[March-27-2026] Daily Cybersecurity Threat Report

Executive Summary

This report analyzes a concentrated burst of cyber threat activity encompassing over 330 documented incidents. The threat landscape during this period is characterized by a high volume of automated mass defacements, the aggressive distribution of massive credential “combo lists” via Telegram and underground forums, and significant data breaches impacting government, educational, and corporate entities globally. The data suggests a dual-tiered threat environment: widespread, low-sophistication opportunistic attacks (defacements, credential stuffing) operating alongside high-impact data brokerage and initial access sales.

1. Threat Landscape Overview

The incidents analyzed fall into several distinct categories, revealing the current operational focus of active threat actors:

Website Defacements: A significant portion of the logged incidents involved website defacements. These were rarely targeted ideological attacks; instead, they were predominantly mass defacement campaigns exploiting widespread vulnerabilities (often on Linux servers or WordPress installations).
Credential Leaks (Combo Lists): The sheer volume of compromised credentials distributed during this period is staggering. Threat actors are freely sharing databases containing millions of email/password combinations (Hotmail, Gmail, Yahoo, corporate domains). These are primarily utilized for credential stuffing attacks.
Data Breaches & Leaks: High-value data is being actively brokered on forums like BreachForums and Exploit.in. Compromised data ranges from corporate intellectual property and employee records to sensitive government databases and healthcare information.
Initial Access & Vulnerabilities: There is a robust market for Initial Access Brokers (IABs). Access is frequently sold in the form of SMTP shell access, WordPress admin credentials, or direct network access. Additionally, threat groups are actively leaking SQL injection vulnerabilities.

2. Key Threat Actor Profiles & TTPs (Tactics, Techniques, and Procedures)

Several highly active threat actors and groups dominated the reporting period:

Defacement Actors

systemdarkdenied: This actor executed a massive, automated defacement campaign. They predominantly targeted Indian infrastructure, with a specific focus on educational institutions, local businesses, and “Paying Guest” (PG) accommodations. Their attacks routinely compromised Linux-based servers.
CYKOMNEPAL: A highly active group focused on South Asia, specifically targeting Nepal, India, and Bangladesh. They frequently targeted e-commerce, healthcare, and educational sites, often defacing specific sub-pages rather than root domains.
DimasHxR: This actor conducted numerous single-site defacements globally, impacting sites in South Africa, the Netherlands, Brazil, and Bangladesh. A recurring TTP for this actor was modifying the readme.txt file on the target servers.
Alpha wolf (Attacker XYZ): Executed mass defacement campaigns, particularly targeting Australian IT and commercial sites hosted on Linux systems.

Data Brokers & Credential Distributors

CODER: A prolific distributor of massive credential combo lists. They utilized Telegram channels to freely distribute millions of records, including AWS credentials, corporate business emails, and educational sector credentials, while offering related cracking tools.
HQcomboSpace: Focused on distributing massive combo lists, including 772,921 Gmail credentials, over 1 million German credentials, and 1.6 million Yahoo credentials.
Z-Root: Specialized in discovering and leaking SQL injection vulnerabilities. They heavily targeted educational institutions in India (e.g., Nowgong Girls College, Avantika University) and various organizations in Israel.
X Forum Bot: Flooded underground forums with automated posts advertising Initial Access, specifically the sale of SMTP shell access and cPanel compromises across various global targets.

3. Significant Incidents & High-Value Targets

While many incidents were opportunistic, several high-impact breaches occurred:

European Commission: Suffered a data breach following the compromise of their Amazon Web Services (AWS) environment. Attackers stole over 350 GB of data, including internal employee information, and threatened to leak it publicly.
Dutch National Police: Confirmed a security breach resulting from a successful phishing attack that compromised internal systems. While citizen data was reportedly unaffected, internal police information was impacted.
BreachForums Compromise: Threat actor “ShinyHunters” claimed to have breached the cybercriminal forum itself, offering full backups, source code, and data on 346,014 members for sale.
French Government (RESANA): Threat actors (resana1 / Resana) claimed to be selling a scraped database containing 1 million records of French government employees, including names, emails, and organizational data.
BMW Group & Automotive Sector: Threat actor “xpl0itrs” claimed to sell BMW Group data (dealership docs, PII, certificates) alongside data allegedly from Mercedes-Benz, Toyota, Ford, and Tesla.
Omax Autos Limited: Confirmed a ransomware attack on their IT infrastructure. The attack was attributed to Lockbit5.
FBI Director Target: The pro-Iranian group “Handala” (or “Handala Hack”) claimed to have compromised the personal account of FBI Director Kash Patel, leaking emails, photographs, and personal documents.

4. Geographical and Sector Impact Analysis

The dataset reveals a broad geographical spread, though certain regions and industries were heavily targeted.

Geographic Hotspots

India: Experienced a massive wave of website defacements (largely driven by systemdarkdenied and CYKOMNEPAL) and SQL injection leaks (by Z-Root). Targets included numerous schools, colleges, and local businesses.
Europe (France, Germany, Netherlands): Faced significant high-level data breaches, including the French Police, the French Government (RESANA), the Dutch National Police, and the German political party Die Linke (attacked by Qilin ransomware).
Israel: Faced targeted activity including Initial Access sales to industrial systems and SQL injection leaks by groups like Z-Root and Z-PENTEST ALLIANCE.
Nepal & Bangladesh: Primarily targeted by CYKOMNEPAL and DimasHxR for website defacements.

Targeted Industries

Education: Schools and universities were prime targets for defacements and vulnerability leaks, likely due to historically lower cybersecurity budgets and vast attack surfaces.
Government & Law Enforcement: High-value targets for data theft and hacktivism. Incidents involved the FBI, European Commission, French Police, and Mexican Tax Administration (SAT).
Technology & IT Services: Heavily targeted for Initial Access and database leaks, as compromising these entities often provides supply-chain access to downstream clients.
Healthcare: Medical databases in Colombia (Superintendencia Nacional de Salud) and China were actively brokered, highlighting the continued high black-market value of medical records.

Conclusion & Strategic Assessment

The cybersecurity events logged between March 27-28, 2026, illustrate a highly commoditized and automated cybercrime ecosystem.

1. The Automation of Nuisance Attacks: The sheer volume of mass defacements by actors like systemdarkdenied indicates the use of automated scanning and exploitation tools targeting low-hanging fruit (unpatched CMS platforms, specifically WordPress, and misconfigured Linux servers). While individually low-impact, the aggregate volume creates significant noise for security teams.

2. The Credential Stuffing Economy: The free distribution of hundreds of millions of credentials (combo lists) via Telegram by actors like CODER serves as the top of the funnel for the cybercrime economy. These lists enable automated credential stuffing attacks, which eventually lead to the Initial Access sales seen elsewhere in the data.

3. Initial Access as a Service: The proliferation of bots (like X Forum Bot) selling SMTP shell access and cPanel credentials demonstrates a thriving middle-market. Threat actors are specializing in gaining access and selling it to more sophisticated actors for deployment of ransomware or data exfiltration.

4. Cloud and Supply Chain Vulnerabilities: The breach of the European Commission via their AWS environment underscores the critical risk associated with cloud misconfigurations and third-party infrastructure.

Recommendations:

Organizations must prioritize fundamental security hygiene—specifically multi-factor authentication (MFA) to combat the massive influx of leaked combo lists. Furthermore, the volume of SQL injections and defacements targeting web infrastructure necessitates stricter patch management, particularly for open-source CMS platforms like WordPress, and the deployment of robust Web Application Firewalls (WAFs).

