[March-4-2026] Daily Cybersecurity Threat Report

1. Executive Summary

This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data. The analyzed dataset comprises 114 distinct cybersecurity events primarily recorded on March 4, 2026. The threat landscape depicted in this data is highly active, characterized by a massive volume of data breaches, politically motivated website defacements, the sale of unauthorized initial access, and the distribution of malware.

2. Threat Actor Campaigns & Attributed Activities

Several prominent threat actors and hacktivist groups demonstrated coordinated, high-volume campaigns targeting specific regions or sectors.

2.1. The “Eliphas” Data Breach Campaign

The threat actor identified as “Eliphas” was highly active, predominantly focusing on leaking and selling databases across various global industries.

ubx.ubook.com: Eliphas claimed to have leaked data from ubx.ubook.com. The compromised data reportedly contains 706,781 records. The exposed data fields allegedly include Full names Email addresses, Dates of birth, Gender, Profile photos, User type information.
Total Wood Flooring (UK): The actor leaked a database allegedly sourced from TotalWoodFlooring.co.uk (WDW Trading), claiming it contains over 7,263 order records in CSV format from 2018 to 2024. This allegedly included customer full names, email addresses, complete UK delivery and billing addresses, phone numbers, order totals and statuses, payment methods, purchase dates, and company details for business orders.
Stripe: Eliphas claimed to have leaked a database allegedly containing 23,811 Stripe payment transaction records. The allegedly exposed data include Credit card last four digits, Card brand (Visa, MasterCard), Card expiration dates, Billing addresses, Customer email addresses, and Transaction amounts from around 2020.
Florida Department of Business & Professional Regulation: Claimed to have leaked data containing Professional Details, Personal Information, and Education Data.
Cyepro CRM (India): Claimed to have obtained an Indian automotive dealership CRM database containing customer lead data, full contact information, addresses, vehicle preferences, and financial-related details.
ICICI Bank (India): Claimed to possess a 3.5GB PostgreSQL database dump allegedly from ICICI Bank’s Fastag system. The data reportedly contains customer PII, PAN numbers with verification status, vehicle registration details, payment data, and third-party verification responses.
Other Targets: Eliphas also claimed data breaches affecting izoShop.ro (Romania) , GOSIM (Georgia) , Accutech Home Inspection (USA) , PuertoRico.com (USA) , and a French PrestaShop database belonging to rybb.fr.

2.2. The “EXADOS” Thailand Defacement Campaign

A threat group named “EXADOS” conducted a highly focused website defacement campaign targeting local government infrastructure in Thailand.

The group claims to have defaced the website of Don Yai Subdistrict Administrative Organization.
The group claims to have defaced the website of Ban Kaun Subdistrict Administrative Organization.
The group claims to have defaced the website of Tha Phaya Subdistrict Administrative Organization.
The group claims to have defaced the website of Khuan Kun Subdistrict Municipality.
The group claims to have defaced the website of Tha Tako Subdistrict Municipality.
The group claims to have defaced the website of Laem Sak Subdistrict Administrative Organization.

2.3. “mr exsploit wmc” Defacements in Israel

The threat actor “mr exsploit wmc” systematically targeted Israeli commercial websites for defacement.

The group claims to have defaced the website of Tick Transportation.
The group claims to have defaced the website of CREATIVE MARKETING.
The group claims to have defaced the website of dog-il.co.il.
The group claims to have defaced the website of hagilad-6.co.il.
The group claims to have defaced the website of Meital Kostika.
The group claims to have defaced the website of Tomato Pizza.
The group claims to have defaced the website of Memecoins.
The group claims to have defaced the website of Diamonds Spa.

2.4. “Shadow Warrior” Data Leaks

The actor “Shadow Warrior” executed multiple alleged data breaches across various sectors.

Duck DNS: A threat actor claims to have leaked the database of duckdns.org. The leaked data reportedly includes user account records, login credentials, usernames, passwords, IP addresses, user agents, and client activity logs.
Guidedev: A threat actor claims to have leaked the database of Guidedev User Database. The leaked data reportedly includes use account details including names, emails, phone numbers, and payment-related information.
Make Bookings Online: The leaked data reportedly includes room service details, booking records, and guest information such as booking IDs, room details, guest names, contact information, nationality, passport details, itinerary data, and booking timestamps.
Listgram: The leaked data reportedly includes chat message records containing chat IDs, user IDs, message text, media references, contact details, and message timestamps etc.
Additional targets: Claimed breaches of Lalo Electronics (Spain) and Digital Smart Pay (India).

2.5. “Fatimion cyber team” Operations Targeting Jordan

The “Fatimion cyber team” engaged in a sustained campaign of cyberattacks, defacements, and alerts aimed at the Kingdom of Jordan.

A recent post by the group indicates that they are targetting multiple government websites of Jordan.
A threat actor claims to have breached the database of Jordan Media Institute. The group claims to have defaced the website of Jordan Media Institute.
A recent post by the group indicates that the cyberattack to the official website of the Jordanian Armed Forces resulted in access to the systems databases.
A recent post by the group indicates that they are targeting the Kingdom of Jordan.
A recent post by the group indicates that they are targeting Saraya News Agency.

2.6. “404 CREW CYBER TEAM” Operations

This group focused on industrial access and vulnerability disclosures.

Iran: The group claims to have gained unauthorized access to Palayesh Parsian Sepehr Gas Refinery in Iran, alleging exploitation of authentication mechanisms within the refinery’s web infrastructure. They claims to have bypassed Cloudflare protections, extracted a security nonce from application scripts, enumerated administrative credentials, and interacted with backend AJAX and Heartbeat APIs to obtain system synchronization data.
Argentina: The group claims to have leaked XSS vulnerabilities in Cijuso , REUNATA , AMITOSAI , and Agenda Energetica. They also claimed a data leak of Circulo de Kinesiologos.

3. Threat Landscape by Attack Category

3.1. Data Breaches

Data breaches constituted the vast majority of incidents reported, affecting massive populations and diverse institutions globally.

France: The threat actor “HexDex” claims to have leaked approximately 66,000 records belonging to individuals and families assisted by the CCAS of Dunkerque between 2009 and 2026. The same actor claims to have breached a database from Banques Alimentaires, allegedly containing sensitive information on 659,658 families (approximately 1,462,485 individuals), with records spanning from 2012 to 2026. “neurotoxine” claimed a data leak of Brouillon de Culture bookstore with 8,220 users. “GoldenCrazy” claimed to be selling the complete software packages LRPPN3, AGDR, AMTFGS, and SNPC, allegedly used by the French National Police and the French National Gendarmerie. “Bouzilleur2Naine” leaked infrastructure and personal data from YGG Torrent.
Mexico: “Eternal” claims to have leaked over 790GB of data allegedly belonging to Servicios de Agua y Drenaje de Monterrey, including full names, residential addresses, and water consumption data. “MagoSpeak” claimed a breach of 7,440 records from UAEMex and claimed to have compromised data from all universities in Mexico, including Universidad de la Salud.
Venezuela: A threat actor claims to be selling a large dataset allegedly belonging to Krece. The database allegedly contains over 1.3 million unique sales records, thousands of store profiles and payment method entries, more than 126,000 debtor records, and over 4.5 million transaction history logs. The exposed data reportedly includes full names, national ID numbers, phone numbers, email addresses, device details such as model and IMEI numbers, store and seller information, bank account details, internal API credentials, and financial transaction and debt records.
Israel: “CyznetAdel” claimed to have leaked a database allegedly containing the WhatsApp phone numbers of 133,300 Israeli citizens. “FAD Team” claimed to have leaked data of 200 Israeli civilians and journalists. “Handala Hack” claims to have breached systems associated with the Institute for National Security Studies (INSS) in Israel, alleging prolonged access to internal communications, confidential correspondence, and discussions from high-level meetings. “XZeeoneOfc” claims to have leaked an Israeli Mossad agent database.
China: A threat actor claims to have leaked a database allegedly linked to Foreign Enterprise Services Corporation (FESCO) it contains confidential documents related to personnel from China’s Ministry of State Security (MSS) embedded within enterprise environments. The dataset allegedly includes Personal records and resumes of national security cadres, Employment contracts, including documents referencing ABB Beijing Drive Systems Co., Ltd.
Canada: A threat actor claims to be selling 25,000 international passport scans and 285,000 confidential documents allegedly sourced from the Canadian permanent residence system.
USA: “random0392109” claims a breach of Gecko Custom featuring 668,000 order records. “anon2589” claims to have leaked a dataset to HonkMe, allegedly containing 370,673 user records. “betway” claims to be selling a database containing 35 million U.S.-based leads described as private & fresh.
India: The threat actor claims to have leaked the database of multiple Indian regional cable broadband operators, the dataset contains subscriber contact details, geographic location information. “Pakistan Cyber Force” claims to have conducted coordinated cyberattacks resulting in alleged data breaches and system wiping affecting Indian Railway Catering and Tourism Corporation, Odisha Government employee records, Indian Oil Corporation Limited, National Thermal Power Corporation, and ICICI Bank.
Indonesia: “Shenira6core” claims a data breach of KEMENDIKNAS. Another threat actor claims to be leaked a database containing 2,000 unique customer records allegedly related to Indonesian gold and jewelry clients.
Other Notable Leaks: Reitschule Bern in Switzerland , Tikstar (AI TikTok analytics platform) , kippu , Rasi Seeds (India) , San Marino Agroavícola S.A. (Colombia) , Pilki Nail Studios (Russia) , DIAN appointment scheduling platform (Colombia) , Rio Datacentro (Brazil) , logistics and roads sector in Tunisia , RoundOne AI (UK) , QRS MEDICAL Ltd (Israel) , and United Russia.

3.2. Initial Access Brokering

Threat actors offered unauthorized initial access to various global networks.

