Executive Summary
This report details a concentrated series of cybersecurity incidents that occurred on March 29, 2026. The threat landscape during this 24-hour period was dominated by massive credential distribution (Combo Lists), coordinated website defacement campaigns by specific hacktivist groups, and high-impact data breaches targeting government entities and large corporations. The data reveals a highly active cybercriminal underground freely trading millions of compromised credentials alongside Initial Access Brokers (IABs) selling direct entry into corporate infrastructure.
1. Threat Landscape Overview
The incidents analyzed fall into several primary categories:
- Combo Lists (Credential Stuffing): The vast majority of the recorded events involve the distribution of email and password combinations.
- Website Defacements: A highly coordinated series of attacks targeting the public-facing websites of small-to-medium businesses across the globe.
- Data Breaches & Leaks: Exfiltration of sensitive data from government agencies, educational institutions, and retail corporations.
- Initial Access (IAB): The sale of unauthorized access to specific organizational infrastructure, including FTP servers, Jenkins environments, and VPNs.
2. Key Threat Actor Profiles & Campaigns
The data reveals several highly active threat actors and groups operating distinct campaigns.
Nicotine (Umbra Community)
This threat actor conducted a massive, automated website defacement campaign on March 29, 2026.
- Target Profile: Nicotine primarily targeted businesses in Brazil, India, and France, with a focus on marketing, automotive, and consulting websites.
- Methodology: The actor consistently targeted specific files, primarily overwriting the
index.txtor index pages of the victim sites to leave their calling card. - Notable Victims: AG Digital Marketing , The Bliss International Spa , WiiTech Group , and Adam Fritsch Agent Auto.
NUCLIER-Y-C-C-M
Another prolific defacement group focused on single-target homepage defacements.
- Target Profile: This group demonstrated a wider geographic focus, hitting organizations in Nepal, India, Thailand, and Sri Lanka.
- Notable Victims: Civil for Nepal (a civil society organization) , Report Buzz (media/news) , and Samitivej Thonburi Hospital.
CODER
A highly active distributor of credential combolists, operating primarily through Telegram and openweb forums.
- Activity: CODER distributed tens of millions of credentials across various sectors. This included a 10.4 million mixed email list , 12 million education sector records , 11 million Coinbase credentials , and 7 million educational emails.
- Methodology: The actor utilizes Telegram channels to offer free access to these lists and associated checking programs.
Hubert (Initial Access Broker)
This actor specializes in selling bulk unauthorized access to backend development and file-sharing infrastructure.
- Activity: Hubert offered access to 363 compromised FTP accounts , 117 Jenkins accounts , 290 GitLab accounts , and 760 Webmail accounts across platforms like OWA, cPanel, and Roundcube.
3. High-Impact Data Breaches
Several critical data breaches were reported, exposing sensitive government, financial, and corporate data.
Government and Intelligence
- European Commission: Threat actor “ShinyHunters” claims to have exfiltrated over 350 GB of data from the European Commission. The stolen data allegedly includes mail server dumps, databases, contracts, and confidential internal materials.
- Mossad (Israel): The threat actor “KimimaruVOID” claims to have leaked a database containing approximately 1 million records of personal information linked to Mossad. The data allegedly includes national ID numbers, addresses, and phone numbers.
- Eswatini Financial Intelligence Centre (EFIC): The actor “Nova” claims to have leaked 160 GB of data (900,000 records) including bank transaction data, police investigation reports, and confidential inter-agency communications regarding financial crimes.
Corporate and Retail
- Under Armour: The group “Dedale Office” claims to have leaked 72.7 million records from Under Armour, including names, email addresses, geographic locations, and purchase information.
- Le Petit Vapoteur: A database containing 3.3 million customer records and 599 employee records was allegedly leaked by the actor “undef”. The data includes IP logs, physical addresses, and birthdates.
- Gauteng City Region Academy (GCRA): Threat actor “XP95” claims to have breached GCRA, exfiltrating 147 GB of data (429,473 files) from the organization’s bursary system, exposing student funding and academic records.
4. The Credential Distribution Ecosystem
The most frequent incident type observed was the distribution of massive credential “combo lists.” These lists are foundational for credential stuffing and brute-force attacks.
- Scale: Threat actors released massive datasets, including an 18 million record list by “Knight” , a 36 million record list , and a 15 million record list by “Leak Realm”. Furthermore, a massive 280GB URL-LOG-PASS collection was shared by “TheBash1996”.
- Specific Targeting: Many lists were curated by service or geography. For example, “ValidMail” shared 42,000 Hotmail credentials , while another actor shared 1.7 million Gmail combinations. Geographically targeted lists included data from German (.de) domains , Japan , and Brazil.
- Distribution Channels: The primary distribution networks are openweb cybercriminal forums (e.g., crackingx.com) and dedicated Telegram channels. The data is frequently offered for free to build reputation or drive traffic to paid services.
5. Initial Access and Malware Trade
Beyond data leaks, actors actively traded the tools and access required to launch new attacks.
- Corporate VPN Access: The actor “malaria” offered unauthorized Fortinet VPN access to an electronics manufacturing company in Thailand.
- Malware Toolkits: The actor “xibulipali” advertised an Android remote access trojan (RAT) toolkit. This malware includes keylogging, screen control, banking overlays, and ransomware functionality designed to steal credentials from cryptocurrency and banking applications.
- Proxy Infrastructure: The actor “sellerking” advertised a residential proxy service offering over 80 million IP addresses across 195 countries, facilitating the obfuscation of attacker origins.
Conclusion
The cybersecurity events of March 29, 2026, illustrate a highly mature and segmented cybercriminal ecosystem. Initial Access Brokers (IABs) and credential distributors serve as the top of the funnel, providing the raw materials (combo lists, FTP/VPN access) required for secondary actors to launch targeted attacks or data extortion campaigns.
The rampant, automated defacement campaigns by groups like the Umbra Community highlight the ongoing vulnerability of poorly secured small-to-medium business web infrastructure. Meanwhile, critical breaches involving entities like the European Commission and Mossad demonstrate that advanced threat actors remain highly capable of penetrating high-value, hardened targets. Organizations must prioritize credential hygiene, multi-factor authentication (MFA), and robust monitoring of remote access points (VPNs, FTPs) to mitigate the risks posed by this continuous influx of compromised data.
Detected Incidents Draft Data
- Alleged leak of Hotmail credentials on underground forum
Category: Combo List
Content: A threat actor is distributing a combolist containing 42,000 Hotmail credentials claimed to be valid and sourced from forums. The data is being shared on an underground forum dedicated to credential trading.
Date: 2026-03-29T23:51:01Z
Network: openweb
Published URL: https://crackingx.com/threads/70382/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged leak of Gmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing approximately 1.7 million Gmail email and password combinations through a file sharing platform. The credentials are being distributed as a free download rather than being sold.
Date: 2026-03-29T23:37:38Z
Network: openweb
Published URL: https://crackingx.com/threads/70380/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com - Alleged leak of Gmail credentials
Category: Combo List
Content: Thread claims to contain over 100,000 Gmail credentials, though the actual content is hidden behind registration requirements.
Date: 2026-03-29T23:37:20Z
Network: openweb
Published URL: https://crackingx.com/threads/70381/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com - Website defacement of Civil for Nepal by NUCLIER-Y-C-C-M
Category: Defacement
Content: The threat actor NUCLIER-Y-C-C-M successfully defaced the Civil for Nepal organization website on March 30, 2026. This was a targeted home page defacement of a Nepalese civil society organizations website.
Date: 2026-03-29T23:33:35Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822059
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Nepal
Victim Industry: Non-profit/Civil Society
Victim Organization: Civil for Nepal
Victim Site: civilfornepal.com - Alleged data leak of FreakyForums
Category: Data Leak
Content: The threat actor claims to have leaked a user database from the FreakyForums platform. The exposed data allegedly includes user-related information such as usernames, account details, and possibly other associated forum data.
Date: 2026-03-29T23:31:17Z
Network: openweb
Published URL: https://spear.cx/Thread-Com-Boss-FreakyForums-user-database
Screenshots:
None
Threat Actors: komi
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of mixed domain credential combolist
Category: Combo List
Content: A credential combolist containing 65,773 entries from mixed domains was made available for free download on a cybercriminal forum.
Date: 2026-03-29T23:25:54Z
Network: openweb
Published URL: https://crackingx.com/threads/70379/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement of reportbuzz.in by NUCLIER-Y-C-C-M
Category: Defacement
Content: NUCLIER-Y-C-C-M successfully defaced the Report Buzz news website on March 30, 2026. This was a single-target home page defacement rather than a mass attack.
Date: 2026-03-29T23:04:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822058
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: India
Victim Industry: Media/News
Victim Organization: Report Buzz
Victim Site: www.reportbuzz.in - Alleged distribution of mixed email-password credential list
Category: Combo List
Content: A threat actor shared a combolist containing 120,000 email and password credential pairs described as fresh high quality on a cybercriminal forum. The credentials appear to be from mixed sources and are being distributed for free download.
Date: 2026-03-29T22:31:42Z
Network: openweb
Published URL: https://crackingx.com/threads/70374/
Screenshots:
None
Threat Actors: steeve75
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged unauthorized access to unidentified Clinic in Israel
Category: Initial Access
Content: The group claims to have gained unauthorized access to unidentified Clinic in Israel also they claims that they deleted 5 TB of data records from the system.
Date: 2026-03-29T22:15:53Z
Network: telegram
Published URL: https://t.me/Anon_Israel35/62
Screenshots:
None
Threat Actors: Anonymous For Justice
Victim Country: Israel
Victim Industry: Hospital & Health Care
Victim Organization: Unknown
Victim Site: Unknown - Alleged unauthorized access to iMaster
Category: Initial Access
Content: The group claims to have gained unauthorized access to iMaster.
Date: 2026-03-29T22:10:47Z
Network: telegram
Published URL: https://t.me/kittysearchnews/259
Screenshots:
None
Threat Actors: Kitty Search
Victim Country: Ukraine
Victim Industry: Information Technology (IT) Services
Victim Organization: imaster
Victim Site: imaster.at.ua - Alleged leak of credential logs via cloud storage
Category: Combo List
Content: A threat actor shared 5,218 credential logs via cloud storage platform, claiming the logs are fresh from March 29th. The logs are being distributed for free download through a password-protected link.
Date: 2026-03-29T21:53:31Z
Network: openweb
Published URL: https://crackingx.com/threads/70372/
Screenshots:
None
Threat Actors: NEW_DAISYCLOUD
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of login credentials for Psyphire
Category: Data Leak
Content: The group claims to have leaked login credentials for Psyphire.
Date: 2026-03-29T21:52:27Z
Network: telegram
Published URL: https://t.me/CinCauGhast405/56
Screenshots:
None
Threat Actors: CinCauGhast
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: psyphire
Victim Site: psyphire.com - Mysterious Team Bangladesh claims to target Education Sector & Banking Sectors in Uganda
Category: Alert
Content: A recent post by the group indicates that they are targeting Education Sector & Banking Sectors in Uganda.
Date: 2026-03-29T21:46:46Z
Network: telegram
Published URL: https://t.me/MysteriousTeamO/83
Screenshots:
None
Threat Actors: Mysterious Team Bangladesh
Victim Country: Uganda
Victim Industry: Banking & Mortgage
Victim Organization: Unknown
Victim Site: Unknown - Alleged Sale of Unauthorized Fortinet VPN Access to an Unidentified Electronics Manufacturing Company in Thailand
Category: Initial Access
Content: The threat actor claims to be selling unauthorized VPN access via Fortinet to an unidentified electronics, manufacturing, and computer equipment organization in Thailand.
Date: 2026-03-29T21:24:26Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279455/
Screenshots:
None
Threat Actors: malaria
Victim Country: Thailand
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of web.de email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 53,790 credentials specifically targeting web.de email accounts. The data was made available as a free download on a cybercrime forum.
Date: 2026-03-29T21:24:18Z
Network: openweb
Published URL: https://crackingx.com/threads/70366/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Germany
Victim Industry: Technology
Victim Organization: web.de
Victim Site: web.de - Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor leaked a combolist containing 1,711 mixed target credentials specifically targeting Hotmail accounts. The credential list is being distributed for free download on underground forums.
Date: 2026-03-29T21:23:56Z
Network: openweb
Published URL: https://crackingx.com/threads/70367/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged distribution of credential combos targeting VPN, SMTP, GitHub, and GitLab services
Category: Combo List
Content: Threat actor distributes credential combolists targeting VPN, SMTP, GitHub, and GitLab services through Telegram channels. The actor offers free access to combos and programs through dedicated Telegram groups.
Date: 2026-03-29T21:23:35Z
Network: openweb
Published URL: https://crackingx.com/threads/70368/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of educational institution credentials
Category: Combo List
Content: A threat actor shared a combolist containing 168,522 credential pairs targeting educational institutions. The data is being distributed for free via a file sharing platform.
Date: 2026-03-29T21:23:15Z
Network: openweb
Published URL: https://crackingx.com/threads/70371/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown - Alleged data sale of GOLF.com.au
Category: Data Breach
Content: The threat actor claims to be selling 492k records from GOLF.com.au, allegedly containing member profiles with contact and membership details.
Date: 2026-03-29T21:20:24Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-492k-Australia-https-www-golf-org-au-Member-profiles-with-contact-and-membersh
Screenshots:
None
Threat Actors: Grubder
Victim Country: Australia
Victim Industry: Sports
Victim Organization: golf.com.au
Victim Site: golf.org.au - Alleged Sale of Unauthorized Domain Admin Access to an Unidentified Retail Organization in Australia
Category: Initial Access
Content: The threat actor claims to be selling Unauthorized Domain Admin Access to an Unidentified Retail Organization in Australia.
Date: 2026-03-29T21:14:38Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279456/
Screenshots:
None
Threat Actors: Big-Bro
Victim Country: Australia
Victim Industry: Retail Industry
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of login access to cPanel
Category: Initial Access
Content: The group claims to have leaked login credential belonging to cPanel.
Date: 2026-03-29T21:13:31Z
Network: telegram
Published URL: https://t.me/CinCauGhast405/53
Screenshots:
None
Threat Actors: CinCauGhast
Victim Country: USA
Victim Industry: Software Development
Victim Organization: cpanel
Victim Site: demo.cpanel.net - Alleged data breach of FuhrLegal
Category: Data Breach
Content: The group claims to be selling access, database and source code from FuhrLegal.
Date: 2026-03-29T21:11:10Z
Network: telegram
Published URL: https://t.me/FrenchsAnons/362
Screenshots:
None
Threat Actors: French Hackers Squad
Victim Country: USA
Victim Industry: Law Practice & Law Firms
Victim Organization: fuhrlegal
Victim Site: fuhrlegal.com - Alleged sale of data from Jekcons Engineering Nigeria Limited
Category: Data Breach
Content: The group claims to be selling data from Jekcons Engineering Nigeria Limited. The compromised dataset reportedly contains 7509 lines containing all personal information (email, number, id, first name, last name, photos) as well as messages between the company and clients.
Date: 2026-03-29T21:00:42Z
Network: telegram
Published URL: https://t.me/FrenchsAnons/358
Screenshots:
None
Threat Actors: French Hackers Squad
Victim Country: Nigeria
Victim Industry: Building and construction
Victim Organization: jekcons engineering nigeria limited
Victim Site: jekcons.com - Alleged data breach of DRILEX OIL NIGERIA LIMITED
Category: Data Breach
Content: The threat actor claims to be selling database and source code from DRILEX OIL NIGERIA LIMITED.
Date: 2026-03-29T20:53:19Z
Network: telegram
Published URL: https://t.me/FrenchsAnons/360
Screenshots:
None
Threat Actors: French Hackers Squad
Victim Country: Nigeria
Victim Industry: Unknown
Victim Organization: drilex oil nigeria limited
Victim Site: drilex.com.ng - Alleged sale of data from Interandina de Transportes S.A.
Category: Data Breach
Content: The threat actor claims to be selling data from Interandina de Transportes S.A.. The compromised dataset reportedly contains 25,772 lines of confidential information is for sale, along with access to the companys control panel and website.
Date: 2026-03-29T20:52:52Z
Network: telegram
Published URL: https://t.me/FrenchsAnons/356
Screenshots:
None
Threat Actors: French Hackers Squad
Victim Country: Colombia
Victim Industry: Transportation & Logistics
Victim Organization: interandina de transportes s.a.
Victim Site: inantra.com - Alleged distribution of educational institution credential lists
Category: Combo List
Content: Threat actor distributing educational institution credential lists (combolists) through Telegram channels, offering free access to compromised email and password combinations from educational organizations.
Date: 2026-03-29T20:29:52Z
Network: openweb
Published URL: https://crackingx.com/threads/70363/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of 15 million credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 15 million URL:LOGIN:PASS credentials on a cybercrime forum.
Date: 2026-03-29T20:19:34Z
Network: openweb
Published URL: https://crackingx.com/threads/70361/
Screenshots:
None
Threat Actors: Leak Realm
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of credential combolist containing 18 million records
Category: Combo List
Content: A threat actor named Knight allegedly shared a credential combolist containing 18 million URL:login:password combinations on a cybercrime forum. The post appears to offer free access to registered forum members.
Date: 2026-03-29T20:07:13Z
Network: openweb
Published URL: https://crackingx.com/threads/70358/
Screenshots:
None
Threat Actors: Knight
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of German credential combolist
Category: Combo List
Content: User D4rkNetHub shared a German credential combolist containing 99,736 records on a cybercriminal forum. The post appears to offer free access to the data behind a login wall.
Date: 2026-03-29T20:06:32Z
Network: openweb
Published URL: https://crackingx.com/threads/70359/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of credential combolist containing 6 million records
Category: Combo List
Content: A threat actor shared a credential combolist containing 6 million URL:LOGIN:PASS combinations on a cybercriminal forum. The post content is restricted to registered users only.
Date: 2026-03-29T20:05:51Z
Network: openweb
Published URL: https://crackingx.com/threads/70360/
Screenshots:
None
Threat Actors: Knight
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - TBDF targets the website of ITBusinessBook
Category: Defacement
Content: The group claims to have defaced the website of ITBusinessBook.
Date: 2026-03-29T19:56:34Z
Network: telegram
Published URL: https://t.me/c/1867326321/603
Screenshots:
None
Threat Actors: TBDF
Victim Country: USA
Victim Industry: Marketing, Advertising & Sales
Victim Organization: itbusinessbook
Victim Site: itbiznessbook.com - Website defacement of esiphala.lk by NUCLIER-Y-C-C-M
Category: Defacement
Content: The threat actor NUCLIER-Y-C-C-M successfully defaced the Sri Lankan website www.esiphala.lk on March 30, 2026. This was a targeted single-site attack rather than a mass defacement campaign.
Date: 2026-03-29T19:55:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822053
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Sri Lanka
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: www.esiphala.lk - Alleged distribution of Canadian credential combolist
Category: Combo List
Content: Threat actor distributes a Canadian credential combolist containing 8.3 million entries through Telegram channels, claiming the data was obtained via SQL injection.
Date: 2026-03-29T19:53:20Z
Network: openweb
Published URL: https://crackingx.com/threads/70356/
Screenshots:
None
Threat Actors: CODER
Victim Country: Canada
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - TBDF targets the website of Disha Sandesh Media
Category: Defacement
Content: The group claims to have defaced the website of Disha Sandesh Media.
Date: 2026-03-29T19:33:12Z
Network: telegram
Published URL: https://t.me/c/1867326321/601
Screenshots:
None
Threat Actors: TBDF
Victim Country: India
Victim Industry: Newspapers & Journalism
Victim Organization: disha sandesh media
Victim Site: dishasandesh.in - Alleged leak of German mixed credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 434,189 credential pairs allegedly targeting German users across mixed services via a Mega.nz download link.
Date: 2026-03-29T19:17:40Z
Network: openweb
Published URL: https://crackingx.com/threads/70352/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of email credentials combolist
Category: Combo List
Content: Threat actor CODER is distributing a combolist containing 10.4 million email and password credentials through Telegram channels, advertising the leak as fresh mailpass data available for free download.
Date: 2026-03-29T19:16:47Z
Network: openweb
Published URL: https://crackingx.com/threads/70353/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of credential combolist containing login credentials
Category: Combo List
Content: A threat actor leaked a credential combolist containing 1 million URL-login-password combinations on a cybercriminal forum, made available for free to registered users.
Date: 2026-03-29T18:52:22Z
Network: openweb
Published URL: https://crackingx.com/threads/70348/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of shopping website credential list
Category: Combo List
Content: A threat actor shared a credential list containing over 1 million entries allegedly from a shopping website. The data is being distributed for free via a file sharing service.
Date: 2026-03-29T18:51:20Z
Network: openweb
Published URL: https://crackingx.com/threads/70349/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Sale of MailPro Email Campaign Panel
Category: Malware
Content: Threat actor claims to be selling MailPro, an email campaign management panel featuring AI-assisted content optimization, SMTP integration, automated warm-up, and bulk mailing capabilities. The tool includes server deployment, proxy support, and campaign analytics.
Date: 2026-03-29T18:46:23Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279451/
Screenshots:
None
Threat Actors: dev404
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Cyberattack Hit Town of Colebrook, NH
Category: Cyber Attack
Content: Colebrook Town in New Hampshire experienced a cyber incident after a town email account was compromised. The breach prompted the State of New Hampshire to suspend certain system connections as a precautionary measure to prevent potential spread across interconnected state systems.
Date: 2026-03-29T18:30:13Z
Network: openweb
Published URL: https://dysruptionhub.com/colebrook-cyber-incident-new-hampshire/
Screenshots:
None
Threat Actors:
Victim Country: USA
Victim Industry: Government Administration
Victim Organization: town of colebrook, nh
Victim Site: colebrooknh.org - Alleged leak of educational email credentials
Category: Combo List
Content: Threat actor distributes a combolist containing 7 million educational email and password combinations through Telegram channels, offering the credentials for free download.
Date: 2026-03-29T18:14:01Z
Network: openweb
Published URL: https://crackingx.com/threads/70346/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of USA credential combolist
Category: Combo List
Content: A threat actor shared a credential combolist containing 9,145 USA-based email and password combinations on a cybercriminal forum. The data is made available for free download to registered forum users.
Date: 2026-03-29T18:13:26Z
Network: openweb
Published URL: https://crackingx.com/threads/70347/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Judicial Branch of Mendoza
Category: Data Breach
Content: The threat actor claims to have breached 842,000 of data from Judicial Branch of Mendoza. The compromised data includes names, emails, phone numbers, addresses, city, nationality, DOB, gender, occupation, legal case details, court jurisdiction, case status, internal notes, communication records, and related IDs.
Date: 2026-03-29T17:57:29Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-842k-Argentina-www-jus-mendoza-gov-ar-Personal-ID-contact-and-demographic-recor
Screenshots:
None
Threat Actors: Grubder
Victim Country: Argentina
Victim Industry: Legal Services
Victim Organization: judicial branch of mendoza
Victim Site: jus.mendoza.gov.ar - Website defacement of sok88.net by s13ntong (Purbalingga Xploiter)
Category: Defacement
Content: The website sok88.net was defaced by attacker s13ntong affiliated with the Purbalingga Xploiter team on March 30, 2026. The attack targeted a file upload functionality on the website.
Date: 2026-03-29T17:50:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822051
Screenshots:
None
Threat Actors: s13ntong, Purbalingga Xploiter
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: sok88.net - Website defacement of SIPAR Books by s13ntong (Purbalingga Xploiter)
Category: Defacement
Content: The attacker s13ntong from the Purbalingga Xploiter team defaced the SIPAR Books website on March 30, 2026. This appears to be a single-target defacement attack against a book publishing organization.
Date: 2026-03-29T17:49:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822052
Screenshots:
None
Threat Actors: s13ntong, Purbalingga Xploiter
Victim Country: Unknown
Victim Industry: Publishing/Books
Victim Organization: SIPAR Books
Victim Site: www.sipar-books.com - Alleged distribution of Microsoft Office and email credential combolists
Category: Combo List
Content: Threat actor distributes combolists containing SMTP, IMAP, Office, and Windows credentials through Telegram channels. The actor offers free access to credential lists and related programs through multiple Telegram groups.
Date: 2026-03-29T17:39:16Z
Network: openweb
Published URL: https://crackingx.com/threads/70345/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: Unknown - Fatimion cyber team targets the website of Electoral Commission
Category: Defacement
Content: The group claims to have defaced the website of Electoral Commission.
Date: 2026-03-29T17:37:49Z
Network: telegram
Published URL: https://t.me/hak994/5498
Screenshots:
None
Threat Actors: Fatimion cyber team
Victim Country: Uganda
Victim Industry: Government Administration
Victim Organization: electoral commission
Victim Site: ec.or.ug - Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor leaked a combolist containing 3,560 premium mixed email credentials, including Hotmail accounts, claiming the data is from a private cloud source.
Date: 2026-03-29T17:26:21Z
Network: openweb
Published URL: https://crackingx.com/threads/70343/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of mixed domain email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 17,480 email credentials from mixed domains as a free download on an underground forum.
Date: 2026-03-29T17:25:41Z
Network: openweb
Published URL: https://crackingx.com/threads/70344/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Ministry of Culture and Arts
Category: Data Breach
Content: The threat actor claims to have breached 247,000 of data from Ministry of Culture and Arts. The compromised data includes names, phone numbers, emails, addresses, roles, event participation, payment info, and grant data (funding amounts, project descriptions, application statuses).
Date: 2026-03-29T17:23:07Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-247k-Algeria-cultural-services-contacts-https-www-m-culture-gov-dz-Director-inf
Screenshots:
None
Threat Actors: Grubder
Victim Country: Algeria
Victim Industry: Government Administration
Victim Organization: ministry of culture and arts
Victim Site: m-culture.gov.dz - Website defacement of artelron.com by BONDOWOSO BLACK HAT
Category: Defacement
Content: The website artelron.com was defaced by attacker Mr Exsploit Wmc from the BONDOWOSO BLACK HAT team on March 30, 2026. This was a single home page defacement targeting the organizations main website.
Date: 2026-03-29T17:21:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822050
Screenshots:
None
Threat Actors: Mr Exsploit Wmc, BONDOWOSO BLACK HAT
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Artelron
Victim Site: artelron.com - Alleged sale of USA Driver License database
Category: Data Leak
Content: A group claims to selling 7M Driver License in USA.
Date: 2026-03-29T17:18:56Z
Network: telegram
Published URL: https://t.me/c/3660298480/401
Screenshots:
None
Threat Actors: Leaks Market
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement of Samitivej Thonburi Hospital by NUCLIER-Y-C-C-M
Category: Defacement
Content: The threat actor NUCLIER-Y-C-C-M successfully defaced a webpage belonging to Samitivej Thonburi Hospital in Thailand on March 30, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-03-29T17:04:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822049
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Thailand
Victim Industry: Healthcare
Victim Organization: Samitivej Thonburi Hospital
Victim Site: samitivejthonburi.com - OpsShadowStrike targets the website of WorkSimple Software
Category: Defacement
Content: The Group claims to have defaced the website of WorkSimple Software.
Date: 2026-03-29T17:03:14Z
Network: telegram
Published URL: https://t.me/OpsShadowStrike/194
Screenshots:
None
Threat Actors: OpsShadowStrike
Victim Country: India
Victim Industry: Information Technology (IT) Services
Victim Organization: worksimple software
Victim Site: worksimple.in - Alleged leak of education domain credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 103,939 credential pairs allegedly targeting education domain users. The data was made available for free download via a file sharing service.
Date: 2026-03-29T17:03:06Z
Network: openweb
Published URL: https://crackingx.com/threads/70341/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown - OpsShadowStrike targets the website of avi-bear.com
Category: Defacement
Content: The Group claims to have defaced the website of avi-bear.com.
Date: 2026-03-29T17:02:53Z
Network: telegram
Published URL: https://t.me/OpsShadowStrike/194
Screenshots:
None
Threat Actors: OpsShadowStrike
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: avi-bear.com - Alleged leak of email credential combolist via PandaCloud
Category: Combo List
Content: Threat actor distributes a free email credential combolist containing 5.2K records through Telegram channel and file sharing service. The actor claims to provide fresh email databases with daily updates.
Date: 2026-03-29T17:02:43Z
Network: openweb
Published URL: https://crackingx.com/threads/70342/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leaked of Spanish data
Category: Data Leak
Content: The threat actor claims to have leaked 74,000 of Spanish data. The compromised dataset reportedly including usernames, email addresses, passwords, phone numbers, mobile numbers, DNI, date of birth, first and last names, addresses, IBAN, employee IDs, social media tokens, API keys, and marketing/contact preferences.
Date: 2026-03-29T16:57:36Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Spanish-data-74K
Screenshots:
None
Threat Actors: marhouj4
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of email credential combolist
Category: Combo List
Content: Threat actor TeraCloud1 leaked a combolist containing 39,000 valid email credentials on CrackingX forum. Additional content is available through private Telegram contact with admin.
Date: 2026-03-29T16:50:32Z
Network: openweb
Published URL: https://crackingx.com/threads/70338/
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of mixed email credentials combolist
Category: Combo List
Content: Threat actor klyne05 distributed a mixed email credentials combolist described as private, fresh, and checked on the CrackingX forum.
Date: 2026-03-29T16:50:12Z
Network: openweb
Published URL: https://crackingx.com/threads/70339/
Screenshots:
None
Threat Actors: klyne05
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Colebrook, New Hampshire cyber incident disrupts town services
Category: Cyber Attack
Content: Les autorités de Colebrook ont suspendu les connexions aux systèmes de lÉtat du New Hampshire après quun compte email de la ville a été compromis, perturbant laccès aux services essentiels tels que les élections et le DMV. Bien que les fonctions de registre et délections aient été rétablies dici le 27 mars, laccès aux services du DMV et de la police était toujours en attente de restauration. Les responsables nont pas confirmé la nature exacte de lattaque ni lampleur des données compromises, mais ont agi pour isoler la menace et éviter sa propagation.
Date: 2026-03-29T16:50:09Z
Network: openweb
Published URL: https://dysruptionhub.com/colebrook-cyber-incident-new-hampshire/
Screenshots:
None
Threat Actors:
Victim Country: United States
Victim Industry: Unknown
Victim Organization: Colebrook
Victim Site: colebrooknh.org - OpsShadowStrike targets the website of Catalyst India
Category: Defacement
Content: The Group claims to have defaced the website of Catalyst India.
Date: 2026-03-29T16:47:04Z
Network: telegram
Published URL: https://t.me/OpsShadowStrike/194
Screenshots:
None
Threat Actors: OpsShadowStrike
Victim Country: India
Victim Industry: Building and construction
Victim Organization: catalyst india
Victim Site: catalystindiachemicals.in - OpsShadowStrike targets the website of Gastroland BPS Category: Defacement
Content: The Group claims to have defaced the website of Gastroland BPS.
Date: 2026-03-29T16:44:01Z
Network: telegram
Published URL: https://t.me/OpsShadowStrike/194
Screenshots:
None
Threat Actors: #OpsShadowStrike
Victim Country: Germany
Victim Industry: Manufacturing & Industrial Products
Victim Organization: gastroland bps
Victim Site: gastroland-bps.com - Alleged leak of Yahoo.com credentials
Category: Combo List
Content: A threat actor shared a combolist containing 6,622 credential pairs targeting Yahoo.com domain users via a file sharing service.
Date: 2026-03-29T16:39:07Z
Network: openweb
Published URL: https://crackingx.com/threads/70336/
Screenshots:
None
Threat Actors: BestCombo
Victim Country: United States
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com - Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: A threat actor named ValidMail allegedly shared a combolist containing 42,000 Hotmail credentials on the CrackingX forum. The post indicates these are valid credentials related to forums.
Date: 2026-03-29T16:38:48Z
Network: openweb
Published URL: https://crackingx.com/threads/70337/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Website defacement of AGC Far East by NUCLIER-Y-C-C-M
Category: Defacement
Content: The NUCLIER-Y-C-C-M group successfully defaced the AGC Far East website on March 29, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-03-29T16:30:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822046
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Unknown
Victim Industry: Construction/Materials
Victim Organization: AGC Far East
Victim Site: agcfareast.com - Website defacement of Cambodian government education licensing site by maw3six
Category: Defacement
Content: Threat actor maw3six successfully defaced a government education licensing website belonging to Cambodias Ministry of Education on March 29, 2026. The attack targeted the odslicensing.moe.gov.kh domain, which appears to be related to educational licensing services.
Date: 2026-03-29T16:18:23Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248166
Screenshots:
None
Threat Actors: maw3six
Victim Country: Cambodia
Victim Industry: Government
Victim Organization: Ministry of Education, Youth and Sport of Cambodia
Victim Site: odslicensing.moe.gov.kh - Nicotine targets the website of Star Asia Pacific HR Consultancy
Category: Defacement
Content: The threat actor claims to have defaced the website of Star Asia Pacific HR Consultancy.
Date: 2026-03-29T16:09:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821858
Screenshots:
None
Threat Actors: Nicotine
Victim Country: UAE
Victim Industry: Human Resources
Victim Organization: star asia pacific hr consultancy
Victim Site: saphr.ae - Alleged advertisement of residential proxy service on underground forum
Category: Initial Access
Content: User advertising residential proxy service with 80+ million IPs across 195 countries for $0.95/GB on cybercriminal forum. Service accepts cryptocurrency and provides HTTP/HTTPS/SOCKS5 protocols, potentially facilitating malicious activities by obscuring attackers real IP addresses.
Date: 2026-03-29T16:01:25Z
Network: openweb
Published URL: https://crackingx.com/threads/70335/
Screenshots:
None
Threat Actors: sellerking
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Nicotine targets the website of Travel Options
Category: Defacement
Content: The threat actor claims to have defaced the website of Travel Options.
Date: 2026-03-29T15:59:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821864
Screenshots:
None
Threat Actors: Nicotine
Victim Country: UAE
Victim Industry: Leisure & Travel
Victim Organization: travel options
Victim Site: traveloptions.ae - Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor allegedly shared a credential combolist containing Hotmail accounts along with other mixed valid credentials through Telegram channel. The post mentions UHQ (Ultra High Quality) valid credentials including Hotmail and private cloud accounts.
Date: 2026-03-29T15:50:47Z
Network: openweb
Published URL: https://crackingx.com/threads/70333/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged leak of SMTP credentials combolist
Category: Combo List
Content: Threat actor distributes a combolist containing 12.3 million SMTP email and password combinations through Telegram channels. The credentials are being shared for free through multiple Telegram groups.
Date: 2026-03-29T15:40:05Z
Network: openweb
Published URL: https://crackingx.com/threads/70332/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement of BFI Financial Trust by NUCLIER-Y-C-C-M
Category: Defacement
Content: The threat actor NUCLIER-Y-C-C-M successfully defaced the cookie policy page of BFI Financial Trusts website on March 29, 2026. This appears to be an isolated defacement targeting a single page rather than a mass defacement campaign.
Date: 2026-03-29T15:39:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822044
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: BFI Financial Trust
Victim Site: bfinactrust.com - Website defacement of BK Trip Thailand by NUCLIER-Y-C-C-M
Category: Defacement
Content: The threat actor NUCLIER-Y-C-C-M successfully defaced the homepage of BK Trip Thailand, a travel and tourism website, on March 29, 2026. This appears to be an isolated single-target attack rather than part of a broader campaign.
Date: 2026-03-29T15:22:22Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822042
Screenshots:
None
Threat Actors: NUCLIER-Y-C-C-M, NUCLIER-Y-C-C-M
Victim Country: Thailand
Victim Industry: Tourism/Travel
Victim Organization: BK Trip Thailand
Victim Site: bktripthailand.com - Alleged leak of Netherlands credential data
Category: Combo List
Content: Threat actor shared a credential list containing 86,000 records allegedly originating from Netherlands users, made available for free download on cybercriminal forum.
Date: 2026-03-29T15:18:00Z
Network: openweb
Published URL: https://crackingx.com/threads/70330/
Screenshots:
None
Threat Actors: Immanuel_Kant
Victim Country: Netherlands
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Belgium credentials combolist
Category: Combo List
Content: A threat actor shared a free download link to a combolist containing 87,000 email:password credentials allegedly from Belgium users.
Date: 2026-03-29T15:17:25Z
Network: openweb
Published URL: https://crackingx.com/threads/70331/
Screenshots:
None
Threat Actors: Immanuel_Kant
Victim Country: Belgium
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of General Services Administration
Category: Data Breach
Content: The threat group claims to have leaked data of General Services Administration in USA. The compromised data reportedly includes Last Name, First Name, Job Title, Work email, State, Organization etc.
Date: 2026-03-29T15:05:16Z
Network: telegram
Published URL: https://t.me/ruskinetgroup/129
Screenshots:
None
Threat Actors: RuskiNet Group
Victim Country: USA
Victim Industry: Government Administration
Victim Organization: general services administration
Victim Site: gsa.gov - Alleged leak of mixed email credentials
Category: Combo List
Content: A threat actor shared a Mega.nz link containing 25,000 mixed email credentials. The data appears to be distributed as a free download containing email access credentials from various sources.
Date: 2026-03-29T15:04:13Z
Network: openweb
Published URL: https://crackingx.com/threads/70328/
Screenshots:
None
Threat Actors: WashingtonDC
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor alphaxdd is distributing a combolist containing 1,724 allegedly valid Hotmail email credentials for free download on underground forums.
Date: 2026-03-29T15:03:43Z
Network: openweb
Published URL: https://crackingx.com/threads/70329/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor shared a combolist containing 1,400 allegedly fresh Hotmail email credentials on a cybercriminal forum.
Date: 2026-03-29T14:52:13Z
Network: openweb
Published URL: https://crackingx.com/threads/70326/
Screenshots:
None
Threat Actors: Lexser
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged leak of German shopping site credentials
Category: Combo List
Content: A threat actor shared a combolist containing 849,445 credential entries allegedly targeting German shopping websites. The data was made available as a free download via a file sharing service.
Date: 2026-03-29T14:51:54Z
Network: openweb
Published URL: https://crackingx.com/threads/70327/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Retail
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of data from VosFormateurs
Category: Data Breach
Content: The threat actor claims to be selling 2.16 GB data from VosFormateurs. The compromised data reportedly contains 3,880 records including including user/client information such as full names, email addresses, phone numbers, CRM training data, course details, internal identifiers, and timestamps.
Date: 2026-03-29T14:47:05Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-vosformateurs-fr-src-db-3k8-lines-2gb
Screenshots:
None
Threat Actors: IntelNormal
Victim Country: France
Victim Industry: Education
Victim Organization: vosformateurs
Victim Site: vosformateurs.fr - Alleged leak of login access to 6 Senses Cooking Studio
Category: Initial Access
Content: The group claims to have leaked login credential belonging to 6 Senses Cooking Studio.
Date: 2026-03-29T14:31:23Z
Network: telegram
Published URL: https://t.me/Rakyat_DigitalCrew/168
Screenshots:
None
Threat Actors: Rakyat Digital Crew
Victim Country: China
Victim Industry: Education
Victim Organization: 6 senses cooking studio
Victim Site: denicewai.com - Alleged leak of Hotmail credentials
Category: Combo List
Content: User HollowKnight07 shared a sample combolist containing 1,230 Hotmail credentials for free download on a cybercriminal forum.
Date: 2026-03-29T14:31:02Z
Network: openweb
Published URL: https://crackingx.com/threads/70324/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged leak of Gmail credentials on CrackingX forum
Category: Combo List
Content: Threat actor D4rkNetHub allegedly made available a combolist containing over 100,000 Gmail credentials on the CrackingX cybercrime forum. The actual post content requires forum registration to view, limiting verification of the specific details and nature of the data.
Date: 2026-03-29T14:18:42Z
Network: openweb
Published URL: https://crackingx.com/threads/70321/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com - Alleged leak of mixed email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 5,090 mixed email credentials for free download on a cybercrime forum.
Date: 2026-03-29T14:07:20Z
Network: openweb
Published URL: https://crackingx.com/threads/70320/
Screenshots:
None
Threat Actors: NotSellerxd
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged distribution of mixed country education sector credential combolist
Category: Combo List
Content: Threat actor distributes a combolist containing 12 million email and password credentials from education sector organizations across multiple countries through Telegram channels offering free access to credential lists and hacking tools.
Date: 2026-03-29T13:53:38Z
Network: openweb
Published URL: https://crackingx.com/threads/70319/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown - Website defacement of Vietnamese medical clinic by Zod
Category: Defacement
Content: Threat actor Zod successfully defaced the website of a Vietnamese medical clinic on March 29, 2026. The defacement targeted a specific page (zod.html) rather than the homepage, indicating a targeted attack against the healthcare organization.
Date: 2026-03-29T13:52:52Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248164
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Vietnam
Victim Industry: Healthcare
Victim Organization: Phong Kham Da Khoa Vinh
Victim Site: phongkhamdakhoavinh.com - Website defacement of ovr.a38.myftpupload.com by Zod
Category: Defacement
Content: The attacker known as Zod defaced the website ovr.a38.myftpupload.com on March 29, 2026. The defaced page was archived on haxor.id mirror service.
Date: 2026-03-29T13:52:32Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248165
Screenshots:
None
Threat Actors: Zod, Zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: ovr.a38.myftpupload.com - Alleged data leak of passports from multiple countries
Category: Data Leak
Content: The threat actor claims to have leaked passport data from multiple countries. The compromised data reportedly contains passport scans, ID cards (front and back), driver’s licenses, selfie verification images (KYC selfies), and full personal details including names and dates of birth.
Date: 2026-03-29T13:49:19Z
Network: openweb
Published URL: https://darkforums.su/Thread-UAE-passport
Screenshots:
None
Threat Actors: Arnoldsudney123
Victim Country: UAE
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged WordPress credential data leak
Category: Combo List
Content: Threat actor zod shared WordPress-related credential data in a cybercrime forum, with access details provided through a Telegram channel. The specific scope and nature of the WordPress data remains unclear from the available information.
Date: 2026-03-29T13:41:49Z
Network: openweb
Published URL: https://crackingx.com/threads/70318/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement of Nevada Luxury Homes by PH.BL4KE/STORM BREAKER SECURITY
Category: Defacement
Content: The real estate website nevadaluxuryhomes.ng was defaced by attacker PH.BL4KE associated with STORM BREAKER SECURITY team on March 29, 2026. This was a targeted single-site defacement rather than a mass attack.
Date: 2026-03-29T13:35:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822041
Screenshots:
None
Threat Actors: PH.BL4KE, STORM BREAKER SECURITY
Victim Country: Nigeria
Victim Industry: Real Estate
Victim Organization: Nevada Luxury Homes
Victim Site: nevadaluxuryhomes.ng - Alleged sale of unauthorized access to an unidentified shop in Chile
Category: Initial Access
Content: The threat actor claims to be selling unauthorized access to an unidentified WordPress shop in Chile.
Date: 2026-03-29T13:25:47Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279437/
Screenshots:
None
Threat Actors: ed1n1ca
Victim Country: Chile
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor distributed a combolist containing 1,800 allegedly fresh and valid Hotmail email credentials on a cybercrime forum.
Date: 2026-03-29T13:05:28Z
Network: openweb
Published URL: https://crackingx.com/threads/70312/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged credential list distribution via VIP ULP 1 package
Category: Combo List
Content: Threat actor zod is distributing a credential package labeled VIP ULP 1 through a password-protected Telegram channel. The content is hosted on a cracking forum specializing in combolists and credential dumps.
Date: 2026-03-29T13:05:06Z
Network: openweb
Published URL: https://crackingx.com/threads/70314/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of Gmail accounts for verification purposes
Category: Data Breach
Content: Forum user kasep455 is allegedly selling Gmail accounts that can be used for verification purposes. The post provides minimal details and directs interested parties to send private messages.
Date: 2026-03-29T13:04:51Z
Network: openweb
Published URL: https://crackingx.com/threads/70315/
Screenshots:
None
Threat Actors: kasep455
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com - Alleged leak of European email credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 6,480 email credentials claimed to be from European sources. The credentials are described as mixed base mail access and made available for free download.
Date: 2026-03-29T12:50:45Z
Network: openweb
Published URL: https://crackingx.com/threads/70310/
Screenshots:
None
Threat Actors: karaokecloud
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: User FlashCloud2 posted about private Hotmail combo hits on CrackingX forum. The post content is restricted and requires forum registration to view details.
Date: 2026-03-29T12:50:23Z
Network: openweb
Published URL: https://crackingx.com/threads/70311/
Screenshots:
None
Threat Actors: FlashCloud2
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Cyber Islamic resistance targets the website of MBINAT
Category: Defacement
Content: The group claims to have defaced the website of MBINAT
Date: 2026-03-29T12:44:08Z
Network: telegram
Published URL: https://t.me/CIR48/1813
Screenshots:
None
Threat Actors: Cyber Islamic resistance
Victim Country: Israel
Victim Industry: Building and construction
Victim Organization: mbinat
Victim Site: elul.mbinat.co.il - Alleged distribution of AWS business credential combolist
Category: Combo List
Content: Threat actor CODER is distributing AWS business credential combolists through Telegram channels, offering free access to credential lists and related programs.
Date: 2026-03-29T12:39:15Z
Network: openweb
Published URL: https://crackingx.com/threads/70308/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Cloud Computing
Victim Organization: Amazon Web Services
Victim Site: aws.amazon.com - Alleged leak of Yahoo credentials
Category: Combo List
Content: A threat actor shared a credential list containing 754,986 Yahoo account credentials through a file hosting service. The data is being distributed as a free download on underground forums.
Date: 2026-03-29T12:38:56Z
Network: openweb
Published URL: https://crackingx.com/threads/70309/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Yahoo
Victim Site: yahoo.com - Alleged leak of corporate credential combolist
Category: Combo List
Content: Threat actor made available a collection of 31,000 corporate and mixed credentials on a cybercriminal forum, claiming the data is valid and dated March 29th.
Date: 2026-03-29T12:20:10Z
Network: openweb
Published URL: https://crackingx.com/threads/70306/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Japanese email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 4,800 allegedly valid Japanese email credentials with full access capabilities dated March 29th.
Date: 2026-03-29T12:19:50Z
Network: openweb
Published URL: https://crackingx.com/threads/70307/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Breach of Abacel Paraguay
Category: Data Breach
Content: Threat actor claims to be selling a database containing 345,000 email records and 510,000 phone numbers linked to abacel.com.py, including personal details such as names, addresses, and contact information, priced at $450.
Date: 2026-03-29T12:11:05Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279431/
Screenshots:
None
Threat Actors: Datavortex
Victim Country: Paraguay
Victim Industry: Consumer Electronics
Victim Organization: abacel paraguay
Victim Site: abacel.com.py - Alleged Data Breach of PORTAL AGENDA BRASIL
Category: Data Breach
Content: Threat actor claims to be selling a database of 350,000 Brazilian user records from portalagenda.com.br, including personal details such as names, phone numbers, emails, addresses, and other sensitive information, priced at $350.
Date: 2026-03-29T12:02:52Z
Network: openweb
Published URL: https://forum.exploit.in/topic/279430/
Screenshots:
None
Threat Actors: Datavortex
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: portal agenda brasil
Victim Site: portalagendabrasil.com.br - Alleged leak of mixed US/EU email credentials
Category: Combo List
Content: A threat actor leaked a combolist containing 3,300 email credentials from users in the United States and European Union. The credentials were made available as a free download on an underground forum.
Date: 2026-03-29T12:02:47Z
Network: openweb
Published URL: https://crackingx.com/threads/70304/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of Taiwan Gmail account access
Category: Initial Access
Content: Threat actor claims to sell access to Taiwan-based Gmail accounts, allegedly bypassing Googles security measures. The actor offers vouches and requests reviews from buyers.
Date: 2026-03-29T12:02:34Z
Network: openweb
Published URL: https://crackingx.com/threads/70305/
Screenshots:
None
Threat Actors: kasep455
Victim Country: Taiwan
Victim Industry: Unknown
Victim Organization: Google
Victim Site: gmail.com - Cyber Islamic resistance targets the website of Tiuly Hadan
Category: Defacement
Content: The group claims to have defaced the website of Tiuly Hadan
Date: 2026-03-29T11:59:22Z
Network: telegram
Published URL: https://t.me/CIR48/1810
Screenshots:
None
Threat Actors: Cyber Islamic resistance
Victim Country: Israel
Victim Industry: Leisure & Travel
Victim Organization: tiuly hadan
Victim Site: tiuly-hadan.co.il - Alleged leak of email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 34,000 valid email access credentials on a cybercrime forum. The credentials are being distributed through a private Telegram channel.
Date: 2026-03-29T11:53:43Z
Network: openweb
Published URL: https://crackingx.com/threads/70302/
Screenshots:
None
Threat Actors: TeraCloud1
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Russian email credentials
Category: Combo List
Content: A threat actor shared a collection of 6,200 Russian email credentials with full access, dated March 29th. The credentials appear to be made available for free download to registered forum users.
Date: 2026-03-29T11:53:25Z
Network: openweb
Published URL: https://crackingx.com/threads/70303/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Russia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Japanese email credentials
Category: Combo List
Content: A threat actor shared a file containing approximately 4,000 Japanese email credentials through a file sharing platform. The credentials appear to be distributed as a free download rather than being sold.
Date: 2026-03-29T11:44:39Z
Network: openweb
Published URL: https://crackingx.com/threads/70298/
Screenshots:
None
Threat Actors: WashingtonDC
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Japanese email credentials
Category: Combo List
Content: Threat actor shared a free download link containing 3.6K Japanese email credentials, promoted through a Telegram channel that claims to provide fresh email databases daily.
Date: 2026-03-29T11:44:21Z
Network: openweb
Published URL: https://crackingx.com/threads/70299/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Japan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared what appears to be Hotmail email credentials through a Telegram channel, with access requiring registration on a cracking forum.
Date: 2026-03-29T11:44:00Z
Network: openweb
Published URL: https://crackingx.com/threads/70300/
Screenshots:
None
Threat Actors: zod
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged sale of Israel Citizens Database
Category: Data Leak
Content: The threat actor claims to be selling Israel Citizens Database. The compromised data reportedly contains 842,000 records, including names, gender, dates of birth and location details of Israeli citizens
Date: 2026-03-29T11:36:50Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Israel-Citizens-Database-842k
Screenshots:
None
Threat Actors: fent888
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of French email credentials
Category: Combo List
Content: A threat actor shared a collection of 1,400 allegedly fresh and valid French email access credentials dated March 29th on a cybercriminal forum.
Date: 2026-03-29T11:24:14Z
Network: openweb
Published URL: https://crackingx.com/threads/70296/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: France
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Chinese email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 2,300 fresh valid Chinese email credentials dated March 29th. The credentials appear to provide email access rather than just login pairs.
Date: 2026-03-29T11:23:57Z
Network: openweb
Published URL: https://crackingx.com/threads/70297/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: China
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Brazilian email credentials
Category: Combo List
Content: A threat actor shared a list of 1,100 allegedly fresh and valid Brazilian email credentials dated March 29th on a cybercriminal forum.
Date: 2026-03-29T11:05:11Z
Network: openweb
Published URL: https://crackingx.com/threads/70293/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of mixed email credentials combolist
Category: Combo List
Content: A threat actor shared a combolist containing 3,300 mixed email credentials through a file hosting service. The credentials appear to be distributed freely without any payment required.
Date: 2026-03-29T11:04:51Z
Network: openweb
Published URL: https://crackingx.com/threads/70294/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of German email credentials
Category: Combo List
Content: A threat actor shared a combolist containing 100,000 German email credentials dated March 29th on an underground forum. The credentials are claimed to be valid and high quality.
Date: 2026-03-29T11:04:32Z
Network: openweb
Published URL: https://crackingx.com/threads/70295/
Screenshots:
None
Threat Actors: MailAccesss
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Sale of Chinese Online Gambling Users Database
Category: Data Leak
Content: The threat actor claims to be leaked online gambling users data from china. The compromised data reportedly contains 330,000 records including user IDs, mobile account details, names, login activity (IP addresses, login frequency, and locations), membership/VIP status, and financial transaction data such as recharge and withdrawal amounts and timestamps.
Date: 2026-03-29T11:01:21Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Chinese-online-gambling-customers-3300K
Screenshots:
None
Threat Actors: DDying
Victim Country: China
Victim Industry: Gambling & Casinos
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a list of 1,400 allegedly valid Hotmail credentials on a cybercrime forum. The post indicates these are private validated email and password combinations.
Date: 2026-03-29T10:53:47Z
Network: openweb
Published URL: https://crackingx.com/threads/70292/
Screenshots:
None
Threat Actors: FlashCloud2
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged cybercriminal service offering on CrackingX forum
Category: Initial Access
Content: Forum user xibulipali advertises full-stack web development services on cybercriminal forum, offering both surface web and privacy-focused web solutions including custom forum development. The posting suggests potential development of infrastructure for illicit activities.
Date: 2026-03-29T10:43:55Z
Network: openweb
Published URL: https://crackingx.com/threads/70290/
Screenshots:
None
Threat Actors: xibulipali
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of USA Banking Database
Category: Data Leak
Content: Threat actor claims to be leaked 4 Million Banking Data from Usa. The compromised data reportedly contains personal records, including names, email addresses, phone numbers, and other contact related information.
Date: 2026-03-29T10:41:13Z
Network: openweb
Published URL: https://breachforums.sb/Thread-SELLING-4-Million-USA-FULL-BANKING-DB
Screenshots:
None
Threat Actors: Razia
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,000 allegedly valid Hotmail email and password combinations through a file sharing service.
Date: 2026-03-29T10:34:59Z
Network: openweb
Published URL: https://crackingx.com/threads/70285/
Screenshots:
None
Threat Actors: Kommander0
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged sale of Android remote access trojan toolkit
Category: Initial Access
Content: Threat actor advertises Android malware toolkit with remote access capabilities including screen control, keylogging, banking overlays, camera/microphone access, and ransomware functionality. The toolkit includes features to bypass security protections and steal credentials from banking and cryptocurrency applications.
Date: 2026-03-29T10:34:54Z
Network: openweb
Published URL: https://crackingx.com/threads/70286/
Screenshots:
None
Threat Actors: xibulipali
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Hotmail credential combolist
Category: Combo List
Content: Threat actor shared a fresh Hotmail credential combolist containing 940,000 records via Telegram channel and file sharing platform. The actor claims to regularly add fresh email credential databases.
Date: 2026-03-29T10:34:36Z
Network: openweb
Published URL: https://crackingx.com/threads/70288/
Screenshots:
None
Threat Actors: Kokos2846q
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged custom credential checking tool development service
Category: Initial Access
Content: Threat actor kasep455 is offering custom credential checker development services for login portals without captcha protection. The service appears designed to facilitate automated credential stuffing attacks against various websites.
Date: 2026-03-29T10:34:23Z
Network: openweb
Published URL: https://crackingx.com/threads/70287/
Screenshots:
None
Threat Actors: kasep455
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 459 Hotmail email credentials, organized by country and including inbox targets for download.
Date: 2026-03-29T10:24:40Z
Network: openweb
Published URL: https://crackingx.com/threads/70283/
Screenshots:
None
Threat Actors: Hotmail Cloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged leak of German domain credential list
Category: Combo List
Content: A threat actor shared a combolist containing 424,223 credential pairs specifically targeting German (.de) domain email addresses. The data is being distributed for free via file sharing platform.
Date: 2026-03-29T10:24:20Z
Network: openweb
Published URL: https://crackingx.com/threads/70284/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Germany
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Cyber Islamic resistance targets the website of Prachim 2U
Category: Defacement
Content: The group claims to have defaced the website of Prachim 2U
Date: 2026-03-29T10:17:46Z
Network: telegram
Published URL: https://t.me/CIR48/1808
Screenshots:
None
Threat Actors: Cyber Islamic resistance
Victim Country: Israel
Victim Industry: Package & Freight Delivery
Victim Organization: prachim 2u
Victim Site: prachim2u.co.il - Alleged Sale of WhatsApp And Email User Database from Spain
Category: Data Leak
Content: The threat claims to be leaked WhatsApp And Email User Database from Spain. The compromised data reportedly contains personal records, including first names, last names, email addresses, and WhatsApp-linked mobile phone numbers.
Date: 2026-03-29T10:09:39Z
Network: openweb
Published URL: https://breachforums.sb/Thread-SELLING-For-sale-Spain-Email-Full-Name-WhatsApp-Data
Screenshots:
None
Threat Actors: Sabit
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged sale of data from Guidely
Category: Data Breach
Content: The threat actor claims to be selling data from Guidely. The compromised dataset reportedly contains 1.4 million records including full names, email addresses, passwords, phone numbers and more
Date: 2026-03-29T09:58:51Z
Network: openweb
Published URL: https://spear.cx/Thread-Selling-INDIA-1-4M-USER-INFORMATION-DATA-FROM-guidely-in
Screenshots:
None
Threat Actors: Shinchan
Victim Country: India
Victim Industry: Education
Victim Organization: guidely
Victim Site: guidely.in - Alleged Leak of Regio Ruta Nuevo León Database
Category: Data Leak
Content: The threat actor claims to leaked Regio Ruta Nuevo León Database. The compromised data reportedly contains 117,570 records, including full names, CURP (national ID), dates of birth, phone numbers, email addresses, and complete address details such as city and postal code.
Date: 2026-03-29T09:38:15Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Data-base-of-Regio-Ruta-Nuevo-Leon
Screenshots:
None
Threat Actors: NIHIL
Victim Country: Mexico
Victim Industry: Transportation & Logistics
Victim Organization: regio ruta nuevo león
Victim Site: Unknown - Alleged leak of email credential combolist containing 39,000 records
Category: Combo List
Content: A threat actor shared a link to a combolist containing 39,000 email credentials on a cybercrime forum. The data appears to be made available for free download through an external paste service.
Date: 2026-03-29T09:25:58Z
Network: openweb
Published URL: https://crackingx.com/threads/70280/
Screenshots:
None
Threat Actors: Cir4d
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Hotmail credentials on CrackingX forum
Category: Combo List
Content: Forum user ValidMail allegedly shared a combolist containing 42,000 Hotmail credentials described as valid for forum use. The post content requires registration to view full details.
Date: 2026-03-29T09:25:40Z
Network: openweb
Published URL: https://crackingx.com/threads/70281/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged leak of data from Casa Ley
Category: Data Breach
Content: The threat actor claims to be leaked 15 GB data from Casa Ley. The compromised data reportedly contains administrative and legal documents, including proof of address, office and contact phone numbers, tax status and compliance certificates, articles of incorporation, power of attorney documents, and official identification of legal representatives.
Date: 2026-03-29T09:23:53Z
Network: openweb
Published URL: https://darkforums.su/Thread-Document-MEXICO-CASA-LEY
Screenshots:
None
Threat Actors: Alz_157s
Victim Country: Mexico
Victim Industry: Retail Industry
Victim Organization: casa ley
Victim Site: casaley.com.mx - Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a sample combolist containing 765 Hotmail email and password combinations on a cybercriminal forum. The credentials are being distributed as a free download.
Date: 2026-03-29T09:05:54Z
Network: openweb
Published URL: https://crackingx.com/threads/70279/
Screenshots:
None
Threat Actors: HollowKnight07
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared 961 allegedly valid Hotmail email credentials in a cybercriminal forum. The credentials are described as premium hits from private cloud sources with mixed email types.
Date: 2026-03-29T08:56:29Z
Network: openweb
Published URL: https://crackingx.com/threads/70278/
Screenshots:
None
Threat Actors: alphaxdd
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged leak of data from Eswatini Financial Intelligence Centre (EFIC)
Category: Data Breach
Content: The threat actor claims to be leaked 160 GB data from Eswatini Financial Intelligence Centre (EFIC). The compromised data reportedly contains 900,000 records, including bank transaction data, police investigation reports, court affidavits, legal transcripts, and confidential inter-agency communications related to financial crime investigations.
Date: 2026-03-29T08:36:01Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-Eswatini-Financial-Intelligence-Unit-EFIC-2024-160-GB
Screenshots:
None
Threat Actors: Nova
Victim Country: Eswatini
Victim Industry: Financial Services
Victim Organization: eswatini financial intelligence centre (efic)
Victim Site: efic.org.sz - Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor allegedly leaked 1,189 fresh Hotmail credentials on a cybercrime forum. The data is being made available for free download to registered forum users.
Date: 2026-03-29T08:35:58Z
Network: openweb
Published URL: https://crackingx.com/threads/70277/
Screenshots:
None
Threat Actors: RandomUpload
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Website defacement of NCP Mediclub by fidzxploit (INDOHAXSEC)
Category: Defacement
Content: The website of NCP Mediclub was defaced by attacker fidzxploit, affiliated with the INDOHAXSEC team. This was a single-target home page defacement occurring on March 29, 2026.
Date: 2026-03-29T08:34:26Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822029
Screenshots:
None
Threat Actors: fidzxploit, INDOHAXSEC
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: NCP Mediclub
Victim Site: www.ncpmediclub.org - Website defacement of NCP Medi Club by fidzxploit/INDOHAXSEC
Category: Defacement
Content: The website of NCP Medi Club was defaced by attacker fidzxploit from the INDOHAXSEC team on March 29, 2026. The incident targeted a healthcare-related organizations website hosted on a Linux server.
Date: 2026-03-29T08:33:24Z
Network: openweb
Published URL: https://haxor.id/archive/mirror/248163
Screenshots:
None
Threat Actors: fidzxploit, INDOHAXSEC
Victim Country: India
Victim Industry: Healthcare
Victim Organization: NCP Medi Club
Victim Site: www.ncpmediclub.org - Alleged leak of Hotmail credential combolist
Category: Combo List
Content: A threat actor shared a combolist containing 137,393 Hotmail email and password combinations from mixed countries via a file sharing service.
Date: 2026-03-29T08:15:32Z
Network: openweb
Published URL: https://crackingx.com/threads/70276/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged leak of Hotmail credentials
Category: Combo List
Content: A threat actor shared a combolist containing 1,600 Hotmail email credentials through a file sharing platform. The credentials appear to be distributed for free rather than sold.
Date: 2026-03-29T07:52:32Z
Network: openweb
Published URL: https://crackingx.com/threads/70274/
Screenshots:
None
Threat Actors: WashingtonDC
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged sale of aged Gmail accounts
Category: Initial Access
Content: Threat actor king007 is allegedly selling 100 aged Gmail accounts with instant delivery. The seller recommends using VPN for login and offers discounts for bulk orders.
Date: 2026-03-29T07:52:25Z
Network: openweb
Published URL: https://crackingx.com/threads/70275/
Screenshots:
None
Threat Actors: king007
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com - Alleged distribution of credential combolist containing 38,000 records
Category: Combo List
Content: A threat actor shared a credential combolist containing 38,000 unique email and password combinations on a cybercrime forum. The post content requires registration to view full details.
Date: 2026-03-29T07:27:09Z
Network: openweb
Published URL: https://crackingx.com/threads/70273/
Screenshots:
None
Threat Actors: UniqueCombo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement of Vibe Formaturas by tirz4sec (jatengblekhet team)
Category: Defacement
Content: Brazilian graduation services company Vibe Formaturas was defaced by threat actor tirz4sec, affiliated with the jatengblekhet team, on March 29, 2026.
Date: 2026-03-29T06:42:30Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822027
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: Brazil
Victim Industry: Education Services
Victim Organization: Vibe Formaturas
Victim Site: vibeformaturas.com.br - Alleged leak of credential combolist containing 280GB of URL-LOG-PASS data
Category: Combo List
Content: A threat actor shared a 280GB collection of URL-LOG-PASS credential data in TXT format, described as private and fresh for 2026. The post appears to offer free access to this credential combolist through a download link.
Date: 2026-03-29T06:40:47Z
Network: openweb
Published URL: https://crackingx.com/threads/70271/
Screenshots:
None
Threat Actors: TheBash1996
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement of sadova.es by tirz4sec (jatengblekhet team)
Category: Defacement
Content: The attacker tirz4sec, associated with the jatengblekhet team, successfully defaced the Spanish website sadova.es on March 29, 2026. The defacement targeted a specific page (in.html) rather than the main site homepage.
Date: 2026-03-29T06:36:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822026
Screenshots:
None
Threat Actors: tirz4sec, jatengblekhet
Victim Country: Spain
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: sadova.es - Alleged data breach of European Commission
Category: Data Breach
Content: The threat actor claims to have compromised the target’s systems, alleging that over 350 GB of data has been exfiltrated, including mail server dumps, databases, confidential documents, contracts, and other sensitive internal materials.
Date: 2026-03-29T06:35:38Z
Network: tor
Published URL: http://toolatedhs5dtr2pv6h5kdraneak5gs3sxrecqhoufc5e45edior7mqd.onion/
Screenshots:
None
Threat Actors: ShinyHunters
Victim Country: Belgium
Victim Industry: Government Administration
Victim Organization: european commission
Victim Site: ec.europa.eu - Alleged intermediary service for illegal advertisement posting and document fraud
Category: Initial Access
Content: Actor vlesskey offers intermediary services for posting illegal advertisements across various forums, specializing in eSIM/SIM card sales, Telegram premium status, and document collection services for consulates. The actor facilitates transactions using cryptocurrency payments and escrow services.
Date: 2026-03-29T06:30:10Z
Network: openweb
Published URL: https://crackingx.com/threads/70270/
Screenshots:
None
Threat Actors: vlesskey
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Website defacement of AG Digital Marketing by Nicotine (Umbra Community)
Category: Defacement
Content: The website of AG Digital Marketing was defaced by an attacker using the handle Nicotine associated with the Umbra Community group on March 29, 2026. This appears to be a targeted single-site defacement of a digital marketing companys website.
Date: 2026-03-29T06:24:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821989
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Digital Marketing
Victim Organization: AG Digital Marketing
Victim Site: agdigitalmarketing.in - Website defacement of The Bliss International Spa by Nicotine (Umbra Community)
Category: Defacement
Content: On March 29, 2026, the website of The Bliss International Spa was defaced by an attacker identified as Nicotine affiliated with the Umbra Community group. The defacement targeted a single page rather than the entire website.
Date: 2026-03-29T06:24:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/822022
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Hospitality/Wellness
Victim Organization: The Bliss International Spa
Victim Site: theblissinternationalspa.com - Alleged data brecah of Mizra – Alon Holdings Ltd
Category: Data Breach
Content: The threat actor claims to have leaked financial and corporate data related to Mizra – Alon Holdings Ltd.The compromised data reportedly includes company registration details, phone numbers, entity structures, and financial-related information.
Date: 2026-03-29T06:23:59Z
Network: openweb
Published URL: https://hydraforums.io/Threads-mizra-alon-holdings-ltd-israel
Screenshots:
None
Threat Actors: MashroomBlind
Victim Country: Israel
Victim Industry: Financial Services
Victim Organization: mizra – alon holdings ltd
Victim Site: mizra.co.il - Website defacement of WiiTech Group by Nicotine (Umbra Community)
Category: Defacement
Content: The technology company WiiTech Groups website was defaced by attacker Nicotine affiliated with the Umbra Community group on March 29, 2026. The defacement targeted the index.txt file on the companys domain.
Date: 2026-03-29T06:17:57Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821895
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: WiiTech Group
Victim Site: wiitechgroup.com - Website defacement of arullcabs.com by Nicotine (Umbra Community)
Category: Defacement
Content: On March 29, 2026, threat actor Nicotine affiliated with Umbra Community successfully defaced the arullcabs.com website. The attack targeted a taxi/transportation service companys web presence.
Date: 2026-03-29T06:17:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821898
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Transportation/Taxi Services
Victim Organization: Arull Cabs
Victim Site: arullcabs.com - Website defacement of woodywares.com by Nicotine (Umbra Community)
Category: Defacement
Content: The woodywares.com website was defaced by the attacker Nicotine affiliated with the Umbra Community group on March 29, 2026. The defacement targeted a single page on the technology companys website.
Date: 2026-03-29T06:16:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821903
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology/Software
Victim Organization: Woody Wares
Victim Site: woodywares.com - Website defacement of abubakkarsiddik.com by Nicotine from Umbra Community
Category: Defacement
Content: The website abubakkarsiddik.com was defaced by an attacker using the handle Nicotine associated with the Umbra Community group on March 29, 2026. This appears to be a single-target defacement incident with no apparent specific motivation documented.
Date: 2026-03-29T06:16:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821906
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: abubakkarsiddik.com - Website defacement of boibarta.online by Nicotine (Umbra Community)
Category: Defacement
Content: The website boibarta.online was defaced by an attacker named Nicotine, affiliated with the Umbra Community group, on March 29, 2026. The defacement targeted the sites index page and has been archived on zone-xsec.com mirror.
Date: 2026-03-29T06:15:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821911
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: boibarta.online - Alleged leak of Gmail credentials
Category: Combo List
Content: Forum post claims to offer over 100,000 Gmail credentials in a combolist format. The actual content is hidden behind registration requirements.
Date: 2026-03-29T06:12:34Z
Network: openweb
Published URL: https://crackingx.com/threads/70269/
Screenshots:
None
Threat Actors: D4rkNetHub
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Google
Victim Site: gmail.com - Website defacement of Toka Produtora by Nicotine (Umbra Community)
Category: Defacement
Content: The Brazilian production company Toka Produtoras website was defaced by the attacker Nicotine affiliated with Umbra Community on March 29, 2026. The defacement targeted the index.txt file of the companys website.
Date: 2026-03-29T06:09:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821769
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Brazil
Victim Industry: Media/Entertainment
Victim Organization: Toka Produtora
Victim Site: tokaprodutora.com.br - Website defacement of Vivi Bronze by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community team defaced the vivibronze.com.br website on March 29, 2026. The defacement targeted the index.txt file of the Brazilian companys website.
Date: 2026-03-29T06:08:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821771
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Vivi Bronze
Victim Site: vivibronze.com.br - Alleged Data breach of Pais Plus
Category: Data Breach
Content: The group claims to have leaked data from Pais Plus. The compromised data reportedly contains 41 Million records including, Employee data, company data, customer data, and much more information.
Date: 2026-03-29T06:08:08Z
Network: telegram
Published URL: https://t.me/DedaleOffice/1226
Screenshots:
None
Threat Actors: Dedale Office
Victim Country: Israel
Victim Industry: Financial Services
Victim Organization: pais plus
Victim Site: paisplus.co.il - Website defacement of Creative Dev Ltd by Nicotine (Umbra Community)
Category: Defacement
Content: The website creativedevltd.com was defaced by attacker Nicotine associated with the Umbra Community group on March 29, 2026. The defacement targeted a technology/web development companys website.
Date: 2026-03-29T06:08:03Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821773
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology/Web Development
Victim Organization: Creative Dev Ltd
Victim Site: creativedevltd.com - Website defacement of lawyerseye.com by Nicotine (Umbra Community)
Category: Defacement
Content: The legal services website lawyerseye.com was defaced by attacker Nicotine affiliated with the Umbra Community group on March 29, 2026. The defacement targeted the sites index page and has been archived on zone-xsec mirror platform.
Date: 2026-03-29T06:07:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821779
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Legal Services
Victim Organization: Lawyers Eye
Victim Site: lawyerseye.com - Website defacement of mena-saleep.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website mena-saleep.com was defaced by attacker Nicotine affiliated with the Umbra Community team on March 29, 2026. The defacement targeted the sites index page and has been archived for threat intelligence purposes.
Date: 2026-03-29T06:06:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821783
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: mena-saleep.com - Website defacement of AlMomin Group by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team defaced the AlMomin Group website on March 29, 2026. The defacement targeted the index.txt file of the almomingroup.com domain.
Date: 2026-03-29T06:06:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821788
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: AlMomin Group
Victim Site: almomingroup.com - Website defacement of batalgaattaudit.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website batalgaattaudit.com was defaced by an attacker named Nicotine, associated with the Umbra Community group, on March 29, 2026. The defacement targeted what appears to be an audit firms website.
Date: 2026-03-29T06:05:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821796
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Professional Services
Victim Organization: Batalga Audit
Victim Site: batalgaattaudit.com - Website defacement of bayasakhatlas.mn by Nicotine (Umbra Community)
Category: Defacement
Content: The website bayasakhatlas.mn was defaced by attacker Nicotine affiliated with Umbra Community on March 29, 2026. The defacement targeted the index.txt file of the Mongolian domain.
Date: 2026-03-29T06:05:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821797
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Mongolia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: bayasakhatlas.mn - Website defacement of busladies.mn by Nicotine (Umbra Community)
Category: Defacement
Content: The website busladies.mn was defaced by attacker Nicotine affiliated with the Umbra Community team on March 29, 2026. This appears to be a single-target defacement incident affecting what seems to be a transportation-related website in Mongolia.
Date: 2026-03-29T06:04:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821799
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Mongolia
Victim Industry: Transportation
Victim Organization: Unknown
Victim Site: busladies.mn - Alleged leak of corporate email combolist
Category: Combo List
Content: A threat actor shared a combolist containing 98,307 corporate email credentials via a file sharing platform, targeting corporate email accounts for potential lead generation purposes.
Date: 2026-03-29T06:02:34Z
Network: openweb
Published URL: https://crackingx.com/threads/70268/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Allegro Musique
Category: Data Breach
Content: The threat actor claims to have breached Allegro Musique and obtained a dataset containing personal information such as first and last names, date of birth, address, email address, phone number, and Social Security number, as well as documents such as resumes and cover letters.
Date: 2026-03-29T05:58:42Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-FR-allegromusique-fr-Leaked-Download
Screenshots:
None
Threat Actors: marinelepen
Victim Country: France
Victim Industry: Music
Victim Organization: allegro musique
Victim Site: allegromusique.fr - Website defacement of alaminuto.com.br by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community team defaced the Brazilian website alaminuto.com.br on March 29, 2026. The defacement targeted a specific page (index.txt) rather than the main homepage.
Date: 2026-03-29T05:58:05Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821710
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: alaminuto.com.br - Website defacement of alyaprime.com.br by Nicotine (Umbra Community)
Category: Defacement
Content: The website alyaprime.com.br was defaced by attacker Nicotine affiliated with Umbra Community on March 29, 2026. The defacement targeted the index.txt file of the Brazilian website.
Date: 2026-03-29T05:57:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821711
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Alya Prime
Victim Site: alyaprime.com.br - Website defacement of deysidossa.com.br by Nicotine (Umbra Community)
Category: Defacement
Content: Website defacement attack conducted by threat actor Nicotine affiliated with Umbra Community against Brazilian domain deysidossa.com.br on March 29, 2026.
Date: 2026-03-29T05:56:53Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821715
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Brazil
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: deysidossa.com.br - Website defacement of Holdefer Consultoria by Nicotine from Umbra Community
Category: Defacement
Content: Brazilian consulting firm Holdefer Consultoria was defaced by attacker Nicotine associated with the Umbra Community group on March 29, 2026. The incident targeted a single page rather than the entire website or multiple sites.
Date: 2026-03-29T05:56:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821725
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Brazil
Victim Industry: Consulting Services
Victim Organization: Holdefer Consultoria
Victim Site: holdeferconsultoria.com.br - Website defacement of Adv Carla Costa by Nicotine (Umbra Community)
Category: Defacement
Content: The website of Brazilian legal professional Adv Carla Costa was defaced by the attacker Nicotine from the Umbra Community group on March 29, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-03-29T05:55:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821743
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Brazil
Victim Industry: Legal Services
Victim Organization: Adv Carla Costa
Victim Site: advcarlacosta.com.br - Website defacement of amjadbukhari.com by Nicotine from Umbra Community
Category: Defacement
Content: The website amjadbukhari.com was defaced by attacker Nicotine affiliated with the Umbra Community group on March 29, 2026. The defacement targeted the sites index page and was documented in threat intelligence repositories.
Date: 2026-03-29T05:49:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821607
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: amjadbukhari.com - Website defacement of enviary.cloud by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from Umbra Community defaced the enviary.cloud website on March 29, 2026. The defacement targeted the index.txt file of the cloud services platform.
Date: 2026-03-29T05:48:56Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821613
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Enviary
Victim Site: enviary.cloud - Website defacement of enviary.digital by Nicotine (Umbra Community)
Category: Defacement
Content: The website enviary.digital was defaced by threat actor Nicotine associated with the Umbra Community group on March 29, 2026. This appears to be a targeted single-site defacement rather than a mass attack.
Date: 2026-03-29T05:48:23Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821614
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Enviary Digital
Victim Site: enviary.digital - Website defacement of enviary.services by Nicotine from Umbra Community
Category: Defacement
Content: The attacker Nicotine, associated with Umbra Community, defaced the enviary.services website on March 29, 2026. The defacement targeted the index.txt file of the domain.
Date: 2026-03-29T05:47:49Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821615
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: enviary.services - Website defacement of enviary.site by Nicotine (Umbra Community)
Category: Defacement
Content: The website enviary.site was defaced by attacker Nicotine affiliated with the Umbra Community group on March 29, 2026. The defacement targeted the index.txt file of the site.
Date: 2026-03-29T05:47:18Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821616
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: enviary.site - Website defacement of enviary.space by Nicotine from Umbra Community
Category: Defacement
Content: Attacker Nicotine from the Umbra Community group defaced the enviary.space website on March 29, 2026. The defacement targeted the index.txt file of the domain.
Date: 2026-03-29T05:46:44Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821617
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: enviary.space - Website defacement of enviarys.com by Nicotine (Umbra Community)
Category: Defacement
Content: The Umbra Community threat group, specifically attacker Nicotine, defaced the enviarys.com website on March 29, 2026. This appears to be a single-target defacement incident rather than a mass or re-defacement campaign.
Date: 2026-03-29T05:46:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821618
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Enviarys
Victim Site: enviarys.com - Website defacement of mywertec.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website mywertec.com was defaced by threat actor Nicotine affiliated with the Umbra Community group on March 29, 2026. This appears to be an isolated defacement targeting a technology-related organization.
Date: 2026-03-29T05:45:40Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821620
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: MyWerTec
Victim Site: mywertec.com - Website defacement of top-doctor.org by Nicotine (Umbra Community)
Category: Defacement
Content: On March 29, 2026, the healthcare website top-doctor.org was defaced by threat actor Nicotine affiliated with the Umbra Community group. The defacement targeted the sites index page, compromising the medical organizations web presence.
Date: 2026-03-29T05:45:06Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821624
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Healthcare
Victim Organization: Unknown
Victim Site: top-doctor.org - Website defacement of Wertec by Nicotine (Umbra Community)
Category: Defacement
Content: The website wertec.co.uk was defaced by attacker Nicotine associated with the Umbra Community group on March 29, 2026. This was an isolated defacement incident rather than part of a mass campaign.
Date: 2026-03-29T05:44:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821626
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United Kingdom
Victim Industry: Unknown
Victim Organization: Wertec
Victim Site: wertec.co.uk - Website defacement of BCP Invest by Nicotine from Umbra Community
Category: Defacement
Content: The investment firm BCP Invests website was defaced by an attacker known as Nicotine, affiliated with the Umbra Community group, on March 29, 2026.
Date: 2026-03-29T05:43:58Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821629
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: BCP Invest
Victim Site: bcp-invest.com - Website defacement of Business Continuity Plan Ltd by Nicotine (Umbra Community)
Category: Defacement
Content: The website of Business Continuity Plan Ltd was defaced by an attacker known as Nicotine from the Umbra Community group on March 29, 2026. This was an isolated defacement incident targeting a UK-based business consulting firm specializing in continuity planning services.
Date: 2026-03-29T05:43:25Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821633
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: United Kingdom
Victim Industry: Business Consulting
Victim Organization: Business Continuity Plan Ltd
Victim Site: businesscontinuityplanltd.com - Website defacement of mathmentorguide.com by Nicotine (Umbra Community)
Category: Defacement
Content: The educational website mathmentorguide.com was defaced by an attacker identified as Nicotine associated with the Umbra Community group on March 29, 2026. The attack targeted what appears to be a mathematics tutoring or educational guidance platform.
Date: 2026-03-29T05:42:52Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821649
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Math Mentor Guide
Victim Site: mathmentorguide.com - Website defacement of Zeya Textiles by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community team defaced the Zeya Textiles website on March 29, 2026. The defacement targeted the index.txt file of the textile companys website.
Date: 2026-03-29T05:36:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821554
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Textiles/Manufacturing
Victim Organization: Zeya Textiles
Victim Site: zeyatextiles.com - Website defacement of Grari Creation by Nicotine (Umbra Community)
Category: Defacement
Content: The website graricreation.co.in was defaced by attacker Nicotine affiliated with the Umbra Community team on March 29, 2026. The defacement targeted the index.txt file of the domain.
Date: 2026-03-29T05:36:13Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821555
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Unknown
Victim Organization: Grari Creation
Victim Site: graricreation.co.in - Website defacement of drashishchhatravala.com by Nicotine from Umbra Community
Category: Defacement
Content: The website drashishchhatravala.com was defaced by an attacker identified as Nicotine affiliated with the Umbra Community group on March 29, 2026. This appears to be an isolated defacement targeting a single website rather than a mass attack.
Date: 2026-03-29T05:35:37Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821561
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: drashishchhatravala.com - Website defacement of Alka Publication by Nicotine (Umbra Community)
Category: Defacement
Content: The website of Alka Publication, an Indian publishing company, was defaced on March 29, 2026 by an attacker known as Nicotine affiliated with the Umbra Community group. The defacement targeted the main index page of the publications website.
Date: 2026-03-29T05:35:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821564
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Publishing
Victim Organization: Alka Publication
Victim Site: alkapublication.in - Website defacement of Shreyash Mobile by Nicotine (Umbra Community)
Category: Defacement
Content: The website shreyashmobile.com was defaced by attacker Nicotine associated with the Umbra Community group on March 29, 2026. The defacement targeted what appears to be a mobile phone or telecommunications business.
Date: 2026-03-29T05:22:41Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821295
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Mobile/Telecommunications
Victim Organization: Shreyash Mobile
Victim Site: shreyashmobile.com - Website defacement of tastyrestaurant.org by Nicotine (Umbra Community)
Category: Defacement
Content: The website tastyrestaurant.org was defaced on March 29, 2026 by attacker Nicotine affiliated with the Umbra Community group. The defacement targeted the sites index page, compromising the restaurants web presence.
Date: 2026-03-29T05:22:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821299
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Food & Restaurant
Victim Organization: Tasty Restaurant
Victim Site: tastyrestaurant.org - Website defacement of thefutaniworld.com by Nicotine (Umbra Community)
Category: Defacement
Content: The website thefutaniworld.com was defaced on March 29, 2026 by an attacker identified as Nicotine affiliated with the Umbra Community group. The defacement targeted the sites index page and was archived on zone-xsec.com mirror services.
Date: 2026-03-29T05:21:34Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821300
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: thefutaniworld.com - Website defacement of Trendora Wear by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community group successfully defaced the Trendora Wear website on March 29, 2026. The defacement targeted the index.txt file of the fashion retail website.
Date: 2026-03-29T05:21:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821302
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Retail/Fashion
Victim Organization: Trendora Wear
Victim Site: trendorawear.com - Website defacement of Zoro Fitness by Nicotine (Umbra Community)
Category: Defacement
Content: The fitness website zorofitness.com was defaced by attacker Nicotine affiliated with Umbra Community on March 29, 2026. The defacement targeted the sites index page and was documented in threat intelligence repositories.
Date: 2026-03-29T05:20:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821311
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Fitness/Health
Victim Organization: Zoro Fitness
Victim Site: zorofitness.com - Website defacement of bandhursparsha.in by Nicotine (Umbra Community)
Category: Defacement
Content: The website bandhursparsha.in was defaced by attacker Nicotine associated with the Umbra Community group on March 29, 2026. This appears to be a targeted single-site defacement rather than part of a mass campaign.
Date: 2026-03-29T05:19:54Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821312
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: bandhursparsha.in - Website defacement of Adam Fritsch Auto Agent by Nicotine from Umbra Community
Category: Defacement
Content: The website of Adam Fritsch Agent Auto, a French automotive business, was defaced by an attacker using the handle Nicotine associated with the Umbra Community group on March 29, 2026.
Date: 2026-03-29T05:19:21Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821316
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: France
Victim Industry: Automotive
Victim Organization: Adam Fritsch Agent Auto
Victim Site: adamfritsch-agentauto.fr - Website defacement of Alain Varangue automotive business by Nicotine from Umbra Community
Category: Defacement
Content: The Umbra Community threat actor Nicotine successfully defaced the website of French automotive business Alain Varangue Agent Auto on March 29, 2026. This appears to be a single-target defacement rather than part of a mass campaign.
Date: 2026-03-29T05:18:48Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821319
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: France
Victim Industry: Automotive
Victim Organization: Alain Varangue Agent Auto
Victim Site: alainvarangue-agentauto.fr - Website defacement of Allan LAgent Automobile by Nicotine (Umbra Community)
Category: Defacement
Content: On March 29, 2026, the French automotive company Allan LAgent Automobiles website was defaced by attacker Nicotine affiliated with the Umbra Community group. The defacement targeted the companys main website index page.
Date: 2026-03-29T05:18:15Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821320
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: France
Victim Industry: Automotive
Victim Organization: Allan LAgent Automobile
Victim Site: allanlagentautomobile.fr - Alleged distribution of Coinbase credential combolist
Category: Combo List
Content: Threat actor distributes an 11 million record credential combolist allegedly containing Coinbase user credentials through Telegram channels offering free access to compromised account data.
Date: 2026-03-29T05:15:54Z
Network: openweb
Published URL: https://crackingx.com/threads/70267/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Financial Services
Victim Organization: Coinbase
Victim Site: coinbase.com - Website defacement of abdulhamit.org by Nicotine from Umbra Community
Category: Defacement
Content: The website abdulhamit.org was defaced by an attacker known as Nicotine, who is associated with the Umbra Community group. The defacement occurred on March 29, 2026 and targeted the sites index page.
Date: 2026-03-29T05:12:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821161
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Turkey
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: abdulhamit.org - Website defacement of digitalwaqfstudies.com by Nicotine/Umbra Community
Category: Defacement
Content: The website digitalwaqfstudies.com was defaced on March 29, 2026 by an attacker using the handle Nicotine associated with the Umbra Community group. The defacement targeted what appears to be an educational or research organization focused on Islamic studies.
Date: 2026-03-29T05:11:38Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821171
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Digital Waqf Studies
Victim Site: digitalwaqfstudies.com - Website defacement of zcria.com by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine from the Umbra Community group defaced the zcria.com website on March 29, 2026. The defacement targeted the index page of the site.
Date: 2026-03-29T05:11:07Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821175
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: zcria.com - Website defacement of abeargan.com by Nicotine (Umbra Community)
Category: Defacement
Content: Attacker Nicotine affiliated with Umbra Community conducted a redefacement of abeargan.com on March 29, 2026. This represents a follow-up attack on a previously compromised target.
Date: 2026-03-29T05:10:33Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821176
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: abeargan.com - Website defacement of adcreating.ai by Nicotine (Umbra Community)
Category: Defacement
Content: The adcreating.ai website was defaced by attacker Nicotine affiliated with the Umbra Community group on March 29, 2026. The incident targeted an AI-based advertising technology platform.
Date: 2026-03-29T05:10:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821195
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Technology/Advertising
Victim Organization: AdCreating
Victim Site: adcreating.ai - Website defacement of adcreating.com by Nicotine from Umbra Community
Category: Defacement
Content: The attacker Nicotine affiliated with Umbra Community defaced the adcreating.com website on March 29, 2026. This appears to be a single-target defacement rather than part of a mass campaign.
Date: 2026-03-29T05:09:27Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821196
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: Unknown
Victim Industry: Advertising/Marketing
Victim Organization: Unknown
Victim Site: adcreating.com - Website defacement of Align and Smile dental clinic by Nicotine (Umbra Community)
Category: Defacement
Content: Dental clinic website in Bangalore, India was defaced by attacker Nicotine affiliated with Umbra Community group on March 29, 2026. The defacement targeted a healthcare organizations web presence.
Date: 2026-03-29T05:03:24Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821028
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Healthcare
Victim Organization: Align and Smile Bangalore
Victim Site: alignandsmilebangalore.com - Website defacement of Nirmal Pest Solutions by Nicotine (Umbra Community)
Category: Defacement
Content: The website of Nirmal Pest Solutions was defaced on March 29, 2026 by the attacker Nicotine associated with the Umbra Community group. This appears to be a single-target defacement incident affecting a pest control services company.
Date: 2026-03-29T05:02:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821059
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Pest Control Services
Victim Organization: Nirmal Pest Solutions
Victim Site: nirmalpestsolutions.com - Website defacement of Priyankaa Exports by Nicotine (Umbra Community)
Category: Defacement
Content: Priyankaa Exports website was defaced by attacker Nicotine from the Umbra Community group on March 29, 2026. The defacement targeted the companys main index page.
Date: 2026-03-29T05:02:16Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821064
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Export/Trade
Victim Organization: Priyankaa Exports
Victim Site: priyankaaexports.com - Website defacement of Ritvika Solar by Nicotine (Umbra Community)
Category: Defacement
Content: The website ritvikasolar.com was defaced by attacker Nicotine associated with the Umbra Community group on March 29, 2026. The defacement targeted a solar energy companys website.
Date: 2026-03-29T05:01:42Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821068
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Solar Energy
Victim Organization: Ritvika Solar
Victim Site: ritvikasolar.com - Website defacement of Sparkling Events by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine, affiliated with Umbra Community, defaced the Sparkling Events website on March 29, 2026. The defacement targeted the index page of the Indian event management companys website.
Date: 2026-03-29T05:01:09Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821085
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Event Management
Victim Organization: Sparkling Events
Victim Site: sparkling-events.in - Website defacement of Subha Pradha Power by Nicotine (Umbra Community)
Category: Defacement
Content: The attacker Nicotine from the Umbra Community group successfully defaced the website of Subha Pradha Power, an Indian power company, on March 29, 2026.
Date: 2026-03-29T05:00:36Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821086
Screenshots:
None
Threat Actors: Nicotine, Umbra Community
Victim Country: India
Victim Industry: Energy/Power
Victim Organization: Subha Pradha Power
Victim Site: subhapradhapower.in - Alleged data breach of E-campus Intérieur
Category: Data Breach
Content: The threat actor claims to have leaked a dataset from the E-campus Intérieur platform containing approximately 176,317 records of French government personnel.The compromised data reportedly includes names, email addresses, location details, training course information, access history, and certification/badge data.
Date: 2026-03-29T04:59:53Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-FR-E-campus-Int%C3%A9rieur%C2%A0-%C2%A0-176K-Governments-Agents
Screenshots:
None
Threat Actors: Tanaka
Victim Country: France
Victim Industry: Government & Public Sector
Victim Organization: e-campus intérieur
Victim Site: e-campus.interieur.gouv.fr - Alleged unauthorized Access to unidentified Industrial Facility from Germany
Category: Initial Access
Content: The group claims to have gained unauthorized access to unidentified Industrial Facility from Germany.
Date: 2026-03-29T04:56:32Z
Network: telegram
Published URL: https://t.me/nullsechackers/876
Screenshots:
None
Threat Actors: Nullsec Philippines
Victim Country: Germany
Victim Industry: Mechanical or Industrial Engineering
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of unidentified Database from China
Category: Data Leak
Content: The group claims to be leaked data from unidentified Database from China.
Date: 2026-03-29T04:42:05Z
Network: telegram
Published URL: https://t.me/DedaleOffice/1235
Screenshots:
None
Threat Actors: Dedale Office
Victim Country: China
Victim Industry: Government Administration
Victim Organization: Unknown
Victim Site: Unknown - Alleged Sale of Darknet Directory Nodes
Category: Data Leak
Content: The threat actor claims to be selling a dataset allegedly associated with Darknet Directory Nodes The dataset contains Uncategorized, raw operational data. Ranging from black markets, leaks, security boards, to financial portals.
Date: 2026-03-29T04:41:45Z
Network: openweb
Published URL: https://darkforums.su/Thread-META-DUMP-47k-Raw-Darknet-Directory-Nodes-Flattened-Deduplicated-JSON-2026
Screenshots:
None
Threat Actors: devil_mae
Victim Country: Unknown
Victim Industry: Computer & Network Security
Victim Organization: darknet directory nodes
Victim Site: Unknown - Alleged Data breach of Under Armour
Category: Data Breach
Content: The group claims to have leaked data from Under Armour. The compromised data reportedly contains 72.7 million records including, Dates of birth, Email addresses, Genders, Geographic lоcations, Names, Purchаses information.
Date: 2026-03-29T04:30:56Z
Network: telegram
Published URL: https://t.me/DedaleOffice/1231
Screenshots:
None
Threat Actors: Dedale Office
Victim Country: USA
Victim Industry: Sports
Victim Organization: under armour
Victim Site: underarmour.com - Alleged data breach of Fluchos
Category: Data Breach
Content: The threat actor claims to have breached Fluchos and extracted a dataset of approximately 135,000 records from an internal MSSQL database.The compromised data reportedly includes full names, phone numbers, and email addresses.
Date: 2026-03-29T04:30:32Z
Network: openweb
Published URL: https://spear.cx/Thread-ES-Fluchos-com
Screenshots:
None
Threat Actors: vodka
Victim Country: Spain
Victim Industry: Manufacturing
Victim Organization: fluchos
Victim Site: fluchos.com - Alleged Data breach of Shanghai Big Data Center
Category: Data Breach
Content: The group claims to have leaked data from Shanghai Big Data Center. The compromised data reportedly contains 5 Million records including, scan time, is foreigner, company name, name, card, color, scan method, scan id, scan wd information.
Date: 2026-03-29T04:25:17Z
Network: telegram
Published URL: https://t.me/DedaleOffice/1230
Screenshots:
None
Threat Actors: Dedale Office
Victim Country: China
Victim Industry: Government & Public Sector
Victim Organization: shanghai big data center
Victim Site: shanghai.gov.cn - Alleged Sale of Chinese Online Gambling Customers Database
Category: Data Leak
Content: The threat actor claims to be selling a dataset allegedly associated with Chinese Online Gambling Customers platform. The dataset contains User ID, User Mobile Account, Name, Login Frequency, Login IP, Real Login Address, Registered IP, Member, VIP Name, Recharge Amount, Recharge Time, Maximum Recharge Amount, Withdrawal Amount, Withdrawal Time, Maximum Withdrawal.
Date: 2026-03-29T04:24:37Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Chinese-online-gambling-customers-3300K
Screenshots:
None
Threat Actors: DDying
Victim Country: China
Victim Industry: Gambling & Casinos
Victim Organization: chinese online gambling
Victim Site: Unknown - Alleged data leak of 12,000 Netherland personal data
Category: Data Leak
Content: The group claims to have leaked 12,000 personal data from Netherlands. The exposed dataset reportedly includes sex, full name, date of birth, email, phone number, and IBAN.
Date: 2026-03-29T04:19:33Z
Network: telegram
Published URL: https://t.me/DedaleOffice/1233
Screenshots:
None
Threat Actors: Dedale Office
Victim Country: Netherlands
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Mossad
Category: Data Breach
Content: The threat actor claims to have leaked a database allegedly linked to Mossad, containing approximately 1 million records of personal information.The compromised data reportedly includes full names, national ID numbers, addresses, dates of birth, email addresses, and phone numbers.
Date: 2026-03-29T04:13:12Z
Network: openweb
Published URL: https://breachforums.sb/Thread-1-MILLION-LEAK-DATABASE-MOSSAD-INTELEGENT-ISRAEL
Screenshots:
None
Threat Actors: KimimaruVOID
Victim Country: Israel
Victim Industry: Government & Public Sector
Victim Organization: mossad
Victim Site: mossad.gov.il - Alleged unauthorized Access to unidentified Kitchen Appliance store from Israel
Category: Initial Access
Content: The group claims to have gained unauthorized access to unidentified Kitchen Appliance store from Israel. The access includes 2 TB of data records.
Date: 2026-03-29T04:05:22Z
Network: telegram
Published URL: https://t.me/Anon_Israel35/61
Screenshots:
None
Threat Actors: Anonymous, For Justice
Victim Country: Israel
Victim Industry: Retail Industry
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Breach of Fiscalia General de Justicia del Estado de Tamaulipas
Category: Data Breach
Content: The threat actor claims to have leaked data from the Fiscalia General de Justicia del Estado de Tamaulipas on 30 January 2026 . The compromised data reportedly contains 2,896 records, The exposed data fields allegedly include Name, CURP, RFC, Last Name, Email Address, Postal Code, Type of Association, Registration Date, Validation Date, System, Serial Number, etc.
Date: 2026-03-29T04:04:45Z
Network: openweb
Published URL: https://darkforums.su/Thread-Data-leak-of-Fiscalia-General-de-Justicia-del-Estado-de-Tamaulipas-MX–71578
Screenshots:
None
Threat Actors: adrxx_Chronus
Victim Country: Mexico
Victim Industry: Public Safety
Victim Organization: fiscalia general de justicia del estado de tamaulipas
Victim Site: fgjtam.gob.mx - Alleged Sale of Unauthorized Access to 363 FTP Accounts
Category: Initial Access
Content: Threat Actor claims to be selling access to 363 compromised FTP accounts. It includes FTP connection details with corresponding usernames and passwords.
Date: 2026-03-29T04:00:52Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279415/
Screenshots:
None
Threat Actors: hubert
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Sale of Unauthorized Access to 117 Jenkins Accounts
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized access to 117 compromised Jenkins accounts. It includes URLs along with associated usernames and passwords.
Date: 2026-03-29T03:58:57Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279417/
Screenshots:
None
Threat Actors: hubert
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Breach of Instituto Estatal de Investigacion y Formación Interdisciplinaria
Category: Data Breach
Content: The threat actor claims to have leaked data from the Instituto Estatal de Investigacion y Formación Interdisciplinaria on 30 January 2026 . The compromised data reportedly contains 1,308 records, The exposed data fields allegedly include Name, Role, Email.
Date: 2026-03-29T03:52:27Z
Network: openweb
Published URL: https://darkforums.su/Thread-Data-leak-of-Instituto-Estatal-de-Investigacion-y-Formaci%C3%B3n-Interdisciplinaria-MX
Screenshots:
None
Threat Actors: adrxx_Chronus
Victim Country: Mexico
Victim Industry: Government Administration
Victim Organization: instituto estatal de investigacion y formación interdisciplinaria
Victim Site: ieifi.fgebc.gob.mx - Alleged leak of European educational institution credentials
Category: Combo List
Content: A threat actor shared a combolist containing 198,544 credential pairs allegedly targeting European educational institutions. The data is being distributed for free via a file sharing service.
Date: 2026-03-29T03:51:35Z
Network: openweb
Published URL: https://crackingx.com/threads/70265/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown - Alleged Sale of Unauthorized Access to 760 Webmail Accounts Across Multiple Platforms
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized access to 760 compromised webmail accounts across multiple platforms, including OWA, cPanel, Rainloop, Roundcube, and Sendy. It includes a breakdown of accounts by service, with the majority associated with OWA and Roundcube, and includes login URLs with corresponding email addresses and passwords, indicating potential unauthorized access to various mail servers, including government and corporate domains.
Date: 2026-03-29T03:49:19Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279412/
Screenshots:
None
Threat Actors: hubert
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data Breach of Instituto Nacional de Perinatologia
Category: Data Breach
Content: The threat actor claims to have leaked data from the Instituto Nacional de Perinatologia on 30 January 2026. The compromised data reportedly contains +24 dbs.
Date: 2026-03-29T03:45:11Z
Network: openweb
Published URL: https://darkforums.su/Thread-Data-leak-of-Instituto-Nacional-de-Perinatologia-MX
Screenshots:
None
Threat Actors: adrxx_Chronus
Victim Country: Mexico
Victim Industry: Public Relations/PR
Victim Organization: instituto nacional de perinatologia
Victim Site: inper.mx - Alleged Data Breach of Partido Morena
Category: Data Breach
Content: The threat actor claims to have leaked data from the Partido Morena on 30 January 2026 . The compromised data reportedly contains 26,899 records, The exposed data fields allegedly include Name, Voter ID Number, Immigration ID, CURP, RFC, Last Name, Email Address, Postal Code, Type of Association, Registration Date, Validation Date, System, Serial Number, etc.
Date: 2026-03-29T03:39:21Z
Network: openweb
Published URL: https://darkforums.su/Thread-Data-leak-of-Afiliados-al-partido-de-Morena-MX
Screenshots:
None
Threat Actors: adrxx_Chronus
Victim Country: Mexico
Victim Industry: Political Organization
Victim Organization: partido morena
Victim Site: consejonacionalmorena.mx - Website defacement of kart.bet by demonsfacers
Category: Defacement
Content: The threat actor demonsfacers defaced the gambling website kart.bet on March 29, 2026. The defacement targeted a specific upload directory on the site rather than the main homepage.
Date: 2026-03-29T03:36:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821025
Screenshots:
None
Threat Actors: demonsfacers, demonsfacers
Victim Country: Unknown
Victim Industry: Gaming/Gambling
Victim Organization: Unknown
Victim Site: kart.bet - Alleged data breach of Cegedim
Category: Data Breach
Content: The threat actor claims to have breached Cegedim and obtained a dataset containing approximately 300,000 records of sensitive healthcare-related information.The compromised data reportedly includes patient personal details such as names, gender, dates of birth, phone numbers, and full addresses, along with medical-related notes.
Date: 2026-03-29T03:35:49Z
Network: openweb
Published URL: https://spear.cx/Thread-Database-FR-CEGEDIM-300k
Screenshots:
None
Threat Actors: marinelepen
Victim Country: France
Victim Industry: Healthcare & Pharmaceuticals
Victim Organization: cegedim
Victim Site: cegedim.com - Alleged data breach of Le Petit Vapoteur
Category: Data Breach
Content: The threat actor claims to be selling a database of Le Petit Vapoteur containing information on approximately 3.3 million customers and 599 employees.The compromised data reportedly includes customer personal details such as names, birthdates, email addresses, phone numbers, physical addresses, and IP logs.
Date: 2026-03-29T03:33:48Z
Network: openweb
Published URL: https://breachforums.sb/Thread-FRENCH-Le-Petit-Vapoteur-Database-Leak-3-3M-Customers-Employee-Data
Screenshots:
None
Threat Actors: undef
Victim Country: France
Victim Industry: Retail Industry
Victim Organization: le petit vapoteur
Victim Site: lepetitvapoteur.com - Alleged Sale of Unauthorized Access to 290 GitLab Accounts
Category: Initial Access
Content: Threat Actor claims to be selling unauthorized access to 290 compromised GitLab accounts. It includes login URLs along with corresponding usernames and passwords.
Date: 2026-03-29T03:29:37Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/279409/
Screenshots:
None
Threat Actors: hubert
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged data breach of Gauteng City Region Academy
Category: Data Breach
Content: The threat actor claims to have breached the Gauteng City Region Academy (GCRA) and exfiltrated a large dataset from its internal systems.The compromised data is reported to include approximately 429,473 files with a total size of around 147 GB, allegedly originating from the organization’s bursary system managing student funding and academic records.
Date: 2026-03-29T03:26:09Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-Gauteng-City-Region-Academy-GCRA-Breach-147-GB
Screenshots:
None
Threat Actors: XP95
Victim Country: South Africa
Victim Industry: Education
Victim Organization: gauteng city region academy
Victim Site: gcrabursary.gauteng.gov.za - Alleged Data Breach of Comisión Nacional de Seguros y Fianzas
Category: Data Breach
Content: The threat actor claims to have leaked data from the Comisión Nacional de Seguros y Fianzas on 30 January 2026 . The compromised data reportedly contains 95,178 records, The exposed data fields allegedly include Photo of the Customer, Full name, CURP, RFC, ID number, Validity, Occupation.
Date: 2026-03-29T03:23:43Z
Network: openweb
Published URL: https://darkforums.su/Thread-Data-leak-of-Comision-Nacional-de-Seguros-y-Fianzas-MX
Screenshots:
None
Threat Actors: adrxx_Chronus
Victim Country: Mexico
Victim Industry: Insurance
Victim Organization: comisión nacional de seguros y fianzas
Victim Site: cnsf.gob.mx - Alleged Data Breach of Policia de San Pedro Garza Garcia
Category: Data Breach
Content: The threat actor claims to have leaked data from the Policia de San Pedro Garza Garcia on 06 March 2026 . The compromised data reportedly contains 4,455 records, The exposed data fields allegedly include Name, Telephone, Cell Phone, Email, Municipality and Postal Code.
Date: 2026-03-29T03:23:18Z
Network: openweb
Published URL: https://darkforums.su/Thread-Data-leak-of-Policia-de-San-Pedro-Garza-Garcia-MX
Screenshots:
None
Threat Actors: adrxx_Chronus
Victim Country: Mexico
Victim Industry: Government Administration
Victim Organization: policia de san pedro garza garcia
Victim Site: sanpedro.gob.mx - Alleged data breach of Salla
Category: Data Breach
Content: The threat actor claims to have leaked a dataset allegedly sourced from Salla. The dataset reportedly includes detailed customer contact information such as first and last names, nicknames, dates of birth, ages, email addresses, phone numbers, mobile numbers, and linked social media accounts.
Date: 2026-03-29T03:09:37Z
Network: openweb
Published URL: https://darkforums.su/Thread-Selling-684k-Saudi-Arabia-https-salla-sa-User-profiles-with-contact-info-and-purchase-h
Screenshots:
None
Threat Actors: Grubder
Victim Country: Saudi Arabia
Victim Industry: E-commerce & Online Stores
Victim Organization: salla
Victim Site: salla.sa - Alleged leak of Hotmail credentials
Category: Combo List
Content: Actor redcloud shared a free download link to a credential list containing 2.7K Hotmail email accounts with valid access, dated March 29, 2026.
Date: 2026-03-29T03:06:37Z
Network: openweb
Published URL: https://crackingx.com/threads/70264/
Screenshots:
None
Threat Actors: redcloud
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged Data breach of OfferteCartucce
Category: Data Breach
Content: The group claims to have leaked data from OfferteCartucce. The compromised data reportedly contains 229,000 Users records including, first name, billing, last name, phone number ,company, version ,email, id and much more information.
Date: 2026-03-29T03:05:03Z
Network: telegram
Published URL: https://t.me/DedaleOffice/1229
Screenshots:
None
Threat Actors: Dedale Office
Victim Country: Italy
Victim Industry: E-commerce & Online Stores
Victim Organization: offertecartucce
Victim Site: offertecartucce.com - Alleged Data breach of Art Among The Flowers
Category: Data Breach
Content: The group claims to have leaked data from Art Among The Flowers. The compromised data reportedly contains 15,300 customer records including, Full Names, Addresses, Email Addresses, Phone Numbers and Order Information.
Date: 2026-03-29T02:52:49Z
Network: telegram
Published URL: https://t.me/DedaleOffice/1227
Screenshots:
None
Threat Actors: Dedale Office
Victim Country: USA
Victim Industry: Retail Industry
Victim Organization: art among the flowers
Victim Site: artamongtheflowers.com - Alleged distribution of credential combinations from multiple countries
Category: Combo List
Content: Threat actor distributes credential combinations from multiple countries including Germany, France, Italy, Switzerland, and China through Telegram channels. The actor offers free access to combolists and programs through dedicated Telegram groups.
Date: 2026-03-29T02:28:09Z
Network: openweb
Published URL: https://crackingx.com/threads/70262/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Hotmail credentials on cybercriminal forum
Category: Combo List
Content: A cybercriminal forum user allegedly shared a combolist containing 42,000 Hotmail email credentials marked as valid for forum access.
Date: 2026-03-29T02:19:06Z
Network: openweb
Published URL: https://crackingx.com/threads/70261/
Screenshots:
None
Threat Actors: ValidMail
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - UserSec claims to target European telecommunications infrastructure.
Category: Alert
Content: A recent post by the group indicates that they have allegedly gained access to European telecommunications infrastructure and communication systems, including organizations such as Ericsson, Telecom Italia, Loytec, MDT Technologies, and Eurolab with a particular focus on Italy.
Date: 2026-03-29T02:04:11Z
Network: telegram
Published URL: https://t.me/usersecc/649?single
Screenshots:
None
Threat Actors: UserSec
Victim Country: Unknown
Victim Industry: Network & Telecommunications
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of Hotmail credential list
Category: Combo List
Content: A threat actor is allegedly distributing a credential list containing Hotmail email and password combinations through Telegram. The actor claims the credentials are valid and high quality.
Date: 2026-03-29T01:57:59Z
Network: openweb
Published URL: https://crackingx.com/threads/70260/
Screenshots:
None
Threat Actors: noir
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Microsoft
Victim Site: hotmail.com - Alleged leak of educational domain credentials
Category: Combo List
Content: Threat actor shared a combolist containing 158,603 credentials targeting educational domain users. The credential list is being distributed for free download via cloud storage.
Date: 2026-03-29T01:37:51Z
Network: openweb
Published URL: https://crackingx.com/threads/70256/
Screenshots:
None
Threat Actors: HQcomboSpace
Victim Country: Unknown
Victim Industry: Education
Victim Organization: Unknown
Victim Site: Unknown - Alleged distribution of gaming and technology platform credential combolist
Category: Combo List
Content: Threat actor distributes a combolist containing 17 million credentials allegedly from gaming platforms like Minecraft, productivity services like Office, and development platforms including GitHub and GitLab. The credentials are being shared through Telegram channels rather than sold.
Date: 2026-03-29T00:58:31Z
Network: openweb
Published URL: https://crackingx.com/threads/70252/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Technology
Victim Organization: Unknown
Victim Site: Unknown - Alleged data leak of credential dump containing 20GB of login credentials
Category: Combo List
Content: A threat actor shared a 20GB credential dump containing login credentials in URL:LOGIN:PASS format on a cybercriminal forum. The post requires registration to view full details.
Date: 2026-03-29T00:39:51Z
Network: openweb
Published URL: https://crackingx.com/threads/70251/
Screenshots:
None
Threat Actors: Knight
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged Data breach of Integratek
Category: Data Breach
Content: The group claims to have leaked data from Integratek. The compromised data reportedly contains Email, First Name, Last Name, Country information.
Date: 2026-03-29T00:38:46Z
Network: telegram
Published URL: https://t.me/ruskinetgroup/126
Screenshots:
None
Threat Actors: RuskiNet Group
Victim Country: Spain
Victim Industry: Education
Victim Organization: integratek
Victim Site: integratek.es - Website defacement of icbbuahati.com by ARJUN-X001 (KEJE ARMY)
Category: Defacement
Content: ARJUN-X001 from the KEJE ARMY group successfully defaced the icbbuahati.com website on March 29, 2026. This was a targeted single-site attack rather than a mass defacement campaign.
Date: 2026-03-29T00:31:46Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/821024
Screenshots:
None
Threat Actors: ARJUN-X001, KEJE ARMY
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: icbbuahati.com - Alleged distribution of SMTP-targeted credential combinations
Category: Combo List
Content: Threat actor distributing a 7 million record SMTP-targeted credential combination list through Telegram channels. The actor operates multiple Telegram groups offering free credential lists and programs for credential testing activities.
Date: 2026-03-29T00:30:36Z
Network: openweb
Published URL: https://crackingx.com/threads/70247/
Screenshots:
None
Threat Actors: CODER
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown - Alleged leak of credential combolist containing 36 million records
Category: Combo List
Content: A threat actor shared a combolist containing 36 million URL:LOGIN:PASS credential combinations on a cybercrime forum. The post content is restricted and requires forum registration to view full details.
Date: 2026-03-29T00:30:16Z
Network: openweb
Published URL: https://crackingx.com/threads/70250/
Screenshots:
None
Threat Actors: Knight
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown