threat Packer V1.0.
Date: 2026-03-24T17:52:10Z
Network: openweb
Published URL: https://threatmarket.ru/
Screenshots:
None
Threat Actors: THREAT MARKET
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German shopping website credentials
Category: Combo List
Content: A combolist containing over 1 million credentials allegedly targeting German shopping websites has been made available for download. The credentials appear to be focused on German retail targets based on the post description.
Date: 2026-03-24T17:41:44Z
Network: openweb
Published URL: https://crackingx.com/threads/69732/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of business credential combos via Telegram channels
Category: Combo List
Content: Threat actor CODER is distributing free credential combinations (combos) targeting business corporations through Telegram channels, with 12.1 million records allegedly available. The actor operates multiple Telegram groups offering free combos and programs for credential-based attacks.
Date: 2026-03-24T17:30:50Z
Network: openweb
Published URL: https://crackingx.com/threads/69728/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of premium email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 3,158 premium mixed email credentials, including Hotmail accounts, distributed for free download via Telegram contact.
Date: 2026-03-24T17:30:13Z
Network: openweb
Published URL: https://crackingx.com/threads/69731/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
BABAYO EROR SYSTEM targets the website of sim3.nightlabx.com
Category: Defacement
Content: The group claims to have defaced the website of sim3.nightlabx.com
Date: 2026-03-24T17:20:23Z
Network: telegram
Published URL: https://t.me/BabayoErorSyteam/342
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: sim3.nightlabx.com
Victim Site: sim3.nightlabx.com
Alleged leak of German credential data
Category: Combo List
Content: Threat actor D4rkNetHub allegedly leaked 14,400 German credentials in a forum post. The data appears to be part of a combolist collection targeting German users.
Date: 2026-03-24T17:14:17Z
Network: openweb
Published URL: https://crackingx.com/threads/69727/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of cloned payment cards with skimmed financial data
Category: Data Breach
Content: Threat actor claims to sell cloned JCOP payment cards containing financial data allegedly collected from ATMs, gas stations, and POS terminals. Cards are priced between $250-$1000 with claimed balances ranging from $3000-$15000.
Date: 2026-03-24T17:13:44Z
Network: openweb
Published URL: https://crackingx.com/threads/69726/
Screenshots:
None
Threat Actors: Wallace Shawn
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
KONCO ERROR SYSTEM targets the website of Sova
Category: Defacement
Content: The group claims to have defaced the website of Sova.
Date: 2026-03-24T17:11:52Z
Network: telegram
Published URL: https://t.me/c/3807888281/236
Screenshots:
None
Threat Actors: KONCO ERROR SYSTEM
Victim Country: UK
Victim Industry: Civic & Social Organization
Victim Organization: sova
Victim Site: sova.org.uk
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 6,000 unique Hotmail email and password combinations on a cybercrime forum.
Date: 2026-03-24T17:04:01Z
Network: openweb
Published URL: https://crackingx.com/threads/69724/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Gmail credential combolist
Category: Combo List
Content: Forum post claims to contain over 100,000 Gmail credentials in a combolist format. The actual post content is restricted and requires forum registration to view details.
Date: 2026-03-24T17:03:01Z
Network: openweb
Published URL: https://crackingx.com/threads/69725/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
HackerOne Suffers Data Breach
Category: Data Breach
Content: A data breach affecting HackerOne exposed the personal information of 287 employees after attackers compromised its third-party benefits provider, Navia. The incident occurred between December 2025 and January 2026 due to a vulnerability that allowed unauthorized access to sensitive data, including Social Security numbers, names, addresses, contact details, and benefits-related information. HackerOne confirmed that its own systems were not breached, and the exposure was limited to employee data held by Navia. The company has advised affected individuals to monitor accounts and use identity protection services, while the incident remains under investigation.
Date: 2026-03-24T17:01:55Z
Network: openweb
Published URL: https://www.bleepingcomputer.com/news/security/hackerone-discloses-employee-data-breach-after-navia-hack/
Screenshots:
None
Threat Actors:
Victim Country: USA
Victim Industry: Computer & Network Security
Victim Organization: hackerone
Victim Site: hackerone.com
Alleged data leak of SUNY New Paltz credentials
Category: Data Leak
Content: Threat actor leaked credential data from SUNY New Paltz including email addresses and associated access information, made available for free download via file sharing service.
Date: 2026-03-24T16:53:23Z
Network: openweb
Published URL: https://breachforums.ac/showthread.php?tid=45610
Screenshots:
None
Threat Actors: Worrysec
Victim Country: United States
Victim Industry: Education
Victim Organization: State University of New York at New Paltz
Victim Site: newpaltz.edu
chinafans targets the website of Carbide.ae
Category: Defacement
Content: The group claims to have defaced the website of Carbide.ae.
Date: 2026-03-24T16:52:13Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41646483
Screenshots:
None
Threat Actors: chinafans
Victim Country: UAE
Victim Industry: Business Supplies & Equipment
Victim Organization: carbide.ae
Victim Site: carbide.ae
Alleged distribution of corporate SMTP credential combolist
Category: Combo List
Content: Threat actor distributes a combolist containing 10.3 million corporate SMTP credentials through Telegram channels. The credentials are being shared for free alongside other combo lists and programs.
Date: 2026-03-24T16:51:54Z
Network: openweb
Published URL: https://crackingx.com/threads/69723/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor KiwiShio shared a combolist containing 560 Hotmail email and password combinations for free download on a cybercriminal forum.
Date: 2026-03-24T16:40:49Z
Network: openweb
Published URL: https://crackingx.com/threads/69721/
Screenshots:
None
Threat Actors: KiwiShio
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of Youplanet.app
Category: Data Breach
Content: Forum post references Youplanet.app with 40k records and year 2026, but no content is available to determine the nature of the threat or data involved.
Date: 2026-03-24T16:31:26Z
Network: openweb
Published URL: https://xforums.st/threads/youplanet-app-40k-2026.585629/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Youplanet
Victim Site: youplanet.app
Alleged threat activity related to forum.in-win.com
Category: Alert
Content: Forum post with no content available related to forum.in-win.com domain, insufficient information to determine threat nature or scope.
Date: 2026-03-24T16:30:17Z
Network: openweb
Published URL: https://xforums.st/threads/forum-in-win-com.585630/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: forum.in-win.com
Alleged data breach of Loozap
Category: Data Breach
Content: Forum post references Loozap.com with 34k records, but no content is available to determine the nature of the threat or data involved.
Date: 2026-03-24T16:29:10Z
Network: openweb
Published URL: https://xforums.st/threads/loozap-com-34k.585632/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Loozap
Victim Site: loozap.com
Alleged targeting of forum.learncima.com
Category: Alert
Content: Forum thread targeting forum.learncima.com with no available content details.
Date: 2026-03-24T16:28:03Z
Network: openweb
Published URL: https://xforums.st/threads/forum-learncima-com.585634/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Education
Victim Organization: CIMA
Victim Site: forum.learncima.com
Alleged compromise of forum.longboardz.de
Category: Data Breach
Content: Forum post references forum.longboardz.de, suggesting potential compromise of the German longboarding community forum, though specific details about the nature and scope of the incident are not available.
Date: 2026-03-24T16:27:23Z
Network: openweb
Published URL: https://xforums.st/threads/forum-longboardz-de.585635/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Germany
Victim Industry: Recreation/Sports
Victim Organization: Longboardz Forum
Victim Site: forum.longboardz.de
Alleged leak of mixed email credential combolist
Category: Combo List
Content: Threat actor klyne05 shared a mixed email credential combolist described as private, fresh, and checked on CrackingX forum.
Date: 2026-03-24T16:25:02Z
Network: openweb
Published URL: https://crackingx.com/threads/69720/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of admin access to Inmuebles CEMI
Category: Initial Access
Content: Threat actor claims to be selling administrator access to a Inmuebles CEMI
Date: 2026-03-24T16:20:12Z
Network: telegram
Published URL: https://t.me/c/2433981896/1371
Screenshots:
None
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: Mexico
Victim Industry: Real Estate
Victim Organization: inmuebles cemi
Victim Site: cemi.casa
Alleged leak of German credential data
Category: Combo List
Content: Actor shared a credential list containing 104,000 German records for free download on a cybercrime forum. The post advertises quality German data and invites requests for additional data.
Date: 2026-03-24T16:13:21Z
Network: openweb
Published URL: https://crackingx.com/threads/69719/
Screenshots:
None
Threat Actors: Immanuel_Kant
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German email credentials
Category: Combo List
Content: Threat actor shared a free download link to a combolist containing 7.6K German email credentials, promoting a Telegram channel that allegedly provides fresh email databases daily.
Date: 2026-03-24T16:08:22Z
Network: openweb
Published URL: https://crackingx.com/threads/69717/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Spanish credentials combolist
Category: Combo List
Content: A threat actor shared a free download link to a combolist containing 119,000 Spanish email and password combinations on a cybercriminal forum.
Date: 2026-03-24T16:07:33Z
Network: openweb
Published URL: https://crackingx.com/threads/69718/
Screenshots:
None
Threat Actors: Immanuel_Kant
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of VirusTotal
Category: Data Breach
Content: The threat actor claims to have obtained unauthorized access to VirusTotal, allegedly providing GUI-based access with limited privileges.
Date: 2026-03-24T15:57:04Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279065/
Screenshots:
None
Threat Actors: Zeta_XSS
Victim Country: Spain
Victim Industry: Computer & Network Security
Victim Organization: virustotal
Victim Site: virustotal.com
chinafans targets the website of Power Networks Company LTD (PNC)
Category: Defacement
Content: The group claims to have defaced the website of Power Networks Company LTD (PNC).
Date: 2026-03-24T15:55:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813412
Screenshots:
None
Threat Actors: chinafans
Victim Country: Saudi Arabia
Victim Industry: Software Development
Victim Organization: power networks company ltd (pnc)
Victim Site: pnc.com.sa
Alleged sale of valorant account checker
Category: Malware
Content: The threat actor claims to be offering a Valorant account checker tool designed to validate account credentials, extract account details, and categorize data such as skins, ranks, and regions, enabling large-scale credential verification and potential account abuse.
Date: 2026-03-24T15:53:52Z
Network: openweb
Published URL: https://demonforums.net/Thread-Valx-Checker-by-FXCK-TEAM
Screenshots:
None
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of AV/EDR killer
Category: Malware
Content: The threat actor claims to be selling a kernel-level exploit designed to bypass and disable AV/EDR protections, allegedly capable of terminating protected processes, removing system traces, and using a unique zero-day driver.
Date: 2026-03-24T15:51:56Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279062/
Screenshots:
None
Threat Actors: secretsdump
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of google ads accounts with linked credit cards
Category: Data Leak
Content: A threat actor claims to be selling Google Ads accounts with linked credit cards, available across various geographic locations.
Date: 2026-03-24T15:49:56Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279064/
Screenshots:
None
Threat Actors: PROFITERIUM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
chinafans targets the website of Riyavive Clinic
Category: Defacement
Content: The group claims to have defaced the website of Riyavive Clinic.
Date: 2026-03-24T15:47:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813424
Screenshots:
None
Threat Actors: chinafans
Victim Country: Saudi Arabia
Victim Industry: Hospital & Health Care
Victim Organization: riyavive clinic
Victim Site: riyavive.com.sa
Alleged data leak of ULP database containing 43.2 million records
Category: Data Leak
Content: Threat actor GektorS posted on BreachForums claiming to have leaked a database from ULP containing 43.2 million records. The content is hidden behind a reply wall, suggesting free distribution rather than commercial sale.
Date: 2026-03-24T15:45:28Z
Network: openweb
Published URL: https://breachforums.ac/showthread.php?tid=45590
Screenshots:
None
Threat Actors: GektorS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: ULP
Victim Site: Unknown
Alleged data breach involving 18.985 million records
Category: Data Breach
Content: Threat actor GektorS posted on BreachForums claiming to have 18.985 million lines of data available. The specific nature of the data and victim organization are not disclosed in the visible post content.
Date: 2026-03-24T15:45:07Z
Network: openweb
Published URL: https://breachforums.ac/showthread.php?tid=45592
Screenshots:
None
Threat Actors: GektorS
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a free download link to a combolist containing 4,400 mixed email credentials. The file was made available through MediaFire for free distribution.
Date: 2026-03-24T15:44:09Z
Network: openweb
Published URL: https://crackingx.com/threads/69715/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor noir allegedly shared a collection of valid Hotmail credentials described as UHQ (ultra high quality) through their Telegram channel. The post indicates these are mixed valid credentials stored on a private cloud.
Date: 2026-03-24T15:43:27Z
Network: openweb
Published URL: https://crackingx.com/threads/69716/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of BearTax crypto exchange
Category: Data Breach
Content: Forum post claims to involve a database from BearTax crypto exchange users, though no content details are available for analysis.
Date: 2026-03-24T15:38:28Z
Network: openweb
Published URL: https://xforums.st/threads/beartax-crypto-exchange-users-database.584704/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: BearTax
Victim Site: Unknown
Alleged data breach of Ledger cryptocurrency platform
Category: Data Breach
Content: Forum post claims availability of Ledger 2026 Global-e database as part of cryptocurrency databases collection. No specific details provided about the nature or scope of the alleged breach.
Date: 2026-03-24T15:37:16Z
Network: openweb
Published URL: https://xforums.st/threads/crypto-databases-collection-ledger-2026-global-e-available.585020/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Ledger
Victim Site: ledger.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a sample combolist containing 1,150 Hotmail email and password combinations on a cybercrime forum.
Date: 2026-03-24T15:31:43Z
Network: openweb
Published URL: https://crackingx.com/threads/69709/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of OnlyFans credentials
Category: Combo List
Content: Threat actor CODER is distributing OnlyFans credential lists (combolists) for free through Telegram channels. The actor operates multiple Telegram groups for sharing both credential lists and related tools.
Date: 2026-03-24T15:30:51Z
Network: openweb
Published URL: https://crackingx.com/threads/69711/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Entertainment
Victim Organization: OnlyFans
Victim Site: onlyfans.com
Alleged leak of social media and e-commerce credentials
Category: Combo List
Content: A threat actor leaked a credential list containing 725,730 lines targeting social media and shopping platforms. The data is being distributed for free via a file sharing service.
Date: 2026-03-24T15:30:15Z
Network: openweb
Published URL: https://crackingx.com/threads/69712/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor klyne05 is distributing what they claim to be private, fresh, and checked Hotmail credentials as a free download on a cybercriminal forum.
Date: 2026-03-24T15:29:39Z
Network: openweb
Published URL: https://crackingx.com/threads/69713/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed domain credential combolist
Category: Combo List
Content: A credential combolist containing 72,395 lines of mixed domain targets has been made available for free download via a file sharing service.
Date: 2026-03-24T15:29:04Z
Network: openweb
Published URL: https://crackingx.com/threads/69714/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of European Space Agency
Category: Data Breach
Content: Forum thread titled European Space Agency Data Breach was posted but contains no available content details about the alleged incident.
Date: 2026-03-24T15:19:38Z
Network: openweb
Published URL: https://xforums.st/threads/european-space-agency-data-breach.585203/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Aerospace
Victim Organization: European Space Agency
Victim Site: Unknown
Alleged data breach of The Lallantop
Category: Data Breach
Content: Forum post indicates a sold data breach involving The Lallantop organization, though specific details about the compromised data are not available.
Date: 2026-03-24T15:18:27Z
Network: openweb
Published URL: https://xforums.st/threads/sold-the-lallantop-data-breach.585204/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: The Lallantop
Victim Site: Unknown
Alleged data breach of EEA Congress
Category: Data Leak
Content: Forum post claims to offer leaked data from EEA Congress for download, though no specific details about the data or breach are provided in the available content.
Date: 2026-03-24T15:17:17Z
Network: openweb
Published URL: https://xforums.st/threads/eea-congress-data-breach-leaked-download.585206/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Government
Victim Organization: EEA Congress
Victim Site: Unknown
Alleged data breach of Perfetti Van Melle
Category: Data Leak
Content: Forum post claims to offer leaked data from Perfetti Van Melle for download. No specific details about the data type or size are provided in the available content.
Date: 2026-03-24T15:16:08Z
Network: openweb
Published URL: https://xforums.st/threads/perfetti-van-melle-data-breach-leaked-download.585207/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Food and Beverage
Victim Organization: Perfetti Van Melle
Victim Site: Unknown
Alleged data sale of Crunchyroll
Category: Data Breach
Content: The threat actor claims to be selling data from Crunchyroll, allegedly containing around 2,000,000 tickets and approximately 1.39 million unique email addresses, potentially exposing user communications and associated metadata.Note: it was previously breached by the threat actor ExnExn on March 12, 2026.
Date: 2026-03-24T15:15:14Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279058/
Screenshots:
None
Threat Actors: hubert
Victim Country: USA
Victim Industry: Entertainment & Movie Production
Victim Organization: crunchyroll
Victim Site: crunchyroll.com
Alleged prenatal data breach
Category: Data Leak
Content: Forum post claims to offer download of prenatal data from an alleged breach, though no specific details about the victim organization or data scope are provided in the available content.
Date: 2026-03-24T15:14:58Z
Network: openweb
Published URL: https://xforums.st/threads/prenatal-data-breach-leaked-download.585209/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of International Kiteboarding Organization
Category: Data Breach
Content: A threat actor claims to have sold data from the International Kiteboarding Organization. The post is marked as sold but no content details are available to verify the nature or scope of the alleged breach.
Date: 2026-03-24T15:13:49Z
Network: openweb
Published URL: https://xforums.st/threads/sold-international-kiteboarding-organization-data-breach.585212/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Sports and Recreation
Victim Organization: International Kiteboarding Organization
Victim Site: Unknown
Alleged data breach of Tronix Network
Category: Data Leak
Content: Forum post claims to offer leaked data from Tronix Network for download. No additional details about the nature or scope of the alleged breach are provided.
Date: 2026-03-24T15:12:37Z
Network: openweb
Published URL: https://xforums.st/threads/tronix-network-data-breach-leaked-download.585213/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Tronix Network
Victim Site: Unknown
Alleged data breach of BET10.br casino platform
Category: Data Breach
Content: Forum post claims to have database from BET10.br casino platform. No additional details or content available in the post.
Date: 2026-03-24T15:11:27Z
Network: openweb
Published URL: https://xforums.st/threads/bet10-br-com-casino-database.585214/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Brazil
Victim Industry: Gaming and Gambling
Victim Organization: BET10
Victim Site: bet10.br.com
Alleged data leak affecting Irias.nl
Category: Data Leak
Content: Forum post claims to offer leaked data from Irias.nl for download. No additional details about the nature or scope of the alleged breach are available in the post content.
Date: 2026-03-24T15:10:09Z
Network: openweb
Published URL: https://xforums.st/threads/irias-nl-data-breach-leaked-download.585215/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Netherlands
Victim Industry: Unknown
Victim Organization: Irias
Victim Site: irias.nl
Alleged Samsung data breach
Category: Data Breach
Content: A thread discussing an alleged Samsung data breach was posted on XF forums, though no specific details about the nature or scope of the incident are available in the post content.
Date: 2026-03-24T15:08:58Z
Network: openweb
Published URL: https://xforums.st/threads/samsung-data-breach.585217/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Samsung
Victim Site: Unknown
Cyberattack hits Ministry of Finance
Category: Cyber Attack
Content: The disclosure states that the Dutch Ministry of Finance identified a cyber attack involving unauthorized access to internal systems within its policy department. The incident, detected on March 19, 2026, affected certain employees and prompted immediate containment measures, including blocking access to compromised systems and initiating an investigation. While some internal operations were disrupted, critical public services such as tax administration and customs systems remained unaffected. At this stage, there is no confirmation of data exfiltration, and the ministry continues to assess the scope and impact of the incident.
Date: 2026-03-24T15:07:51Z
Network: openweb
Published URL: https://www.bleepingcomputer.com/news/security/dutch-ministry-of-finance-discloses-breach-affecting-employees/
Screenshots:
None
Threat Actors:
Victim Country: Netherlands
Victim Industry: Government & Public Sector
Victim Organization: ministry of finance
Victim Site: government.nl
Alleged data breach of SeAH Holdings
Category: Data Breach
Content: Thread claims SeAH Holdings data breach with leaked data available for download, but no content details are provided to verify the nature or scope of the alleged breach.
Date: 2026-03-24T15:07:48Z
Network: openweb
Published URL: https://xforums.st/threads/seah-holdings-data-breach-leaked-download.585218/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: SeAH Holdings
Victim Site: Unknown
Alleged initial access to leading software development company
Category: Initial Access
Content: Forum post claims access to a leading software development company, though no specific details are provided in the available content.
Date: 2026-03-24T15:06:39Z
Network: openweb
Published URL: https://xforums.st/threads/access-to-a-leading-software-development-company.585220/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Software Development
Victim Organization: Unknown
Victim Site: Unknown
Alleged initial access to large shipping company
Category: Initial Access
Content: Forum post claims access to a large shipping company. No additional details are available as the post content is empty.
Date: 2026-03-24T15:05:30Z
Network: openweb
Published URL: https://xforums.st/threads/access-to-a-large-shipping-company.585221/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Shipping
Victim Organization: Unknown
Victim Site: Unknown
Alleged access offering to live casino game provider systems
Category: Initial Access
Content: Forum post claims to offer access to live casino game provider systems, though no specific details or content are available in the post.
Date: 2026-03-24T15:04:15Z
Network: openweb
Published URL: https://xforums.st/threads/access-to-live-casino-game-provider.585222/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Teknobuilt
Category: Data Leak
Content: Forum post claims to offer leaked data from Teknobuilt for download, though no content details are available to verify the nature or scope of the alleged breach.
Date: 2026-03-24T15:03:05Z
Network: openweb
Published URL: https://xforums.st/threads/teknobuilt-data-breach-leaked-download.585223/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Teknobuilt
Victim Site: Unknown
Alleged data breach of CryptoUniversity.network
Category: Data Breach
Content: Thread indicates the sale of a database from CryptoUniversity.network, though the post content is not available for analysis.
Date: 2026-03-24T15:01:56Z
Network: openweb
Published URL: https://xforums.st/threads/sold-cryptouniversity-network-database.585225/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Education
Victim Organization: CryptoUniversity
Victim Site: cryptouniversity.network
Alleged leak of mixed email credentials from multiple countries
Category: Combo List
Content: A threat actor shared a combolist containing 9,180 email and password combinations from users across France, Germany, United States, and Japan. The credentials are described as verified for email access and are being distributed as a free download.