Tunisia: The group “Fire Wire” claims to have gained unauthorized access to the administrative login portal of RIMESSE DELIVERY in Tunisia.
Spain: Threat actor “GEOLORD” claims to be selling unauthorized admin and shell access to a Spain-based PrestaShop e-commerce store.
Italy: Threat actor “Anon-WMG” claims to be selling unauthorized FTP server access to an Italy-based company operating in the Architecture, Engineering & Construction sector.
USA: “CodeStudio” claims to be selling unauthorized admin panel access to a Magento-based website in the United States. “Benneton” claims to be selling unauthorized RPC/Domain access to a U.S.-based dental organization.
Bahrain/USA: “savel987” claims to be selling unauthorized access to an online perfume shop based in Bahrain, USA.
Israel: Z-PENTEST ALLIANCE claims unauthorized access to the internal management system of a restaurant/bar operating under the Alto Presto brand in Israel, alleging full control over a POS terminal. They also claimed unauthorized access to an unidentified water supply management system in Israel. Desinformador ruso claims to have gained unauthorized access to pump control and water supply system in Israel , as well as access to the control system of a flour factory in Israel.

3.3. Malware Distribution

The dataset highlighted the sale and distribution of sophisticated malware tools.

RAT Pack Collection Volume 2: A threat actor “Starip” is offering RAT Pack Collection Volume 2, an archive containing multiple remote administration tools (RATs) that showcase different command-and-control architectures, client-server communication methods, and session management mechanisms.
YouTube Toolbox: “Starip” is offering a cracked YouTube Toolbox automation suite, a modular framework with a control panel that includes identity generation, proxy management, validation workflows, and API-driven automation modules designed for structured task execution and routing.
NIM-Based Loader: A threat actor “platovoplomo” claims to be selling the source code of a NIM-based malware loader that uses steganography to hide shellcode in files such as PNG or DOCX. The loader reportedly includes compile-time polymorphism, a custom virtual machine with JIT compilation, and evasion techniques to remain FUD.
Qatar RAT 2026: Threat actor “rippors” claims to be selling Qatar RAT 2026 advertised as a next-generation remote administration tool capable of controlling and managing compromised systems.

3.4. Cyberattack Alerts

Several hacktivist groups issued alerts indicating impending or ongoing campaigns.

DieNet: Indicated they are targeting Israeli websites. DieNet Media Corporation claims that they will target Middle Eastern countries that support the United States by hosting its military bases. The statement suggests that members, along with affiliated entities such as TOIPOI, are reactivating remote access services. DieNet also claimed to target government of gulf countries that support USA. They also claimed to have hacked the employees of thevEDCO Electricity Distribution Company in Jordan.
Golden falcon: Indicates that they are targetting a unidentified THAD System. They also indicate that they will be launching a cyberattack on the USA.
TRoLL Team: Indicates that they are targeting IRIB TV2 in Iran.
FAD Team: Indicates that they will be leaking a file containing over 200 phone numbers which belongs to journalists, civilians, political parties, major news channels, and Israeli soldiers.
Keymous Plus: Indicates that they are targeting AWS Online services in middle east.
mehwargun: Indicates that they are targeting American bank.

3.5. Defacements

Beyond EXADOS and mr exsploit wmc, other defacement campaigns occurred globally.

Team Bangladesh cyber squad: The group claims to have defaced the website of Ideal Vision Events LLC in the UAE.
HellR00ters Team: The group claims to have defaced the website of Nadav Dahan in Israel.
Evil Markhors -Dark Side of Pakistan Alliance: The group claims to have defaced the website of Israel Defense.
DEFACER INDONESIAN TEAM: The group claims to have defaced the website of Free (Iliad Group) in France. They also targeted GolfVue in the UK.
SILENT ERROR SYSTEM: The group claims to have defaced the website of Classy Car in Nigeria.
chinafans: Targeted Koshesh Machinery Azar (Iran) , Adlio (Iran) , PB Digital (Israel) , and New Era Consultancy (UAE).
Rayzky_: The group claims to have defaced the website ntm.ae in the UAE.

4. Conclusion

The draft dataset reflects a highly volatile global cyber environment defined by widespread data extortion, initial access brokering, and politically driven hacktivism. Threat actors like Eliphas and Shadow Warrior demonstrate the persistent financial motivation behind mass data exfiltration and brokering, affecting entities ranging from local eCommerce shops to major financial institutions like Stripe and ICICI Bank. Simultaneously, the heavy concentration of ideologically motivated attacks—such as the intense defacement campaigns in Thailand by EXADOS, the targeting of Israeli infrastructure by groups like mr exsploit wmc and Desinformador ruso, and Fatimion cyber team’s focus on Jordan—highlights the continued use of cyber operations as a tool for regional geopolitical friction. Organizations globally, especially in government administration, financial services, and critical infrastructure, must prioritize securing web perimeters, auditing access controls, and mitigating third-party supply chain risks to defend against these multifaceted threats.

Detected Incidents Draft Data

Alleged Data Leak of Indian Fiber Network Users
Category: Data Breach
Content: The threat actor claims to have leaked the database of multiple Indian regional cable broadband operators, the dataset contains subscriber contact details, geographic location information.
Date: 2026-03-04T23:55:21Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-Indian-fiber-network-users-A-total-of-8-million%EF%BC%8C3K-free
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4cf59931-a41d-4565-80d9-695102a01405.png
Threat Actors: dataPenetration
Victim Country: India
Victim Industry: Network & Telecommunications
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data breach of ubx.ubook.com
Category: Data Breach
Content: The threat actor claims to have leaked data from ubx.ubook.com. The compromised data reportedly contains 706,781 records, The exposed data fields allegedly include Full names Email addresses, Dates of birth, Gender, Profile photos, User type information.
Date: 2026-03-04T23:45:06Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-ubx-ubook-com-Brazilian-Publishing-Platform-700K-Users
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/d1b12e04-57a7-42d3-a116-5620bb4878c2.png
Threat Actors: Eliphas
Victim Country: Brazil
Victim Industry: Publishing Industry
Victim Organization: ubook
Victim Site: ubx.ubook.com
Team Bangladesh cyber squad targets the website of Ideal Vision Events LLC
Category: Defacement
Content: The group claims to have defaced the website of Ideal Vision Events LLC
Date: 2026-03-04T23:41:56Z
Network: openweb
Published URL: https://defacer.id/mirror/id/247355
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6b68f0e4-396a-45f8-945a-88e0271cf79a.jpg
Threat Actors: Team Bangladesh cyber squad
Victim Country: UAE
Victim Industry: Events Services
Victim Organization: ideal vision events
Victim Site: idealvisionevents.com
HellR00ters Team targets the website of Nadav Dahan
Category: Defacement
Content: The group claims to have defaced the website of Nadav Dahan
Date: 2026-03-04T23:17:43Z
Network: telegram
Published URL: https://t.me/c/2758066065/1085
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/97985d8c-0766-4144-9891-299745ed508b.png
Threat Actors: HellR00ters Team
Victim Country: Israel
Victim Industry: Insurance
Victim Organization: nadav dahan
Victim Site: nadavdahan.co.il
EXADOS targets the website of Don Yai Subdistrict Administrative Organization
Category: Defacement
Content: The group claims to have defaced the website of Don Yai Subdistrict Administrative Organization.
Date: 2026-03-04T22:20:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/798602
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5b390612-f8b3-40e4-98f6-2f3f997a5c83.png
Threat Actors: EXADOS
Victim Country: Thailand
Victim Industry: Government Administration
Victim Organization: don yai subdistrict administrative organization
Victim Site: donyai.go.th
TRoLL Team claims to target IRIB TV2
Category: Alert
Content: A recent post by the group indicates that they are targeting IRIB TV2
Date: 2026-03-04T22:20:04Z
Network: telegram
Published URL: https://t.me/Team_Troll_Org/1309
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dec73481-9203-4e50-8949-797368a46159.jpg
Threat Actors: TRoLL Team
Victim Country: Iran
Victim Industry: Broadcast Media
Victim Organization: irib tv2
Victim Site: tv2.ir
EXADOS targets the website of Ban Kaun Subdistrict Administrative Organization
Category: Defacement
Content: The group claims to have defaced the website of Ban Kaun Subdistrict Administrative Organization.
Date: 2026-03-04T22:20:00Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/798600
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/476738dc-5e96-47cd-b3c5-660bb32c217e.png
Threat Actors: EXADOS
Victim Country: Thailand
Victim Industry: Government Administration
Victim Organization: ban kaun subdistrict administrative organization
Victim Site: bankaun.go.th
Alleged data breach of Total Wood Flooring
Category: Data Breach
Content: A threat actor leaked a database allegedly sourced from TotalWoodFlooring.co.uk (WDW Trading), claiming it contains over 7,263 order records in CSV format from 2018 to 2024, including customer full names, email addresses, complete UK delivery and billing addresses, phone numbers, order totals and statuses, payment methods, purchase dates, and company details for business orders.
Date: 2026-03-04T22:16:27Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-TOTALWOODFLOORING-CO-UK-UK-Flooring-E-Commerce
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/aeac0869-763a-4011-aba7-2fad6f4493f9.png
Threat Actors: Eliphas
Victim Country: UK
Victim Industry: Retail Industry
Victim Organization: total wood flooring
Victim Site: totalwoodflooring.co.uk
EXADOS targets the website of Tha Phaya Subdistrict Administrative Organization
Category: Defacement
Content: The group claims to have defaced the website of Tha Phaya Subdistrict Administrative Organization.
Date: 2026-03-04T22:13:12Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/798601
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1958e95b-f39c-4ab8-a1a4-2e591550fe2b.png
Threat Actors: EXADOS
Victim Country: Thailand
Victim Industry: Government Administration
Victim Organization: tha phaya subdistrict administrative organization
Victim Site: thapayatrang.go.th
Alleged data leak of Brouillon de Culture bookstore
Category: Data Breach
Content: The threat actor claims to have leaked a database allegedly belonging to Brouillon de Culture, a France-based bookstore. According to the post, the leaked data reportedly includes information related to 8,220 users, including customers and administrators. The exposed data allegedly contains names, email addresses, postal addresses, cities, phone numbers, and administrative credentials such as usernames and hashed passwords.
Date: 2026-03-04T22:07:10Z
Network: openweb
Published URL: https://breachforums.as/Thread-FR-Dump-of-a-bookstore-with-8220-users-https-www-brouillondeculture-fr
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/af01ad79-be43-4ec9-9eca-96842ab65cf6.png
Threat Actors: neurotoxine
Victim Country: France
Victim Industry: Retail Industry
Victim Organization: brouillon de culture bookstore
Victim Site: brouillondeculture.fr
EXADOS targets the website of Khuan Kun Subdistrict Municipality
Category: Defacement
Content: The group claims to have defaced the website of Khuan Kun Subdistrict Municipality
Date: 2026-03-04T21:59:28Z
Network: openweb
Published URL: http://zone-xsec.com/mirror/id/798597
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/818ec012-50a4-4beb-a412-43e390f82570.jpg
Threat Actors: EXADOS
Victim Country: Thailand
Victim Industry: Government & Public Sector
Victim Organization: khuan kun subdistrict municipality
Victim Site: khuankun.go.th
EXADOS targets the website of Tha Tako Subdistrict Municipality
Category: Defacement
Content: The group claims to have defaced the website of Tha Tako Subdistrict Municipality
Date: 2026-03-04T21:58:58Z
Network: openweb
Published URL: http://zone-xsec.com/mirror/id/798598
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b6ba770e-f404-4a89-ac49-e4aa8a43af14.jpg
Threat Actors: EXADOS
Victim Country: Thailand
Victim Industry: Government & Public Sector
Victim Organization: tha tako subdistrict municipality
Victim Site: tako.go.th
EXADOS targets the website of Laem Sak Subdistrict Administrative Organization
Category: Defacement
Content: The group claims to have defaced the website ofLaem Sak Subdistrict Administrative Organization
Date: 2026-03-04T21:58:09Z
Network: openweb
Published URL: http://zone-xsec.com/mirror/id/798599
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/21f786af-fb0d-4b6a-bce7-1dbec3398baf.jpg
Threat Actors: EXADOS
Victim Country: Thailand
Victim Industry: Government & Public Sector
Victim Organization: laem sak subdistrict administrative organization
Victim Site: laemsak.go.th
Alleged data breach of Reitschule Bern
Category: Data Breach
Content: A threat actor claims to have leaked the database of Reitschule Bern.
Date: 2026-03-04T21:54:22Z
Network: openweb
Published URL: https://demonforums.net/Thread-reitschule-ch-DATA-LEAK
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7d65e1e9-ef6b-4f5b-bf7b-61d7d5b81b8c.png
Threat Actors: l33tfg
Victim Country: Switzerland
Victim Industry: Non-profit & Social Organizations
Victim Organization: reitschule bern
Victim Site: reitschule.ch
Alleged data breach of Tikstar
Category: Data Breach
Content: A threat actor selling a database allegedly belonging to Tikstar, an AI-powered TikTok analytics platform, claiming the leak includes multiple JSON dump files.
Date: 2026-03-04T21:52:29Z
Network: openweb
Published URL: https://breachforums.as/Thread-tikstar-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/477d7a2f-28f4-4074-86b1-b5cd4bd5e065.png
Threat Actors: Wadjet
Victim Country: Unknown
Victim Industry: Marketing, Advertising & Sales
Victim Organization: tikstar
Victim Site: tikstar.com
Alleged data leak of Major Indian Critical Infrastructure and Financial Institutions
Category: Data Breach
Content: A threat actor group identifying itself as Pakistan Cyber Force claims to have conducted coordinated cyberattacks resulting in alleged data breaches and system wiping affecting Indian Railway Catering and Tourism Corporation, Odisha Government employee records, Indian Oil Corporation Limited, National Thermal Power Corporation, and ICICI Bank.
Date: 2026-03-04T21:30:56Z
Network: openweb
Published URL: https://breachforums.as/Thread-COLLECTION-Pakistan-Cyber-Force-Targets-Major-Indian-Organizations-in-Coordinated-Cyber-Attack
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/81ed303e-aa26-4616-aaf0-0a93ac7a5c5e.png
https://d34iuop8pidsy8.cloudfront.net/878d09e9-4ba1-4c94-8a77-62fdd8b8621e.png
https://d34iuop8pidsy8.cloudfront.net/d1f97791-cb26-4643-915c-fc1add461436.png
Threat Actors: tentweek777
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of kippu
Category: Data Breach
Content: A threat actor claims to have leaked approximately 1,000 user records from kippu.vip. The dataset is shared in JSON format and primarily contains usernames and associated email addresses. which includes only username and email fields.
Date: 2026-03-04T21:10:40Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-kippu-vip-Fresh-Emails-Usernames-1k-lines
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f97832f3-cdd6-4887-8cfa-19a1d793b0b0.png
Threat Actors: ASIOspy
Victim Country: Unknown
Victim Industry: Social Media & Online Social Networking
Victim Organization: kippu
Victim Site: kippu.vip
Alleged data breach of Krece
Category: Data Breach
Content: A threat actor claims to be selling a large dataset allegedly belonging to Krece. The database, offered in JSON format (147MB compressed), allegedly contains over 1.3 million unique sales records, thousands of store profiles and payment method entries, more than 126,000 debtor records, and over 4.5 million transaction history logs. The exposed data reportedly includes full names, national ID numbers, phone numbers, email addresses, device details such as model and IMEI numbers, store and seller information, bank account details, internal API credentials, and financial transaction and debt records.
Date: 2026-03-04T20:39:44Z
Network: openweb
Published URL: https://breachforums.as/Thread-COLLECTION-KRECE-APP-VENEZUELA-6-MILLION-CONFIDENTIAL-DATA-4-03-2026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/50936ca6-7107-438a-83d2-0ec6aad8cf4c.png
https://d34iuop8pidsy8.cloudfront.net/333f2e60-db3e-4593-8608-cbc74f087bbc.png
https://d34iuop8pidsy8.cloudfront.net/68554e7c-683a-4029-8847-1e99ef4200b2.png
https://d34iuop8pidsy8.cloudfront.net/9aff5476-7212-4af4-bf94-f45a41752b63.png
Threat Actors: malconguerra2
Victim Country: Venezuela
Victim Industry: Financial Services
Victim Organization: krece
Victim Site: krece.app
Alleged Sale of Student Records from Universidad de la Salud
Category: Data Breach
Content: A threat actor claims to have compromised data from all universities in Mexico, including information from Universidad de la Salud, the dataset allegedly contains,Full name,Paternal surname,Maternal surname,Phone numbers,Personal Gmail addresses,Residential addresses,National ID,Field of study / academic program (Carrera),Other related personal information.
Date: 2026-03-04T20:28:25Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-M%C3%89XICO-UNIVERSIDAD-DE-LA-SALUD-4-272
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a3a8007e-eb59-4d6b-8e28-9e663c8545fe.png
Threat Actors: MagoSpeak
Victim Country: Mexico
Victim Industry: Higher Education/Acadamia
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Gecko Custom
Category: Data Breach
Content: The threat actor claims to have leaked a database allegedly belonging to Gecko Custom, an e-commerce brand operating in the UK, US, and Canada. The compromised data reportedly includes 668,000 order records containing transaction ID, full address, email, phone number, transaction amount, card details (last four digits), and UTM source. Additionally, 572,000 customer records are said to include names, email addresses, total spend, order count, and country-specific segmentation data.
Date: 2026-03-04T19:49:48Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-668K-UK-US-CA-GECKOCUSTOM
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c79eca3e-429b-44a1-9e73-2802415f649b.png
Threat Actors: random0392109
Victim Country: USA
Victim Industry: E-commerce & Online Stores
Victim Organization: gecko custom
Victim Site: geckocustom.com
Alleged data leak of FRENCH POLICE SOFTWARE
Category: Data Breach
Content: A threat actor claims to be selling the complete software packages LRPPN3, AGDR, AMTFGS, and SNPC, allegedly used by the French National Police and the French National Gendarmerie.
Date: 2026-03-04T19:49:16Z
Network: openweb
Published URL: https://breachforums.as/Thread-FRENCH-POLICE-SOFTWARE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8da26e8c-2315-4953-b7cb-45b85f21c801.png
Threat Actors: GoldenCrazy
Victim Country: France
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Stripe
Category: Data Breach
Content: A threat actor claims to have leaked a database allegedly containing 23,811 Stripe payment transaction records. the dataset includes financial and personally identifiable information (PII) from transactions dated around 2020.The allegedly exposed data include,Credit card last four digits,Card brand (Visa, MasterCard),Card expiration dates,Billing addresses,Customer email addresses,Transaction amounts.
Date: 2026-03-04T19:45:22Z
Network: openweb
Published URL: https://breachforums.as/Thread-COLLECTION-Stripe-Payment-Records-Database-23K-Transactions
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ebfcc84a-57af-4c84-98c2-0deef2db4084.png
Threat Actors: Eliphas
Victim Country: USA
Victim Industry: Financial Services
Victim Organization: stripe
Victim Site: stripe.com
Alleged data breach of Foreign Enterprise Services Corporation (FESCO)
Category: Data Breach
Content: A threat actor claims to have leaked a database allegedly linked to Foreign Enterprise Services Corporation (FESCO) it contains confidential documents related to personnel from China’s Ministry of State Security (MSS) embedded within enterprise environments. the dataset allegedly includes,Personal records and resumes of national security cadres,Employment contracts, including documents referencing ABB Beijing Drive Systems Co., Ltd.
Date: 2026-03-04T19:30:48Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-China-Database-for-Sale-%E2%80%93-The-Rotten-Core-of-FESCO
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/64c80887-0c6b-487e-9bbc-04340bf47ba6.png
https://d34iuop8pidsy8.cloudfront.net/a095daeb-ab00-4508-b6c1-3167f5ede94b.png
https://d34iuop8pidsy8.cloudfront.net/3659baa8-20fc-4696-8e5a-63366cdb063b.png
https://d34iuop8pidsy8.cloudfront.net/6c21dcc0-fecc-400b-b507-b240f62d20dc.png
Threat Actors: ChickenGizzard
Victim Country: China
Victim Industry: Human Resources
Victim Organization: foreign enterprise services corporation (fesco)
Victim Site: fesco.com.cn
Alleged Sale of 25k Passport Scans and 285k Canadian Permanent Residence Documents
Category: Data Breach
Content: A threat actor claims to be selling 25,000 international passport scans and 285,000 confidential documents allegedly sourced from the Canadian permanent residence system, including passport copies, permanent residence files, certified immigration notes, marriage and birth certificates, driver’s licenses, visa records, and national ID cards.
Date: 2026-03-04T19:25:04Z
Network: openweb
Published URL: https://darkforums.su/Thread-25k-International-Passports-285k-Confidential-Documents-Canada-Permanent-Residence
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/272f082a-4927-404b-9f94-a463a4a48d72.png
https://d34iuop8pidsy8.cloudfront.net/1ed501ae-91be-45ca-b2e4-ae131c5727db.png
https://d34iuop8pidsy8.cloudfront.net/6e33957d-9f73-4ad0-bef4-e23f829b41d3.png
Threat Actors: GordonFreeman
Victim Country: Canada
Victim Industry: Government & Public Sector
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of RAT Pack Collection Volume 2
Category: Malware
Content: A threat actor is offering RAT Pack Collection Volume 2, an archive containing multiple remote administration tools (RATs) that showcase different command-and-control architectures, client-server communication methods, and session management mechanisms.
Date: 2026-03-04T19:23:23Z
Network: openweb
Published URL: https://demonforums.net/Thread-RAT-Pack-Collection-Volume-2
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fbfd35f8-e779-4bcc-9a79-1ab26778507c.png
https://d34iuop8pidsy8.cloudfront.net/e6a458b2-b0a0-4c28-ba87-05ab34742258.png
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of YouTube Toolbox automation suite
Category: Malware
Content: A threat actor is offering a cracked YouTube Toolbox automation suite, a modular framework with a control panel that includes identity generation, proxy management, validation workflows, and API-driven automation modules designed for structured task execution and routing.
Date: 2026-03-04T19:23:18Z
Network: openweb
Published URL: https://demonforums.net/Thread-Youtube-Toolbox-Cracked-by-Abuser
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/168bf3e9-b690-47d5-909b-52385e1b292d.png
https://d34iuop8pidsy8.cloudfront.net/feb2c71d-2c5a-47cf-8429-346811324a73.png
Threat Actors: Starip
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Servicios de Agua y Drenaje de Monterrey
Category: Data Breach
Content: The threat actor claims to have leaked over 790GB of data allegedly belonging to Servicios de Agua y Drenaje de Monterrey.the exposed dataset includes,Full names of water service customers,Residential addresses,Water consumption data,RFC.
Date: 2026-03-04T19:08:12Z
Network: openweb
Published URL: https://darkforums.su/Thread-DATABASE-Mexico-Public-Water-Services-AyD-790-GB-of-data-for-FREE
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a0456f76-5915-435f-8033-17bc59f8f3fb.png
Threat Actors: Eternal
Victim Country: Mexico
Victim Industry: Government & Public Sector
Victim Organization: servicios de agua y drenaje de monterrey
Victim Site: sadm.gob.mx
Alleged data breach of Centre Communal dAction Sociale de Dunkerque
Category: Data Breach
Content: The threat actor claims to have leaked approximately 66,000 records belonging to individuals and families assisted by the CCAS of Dunkerque between 2009 and 2026. the exposed dataset allegedly includes,Internal person ID numbers,Household (foyer) ID numbers,Full names,Dates of birth,Maiden names,Full residential addresses,Family/household profiles (e.g., couple with 2 children),Family status dates,Role within household (applicant, spouse, child),Phone numbers,Email addresses,Record creation dates
Date: 2026-03-04T18:58:10Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-FR-CCAS-Dunkerque
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5efc1c7a-1f8e-44a7-b140-fb90aeb8b6e7.png
Threat Actors: HexDex
Victim Country: France
Victim Industry: Government & Public Sector
Victim Organization: centre communal daction sociale de dunkerque
Victim Site: ville-dunkerque.fr
Alleged data breach of Duck DNS
Category: Data Breach
Content: A threat actor claims to have leaked the database of duckdns.org. The leaked data reportedly includes user account records, login credentials, usernames, passwords, IP addresses, user agents, and client activity logs.
Date: 2026-03-04T18:57:23Z
Network: openweb
Published URL: https://darknetarmy.io/threads/database-leaked-duckdns-org.89958/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/efa0d54f-2279-4e25-8d30-7f23604473f2.png
Threat Actors: Shadow Warrior
Victim Country: USA
Victim Industry: Information Technology (IT) Services
Victim Organization: duck dns
Victim Site: duckdns.org
Alleged data leak of Indonesian gold and jewelry customers Database
Category: Data Breach
Content: The threat actor claims to be leaked a database containing 2,000 unique customer records allegedly related to Indonesian gold and jewelry clients.the exposed dataset includes,PSNOKA,Full Name,Phone Number,Gender,TMPLHR,Email ,NOKA,KDKANTOR (Office Code),USERINPUT,USERUPDATE.
Date: 2026-03-04T18:47:46Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-Indonesian-gold-and-jewelry-customers-2K
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/99fd63b8-4a83-4095-ab21-dffd94dd5962.png
Threat Actors: globalData1
Victim Country: Indonesia
Victim Industry: Luxury Goods & Jewelry
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Agence Nationale de la Cohésion des Territoires (ANCT).
Category: Data Breach
Content: The threat actor claims to have leaked data allegedly from Agence Nationale de la Cohésion des Territoires (ANCT). which including employee contact details, internal documents, and administrative project information.
Date: 2026-03-04T18:37:58Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-FR-ANCT-Gouv
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6fb0c4cb-86a4-44fa-9cb5-38afef090f1e.png
Threat Actors: HexDex
Victim Country: France
Victim Industry: Government & Public Sector
Victim Organization: agence nationale de la cohésion des territoires (anct).
Victim Site: anct.gouv.fr
Evil Markhors -Dark Side of Pakistan Alliance targets the website of Israel Defense
Category: Defacement
Content: The group claims to have defaced the website of Israel Defense
Date: 2026-03-04T18:29:36Z
Network: telegram
Published URL: https://t.me/c/2337310341/380
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cae5ff23-293d-4865-a658-9c2d474b31e9.jpg
Threat Actors: Evil Markhors -Dark Side of Pakistan Alliance
Victim Country: Israel
Victim Industry: Newspapers & Journalism
Victim Organization: israel defense
Victim Site: israeldefense.co.il
Alleged data breach of Florida Department of Business & Professional Regulation
Category: Data Breach
Content: Threat actor claims to have leaked the data of Florida Department of Business & Professional Regulation. The leaked data contains Professional Details,Personal Information,Education Data.
Date: 2026-03-04T18:15:51Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-flofr-gov-Florida-Department-of-Business-Professional-Regulation
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/76eef5f6-5acc-4f93-acbf-473b801fd459.png
Threat Actors: Eliphas
Victim Country: USA
Victim Industry: Government Administration
Victim Organization: florida department of business & professional regulation
Victim Site: flofr.gov
Alleged unauthorized access to RIMESSE DELIVERY in Tunisia
Category: Initial Access
Content: The group claims to have gained unauthorized access to the administrative login portal of RIMESSE DELIVERY in Tunisia.
Date: 2026-03-04T18:14:40Z
Network: telegram
Published URL: https://t.me/firewirBackupChannel/221
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1f61fd39-b651-479f-a057-0bd07707ff09.png
Threat Actors: Fire Wire
Victim Country: Tunisia
Victim Industry: Package & Freight Delivery
Victim Organization: rimesse delivery
Victim Site: rimesse.tn
Alleged Sale of Unauthorized PrestaShop Admin & Shell Access in Spain
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin and shell access to a Spain-based PrestaShop e-commerce store. The listing states the website uses Redsys Redirect for payments and reportedly processed over 3,500 orders between December and February.
Date: 2026-03-04T18:10:18Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/277543/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5c6c2c75-7a8d-4ac7-a20c-1478469856f3.png
Threat Actors: GEOLORD
Victim Country: Spain
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak Cyepro CRM Database
Category: Data Breach
Content: The threat actor claims to have obtained an Indian automotive dealership CRM database containing customer lead data, full contact information, addresses, vehicle preferences, and financial-related details.
Date: 2026-03-04T18:07:47Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-cyepro-Indian-Automotive-Dealership-CRM
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a65dc236-d939-486e-a22d-4c661cc6714b.png
Threat Actors: Eliphas
Victim Country: India
Victim Industry: Automotive
Victim Organization: Unknown
Victim Site: Unknown
Golden falcon claims to target THAD System
Category: Alert
Content: A recent post by the group indicates that they are targetting a unidentified THAD System
Date: 2026-03-04T18:06:34Z
Network: telegram
Published URL: https://t.me/Golden_falcon_team/607
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/0ffaffd7-8b93-4283-b3bf-46a653650557.jpg
Threat Actors: Golden falcon
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Fatimion cyber team claims to target Jordans government infrastructure
Category: Alert
Content: A recent post by the group indicates that they are targetting multiple government websites of Jordan
Date: 2026-03-04T18:05:21Z
Network: telegram
Published URL: https://t.me/hak994/4959
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8f5159f1-2ed9-4484-bfc8-bb7d4b356465.jpg
Threat Actors: Fatimion cyber team
Victim Country: Jordan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Israeli civilians and journalists
Category: Data Breach
Content: The group claims to have leaked data of 200 Israeli civilians and journalists
Date: 2026-03-04T18:03:39Z
Network: telegram
Published URL: https://t.me/c/2691463074/247
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/733e3dde-8876-4764-93d4-b9db16787322.jpg
Threat Actors: FAD Team
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data breach of Guidedev
Category: Data Breach
Content: A threat actor claims to have leaked the database of Guidedev User Database. The leaked data reportedly includes use account details including names, emails, phone numbers, and payment-related information.
Date: 2026-03-04T17:56:49Z
Network: openweb
Published URL: https://darknetarmy.io/threads/database-leaked-guidedev-xyz.89955/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/00c3243c-7a97-47cc-b475-6efb3a0a4323.png
Threat Actors: Shadow Warrior
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: guidedev
Victim Site: guidedev.xyz
Alleged data breach of ICICI Bank
Category: Data Breach
Content: The threat actor claims to possess a 3.5GB PostgreSQL database dump allegedly from ICICI Bank’s Fastag system containing customer PII, PAN numbers with verification status, vehicle registration details, payment data, and third-party verification responses.
Date: 2026-03-04T17:56:46Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-ICICI-Bank-eToll-Fastag-Database-Indian-Banking-Data
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1869b54f-38d5-4ffd-a4f3-8d67a30ccfb8.png
Threat Actors: Eliphas
Victim Country: India
Victim Industry: Banking & Mortgage
Victim Organization: icici bank
Victim Site: icicibank.com
Alleged data breach of Make Bookings Online
Category: Data Breach
Content: A threat actor claims to have leaked the database of Make Bookings Online. The leaked data reportedly includes room service details, booking records, and guest information such as booking IDs, room details, guest names, contact information, nationality, passport details, itinerary data, and booking timestamps.
Date: 2026-03-04T17:49:57Z
Network: openweb
Published URL: https://darknetarmy.io/threads/database-leaked-makebookingsonline-com.89959/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/77db72f6-70de-4dfe-9f58-c7e7adfd6fdb.png
Threat Actors: Shadow Warrior
Victim Country: New Zealand
Victim Industry: Hospitality & Tourism
Victim Organization: make bookings online
Victim Site: makebookingsonline.com
Alleged data breach of izoShop.ro
Category: Data Breach
Content: The threat actor claims to have obtained the PrestaShop ps customer database from izoshop.ro, containing customer names, email addresses, MD5 password hashes, dates of birth, IP addresses, and company information.
Date: 2026-03-04T17:49:19Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-izoshop-ro-Romanian-E-Commerce-PrestaShop-Customer-DB
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7535b15c-fcc4-459d-bcfd-bd1424cf7bd6.png
Threat Actors: Eliphas
Victim Country: Romania
Victim Industry: E-commerce & Online Stores
Victim Organization: izoshop.ro
Victim Site: izoshop.ro
DEFACER INDONESIAN TEAM targets the website of Free (Iliad Group)
Category: Defacement
Content: The group claims to have defaced the website of Free (Iliad Group).
Date: 2026-03-04T17:46:41Z
Network: telegram
Published URL: https://t.me/c/2433981896/1159
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/57d33b0a-f6a1-42b7-bb8a-15337ef3fd79.png
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: France
Victim Industry: Network & Telecommunications
Victim Organization: free (iliad group)
Victim Site: hujala.free.fr
SILENT ERROR SYSTEM targets the website of Classy Cars
Category: Defacement
Content: The group claims to have defaced the website of Classy Car.
Date: 2026-03-04T17:36:28Z
Network: telegram
Published URL: https://t.me/silenterrorsystem/103
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/5838fff5-8573-4d6d-bd9b-b384098d0376.png
Threat Actors: SILENT ERROR SYSTEM
Victim Country: Nigeria
Victim Industry: Automotive
Victim Organization: classy cars
Victim Site: classycars.ng
Alleged data breach Jordan Media Institute
Category: Data Breach
Content: A threat actor claims to have breached the database of Jordan Media Institute
Date: 2026-03-04T17:27:25Z
Network: telegram
Published URL: https://t.me/hak994/4929
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e9673616-4a60-4260-9bac-27782215706e.png
Threat Actors: Fatimion cyber team
Victim Country: Jordan
Victim Industry: Higher Education/Acadamia
Victim Organization: jordan media institute
Victim Site: jmi.edu.jo
Fatimion cyber team claims to target Jordan
Category: Cyber Attack
Content: A recent post by the group indicates that the cyberattack to the official website of the Jordanian Armed Forces resulted in access to the systems databases.
Date: 2026-03-04T17:19:07Z
Network: telegram
Published URL: https://t.me/hak994/4921
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a36227a8-d87b-41ba-9dca-eaa6c9d58b5e.png
Threat Actors: Fatimion cyber team
Victim Country: Jordan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Fatimion cyber team claims to target Jordan
Category: Alert
Content: A recent post by the group indicates that they are targeting the Kingdom of Jordan.
Date: 2026-03-04T17:16:59Z
Network: telegram
Published URL: https://t.me/hak994/4917
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fc24a3a6-8fa8-48a6-abb9-02a1911f11fc.png
Threat Actors: Fatimion cyber team
Victim Country: Jordan
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Fatimion cyber team targets the website of Jordan Media Institute
Category: Defacement
Content: The group claims to have defaced the website of Jordan Media Institute.
Date: 2026-03-04T17:05:46Z
Network: telegram
Published URL: https://t.me/hak994/4914
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/eb93229b-9794-4a0e-914a-9db5fef8e750.png
Threat Actors: Fatimion cyber team
Victim Country: Jordan
Victim Industry: Higher Education/Acadamia
Victim Organization: jordan media institute
Victim Site: jmi.edu.jo
Alleged Sale of NIM-Based Steganographic Malware Loader Source Code
Category: Malware
Content: A threat actor claims to be selling the source code of a NIM-based malware loader that uses steganography to hide shellcode in files such as PNG or DOCX. The loader reportedly includes compile-time polymorphism, a custom virtual machine with JIT compilation, and evasion techniques to remain FUD. The package also includes a builder for encoding shellcode using LSB steganography and a management panel for automated compilation and distribution.
Date: 2026-03-04T17:05:40Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/277540/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/cdec5a2d-0b24-4d52-85c2-6b79e203e0a0.png
https://d34iuop8pidsy8.cloudfront.net/43d7c479-8b4a-4cd2-966b-5c23b4092a6d.png
https://d34iuop8pidsy8.cloudfront.net/80eae9d0-c3e0-4b4d-a826-b89431ef372a.png
Threat Actors: platovoplomo
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
DieNet claims to target Israel
Category: Alert
Content: A recent post by the group indicated that they are targeting Israeli websites
Date: 2026-03-04T17:04:49Z
Network: telegram
Published URL: https://t.me/dienet3/360
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a84efe72-a297-49b6-86d7-063ecde67142.jpg
Threat Actors: DieNet
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized FTP Server Access – Italy
Category: Initial Access
Content: Threat actor claims to be selling unauthorized FTP server access to an Italy-based company operating in the Architecture, Engineering & Construction sector. The listing states the server runs on Windows and provides upload, download, and execute privileges. The actor claims the server contains approximately 45,764 files across all extensions.
Date: 2026-03-04T16:52:36Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/277531/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3a8da7e4-af27-4828-9fc2-9de7a03fc87f.png
Threat Actors: Anon-WMG
Victim Country: Italy
Victim Industry: Building and construction
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized Access to Online Shop Based in Bahrain, USA
Category: Initial Access
Content: The threat actor claims to be selling unauthorized access to an online perfume shop based in Bahrain, USA. The access was allegedly obtained through a time-based SQL injection vulnerability, providing database access and limited administrative panel permissions.
Date: 2026-03-04T16:45:06Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/277532/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/90092ccb-1843-4203-a080-711280879bce.png
Threat Actors: savel987
Victim Country: Bahrain
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized Admin Access to a Magento Shop in USA
Category: Initial Access
Content: Threat actor claims to be selling unauthorized admin panel access to a Magento-based website in the United States. The listing states the actor has full administrative privileges and has already placed working code on the payment page, potentially enabling payment data interception.
Date: 2026-03-04T16:30:59Z
Network: openweb