Detected Incidents Draft Data

BABAYO EROR SYSTEM targets the website of digital.techguru.ai.in
Category: Defacement
Content: The group claims to have defaced the website of digital.techguru.ai.in
Date: 2026-03-27T23:53:46Z
Network: telegram
Published URL: https://t.me/BabayoErorSyteam/404
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: India
Victim Industry: Information Technology (IT) Services
Victim Organization: digital.techguru.ai.in
Victim Site: digital.techguru.ai.in
Alleged unauthorized access to Kolosok International Natural Science Game
Category: Initial Access
Content: The group claims to have gained unauthorized access to Kolosok International Natural Science Game, from which they allegedly exfiltrated databases, obtained corporate email credentials, and accessed telephony systems.
Date: 2026-03-27T23:53:32Z
Network: telegram
Published URL: https://t.me/musicarusaesp/11425
Screenshots:
None
Threat Actors: Desinformador ruso
Victim Country: Ukraine
Victim Industry: Education
Victim Organization: kolosok international natural science game
Victim Site: kolosok.info
Alleged unauthorized access to Zerno
Category: Initial Access
Content: The group claims to have gained unauthorized access to Zerno, from which they allegedly exfiltrated databases, obtained corporate email credentials, and accessed telephony systems.
Date: 2026-03-27T23:50:33Z
Network: telegram
Published URL: https://t.me/musicarusaesp/11425
Screenshots:
None
Threat Actors: Desinformador ruso
Victim Country: Ukraine
Victim Industry: Fashion & Apparel
Victim Organization: zerno
Victim Site: zerno.kiev.ua
Website defacement of Fintech Alliance by tirz4sec/jatengblekhet team
Category: Defacement
Content: The attacker tirz4sec from the jatengblekhet team defaced the Fintech Alliance website on March 28, 2026. This appears to be a targeted single-site defacement against a financial technology organization.
Date: 2026-03-27T23:49:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820917
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: Unknown
Victim Industry: Financial Technology
Victim Organization: Fintech Alliance
Victim Site: fintech-alliance.eu
Alleged unauthorized access to Agrodoska
Category: Initial Access
Content: The group claims to have gained unauthorized access to Agrodoska, from which they allegedly exfiltrated databases, obtained corporate email credentials, and accessed telephony systems.
Date: 2026-03-27T23:46:49Z
Network: telegram
Published URL: https://t.me/musicarusaesp/11425
Screenshots:
None
Threat Actors: Desinformador ruso
Victim Country: Ukraine
Victim Industry: Agriculture & Farming
Victim Organization: agrodoska
Victim Site: agrodoska.net
Alleged Data breach of Briley Wealth
Category: Data Breach
Content: The group claims to have leaked data from Briley Wealth.
Date: 2026-03-27T23:43:40Z
Network: telegram
Published URL: https://t.me/c/3360072458/253
Screenshots:
None
Threat Actors: Solonik
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: briley wealth
Victim Site: brileywealth.com
Website defacement of Probio Technologies by tirz4sec (jatengblekhet team)
Category: Defacement
Content: The attacker tirz4sec, associated with the jatengblekhet team, successfully defaced the Probio Technologies website on March 28, 2026. The defacement targeted a specific file (tes.txt) on the Russian technology companys domain.
Date: 2026-03-27T23:43:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820916
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: Russia
Victim Industry: Technology
Victim Organization: Probio Technologies
Victim Site: probiotechnologies.ru
BABAYO EROR SYSTEM targets the website of domain1.webagency.my.id
Category: Defacement
Content: The group claims to have defaced the website of domain1.webagency.my.id
Date: 2026-03-27T23:39:24Z
Network: telegram
Published URL: https://t.me/BabayoErorSyteam/404
Screenshots:
None
Threat Actors: BABAYO EROR SYSTEM
Victim Country: Indonesia
Victim Industry: Information Technology (IT) Services
Victim Organization: domain1.webagency.my.id
Victim Site: domain1.webagency.my.id
Alleged unauthorized access to an unidentified industrial control system in Ukraine
Category: Initial Access
Content: The group claims to have gained unauthorized access to industrial control systems associated with an industrial facility in Ukraine. The group alleges manipulation of control parameters for Cooling systems, Heating stations, ventilation systems, Stationary methane analyzers, Gas stations.
Date: 2026-03-27T23:33:44Z
Network: telegram
Published URL: https://t.me/itarmyofrussianews/353
Screenshots:
None
Threat Actors: IT ARMY OF RUSSIA
Victim Country: Ukraine
Victim Industry: Industrial Automation
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized Access to OXXO Systems
Category: Initial Access
Content: A threat actor claims to be selling unauthorized access to the Peru branch of OXXO. The Exposed data reportedly includes administrative documents and human resources files.
Date: 2026-03-27T23:24:18Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-OXXO-PERU-ACCESS
Screenshots:
None
Threat Actors: zsnark
Victim Country: Peru
Victim Industry: Retail Industry
Victim Organization: oxxo
Victim Site: oxxo.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a credential list containing 6,031 Hotmail account credentials through a file sharing platform. The data appears to be distributed for free rather than sold.
Date: 2026-03-27T23:18:30Z
Network: openweb
Published URL: https://crackingx.com/threads/70114/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Gmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 772,921 Gmail email and password combinations, claiming the credentials are from fresh leaks and specifically targeting Gmail users.
Date: 2026-03-27T23:18:13Z
Network: openweb
Published URL: https://crackingx.com/threads/70115/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com
Alleged unauthorized Access to Abir Sport Ltd.
Category: Initial Access
Content: The group claims to have gained unauthorized access to Abir Sport Ltd. in Israel. The access includes 7 TB of data and Importing and marketing company for sports equipment, such as gym equipment information.
Date: 2026-03-27T23:16:11Z
Network: telegram
Published URL: https://t.me/Anon_Israel35/60
Screenshots:
None
Threat Actors: Anonymous, For Justice
Victim Country: Israel
Victim Industry: Sports
Victim Organization: abir sport ltd.
Victim Site: abirsport.co.il
Alleged data breach of APOIA.se
Category: Data Breach
Content: A threat actor claims to have leaked a database belonging to the Brazilian platform APOIA.se. The exposed data reportedly includes approximately 451,000 unique user records, consisting of sensitive personal information. which includes Email addresses,Full names,Physical/home addresses.
Date: 2026-03-27T23:07:48Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-APOIA-se-Database-Leaked-Download
Screenshots:
None
Threat Actors: Ash
Victim Country: Brazil
Victim Industry: Financial Services
Victim Organization: apoia.se
Victim Site: apoia.se
Alleged leak of Hotmail and Outlook credentials
Category: Combo List
Content: Threat actor shared a combolist containing 2,480 email and password combinations for Hotmail and Outlook accounts as a free download on a cybercrime forum.
Date: 2026-03-27T22:59:51Z
Network: openweb
Published URL: https://crackingx.com/threads/70112/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged distribution of mixed email and password credentials combolist
Category: Combo List
Content: A threat actor named steeve75 distributed a combolist containing 110,000 email and password combinations described as fresh high quality credentials through a free download link on CrackingX forum.
Date: 2026-03-27T22:29:41Z
Network: openweb
Published URL: https://crackingx.com/threads/70110/
Screenshots:
None
Threat Actors: steeve75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged forum post with unclear content
Category: Data Breach
Content: A forum post containing only repeated w characters with no clear threat information or data breach details provided.
Date: 2026-03-27T22:28:52Z
Network: openweb
Published URL: https://breachforums.sb/Thread-DATABASE-www
Screenshots:
None
Threat Actors: goxoj70632
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a file containing alleged Hotmail email credentials through a MediaFire download link. The post appears to be offering free access to a combolist targeting Hotmail accounts.
Date: 2026-03-27T22:19:40Z
Network: openweb
Published URL: https://crackingx.com/threads/70106/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Polish and mixed email credentials
Category: Combo List
Content: Threat actor Cl0ud0wner shared a combolist containing Polish and mixed email credentials via MediaFire download link on CrackingX forum.
Date: 2026-03-27T22:19:20Z
Network: openweb
Published URL: https://crackingx.com/threads/70107/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Poland
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email credentials
Category: Combo List
Content: A threat actor shared a file containing mixed email access credentials via a file sharing platform. The post provides a direct download link to the credential list without any payment requirement.
Date: 2026-03-27T22:19:01Z
Network: openweb
Published URL: https://crackingx.com/threads/70109/
Screenshots:
None
Threat Actors: Cl0ud0wner
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of FBI Director Kash Patel by pro-Iranian group Handala
Category: Data Breach
Content: Pro-Iranian hacking group Handala claims to have compromised FBI Director Kash Patels personal account and leaked emails, photographs, resume, and other personal documents. The leaked materials include years-old photographs and documents, with some records appearing to be more than a decade old.
Date: 2026-03-27T22:17:51Z
Network: openweb
Published URL: https://breachforums.sb/Thread-Hacked-Kash-Patel-Emails-Handala
Screenshots:
None
Threat Actors: cementine
Victim Country: United States
Victim Industry: Government
Victim Organization: FBI
Victim Site: Unknown
Alleged Sale of Unauthorized Access to Unidentified WordPress Shop in Israel
Category: Initial Access
Content: The threat actor claims to be selling unauthorized admin access to an unidentified WordPress-based shop in Israel.
Date: 2026-03-27T22:04:40Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279339/
Screenshots:
None
Threat Actors: cosmodrome
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of email credentials and account access for multiple platforms
Category: Initial Access
Content: Threat actor is selling email account access including credentials and cookies for multiple platforms including Hotmail, Yahoo, Amazon, Facebook, eBay, and PayPal across various geographic regions.
Date: 2026-03-27T21:56:52Z
Network: openweb
Published URL: https://crackingx.com/threads/70105/
Screenshots:
None
Threat Actors: Xviixi
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Multiple
Victim Site: hotmail.com
.regnum claims to target Lithuania. Latvia and Estonia
Category: Alert
Content: A recent post by the group indicates that they are targeting Lithuania. Latvia and Estonia.
Date: 2026-03-27T21:55:38Z
Network: telegram
Published URL: https://t.me/c/2869875394/417
Screenshots:
None
Threat Actors: .regnum
Victim Country: Lithuania
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized Access to Unidentified Logistics Company in Argentina
Category: Initial Access
Content: The threat actor claims to be selling unauthorized access to an unidentified Logistics Company in Argentina
Date: 2026-03-27T21:49:48Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279340/
Screenshots:
None
Threat Actors: 1001010
Victim Country: Argentina
Victim Industry: Transportation & Logistics
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of AWS credential combolists
Category: Combo List
Content: Threat actor CODER is distributing AWS credential combolists through Telegram channels, offering free access to compromised credentials and related programs for credential stuffing attacks.
Date: 2026-03-27T21:47:29Z
Network: openweb
Published URL: https://crackingx.com/threads/70104/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Cloud Computing
Victim Organization: Amazon Web Services
Victim Site: aws.amazon.com
Alleged contact information sharing on cybercrime forum
Category: Data Leak
Content: A forum post shares various contact details including Telegram handle, Discord username, Gmail address, and WhatsApp phone number, potentially for illicit communications or services.
Date: 2026-03-27T21:41:00Z
Network: openweb
Published URL: https://xforums.st/threads/tele-terrellwhitte-discord-active24hrs-gmail-sosaboy959-gmail-com-whatsapp-1-425-531-1773.600299/
Screenshots:
None
Threat Actors: steuerwiesel
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed credential combolist from forums
Category: Combo List
Content: A threat actor is distributing a mixed credential combolist containing 81,000 valid entries allegedly sourced from various forums. The post appears to offer this data for free to registered forum members.
Date: 2026-03-27T21:36:44Z
Network: openweb
Published URL: https://crackingx.com/threads/70102/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
r0ckin targets the website of Federal Bureau of Investigation (FBI)
Category: Defacement
Content: The group claims to have defaced the website of Federal Bureau of Investigation (FBI).
Date: 2026-03-27T21:33:05Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41650059
Screenshots:
None
Threat Actors: r0ckin
Victim Country: USA
Victim Industry: Law Enforcement
Victim Organization: federal bureau of investigation (fbi)
Victim Site: fbi.gov
Alleged data breach of Departmental Fire and Rescue Service of Héraul
Category: Data Breach
Content: The threat actor claims to have breached data of Departmental Fire and Rescue Service of Héraul.
Date: 2026-03-27T21:12:19Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-sdis34-fr
Screenshots:
None
Threat Actors: cockbin
Victim Country: France
Victim Industry: Government Administration
Victim Organization: departmental fire and rescue service of héraul
Victim Site: sdis34.fr
Alleged sale of SilverBullet credential testing tool and configuration
Category: Initial Access
Content: Threat actor is selling SilverBullet 1.1.4 credential testing tool for 5€ in cryptocurrency, along with Microsoft configuration files for an additional 5€.
Date: 2026-03-27T21:10:25Z
Network: openweb
Published URL: https://crackingx.com/threads/70098/
Screenshots:
None
Threat Actors: bsanana4
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of educational institution credentials
Category: Combo List
Content: A threat actor shared a combolist containing 117,053 credential pairs allegedly targeting educational domains. The data is being distributed for free via a file sharing service.
Date: 2026-03-27T21:10:11Z
Network: openweb
Published URL: https://crackingx.com/threads/70099/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of cryptocurrency drainer malware-as-a-service
Category: Initial Access
Content: Threat actor multichainsdk is selling a cryptocurrency drainer-as-a-service tool with source code for multiple blockchain networks including Ethereum, Solana, TON, TRON, XRP, and others. The malware package includes complete source code, smart contracts, admin dashboard, and Telegram bot configuration with pricing ranging from $1,500 to $15,000.
Date: 2026-03-27T21:09:56Z
Network: openweb
Published URL: https://crackingx.com/threads/70100/
Screenshots:
None
Threat Actors: multichainsdk
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential logs via DAISY CLOUD service
Category: Combo List
Content: Threat actor NEW_DAISYCLOUD shared 5,167 fresh credential logs dated March 27 via cloud storage platform, distributed through underground forum for free download.
Date: 2026-03-27T21:00:31Z
Network: openweb
Published URL: https://crackingx.com/threads/70095/
Screenshots:
None
Threat Actors: NEW_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of gaming and adult site credential lists
Category: Combo List
Content: Threat actor distributing credential lists containing 7.1 million records allegedly from gaming and adult entertainment platforms through Telegram channels. The actor is offering free combolists and cracking tools to users who join their Telegram groups.
Date: 2026-03-27T21:00:05Z
Network: openweb
Published URL: https://crackingx.com/threads/70096/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Gaming and Adult Entertainment
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of crypto-banking credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing approximately 1.5 million credentials targeting crypto-banking platforms via a file sharing service. The credentials appear to be formatted as email:password combinations for potential credential stuffing attacks against cryptocurrency and banking services.
Date: 2026-03-27T20:59:41Z
Network: openweb
Published URL: https://crackingx.com/threads/70097/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Imdaad Group
Category: Data Leak
Content: The threat actor claims to have leaked 16.6 GB of data from the Imdaad Group.
Date: 2026-03-27T20:55:49Z
Network: openweb
Published URL: https://darkforums.su/Thread-16GB-IFS-IMDAAD-AE-DATABASE
Screenshots:
None
Threat Actors: coderx
Victim Country: UAE
Victim Industry: Facilities Services
Victim Organization: imdaad group
Victim Site: ifs.imdaad.ae
Alleged access to Agrodoska
Category: Initial Access
Content: The group claims to have gained access to Agrodoska.
Date: 2026-03-27T20:42:34Z
Network: telegram
Published URL: https://t.me/QuietSecurity/18
Screenshots:
None
Threat Actors: QuietSec
Victim Country: Ukraine
Victim Industry: Information Services
Victim Organization: agrodoska
Victim Site: agrodoska.net
Website defacement of makemyestore.in by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL compromised and defaced the makemyestore.in e-commerce platform website on March 28, 2026. The attack targeted a specific blog page related to highways content on the Indian e-commerce service providers domain.
Date: 2026-03-27T20:40:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820911
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: India
Victim Industry: E-commerce
Victim Organization: MakeMyEstore
Victim Site: makemyestore.in
Alleged data breach of Police Nationale
Category: Data Breach
Content: The threat actor claims to have breached the internal data of Police Nationale. The compromised data reportedly contains a full GraphQL introspection schema, including API query and mutation types, access levels, user roles, deploy keys, and infrastructure-related metadata such as projects, vulnerabilities, and internal documentation.
Date: 2026-03-27T20:35:51Z
Network: openweb
Published URL: https://darkforums.su/Thread-Source-Code-FR-Police-Nationale-GitLab
Screenshots:
None
Threat Actors: breach3d
Victim Country: France
Victim Industry: Government Administration
Victim Organization: police nationale
Victim Site: police-nationale.interieur.gouv.fr
Alleged Sale of Monero (XMR) Seed Checker Tool with Auto-Withdraw Feature
Category: Malware
Content: The threat actor claims to be offering a Monero (XMR) seed checker tool capable of validating seed phrases, parsing wallet data, and enabling automatic withdrawal of funds, with support for multiple wallet types and GPU-based processing.
Date: 2026-03-27T20:26:02Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279331/
Screenshots:
None
Threat Actors: Darkeen
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Disdukcapil Kabupaten Musibanyuasin
Category: Data Breach
Content: The threat actor claims to have breached the Disdukcapil Kabupaten Musibanyuasin, Musi Banyuasin database. The compromised data reportedly contains sensitive personal information, including NIK, family card numbers (KK), names, dates of birth, gender, and other civil registry data.
Date: 2026-03-27T20:17:56Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-LEAK-DUKCAPIL-DATABASE-DPT-KECAMATAN-BABAT-TOMAN
Screenshots:
None
Threat Actors: ANONB2H
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: disdukcapil kabupaten musibanyuasin
Victim Site: disdukcapil.mubakab.go.id
Alleged distribution of SMTP credential combolists from multiple countries
Category: Combo List
Content: Threat actor CODER is distributing SMTP credential combolists containing 13 million records from multiple countries including France, Germany, Italy, India, Colombia, and Japan through Telegram channels.
Date: 2026-03-27T19:56:54Z
Network: openweb
Published URL: https://crackingx.com/threads/70094/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of TPKHP by NUCLIER-Y-C-C-M
Category: Defacement
Content: NUCLIER-Y-C-C-M defaced the TPKHP website on March 28, 2026, targeting a specific upload directory on the Nepalese domain.
Date: 2026-03-27T19:49:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820910
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Nepal
Victim Industry: Unknown
Victim Organization: TPKHP
Victim Site: tpkhp.com.np
Alleged Sale of Unauthorized Access to TITUS Network
Category: Initial Access
Content: The threat actor claims to be selling unauthorized access to the Titus.de network, including back-office systems and email accounts..
Date: 2026-03-27T19:34:24Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279333/
Screenshots:
None
Threat Actors: privisnanet
Victim Country: Germany
Victim Industry: Retail Industry
Victim Organization: titus
Victim Site: titus.de
Alleged data breach of John Hay Management Corporation
Category: Data Breach
Content: The threat actor claims to have breached working database of John Hay Management Corporation. The compromised data reportedly contains 21.9GB of data, including 22,667 files, 10 databases, government IDs, passwords, and other confidential documents.
Date: 2026-03-27T19:29:53Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-PHILIPPINES-John-Hay-Management-Corporation
Screenshots:
None
Threat Actors: F37A
Victim Country: Philippines
Victim Industry: Government Administration
Victim Organization: john hay management corporation
Victim Site: jhmcorp.ph
Alleged sale of an Android Remote Administration Tool
Category: Malware
Content: The threat actor claims to be selling an Android Remote Administration Tool (RAT) allegedly capable of full device compromise, including real-time screen control, keylogging via accessibility services, credential harvesting from banking and crypto apps, and deployment through obfuscated APK droppers.
Date: 2026-03-27T19:27:34Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-RELEASE-Darkweb-The-Most-Powerful-Android-Remote-Administration-Tool
Screenshots:
None
Threat Actors: PexRat
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of UK Software Leads Database
Category: Data Leak
Content: The threat actor claims to be selling a UK-based software leads database containing over 646,000 records, including names, emails, phone numbers, and mailing addresses, allegedly sourced from reseller marketing campaigns.
Date: 2026-03-27T19:26:34Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279332/
Screenshots:
None
Threat Actors: betway
Victim Country: UK
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of HBX Group (Hotelbeds)
Category: Data Breach
Content: The threat actor claims to have leaked internal data from HBX Group, part of Hotelbeds, including booking records, payment card data, client profiles, and user credentials, allegedly impacting millions of records across multiple countries.
Date: 2026-03-27T19:19:36Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279328/
Screenshots:
None
Threat Actors: nikifffi
Victim Country: Spain
Victim Industry: Information Technology (IT) Services
Victim Organization: hbx group
Victim Site: hbxgroup.com
Alleged data incident involving Xcaret
Category: Data Breach
Content: A forum post titled XCARET DATA suggests potential involvement of data related to Xcaret organization, though no specific details are available in the post content.
Date: 2026-03-27T19:17:58Z
Network: openweb
Published URL: https://xforums.st/threads/xcaret-data.600282/
Screenshots:
None
Threat Actors: foximiyos
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Xcaret
Victim Site: Unknown
Alleged leak of German mixed domain credentials
Category: Combo List
Content: A threat actor shared a free download link to a combolist containing 242,905 credential pairs allegedly from various German domains.
Date: 2026-03-27T19:04:48Z
Network: openweb
Published URL: https://crackingx.com/threads/70092/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of corporate credential combolist
Category: Combo List
Content: Threat actor CODER is distributing an 11 million record corporate business credential combolist through Telegram channels. The actor operates multiple Telegram groups offering free credential lists and programs.
Date: 2026-03-27T19:04:04Z
Network: openweb
Published URL: https://crackingx.com/threads/70093/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of DOr
Category: Data Leak
Content: The threat actor claims to be selling data from DOr. The compromised data reportedly contains 123,000 records, including names, email addresses, phone numbers, addresses, and transaction details.
Date: 2026-03-27T19:03:17Z
Network: openweb
Published URL: https://breachforums.sb/Thread-SELLING-FR-Database-OR
Screenshots:
None
Threat Actors: rdm
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of French identity card generator tool
Category: Data Leak
Content: A threat actor shared a French identity card generator tool as an executable file, advising users to run it only on virtual machines or remote desktop connections for security purposes.
Date: 2026-03-27T19:01:34Z
Network: openweb
Published URL: https://breachforums.sb/Thread-LEAK-French-identity-card-generator
Screenshots:
None
Threat Actors: csgqegge
Victim Country: France
Victim Industry: Government
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to Claro Colombia
Category: Initial Access
Content: The threat actor claims to have gained unauthorized access to Claro Cloud’s website management system, allegedly compromising more than 30 user sites.
Date: 2026-03-27T18:58:26Z
Network: openweb
Published URL: https://breachforums.sb/Thread-Access-to-Claro-Cloud-user-sites-more-than-30-sites
Screenshots:
None
Threat Actors: Worrysec
Victim Country: Mexico
Victim Industry: Information Technology (IT) Services
Victim Organization: claro colombia
Victim Site: claro.com
Alleged sale of an unidentified Serbian hotel database
Category: Data Leak
Content: The threat actor claims to be selling an unidentified Serbian hotel database containing over 23,000 users, allegedly including personal details such as names, dates of birth, addresses, identification numbers, and hotel check-in and check-out records.
Date: 2026-03-27T18:56:32Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-RS-Selling-Serbia-Hotel-Database
Screenshots:
None
Threat Actors: RatkoMladic
Victim Country: Serbia
Victim Industry: Leisure & Travel
Victim Organization: Unknown
Victim Site: Unknown
Alleged data sale of GNP National Project Group
Category: Data Breach
Content: The threat actor claims to be selling 1 GB of data from the GNP National Project Group, allegedly containing customer records with personal details such as names, surnames, ID numbers, cities, email addresses, phone numbers, and more.
Date: 2026-03-27T18:53:56Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-GNP-BPO-Call-Center-Claro-Colombia
Screenshots:
None
Threat Actors: Petro_Escobar
Victim Country: Colombia
Victim Industry: Network & Telecommunications
Victim Organization: gnp national project group
Victim Site: gnpsa.com
Alleged leak of T-Online credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 25,664 credential pairs targeting T-Online email service users. The data was shared for free download via a file hosting service.
Date: 2026-03-27T18:51:08Z
Network: openweb
Published URL: https://crackingx.com/threads/70091/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Germany
Victim Industry: Telecommunications
Victim Organization: T-Online
Victim Site: t-online.de
Alleged leak of USA credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 36,000 credentials allegedly from USA-based users on a cybercrime forum.
Date: 2026-03-27T18:38:59Z
Network: openweb
Published URL: https://crackingx.com/threads/70090/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of CIM GmbH
Category: Data Breach
Content: The threat actor claims to have breached data from CIM GmbH and intends to publish it within 1-2 days.
Date: 2026-03-27T18:36:08Z
Network: tor
Published URL: https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/5682629549/overview
Screenshots:
None
Threat Actors: Worldleaks
Victim Country: Germany
Victim Industry: Software Development
Victim Organization: cim gmbh
Victim Site: cim-logistics.com
Alleged data sale of Confluence Group Insurance brokers
Category: Data Breach
Content: The threat actor claims to be selling over 300,000 policy records from Confluence Group Insurance Brokers, allegedly containing client ID, full name, date of birth, age, gender, postal code, address and more.
Date: 2026-03-27T18:35:57Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-SPAIN-Confluencegroup-es-INSURANCE-300K
Screenshots:
None
Threat Actors: Jenk
Victim Country: Spain
Victim Industry: Insurance
Victim Organization: confluence group insurance brokers
Victim Site: confluencegroup.es
Alleged leak of 33,000 credential combinations
Category: Combo List
Content: A threat actor shared a combolist containing 33,000 high-quality credential combinations on a cybercriminal forum. The credentials appear to be made available for free download to registered forum users.
Date: 2026-03-27T18:27:08Z
Network: openweb
Published URL: https://crackingx.com/threads/70088/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed international credential data
Category: Combo List
Content: A threat actor shared a combolist containing 31,000 credentials allegedly from users across USA, EU, Asia, and Russia. The data is described as valid and fresh, dated March 27th, and is being distributed via a file sharing service.
Date: 2026-03-27T18:26:25Z
Network: openweb
Published URL: https://crackingx.com/threads/70089/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data sale of Mutuacat
Category: Data Breach
Content: The threat actor claims to be selling 6,000 records from Mutuacat, allegedly containing IDs, names, phone numbers, email addresses, and more.
Date: 2026-03-27T18:22:03Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-SPAIN-Mutuacat-cat-INSURANCE-FULL-DB
Screenshots:
None
Threat Actors: Jenk
Victim Country: Spain
Victim Industry: Hospital & Health Care
Victim Organization: mutuacat
Victim Site: mutuacat.cat
Alleged distribution of credential combolist containing 836,000 records
Category: Combo List
Content: Threat actor CODER advertises a private combolist containing 836,000 credential records, offering free access through Telegram channels along with related cracking tools and programs.
Date: 2026-03-27T18:04:16Z
Network: openweb
Published URL: https://crackingx.com/threads/70087/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
European Commission Suffers Data Breach After Amazon Cloud Account Hack
Category: Data Breach
Content: The European Commission’s Amazon Web Services (AWS) environment and stolen over 350 GB of data, including multiple databases and internal employee information. The attacker allegedly gained access to email systems and internal data and stated they plan to leak the data publicly at a later date, while the European Commission is currently investigating the security incident.
Date: 2026-03-27T18:00:11Z
Network: openweb
Published URL: https://www.bleepingcomputer.com/news/security/european-commission-investigating-breach-after-amazon-cloud-account-hack/
Screenshots:
None
Threat Actors:
Victim Country: Unknown
Victim Industry: Government Administration
Victim Organization: european commission
Victim Site: ec.europa.eu
Website defacement of Akarat Masr by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL conducted a website defacement attack against akarat-masr.com on March 28, 2026. The incident targeted a specific page rather than the main site and was documented with a mirror archived on zone-xsec.com.
Date: 2026-03-27T17:56:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820903
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Egypt
Victim Industry: Unknown
Victim Organization: Akarat Masr
Victim Site: akarat-masr.com
Website defacement of jdihkuburaya.web.id by Yanagami_X12/Clan_X12
Category: Defacement
Content: Clan_X12 member Yanagami_X12 successfully defaced the JDIH Kubu Raya government website on March 28, 2026. This was a targeted home page defacement of an Indonesian local government legal information system.
Date: 2026-03-27T17:56:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820904
Screenshots:
None
Threat Actors: Yanagami_X12, Clan_X12
Victim Country: Indonesia
Victim Industry: Government
Victim Organization: JDIH Kubu Raya
Victim Site: jdihkuburaya.web.id
Alleged Sale of BreachForums Database
Category: Data Breach
Content: The group claims to be selling a full backup of BreachForums which include backend systems, source code, DDoS-Guard-related components, and a dataset allegedly containing information on 346,014 members.
Date: 2026-03-27T17:50:15Z
Network: telegram
Published URL: https://t.me/c/3737716184/457
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Other Industry
Victim Organization: breachforums
Victim Site: breachforums.sb
Alleged leak of email credential combolist via PandaCloud
Category: Combo List
Content: A threat actor shared a free download link to a credential combolist containing 36,000 email addresses and passwords, marketed as fresh and valid data from various email providers.
Date: 2026-03-27T17:50:13Z
Network: openweb
Published URL: https://crackingx.com/threads/70084/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Sheraton Hotels and Resorts
Category: Data Breach
Content: The threat actor claims to have breached data from Sheraton Hotels and Resorts.
Date: 2026-03-27T17:43:11Z
Network: tor
Published URL: https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/0433968074/overview
Screenshots:
None
Threat Actors: Worldleaks
Victim Country: USA
Victim Industry: Hospitality & Tourism
Victim Organization: sheraton hotels and resorts
Victim Site: sheraton.marriott.com
Website defacement of PS College by overthrash1337 (Team Hazardous Pakistan)
Category: Defacement
Content: Team Hazardous Pakistan member overthrash1337 defaced the uploads directory of PS Colleges website on March 28, 2026. The attack targeted an Indian educational institutions web infrastructure.
Date: 2026-03-27T17:38:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820901
Screenshots:
None
Threat Actors: overthrash1337, Team Hazardous Pakistan
Victim Country: India
Victim Industry: Education
Victim Organization: PS College
Victim Site: www.pscollege.co.in
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 5,200 mixed email credentials via a MediaFire download link on a cybercriminal forum.
Date: 2026-03-27T17:34:51Z
Network: openweb
Published URL: https://crackingx.com/threads/70081/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email provider credentials
Category: Combo List
Content: Threat actor alphaxdd distributed a combolist containing 3,622 mixed email credentials including Hotmail accounts via free download on cybercriminal forum.
Date: 2026-03-27T17:34:03Z
Network: openweb
Published URL: https://crackingx.com/threads/70082/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of Miaoda data
Category: Data Breach
Content: The threat actor claims to be selling the data belonging to Miaoda.
Date: 2026-03-27T17:18:48Z
Network: telegram
Published URL: https://t.me/darkromancepub/11
Screenshots:
None
Threat Actors: Dark Romance
Victim Country: China
Victim Industry: Software Development
Victim Organization: miaoda
Victim Site: miaoda.cn
Alleged sale of French database containing 123,000 records
Category: Data Breach
Content: Threat actor rdm is allegedly selling a French database containing 123,000 records for $10,000 on BreachForums. The actor provided proof screenshots and Session contact information for potential buyers.
Date: 2026-03-27T17:18:14Z
Network: openweb
Published URL: https://breachforums.sb/Thread-SELLING-FR-Database-OR
Screenshots:
None
Threat Actors: rdm
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Autopolis car rental service by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL defaced a car rental website belonging to Autopolis in Slovakia on March 28, 2026. The attack targeted a specific page within the autopozicovna (car rental) section of the site.
Date: 2026-03-27T17:10:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820897
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Slovakia
Victim Industry: Transportation/Automotive
Victim Organization: Autopolis
Victim Site: autopolis.sk
Unlimited2 targets the website of Sightline Design Boutique Studio
Category: Defacement
Content: The group claims to have defaced the website of Sightline Design Boutique Studio.
Date: 2026-03-27T17:08:14Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41650009
Screenshots:
None
Threat Actors: Unlimited2
Victim Country: UAE
Victim Industry: Marketing, Advertising & Sales
Victim Organization: sightline design boutique studio
Victim Site: sightline.ae
Nullsec Philippines claims to target Bahrain
Category: Alert
Content: A recent post by the group claims that they are targeting Bahrain.
Date: 2026-03-27T16:52:34Z
Network: telegram
Published URL: https://t.me/nullsechackers/874
Screenshots:
None
Threat Actors: Nullsec Philippines
Victim Country: Bahrain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Yahoo credential combolist targeting crypto users
Category: Combo List
Content: A threat actor shared a combolist containing 1.56 million Yahoo email and password combinations specifically targeting cryptocurrency users. The credential list was made available for free download via a file sharing service.
Date: 2026-03-27T16:40:01Z
Network: openweb
Published URL: https://crackingx.com/threads/70079/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com
Alleged unauthorized access to Claro Cloud hosting platform
Category: Initial Access
Content: Threat actor claims to have gained unauthorized access to Claro Cloud hosting platform, affecting more than 30 client websites. The actor criticizes the platforms security and mentions ability to upload malicious code to hosted sites.
Date: 2026-03-27T16:38:46Z
Network: openweb
Published URL: https://breachforums.sb/Thread-Access-to-Claro-Cloud-user-sites-more-than-30-sites
Screenshots:
None
Threat Actors: Worrysec
Victim Country: Unknown
Victim Industry: Web Hosting
Victim Organization: Claro Cloud
Victim Site: Unknown
Alleged data leak of Ledger Global e-payment CRM
Category: Data Leak
Content: Forum post claims to have leaked CRM data from Ledger Global, an e-payment service provider, though no specific details about the data or breach are provided in the available content.
Date: 2026-03-27T16:32:53Z
Network: openweb
Published URL: https://xforums.st/threads/ledger-global-e-payment-crm-leaks.600272/
Screenshots:
None
Threat Actors: timturner
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Ledger Global
Victim Site: Unknown
Alleged sale of email credential checking and data extraction tool
Category: Initial Access
Content: Threat actor CyberPaladin is selling an email checker and mail grabber tool for $25-120 that can validate credential lists, download email attachments, and extract cryptocurrency wallet information from Hotmail and mixed email databases. The tool includes functionality to parse crypto wallets from downloaded attachments and emails.
Date: 2026-03-27T16:27:26Z
Network: openweb
Published URL: https://breachforums.sb/Thread-SELLING-Email-Checker-Mail-Grabber-Attachment-Download-Parser-Crypto-Download-email
Screenshots:
None
Threat Actors: CyberPaladin
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Siineo by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL conducted a website defacement attack against siineo.com.np on March 27, 2026. The attack targeted a specific blog page rather than the main homepage.
Date: 2026-03-27T16:24:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820896
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Nepal
Victim Industry: Unknown
Victim Organization: Siineo
Victim Site: siineo.com.np
Omax Autos Reports Ransomware Attack — IT Systems Under Investigation After Cyber Breach
Category: Cyber Attack
Content: Omax Autos Limited confirmed on March 27, 2026 that it suffered a ransomware attack on its IT infrastructure, following the detection of suspicious anomalies the previous day. While the company reported the incident to the Bombay and Delhi stock exchanges, it specified that its core operations and production chains remain currently intact. Investors reacted with volatility to the news, oscillating between confidence in the security of critical systems and concerns related to a potential leak of sensitive data.
Date: 2026-03-27T16:23:58Z
Network: openweb
Published URL: https://tradebrains.in/omax-autos-reports-ransomware-attack-it-systems-under-investigation-after-cyber-breach/
Screenshots:
None
Threat Actors: Lockbit5
Victim Country: India
Victim Industry: Unknown
Victim Organization: Omax Autos Limited
Victim Site: omaxauto.com
Alleged data breach of Leighton
Category: Data Breach
Content: The threat actor claims to have breached data from Leighton.
Date: 2026-03-27T16:23:25Z
Network: tor
Published URL: https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/1504221778/overview
Screenshots:
None
Threat Actors: Worldleaks
Victim Country: UK
Victim Industry: Information Services
Victim Organization: leighton
Victim Site: leighton.com
Alleged data leak of an Armenian Estate Agency
Category: Data Leak
Content: The threat actor claims to have leaked a database belonging to an Armenian Estate Agency.
Date: 2026-03-27T16:15:23Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Armenian-Estate-Agency-5K
Screenshots:
None
Threat Actors: zsnark
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Brazil contact database
Category: Data Leak
Content: A threat actor named Manha posted on BreachForums claiming to have a full contact database of Brazilian people available. The post directs users to contact via Telegram for ordering and samples.
Date: 2026-03-27T16:14:29Z
Network: openweb
Published URL: https://breachforums.sb/Thread-Brazil-People-full-contact-DB-Available
Screenshots:
None
Threat Actors: Manha
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Handala Hack claims to target Retail Chains in USA
Category: Alert
Content: In a recent post the group claims to target point-of-sale systems across multiple retail chains in the United States
Date: 2026-03-27T16:13:24Z
Network: telegram
Published URL: https://t.me/HANDALA_INTEL/17
Screenshots:
None
Threat Actors: Handala Hack
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Admin Access to unidentified Retail from UAE
Category: Initial Access
Content: Threat actor claims to be selling Admin Access to unidentified Retail from UAE.
Date: 2026-03-27T16:13:17Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279324/
Screenshots:
None
Threat Actors: Big-Bro
Victim Country: UAE
Victim Industry: Retail Industry
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of admin access to JDIH Legal Department of the West Halmahera Regency Government
Category: Initial Access
Content: The threat actor claims to have leaked admin-level access to the JDIH Legal Department of the West Halmahera Regency Government’s administration system.
Date: 2026-03-27T16:09:32Z
Network: telegram
Published URL: https://t.me/silenterrorsystem/226
Screenshots:
None
Threat Actors: SILENT ERROR SYSTEM
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: jdih legal department of the west halmahera regency government
Victim Site: jdih.halbarkab.go.id
Alleged sale of French government database by threat actor resana1
Category: Data Breach
Content: Threat actor resana1 is allegedly selling a French government database containing 1 million records with personal information including emails, names, phone numbers, and organizations for 3,000€. The actor claims the database was valued by the state at 70,000€ and has never been sold before.
Date: 2026-03-27T16:03:05Z
Network: openweb
Published URL: https://breachforums.sb/Thread-RESANA-DATABASE-FR
Screenshots:
None
Threat Actors: resana1
Victim Country: France
Victim Industry: Government
Victim Organization: French Government
Victim Site: gouv.fr
Alleged data leak of Egyptian Shooting Federation
Category: Data Leak
Content: The threat actor claims to have leaked internal files from the Egyptian Shooting Federation.
Date: 2026-03-27T16:02:18Z
Network: openweb
Published URL: https://spear.cx/Thread-Free-Internal-file-of-Egyptian-Shooting-Federation
Screenshots:
None
Threat Actors: zsnark
Victim Country: Egypt
Victim Industry: Government Relations
Victim Organization: egyptian shooting federation
Victim Site: egyptianshooting.org
Alleged data breach of ORIENT PETROLEUM INC.
Category: Data Breach
Content: The threat actor claims to have breached data from ORIENT PETROLEUM INC. and intends to publish it within 1-2 days.
Date: 2026-03-27T16:00:48Z
Network: tor
Published URL: https://worldleaksartrjm3c6vasllvgacbi5u3mgzkluehrzhk2jz4taufuid.onion/companies/8250496889/overview
Screenshots:
None
Threat Actors: Worldleaks
Victim Country: Pakistan
Victim Industry: Oil & Gas
Victim Organization: orient petroleum inc.
Victim Site: orientpetroleum.com
Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 6.3K mixed email credentials via a file sharing platform. The credentials appear to be from various email providers and were distributed for free download.
Date: 2026-03-27T15:53:27Z
Network: openweb
Published URL: https://crackingx.com/threads/70076/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 250GB credential collection
Category: Combo List
Content: A threat actor has made available a 250GB collection of URL-LOG-PASS credentials in text format, described as private and ultra high quality. The data appears to contain login credentials associated with various URLs.
Date: 2026-03-27T15:52:46Z
Network: openweb
Published URL: https://crackingx.com/threads/70077/
Screenshots:
None
Threat Actors: TheBash1996
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor noir allegedly leaked a collection of valid Hotmail credentials described as UHQ Mix containing email and password combinations. The credentials are being distributed through Telegram channel @noiraccess.
Date: 2026-03-27T15:52:24Z
Network: openweb
Published URL: https://crackingx.com/threads/70078/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged source code leak of multiple UAE websites
Category: Data Leak
Content: The threat actor claims to have leaked source code belonging to several UAE-based platforms. The actor lists dozens of PHP-based repositories, covering backend systems, mobile app components, internal management tools, and various client-specific projects.
Date: 2026-03-27T15:51:50Z
Network: openweb
Published URL: https://spear.cx/Thread-Source-Code-Multiple-UAE-Websites-Source-code-leak
Screenshots:
None
Threat Actors: hexvior
Victim Country: UAE
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Chinese-American WhatsApp data
Category: Data Leak
Content: Forum post claims to have WhatsApp data of Chinese people living in the United States. The threat actor provides a Telegram contact for accessing the data sample.
Date: 2026-03-27T15:50:03Z
Network: openweb
Published URL: https://breachforums.sb/Thread-Chinese-people-living-in-the-United-States-WhatsApp-Data
Screenshots:
None
Threat Actors: Razia
Victim Country: United States
Victim Industry: Technology
Victim Organization: WhatsApp
Victim Site: whatsapp.com
Alleged data leak of China loan data
Category: Data Leak
Content: Threat actor Mizan allegedly shared China loan data containing 2 million records through a Telegram channel. The data appears to be financial records related to loan information from China.
Date: 2026-03-27T15:49:59Z
Network: openweb
Published URL: https://breachforums.sb/Thread-In-real-time-China-Loan-Data-2M
Screenshots:
None
Threat Actors: Mizan
Victim Country: China
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of German email credentials
Category: Combo List
Content: A threat actor shared a list of 55,000 German email credentials dated March 27th on a cybercrime forum. The credentials are described as fresh mail access and appear to be freely distributed to registered forum users.
Date: 2026-03-27T15:39:31Z
Network: openweb
Published URL: https://crackingx.com/threads/70074/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged vulnerability leak of Rangamati Government College
Category: Vulnerability
Content: Group claims to have leaked a vulnerability in Rangamati Government College.
Date: 2026-03-27T15:37:32Z
Network: telegram
Published URL: https://t.me/c/3807888281/274
Screenshots:
None
Threat Actors: KONCO ERROR SYSTEM
Victim Country: Bangladesh
Victim Industry: Education
Victim Organization: rangamati government college
Victim Site: rangamaticollege.gov.bd
Alleged vulnerability leak of Berita Surabaya
Category: Vulnerability
Content: Group claims to have leaked a vulnerability in Berita Surabaya.
Date: 2026-03-27T15:37:09Z
Network: telegram
Published URL: https://t.me/c/3807888281/273
Screenshots:
None
Threat Actors: KONCO ERROR SYSTEM
Victim Country: Indonesia
Victim Industry: Newspapers & Journalism
Victim Organization: berita surabaya
Victim Site: beritasurabaya.net/galery_detail2.php
Alleged data breach of kolosok.info
Category: Data Breach
Content: The threat group claims to have breached data from kolosok.info. The compromised data contains logs, name, phone numbers etc.
Date: 2026-03-27T15:30:42Z
Network: telegram
Published URL: https://t.me/QuietSecurity/14
Screenshots:
None
Threat Actors: QuietSec
Victim Country: Ukraine
Victim Industry: Agriculture & Farming
Victim Organization: kolosok.info
Victim Site: kolosok.info
Mass defacement of Border Computers by Alpha wolf team
Category: Defacement
Content: The Alpha wolf team conducted a mass defacement attack targeting Border Computers, an Australian IT services company. The attack occurred on March 27, 2026, and was part of a broader mass defacement campaign rather than a targeted single-site attack.
Date: 2026-03-27T15:28:14Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248155
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Technology/IT Services
Victim Organization: Border Computers
Victim Site: bordercomputers.com.au
Mass defacement campaign by Alpha wolf team member XYZ targeting transport-talk.com
Category: Defacement
Content: The Alpha wolf team, specifically member XYZ, conducted a mass defacement campaign targeting transport-talk.com on March 27, 2026. The attack was part of a broader mass defacement operation rather than targeting this specific site individually.
Date: 2026-03-27T15:28:08Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248154
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Transportation
Victim Organization: Unknown
Victim Site: transport-talk.com
Website defacement of AWPL by Alpha wolf team
Category: Defacement
Content: The Alpha wolf team, attributed to attacker XYZ, successfully defaced the AWPL website on March 27, 2026. This was a targeted home page defacement rather than a mass defacement campaign.
Date: 2026-03-27T15:27:59Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820892
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: AWPL
Victim Site: awpl.org.au
Website defacement of AWPL by Alpha wolf team
Category: Defacement
Content: The Alpha wolf team, attributed to attacker XYZ, successfully defaced the AWPL website on March 27, 2026. The targeted server was running on Linux operating system.
Date: 2026-03-27T15:27:01Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248152
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: AWPL
Victim Site: awpl.org.au
Alleged leak of IPTV streaming credentials
Category: Combo List
Content: Threat actor shared a list of 32 M3U links for IPTV streaming services, making unauthorized access to television content available for free download.
Date: 2026-03-27T15:26:58Z
Network: openweb
Published URL: https://crackingx.com/threads/70072/
Screenshots:
None
Threat Actors: ouaaka_06
Victim Country: Unknown
Victim Industry: Media and Entertainment
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement campaign by Alpha wolf team targeting Australian commercial sites
Category: Defacement
Content: Alpha wolf team conducted a mass defacement campaign targeting multiple websites including tripletwenty.com.au on March 27, 2026. The attack was executed by attacker XYZ against a Linux-based server hosting the Australian commercial website.
Date: 2026-03-27T15:26:40Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248153
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Triple Twenty
Victim Site: tripletwenty.com.au
⚜️ UPGRADES.CX ⚜️ ADOBE ⚡️ YOUTUBE ⚡️ SPOTIFY ⚡️ DISCORD ⚡️ Сanvа [PERSONAL UPGRADES]
Category: Alert
Content: New thread posted by bl4cklak3: ⚜️ UPGRADES.CX ⚜️ ADOBE ⚡️ YOUTUBE ⚡️ SPOTIFY ⚡️ DISCORD ⚡️ Сanvа [PERSONAL UPGRADES]
Date: 2026-03-27T15:26:31Z
Network: openweb
Published URL: https://crackingx.com/threads/70073/
Screenshots:
None
Threat Actors: bl4cklak3
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of zerno.kiev.ua
Category: Data Breach
Content: The threat group claims to have breached data from zerno.kiev.ua. The compromised data contains logs, name, phone numbers etc.
Date: 2026-03-27T15:26:26Z
Network: telegram
Published URL: https://t.me/QuietSecurity/14
Screenshots:
None
Threat Actors: QuietSec
Victim Country: Ukraine
Victim Industry: Agriculture & Farming
Victim Organization: zerno.kiev.ua
Victim Site: zerno.kiev.ua
XYZ defaced transport-talk.com
Category: Defacement
Content: Target: http://transport-talk.com/Attacker: XYZTeam: Alpha wolfDate: 2026-03-27 22:24:19OS: LinuxFlags: Mass Defacement (IP: 103.226.223.2)
Date: 2026-03-27T15:26:22Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248154
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: transport-talk.com
XYZ defaced bordercomputers.com.au
Category: Defacement
Content: Target: http://bordercomputers.com.au/Attacker: XYZTeam: Alpha wolfDate: 2026-03-27 22:24:21OS: LinuxFlags: Mass Defacement (IP: 103.226.223.2)
Date: 2026-03-27T15:26:06Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248155
Screenshots:
None
Threat Actors: XYZ, Alpha wolf
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: bordercomputers.com.au
Alleged distribution of credential combolists via Telegram channels
Category: Combo List
Content: Threat actor CODER is distributing free credential combolists through Telegram channels and offering additional combo access via direct contact. The actor operates multiple Telegram groups providing free credential lists and associated programs.
Date: 2026-03-27T14:54:07Z
Network: openweb
Published URL: https://crackingx.com/threads/70071/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged credential validation service targeting LinkedIn accounts
Category: Combo List
Content: Threat actor offers a credential validation service that checks email:password combinations against LinkedIn accounts using IMAP verification and specialized software. The service processes credentials for multiple countries and offers payment of $1-$21 per valid result based on account quality.
Date: 2026-03-27T14:41:53Z
Network: openweb
Published URL: https://crackingx.com/threads/70070/
Screenshots:
None
Threat Actors: best_linkedin
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: LinkedIn
Victim Site: linkedin.com
Alleged WordPress-related data leak by threat actor zod
Category: Combo List
Content: Threat actor zod posted WordPress-related content on CX forum in the combolists and dumps section, with access requiring password obtained via Telegram channel. Specific data type and scope unknown due to restricted access.
Date: 2026-03-27T14:31:15Z
Network: openweb
Published URL: https://crackingx.com/threads/70067/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Yahoo credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 980,539 Yahoo credentials allegedly from fresh leaks. The credential list was made available for free download via a file hosting service.
Date: 2026-03-27T14:30:41Z
Network: openweb
Published URL: https://crackingx.com/threads/70068/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com
♋ 81k MIX Base With Valid [FORUMS] ♋ (10)
Category: Combo List
Content: New thread posted by ValidMail: ♋ 81k MIX Base With Valid [FORUMS] ♋ (10)
Date: 2026-03-27T14:20:08Z
Network: openweb
Published URL: https://crackingx.com/threads/70064/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Mondial Relay involving 6.9 million French user records
Category: Data Breach
Content: Threat actor lynxd claims to be selling a database containing 6.9 million French user records allegedly from Mondial Relay, a parcel delivery service company.
Date: 2026-03-27T14:17:54Z
Network: openweb
Published URL: https://breachforums.sb/Thread-MONDIAL-RELAY-6-9M-USER-FR
Screenshots:
None
Threat Actors: lynxd
Victim Country: France
Victim Industry: Logistics
Victim Organization: Mondial Relay
Victim Site: Unknown
Alleged data breach of French government RESANA database
Category: Data Breach
Content: Threat actor claims to have scraped a database from the French government containing 1 million records with personal information including names, email addresses, phone numbers, and organizational data. Sample records show government employee data from various French departments and agencies.
Date: 2026-03-27T14:17:35Z
Network: openweb
Published URL: https://breachforums.sb/Thread-DATABASE-DATABASE-FRANCE-RESANA
Screenshots:
None
Threat Actors: Resana
Victim Country: France
Victim Industry: Government
Victim Organization: French Government (RESANA)
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A forum post claims to share a combolist containing 5,000 unique Hotmail email and password combinations dated March 27, 2026. The actual content requires forum registration to view.
Date: 2026-03-27T14:06:48Z
Network: openweb
Published URL: https://crackingx.com/threads/70060/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
⭐️ [ 2000 HOTMAIL ] FRESH UQH | GOODTIME CLOUD⭐️
Category: Combo List
Content: New thread posted by Lexser: ⭐️ [ 2000 HOTMAIL ] FRESH UQH | GOODTIME CLOUD⭐️
Date: 2026-03-27T14:06:10Z
Network: openweb
Published URL: https://crackingx.com/threads/70061/
Screenshots:
None
Threat Actors: Lexser
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Sterling Bank Ltd
Category: Data Breach
Content: The threat actor claims to have breached Sterling Bank Ltd, alleging access to data for ~900,000 customers and over 3,000 employees, including IDs, BVN, NUBAN, financial histories, and credit scores. They also claim compromise of a related Cardinal Stone database and sensitive executive information.
Date: 2026-03-27T14:06:06Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-NG-Sterling-Bank-Ltd
Screenshots:
None
Threat Actors: ByteToBreach
Victim Country: Nigeria
Victim Industry: Financial Services
Victim Organization: sterling bank ltd
Victim Site: sterling.ng
Alleged leak of ULP credential combolist containing 250+ million records
Category: Combo List
Content: A threat actor claims to have leaked a ULP (Username:Login:Password) combolist containing over 250 million credential records. The data is being distributed through a Telegram channel.
Date: 2026-03-27T14:05:34Z
Network: openweb
Published URL: https://crackingx.com/threads/70062/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
1.5K HOTMAIL Fresh Just Valid Mail Access 27.03
Category: Combo List
Content: New thread posted by MailAccesss: 1.5K HOTMAIL Fresh Just Valid Mail Access 27.03
Date: 2026-03-27T14:04:55Z
Network: openweb
Published URL: https://crackingx.com/threads/70063/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Ananthi Tech Edu by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL successfully defaced the contact page of Ananthi Tech Edus website on March 27, 2026. The attack targeted an educational institutions web presence, compromising their contact information page.
Date: 2026-03-27T13:49:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820890
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: India
Victim Industry: Education
Victim Organization: Ananthi Tech Edu
Victim Site: ananthitechedu.com
Alleged Sale of Certera EV Certificate
Category: Malware
Content: Threat actor claims to be selling a Certera EV certificate, advertised to bypass/disable Microsoft SmartScreen. The certificate is claimed to be valid for 1 year and supports remote code signing via a provided tool.
Date: 2026-03-27T13:43:49Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279318/
Screenshots:
None
Threat Actors: blueprint
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Ikshana Therapy by K3bay4 Mer4h (Idiot Crew)
Category: Defacement
Content: The Idiot Crew member K3bay4 Mer4h defaced the Ikshana Therapy website on March 27, 2026. This appears to be a redefacement of a previously compromised site targeting a healthcare therapy provider.
Date: 2026-03-27T13:32:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820889
Screenshots:
None
Threat Actors: K3bay4 Mer4h, Idiot Crew
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Ikshana Therapy
Victim Site: www.ikshanatherapy.com
Alleged Sale of Webshell access in USA
Category: Initial Access
Content: Threat actor claims to be selling Webshell access at shop from USA.
Date: 2026-03-27T13:29:12Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279317/
Screenshots:
None
Threat Actors: Jurak
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of email credentials combolist
Category: Combo List
Content: Threat actor TeraCloud1 allegedly leaked a combolist containing 10,000 valid email credentials on CrackingX forum. Additional private cloud access is offered through Telegram contact.
Date: 2026-03-27T13:16:13Z
Network: openweb
Published URL: https://crackingx.com/threads/70058/
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed domain credentials
Category: Combo List
Content: A threat actor shared a combolist containing 12,000 valid credentials from mixed domains through a paste sharing service. The credentials appear to be distributed for free rather than sold.
Date: 2026-03-27T13:05:31Z
Network: openweb
Published URL: https://crackingx.com/threads/70056/
Screenshots:
None
Threat Actors: Cir4d
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Sterling Bank Ltd
Category: Data Breach
Content: A threat actor allegedly claims to have obtained data from Sterling Bank Ltd, a Nigerian financial institution, though specific details about the nature and extent of the data are not provided in the available post content.
Date: 2026-03-27T13:02:38Z
Network: openweb
Published URL: https://breachforums.sb/Thread-DATABASE-NG-Sterling-Bank-Ltd
Screenshots:
None
Threat Actors: bytetobreach
Victim Country: Nigeria
Victim Industry: Financial Services
Victim Organization: Sterling Bank Ltd
Victim Site: Unknown
Alleged data breach of Sterling Bank Ltd
Category: Data Breach
Content: A threat actor posted about Sterling Bank Ltd on a data breach forum, though specific details about the nature of the data or incident are not provided in the available content.
Date: 2026-03-27T13:02:27Z
Network: openweb
Published URL: https://breachforums.sb/Thread-NG-Sterling-Bank-Ltd
Screenshots:
None
Threat Actors: bytetobreach
Victim Country: Nigeria
Victim Industry: Financial Services
Victim Organization: Sterling Bank Ltd
Victim Site: Unknown
Alleged Sale of Unauthorized Access in USA
Category: Initial Access
Content: Threat actor claims to be selling Unauthorized Access in USA
Date: 2026-03-27T12:49:03Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279314/
Screenshots:
None
Threat Actors: jamalunga
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of HRDC Nepal by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL conducted a website defacement attack against HRDC Nepals website on March 27, 2026. The attack targeted a specific page within the organizations success stories section.
Date: 2026-03-27T12:47:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820888
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Nepal
Victim Industry: Human Resources Development
Victim Organization: HRDC Nepal
Victim Site: www.hrdcnepal.org
Alleged Leak of Unidentified User Data in Nigeria
Category: Data Leak
Content: Threat actor claims to be selling a database of Nigerian user data. According to the listing, the dataset contains approximately 200,000 unique users and includes sensitive information such as names, phone numbers, dates of birth, BVN (Bank Verification Number), and account details.
Date: 2026-03-27T12:30:57Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279298/
Screenshots:
None
Threat Actors: Datavortex
Victim Country: Nigeria
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Bienestar
Category: Data Breach
Content: Threat actor claims to be selling a database of Mexican users, containing approximately 318,000 records. The dataset is allegedly sourced from bienestar.org and includes personal information such as first name, last name, phone number, email address, and date of birth.
Date: 2026-03-27T12:29:37Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279302/
Screenshots:
None
Threat Actors: Datavortex
Victim Country: Mexico
Victim Industry: Mental Health Care
Victim Organization: bienestar
Victim Site: bienestar.org
Alleged leak of Hotmail credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 713,738 credential pairs allegedly targeting Hotmail accounts, distributed as a free download via file sharing platform.
Date: 2026-03-27T12:27:33Z
Network: openweb
Published URL: https://crackingx.com/threads/70052/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed credential combolist
Category: Combo List
Content: D4rkNetHub shared a combolist containing 49,796 mixed credentials on CrackingX forum with an expiration date of March 2026.
Date: 2026-03-27T12:27:15Z
Network: openweb
Published URL: https://crackingx.com/threads/70053/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of 700GB credential combolist
Category: Combo List
Content: A threat actor is distributing a 700GB collection of URL-login-password credentials described as private and ultra-high quality. The data is being made available as a free download in text format.
Date: 2026-03-27T12:26:56Z
Network: openweb
Published URL: https://crackingx.com/threads/70054/
Screenshots:
None
Threat Actors: TheBash1996
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Deminima
Category: Data Breach
Content: Threat actor claims to have leaked data from Deminima. The compromised data reportedly include 6.6K records of data, including name, phone number, address, emails, etc.
Date: 2026-03-27T12:25:36Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-RS-Serbia-Gynecology-Clinic-Database–71403
Screenshots:
None
Threat Actors: RatkoMladic
Victim Country: Serbia
Victim Industry: Hospital & Health Care
Victim Organization: deminima
Victim Site: deminima.com
Alleged Leak of User Data in Brazil
Category: Data Leak
Content: Threat actor claims to be selling a database of Brazilian user data, containing approximately 198,000 email and password combinations.
Date: 2026-03-27T12:21:03Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279300/
Screenshots:
None
Threat Actors: Datavortex
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Xbox and PSN credential combolist
Category: Combo List
Content: A threat actor shared a credential combolist containing 11,312 lines targeting Xbox and PlayStation Network accounts. The data is distributed via Telegram with password protection.
Date: 2026-03-27T12:15:25Z
Network: openweb
Published URL: https://crackingx.com/threads/70050/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Gaming
Victim Organization: Xbox and PlayStation Network
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 10,530 Hotmail credentials for free download on a cybercriminal forum.
Date: 2026-03-27T12:15:06Z
Network: openweb
Published URL: https://crackingx.com/threads/70051/
Screenshots:
None
Threat Actors: NotSellerxd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of data from TN State Scholarship Portal
Category: Data Breach
Content: Threat actor claims to have leaked data from TN State Scholarship Portal. The compromised data reportedly contain 13 million records of data including name, aadhar number, phone number, address, email, password and more.
Date: 2026-03-27T12:10:28Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-India-13kk-Tamil-Nadu-Intergrated-State-Scholarship-Portal
Screenshots:
None
Threat Actors: Sorb
Victim Country: India
Victim Industry: Government Administration
Victim Organization: tn state scholarship portal
Victim Site: umisfees.tnega.org
Alleged data breach of Kuwaiti Ministry of Higher Education
Category: Data Breach
Content: Threat actor a313ip claims to have data from Kuwaits Ministry of Higher Education containing information on Kuwaiti citizens and is offering it for sale on BreachForums.
Date: 2026-03-27T12:03:11Z
Network: openweb
Published URL: https://breachforums.sb/Thread-DATABASE-Kuwaiti-Ministry-of-Higher-Education-data-for-sale
Screenshots:
None
Threat Actors: a313ip
Victim Country: Kuwait
Victim Industry: Government
Victim Organization: Ministry of Higher Education
Victim Site: Unknown
Alleged Data Leak of Multiple websites
Category: Data Leak
Content: Threat actor claims to be selling a dataset allegedly associated with NATO-related resources, specifically referencing the domain tide.act.nato.int, with a total size of approximately 427 MB.
Date: 2026-03-27T12:02:41Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279309/
Screenshots:
None
Threat Actors: DataHouse
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Dutch National Police Suffers Data Breach
Category: Data Breach
Content: The Dutch National Police confirmed it experienced a security breach after a successful phishing attack compromised internal systems, prompting immediate containment and investigation measures. Authorities stated that the incident had limited impact and did not affect citizens’ data, with the breach primarily impacting internal police-related information. The organization implemented security measures to mitigate the incident and is continuing to assess the scope and strengthen protections against similar attacks.
Date: 2026-03-27T12:01:30Z
Network: openweb
Published URL: https://www.bleepingcomputer.com/news/security/dutch-police-discloses-security-breach-after-phishing-attack/
Screenshots:
None
Threat Actors:
Victim Country: Netherlands
Victim Industry: Law Enforcement
Victim Organization: police netherlands
Victim Site: politie.nl
Alleged Sale of Leak Bazaar Data
Category: Data Leak
Content: Threat actor claims to be leaking Bazaar, a data exchange platform allegedly designed to facilitate the sale and analysis of stolen corporate datasets. According to the post, the platform allows users to process large data dumps, extract valuable information such as financial records, source code, and personal data, and sell selected segments of the data to potential buyers.
Date: 2026-03-27T11:55:52Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279299/
Screenshots:
None
Threat Actors: BlackSnow
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of Office-related credential combolist via Telegram
Category: Combo List
Content: Threat actor CODER is distributing Office-related credential combolists for free through Telegram channels. The actor is also providing related tools through separate Telegram groups.
Date: 2026-03-27T11:53:34Z
Network: openweb
Published URL: https://crackingx.com/threads/70049/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement campaign by Idiot Crew targeting ikshanatherapy.com
Category: Defacement
Content: The attacker K3bay4 Mer4h from Idiot Crew conducted a mass defacement campaign targeting ikshanatherapy.com on March 27, 2026. The attack was part of a broader mass defacement operation rather than a targeted attack on the specific healthcare organization.
Date: 2026-03-27T11:50:45Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248146
Screenshots:
None
Threat Actors: K3bay4 Mer4h, Idiot Crew
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Ikshana Therapy
Victim Site: www.ikshanatherapy.com
Mass website defacement by systemdarkdenied targeting rajadhirajcaferestro.in
Category: Defacement
Content: The attacker systemdarkdenied conducted a mass defacement campaign targeting multiple websites including a restaurant website in India. This incident was part of a broader mass defacement operation rather than a targeted attack on the specific organization.
Date: 2026-03-27T11:50:28Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248147
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: India
Victim Industry: Food & Beverage
Victim Organization: Rajadhiraj Cafe Restaurant
Victim Site: rajadhirajcaferestro.in
Mass website defacement campaign by systemdarkdenied targeting Indian educational institution
Category: Defacement
Content: Threat actor systemdarkdenied conducted a mass defacement campaign targeting safalboyspg.in, an Indian educational institutions website. The attack was part of a broader mass defacement operation rather than a targeted individual attack.
Date: 2026-03-27T11:50:08Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248148
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: India
Victim Industry: Education
Victim Organization: Safal Boys PG
Victim Site: safalboyspg.in
Mass defacement campaign by systemdarkdenied targeting solar cleaning company
Category: Defacement
Content: Threat actor systemdarkdenied conducted a mass defacement campaign targeting multiple websites including a solar panel cleaning service company in India. The attack occurred on March 27, 2026 and was part of a broader mass defacement operation rather than a targeted attack.
Date: 2026-03-27T11:49:49Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248149
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: India
Victim Industry: Renewable Energy/Solar Services
Victim Organization: Shiv Shakti Solar Cleaning
Victim Site: shivshaktisolarcleaniing.in
Mass defacement targeting library website by systemdarkdenied
Category: Defacement
Content: The attacker systemdarkdenied conducted a mass defacement campaign targeting the SVDK Library website. The incident occurred on March 27, 2026, affecting a Linux-based server hosting the librarys web services.
Date: 2026-03-27T11:49:31Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248150
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: Unknown
Victim Industry: Education
Victim Organization: SVDK Library
Victim Site: svdklibrary.com
Mass website defacement by systemdarkdenied targeting The Knowledge Academy
Category: Defacement
Content: Attacker systemdarkdenied conducted a mass defacement campaign targeting The Knowledge Academys Indian website. The incident was part of a broader mass defacement operation affecting multiple sites simultaneously.
Date: 2026-03-27T11:49:03Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248151
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: India
Victim Industry: Education
Victim Organization: The Knowledge Academy
Victim Site: the-knowledge-academy.co.in
Alleged SQL Injection Vulnerability Leak in Nowgong Girls College
Category: Vulnerability
Content: The group claims to have leaked an SQL injection vulnerability in Nowgong Girls College.
Date: 2026-03-27T11:46:03Z
Network: telegram
Published URL: https://t.me/c/2705921599/228
Screenshots:
None
Threat Actors: Z-Root
Victim Country: India
Victim Industry: Education
Victim Organization: nowgong girls college
Victim Site: nowgonggirlscollege.edu.in
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 5,000 unique Hotmail email and password combinations dated March 27, 2026 on a cybercrime forum.
Date: 2026-03-27T11:43:19Z
Network: openweb
Published URL: https://crackingx.com/threads/70048/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Mass website defacement by systemdarkdenied targeting Indian educational institution
Category: Defacement
Content: The attacker systemdarkdenied conducted a mass defacement campaign targeting multiple websites including an Indian educational institutions website. This incident was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-03-27T11:43:15Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248139
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: India
Victim Industry: Education
Victim Organization: Mansarovar Boys PG
Victim Site: mansarovarboyspg.in
Mass defacement campaign by systemdarkdenied targeting hair and beauty websites
Category: Defacement
Content: Attacker systemdarkdenied conducted a mass defacement campaign targeting multiple websites including a hair and beauty salon. The attack occurred on March 27, 2026 and affected a Linux-based web server hosting the Meraki Hair and Skin Studio website.
Date: 2026-03-27T11:42:53Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248140
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: Unknown
Victim Industry: Beauty and Personal Care
Victim Organization: Meraki Hair and Skin Studio
Victim Site: merakihairandskinstudio.com
Mass website defacement campaign by systemdarkdenied targeting Indian accommodation service
Category: Defacement
Content: The attacker systemdarkdenied conducted a mass defacement campaign targeting multiple websites including an Indian apartment and paying guest accommodation service. This incident was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-03-27T11:42:34Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248141
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: India
Victim Industry: Hospitality
Victim Organization: Mukta Apartment PG Service
Victim Site: muktaapartmentpgservice.in
Qilin: Linkspartei meldet russischen Ransomware-Angriff
Category: Cyber Attack
Content: The German political party Die Linke reported a cybersecurity incident involving ransomware attributed to the Russian hacker group Qilin, forcing the party to take its infrastructure offline on Thursday. While the party has filed a complaint and is in contact with authorities, member data was not compromised and the extent of affected internal data remains to be determined. This incident is part of a series of attacks targeting German political parties, with the CDU also falling victim to a cyberattack in May 2024.
Date: 2026-03-27T11:42:30Z
Network: openweb
Published URL: https://www.heise.de/news/Qilin-Linkspartei-meldet-russischen-Ransomware-Angriff-11227181.html
Screenshots:
None
Threat Actors:
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Die Linke
Victim Site: die-linke.de
Mass defacement targeting Indian sites by systemdarkdenied
Category: Defacement
Content: Mass defacement attack conducted by threat actor systemdarkdenied targeting multiple websites including muktapg.in on March 27, 2026. The attack affected sites running on Linux servers as part of a coordinated campaign.
Date: 2026-03-27T11:42:16Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248142
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: muktapg.in
Mass website defacement targeting nalandaboyspg.in by systemdarkdenied
Category: Defacement
Content: The threat actor systemdarkdenied conducted a mass defacement campaign targeting nalandaboyspg.in, an educational institution website in India. This was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-03-27T11:41:55Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248143
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: India
Victim Industry: Education
Victim Organization: Nalanda Boys PG
Victim Site: nalandaboyspg.in
Alleged SQL Injection Vulnerability Leak in JSPMs Imperial College
Category: Vulnerability
Content: The group claims to have leaked an SQL injection vulnerability in JSPMs Imperial College of Engineering and Research.
Date: 2026-03-27T11:40:17Z
Network: telegram
Published URL: https://t.me/c/2705921599/228
Screenshots:
None
Threat Actors: Z-Root
Victim Country: India
Victim Industry: Education
Victim Organization: jspms imperial college
Victim Site: jspmicoer.edu.in
Alleged SQL Injection Vulnerability Leak in Avantika University
Category: Vulnerability
Content: The group claims to have leaked an SQL injection vulnerability in Avantika University.
Date: 2026-03-27T11:39:36Z
Network: telegram
Published URL: https://t.me/c/2705921599/228
Screenshots:
None
Threat Actors: Z-Root
Victim Country: India
Victim Industry: Education
Victim Organization: avantika university
Victim Site: avantikauniversity.edu.in
Mass defacement targeting digitriv.com by systemdarkdenied
Category: Defacement
Content: Mass defacement attack conducted by threat actor systemdarkdenied targeting digitriv.com on March 27, 2026. The attack was part of a broader mass defacement campaign rather than a targeted single-site compromise.
Date: 2026-03-27T11:30:53Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248133
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Digitriv
Victim Site: digitriv.com
Mass defacement campaign by systemdarkdenied targeting water purification company
Category: Defacement
Content: The attacker systemdarkdenied conducted a mass defacement campaign targeting multiple websites including Ashapura Purifier, a water purification company. The incident occurred on March 27, 2026, affecting the companys website hosted on a Linux server.
Date: 2026-03-27T11:30:27Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248131
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: India
Victim Industry: Water Treatment/Purification
Victim Organization: Ashapura Purifier
Victim Site: ashapurapurifier.in
systemdarkdenied defaced digitriv.com
Category: Defacement
Content: Target: https://digitriv.com/indexKK.htmlAttacker: systemdarkdeniedDate: 2026-03-27 18:28:21OS: LinuxFlags: Mass Defacement (IP: 147.93.17.162)
Date: 2026-03-27T11:30:10Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248133
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: digitriv.com
Mass website defacement campaign by systemdarkdenied targeting multiple sites
Category: Defacement
Content: The threat actor systemdarkdenied conducted a mass defacement campaign targeting multiple websites including Digitriv Technologies. The attack was part of a broader campaign affecting numerous sites simultaneously rather than targeting a single organization.
Date: 2026-03-27T11:29:55Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248134
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Digitriv Technologies
Victim Site: digitrivtechnologies.com
Mass defacement campaign by systemdarkdenied targeting fairytalegirlspg.in
Category: Defacement
Content: The attacker systemdarkdenied conducted a mass defacement campaign targeting fairytalegirlspg.in on March 27, 2026. The incident was part of a broader mass defacement operation rather than targeting this specific site individually.
Date: 2026-03-27T11:29:36Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248135
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: India
Victim Industry: Entertainment
Victim Organization: Fairytale Girls PG
Victim Site: fairytalegirlspg.in
Mass website defacement targeting Indian hostel website by systemdarkdenied
Category: Defacement
Content: The attacker systemdarkdenied conducted a mass defacement campaign targeting multiple websites including an Indian boys hostel website. This incident was part of a broader mass defacement operation rather than a targeted attack on the specific organization.
Date: 2026-03-27T11:29:18Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248136
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: India
Victim Industry: Hospitality
Victim Organization: Joy Living 2 Boys Hostel
Victim Site: joyliving2boyshostel.in
Mass website defacement campaign by systemdarkdenied targeting Indian educational institution
Category: Defacement
Content: The attacker systemdarkdenied conducted a mass defacement campaign targeting multiple websites including an Indian educational hostel facility. This incident was part of a broader mass defacement operation rather than a targeted attack on a single organization.
Date: 2026-03-27T11:28:58Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248137
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: India
Victim Industry: Education
Victim Organization: Joy Living Boys Hostel
Victim Site: joylivingboyshostel.in
Alleged sale of unauthorized admin access to an unidentified wordpress shop in Australia
Category: Initial Access
Content: Threat actor claims to be selling admin access to an unidentified wordpress shop in Australia.
Date: 2026-03-27T11:28:12Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279303/
Screenshots:
None
Threat Actors: cosmodrome
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass website defacement by systemdarkdenied targeting adventuretattooschool.com
Category: Defacement
Content: The attacker systemdarkdenied conducted a mass defacement campaign targeting adventuretattooschool.com on March 27, 2026. This was part of a broader mass defacement operation rather than a targeted attack on the tattoo school specifically.
Date: 2026-03-27T11:23:12Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248127
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Adventure Tattoo School
Victim Site: adventuretattooschool.com
Alleged leak of confidential data related to FBI Director Kash Patel
Category: Data Leak
Content: The threat actor claims to have obtained and leaked confidential personal data belonging to Kash Patel, asserting access to emails, documents, conversations, and other sensitive materials.
Date: 2026-03-27T11:22:51Z
Network: openweb
Published URL: https://handala-team.to/kash-patel-current-director-of-the-fbi-hacked/
Screenshots:
None
Threat Actors: Handala Hack
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Mass defacement by systemdarkdenied targeting antilliaboyspg.com
Category: Defacement
Content: Mass defacement attack conducted by threat actor systemdarkdenied against antilliaboyspg.com on March 27, 2026. The attack targeted a Linux-based server and was part of a broader mass defacement campaign rather than an isolated incident.
Date: 2026-03-27T11:22:47Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248128
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: antilliaboyspg.com
Mass defacement campaign by systemdarkdenied targeting educational institution
Category: Defacement
Content: The attacker systemdarkdenied conducted a mass defacement campaign targeting multiple websites including an Indian educational institution. The attack occurred on March 27, 2026, affecting a Linux-based server hosting the Antillia Param Girls PG website.
Date: 2026-03-27T11:22:29Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248129
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: India
Victim Industry: Education
Victim Organization: Antillia Param Girls PG
Victim Site: antilliaparamgirlspg.in
Mass defacement campaign by systemdarkdenied targeting antilliapg.com
Category: Defacement
Content: The threat actor systemdarkdenied conducted a mass defacement campaign targeting antilliapg.com on March 27, 2026. This was part of a broader mass defacement operation affecting multiple websites simultaneously.
Date: 2026-03-27T11:22:11Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248130
Screenshots:
None
Threat Actors: systemdarkdenied
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: antilliapg.com
Alleged SQL Injection Vulnerability Leak in MRG School
Category: Vulnerability
Content: The group claims to have leaked an SQL injection vulnerability in MRG School.
Date: 2026-03-27T11:18:11Z
Network: telegram
Published URL: https://t.me/c/2705921599/228
Screenshots:
None
Threat Actors: Z-Root
Victim Country: India
Victim Industry: Education
Victim Organization: mrg school
Victim Site: mrgschool.edu.in
Alleged Leak of SQL Injection Vulnerability in Oz & Hadar group
Category: Vulnerability
Content: The group claims to have leaked SQL injection vulnerability in Oz & Hadar group
Date: 2026-03-27T11:08:11Z
Network: telegram
Published URL: https://t.me/c/2705921599/228
Screenshots:
None
Threat Actors: Z-Root
Victim Country: Israel
Victim Industry: Food Production
Victim Organization: oz & hadar group
Victim Site: ozvehadar.co.il
Alleged cybercriminal advertising intermediary services for illicit forum marketing
Category: Initial Access
Content: User vlesskey offers intermediary services to advertise illicit goods and services across various forums, specifically seeking sellers of eSIM cards, Telegram premium status, and document services for citizenship/visa applications. The actor facilitates transactions using cryptocurrency payments and escrow services.
Date: 2026-03-27T11:02:47Z
Network: openweb
Published URL: https://crackingx.com/threads/70045/
Screenshots:
None
Threat Actors: vlesskey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of SAAJ by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL conducted a website defacement attack against SAAJs Nepali domain on March 27, 2026. The attack targeted a specific blog page rather than the main homepage.
Date: 2026-03-27T10:43:43Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820886
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Nepal
Victim Industry: Unknown
Victim Organization: SAAJ
Victim Site: www.saaj.com.np
Alleged leak of Hotmail credential lists
Category: Combo List
Content: A threat actor is distributing a collection of 100 Hotmail credential lists with full account information through Telegram channels and paste sites.
Date: 2026-03-27T10:42:20Z
Network: openweb
Published URL: https://crackingx.com/threads/70044/
Screenshots:
None
Threat Actors: hqtabbb
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Leak of SQL Injection Vulnerability in green-kids.co.il
Category: Vulnerability
Content: The group claims to have leaked SQL injection vulnerability in green-kids.co.il
Date: 2026-03-27T10:38:25Z
Network: telegram
Published URL: https://t.me/c/2705921599/228
Screenshots:
None
Threat Actors: Z-Root
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: green-kids.co.il
Website defacement of Classic RO by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL defaced the Classic RO website on March 27, 2026. The attack targeted a specific product detail page on the Nepalese companys website.
Date: 2026-03-27T10:37:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820884
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Nepal
Victim Industry: Unknown
Victim Organization: Classic RO
Victim Site: classicro.com.np
Website defacement of featt.fr by Mr.sorban (IslamicCyberTeam)
Category: Defacement
Content: The website featt.fr was defaced by attacker Mr.sorban affiliated with IslamicCyberTeam on March 27, 2026. The defacement targeted a specific page within the WordPress installation of the French domain.
Date: 2026-03-27T10:36:55Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820885
Screenshots:
None
Threat Actors: Mr.sorban, IslamicCyberTeam
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: featt.fr
Alleged leak of Hotmail credential lists
Category: Combo List
Content: Threat actor shared 759 fresh Hotmail credential combinations organized by country with inbox access verification. The leak includes sorted country-specific targeting lists for compromised accounts.
Date: 2026-03-27T10:32:36Z
Network: openweb
Published URL: https://crackingx.com/threads/70043/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged Leak of SQL Injection Vulnerability in Denver Community Center
Category: Vulnerability
Content: The group claims to have leaked SQL injection vulnerability in Denver Community Center
Date: 2026-03-27T10:30:39Z
Network: telegram
Published URL: https://t.me/c/2705921599/228
Screenshots:
None
Threat Actors: Z-Root
Victim Country: Israel
Victim Industry: Non-profit & Social Organizations
Victim Organization: denver community center
Victim Site: denver.atarix.co.il
Website defacement of blfbd.org by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL successfully defaced the blfbd.org website on March 27, 2026. The attack targeted a specific page on the Bangladeshi domain, with the defacement archived on zone-xsec mirror service.
Date: 2026-03-27T10:25:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820883
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Bangladesh
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: blfbd.org
Alleged leak of corporate email credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 66,154 email and password combinations allegedly from corporate mail systems with SMTP access.
Date: 2026-03-27T10:11:22Z
Network: openweb
Published URL: https://crackingx.com/threads/70042/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of USHA International Ltd
Category: Data Breach
Content: The threat claims to have breached the database of USHA International Ltd, the dataset contains Customer information, Internal business recordsEmployee-related data, Contact details and Potential authentication related data.
Date: 2026-03-27T10:05:01Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-%F0%9D%90%83%F0%9D%90%AE%F0%9D%90%A6%F0%9D%90%A9%F0%9D%90%A2%F0%9D%90%A7%F0%9D%90%A0-%F0%9D%90%94%F0%9D%90%92%F0%9D%90%87%F0%9D%90%80-%F0%9D%90%88%F0%9D%90%8D%F0%9D%90%93%F0%9D%90%84%F0%9D%90%91%F0%9D%90%8D%F0%9D%90%80%F0%9D%90%93%F0%9D%90%88%F0%9D%90%8E%F0%9D%90%8D%F0%9D%90%80%F0%9D%90%8B-%F0%9D%90%8B%F0%9D%90%AD%F0%9D%90%9D-%F0%9D%90%83%F0%9D%90%80%F0%9D%90%93%F0%9D%90%80%F0%9D%90%81%F0%9D%90%80%F0%9D%90%92%F0%9D%90%84–71380
Screenshots:
None
Threat Actors: Alpha02z
Victim Country: India
Victim Industry: Manufacturing
Victim Organization: usha international ltd
Victim Site: usha.com
Alleged leak of Hotmail credentials
Category: Combo List
Content: Actor HollowKnight07 shared a sample of 950 Hotmail credentials as a free download on a cybercriminal forum. This appears to be a combolist containing email and password combinations.
Date: 2026-03-27T10:01:16Z
Network: openweb
Published URL: https://crackingx.com/threads/70041/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Website defacement of Dhanyanchal organization by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL defaced the Dhanyanchal organizations website on March 27, 2026. The attack targeted a specific page within the About section of the Nepalese organizations website.
Date: 2026-03-27T09:56:17Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820880
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Nepal
Victim Industry: Unknown
Victim Organization: Dhanyanchal
Victim Site: www.dhanyanchal.com.np
Website defacement of kalinchowkdarshan.com.np by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL defaced the kalinchowkdarshan.com.np website on March 27, 2026. The attack targeted a specific page rather than the homepage and was not part of a mass defacement campaign.
Date: 2026-03-27T09:56:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820881
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Nepal
Victim Industry: Unknown
Victim Organization: Kalinchowk Darshan
Victim Site: kalinchowkdarshan.com.np
SILENT ERROR SYSTEM targets the website of Indian Staffing Federation
Category: Defacement
Content: Group claims to have defaced the website of Indian Staffing Federation.
Date: 2026-03-27T09:53:31Z
Network: telegram
Published URL: https://t.me/silenterrorsystem/224
Screenshots:
None
Threat Actors: SILENT ERROR SYSTEM
Victim Country: India
Victim Industry: Staffing/Recruiting
Victim Organization: indian staffing federation
Victim Site: indianstaffingfederation.org
100k+ GMAIL GOODS D4RKNETHUB $ (7)
Category: Combo List
Content: New thread posted by D4rkNetHub: 100k+ GMAIL GOODS D4RKNETHUB $ (7)
Date: 2026-03-27T09:51:32Z
Network: openweb
Published URL: https://crackingx.com/threads/70040/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
CYKOMNEPAL defaced www.dhanyanchal.com.np/About/I…
Category: Defacement
Content: Target: www.dhanyanchal.com.np/About/I…Attacker: CYKOMNEPALTeam: CYKOMNEPALDate: 2026-03-27 16:45:48
Date: 2026-03-27T09:50:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820880
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: United States of America
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: www.dhanyanchal.com.np/About/I…
Alleged Data Breach of Instituto Tecnológico Superior de
Category: Data Breach
Content: The threat actor claims to have breached the database of Instituto Tecnológico Superior de Irapuato; the dataset contains highly sensitive personally identifiable informations.
Date: 2026-03-27T09:44:15Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-M%C3%89XICO-INSTITUTO-TECNOLOGICO-SUPERIOR-DE-IRAPUATO
Screenshots:
None
Threat Actors: SpeakTeam
Victim Country: Mexico
Victim Industry: Education
Victim Organization: instituto tecnológico superior de irapuato
Victim Site: itesi.edu.mx
Alleged leak of credential combolist containing 250,000 records
Category: Combo List
Content: A threat actor shared a credential combolist containing 250,000 URL:username:password combinations on a cybercrime forum. The data is being distributed for free to registered forum members.
Date: 2026-03-27T09:40:04Z
Network: openweb
Published URL: https://crackingx.com/threads/70039/
Screenshots:
None
Threat Actors: Seaborg
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of mixed credential data via D4RKNETHUB
Category: Logs
Content: Threat actor D4rkNetHub allegedly made available a collection of 10,245 mixed credential records through a cloud storage service. The post was made in a forum section dedicated to mail access and credential lists.
Date: 2026-03-27T09:32:50Z
Network: openweb
Published URL: https://xforums.st/threads/10-245-good-mixed-goods-d4rknethub-cloud-26-03-2026.599771/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor named D4rkNetHub claimed to have leaked 170,000 Hotmail credentials on a cybercriminal forum. The post was made in a section dedicated to credential lists and data dumps.
Date: 2026-03-27T09:17:17Z
Network: openweb
Published URL: https://crackingx.com/threads/70037/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credential combos
Category: Combo List
Content: Threat actor shared 450 Hotmail credentials with full account access information through a Telegram channel offering free daily credential combos.
Date: 2026-03-27T09:16:56Z
Network: openweb
Published URL: https://crackingx.com/threads/70038/
Screenshots:
None
Threat Actors: hqtabbb
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged data leak of Rasi Seeds database
Category: Data Leak
Content: Actor SnowSoul shared database files from Rasi Seeds including .bak, .mdf, and .log files through file sharing links. The leak appears to contain database backup and log files from the agricultural companys website.
Date: 2026-03-27T09:15:35Z
Network: openweb
Published URL: https://breachforums.sb/Thread-SnowSoul-ID-1227-RASI-SEEDS-si-rasiseeds-com
Screenshots:
None
Threat Actors: SnowSoul
Victim Country: Unknown
Victim Industry: Agriculture
Victim Organization: Rasi Seeds
Victim Site: si.rasiseeds.com
Alleged leak of educational credentials combolist
Category: Combo List
Content: Threat actor CODER distributes educational sector credential combolists for free through Telegram channels. The actor operates multiple Telegram groups offering both credential lists and related programs.
Date: 2026-03-27T09:04:19Z
Network: openweb
Published URL: https://crackingx.com/threads/70036/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Nakamura Co database
Category: Data Breach
Content: Threat actor Kyyzo is selling a 17GB database allegedly containing 850,000+ user records from Nakamura Co, including full names, emails, phone numbers, addresses, dates of birth, bank account information, KTP photos, and social media links for $500 USD.
Date: 2026-03-27T09:02:33Z
Network: openweb
Published URL: https://breachforums.sb/Thread-DATABASE-LEAK-DATABASE-850-000-MEMBER-NAKAMURA-CO-ID-17gb
Screenshots:
None
Threat Actors: Kyyzo
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Nakamura Co
Victim Site: nakamura.co.id
Alleged caller ID spoofing service offering VoIP fraud capabilities
Category: Initial Access
Content: Threat actor advertises a caller ID spoofing service supporting 200+ countries with capabilities to bypass security measures at exchanges, banks, and major platforms. The service offers various dialing methods, voice changing technology, and claims all caller IDs pass verification systems.
Date: 2026-03-27T08:44:54Z
Network: openweb
Published URL: https://breachforums.sb/Thread-Spoof-Global-%E2%80%93-200-Countries-Spoof-Any-Caller-ID-SpoofGlobalBot
Screenshots:
None
Threat Actors: spoofglobal
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged promotion of traffic boosting and SEO tools
Category: Alert
Content: Forum post advertising traffic boosting, SEO, and visitor view tools with mention of organic methods and site autth.rest.
Date: 2026-03-27T08:44:32Z
Network: openweb
Published URL: https://breachforums.sb/Thread-SELLING-Release-Original-powerful-tools-for-business
Screenshots:
None
Threat Actors: sxxone
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged BMW data breach and multi-company automotive data sale
Category: Data Breach
Content: Threat actor claims to be selling BMW Group data including dealership documents, customer and employee PII, and Root PEM certificates for $30,000. The alleged breach also exposed data from multiple other automotive companies including Mercedes-Benz, Toyota, Ford, Tesla and others, along with Shell gas station information.
Date: 2026-03-27T08:44:11Z
Network: openweb
Published URL: https://breachforums.sb/Thread-SELLING-BMW-IDOR-Docs
Screenshots:
None
Threat Actors: xpl0itrs
Victim Country: Unknown
Victim Industry: Automotive
Victim Organization: BMW Group
Victim Site: Unknown
Alleged sale of Chinese online gambling platform database
Category: Data Breach
Content: Actor claims to be selling a database containing 3.3 million records of Chinese online gambling customers including usernames, phone numbers, IP addresses, locations, and detailed financial transaction data including recharge and withdrawal amounts.
Date: 2026-03-27T08:43:51Z
Network: openweb
Published URL: https://breachforums.sb/Thread-SELLING-Chinese-online-gambling-customers-3300K
Screenshots:
None
Threat Actors: technicianA
Victim Country: China
Victim Industry: Gaming/Gambling
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Mexican Tax Administration Service (SAT)
Category: Data Breach
Content: Threat actor claims to be selling a database containing over 500,000 Mexican tax records including full names, tax IDs, addresses, phone numbers, and email addresses from the Tax Administration Service.
Date: 2026-03-27T08:43:34Z
Network: openweb
Published URL: https://breachforums.sb/Thread-SELLING-Database-sat-gob-mx-500-000-RFCs
Screenshots:
None
Threat Actors: dkoss
Victim Country: Mexico
Victim Industry: Government
Victim Organization: Tax Administration Service (SAT)
Victim Site: sat.gob.mx
Alleged sale of Spanish banking database containing IBAN records
Category: Data Breach
Content: Threat actor ModernStealer claims to have access to a database containing 14 million Spanish IBAN records including personal information, phone numbers, and banking details from institutions like Abanca and Banco Sabadell. Contact information provided for purchasing the complete database.
Date: 2026-03-27T08:43:13Z
Network: openweb
Published URL: https://breachforums.sb/Thread-DATABASE-SPAIN-IBAN-DATA
Screenshots:
None
Threat Actors: ModernStealer
Victim Country: Spain
Victim Industry: Financial Services
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Yantai International Labor Service Company
Category: Data Leak
Content: Actor SnowSoul leaked data from Yantai International Labor Service Company in Shandong Province, China. The leaked data appears to contain study abroad materials, visa information, student data, and university partnership documents totaling approximately 10.8GB across multiple file hosting links.
Date: 2026-03-27T08:42:47Z
Network: openweb
Published URL: https://breachforums.sb/Thread-Chinese-data-%E4%B8%AD%E5%9B%BD%E6%95%B0%E6%8D%AE-SnowSoul-ID-1263
Screenshots:
None
Threat Actors: SnowSoul
Victim Country: China
Victim Industry: Professional Services
Victim Organization: Yantai International Labor Service Company
Victim Site: Unknown
Alleged data breach of Nakamura Co
Category: Data Breach
Content: Threat actor Kyyzo is selling a database allegedly containing 850,000+ user records from Nakamura Co including full names, emails, phone numbers, addresses, dates of birth, bank account details, KTP photos, and social media links for $1,500 USD.
Date: 2026-03-27T08:42:44Z
Network: openweb
Published URL: https://breachforums.sb/Thread-DATABASE-LEAK-DATABASE-NAKAMURA-CO-ID
Screenshots:
None
Threat Actors: Kyyzo
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Nakamura Co
Victim Site: nakamura.co.id
Website defacement of DealSell e-commerce platform by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL group defaced the DealSell e-commerce website on March 27, 2026. The attack targeted a specific product page on the Nepalese online retail platform.
Date: 2026-03-27T08:41:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820873
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Nepal
Victim Industry: E-commerce
Victim Organization: DealSell
Victim Site: www.dealsell.com.np
Website defacement of MobiMeds healthcare platform by CYKOMNEPAL
Category: Defacement
Content: CYKOMNEPAL defaced the about-us page of MobiMeds, a Nepalese healthcare platform, on March 27, 2026. The attack targeted a single page rather than the entire website or multiple sites simultaneously.
Date: 2026-03-27T08:29:47Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820861
Screenshots:
None
Threat Actors: CYKOMNEPAL, CYKOMNEPAL
Victim Country: Nepal
Victim Industry: Healthcare
Victim Organization: MobiMeds
Victim Site: www.mobimeds.com.np
Website defacement of PulseHealth by DimasHxR
Category: Defacement
Content: Healthcare website pulsehealth.online was defaced by attacker DimasHxR on March 27, 2026. The incident targeted a specific page rather than the homepage and was not part of a mass defacement campaign.
Date: 2026-03-27T08:29:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820862
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: PulseHealth
Victim Site: pulsehealth.online
Website defacement of ctg-aggregate.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the ctg-aggregate.com website on March 27, 2026. The defacement targeted a specific file (readme.txt) rather than the homepage and was not part of a mass campaign.
Date: 2026-03-27T08:28:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820864
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ctg-aggregate.com
Website defacement of fpreklama.ru by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Russian advertising company FP Reklamas website on March 27, 2026. The defacement targeted a specific file (readme.txt) rather than the main homepage.
Date: 2026-03-27T08:28:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820867
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Russia
Victim Industry: Advertising/Marketing
Victim Organization: FP Reklama
Victim Site: fpreklama.ru
Website defacement of inspirationcenterbeyou.nl by DimasHxR
Category: Defacement
Content: DimasHxR successfully defaced the inspirationcenterbeyou.nl website on March 27, 2026. The incident appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-03-27T08:27:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820870
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Netherlands
Victim Industry: Unknown
Victim Organization: Inspiration Center Be You
Victim Site: inspirationcenterbeyou.nl
Website defacement of kolozoom.com by DimasHxR
Category: Defacement
Content: The attacker DimasHxR successfully defaced a specific page on kolozoom.com on March 27, 2026. This appears to be a targeted single-page defacement rather than a mass attack.
Date: 2026-03-27T08:27:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820871
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Kolozoom
Victim Site: kolozoom.com
Website defacement of afrisoul.co.za by DimasHxR
Category: Defacement
Content: The attacker DimasHxR defaced the afrisoul.co.za website on March 27, 2026, targeting a readme.txt file on the domain.
Date: 2026-03-27T08:21:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820851
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: South Africa
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: afrisoul.co.za
Website defacement of auracliq.com by DimasHxR
Category: Defacement
Content: Single website defacement targeting auracliq.com conducted by threat actor DimasHxR on March 27, 2026. The attack specifically targeted the readme.txt file on the victims website.
Date: 2026-03-27T08:20:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820852
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: AuraCliq
Victim Site: auracliq.com
Website defacement of Dajos Organic by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the Dajos Organic website on March 27, 2026. The defacement targeted a South African organic products companys readme.txt file.
Date: 2026-03-27T08:19:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820856
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: South Africa
Victim Industry: Organic/Agriculture
Victim Organization: Dajos Organic
Victim Site: dajosorganic.co.za
Website defacement of Spoil Me Rotten by DimasHxR
Category: Defacement
Content: Attacker DimasHxR defaced the spoilmerotten.co.za website on March 27, 2026, targeting the readme.txt file. This was an individual defacement incident with no team affiliation claimed.
Date: 2026-03-27T08:19:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820860
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: South Africa
Victim Industry: Unknown
Victim Organization: Spoil Me Rotten
Victim Site: spoilmerotten.co.za
Website defacement of Empasoft by DimasHxR
Category: Defacement
Content: DimasHxR conducted a website defacement attack against Empasofts website on March 27, 2026. The attack targeted a specific page rather than the homepage and was not part of a mass defacement campaign.
Date: 2026-03-27T08:13:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820838
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Mongolia
Victim Industry: Technology
Victim Organization: Empasoft
Victim Site: empasoft.mn
Website defacement of Alabed Roastery by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the website of Alabed Roastery on March 27, 2026. The defacement targeted a specific page rather than the homepage and was not part of a mass campaign.
Date: 2026-03-27T08:12:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820839
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Food and Beverage
Victim Organization: Alabed Roastery
Victim Site: alabed-roastery.com
Alleged distribution of email credential combolist containing 11.3 million records
Category: Combo List
Content: Threat actor CODER distributing an 11.3 million email:password combolist through Telegram channels. The actor operates multiple Telegram groups providing free credential lists and programs for SMTP targeting purposes.
Date: 2026-03-27T08:12:13Z
Network: openweb
Published URL: https://crackingx.com/threads/70035/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of 7heavenonline.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced 7heavenonline.com on March 27, 2026, targeting a readme.txt file on the domain.
Date: 2026-03-27T08:12:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820840
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: 7 Heaven Online
Victim Site: 7heavenonline.com
Alleged data leak of Hualen New Materials (Jiangsu) Co., Ltd.
Category: Data Leak
Content: Threat actor SnowSoul leaked approximately 20GB of database files from Chinese chemical manufacturing company Hualen New Materials, distributing the data through multiple file hosting links. The leaked data includes various database file formats including .bak, .MDF, .ldf, and other operational system files.
Date: 2026-03-27T08:11:21Z
Network: openweb
Published URL: https://breachforums.sb/Thread-Chinese-data-Free-download-30-G-%E4%B8%AD%E5%9B%BD%E6%95%B0%E6%8D%AE-1243
Screenshots:
None
Threat Actors: SnowSoul
Victim Country: China
Victim Industry: Manufacturing
Victim Organization: Hualen New Materials (Jiangsu) Co., Ltd.
Victim Site: oa.hualunchem.com
Alleged leak of Chinese industrial data
Category: Data Leak
Content: Threat actor SnowSoul shared multiple download links claiming to contain Chinese industrial data. The post is written in Chinese and provides several file hosting links for free download of the alleged data.
Date: 2026-03-27T08:11:01Z
Network: openweb
Published URL: https://breachforums.sb/Thread-Chinese-data-%E4%B8%AD%E5%9B%BD%E6%95%B0%E6%8D%AE-SnowSoul-ID-1247
Screenshots:
None
Threat Actors: SnowSoul
Victim Country: China
Victim Industry: Industrial
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of social media and e-commerce credentials
Category: Combo List
Content: A threat actor shared a combolist containing 646,200 credential pairs allegedly targeting social media and shopping platforms for 2026. The data was made available as a free download via a file sharing service.
Date: 2026-03-27T08:02:39Z
Network: openweb
Published URL: https://crackingx.com/threads/70033/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
❄️❄️ 992x PREMIUM HOTMAIL HITS ❄️❄️
Category: Combo List
Content: New thread posted by alphaxdd: ❄️❄️ 992x PREMIUM HOTMAIL HITS ❄️❄️
Date: 2026-03-27T08:02:18Z
Network: openweb
Published URL: https://crackingx.com/threads/70034/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Dubai furniture delivery service by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced a Dubai-based furniture delivery service website on March 27, 2026. The incident was a targeted single-site defacement rather than a mass campaign.
Date: 2026-03-27T08:00:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820823
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: United Arab Emirates
Victim Industry: Retail/E-commerce
Victim Organization: Furniture Delivery Service Dubai
Victim Site: furnituredeliveryservicedubai….
Website defacement of NextCare Movers by DimasHxR
Category: Defacement
Content: DimasHxR defaced the NextCare Movers website on March 27, 2026, targeting the readme.txt file. This was an individual attack rather than part of a mass defacement campaign.
Date: 2026-03-27T07:59:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820824
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Transportation/Moving Services
Victim Organization: NextCare Movers
Victim Site: nextcaremovers.com
Website defacement of Zara Movers by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the website of Zara Movers, a moving/logistics company, on March 27, 2026. The defacement targeted a specific page rather than the main homepage.
Date: 2026-03-27T07:59:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820825
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Transportation/Logistics
Victim Organization: Zara Movers
Victim Site: zaramovers.com
Website defacement of ajkerfact.com by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR successfully defaced the Bangladeshi news website ajkerfact.com on March 27, 2026. The attack targeted a specific file (readme.txt) rather than the main homepage.
Date: 2026-03-27T07:58:31Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820831
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Bangladesh
Victim Industry: Media/News
Victim Organization: Ajker Fact
Victim Site: ajkerfact.com
Website defacement of TechMediaBD by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced the TechMediaBD website on March 27, 2026, targeting the readme.txt file. This appears to be a single-target defacement operation rather than a mass campaign.
Date: 2026-03-27T07:57:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820835
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Bangladesh
Victim Industry: Technology/Media
Victim Organization: TechMediaBD
Victim Site: techmediabd.com
Website defacement of elaceitederatero.com by DimasHxR
Category: Defacement
Content: Threat actor DimasHxR conducted a website defacement attack against elaceitederatero.com on March 27, 2026. This was an individual attack rather than part of a mass defacement campaign.
Date: 2026-03-27T07:51:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820800
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: elaceitederatero.com
Website defacement of United Investimentos by DimasHxR
Category: Defacement
Content: Brazilian investment company United Investimentos suffered a website defacement attack by threat actor DimasHxR on March 27, 2026. The attacker compromised a specific page on the companys website rather than conducting a mass defacement campaign.
Date: 2026-03-27T07:51:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820801
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Brazil
Victim Industry: Financial Services
Victim Organization: United Investimentos
Victim Site: united-investimentos.com
Website defacement of kryobot.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced kryobot.com on March 27, 2026, targeting a specific page rather than the main site homepage.
Date: 2026-03-27T07:50:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820802
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Kryobot
Victim Site: kryobot.com
Website defacement of b2ihub.com by DimasHxR
Category: Defacement
Content: Individual attacker DimasHxR defaced b2ihub.com on March 27, 2026, targeting a specific page rather than the main site. The incident was documented and archived with mirror evidence available.
Date: 2026-03-27T07:50:04Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820803
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: B2I Hub
Victim Site: b2ihub.com
Website defacement of driventoencourage.com by DimasHxR
Category: Defacement
Content: The website driventoencourage.com was defaced by the attacker DimasHxR on March 27, 2026. This was an isolated defacement incident targeting a specific page on the domain.
Date: 2026-03-27T07:49:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820818
Screenshots:
None
Threat Actors: DimasHxR
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: driventoencourage.com
⚡⚡HOTMAIL⚡⚡PRIVATE⚡⚡FRESH⚡⚡CHEKED BY klyne05 ⚡⚡
Category: Combo List
Content: New thread posted by klyne05: ⚡⚡HOTMAIL⚡⚡PRIVATE⚡⚡FRESH⚡⚡CHEKED BY klyne05 ⚡⚡
Date: 2026-03-27T07:31:17Z
Network: openweb
Published URL: https://crackingx.com/threads/70032/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Logs
Content: A forum post allegedly contains a combolist of 5,000 unique Hotmail email and password combinations. The post appears to be offering the credentials as a free download or leak rather than for sale.
Date: 2026-03-27T07:24:21Z
Network: openweb
Published URL: https://xforums.st/threads/27-03-26-hotmail-unique-combo_1_5000.599437/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of corporate email credentials
Category: Combo List
Content: Threat actor HQcomboSpace shared a combolist containing 181,081 corporate email credentials via Mega file sharing service. The credentials are described as suitable for lead targeting purposes.
Date: 2026-03-27T07:20:04Z
Network: openweb
Published URL: https://crackingx.com/threads/70030/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of forum credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 81,000 mixed forum credentials on a cybercriminal forum.
Date: 2026-03-27T07:10:33Z
Network: openweb
Published URL: https://crackingx.com/threads/70029/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of Adi Anadolu by NUCLIER-Y-C-C-M
Category: Defacement
Content: The threat actor NUCLIER-Y-C-C-M successfully defaced the adipanadolu.org website on March 27, 2026. This was a targeted single-site defacement rather than a mass campaign.
Date: 2026-03-27T06:59:02Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820664
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Adi Anadolu
Victim Site: adipanadolu.org
Alleged sale of 10K corporate email access in the USA and Europe
Category: Combo List
Content: Threat actor claims to be selling 10,000 corporate email accounts with passwords from organizations in the United States and Europe.
Date: 2026-03-27T06:54:12Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279292/
Screenshots:
None
Threat Actors: Kay
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of 1K Office365 Corporate data in USA
Category: Data Leak
Content: Threat actor claims to be selling 1k office365 corp data in USA.
Date: 2026-03-27T06:46:32Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279291/
Screenshots:
None
Threat Actors: Kay
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of buddy.in
Category: Data Leak
Content: Threat actor claims to have leaked data from buddy.in
Date: 2026-03-27T06:37:55Z
Network: openweb
Published URL: https://spear.cx/Thread-Buddy-In-DB
Screenshots:
None
Threat Actors: zsnark
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: buddy.in
Alleged leak of mixed domain credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 26,000 high-quality credentials from mixed domains on a cybercriminal forum.
Date: 2026-03-27T06:29:55Z
Network: openweb
Published URL: https://crackingx.com/threads/70028/
Screenshots:
None
Threat Actors: Cir4d
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of St. Anns School by NUCLIER-Y-C-C-M
Category: Defacement
Content: NUCLIER-Y-C-C-M successfully defaced the toppers section of St. Anns School Roorkees website on March 27, 2026. The attack targeted an educational institutions web presence, affecting their student achievement pages.
Date: 2026-03-27T06:24:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/820222
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: India
Victim Industry: Education
Victim Organization: St. Anns School Roorkee
Victim Site: www.stannsroorkee.org
Alleged data leak of Chinese EMR and insurance records
Category: Data Leak
Content: The group claims to have leaked a database containing approximately 56.9 million Chinese EMR and insurance records, including sensitive information such as names, IDs, medical histories, diagnoses, treatments, and organizational details.
Date: 2026-03-27T06:06:20Z
Network: telegram
Published URL: https://t.me/c/3481649019/46
Screenshots:
None
Threat Actors: ShellForce
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of C&A Mexico
Category: Data Breach
Content: Threat actor claims to have leaked database from C&A Mexico.
Date: 2026-03-27T05:59:38Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-C-A-MODAS%C2%A0-Mexico-Database-Leaked-Download
Screenshots:
None
Threat Actors: injectioninferno2
Victim Country: Mexico
Victim Industry: Fashion & Apparel
Victim Organization: c&a mexico
Victim Site: cyamoda.com
Alleged leak of unauthorized access to Miaoda
Category: Initial Access
Content: The group claims to have gained unauthorized access to Miaoda. The compromised data includes a wide range of sensitive information such as AI-related data, personal details (addresses, IDs, nicknames, and mobile numbers), payment and KYC information, project and corporate records, third-party storage data, chat-related metadata (chat room IDs, titles, tags, UIDs, and receipt IDs), partner and agency information, as well as multimedia content including photos and videos.
Date: 2026-03-27T05:57:33Z
Network: telegram
Published URL: https://t.me/c/3481649019/46
Screenshots:
None
Threat Actors: ShellForce
Victim Country: China
Victim Industry: Information Technology (IT) Services
Victim Organization: miaoda
Victim Site: miaoda.cn
Website defacement of CPBBD by NUCLIER-Y-C-C-M
Category: Defacement
Content: The attacker NUCLIER-Y-C-C-M successfully defaced the homepage of www.cpbbd.org on March 27, 2026. This was a single-target defacement rather than part of a mass campaign.
Date: 2026-03-27T05:56:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/819621
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Bangladesh
Victim Industry: Unknown
Victim Organization: CPBBD
Victim Site: www.cpbbd.org
THE GARUDA EYE claims to target Indonesia
Category: Cyber Attack
Content: A recent post by the group suggests a planned cyber attack targeting Indonesia, with a countdown of 2 days to the operation.
Date: 2026-03-27T05:54:58Z
Network: telegram
Published URL: https://t.me/GarudaEye/1363
Screenshots:
None
Threat Actors: THE GARUDA EYE
Victim Country: Indonesia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 3,992 fresh Hotmail credentials on a cybercriminal forum. The credentials appear to be recently obtained and made available for free download to registered forum users.
Date: 2026-03-27T05:39:22Z
Network: openweb
Published URL: https://crackingx.com/threads/70027/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Hax.or targets the website of KPS Himalayan Public School
Category: Defacement
Content: The group claims to have defaced the website of KPS Himalayan Public School.
Date: 2026-03-27T05:33:10Z
Network: telegram
Published URL: https://t.me/ctifeeds/129372
Screenshots:
None
Threat Actors: Hax.or
Victim Country: India
Victim Industry: Education
Victim Organization: kps himalayan public school
Victim Site: kpsranikhet.in
Website defacement of dspc.org by NUCLIER-Y-C-C-M
Category: Defacement
Content: The threat actor NUCLIER-Y-C-C-M successfully defaced dspc.org on March 27, 2026. The attack targeted a specific file directory on the website rather than the main homepage.
Date: 2026-03-27T05:32:51Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/819246
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: dspc.org
Alleged data leak of C&A MODAS Mexico customer database
Category: Data Leak
Content: Threat actor injectioninferno leaked a database containing 286,094 records from C&A MODAS Mexico, including names, birthdates, government IDs, phone numbers, and email addresses. The data is being distributed for free download on cybercriminal forums.
Date: 2026-03-27T05:25:49Z
Network: openweb
Published URL: https://breachforums.sb/Thread-COLLECTION-C-A-MODAS%C2%A0-Mexico-Database-Leaked-Download
Screenshots:
None
Threat Actors: injectioninferno
Victim Country: Mexico
Victim Industry: Fashion/Retail
Victim Organization: C&A MODAS
Victim Site: Unknown
Alleged leak of Gmail cryptocurrency-focused credential list
Category: Combo List
Content: A threat actor leaked a combolist containing 591,590 Gmail credentials targeting cryptocurrency users, made available for free download.
Date: 2026-03-27T05:06:48Z
Network: openweb
Published URL: https://crackingx.com/threads/70026/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Gmail
Victim Site: gmail.com
Alleged data breach of BreachForums version 5
Category: Data Breach
Content: The threat actor claims to have breached the BreachForums platform including domains .sb, .ac, .fi, .us, etc. The actor further claims possession of full backup data from the platform, including private messages, email addresses, IP logs, and user-generated content. The actor claims that the original BreachForums platform was seized by the FBI on October 10, 2025, and that all currently active versions are fraudulent replicas.
Date: 2026-03-27T05:05:18Z
Network: tor
Published URL: http://toolatedhs5dtr2pv6h5kdraneak5gs3sxrecqhoufc5e45edior7mqd.onion/
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Saint Lucia Citizenship by Investment Programme database
Category: Data Leak
Content: A threat actor claiming to have leaked a SQL database from the Saint Lucia Citizenship by Investment Programme containing over 1.1 million records including personal information, contact details, identification numbers, and passport data of program participants.
Date: 2026-03-27T04:36:58Z
Network: openweb
Published URL: https://breachforums.sb/Thread-DATABASE-cipsaintlucia-com-leak
Screenshots:
None
Threat Actors: Tanaka
Victim Country: Saint Lucia
Victim Industry: Government
Victim Organization: Saint Lucia Citizenship by Investment Programme
Victim Site: cipsaintlucia.com
Mass defacement campaign by r¡xzXsploit targeting Indian educational institution
Category: Defacement
Content: The threat actor r¡xzXsploit conducted a mass defacement campaign targeting the KPS Ranikhet educational institution website. This attack was part of a broader mass defacement operation rather than a targeted single-site attack.
Date: 2026-03-27T04:25:02Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248126
Screenshots:
None
Threat Actors: r¡xzXsploit, alone
Victim Country: India
Victim Industry: Education
Victim Organization: KPS Ranikhet
Victim Site: www.kpsranikhet.in
Alleged data leak of Mossad
Category: Data Leak
Content: Threat actor claims to have leaked data from Mossad.
Date: 2026-03-27T04:19:26Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-Mossad-data-leaked
Screenshots:
None
Threat Actors: ANONB2H
Victim Country: Israel
Victim Industry: Government Relations
Victim Organization: mossad official
Victim Site: mossad.gov.il
Alleged leak of credential combolist in ULP format
Category: Combo List
Content: A threat actor shared a credential combolist in URL:LOGIN:PASS (ULP) format on an underground forum. The post claims to contain high-quality private credentials but provides no specific details about the source, quantity, or affected services.
Date: 2026-03-27T04:16:47Z
Network: openweb
Published URL: https://crackingx.com/threads/70021/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of USA and Europe credential combolist
Category: Combo List
Content: Threat actor distributing a combolist containing credentials from USA and Europe regions. The post advertises it as an exclusive mix of credential combinations for potential credential stuffing attacks.
Date: 2026-03-27T04:16:26Z
Network: openweb
Published URL: https://crackingx.com/threads/70022/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged distribution of European and US credential combolists
Category: Combo List
Content: Threat actor gsmfix claims to distribute high quality credential combolists targeting Europe and USA regions. The post emphasizes full validity of the credential data being shared.
Date: 2026-03-27T04:16:06Z
Network: openweb
Published URL: https://crackingx.com/threads/70023/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of phone number and password credentials
Category: Combo List
Content: A threat actor shared a credential list containing phone numbers and passwords, claiming it to be high quality and private content on a cybercrime forum.
Date: 2026-03-27T04:15:46Z
Network: openweb
Published URL: https://crackingx.com/threads/70024/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of WordPress credentials
Category: Combo List
Content: Forum post claims to contain WordPress login credentials in URL:login:password format. No content is visible in the post body to verify the claim or determine scope.
Date: 2026-03-27T04:15:26Z
Network: openweb
Published URL: https://crackingx.com/threads/70025/
Screenshots:
None
Threat Actors: gsmfix
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged SMTP service offering on cybercriminal forum
Category: Initial Access
Content: A forum post titled 1x G SMTP was identified on a cybercriminal forum, likely advertising SMTP access or services. No additional content was available for analysis.
Date: 2026-03-27T04:06:39Z
Network: openweb
Published URL: https://xforums.st/threads/1x-g-smtp.598572/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Fatimion cyber team claims to target Isreal
Category: Alert
Content: The group claims to have inviting individuals, offering encrypted communication and support to engage in coordinated cyber activities, targeting regions including the UAE, Saudi Arabia, Qatar, and Bahrain.
Date: 2026-03-27T04:04:46Z
Network: telegram
Published URL: https://t.me/hak994/5492
Screenshots:
None
Threat Actors: Fatimion cyber team
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of government administrative records from Jatigede District
Category: Data Leak
Content: Threat actor claims to have obtained and shared administrative data from Jatigede sub-district, reportedly containing sensitive personal information such as national ID numbers, addresses, contact details, and demographic records.
Date: 2026-03-27T04:04:08Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-Jatigede-District-Sumedang-Regency-DATA-LEAKED–71226
Screenshots:
None
Threat Actors: ANONB2H
Victim Country: Indonesia
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of John Lewis Broadband SMTP access
Category: Initial Access
Content: Forum post allegedly offers access to John Lewis Broadband SMTP services. No additional details are available due to lack of post content.
Date: 2026-03-27T04:02:06Z
Network: openweb
Published URL: https://xforums.st/threads/1x-johnlewisbroadband-smtp.598574/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: United Kingdom
Victim Industry: Telecommunications
Victim Organization: John Lewis Broadband
Victim Site: johnlewisbroadband.com
1x ABSOLUZ SMTP 📧 📬
Category: Alert
Content: New thread posted by X Forum Bot: 1x ABSOLUZ SMTP 📧 📬
Date: 2026-03-27T03:58:53Z
Network: openweb
Published URL: https://xforums.st/threads/1x-absoluz-smtp.598575/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Leak of Israeli Jewish Jewelry Shop Database
Category: Data Leak
Content: Threat Actor claims to have leaked a database allegedly associated with an Israeli jewish jewelry shop, containing approximately 387,000 records. The dataset includes personal information such as first and last names, email addresses, phone numbers, and physical addresses.
Date: 2026-03-27T03:52:40Z
Network: openweb
Published URL: https://darknetarmy.io/threads/483-387k-israel-jewish-jawels-shop.98230/
Screenshots:
None
Threat Actors: DBHunter
Victim Country: Israel
Victim Industry: Luxury Goods & Jewelry
Victim Organization: Unknown
Victim Site: Unknown
Alleged compromise of dayblog.fr WordPress admin credentials
Category: Initial Access
Content: Forum post indicates potential compromise of WordPress admin login credentials for dayblog.fr website. No additional details or post content available for analysis.
Date: 2026-03-27T03:49:52Z
Network: openweb
Published URL: https://xforums.st/threads/www-dayblog-fr-admin-wp-login.598577/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: dayblog.fr
Alleged SMTP service offering on cybercriminal forum
Category: Initial Access
Content: A forum post advertising SMTP shell services with cPanel access was posted on a cybercriminal marketplace, though no specific content details are available.
Date: 2026-03-27T03:43:25Z
Network: openweb
Published URL: https://xforums.st/threads/1x-service-fibre-smtp.598578/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged SMTP service offering – PARABELLUM SMTP
Category: Initial Access
Content: A forum post advertising PARABELLUM SMTP service, likely offering email sending capabilities for malicious purposes. No specific content details are available to determine the exact nature of the offering.
Date: 2026-03-27T03:32:10Z
Network: openweb
Published URL: https://xforums.st/threads/1x-parabellum-smtp.598580/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of unauthorized access to Sinun Tech Ltd
Category: Initial Access
Content: A threat actor claims to be offering unauthorized access to systems associated with A.D Sinun Technologies Ltd., citing political motivations. The listing suggests potential access to company networks, indicating possible compromise or initial access brokerage involving industrial and potentially sensitive operational environments.
Date: 2026-03-27T03:28:27Z
Network: telegram
Published URL: https://t.me/AmericanAnoymous/304
Screenshots:
None
Threat Actors: BlackH4t Tools Anonymous
Victim Country: Israel
Victim Industry: Manufacturing & Industrial Products
Victim Organization: a.d sinun technologies ltd.
Victim Site: en.sinun.co.il
Alleged SMTP service offering on underground forum
Category: Initial Access
Content: Forum post advertising SMTP shell access through cPanel services, likely offering email infrastructure for malicious campaigns.
Date: 2026-03-27T03:26:25Z
Network: openweb
Published URL: https://xforums.st/threads/1x-smartblocks-smtp.598581/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of Mahaveer Institute of Technology & Science (MITS), Jadan
Category: Data Breach
Content: The group claims to have breached the MITS Jadan website, exposing database information via SQL injection.
Date: 2026-03-27T03:23:22Z
Network: telegram
Published URL: https://t.me/c/3713998822/17
Screenshots:
None
Threat Actors: Channel BadakSecTeam
Victim Country: India
Victim Industry: Higher Education/Acadamia
Victim Organization: mahaveer institute of technology & science (mits), jadan
Victim Site: mitsjadan.ac.in
Alleged SMTP service offering on cybercrime forum
Category: Initial Access
Content: Forum post advertising SMTP shell access or service related to ALTEXTRANSPORTATION, potentially offering unauthorized email server access for malicious activities.
Date: 2026-03-27T03:23:11Z
Network: openweb
Published URL: https://xforums.st/threads/1x-altextransportation-smtp.598583/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Transportation
Victim Organization: ALTEXTRANSPORTATION
Victim Site: Unknown
Alleged unauthorized access to SocialByGeeks WordPress admin panel
Category: Initial Access
Content: Forum post references admin WordPress login credentials for socialbygeeks.com website, though no content details are available to confirm the nature of the threat.
Date: 2026-03-27T03:17:54Z
Network: openweb
Published URL: https://xforums.st/threads/www-socialbygeeks-com-admin-wp-login.598584/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: SocialByGeeks
Victim Site: socialbygeeks.com
Alleged SMTP service offering on cybercriminal forum
Category: Initial Access
Content: A cybercriminal forum post advertising GRINPARAPHA SMTP service, likely offering compromised email server access for malicious email campaigns.
Date: 2026-03-27T03:10:29Z
Network: openweb
Published URL: https://xforums.st/threads/1x-grinparapha-smtp.598586/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Alltricks
Category: Data Breach
Content: A threat actor claims to have leaked a database sourced from Alltricks.fr containing approximately 821,000 records. The exposed data allegedly includes personal information such as first and last names, email addresses, gender/civility, dates of birth, physical addresses, postal codes, cities, and mobile phone numbers.
Date: 2026-03-27T02:57:56Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-France-Citizens-Database-821k
Screenshots:
None
Threat Actors: fent888
Victim Country: France
Victim Industry: E-commerce & Online Stores
Victim Organization: alltricks
Victim Site: alltricks.fr
Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 4,400 allegedly valid Hotmail email credentials via MediaFire download link. The actor claims the credentials are private and high quality, dated March 27, 2026.
Date: 2026-03-27T02:53:02Z
Network: openweb
Published URL: https://crackingx.com/threads/70016/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: Forum user noir allegedly shared a collection of valid Hotmail email credentials described as UHQ (Ultra High Quality) through their Telegram channel. The post indicates the credentials are verified as valid and sourced from a private cloud.
Date: 2026-03-27T02:52:43Z
Network: openweb
Published URL: https://crackingx.com/threads/70017/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of Yahoo credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 1.6 million Yahoo email and password combinations through a file sharing service. The credentials are claimed to be from fresh leaks and are being distributed for free.
Date: 2026-03-27T02:52:23Z
Network: openweb
Published URL: https://crackingx.com/threads/70020/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com
Alleged data breach of University of Georgia
Category: Data Breach
Content: A threat actor claims to have breached the University of Georgia. The leaked data allegedly includes employee-related information such as home addresses, personal phone numbers, and identification details.
Date: 2026-03-27T02:50:33Z
Network: openweb
Published URL: https://darkforums.su/Thread-ShadowByt3-hacks-University-Of-Georgia
Screenshots:
None
Threat Actors: BlackVortex1
Victim Country: USA
Victim Industry: Higher Education/Acadamia
Victim Organization: university of georgia
Victim Site: uga.edu
Alleged data leak of Camelot Electronics Technology Co
Category: Data Leak
Content: Threat actor leaked approximately 80GB of data from Chinese electronics company Camelot Electronics Technology Co, including an 8GB SQL database and various corporate documents containing project information, customer data, and personal information.
Date: 2026-03-27T02:50:22Z
Network: openweb
Published URL: https://breachforums.sb/Thread-DOCUMENTS-Camelot-electronics-technology-co-data-leak-%E9%87%91%E7%A6%84%E7%94%B5%E5%AD%90%E7%A7%91%E6%8A%80%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
Screenshots:
None
Threat Actors: Moneyistime
Victim Country: China
Victim Industry: Electronics/Automotive
Victim Organization: Camelot Electronics Technology Co
Victim Site: Unknown
Alleged data leak of Superintendencia Nacional de Salud de Colombia medical database
Category: Data Leak
Content: Threat actor claims to have leaked a 2TB database containing 50 million records from Colombias National Health Superintendency, including patient medical information, personal details, and internal staff data. The actor threatens to release additional packages unless contacted via encrypted messaging.
Date: 2026-03-27T02:50:16Z
Network: openweb
Published URL: https://breachforums.sb/Thread-DATABASE-FREE-2TB-LEAK-Superintendencia-Nacional-de-Salud-de-Colombia
Screenshots:
None
Threat Actors: delitospenales
Victim Country: Colombia
Victim Industry: Healthcare
Victim Organization: Superintendencia Nacional de Salud de Colombia
Victim Site: Unknown
Alleged SMTP shell access offering for CVBCAMBRILS
Category: Initial Access
Content: Forum post allegedly offering SMTP shell access related to CVBCAMBRILS organization, though specific details are not available in the post content.
Date: 2026-03-27T02:39:29Z
Network: openweb
Published URL: https://xforums.st/threads/1x-cvbcambrils-smtp.598144/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: CVBCAMBRILS
Victim Site: Unknown
Alleged SMTP service offering on cybercriminal forum
Category: Initial Access
Content: Forum post advertising TUNINGV2 SMTP service, likely offering compromised email server access for malicious email campaigns. No detailed content available for analysis.
Date: 2026-03-27T02:29:50Z
Network: openweb
Published URL: https://xforums.st/threads/1x-tuningv2-smtp.598147/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Government Employee Records
Category: Data Leak
Content: Threat actor claims to have leaked data from Government Employee Database of Philippines. The compromised data reportedly includes personal details, family background, education, employment history, and civil service eligibility.
Date: 2026-03-27T02:26:20Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Data-Breach-Philippines-Government-Employee-Records-Exposed
Screenshots:
None
Threat Actors: hhhhhaplus
Victim Country: Philippines
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized SMTP access to FriendsFamilyHomeCare
Category: Initial Access
Content: A threat actor allegedly offers SMTP shell access to FriendsFamilyHomeCare organization, potentially enabling email-based attacks and unauthorized communications.
Date: 2026-03-27T02:21:20Z
Network: openweb
Published URL: https://xforums.st/threads/1x-friendsfamilyhomecare-smtp.598148/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: FriendsFamilyHomeCare
Victim Site: Unknown
Alleged data breach of Superintendencia Nacional de Salud
Category: Data Breach
Content: A threat actor claims to have leaked the data from Superintendencia Nacional de Salud.The leaked data allegedly includes highly sensitive personal and medical information such as patient identities, document numbers, birth dates, contact details, full addresses, and healthcare affiliations.
Date: 2026-03-27T02:12:26Z
Network: openweb
Published URL: https://spear.cx/Thread-Free-FREE-2TB-LEAK-Superintendencia-Nacional-de-Salud-de-Colombia
Screenshots:
None
Threat Actors: delitospenales
Victim Country: Colombia
Victim Industry: Government Administration
Victim Organization: superintendencia nacional de salud
Victim Site: supersalud.gov.co
Alleged distribution of SMTP credentials
Category: Data Leak
Content: A forum post claims to offer SMTP credentials, though no specific details about the source, quantity, or distribution method are available due to missing content.
Date: 2026-03-27T02:12:02Z
Network: openweb
Published URL: https://xforums.st/threads/1x-aluno-smtp.598150/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Website defacement of CLEBS Nepal by NUCLIER-Y-C-C-M
Category: Defacement
Content: The NUCLIER-Y-C-C-M group successfully defaced the clebsnepal.com website on March 27, 2026, targeting a specific notice details page. This appears to be a targeted single-site defacement rather than a mass campaign.
Date: 2026-03-27T02:11:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/816599
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Nepal
Victim Industry: Unknown
Victim Organization: CLEBS Nepal
Victim Site: clebsnepal.com
Alleged SMTP access offering on cybercriminal forum
Category: Initial Access
Content: A forum post titled 1x IPT-SA SMTP was identified on a cybercriminal forum, suggesting potential SMTP server access being offered. No additional content or details were available in the post.
Date: 2026-03-27T02:00:39Z
Network: openweb
Published URL: https://xforums.st/threads/1x-ipt-sa-smtp.598153/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Banco Agropecuario
Category: Data Breach
Content: A threat actor claims to have leaked a database from Banco Agropecuario (Agrobanco), a Peruvian agricultural bank. The dataset reportedly contains around 50,000 records. The exposed data appears to include sensitive personal and financial-related information such as phone numbers, national ID numbers, full names, email addresses, and geographic details.
Date: 2026-03-27T01:57:22Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Database-of-Banco-Agropecuario-Peru
Screenshots:
None
Threat Actors: injectioninferno2
Victim Country: Peru
Victim Industry: Financial Services
Victim Organization: banco agropecuario
Victim Site: agrobanco.com.pe
Alleged SMTP credential offering
Category: Initial Access
Content: Forum post mentions SMTP credentials but provides no additional details about the nature, source, or scope of the alleged offering.
Date: 2026-03-27T01:50:32Z
Network: openweb
Published URL: https://xforums.st/threads/1x-mdp-smtp.598155/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of SMTP access credentials
Category: Initial Access
Content: Forum post advertising SMTP shell access through cPanel, likely offering compromised email server credentials for unauthorized access.
Date: 2026-03-27T01:41:14Z
Network: openweb
Published URL: https://xforums.st/threads/1x-pollocks-smtp.598156/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged compromise of cgarchives.com WordPress admin access
Category: Initial Access
Content: Forum post indicates potential compromise of WordPress administrator login credentials for cgarchives.com domain. No additional details available due to missing post content.
Date: 2026-03-27T01:38:05Z
Network: openweb
Published URL: https://xforums.st/threads/cgarchives-com-admin-wp-login.598157/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: cgarchives.com
Alleged SMTP service offering
Category: Initial Access
Content: Forum post advertising SMTP shell access with cPanel functionality, though no content details are available for analysis.
Date: 2026-03-27T01:29:50Z
Network: openweb
Published URL: https://xforums.st/threads/1x-youspeakit-smtp.598159/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged SMTP access offering for Carteret Barbier
Category: Initial Access
Content: Forum post allegedly offering SMTP shell access related to Carteret Barbier organization, though specific details are not available in the post content.
Date: 2026-03-27T01:26:07Z
Network: openweb
Published URL: https://xforums.st/threads/1x-carteretbarbier-smtp.598161/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Carteret Barbier
Victim Site: Unknown
Alleged SMTP service offering
Category: Initial Access
Content: Forum post advertising SMTP shell access with cPanel functionality, though specific details are not available due to lack of post content.
Date: 2026-03-27T01:22:42Z
Network: openweb
Published URL: https://xforums.st/threads/1x-pita-smtp.598162/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged SMTP access offering involving MANDIETHOMPSON account
Category: Initial Access
Content: Forum post references SMTP shell access related to a MANDIETHOMPSON account, but no specific content or details are available for analysis.
Date: 2026-03-27T01:19:58Z
Network: openweb
Published URL: https://xforums.st/threads/1x-mandiethompson-smtp.598164/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized access to WordPress admin panel of cgastar.000webhostapp.com
Category: Initial Access
Content: Forum post indicates potential unauthorized access to WordPress administrator login credentials for cgastar.000webhostapp.com hosted on 000webhost platform.
Date: 2026-03-27T01:17:27Z
Network: openweb
Published URL: https://xforums.st/threads/cgastar-000webhostapp-com-admin-wp-login.598165/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: cgastar.000webhostapp.com
Alleged data leak of BreachForums.as
Category: Data Leak
Content: A threat actor claims to have leaked the database of BreachForums.as from a February 2026 incident. The breach reportedly affects over 339,000 unique users. The exposed data allegedly includes extensive user account information such as user IDs, usernames, email addresses, hashed passwords with salts, login keys, IP addresses, and activity metadata.
Date: 2026-03-27T01:15:07Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-BreachForums-as-Database-2026-Leaked-Download
Screenshots:
None
Threat Actors: punk
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged sale of SMTP access credentials
Category: Initial Access
Content: Forum post advertising SMTP shell access with cPanel functionality, likely for unauthorized email sending capabilities.
Date: 2026-03-27T01:14:52Z
Network: openweb
Published URL: https://xforums.st/threads/1x-sman4-pbl-smtp.598167/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged SMTP server compromise involving CCHSRAMS
Category: Initial Access
Content: A forum post references SMTP access potentially related to CCHSRAMS organization, though no content is available for analysis.
Date: 2026-03-27T01:10:15Z
Network: openweb
Published URL: https://xforums.st/threads/1x-cchsrams-smtp.598169/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: CCHSRAMS
Victim Site: Unknown
Alleged sale of GRIDGROUP SMTP access
Category: Initial Access
Content: Forum post advertising GRIDGROUP SMTP access, though specific details about the offering are not available in the content.
Date: 2026-03-27T01:03:20Z
Network: openweb
Published URL: https://xforums.st/threads/1x-gridgroup-smtp.598170/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: GRIDGROUP
Victim Site: Unknown
Alleged compromise of kakek88slots.net WordPress admin credentials
Category: Initial Access
Content: Forum post allegedly containing WordPress admin login credentials for kakek88slots.net gambling website. No post content was available for analysis.
Date: 2026-03-27T00:59:53Z
Network: openweb
Published URL: https://xforums.st/threads/kakek88slots-net-admin-wp-login.598171/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Gaming/Gambling
Victim Organization: Kakek88 Slots
Victim Site: kakek88slots.net
Alleged compromise of AIDOCTORS SMTP services
Category: Initial Access
Content: Forum post references SMTP shell access to AIDOCTORS services. No additional details available in the post content.
Date: 2026-03-27T00:49:52Z
Network: openweb
Published URL: https://xforums.st/threads/1x-aidoctors-smtp.598173/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: AIDOCTORS
Victim Site: Unknown
Alleged leak of German credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 1 million credential pairs targeting German users through a file hosting service. The combolist appears to contain mixed targets from Germany.
Date: 2026-03-27T00:44:45Z
Network: openweb
Published URL: https://crackingx.com/threads/70007/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of credential combolist containing 580,000 login credentials
Category: Combo List
Content: A threat actor shared a link to download a combolist containing 580,000 URL, username, and password combinations via a file hosting service.
Date: 2026-03-27T00:44:26Z
Network: openweb
Published URL: https://crackingx.com/threads/70008/
Screenshots:
None
Threat Actors: WashingtonDC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of mixed email and password credentials
Category: Combo List
Content: A threat actor shared a combolist containing 120,000 email and password combinations described as fresh high quality credentials. The credentials appear to be from mixed sources and are being distributed through a hidden download link.
Date: 2026-03-27T00:44:07Z
Network: openweb
Published URL: https://crackingx.com/threads/70009/
Screenshots:
None
Threat Actors: steeve75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor distributes a combolist containing 430,000 Hotmail email and password combinations through Telegram and file sharing platforms. The actor claims to provide fresh email credential lists with daily updates.
Date: 2026-03-27T00:43:41Z
Network: openweb
Published URL: https://crackingx.com/threads/70012/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com
Alleged leak of mixed forum credentials combolist
Category: Combo List
Content: Forum user ValidMail allegedly shared a combolist containing 81,000 mixed credentials specifically targeting forums. The credentials are claimed to be valid and are being distributed on the CrackingX forum.
Date: 2026-03-27T00:43:23Z
Network: openweb
Published URL: https://crackingx.com/threads/70013/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged leak of Yahoo credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing over 1.3 million credential pairs targeting Yahoo accounts. The data is being distributed as a free download via file sharing service.
Date: 2026-03-27T00:43:05Z
Network: openweb
Published URL: https://crackingx.com/threads/70015/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com
Alleged data leak of CasinoVale Turkish casino database
Category: Data Leak
Content: Threat actor LockBitData leaked a database dump from Turkish casino CasinoVale containing 554,009 records with comprehensive customer data including personal information, gambling activity, financial transactions, and account details.
Date: 2026-03-27T00:41:48Z
Network: openweb
Published URL: https://breachforums.sb/Thread-DATABASE-2025-CASINOVALE-TURKISH-CASINO-DATABASE
Screenshots:
None
Threat Actors: LockBitData
Victim Country: Turkey
Victim Industry: Gaming and Gambling
Victim Organization: CasinoVale
Victim Site: Unknown
Alleged SMTP service offering
Category: Initial Access
Content: Forum post advertising SMTP service with no additional content available for analysis.
Date: 2026-03-27T00:29:20Z
Network: openweb
Published URL: https://xforums.st/threads/1x-pucgo-smtp.597690/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged offering of MOBILO SMTP access
Category: Initial Access
Content: Forum post advertising SMTP shell access related to MOBILO service on cPanel platform. No additional content details were available for analysis.
Date: 2026-03-27T00:24:57Z
Network: openweb
Published URL: https://xforums.st/threads/1x-mobilo-smtp.597693/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: MOBILO
Victim Site: Unknown
Alleged offering of SMTP credentials
Category: Initial Access
Content: Forum post claims to offer SMTP credentials, though no specific content details are available in the post body.
Date: 2026-03-27T00:22:20Z
Network: openweb
Published URL: https://xforums.st/threads/1x-sminfo-smtp.597695/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Unauthorized Access to Israeli Industrial Silo Control System (ISIS)
Category: Initial Access
Content: Threat Actor claims to have gained unauthorized access to industrial silo control systems in Israel. The access includes full control over operational parameters, including weight, temperature, and other system metrics in real time, with the ability to modify settings, reset values, remotely start or stop equipment, and access multiple silos along with associated auxiliary systems.
Date: 2026-03-27T00:21:59Z
Network: telegram
Published URL: https://t.me/Z_Pentest_Alliance_ru/911
Screenshots:
None
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized Access to 600 Compromised Systems
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized access to more than 600 compromised systems, including corporate networks, point-of-sale (POS) systems, and personal computers.
Date: 2026-03-27T00:15:59Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279279/
Screenshots:
None
Threat Actors: francogambino83
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged compromise of TancorCorporation SMTP credentials
Category: Initial Access
Content: Forum post references SMTP credentials for TancorCorporation, potentially providing email server access for malicious activities.
Date: 2026-03-27T00:14:03Z
Network: openweb
Published URL: https://xforums.st/threads/1x-tancorcorporation-smtp.597696/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: TancorCorporation
Victim Site: Unknown
Alleged compromise of virtualchurchoka.esy.es WordPress admin access
Category: Initial Access
Content: A forum post claims to provide WordPress admin login credentials for virtualchurchoka.esy.es, a religious organization website. No additional details or post content were available for analysis.
Date: 2026-03-27T00:08:58Z
Network: openweb
Published URL: https://xforums.st/threads/virtualchurchoka-esy-es-admin-wp-login.597697/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Religious Organizations
Victim Organization: Virtual Church OKA
Victim Site: virtualchurchoka.esy.es
Alleged offering of ICLAMON SMTP access
Category: Initial Access
Content: Forum post titled 1x ICLAMON SMTP suggests potential unauthorized access to ICLAMON SMTP services, though no content details are available for verification.
Date: 2026-03-27T00:01:05Z
Network: openweb
Published URL: https://xforums.st/threads/1x-iclamon-smtp.597699/
Screenshots:
None
Threat Actors: X Forum Bot
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: ICLAMON
Victim Site: Unknown