Date: 2026-03-24T14:44:19Z
Network: openweb
Published URL: https://crackingx.com/threads/69704/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Multiple
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of ninja388.vip by Force Cyber Team member Renzy
Category: Defacement
Content: Force Cyber Team member Renzy conducted a home defacement attack against ninja388.vip on March 24, 2026. The attack targeted a single website rather than multiple sites in a mass defacement campaign.
Date: 2026-03-24T14:43:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813628
Screenshots:
None
Threat Actors: Renzy, Force Cyber Team
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ninja388.vip
Alleged distribution of credential combolists via Telegram channels
Category: Combo List
Content: Threat actor CODER is distributing free credential combolists and programs through multiple Telegram channels. The actor is soliciting users to contact them directly for combo access while advertising free resources through group channels.
Date: 2026-03-24T14:43:00Z
Network: openweb
Published URL: https://crackingx.com/threads/69707/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 31,000 valid email credentials on an underground forum, with additional content available through private cloud access via Telegram.
Date: 2026-03-24T14:05:45Z
Network: openweb
Published URL: https://crackingx.com/threads/69699/
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of social network credential lists via Telegram channels
Category: Combo List
Content: Threat actor CODER is distributing free credential lists (combolists) containing 15 million email and password combinations from social networks through Telegram channels. The actor also provides access to related tools and programs.
Date: 2026-03-24T14:05:10Z
Network: openweb
Published URL: https://crackingx.com/threads/69700/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach Of National Oil Ethiopia PLC (NOC)
Category: Data Breach
Content: The threat actor claims to be leaked 800 GB data from National Oil Ethiopia PLC (NOC). The compromised data reportedly including ERP database records, client and employee information, financial and salary data, email addresses, physical addresses, and other operational business data.
Date: 2026-03-24T13:54:50Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-National-Oil-Ethiopia-PLC-NOC
Screenshots:
None
Threat Actors: ByteToBreach
Victim Country: Ethiopia
Victim Industry: Oil & Gas
Victim Organization: national oil ethiopia plc (noc)
Victim Site: nocethiopia.com
Alleged leak of 1.8 million credential pairs
Category: Combo List
Content: User zod shared a combolist containing 1.8 million username/login/password (ULP) combinations on a cracking forum. The credentials are password-protected and distributed via Telegram channel.
Date: 2026-03-24T13:38:05Z
Network: openweb
Published URL: https://crackingx.com/threads/69693/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of SoftBank credentials
Category: Combo List
Content: A threat actor shared a credential list containing 8,578 lines targeting the softbank.ne.jp domain through a file hosting service.
Date: 2026-03-24T13:37:25Z
Network: openweb
Published URL: https://crackingx.com/threads/69694/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Japan
Victim Industry: Telecommunications
Victim Organization: SoftBank
Victim Site: softbank.ne.jp
Alleged leak of mixed credential combolist containing 28,000 records
Category: Combo List
Content: A threat actor shared a mixed unique credential combolist containing 28,000 records on a cybercrime forum. The specific source and composition of the credential list remains unknown as the content requires registration to view.
Date: 2026-03-24T13:36:40Z
Network: openweb
Published URL: https://crackingx.com/threads/69695/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged WordPress data leak by threat actor zod
Category: Combo List
Content: Threat actor zod shared WordPress-related data in a cybercrime forum, with content accessible via Telegram channel. Specific details about the data type and scope are not disclosed in the visible post content.
Date: 2026-03-24T13:35:50Z
Network: openweb
Published URL: https://crackingx.com/threads/69697/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: WordPress
Victim Site: Unknown
Alleged sale of forex/crypto and personal databases by DataHUB
Category: Data Breach
Content: Threat actor DataHUB is selling databases containing forex/crypto user data and personal information for use by call centers. The actor offers custom sampling and filtering services and claims to provide fresh, up-to-date data with HLR testing.
Date: 2026-03-24T13:34:22Z
Network: openweb
Published URL: https://crackingx.com/threads/69696/
Screenshots:
None
Threat Actors: DataHUB
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of ManyChat
Category: Data Breach
Content: The threat actor claims to be leaked data from ManyChat. The compromised dataset reportedly contains 352,000 records including First and last names, Phone numbers, Email addresses, User IDs, Login-related fields
Date: 2026-03-24T13:23:49Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-AM-Armenia-manychat-user-data
Screenshots:
None
Threat Actors: cybersaspir07
Victim Country: Armenia
Victim Industry: Information Technology (IT) Services
Victim Organization: manychat
Victim Site: manychat.com
Website defacement of Florez Engineering by Zod
Category: Defacement
Content: The attacker known as Zod defaced the Florez Engineering company website on March 24, 2026. The defacement targeted a specific page (zod.html) rather than the main homepage.
Date: 2026-03-24T13:20:47Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248084
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Engineering
Victim Organization: Florez Engineering
Victim Site: www.florezengineering.com
Alleged data breach of Universidad Católica de Temuco
Category: Data Breach
Content: The threat actor claims to be leaked data from Universidad Católica de Temuco. The compromised data reportedly contains 70k records including student photos, national ID numbers (RUT), full names, phone numbers, email addresses, and academic information.
Date: 2026-03-24T13:19:31Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-CL-70K-UCT-CL-FREE-DB-PHOTOS
Screenshots:
None
Threat Actors: NyxarGroup
Victim Country: Chile
Victim Industry: Education
Victim Organization: universidad católica de temuco
Victim Site: uct.cl
Alleged distribution of gaming platform credential combolist
Category: Combo List
Content: Threat actor distributes a 12 million credential combolist targeting gaming platforms including Spotify, PSN, and FIFA through Telegram channels. The credentials are being shared for free through dedicated Telegram groups.
Date: 2026-03-24T12:59:07Z
Network: openweb
Published URL: https://crackingx.com/threads/69688/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Multiple gaming platforms
Victim Site: Unknown
Alleged leak of Japanese email credentials
Category: Combo List
Content: A threat actor shared a collection of 3,700 allegedly valid Japanese email credentials dated March 24th on a cybercriminal forum.
Date: 2026-03-24T12:58:29Z
Network: openweb
Published URL: https://crackingx.com/threads/69689/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Brazilian email credentials
Category: Combo List
Content: A threat actor leaked 1,000 fresh valid Brazilian email access credentials dated March 24th on a cybercriminal forum. The credentials appear to provide email account access for Brazilian users.
Date: 2026-03-24T12:57:52Z
Network: openweb
Published URL: https://crackingx.com/threads/69690/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Chinese email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,800 allegedly fresh and valid Chinese email credentials on a cybercriminal forum.
Date: 2026-03-24T12:57:20Z
Network: openweb
Published URL: https://crackingx.com/threads/69691/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Walmart credential data
Category: Combo List
Content: Threat actor claiming to distribute 11 million Walmart email credentials for free through Telegram channels. The actor is sharing combolists and providing links to Telegram groups for accessing the data.
Date: 2026-03-24T12:56:39Z
Network: openweb
Published URL: https://crackingx.com/threads/69692/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Retail
Victim Organization: Walmart
Victim Site: Unknown
Alleged sale of Passport Scans
Category: Data Leak
Content: The threat actor claims to be selling Passport Scans. The compromised data reportedly contains passport scans, selfie verification images, registration details, and additional identity information such as national identifiers and driving license data
Date: 2026-03-24T12:55:41Z
Network: openweb
Published URL: https://darkforums.su/Thread-%D0%9F%D1%80%D0%BE%D0%B4%D0%B0%D0%BC-%D1%81%D0%BA%D0%B0%D0%BD%D1%8B-%D0%BF%D0%B0%D1%81%D0%BF%D0%BE%D1%80%D1%82%D0%BE%D0%B2–70137
Screenshots:
None
Threat Actors: grigory1887
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Checkmarx Suffers Data Breach
Category: Data Breach
Content: Checkmarx has been hit by a supply-chain breach after threat actor TeamPCP used stolen CI/CD credentials to compromise two GitHub Actions workflows (ast-github-action and kics-github-action). The attackers injected a malicious payload that harvested sensitive secrets—including SSH keys, Git tokens, and cloud credentials for Amazon Web Services (AWS), Google Cloud, and Microsoft Azure—and exfiltrated them to a typosquatted domain impersonating Checkmarx.
Date: 2026-03-24T12:27:24Z
Network: openweb
Published URL: https://thehackernews.com/2026/03/teampcp-hacks-checkmarx-github-actions.html
Screenshots:
None
Threat Actors: TeamPCP
Victim Country: USA
Victim Industry: Computer & Network Security
Victim Organization: checkmarx
Victim Site: checkmarx.com
Alleged distribution of Microsoft Office email credentials combolist
Category: Combo List
Content: Threat actor distributing free combolist containing 8 million Microsoft Office email credentials through Telegram channels. The actor promotes multiple Telegram groups offering free credential lists and hacking tools.
Date: 2026-03-24T12:21:31Z
Network: openweb
Published URL: https://crackingx.com/threads/69685/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: office.com
Alleged leak of education sector credential list
Category: Combo List
Content: A threat actor shared a credential list containing 193,362 lines targeting mixed educational institutions. The combolist was made available for free download through a file sharing service.
Date: 2026-03-24T12:20:55Z
Network: openweb
Published URL: https://crackingx.com/threads/69686/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Gmail credential combolist
Category: Combo List
Content: A threat actor shared a credential combolist containing 58,428 Gmail email and password combinations on a cybercrime forum. The data is being distributed for free with password protection via Telegram contact.
Date: 2026-03-24T12:20:22Z
Network: openweb
Published URL: https://crackingx.com/threads/69687/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged data breach of Bullsonwallstreet
Category: Data Breach
Content: Group claims to have leaked data of 420,000 users from Bullsonwallstreet . The compromised data include names, mail address, phone numbers, country, zip code.
Date: 2026-03-24T12:10:13Z
Network: telegram
Published URL: https://t.me/c/2273625312/3459
Screenshots:
None
Threat Actors: Yiqun data
Victim Country: USA
Victim Industry: Education
Victim Organization: bullsonwallstreet
Victim Site: bullsonwallstreet.com
Cyber Attack Hits on Test Rite International Co., Ltd.
Category: Cyber Attack
Content: Test Rite International Co., Ltd. reported a cyberattack affecting its overseas subsidiary, where internal network systems were targeted by an external attack. The company promptly implemented system isolation and activated security measures to contain the incident. External cybersecurity experts have been engaged to support investigation and remediation efforts. Operations remain stable, and no significant impact on business or financial performance has been reported.
Date: 2026-03-24T11:44:39Z
Network: openweb
Published URL: https://emops.twse.com.tw/server-java/t05sr01_1_e?&isNew=Y&seq_no=1&spoke_time=210350&spoke_date=20260323&co_id=2908
Screenshots:
None
Threat Actors:
Victim Country: Taiwan
Victim Industry: Retail Industry
Victim Organization: test rite international co., ltd.
Victim Site: testritegroup.com
Alleged Sale of Unauthorized Initial Access to BreachMarket
Category: Initial Access
Content: The threat actor claims to be selling Unauthorized Initial Access to BreachMarket. The compromised data reportedly contains multiple datasets, including leaked databases and initial access to corporate networks.
Date: 2026-03-24T11:24:27Z
Network: openweb
Published URL: https://darkforums.su/Thread-BreachMarket-net-Selling-Databases-Selling-InitialAccess
Screenshots:
None
Threat Actors: BreachMarket
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: breachmarket
Victim Site: breachmarket.net
Alleged distribution of credential combolist containing 28,000 records
Category: Combo List
Content: A threat actor posted a combolist containing 28,000 unique credential combinations on a cybercrime forum. The post requires forum registration to view the full content and download links.
Date: 2026-03-24T11:15:17Z
Network: openweb
Published URL: https://crackingx.com/threads/69678/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German credential data
Category: Combo List
Content: A threat actor shared a combolist containing 16,000 German credentials described as Full Valid Fresh Data dated March 24th on a cybercriminal forum.
Date: 2026-03-24T11:14:58Z
Network: openweb
Published URL: https://crackingx.com/threads/69679/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential combolists for multiple country domains
Category: Combo List
Content: Threat actor distributes credential combolists for multiple country domains (LA, LB, LC, LI, LK, LR, LS, LT, LU, LV, LY) through Telegram channels, offering free access to combination lists and programs.
Date: 2026-03-24T11:14:37Z
Network: openweb
Published URL: https://crackingx.com/threads/69680/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of US credentials via D4RKNETHUB
Category: Combo List
Content: Threat actor D4rkNetHub allegedly made available a collection of 283,700 US-based credentials on a cracking forum. The post was shared in the combolists section, suggesting it contains email and password combinations.
Date: 2026-03-24T11:14:13Z
Network: openweb
Published URL: https://crackingx.com/threads/69681/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: A threat actor shared a collection of 1,800 allegedly valid Hotmail credentials on a cybercriminal forum, promoting a Telegram channel that claims to provide fresh email credential lists daily.
Date: 2026-03-24T11:13:50Z
Network: openweb
Published URL: https://crackingx.com/threads/69682/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Russian email credentials
Category: Combo List
Content: A threat actor shared a collection of 4,000 allegedly valid Russian email credentials dated March 24th on a cybercriminal forum.
Date: 2026-03-24T11:13:30Z
Network: openweb
Published URL: https://crackingx.com/threads/69683/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Barrons financial magazine in U.S
Category: Data Breach
Content: Group claims to have leaked the database of 480,000 users of Barrons. The compromised data includes names, email addresses, phone numbers, and location details such as country, ZIP code, state, and gender.
Date: 2026-03-24T11:10:40Z
Network: telegram
Published URL: https://t.me/c/2273625312/3458
Screenshots:
None
Threat Actors: Yiqun data
Victim Country: USA
Victim Industry: Newspapers & Journalism
Victim Organization: barrons financial magazine
Victim Site: barrons.com
Alleged leak of t-online.de credentials
Category: Combo List
Content: A credential list containing 22,831 lines targeting the t-online.de domain was shared on a cybercrime forum via a file hosting service.
Date: 2026-03-24T11:04:00Z
Network: openweb
Published URL: https://crackingx.com/threads/69677/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Germany
Victim Industry: Telecommunications
Victim Organization: Deutsche Telekom
Victim Site: t-online.de
Alleged sale of an admin access to unidentified shop in Cyprus
Category: Initial Access
Content: Threat actor claims to be selling administrator access to a Cyprus-based website with a credit card redirect payment flow.
Date: 2026-03-24T10:54:30Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279040/
Screenshots:
None
Threat Actors: savel987
Victim Country: Cyprus
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of 1.5K Office365 Corporate data in USA
Category: Data Leak
Content: Threat actor claims to be selling 1.5k office365 corp data in USA.
Date: 2026-03-24T10:49:55Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279042/
Screenshots:
None
Threat Actors: Kay
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
FYNIX claim to target Kurdish governments organizations
Category: Alert
Content: A recent post by the group indicates that they are targeting Kurdish governments organizations.
Date: 2026-03-24T10:42:48Z
Network: telegram
Published URL: https://t.me/Fynix_313/351
Screenshots:
None
Threat Actors: FYNIX
Victim Country: Unknown
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of business credential combolist via Telegram
Category: Combo List
Content: Threat actor CODER is distributing a 2 million record business credential combolist for free via Telegram channels. The actor also operates channels for free cracking programs and tools.
Date: 2026-03-24T10:29:11Z
Network: openweb
Published URL: https://crackingx.com/threads/69675/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of stealer logs containing mixed credentials
Category: Combo List
Content: Threat actor fatetraffic shared a collection of 3,200 mixed stealer logs from March 2024 via a password-protected file hosting service. Stealer logs typically contain harvested credentials, cookies, and browser data from malware infections.
Date: 2026-03-24T10:16:04Z
Network: openweb
Published URL: https://crackingx.com/threads/69673/
Screenshots:
None
Threat Actors: fatetraffic
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized access to industrial greenhouse in Turkey
Category: Initial Access
Content: Group claims to have gained unauthorized access to the environmental climate controller in an industrial greenhouse.
Date: 2026-03-24T10:14:33Z
Network: telegram
Published URL: https://t.me/armeniancode_eng/86
Screenshots:
None
Threat Actors: Armenian code
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
NoName claim to target Denmark
Category: Alert
Content: A recent post by the group indicates that they are targeting Denmark.
Date: 2026-03-24T10:08:03Z
Network: telegram
Published URL: https://t.me/c/3584967422/132
Screenshots:
None
Threat Actors: NoName057(16)
Victim Country: Denmark
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German social media and e-commerce credentials
Category: Combo List
Content: A threat actor shared a combolist containing over 1.1 million credential pairs allegedly targeting German social media and shopping platforms. The data is being distributed for free via file sharing service.
Date: 2026-03-24T10:03:39Z
Network: openweb
Published URL: https://crackingx.com/threads/69672/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of butik-anita.edgeone.app by TmaqnirXploit (AbsurdSEC)
Category: Defacement
Content: TmaqnirXploit from the AbsurdSEC team successfully defaced the Butik Anita e-commerce website on March 24, 2026. The attack targeted what appears to be a retail clothing business hosted on the EdgeOne platform.
Date: 2026-03-24T09:50:33Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248083
Screenshots:
None
Threat Actors: TmaqnirXploit, AbsurdSEC
Victim Country: Unknown
Victim Industry: Retail/E-commerce
Victim Organization: Butik Anita
Victim Site: butik-anita.edgeone.app
Alleged distribution of credential combolist containing 28,000 accounts
Category: Combo List
Content: A threat actor shared a combolist containing 28,000 unique credential pairs on a cybercriminal forum. The post content is restricted to registered users only.
Date: 2026-03-24T09:19:39Z
Network: openweb
Published URL: https://crackingx.com/threads/69670/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Prime Repair Pro by hmpforbidden88 team member rynmrzq
Category: Defacement
Content: The website of Prime Repair Pro was defaced by attacker rynmrzq from the hmpforbidden88 team on March 24, 2026. This was a single-target home page defacement rather than a mass defacement campaign.
Date: 2026-03-24T08:46:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813577
Screenshots:
None
Threat Actors: rynmrzq, hmpforbidden88
Victim Country: Unknown
Victim Industry: Professional Services
Victim Organization: Prime Repair Pro
Victim Site: www.primerepairpro.com
Alleged distribution of credential combolists via Telegram channels
Category: Combo List
Content: A threat actor is distributing email:password credential combolists through multiple Telegram channels, offering free access to stolen credentials and cracking tools.
Date: 2026-03-24T08:42:48Z
Network: openweb
Published URL: https://crackingx.com/threads/69668/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of absamail.co.za domain credentials
Category: Combo List
Content: A threat actor shared a combolist containing 6,469 credential entries targeting the absamail.co.za domain through a file sharing platform.
Date: 2026-03-24T08:42:09Z
Network: openweb
Published URL: https://crackingx.com/threads/69669/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: South Africa
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: absamail.co.za
Alleged leak of Binance credentials
Category: Combo List
Content: User claims to have freshly extracted Binance login credentials and is making them available on a cybercrime forum. The content is hidden and requires registration to view details.
Date: 2026-03-24T08:00:45Z
Network: openweb
Published URL: https://crackingx.com/threads/69666/
Screenshots:
None
Threat Actors: Kinglukeman
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Binance
Victim Site: binance.com
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor alphaxdd shared a combolist containing 949 allegedly valid Hotmail email and password combinations through a free download link on a cybercriminal forum.
Date: 2026-03-24T07:46:31Z
Network: openweb
Published URL: https://crackingx.com/threads/69664/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of German domain credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 432,284 credential pairs allegedly associated with German domains through a file hosting service.
Date: 2026-03-24T07:46:11Z
Network: openweb
Published URL: https://crackingx.com/threads/69665/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Riaktr
Category: Data Breach
Content: Threat actor claims to be leaking a Riaktr database linked to Orange customers. The dataset reportedly includes user and device data such as usernames, email addresses, hashed passwords, roles, and account metadata (creation timestamps), along with user device records.
Date: 2026-03-24T07:44:33Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279031/
Screenshots:
None
Threat Actors: uawrongteam
Victim Country: Belgium
Victim Industry: Information Technology (IT) Services
Victim Organization: riaktr
Victim Site: riaktr.com
Alleged leak of Hotmail credentials with cookies
Category: Combo List
Content: Forum post claiming to have Hotmail email credentials with associated cookies, though no content is available in the post for verification.
Date: 2026-03-24T07:35:35Z
Network: openweb
Published URL: https://crackingx.com/threads/69663/
Screenshots:
None
Threat Actors: Kinglukeman
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Sale of Webmail Access
Category: Initial Access
Content: The threat actor claims to be selling access to a webmail account of host35.server.ae.
Date: 2026-03-24T07:28:38Z
Network: openweb
Published URL: https://xforums.st/threads/host35-server-ae-webmail-login.580663/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: UAE
Victim Industry: Information Technology (IT) Services
Victim Organization: Unknown
Victim Site: host35.server.ae
Alleged Sale of USA CC Data
Category: Data Leak
Content: Threat actor claims to be selling a large dataset of compromised US credit card information allegedly obtained via sniffing techniques.The dataset reportedly includes full cardholder details such as card number, expiration date, CVV, full name, phone number, address, city, state, ZIP code, email, and country.
Date: 2026-03-24T07:27:43Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279032/
Screenshots:
None
Threat Actors: mesin
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of credential combolists via Telegram channels
Category: Combo List
Content: Threat actor CODER is distributing free credential combolists through Telegram channels and offering additional combos through direct contact. The actor also provides free cracking programs through a separate Telegram channel.
Date: 2026-03-24T07:24:12Z
Network: openweb
Published URL: https://crackingx.com/threads/69661/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Johnston County town thwarts cyber attack
Category: Cyber Attack
Content: The city of Clayton, North Carolina, detected suspicious activity on its network on March 18, 2026 and took the precaution of taking the system offline to contain the threat. While the investigation is still ongoing, authorities confirmed that it was not a major cyberattack and that no sensitive data was compromised. The citys services are operating normally, although some activities are temporarily limited during the secure restoration of systems.
Date: 2026-03-24T07:16:31Z
Network: openweb
Published URL: https://www.sfntoday.com/2026/03/23/johnston-county-town-thwarts-cyber-attack/
Screenshots:
None
Threat Actors:
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Town of Clayton
Victim Site: townofclaytonnc.org
Website defacement of bcab.bi by Leviathan Perfect Hunter team
Category: Defacement
Content: The Leviathan Perfect Hunter team, through attacker aexdy, successfully defaced the bcab.bi website on March 24, 2026. The specific page targeted was hx.html on the Burundian domain.
Date: 2026-03-24T07:04:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813544
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Burundi
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: bcab.bi
Alleged leak of Hotmail credentials
Category: Combo List
Content: Actor ValidMail allegedly leaked a combolist containing 41,000 Hotmail credentials marked as valid for forum access on CrackingX forum.
Date: 2026-03-24T07:03:18Z
Network: openweb
Published URL: https://crackingx.com/threads/69659/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of credential combolist containing 28,000 records
Category: Combo List
Content: A threat actor shared a credential combolist containing 28,000 unique username and password combinations on a cybercriminal forum.
Date: 2026-03-24T06:50:44Z
Network: openweb
Published URL: https://crackingx.com/threads/69658/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Cuties.AI
Category: Data Breach
Content: The threat actor claims to have breached the database of Cuties.AI, the dataset contains wide range of user-related information.
Date: 2026-03-24T06:39:44Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Cuties-AI-Database-Leaked-Download
Screenshots:
None
Threat Actors: punk
Victim Country: Unknown
Victim Industry: Information Technology (IT) Services
Victim Organization: cuties.ai
Victim Site: cuties.ai
Alleged leak of credentials targeting brtph7ee.bnr.ca domain
Category: Combo List
Content: A threat actor shared a credential list containing 12,865 lines targeting the brtph7ee.bnr.ca domain via a file sharing platform.
Date: 2026-03-24T06:27:28Z
Network: openweb
Published URL: https://crackingx.com/threads/69657/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: brtph7ee.bnr.ca
Alleged data breach of Commission on Accreditation for Law Enforcement Agencies (CALEA)
Category: Data Breach
Content: A threat actor claims to have leaked data from a U.S. government system, including employee information, law enforcement protocols, and data related to Mexico.
Date: 2026-03-24T06:26:43Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-MEXICO-AND-USA-CALEA
Screenshots:
None
Threat Actors: Alz_157s
Victim Country: USA
Victim Industry: Government & Public Sector
Victim Organization: commission on accreditation for law enforcement agencies, inc
Victim Site: calea.org
Alleged Sale of Unauthorized Domain User Access to Multiple Educational Institutions in South Africa
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized domain user access to higher education institutions, including colleges and universities in South Africa. The access includes Kerberos TGS credentials and reportedly covers approximately 1,239 active hosts.
Date: 2026-03-24T06:22:39Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279029/
Screenshots:
None
Threat Actors: malaria
Victim Country: South Africa
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: Actor leaked a combolist containing 1,568 allegedly fresh and valid Hotmail email and password combinations on a cybercriminal forum.
Date: 2026-03-24T06:15:45Z
Network: openweb
Published URL: https://crackingx.com/threads/69656/
Screenshots:
None
Threat Actors: Cir4d
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of American Vitamins by VinzXploit (CYBER ERROR SYSTEM)
Category: Defacement
Content: VinzXploit from CYBER ERROR SYSTEM team defaced the American Vitamins website on March 24, 2026. This was identified as a redefacement incident targeting the health and wellness companys Indian domain.
Date: 2026-03-24T06:12:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813501
Screenshots:
None
Threat Actors: VinzXploit, CYBER ERROR SYSTEM
Victim Country: India
Victim Industry: Health and Wellness
Victim Organization: American Vitamins
Victim Site: americanvitamins.in
Website defacement of Gargi Group by VinzXploit/CYBER ERROR SYSTEM
Category: Defacement
Content: VinzXploit, associated with CYBER ERROR SYSTEM team, successfully defaced the Gargi Group website on March 24, 2026. The attack targeted a specific page (Vinz.html) rather than the main homepage.
Date: 2026-03-24T06:12:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813507
Screenshots:
None
Threat Actors: VinzXploit, CYBER ERROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Gargi Group
Victim Site: gargigroup.com
Website defacement of JMD Steels Infrastructure by VinzXploit/CYBER ERROR SYSTEM
Category: Defacement
Content: VinzXploit from the CYBER ERROR SYSTEM team successfully defaced the JMD Steels Infrastructure website on March 24, 2026. The attack targeted a steel and infrastructure companys web presence, compromising a specific page on their domain.
Date: 2026-03-24T06:11:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813511
Screenshots:
None
Threat Actors: VinzXploit, CYBER ERROR SYSTEM
Victim Country: India
Victim Industry: Steel/Infrastructure
Victim Organization: JMD Steels Infrastructure
Victim Site: jmdsteelsinfra.com
Website defacement of matify.co.in by VinzXploit (CYBER ERROR SYSTEM)
Category: Defacement
Content: VinzXploit from CYBER ERROR SYSTEM team defaced the matify.co.in website on March 24, 2026. The attack targeted a specific page (Vinz.html) rather than the main homepage.
Date: 2026-03-24T06:10:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813517
Screenshots:
None
Threat Actors: VinzXploit, CYBER ERROR SYSTEM
Victim Country: India
Victim Industry: Unknown
Victim Organization: Matify
Victim Site: matify.co.in
Website defacement of Raj Darbar Spaces by VinzXploit/CYBER ERROR SYSTEM
Category: Defacement
Content: VinzXploit from the CYBER ERROR SYSTEM team defaced the website of Raj Darbar Spaces, a real estate company based in Karnal, India on March 24, 2026.
Date: 2026-03-24T06:10:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813523
Screenshots:
None
Threat Actors: VinzXploit, CYBER ERROR SYSTEM
Victim Country: India
Victim Industry: Real Estate
Victim Organization: Raj Darbar Spaces
Victim Site: rajdarbarspaceskarnal.com
Website defacement of Victor School by VinzXploit (CYBER ERROR SYSTEM)
Category: Defacement
Content: VinzXploit from the CYBER ERROR SYSTEM team defaced the Victor School website on March 24, 2026. The attack targeted an educational institutions website in India.
Date: 2026-03-24T06:09:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813527
Screenshots:
None
Threat Actors: VinzXploit, CYBER ERROR SYSTEM
Victim Country: India
Victim Industry: Education
Victim Organization: Victor School
Victim Site: victorschool.in
Alleged Data Breach of Emergíacc–Conalcréditos
Category: Data Breach
Content: The threat actor claims to have leaked a database allegedly linked to Emergíacc–Conalcréditos.
Date: 2026-03-24T06:04:26Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Emergiacc-Conalcreditos-Colombia-Company-BBVA
Screenshots:
None
Threat Actors: Petro_Escobar
Victim Country: Colombia
Victim Industry: Financial Services
Victim Organization: emergíacc
Victim Site: conalcreditos.com.co
Website defacement of Brazilian dental practice by VinzXploit (CYBER ERROR SYSTEM)
Category: Defacement
Content: CYBER ERROR SYSTEM threat actor VinzXploit defaced a Brazilian dental practice website on March 24, 2026. The attack targeted a single healthcare providers online presence.
Date: 2026-03-24T06:03:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813491
Screenshots:
None
Threat Actors: VinzXploit, CYBER ERROR SYSTEM
Victim Country: Brazil
Victim Industry: Healthcare
Victim Organization: Dr. Carla Montanha Dentista
Victim Site: dracarlamontanhadentista.com.br
Website defacement of Duarte Veterinary by VinzXploit/CYBER ERROR SYSTEM
Category: Defacement
Content: VinzXploit from CYBER ERROR SYSTEM team defaced the Duarte Veterinary website on March 24, 2026. The attack targeted a Brazilian veterinary services website, resulting in unauthorized modification of the sites content.
Date: 2026-03-24T06:02:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813493
Screenshots:
None
Threat Actors: VinzXploit, CYBER ERROR SYSTEM
Victim Country: Brazil
Victim Industry: Veterinary Services
Victim Organization: Duarte Veterinary
Victim Site: duartevet.com.br
Website defacement of Grupo Gran Para by VinzXploit (CYBER ERROR SYSTEM)
Category: Defacement
Content: VinzXploit from the CYBER ERROR SYSTEM team successfully defaced the Grupo Gran Para website on March 24, 2026. The attack targeted a specific page on the Brazilian companys domain.
Date: 2026-03-24T06:02:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813494
Screenshots:
None
Threat Actors: VinzXploit, CYBER ERROR SYSTEM
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Grupo Gran Para
Victim Site: grupogranpara.com.br
Website defacement of Brazilian chiropractic clinic by VinzXploit (CYBER ERROR SYSTEM)
Category: Defacement
Content: VinzXploit from the CYBER ERROR SYSTEM team defaced a Brazilian chiropractic and massage therapy clinic website on March 24, 2026. The attack targeted a healthcare service providers online presence.
Date: 2026-03-24T06:01:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813496
Screenshots:
None
Threat Actors: VinzXploit, CYBER ERROR SYSTEM
Victim Country: Brazil
Victim Industry: Healthcare
Victim Organization: Quiropraxia Massoterapia
Victim Site: quiropraxiamassoterapia.com.br
Website defacement of strike7perfomance.com by VinzXploit/CYBER ERROR SYSTEM
Category: Defacement
Content: VinzXploit, associated with the CYBER ERROR SYSTEM team, successfully defaced the Strike7 Performance website on March 24, 2026. The attack targeted a specific page (Vinz.htm) rather than the main site homepage.
Date: 2026-03-24T06:00:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813498
Screenshots:
None
Threat Actors: VinzXploit, CYBER ERROR SYSTEM
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Strike7 Performance
Victim Site: strike7perfomance.com
Website defacement of Completo Clean by VinzXploit/CYBER ERROR SYSTEM
Category: Defacement
Content: VinzXploit from CYBER ERROR SYSTEM team defaced the Danish cleaning company Completo Cleans website on March 24, 2026. The attack targeted a specific page (Vinz.html) on the completoclean.dk domain.
Date: 2026-03-24T06:00:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813499
Screenshots:
None
Threat Actors: VinzXploit, CYBER ERROR SYSTEM
Victim Country: Denmark
Victim Industry: Cleaning Services
Victim Organization: Completo Clean
Victim Site: completoclean.dk
chinafans targets the website of Incrediwear
Category: Defacement
Content: The group claims to have defaced the website of Incrediwear
Date: 2026-03-24T05:54:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813481
Screenshots:
None
Threat Actors: chinafans
Victim Country: USA
Victim Industry: Medical Equipment Manufacturing
Victim Organization: incrediwear
Victim Site: incrediwear.ee
Alleged leak of streaming service credentials combolist
Category: Combo List
Content: Threat actor CODER is distributing a 15 million record streaming services credential combolist for free through Telegram channels. The actor operates multiple Telegram groups for sharing free credential lists and programs.
Date: 2026-03-24T05:48:40Z
Network: openweb
Published URL: https://crackingx.com/threads/69655/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Entertainment
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Mondial Tissus
Category: Data Breach
Content: A threat actor claims to be selling a database from Mondial Tissus, containing 365,900 customer records from 2019–2026. The data reportedly includes bookings and customer information, and sample has been shared.
Date: 2026-03-24T05:44:56Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-FR-MONDIAL-TISSUS
Screenshots:
None
Threat Actors: DumpSec
Victim Country: France
Victim Industry: Retail Industry
Victim Organization: mondial tissus
Victim Site: mondialtissus.fr
chinafans targets the website of KYM Tourism
Category: Defacement
Content: The group targets the website of KYM Tourism.
Date: 2026-03-24T05:41:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813480
Screenshots:
None
Threat Actors: chinafans
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: kym tourism
Victim Site: kymtourism.com
Alleged Data Breach of Universidad de La Serena
Category: Data Breach
Content: A threat actor claims to have leaked data from Universidad de La Serena. The compromised data reportedly contains 10,000 website records, including full names and associated user codes. A sample of the data has been shared.
Date: 2026-03-24T05:41:09Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-CL-10K-USERENA-CL
Screenshots:
None
Threat Actors: NyxarGroup
Victim Country: Chile
Victim Industry: Education
Victim Organization: universidad de la serena
Victim Site: userena.cl
Alleged leak of Gmail cryptocurrency-related combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 1.7 million Gmail credentials specifically targeting cryptocurrency-related accounts. The credentials were made available as a free download through a file sharing service.
Date: 2026-03-24T05:38:29Z
Network: openweb
Published URL: https://crackingx.com/threads/69654/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Gmail
Victim Site: gmail.com
Alleged Sale of Unauthorized Access to JD Consultores
Category: Initial Access
Content: The threat actor claims to be selling unauthorized access related to JD Consultores.
Date: 2026-03-24T05:32:05Z
Network: openweb
Published URL: https://darkforums.su/Thread-Access-to-JD-Consultores-jdconsultores-com-br
Screenshots:
None
Threat Actors: pstipwner
Victim Country: Brazil
Victim Industry: Financial Services
Victim Organization: jd consultores
Victim Site: jdconsultores.com.br
chinafans targets the website of SOFT Developpement
Category: Defacement
Content: The group claims to have defaced the website of SOFT Developpement.
Date: 2026-03-24T05:30:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813484
Screenshots:
None
Threat Actors: chinafans
Victim Country: France
Victim Industry: Real Estate
Victim Organization: soft developpement
Victim Site: soft-developpement.com
Alleged Data Breach of CamGSM Company Ltd.
Category: Data Breach
Content: Threat Actor claims to have breached the database of CamGSM Company Ltd. in Cambodia. The dataset includes various types of internal data and files.
Date: 2026-03-24T05:23:11Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279014/
Screenshots:
None
Threat Actors: UNIT_PEGASUS
Victim Country: Cambodia
Victim Industry: Network & Telecommunications
Victim Organization: camgsm company ltd.
Victim Site: cellcard.com.kh
Alleged Data Breach of UnitedHealth Group
Category: Data Breach
Content: Threat Actor claims to have breached the database of UnitedHealth Group in USA and obtained sensitive data, with the dataset reportedly spanning from 2024 to 2026 and containing over 500,000 records, including SSNs, dates of birth, addresses, and phone numbers of individuals primarily from Florida.
Date: 2026-03-24T05:22:48Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279019/
Screenshots:
None
Threat Actors: luc1f3rg4ng
Victim Country: USA
Victim Industry: Hospital & Health Care
Victim Organization: unitedhealth group
Victim Site: unitedhealthgroup.com
Website defacement of kimonlusci.org by cyberskk/SKK GRUP
Category: Defacement
Content: The attacker cyberskk from team SKK GRUP successfully defaced the kimonlusci.org website on March 24, 2026. This was a single-site targeted defacement affecting the uploads/galerie section of the domain.
Date: 2026-03-24T05:09:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813487
Screenshots:
None
Threat Actors: cyberskk, SKK GRUP
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: kimonlusci.org
Alleged Sale of Unauthorized Shell Access to a Manufacturing Company in Lebanon
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized shell access to a company in Lebanon operating in the textile, manufacturing, and retail sector. The access includes SYSTEM and Local Administrator privileges across more than 90 hosts, with the environment reportedly protected by Windows Defender.
Date: 2026-03-24T05:09:06Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279021/
Screenshots:
None
Threat Actors: Saturned33
Victim Country: Lebanon
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of 17live
Category: Data Breach
Content: The threat actor claims to have breached the database of 17live, the dataset contains important user datas and user accounts.
Date: 2026-03-24T04:51:22Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-17Media-17-live-databreach-28-052-321-records
Screenshots:
None
Threat Actors: fanfan
Victim Country: Taiwan
Victim Industry: Social Media & Online Social Networking
Victim Organization: 17live
Victim Site: 17.live
Alleged Sale of Unauthorized Shell Access to a Scientific Research Organization in UK
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized shell access to a scientific research organization in UK. The access includes SYSTEM and Local Administrator privileges across more than 40 hosts, with the environment reportedly protected by Windows Defender.
Date: 2026-03-24T04:43:17Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279018/
Screenshots:
None
Threat Actors: Saturned33
Victim Country: UK
Victim Industry: Research Industry
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of 660 U.S Credit Card Records
Category: Data Leak
Content: Threat Actor claims to be selling a dataset of approximately 660 U.S credit card records allegedly obtained via sniffing techniques, with a stated validity rate of 70–80%. The dataset reportedly includes credit card numbers, expiration dates, CVV codes, full names, phone numbers, addresses, city, state, ZIP codes, email addresses, and country details.
Date: 2026-03-24T04:34:30Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279016/
Screenshots:
None
Threat Actors: corptoday
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized RDP and GlobalProtect Access to a Telecommunications Company in Cambodia
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized access to a telecommunications company in Cambodia via GlobalProtect VPN and RDP. The access includes domain user privileges with local administrator rights, spans a network of over 200 systems, and involves an environment with two domain controllers.
Date: 2026-03-24T04:28:06Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279017/
Screenshots:
None
Threat Actors: UNIT_PEGASUS
Victim Country: Cambodia
Victim Industry: Network & Telecommunications
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of WordPress credential lists
Category: Combo List
Content: Threat actor allegedly shared WordPress credential lists in URL:login:password format on cybercriminal forum. No post content was available to determine specific details about the scope or source of the credentials.
Date: 2026-03-24T04:26:56Z
Network: openweb
Published URL: https://crackingx.com/threads/69653/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of OVHcloud
Category: Data Breach
Content: A threat actor claims to be selling a database linked to OVHcloud. The actor alleges access to a parent account and servers, exposing data of 1.6 million customers and 5.9 million hosted websites, including website code, databases, and server configurations. A sample record has been shared as proof of the breach.
Date: 2026-03-24T04:23:58Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-1-6-million-customers-5-9-million-OVH-Fresh-sites?highlight=OVHcloud
Screenshots:
None
Threat Actors: contactbreachforums
Victim Country: France
Victim Industry: Information Technology (IT) Services
Victim Organization: ovhcloud
Victim Site: ovhcloud.com
Alleged Sale of Unauthorized Shell Access to an Unidentified Industrial Manufacturing Company in Germany
Category: Initial Access
Content: Threat Actor claims to be selling Windows shell access to an organization in Germany operating in the industrial manufacturing sector. The access includes SYSTEM/NT and Local Administrator privileges across more than 10 hosts, with antivirus protection reportedly using Sophos.
Date: 2026-03-24T04:22:08Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279015/
Screenshots:
None
Threat Actors: Saturned33
Victim Country: Germany
Victim Industry: Manufacturing & Industrial Products
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of European and US credential combolists
Category: Combo List
Content: A threat actor is distributing credential combolists claimed to be high quality and fully valid, targeting users from Europe and the United States. The post advertises the availability of these credential lists on a cybercriminal forum.
Date: 2026-03-24T04:16:27Z
Network: openweb
Published URL: https://crackingx.com/threads/69651/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed domain credential list
Category: Combo List
Content: A credential list containing 9,083 lines targeting mixed domains was shared for free download via a file hosting service.
Date: 2026-03-24T04:16:09Z
Network: openweb
Published URL: https://crackingx.com/threads/69652/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist in URL:LOGIN:PASS format
Category: Combo List
Content: Actor gsmfix shared a credential combolist in URL:LOGIN:PASS format, described as high quality and private. The post contains minimal details about the source or scope of the credentials.
Date: 2026-03-24T04:05:55Z
Network: openweb
Published URL: https://crackingx.com/threads/69649/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed US and European credential combolist
Category: Combo List
Content: Threat actor gsmfix distributing an exclusive credential combolist containing mixed hits from USA and Europe regions. The post advertises the availability of credential combinations without specifying pricing information.
Date: 2026-03-24T04:05:34Z
Network: openweb
Published URL: https://crackingx.com/threads/69650/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
chinafans targets the website of Valzo Soft Solutions
Category: Defacement
Content: The group claims to have defaced the website of Valzo Soft Solutions
Date: 2026-03-24T04:01:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813465
Screenshots:
None
Threat Actors: chinafans
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: valzo soft solutions
Victim Site: valzosoft.com
0xteam targets the website of SportsBee
Category: Defacement
Content: The group claims to have defaced the website of SportsBee.
Date: 2026-03-24T03:56:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813485
Screenshots:
None
Threat Actors: 0xteam
Victim Country: Unknown
Victim Industry: Sports
Victim Organization: sportsbee
Victim Site: sportsbee.net
Website defacement of earnweb3.click by chinafans/0xteam
Category: Defacement
Content: The threat actor chinafans from the 0xteam group successfully defaced the earnweb3.click website on March 24, 2026. The target appears to be a Web3/cryptocurrency-related platform based on the domain name.
Date: 2026-03-24T03:51:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813451
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology/Cryptocurrency
Victim Organization: Unknown
Victim Site: earnweb3.click
Website defacement of entrepreneursinfo.com by chinafans (0xteam)
Category: Defacement
Content: The attacker chinafans from the 0xteam group defaced entrepreneursinfo.com on March 24, 2026. The incident targeted a business/entrepreneurship-focused website and was documented with a mirror URL for evidence preservation.
Date: 2026-03-24T03:51:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813452
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Business/Entrepreneurship
Victim Organization: Unknown
Victim Site: entrepreneursinfo.com
0xteam targets the website of REAT Group
Category: Defacement
Content: The group claims to have defaced the website of REAT Group
Date: 2026-03-24T03:51:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813486
Screenshots:
None
Threat Actors: 0xteam
Victim Country: South Africa
Victim Industry: Real Estate
Victim Organization: reat group
Victim Site: reatgroup.co.za
Website defacement of newsburners.com by chinafans/0xteam
Category: Defacement
Content: The chinafans attacker, associated with 0xteam, successfully defaced the News Burners website on March 24, 2026. The defacement targeted a news media organizations website and was archived as a single site compromise rather than a mass defacement campaign.
Date: 2026-03-24T03:50:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813453
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Media/News
Victim Organization: News Burners
Victim Site: newsburners.com
Website defacement of newsmaniaweb.com by chinafans/0xteam
Category: Defacement
Content: The attacker chinafans from 0xteam successfully defaced the news website newsmaniaweb.com on March 24, 2026. This appears to be a single-target defacement incident affecting a media organizations web presence.
Date: 2026-03-24T03:49:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813455
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Media/News
Victim Organization: News Mania Web
Victim Site: newsmaniaweb.com
Website defacement of newsninjapro.com by chinafans/0xteam
Category: Defacement
Content: The attacker chinafans from 0xteam successfully defaced the news website newsninjapro.com on March 24, 2026. The defacement targeted a single page rather than being part of a mass defacement campaign.
Date: 2026-03-24T03:49:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813456
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Media/News
Victim Organization: News Ninja Pro
Victim Site: newsninjapro.com
Website defacement of Mowelfund by chinafans/0xteam
Category: Defacement
Content: The website of Mowelfund, a Philippine healthcare and insurance organization, was defaced by the attacker chinafans associated with 0xteam on March 24, 2026. The defacement targeted a specific file (0x.txt) on the organizations domain.
Date: 2026-03-24T03:48:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813457
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Philippines
Victim Industry: Healthcare/Insurance
Victim Organization: Mowelfund
Victim Site: mowelfund.com
Website defacement of fashioneya.com by chinafans/0xteam
Category: Defacement
Content: The attacker chinafans from team 0xteam defaced the fashion website fashioneya.com on March 24, 2026. The defacement targeted a specific page (0x.txt) rather than the homepage and appears to be an isolated incident rather than part of a mass defacement campaign.
Date: 2026-03-24T03:48:11Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813459
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Fashion/Retail
Victim Organization: Fashioneya
Victim Site: fashioneya.com
Website defacement of cafe95.com.au by chinafans/0xteam
Category: Defacement
Content: The website cafe95.com.au was defaced by attacker chinafans associated with 0xteam on March 24, 2026. The defacement targeted what appears to be an Australian cafes website.
Date: 2026-03-24T03:47:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813460
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Australia
Victim Industry: Food & Beverage
Victim Organization: Cafe 95
Victim Site: cafe95.com.au
Website defacement of nudbas.com by chinafans (0xteam)
Category: Defacement
Content: The website nudbas.com was defaced by attacker chinafans associated with the 0xteam group on March 24, 2026. The defacement targeted a specific file path (/0x.txt) on the domain.
Date: 2026-03-24T03:47:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813461
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: nudbas.com
Website defacement of Kaduvettoor Church by chinafans/0xteam
Category: Defacement
Content: The attacker chinafans from 0xteam successfully defaced the Kaduvettoor Church website on March 24, 2026. The defacement targeted a religious organizations online presence in India.
Date: 2026-03-24T03:46:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813463
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: India
Victim Industry: Religious Organization
Victim Organization: Kaduvettoor Church
Victim Site: kaduvettoorchurch.com
Website defacement of lgo168.net by chinafans/0xteam
Category: Defacement
Content: Website defacement attack carried out by attacker chinafans associated with 0xteam against lgo168.net on March 24, 2026. The incident was documented and archived with mirror evidence available.
Date: 2026-03-24T03:45:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813464
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: lgo168.net
Website defacement of Valzosoft by chinafans (0xteam)
Category: Defacement
Content: The attacker chinafans from the 0xteam group successfully defaced the Valzosoft company website on March 24, 2026. The defacement targeted a technology/software companys web presence.
Date: 2026-03-24T03:45:14Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813465
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology/Software
Victim Organization: Valzosoft
Victim Site: valzosoft.com
Website defacement of Our Connections Group by chinafans/0xteam
Category: Defacement
Content: The website ourconnectionsgroup.com was defaced by attacker chinafans associated with 0xteam on March 24, 2026. The defacement targeted a business services organizations website.
Date: 2026-03-24T03:44:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813466
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Business Services
Victim Organization: Our Connections Group
Victim Site: ourconnectionsgroup.com
Website defacement of h2doprooo.online by chinafans/0xteam
Category: Defacement
Content: Website defacement incident targeting h2doprooo.online conducted by attacker chinafans associated with 0xteam on March 24, 2026. The attack resulted in unauthorized modification of the target websites content.
Date: 2026-03-24T03:44:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813470
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: h2doprooo.online
Website defacement of cantez.com.tr by chinafans (0xteam)
Category: Defacement
Content: The website cantez.com.tr was defaced by attacker chinafans associated with the 0xteam group on March 24, 2026. The defacement targeted a Turkish domain with unknown organizational affiliation.
Date: 2026-03-24T03:43:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813471
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: cantez.com.tr
Website defacement of phamdangquynh.com by chinafans/0xteam
Category: Defacement
Content: Website defacement attack conducted by attacker chinafans from team 0xteam targeting phamdangquynh.com on March 24, 2026. The attack was documented and mirrored on zone-xsec.com.
Date: 2026-03-24T03:42:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813472
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Vietnam
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: phamdangquynh.com
Website defacement of propertyhome.net by chinafans (0xteam)
Category: Defacement
Content: The attacker chinafans from 0xteam successfully defaced propertyhome.net on March 24, 2026. The defacement targeted a real estate website and evidence was archived on zone-xsec.com mirror.
Date: 2026-03-24T03:42:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813473
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Real Estate
Victim Organization: PropertyHome
Victim Site: propertyhome.net
Website defacement of parcelnexa.com by chinafans (0xteam)
Category: Defacement
Content: The logistics website parcelnexa.com was defaced by the attacker chinafans associated with the 0xteam group on March 24, 2026. The defacement targeted a specific file (0x.txt) rather than the homepage.
Date: 2026-03-24T03:41:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813476
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Logistics
Victim Organization: ParcelNexa
Victim Site: parcelnexa.com
Website defacement of elitrans-ci.com by chinafans (0xteam)
Category: Defacement
Content: The transportation company Elitrans in Côte dIvoire had their website defaced by the attacker chinafans affiliated with 0xteam on March 24, 2026. The defacement targeted a specific file path (0x.txt) on the companys domain.
Date: 2026-03-24T03:41:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813479
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Côte dIvoire
Victim Industry: Transportation
Victim Organization: Elitrans
Victim Site: elitrans-ci.com
Website defacement of KYM Tourism by chinafans (0xteam)
Category: Defacement
Content: The attacker chinafans from 0xteam defaced the KYM Tourism website on March 24, 2026. The defacement targeted a specific file path (/0x.txt) rather than the main homepage.
Date: 2026-03-24T03:40:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813480
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Tourism
Victim Organization: KYM Tourism
Victim Site: kymtourism.com
Website defacement of Incrediwear by chinafans/0xteam
Category: Defacement
Content: The attacker chinafans from 0xteam defaced the Incrediwear Estonia website on March 24, 2026. The defacement targeted the e-commerce platform of what appears to be a retail company operating in Estonia.
Date: 2026-03-24T03:39:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813481
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Estonia
Victim Industry: E-commerce/Retail
Victim Organization: Incrediwear
Victim Site: incrediwear.ee
Website defacement of Santuario Madonna del Bosco by chinafans (0xteam)
Category: Defacement
Content: The chinafans attacker, affiliated with 0xteam, successfully defaced the website of Santuario Madonna del Bosco, an Italian religious sanctuary, on March 24, 2026.
Date: 2026-03-24T03:39:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813482
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Italy
Victim Industry: Religious
Victim Organization: Santuario Madonna del Bosco Spinazzola
Victim Site: santuariomadonnadelboscospinaz…
Website defacement of soft-developpement.com by chinafans (0xteam)
Category: Defacement
Content: The attacker chinafans from 0xteam successfully defaced the French software development companys website on March 24, 2026. This was an isolated single-site defacement targeting the companys web presence.
Date: 2026-03-24T03:38:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813484
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: France
Victim Industry: Software Development
Victim Organization: Soft Développement
Victim Site: soft-developpement.com
Website defacement of sportsbee.net by chinafans/0xteam
Category: Defacement
Content: The attacker chinafans from 0xteam defaced the SportsBee website on March 24, 2026. This appears to be a targeted single-site defacement rather than a mass attack campaign.
Date: 2026-03-24T03:38:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813485
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Sports/Entertainment
Victim Organization: SportsBee
Victim Site: sportsbee.net
Website defacement of Reat Group by chinafans/0xteam
Category: Defacement
Content: The attacker chinafans from 0xteam defaced the Reat Group website on March 24, 2026. The defacement targeted a South African organizations website with minimal technical details available about the attack method.
Date: 2026-03-24T03:37:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813486
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: South Africa
Victim Industry: Unknown
Victim Organization: Reat Group
Victim Site: reatgroup.co.za
Alleged leak of Hotmail credentials targeting cryptocurrency users
Category: Combo List
Content: A threat actor leaked a combolist containing 470,212 credential pairs specifically targeting Hotmail accounts associated with cryptocurrency users. The data was made available as a free download via Mega file sharing service.
Date: 2026-03-24T03:30:32Z
Network: openweb
Published URL: https://crackingx.com/threads/69648/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of xvideos-th.com by chinafans/0xteam
Category: Defacement
Content: The threat actor chinafans from team 0xteam successfully defaced the Thai version of the XVideos adult entertainment website on March 24, 2026. The defacement targeted a specific path on the domain and was documented with a mirror URL for reference.
Date: 2026-03-24T03:28:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813306
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Thailand
Victim Industry: Adult Entertainment
Victim Organization: XVideos Thailand
Victim Site: xvideos-th.com
Website defacement of rubixdemos.com by chinafans/0xteam
Category: Defacement
Content: The attacker chinafans from the 0xteam group successfully defaced the rubixdemos.com website on March 24, 2026. This appears to be a single-target defacement rather than part of a mass campaign.
Date: 2026-03-24T03:28:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813308
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Rubix
Victim Site: rubixdemos.com
Website defacement of Kabs Travel Service by chinafans/0xteam
Category: Defacement
Content: The travel service website kabstravelservice.de was defaced by attacker chinafans from the 0xteam group on March 24, 2026. The defacement targeted a file named 0x.txt on the victims domain.
Date: 2026-03-24T03:27:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813309
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Germany
Victim Industry: Travel and Tourism
Victim Organization: Kabs Travel Service
Victim Site: kabstravelservice.de
Website defacement of agentedesaludyvida.com by chinafans/0xteam
Category: Defacement
Content: The healthcare website agentedesaludyvida.com was defaced by attacker chinafans associated with 0xteam on March 24, 2026. The defacement targeted a health and wellness services organization.
Date: 2026-03-24T03:27:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813311
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Agente de Salud y Vida
Victim Site: agentedesaludyvida.com
Website defacement of Prosser Eye Care by chinafans/0xteam
Category: Defacement
Content: The website of Prosser Eye Care was defaced by the attacker chinafans from the 0xteam group on March 24, 2026. The defacement targeted a healthcare providers website and was documented with a mirror URL for evidence preservation.
Date: 2026-03-24T03:26:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813312
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Healthcare
Victim Organization: Prosser Eye Care
Victim Site: prossereyecare.com
Website defacement of Succentric Solutions by chinafans/0xteam
Category: Defacement
Content: The attacker chinafans from the 0xteam group defaced the Succentric Solutions website on March 24, 2026. The defacement targeted a specific file (0x.txt) on the companys domain.
Date: 2026-03-24T03:26:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813313
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology/Business Services
Victim Organization: Succentric Solutions
Victim Site: succentricsolutions.com
Website defacement of toysndecor.pk by chinafans (0xteam)
Category: Defacement
Content: The attacker chinafans from the 0xteam group successfully defaced the toysndecor.pk website on March 24, 2026. The incident targeted a Pakistani retail company specializing in toys and decorative items.
Date: 2026-03-24T03:25:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813314
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Pakistan
Victim Industry: Retail
Victim Organization: Toys N Decor
Victim Site: toysndecor.pk
Website defacement of jd-imo.de by chinafans/0xteam
Category: Defacement
Content: The website jd-imo.de was defaced by the attacker chinafans associated with the 0xteam group on March 24, 2026. The defacement targeted a specific file (0x.txt) on the German domain.
Date: 2026-03-24T03:25:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813315
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: jd-imo.de
Website defacement of xinkdl.com by chinafans (0xteam)
Category: Defacement
Content: The attacker chinafans, affiliated with 0xteam, successfully defaced the website xinkdl.com on March 24, 2026. This appears to be a single-site defacement incident rather than a mass attack campaign.
Date: 2026-03-24T03:24:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813316
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: xinkdl.com
Website defacement of 360mnc.com by chinafans (0xteam)
Category: Defacement
Content: The website 360mnc.com was defaced by threat actor chinafans affiliated with 0xteam on March 24, 2026. This appears to be a single-target defacement attack rather than a mass or repeat defacement.
Date: 2026-03-24T03:23:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813317
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: 360mnc.com
Website defacement of regalo.health by chinafans/0xteam
Category: Defacement
Content: The healthcare website regalo.health was defaced by attacker chinafans associated with 0xteam on March 24, 2026. The defacement involved placing a file at the /0x.txt path on the target domain.
Date: 2026-03-24T03:23:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813318
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Unknown
Victim Site: regalo.health
Website defacement of bellcf.com by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans from the 0xteam group successfully defaced the website bellcf.com on March 24, 2026. This appears to be an isolated defacement incident rather than part of a mass campaign.
Date: 2026-03-24T03:22:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813319
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: bellcf.com
Website defacement of Legend Realty Group by chinafans/0xteam
Category: Defacement
Content: The chinafans attacker, associated with 0xteam, successfully defaced the Legend Realty Group website on March 24, 2026. The attack targeted a real estate companys web presence, with evidence archived in the zone-xsec mirror database.
Date: 2026-03-24T03:22:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813320
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Real Estate
Victim Organization: Legend Realty Group
Victim Site: legendrealtygroup.com
Website defacement of gim.co.ke by chinafans/0xteam
Category: Defacement
Content: The website gim.co.ke was defaced by attacker chinafans associated with 0xteam on March 24, 2026. The defacement targeted a specific page (/0x.txt) on the Kenyan domain.
Date: 2026-03-24T03:21:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813321
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Kenya
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: gim.co.ke
Website defacement of fnpic.org by chinafans/0xteam
Category: Defacement
Content: The website fnpic.org was defaced by attacker chinafans associated with 0xteam on March 24, 2026. This incident was classified as a redefacement, indicating the site had been previously compromised.
Date: 2026-03-24T03:20:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813324
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: fnpic.org
Website defacement of almancil.tech by chinafans/0xteam
Category: Defacement
Content: The website almancil.tech was defaced by the attacker chinafans associated with 0xteam on March 24, 2026. The defacement was documented and archived on zone-xsec.com mirror service.
Date: 2026-03-24T03:20:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813325
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Almancil Tech
Victim Site: almancil.tech
Website defacement of comparethebank.co.uk by chinafans/0xteam
Category: Defacement
Content: The financial comparison website comparethebank.co.uk was defaced by attacker chinafans affiliated with 0xteam on March 24, 2026. The attack targeted a UK-based financial services comparison platform.
Date: 2026-03-24T03:19:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813328
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United Kingdom
Victim Industry: Financial Services
Victim Organization: Compare The Bank
Victim Site: comparethebank.co.uk
Website defacement of Bhadrakali Hydro by chinafans/0xteam
Category: Defacement
Content: The website of Bhadrakali Hydro was defaced by attacker chinafans from the 0xteam group on March 24, 2026. The defacement targeted a hydroelectric power companys website.
Date: 2026-03-24T03:19:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813329
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Energy/Utilities
Victim Organization: Bhadrakali Hydro
Victim Site: bhadrakalihydro.com
Website defacement of scootynews.com by chinafans/0xteam
Category: Defacement
Content: The news website scootynews.com was defaced by attacker chinafans from the 0xteam group on March 24, 2026. The defacement targeted a specific file (0x.txt) rather than the homepage.
Date: 2026-03-24T03:18:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813331
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Media/News
Victim Organization: Scooty News
Victim Site: scootynews.com
Website defacement of Cereal Entertainment by chinafans/0xteam
Category: Defacement
Content: The entertainment company Cereal Entertainments website was defaced by the attacker chinafans associated with 0xteam on March 24, 2026. The defacement targeted a specific file (0x.txt) rather than the homepage.
Date: 2026-03-24T03:17:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813332
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Entertainment
Victim Organization: Cereal Entertainment
Victim Site: cerealentertainment.com
Website defacement of organigarden.ca by chinafans/0xteam
Category: Defacement
Content: The chinafans attacker from 0xteam compromised and defaced the organigarden.ca website on March 24, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-03-24T03:17:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813333
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Canada
Victim Industry: Agriculture/Gardening
Victim Organization: Organigarden
Victim Site: organigarden.ca
Website defacement of Americas Choice Carpet by chinafans (0xteam)
Category: Defacement
Content: The attacker chinafans from the group 0xteam defaced the website of Americas Choice Carpet, a flooring company, on March 24, 2026.
Date: 2026-03-24T03:16:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813335
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United States
Victim Industry: Retail/Flooring
Victim Organization: Americas Choice Carpet
Victim Site: americaschoicecarpet.com
Website defacement of 1st Rescue and Recovery by chinafans/0xteam
Category: Defacement
Content: The website of 1st Rescue and Recovery, a UK-based emergency services company, was defaced by the attacker chinafans associated with 0xteam on March 24, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-03-24T03:16:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813338
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: United Kingdom
Victim Industry: Emergency Services
Victim Organization: 1st Rescue and Recovery
Victim Site: 1strescueandrecovery.co.uk
Website defacement of aristokrata.net by chinafans/0xteam
Category: Defacement
Content: The threat actor chinafans from the 0xteam group successfully defaced the aristokrata.net website on March 24, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-03-24T03:15:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813340
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: aristokrata.net
Website defacement of jillaniz.com by chinafans (0xteam)
Category: Defacement
Content: The threat actor chinafans from the 0xteam group successfully defaced the website jillaniz.com on March 24, 2026. The attack targeted a specific file path (/0x.txt) on the victims domain.
Date: 2026-03-24T03:15:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813341
Screenshots:
None
Threat Actors: chinafans, 0xteam
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: jillaniz.com
Website defacement of Binder International by Leviathan Perfect Hunter team
Category: Defacement
Content: The Leviathan Perfect Hunter team, specifically member aexdy, defaced the Chinese website of Binder International on March 24, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-03-24T02:39:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813289
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: China
Victim Industry: Manufacturing
Victim Organization: Binder International
Victim Site: binder-international.cn
Alleged login access to Badan Kepegawaian Daerah Provinsi Kalimantan Utara
Category: Initial Access
Content: The group claims to have login access to Badan Kepegawaian Daerah Provinsi Kalimantan Utara
Date: 2026-03-24T02:33:56Z
Network: telegram
Published URL: https://t.me/InDoM1nusTe4m/124
Screenshots:
None
Threat Actors: InDoM1nus Team
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: badan kepegawaian daerah provinsi kalimantan utara
Victim Site: simpeg.kaltaraprov.go.id
Website defacement of deepsleep.wales by Leviathan Perfect Hunter
Category: Defacement
Content: The threat actor aexdy from the Leviathan Perfect Hunter team defaced the deepsleep.wales website on March 24, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-03-24T02:30:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813287
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: deepsleep.wales
Alleged leak of Hotmail credentials on cybercriminal forum
Category: Combo List
Content: Cybercriminal actor D4rkNetHub allegedly shared a collection of 121,000 Hotmail credentials on the CrackingX forum. The data appears to be distributed as part of a combolist collection rather than being sold.
Date: 2026-03-24T02:24:39Z
Network: openweb
Published URL: https://crackingx.com/threads/69647/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of honiks.ru by aexdy (Leviathan Perfect Hunter team)
Category: Defacement
Content: The Russian domain honiks.ru was defaced by attacker aexdy, affiliated with the Leviathan Perfect Hunter team, on March 24, 2026. This was an isolated defacement targeting a single page rather than a mass attack.
Date: 2026-03-24T02:21:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813286
Screenshots:
None
Threat Actors: aexdy, Leviathan Perfect Hunter
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: honiks.ru
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor noir shared a collection of 1,285 allegedly valid Hotmail credentials on a cybercrime forum, promoting them as high-quality and from a private cloud source.
Date: 2026-03-24T02:15:50Z
Network: openweb
Published URL: https://crackingx.com/threads/69646/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of t-online.de credentials
Category: Combo List
Content: A threat actor shared a credential list containing 5,218 lines targeting the t-online.de domain through a file hosting service.
Date: 2026-03-24T01:56:47Z
Network: openweb
Published URL: https://crackingx.com/threads/69645/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Germany
Victim Industry: Telecommunications
Victim Organization: T-Online
Victim Site: t-online.de
Alleged leak of Target Corp credentials
Category: Combo List
Content: A threat actor shared a combolist containing 135,102 credential pairs allegedly targeting Target Corp business accounts for SMTP spam purposes. The credentials are distributed for free via file sharing platform.
Date: 2026-03-24T01:08:07Z
Network: openweb
Published URL: https://crackingx.com/threads/69643/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: United States
Victim Industry: Retail
Victim Organization: Target Corp
Victim Site: Unknown
Nasir Security claims to target Federal Authority For Identity, Citizenship, Customs & Port Security
Category: Alert
Content: A recent post by the group indicates that they are targeting Federal Authority For Identity, Citizenship, Customs & Port Security and the data is expected to be published soon.
Date: 2026-03-24T00:47:10Z
Network: openweb
Published URL: http://nasir.cc/#
Screenshots:
None
Threat Actors: Nasir Security
Victim Country: UAE
Victim Industry: Government Administration
Victim Organization: federal authority for identity, citizenship, customs & port security
Victim Site: icp.gov.ae
Alleged data breach of Bank of America
Category: Data Breach
Content: The group claims to have breached data from Bank of America. The compromised data reportedly includes user ID, name and account type
Date: 2026-03-24T00:30:16Z
Network: telegram
Published URL: https://t.me/investigationAnonYmous0/13396
Screenshots:
None
Threat Actors: Investigation Anonymous
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: bank of america
Victim Site: Unknown
Website defacement of Liberty Energy by NUCLIER-Y-C-C-M
Category: Defacement
Content: NUCLIER-Y-C-C-M group defaced the Liberty Energy Nepal website on March 24, 2026, targeting the companys notice page.
Date: 2026-03-24T00:17:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/813285
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Nepal
Victim Industry: Energy
Victim Organization: Liberty Energy
Victim Site: libertyenergy.com.np
Alleged leak of Hotmail credentials
Category: Combo List
Content: Threat actor redcloud leaked a combolist containing 3,900 alleged valid Hotmail email credentials dated March 24, 2026. The credentials are being distributed for free via MediaFire download link.
Date: 2026-03-24T00:15:49Z
Network: openweb
Published URL: https://crackingx.com/threads/69642/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data breach of SMAN 1 PRACIMANTORO
Category: Data Breach
Content: The group claims to have breached data from SMAN 1 PRACIMANTORO
Date: 2026-03-24T00:10:42Z
Network: telegram
Published URL: https://t.me/BabayoErorSyteam/341
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Education
Victim Organization: sman 1 pracimantoro
Victim Site: sman1pracimantoro.com
Alleged leak of credential combolist
Category: Combo List
Content: Threat actor maicolpg19 shared a 2GB private credential pack via Mega file sharing service with password protection through Telegram channel.
Date: 2026-03-24T00:05:14Z
Network: openweb
Published URL: https://crackingx.com/threads/69641/
Screenshots:
None
Threat Actors: maicolpg19
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown