Executive Summary This report details a series of recent cyber incidents, providing key information for each event, including published URLs and associated screenshots, strictly based on the provided data. The data encompasses recorded cybersecurity events that occurred predominantly on March 5, 2026. The threat landscape detailed in this report features a diverse array of threat actors executing website defacements, massive data breaches, initial access broker activities, malware distribution, and targeted cyber attacks.
Section 1: Widespread Defacement Campaigns
A significant portion of the observed incidents involves website defacement, primarily driven by hacktivist groups seeking to disrupt services or spread specific messaging.
PASKO CYBER REXOR Operations The threat actor group PASKO CYBER REXOR conducted a massive, coordinated defacement campaign heavily targeting organizations based in India, alongside isolated targets in Kuwait. The group claims to have defaced the website of Instine, an IT Services/Medical Practice organization in India. The group claims to have defaced the website of Golden Eye General Services, located in India. The group claims to have defaced the website of Radar Security Solutions Private Limited in India. The group claims to have defaced the website of Sri Kuvempu Mahavidyalaya First Grade College in India. The group claims to have defaced the website of Bangalore Highgrounds, a non-profit organization in India. The group claims to have defaced the website of Bidiru Katte Thindi in India. The group claims to have defaced the website of Upanal in India. The group claims to have defaced the website of Benkain / Benkain Design And Development Lab LLP in India. The group claims to have defaced the website of Appu Security Services / Appu Detective & Security Services in India. The group claims to have defaced the website of Global Borewell in India. The group claims to have defaced the website of Ever Clean Facility in India. The group claims to have defaced the website of Elite India Industries in India. The group claims to have defaced the website of Elite Reach Agency in Kuwait. The group claims to have defaced the website of Dr. Yashavanth H. S in India. The group claims to have defaced the website of National Crime Control Board in India. The group claims to have defaced the website of KP Nagesh in India. The group claims to have defaced the website of Judicious Security Force & Services Pvt. Ltd in India. The group claims to have defaced the website of Goldeneye Guarding Solutions in India. The group claims to have defaced the website of CNR Facility Management Services in India. The group claims to have defaced the website of DreamNest Interiors in India.
BABAYO EROR SYSTEM Operations This group focused on a widespread, global defacement campaign impacting various industries. The group claims to have defaced the website of medicare.servicereviews.net. The group claims to have defaced the website of Ad Astra in Bosnia and Herzegovina. The group claims to have defaced the website of zabiremu.fun. The group claims to have defaced the website of VYDHRA. The group claims to have defaced the website of CheatLover. The group claims to have defaced the website of Revita Nutrition. The group claims to have defaced the website of Hampton Organic Cleaning in the USA. The group claims to have defaced the website of Felipe H Design in Brazil. The group claims to have defaced the website of Zain Group in Kuwait. The group claims to have defaced the website of Rio Transfer e Tour in Brazil. The group claims to have defaced the website of Mint Eyewear in Nigeria. The group claims to have defaced the website of Juck Egli.
EXADOS Operations Targeting Thailand The threat actor EXADOS explicitly targeted government and public sector infrastructure in Thailand. The group claims to have defaced the website of Khok Kheenhon Subdistrict Administrative Organization. The group claims to have defaced the website of Nata Khwan Subdistrict Administrative Organization. The group claims to have defaced the website of Taykoa Subdistrict Administrative Organization. The group claims to have defaced the website of Nong Prue Subdistrict Administrative Organization. The group claims to have defaced the website of eop.go.th. The group claims to have defaced the website of Nong Trud Subdistrict Administrative Organization.
Hax.or Operations The group Hax.or conducted defacements globally, hitting education, IT, legal, and financial sectors. The group claims to have defaced the website of Tektonindo Grup in Indonesia. The group claims to have defaced the website of MTsN 4 Tabalong Student Work Repository in Indonesia. The group claims to have defaced the website of link.mtsn4tabalong.sch.id in Indonesia. The group claims to have defaced the website of audit.personalestore.com. The group claims to have defaced the website of boxgola.servicereviews.net. The group claims to have defaced the website of SourceeXP in India. The group claims to have defaced the website of Arizona DUI Services in the USA. The group claims to have defaced the website of Blake Mortgage in the USA. The group claims to have defaced the websites of Intermatics in Nigeria.
Other Notable Defacement Activity Team insane Pakistan claims to have defaced the website of Emirate North Coal Company in Afghanistan. TikusXploit claims to have defaced the website of Univercell Singapore. Fatimion cyber team claims to have defaced the website of Iran Insider. DEFACER INDONESIAN TEAM claims to have defaced the websites of Capotes Group and Casas Punta Hermosa in Peru. CyberOprationCulture claims to have defaced snowrabbit.us, leightha.us, and MTU Kohalugu. Team Bangladesh cyber squad claims to have defaced HBRH SARL, Legal Ability, Give & Go, and seedsassociation.org. Unknown Actors defaced parts of the SUCCESS Magazine site by injecting offensive articles.
Section 2: Data Breaches and Information Leaks
Government and Public Sector Breaches A threat actor claims to have leaked a database related to Indonesian BPPKM assistance recipients. A threat actor claims to be leaked a database containing approximately 491,000 records of vaccinated individuals in France. A threat actor claims to have breached multiple municipal government websites in Colombia. A threat actor claims to have leaked the database of Mexican CURP. A threat actor claims to be selling a database of the UAE Ministry of Health and Prevention. A threat actor claims to be selling the database of the National Scholarships Portal in India. A threat actor claims to have breached a SQL database from the John Hay Management Corporation. A threat actor claims to have leaked the datas of Spanish ID records.
Massive Citizen and Consumer Data Leaks A threat actor claims to be selling the database of HungerRush containing 28+ million customer records. A threat actor claims to have leaked a dataset containing 6,000,000 Instagram accounts associated with Israeli users. A threat actor claims to have breached 7.3 millions of data from RDC. A threat actor claims to have leaked a dataset containing 10GB of Chinese identification records. A threat actor claims to have leaked a database containing approximately 2,073,934 cryptocurrency-related email addresses. A threat actor claims to be selling a dataset allegedly associated with ImmoJeune containing 713,814 individuals. A threat actor claims to be leaked a dataset containing approximately 122,000 records of Iranian citizen data. A threat actor claims to have leaked a database containing 238,350 WhatsApp numbers of Israeli citizens. A threat actor claims to be selling the database of Ochsner Sport.
Corporate and Educational Data Breaches A threat actor claims to be selling network access and exfiltrated data allegedly associated with Rosseti. Handala Hack claims to have breached data from Atlas Insurances Ltd in Israel. A threat actor claims to have breached the database from Datamatics Global Services Limited. Multiple claims exist regarding Trident Crypto Fund breaches. A threat actor claims to have breached the database of Penninghen. A threat actor claims to have leaked data from Universidad Autonoma del Estado de Mexico. A threat actor claims to have breached the database of SMK LPPM RI 2 Majalaya. Cyber Isnaad Front claims to have extracted 5 TB of data from Fuel Transportation Company Ltd. Space42 and Al Yah Satellite Communications were reportedly subjected to data breaches by the hacker group Mobir. Bayanat was reportedly subjected to a data breach by the hacker group Mobir. The threat actor CoinbaseCartel claims to have breached the database of JBS Brazil. Threat actor fluffyduck claims to have breached the database of Hidrocenter. Threat actor Eliphas claims to have breached the database of Craftwear.
Military and Intelligence Leaks The group Hider_Nex claims to have leaked a dataset allegedly linked to 181 individuals described as scientists associated with Mossad in Israel. Handala Hack claims to have leaked details of senior intelligence officers from Aman in Israel. TikusXploit claims to have breached data from the Israel Defense Forces. BD Anonymous claims to be leaking secret documents of some intelligence agencies.
Credit Card and Financial Data Sales Threat actor urbsnv claims to be selling sniffed payment card data. Threat actor old_pirat claims to be selling credit card records from Peru, Argentina, and Australia.
Section 3: Initial Access and Infrastructure Compromise
CCTV and Surveillance Systems Compromise NoName057(16) claims to have gained unauthorized access to unidentified surveillance cameras in Germany and a Premium Market in Israel. DEFACER INDONESIAN TEAM claims to have gained unauthorized access to the CCTV in Litrom, Ornit Solutions, Finsense Ltd, and Yad Hashmona Biblical Garden in Israel. Team Bangladesh cyber squad claims to have gained unauthorized access to an unidentified CCTV system in the UAE.
Industrial Control Systems and Network Access Z-PENTEST ALLIANCE claims to have obtained administrative access to pumping equipment control systems in Israel. NoName057(16) claims to have accessed an industrial pump control PLC system in Israel. MORNING STAR claims to have disrupted a retail weighing/POS terminal system in Israel. 404 CREW CYBER TEAM claims to have gained access to Israeli military frequencies. Russian Legion claims to have gained access to air defense systems in Israel. Keymous+ claims to have access data from the Israeli Ministry of Educations Educational Institutions Portal. Threat actor AckLine claims to be selling unauthorized RDWeb access to an organization based in Italy.
Section 4: Malware Distribution and Cyber Attacks Threat actor happypeppie claims to be sharing a cracked version of the EXM Tweaking Utility Premium and advertising Anti-Red Software. Threat actor pasquale1010 claims to have leaked a cracked version of the HMC 2.2 credential-checking tool. Threat actor TheAshborn is advertising a software tool called Etherscan Master. A report suggests a disruption in the services of Credit du Maroc. The IT ARMY of Ukraine claims to have disrupted the services of Tricolor TV. Anonymous indicates that they have hacked the Islamic Republic of Iran Broadcasting. A cyberattack hit Haled, an Israeli company.
Section 5: Threat Actor Alerts and Global Declarations Anonymous issued an alert indicating they are targeting Basiji thugs and mercenaries of the Islamic Republic of Iran. Fatimion cyber team indicated they are targeting the website of the Kuwaiti Army and government websites of the Zionist entity. Handala Hack indicated they are targeting the Israeli Air Force. A statement attributed to the Cyber Jihad Movement reportedly calls for a global cyber jihad. Server Killers indicated that they officially joined the cyber war against the USA and Israel. Cyber-hacker team and DieNet indicated that they are targeting Jordanian systems. 313 Team indicated that they are targeting government servers from Bahrain.
Conclusion
Based on the extensive draft data compiled for March 5, 2026, the global cyber threat landscape remains highly volatile. The sheer volume of defacements demonstrates the continued reliance on web surface attacks to convey political or ideological messages. Critical infrastructure in Israel remains a disproportionate target for Initial Access Brokers and hacktivists, with adversaries claiming alarming levels of administrative control over industrial systems and extensive CCTV networks. Data breaches continue to pose a massive risk to consumer privacy and national security, alongside the active trading of credit card records, network access, and malware tools on the open web.