Published URL: https://forum.exploit.biz/topic/277535/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/4cc1fa0f-b0f5-4873-8ce4-958948be1cb9.png
Threat Actors: CodeStudio
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Listgram
Category: Data Breach
Content: A threat actor claims to have breached the database of listgram. The leaked data reportedly includes chat message records containing chat IDs, user IDs, message text, media references, contact details, and message timestamps etc.
Date: 2026-03-04T16:21:06Z
Network: openweb
Published URL: https://darknetarmy.io/threads/database-leaked-listgram-org-19m.89964/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/54b24144-2d6d-494e-b3bb-932c5e872be3.png
Threat Actors: Shadow Warrior
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: listgram
Victim Site: listgram.org
Alleged data breach of Lalo Electronics
Category: Data Breach
Content: A threat actor claims to have breached the database of Lalo Electronics.
Date: 2026-03-04T16:18:52Z
Network: openweb
Published URL: https://darknetarmy.io/threads/database-leaked-laloelectronica-com.89962/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a11ff826-6aab-4435-a870-59826eaec294.png
Threat Actors: Shadow Warrior
Victim Country: Spain
Victim Industry: Retail Industry
Victim Organization: lalo electronics
Victim Site: laloelectronica.com
Golden falcon claims to target USA
Category: Cyber Attack
Content: A recent post by the group indicates that they will be launching a cyberattack on the USA.
Date: 2026-03-04T16:16:39Z
Network: telegram
Published URL: https://t.me/Golden_falcon_team/606
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/db6be714-7e62-4cef-aa1f-060bad275447.png
Threat Actors: Golden falcon
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak French PrestaShop Customer Records
Category: Data Breach
Content: A threat actor claims to have leaked a French PrestaShop e-commerce database allegedly belonging to rybb.fr. the database contains customer addresses and order-related information, with a focus on European PII (France). Allegedly exposed data includes,Full names,Street addresses,numbers (French format),Postal codes and cities,Company information,Customer order data,Over 240 customer address records.
Date: 2026-03-04T16:14:42Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-rybb-fr-French-PrestaShop-Database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/33fafdaa-ef77-4270-9541-5f49b212ded3.png
Threat Actors: Eliphas
Victim Country: France
Victim Industry: E-commerce & Online Stores
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Digital Smart Pay
Category: Data Breach
Content: A threat actor claims to have breached the database of Digital Smart Pay. The leaked data reportedly includes wallet statements, transaction records, and message logs containing user IDs, transaction details, mobile numbers, amounts, balances, and timestamps.
Date: 2026-03-04T16:05:48Z
Network: openweb
Published URL: https://darknetarmy.io/threads/database-leaked-digitalsmartpay-co-in.89963/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/21070ff7-a6f0-43c4-8f6e-fd359179de62.png
Threat Actors: Shadow Warrior
Victim Country: India
Victim Industry: Financial Services
Victim Organization: digital smart pay
Victim Site: digitalsmartpay.co.in
Alleged unauthorized access to the internal management system an unidentified restaurant in Israel
Category: Initial Access
Content: The group claims to have gained unauthorized access to the internal management system of a restaurant/bar operating under the Alto Presto brand in Israel. According to the statement, the actor alleges full control over a POS terminal, enabling unrestricted viewing and modification of customer information, orders, and financial transactions. The post further claims that weak authentication and insufficient privilege controls allowed access to order history, loyalty/bonus programs, and employee shift management.
Date: 2026-03-04T16:02:44Z
Network: telegram
Published URL: https://t.me/c/3792806777/6
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/50400e35-82a4-4757-932f-be28394f0852.jpg
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged unauthorized access to Palayesh Parsian Sepehr Gas Refinery Web Infrastructure in Iran
Category: Initial Access
Content: The group claims to have gained unauthorized access to Palayesh Parsian Sepehr Gas Refinery in Iran, alleging exploitation of authentication mechanisms within the refinery’s web infrastructure. They claims to have bypassed Cloudflare protections, extracted a security nonce from application scripts, enumerated administrative credentials, and interacted with backend AJAX and Heartbeat APIs to obtain system synchronization data.
Date: 2026-03-04T15:56:42Z
Network: telegram
Published URL: https://t.me/crewcyber/910
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bc3e6065-1f17-4bbc-b4fa-d66336e2fe23.jpg
Threat Actors: 404 CREW CYBER TEAM
Victim Country: Iran
Victim Industry: Oil & Gas
Victim Organization: palayesh parsian sepehr gas refinery
Victim Site: ppsrefinery.com
Alleged data breach of GOSIM
Category: Data Breach
Content: The threat actor claims to have leaked a database allegedly belonging to GOSIM, a Georgian web platform. the dataset contains over 500 user accounts, including Georgian personal identification numbers, mobile phone numbers, email addresses, birth dates, full names, IP addresses, and registration timestamps.
Date: 2026-03-04T15:51:30Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-GOSIM-GE-Georgian-Portal-Database
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fa16c0e0-5ea4-41c4-9070-37718fc53e98.png
Threat Actors: Eliphas
Victim Country: Georgia
Victim Industry: Information Technology (IT) Services
Victim Organization: gosim
Victim Site: gosim.ge
Alleged data breach of Institute for National Security Studies
Category: Data Breach
Content: The group claims to have breached systems associated with the Institute for National Security Studies (INSS) in Israel, alleging prolonged access to internal communications, confidential correspondence, and discussions from high-level meetings. The group claims it monitored sensitive deliberations, including remarks attributed to Raz Zimmt during a meeting concerning Iran.
Date: 2026-03-04T15:45:50Z
Network: telegram
Published URL: https://t.me/HANDALA_HPR/5?single
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/54bf0f39-3836-4366-89c3-ce2219a55720.jpg
Threat Actors: Handala Hack
Victim Country: Israel
Victim Industry: Education
Victim Organization: institute for national security studies
Victim Site: inss.org.il
Alleged data breach of HonkMe
Category: Data Breach
Content: The threat actor claims to have leaked a dataset to HonkMe ,allegedly containing 370,673 user records across multiple countries. The exposed data reportedly includes usernames, names, birthdays, gender, meet locations, account creation dates, last online timestamps, bios, pronouns, and Firebase authentication IDs.
Date: 2026-03-04T15:45:46Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-HonkMe-2022
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/825e0b72-9a7a-45fd-9b6c-42f6001b9208.png
https://d34iuop8pidsy8.cloudfront.net/dd4037e0-c2bb-4ea2-9744-f7308dfeb39f.png
Threat Actors: anon2589
Victim Country: USA
Victim Industry: Social Media & Online Social Networking
Victim Organization: honkme
Victim Site: honk.me
Alleged data breach of Accutech Home Inspection
Category: Data Breach
Content: The threat actor claims to have leaked a 124MB customer database allegedly belonging to Accutech Home Inspection.the dataset contains customer inspection requests, WordPress user data, and contact form submissions.The exposed information reportedly includes personally identifiable information (PII) such as full names, email addresses, phone numbers, home inspection addresses, cities, ZIP codes, preferred inspection times, and customer messages.
Date: 2026-03-04T15:38:01Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-AccutechHomeInspection-com-Customer-Database-124MB
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/89c94451-9aeb-4371-9d97-0068e42a01e8.png
Threat Actors: Eliphas
Victim Country: USA
Victim Industry: Real Estate
Victim Organization: accutech home inspection
Victim Site: accutechhomeinspection.com
FAD Team claims to target Israel
Category: Alert
Content: A recent post by the group indicates that they will be leaking a file containing over 200 phone numbers which belongs to journalists, civilians, political parties, major news channels, and Israeli soldiers.
Date: 2026-03-04T15:19:23Z
Network: telegram
Published URL: https://t.me/r3_6j/1876
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9b020f73-1a3c-4885-949a-36bc97fd561c.png
Threat Actors: FAD Team
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Rasi Seeds
Category: Data Breach
Content: The threat actor claims to have leaked a data from Rasi Seeds. the alleged leaked data includes approximately 10GB of data, reportedly consisting of backup files, MDF, and log files.
Date: 2026-03-04T14:51:16Z
Network: openweb
Published URL: https://breachforums.as/Thread-SnowSoul-ID-1227-RASI-SEEDS-si-rasiseeds-com
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/905a3f76-102d-4dd2-be91-de1791833716.png
Threat Actors: SnowSoul
Victim Country: India
Victim Industry: Agriculture & Farming
Victim Organization: rasi seeds
Victim Site: si.rasiseeds.com
Alleged leak of Israeli citizens WhatsApp phone number data
Category: Data Breach
Content: The threat actor claims to have leaked a database allegedly containing the WhatsApp phone numbers of 133,300 Israeli citizens.
Date: 2026-03-04T14:41:02Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-133-300-Israeli-citizens-WhatsApp-numbers-have-been-leaked-by-AdellXnet
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8e3d73d3-8ef0-44c3-8747-1a0e31e4a4e7.png
Threat Actors: CyznetAdel
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of Banques Alimentaires
Category: Data Breach
Content: The threat actor claims to have breached a database from Banques Alimentaires, allegedly containing sensitive information on 659,658 families (approximately 1,462,485 individuals), with records spanning from 2012 to 2026.
Date: 2026-03-04T14:31:28Z
Network: openweb
Published URL: https://breachforums.as/Thread-SELLING-FR-Banque-Aliment%C3%A8re
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/356cb9aa-caf1-415f-a5e4-206259f6f3f5.png
https://d34iuop8pidsy8.cloudfront.net/2faace46-93b8-480c-9e68-bf1f5caa0fe3.png
https://d34iuop8pidsy8.cloudfront.net/54f4f3e2-b088-44d1-b01a-5eca0d05070e.png
https://d34iuop8pidsy8.cloudfront.net/ad3f9abf-db6c-4760-bc10-fe1d10f902e7.png
https://d34iuop8pidsy8.cloudfront.net/848f368d-b4e8-433e-ad16-9d6d65f713c6.png
Threat Actors: HexDex
Victim Country: France
Victim Industry: Non-profit & Social Organizations
Victim Organization: banques alimentaires
Victim Site: banquealimentaire.org
Alleged data breach of UAEMex
Category: Data Breach
Content: The threat actor claims to have breached 7,440 records from UAEMex, allegedly containing full names, paternal surnames, maternal surnames, phone numbers, academic programs, and more
Date: 2026-03-04T14:20:43Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-M%C3%89XICO-UNIVERSIDAD-AUTONOMA-DEL-ESTADO-DE-MEXICO-7-440
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/71590242-8699-46dc-af41-e276a1cd17d5.png
Threat Actors: MagoSpeak
Victim Country: Mexico
Victim Industry: Education
Victim Organization: uaemex
Victim Site: uaemex.mx
Alleged data leak of YGG Torrent
Category: Data Breach
Content: The threat actor claims to have leaked data from YGG Torrent, the reportedly exposed data includes infrastructure, internal ops, org info, finances, projects, and admins personal data.
Date: 2026-03-04T13:52:42Z
Network: openweb
Published URL: https://breachforums.as/Thread-YGG-Torrent-Leak
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3c48dceb-fd58-4c4a-aefa-defd2a46be57.png
Threat Actors: Bouzilleur2Naine
Victim Country: France
Victim Industry: Entertainment & Movie Production
Victim Organization: ygg torrent
Victim Site: Unknown
Alleged data breach of PuertoRico.com
Category: Data Breach
Content: The threat actor claims to have breached 26,104 records from PuertoRico.com, allegedly containing sensitive user information, including email addresses, IP addresses, usernames, and password hashes.
Date: 2026-03-04T13:04:28Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-PuertoRico-com-Full-User-Database-26-104-Records-2025-Breach
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/97c15585-b31c-4b8f-9be1-f91ac03b50d3.png
Threat Actors: Eliphas
Victim Country: USA
Victim Industry: Leisure & Travel
Victim Organization: puertorico.com
Victim Site: puertorico.com
Alleaged sale of Australian fullz data
Category: Data Breach
Content: The threat actor claims to be selling sensitive personal information, including Driver’s License (DL), Medicare, and Passport details of individuals based in Australia.
Date: 2026-03-04T11:55:44Z
Network: openweb
Published URL: https://xss.pro/threads/146266/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/bc73d132-038d-44ee-802a-5d849955f8fa.png
https://d34iuop8pidsy8.cloudfront.net/f15cf4b5-1177-4997-8384-e84ce0bf024b.png
Threat Actors: Sosyopat
Victim Country: Australia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
DieNet claims to target Gulf countries
Category: Alert
Content: A recent post by the group indicates that they are targeting government of gulf countries that support USA.
Date: 2026-03-04T10:56:56Z
Network: telegram
Published URL: https://t.me/dienet3/358
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/dcaf06be-7cf3-4217-bc17-cfbb206ceaf5.png
Threat Actors: DieNet
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data breach of RoundOne AI
Category: Data Breach
Content: The threat actor claims to have leaked 18,103 records of data from Round One, reportedly exposing emails, phone numbers, API keys, and user IDs.
Date: 2026-03-04T10:32:34Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-RoundOne-ai-Database-leaked-Download
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a3410de1-faee-4d21-a48f-4a6ff6fecb61.png
https://d34iuop8pidsy8.cloudfront.net/2c099561-64e2-4de0-94ad-79ec202351da.png
Threat Actors: insure
Victim Country: UK
Victim Industry: Information Technology (IT) Services
Victim Organization: roundone ai
Victim Site: roundone.ai
Alleged data leak of QRS MEDICAL Ltd
Category: Data Breach
Content: The threat actor claims to have leaked data from QRS MEDICAL Ltd.
Date: 2026-03-04T09:07:12Z
Network: telegram
Published URL: https://t.me/c/2337310341/379
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/836d73fb-ed3c-40c2-b067-fa99a9405df8.png
Threat Actors: Evil Markhors -Dark Side of Pakistan Alliance
Victim Country: Israel
Victim Industry: Medical Equipment Manufacturing
Victim Organization: qrs medical ltd
Victim Site: qrsman.dgw.co.il
Alleged data leak of United Russia
Category: Data Breach
Content: The threat group claims to have leaked data from United Russia.
Date: 2026-03-04T09:06:34Z
Network: telegram
Published URL: https://t.me/dallas_park/44
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/79f2456f-d112-44b4-8a5f-55a277de79e2.jpg
Threat Actors: Dallas
Victim Country: Russia
Victim Industry: Political Organization
Victim Organization: united russia
Victim Site: er.ru
Alleged unauthorized access to an unidentified water supply management system in Israel
Category: Initial Access
Content: Group claims to have obtained unauthorized access to an unidentified water supply management system in Israel.
Date: 2026-03-04T08:39:55Z
Network: telegram
Published URL: https://t.me/c/3792806777/5
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/29c19ce0-70e7-4083-960a-0aeb996ecc7c.png
Threat Actors: Z-PENTEST ALLIANCE
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Israeli Mossad
Category: Data Breach
Content: The threat actor claims to have leaked an Israeli Mossad agent database, reportedly exposed data includes names, IDs, addresses, DOBs, emails, phone numbers, and possible work/government contacts.
Date: 2026-03-04T07:48:00Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-Leaked-Database-Israeli-Mossad-Agent
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/7c8c33b3-4ec1-4bdb-a3e3-46008f0cf9e8.png
https://d34iuop8pidsy8.cloudfront.net/5d263b65-0db8-4483-ba11-36aebe5a2ef1.png
Threat Actors: XZeeoneOfc
Victim Country: Israel
Victim Industry: Government Administration
Victim Organization: israeli mossad
Victim Site: Unknown
Alleged data breach of EDCO Electricity Distribution Company
Category: Data Breach
Content: The group claims to have hacked the employees of thevEDCO Electricity Distribution Company.
Date: 2026-03-04T07:43:45Z
Network: telegram
Published URL: https://t.me/dienet3/342
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/1ccc5bc5-d473-4356-ba60-f85e6d38bd83.png
Threat Actors: DieNet
Victim Country: Jordan
Victim Industry: Consumer Services
Victim Organization: edco electricity distribution company
Victim Site: edco.jo
DieNet Media Corporation claims to target Middle East countries
Category: Alert
Content: A recent post by the group claims that they will target Middle Eastern countries that support the United States by hosting its military bases. The statement suggests that members, along with affiliated entities such as TOIPOI, are reactivating remote access services, indicating possible preparations to join the ongoing cyber campaign in the region.
Date: 2026-03-04T05:46:32Z
Network: telegram
Published URL: https://t.me/NRTNewsEN/41
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/33252f02-8d4d-4f89-a4be-a8a5c0b9baec.png
Threat Actors: DieNet Media Corporation
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
DEFACER INDONESIAN TEAM targets the website of GolfVue
Category: Defacement
Content: The group claims to have defaced the website of GolfVue.
Date: 2026-03-04T05:38:22Z
Network: telegram
Published URL: https://t.me/c/2433981896/1154
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/ae3c1db6-d171-4da0-a6dc-192887c7167b.png
https://d34iuop8pidsy8.cloudfront.net/c298dffa-5f20-433b-a261-2e80e1fcedd3.png
Threat Actors: DEFACER INDONESIAN TEAM
Victim Country: UK
Victim Industry: Sports
Victim Organization: golfvue
Victim Site: golfvue.co.uk
Alleged sale of 35M private leads from USA
Category: Data Breach
Content: The threat actor claims to be selling a database containing 35 million U.S.-based leads described as private & fresh., The data was allegedly collected through advertising campaigns targeting individuals interested in luxury-related sectors, including luxury cars, yachts, restaurants, and hotels. The actor claims the dataset has never been leaked previously and is now being offered for public sale.
Date: 2026-03-04T05:32:34Z
Network: openweb
Published URL: https://forum.exploit.in/topic/277504/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c93b7069-375d-4318-ae4d-731bf36d90ac.png
Threat Actors: betway
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data Breach of San Marino Agroavícola S.A.
Category: Data Breach
Content: The threat actor claims to have breached the database of San Marino Agroavícola S.A., the dataset contains internal operational information including client records, employee data, and visitor logs stored in JSON format.
Date: 2026-03-04T05:14:34Z
Network: openweb
Published URL: https://darkforums.su/Thread-sanmarino-com-co-DATA-LEAK-COLOMBIA
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2a0be619-390e-49e0-8d4d-e1fed9d5d020.png
Threat Actors: RuiDeidad
Victim Country: Colombia
Victim Industry: Agriculture & Farming
Victim Organization: san marino agroavícola s.a.
Victim Site: sanmarino.com.co
Alleged Data Breach of KEMENDIKNAS
Category: Data Breach
Content: The threat actor claims to have breached the database of .
Date: 2026-03-04T04:58:02Z
Network: openweb
Published URL: https://breachforums.as/Thread-COLLECTION-KEMENDIKNAS-IND-Database-Archive
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a6f4f9b4-464a-4f41-ac7f-3518f65df2d5.png
Threat Actors: Shenira6core
Victim Country: Indonesia
Victim Industry: Higher Education/Acadamia
Victim Organization: kementerian pendidikan nasional (kemendiknas)
Victim Site: kemdikbud.go.id
Alleged unauthorized access to pump control and water supply system in Israel
Category: Initial Access
Content: The group claims to have gained unauthorized access to pump control and water supply system in Israel
Date: 2026-03-04T04:23:49Z
Network: telegram
Published URL: https://t.me/musicarusaesp/10698
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6e987d52-2628-4b70-9d4a-a409f39532cd.png
https://d34iuop8pidsy8.cloudfront.net/cf02f29b-aadf-475f-8283-b757fdee0309.png
Threat Actors: Desinformador ruso
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Unauthorized Access to Industrial Control System in Israel
Category: Initial Access
Content: The group claims to have gained access to the control system of a flour factory in Israel.
Date: 2026-03-04T04:15:41Z
Network: telegram
Published URL: https://t.me/musicarusaesp/10697
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/acb294bf-eb94-4a4f-8a3e-2b129a178d8f.png
Threat Actors: Desinformador ruso
Victim Country: Israel
Victim Industry: Other Industry
Victim Organization: Unknown
Victim Site: Unknown
Fatimion cyber team claims to target Saraya News Agency
Category: Alert
Content: A recent post by the group indicates that they are targeting Saraya News Agency.
Date: 2026-03-04T03:55:27Z
Network: telegram
Published URL: https://t.me/hak994/4903
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c6074a9a-eee2-455b-953d-a78a0c51aa14.png
Threat Actors: Fatimion cyber team
Victim Country: Jordan
Victim Industry: Newspapers & Journalism
Victim Organization: saraya news agency
Victim Site: sarayanews.com
mehwargun claims to target American bank
Category: Alert
Content: A recent post by the group indicates that they are targeting American bank
Date: 2026-03-04T03:52:32Z
Network: telegram
Published URL: https://t.me/mehwargun/6298
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3927a9b0-c03e-4476-aa12-425677a096ba.png
Threat Actors: mehwargun
Victim Country: USA
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Data breach of Pilki Nail Studios
Category: Data Breach
Content: The threat actor claims to have leaked data from the Pilki Nail Studios. The compromised data reportedly contains 796,452 records, The exposed data fields allegedly include full name, numbers, mail, date of birth, dates of record creation and visit, quantity and amount of orders.
Date: 2026-03-04T03:51:56Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-RU-pilkinail-ru
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/af798836-54f0-416e-82a7-1dd913ed689d.png
Threat Actors: cybersaspir
Victim Country: Russia
Victim Industry: Cosmetics
Victim Organization: pilki nail studios
Victim Site: pilkinail.ru
Alleged Data Breach of DIAN
Category: Data Breach
Content: Thea threat actor claims to have breached the database of DIAN appointment scheduling platform. The dataset contains citizen personal identifiers, emails, and phone numbers in CSV format.
Date: 2026-03-04T03:37:34Z
Network: openweb
Published URL: https://breachforums.as/Thread-DATABASE-CO-1M-AGENDAMIENTO-DIAN-GOV-CO
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/3ca93ea2-9fe4-4b3f-9f6c-8111dc3210d5.png
Threat Actors: ArcRaidersPlayer
Victim Country: Colombia
Victim Industry: Government Administration
Victim Organization: dirección de impuestos y aduanas nacionales (dian)
Victim Site: agendamiento.dian.gov.co
Alleged Sale of Qatar RAT 2026
Category: Malware
Content: Threat actor claims to be selling Qatar RAT 2026 advertised as a next-generation remote administration tool capable of controlling and managing compromised systems. The panel interface suggests features including client management, privilege escalation, rootkit functionality, surveillance capabilities, system interaction, and remote command execution.
Date: 2026-03-04T02:53:07Z
Network: openweb
Published URL: https://demonforums.net/Thread-Leak-Qatar-RAT-2026
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/391e413d-fd49-4891-ba1a-f1bface9ef76.png
https://d34iuop8pidsy8.cloudfront.net/592ceec7-c7a5-4121-9e09-d773d46afe3f.png
https://d34iuop8pidsy8.cloudfront.net/d3a439f2-e1f1-4263-a2bc-39137d69bbfd.png
Threat Actors: rippors
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
Alleged Sale of Unauthorized RPC Access to Unidentified Dental Clinic in USA
Category: Initial Access
Content: Threat actor claims to be selling unauthorized RPC/Domain access to a U.S.-based dental organization, allegedly providing domain-level privileges, which could enable full network compromise, data theft, and lateral movement within the environment.
Date: 2026-03-04T02:41:17Z
Network: openweb
Published URL: https://forum.exploit.in/topic/277490/
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/a25a90f9-e733-4e25-8fc6-4944b6add2a7.png
Threat Actors: Benneton
Victim Country: USA
Victim Industry: Hospital & Health Care
Victim Organization: Unknown
Victim Site: Unknown
Alleged data leak of Rio Datacentro
Category: Data Breach
Content: The group claims to have leaked data from Rio Datacentro. The compromised data reportedly includes User id, email, password, name and status
Date: 2026-03-04T02:37:59Z
Network: telegram
Published URL: https://t.me/c/2552217515/351
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9cfb0244-aff1-4836-99ce-e44dfdda4102.png
https://d34iuop8pidsy8.cloudfront.net/05f36009-fa53-467c-bdd5-ed9bf9dfd5ec.png
Threat Actors: LEAK DATABASE
Victim Country: Brazil
Victim Industry: Information Technology (IT) Services
Victim Organization: rio datacentro
Victim Site: rdc.puc-rio.br
mr exsploit wmc targets the website of Tick Transportation
Category: Defacement
Content: The group claims to have defaced the website of Tick Transportation
Date: 2026-03-04T02:30:45Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/797803
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8d501840-538a-406a-9395-1da5e2e4ab07.png
Threat Actors: mr exsploit wmc
Victim Country: Israel
Victim Industry: Transportation & Logistics
Victim Organization: tick transportation
Victim Site: tiktak-moving.co.il
mr exsploit wmc targets the website of CREATIVE MARKETING
Category: Defacement
Content: The group claims to have defaced the website of CREATIVE MARKETING
Date: 2026-03-04T02:24:39Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/797804
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/09c28dce-1ca9-4bed-9306-4379ff2406e5.png
Threat Actors: mr exsploit wmc
Victim Country: Israel
Victim Industry: Management Consulting
Victim Organization: creative marketing
Victim Site: creativemarketing.co.il
mr exsploit wmc targets the website of dog-il.co.il
Category: Defacement
Content: The group claims to have defaced the website of dog-il.co.il
Date: 2026-03-04T02:20:01Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/797805
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fb8d26d2-80a2-4a16-9a5d-96feecfaf8ea.png
Threat Actors: mr exsploit wmc
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: dog-il.co.il
mr exsploit wmc targets the website of hagilad-6.co.il
Category: Defacement
Content: The group claims to have defaced the website of hagilad-6.co.il
Date: 2026-03-04T02:10:32Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/797800
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/861de2fa-3e00-4534-8ffd-e2d20f85111a.png
Threat Actors: mr exsploit wmc
Victim Country: Israel
Victim Industry: Real Estate
Victim Organization: hagilad‑6
Victim Site: hagilad-6.co.il
mr exsploit wmc targets the website of Meital Kostika
Category: Defacement
Content: The group claims to have defaced the website of Meital Kostika
Date: 2026-03-04T02:09:08Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/797799
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fc140967-03ea-40a8-b9f7-5da28593d792.png
Threat Actors: mr exsploit wmc
Victim Country: Israel
Victim Industry: Cosmetics
Victim Organization: meital kostika
Victim Site: meitalkostika.co.il
mr exsploit wmc targets the website of Tomato Pizza
Category: Defacement
Content: The group claims to have defaced the website of Tomato Pizza
Date: 2026-03-04T01:56:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/797801
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/21e03970-1453-438d-8254-b000cb53c45a.png
Threat Actors: mr exsploit wmc
Victim Country: Israel
Victim Industry: Food & Beverages
Victim Organization: tomato pizza
Victim Site: tomatopizza.co.il
Alleged data leak of documents from the logistics and roads sector in Tunisia
Category: Data Breach
Content: The group claims to have leaked 10 Gb data from the logistics and roads sector in Tunisia
Date: 2026-03-04T01:53:28Z
Network: telegram
Published URL: https://t.me/MOROCCANSOLDIERS2/513
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/91de9d9a-ba6f-43dd-befd-58af2c35b8cb.png
https://d34iuop8pidsy8.cloudfront.net/0e2c9cb0-d3ff-43f7-a66b-2afd1dba53ce.png
Threat Actors: Moroccan Soldiers
Victim Country: Tunisia
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown
mr exsploit wmc targets the website of Memecoins
Category: Defacement
Content: The group claims to have defaced the website of Memecoins
Date: 2026-03-04T01:47:20Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/797802
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/f33337bb-3b1b-4c80-b3d4-bd12ee59db39.png
Threat Actors: mr exsploit wmc
Victim Country: Israel
Victim Industry: Unknown
Victim Organization: memecoins
Victim Site: memecoins.co.il
mr exsploit wmc targets the website of Diamonds Spa
Category: Defacement
Content: The group claims to have defaced the website of Diamonds Spa.
Date: 2026-03-04T01:41:50Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/797806
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/87a4791a-ac8e-4115-86fe-806cf5005c7a.png
Threat Actors: mr exsploit wmc
Victim Country: Israel
Victim Industry: Leisure & Travel
Victim Organization: diamonds spa
Victim Site: diamondsspa.co.il
chinafans targets the website of Koshesh Machinery Azar
Category: Defacement
Content: The group claims to have defaced the website of Koshesh Machinery Azar.
Date: 2026-03-04T01:35:29Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/797485
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/b5361ee8-9841-442e-8a84-ad1bbc695362.png
Threat Actors: chinafans
Victim Country: Iran
Victim Industry: Machinery Manufacturing
Victim Organization: koshesh machinery azar
Victim Site: kosheshmachine.ir
Alleged leak of XSS vulnerability in Cijuso
Category: Vulnerability
Content: The group claims to have leaked XSS vulnerability in Cijuso
Date: 2026-03-04T01:33:48Z
Network: telegram
Published URL: https://t.me/crewcyber/877
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/955291d1-c576-42f1-b7f1-3d3b722f9858.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: Argentina
Victim Industry: Legal Services
Victim Organization: cijuso
Victim Site: cijuso.org.ar
chinafans targets the website of Adlio
Category: Defacement
Content: The group claims to have defaced the website of Adlio.
Date: 2026-03-04T01:27:10Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/797720
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/e6b75d89-bc1b-48ff-8c35-57a0abb6c6bd.png
Threat Actors: chinafans
Victim Country: Iran
Victim Industry: Legal Services
Victim Organization: adlio
Victim Site: adlio.ir
chinafans targets the website of PB Digital
Category: Defacement
Content: The group claims to have defaced the website of PB Digital.
Date: 2026-03-04T01:18:28Z
Network: openweb
Published URL: https://zone-xsec.com/mirror/id/797508
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/c51090ab-628a-4f0f-8093-3061196f2f09.png
Threat Actors: chinafans
Victim Country: Israel
Victim Industry: Information Technology (IT) Services
Victim Organization: pb digital
Victim Site: printbos.co.il
Rayzky_ targets the website ntm.ae
Category: Defacement
Content: The group claims to have defaced the website ntm.ae.
Date: 2026-03-04T01:11:08Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41583468
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/9cdd52d8-3489-40f3-9eeb-6796aeca9249.png
Threat Actors: Rayzky_
Victim Country: UAE
Victim Industry: Information Technology (IT) Services
Victim Organization: ntm.ae
Victim Site: ntm.ae
Alleged data leak of Circulo de Kinesiologos
Category: Data Breach
Content: The group claims to have leaked data from Circulo de Kinesiologos.
Date: 2026-03-04T01:00:33Z
Network: telegram
Published URL: https://t.me/crewcyber/881
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/2b118dc3-72b5-4495-bc74-21606a49161f.png
https://d34iuop8pidsy8.cloudfront.net/b42577a3-42e1-4b70-b942-511de0807f3b.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: Argentina
Victim Industry: Hospital & Health Care
Victim Organization: circulo de kinesiologos
Victim Site: kinesiologosd9.org.ar
Alleged leak of XSS vulnerability in REUNATA
Category: Vulnerability
Content: The group claims to have leaked XSS vulnerability in REUNATA.
Date: 2026-03-04T01:00:12Z
Network: telegram
Published URL: https://t.me/crewcyber/880
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/00b73b02-a72f-4be5-b902-a6516291f07a.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: Argentina
Victim Industry: E-commerce & Online Stores
Victim Organization: reunata
Victim Site: reunata.com.ar
chinafans targets the website of New Era Consultancy
Category: Defacement
Content: The group claims to have defaced the website of New Era Consultancy, UAE.
Date: 2026-03-04T00:53:01Z
Network: openweb
Published URL: https://www.zone-h.org/mirror/id/41582603
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/90e75dcb-5df0-4a9c-84f0-801adde4fd43.png
Threat Actors: chinafans
Victim Country: UAE
Victim Industry: Financial Services
Victim Organization: new era consultancy
Victim Site: neweraconsulting.ae
Alleged leak of XSS vulnerability on the website of AMITOSAI
Category: Vulnerability
Content: The group claims to have leaked XSS vulnerability on the website of AMITOSAI
Date: 2026-03-04T00:46:59Z
Network: telegram
Published URL: https://t.me/crewcyber/879
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/fbe850fa-87af-4f90-b3df-aa12a1cb8ee6.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: Argentina
Victim Industry: E-commerce & Online Stores
Victim Organization: amitosai
Victim Site: amitosai.com
Alleged leak of XSS vulnerability in Agenda Energetica
Category: Vulnerability
Content: The group claims to have leaked XSS vulnerability in Agenda Energetica.
Date: 2026-03-04T00:46:21Z
Network: telegram
Published URL: https://t.me/crewcyber/878
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/8480908b-a028-42fd-a18c-25349849cf1f.png
Threat Actors: 404 CREW CYBER TEAM
Victim Country: Argentina
Victim Industry: Energy & Utilities
Victim Organization: agenda energetica
Victim Site: agendaenergetica.com.ar
Keymous Plus claims to target AWS
Category: Alert
Content: A recent post by the group indicates that they are targeting AWS Online services in middle east
Date: 2026-03-04T00:26:48Z
Network: telegram
Published URL: https://t.me/KeymousTG/851
Screenshots:
https://d34iuop8pidsy8.cloudfront.net/6a14dcfa-324b-4b7a-8a96-d464a76e5198.png
Threat Actors: Keymous Plus
Victim Country: Unknown
Victim Industry: Unknown
Victim Organization: Unknown
Victim Site: Unknown